xmrig | 8c7d616c242ddf5069fd0cc68a794f914ba5727df893eedcf4a74b42ed1c950a

Analysis

max time kernel
119s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
Size

2.0MB
MD5

8024dbafd728248dd9a1dcf05932dbc0
SHA1

6a3cbf2ca14b8b8d681c76ba752323f736fd4f26
SHA256

8c7d616c242ddf5069fd0cc68a794f914ba5727df893eedcf4a74b42ed1c950a
SHA512

b5e9cbbe7a64b7d6e73ca84ed28ab421360ec68261e18755f161136b34a86ea839fc6d0a671a478e01b862f1e68c62eb9adf157af71c3baa10aac5b43ff845db
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICb5Trec2a/1ASmo:BemTLkNdfE0pZrq

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4192-0-0x00007FF738C60000-0x00007FF738FB4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bab-7.dat	xmrig
behavioral2/files/0x000c000000023baa-19.dat	xmrig
behavioral2/files/0x000a000000023bad-34.dat	xmrig
behavioral2/files/0x000a000000023bb2-42.dat	xmrig
behavioral2/files/0x000a000000023bb4-53.dat	xmrig
behavioral2/files/0x000a000000023bb6-64.dat	xmrig
behavioral2/files/0x000a000000023bc3-126.dat	xmrig
behavioral2/files/0x0031000000023bbd-101.dat	xmrig
behavioral2/files/0x000a000000023bbc-98.dat	xmrig
behavioral2/files/0x000a000000023bbb-97.dat	xmrig
behavioral2/files/0x000a000000023bba-92.dat	xmrig
behavioral2/files/0x000a000000023bb0-91.dat	xmrig
behavioral2/files/0x000a000000023bb7-80.dat	xmrig
behavioral2/memory/3120-72-0x00007FF7CDA90000-0x00007FF7CDDE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb9-85.dat	xmrig
behavioral2/files/0x000a000000023baf-59.dat	xmrig
behavioral2/files/0x000a000000023bb8-81.dat	xmrig
behavioral2/files/0x000a000000023bb5-56.dat	xmrig
behavioral2/files/0x000a000000023bb1-69.dat	xmrig
behavioral2/files/0x000a000000023bb3-52.dat	xmrig
behavioral2/memory/1384-48-0x00007FF7D2FD0000-0x00007FF7D3324000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bae-45.dat	xmrig
behavioral2/memory/3128-35-0x00007FF6C7060000-0x00007FF6C73B4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bac-28.dat	xmrig
behavioral2/files/0x000a000000023bc7-142.dat	xmrig
behavioral2/files/0x000a000000023bc6-134.dat	xmrig
behavioral2/files/0x0031000000023bbe-161.dat	xmrig
behavioral2/memory/1756-247-0x00007FF764FF0000-0x00007FF765344000-memory.dmp	xmrig
behavioral2/memory/4324-248-0x00007FF7D7320000-0x00007FF7D7674000-memory.dmp	xmrig
behavioral2/memory/2016-264-0x00007FF6C9950000-0x00007FF6C9CA4000-memory.dmp	xmrig
behavioral2/memory/4340-268-0x00007FF738F80000-0x00007FF7392D4000-memory.dmp	xmrig
behavioral2/memory/2164-272-0x00007FF658AB0000-0x00007FF658E04000-memory.dmp	xmrig
behavioral2/memory/4404-275-0x00007FF7930F0000-0x00007FF793444000-memory.dmp	xmrig
behavioral2/memory/916-274-0x00007FF67A3B0000-0x00007FF67A704000-memory.dmp	xmrig
behavioral2/memory/1908-273-0x00007FF7E9FB0000-0x00007FF7EA304000-memory.dmp	xmrig
behavioral2/memory/1488-271-0x00007FF689B90000-0x00007FF689EE4000-memory.dmp	xmrig
behavioral2/memory/3016-270-0x00007FF7087B0000-0x00007FF708B04000-memory.dmp	xmrig
behavioral2/memory/4904-269-0x00007FF6796F0000-0x00007FF679A44000-memory.dmp	xmrig
behavioral2/memory/1872-267-0x00007FF7F5520000-0x00007FF7F5874000-memory.dmp	xmrig
behavioral2/memory/2036-266-0x00007FF7ACB90000-0x00007FF7ACEE4000-memory.dmp	xmrig
behavioral2/memory/2884-265-0x00007FF786C50000-0x00007FF786FA4000-memory.dmp	xmrig
behavioral2/memory/3756-263-0x00007FF625670000-0x00007FF6259C4000-memory.dmp	xmrig
behavioral2/memory/4804-261-0x00007FF7C6C40000-0x00007FF7C6F94000-memory.dmp	xmrig
behavioral2/memory/4104-235-0x00007FF79F690000-0x00007FF79F9E4000-memory.dmp	xmrig
behavioral2/memory/3980-216-0x00007FF7097A0000-0x00007FF709AF4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc2-186.dat	xmrig
behavioral2/files/0x000a000000023bcb-181.dat	xmrig
behavioral2/files/0x000a000000023bc4-178.dat	xmrig
behavioral2/memory/4464-197-0x00007FF7C6E10000-0x00007FF7C7164000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc0-176.dat	xmrig
behavioral2/files/0x000a000000023bca-175.dat	xmrig
behavioral2/memory/2920-171-0x00007FF64C100000-0x00007FF64C454000-memory.dmp	xmrig
behavioral2/files/0x0031000000023bbf-168.dat	xmrig
behavioral2/memory/2040-166-0x00007FF657B10000-0x00007FF657E64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc9-158.dat	xmrig
behavioral2/files/0x000a000000023bc8-155.dat	xmrig
behavioral2/files/0x000a000000023bc1-177.dat	xmrig
behavioral2/files/0x000a000000023bc5-132.dat	xmrig
behavioral2/memory/3840-152-0x00007FF68BD60000-0x00007FF68C0B4000-memory.dmp	xmrig
behavioral2/memory/4544-129-0x00007FF6C92E0000-0x00007FF6C9634000-memory.dmp	xmrig
behavioral2/memory/3920-128-0x00007FF6196F0000-0x00007FF619A44000-memory.dmp	xmrig
behavioral2/memory/1808-102-0x00007FF6E4470000-0x00007FF6E47C4000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b4e-8.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4460	kvzdvWG.exe
3128	SweOhaR.exe
1384	iytWIQP.exe
3120	FODvlOm.exe
3016	dGTWmSW.exe
1808	ittMcZV.exe
3920	qkGxBIn.exe
1488	TursMtR.exe
4544	mciEGia.exe
3840	zYQhixj.exe
2164	ubhcsuu.exe
2040	vVkGeCz.exe
2920	rmaWGiF.exe
4464	nuaGOKm.exe
1908	EukrSsy.exe
3980	fEuJXSB.exe
4104	jvoksEe.exe
1756	qLxeEdV.exe
4324	OlwzYJg.exe
4804	fMzYNaN.exe
3756	lUjlNkz.exe
916	wwEcsdX.exe
2016	HTYzzCi.exe
2884	fgLUFYC.exe
2036	noWrkfH.exe
1872	JoDnbdl.exe
4340	nGVKNNG.exe
4904	whpWCEM.exe
4404	mdQQTOU.exe
1832	qyhoRqa.exe
2820	YFbCSaL.exe
5044	UEZLrdD.exe
1028	cScwsKd.exe
4068	qrfkxss.exe
2404	kFppvgy.exe
3576	XGajOIs.exe
1496	DBPGmac.exe
3504	oBjjAPQ.exe
2628	aujtnjs.exe
5072	pXfgbnD.exe
1784	roPVmob.exe
1816	LrNcKqc.exe
4828	DnsLNSQ.exe
1448	hLsjSfZ.exe
624	UcipmRY.exe
4724	sZsqLXF.exe
4616	CKAieTl.exe
2180	AYHJzRU.exe
4228	zfneukQ.exe
4440	ugzAhEc.exe
3944	RPHRPzM.exe
3188	lzRlalM.exe
2172	wQViAYY.exe
1876	eXBNvby.exe
3644	mWKpwxX.exe
2700	pJbqViJ.exe
3896	hTcreEY.exe
3464	VqPRMYP.exe
4760	MsYSfvS.exe
1772	iqblSUO.exe
4012	vTMAgkN.exe
4280	lhxXbxu.exe
3012	jCwsqoB.exe
3700	gpjZIKS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4192-0-0x00007FF738C60000-0x00007FF738FB4000-memory.dmp	upx
behavioral2/files/0x000b000000023bab-7.dat	upx
behavioral2/files/0x000c000000023baa-19.dat	upx
behavioral2/files/0x000a000000023bad-34.dat	upx
behavioral2/files/0x000a000000023bb2-42.dat	upx
behavioral2/files/0x000a000000023bb4-53.dat	upx
behavioral2/files/0x000a000000023bb6-64.dat	upx
behavioral2/files/0x000a000000023bc3-126.dat	upx
behavioral2/files/0x0031000000023bbd-101.dat	upx
behavioral2/files/0x000a000000023bbc-98.dat	upx
behavioral2/files/0x000a000000023bbb-97.dat	upx
behavioral2/files/0x000a000000023bba-92.dat	upx
behavioral2/files/0x000a000000023bb0-91.dat	upx
behavioral2/files/0x000a000000023bb7-80.dat	upx
behavioral2/memory/3120-72-0x00007FF7CDA90000-0x00007FF7CDDE4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb9-85.dat	upx
behavioral2/files/0x000a000000023baf-59.dat	upx
behavioral2/files/0x000a000000023bb8-81.dat	upx
behavioral2/files/0x000a000000023bb5-56.dat	upx
behavioral2/files/0x000a000000023bb1-69.dat	upx
behavioral2/files/0x000a000000023bb3-52.dat	upx
behavioral2/memory/1384-48-0x00007FF7D2FD0000-0x00007FF7D3324000-memory.dmp	upx
behavioral2/files/0x000a000000023bae-45.dat	upx
behavioral2/memory/3128-35-0x00007FF6C7060000-0x00007FF6C73B4000-memory.dmp	upx
behavioral2/files/0x000a000000023bac-28.dat	upx
behavioral2/files/0x000a000000023bc7-142.dat	upx
behavioral2/files/0x000a000000023bc6-134.dat	upx
behavioral2/files/0x0031000000023bbe-161.dat	upx
behavioral2/memory/1756-247-0x00007FF764FF0000-0x00007FF765344000-memory.dmp	upx
behavioral2/memory/4324-248-0x00007FF7D7320000-0x00007FF7D7674000-memory.dmp	upx
behavioral2/memory/2016-264-0x00007FF6C9950000-0x00007FF6C9CA4000-memory.dmp	upx
behavioral2/memory/4340-268-0x00007FF738F80000-0x00007FF7392D4000-memory.dmp	upx
behavioral2/memory/2164-272-0x00007FF658AB0000-0x00007FF658E04000-memory.dmp	upx
behavioral2/memory/4404-275-0x00007FF7930F0000-0x00007FF793444000-memory.dmp	upx
behavioral2/memory/916-274-0x00007FF67A3B0000-0x00007FF67A704000-memory.dmp	upx
behavioral2/memory/1908-273-0x00007FF7E9FB0000-0x00007FF7EA304000-memory.dmp	upx
behavioral2/memory/1488-271-0x00007FF689B90000-0x00007FF689EE4000-memory.dmp	upx
behavioral2/memory/3016-270-0x00007FF7087B0000-0x00007FF708B04000-memory.dmp	upx
behavioral2/memory/4904-269-0x00007FF6796F0000-0x00007FF679A44000-memory.dmp	upx
behavioral2/memory/1872-267-0x00007FF7F5520000-0x00007FF7F5874000-memory.dmp	upx
behavioral2/memory/2036-266-0x00007FF7ACB90000-0x00007FF7ACEE4000-memory.dmp	upx
behavioral2/memory/2884-265-0x00007FF786C50000-0x00007FF786FA4000-memory.dmp	upx
behavioral2/memory/3756-263-0x00007FF625670000-0x00007FF6259C4000-memory.dmp	upx
behavioral2/memory/4804-261-0x00007FF7C6C40000-0x00007FF7C6F94000-memory.dmp	upx
behavioral2/memory/4104-235-0x00007FF79F690000-0x00007FF79F9E4000-memory.dmp	upx
behavioral2/memory/3980-216-0x00007FF7097A0000-0x00007FF709AF4000-memory.dmp	upx
behavioral2/files/0x000a000000023bc2-186.dat	upx
behavioral2/files/0x000a000000023bcb-181.dat	upx
behavioral2/files/0x000a000000023bc4-178.dat	upx
behavioral2/memory/4464-197-0x00007FF7C6E10000-0x00007FF7C7164000-memory.dmp	upx
behavioral2/files/0x000a000000023bc0-176.dat	upx
behavioral2/files/0x000a000000023bca-175.dat	upx
behavioral2/memory/2920-171-0x00007FF64C100000-0x00007FF64C454000-memory.dmp	upx
behavioral2/files/0x0031000000023bbf-168.dat	upx
behavioral2/memory/2040-166-0x00007FF657B10000-0x00007FF657E64000-memory.dmp	upx
behavioral2/files/0x000a000000023bc9-158.dat	upx
behavioral2/files/0x000a000000023bc8-155.dat	upx
behavioral2/files/0x000a000000023bc1-177.dat	upx
behavioral2/files/0x000a000000023bc5-132.dat	upx
behavioral2/memory/3840-152-0x00007FF68BD60000-0x00007FF68C0B4000-memory.dmp	upx
behavioral2/memory/4544-129-0x00007FF6C92E0000-0x00007FF6C9634000-memory.dmp	upx
behavioral2/memory/3920-128-0x00007FF6196F0000-0x00007FF619A44000-memory.dmp	upx
behavioral2/memory/1808-102-0x00007FF6E4470000-0x00007FF6E47C4000-memory.dmp	upx
behavioral2/files/0x000c000000023b4e-8.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LSIEpwT.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\GAYpzQD.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\yKDuyhl.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\gqthxZp.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\CLtJvtC.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\UcipmRY.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\UNEwaAd.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\sYcJAMG.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\QeUmxCY.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\oUCtkJv.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\qrfkxss.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\HiZYrOq.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\oxduGnH.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\oExILXa.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\XtHOOYv.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\XyhREXr.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\FQGhfbj.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\AEoKVsB.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\dGTWmSW.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\cUiBYVU.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\KSCrGyF.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\LpeBjqC.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\fouWybO.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\JIxcoRQ.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\YFdsiaq.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\SweOhaR.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\hWvVsCE.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\zmFUMGG.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\KGRLxWG.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\QrCubnU.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\MGtRfUW.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\ugsHate.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\aDgvkqz.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\mmqnNub.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\KoVzgeV.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\CKAieTl.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\saLcrex.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\MIQcgSR.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\OxgaCuh.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\FuOoJYS.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\vIXbFLW.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\lsFozTN.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\JqNfftR.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\PaiPyla.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\WUlaCFo.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\iOKMENu.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\maNHHUD.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\SWLqPcn.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\AnGDtXU.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\okLSJvu.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\tQGeYph.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\rqXPZGt.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\XUHFFYw.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\SDmOpkz.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\cuCiXNM.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\IESQUqf.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\znaYHav.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\ZmtzhZD.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\uwsmljX.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\rkLkvXk.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\NxFYdMx.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\PhecFbm.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\fMzYNaN.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
File created	C:\Windows\System\qpWYqKU.exe	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4360	dwm.exe
Token: SeChangeNotifyPrivilege	4360	dwm.exe
Token: 33	4360	dwm.exe
Token: SeIncBasePriorityPrivilege	4360	dwm.exe
Token: SeShutdownPrivilege	4360	dwm.exe
Token: SeCreatePagefilePrivilege	4360	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 4460	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	86
PID 4192 wrote to memory of 4460	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	86
PID 4192 wrote to memory of 1384	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	87
PID 4192 wrote to memory of 1384	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	87
PID 4192 wrote to memory of 3128	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	88
PID 4192 wrote to memory of 3128	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	88
PID 4192 wrote to memory of 3120	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	89
PID 4192 wrote to memory of 3120	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	89
PID 4192 wrote to memory of 3920	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	90
PID 4192 wrote to memory of 3920	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	90
PID 4192 wrote to memory of 3016	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	91
PID 4192 wrote to memory of 3016	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	91
PID 4192 wrote to memory of 1808	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	92
PID 4192 wrote to memory of 1808	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	92
PID 4192 wrote to memory of 1488	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	93
PID 4192 wrote to memory of 1488	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	93
PID 4192 wrote to memory of 4544	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	94
PID 4192 wrote to memory of 4544	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	94
PID 4192 wrote to memory of 3840	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	95
PID 4192 wrote to memory of 3840	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	95
PID 4192 wrote to memory of 2164	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	96
PID 4192 wrote to memory of 2164	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	96
PID 4192 wrote to memory of 2040	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	97
PID 4192 wrote to memory of 2040	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	97
PID 4192 wrote to memory of 2920	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	98
PID 4192 wrote to memory of 2920	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	98
PID 4192 wrote to memory of 4464	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	99
PID 4192 wrote to memory of 4464	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	99
PID 4192 wrote to memory of 1908	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	100
PID 4192 wrote to memory of 1908	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	100
PID 4192 wrote to memory of 3980	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	101
PID 4192 wrote to memory of 3980	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	101
PID 4192 wrote to memory of 4104	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	102
PID 4192 wrote to memory of 4104	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	102
PID 4192 wrote to memory of 1756	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	103
PID 4192 wrote to memory of 1756	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	103
PID 4192 wrote to memory of 4324	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	104
PID 4192 wrote to memory of 4324	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	104
PID 4192 wrote to memory of 4804	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	105
PID 4192 wrote to memory of 4804	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	105
PID 4192 wrote to memory of 3756	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	106
PID 4192 wrote to memory of 3756	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	106
PID 4192 wrote to memory of 916	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	107
PID 4192 wrote to memory of 916	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	107
PID 4192 wrote to memory of 2016	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	108
PID 4192 wrote to memory of 2016	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	108
PID 4192 wrote to memory of 2884	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	109
PID 4192 wrote to memory of 2884	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	109
PID 4192 wrote to memory of 2036	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	110
PID 4192 wrote to memory of 2036	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	110
PID 4192 wrote to memory of 1872	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	111
PID 4192 wrote to memory of 1872	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	111
PID 4192 wrote to memory of 4340	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	112
PID 4192 wrote to memory of 4340	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	112
PID 4192 wrote to memory of 4904	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	113
PID 4192 wrote to memory of 4904	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	113
PID 4192 wrote to memory of 4404	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	114
PID 4192 wrote to memory of 4404	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	114
PID 4192 wrote to memory of 1832	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	115
PID 4192 wrote to memory of 1832	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	115
PID 4192 wrote to memory of 2820	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	116
PID 4192 wrote to memory of 2820	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	116
PID 4192 wrote to memory of 5044	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	117
PID 4192 wrote to memory of 5044	4192	8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe	117

C:\Users\Admin\AppData\Local\Temp\8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\8024dbafd728248dd9a1dcf05932dbc0_NEAS.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\System\kvzdvWG.exe
  C:\Windows\System\kvzdvWG.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\iytWIQP.exe
  C:\Windows\System\iytWIQP.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\SweOhaR.exe
  C:\Windows\System\SweOhaR.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\FODvlOm.exe
  C:\Windows\System\FODvlOm.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\qkGxBIn.exe
  C:\Windows\System\qkGxBIn.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\dGTWmSW.exe
  C:\Windows\System\dGTWmSW.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ittMcZV.exe
  C:\Windows\System\ittMcZV.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\TursMtR.exe
  C:\Windows\System\TursMtR.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\mciEGia.exe
  C:\Windows\System\mciEGia.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\zYQhixj.exe
  C:\Windows\System\zYQhixj.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\ubhcsuu.exe
  C:\Windows\System\ubhcsuu.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\vVkGeCz.exe
  C:\Windows\System\vVkGeCz.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\rmaWGiF.exe
  C:\Windows\System\rmaWGiF.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\nuaGOKm.exe
  C:\Windows\System\nuaGOKm.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\EukrSsy.exe
  C:\Windows\System\EukrSsy.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\fEuJXSB.exe
  C:\Windows\System\fEuJXSB.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\jvoksEe.exe
  C:\Windows\System\jvoksEe.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\qLxeEdV.exe
  C:\Windows\System\qLxeEdV.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\OlwzYJg.exe
  C:\Windows\System\OlwzYJg.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\fMzYNaN.exe
  C:\Windows\System\fMzYNaN.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\lUjlNkz.exe
  C:\Windows\System\lUjlNkz.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\wwEcsdX.exe
  C:\Windows\System\wwEcsdX.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\HTYzzCi.exe
  C:\Windows\System\HTYzzCi.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\fgLUFYC.exe
  C:\Windows\System\fgLUFYC.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\noWrkfH.exe
  C:\Windows\System\noWrkfH.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\JoDnbdl.exe
  C:\Windows\System\JoDnbdl.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\nGVKNNG.exe
  C:\Windows\System\nGVKNNG.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\whpWCEM.exe
  C:\Windows\System\whpWCEM.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\mdQQTOU.exe
  C:\Windows\System\mdQQTOU.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\qyhoRqa.exe
  C:\Windows\System\qyhoRqa.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\YFbCSaL.exe
  C:\Windows\System\YFbCSaL.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\UEZLrdD.exe
  C:\Windows\System\UEZLrdD.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\cScwsKd.exe
  C:\Windows\System\cScwsKd.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\qrfkxss.exe
  C:\Windows\System\qrfkxss.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\kFppvgy.exe
  C:\Windows\System\kFppvgy.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\XGajOIs.exe
  C:\Windows\System\XGajOIs.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\DBPGmac.exe
  C:\Windows\System\DBPGmac.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\oBjjAPQ.exe
  C:\Windows\System\oBjjAPQ.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\aujtnjs.exe
  C:\Windows\System\aujtnjs.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\pXfgbnD.exe
  C:\Windows\System\pXfgbnD.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\roPVmob.exe
  C:\Windows\System\roPVmob.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\LrNcKqc.exe
  C:\Windows\System\LrNcKqc.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\DnsLNSQ.exe
  C:\Windows\System\DnsLNSQ.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\hLsjSfZ.exe
  C:\Windows\System\hLsjSfZ.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\AYHJzRU.exe
  C:\Windows\System\AYHJzRU.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\UcipmRY.exe
  C:\Windows\System\UcipmRY.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\sZsqLXF.exe
  C:\Windows\System\sZsqLXF.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\CKAieTl.exe
  C:\Windows\System\CKAieTl.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\zfneukQ.exe
  C:\Windows\System\zfneukQ.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\ugzAhEc.exe
  C:\Windows\System\ugzAhEc.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\RPHRPzM.exe
  C:\Windows\System\RPHRPzM.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\lzRlalM.exe
  C:\Windows\System\lzRlalM.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\wQViAYY.exe
  C:\Windows\System\wQViAYY.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\eXBNvby.exe
  C:\Windows\System\eXBNvby.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\mWKpwxX.exe
  C:\Windows\System\mWKpwxX.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\pJbqViJ.exe
  C:\Windows\System\pJbqViJ.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\hTcreEY.exe
  C:\Windows\System\hTcreEY.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\VqPRMYP.exe
  C:\Windows\System\VqPRMYP.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\MsYSfvS.exe
  C:\Windows\System\MsYSfvS.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\iqblSUO.exe
  C:\Windows\System\iqblSUO.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\vTMAgkN.exe
  C:\Windows\System\vTMAgkN.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\lhxXbxu.exe
  C:\Windows\System\lhxXbxu.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\jCwsqoB.exe
  C:\Windows\System\jCwsqoB.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\gpjZIKS.exe
  C:\Windows\System\gpjZIKS.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\lsFozTN.exe
  C:\Windows\System\lsFozTN.exe
  2⤵
  PID:4284
- C:\Windows\System\faBwPvl.exe
  C:\Windows\System\faBwPvl.exe
  2⤵
  PID:2168
- C:\Windows\System\rbwUalr.exe
  C:\Windows\System\rbwUalr.exe
  2⤵
  PID:2520
- C:\Windows\System\QitPrIe.exe
  C:\Windows\System\QitPrIe.exe
  2⤵
  PID:4252
- C:\Windows\System\saLcrex.exe
  C:\Windows\System\saLcrex.exe
  2⤵
  PID:4472
- C:\Windows\System\HiyhcuT.exe
  C:\Windows\System\HiyhcuT.exe
  2⤵
  PID:5016
- C:\Windows\System\ugsHate.exe
  C:\Windows\System\ugsHate.exe
  2⤵
  PID:1424
- C:\Windows\System\uIOaVbP.exe
  C:\Windows\System\uIOaVbP.exe
  2⤵
  PID:2772
- C:\Windows\System\mbfdZQx.exe
  C:\Windows\System\mbfdZQx.exe
  2⤵
  PID:4048
- C:\Windows\System\kJavFEK.exe
  C:\Windows\System\kJavFEK.exe
  2⤵
  PID:4948
- C:\Windows\System\onGNGxJ.exe
  C:\Windows\System\onGNGxJ.exe
  2⤵
  PID:4988
- C:\Windows\System\OKvAdRS.exe
  C:\Windows\System\OKvAdRS.exe
  2⤵
  PID:4532
- C:\Windows\System\qkkDpzL.exe
  C:\Windows\System\qkkDpzL.exe
  2⤵
  PID:3472
- C:\Windows\System\vabykuo.exe
  C:\Windows\System\vabykuo.exe
  2⤵
  PID:1428
- C:\Windows\System\mlEvlgf.exe
  C:\Windows\System\mlEvlgf.exe
  2⤵
  PID:2352
- C:\Windows\System\alzUkWq.exe
  C:\Windows\System\alzUkWq.exe
  2⤵
  PID:1968
- C:\Windows\System\lEvgSkp.exe
  C:\Windows\System\lEvgSkp.exe
  2⤵
  PID:4376
- C:\Windows\System\xZnEqEK.exe
  C:\Windows\System\xZnEqEK.exe
  2⤵
  PID:1512
- C:\Windows\System\XkhgxOu.exe
  C:\Windows\System\XkhgxOu.exe
  2⤵
  PID:316
- C:\Windows\System\VCMYjIF.exe
  C:\Windows\System\VCMYjIF.exe
  2⤵
  PID:4408
- C:\Windows\System\YLEDNKO.exe
  C:\Windows\System\YLEDNKO.exe
  2⤵
  PID:5012
- C:\Windows\System\rvkQVDa.exe
  C:\Windows\System\rvkQVDa.exe
  2⤵
  PID:2192
- C:\Windows\System\iUFtHeZ.exe
  C:\Windows\System\iUFtHeZ.exe
  2⤵
  PID:2776
- C:\Windows\System\AEoKVsB.exe
  C:\Windows\System\AEoKVsB.exe
  2⤵
  PID:4564
- C:\Windows\System\KcEnfBF.exe
  C:\Windows\System\KcEnfBF.exe
  2⤵
  PID:4144
- C:\Windows\System\NMDbmKl.exe
  C:\Windows\System\NMDbmKl.exe
  2⤵
  PID:1040
- C:\Windows\System\oBYdzRg.exe
  C:\Windows\System\oBYdzRg.exe
  2⤵
  PID:1032
- C:\Windows\System\ivqncVK.exe
  C:\Windows\System\ivqncVK.exe
  2⤵
  PID:3876
- C:\Windows\System\SdvCUEQ.exe
  C:\Windows\System\SdvCUEQ.exe
  2⤵
  PID:5028
- C:\Windows\System\kmYjhNy.exe
  C:\Windows\System\kmYjhNy.exe
  2⤵
  PID:2540
- C:\Windows\System\bBsYfMk.exe
  C:\Windows\System\bBsYfMk.exe
  2⤵
  PID:5136
- C:\Windows\System\DWhNqZU.exe
  C:\Windows\System\DWhNqZU.exe
  2⤵
  PID:5164
- C:\Windows\System\qpWYqKU.exe
  C:\Windows\System\qpWYqKU.exe
  2⤵
  PID:5196
- C:\Windows\System\hufVDBE.exe
  C:\Windows\System\hufVDBE.exe
  2⤵
  PID:5224
- C:\Windows\System\qGnaemd.exe
  C:\Windows\System\qGnaemd.exe
  2⤵
  PID:5256
- C:\Windows\System\GIwkSsZ.exe
  C:\Windows\System\GIwkSsZ.exe
  2⤵
  PID:5280
- C:\Windows\System\lvGlRSW.exe
  C:\Windows\System\lvGlRSW.exe
  2⤵
  PID:5296
- C:\Windows\System\KGRLxWG.exe
  C:\Windows\System\KGRLxWG.exe
  2⤵
  PID:5320
- C:\Windows\System\llIgQAo.exe
  C:\Windows\System\llIgQAo.exe
  2⤵
  PID:5352
- C:\Windows\System\CAztLBB.exe
  C:\Windows\System\CAztLBB.exe
  2⤵
  PID:5372
- C:\Windows\System\LnhCNrR.exe
  C:\Windows\System\LnhCNrR.exe
  2⤵
  PID:5408
- C:\Windows\System\LJNTSmx.exe
  C:\Windows\System\LJNTSmx.exe
  2⤵
  PID:5444
- C:\Windows\System\hfwevyq.exe
  C:\Windows\System\hfwevyq.exe
  2⤵
  PID:5480
- C:\Windows\System\rzcZZaX.exe
  C:\Windows\System\rzcZZaX.exe
  2⤵
  PID:5508
- C:\Windows\System\cUiBYVU.exe
  C:\Windows\System\cUiBYVU.exe
  2⤵
  PID:5544
- C:\Windows\System\rMINHVc.exe
  C:\Windows\System\rMINHVc.exe
  2⤵
  PID:5572
- C:\Windows\System\mabjbkW.exe
  C:\Windows\System\mabjbkW.exe
  2⤵
  PID:5592
- C:\Windows\System\IbCKEZt.exe
  C:\Windows\System\IbCKEZt.exe
  2⤵
  PID:5608
- C:\Windows\System\mmtBlzk.exe
  C:\Windows\System\mmtBlzk.exe
  2⤵
  PID:5624
- C:\Windows\System\rShCKiq.exe
  C:\Windows\System\rShCKiq.exe
  2⤵
  PID:5688
- C:\Windows\System\bJZAGEX.exe
  C:\Windows\System\bJZAGEX.exe
  2⤵
  PID:5704
- C:\Windows\System\cOlDaqk.exe
  C:\Windows\System\cOlDaqk.exe
  2⤵
  PID:5732
- C:\Windows\System\qUghgse.exe
  C:\Windows\System\qUghgse.exe
  2⤵
  PID:5752
- C:\Windows\System\eYkHpLk.exe
  C:\Windows\System\eYkHpLk.exe
  2⤵
  PID:5788
- C:\Windows\System\zGADoxl.exe
  C:\Windows\System\zGADoxl.exe
  2⤵
  PID:5808
- C:\Windows\System\gwoynFq.exe
  C:\Windows\System\gwoynFq.exe
  2⤵
  PID:5836
- C:\Windows\System\SnUzAOc.exe
  C:\Windows\System\SnUzAOc.exe
  2⤵
  PID:5864
- C:\Windows\System\hjWqgaX.exe
  C:\Windows\System\hjWqgaX.exe
  2⤵
  PID:5892
- C:\Windows\System\JrOCtkP.exe
  C:\Windows\System\JrOCtkP.exe
  2⤵
  PID:5932
- C:\Windows\System\zjNikmC.exe
  C:\Windows\System\zjNikmC.exe
  2⤵
  PID:5948
- C:\Windows\System\hRkdkSq.exe
  C:\Windows\System\hRkdkSq.exe
  2⤵
  PID:5988
- C:\Windows\System\KChaTNY.exe
  C:\Windows\System\KChaTNY.exe
  2⤵
  PID:6004
- C:\Windows\System\LSIEpwT.exe
  C:\Windows\System\LSIEpwT.exe
  2⤵
  PID:6032
- C:\Windows\System\jPCcoba.exe
  C:\Windows\System\jPCcoba.exe
  2⤵
  PID:6060
- C:\Windows\System\LJOmOuD.exe
  C:\Windows\System\LJOmOuD.exe
  2⤵
  PID:6076
- C:\Windows\System\TUOtYIL.exe
  C:\Windows\System\TUOtYIL.exe
  2⤵
  PID:6100
- C:\Windows\System\TzzMkrM.exe
  C:\Windows\System\TzzMkrM.exe
  2⤵
  PID:6132
- C:\Windows\System\kMODleU.exe
  C:\Windows\System\kMODleU.exe
  2⤵
  PID:5156
- C:\Windows\System\qVUFbkD.exe
  C:\Windows\System\qVUFbkD.exe
  2⤵
  PID:5248
- C:\Windows\System\aZYfGfp.exe
  C:\Windows\System\aZYfGfp.exe
  2⤵
  PID:5308
- C:\Windows\System\QrCubnU.exe
  C:\Windows\System\QrCubnU.exe
  2⤵
  PID:5380
- C:\Windows\System\xLqFJxr.exe
  C:\Windows\System\xLqFJxr.exe
  2⤵
  PID:5500
- C:\Windows\System\YWXuggF.exe
  C:\Windows\System\YWXuggF.exe
  2⤵
  PID:5532
- C:\Windows\System\MHkoxhu.exe
  C:\Windows\System\MHkoxhu.exe
  2⤵
  PID:5600
- C:\Windows\System\KnYRNjT.exe
  C:\Windows\System\KnYRNjT.exe
  2⤵
  PID:5680
- C:\Windows\System\nSdisIy.exe
  C:\Windows\System\nSdisIy.exe
  2⤵
  PID:5728
- C:\Windows\System\QirLxkh.exe
  C:\Windows\System\QirLxkh.exe
  2⤵
  PID:5828
- C:\Windows\System\MqfSkTm.exe
  C:\Windows\System\MqfSkTm.exe
  2⤵
  PID:5876
- C:\Windows\System\ZwzTggg.exe
  C:\Windows\System\ZwzTggg.exe
  2⤵
  PID:5904
- C:\Windows\System\smnJflh.exe
  C:\Windows\System\smnJflh.exe
  2⤵
  PID:5972
- C:\Windows\System\hgglLVl.exe
  C:\Windows\System\hgglLVl.exe
  2⤵
  PID:6052
- C:\Windows\System\YlVVVmJ.exe
  C:\Windows\System\YlVVVmJ.exe
  2⤵
  PID:6116
- C:\Windows\System\rQjGzDu.exe
  C:\Windows\System\rQjGzDu.exe
  2⤵
  PID:5216
- C:\Windows\System\xKUEQPZ.exe
  C:\Windows\System\xKUEQPZ.exe
  2⤵
  PID:5384
- C:\Windows\System\jAxkunA.exe
  C:\Windows\System\jAxkunA.exe
  2⤵
  PID:5452
- C:\Windows\System\zCuRlnt.exe
  C:\Windows\System\zCuRlnt.exe
  2⤵
  PID:5668
- C:\Windows\System\SPszLfd.exe
  C:\Windows\System\SPszLfd.exe
  2⤵
  PID:5852
- C:\Windows\System\VhFuXyT.exe
  C:\Windows\System\VhFuXyT.exe
  2⤵
  PID:5940
- C:\Windows\System\irazFgr.exe
  C:\Windows\System\irazFgr.exe
  2⤵
  PID:5184
- C:\Windows\System\YCTgaFB.exe
  C:\Windows\System\YCTgaFB.exe
  2⤵
  PID:5504
- C:\Windows\System\McgTiEY.exe
  C:\Windows\System\McgTiEY.exe
  2⤵
  PID:5764
- C:\Windows\System\aXRIWQI.exe
  C:\Windows\System\aXRIWQI.exe
  2⤵
  PID:5716
- C:\Windows\System\KdDOrtj.exe
  C:\Windows\System\KdDOrtj.exe
  2⤵
  PID:5556
- C:\Windows\System\QihipZa.exe
  C:\Windows\System\QihipZa.exe
  2⤵
  PID:6168
- C:\Windows\System\kvsecuP.exe
  C:\Windows\System\kvsecuP.exe
  2⤵
  PID:6192
- C:\Windows\System\KVKqWsk.exe
  C:\Windows\System\KVKqWsk.exe
  2⤵
  PID:6220
- C:\Windows\System\JQOdLvL.exe
  C:\Windows\System\JQOdLvL.exe
  2⤵
  PID:6248
- C:\Windows\System\HiZYrOq.exe
  C:\Windows\System\HiZYrOq.exe
  2⤵
  PID:6280
- C:\Windows\System\YRfWjgn.exe
  C:\Windows\System\YRfWjgn.exe
  2⤵
  PID:6316
- C:\Windows\System\bEITxmG.exe
  C:\Windows\System\bEITxmG.exe
  2⤵
  PID:6332
- C:\Windows\System\WvFThpD.exe
  C:\Windows\System\WvFThpD.exe
  2⤵
  PID:6360
- C:\Windows\System\OWyEZZM.exe
  C:\Windows\System\OWyEZZM.exe
  2⤵
  PID:6392
- C:\Windows\System\KDvXliU.exe
  C:\Windows\System\KDvXliU.exe
  2⤵
  PID:6416
- C:\Windows\System\fxjztTX.exe
  C:\Windows\System\fxjztTX.exe
  2⤵
  PID:6452
- C:\Windows\System\vkCzQbn.exe
  C:\Windows\System\vkCzQbn.exe
  2⤵
  PID:6472
- C:\Windows\System\LExtLVB.exe
  C:\Windows\System\LExtLVB.exe
  2⤵
  PID:6492
- C:\Windows\System\aDgvkqz.exe
  C:\Windows\System\aDgvkqz.exe
  2⤵
  PID:6528
- C:\Windows\System\nrkbXeV.exe
  C:\Windows\System\nrkbXeV.exe
  2⤵
  PID:6556
- C:\Windows\System\gNxcvdi.exe
  C:\Windows\System\gNxcvdi.exe
  2⤵
  PID:6584
- C:\Windows\System\jblZAzl.exe
  C:\Windows\System\jblZAzl.exe
  2⤵
  PID:6616
- C:\Windows\System\eyNBMQD.exe
  C:\Windows\System\eyNBMQD.exe
  2⤵
  PID:6640
- C:\Windows\System\qFGYQOX.exe
  C:\Windows\System\qFGYQOX.exe
  2⤵
  PID:6668
- C:\Windows\System\zYtfsqo.exe
  C:\Windows\System\zYtfsqo.exe
  2⤵
  PID:6704
- C:\Windows\System\sAcasoW.exe
  C:\Windows\System\sAcasoW.exe
  2⤵
  PID:6732
- C:\Windows\System\dvbasgo.exe
  C:\Windows\System\dvbasgo.exe
  2⤵
  PID:6764
- C:\Windows\System\IkQBtbN.exe
  C:\Windows\System\IkQBtbN.exe
  2⤵
  PID:6780
- C:\Windows\System\dBMjqDv.exe
  C:\Windows\System\dBMjqDv.exe
  2⤵
  PID:6808
- C:\Windows\System\rkmOTdU.exe
  C:\Windows\System\rkmOTdU.exe
  2⤵
  PID:6848
- C:\Windows\System\qRZpkLD.exe
  C:\Windows\System\qRZpkLD.exe
  2⤵
  PID:6864
- C:\Windows\System\GoWdADB.exe
  C:\Windows\System\GoWdADB.exe
  2⤵
  PID:6896
- C:\Windows\System\mBaDheN.exe
  C:\Windows\System\mBaDheN.exe
  2⤵
  PID:6920
- C:\Windows\System\ItphhTC.exe
  C:\Windows\System\ItphhTC.exe
  2⤵
  PID:6948
- C:\Windows\System\ZssAxxn.exe
  C:\Windows\System\ZssAxxn.exe
  2⤵
  PID:6976
- C:\Windows\System\WjKgZJb.exe
  C:\Windows\System\WjKgZJb.exe
  2⤵
  PID:7004
- C:\Windows\System\SNZUNrv.exe
  C:\Windows\System\SNZUNrv.exe
  2⤵
  PID:7020
- C:\Windows\System\NlUWqyD.exe
  C:\Windows\System\NlUWqyD.exe
  2⤵
  PID:7048
- C:\Windows\System\lCHEMaC.exe
  C:\Windows\System\lCHEMaC.exe
  2⤵
  PID:7076
- C:\Windows\System\hvhylYq.exe
  C:\Windows\System\hvhylYq.exe
  2⤵
  PID:7108
- C:\Windows\System\IdpJRya.exe
  C:\Windows\System\IdpJRya.exe
  2⤵
  PID:7144
- C:\Windows\System\AeALeYj.exe
  C:\Windows\System\AeALeYj.exe
  2⤵
  PID:6148
- C:\Windows\System\DYuuMQP.exe
  C:\Windows\System\DYuuMQP.exe
  2⤵
  PID:6212
- C:\Windows\System\KSCrGyF.exe
  C:\Windows\System\KSCrGyF.exe
  2⤵
  PID:6272
- C:\Windows\System\bRWsIVO.exe
  C:\Windows\System\bRWsIVO.exe
  2⤵
  PID:6328
- C:\Windows\System\qKQyYZU.exe
  C:\Windows\System\qKQyYZU.exe
  2⤵
  PID:6412
- C:\Windows\System\LpeBjqC.exe
  C:\Windows\System\LpeBjqC.exe
  2⤵
  PID:6460
- C:\Windows\System\LrjTGGW.exe
  C:\Windows\System\LrjTGGW.exe
  2⤵
  PID:6576
- C:\Windows\System\kDqzzEC.exe
  C:\Windows\System\kDqzzEC.exe
  2⤵
  PID:6604
- C:\Windows\System\crLysqm.exe
  C:\Windows\System\crLysqm.exe
  2⤵
  PID:6680
- C:\Windows\System\jQmrrPn.exe
  C:\Windows\System\jQmrrPn.exe
  2⤵
  PID:6748
- C:\Windows\System\mBlhSkr.exe
  C:\Windows\System\mBlhSkr.exe
  2⤵
  PID:6792
- C:\Windows\System\dWHgGXd.exe
  C:\Windows\System\dWHgGXd.exe
  2⤵
  PID:6860
- C:\Windows\System\XcZeRRV.exe
  C:\Windows\System\XcZeRRV.exe
  2⤵
  PID:6944
- C:\Windows\System\uZNjqaJ.exe
  C:\Windows\System\uZNjqaJ.exe
  2⤵
  PID:7012
- C:\Windows\System\lBxkPAn.exe
  C:\Windows\System\lBxkPAn.exe
  2⤵
  PID:7044
- C:\Windows\System\XEMBgvV.exe
  C:\Windows\System\XEMBgvV.exe
  2⤵
  PID:7092
- C:\Windows\System\qSosqQG.exe
  C:\Windows\System\qSosqQG.exe
  2⤵
  PID:7120
- C:\Windows\System\vKufkfJ.exe
  C:\Windows\System\vKufkfJ.exe
  2⤵
  PID:6240
- C:\Windows\System\WqPtFXe.exe
  C:\Windows\System\WqPtFXe.exe
  2⤵
  PID:6348
- C:\Windows\System\tVbOkYw.exe
  C:\Windows\System\tVbOkYw.exe
  2⤵
  PID:6536
- C:\Windows\System\hHfKMvd.exe
  C:\Windows\System\hHfKMvd.exe
  2⤵
  PID:6840
- C:\Windows\System\EyWJrdK.exe
  C:\Windows\System\EyWJrdK.exe
  2⤵
  PID:6916
- C:\Windows\System\dEPsGUg.exe
  C:\Windows\System\dEPsGUg.exe
  2⤵
  PID:7068
- C:\Windows\System\lBajWsi.exe
  C:\Windows\System\lBajWsi.exe
  2⤵
  PID:6464
- C:\Windows\System\rxNYwjr.exe
  C:\Windows\System\rxNYwjr.exe
  2⤵
  PID:6568
- C:\Windows\System\oxduGnH.exe
  C:\Windows\System\oxduGnH.exe
  2⤵
  PID:6656
- C:\Windows\System\PzftfrD.exe
  C:\Windows\System\PzftfrD.exe
  2⤵
  PID:6156
- C:\Windows\System\yHEETuh.exe
  C:\Windows\System\yHEETuh.exe
  2⤵
  PID:7188
- C:\Windows\System\BKdJkPb.exe
  C:\Windows\System\BKdJkPb.exe
  2⤵
  PID:7220
- C:\Windows\System\GIyEceF.exe
  C:\Windows\System\GIyEceF.exe
  2⤵
  PID:7248
- C:\Windows\System\ptIQAnH.exe
  C:\Windows\System\ptIQAnH.exe
  2⤵
  PID:7276
- C:\Windows\System\GtQRwJW.exe
  C:\Windows\System\GtQRwJW.exe
  2⤵
  PID:7300
- C:\Windows\System\hEfucqT.exe
  C:\Windows\System\hEfucqT.exe
  2⤵
  PID:7328
- C:\Windows\System\egWDeUE.exe
  C:\Windows\System\egWDeUE.exe
  2⤵
  PID:7356
- C:\Windows\System\mfDBgIw.exe
  C:\Windows\System\mfDBgIw.exe
  2⤵
  PID:7388
- C:\Windows\System\oExILXa.exe
  C:\Windows\System\oExILXa.exe
  2⤵
  PID:7412
- C:\Windows\System\LVSgwyL.exe
  C:\Windows\System\LVSgwyL.exe
  2⤵
  PID:7440
- C:\Windows\System\UlpnNec.exe
  C:\Windows\System\UlpnNec.exe
  2⤵
  PID:7456
- C:\Windows\System\PYoEpLz.exe
  C:\Windows\System\PYoEpLz.exe
  2⤵
  PID:7488
- C:\Windows\System\SROtTYq.exe
  C:\Windows\System\SROtTYq.exe
  2⤵
  PID:7512
- C:\Windows\System\rkLkvXk.exe
  C:\Windows\System\rkLkvXk.exe
  2⤵
  PID:7540
- C:\Windows\System\vNwRekr.exe
  C:\Windows\System\vNwRekr.exe
  2⤵
  PID:7564
- C:\Windows\System\FdpulDY.exe
  C:\Windows\System\FdpulDY.exe
  2⤵
  PID:7596
- C:\Windows\System\YkhUDoE.exe
  C:\Windows\System\YkhUDoE.exe
  2⤵
  PID:7632
- C:\Windows\System\pZZSMqi.exe
  C:\Windows\System\pZZSMqi.exe
  2⤵
  PID:7648
- C:\Windows\System\AVCoccF.exe
  C:\Windows\System\AVCoccF.exe
  2⤵
  PID:7664
- C:\Windows\System\XgpYFSo.exe
  C:\Windows\System\XgpYFSo.exe
  2⤵
  PID:7688
- C:\Windows\System\lpRCvnh.exe
  C:\Windows\System\lpRCvnh.exe
  2⤵
  PID:7712
- C:\Windows\System\sbbsvJN.exe
  C:\Windows\System\sbbsvJN.exe
  2⤵
  PID:7736
- C:\Windows\System\DvGKnoI.exe
  C:\Windows\System\DvGKnoI.exe
  2⤵
  PID:7768
- C:\Windows\System\GdCvIua.exe
  C:\Windows\System\GdCvIua.exe
  2⤵
  PID:7784
- C:\Windows\System\vbwPFWL.exe
  C:\Windows\System\vbwPFWL.exe
  2⤵
  PID:7820
- C:\Windows\System\aryAohc.exe
  C:\Windows\System\aryAohc.exe
  2⤵
  PID:7860
- C:\Windows\System\LDMLvtO.exe
  C:\Windows\System\LDMLvtO.exe
  2⤵
  PID:7888
- C:\Windows\System\NJwLGNr.exe
  C:\Windows\System\NJwLGNr.exe
  2⤵
  PID:7916
- C:\Windows\System\DHowXiy.exe
  C:\Windows\System\DHowXiy.exe
  2⤵
  PID:7948
- C:\Windows\System\blsOzLI.exe
  C:\Windows\System\blsOzLI.exe
  2⤵
  PID:7980
- C:\Windows\System\ZVHQeph.exe
  C:\Windows\System\ZVHQeph.exe
  2⤵
  PID:8012
- C:\Windows\System\KbNlbBA.exe
  C:\Windows\System\KbNlbBA.exe
  2⤵
  PID:8056
- C:\Windows\System\wleZEyy.exe
  C:\Windows\System\wleZEyy.exe
  2⤵
  PID:8072
- C:\Windows\System\hglJlor.exe
  C:\Windows\System\hglJlor.exe
  2⤵
  PID:8108
- C:\Windows\System\UNEwaAd.exe
  C:\Windows\System\UNEwaAd.exe
  2⤵
  PID:8140
- C:\Windows\System\QnxJPYL.exe
  C:\Windows\System\QnxJPYL.exe
  2⤵
  PID:8168
- C:\Windows\System\yozbnvO.exe
  C:\Windows\System\yozbnvO.exe
  2⤵
  PID:7156
- C:\Windows\System\EqWASEB.exe
  C:\Windows\System\EqWASEB.exe
  2⤵
  PID:7228
- C:\Windows\System\GKqLlAZ.exe
  C:\Windows\System\GKqLlAZ.exe
  2⤵
  PID:7272
- C:\Windows\System\mHcnTjE.exe
  C:\Windows\System\mHcnTjE.exe
  2⤵
  PID:7348
- C:\Windows\System\EGoeHVl.exe
  C:\Windows\System\EGoeHVl.exe
  2⤵
  PID:7396
- C:\Windows\System\drfslBv.exe
  C:\Windows\System\drfslBv.exe
  2⤵
  PID:7480
- C:\Windows\System\EmlQceB.exe
  C:\Windows\System\EmlQceB.exe
  2⤵
  PID:7548
- C:\Windows\System\tkwygaT.exe
  C:\Windows\System\tkwygaT.exe
  2⤵
  PID:7672
- C:\Windows\System\dHPkBOP.exe
  C:\Windows\System\dHPkBOP.exe
  2⤵
  PID:7700
- C:\Windows\System\wDjHgSo.exe
  C:\Windows\System\wDjHgSo.exe
  2⤵
  PID:7644
- C:\Windows\System\jDtbWXS.exe
  C:\Windows\System\jDtbWXS.exe
  2⤵
  PID:7808
- C:\Windows\System\bDcjEhM.exe
  C:\Windows\System\bDcjEhM.exe
  2⤵
  PID:7840
- C:\Windows\System\rzvMKmX.exe
  C:\Windows\System\rzvMKmX.exe
  2⤵
  PID:7880
- C:\Windows\System\wdevlEp.exe
  C:\Windows\System\wdevlEp.exe
  2⤵
  PID:7964
- C:\Windows\System\BmhLUZE.exe
  C:\Windows\System\BmhLUZE.exe
  2⤵
  PID:7996
- C:\Windows\System\TNLxhOH.exe
  C:\Windows\System\TNLxhOH.exe
  2⤵
  PID:8104
- C:\Windows\System\yiDCouy.exe
  C:\Windows\System\yiDCouy.exe
  2⤵
  PID:8132
- C:\Windows\System\sYcJAMG.exe
  C:\Windows\System\sYcJAMG.exe
  2⤵
  PID:8184
- C:\Windows\System\mopWBuG.exe
  C:\Windows\System\mopWBuG.exe
  2⤵
  PID:7296
- C:\Windows\System\FFcVCgQ.exe
  C:\Windows\System\FFcVCgQ.exe
  2⤵
  PID:7436
- C:\Windows\System\nEqvsAU.exe
  C:\Windows\System\nEqvsAU.exe
  2⤵
  PID:7660
- C:\Windows\System\tQGeYph.exe
  C:\Windows\System\tQGeYph.exe
  2⤵
  PID:7836
- C:\Windows\System\bYjsOcP.exe
  C:\Windows\System\bYjsOcP.exe
  2⤵
  PID:8044
- C:\Windows\System\xcRwjVb.exe
  C:\Windows\System\xcRwjVb.exe
  2⤵
  PID:7256
- C:\Windows\System\ULVMvJB.exe
  C:\Windows\System\ULVMvJB.exe
  2⤵
  PID:8064
- C:\Windows\System\uFSCnBU.exe
  C:\Windows\System\uFSCnBU.exe
  2⤵
  PID:7628
- C:\Windows\System\MrePxhV.exe
  C:\Windows\System\MrePxhV.exe
  2⤵
  PID:7232
- C:\Windows\System\eKkXcYW.exe
  C:\Windows\System\eKkXcYW.exe
  2⤵
  PID:7796
- C:\Windows\System\hOqwINl.exe
  C:\Windows\System\hOqwINl.exe
  2⤵
  PID:8200
- C:\Windows\System\gcYpXlh.exe
  C:\Windows\System\gcYpXlh.exe
  2⤵
  PID:8236
- C:\Windows\System\GBvyQHV.exe
  C:\Windows\System\GBvyQHV.exe
  2⤵
  PID:8260
- C:\Windows\System\HuedzIk.exe
  C:\Windows\System\HuedzIk.exe
  2⤵
  PID:8284
- C:\Windows\System\pxOWIZv.exe
  C:\Windows\System\pxOWIZv.exe
  2⤵
  PID:8308
- C:\Windows\System\bGuxOWf.exe
  C:\Windows\System\bGuxOWf.exe
  2⤵
  PID:8332
- C:\Windows\System\XtHOOYv.exe
  C:\Windows\System\XtHOOYv.exe
  2⤵
  PID:8356
- C:\Windows\System\maNHHUD.exe
  C:\Windows\System\maNHHUD.exe
  2⤵
  PID:8384
- C:\Windows\System\cuCiXNM.exe
  C:\Windows\System\cuCiXNM.exe
  2⤵
  PID:8416
- C:\Windows\System\GAYpzQD.exe
  C:\Windows\System\GAYpzQD.exe
  2⤵
  PID:8440
- C:\Windows\System\oCNyeiu.exe
  C:\Windows\System\oCNyeiu.exe
  2⤵
  PID:8468
- C:\Windows\System\fouWybO.exe
  C:\Windows\System\fouWybO.exe
  2⤵
  PID:8496
- C:\Windows\System\eJwCVye.exe
  C:\Windows\System\eJwCVye.exe
  2⤵
  PID:8532
- C:\Windows\System\XdFmjVm.exe
  C:\Windows\System\XdFmjVm.exe
  2⤵
  PID:8564
- C:\Windows\System\jllKStZ.exe
  C:\Windows\System\jllKStZ.exe
  2⤵
  PID:8592
- C:\Windows\System\MTCkzkX.exe
  C:\Windows\System\MTCkzkX.exe
  2⤵
  PID:8608
- C:\Windows\System\nvuXtHA.exe
  C:\Windows\System\nvuXtHA.exe
  2⤵
  PID:8640
- C:\Windows\System\UGTeoNU.exe
  C:\Windows\System\UGTeoNU.exe
  2⤵
  PID:8676
- C:\Windows\System\sEFKEFs.exe
  C:\Windows\System\sEFKEFs.exe
  2⤵
  PID:8716
- C:\Windows\System\UkyLoqA.exe
  C:\Windows\System\UkyLoqA.exe
  2⤵
  PID:8744
- C:\Windows\System\BtmxRYi.exe
  C:\Windows\System\BtmxRYi.exe
  2⤵
  PID:8764
- C:\Windows\System\HoPIgtG.exe
  C:\Windows\System\HoPIgtG.exe
  2⤵
  PID:8796
- C:\Windows\System\IESQUqf.exe
  C:\Windows\System\IESQUqf.exe
  2⤵
  PID:8816
- C:\Windows\System\muvhPOc.exe
  C:\Windows\System\muvhPOc.exe
  2⤵
  PID:8856
- C:\Windows\System\pyZcqPK.exe
  C:\Windows\System\pyZcqPK.exe
  2⤵
  PID:8876
- C:\Windows\System\edlrSRp.exe
  C:\Windows\System\edlrSRp.exe
  2⤵
  PID:8904
- C:\Windows\System\ddGOqxt.exe
  C:\Windows\System\ddGOqxt.exe
  2⤵
  PID:8936
- C:\Windows\System\WbHSmdn.exe
  C:\Windows\System\WbHSmdn.exe
  2⤵
  PID:8956
- C:\Windows\System\lQwIcgc.exe
  C:\Windows\System\lQwIcgc.exe
  2⤵
  PID:8984
- C:\Windows\System\pRwxfuI.exe
  C:\Windows\System\pRwxfuI.exe
  2⤵
  PID:9020
- C:\Windows\System\UbubSBO.exe
  C:\Windows\System\UbubSBO.exe
  2⤵
  PID:9040
- C:\Windows\System\zdPTfiG.exe
  C:\Windows\System\zdPTfiG.exe
  2⤵
  PID:9068
- C:\Windows\System\hXcEUdP.exe
  C:\Windows\System\hXcEUdP.exe
  2⤵
  PID:9096
- C:\Windows\System\XyhREXr.exe
  C:\Windows\System\XyhREXr.exe
  2⤵
  PID:9124
- C:\Windows\System\ZDlgHYd.exe
  C:\Windows\System\ZDlgHYd.exe
  2⤵
  PID:9144
- C:\Windows\System\SdqjXTQ.exe
  C:\Windows\System\SdqjXTQ.exe
  2⤵
  PID:9180
- C:\Windows\System\JKwKVdL.exe
  C:\Windows\System\JKwKVdL.exe
  2⤵
  PID:9208
- C:\Windows\System\XzhiUXK.exe
  C:\Windows\System\XzhiUXK.exe
  2⤵
  PID:8068
- C:\Windows\System\BxnRsAF.exe
  C:\Windows\System\BxnRsAF.exe
  2⤵
  PID:8216
- C:\Windows\System\znaYHav.exe
  C:\Windows\System\znaYHav.exe
  2⤵
  PID:8352
- C:\Windows\System\NlPtXIa.exe
  C:\Windows\System\NlPtXIa.exe
  2⤵
  PID:8348
- C:\Windows\System\MLpbOpL.exe
  C:\Windows\System\MLpbOpL.exe
  2⤵
  PID:8424
- C:\Windows\System\DDHEPjV.exe
  C:\Windows\System\DDHEPjV.exe
  2⤵
  PID:8512
- C:\Windows\System\LfeYwpn.exe
  C:\Windows\System\LfeYwpn.exe
  2⤵
  PID:8584
- C:\Windows\System\QbyGPdt.exe
  C:\Windows\System\QbyGPdt.exe
  2⤵
  PID:8664
- C:\Windows\System\HxDZltJ.exe
  C:\Windows\System\HxDZltJ.exe
  2⤵
  PID:8752
- C:\Windows\System\njZNGGQ.exe
  C:\Windows\System\njZNGGQ.exe
  2⤵
  PID:8828
- C:\Windows\System\doCKWkO.exe
  C:\Windows\System\doCKWkO.exe
  2⤵
  PID:8864
- C:\Windows\System\oEISWvp.exe
  C:\Windows\System\oEISWvp.exe
  2⤵
  PID:8952
- C:\Windows\System\KWaDVxR.exe
  C:\Windows\System\KWaDVxR.exe
  2⤵
  PID:9032
- C:\Windows\System\pekLWpq.exe
  C:\Windows\System\pekLWpq.exe
  2⤵
  PID:9092
- C:\Windows\System\XyCgxOr.exe
  C:\Windows\System\XyCgxOr.exe
  2⤵
  PID:9172
- C:\Windows\System\zIYbouE.exe
  C:\Windows\System\zIYbouE.exe
  2⤵
  PID:9192
- C:\Windows\System\tzUggUh.exe
  C:\Windows\System\tzUggUh.exe
  2⤵
  PID:8320
- C:\Windows\System\hQpPpYP.exe
  C:\Windows\System\hQpPpYP.exe
  2⤵
  PID:8508
- C:\Windows\System\GHDNaDK.exe
  C:\Windows\System\GHDNaDK.exe
  2⤵
  PID:8632
- C:\Windows\System\hbZqifd.exe
  C:\Windows\System\hbZqifd.exe
  2⤵
  PID:8708
- C:\Windows\System\uYNDKgG.exe
  C:\Windows\System\uYNDKgG.exe
  2⤵
  PID:8832
- C:\Windows\System\lNGOlwl.exe
  C:\Windows\System\lNGOlwl.exe
  2⤵
  PID:9080
- C:\Windows\System\hoobaNl.exe
  C:\Windows\System\hoobaNl.exe
  2⤵
  PID:8372
- C:\Windows\System\mXGQkDB.exe
  C:\Windows\System\mXGQkDB.exe
  2⤵
  PID:8432
- C:\Windows\System\YKhbwWv.exe
  C:\Windows\System\YKhbwWv.exe
  2⤵
  PID:8732
- C:\Windows\System\TSDDxll.exe
  C:\Windows\System\TSDDxll.exe
  2⤵
  PID:9196
- C:\Windows\System\OQnxxOO.exe
  C:\Windows\System\OQnxxOO.exe
  2⤵
  PID:8672
- C:\Windows\System\kvYWMvc.exe
  C:\Windows\System\kvYWMvc.exe
  2⤵
  PID:9236
- C:\Windows\System\BFlthRE.exe
  C:\Windows\System\BFlthRE.exe
  2⤵
  PID:9268
- C:\Windows\System\kZqkvll.exe
  C:\Windows\System\kZqkvll.exe
  2⤵
  PID:9292
- C:\Windows\System\JIxcoRQ.exe
  C:\Windows\System\JIxcoRQ.exe
  2⤵
  PID:9320
- C:\Windows\System\dNOrsZn.exe
  C:\Windows\System\dNOrsZn.exe
  2⤵
  PID:9352
- C:\Windows\System\ohlPDMu.exe
  C:\Windows\System\ohlPDMu.exe
  2⤵
  PID:9380
- C:\Windows\System\kPscAvg.exe
  C:\Windows\System\kPscAvg.exe
  2⤵
  PID:9404
- C:\Windows\System\cAqpFZf.exe
  C:\Windows\System\cAqpFZf.exe
  2⤵
  PID:9436
- C:\Windows\System\xlbqQKM.exe
  C:\Windows\System\xlbqQKM.exe
  2⤵
  PID:9464
- C:\Windows\System\DxpeSnH.exe
  C:\Windows\System\DxpeSnH.exe
  2⤵
  PID:9488
- C:\Windows\System\KWkyZgD.exe
  C:\Windows\System\KWkyZgD.exe
  2⤵
  PID:9524
- C:\Windows\System\ytsbJFX.exe
  C:\Windows\System\ytsbJFX.exe
  2⤵
  PID:9556
- C:\Windows\System\YFdsiaq.exe
  C:\Windows\System\YFdsiaq.exe
  2⤵
  PID:9576
- C:\Windows\System\afzVKhe.exe
  C:\Windows\System\afzVKhe.exe
  2⤵
  PID:9644
- C:\Windows\System\vNrFzOq.exe
  C:\Windows\System\vNrFzOq.exe
  2⤵
  PID:9664
- C:\Windows\System\xEcvJAE.exe
  C:\Windows\System\xEcvJAE.exe
  2⤵
  PID:9680
- C:\Windows\System\JvDwlQK.exe
  C:\Windows\System\JvDwlQK.exe
  2⤵
  PID:9708
- C:\Windows\System\lGUrTur.exe
  C:\Windows\System\lGUrTur.exe
  2⤵
  PID:9748
- C:\Windows\System\FFfInbb.exe
  C:\Windows\System\FFfInbb.exe
  2⤵
  PID:9764
- C:\Windows\System\NCPLowj.exe
  C:\Windows\System\NCPLowj.exe
  2⤵
  PID:9788
- C:\Windows\System\rkfsLLc.exe
  C:\Windows\System\rkfsLLc.exe
  2⤵
  PID:9812
- C:\Windows\System\SWLqPcn.exe
  C:\Windows\System\SWLqPcn.exe
  2⤵
  PID:9832
- C:\Windows\System\BeuACcV.exe
  C:\Windows\System\BeuACcV.exe
  2⤵
  PID:9864
- C:\Windows\System\PhecFbm.exe
  C:\Windows\System\PhecFbm.exe
  2⤵
  PID:9896
- C:\Windows\System\eLKklzL.exe
  C:\Windows\System\eLKklzL.exe
  2⤵
  PID:9932
- C:\Windows\System\wDSuKaS.exe
  C:\Windows\System\wDSuKaS.exe
  2⤵
  PID:9968
- C:\Windows\System\tdvdhuJ.exe
  C:\Windows\System\tdvdhuJ.exe
  2⤵
  PID:9988
- C:\Windows\System\MPOXPkK.exe
  C:\Windows\System\MPOXPkK.exe
  2⤵
  PID:10016
- C:\Windows\System\xoWJYGG.exe
  C:\Windows\System\xoWJYGG.exe
  2⤵
  PID:10056
- C:\Windows\System\TrJCJIG.exe
  C:\Windows\System\TrJCJIG.exe
  2⤵
  PID:10088
- C:\Windows\System\TDuXaTx.exe
  C:\Windows\System\TDuXaTx.exe
  2⤵
  PID:10108
- C:\Windows\System\rLAlQoE.exe
  C:\Windows\System\rLAlQoE.exe
  2⤵
  PID:10140
- C:\Windows\System\pmGunrY.exe
  C:\Windows\System\pmGunrY.exe
  2⤵
  PID:10168
- C:\Windows\System\PXcYnPf.exe
  C:\Windows\System\PXcYnPf.exe
  2⤵
  PID:10196
- C:\Windows\System\vFDtUsN.exe
  C:\Windows\System\vFDtUsN.exe
  2⤵
  PID:10224
- C:\Windows\System\nYXfNZr.exe
  C:\Windows\System\nYXfNZr.exe
  2⤵
  PID:9228
- C:\Windows\System\ufrRrEw.exe
  C:\Windows\System\ufrRrEw.exe
  2⤵
  PID:9276
- C:\Windows\System\mVBPvFa.exe
  C:\Windows\System\mVBPvFa.exe
  2⤵
  PID:9312
- C:\Windows\System\QeUmxCY.exe
  C:\Windows\System\QeUmxCY.exe
  2⤵
  PID:9388
- C:\Windows\System\iLBoUpj.exe
  C:\Windows\System\iLBoUpj.exe
  2⤵
  PID:9416
- C:\Windows\System\tZvixSK.exe
  C:\Windows\System\tZvixSK.exe
  2⤵
  PID:9476
- C:\Windows\System\KaxuzLg.exe
  C:\Windows\System\KaxuzLg.exe
  2⤵
  PID:9552
- C:\Windows\System\POnALdR.exe
  C:\Windows\System\POnALdR.exe
  2⤵
  PID:9652
- C:\Windows\System\IvRMKPi.exe
  C:\Windows\System\IvRMKPi.exe
  2⤵
  PID:9732
- C:\Windows\System\teNoUJE.exe
  C:\Windows\System\teNoUJE.exe
  2⤵
  PID:9820
- C:\Windows\System\KUsWcLs.exe
  C:\Windows\System\KUsWcLs.exe
  2⤵
  PID:9852
- C:\Windows\System\TDhBcsI.exe
  C:\Windows\System\TDhBcsI.exe
  2⤵
  PID:9940
- C:\Windows\System\wliozcB.exe
  C:\Windows\System\wliozcB.exe
  2⤵
  PID:10040
- C:\Windows\System\cHqeJAY.exe
  C:\Windows\System\cHqeJAY.exe
  2⤵
  PID:10076
- C:\Windows\System\SegEMie.exe
  C:\Windows\System\SegEMie.exe
  2⤵
  PID:10152
- C:\Windows\System\XFJALOK.exe
  C:\Windows\System\XFJALOK.exe
  2⤵
  PID:10188
- C:\Windows\System\ssdmymA.exe
  C:\Windows\System\ssdmymA.exe
  2⤵
  PID:8296
- C:\Windows\System\FZcgoHe.exe
  C:\Windows\System\FZcgoHe.exe
  2⤵
  PID:9308
- C:\Windows\System\GLkWSyX.exe
  C:\Windows\System\GLkWSyX.exe
  2⤵
  PID:9484
- C:\Windows\System\kAxKiVl.exe
  C:\Windows\System\kAxKiVl.exe
  2⤵
  PID:9620
- C:\Windows\System\IsyuWWZ.exe
  C:\Windows\System\IsyuWWZ.exe
  2⤵
  PID:9760
- C:\Windows\System\ywZTuZm.exe
  C:\Windows\System\ywZTuZm.exe
  2⤵
  PID:9976
- C:\Windows\System\ZqpMxMY.exe
  C:\Windows\System\ZqpMxMY.exe
  2⤵
  PID:8304
- C:\Windows\System\rBgpPeL.exe
  C:\Windows\System\rBgpPeL.exe
  2⤵
  PID:10212
- C:\Windows\System\AaczuEd.exe
  C:\Windows\System\AaczuEd.exe
  2⤵
  PID:9780
- C:\Windows\System\dzOJAaC.exe
  C:\Windows\System\dzOJAaC.exe
  2⤵
  PID:9396
- C:\Windows\System\yAYZedJ.exe
  C:\Windows\System\yAYZedJ.exe
  2⤵
  PID:9452
- C:\Windows\System\muuVKFM.exe
  C:\Windows\System\muuVKFM.exe
  2⤵
  PID:10252
- C:\Windows\System\cdhmBdv.exe
  C:\Windows\System\cdhmBdv.exe
  2⤵
  PID:10280
- C:\Windows\System\esSDZBe.exe
  C:\Windows\System\esSDZBe.exe
  2⤵
  PID:10316
- C:\Windows\System\zmFUMGG.exe
  C:\Windows\System\zmFUMGG.exe
  2⤵
  PID:10348
- C:\Windows\System\rsEvmRF.exe
  C:\Windows\System\rsEvmRF.exe
  2⤵
  PID:10364
- C:\Windows\System\igMlXwW.exe
  C:\Windows\System\igMlXwW.exe
  2⤵
  PID:10380
- C:\Windows\System\DfgIsDp.exe
  C:\Windows\System\DfgIsDp.exe
  2⤵
  PID:10404
- C:\Windows\System\ZmtzhZD.exe
  C:\Windows\System\ZmtzhZD.exe
  2⤵
  PID:10432
- C:\Windows\System\JqNfftR.exe
  C:\Windows\System\JqNfftR.exe
  2⤵
  PID:10464
- C:\Windows\System\oApIDKf.exe
  C:\Windows\System\oApIDKf.exe
  2⤵
  PID:10492
- C:\Windows\System\lNNxPSn.exe
  C:\Windows\System\lNNxPSn.exe
  2⤵
  PID:10520
- C:\Windows\System\hysTdMI.exe
  C:\Windows\System\hysTdMI.exe
  2⤵
  PID:10560
- C:\Windows\System\xlFGQym.exe
  C:\Windows\System\xlFGQym.exe
  2⤵
  PID:10584
- C:\Windows\System\hjnqiDv.exe
  C:\Windows\System\hjnqiDv.exe
  2⤵
  PID:10604
- C:\Windows\System\bPlKoKL.exe
  C:\Windows\System\bPlKoKL.exe
  2⤵
  PID:10644
- C:\Windows\System\MHqTehk.exe
  C:\Windows\System\MHqTehk.exe
  2⤵
  PID:10660
- C:\Windows\System\PaiPyla.exe
  C:\Windows\System\PaiPyla.exe
  2⤵
  PID:10688
- C:\Windows\System\TUOaCcx.exe
  C:\Windows\System\TUOaCcx.exe
  2⤵
  PID:10716
- C:\Windows\System\MxFjWwb.exe
  C:\Windows\System\MxFjWwb.exe
  2⤵
  PID:10752
- C:\Windows\System\QFIgilO.exe
  C:\Windows\System\QFIgilO.exe
  2⤵
  PID:10772
- C:\Windows\System\vigfSjH.exe
  C:\Windows\System\vigfSjH.exe
  2⤵
  PID:10820
- C:\Windows\System\dwMZCxc.exe
  C:\Windows\System\dwMZCxc.exe
  2⤵
  PID:10840
- C:\Windows\System\yHKDwTX.exe
  C:\Windows\System\yHKDwTX.exe
  2⤵
  PID:10868
- C:\Windows\System\RNADziZ.exe
  C:\Windows\System\RNADziZ.exe
  2⤵
  PID:10896
- C:\Windows\System\RGzeatt.exe
  C:\Windows\System\RGzeatt.exe
  2⤵
  PID:10936
- C:\Windows\System\ukjuXlp.exe
  C:\Windows\System\ukjuXlp.exe
  2⤵
  PID:10964
- C:\Windows\System\zAoqVfv.exe
  C:\Windows\System\zAoqVfv.exe
  2⤵
  PID:10980
- C:\Windows\System\cDKNTtM.exe
  C:\Windows\System\cDKNTtM.exe
  2⤵
  PID:10996
- C:\Windows\System\bpiPPgO.exe
  C:\Windows\System\bpiPPgO.exe
  2⤵
  PID:11024
- C:\Windows\System\BbqrKPI.exe
  C:\Windows\System\BbqrKPI.exe
  2⤵
  PID:11064
- C:\Windows\System\DPAWRyJ.exe
  C:\Windows\System\DPAWRyJ.exe
  2⤵
  PID:11088
- C:\Windows\System\txeWIZk.exe
  C:\Windows\System\txeWIZk.exe
  2⤵
  PID:11108
- C:\Windows\System\SDmOpkz.exe
  C:\Windows\System\SDmOpkz.exe
  2⤵
  PID:11156
- C:\Windows\System\PkrycMP.exe
  C:\Windows\System\PkrycMP.exe
  2⤵
  PID:11176
- C:\Windows\System\ahhNqNS.exe
  C:\Windows\System\ahhNqNS.exe
  2⤵
  PID:11204
- C:\Windows\System\EDNoNlx.exe
  C:\Windows\System\EDNoNlx.exe
  2⤵
  PID:11232
- C:\Windows\System\XJddRqy.exe
  C:\Windows\System\XJddRqy.exe
  2⤵
  PID:10096
- C:\Windows\System\lcZFUCp.exe
  C:\Windows\System\lcZFUCp.exe
  2⤵
  PID:10292
- C:\Windows\System\VnVAhAC.exe
  C:\Windows\System\VnVAhAC.exe
  2⤵
  PID:10388
- C:\Windows\System\JoJqMec.exe
  C:\Windows\System\JoJqMec.exe
  2⤵
  PID:10416
- C:\Windows\System\yneRTAe.exe
  C:\Windows\System\yneRTAe.exe
  2⤵
  PID:10428
- C:\Windows\System\CJgJbBf.exe
  C:\Windows\System\CJgJbBf.exe
  2⤵
  PID:10544
- C:\Windows\System\ZtTyVIA.exe
  C:\Windows\System\ZtTyVIA.exe
  2⤵
  PID:10576
- C:\Windows\System\FgoFLip.exe
  C:\Windows\System\FgoFLip.exe
  2⤵
  PID:10712
- C:\Windows\System\hdGAKQm.exe
  C:\Windows\System\hdGAKQm.exe
  2⤵
  PID:10736
- C:\Windows\System\xDwSVVT.exe
  C:\Windows\System\xDwSVVT.exe
  2⤵
  PID:10836
- C:\Windows\System\TcpNxKT.exe
  C:\Windows\System\TcpNxKT.exe
  2⤵
  PID:10880
- C:\Windows\System\VMuxNYq.exe
  C:\Windows\System\VMuxNYq.exe
  2⤵
  PID:10920
- C:\Windows\System\XtirQOv.exe
  C:\Windows\System\XtirQOv.exe
  2⤵
  PID:11048
- C:\Windows\System\WkRjMkA.exe
  C:\Windows\System\WkRjMkA.exe
  2⤵
  PID:11052
- C:\Windows\System\oogMpMf.exe
  C:\Windows\System\oogMpMf.exe
  2⤵
  PID:11144
- C:\Windows\System\fZpRvZr.exe
  C:\Windows\System\fZpRvZr.exe
  2⤵
  PID:11224
- C:\Windows\System\WrRcsUW.exe
  C:\Windows\System\WrRcsUW.exe
  2⤵
  PID:11248
- C:\Windows\System\IrRhNxt.exe
  C:\Windows\System\IrRhNxt.exe
  2⤵
  PID:10372
- C:\Windows\System\CdGxPux.exe
  C:\Windows\System\CdGxPux.exe
  2⤵
  PID:10600
- C:\Windows\System\fVCdhIr.exe
  C:\Windows\System\fVCdhIr.exe
  2⤵
  PID:10764
- C:\Windows\System\mmqnNub.exe
  C:\Windows\System\mmqnNub.exe
  2⤵
  PID:10832
- C:\Windows\System\QAnSyHQ.exe
  C:\Windows\System\QAnSyHQ.exe
  2⤵
  PID:11016
- C:\Windows\System\riFCneB.exe
  C:\Windows\System\riFCneB.exe
  2⤵
  PID:11164
- C:\Windows\System\FUVpTha.exe
  C:\Windows\System\FUVpTha.exe
  2⤵
  PID:10268
- C:\Windows\System\YZFYBIq.exe
  C:\Windows\System\YZFYBIq.exe
  2⤵
  PID:10732
- C:\Windows\System\DRoeAqQ.exe
  C:\Windows\System\DRoeAqQ.exe
  2⤵
  PID:11044
- C:\Windows\System\xdcSJrn.exe
  C:\Windows\System\xdcSJrn.exe
  2⤵
  PID:10448
- C:\Windows\System\vHoBzUG.exe
  C:\Windows\System\vHoBzUG.exe
  2⤵
  PID:9392
- C:\Windows\System\gTckNcF.exe
  C:\Windows\System\gTckNcF.exe
  2⤵
  PID:11296
- C:\Windows\System\ESpYNxw.exe
  C:\Windows\System\ESpYNxw.exe
  2⤵
  PID:11312
- C:\Windows\System\cmiFrSS.exe
  C:\Windows\System\cmiFrSS.exe
  2⤵
  PID:11344
- C:\Windows\System\zdkcqMu.exe
  C:\Windows\System\zdkcqMu.exe
  2⤵
  PID:11376
- C:\Windows\System\MmtxtJH.exe
  C:\Windows\System\MmtxtJH.exe
  2⤵
  PID:11404
- C:\Windows\System\XgtErfv.exe
  C:\Windows\System\XgtErfv.exe
  2⤵
  PID:11432
- C:\Windows\System\XtVxjuf.exe
  C:\Windows\System\XtVxjuf.exe
  2⤵
  PID:11464
- C:\Windows\System\acVdsOb.exe
  C:\Windows\System\acVdsOb.exe
  2⤵
  PID:11500
- C:\Windows\System\hWvVsCE.exe
  C:\Windows\System\hWvVsCE.exe
  2⤵
  PID:11520
- C:\Windows\System\JICHEhn.exe
  C:\Windows\System\JICHEhn.exe
  2⤵
  PID:11548
- C:\Windows\System\xmYaIMV.exe
  C:\Windows\System\xmYaIMV.exe
  2⤵
  PID:11584
- C:\Windows\System\pCzEzlB.exe
  C:\Windows\System\pCzEzlB.exe
  2⤵
  PID:11604
- C:\Windows\System\eTuJnCF.exe
  C:\Windows\System\eTuJnCF.exe
  2⤵
  PID:11628
- C:\Windows\System\kDTXYwm.exe
  C:\Windows\System\kDTXYwm.exe
  2⤵
  PID:11648
- C:\Windows\System\kQLTdEg.exe
  C:\Windows\System\kQLTdEg.exe
  2⤵
  PID:11676
- C:\Windows\System\rrijPEe.exe
  C:\Windows\System\rrijPEe.exe
  2⤵
  PID:11692
- C:\Windows\System\PZBOqoU.exe
  C:\Windows\System\PZBOqoU.exe
  2⤵
  PID:11724
- C:\Windows\System\wHGxWpq.exe
  C:\Windows\System\wHGxWpq.exe
  2⤵
  PID:11756
- C:\Windows\System\isPgRcj.exe
  C:\Windows\System\isPgRcj.exe
  2⤵
  PID:11788
- C:\Windows\System\wASQNQK.exe
  C:\Windows\System\wASQNQK.exe
  2⤵
  PID:11804
- C:\Windows\System\rprNJsX.exe
  C:\Windows\System\rprNJsX.exe
  2⤵
  PID:11840
- C:\Windows\System\loHOGen.exe
  C:\Windows\System\loHOGen.exe
  2⤵
  PID:11868
- C:\Windows\System\zkYqZIy.exe
  C:\Windows\System\zkYqZIy.exe
  2⤵
  PID:11900
- C:\Windows\System\cUCRekD.exe
  C:\Windows\System\cUCRekD.exe
  2⤵
  PID:11924
- C:\Windows\System\dWciLpz.exe
  C:\Windows\System\dWciLpz.exe
  2⤵
  PID:11956
- C:\Windows\System\XtstwUJ.exe
  C:\Windows\System\XtstwUJ.exe
  2⤵
  PID:11992
- C:\Windows\System\IvPjfGF.exe
  C:\Windows\System\IvPjfGF.exe
  2⤵
  PID:12012
- C:\Windows\System\pTJkrkr.exe
  C:\Windows\System\pTJkrkr.exe
  2⤵
  PID:12040
- C:\Windows\System\uwsmljX.exe
  C:\Windows\System\uwsmljX.exe
  2⤵
  PID:12080
- C:\Windows\System\xFugrdQ.exe
  C:\Windows\System\xFugrdQ.exe
  2⤵
  PID:12096
- C:\Windows\System\npsyUTo.exe
  C:\Windows\System\npsyUTo.exe
  2⤵
  PID:12132
- C:\Windows\System\SlITxmw.exe
  C:\Windows\System\SlITxmw.exe
  2⤵
  PID:12160
- C:\Windows\System\IJwfRVk.exe
  C:\Windows\System\IJwfRVk.exe
  2⤵
  PID:12192
- C:\Windows\System\uLdsXwf.exe
  C:\Windows\System\uLdsXwf.exe
  2⤵
  PID:12220
- C:\Windows\System\xiZPEtY.exe
  C:\Windows\System\xiZPEtY.exe
  2⤵
  PID:12248
- C:\Windows\System\OGloyDT.exe
  C:\Windows\System\OGloyDT.exe
  2⤵
  PID:12276
- C:\Windows\System\ttFKCVg.exe
  C:\Windows\System\ttFKCVg.exe
  2⤵
  PID:11120
- C:\Windows\System\xpvRtLl.exe
  C:\Windows\System\xpvRtLl.exe
  2⤵
  PID:11328
- C:\Windows\System\dWZDyBg.exe
  C:\Windows\System\dWZDyBg.exe
  2⤵
  PID:11424
- C:\Windows\System\MQuDeCx.exe
  C:\Windows\System\MQuDeCx.exe
  2⤵
  PID:11452
- C:\Windows\System\MGtRfUW.exe
  C:\Windows\System\MGtRfUW.exe
  2⤵
  PID:11532
- C:\Windows\System\YbItPXk.exe
  C:\Windows\System\YbItPXk.exe
  2⤵
  PID:11560
- C:\Windows\System\NfUceox.exe
  C:\Windows\System\NfUceox.exe
  2⤵
  PID:11612
- C:\Windows\System\SSRkbym.exe
  C:\Windows\System\SSRkbym.exe
  2⤵
  PID:11704
- C:\Windows\System\FSsTBQX.exe
  C:\Windows\System\FSsTBQX.exe
  2⤵
  PID:11776
- C:\Windows\System\GJjCKxH.exe
  C:\Windows\System\GJjCKxH.exe
  2⤵
  PID:11796
- C:\Windows\System\jFFzikz.exe
  C:\Windows\System\jFFzikz.exe
  2⤵
  PID:11852
- C:\Windows\System\ntISEMj.exe
  C:\Windows\System\ntISEMj.exe
  2⤵
  PID:11980
- C:\Windows\System\yorflSE.exe
  C:\Windows\System\yorflSE.exe
  2⤵
  PID:12032
- C:\Windows\System\RPWulWL.exe
  C:\Windows\System\RPWulWL.exe
  2⤵
  PID:12064
- C:\Windows\System\MZXYTfQ.exe
  C:\Windows\System\MZXYTfQ.exe
  2⤵
  PID:12112
- C:\Windows\System\DDMuxFh.exe
  C:\Windows\System\DDMuxFh.exe
  2⤵
  PID:12148
- C:\Windows\System\rhgxYXz.exe
  C:\Windows\System\rhgxYXz.exe
  2⤵
  PID:12232
- C:\Windows\System\AnGDtXU.exe
  C:\Windows\System\AnGDtXU.exe
  2⤵
  PID:10932
- C:\Windows\System\jsLSWKh.exe
  C:\Windows\System\jsLSWKh.exe
  2⤵
  PID:11368
- C:\Windows\System\bfgLCFV.exe
  C:\Windows\System\bfgLCFV.exe
  2⤵
  PID:11476
- C:\Windows\System\cZInpln.exe
  C:\Windows\System\cZInpln.exe
  2⤵
  PID:11688
- C:\Windows\System\BTOzpNI.exe
  C:\Windows\System\BTOzpNI.exe
  2⤵
  PID:11744
- C:\Windows\System\HmKDqGP.exe
  C:\Windows\System\HmKDqGP.exe
  2⤵
  PID:11880
- C:\Windows\System\rKfXRXl.exe
  C:\Windows\System\rKfXRXl.exe
  2⤵
  PID:12172
- C:\Windows\System\yXEDngh.exe
  C:\Windows\System\yXEDngh.exe
  2⤵
  PID:880
- C:\Windows\System\pqJLXXF.exe
  C:\Windows\System\pqJLXXF.exe
  2⤵
  PID:11664
- C:\Windows\System\UzifgsR.exe
  C:\Windows\System\UzifgsR.exe
  2⤵
  PID:11572
- C:\Windows\System\MIQcgSR.exe
  C:\Windows\System\MIQcgSR.exe
  2⤵
  PID:3968
- C:\Windows\System\OxgaCuh.exe
  C:\Windows\System\OxgaCuh.exe
  2⤵
  PID:12292
- C:\Windows\System\pdRaYmW.exe
  C:\Windows\System\pdRaYmW.exe
  2⤵
  PID:12320
- C:\Windows\System\GOOukWo.exe
  C:\Windows\System\GOOukWo.exe
  2⤵
  PID:12344
- C:\Windows\System\hMpUbfS.exe
  C:\Windows\System\hMpUbfS.exe
  2⤵
  PID:12380
- C:\Windows\System\mDEEDDN.exe
  C:\Windows\System\mDEEDDN.exe
  2⤵
  PID:12400
- C:\Windows\System\MiNZFJr.exe
  C:\Windows\System\MiNZFJr.exe
  2⤵
  PID:12424
- C:\Windows\System\wmlaOie.exe
  C:\Windows\System\wmlaOie.exe
  2⤵
  PID:12448
- C:\Windows\System\mCylCmh.exe
  C:\Windows\System\mCylCmh.exe
  2⤵
  PID:12480
- C:\Windows\System\RjSRXSq.exe
  C:\Windows\System\RjSRXSq.exe
  2⤵
  PID:12520
- C:\Windows\System\QMWdaNp.exe
  C:\Windows\System\QMWdaNp.exe
  2⤵
  PID:12552
- C:\Windows\System\ssvoyrR.exe
  C:\Windows\System\ssvoyrR.exe
  2⤵
  PID:12576
- C:\Windows\System\zJbCATg.exe
  C:\Windows\System\zJbCATg.exe
  2⤵
  PID:12608
- C:\Windows\System\MAlJyfZ.exe
  C:\Windows\System\MAlJyfZ.exe
  2⤵
  PID:12644
- C:\Windows\System\GnbPoYL.exe
  C:\Windows\System\GnbPoYL.exe
  2⤵
  PID:12664
- C:\Windows\System\PNcBVHC.exe
  C:\Windows\System\PNcBVHC.exe
  2⤵
  PID:12692
- C:\Windows\System\BpXBCZC.exe
  C:\Windows\System\BpXBCZC.exe
  2⤵
  PID:12732
- C:\Windows\System\eAIvJKA.exe
  C:\Windows\System\eAIvJKA.exe
  2⤵
  PID:12756
- C:\Windows\System\RlhwXEg.exe
  C:\Windows\System\RlhwXEg.exe
  2⤵
  PID:12796
- C:\Windows\System\TTSAmfW.exe
  C:\Windows\System\TTSAmfW.exe
  2⤵
  PID:12824
- C:\Windows\System\alXegIe.exe
  C:\Windows\System\alXegIe.exe
  2⤵
  PID:12844
- C:\Windows\System\VQBsrFI.exe
  C:\Windows\System\VQBsrFI.exe
  2⤵
  PID:12872
- C:\Windows\System\kdaNjmm.exe
  C:\Windows\System\kdaNjmm.exe
  2⤵
  PID:12904
- C:\Windows\System\qFoNWiu.exe
  C:\Windows\System\qFoNWiu.exe
  2⤵
  PID:12940
- C:\Windows\System\aeMqxIb.exe
  C:\Windows\System\aeMqxIb.exe
  2⤵
  PID:12968
- C:\Windows\System\hziJiUh.exe
  C:\Windows\System\hziJiUh.exe
  2⤵
  PID:12996
- C:\Windows\System\FuOoJYS.exe
  C:\Windows\System\FuOoJYS.exe
  2⤵
  PID:13024
- C:\Windows\System\cjDJjYS.exe
  C:\Windows\System\cjDJjYS.exe
  2⤵
  PID:13060
- C:\Windows\System\cZXcOxq.exe
  C:\Windows\System\cZXcOxq.exe
  2⤵
  PID:13084
- C:\Windows\System\DelRifh.exe
  C:\Windows\System\DelRifh.exe
  2⤵
  PID:13112
- C:\Windows\System\SEgsJqD.exe
  C:\Windows\System\SEgsJqD.exe
  2⤵
  PID:13136
- C:\Windows\System\wvyHMFR.exe
  C:\Windows\System\wvyHMFR.exe
  2⤵
  PID:13168
- C:\Windows\System\PanLAqG.exe
  C:\Windows\System\PanLAqG.exe
  2⤵
  PID:13192
- C:\Windows\System\WUlaCFo.exe
  C:\Windows\System\WUlaCFo.exe
  2⤵
  PID:13220
- C:\Windows\System\GexOfWP.exe
  C:\Windows\System\GexOfWP.exe
  2⤵
  PID:13240
- C:\Windows\System\tctTzIQ.exe
  C:\Windows\System\tctTzIQ.exe
  2⤵
  PID:13272
- C:\Windows\System\LUPMYTZ.exe
  C:\Windows\System\LUPMYTZ.exe
  2⤵
  PID:13304
- C:\Windows\System\oXnHOtS.exe
  C:\Windows\System\oXnHOtS.exe
  2⤵
  PID:11940
- C:\Windows\System\WHOIsuk.exe
  C:\Windows\System\WHOIsuk.exe
  2⤵
  PID:12340
- C:\Windows\System\fxceScL.exe
  C:\Windows\System\fxceScL.exe
  2⤵
  PID:12364
- C:\Windows\System\yKDuyhl.exe
  C:\Windows\System\yKDuyhl.exe
  2⤵
  PID:12456
- C:\Windows\System\qqgYVcB.exe
  C:\Windows\System\qqgYVcB.exe
  2⤵
  PID:12528
- C:\Windows\System\YfwimJp.exe
  C:\Windows\System\YfwimJp.exe
  2⤵
  PID:12564
- C:\Windows\System\EiJcBUt.exe
  C:\Windows\System\EiJcBUt.exe
  2⤵
  PID:12600
- C:\Windows\System\oSJgrfl.exe
  C:\Windows\System\oSJgrfl.exe
  2⤵
  PID:12712
- C:\Windows\System\KnYAXOF.exe
  C:\Windows\System\KnYAXOF.exe
  2⤵
  PID:12776
- C:\Windows\System\iUQVpRK.exe
  C:\Windows\System\iUQVpRK.exe
  2⤵
  PID:12808
- C:\Windows\System\MBXNOYP.exe
  C:\Windows\System\MBXNOYP.exe
  2⤵
  PID:12884
- C:\Windows\System\NDTNIkG.exe
  C:\Windows\System\NDTNIkG.exe
  2⤵
  PID:12956
- C:\Windows\System\JQpWUxM.exe
  C:\Windows\System\JQpWUxM.exe
  2⤵
  PID:13040
- C:\Windows\System\BtihJxs.exe
  C:\Windows\System\BtihJxs.exe
  2⤵
  PID:13104
- C:\Windows\System\PHaXems.exe
  C:\Windows\System\PHaXems.exe
  2⤵
  PID:13188
- C:\Windows\System\XAynYSA.exe
  C:\Windows\System\XAynYSA.exe
  2⤵
  PID:2460
- C:\Windows\System\yxxiUTw.exe
  C:\Windows\System\yxxiUTw.exe
  2⤵
  PID:13268
- C:\Windows\System\XFDDzVx.exe
  C:\Windows\System\XFDDzVx.exe
  2⤵
  PID:11832
- C:\Windows\System\rqXPZGt.exe
  C:\Windows\System\rqXPZGt.exe
  2⤵
  PID:12512
- C:\Windows\System\vHaqcBT.exe
  C:\Windows\System\vHaqcBT.exe
  2⤵
  PID:12460
- C:\Windows\System\pJCUvsB.exe
  C:\Windows\System\pJCUvsB.exe
  2⤵
  PID:12656
- C:\Windows\System\IeQsAsZ.exe
  C:\Windows\System\IeQsAsZ.exe
  2⤵
  PID:12740
- C:\Windows\System\DKsvmWf.exe
  C:\Windows\System\DKsvmWf.exe
  2⤵
  PID:12856
- C:\Windows\System\riswqeh.exe
  C:\Windows\System\riswqeh.exe
  2⤵
  PID:13164
- C:\Windows\System\ddauAlO.exe
  C:\Windows\System\ddauAlO.exe
  2⤵
  PID:13228
- C:\Windows\System\rDjFYgG.exe
  C:\Windows\System\rDjFYgG.exe
  2⤵
  PID:1984
- C:\Windows\System\bktYXXM.exe
  C:\Windows\System\bktYXXM.exe
  2⤵
  PID:13252
- C:\Windows\System\hNBlYQf.exe
  C:\Windows\System\hNBlYQf.exe
  2⤵
  PID:12688
- C:\Windows\System\sJAOFck.exe
  C:\Windows\System\sJAOFck.exe
  2⤵
  PID:4932
- C:\Windows\System\IIWADEh.exe
  C:\Windows\System\IIWADEh.exe
  2⤵
  PID:12936
- C:\Windows\System\HmGNBlS.exe
  C:\Windows\System\HmGNBlS.exe
  2⤵
  PID:11636
- C:\Windows\System\MqxUszf.exe
  C:\Windows\System\MqxUszf.exe
  2⤵
  PID:12700
- C:\Windows\System\eTeXVpz.exe
  C:\Windows\System\eTeXVpz.exe
  2⤵
  PID:13320
- C:\Windows\System\IwvpkyF.exe
  C:\Windows\System\IwvpkyF.exe
  2⤵
  PID:13356
- C:\Windows\System\nWDMYnV.exe
  C:\Windows\System\nWDMYnV.exe
  2⤵
  PID:13388
- C:\Windows\System\WKIfBda.exe
  C:\Windows\System\WKIfBda.exe
  2⤵
  PID:13408
- C:\Windows\System\shGTrOW.exe
  C:\Windows\System\shGTrOW.exe
  2⤵
  PID:13436
- C:\Windows\System\cqdUOjW.exe
  C:\Windows\System\cqdUOjW.exe
  2⤵
  PID:13460
- C:\Windows\System\XUHFFYw.exe
  C:\Windows\System\XUHFFYw.exe
  2⤵
  PID:13484
- C:\Windows\System\qHjnmTS.exe
  C:\Windows\System\qHjnmTS.exe
  2⤵
  PID:13508
- C:\Windows\System\YkiiIVF.exe
  C:\Windows\System\YkiiIVF.exe
  2⤵
  PID:13536
- C:\Windows\System\EJfglnn.exe
  C:\Windows\System\EJfglnn.exe
  2⤵
  PID:13564
- C:\Windows\System\zJXANDN.exe
  C:\Windows\System\zJXANDN.exe
  2⤵
  PID:13588
- C:\Windows\System\yYoGHSU.exe
  C:\Windows\System\yYoGHSU.exe
  2⤵
  PID:13620
- C:\Windows\System\QtRTwPg.exe
  C:\Windows\System\QtRTwPg.exe
  2⤵
  PID:13652
- C:\Windows\System\xSiDjbD.exe
  C:\Windows\System\xSiDjbD.exe
  2⤵
  PID:13680
- C:\Windows\System\oUCtkJv.exe
  C:\Windows\System\oUCtkJv.exe
  2⤵
  PID:13712
- C:\Windows\System\GqivCiv.exe
  C:\Windows\System\GqivCiv.exe
  2⤵
  PID:13752
- C:\Windows\System\ZmmXZUK.exe
  C:\Windows\System\ZmmXZUK.exe
  2⤵
  PID:13772
- C:\Windows\System\sbNauxj.exe
  C:\Windows\System\sbNauxj.exe
  2⤵
  PID:13792
- C:\Windows\System\WlzQHae.exe
  C:\Windows\System\WlzQHae.exe
  2⤵
  PID:13820
- C:\Windows\System\ckrMqAN.exe
  C:\Windows\System\ckrMqAN.exe
  2⤵
  PID:13836
- C:\Windows\System\AaNZrmZ.exe
  C:\Windows\System\AaNZrmZ.exe
  2⤵
  PID:13872
- C:\Windows\System\NycHeKD.exe
  C:\Windows\System\NycHeKD.exe
  2⤵
  PID:13900
- C:\Windows\System\EbvpwQW.exe
  C:\Windows\System\EbvpwQW.exe
  2⤵
  PID:13924
- C:\Windows\System\JznrNbO.exe
  C:\Windows\System\JznrNbO.exe
  2⤵
  PID:13952
- C:\Windows\System\VLMovMb.exe
  C:\Windows\System\VLMovMb.exe
  2⤵
  PID:13980
- C:\Windows\System\xIuSVWl.exe
  C:\Windows\System\xIuSVWl.exe
  2⤵
  PID:14016
- C:\Windows\System\aLrlvFK.exe
  C:\Windows\System\aLrlvFK.exe
  2⤵
  PID:14044
- C:\Windows\System\XEuBMIM.exe
  C:\Windows\System\XEuBMIM.exe
  2⤵
  PID:14072
- C:\Windows\System\roQDFgS.exe
  C:\Windows\System\roQDFgS.exe
  2⤵
  PID:14088
- C:\Windows\System\MtkxBxs.exe
  C:\Windows\System\MtkxBxs.exe
  2⤵
  PID:14116
- C:\Windows\System\MQyVfnr.exe
  C:\Windows\System\MQyVfnr.exe
  2⤵
  PID:14140
- C:\Windows\System\ROwgFgU.exe
  C:\Windows\System\ROwgFgU.exe
  2⤵
  PID:14160
- C:\Windows\System\pVAgyux.exe
  C:\Windows\System\pVAgyux.exe
  2⤵
  PID:14204
- C:\Windows\System\iOKMENu.exe
  C:\Windows\System\iOKMENu.exe
  2⤵
  PID:14240
- C:\Windows\System\zuSOnLj.exe
  C:\Windows\System\zuSOnLj.exe
  2⤵
  PID:14272
- C:\Windows\System\jUJnIYH.exe
  C:\Windows\System\jUJnIYH.exe
  2⤵
  PID:14288
- C:\Windows\System\nbMmwvv.exe
  C:\Windows\System\nbMmwvv.exe
  2⤵
  PID:14312
- C:\Windows\System\pPWHQBk.exe
  C:\Windows\System\pPWHQBk.exe
  2⤵
  PID:12504
- C:\Windows\System\eGcpOuz.exe
  C:\Windows\System\eGcpOuz.exe
  2⤵
  PID:13368
- C:\Windows\System\gSwHaJs.exe
  C:\Windows\System\gSwHaJs.exe
  2⤵
  PID:3604
- C:\Windows\System\hrzENQU.exe
  C:\Windows\System\hrzENQU.exe
  2⤵
  PID:13380
- C:\Windows\System\uptRNMr.exe
  C:\Windows\System\uptRNMr.exe
  2⤵
  PID:13400
- C:\Windows\System\rUwYWMs.exe
  C:\Windows\System\rUwYWMs.exe
  2⤵
  PID:13432
- C:\Windows\System\WrCmFug.exe
  C:\Windows\System\WrCmFug.exe
  2⤵
  PID:13500
- C:\Windows\System\fqkaJkX.exe
  C:\Windows\System\fqkaJkX.exe
  2⤵
  PID:13832
- C:\Windows\System\gqthxZp.exe
  C:\Windows\System\gqthxZp.exe
  2⤵
  PID:13912
- C:\Windows\System\aHmPnfW.exe
  C:\Windows\System\aHmPnfW.exe
  2⤵
  PID:14008
- C:\Windows\System\eknoxcz.exe
  C:\Windows\System\eknoxcz.exe
  2⤵
  PID:14036
- C:\Windows\System\WVRrEdW.exe
  C:\Windows\System\WVRrEdW.exe
  2⤵
  PID:14192
- C:\Windows\System\CLtJvtC.exe
  C:\Windows\System\CLtJvtC.exe
  2⤵
  PID:14252
- C:\Windows\System\IElQHYK.exe
  C:\Windows\System\IElQHYK.exe
  2⤵
  PID:14280
- C:\Windows\System\Lkqgccr.exe
  C:\Windows\System\Lkqgccr.exe
  2⤵
  PID:14328
- C:\Windows\System\GGNUjeG.exe
  C:\Windows\System\GGNUjeG.exe
  2⤵
  PID:13428
- C:\Windows\System\xnBhfAi.exe
  C:\Windows\System\xnBhfAi.exe
  2⤵
  PID:13480
- C:\Windows\System\PvSQIkG.exe
  C:\Windows\System\PvSQIkG.exe
  2⤵
  PID:13884

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EukrSsy.exe

Filesize
2.0MB

MD5
584bfd028296b6179d973f19a696dbb4

SHA1
5ae195eea710fc66d79c6a00fb1568c73f062736

SHA256
19706b7f5063ba34dffbe3490e35270a414a7d545572bec499f7e24a4b8f78c9

SHA512
83c179dac21991fc0844d74badf64027cc6ea4525a1bfb3b8b09b68e0130a43c404db8366494e02268f99ec6fc0322b8e87d0acd0a09f17029c46949ec6a77ed

Download Submit
C:\Windows\System\FODvlOm.exe

Filesize
2.0MB

MD5
cc585693ccf74f583d09c108ccca839a

SHA1
12e19f360f253a3fd7ebd0371af891599168b081

SHA256
928594919d1a39eceb4fc551f8113acbff7b13c52372571e2adaee8d64be185a

SHA512
1d464e09ff833df077f214c819fa42a4a91f13afac5492dff1d1a0a319ee2041f51094a20c7e6aae74455286a5b6992bb7933b1069060426dff04ff1d0702708

Download Submit
C:\Windows\System\HTYzzCi.exe

Filesize
2.1MB

MD5
638107a7c949e022a2b4d6f57481c828

SHA1
5667bae903c16acb2b6ea993b8392c29cf5774d2

SHA256
05cac7fd760607bf99f54b7533201b097a0f5cd5a7d4c8b5a7a0d52e0aadac3f

SHA512
da50e8f7491ad833ba4cb39530ba6ae6792ded7bd0dfa9d81263d9ef4fb5828d0bdef577b7ddddc241e8e86eb7b87f7dc3d0d70263bbbd71f6cd02dc992472ec

Download Submit
C:\Windows\System\JoDnbdl.exe

Filesize
2.1MB

MD5
085bb7bad5e21312d76f3cf3d25bf7ba

SHA1
da4a6c06457ac9b05f1614f588abb9a0f7d6fb01

SHA256
1f9f7630ccf8438ab3100e41ab820bc7f15e90875d3ee1895e9aaa889310c3d3

SHA512
e900cab67be02e704ee7d3ca6c34f1a237083f53a526567c65d5f4057c40724df608fb68ca7582e89ceddfbb7c8a7f45e926fdc50b1bf49f7fa3956689ecf677

Download Submit
C:\Windows\System\OlwzYJg.exe

Filesize
2.0MB

MD5
4145705ccfb4bb5b24c540bac4061a95

SHA1
cb3f4f9d5f050c4ebcda9c5b52db2feab60a273c

SHA256
36460defcf25b6a29b76ff623204ec12927dd13eca970aa0118cad96269b5722

SHA512
607a68bc2e88ec00aa35bd12a064d4fe195016ad7224f648c31aeba11df98d18111af2d21715af0f719d54a266a137069f2c989cc77f52981fd6f64b8002c0f2

Download Submit
C:\Windows\System\SweOhaR.exe

Filesize
2.0MB

MD5
3331c9aa627302227d619e243c65cc16

SHA1
babe85464a34aca55a902fd1dc9547650b247a00

SHA256
ea17c4fcf36f8a739524e43da059c4c76b7f8dff984816b8f9ec04ea24f9964d

SHA512
005514628c52045fbcd8cdf541035b54e374dfdee4e920853008867c5473e6a328f9398bf59b46e5bfaa6154ee18b6539882295b97a07a3e76ca81839f19ffed

Download Submit
C:\Windows\System\TursMtR.exe

Filesize
2.0MB

MD5
a1b8e7a4d5bfa32ee6ec6583d534a328

SHA1
7e39f53df8fb74eeb59508308dfb24be585f3246

SHA256
92a396f337cae726889e7f93192ebeb7fec4392452dd7374a0288c9349f0a007

SHA512
fd7caad367ef01f4bf392903609a8645122f8a976586b2f4d0910046c94f7e553526c0577b5b8887b522c7a239b74a1a7e9283812bd46fd7ede1a3a4edbe9f48

Download Submit
C:\Windows\System\UEZLrdD.exe

Filesize
2.1MB

MD5
8f125c2c8223e37758b9b1dd3dd40cba

SHA1
b8218ec4a0037cee259a79f9d56bb00dcb5bad63

SHA256
b9c85c73c4b61ff5c1a1157379ca419e92658131972943fbe82641aaf7c97d31

SHA512
8cf4fba68b5559f10043f558b7f913dbf4dfc1f5f6ec10b3d1fed24724cc60c8332d1f68375ce6e531de6e96c12b7503b00189ca2c96decc40f2a659706967b6

Download Submit
C:\Windows\System\YFbCSaL.exe

Filesize
2.1MB

MD5
0ba56f0673084bec9df8aaa4d229fbbf

SHA1
d13eb2a83dd7153ce75b63d8270d26231ce731a7

SHA256
9df03f381b06844c71798b8425108e34917ebd5a2f43372c0e921a5282df68c8

SHA512
ae07b7c28d5621ae04e59f36a98c037127dcc638fe4ba2c3b0d919b09a114b7f30bd468b16e444a4d54cb62996d82cf4fbac47b21358b942fdaaf3ed934e2d62

Download Submit
C:\Windows\System\cScwsKd.exe

Filesize
2.1MB

MD5
7413cb8339027252fe871fb86995386c

SHA1
3ea8adbe4391ce525450e1621898ffc36d310b61

SHA256
757fb735017dc67bc57d2c24124a0330044cc73aa0181043058b6fab0b7e11d3

SHA512
dcdc832b6623b16735bed02f5094048f7c49492b9867d0341505366545f4b7ddb9798edad33cf52e3f978e79c4341fa2af2964edaf55cdddfb05b36f72398d37

Download Submit
C:\Windows\System\dGTWmSW.exe

Filesize
2.0MB

MD5
57ddad1d23ff1bb699d84c248514bffe

SHA1
6f8fa5138056a4bc8a9f6bdaa820288695b7d4dd

SHA256
f41a9507fa6d61dea9cc107e4d2d2f8075b8e7a9f555c41b00009714e8d501bc

SHA512
258fd4eb6703af3f907483db62d5cad496c095dee8872a0522adf19dd2841d6995deddf12cfe5a967c3b973f2eaa86dbdd7be9fcbd3a1b74d7f40d39215b4536

Download Submit
C:\Windows\System\fEuJXSB.exe

Filesize
2.0MB

MD5
23abe679a20ca9cb6f28a62498d5dbe3

SHA1
909e3d0aaa1c952ab0e9a72a54fde1e2b223362c

SHA256
2beee65c36bb634eef20cb5b287f57214e5bf7574938e5c6cc523ca40d5b5a67

SHA512
aca2f12951b067df346ef99b1d8ae761e347224fd835331d0a1656b21e9dc25a496d9c174f623945b62b835ee612fe0fbb14228bc035445a5481bac38a06d2ac

Download Submit
C:\Windows\System\fMzYNaN.exe

Filesize
2.1MB

MD5
3b91cd6321f62c10070fa85d6500415f

SHA1
d03b0289213e21983b73d0ab2431f93130d23d92

SHA256
8ad0527e118c685d9aa40f8ac07ed801cde70225b4082815f74991d03d8f3e16

SHA512
4930b6a244b5a070f715f94534db025327a155542387741f35af0a63e66d61c3a63d502e19d142fb20a51c38c759ca639237fbfd45bfa39c568509306e43adf8

Download Submit
C:\Windows\System\fgLUFYC.exe

Filesize
2.1MB

MD5
be2a8b0e01f685f15bbc4a2af9d01e8d

SHA1
58e7803bdd675592cb7f7b81e96da44f6ddd2ce7

SHA256
e0b2681a47fb14681afda6595636cc450a8b794e6df001d54af6b7673a580510

SHA512
2b2e135796826e503d2267a9243e9c57e98d9e0e1e0fc01225edc2edcf25b7440c9cd2e332e251b58ae38742f496b77ca7ba1afdc070a10a968af9eff12a859c

Download Submit
C:\Windows\System\ittMcZV.exe

Filesize
2.0MB

MD5
039b22a429684141c2791a81711c9efc

SHA1
bdb3dc1dedc1f48e05a6584324c600f97b06abd3

SHA256
852b0d8f4aee543f273ff84562c490db159d31ad3790e0f88fde80c58ffdc60b

SHA512
ad8df76740d5c0251aa3cdcf03c188ab14f608517a7c1b263421275e8b8c4d0ef8d4e58ee48b05936bda198ef3bb53eda98af5838a024b7c70cb066f6b72a8d1

Download Submit
C:\Windows\System\iytWIQP.exe

Filesize
2.0MB

MD5
d1874197ca549b6d31b93de66ef47d04

SHA1
1cc929fc0cecb1c2081e89917fc4f6b2ca46283d

SHA256
1fd4f267c19112a202b3fa544d1d7c71b9091fc22514959203d825afc4e87a0e

SHA512
51b54facddd03ccb5fe8c09061303502bcd17305453f0beeebf1a23d69ffee1c5eeb2be20f27ac9b6ecc8642187aa23351ae9e8a498e81e736fffdd40c6c08fa

Download Submit
C:\Windows\System\jvoksEe.exe

Filesize
2.0MB

MD5
4008b10340545c55ef75d659823492bd

SHA1
bdf9a1079c62afbafb8a809b0eea2c664e5ce429

SHA256
ba6d30e1e8f877c2c9ac7b0d76457df3019632c51e5e580a0ca61a88a075352b

SHA512
e8e52a9248bf2f683cbd65ee54e1b19736284de00e835de44bb9298877455bd1512315a5311c3ac9a242ef0ad4dad136c12daf905f10734459555f151978bf42

Download Submit
C:\Windows\System\kFppvgy.exe

Filesize
2.1MB

MD5
19416b47e75cb4d1b95aba3a94e9c1fb

SHA1
8cec5e6e76c93d18ca5557bbbd6f85b791857ed7

SHA256
cbe4c179aa3d71ef44e972a92b87f68f64c1cbd4eb00c1297c40df90e2f75de2

SHA512
84401cdc1d4d910119058bb2615820ffaa47c703e4eca855eea055d70cddbec95a6b7cef2f98759317357030ed5828c9004755cbf4d068995abf9a6e4dbda3d7

Download Submit
C:\Windows\System\kvzdvWG.exe

Filesize
2.0MB

MD5
95785a764c30de4c160500fc0f0281b7

SHA1
e6fec971f7a3de4a8ff08b9d0d8680ae049651ee

SHA256
49958d2bab0084494682f41c118bb6295b375caae403b3c9c1f21949c0dd4abd

SHA512
d7d2b0914d6becf9f8553338dd0210b85ae2a773aa607024b998481c8d4c779516816201b991fe3cf14e21b38420bdaff4af629d4ddbc15230caaa653613c78e

Download Submit
C:\Windows\System\lUjlNkz.exe

Filesize
2.1MB

MD5
3e5e878018d29a1ae07fe3ede0be18dc

SHA1
331c7b2e9ba0921a894ab7ff06cc59f0309a03a3

SHA256
fdc1df5f7d241751a0f059400aa62ff12a1fd806cafd8c2dc664b53a296d44c7

SHA512
e3052c9c57f1a0b2ed6217d7326f5a3d7b89110e0b1e465ee0859cbc3599cb8f8eacf8152016fc4ed62aeff18496bce78e630ac610758dd9752a29fd7e76f2fa

Download Submit
C:\Windows\System\mciEGia.exe

Filesize
2.0MB

MD5
f2da914795068860c0755b205e83b63b

SHA1
4536af9f69111bac2784289e339baf6acab8a994

SHA256
30217216d8b25e7442d48daead641efb4a56577841011ae21efd36727db73fa8

SHA512
612ed95e66db4e9134a068df2f2a3b9eee98b9dfb1eb42f283378197a17a45ef60ba9562584565db3011b57f4ba77ad4abc80713c15ac6e4abe30309c621d517

Download Submit
C:\Windows\System\mdQQTOU.exe

Filesize
2.1MB

MD5
79d46bea4df66fec63410046be370a97

SHA1
d089da537ad176288ab3bbc015f6d4c3a5c107ae

SHA256
dd563c2516c3eb53db3b83dedcdf99d00dfcfc45c15402396948fc7b4185fbac

SHA512
d376065caae217e9b7102ab217fd17cca67c6640c61cd908f211de77290c1a90ee9525251f563d134a3a61bea5326de8c3bb275d92ab732841e0de5c5f5d737c

Download Submit
C:\Windows\System\nGVKNNG.exe

Filesize
2.1MB

MD5
7eebd6404a295b85d6432b7a1506b030

SHA1
230dd9d290c0d3034a60a47999f5f61b6b9efd3f

SHA256
2a83bb38740793565c7c9da5d40f342925785e7dadcb8cfbe2883e69eec9c689

SHA512
ed8085f74a3bada4c2d353f43d93e055444ccf975b8959494600d67ef1e6071dcb1f06d83eff8f27340294e3b0874a8c5f1671322a785d8b54d09a67596d7ed7

Download Submit
C:\Windows\System\noWrkfH.exe

Filesize
2.1MB

MD5
1108a267e1f8c68a8ab4867ed03f71c3

SHA1
14eb4445b6d77274d4032c262a9c8dd81365e417

SHA256
076be1e304bb97a61fce7cffa7e22757da0b9d311da2d56219839f032f2a970e

SHA512
2da8f373190f9bef95a9c34a5949b633679184f3baac662c1e73d2471bf0162e39e0a62e8822d157291023337b6817ad60842b7d3a76d81a66b82278ab001e3e

Download Submit
C:\Windows\System\nuaGOKm.exe

Filesize
2.0MB

MD5
0a2ce8ffa11608ea9bba8738ff3d0d6a

SHA1
5ece597b77052015d113d4fcb1e465eb1c09e670

SHA256
eb91eb2bac5c2d0077a0502c8bdd4c2cc8acb97e6a90bff9b907e375805498c0

SHA512
9b05d570557bc2f7f91cf42cc0ac6ae159e4e9fe2721ca9066063e3ba0d11b964d465d82459a86464d08d229a5c0a3d97aa2455f5ffca81eab2fec9dde9dcfce

Download Submit
C:\Windows\System\qLxeEdV.exe

Filesize
2.0MB

MD5
3ee56d9f1e14be55d158d29b9895a498

SHA1
4ec0596fa040813a88ecbdb453b0211532c5c5fd

SHA256
efa73acb9fe414b518e98f8293c3c9a194189ce0d35a6a0817621c4e68da1457

SHA512
eccfade3524cfa94b3631845c7a5949b6c2192e1e17c75cf7d5226f97b17a09347ae47bad0dfdeb27010e9174ac4b3e5c96d177ab5d90a809d69a6e0bc2dd3f8

Download Submit
C:\Windows\System\qkGxBIn.exe

Filesize
2.0MB

MD5
586fd532cff6004ff2b87d01edbd23c4

SHA1
6843e95863bd77a4c3369fe8145a290d0062c9ce

SHA256
4e20ad81916b8320307f3ace598a5e9c35dfb2f4fd010af83f202812a1a1c11c

SHA512
8dfcd45cc06ebef4a7db562d02c6fc5d26181e6e7c92d1dab7b8cf3e4b7dd8586c50eadf0f511d021fb0c3f09ba6a0037a1215e337ebcff246330ca503dd153b

Download Submit
C:\Windows\System\qrfkxss.exe

Filesize
2.1MB

MD5
46e67119f2d165101d5f3fb3b385cd3f

SHA1
91334376a1d957e1c2d0352589d6dbe13ec501a5

SHA256
ca9dd987fd067bc6e2320b22dedea3abbb16915f0103eaf6fd0def3eb9986283

SHA512
4a3cc6849c2eb1c6fffde153dd9f57402febb3c95c1cc3b943d57d91b8d1ba78fbbece16033c6bd9eab8b32a6bc15bcedf6f42eac635c2fa96ff9fa8542096de

Download Submit
C:\Windows\System\qyhoRqa.exe

Filesize
2.1MB

MD5
862df12f1ed84285ded187928640af53

SHA1
773a0c2b1dd84109cbb1c62db244f69927b1d81a

SHA256
8120ff9cadda5b4afb0959f99d5138eb13c53c363fceb7eca141635c7495083c

SHA512
7329bf3497f9db70ca07f2dce4a3e185441e6cd7d45c3dfc46a2105ca2e90b2b9badfc8f73a7d044c9c6e282c67a4511d438ed540cf7a5d3d88c7645a3c25349

Download Submit
C:\Windows\System\rmaWGiF.exe

Filesize
2.0MB

MD5
2793c642c24bb4f10ba7325ada9cbf68

SHA1
10c9363d215796f9efae7faf42cd919bf57280eb

SHA256
a46be35bf39d3897d40631d2e863709261ed2ee52a8d7418ce83125099076514

SHA512
fb18f4688937ff5b700c9c186d7f8c5c3017175c5ce151debeebddfb238274d01d78cd364b9d49e27e2a04d3b13161823de7d9d91f5b0faf348c28869ea3cdd1

Download Submit
C:\Windows\System\ubhcsuu.exe

Filesize
2.0MB

MD5
5e0f73989bf3cad981427f0dc5388fbf

SHA1
1430bc31a3092ff76a3fa31ae833314af90ced7e

SHA256
e98571b40f6b0162fb67236d4f3027d6a5290260569201847f784d286bdfdc9d

SHA512
64084aaff38b13a354f115efddca72fb87cc3598156187efaf5fc1b7ef4c3bfe57cede946ee02cab9ac7e411472d4256693ec7aae0cbd34febc5fd292205b5f3

Download Submit
C:\Windows\System\vVkGeCz.exe

Filesize
2.0MB

MD5
d823c53edbd9f6b79c7096d43e0561d0

SHA1
5c561fc2f86654eb0dedaf4aeb14bacd3c80755d

SHA256
b33a358aca0d10dd7852d42a942336d5b08708a4c037512c3633eff466f78f12

SHA512
24da56612fadc097b86b05885d75f1da732aee590a29b8e62b9bf95cfe48c84263b098487cca8065ca92344668b8def414a3747bcdc0be64f8c3721317679964

Download Submit
C:\Windows\System\whpWCEM.exe

Filesize
2.1MB

MD5
824c26524be33e46e1cbaebeb7f78a7e

SHA1
dd3636a1415c3f14fb8c2ad343c01a936534445a

SHA256
248d4371ad6c26faf60fe90bf0d6b26637ac8e5716b7ec9838d918440115b595

SHA512
7980cadae5e570ef1393133af8510eef9feb93ba19ed841b9f9984994062d418fec30abe1ad9dc0b60a43b61c3c51a805952aa5699cd2780f58d9a0ee2578a8a

Download Submit
C:\Windows\System\wwEcsdX.exe

Filesize
2.1MB

MD5
4873336de104c6cf4055405298219075

SHA1
6602832dcf787e5e876dc0576add2c342794734c

SHA256
65763013ec550bde6d610f9a19e6ea03d78c65e17b1fbae5df0e7f5fcd122838

SHA512
58673b6ce706225875bc88ddf3b6fd2037eec7a3b2bd8dfd9c24f86651da63a8eb18717c226f768ddee8b223e814882e2767fe686e717608e62f1c8c74f9e5f5

Download Submit
C:\Windows\System\zYQhixj.exe

Filesize
2.0MB

MD5
36600a0af0f945e2c716a902b83d991a

SHA1
a0ee1ef352c43fac4601a13499d8968c192e9762

SHA256
3a3254f6d1ca5149fa7608efdd283f27f6d285ab01eb3d842c2698f17eb5f92d

SHA512
dfe0969dc60b017e3346df0360a6726fa58f300832fe0ad3634ad90aa00800f531899da75f2a6edaf8b32f8f179a0f05782a3d4540781fb2c8287da13be47262

Download Submit
memory/916-2149-0x00007FF67A3B0000-0x00007FF67A704000-memory.dmp

Filesize
3.3MB

Download
memory/916-274-0x00007FF67A3B0000-0x00007FF67A704000-memory.dmp

Filesize
3.3MB

Download
memory/1384-48-0x00007FF7D2FD0000-0x00007FF7D3324000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2131-0x00007FF7D2FD0000-0x00007FF7D3324000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2140-0x00007FF689B90000-0x00007FF689EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1488-271-0x00007FF689B90000-0x00007FF689EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-247-0x00007FF764FF0000-0x00007FF765344000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2139-0x00007FF764FF0000-0x00007FF765344000-memory.dmp

Filesize
3.3MB

Download
memory/1808-2138-0x00007FF6E4470000-0x00007FF6E47C4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-102-0x00007FF6E4470000-0x00007FF6E47C4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-2157-0x00007FF7F5520000-0x00007FF7F5874000-memory.dmp

Filesize
3.3MB

Download
memory/1872-267-0x00007FF7F5520000-0x00007FF7F5874000-memory.dmp

Filesize
3.3MB

Download
memory/1908-273-0x00007FF7E9FB0000-0x00007FF7EA304000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2144-0x00007FF7E9FB0000-0x00007FF7EA304000-memory.dmp

Filesize
3.3MB

Download
memory/2016-2151-0x00007FF6C9950000-0x00007FF6C9CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-264-0x00007FF6C9950000-0x00007FF6C9CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-266-0x00007FF7ACB90000-0x00007FF7ACEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2156-0x00007FF7ACB90000-0x00007FF7ACEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-166-0x00007FF657B10000-0x00007FF657E64000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2146-0x00007FF657B10000-0x00007FF657E64000-memory.dmp

Filesize
3.3MB

Download
memory/2164-2142-0x00007FF658AB0000-0x00007FF658E04000-memory.dmp

Filesize
3.3MB

Download
memory/2164-272-0x00007FF658AB0000-0x00007FF658E04000-memory.dmp

Filesize
3.3MB

Download
memory/2884-265-0x00007FF786C50000-0x00007FF786FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2150-0x00007FF786C50000-0x00007FF786FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-171-0x00007FF64C100000-0x00007FF64C454000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2141-0x00007FF64C100000-0x00007FF64C454000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2134-0x00007FF7087B0000-0x00007FF708B04000-memory.dmp

Filesize
3.3MB

Download
memory/3016-270-0x00007FF7087B0000-0x00007FF708B04000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2132-0x00007FF7CDA90000-0x00007FF7CDDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-72-0x00007FF7CDA90000-0x00007FF7CDDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3128-35-0x00007FF6C7060000-0x00007FF6C73B4000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2129-0x00007FF6C7060000-0x00007FF6C73B4000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2133-0x00007FF6C7060000-0x00007FF6C73B4000-memory.dmp

Filesize
3.3MB

Download
memory/3756-2155-0x00007FF625670000-0x00007FF6259C4000-memory.dmp

Filesize
3.3MB

Download
memory/3756-263-0x00007FF625670000-0x00007FF6259C4000-memory.dmp

Filesize
3.3MB

Download
memory/3840-152-0x00007FF68BD60000-0x00007FF68C0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3840-2137-0x00007FF68BD60000-0x00007FF68C0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-128-0x00007FF6196F0000-0x00007FF619A44000-memory.dmp

Filesize
3.3MB

Download
memory/3920-2135-0x00007FF6196F0000-0x00007FF619A44000-memory.dmp

Filesize
3.3MB

Download
memory/3980-2145-0x00007FF7097A0000-0x00007FF709AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3980-216-0x00007FF7097A0000-0x00007FF709AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2148-0x00007FF79F690000-0x00007FF79F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-235-0x00007FF79F690000-0x00007FF79F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1-0x0000026456AB0000-0x0000026456AC0000-memory.dmp

Filesize
64KB

Download
memory/4192-0-0x00007FF738C60000-0x00007FF738FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4324-248-0x00007FF7D7320000-0x00007FF7D7674000-memory.dmp

Filesize
3.3MB

Download
memory/4324-2158-0x00007FF7D7320000-0x00007FF7D7674000-memory.dmp

Filesize
3.3MB

Download
memory/4340-2153-0x00007FF738F80000-0x00007FF7392D4000-memory.dmp

Filesize
3.3MB

Download
memory/4340-268-0x00007FF738F80000-0x00007FF7392D4000-memory.dmp

Filesize
3.3MB

Download
memory/4404-2154-0x00007FF7930F0000-0x00007FF793444000-memory.dmp

Filesize
3.3MB

Download
memory/4404-275-0x00007FF7930F0000-0x00007FF793444000-memory.dmp

Filesize
3.3MB

Download
memory/4460-11-0x00007FF6287F0000-0x00007FF628B44000-memory.dmp

Filesize
3.3MB

Download
memory/4460-2130-0x00007FF6287F0000-0x00007FF628B44000-memory.dmp

Filesize
3.3MB

Download
memory/4460-2128-0x00007FF6287F0000-0x00007FF628B44000-memory.dmp

Filesize
3.3MB

Download
memory/4464-2143-0x00007FF7C6E10000-0x00007FF7C7164000-memory.dmp

Filesize
3.3MB

Download
memory/4464-197-0x00007FF7C6E10000-0x00007FF7C7164000-memory.dmp

Filesize
3.3MB

Download
memory/4544-129-0x00007FF6C92E0000-0x00007FF6C9634000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2136-0x00007FF6C92E0000-0x00007FF6C9634000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2147-0x00007FF7C6C40000-0x00007FF7C6F94000-memory.dmp

Filesize
3.3MB

Download
memory/4804-261-0x00007FF7C6C40000-0x00007FF7C6F94000-memory.dmp

Filesize
3.3MB

Download
memory/4904-2152-0x00007FF6796F0000-0x00007FF679A44000-memory.dmp

Filesize
3.3MB

Download
memory/4904-269-0x00007FF6796F0000-0x00007FF679A44000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads