xmrig | dcbb882e6ea4106c9d6e3d370290e3cd887a228badf55cbaeba4abe9a57c7e68

Analysis

max time kernel
115s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
Size

2.1MB
MD5

5f863c14d524796e1514c53a5db0e4b0
SHA1

7e5044a27ac0684f28cf235785a41cf19df4970d
SHA256

dcbb882e6ea4106c9d6e3d370290e3cd887a228badf55cbaeba4abe9a57c7e68
SHA512

d1acd4be800cb116f0e72558d282a6bfa7c53c503296ac6def11b4eed9d18db00f8d5e91c113752f4fbfe9a0ae8d771257176ea01c6599a93eaf7315e7c16511
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEd2EiTzg:BemTLkNdfE0pZrV56utgR

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4756-0-0x00007FF6C67D0000-0x00007FF6C6B24000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b9d-4.dat	xmrig
behavioral2/files/0x000a000000023ba1-14.dat	xmrig
behavioral2/files/0x000a000000023ba3-20.dat	xmrig
behavioral2/files/0x000a000000023ba4-27.dat	xmrig
behavioral2/files/0x000a000000023ba5-39.dat	xmrig
behavioral2/memory/1548-46-0x00007FF7768E0000-0x00007FF776C34000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba7-48.dat	xmrig
behavioral2/memory/1876-47-0x00007FF7F7050000-0x00007FF7F73A4000-memory.dmp	xmrig
behavioral2/memory/1172-43-0x00007FF6429C0000-0x00007FF642D14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba6-41.dat	xmrig
behavioral2/memory/1356-38-0x00007FF6E59F0000-0x00007FF6E5D44000-memory.dmp	xmrig
behavioral2/memory/2064-37-0x00007FF609FF0000-0x00007FF60A344000-memory.dmp	xmrig
behavioral2/memory/1544-35-0x00007FF741220000-0x00007FF741574000-memory.dmp	xmrig
behavioral2/memory/844-34-0x00007FF793A10000-0x00007FF793D64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba2-17.dat	xmrig
behavioral2/memory/4428-15-0x00007FF7BFF80000-0x00007FF7C02D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba8-53.dat	xmrig
behavioral2/files/0x000a000000023baa-65.dat	xmrig
behavioral2/files/0x000a000000023bb0-115.dat	xmrig
behavioral2/files/0x000a000000023bb3-117.dat	xmrig
behavioral2/files/0x000a000000023bb1-124.dat	xmrig
behavioral2/files/0x0031000000023bb5-134.dat	xmrig
behavioral2/memory/1472-140-0x00007FF63ABD0000-0x00007FF63AF24000-memory.dmp	xmrig
behavioral2/memory/1068-143-0x00007FF71EAD0000-0x00007FF71EE24000-memory.dmp	xmrig
behavioral2/memory/3564-146-0x00007FF66B0D0000-0x00007FF66B424000-memory.dmp	xmrig
behavioral2/memory/2176-145-0x00007FF62E5C0000-0x00007FF62E914000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb7-149.dat	xmrig
behavioral2/files/0x000a000000023bba-168.dat	xmrig
behavioral2/files/0x000a000000023bbc-190.dat	xmrig
behavioral2/files/0x000a000000023bc2-197.dat	xmrig
behavioral2/memory/1256-221-0x00007FF7A30C0000-0x00007FF7A3414000-memory.dmp	xmrig
behavioral2/memory/2528-224-0x00007FF799D30000-0x00007FF79A084000-memory.dmp	xmrig
behavioral2/memory/3752-223-0x00007FF6C7AA0000-0x00007FF6C7DF4000-memory.dmp	xmrig
behavioral2/memory/3472-222-0x00007FF6A7A30000-0x00007FF6A7D84000-memory.dmp	xmrig
behavioral2/memory/2208-220-0x00007FF683920000-0x00007FF683C74000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc1-196.dat	xmrig
behavioral2/files/0x000a000000023bc0-187.dat	xmrig
behavioral2/files/0x000a000000023bbf-184.dat	xmrig
behavioral2/files/0x000a000000023bbe-183.dat	xmrig
behavioral2/files/0x000a000000023bbb-177.dat	xmrig
behavioral2/files/0x000a000000023bbd-174.dat	xmrig
behavioral2/files/0x000a000000023bb9-157.dat	xmrig
behavioral2/memory/2744-144-0x00007FF7780A0000-0x00007FF7783F4000-memory.dmp	xmrig
behavioral2/memory/4352-142-0x00007FF75B7F0000-0x00007FF75BB44000-memory.dmp	xmrig
behavioral2/memory/5096-141-0x00007FF7C6790000-0x00007FF7C6AE4000-memory.dmp	xmrig
behavioral2/files/0x0031000000023bb6-138.dat	xmrig
behavioral2/memory/1780-137-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp	xmrig
behavioral2/memory/888-136-0x00007FF694C50000-0x00007FF694FA4000-memory.dmp	xmrig
behavioral2/files/0x0031000000023bb4-132.dat	xmrig
behavioral2/memory/2988-129-0x00007FF7638C0000-0x00007FF763C14000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb2-126.dat	xmrig
behavioral2/memory/1792-121-0x00007FF6F8260000-0x00007FF6F85B4000-memory.dmp	xmrig
behavioral2/memory/4668-113-0x00007FF6C2C20000-0x00007FF6C2F74000-memory.dmp	xmrig
behavioral2/memory/1760-104-0x00007FF727A10000-0x00007FF727D64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bae-102.dat	xmrig
behavioral2/files/0x000a000000023bad-98.dat	xmrig
behavioral2/files/0x000a000000023bac-96.dat	xmrig
behavioral2/files/0x000a000000023bab-93.dat	xmrig
behavioral2/files/0x000b000000023b9e-91.dat	xmrig
behavioral2/memory/1868-90-0x00007FF7150F0000-0x00007FF715444000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baf-86.dat	xmrig
behavioral2/memory/4892-83-0x00007FF7C2130000-0x00007FF7C2484000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba9-66.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4428	tQwxcSq.exe
1172	WYfmwdg.exe
844	VPupxWO.exe
1548	fJtSdiN.exe
1544	nrChENm.exe
2064	lrrGFHv.exe
1356	EWvoCBx.exe
1876	wzldsiT.exe
4804	hToHQbB.exe
4892	jgFelDG.exe
1868	wNuhZsh.exe
1760	urpDfrV.exe
5096	Xmjtkiv.exe
4668	biKCTMU.exe
1792	YdKBkJI.exe
2988	CkIYeOD.exe
4352	VLSHcLu.exe
1068	xwMRobE.exe
2744	QLolSvi.exe
888	DGejDWb.exe
2176	haEQkaT.exe
1780	bOXlUnw.exe
1472	hAOpgnC.exe
3564	ElizImL.exe
2208	NwojiIW.exe
1256	CtLiXRM.exe
3472	dpyhsmi.exe
3752	lYEaFHi.exe
2528	PzCRrwn.exe
812	AoUtXpO.exe
3292	xWsWkEr.exe
2432	RjMOEzk.exe
4344	GrAHHXq.exe
4308	fzwYHYs.exe
968	MpkohKx.exe
756	CODxHbA.exe
4908	dZPamVu.exe
4508	ItCMphs.exe
2848	iKjmEfs.exe
2980	lonrAhH.exe
3120	ztzSkXE.exe
3252	LPmkEEH.exe
1512	PeFACle.exe
2768	hgvyCTB.exe
4296	viuNmSA.exe
4412	NaFcDoC.exe
3020	NnGFlQs.exe
4000	NFpHPHd.exe
1608	eISZzuo.exe
3952	vNnjIYQ.exe
3728	wZZBRaf.exe
656	eaefaNx.exe
4552	xqNCQqx.exe
1576	aqmOZHM.exe
560	izgTdUy.exe
2308	dUnTCaX.exe
4460	ILHYvkI.exe
4356	qgWFkdU.exe
1240	msMbFoT.exe
4332	JKDvJIt.exe
4868	sMYyhps.exe
3836	NHyjGbq.exe
3436	HygDCAe.exe
4032	HVJCbwb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4756-0-0x00007FF6C67D0000-0x00007FF6C6B24000-memory.dmp	upx
behavioral2/files/0x000b000000023b9d-4.dat	upx
behavioral2/files/0x000a000000023ba1-14.dat	upx
behavioral2/files/0x000a000000023ba3-20.dat	upx
behavioral2/files/0x000a000000023ba4-27.dat	upx
behavioral2/files/0x000a000000023ba5-39.dat	upx
behavioral2/memory/1548-46-0x00007FF7768E0000-0x00007FF776C34000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-48.dat	upx
behavioral2/memory/1876-47-0x00007FF7F7050000-0x00007FF7F73A4000-memory.dmp	upx
behavioral2/memory/1172-43-0x00007FF6429C0000-0x00007FF642D14000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-41.dat	upx
behavioral2/memory/1356-38-0x00007FF6E59F0000-0x00007FF6E5D44000-memory.dmp	upx
behavioral2/memory/2064-37-0x00007FF609FF0000-0x00007FF60A344000-memory.dmp	upx
behavioral2/memory/1544-35-0x00007FF741220000-0x00007FF741574000-memory.dmp	upx
behavioral2/memory/844-34-0x00007FF793A10000-0x00007FF793D64000-memory.dmp	upx
behavioral2/files/0x000a000000023ba2-17.dat	upx
behavioral2/memory/4428-15-0x00007FF7BFF80000-0x00007FF7C02D4000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-53.dat	upx
behavioral2/files/0x000a000000023baa-65.dat	upx
behavioral2/files/0x000a000000023bb0-115.dat	upx
behavioral2/files/0x000a000000023bb3-117.dat	upx
behavioral2/files/0x000a000000023bb1-124.dat	upx
behavioral2/files/0x0031000000023bb5-134.dat	upx
behavioral2/memory/1472-140-0x00007FF63ABD0000-0x00007FF63AF24000-memory.dmp	upx
behavioral2/memory/1068-143-0x00007FF71EAD0000-0x00007FF71EE24000-memory.dmp	upx
behavioral2/memory/3564-146-0x00007FF66B0D0000-0x00007FF66B424000-memory.dmp	upx
behavioral2/memory/2176-145-0x00007FF62E5C0000-0x00007FF62E914000-memory.dmp	upx
behavioral2/files/0x000a000000023bb7-149.dat	upx
behavioral2/files/0x000a000000023bba-168.dat	upx
behavioral2/files/0x000a000000023bbc-190.dat	upx
behavioral2/files/0x000a000000023bc2-197.dat	upx
behavioral2/memory/1256-221-0x00007FF7A30C0000-0x00007FF7A3414000-memory.dmp	upx
behavioral2/memory/2528-224-0x00007FF799D30000-0x00007FF79A084000-memory.dmp	upx
behavioral2/memory/3752-223-0x00007FF6C7AA0000-0x00007FF6C7DF4000-memory.dmp	upx
behavioral2/memory/3472-222-0x00007FF6A7A30000-0x00007FF6A7D84000-memory.dmp	upx
behavioral2/memory/2208-220-0x00007FF683920000-0x00007FF683C74000-memory.dmp	upx
behavioral2/files/0x000a000000023bc1-196.dat	upx
behavioral2/files/0x000a000000023bc0-187.dat	upx
behavioral2/files/0x000a000000023bbf-184.dat	upx
behavioral2/files/0x000a000000023bbe-183.dat	upx
behavioral2/files/0x000a000000023bbb-177.dat	upx
behavioral2/files/0x000a000000023bbd-174.dat	upx
behavioral2/files/0x000a000000023bb9-157.dat	upx
behavioral2/memory/2744-144-0x00007FF7780A0000-0x00007FF7783F4000-memory.dmp	upx
behavioral2/memory/4352-142-0x00007FF75B7F0000-0x00007FF75BB44000-memory.dmp	upx
behavioral2/memory/5096-141-0x00007FF7C6790000-0x00007FF7C6AE4000-memory.dmp	upx
behavioral2/files/0x0031000000023bb6-138.dat	upx
behavioral2/memory/1780-137-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp	upx
behavioral2/memory/888-136-0x00007FF694C50000-0x00007FF694FA4000-memory.dmp	upx
behavioral2/files/0x0031000000023bb4-132.dat	upx
behavioral2/memory/2988-129-0x00007FF7638C0000-0x00007FF763C14000-memory.dmp	upx
behavioral2/files/0x000a000000023bb2-126.dat	upx
behavioral2/memory/1792-121-0x00007FF6F8260000-0x00007FF6F85B4000-memory.dmp	upx
behavioral2/memory/4668-113-0x00007FF6C2C20000-0x00007FF6C2F74000-memory.dmp	upx
behavioral2/memory/1760-104-0x00007FF727A10000-0x00007FF727D64000-memory.dmp	upx
behavioral2/files/0x000a000000023bae-102.dat	upx
behavioral2/files/0x000a000000023bad-98.dat	upx
behavioral2/files/0x000a000000023bac-96.dat	upx
behavioral2/files/0x000a000000023bab-93.dat	upx
behavioral2/files/0x000b000000023b9e-91.dat	upx
behavioral2/memory/1868-90-0x00007FF7150F0000-0x00007FF715444000-memory.dmp	upx
behavioral2/files/0x000a000000023baf-86.dat	upx
behavioral2/memory/4892-83-0x00007FF7C2130000-0x00007FF7C2484000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-66.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JOGGcKC.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\JKDvJIt.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\ePSglYb.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\rcUQdOu.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\sGLqfmS.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\eRnDDrl.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\ugaXeRO.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\JTYUwUA.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\asYBuBM.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\CkIYeOD.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\viuNmSA.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\OcOfdQU.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\JUrxCaj.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\qLzjjgw.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\kwPsTQk.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\wTSmrQW.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\NKWSbkR.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\AsnfXtD.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\KvmZOKa.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\urpDfrV.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\NuXIEuA.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\xgZqiOZ.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\UNpWBcR.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\Xmjtkiv.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\YSburxX.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\IlrYGMA.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\iqnmaaQ.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\jtNKBnC.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\sMODqtI.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\wzldsiT.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\eISZzuo.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\jbISdVj.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\vpRPhlF.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\jEzRMgT.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\tBCRuDL.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\agvaATo.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\IYrHkQX.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\Dvqlroi.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\JTWNSfJ.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\hPHNznK.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\OmKLtay.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\MYOaJsl.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\aAbCcza.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\rrLvANC.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\iRWnKMv.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\UVQJbCF.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\mbbjLci.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\JeQOdor.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\jgFelDG.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\PuXiqhY.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\IENDBGH.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\STtWwPK.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\DaPJFsz.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\nIJgZPT.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\fNdiKAS.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\WvSsPxE.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\cdrEgeB.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\mBsAzvb.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\amusaiD.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\gHQTGRL.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\LGZyoqa.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\ZUGOwmB.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\zkhtcYf.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
File created	C:\Windows\System\sMYyhps.exe	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14976	dwm.exe
Token: SeChangeNotifyPrivilege	14976	dwm.exe
Token: 33	14976	dwm.exe
Token: SeIncBasePriorityPrivilege	14976	dwm.exe
Token: SeShutdownPrivilege	14976	dwm.exe
Token: SeCreatePagefilePrivilege	14976	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 4428	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	85
PID 4756 wrote to memory of 4428	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	85
PID 4756 wrote to memory of 1172	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	86
PID 4756 wrote to memory of 1172	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	86
PID 4756 wrote to memory of 844	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	87
PID 4756 wrote to memory of 844	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	87
PID 4756 wrote to memory of 1548	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	88
PID 4756 wrote to memory of 1548	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	88
PID 4756 wrote to memory of 1544	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	89
PID 4756 wrote to memory of 1544	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	89
PID 4756 wrote to memory of 2064	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	90
PID 4756 wrote to memory of 2064	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	90
PID 4756 wrote to memory of 1356	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	91
PID 4756 wrote to memory of 1356	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	91
PID 4756 wrote to memory of 1876	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	92
PID 4756 wrote to memory of 1876	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	92
PID 4756 wrote to memory of 4804	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	93
PID 4756 wrote to memory of 4804	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	93
PID 4756 wrote to memory of 1868	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	94
PID 4756 wrote to memory of 1868	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	94
PID 4756 wrote to memory of 4892	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	95
PID 4756 wrote to memory of 4892	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	95
PID 4756 wrote to memory of 1760	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	96
PID 4756 wrote to memory of 1760	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	96
PID 4756 wrote to memory of 5096	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	97
PID 4756 wrote to memory of 5096	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	97
PID 4756 wrote to memory of 4668	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	98
PID 4756 wrote to memory of 4668	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	98
PID 4756 wrote to memory of 1792	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	99
PID 4756 wrote to memory of 1792	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	99
PID 4756 wrote to memory of 2988	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	100
PID 4756 wrote to memory of 2988	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	100
PID 4756 wrote to memory of 4352	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	101
PID 4756 wrote to memory of 4352	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	101
PID 4756 wrote to memory of 1068	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	102
PID 4756 wrote to memory of 1068	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	102
PID 4756 wrote to memory of 2744	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	103
PID 4756 wrote to memory of 2744	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	103
PID 4756 wrote to memory of 888	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	104
PID 4756 wrote to memory of 888	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	104
PID 4756 wrote to memory of 2176	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	105
PID 4756 wrote to memory of 2176	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	105
PID 4756 wrote to memory of 1780	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	106
PID 4756 wrote to memory of 1780	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	106
PID 4756 wrote to memory of 1472	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	107
PID 4756 wrote to memory of 1472	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	107
PID 4756 wrote to memory of 3564	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	108
PID 4756 wrote to memory of 3564	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	108
PID 4756 wrote to memory of 2208	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	110
PID 4756 wrote to memory of 2208	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	110
PID 4756 wrote to memory of 1256	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	111
PID 4756 wrote to memory of 1256	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	111
PID 4756 wrote to memory of 3472	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	112
PID 4756 wrote to memory of 3472	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	112
PID 4756 wrote to memory of 3752	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	113
PID 4756 wrote to memory of 3752	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	113
PID 4756 wrote to memory of 2528	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	114
PID 4756 wrote to memory of 2528	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	114
PID 4756 wrote to memory of 812	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	115
PID 4756 wrote to memory of 812	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	115
PID 4756 wrote to memory of 3292	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	116
PID 4756 wrote to memory of 3292	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	116
PID 4756 wrote to memory of 2432	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	117
PID 4756 wrote to memory of 2432	4756	5f863c14d524796e1514c53a5db0e4b0_NEAS.exe	117

C:\Users\Admin\AppData\Local\Temp\5f863c14d524796e1514c53a5db0e4b0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\5f863c14d524796e1514c53a5db0e4b0_NEAS.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\System\tQwxcSq.exe
  C:\Windows\System\tQwxcSq.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\WYfmwdg.exe
  C:\Windows\System\WYfmwdg.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\VPupxWO.exe
  C:\Windows\System\VPupxWO.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\fJtSdiN.exe
  C:\Windows\System\fJtSdiN.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\nrChENm.exe
  C:\Windows\System\nrChENm.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\lrrGFHv.exe
  C:\Windows\System\lrrGFHv.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\EWvoCBx.exe
  C:\Windows\System\EWvoCBx.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\wzldsiT.exe
  C:\Windows\System\wzldsiT.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\hToHQbB.exe
  C:\Windows\System\hToHQbB.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\wNuhZsh.exe
  C:\Windows\System\wNuhZsh.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\jgFelDG.exe
  C:\Windows\System\jgFelDG.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\urpDfrV.exe
  C:\Windows\System\urpDfrV.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\Xmjtkiv.exe
  C:\Windows\System\Xmjtkiv.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\biKCTMU.exe
  C:\Windows\System\biKCTMU.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\YdKBkJI.exe
  C:\Windows\System\YdKBkJI.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\CkIYeOD.exe
  C:\Windows\System\CkIYeOD.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\VLSHcLu.exe
  C:\Windows\System\VLSHcLu.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\xwMRobE.exe
  C:\Windows\System\xwMRobE.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\QLolSvi.exe
  C:\Windows\System\QLolSvi.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\DGejDWb.exe
  C:\Windows\System\DGejDWb.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\haEQkaT.exe
  C:\Windows\System\haEQkaT.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\bOXlUnw.exe
  C:\Windows\System\bOXlUnw.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\hAOpgnC.exe
  C:\Windows\System\hAOpgnC.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\ElizImL.exe
  C:\Windows\System\ElizImL.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\NwojiIW.exe
  C:\Windows\System\NwojiIW.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\CtLiXRM.exe
  C:\Windows\System\CtLiXRM.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\dpyhsmi.exe
  C:\Windows\System\dpyhsmi.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\lYEaFHi.exe
  C:\Windows\System\lYEaFHi.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\PzCRrwn.exe
  C:\Windows\System\PzCRrwn.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\AoUtXpO.exe
  C:\Windows\System\AoUtXpO.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\xWsWkEr.exe
  C:\Windows\System\xWsWkEr.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\RjMOEzk.exe
  C:\Windows\System\RjMOEzk.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\GrAHHXq.exe
  C:\Windows\System\GrAHHXq.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\fzwYHYs.exe
  C:\Windows\System\fzwYHYs.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\MpkohKx.exe
  C:\Windows\System\MpkohKx.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\CODxHbA.exe
  C:\Windows\System\CODxHbA.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\dZPamVu.exe
  C:\Windows\System\dZPamVu.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\ItCMphs.exe
  C:\Windows\System\ItCMphs.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\iKjmEfs.exe
  C:\Windows\System\iKjmEfs.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\lonrAhH.exe
  C:\Windows\System\lonrAhH.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\ztzSkXE.exe
  C:\Windows\System\ztzSkXE.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\LPmkEEH.exe
  C:\Windows\System\LPmkEEH.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\PeFACle.exe
  C:\Windows\System\PeFACle.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\hgvyCTB.exe
  C:\Windows\System\hgvyCTB.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\viuNmSA.exe
  C:\Windows\System\viuNmSA.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\NaFcDoC.exe
  C:\Windows\System\NaFcDoC.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\NnGFlQs.exe
  C:\Windows\System\NnGFlQs.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\NFpHPHd.exe
  C:\Windows\System\NFpHPHd.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\eISZzuo.exe
  C:\Windows\System\eISZzuo.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\vNnjIYQ.exe
  C:\Windows\System\vNnjIYQ.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\wZZBRaf.exe
  C:\Windows\System\wZZBRaf.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\eaefaNx.exe
  C:\Windows\System\eaefaNx.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\xqNCQqx.exe
  C:\Windows\System\xqNCQqx.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\aqmOZHM.exe
  C:\Windows\System\aqmOZHM.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\izgTdUy.exe
  C:\Windows\System\izgTdUy.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\dUnTCaX.exe
  C:\Windows\System\dUnTCaX.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ILHYvkI.exe
  C:\Windows\System\ILHYvkI.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\qgWFkdU.exe
  C:\Windows\System\qgWFkdU.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\msMbFoT.exe
  C:\Windows\System\msMbFoT.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\JKDvJIt.exe
  C:\Windows\System\JKDvJIt.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\sMYyhps.exe
  C:\Windows\System\sMYyhps.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\NHyjGbq.exe
  C:\Windows\System\NHyjGbq.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\HygDCAe.exe
  C:\Windows\System\HygDCAe.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\HVJCbwb.exe
  C:\Windows\System\HVJCbwb.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\MfFuHZr.exe
  C:\Windows\System\MfFuHZr.exe
  2⤵
  PID:2292
- C:\Windows\System\qPmstLG.exe
  C:\Windows\System\qPmstLG.exe
  2⤵
  PID:1144
- C:\Windows\System\xMAlJqX.exe
  C:\Windows\System\xMAlJqX.exe
  2⤵
  PID:5412
- C:\Windows\System\qJHtyEs.exe
  C:\Windows\System\qJHtyEs.exe
  2⤵
  PID:5436
- C:\Windows\System\VTKptDz.exe
  C:\Windows\System\VTKptDz.exe
  2⤵
  PID:5464
- C:\Windows\System\VcvmHor.exe
  C:\Windows\System\VcvmHor.exe
  2⤵
  PID:5480
- C:\Windows\System\McKbzFE.exe
  C:\Windows\System\McKbzFE.exe
  2⤵
  PID:5520
- C:\Windows\System\fDmPZRv.exe
  C:\Windows\System\fDmPZRv.exe
  2⤵
  PID:5560
- C:\Windows\System\YSburxX.exe
  C:\Windows\System\YSburxX.exe
  2⤵
  PID:5592
- C:\Windows\System\FLNbbMV.exe
  C:\Windows\System\FLNbbMV.exe
  2⤵
  PID:5632
- C:\Windows\System\JcNlcdT.exe
  C:\Windows\System\JcNlcdT.exe
  2⤵
  PID:5660
- C:\Windows\System\KmFUqTG.exe
  C:\Windows\System\KmFUqTG.exe
  2⤵
  PID:5688
- C:\Windows\System\SLngGdb.exe
  C:\Windows\System\SLngGdb.exe
  2⤵
  PID:5732
- C:\Windows\System\WtXfJlw.exe
  C:\Windows\System\WtXfJlw.exe
  2⤵
  PID:5748
- C:\Windows\System\flZVHas.exe
  C:\Windows\System\flZVHas.exe
  2⤵
  PID:5768
- C:\Windows\System\cggXkEa.exe
  C:\Windows\System\cggXkEa.exe
  2⤵
  PID:5800
- C:\Windows\System\fNdiKAS.exe
  C:\Windows\System\fNdiKAS.exe
  2⤵
  PID:5840
- C:\Windows\System\NFxXhGJ.exe
  C:\Windows\System\NFxXhGJ.exe
  2⤵
  PID:5892
- C:\Windows\System\VBiekWQ.exe
  C:\Windows\System\VBiekWQ.exe
  2⤵
  PID:5936
- C:\Windows\System\SHECpoD.exe
  C:\Windows\System\SHECpoD.exe
  2⤵
  PID:5964
- C:\Windows\System\xnVrnTZ.exe
  C:\Windows\System\xnVrnTZ.exe
  2⤵
  PID:5992
- C:\Windows\System\VmVmCxT.exe
  C:\Windows\System\VmVmCxT.exe
  2⤵
  PID:6012
- C:\Windows\System\RicLtuo.exe
  C:\Windows\System\RicLtuo.exe
  2⤵
  PID:6052
- C:\Windows\System\NkytetK.exe
  C:\Windows\System\NkytetK.exe
  2⤵
  PID:6080
- C:\Windows\System\wHGVugv.exe
  C:\Windows\System\wHGVugv.exe
  2⤵
  PID:6108
- C:\Windows\System\rmNBOLo.exe
  C:\Windows\System\rmNBOLo.exe
  2⤵
  PID:2240
- C:\Windows\System\zIFJDhX.exe
  C:\Windows\System\zIFJDhX.exe
  2⤵
  PID:472
- C:\Windows\System\VnsloCm.exe
  C:\Windows\System\VnsloCm.exe
  2⤵
  PID:1720
- C:\Windows\System\VNlPlTh.exe
  C:\Windows\System\VNlPlTh.exe
  2⤵
  PID:680
- C:\Windows\System\KjMlWdm.exe
  C:\Windows\System\KjMlWdm.exe
  2⤵
  PID:1968
- C:\Windows\System\PVpgiKG.exe
  C:\Windows\System\PVpgiKG.exe
  2⤵
  PID:5080
- C:\Windows\System\OcOfdQU.exe
  C:\Windows\System\OcOfdQU.exe
  2⤵
  PID:5052
- C:\Windows\System\RuwZXYX.exe
  C:\Windows\System\RuwZXYX.exe
  2⤵
  PID:2080
- C:\Windows\System\UEqIzOS.exe
  C:\Windows\System\UEqIzOS.exe
  2⤵
  PID:4148
- C:\Windows\System\sAxRjpn.exe
  C:\Windows\System\sAxRjpn.exe
  2⤵
  PID:2264
- C:\Windows\System\ArThsTW.exe
  C:\Windows\System\ArThsTW.exe
  2⤵
  PID:1736
- C:\Windows\System\uMZzPQd.exe
  C:\Windows\System\uMZzPQd.exe
  2⤵
  PID:5360
- C:\Windows\System\YGlBMDM.exe
  C:\Windows\System\YGlBMDM.exe
  2⤵
  PID:1064
- C:\Windows\System\YzGkfDw.exe
  C:\Windows\System\YzGkfDw.exe
  2⤵
  PID:4324
- C:\Windows\System\RannTuk.exe
  C:\Windows\System\RannTuk.exe
  2⤵
  PID:1568
- C:\Windows\System\QSSAmkD.exe
  C:\Windows\System\QSSAmkD.exe
  2⤵
  PID:820
- C:\Windows\System\SBabSNy.exe
  C:\Windows\System\SBabSNy.exe
  2⤵
  PID:2864
- C:\Windows\System\jKtvIYF.exe
  C:\Windows\System\jKtvIYF.exe
  2⤵
  PID:3684
- C:\Windows\System\LdQqzDH.exe
  C:\Windows\System\LdQqzDH.exe
  2⤵
  PID:5404
- C:\Windows\System\vNWuiLw.exe
  C:\Windows\System\vNWuiLw.exe
  2⤵
  PID:5476
- C:\Windows\System\WvSsPxE.exe
  C:\Windows\System\WvSsPxE.exe
  2⤵
  PID:5492
- C:\Windows\System\YcvyRKc.exe
  C:\Windows\System\YcvyRKc.exe
  2⤵
  PID:5556
- C:\Windows\System\upjKJiG.exe
  C:\Windows\System\upjKJiG.exe
  2⤵
  PID:5644
- C:\Windows\System\QfDhqIU.exe
  C:\Windows\System\QfDhqIU.exe
  2⤵
  PID:5724
- C:\Windows\System\fUwIcmd.exe
  C:\Windows\System\fUwIcmd.exe
  2⤵
  PID:5780
- C:\Windows\System\SXzZELp.exe
  C:\Windows\System\SXzZELp.exe
  2⤵
  PID:5868
- C:\Windows\System\qQiTMNk.exe
  C:\Windows\System\qQiTMNk.exe
  2⤵
  PID:5980
- C:\Windows\System\wWIRDEF.exe
  C:\Windows\System\wWIRDEF.exe
  2⤵
  PID:6024
- C:\Windows\System\YmvdXLL.exe
  C:\Windows\System\YmvdXLL.exe
  2⤵
  PID:2484
- C:\Windows\System\cdrEgeB.exe
  C:\Windows\System\cdrEgeB.exe
  2⤵
  PID:4620
- C:\Windows\System\QsiKBLP.exe
  C:\Windows\System\QsiKBLP.exe
  2⤵
  PID:1732
- C:\Windows\System\VMmxewK.exe
  C:\Windows\System\VMmxewK.exe
  2⤵
  PID:1944
- C:\Windows\System\VUesbXC.exe
  C:\Windows\System\VUesbXC.exe
  2⤵
  PID:3352
- C:\Windows\System\fOcbgvq.exe
  C:\Windows\System\fOcbgvq.exe
  2⤵
  PID:2368
- C:\Windows\System\vDDJKia.exe
  C:\Windows\System\vDDJKia.exe
  2⤵
  PID:1740
- C:\Windows\System\XUOSlub.exe
  C:\Windows\System\XUOSlub.exe
  2⤵
  PID:4204
- C:\Windows\System\BwemTfO.exe
  C:\Windows\System\BwemTfO.exe
  2⤵
  PID:5420
- C:\Windows\System\RqctRgM.exe
  C:\Windows\System\RqctRgM.exe
  2⤵
  PID:5604
- C:\Windows\System\KqQnAya.exe
  C:\Windows\System\KqQnAya.exe
  2⤵
  PID:5836
- C:\Windows\System\TwHlATU.exe
  C:\Windows\System\TwHlATU.exe
  2⤵
  PID:5984
- C:\Windows\System\gWQDHLE.exe
  C:\Windows\System\gWQDHLE.exe
  2⤵
  PID:4848
- C:\Windows\System\qtwxQkE.exe
  C:\Windows\System\qtwxQkE.exe
  2⤵
  PID:2792
- C:\Windows\System\wKZecye.exe
  C:\Windows\System\wKZecye.exe
  2⤵
  PID:4320
- C:\Windows\System\whcSuTs.exe
  C:\Windows\System\whcSuTs.exe
  2⤵
  PID:5432
- C:\Windows\System\oSkofnT.exe
  C:\Windows\System\oSkofnT.exe
  2⤵
  PID:5920
- C:\Windows\System\JoixApR.exe
  C:\Windows\System\JoixApR.exe
  2⤵
  PID:4304
- C:\Windows\System\XzNUShM.exe
  C:\Windows\System\XzNUShM.exe
  2⤵
  PID:5696
- C:\Windows\System\HJHgMJj.exe
  C:\Windows\System\HJHgMJj.exe
  2⤵
  PID:3748
- C:\Windows\System\LEamJqp.exe
  C:\Windows\System\LEamJqp.exe
  2⤵
  PID:6152
- C:\Windows\System\sjLUdAU.exe
  C:\Windows\System\sjLUdAU.exe
  2⤵
  PID:6180
- C:\Windows\System\SOXbiDJ.exe
  C:\Windows\System\SOXbiDJ.exe
  2⤵
  PID:6212
- C:\Windows\System\SjGjwQX.exe
  C:\Windows\System\SjGjwQX.exe
  2⤵
  PID:6236
- C:\Windows\System\hloeJOC.exe
  C:\Windows\System\hloeJOC.exe
  2⤵
  PID:6268
- C:\Windows\System\ZmgTHKn.exe
  C:\Windows\System\ZmgTHKn.exe
  2⤵
  PID:6296
- C:\Windows\System\ocbttYZ.exe
  C:\Windows\System\ocbttYZ.exe
  2⤵
  PID:6328
- C:\Windows\System\BhprvoB.exe
  C:\Windows\System\BhprvoB.exe
  2⤵
  PID:6348
- C:\Windows\System\uiVKPeS.exe
  C:\Windows\System\uiVKPeS.exe
  2⤵
  PID:6380
- C:\Windows\System\fxLcNiu.exe
  C:\Windows\System\fxLcNiu.exe
  2⤵
  PID:6408
- C:\Windows\System\NxyOwtN.exe
  C:\Windows\System\NxyOwtN.exe
  2⤵
  PID:6440
- C:\Windows\System\vqdfLWx.exe
  C:\Windows\System\vqdfLWx.exe
  2⤵
  PID:6464
- C:\Windows\System\oXEulbq.exe
  C:\Windows\System\oXEulbq.exe
  2⤵
  PID:6488
- C:\Windows\System\KSjDjQB.exe
  C:\Windows\System\KSjDjQB.exe
  2⤵
  PID:6504
- C:\Windows\System\ZtEmTxS.exe
  C:\Windows\System\ZtEmTxS.exe
  2⤵
  PID:6544
- C:\Windows\System\jvxJkcn.exe
  C:\Windows\System\jvxJkcn.exe
  2⤵
  PID:6580
- C:\Windows\System\xGrhlpl.exe
  C:\Windows\System\xGrhlpl.exe
  2⤵
  PID:6600
- C:\Windows\System\TBCJZyU.exe
  C:\Windows\System\TBCJZyU.exe
  2⤵
  PID:6636
- C:\Windows\System\AnFrgEh.exe
  C:\Windows\System\AnFrgEh.exe
  2⤵
  PID:6656
- C:\Windows\System\lHjGavA.exe
  C:\Windows\System\lHjGavA.exe
  2⤵
  PID:6684
- C:\Windows\System\VrZPCVM.exe
  C:\Windows\System\VrZPCVM.exe
  2⤵
  PID:6712
- C:\Windows\System\IlrYGMA.exe
  C:\Windows\System\IlrYGMA.exe
  2⤵
  PID:6744
- C:\Windows\System\IYPlJvd.exe
  C:\Windows\System\IYPlJvd.exe
  2⤵
  PID:6780
- C:\Windows\System\rHcqMfi.exe
  C:\Windows\System\rHcqMfi.exe
  2⤵
  PID:6808
- C:\Windows\System\GgfJikZ.exe
  C:\Windows\System\GgfJikZ.exe
  2⤵
  PID:6840
- C:\Windows\System\mvpzFGw.exe
  C:\Windows\System\mvpzFGw.exe
  2⤵
  PID:6864
- C:\Windows\System\GEMDrhn.exe
  C:\Windows\System\GEMDrhn.exe
  2⤵
  PID:6892
- C:\Windows\System\oqMPDEQ.exe
  C:\Windows\System\oqMPDEQ.exe
  2⤵
  PID:6924
- C:\Windows\System\LYskhwL.exe
  C:\Windows\System\LYskhwL.exe
  2⤵
  PID:6952
- C:\Windows\System\ueupfKq.exe
  C:\Windows\System\ueupfKq.exe
  2⤵
  PID:6980
- C:\Windows\System\dvSOCFl.exe
  C:\Windows\System\dvSOCFl.exe
  2⤵
  PID:7016
- C:\Windows\System\toeBWVd.exe
  C:\Windows\System\toeBWVd.exe
  2⤵
  PID:7036
- C:\Windows\System\fGFZgTJ.exe
  C:\Windows\System\fGFZgTJ.exe
  2⤵
  PID:7064
- C:\Windows\System\FkwuNvQ.exe
  C:\Windows\System\FkwuNvQ.exe
  2⤵
  PID:7092
- C:\Windows\System\BYmEqGI.exe
  C:\Windows\System\BYmEqGI.exe
  2⤵
  PID:7108
- C:\Windows\System\QeYntFI.exe
  C:\Windows\System\QeYntFI.exe
  2⤵
  PID:7128
- C:\Windows\System\WWcGuSA.exe
  C:\Windows\System\WWcGuSA.exe
  2⤵
  PID:7148
- C:\Windows\System\GJsOKwq.exe
  C:\Windows\System\GJsOKwq.exe
  2⤵
  PID:6092
- C:\Windows\System\JUrxCaj.exe
  C:\Windows\System\JUrxCaj.exe
  2⤵
  PID:6204
- C:\Windows\System\RLeTPyC.exe
  C:\Windows\System\RLeTPyC.exe
  2⤵
  PID:6276
- C:\Windows\System\RmTVPkf.exe
  C:\Windows\System\RmTVPkf.exe
  2⤵
  PID:6368
- C:\Windows\System\NuXIEuA.exe
  C:\Windows\System\NuXIEuA.exe
  2⤵
  PID:6428
- C:\Windows\System\ErCYNzC.exe
  C:\Windows\System\ErCYNzC.exe
  2⤵
  PID:6484
- C:\Windows\System\tBCRuDL.exe
  C:\Windows\System\tBCRuDL.exe
  2⤵
  PID:6528
- C:\Windows\System\GQkFgRE.exe
  C:\Windows\System\GQkFgRE.exe
  2⤵
  PID:6612
- C:\Windows\System\ePSglYb.exe
  C:\Windows\System\ePSglYb.exe
  2⤵
  PID:6680
- C:\Windows\System\MCLKAGI.exe
  C:\Windows\System\MCLKAGI.exe
  2⤵
  PID:6768
- C:\Windows\System\SDNZrHw.exe
  C:\Windows\System\SDNZrHw.exe
  2⤵
  PID:6848
- C:\Windows\System\rcUQdOu.exe
  C:\Windows\System\rcUQdOu.exe
  2⤵
  PID:6940
- C:\Windows\System\mbbjLci.exe
  C:\Windows\System\mbbjLci.exe
  2⤵
  PID:7084
- C:\Windows\System\JeQOdor.exe
  C:\Windows\System\JeQOdor.exe
  2⤵
  PID:7156
- C:\Windows\System\bYLrRJa.exe
  C:\Windows\System\bYLrRJa.exe
  2⤵
  PID:6228
- C:\Windows\System\pnnHqTK.exe
  C:\Windows\System\pnnHqTK.exe
  2⤵
  PID:6396
- C:\Windows\System\eTsutsx.exe
  C:\Windows\System\eTsutsx.exe
  2⤵
  PID:6360
- C:\Windows\System\nWmpMKm.exe
  C:\Windows\System\nWmpMKm.exe
  2⤵
  PID:6596
- C:\Windows\System\hpxbfwC.exe
  C:\Windows\System\hpxbfwC.exe
  2⤵
  PID:6724
- C:\Windows\System\zIkGEUT.exe
  C:\Windows\System\zIkGEUT.exe
  2⤵
  PID:6972
- C:\Windows\System\hRjgwnu.exe
  C:\Windows\System\hRjgwnu.exe
  2⤵
  PID:6164
- C:\Windows\System\WNMtAmu.exe
  C:\Windows\System\WNMtAmu.exe
  2⤵
  PID:6516
- C:\Windows\System\JjxfiHe.exe
  C:\Windows\System\JjxfiHe.exe
  2⤵
  PID:6880
- C:\Windows\System\XQZAldp.exe
  C:\Windows\System\XQZAldp.exe
  2⤵
  PID:7172
- C:\Windows\System\BNeRwLw.exe
  C:\Windows\System\BNeRwLw.exe
  2⤵
  PID:7200
- C:\Windows\System\strSfKi.exe
  C:\Windows\System\strSfKi.exe
  2⤵
  PID:7216
- C:\Windows\System\OSvwfBO.exe
  C:\Windows\System\OSvwfBO.exe
  2⤵
  PID:7244
- C:\Windows\System\rVfBHwj.exe
  C:\Windows\System\rVfBHwj.exe
  2⤵
  PID:7284
- C:\Windows\System\tRvbDdm.exe
  C:\Windows\System\tRvbDdm.exe
  2⤵
  PID:7320
- C:\Windows\System\JXhoExD.exe
  C:\Windows\System\JXhoExD.exe
  2⤵
  PID:7364
- C:\Windows\System\gesaJZj.exe
  C:\Windows\System\gesaJZj.exe
  2⤵
  PID:7384
- C:\Windows\System\PyiUCGQ.exe
  C:\Windows\System\PyiUCGQ.exe
  2⤵
  PID:7404
- C:\Windows\System\LwELZlB.exe
  C:\Windows\System\LwELZlB.exe
  2⤵
  PID:7432
- C:\Windows\System\GKVAOMA.exe
  C:\Windows\System\GKVAOMA.exe
  2⤵
  PID:7456
- C:\Windows\System\uZmKgXi.exe
  C:\Windows\System\uZmKgXi.exe
  2⤵
  PID:7488
- C:\Windows\System\Etclzvw.exe
  C:\Windows\System\Etclzvw.exe
  2⤵
  PID:7528
- C:\Windows\System\sNWmPTS.exe
  C:\Windows\System\sNWmPTS.exe
  2⤵
  PID:7552
- C:\Windows\System\YxxBxFq.exe
  C:\Windows\System\YxxBxFq.exe
  2⤵
  PID:7568
- C:\Windows\System\CFsHCtZ.exe
  C:\Windows\System\CFsHCtZ.exe
  2⤵
  PID:7600
- C:\Windows\System\BhrTWzO.exe
  C:\Windows\System\BhrTWzO.exe
  2⤵
  PID:7636
- C:\Windows\System\JDHevtc.exe
  C:\Windows\System\JDHevtc.exe
  2⤵
  PID:7672
- C:\Windows\System\mBsAzvb.exe
  C:\Windows\System\mBsAzvb.exe
  2⤵
  PID:7700
- C:\Windows\System\ScsvDvR.exe
  C:\Windows\System\ScsvDvR.exe
  2⤵
  PID:7732
- C:\Windows\System\qxbFchH.exe
  C:\Windows\System\qxbFchH.exe
  2⤵
  PID:7756
- C:\Windows\System\UaOxgrG.exe
  C:\Windows\System\UaOxgrG.exe
  2⤵
  PID:7796
- C:\Windows\System\YpqjaKD.exe
  C:\Windows\System\YpqjaKD.exe
  2⤵
  PID:7816
- C:\Windows\System\WbjWgMo.exe
  C:\Windows\System\WbjWgMo.exe
  2⤵
  PID:7832
- C:\Windows\System\vdWvLkd.exe
  C:\Windows\System\vdWvLkd.exe
  2⤵
  PID:7848
- C:\Windows\System\BTZtvAc.exe
  C:\Windows\System\BTZtvAc.exe
  2⤵
  PID:7888
- C:\Windows\System\wXiLBbT.exe
  C:\Windows\System\wXiLBbT.exe
  2⤵
  PID:7928
- C:\Windows\System\FNEsreA.exe
  C:\Windows\System\FNEsreA.exe
  2⤵
  PID:7944
- C:\Windows\System\agvaATo.exe
  C:\Windows\System\agvaATo.exe
  2⤵
  PID:7968
- C:\Windows\System\CgHFufT.exe
  C:\Windows\System\CgHFufT.exe
  2⤵
  PID:8008
- C:\Windows\System\YvFkXnH.exe
  C:\Windows\System\YvFkXnH.exe
  2⤵
  PID:8040
- C:\Windows\System\kwPsTQk.exe
  C:\Windows\System\kwPsTQk.exe
  2⤵
  PID:8072
- C:\Windows\System\RHPBIgl.exe
  C:\Windows\System\RHPBIgl.exe
  2⤵
  PID:8100
- C:\Windows\System\sJfMmQP.exe
  C:\Windows\System\sJfMmQP.exe
  2⤵
  PID:8132
- C:\Windows\System\onrCBdT.exe
  C:\Windows\System\onrCBdT.exe
  2⤵
  PID:8156
- C:\Windows\System\hkngwsV.exe
  C:\Windows\System\hkngwsV.exe
  2⤵
  PID:8188
- C:\Windows\System\qCfcqSc.exe
  C:\Windows\System\qCfcqSc.exe
  2⤵
  PID:6256
- C:\Windows\System\BuStygA.exe
  C:\Windows\System\BuStygA.exe
  2⤵
  PID:7272
- C:\Windows\System\uDUULgb.exe
  C:\Windows\System\uDUULgb.exe
  2⤵
  PID:7312
- C:\Windows\System\LGKAYMd.exe
  C:\Windows\System\LGKAYMd.exe
  2⤵
  PID:7392
- C:\Windows\System\SeebaRu.exe
  C:\Windows\System\SeebaRu.exe
  2⤵
  PID:7428
- C:\Windows\System\IYrHkQX.exe
  C:\Windows\System\IYrHkQX.exe
  2⤵
  PID:7512
- C:\Windows\System\WKSsrHt.exe
  C:\Windows\System\WKSsrHt.exe
  2⤵
  PID:7580
- C:\Windows\System\aYlfieG.exe
  C:\Windows\System\aYlfieG.exe
  2⤵
  PID:7648
- C:\Windows\System\kHxytAe.exe
  C:\Windows\System\kHxytAe.exe
  2⤵
  PID:7724
- C:\Windows\System\WbigrKX.exe
  C:\Windows\System\WbigrKX.exe
  2⤵
  PID:7780
- C:\Windows\System\HHXwTxu.exe
  C:\Windows\System\HHXwTxu.exe
  2⤵
  PID:7840
- C:\Windows\System\XbmJJHp.exe
  C:\Windows\System\XbmJJHp.exe
  2⤵
  PID:7908
- C:\Windows\System\wuBAJnU.exe
  C:\Windows\System\wuBAJnU.exe
  2⤵
  PID:7996
- C:\Windows\System\APGxAsQ.exe
  C:\Windows\System\APGxAsQ.exe
  2⤵
  PID:8060
- C:\Windows\System\CkfdmKd.exe
  C:\Windows\System\CkfdmKd.exe
  2⤵
  PID:8068
- C:\Windows\System\SSMypij.exe
  C:\Windows\System\SSMypij.exe
  2⤵
  PID:8180
- C:\Windows\System\mGinsnl.exe
  C:\Windows\System\mGinsnl.exe
  2⤵
  PID:7348
- C:\Windows\System\GfQfByO.exe
  C:\Windows\System\GfQfByO.exe
  2⤵
  PID:7596
- C:\Windows\System\uqmZmFa.exe
  C:\Windows\System\uqmZmFa.exe
  2⤵
  PID:7744
- C:\Windows\System\NyrRIUC.exe
  C:\Windows\System\NyrRIUC.exe
  2⤵
  PID:7900
- C:\Windows\System\xXNqKBA.exe
  C:\Windows\System\xXNqKBA.exe
  2⤵
  PID:8092
- C:\Windows\System\rpgdrOh.exe
  C:\Windows\System\rpgdrOh.exe
  2⤵
  PID:7228
- C:\Windows\System\CprTcSG.exe
  C:\Windows\System\CprTcSG.exe
  2⤵
  PID:7684
- C:\Windows\System\PvoWfNY.exe
  C:\Windows\System\PvoWfNY.exe
  2⤵
  PID:2888
- C:\Windows\System\clfdkWj.exe
  C:\Windows\System\clfdkWj.exe
  2⤵
  PID:7300
- C:\Windows\System\yIEMrbt.exe
  C:\Windows\System\yIEMrbt.exe
  2⤵
  PID:8204
- C:\Windows\System\XQjDllt.exe
  C:\Windows\System\XQjDllt.exe
  2⤵
  PID:8236
- C:\Windows\System\YkhkegI.exe
  C:\Windows\System\YkhkegI.exe
  2⤵
  PID:8272
- C:\Windows\System\aAbCcza.exe
  C:\Windows\System\aAbCcza.exe
  2⤵
  PID:8300
- C:\Windows\System\oyTiBAu.exe
  C:\Windows\System\oyTiBAu.exe
  2⤵
  PID:8328
- C:\Windows\System\MjcvDNQ.exe
  C:\Windows\System\MjcvDNQ.exe
  2⤵
  PID:8356
- C:\Windows\System\UQYGcEL.exe
  C:\Windows\System\UQYGcEL.exe
  2⤵
  PID:8384
- C:\Windows\System\EEWXcMt.exe
  C:\Windows\System\EEWXcMt.exe
  2⤵
  PID:8400
- C:\Windows\System\jSWSQeE.exe
  C:\Windows\System\jSWSQeE.exe
  2⤵
  PID:8428
- C:\Windows\System\wFAUTXo.exe
  C:\Windows\System\wFAUTXo.exe
  2⤵
  PID:8448
- C:\Windows\System\QAVNyLg.exe
  C:\Windows\System\QAVNyLg.exe
  2⤵
  PID:8484
- C:\Windows\System\IENDBGH.exe
  C:\Windows\System\IENDBGH.exe
  2⤵
  PID:8524
- C:\Windows\System\BUFFIHV.exe
  C:\Windows\System\BUFFIHV.exe
  2⤵
  PID:8556
- C:\Windows\System\BQJDLah.exe
  C:\Windows\System\BQJDLah.exe
  2⤵
  PID:8600
- C:\Windows\System\rrLvANC.exe
  C:\Windows\System\rrLvANC.exe
  2⤵
  PID:8616
- C:\Windows\System\loqIkSD.exe
  C:\Windows\System\loqIkSD.exe
  2⤵
  PID:8636
- C:\Windows\System\pkJoXBJ.exe
  C:\Windows\System\pkJoXBJ.exe
  2⤵
  PID:8664
- C:\Windows\System\mhJiEse.exe
  C:\Windows\System\mhJiEse.exe
  2⤵
  PID:8700
- C:\Windows\System\TWiLIeF.exe
  C:\Windows\System\TWiLIeF.exe
  2⤵
  PID:8728
- C:\Windows\System\bEPrRSi.exe
  C:\Windows\System\bEPrRSi.exe
  2⤵
  PID:8744
- C:\Windows\System\BOrakdO.exe
  C:\Windows\System\BOrakdO.exe
  2⤵
  PID:8784
- C:\Windows\System\NkEWMFx.exe
  C:\Windows\System\NkEWMFx.exe
  2⤵
  PID:8816
- C:\Windows\System\IaYAEJS.exe
  C:\Windows\System\IaYAEJS.exe
  2⤵
  PID:8836
- C:\Windows\System\TfhIOzh.exe
  C:\Windows\System\TfhIOzh.exe
  2⤵
  PID:8852
- C:\Windows\System\jKFVyWV.exe
  C:\Windows\System\jKFVyWV.exe
  2⤵
  PID:8872
- C:\Windows\System\rjQRSqr.exe
  C:\Windows\System\rjQRSqr.exe
  2⤵
  PID:8912
- C:\Windows\System\hXaxAqs.exe
  C:\Windows\System\hXaxAqs.exe
  2⤵
  PID:8928
- C:\Windows\System\InoVuiM.exe
  C:\Windows\System\InoVuiM.exe
  2⤵
  PID:8960
- C:\Windows\System\SpUJqUz.exe
  C:\Windows\System\SpUJqUz.exe
  2⤵
  PID:9004
- C:\Windows\System\eWEFQcB.exe
  C:\Windows\System\eWEFQcB.exe
  2⤵
  PID:9044
- C:\Windows\System\LoyJIsh.exe
  C:\Windows\System\LoyJIsh.exe
  2⤵
  PID:9072
- C:\Windows\System\cyJfjgo.exe
  C:\Windows\System\cyJfjgo.exe
  2⤵
  PID:9112
- C:\Windows\System\rFoTilW.exe
  C:\Windows\System\rFoTilW.exe
  2⤵
  PID:9136
- C:\Windows\System\prmShwN.exe
  C:\Windows\System\prmShwN.exe
  2⤵
  PID:9156
- C:\Windows\System\xskVGCh.exe
  C:\Windows\System\xskVGCh.exe
  2⤵
  PID:9176
- C:\Windows\System\gAjsYXN.exe
  C:\Windows\System\gAjsYXN.exe
  2⤵
  PID:9208
- C:\Windows\System\VtUhFRm.exe
  C:\Windows\System\VtUhFRm.exe
  2⤵
  PID:8200
- C:\Windows\System\sGLqfmS.exe
  C:\Windows\System\sGLqfmS.exe
  2⤵
  PID:8288
- C:\Windows\System\JIIFzrw.exe
  C:\Windows\System\JIIFzrw.exe
  2⤵
  PID:8372
- C:\Windows\System\eRnDDrl.exe
  C:\Windows\System\eRnDDrl.exe
  2⤵
  PID:8468
- C:\Windows\System\aKvNzyh.exe
  C:\Windows\System\aKvNzyh.exe
  2⤵
  PID:8520
- C:\Windows\System\nYjfFhl.exe
  C:\Windows\System\nYjfFhl.exe
  2⤵
  PID:8584
- C:\Windows\System\HeZhzIm.exe
  C:\Windows\System\HeZhzIm.exe
  2⤵
  PID:7508
- C:\Windows\System\uaplTEf.exe
  C:\Windows\System\uaplTEf.exe
  2⤵
  PID:8660
- C:\Windows\System\aYuyFUb.exe
  C:\Windows\System\aYuyFUb.exe
  2⤵
  PID:8712
- C:\Windows\System\oQHDTxr.exe
  C:\Windows\System\oQHDTxr.exe
  2⤵
  PID:8804
- C:\Windows\System\DKIBSuy.exe
  C:\Windows\System\DKIBSuy.exe
  2⤵
  PID:8868
- C:\Windows\System\NYCDjZZ.exe
  C:\Windows\System\NYCDjZZ.exe
  2⤵
  PID:8956
- C:\Windows\System\hzbshmM.exe
  C:\Windows\System\hzbshmM.exe
  2⤵
  PID:8988
- C:\Windows\System\xgZqiOZ.exe
  C:\Windows\System\xgZqiOZ.exe
  2⤵
  PID:9032
- C:\Windows\System\rQZBEwg.exe
  C:\Windows\System\rQZBEwg.exe
  2⤵
  PID:9120
- C:\Windows\System\teoUNcX.exe
  C:\Windows\System\teoUNcX.exe
  2⤵
  PID:9192
- C:\Windows\System\dTaYAMX.exe
  C:\Windows\System\dTaYAMX.exe
  2⤵
  PID:8228
- C:\Windows\System\eZSNAcn.exe
  C:\Windows\System\eZSNAcn.exe
  2⤵
  PID:8392
- C:\Windows\System\STtWwPK.exe
  C:\Windows\System\STtWwPK.exe
  2⤵
  PID:8580
- C:\Windows\System\ugaXeRO.exe
  C:\Windows\System\ugaXeRO.exe
  2⤵
  PID:8696
- C:\Windows\System\jfULjmT.exe
  C:\Windows\System\jfULjmT.exe
  2⤵
  PID:8736
- C:\Windows\System\jbISdVj.exe
  C:\Windows\System\jbISdVj.exe
  2⤵
  PID:8948
- C:\Windows\System\NDZWSlX.exe
  C:\Windows\System\NDZWSlX.exe
  2⤵
  PID:9172
- C:\Windows\System\dsDDYXh.exe
  C:\Windows\System\dsDDYXh.exe
  2⤵
  PID:8552
- C:\Windows\System\TAJuTfn.exe
  C:\Windows\System\TAJuTfn.exe
  2⤵
  PID:8628
- C:\Windows\System\Dvqlroi.exe
  C:\Windows\System\Dvqlroi.exe
  2⤵
  PID:8324
- C:\Windows\System\JTYUwUA.exe
  C:\Windows\System\JTYUwUA.exe
  2⤵
  PID:9240
- C:\Windows\System\PJcwUxb.exe
  C:\Windows\System\PJcwUxb.exe
  2⤵
  PID:9272
- C:\Windows\System\MGlAVEM.exe
  C:\Windows\System\MGlAVEM.exe
  2⤵
  PID:9308
- C:\Windows\System\cwDKQMn.exe
  C:\Windows\System\cwDKQMn.exe
  2⤵
  PID:9340
- C:\Windows\System\kEcppPP.exe
  C:\Windows\System\kEcppPP.exe
  2⤵
  PID:9360
- C:\Windows\System\UNpWBcR.exe
  C:\Windows\System\UNpWBcR.exe
  2⤵
  PID:9400
- C:\Windows\System\zdZKfNP.exe
  C:\Windows\System\zdZKfNP.exe
  2⤵
  PID:9416
- C:\Windows\System\BEHVjMP.exe
  C:\Windows\System\BEHVjMP.exe
  2⤵
  PID:9440
- C:\Windows\System\ubCaezH.exe
  C:\Windows\System\ubCaezH.exe
  2⤵
  PID:9464
- C:\Windows\System\LfnmptD.exe
  C:\Windows\System\LfnmptD.exe
  2⤵
  PID:9512
- C:\Windows\System\HrclFAr.exe
  C:\Windows\System\HrclFAr.exe
  2⤵
  PID:9532
- C:\Windows\System\jEzRMgT.exe
  C:\Windows\System\jEzRMgT.exe
  2⤵
  PID:9552
- C:\Windows\System\JxwNrmm.exe
  C:\Windows\System\JxwNrmm.exe
  2⤵
  PID:9580
- C:\Windows\System\eIkpRcq.exe
  C:\Windows\System\eIkpRcq.exe
  2⤵
  PID:9628
- C:\Windows\System\iAGGhsw.exe
  C:\Windows\System\iAGGhsw.exe
  2⤵
  PID:9668
- C:\Windows\System\iRIGfhF.exe
  C:\Windows\System\iRIGfhF.exe
  2⤵
  PID:9688
- C:\Windows\System\ziMSZql.exe
  C:\Windows\System\ziMSZql.exe
  2⤵
  PID:9728
- C:\Windows\System\GWafwhf.exe
  C:\Windows\System\GWafwhf.exe
  2⤵
  PID:9772
- C:\Windows\System\FNFusBS.exe
  C:\Windows\System\FNFusBS.exe
  2⤵
  PID:9800
- C:\Windows\System\czVpdSI.exe
  C:\Windows\System\czVpdSI.exe
  2⤵
  PID:9840
- C:\Windows\System\KvCDbYK.exe
  C:\Windows\System\KvCDbYK.exe
  2⤵
  PID:9884
- C:\Windows\System\MgsUNNs.exe
  C:\Windows\System\MgsUNNs.exe
  2⤵
  PID:9912
- C:\Windows\System\kNnkfBq.exe
  C:\Windows\System\kNnkfBq.exe
  2⤵
  PID:9948
- C:\Windows\System\xbCMQJL.exe
  C:\Windows\System\xbCMQJL.exe
  2⤵
  PID:10000
- C:\Windows\System\eFtniJq.exe
  C:\Windows\System\eFtniJq.exe
  2⤵
  PID:10028
- C:\Windows\System\XhjEjNA.exe
  C:\Windows\System\XhjEjNA.exe
  2⤵
  PID:10052
- C:\Windows\System\PxjqjiM.exe
  C:\Windows\System\PxjqjiM.exe
  2⤵
  PID:10076
- C:\Windows\System\FHSpfVO.exe
  C:\Windows\System\FHSpfVO.exe
  2⤵
  PID:10112
- C:\Windows\System\SSsYllF.exe
  C:\Windows\System\SSsYllF.exe
  2⤵
  PID:10144
- C:\Windows\System\SratrHC.exe
  C:\Windows\System\SratrHC.exe
  2⤵
  PID:10172
- C:\Windows\System\mpwnTHF.exe
  C:\Windows\System\mpwnTHF.exe
  2⤵
  PID:10200
- C:\Windows\System\pwBTLmQ.exe
  C:\Windows\System\pwBTLmQ.exe
  2⤵
  PID:10220
- C:\Windows\System\VwIDPpA.exe
  C:\Windows\System\VwIDPpA.exe
  2⤵
  PID:9104
- C:\Windows\System\fQlUBpB.exe
  C:\Windows\System\fQlUBpB.exe
  2⤵
  PID:9220
- C:\Windows\System\qgHFrtp.exe
  C:\Windows\System\qgHFrtp.exe
  2⤵
  PID:9332
- C:\Windows\System\WkNjldC.exe
  C:\Windows\System\WkNjldC.exe
  2⤵
  PID:9392
- C:\Windows\System\gkoKVde.exe
  C:\Windows\System\gkoKVde.exe
  2⤵
  PID:9480
- C:\Windows\System\iJklVBX.exe
  C:\Windows\System\iJklVBX.exe
  2⤵
  PID:9608
- C:\Windows\System\CrmkTRw.exe
  C:\Windows\System\CrmkTRw.exe
  2⤵
  PID:9604
- C:\Windows\System\CgmedQl.exe
  C:\Windows\System\CgmedQl.exe
  2⤵
  PID:9640
- C:\Windows\System\dexkMwd.exe
  C:\Windows\System\dexkMwd.exe
  2⤵
  PID:9704
- C:\Windows\System\wTSmrQW.exe
  C:\Windows\System\wTSmrQW.exe
  2⤵
  PID:9784
- C:\Windows\System\laaIwNb.exe
  C:\Windows\System\laaIwNb.exe
  2⤵
  PID:9852
- C:\Windows\System\EWXzoOi.exe
  C:\Windows\System\EWXzoOi.exe
  2⤵
  PID:9940
- C:\Windows\System\pVIHFSY.exe
  C:\Windows\System\pVIHFSY.exe
  2⤵
  PID:3056
- C:\Windows\System\NcNaeKv.exe
  C:\Windows\System\NcNaeKv.exe
  2⤵
  PID:10164
- C:\Windows\System\TdWAWvJ.exe
  C:\Windows\System\TdWAWvJ.exe
  2⤵
  PID:10184
- C:\Windows\System\rsvWTxP.exe
  C:\Windows\System\rsvWTxP.exe
  2⤵
  PID:2068
- C:\Windows\System\vOsVslI.exe
  C:\Windows\System\vOsVslI.exe
  2⤵
  PID:9484
- C:\Windows\System\YXJktbR.exe
  C:\Windows\System\YXJktbR.exe
  2⤵
  PID:9676
- C:\Windows\System\BzbsnQM.exe
  C:\Windows\System\BzbsnQM.exe
  2⤵
  PID:9892
- C:\Windows\System\XSoiDyb.exe
  C:\Windows\System\XSoiDyb.exe
  2⤵
  PID:9876
- C:\Windows\System\YkStejb.exe
  C:\Windows\System\YkStejb.exe
  2⤵
  PID:10072
- C:\Windows\System\GLjHOUY.exe
  C:\Windows\System\GLjHOUY.exe
  2⤵
  PID:10192
- C:\Windows\System\uFzyeTZ.exe
  C:\Windows\System\uFzyeTZ.exe
  2⤵
  PID:9260
- C:\Windows\System\XZrBayt.exe
  C:\Windows\System\XZrBayt.exe
  2⤵
  PID:1536
- C:\Windows\System\iRWnKMv.exe
  C:\Windows\System\iRWnKMv.exe
  2⤵
  PID:10104
- C:\Windows\System\MBMffXL.exe
  C:\Windows\System\MBMffXL.exe
  2⤵
  PID:9812
- C:\Windows\System\PFnMAWB.exe
  C:\Windows\System\PFnMAWB.exe
  2⤵
  PID:10228
- C:\Windows\System\DaPJFsz.exe
  C:\Windows\System\DaPJFsz.exe
  2⤵
  PID:10260
- C:\Windows\System\XAbnEnM.exe
  C:\Windows\System\XAbnEnM.exe
  2⤵
  PID:10292
- C:\Windows\System\IXxvUPN.exe
  C:\Windows\System\IXxvUPN.exe
  2⤵
  PID:10320
- C:\Windows\System\bwHNwMw.exe
  C:\Windows\System\bwHNwMw.exe
  2⤵
  PID:10348
- C:\Windows\System\FQAnmLY.exe
  C:\Windows\System\FQAnmLY.exe
  2⤵
  PID:10376
- C:\Windows\System\qAATwHa.exe
  C:\Windows\System\qAATwHa.exe
  2⤵
  PID:10404
- C:\Windows\System\bkoDsVQ.exe
  C:\Windows\System\bkoDsVQ.exe
  2⤵
  PID:10432
- C:\Windows\System\rDLAbOk.exe
  C:\Windows\System\rDLAbOk.exe
  2⤵
  PID:10452
- C:\Windows\System\RigQZOT.exe
  C:\Windows\System\RigQZOT.exe
  2⤵
  PID:10484
- C:\Windows\System\yfZeQuC.exe
  C:\Windows\System\yfZeQuC.exe
  2⤵
  PID:10516
- C:\Windows\System\mrcMovT.exe
  C:\Windows\System\mrcMovT.exe
  2⤵
  PID:10544
- C:\Windows\System\iyrUAJG.exe
  C:\Windows\System\iyrUAJG.exe
  2⤵
  PID:10572
- C:\Windows\System\TARXDFT.exe
  C:\Windows\System\TARXDFT.exe
  2⤵
  PID:10600
- C:\Windows\System\TrsEOsi.exe
  C:\Windows\System\TrsEOsi.exe
  2⤵
  PID:10620
- C:\Windows\System\UpblJTj.exe
  C:\Windows\System\UpblJTj.exe
  2⤵
  PID:10656
- C:\Windows\System\lusRlIT.exe
  C:\Windows\System\lusRlIT.exe
  2⤵
  PID:10684
- C:\Windows\System\NFjBeUx.exe
  C:\Windows\System\NFjBeUx.exe
  2⤵
  PID:10712
- C:\Windows\System\HJZYvmB.exe
  C:\Windows\System\HJZYvmB.exe
  2⤵
  PID:10740
- C:\Windows\System\TssFLBX.exe
  C:\Windows\System\TssFLBX.exe
  2⤵
  PID:10768
- C:\Windows\System\vqMAocu.exe
  C:\Windows\System\vqMAocu.exe
  2⤵
  PID:10796
- C:\Windows\System\MptFLVn.exe
  C:\Windows\System\MptFLVn.exe
  2⤵
  PID:10812
- C:\Windows\System\winjwDS.exe
  C:\Windows\System\winjwDS.exe
  2⤵
  PID:10840
- C:\Windows\System\mfxqYZb.exe
  C:\Windows\System\mfxqYZb.exe
  2⤵
  PID:10868
- C:\Windows\System\OiZQAlf.exe
  C:\Windows\System\OiZQAlf.exe
  2⤵
  PID:10888
- C:\Windows\System\NKWSbkR.exe
  C:\Windows\System\NKWSbkR.exe
  2⤵
  PID:10912
- C:\Windows\System\GbZXhKk.exe
  C:\Windows\System\GbZXhKk.exe
  2⤵
  PID:10944
- C:\Windows\System\RORYvGd.exe
  C:\Windows\System\RORYvGd.exe
  2⤵
  PID:10988
- C:\Windows\System\fVtlgPF.exe
  C:\Windows\System\fVtlgPF.exe
  2⤵
  PID:11016
- C:\Windows\System\TBeCnSS.exe
  C:\Windows\System\TBeCnSS.exe
  2⤵
  PID:11052
- C:\Windows\System\naCrqiI.exe
  C:\Windows\System\naCrqiI.exe
  2⤵
  PID:11080
- C:\Windows\System\AhWMtQb.exe
  C:\Windows\System\AhWMtQb.exe
  2⤵
  PID:11108
- C:\Windows\System\lHPyAGU.exe
  C:\Windows\System\lHPyAGU.exe
  2⤵
  PID:11128
- C:\Windows\System\kstbOgY.exe
  C:\Windows\System\kstbOgY.exe
  2⤵
  PID:11164
- C:\Windows\System\cEpQZVv.exe
  C:\Windows\System\cEpQZVv.exe
  2⤵
  PID:11192
- C:\Windows\System\nIJgZPT.exe
  C:\Windows\System\nIJgZPT.exe
  2⤵
  PID:11208
- C:\Windows\System\SeUjhBF.exe
  C:\Windows\System\SeUjhBF.exe
  2⤵
  PID:11228
- C:\Windows\System\asYBuBM.exe
  C:\Windows\System\asYBuBM.exe
  2⤵
  PID:11252
- C:\Windows\System\iOqEDdm.exe
  C:\Windows\System\iOqEDdm.exe
  2⤵
  PID:10252
- C:\Windows\System\kYJyaAm.exe
  C:\Windows\System\kYJyaAm.exe
  2⤵
  PID:10308
- C:\Windows\System\nTlfjiu.exe
  C:\Windows\System\nTlfjiu.exe
  2⤵
  PID:10360
- C:\Windows\System\muQBTUO.exe
  C:\Windows\System\muQBTUO.exe
  2⤵
  PID:10396
- C:\Windows\System\xmKkoWw.exe
  C:\Windows\System\xmKkoWw.exe
  2⤵
  PID:10480
- C:\Windows\System\nQRUBrl.exe
  C:\Windows\System\nQRUBrl.exe
  2⤵
  PID:10564
- C:\Windows\System\jmQpSsx.exe
  C:\Windows\System\jmQpSsx.exe
  2⤵
  PID:10628
- C:\Windows\System\tCjyGDp.exe
  C:\Windows\System\tCjyGDp.exe
  2⤵
  PID:10680
- C:\Windows\System\wIgWjJd.exe
  C:\Windows\System\wIgWjJd.exe
  2⤵
  PID:10728
- C:\Windows\System\zQztkTz.exe
  C:\Windows\System\zQztkTz.exe
  2⤵
  PID:10804
- C:\Windows\System\mlXXAhx.exe
  C:\Windows\System\mlXXAhx.exe
  2⤵
  PID:10856
- C:\Windows\System\cNrWGVt.exe
  C:\Windows\System\cNrWGVt.exe
  2⤵
  PID:10972
- C:\Windows\System\grRIHJP.exe
  C:\Windows\System\grRIHJP.exe
  2⤵
  PID:11036
- C:\Windows\System\UQpRbHa.exe
  C:\Windows\System\UQpRbHa.exe
  2⤵
  PID:2832
- C:\Windows\System\EfKTipq.exe
  C:\Windows\System\EfKTipq.exe
  2⤵
  PID:11148
- C:\Windows\System\lgKFXJq.exe
  C:\Windows\System\lgKFXJq.exe
  2⤵
  PID:11200
- C:\Windows\System\LbNzUvY.exe
  C:\Windows\System\LbNzUvY.exe
  2⤵
  PID:10340
- C:\Windows\System\UVQJbCF.exe
  C:\Windows\System\UVQJbCF.exe
  2⤵
  PID:10500
- C:\Windows\System\rlGdJPO.exe
  C:\Windows\System\rlGdJPO.exe
  2⤵
  PID:10648
- C:\Windows\System\gObVWJz.exe
  C:\Windows\System\gObVWJz.exe
  2⤵
  PID:10724
- C:\Windows\System\PUCNXSb.exe
  C:\Windows\System\PUCNXSb.exe
  2⤵
  PID:10280
- C:\Windows\System\rxWYJzY.exe
  C:\Windows\System\rxWYJzY.exe
  2⤵
  PID:11120
- C:\Windows\System\mopedRt.exe
  C:\Windows\System\mopedRt.exe
  2⤵
  PID:10284
- C:\Windows\System\NlLpfNg.exe
  C:\Windows\System\NlLpfNg.exe
  2⤵
  PID:10276
- C:\Windows\System\pQjrhHG.exe
  C:\Windows\System\pQjrhHG.exe
  2⤵
  PID:10764
- C:\Windows\System\MltDsTp.exe
  C:\Windows\System\MltDsTp.exe
  2⤵
  PID:3492
- C:\Windows\System\kPtIhbn.exe
  C:\Windows\System\kPtIhbn.exe
  2⤵
  PID:11100
- C:\Windows\System\PBWuzKS.exe
  C:\Windows\System\PBWuzKS.exe
  2⤵
  PID:10608
- C:\Windows\System\KvmZOKa.exe
  C:\Windows\System\KvmZOKa.exe
  2⤵
  PID:2276
- C:\Windows\System\iGZcNLX.exe
  C:\Windows\System\iGZcNLX.exe
  2⤵
  PID:11268
- C:\Windows\System\XqKOLYI.exe
  C:\Windows\System\XqKOLYI.exe
  2⤵
  PID:11292
- C:\Windows\System\oBwOwTd.exe
  C:\Windows\System\oBwOwTd.exe
  2⤵
  PID:11320
- C:\Windows\System\PelJlwj.exe
  C:\Windows\System\PelJlwj.exe
  2⤵
  PID:11344
- C:\Windows\System\oqbfrCO.exe
  C:\Windows\System\oqbfrCO.exe
  2⤵
  PID:11360
- C:\Windows\System\pstFphh.exe
  C:\Windows\System\pstFphh.exe
  2⤵
  PID:11392
- C:\Windows\System\FttQvrm.exe
  C:\Windows\System\FttQvrm.exe
  2⤵
  PID:11432
- C:\Windows\System\hxBvKPn.exe
  C:\Windows\System\hxBvKPn.exe
  2⤵
  PID:11480
- C:\Windows\System\zDYxkyY.exe
  C:\Windows\System\zDYxkyY.exe
  2⤵
  PID:11496
- C:\Windows\System\JTWNSfJ.exe
  C:\Windows\System\JTWNSfJ.exe
  2⤵
  PID:11512
- C:\Windows\System\LrRBujT.exe
  C:\Windows\System\LrRBujT.exe
  2⤵
  PID:11528
- C:\Windows\System\slCBDQH.exe
  C:\Windows\System\slCBDQH.exe
  2⤵
  PID:11572
- C:\Windows\System\amusaiD.exe
  C:\Windows\System\amusaiD.exe
  2⤵
  PID:11596
- C:\Windows\System\wkzohNg.exe
  C:\Windows\System\wkzohNg.exe
  2⤵
  PID:11636
- C:\Windows\System\LrgruTt.exe
  C:\Windows\System\LrgruTt.exe
  2⤵
  PID:11668
- C:\Windows\System\glKYjPQ.exe
  C:\Windows\System\glKYjPQ.exe
  2⤵
  PID:11712
- C:\Windows\System\jKkDfaP.exe
  C:\Windows\System\jKkDfaP.exe
  2⤵
  PID:11764
- C:\Windows\System\cYXhkcG.exe
  C:\Windows\System\cYXhkcG.exe
  2⤵
  PID:11780
- C:\Windows\System\cAlpCSF.exe
  C:\Windows\System\cAlpCSF.exe
  2⤵
  PID:11796
- C:\Windows\System\DjiiUmG.exe
  C:\Windows\System\DjiiUmG.exe
  2⤵
  PID:11816
- C:\Windows\System\PzWirnj.exe
  C:\Windows\System\PzWirnj.exe
  2⤵
  PID:11852
- C:\Windows\System\hrzCTHB.exe
  C:\Windows\System\hrzCTHB.exe
  2⤵
  PID:11884
- C:\Windows\System\PuXiqhY.exe
  C:\Windows\System\PuXiqhY.exe
  2⤵
  PID:11908
- C:\Windows\System\MuaIKWC.exe
  C:\Windows\System\MuaIKWC.exe
  2⤵
  PID:11936
- C:\Windows\System\pAHqzTE.exe
  C:\Windows\System\pAHqzTE.exe
  2⤵
  PID:11960
- C:\Windows\System\dzjYGhP.exe
  C:\Windows\System\dzjYGhP.exe
  2⤵
  PID:11988
- C:\Windows\System\aZxgWwl.exe
  C:\Windows\System\aZxgWwl.exe
  2⤵
  PID:12016
- C:\Windows\System\wjcOolB.exe
  C:\Windows\System\wjcOolB.exe
  2⤵
  PID:12036
- C:\Windows\System\iZNgONj.exe
  C:\Windows\System\iZNgONj.exe
  2⤵
  PID:12060
- C:\Windows\System\BVxfpAl.exe
  C:\Windows\System\BVxfpAl.exe
  2⤵
  PID:12080
- C:\Windows\System\ZSdDfmI.exe
  C:\Windows\System\ZSdDfmI.exe
  2⤵
  PID:12124
- C:\Windows\System\sFvnFzJ.exe
  C:\Windows\System\sFvnFzJ.exe
  2⤵
  PID:12156
- C:\Windows\System\LmhoRvL.exe
  C:\Windows\System\LmhoRvL.exe
  2⤵
  PID:12180
- C:\Windows\System\SsJWMXQ.exe
  C:\Windows\System\SsJWMXQ.exe
  2⤵
  PID:12196
- C:\Windows\System\IoxwwCQ.exe
  C:\Windows\System\IoxwwCQ.exe
  2⤵
  PID:12220
- C:\Windows\System\ikdLJVT.exe
  C:\Windows\System\ikdLJVT.exe
  2⤵
  PID:12252
- C:\Windows\System\fALzTMY.exe
  C:\Windows\System\fALzTMY.exe
  2⤵
  PID:10732
- C:\Windows\System\JNyFmkD.exe
  C:\Windows\System\JNyFmkD.exe
  2⤵
  PID:11336
- C:\Windows\System\iqnmaaQ.exe
  C:\Windows\System\iqnmaaQ.exe
  2⤵
  PID:11412
- C:\Windows\System\noDxDvL.exe
  C:\Windows\System\noDxDvL.exe
  2⤵
  PID:11372
- C:\Windows\System\dQPuabB.exe
  C:\Windows\System\dQPuabB.exe
  2⤵
  PID:11556
- C:\Windows\System\fZfcLCF.exe
  C:\Windows\System\fZfcLCF.exe
  2⤵
  PID:11544
- C:\Windows\System\iiLyrLG.exe
  C:\Windows\System\iiLyrLG.exe
  2⤵
  PID:11628
- C:\Windows\System\HsbJTBI.exe
  C:\Windows\System\HsbJTBI.exe
  2⤵
  PID:11684
- C:\Windows\System\QJIwTGt.exe
  C:\Windows\System\QJIwTGt.exe
  2⤵
  PID:11864
- C:\Windows\System\MfcDcKM.exe
  C:\Windows\System\MfcDcKM.exe
  2⤵
  PID:11824
- C:\Windows\System\TlQvBsv.exe
  C:\Windows\System\TlQvBsv.exe
  2⤵
  PID:11932
- C:\Windows\System\GIMedEO.exe
  C:\Windows\System\GIMedEO.exe
  2⤵
  PID:11948
- C:\Windows\System\SsCuyPj.exe
  C:\Windows\System\SsCuyPj.exe
  2⤵
  PID:12008
- C:\Windows\System\cufxzOF.exe
  C:\Windows\System\cufxzOF.exe
  2⤵
  PID:12088
- C:\Windows\System\oXnYCbv.exe
  C:\Windows\System\oXnYCbv.exe
  2⤵
  PID:12152
- C:\Windows\System\DQmclkX.exe
  C:\Windows\System\DQmclkX.exe
  2⤵
  PID:12212
- C:\Windows\System\SvoPYuK.exe
  C:\Windows\System\SvoPYuK.exe
  2⤵
  PID:11288
- C:\Windows\System\XrflHDU.exe
  C:\Windows\System\XrflHDU.exe
  2⤵
  PID:11384
- C:\Windows\System\hPHNznK.exe
  C:\Windows\System\hPHNznK.exe
  2⤵
  PID:11504
- C:\Windows\System\cKNCZLM.exe
  C:\Windows\System\cKNCZLM.exe
  2⤵
  PID:11592
- C:\Windows\System\jMajVFj.exe
  C:\Windows\System\jMajVFj.exe
  2⤵
  PID:11724
- C:\Windows\System\WALjKqQ.exe
  C:\Windows\System\WALjKqQ.exe
  2⤵
  PID:11952
- C:\Windows\System\yvJJoyE.exe
  C:\Windows\System\yvJJoyE.exe
  2⤵
  PID:12044
- C:\Windows\System\sUlFFmF.exe
  C:\Windows\System\sUlFFmF.exe
  2⤵
  PID:2000
- C:\Windows\System\GRdkBQT.exe
  C:\Windows\System\GRdkBQT.exe
  2⤵
  PID:11380
- C:\Windows\System\GUMRqeS.exe
  C:\Windows\System\GUMRqeS.exe
  2⤵
  PID:11868
- C:\Windows\System\ztSqKQI.exe
  C:\Windows\System\ztSqKQI.exe
  2⤵
  PID:11012
- C:\Windows\System\CeUDAZs.exe
  C:\Windows\System\CeUDAZs.exe
  2⤵
  PID:10332
- C:\Windows\System\tHNIcyD.exe
  C:\Windows\System\tHNIcyD.exe
  2⤵
  PID:12296
- C:\Windows\System\GgVpEeu.exe
  C:\Windows\System\GgVpEeu.exe
  2⤵
  PID:12324
- C:\Windows\System\CwrIGAs.exe
  C:\Windows\System\CwrIGAs.exe
  2⤵
  PID:12352
- C:\Windows\System\wRbJDdH.exe
  C:\Windows\System\wRbJDdH.exe
  2⤵
  PID:12380
- C:\Windows\System\cfkOKFg.exe
  C:\Windows\System\cfkOKFg.exe
  2⤵
  PID:12408
- C:\Windows\System\ATBdKVy.exe
  C:\Windows\System\ATBdKVy.exe
  2⤵
  PID:12440
- C:\Windows\System\VFPtLvX.exe
  C:\Windows\System\VFPtLvX.exe
  2⤵
  PID:12460
- C:\Windows\System\eXnZVVM.exe
  C:\Windows\System\eXnZVVM.exe
  2⤵
  PID:12488
- C:\Windows\System\gHQTGRL.exe
  C:\Windows\System\gHQTGRL.exe
  2⤵
  PID:12508
- C:\Windows\System\vpRPhlF.exe
  C:\Windows\System\vpRPhlF.exe
  2⤵
  PID:12528
- C:\Windows\System\hJwHdKA.exe
  C:\Windows\System\hJwHdKA.exe
  2⤵
  PID:12560
- C:\Windows\System\djijqMz.exe
  C:\Windows\System\djijqMz.exe
  2⤵
  PID:12588
- C:\Windows\System\WCooBvn.exe
  C:\Windows\System\WCooBvn.exe
  2⤵
  PID:12608
- C:\Windows\System\hSNscix.exe
  C:\Windows\System\hSNscix.exe
  2⤵
  PID:12640
- C:\Windows\System\RRRrkhI.exe
  C:\Windows\System\RRRrkhI.exe
  2⤵
  PID:12668
- C:\Windows\System\ertTmFv.exe
  C:\Windows\System\ertTmFv.exe
  2⤵
  PID:12696
- C:\Windows\System\kJizUaB.exe
  C:\Windows\System\kJizUaB.exe
  2⤵
  PID:12724
- C:\Windows\System\IgScGWw.exe
  C:\Windows\System\IgScGWw.exe
  2⤵
  PID:12748
- C:\Windows\System\eLkEZoE.exe
  C:\Windows\System\eLkEZoE.exe
  2⤵
  PID:12764
- C:\Windows\System\nySIaBR.exe
  C:\Windows\System\nySIaBR.exe
  2⤵
  PID:12788
- C:\Windows\System\ayqhauh.exe
  C:\Windows\System\ayqhauh.exe
  2⤵
  PID:12816
- C:\Windows\System\dmkVbVL.exe
  C:\Windows\System\dmkVbVL.exe
  2⤵
  PID:12848
- C:\Windows\System\nHRfTEr.exe
  C:\Windows\System\nHRfTEr.exe
  2⤵
  PID:12880
- C:\Windows\System\LcigTcZ.exe
  C:\Windows\System\LcigTcZ.exe
  2⤵
  PID:12908
- C:\Windows\System\JoFesbG.exe
  C:\Windows\System\JoFesbG.exe
  2⤵
  PID:12928
- C:\Windows\System\rxFxatQ.exe
  C:\Windows\System\rxFxatQ.exe
  2⤵
  PID:12964
- C:\Windows\System\cBXeprF.exe
  C:\Windows\System\cBXeprF.exe
  2⤵
  PID:13000
- C:\Windows\System\tSjzYfh.exe
  C:\Windows\System\tSjzYfh.exe
  2⤵
  PID:13020
- C:\Windows\System\qkqdyqo.exe
  C:\Windows\System\qkqdyqo.exe
  2⤵
  PID:13052
- C:\Windows\System\LdSHOUK.exe
  C:\Windows\System\LdSHOUK.exe
  2⤵
  PID:13084
- C:\Windows\System\jtNKBnC.exe
  C:\Windows\System\jtNKBnC.exe
  2⤵
  PID:13112
- C:\Windows\System\BiFPMNw.exe
  C:\Windows\System\BiFPMNw.exe
  2⤵
  PID:13140
- C:\Windows\System\vBpPrlp.exe
  C:\Windows\System\vBpPrlp.exe
  2⤵
  PID:13168
- C:\Windows\System\lfOiGnp.exe
  C:\Windows\System\lfOiGnp.exe
  2⤵
  PID:13192
- C:\Windows\System\JrGeGTB.exe
  C:\Windows\System\JrGeGTB.exe
  2⤵
  PID:13212
- C:\Windows\System\bQZcMHG.exe
  C:\Windows\System\bQZcMHG.exe
  2⤵
  PID:13244
- C:\Windows\System\PTIQgRy.exe
  C:\Windows\System\PTIQgRy.exe
  2⤵
  PID:13276
- C:\Windows\System\duJktbM.exe
  C:\Windows\System\duJktbM.exe
  2⤵
  PID:13304
- C:\Windows\System\SinJecl.exe
  C:\Windows\System\SinJecl.exe
  2⤵
  PID:12312
- C:\Windows\System\nhzWlFW.exe
  C:\Windows\System\nhzWlFW.exe
  2⤵
  PID:12376
- C:\Windows\System\BNmmcbn.exe
  C:\Windows\System\BNmmcbn.exe
  2⤵
  PID:12400
- C:\Windows\System\PmrFpof.exe
  C:\Windows\System\PmrFpof.exe
  2⤵
  PID:12456
- C:\Windows\System\VOlmUFv.exe
  C:\Windows\System\VOlmUFv.exe
  2⤵
  PID:12500
- C:\Windows\System\yVnrNQB.exe
  C:\Windows\System\yVnrNQB.exe
  2⤵
  PID:12576
- C:\Windows\System\LAOrHvM.exe
  C:\Windows\System\LAOrHvM.exe
  2⤵
  PID:12660
- C:\Windows\System\AsnfXtD.exe
  C:\Windows\System\AsnfXtD.exe
  2⤵
  PID:12732
- C:\Windows\System\LzyaxJv.exe
  C:\Windows\System\LzyaxJv.exe
  2⤵
  PID:12760
- C:\Windows\System\QYjwOJC.exe
  C:\Windows\System\QYjwOJC.exe
  2⤵
  PID:12840
- C:\Windows\System\wdzxiCy.exe
  C:\Windows\System\wdzxiCy.exe
  2⤵
  PID:12896
- C:\Windows\System\wmwhmSz.exe
  C:\Windows\System\wmwhmSz.exe
  2⤵
  PID:12960
- C:\Windows\System\AofcVCM.exe
  C:\Windows\System\AofcVCM.exe
  2⤵
  PID:13044
- C:\Windows\System\iLsyIoZ.exe
  C:\Windows\System\iLsyIoZ.exe
  2⤵
  PID:13068
- C:\Windows\System\OscxxfY.exe
  C:\Windows\System\OscxxfY.exe
  2⤵
  PID:13156
- C:\Windows\System\wQHtIpv.exe
  C:\Windows\System\wQHtIpv.exe
  2⤵
  PID:13240
- C:\Windows\System\OIXrpcL.exe
  C:\Windows\System\OIXrpcL.exe
  2⤵
  PID:12348
- C:\Windows\System\uMemSxx.exe
  C:\Windows\System\uMemSxx.exe
  2⤵
  PID:12544
- C:\Windows\System\LAHoXDo.exe
  C:\Windows\System\LAHoXDo.exe
  2⤵
  PID:12708
- C:\Windows\System\OmKLtay.exe
  C:\Windows\System\OmKLtay.exe
  2⤵
  PID:12604
- C:\Windows\System\MYOaJsl.exe
  C:\Windows\System\MYOaJsl.exe
  2⤵
  PID:12828
- C:\Windows\System\OJEFPcK.exe
  C:\Windows\System\OJEFPcK.exe
  2⤵
  PID:12956
- C:\Windows\System\dzrMeOK.exe
  C:\Windows\System\dzrMeOK.exe
  2⤵
  PID:2604
- C:\Windows\System\SAvSyiB.exe
  C:\Windows\System\SAvSyiB.exe
  2⤵
  PID:13264
- C:\Windows\System\qLzjjgw.exe
  C:\Windows\System\qLzjjgw.exe
  2⤵
  PID:12780
- C:\Windows\System\AsNgFLH.exe
  C:\Windows\System\AsNgFLH.exe
  2⤵
  PID:13012
- C:\Windows\System\zkhtcYf.exe
  C:\Windows\System\zkhtcYf.exe
  2⤵
  PID:13324
- C:\Windows\System\lcsjSUq.exe
  C:\Windows\System\lcsjSUq.exe
  2⤵
  PID:13360
- C:\Windows\System\VvBngaz.exe
  C:\Windows\System\VvBngaz.exe
  2⤵
  PID:13388
- C:\Windows\System\UJZzfJi.exe
  C:\Windows\System\UJZzfJi.exe
  2⤵
  PID:13408
- C:\Windows\System\BMcKdkX.exe
  C:\Windows\System\BMcKdkX.exe
  2⤵
  PID:13432
- C:\Windows\System\hivdLnw.exe
  C:\Windows\System\hivdLnw.exe
  2⤵
  PID:13468
- C:\Windows\System\QOtpUuY.exe
  C:\Windows\System\QOtpUuY.exe
  2⤵
  PID:13500
- C:\Windows\System\FPsqOgd.exe
  C:\Windows\System\FPsqOgd.exe
  2⤵
  PID:13544
- C:\Windows\System\ZhhgZmR.exe
  C:\Windows\System\ZhhgZmR.exe
  2⤵
  PID:13596
- C:\Windows\System\MFNzWqV.exe
  C:\Windows\System\MFNzWqV.exe
  2⤵
  PID:13612
- C:\Windows\System\JOGGcKC.exe
  C:\Windows\System\JOGGcKC.exe
  2⤵
  PID:13628
- C:\Windows\System\VmOcnuS.exe
  C:\Windows\System\VmOcnuS.exe
  2⤵
  PID:13644
- C:\Windows\System\nVAbNgc.exe
  C:\Windows\System\nVAbNgc.exe
  2⤵
  PID:13676
- C:\Windows\System\UXpgMlG.exe
  C:\Windows\System\UXpgMlG.exe
  2⤵
  PID:13700
- C:\Windows\System\CJzdcSO.exe
  C:\Windows\System\CJzdcSO.exe
  2⤵
  PID:13740
- C:\Windows\System\BVCfJgY.exe
  C:\Windows\System\BVCfJgY.exe
  2⤵
  PID:13764
- C:\Windows\System\wVjlTVe.exe
  C:\Windows\System\wVjlTVe.exe
  2⤵
  PID:13792
- C:\Windows\System\wtyRusm.exe
  C:\Windows\System\wtyRusm.exe
  2⤵
  PID:13816
- C:\Windows\System\CMxYIoH.exe
  C:\Windows\System\CMxYIoH.exe
  2⤵
  PID:13840
- C:\Windows\System\aBivqbC.exe
  C:\Windows\System\aBivqbC.exe
  2⤵
  PID:13872
- C:\Windows\System\qQNFkKn.exe
  C:\Windows\System\qQNFkKn.exe
  2⤵
  PID:13900
- C:\Windows\System\DMzjeZa.exe
  C:\Windows\System\DMzjeZa.exe
  2⤵
  PID:13944
- C:\Windows\System\cWwDajj.exe
  C:\Windows\System\cWwDajj.exe
  2⤵
  PID:13964
- C:\Windows\System\oOFhwyF.exe
  C:\Windows\System\oOFhwyF.exe
  2⤵
  PID:13996
- C:\Windows\System\IhAYvWi.exe
  C:\Windows\System\IhAYvWi.exe
  2⤵
  PID:14032
- C:\Windows\System\oRUsItj.exe
  C:\Windows\System\oRUsItj.exe
  2⤵
  PID:14056
- C:\Windows\System\KgvMYMi.exe
  C:\Windows\System\KgvMYMi.exe
  2⤵
  PID:14076
- C:\Windows\System\diSHBsb.exe
  C:\Windows\System\diSHBsb.exe
  2⤵
  PID:14104
- C:\Windows\System\EmGhHtp.exe
  C:\Windows\System\EmGhHtp.exe
  2⤵
  PID:14120
- C:\Windows\System\CZacqAA.exe
  C:\Windows\System\CZacqAA.exe
  2⤵
  PID:14156
- C:\Windows\System\opyGlzA.exe
  C:\Windows\System\opyGlzA.exe
  2⤵
  PID:14180
- C:\Windows\System\YBtnPJr.exe
  C:\Windows\System\YBtnPJr.exe
  2⤵
  PID:14204
- C:\Windows\System\LpanOHV.exe
  C:\Windows\System\LpanOHV.exe
  2⤵
  PID:14220
- C:\Windows\System\QzgQtGd.exe
  C:\Windows\System\QzgQtGd.exe
  2⤵
  PID:14248
- C:\Windows\System\ueFlISy.exe
  C:\Windows\System\ueFlISy.exe
  2⤵
  PID:14280
- C:\Windows\System\bsivdlH.exe
  C:\Windows\System\bsivdlH.exe
  2⤵
  PID:14320
- C:\Windows\System\NdrOZLh.exe
  C:\Windows\System\NdrOZLh.exe
  2⤵
  PID:13148
- C:\Windows\System\WWTCIDa.exe
  C:\Windows\System\WWTCIDa.exe
  2⤵
  PID:13316
- C:\Windows\System\hkEKYMg.exe
  C:\Windows\System\hkEKYMg.exe
  2⤵
  PID:3880
- C:\Windows\System\kFhgCRd.exe
  C:\Windows\System\kFhgCRd.exe
  2⤵
  PID:13380
- C:\Windows\System\arVzdpx.exe
  C:\Windows\System\arVzdpx.exe
  2⤵
  PID:13456
- C:\Windows\System\uAHlFFP.exe
  C:\Windows\System\uAHlFFP.exe
  2⤵
  PID:13424
- C:\Windows\System\JliHMDp.exe
  C:\Windows\System\JliHMDp.exe
  2⤵
  PID:13492
- C:\Windows\System\AnPqASZ.exe
  C:\Windows\System\AnPqASZ.exe
  2⤵
  PID:13624
- C:\Windows\System\nfkbGpM.exe
  C:\Windows\System\nfkbGpM.exe
  2⤵
  PID:13724
- C:\Windows\System\VBcfuQf.exe
  C:\Windows\System\VBcfuQf.exe
  2⤵
  PID:13752
- C:\Windows\System\uZIjouS.exe
  C:\Windows\System\uZIjouS.exe
  2⤵
  PID:13832
- C:\Windows\System\ZfvCjXP.exe
  C:\Windows\System\ZfvCjXP.exe
  2⤵
  PID:13852
- C:\Windows\System\uYpOLdd.exe
  C:\Windows\System\uYpOLdd.exe
  2⤵
  PID:13880
- C:\Windows\System\sMODqtI.exe
  C:\Windows\System\sMODqtI.exe
  2⤵
  PID:13956
- C:\Windows\System\GJOcnyd.exe
  C:\Windows\System\GJOcnyd.exe
  2⤵
  PID:14008
- C:\Windows\System\JffnEcu.exe
  C:\Windows\System\JffnEcu.exe
  2⤵
  PID:14088
- C:\Windows\System\rsRiJFO.exe
  C:\Windows\System\rsRiJFO.exe
  2⤵
  PID:14144
- C:\Windows\System\bMumQXW.exe
  C:\Windows\System\bMumQXW.exe
  2⤵
  PID:14256
- C:\Windows\System\GLgckxr.exe
  C:\Windows\System\GLgckxr.exe
  2⤵
  PID:14328
- C:\Windows\System\ShSneYT.exe
  C:\Windows\System\ShSneYT.exe
  2⤵
  PID:12688
- C:\Windows\System\OZwrfDc.exe
  C:\Windows\System\OZwrfDc.exe
  2⤵
  PID:13464
- C:\Windows\System\mgdhymC.exe
  C:\Windows\System\mgdhymC.exe
  2⤵
  PID:13672
- C:\Windows\System\nJiSBHR.exe
  C:\Windows\System\nJiSBHR.exe
  2⤵
  PID:13728
- C:\Windows\System\oXfPzFp.exe
  C:\Windows\System\oXfPzFp.exe
  2⤵
  PID:13788
- C:\Windows\System\hxkQCyS.exe
  C:\Windows\System\hxkQCyS.exe
  2⤵
  PID:14016
- C:\Windows\System\YXkySKd.exe
  C:\Windows\System\YXkySKd.exe
  2⤵
  PID:14052
- C:\Windows\System\JKkTaky.exe
  C:\Windows\System\JKkTaky.exe
  2⤵
  PID:14132
- C:\Windows\System\sRRSGZf.exe
  C:\Windows\System\sRRSGZf.exe
  2⤵
  PID:13576
- C:\Windows\System\QzjxeVd.exe
  C:\Windows\System\QzjxeVd.exe
  2⤵
  PID:13776
- C:\Windows\System\EARSmFW.exe
  C:\Windows\System\EARSmFW.exe
  2⤵
  PID:13348
- C:\Windows\System\VcZpmRv.exe
  C:\Windows\System\VcZpmRv.exe
  2⤵
  PID:13976
- C:\Windows\System\guIIRVH.exe
  C:\Windows\System\guIIRVH.exe
  2⤵
  PID:14372
- C:\Windows\System\DcjmHdi.exe
  C:\Windows\System\DcjmHdi.exe
  2⤵
  PID:14396
- C:\Windows\System\XUhCEKf.exe
  C:\Windows\System\XUhCEKf.exe
  2⤵
  PID:14436
- C:\Windows\System\sYsYrgi.exe
  C:\Windows\System\sYsYrgi.exe
  2⤵
  PID:14472
- C:\Windows\System\xjIAkcL.exe
  C:\Windows\System\xjIAkcL.exe
  2⤵
  PID:14488
- C:\Windows\System\lLvXyWy.exe
  C:\Windows\System\lLvXyWy.exe
  2⤵
  PID:14516
- C:\Windows\System\WtialrW.exe
  C:\Windows\System\WtialrW.exe
  2⤵
  PID:14552

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AoUtXpO.exe

Filesize
2.2MB

MD5
4970b7856bd0e343070fb532cbe5453a

SHA1
5c0777a32e201d23c5f0220c7ca20cd55a2d5af0

SHA256
ca709bc02351424ac058dedfa9a748411dd035e99a5207ec78d5ac283fca308b

SHA512
238912e7492c314d3e6d5b71ad2819e1866fb02c22291d31b24c93e12dfb231567b37b030b0c56454c712f97fbac00dc48cb022142630d2b981c0e82930f0228

Download Submit
C:\Windows\System\CkIYeOD.exe

Filesize
2.1MB

MD5
44f400bf28fb95dcdf3cd6100e8ae1f8

SHA1
c97d3c86cbd37517f579d81fc887cc83e36af25c

SHA256
1a08e7d92abdbdfc0470953faa894faab1cd83967e0acf3d65cbfc0295445fea

SHA512
d019af71c7dcb1ce23e7cdf902618aa519c4d2d8b500e432283673bb7291d31735435afdd75ac9043fd3467c228d3d84e382fadf6a9851367687f73813c22105

Download Submit
C:\Windows\System\CtLiXRM.exe

Filesize
2.1MB

MD5
2fb77017c5d259fa0175357b0480def3

SHA1
c81f8b00746ee0e482ed5eb3c89ce8f83567591b

SHA256
276bd2fb0a833290cedc180f8e77aeae7c1c7a9e5f9338558be55befaadaea47

SHA512
aeb4d15857a2ca7676d74705b1e728bf8bfbd739d747a1759a2c7144395c30cf50b9c281716f14ad9fd214dd3a7722b104c681a36a5f2b342bb4ee5ca6f5c461

Download Submit
C:\Windows\System\DGejDWb.exe

Filesize
2.1MB

MD5
c4f89cf1afd563386e6e1649b60ab076

SHA1
05d73c0a81b923a82f37b5d508f793daad17d009

SHA256
afda2d2d0e8971e03fde4863c2cc4715ebde251dbbb06e2267e9e43e58c1a12b

SHA512
2f241e9baf985d0de363691442181bebe40ac6b9983967f546d00c20b8d8f5e759fd27e6ea496614ee9361543e3ae20955693f31ddc002167236b724008c3357

Download Submit
C:\Windows\System\EWvoCBx.exe

Filesize
2.1MB

MD5
a1c559565fb0c2e1bb7c2e71ce30a56f

SHA1
4d81857a3ca4676e0fb18cc52cdec432e59ab91e

SHA256
9be4eabf5c44f41475c3d994e33405123c8229807d5b225f97814c3e87956be6

SHA512
a98340fb318c7059bee1df910c51eb6f1132d03a6e8cf5cdffd7bd7fadc364507cf67906ffb963b5736f804df0806fdaa4467d421e021e6da519928a0ac98ac8

Download Submit
C:\Windows\System\ElizImL.exe

Filesize
2.1MB

MD5
6cd9805c9893edce516d41d71bfe0e5c

SHA1
35ed0c6607693844cd3b26c008caedaa3c1f43db

SHA256
44dca683679893b334366ee515de1f05d686a84c9272ebaf559c1e057f79c282

SHA512
1dd8fc9b4ba74429e0087f1beb07ec6b018f47e9ae1556752b3a0b8b544fa78e8009f4b048ff33033b67b6fcba8b84bf51cd0e951e19af12cd7937b49aabf633

Download Submit
C:\Windows\System\GrAHHXq.exe

Filesize
2.2MB

MD5
4485f337d832374c7cf32de699c96f23

SHA1
c8fbe243f154580dcb15510d042ed93df1e63cb1

SHA256
67fe301d87d7c7dec82e00f3a7db5ad712b2ac45ad9c159afb7da243e582f0a9

SHA512
ccdb80b870af16c571d0a151b375c1590a9332ba7869b0b658c0415b625fb2fa73fcf185878e9853e01ff7c1c26506798946adbaffbbbee8aa2887501a5f3b91

Download Submit
C:\Windows\System\MpkohKx.exe

Filesize
2.2MB

MD5
10e423a96f338c6029d34b759f096a94

SHA1
91b8b857a2b7a6b63b56b5936c1b098203603bd6

SHA256
a4ba339221622945e6ab32810e1c59fedb48b178e5fd9ff1c4936574e53569a2

SHA512
384fc7ad49240dbbf3390a4ac33ea6cf573cb75f7add35c0535aa1d9a4c872d4e8e87377f05c024e8b68302988d9dc7b8d18929fb23f776cfce23d1b09722f0f

Download Submit
C:\Windows\System\NwojiIW.exe

Filesize
2.1MB

MD5
29335191d1672e710e1558f3262f90f2

SHA1
8599bf40917cfe3de5b76ba2a4315a8a10d1ef7e

SHA256
db2550a8489211804fd5098b21ac9f4aa065ad89f95f38046f7ef232641ee714

SHA512
95012ad6097961e6a802b2574dc5ca6e8d792dc4eee4289e2b68931bf36a48d06313b4ce0e67117de74257439e0c9899831cc1f499b6d33104b421c1a866886c

Download Submit
C:\Windows\System\PzCRrwn.exe

Filesize
2.2MB

MD5
7007b14f9f37bac4d9970c2c8fc969c3

SHA1
62f1385b4ab34deb47f60f909efa6c4341005321

SHA256
cd5bdcf76598d4d3e72b35654c5a901a9637cb10a90113fbad3d2b9605e7e14b

SHA512
018e29307adba81a4c1dad35abd077e72a7cbc4c68bb5f86d76233cb188a7bf896ad20dd7d857e1674a3a0fbc46a575aa8bf94babe50f400bff4cb04a1b52ea9

Download Submit
C:\Windows\System\QLolSvi.exe

Filesize
2.1MB

MD5
4ebfab44c7bc7e1f5b357996007dabf6

SHA1
59ebaea5ce4a076c599579159d5a59b08873b51d

SHA256
66c8779866c73ed24abf91c1ec567ba524ac7c9163cbdbd845e48cd1570a68ba

SHA512
ed7ada38cefae84b8c57ad8b5c3d854c643adebca8422e94edd0e3ffac1d0f6fefe87b227e9f61ab9242fb790d87864994762f2ddd282bd3d78d5f6e1891fdd6

Download Submit
C:\Windows\System\RjMOEzk.exe

Filesize
2.2MB

MD5
fe2944b00393047e2c4d0923e93019b8

SHA1
9e4bb5ae04d35e7b37f5f0ce994977ff882ade5d

SHA256
4a3b7f97ec9eadf36dfbcaa50a5983e685aad955b7af278eef21641af2721f5a

SHA512
f0ea65e182442cdbda711e7c91e31073ea728c8e6e7deef07cbc8c440a93a28e9bc2e439e126a7e5dc605721f5f297698860b3e544e1780ee129f7386fd3648e

Download Submit
C:\Windows\System\VLSHcLu.exe

Filesize
2.1MB

MD5
6d2a0880158a42c9107b19112fd97cce

SHA1
7cabe725243f18c7277c3dc437540f811aa21a6e

SHA256
2344d6c9f02c7727aa3382f2176743bbf02ee959ca9c70b8a80c5f56e30917cc

SHA512
937511ee4baa75f7ad7ed4fce7db36c2f31165122bd8f707250408526ca1351b46052ae06e908eb1a58ed1fa3372e69d0a4be423e6586dfd5a5bdcacbc7fd1a3

Download Submit
C:\Windows\System\VPupxWO.exe

Filesize
2.1MB

MD5
597cd57d1f49c092235c4bb3d3c65f9a

SHA1
df75f68621fed9887b5435feafeafdf9d76ec02e

SHA256
b1b6060e7c65c14a12976c367ed6109e971c5e9709b425a7310d142ad87a0b34

SHA512
7f7531a057194f65fcf84609f8dbba74b078695550a79b4ba03e7c4b6005f5133c114ef2900cbf6fed3160108ed466512a1b4d1fe949e1a1c1a9bbbbc0bc621a

Download Submit
C:\Windows\System\WYfmwdg.exe

Filesize
2.1MB

MD5
f66366c62d55825ca104cc18df721d2f

SHA1
fcc36b57a60a030c11156dc27962ed5ec5c0de16

SHA256
d46a7fcdc88c81f34b46e6a4208c50675519c3e485a7bbec0525ccaa871368e0

SHA512
942e49b5acbde8298665dcfada8cd1d0ef0d91cbca5e84eecb8ce20abeac76e3e591f1680ff8e5e42c31cfbecfa8a4cc6d09065d91a29b667453412a7ffd3af7

Download Submit
C:\Windows\System\Xmjtkiv.exe

Filesize
2.1MB

MD5
ee836ba075e44eee58b73df91378e3ff

SHA1
3f77d8bc2cbfc9f1f60347ef883a185637d3fec0

SHA256
10ff35d0fb3a738bb3e272d5fa395c34187f872e8615c2475051ac60d19f02ab

SHA512
c06befefee41bb059eb8b225b9bd30a8df59c4c2880bf3dda2dc5cf43cef6837be1478409f89318d4c094b3264119aee85308901ba08d7c079795bece0da0a87

Download Submit
C:\Windows\System\YdKBkJI.exe

Filesize
2.1MB

MD5
7edbeecae9c833a026dd58f36942da79

SHA1
aad9b78608aedb8e2e88ac4739db0d1750d211db

SHA256
13f476db1f9fa86ab87c192ad423ec62abb443764db289dc3130a9f551900f1e

SHA512
33d312b5fb27d22f8282907195833b3f0cc2b4f35347f58e5a38d15a06a00ba4ae89d4d61812655d9912ba5d63866743c9de2461bafebc8db876024224d1d19c

Download Submit
C:\Windows\System\bOXlUnw.exe

Filesize
2.1MB

MD5
162188a3d4d242b3774eb3221a0009af

SHA1
c6d44db1bc0d5dfb3b2110187bc72d3a08d7cc69

SHA256
fc5234e6b95b21662fcc127dfacc9d8b61e589fc3e70f12031d58f564a1b2313

SHA512
35b7a95a015f29c00e7e3beebad632dfea0ac4b8fa011b596809f1fefb44b7c9ebdb10e7d890dcd0012a4132c084bffc43f2fe4bd21cb09dc8edc27dc6b17426

Download Submit
C:\Windows\System\biKCTMU.exe

Filesize
2.1MB

MD5
12a562c2096aa85a4c3394831880b93f

SHA1
4a00c666945e577182e03b40e8042aeae062d833

SHA256
ebca3b6509fd45e0266a0679cb83c6db68a7f37961cb072f53c7d564e4392e29

SHA512
287239957c77352eeadf92107386085a3374a803638e4ac34a60871a3558d1a0977b01a5c258be9caa0759465accfa4b1d4a898e578519aaa42387862c7ea84d

Download Submit
C:\Windows\System\dpyhsmi.exe

Filesize
2.1MB

MD5
4ef3531d94a9f4fb340b03bfe95083d9

SHA1
7894609ea5f1d0772ce17fb91a44302c7ade8a94

SHA256
c99c24392a6991d752597a3ea5004a1068d1daeeb7840a13a5353a369ebbeed6

SHA512
fb51706637f76ba11ce75ea066f0a29923629c91299c0538b6db768aa07b218d62fff887cd1bd809049065026da13bb61437898c8d913d500094e84bf937131a

Download Submit
C:\Windows\System\fJtSdiN.exe

Filesize
2.1MB

MD5
4ee67164a16db330dcc0d074e7d453d8

SHA1
10fbb55b6943cd93cbdfb1ee37f9e2f178174ee3

SHA256
cf413448b5e760506b2674ed21eb599cd7d4ea87415b81ec368c9bf786702f09

SHA512
e575abd1aa1bbf997b3e93aa7a5f16d7d94735c1fa560cabcdca7e7a5d9ca3c08e3c8fb082f9f9d129df6e5f22529224fbe3b261f566e1cf90f77cb7f6bef98b

Download Submit
C:\Windows\System\fzwYHYs.exe

Filesize
2.2MB

MD5
4c29e6db0bd411a76496cba77ad2e25d

SHA1
5c1cdbb30552d44c943e64c592e5f5a4abda3509

SHA256
429a8919bcae02ce2848e446656fb750c54fd2de76d47e965ddd9ac9d4115aa1

SHA512
0043f42166b259ad65efd43b76ebc4e4e82ffe6b343d1af756d45c2919f809e5ace20cc742cfc913dadb579c8a34498249245da8e380645b5c85f29e09018725

Download Submit
C:\Windows\System\hAOpgnC.exe

Filesize
2.1MB

MD5
af916e4e7d9c46e0fac680e80dca8f2c

SHA1
492645a3a7752fbf053f8f0750bf0ddcb0dc86e4

SHA256
68048994c5a9e8a6e4a9e1ca64fc3bdb79804304e55927647c70ddd594ac1114

SHA512
e5c275cb8b537c1b6b1aeb62970a2739835dd8c593d13d28d120e6cb60d0655e815fad1042730a3d47bf2a3a8bc5eaf651eed4b0c900624414c94c51b32c41b7

Download Submit
C:\Windows\System\hToHQbB.exe

Filesize
2.1MB

MD5
cc292959823ef6929b3eb03ba63293c2

SHA1
cbdbca685703b2cdaf8c49744576102fcea86753

SHA256
28a01767bdde0676f7504545c1d883b5468fc9c1b1d09a4080be4fa4428de80f

SHA512
7c7e818c861fe8dbd6dba2fb26040d8c00fd223030cf372d359611cc15a171b1fcd826122795bf96f75d060328a082fb9f2d013bd3b3de8f24d1abb5a796a47d

Download Submit
C:\Windows\System\haEQkaT.exe

Filesize
2.1MB

MD5
c663b0fdac9feac61614e59cc3b903e9

SHA1
e71c283f4701a99432133561884362ef026e1efc

SHA256
f2bfba0ee7cb4a1040a1ab5d1cb50b684b209ca6c3b359943eefc19832b72a71

SHA512
8d4e00cc94bacb86e5fad843ec136939de3050bd4d4064ebfd8a1371e440ed0e2a425415fe6c7f8b0663bd9ba5240e4f89bc146f4fa8cf662317c471f4f23d2a

Download Submit
C:\Windows\System\jgFelDG.exe

Filesize
2.1MB

MD5
ce73c4565f7f9ca19779d6db425d0b5d

SHA1
bff95a86d862b87e70e8386056cc2f45c5542182

SHA256
0478837ccc79057882162625dcf4983caa29f7d0d8ed7e9c7177d5c5749940bd

SHA512
03c372e6d24698c98060023be2796c1c700616723add3e13c8624ecd038afe45d21db3ec6bbf95d0b328d42a658fcdac57bff5a3090f7403d5689946d60d2c32

Download Submit
C:\Windows\System\lYEaFHi.exe

Filesize
2.1MB

MD5
cfcf83fd2564bdda6aad948fb28913ad

SHA1
df09cf062804e479b4bbbefbd3c40464a6d1cddc

SHA256
cdfae9d758e7331dc95d146ff288adc95ebbd425b50d8f4a1dddb16dffa2b73f

SHA512
8c123b4fb144d9ee45962cd45a2c6a06cca6be649896d14fce29d7c382081d4ec187a7e8adcffdaa238688a653b3a128641109042d8a842d820f0fbba10c490e

Download Submit
C:\Windows\System\lrrGFHv.exe

Filesize
2.1MB

MD5
ad41deac32a01721b4959b6f93fba313

SHA1
432eacd207879f0f0d2ac65ca6ced8044e92df87

SHA256
2023934257598dbff12a8c60a74dd0c7ad01327715a755e11dd4913ebb23cb5a

SHA512
bd0e814dc6bd62610295037f93bbc60ad619fd373314d37d029dbdaea1f49e542ec31a61d5c46e19b5d4c9fbda5830ae4e4ac5a3505cf24e46627ef292020efd

Download Submit
C:\Windows\System\nrChENm.exe

Filesize
2.1MB

MD5
80ef20cf8737421c7d4ed0a0920d9640

SHA1
62c1f0119d3d127cfbac37863a0dced6060037b5

SHA256
8d7e5206a0a73316996459f46972cc3dc15b561183cb6303bd5bfe72a820739e

SHA512
f4fa817978e7734d6509683bf795bfeda5bdffc6c5e5459005cdeb25d3605664a8dc157dea57a67b1af2e7a6501720b058b30d31f17b22dbd4f0256e7da8d138

Download Submit
C:\Windows\System\tQwxcSq.exe

Filesize
2.1MB

MD5
dad7d90db0628a63096aed8e8caa7f1e

SHA1
a9e4d54fc8d5a2aa022b300c586f5b49b28cb044

SHA256
cc9c0aa626b46d970c9d29b387c4220de72c45d8484198ff7c21ba09960f8fa1

SHA512
66d3d9af258a596d19c1a569a25766aa8fa23ce5d92ee276ae0d67c1ba1b97d65a3d752b6ddc5d5ee8df5eb2b0ee9d1002810e82e1283612d5de0504842f87cf

Download Submit
C:\Windows\System\urpDfrV.exe

Filesize
2.1MB

MD5
65fd059802420b97f3890e7dd03a03ca

SHA1
579c4f73c6cfd14d80f7f2b8d6f5a21399e11409

SHA256
63793de04305496821491b1e4827aff1e20a1f0d08b8074ea4b2555ca4a8af26

SHA512
e08c321a1d09d8c91e6f0db2450f1332d12398adeba19fd4fd6bf9b7fa9ed52114a3f194d46f393e539e5cfe8496f5da7c681ecd0ebc2f5dc4abdf88ac118e42

Download Submit
C:\Windows\System\wNuhZsh.exe

Filesize
2.1MB

MD5
697464a8a95760a46376e7dae18092a1

SHA1
f67e21b75b0b1d8b41b159ed034025cf3722fda9

SHA256
d82620d1542d2f708d2716cbcb496329b038599a988c2bca6890c379841d60b1

SHA512
8a62e3978dfc4788464c17c1f3da339c25bf6156b95cac0184cdb1ead245f2ac8ed60484061b0474d2e9670adbaa7cbbb0f56029ed282b79763085ad1ab199bc

Download Submit
C:\Windows\System\wzldsiT.exe

Filesize
2.1MB

MD5
b51d78dc45fe3e8b7c53f28a1f1e572f

SHA1
ec0000281ba37123319e268f54be06bb8cfac5dd

SHA256
ae80ab5ca02c8b89db09b7eac25018b7a1e92926c9657d8cc53c76916d303dc6

SHA512
34c748b4ef59ebf4ef9c0299c0995374f610fdc5ea7a74627889ab454a1f66cc56a1e84dc1b6eeca2ac69b3a52a42f03d27806c030ae1cc996c8f23be0408641

Download Submit
C:\Windows\System\xWsWkEr.exe

Filesize
2.2MB

MD5
a2149e9681d23c43454453ce93c433af

SHA1
fd0b86a877cb5b9779fb37689cd79a58fa245e48

SHA256
6532061a0e3596358389552bd1c6f6f3e77e5d8166ceddb0bd2a0280905fd479

SHA512
74f0b5373dcbe448f9fceb75f42dc43cdb09979dc02a50e126fb6b907adf3b5cbc4a7f3aaa7acf67d257c70f1d51ef7ee89eedabf882fb505f36adeabaaa7cd7

Download Submit
C:\Windows\System\xwMRobE.exe

Filesize
2.1MB

MD5
10bf343a5b53d0e54cd875c660de5f73

SHA1
1888cea1c79b6a7d6475fdb569efb91825c78013

SHA256
54f4d7a0aac0c2d7a318b84c9accc9fbafea5af034d464a6bce06240fd3b78d9

SHA512
4521225d23cae4c571568453b4c5b8b64bbcd3811b712ecd39c1c67458145d1faf37e32696a135e177efb8ba733f531aed0410551525d18bc4e21e0786e59ed8

Download Submit
memory/844-1435-0x00007FF793A10000-0x00007FF793D64000-memory.dmp

Filesize
3.3MB

Download
memory/844-34-0x00007FF793A10000-0x00007FF793D64000-memory.dmp

Filesize
3.3MB

Download
memory/844-2082-0x00007FF793A10000-0x00007FF793D64000-memory.dmp

Filesize
3.3MB

Download
memory/888-136-0x00007FF694C50000-0x00007FF694FA4000-memory.dmp

Filesize
3.3MB

Download
memory/888-2099-0x00007FF694C50000-0x00007FF694FA4000-memory.dmp

Filesize
3.3MB

Download
memory/1068-2098-0x00007FF71EAD0000-0x00007FF71EE24000-memory.dmp

Filesize
3.3MB

Download
memory/1068-143-0x00007FF71EAD0000-0x00007FF71EE24000-memory.dmp

Filesize
3.3MB

Download
memory/1172-2081-0x00007FF6429C0000-0x00007FF642D14000-memory.dmp

Filesize
3.3MB

Download
memory/1172-43-0x00007FF6429C0000-0x00007FF642D14000-memory.dmp

Filesize
3.3MB

Download
memory/1256-221-0x00007FF7A30C0000-0x00007FF7A3414000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2104-0x00007FF7A30C0000-0x00007FF7A3414000-memory.dmp

Filesize
3.3MB

Download
memory/1356-38-0x00007FF6E59F0000-0x00007FF6E5D44000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2077-0x00007FF6E59F0000-0x00007FF6E5D44000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2084-0x00007FF6E59F0000-0x00007FF6E5D44000-memory.dmp

Filesize
3.3MB

Download
memory/1472-140-0x00007FF63ABD0000-0x00007FF63AF24000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2105-0x00007FF63ABD0000-0x00007FF63AF24000-memory.dmp

Filesize
3.3MB

Download
memory/1544-35-0x00007FF741220000-0x00007FF741574000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2086-0x00007FF741220000-0x00007FF741574000-memory.dmp

Filesize
3.3MB

Download
memory/1548-46-0x00007FF7768E0000-0x00007FF776C34000-memory.dmp

Filesize
3.3MB

Download
memory/1548-2083-0x00007FF7768E0000-0x00007FF776C34000-memory.dmp

Filesize
3.3MB

Download
memory/1760-2090-0x00007FF727A10000-0x00007FF727D64000-memory.dmp

Filesize
3.3MB

Download
memory/1760-104-0x00007FF727A10000-0x00007FF727D64000-memory.dmp

Filesize
3.3MB

Download
memory/1780-137-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp

Filesize
3.3MB

Download
memory/1780-2103-0x00007FF71C3D0000-0x00007FF71C724000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2093-0x00007FF6F8260000-0x00007FF6F85B4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-121-0x00007FF6F8260000-0x00007FF6F85B4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2095-0x00007FF7150F0000-0x00007FF715444000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2079-0x00007FF7150F0000-0x00007FF715444000-memory.dmp

Filesize
3.3MB

Download
memory/1868-90-0x00007FF7150F0000-0x00007FF715444000-memory.dmp

Filesize
3.3MB

Download
memory/1876-47-0x00007FF7F7050000-0x00007FF7F73A4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-2087-0x00007FF7F7050000-0x00007FF7F73A4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-2078-0x00007FF7F7050000-0x00007FF7F73A4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-37-0x00007FF609FF0000-0x00007FF60A344000-memory.dmp

Filesize
3.3MB

Download
memory/2064-2085-0x00007FF609FF0000-0x00007FF60A344000-memory.dmp

Filesize
3.3MB

Download
memory/2176-2101-0x00007FF62E5C0000-0x00007FF62E914000-memory.dmp

Filesize
3.3MB

Download
memory/2176-145-0x00007FF62E5C0000-0x00007FF62E914000-memory.dmp

Filesize
3.3MB

Download
memory/2208-2100-0x00007FF683920000-0x00007FF683C74000-memory.dmp

Filesize
3.3MB

Download
memory/2208-220-0x00007FF683920000-0x00007FF683C74000-memory.dmp

Filesize
3.3MB

Download
memory/2528-224-0x00007FF799D30000-0x00007FF79A084000-memory.dmp

Filesize
3.3MB

Download
memory/2528-2108-0x00007FF799D30000-0x00007FF79A084000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2092-0x00007FF7780A0000-0x00007FF7783F4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-144-0x00007FF7780A0000-0x00007FF7783F4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-129-0x00007FF7638C0000-0x00007FF763C14000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2091-0x00007FF7638C0000-0x00007FF763C14000-memory.dmp

Filesize
3.3MB

Download
memory/3472-2106-0x00007FF6A7A30000-0x00007FF6A7D84000-memory.dmp

Filesize
3.3MB

Download
memory/3472-222-0x00007FF6A7A30000-0x00007FF6A7D84000-memory.dmp

Filesize
3.3MB

Download
memory/3564-2102-0x00007FF66B0D0000-0x00007FF66B424000-memory.dmp

Filesize
3.3MB

Download
memory/3564-146-0x00007FF66B0D0000-0x00007FF66B424000-memory.dmp

Filesize
3.3MB

Download
memory/3752-2107-0x00007FF6C7AA0000-0x00007FF6C7DF4000-memory.dmp

Filesize
3.3MB

Download
memory/3752-223-0x00007FF6C7AA0000-0x00007FF6C7DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4352-142-0x00007FF75B7F0000-0x00007FF75BB44000-memory.dmp

Filesize
3.3MB

Download
memory/4352-2097-0x00007FF75B7F0000-0x00007FF75BB44000-memory.dmp

Filesize
3.3MB

Download
memory/4428-15-0x00007FF7BFF80000-0x00007FF7C02D4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2080-0x00007FF7BFF80000-0x00007FF7C02D4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2096-0x00007FF6C2C20000-0x00007FF6C2F74000-memory.dmp

Filesize
3.3MB

Download
memory/4668-113-0x00007FF6C2C20000-0x00007FF6C2F74000-memory.dmp

Filesize
3.3MB

Download
memory/4756-1-0x000001FA862D0000-0x000001FA862E0000-memory.dmp

Filesize
64KB

Download
memory/4756-0-0x00007FF6C67D0000-0x00007FF6C6B24000-memory.dmp

Filesize
3.3MB

Download
memory/4756-1425-0x00007FF6C67D0000-0x00007FF6C6B24000-memory.dmp

Filesize
3.3MB

Download
memory/4804-60-0x00007FF68EB90000-0x00007FF68EEE4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2088-0x00007FF68EB90000-0x00007FF68EEE4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2089-0x00007FF7C2130000-0x00007FF7C2484000-memory.dmp

Filesize
3.3MB

Download
memory/4892-83-0x00007FF7C2130000-0x00007FF7C2484000-memory.dmp

Filesize
3.3MB

Download
memory/5096-141-0x00007FF7C6790000-0x00007FF7C6AE4000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2094-0x00007FF7C6790000-0x00007FF7C6AE4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads