xmrig | bcab3d901224a269548b5e2ed77c9ca4bc7be71d25916673cb19d725c815b3db

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 22:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

745e89c5faec2137a84eee927ee07c90_NEIKI.exe
Size

1.9MB
MD5

745e89c5faec2137a84eee927ee07c90
SHA1

acd348905059693258c82ea2e7929e8193403d8a
SHA256

bcab3d901224a269548b5e2ed77c9ca4bc7be71d25916673cb19d725c815b3db
SHA512

d17743ca677d49ee8ca3a01654eb371278f23c269e127692103bfc1bcb039f8f31aa069205d07b9f4bc81504fefe13d989866e149b387d7828a15dd90adc2db8
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv3Q7W8QaTrsF1CNYSaWmS:BezaTF8FcNkNdfE0pZ9ozt4wICb5TrqS

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3400-0-0x00007FF64D170000-0x00007FF64D4C4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023306-4.dat	xmrig
behavioral2/files/0x0007000000023487-17.dat	xmrig
behavioral2/files/0x000700000002348a-34.dat	xmrig
behavioral2/files/0x0007000000023492-74.dat	xmrig
behavioral2/files/0x0007000000023497-94.dat	xmrig
behavioral2/files/0x00070000000234a2-153.dat	xmrig
behavioral2/files/0x000700000002349f-171.dat	xmrig
behavioral2/memory/2768-185-0x00007FF69AC90000-0x00007FF69AFE4000-memory.dmp	xmrig
behavioral2/memory/1492-194-0x00007FF6F99A0000-0x00007FF6F9CF4000-memory.dmp	xmrig
behavioral2/memory/3716-200-0x00007FF7F42F0000-0x00007FF7F4644000-memory.dmp	xmrig
behavioral2/memory/4108-199-0x00007FF63BCC0000-0x00007FF63C014000-memory.dmp	xmrig
behavioral2/memory/3360-198-0x00007FF6968E0000-0x00007FF696C34000-memory.dmp	xmrig
behavioral2/memory/4900-197-0x00007FF7B58D0000-0x00007FF7B5C24000-memory.dmp	xmrig
behavioral2/memory/1172-196-0x00007FF622050000-0x00007FF6223A4000-memory.dmp	xmrig
behavioral2/memory/2460-195-0x00007FF7F48B0000-0x00007FF7F4C04000-memory.dmp	xmrig
behavioral2/memory/3276-193-0x00007FF7CDED0000-0x00007FF7CE224000-memory.dmp	xmrig
behavioral2/memory/4564-192-0x00007FF6BA460000-0x00007FF6BA7B4000-memory.dmp	xmrig
behavioral2/memory/1728-191-0x00007FF6A4B70000-0x00007FF6A4EC4000-memory.dmp	xmrig
behavioral2/memory/3648-190-0x00007FF7E2E80000-0x00007FF7E31D4000-memory.dmp	xmrig
behavioral2/memory/2584-189-0x00007FF65A960000-0x00007FF65ACB4000-memory.dmp	xmrig
behavioral2/memory/1092-184-0x00007FF7D43A0000-0x00007FF7D46F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002349c-179.dat	xmrig
behavioral2/files/0x00070000000234a1-177.dat	xmrig
behavioral2/memory/1708-176-0x00007FF64B290000-0x00007FF64B5E4000-memory.dmp	xmrig
behavioral2/memory/876-175-0x00007FF6D0CF0000-0x00007FF6D1044000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a7-174.dat	xmrig
behavioral2/files/0x00070000000234a6-173.dat	xmrig
behavioral2/files/0x000700000002349e-169.dat	xmrig
behavioral2/memory/1140-168-0x00007FF7AA9E0000-0x00007FF7AAD34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023498-162.dat	xmrig
behavioral2/files/0x00070000000234a5-161.dat	xmrig
behavioral2/memory/1692-160-0x00007FF76D5B0000-0x00007FF76D904000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a4-159.dat	xmrig
behavioral2/files/0x00070000000234a0-157.dat	xmrig
behavioral2/files/0x00070000000234a3-156.dat	xmrig
behavioral2/files/0x000700000002349d-151.dat	xmrig
behavioral2/files/0x000700000002349b-143.dat	xmrig
behavioral2/files/0x0007000000023496-140.dat	xmrig
behavioral2/memory/4956-139-0x00007FF63A910000-0x00007FF63AC64000-memory.dmp	xmrig
behavioral2/files/0x000700000002349a-132.dat	xmrig
behavioral2/files/0x0007000000023499-131.dat	xmrig
behavioral2/files/0x0007000000023495-129.dat	xmrig
behavioral2/files/0x0007000000023494-127.dat	xmrig
behavioral2/files/0x000700000002348f-120.dat	xmrig
behavioral2/files/0x000700000002348e-117.dat	xmrig
behavioral2/memory/2828-112-0x00007FF7D48E0000-0x00007FF7D4C34000-memory.dmp	xmrig
behavioral2/memory/648-108-0x00007FF74FC50000-0x00007FF74FFA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023493-102.dat	xmrig
behavioral2/memory/1252-2204-0x00007FF63FFB0000-0x00007FF640304000-memory.dmp	xmrig
behavioral2/memory/1772-2205-0x00007FF654F30000-0x00007FF655284000-memory.dmp	xmrig
behavioral2/memory/2828-2207-0x00007FF7D48E0000-0x00007FF7D4C34000-memory.dmp	xmrig
behavioral2/memory/648-2206-0x00007FF74FC50000-0x00007FF74FFA4000-memory.dmp	xmrig
behavioral2/memory/3364-87-0x00007FF7AFAC0000-0x00007FF7AFE14000-memory.dmp	xmrig
behavioral2/files/0x000700000002348b-73.dat	xmrig
behavioral2/files/0x0007000000023491-90.dat	xmrig
behavioral2/memory/920-66-0x00007FF6E0670000-0x00007FF6E09C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023490-81.dat	xmrig
behavioral2/files/0x000700000002348c-79.dat	xmrig
behavioral2/memory/3596-52-0x00007FF6E6C80000-0x00007FF6E6FD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023489-51.dat	xmrig
behavioral2/memory/1252-48-0x00007FF63FFB0000-0x00007FF640304000-memory.dmp	xmrig
behavioral2/files/0x000700000002348d-46.dat	xmrig
behavioral2/memory/1772-37-0x00007FF654F30000-0x00007FF655284000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3128	NuJAExy.exe
4528	tGIxxCm.exe
920	vVeCIgH.exe
3048	IOHlizX.exe
3364	TpKzpng.exe
1772	bJjqAlS.exe
1252	cCMnMJv.exe
648	VvYMqVj.exe
3596	bKzWmPh.exe
1172	CxoMtXX.exe
2828	zPuiliN.exe
4956	zkBkZaL.exe
4900	tiJHLEK.exe
1692	yDqtzVh.exe
1140	ASEHOqj.exe
876	kSzluKo.exe
1708	mdCgteY.exe
3360	ngEyvwT.exe
1092	AEvDRWE.exe
2768	heETYJl.exe
2584	SkSfFeE.exe
3648	vtDtZzm.exe
4108	AyWMFuq.exe
1728	jkhHYsV.exe
4564	FhBOblu.exe
3276	KaKtBtE.exe
1492	GCLAFqE.exe
3716	ePBEuqQ.exe
2460	HpPvWMZ.exe
1580	WpanLBi.exe
3104	YOyEFFK.exe
208	cLBMMRH.exe
3872	qyXnzvi.exe
3796	jDiIGfj.exe
764	VkWhKlq.exe
3852	YGdnfWp.exe
1404	jJYiKbq.exe
924	FkauWOT.exe
4604	LclrqDF.exe
4184	Mqupwjj.exe
1448	etEnOJV.exe
4844	pzOcxfW.exe
3520	QsJVXYG.exe
4796	mxBkMCE.exe
5092	lgQmeGP.exe
1944	qOkFerq.exe
3800	MFzbgKX.exe
4804	HUJUlmq.exe
3456	POkpLwi.exe
2892	kyIrqug.exe
3504	ePLQOdL.exe
4808	GQbktwv.exe
4408	sYidzJo.exe
2492	pJyPqAp.exe
4400	AQgQzOH.exe
3548	dvvDDvY.exe
3064	AgNWlGd.exe
1612	BfHYHvw.exe
5044	AClXzgj.exe
4416	vpqelay.exe
3180	ZgyxrdV.exe
2156	WIZDJxk.exe
3372	HSxitwU.exe
3040	RFUCFoU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3400-0-0x00007FF64D170000-0x00007FF64D4C4000-memory.dmp	upx
behavioral2/files/0x0009000000023306-4.dat	upx
behavioral2/files/0x0007000000023487-17.dat	upx
behavioral2/files/0x000700000002348a-34.dat	upx
behavioral2/files/0x0007000000023492-74.dat	upx
behavioral2/files/0x0007000000023497-94.dat	upx
behavioral2/files/0x00070000000234a2-153.dat	upx
behavioral2/files/0x000700000002349f-171.dat	upx
behavioral2/memory/2768-185-0x00007FF69AC90000-0x00007FF69AFE4000-memory.dmp	upx
behavioral2/memory/1492-194-0x00007FF6F99A0000-0x00007FF6F9CF4000-memory.dmp	upx
behavioral2/memory/3716-200-0x00007FF7F42F0000-0x00007FF7F4644000-memory.dmp	upx
behavioral2/memory/4108-199-0x00007FF63BCC0000-0x00007FF63C014000-memory.dmp	upx
behavioral2/memory/3360-198-0x00007FF6968E0000-0x00007FF696C34000-memory.dmp	upx
behavioral2/memory/4900-197-0x00007FF7B58D0000-0x00007FF7B5C24000-memory.dmp	upx
behavioral2/memory/1172-196-0x00007FF622050000-0x00007FF6223A4000-memory.dmp	upx
behavioral2/memory/2460-195-0x00007FF7F48B0000-0x00007FF7F4C04000-memory.dmp	upx
behavioral2/memory/3276-193-0x00007FF7CDED0000-0x00007FF7CE224000-memory.dmp	upx
behavioral2/memory/4564-192-0x00007FF6BA460000-0x00007FF6BA7B4000-memory.dmp	upx
behavioral2/memory/1728-191-0x00007FF6A4B70000-0x00007FF6A4EC4000-memory.dmp	upx
behavioral2/memory/3648-190-0x00007FF7E2E80000-0x00007FF7E31D4000-memory.dmp	upx
behavioral2/memory/2584-189-0x00007FF65A960000-0x00007FF65ACB4000-memory.dmp	upx
behavioral2/memory/1092-184-0x00007FF7D43A0000-0x00007FF7D46F4000-memory.dmp	upx
behavioral2/files/0x000700000002349c-179.dat	upx
behavioral2/files/0x00070000000234a1-177.dat	upx
behavioral2/memory/1708-176-0x00007FF64B290000-0x00007FF64B5E4000-memory.dmp	upx
behavioral2/memory/876-175-0x00007FF6D0CF0000-0x00007FF6D1044000-memory.dmp	upx
behavioral2/files/0x00070000000234a7-174.dat	upx
behavioral2/files/0x00070000000234a6-173.dat	upx
behavioral2/files/0x000700000002349e-169.dat	upx
behavioral2/memory/1140-168-0x00007FF7AA9E0000-0x00007FF7AAD34000-memory.dmp	upx
behavioral2/files/0x0007000000023498-162.dat	upx
behavioral2/files/0x00070000000234a5-161.dat	upx
behavioral2/memory/1692-160-0x00007FF76D5B0000-0x00007FF76D904000-memory.dmp	upx
behavioral2/files/0x00070000000234a4-159.dat	upx
behavioral2/files/0x00070000000234a0-157.dat	upx
behavioral2/files/0x00070000000234a3-156.dat	upx
behavioral2/files/0x000700000002349d-151.dat	upx
behavioral2/files/0x000700000002349b-143.dat	upx
behavioral2/files/0x0007000000023496-140.dat	upx
behavioral2/memory/4956-139-0x00007FF63A910000-0x00007FF63AC64000-memory.dmp	upx
behavioral2/files/0x000700000002349a-132.dat	upx
behavioral2/files/0x0007000000023499-131.dat	upx
behavioral2/files/0x0007000000023495-129.dat	upx
behavioral2/files/0x0007000000023494-127.dat	upx
behavioral2/files/0x000700000002348f-120.dat	upx
behavioral2/files/0x000700000002348e-117.dat	upx
behavioral2/memory/2828-112-0x00007FF7D48E0000-0x00007FF7D4C34000-memory.dmp	upx
behavioral2/memory/648-108-0x00007FF74FC50000-0x00007FF74FFA4000-memory.dmp	upx
behavioral2/files/0x0007000000023493-102.dat	upx
behavioral2/memory/1252-2204-0x00007FF63FFB0000-0x00007FF640304000-memory.dmp	upx
behavioral2/memory/1772-2205-0x00007FF654F30000-0x00007FF655284000-memory.dmp	upx
behavioral2/memory/2828-2207-0x00007FF7D48E0000-0x00007FF7D4C34000-memory.dmp	upx
behavioral2/memory/648-2206-0x00007FF74FC50000-0x00007FF74FFA4000-memory.dmp	upx
behavioral2/memory/3364-87-0x00007FF7AFAC0000-0x00007FF7AFE14000-memory.dmp	upx
behavioral2/files/0x000700000002348b-73.dat	upx
behavioral2/files/0x0007000000023491-90.dat	upx
behavioral2/memory/920-66-0x00007FF6E0670000-0x00007FF6E09C4000-memory.dmp	upx
behavioral2/files/0x0007000000023490-81.dat	upx
behavioral2/files/0x000700000002348c-79.dat	upx
behavioral2/memory/3596-52-0x00007FF6E6C80000-0x00007FF6E6FD4000-memory.dmp	upx
behavioral2/files/0x0007000000023489-51.dat	upx
behavioral2/memory/1252-48-0x00007FF63FFB0000-0x00007FF640304000-memory.dmp	upx
behavioral2/files/0x000700000002348d-46.dat	upx
behavioral2/memory/1772-37-0x00007FF654F30000-0x00007FF655284000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JIIQrmJ.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\HHHKWIN.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\YuNKabS.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\wfwLBdl.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\EQVhSJE.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\lgQmeGP.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\hwiifKX.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\WLBEDdu.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\kvENylk.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\CLYSZIB.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\kPdZVAJ.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\otVHSyB.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\lfJCSUb.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\lvxXNDB.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\MrXGBki.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\FCPgGdO.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\XHYIxIY.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\WHHNPUr.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\RyyOMqJ.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\cnpZTgE.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\SPcqIIK.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\fIEqzgu.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\QNZKKgy.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\lRnTlVe.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\ogXPfio.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\vgTgfAs.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\dPWIzbe.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\YbsZNCR.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\GlwNJYj.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\JqJEkoP.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\PHXRGuw.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\UiPLjKd.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\LTQVZJV.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\tJFHFfS.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\HtSuDNM.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\BkdgCVk.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\lwHhQqJ.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\eFtElvp.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\bPJAxJA.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\muSAJuV.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\vsMDTVh.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\NYedRsa.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\nwvPGKA.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\qVbMWPw.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\AXnOMjv.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\vWtFWtw.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\mdWxNSe.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\SYLFcQR.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\xwjiZCf.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\ahIkFTj.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\WmsozFO.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\KYELCkT.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\mDEgmEr.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\frwtTbh.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\ovcSeeP.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\OUPhuKO.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\WMUOOhP.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\ggyostt.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\hzcfpDq.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\QixjayJ.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\ohouqYa.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\iXqMGYo.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\ZRXleAG.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe
File created	C:\Windows\System\IOHlizX.exe	745e89c5faec2137a84eee927ee07c90_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6012	dwm.exe
Token: SeChangeNotifyPrivilege	6012	dwm.exe
Token: 33	6012	dwm.exe
Token: SeIncBasePriorityPrivilege	6012	dwm.exe
Token: SeShutdownPrivilege	6012	dwm.exe
Token: SeCreatePagefilePrivilege	6012	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 3128	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	84
PID 3400 wrote to memory of 3128	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	84
PID 3400 wrote to memory of 4528	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	85
PID 3400 wrote to memory of 4528	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	85
PID 3400 wrote to memory of 920	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	86
PID 3400 wrote to memory of 920	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	86
PID 3400 wrote to memory of 3048	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	87
PID 3400 wrote to memory of 3048	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	87
PID 3400 wrote to memory of 3364	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	88
PID 3400 wrote to memory of 3364	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	88
PID 3400 wrote to memory of 1772	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	89
PID 3400 wrote to memory of 1772	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	89
PID 3400 wrote to memory of 1252	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	90
PID 3400 wrote to memory of 1252	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	90
PID 3400 wrote to memory of 648	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	91
PID 3400 wrote to memory of 648	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	91
PID 3400 wrote to memory of 3596	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	92
PID 3400 wrote to memory of 3596	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	92
PID 3400 wrote to memory of 1172	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	93
PID 3400 wrote to memory of 1172	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	93
PID 3400 wrote to memory of 2828	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	94
PID 3400 wrote to memory of 2828	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	94
PID 3400 wrote to memory of 4956	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	95
PID 3400 wrote to memory of 4956	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	95
PID 3400 wrote to memory of 4900	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	96
PID 3400 wrote to memory of 4900	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	96
PID 3400 wrote to memory of 1692	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	97
PID 3400 wrote to memory of 1692	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	97
PID 3400 wrote to memory of 1140	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	98
PID 3400 wrote to memory of 1140	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	98
PID 3400 wrote to memory of 876	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	99
PID 3400 wrote to memory of 876	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	99
PID 3400 wrote to memory of 1708	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	100
PID 3400 wrote to memory of 1708	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	100
PID 3400 wrote to memory of 3360	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	101
PID 3400 wrote to memory of 3360	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	101
PID 3400 wrote to memory of 1092	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	102
PID 3400 wrote to memory of 1092	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	102
PID 3400 wrote to memory of 2768	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	103
PID 3400 wrote to memory of 2768	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	103
PID 3400 wrote to memory of 2584	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	104
PID 3400 wrote to memory of 2584	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	104
PID 3400 wrote to memory of 3648	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	105
PID 3400 wrote to memory of 3648	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	105
PID 3400 wrote to memory of 4108	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	106
PID 3400 wrote to memory of 4108	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	106
PID 3400 wrote to memory of 2460	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	107
PID 3400 wrote to memory of 2460	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	107
PID 3400 wrote to memory of 1728	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	108
PID 3400 wrote to memory of 1728	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	108
PID 3400 wrote to memory of 4564	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	109
PID 3400 wrote to memory of 4564	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	109
PID 3400 wrote to memory of 3276	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	110
PID 3400 wrote to memory of 3276	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	110
PID 3400 wrote to memory of 1492	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	111
PID 3400 wrote to memory of 1492	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	111
PID 3400 wrote to memory of 3716	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	112
PID 3400 wrote to memory of 3716	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	112
PID 3400 wrote to memory of 1580	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	113
PID 3400 wrote to memory of 1580	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	113
PID 3400 wrote to memory of 3104	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	114
PID 3400 wrote to memory of 3104	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	114
PID 3400 wrote to memory of 208	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	115
PID 3400 wrote to memory of 208	3400	745e89c5faec2137a84eee927ee07c90_NEIKI.exe	115

C:\Users\Admin\AppData\Local\Temp\745e89c5faec2137a84eee927ee07c90_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\745e89c5faec2137a84eee927ee07c90_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Windows\System\NuJAExy.exe
  C:\Windows\System\NuJAExy.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\tGIxxCm.exe
  C:\Windows\System\tGIxxCm.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\vVeCIgH.exe
  C:\Windows\System\vVeCIgH.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\IOHlizX.exe
  C:\Windows\System\IOHlizX.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\TpKzpng.exe
  C:\Windows\System\TpKzpng.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\bJjqAlS.exe
  C:\Windows\System\bJjqAlS.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\cCMnMJv.exe
  C:\Windows\System\cCMnMJv.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\VvYMqVj.exe
  C:\Windows\System\VvYMqVj.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\bKzWmPh.exe
  C:\Windows\System\bKzWmPh.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\CxoMtXX.exe
  C:\Windows\System\CxoMtXX.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\zPuiliN.exe
  C:\Windows\System\zPuiliN.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\zkBkZaL.exe
  C:\Windows\System\zkBkZaL.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\tiJHLEK.exe
  C:\Windows\System\tiJHLEK.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\yDqtzVh.exe
  C:\Windows\System\yDqtzVh.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ASEHOqj.exe
  C:\Windows\System\ASEHOqj.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\kSzluKo.exe
  C:\Windows\System\kSzluKo.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\mdCgteY.exe
  C:\Windows\System\mdCgteY.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\ngEyvwT.exe
  C:\Windows\System\ngEyvwT.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\AEvDRWE.exe
  C:\Windows\System\AEvDRWE.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\heETYJl.exe
  C:\Windows\System\heETYJl.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\SkSfFeE.exe
  C:\Windows\System\SkSfFeE.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\vtDtZzm.exe
  C:\Windows\System\vtDtZzm.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\AyWMFuq.exe
  C:\Windows\System\AyWMFuq.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\HpPvWMZ.exe
  C:\Windows\System\HpPvWMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\jkhHYsV.exe
  C:\Windows\System\jkhHYsV.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\FhBOblu.exe
  C:\Windows\System\FhBOblu.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\KaKtBtE.exe
  C:\Windows\System\KaKtBtE.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\GCLAFqE.exe
  C:\Windows\System\GCLAFqE.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\ePBEuqQ.exe
  C:\Windows\System\ePBEuqQ.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\WpanLBi.exe
  C:\Windows\System\WpanLBi.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\YOyEFFK.exe
  C:\Windows\System\YOyEFFK.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\cLBMMRH.exe
  C:\Windows\System\cLBMMRH.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\qyXnzvi.exe
  C:\Windows\System\qyXnzvi.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\jDiIGfj.exe
  C:\Windows\System\jDiIGfj.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\VkWhKlq.exe
  C:\Windows\System\VkWhKlq.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\YGdnfWp.exe
  C:\Windows\System\YGdnfWp.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\jJYiKbq.exe
  C:\Windows\System\jJYiKbq.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\FkauWOT.exe
  C:\Windows\System\FkauWOT.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\LclrqDF.exe
  C:\Windows\System\LclrqDF.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\Mqupwjj.exe
  C:\Windows\System\Mqupwjj.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\etEnOJV.exe
  C:\Windows\System\etEnOJV.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\pzOcxfW.exe
  C:\Windows\System\pzOcxfW.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\QsJVXYG.exe
  C:\Windows\System\QsJVXYG.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\mxBkMCE.exe
  C:\Windows\System\mxBkMCE.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\lgQmeGP.exe
  C:\Windows\System\lgQmeGP.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\qOkFerq.exe
  C:\Windows\System\qOkFerq.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\MFzbgKX.exe
  C:\Windows\System\MFzbgKX.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\HUJUlmq.exe
  C:\Windows\System\HUJUlmq.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\POkpLwi.exe
  C:\Windows\System\POkpLwi.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\kyIrqug.exe
  C:\Windows\System\kyIrqug.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ePLQOdL.exe
  C:\Windows\System\ePLQOdL.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\GQbktwv.exe
  C:\Windows\System\GQbktwv.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\sYidzJo.exe
  C:\Windows\System\sYidzJo.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\pJyPqAp.exe
  C:\Windows\System\pJyPqAp.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\AQgQzOH.exe
  C:\Windows\System\AQgQzOH.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\dvvDDvY.exe
  C:\Windows\System\dvvDDvY.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\AgNWlGd.exe
  C:\Windows\System\AgNWlGd.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\BfHYHvw.exe
  C:\Windows\System\BfHYHvw.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\AClXzgj.exe
  C:\Windows\System\AClXzgj.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\vpqelay.exe
  C:\Windows\System\vpqelay.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\ZgyxrdV.exe
  C:\Windows\System\ZgyxrdV.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\WIZDJxk.exe
  C:\Windows\System\WIZDJxk.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\HSxitwU.exe
  C:\Windows\System\HSxitwU.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\RFUCFoU.exe
  C:\Windows\System\RFUCFoU.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\kJTjNZO.exe
  C:\Windows\System\kJTjNZO.exe
  2⤵
  PID:3652
- C:\Windows\System\LFBYrgw.exe
  C:\Windows\System\LFBYrgw.exe
  2⤵
  PID:1788
- C:\Windows\System\CKABpRt.exe
  C:\Windows\System\CKABpRt.exe
  2⤵
  PID:4424
- C:\Windows\System\ZulyiQl.exe
  C:\Windows\System\ZulyiQl.exe
  2⤵
  PID:4780
- C:\Windows\System\dPWIzbe.exe
  C:\Windows\System\dPWIzbe.exe
  2⤵
  PID:1388
- C:\Windows\System\UiPLjKd.exe
  C:\Windows\System\UiPLjKd.exe
  2⤵
  PID:2144
- C:\Windows\System\eocvPEH.exe
  C:\Windows\System\eocvPEH.exe
  2⤵
  PID:3108
- C:\Windows\System\cKPqeIs.exe
  C:\Windows\System\cKPqeIs.exe
  2⤵
  PID:4172
- C:\Windows\System\KcpiGMa.exe
  C:\Windows\System\KcpiGMa.exe
  2⤵
  PID:4832
- C:\Windows\System\jyCJCMz.exe
  C:\Windows\System\jyCJCMz.exe
  2⤵
  PID:3272
- C:\Windows\System\CjwYwAV.exe
  C:\Windows\System\CjwYwAV.exe
  2⤵
  PID:2620
- C:\Windows\System\ggyostt.exe
  C:\Windows\System\ggyostt.exe
  2⤵
  PID:1536
- C:\Windows\System\cOZOnwk.exe
  C:\Windows\System\cOZOnwk.exe
  2⤵
  PID:2568
- C:\Windows\System\PCZCpGI.exe
  C:\Windows\System\PCZCpGI.exe
  2⤵
  PID:516
- C:\Windows\System\lpyqiHX.exe
  C:\Windows\System\lpyqiHX.exe
  2⤵
  PID:1996
- C:\Windows\System\tyYNuzc.exe
  C:\Windows\System\tyYNuzc.exe
  2⤵
  PID:3140
- C:\Windows\System\ahIkFTj.exe
  C:\Windows\System\ahIkFTj.exe
  2⤵
  PID:4044
- C:\Windows\System\lIzHADi.exe
  C:\Windows\System\lIzHADi.exe
  2⤵
  PID:1204
- C:\Windows\System\tMZxquQ.exe
  C:\Windows\System\tMZxquQ.exe
  2⤵
  PID:1288
- C:\Windows\System\pgzfCsz.exe
  C:\Windows\System\pgzfCsz.exe
  2⤵
  PID:2588
- C:\Windows\System\mOIJAJl.exe
  C:\Windows\System\mOIJAJl.exe
  2⤵
  PID:4588
- C:\Windows\System\taPXPmD.exe
  C:\Windows\System\taPXPmD.exe
  2⤵
  PID:4964
- C:\Windows\System\RyyOMqJ.exe
  C:\Windows\System\RyyOMqJ.exe
  2⤵
  PID:4264
- C:\Windows\System\ioLbQDi.exe
  C:\Windows\System\ioLbQDi.exe
  2⤵
  PID:4332
- C:\Windows\System\gHzBxTJ.exe
  C:\Windows\System\gHzBxTJ.exe
  2⤵
  PID:2088
- C:\Windows\System\jTeGjwo.exe
  C:\Windows\System\jTeGjwo.exe
  2⤵
  PID:3492
- C:\Windows\System\pLXCnJm.exe
  C:\Windows\System\pLXCnJm.exe
  2⤵
  PID:4744
- C:\Windows\System\dfkuFjS.exe
  C:\Windows\System\dfkuFjS.exe
  2⤵
  PID:4880
- C:\Windows\System\trDRIqn.exe
  C:\Windows\System\trDRIqn.exe
  2⤵
  PID:2800
- C:\Windows\System\NttaJgn.exe
  C:\Windows\System\NttaJgn.exe
  2⤵
  PID:2424
- C:\Windows\System\PSPJNXv.exe
  C:\Windows\System\PSPJNXv.exe
  2⤵
  PID:1060
- C:\Windows\System\wybcyXf.exe
  C:\Windows\System\wybcyXf.exe
  2⤵
  PID:4160
- C:\Windows\System\JnCDtbU.exe
  C:\Windows\System\JnCDtbU.exe
  2⤵
  PID:1356
- C:\Windows\System\WiJZXxQ.exe
  C:\Windows\System\WiJZXxQ.exe
  2⤵
  PID:4012
- C:\Windows\System\CYWuFKk.exe
  C:\Windows\System\CYWuFKk.exe
  2⤵
  PID:4296
- C:\Windows\System\lwHhQqJ.exe
  C:\Windows\System\lwHhQqJ.exe
  2⤵
  PID:5136
- C:\Windows\System\ghcGZNQ.exe
  C:\Windows\System\ghcGZNQ.exe
  2⤵
  PID:5164
- C:\Windows\System\nwvPGKA.exe
  C:\Windows\System\nwvPGKA.exe
  2⤵
  PID:5192
- C:\Windows\System\ofkJRjK.exe
  C:\Windows\System\ofkJRjK.exe
  2⤵
  PID:5220
- C:\Windows\System\hwiifKX.exe
  C:\Windows\System\hwiifKX.exe
  2⤵
  PID:5248
- C:\Windows\System\bThqaDt.exe
  C:\Windows\System\bThqaDt.exe
  2⤵
  PID:5276
- C:\Windows\System\OFAofKf.exe
  C:\Windows\System\OFAofKf.exe
  2⤵
  PID:5304
- C:\Windows\System\RVGfOTf.exe
  C:\Windows\System\RVGfOTf.exe
  2⤵
  PID:5336
- C:\Windows\System\hFofHim.exe
  C:\Windows\System\hFofHim.exe
  2⤵
  PID:5364
- C:\Windows\System\KYGiZKM.exe
  C:\Windows\System\KYGiZKM.exe
  2⤵
  PID:5392
- C:\Windows\System\timcrON.exe
  C:\Windows\System\timcrON.exe
  2⤵
  PID:5424
- C:\Windows\System\JPpPCjJ.exe
  C:\Windows\System\JPpPCjJ.exe
  2⤵
  PID:5452
- C:\Windows\System\HtxcqKb.exe
  C:\Windows\System\HtxcqKb.exe
  2⤵
  PID:5480
- C:\Windows\System\fogWNQq.exe
  C:\Windows\System\fogWNQq.exe
  2⤵
  PID:5512
- C:\Windows\System\bpxeVSd.exe
  C:\Windows\System\bpxeVSd.exe
  2⤵
  PID:5536
- C:\Windows\System\UXyJxVn.exe
  C:\Windows\System\UXyJxVn.exe
  2⤵
  PID:5568
- C:\Windows\System\aUwxsKv.exe
  C:\Windows\System\aUwxsKv.exe
  2⤵
  PID:5596
- C:\Windows\System\EovWDLL.exe
  C:\Windows\System\EovWDLL.exe
  2⤵
  PID:5624
- C:\Windows\System\cMDlKVw.exe
  C:\Windows\System\cMDlKVw.exe
  2⤵
  PID:5656
- C:\Windows\System\HkcJZrS.exe
  C:\Windows\System\HkcJZrS.exe
  2⤵
  PID:5684
- C:\Windows\System\iStlDXc.exe
  C:\Windows\System\iStlDXc.exe
  2⤵
  PID:5712
- C:\Windows\System\osjQGXN.exe
  C:\Windows\System\osjQGXN.exe
  2⤵
  PID:5748
- C:\Windows\System\fKMrYoG.exe
  C:\Windows\System\fKMrYoG.exe
  2⤵
  PID:5768
- C:\Windows\System\yNOjlyp.exe
  C:\Windows\System\yNOjlyp.exe
  2⤵
  PID:5796
- C:\Windows\System\wCKjlEr.exe
  C:\Windows\System\wCKjlEr.exe
  2⤵
  PID:5824
- C:\Windows\System\eMWncui.exe
  C:\Windows\System\eMWncui.exe
  2⤵
  PID:5848
- C:\Windows\System\QEwdqxa.exe
  C:\Windows\System\QEwdqxa.exe
  2⤵
  PID:5876
- C:\Windows\System\iUvnTyA.exe
  C:\Windows\System\iUvnTyA.exe
  2⤵
  PID:5896
- C:\Windows\System\UCayXkk.exe
  C:\Windows\System\UCayXkk.exe
  2⤵
  PID:5932
- C:\Windows\System\LtUDtUq.exe
  C:\Windows\System\LtUDtUq.exe
  2⤵
  PID:5972
- C:\Windows\System\MjCCXeU.exe
  C:\Windows\System\MjCCXeU.exe
  2⤵
  PID:6000
- C:\Windows\System\UKhvOrS.exe
  C:\Windows\System\UKhvOrS.exe
  2⤵
  PID:6028
- C:\Windows\System\aKkFWzj.exe
  C:\Windows\System\aKkFWzj.exe
  2⤵
  PID:6060
- C:\Windows\System\JZLhrjS.exe
  C:\Windows\System\JZLhrjS.exe
  2⤵
  PID:6092
- C:\Windows\System\TMeBFCg.exe
  C:\Windows\System\TMeBFCg.exe
  2⤵
  PID:6124
- C:\Windows\System\mUaEchk.exe
  C:\Windows\System\mUaEchk.exe
  2⤵
  PID:3144
- C:\Windows\System\vUVcLTn.exe
  C:\Windows\System\vUVcLTn.exe
  2⤵
  PID:5204
- C:\Windows\System\abJkOAH.exe
  C:\Windows\System\abJkOAH.exe
  2⤵
  PID:5268
- C:\Windows\System\gJXdFit.exe
  C:\Windows\System\gJXdFit.exe
  2⤵
  PID:5328
- C:\Windows\System\DNdZYan.exe
  C:\Windows\System\DNdZYan.exe
  2⤵
  PID:5128
- C:\Windows\System\SkQBfmU.exe
  C:\Windows\System\SkQBfmU.exe
  2⤵
  PID:1592
- C:\Windows\System\rdRUIYw.exe
  C:\Windows\System\rdRUIYw.exe
  2⤵
  PID:5532
- C:\Windows\System\llqEpWP.exe
  C:\Windows\System\llqEpWP.exe
  2⤵
  PID:5608
- C:\Windows\System\jCNSawm.exe
  C:\Windows\System\jCNSawm.exe
  2⤵
  PID:5668
- C:\Windows\System\NIBwnFy.exe
  C:\Windows\System\NIBwnFy.exe
  2⤵
  PID:5732
- C:\Windows\System\TxMmxet.exe
  C:\Windows\System\TxMmxet.exe
  2⤵
  PID:5788
- C:\Windows\System\SzSkGqK.exe
  C:\Windows\System\SzSkGqK.exe
  2⤵
  PID:5860
- C:\Windows\System\dvynoTD.exe
  C:\Windows\System\dvynoTD.exe
  2⤵
  PID:5996
- C:\Windows\System\WiIJHed.exe
  C:\Windows\System\WiIJHed.exe
  2⤵
  PID:6072
- C:\Windows\System\tzhuJyE.exe
  C:\Windows\System\tzhuJyE.exe
  2⤵
  PID:6120
- C:\Windows\System\pEBmhuI.exe
  C:\Windows\System\pEBmhuI.exe
  2⤵
  PID:5244
- C:\Windows\System\jyBNfVF.exe
  C:\Windows\System\jyBNfVF.exe
  2⤵
  PID:5420
- C:\Windows\System\dTUsvfJ.exe
  C:\Windows\System\dTUsvfJ.exe
  2⤵
  PID:5560
- C:\Windows\System\LTQVZJV.exe
  C:\Windows\System\LTQVZJV.exe
  2⤵
  PID:1468
- C:\Windows\System\VEqJlEf.exe
  C:\Windows\System\VEqJlEf.exe
  2⤵
  PID:5984
- C:\Windows\System\jLrCCth.exe
  C:\Windows\System\jLrCCth.exe
  2⤵
  PID:5260
- C:\Windows\System\FpfWsar.exe
  C:\Windows\System\FpfWsar.exe
  2⤵
  PID:5528
- C:\Windows\System\cnpZTgE.exe
  C:\Windows\System\cnpZTgE.exe
  2⤵
  PID:6104
- C:\Windows\System\mmDDOOl.exe
  C:\Windows\System\mmDDOOl.exe
  2⤵
  PID:6152
- C:\Windows\System\iSCGsIl.exe
  C:\Windows\System\iSCGsIl.exe
  2⤵
  PID:6188
- C:\Windows\System\ygoRUZB.exe
  C:\Windows\System\ygoRUZB.exe
  2⤵
  PID:6204
- C:\Windows\System\WmsozFO.exe
  C:\Windows\System\WmsozFO.exe
  2⤵
  PID:6220
- C:\Windows\System\FIsZNQP.exe
  C:\Windows\System\FIsZNQP.exe
  2⤵
  PID:6236
- C:\Windows\System\hjhWxfX.exe
  C:\Windows\System\hjhWxfX.exe
  2⤵
  PID:6260
- C:\Windows\System\gOkRFoK.exe
  C:\Windows\System\gOkRFoK.exe
  2⤵
  PID:6276
- C:\Windows\System\UrRrJAd.exe
  C:\Windows\System\UrRrJAd.exe
  2⤵
  PID:6296
- C:\Windows\System\bczemGl.exe
  C:\Windows\System\bczemGl.exe
  2⤵
  PID:6320
- C:\Windows\System\TbhVWeu.exe
  C:\Windows\System\TbhVWeu.exe
  2⤵
  PID:6344
- C:\Windows\System\RRrKmFM.exe
  C:\Windows\System\RRrKmFM.exe
  2⤵
  PID:6368
- C:\Windows\System\KilHJtO.exe
  C:\Windows\System\KilHJtO.exe
  2⤵
  PID:6384
- C:\Windows\System\CuJYmSO.exe
  C:\Windows\System\CuJYmSO.exe
  2⤵
  PID:6420
- C:\Windows\System\mgsMrQi.exe
  C:\Windows\System\mgsMrQi.exe
  2⤵
  PID:6448
- C:\Windows\System\uZGPhBZ.exe
  C:\Windows\System\uZGPhBZ.exe
  2⤵
  PID:6488
- C:\Windows\System\eOQzYqI.exe
  C:\Windows\System\eOQzYqI.exe
  2⤵
  PID:6520
- C:\Windows\System\uZKaLXQ.exe
  C:\Windows\System\uZKaLXQ.exe
  2⤵
  PID:6552
- C:\Windows\System\QeyQSfa.exe
  C:\Windows\System\QeyQSfa.exe
  2⤵
  PID:6576
- C:\Windows\System\CQefTCu.exe
  C:\Windows\System\CQefTCu.exe
  2⤵
  PID:6604
- C:\Windows\System\kqRkKyO.exe
  C:\Windows\System\kqRkKyO.exe
  2⤵
  PID:6632
- C:\Windows\System\uvSROid.exe
  C:\Windows\System\uvSROid.exe
  2⤵
  PID:6660
- C:\Windows\System\CgFpyiN.exe
  C:\Windows\System\CgFpyiN.exe
  2⤵
  PID:6688
- C:\Windows\System\olOQnHL.exe
  C:\Windows\System\olOQnHL.exe
  2⤵
  PID:6720
- C:\Windows\System\XyxPFWz.exe
  C:\Windows\System\XyxPFWz.exe
  2⤵
  PID:6748
- C:\Windows\System\lgeBddj.exe
  C:\Windows\System\lgeBddj.exe
  2⤵
  PID:6776
- C:\Windows\System\whVPAAW.exe
  C:\Windows\System\whVPAAW.exe
  2⤵
  PID:6804
- C:\Windows\System\WXATxsu.exe
  C:\Windows\System\WXATxsu.exe
  2⤵
  PID:6832
- C:\Windows\System\hUDGOZd.exe
  C:\Windows\System\hUDGOZd.exe
  2⤵
  PID:6864
- C:\Windows\System\sUdmjnb.exe
  C:\Windows\System\sUdmjnb.exe
  2⤵
  PID:6904
- C:\Windows\System\wSLrNhh.exe
  C:\Windows\System\wSLrNhh.exe
  2⤵
  PID:6924
- C:\Windows\System\rEcukNR.exe
  C:\Windows\System\rEcukNR.exe
  2⤵
  PID:6952
- C:\Windows\System\GvOahDS.exe
  C:\Windows\System\GvOahDS.exe
  2⤵
  PID:6984
- C:\Windows\System\Tpwovos.exe
  C:\Windows\System\Tpwovos.exe
  2⤵
  PID:7024
- C:\Windows\System\qfzOnCL.exe
  C:\Windows\System\qfzOnCL.exe
  2⤵
  PID:7056
- C:\Windows\System\GFnDusr.exe
  C:\Windows\System\GFnDusr.exe
  2⤵
  PID:7084
- C:\Windows\System\gVHNwpX.exe
  C:\Windows\System\gVHNwpX.exe
  2⤵
  PID:7120
- C:\Windows\System\kgjVkSW.exe
  C:\Windows\System\kgjVkSW.exe
  2⤵
  PID:7148
- C:\Windows\System\BIzhJdA.exe
  C:\Windows\System\BIzhJdA.exe
  2⤵
  PID:5356
- C:\Windows\System\ROipQFp.exe
  C:\Windows\System\ROipQFp.exe
  2⤵
  PID:6196
- C:\Windows\System\sFUpvoA.exe
  C:\Windows\System\sFUpvoA.exe
  2⤵
  PID:6252
- C:\Windows\System\rOiQJhs.exe
  C:\Windows\System\rOiQJhs.exe
  2⤵
  PID:6376
- C:\Windows\System\XYeOxxM.exe
  C:\Windows\System\XYeOxxM.exe
  2⤵
  PID:6396
- C:\Windows\System\FQISxqb.exe
  C:\Windows\System\FQISxqb.exe
  2⤵
  PID:6332
- C:\Windows\System\DuIzEWU.exe
  C:\Windows\System\DuIzEWU.exe
  2⤵
  PID:6592
- C:\Windows\System\kPdZVAJ.exe
  C:\Windows\System\kPdZVAJ.exe
  2⤵
  PID:6656
- C:\Windows\System\cyzealX.exe
  C:\Windows\System\cyzealX.exe
  2⤵
  PID:6740
- C:\Windows\System\JhptxrG.exe
  C:\Windows\System\JhptxrG.exe
  2⤵
  PID:6700
- C:\Windows\System\lfJCSUb.exe
  C:\Windows\System\lfJCSUb.exe
  2⤵
  PID:6788
- C:\Windows\System\wlhYNdm.exe
  C:\Windows\System\wlhYNdm.exe
  2⤵
  PID:6820
- C:\Windows\System\uDvEULB.exe
  C:\Windows\System\uDvEULB.exe
  2⤵
  PID:6940
- C:\Windows\System\rlqDugC.exe
  C:\Windows\System\rlqDugC.exe
  2⤵
  PID:7076
- C:\Windows\System\VFatcED.exe
  C:\Windows\System\VFatcED.exe
  2⤵
  PID:7112
- C:\Windows\System\eFtElvp.exe
  C:\Windows\System\eFtElvp.exe
  2⤵
  PID:5920
- C:\Windows\System\srsFDkI.exe
  C:\Windows\System\srsFDkI.exe
  2⤵
  PID:6200
- C:\Windows\System\AIcFEqc.exe
  C:\Windows\System\AIcFEqc.exe
  2⤵
  PID:6308
- C:\Windows\System\guPvXXO.exe
  C:\Windows\System\guPvXXO.exe
  2⤵
  PID:6648
- C:\Windows\System\mKdnqSJ.exe
  C:\Windows\System\mKdnqSJ.exe
  2⤵
  PID:6680
- C:\Windows\System\aQpOoXA.exe
  C:\Windows\System\aQpOoXA.exe
  2⤵
  PID:6816
- C:\Windows\System\KcUTgsS.exe
  C:\Windows\System\KcUTgsS.exe
  2⤵
  PID:7008
- C:\Windows\System\mzHTdxR.exe
  C:\Windows\System\mzHTdxR.exe
  2⤵
  PID:7136
- C:\Windows\System\ekzQAVt.exe
  C:\Windows\System\ekzQAVt.exe
  2⤵
  PID:6248
- C:\Windows\System\VqoqLGL.exe
  C:\Windows\System\VqoqLGL.exe
  2⤵
  PID:6744
- C:\Windows\System\urJoHcB.exe
  C:\Windows\System\urJoHcB.exe
  2⤵
  PID:2656
- C:\Windows\System\txHlPNn.exe
  C:\Windows\System\txHlPNn.exe
  2⤵
  PID:6728
- C:\Windows\System\brzFOuj.exe
  C:\Windows\System\brzFOuj.exe
  2⤵
  PID:7188
- C:\Windows\System\qbniWMu.exe
  C:\Windows\System\qbniWMu.exe
  2⤵
  PID:7216
- C:\Windows\System\cVWgkbQ.exe
  C:\Windows\System\cVWgkbQ.exe
  2⤵
  PID:7244
- C:\Windows\System\PAACTuw.exe
  C:\Windows\System\PAACTuw.exe
  2⤵
  PID:7272
- C:\Windows\System\fMjRUvU.exe
  C:\Windows\System\fMjRUvU.exe
  2⤵
  PID:7300
- C:\Windows\System\sdhifWB.exe
  C:\Windows\System\sdhifWB.exe
  2⤵
  PID:7328
- C:\Windows\System\Tdruehu.exe
  C:\Windows\System\Tdruehu.exe
  2⤵
  PID:7356
- C:\Windows\System\rMOCSLQ.exe
  C:\Windows\System\rMOCSLQ.exe
  2⤵
  PID:7384
- C:\Windows\System\TQsXUkv.exe
  C:\Windows\System\TQsXUkv.exe
  2⤵
  PID:7412
- C:\Windows\System\ijgaKjn.exe
  C:\Windows\System\ijgaKjn.exe
  2⤵
  PID:7440
- C:\Windows\System\lRjaPlA.exe
  C:\Windows\System\lRjaPlA.exe
  2⤵
  PID:7464
- C:\Windows\System\peexfcs.exe
  C:\Windows\System\peexfcs.exe
  2⤵
  PID:7496
- C:\Windows\System\qVbMWPw.exe
  C:\Windows\System\qVbMWPw.exe
  2⤵
  PID:7520
- C:\Windows\System\uySVVdb.exe
  C:\Windows\System\uySVVdb.exe
  2⤵
  PID:7548
- C:\Windows\System\bmupqzo.exe
  C:\Windows\System\bmupqzo.exe
  2⤵
  PID:7576
- C:\Windows\System\KnSTcjN.exe
  C:\Windows\System\KnSTcjN.exe
  2⤵
  PID:7600
- C:\Windows\System\DuccGQL.exe
  C:\Windows\System\DuccGQL.exe
  2⤵
  PID:7628
- C:\Windows\System\vlUHHhb.exe
  C:\Windows\System\vlUHHhb.exe
  2⤵
  PID:7660
- C:\Windows\System\lDzGWrL.exe
  C:\Windows\System\lDzGWrL.exe
  2⤵
  PID:7692
- C:\Windows\System\LRgQGYT.exe
  C:\Windows\System\LRgQGYT.exe
  2⤵
  PID:7724
- C:\Windows\System\rcPyfiy.exe
  C:\Windows\System\rcPyfiy.exe
  2⤵
  PID:7752
- C:\Windows\System\jcJEwIB.exe
  C:\Windows\System\jcJEwIB.exe
  2⤵
  PID:7772
- C:\Windows\System\TumBFHD.exe
  C:\Windows\System\TumBFHD.exe
  2⤵
  PID:7796
- C:\Windows\System\RjHMLVJ.exe
  C:\Windows\System\RjHMLVJ.exe
  2⤵
  PID:7836
- C:\Windows\System\aZcXroH.exe
  C:\Windows\System\aZcXroH.exe
  2⤵
  PID:7864
- C:\Windows\System\lvxXNDB.exe
  C:\Windows\System\lvxXNDB.exe
  2⤵
  PID:7892
- C:\Windows\System\VMudghe.exe
  C:\Windows\System\VMudghe.exe
  2⤵
  PID:7920
- C:\Windows\System\iVlnZrF.exe
  C:\Windows\System\iVlnZrF.exe
  2⤵
  PID:7948
- C:\Windows\System\lpqVWap.exe
  C:\Windows\System\lpqVWap.exe
  2⤵
  PID:7976
- C:\Windows\System\laETnsU.exe
  C:\Windows\System\laETnsU.exe
  2⤵
  PID:8004
- C:\Windows\System\rqlHeMO.exe
  C:\Windows\System\rqlHeMO.exe
  2⤵
  PID:8032
- C:\Windows\System\tZWogKs.exe
  C:\Windows\System\tZWogKs.exe
  2⤵
  PID:8060
- C:\Windows\System\jTveLOe.exe
  C:\Windows\System\jTveLOe.exe
  2⤵
  PID:8088
- C:\Windows\System\XPlqjpO.exe
  C:\Windows\System\XPlqjpO.exe
  2⤵
  PID:8116
- C:\Windows\System\fnRuKNk.exe
  C:\Windows\System\fnRuKNk.exe
  2⤵
  PID:8144
- C:\Windows\System\KHwEelj.exe
  C:\Windows\System\KHwEelj.exe
  2⤵
  PID:8172
- C:\Windows\System\wHQrKpG.exe
  C:\Windows\System\wHQrKpG.exe
  2⤵
  PID:7172
- C:\Windows\System\mVwDhjp.exe
  C:\Windows\System\mVwDhjp.exe
  2⤵
  PID:7228
- C:\Windows\System\uDujmJI.exe
  C:\Windows\System\uDujmJI.exe
  2⤵
  PID:7296
- C:\Windows\System\bPJAxJA.exe
  C:\Windows\System\bPJAxJA.exe
  2⤵
  PID:7352
- C:\Windows\System\nhVBSyv.exe
  C:\Windows\System\nhVBSyv.exe
  2⤵
  PID:7396
- C:\Windows\System\hVsmlYt.exe
  C:\Windows\System\hVsmlYt.exe
  2⤵
  PID:7428
- C:\Windows\System\pLagoSm.exe
  C:\Windows\System\pLagoSm.exe
  2⤵
  PID:7480
- C:\Windows\System\tmYECPB.exe
  C:\Windows\System\tmYECPB.exe
  2⤵
  PID:7512
- C:\Windows\System\bbjhVff.exe
  C:\Windows\System\bbjhVff.exe
  2⤵
  PID:7572
- C:\Windows\System\HGhrkcF.exe
  C:\Windows\System\HGhrkcF.exe
  2⤵
  PID:7624
- C:\Windows\System\NOUJNGp.exe
  C:\Windows\System\NOUJNGp.exe
  2⤵
  PID:7688
- C:\Windows\System\SjpcByn.exe
  C:\Windows\System\SjpcByn.exe
  2⤵
  PID:7764
- C:\Windows\System\MmSSDzl.exe
  C:\Windows\System\MmSSDzl.exe
  2⤵
  PID:7816
- C:\Windows\System\zQagyJR.exe
  C:\Windows\System\zQagyJR.exe
  2⤵
  PID:7884
- C:\Windows\System\RZaGlPV.exe
  C:\Windows\System\RZaGlPV.exe
  2⤵
  PID:7964
- C:\Windows\System\crPamJu.exe
  C:\Windows\System\crPamJu.exe
  2⤵
  PID:8024
- C:\Windows\System\JJskNsF.exe
  C:\Windows\System\JJskNsF.exe
  2⤵
  PID:8100
- C:\Windows\System\WLtaTek.exe
  C:\Windows\System\WLtaTek.exe
  2⤵
  PID:8156
- C:\Windows\System\HwhfXJm.exe
  C:\Windows\System\HwhfXJm.exe
  2⤵
  PID:7212
- C:\Windows\System\NplbqBZ.exe
  C:\Windows\System\NplbqBZ.exe
  2⤵
  PID:7316
- C:\Windows\System\NxLSGsr.exe
  C:\Windows\System\NxLSGsr.exe
  2⤵
  PID:7452
- C:\Windows\System\eKYdVXA.exe
  C:\Windows\System\eKYdVXA.exe
  2⤵
  PID:2380
- C:\Windows\System\DLBHdKC.exe
  C:\Windows\System\DLBHdKC.exe
  2⤵
  PID:7680
- C:\Windows\System\SUEqzsZ.exe
  C:\Windows\System\SUEqzsZ.exe
  2⤵
  PID:8000
- C:\Windows\System\tqwuYyt.exe
  C:\Windows\System\tqwuYyt.exe
  2⤵
  PID:7940
- C:\Windows\System\VjdSMLi.exe
  C:\Windows\System\VjdSMLi.exe
  2⤵
  PID:7288
- C:\Windows\System\ElcnkRy.exe
  C:\Windows\System\ElcnkRy.exe
  2⤵
  PID:7324
- C:\Windows\System\GuZpwcM.exe
  C:\Windows\System\GuZpwcM.exe
  2⤵
  PID:7620
- C:\Windows\System\qVZhqlK.exe
  C:\Windows\System\qVZhqlK.exe
  2⤵
  PID:8028
- C:\Windows\System\MVKzbOY.exe
  C:\Windows\System\MVKzbOY.exe
  2⤵
  PID:8080
- C:\Windows\System\pYcQNCG.exe
  C:\Windows\System\pYcQNCG.exe
  2⤵
  PID:8200
- C:\Windows\System\xkCvrVD.exe
  C:\Windows\System\xkCvrVD.exe
  2⤵
  PID:8220
- C:\Windows\System\oDqFhbk.exe
  C:\Windows\System\oDqFhbk.exe
  2⤵
  PID:8256
- C:\Windows\System\ypVlNhR.exe
  C:\Windows\System\ypVlNhR.exe
  2⤵
  PID:8280
- C:\Windows\System\gljpJJa.exe
  C:\Windows\System\gljpJJa.exe
  2⤵
  PID:8308
- C:\Windows\System\lUHWAfR.exe
  C:\Windows\System\lUHWAfR.exe
  2⤵
  PID:8340
- C:\Windows\System\YZwAeVA.exe
  C:\Windows\System\YZwAeVA.exe
  2⤵
  PID:8364
- C:\Windows\System\qppdCjc.exe
  C:\Windows\System\qppdCjc.exe
  2⤵
  PID:8388
- C:\Windows\System\XDUpQua.exe
  C:\Windows\System\XDUpQua.exe
  2⤵
  PID:8420
- C:\Windows\System\mWadVnd.exe
  C:\Windows\System\mWadVnd.exe
  2⤵
  PID:8452
- C:\Windows\System\cLhHHMP.exe
  C:\Windows\System\cLhHHMP.exe
  2⤵
  PID:8484
- C:\Windows\System\GLUlMXm.exe
  C:\Windows\System\GLUlMXm.exe
  2⤵
  PID:8512
- C:\Windows\System\pwAxLzG.exe
  C:\Windows\System\pwAxLzG.exe
  2⤵
  PID:8544
- C:\Windows\System\gOBWyVx.exe
  C:\Windows\System\gOBWyVx.exe
  2⤵
  PID:8572
- C:\Windows\System\izwdgqu.exe
  C:\Windows\System\izwdgqu.exe
  2⤵
  PID:8600
- C:\Windows\System\otVHSyB.exe
  C:\Windows\System\otVHSyB.exe
  2⤵
  PID:8624
- C:\Windows\System\mDEgmEr.exe
  C:\Windows\System\mDEgmEr.exe
  2⤵
  PID:8656
- C:\Windows\System\TJuSqIn.exe
  C:\Windows\System\TJuSqIn.exe
  2⤵
  PID:8688
- C:\Windows\System\APQMSfa.exe
  C:\Windows\System\APQMSfa.exe
  2⤵
  PID:8708
- C:\Windows\System\iPJDymA.exe
  C:\Windows\System\iPJDymA.exe
  2⤵
  PID:8740
- C:\Windows\System\XjUzOBE.exe
  C:\Windows\System\XjUzOBE.exe
  2⤵
  PID:8764
- C:\Windows\System\WLBEDdu.exe
  C:\Windows\System\WLBEDdu.exe
  2⤵
  PID:8792
- C:\Windows\System\xGvWBFW.exe
  C:\Windows\System\xGvWBFW.exe
  2⤵
  PID:8820
- C:\Windows\System\sRukBod.exe
  C:\Windows\System\sRukBod.exe
  2⤵
  PID:8848
- C:\Windows\System\bjJeouN.exe
  C:\Windows\System\bjJeouN.exe
  2⤵
  PID:8884
- C:\Windows\System\NuVlPDF.exe
  C:\Windows\System\NuVlPDF.exe
  2⤵
  PID:8912
- C:\Windows\System\YJrXDZq.exe
  C:\Windows\System\YJrXDZq.exe
  2⤵
  PID:8944
- C:\Windows\System\tcRzBkx.exe
  C:\Windows\System\tcRzBkx.exe
  2⤵
  PID:8968
- C:\Windows\System\rZrtHuA.exe
  C:\Windows\System\rZrtHuA.exe
  2⤵
  PID:9004
- C:\Windows\System\btzRkMd.exe
  C:\Windows\System\btzRkMd.exe
  2⤵
  PID:9036
- C:\Windows\System\YRoYaTp.exe
  C:\Windows\System\YRoYaTp.exe
  2⤵
  PID:9068
- C:\Windows\System\tjNkuPS.exe
  C:\Windows\System\tjNkuPS.exe
  2⤵
  PID:9092
- C:\Windows\System\AXnOMjv.exe
  C:\Windows\System\AXnOMjv.exe
  2⤵
  PID:9132
- C:\Windows\System\NMLpTok.exe
  C:\Windows\System\NMLpTok.exe
  2⤵
  PID:9176
- C:\Windows\System\muSAJuV.exe
  C:\Windows\System\muSAJuV.exe
  2⤵
  PID:9196
- C:\Windows\System\CEWoyaU.exe
  C:\Windows\System\CEWoyaU.exe
  2⤵
  PID:7460
- C:\Windows\System\vVgvLMe.exe
  C:\Windows\System\vVgvLMe.exe
  2⤵
  PID:7268
- C:\Windows\System\hgOzUMi.exe
  C:\Windows\System\hgOzUMi.exe
  2⤵
  PID:8276
- C:\Windows\System\hduEFGD.exe
  C:\Windows\System\hduEFGD.exe
  2⤵
  PID:8232
- C:\Windows\System\UiMIUNC.exe
  C:\Windows\System\UiMIUNC.exe
  2⤵
  PID:8352
- C:\Windows\System\RthBYbb.exe
  C:\Windows\System\RthBYbb.exe
  2⤵
  PID:8440
- C:\Windows\System\dXrafDX.exe
  C:\Windows\System\dXrafDX.exe
  2⤵
  PID:8588
- C:\Windows\System\drxgPPz.exe
  C:\Windows\System\drxgPPz.exe
  2⤵
  PID:8528
- C:\Windows\System\OAzfrEK.exe
  C:\Windows\System\OAzfrEK.exe
  2⤵
  PID:8644
- C:\Windows\System\WhhYhvI.exe
  C:\Windows\System\WhhYhvI.exe
  2⤵
  PID:8760
- C:\Windows\System\VxpSZoG.exe
  C:\Windows\System\VxpSZoG.exe
  2⤵
  PID:8808
- C:\Windows\System\pMetxnV.exe
  C:\Windows\System\pMetxnV.exe
  2⤵
  PID:8900
- C:\Windows\System\kvENylk.exe
  C:\Windows\System\kvENylk.exe
  2⤵
  PID:8880
- C:\Windows\System\nHssqGB.exe
  C:\Windows\System\nHssqGB.exe
  2⤵
  PID:8988
- C:\Windows\System\cRaMLgg.exe
  C:\Windows\System\cRaMLgg.exe
  2⤵
  PID:9060
- C:\Windows\System\XMDbyBA.exe
  C:\Windows\System\XMDbyBA.exe
  2⤵
  PID:9124
- C:\Windows\System\UZHfRsN.exe
  C:\Windows\System\UZHfRsN.exe
  2⤵
  PID:9208
- C:\Windows\System\AAxFevx.exe
  C:\Windows\System\AAxFevx.exe
  2⤵
  PID:7856
- C:\Windows\System\KJDribj.exe
  C:\Windows\System\KJDribj.exe
  2⤵
  PID:8508
- C:\Windows\System\QpMSQEA.exe
  C:\Windows\System\QpMSQEA.exe
  2⤵
  PID:8648
- C:\Windows\System\XwtBtmQ.exe
  C:\Windows\System\XwtBtmQ.exe
  2⤵
  PID:8676
- C:\Windows\System\LuuWjUf.exe
  C:\Windows\System\LuuWjUf.exe
  2⤵
  PID:8784
- C:\Windows\System\UGTnhJF.exe
  C:\Windows\System\UGTnhJF.exe
  2⤵
  PID:8964
- C:\Windows\System\ULhYWAy.exe
  C:\Windows\System\ULhYWAy.exe
  2⤵
  PID:9164
- C:\Windows\System\BzKlbKI.exe
  C:\Windows\System\BzKlbKI.exe
  2⤵
  PID:7712
- C:\Windows\System\UFiYJsk.exe
  C:\Windows\System\UFiYJsk.exe
  2⤵
  PID:8700
- C:\Windows\System\Vxnwnzj.exe
  C:\Windows\System\Vxnwnzj.exe
  2⤵
  PID:9020
- C:\Windows\System\RnNDETA.exe
  C:\Windows\System\RnNDETA.exe
  2⤵
  PID:9228
- C:\Windows\System\DgjhYzR.exe
  C:\Windows\System\DgjhYzR.exe
  2⤵
  PID:9260
- C:\Windows\System\cieLLuC.exe
  C:\Windows\System\cieLLuC.exe
  2⤵
  PID:9288
- C:\Windows\System\tAWFGLO.exe
  C:\Windows\System\tAWFGLO.exe
  2⤵
  PID:9316
- C:\Windows\System\IICYeUV.exe
  C:\Windows\System\IICYeUV.exe
  2⤵
  PID:9340
- C:\Windows\System\kYMklkK.exe
  C:\Windows\System\kYMklkK.exe
  2⤵
  PID:9364
- C:\Windows\System\WtmJDfr.exe
  C:\Windows\System\WtmJDfr.exe
  2⤵
  PID:9388
- C:\Windows\System\frwtTbh.exe
  C:\Windows\System\frwtTbh.exe
  2⤵
  PID:9416
- C:\Windows\System\zjyASgm.exe
  C:\Windows\System\zjyASgm.exe
  2⤵
  PID:9444
- C:\Windows\System\AuVWoCV.exe
  C:\Windows\System\AuVWoCV.exe
  2⤵
  PID:9468
- C:\Windows\System\xwpUHba.exe
  C:\Windows\System\xwpUHba.exe
  2⤵
  PID:9496
- C:\Windows\System\MrXGBki.exe
  C:\Windows\System\MrXGBki.exe
  2⤵
  PID:9528
- C:\Windows\System\CLjSOyY.exe
  C:\Windows\System\CLjSOyY.exe
  2⤵
  PID:9560
- C:\Windows\System\UTmxopQ.exe
  C:\Windows\System\UTmxopQ.exe
  2⤵
  PID:9584
- C:\Windows\System\JXISuKl.exe
  C:\Windows\System\JXISuKl.exe
  2⤵
  PID:9616
- C:\Windows\System\uIfadXm.exe
  C:\Windows\System\uIfadXm.exe
  2⤵
  PID:9640
- C:\Windows\System\SUfrmIR.exe
  C:\Windows\System\SUfrmIR.exe
  2⤵
  PID:9680
- C:\Windows\System\yxclANz.exe
  C:\Windows\System\yxclANz.exe
  2⤵
  PID:9708
- C:\Windows\System\zPZOPOk.exe
  C:\Windows\System\zPZOPOk.exe
  2⤵
  PID:9736
- C:\Windows\System\ftmFlug.exe
  C:\Windows\System\ftmFlug.exe
  2⤵
  PID:9764
- C:\Windows\System\wFGliBA.exe
  C:\Windows\System\wFGliBA.exe
  2⤵
  PID:9788
- C:\Windows\System\FVViioU.exe
  C:\Windows\System\FVViioU.exe
  2⤵
  PID:9812
- C:\Windows\System\QixjayJ.exe
  C:\Windows\System\QixjayJ.exe
  2⤵
  PID:9836
- C:\Windows\System\aNrAHOt.exe
  C:\Windows\System\aNrAHOt.exe
  2⤵
  PID:9864
- C:\Windows\System\tkpvhBW.exe
  C:\Windows\System\tkpvhBW.exe
  2⤵
  PID:9888
- C:\Windows\System\gMCHsIR.exe
  C:\Windows\System\gMCHsIR.exe
  2⤵
  PID:9924
- C:\Windows\System\RsYvlNh.exe
  C:\Windows\System\RsYvlNh.exe
  2⤵
  PID:9944
- C:\Windows\System\SwzhsSu.exe
  C:\Windows\System\SwzhsSu.exe
  2⤵
  PID:9988
- C:\Windows\System\OzgFddV.exe
  C:\Windows\System\OzgFddV.exe
  2⤵
  PID:10020
- C:\Windows\System\AKWqsxE.exe
  C:\Windows\System\AKWqsxE.exe
  2⤵
  PID:10044
- C:\Windows\System\ZZgxrbC.exe
  C:\Windows\System\ZZgxrbC.exe
  2⤵
  PID:10060
- C:\Windows\System\UTreBoj.exe
  C:\Windows\System\UTreBoj.exe
  2⤵
  PID:10084
- C:\Windows\System\mQTBYKv.exe
  C:\Windows\System\mQTBYKv.exe
  2⤵
  PID:10120
- C:\Windows\System\knfDobW.exe
  C:\Windows\System\knfDobW.exe
  2⤵
  PID:10144
- C:\Windows\System\vWtFWtw.exe
  C:\Windows\System\vWtFWtw.exe
  2⤵
  PID:10188
- C:\Windows\System\NPIYHJE.exe
  C:\Windows\System\NPIYHJE.exe
  2⤵
  PID:10204
- C:\Windows\System\MmvFBLN.exe
  C:\Windows\System\MmvFBLN.exe
  2⤵
  PID:10232
- C:\Windows\System\YbsZNCR.exe
  C:\Windows\System\YbsZNCR.exe
  2⤵
  PID:8216
- C:\Windows\System\JIIQrmJ.exe
  C:\Windows\System\JIIQrmJ.exe
  2⤵
  PID:9224
- C:\Windows\System\GAnCgue.exe
  C:\Windows\System\GAnCgue.exe
  2⤵
  PID:9256
- C:\Windows\System\FlVwnpu.exe
  C:\Windows\System\FlVwnpu.exe
  2⤵
  PID:9372
- C:\Windows\System\cYLoyRv.exe
  C:\Windows\System\cYLoyRv.exe
  2⤵
  PID:9356
- C:\Windows\System\NFcelFG.exe
  C:\Windows\System\NFcelFG.exe
  2⤵
  PID:3960
- C:\Windows\System\hAUfvFM.exe
  C:\Windows\System\hAUfvFM.exe
  2⤵
  PID:9592
- C:\Windows\System\ScYHODa.exe
  C:\Windows\System\ScYHODa.exe
  2⤵
  PID:9492
- C:\Windows\System\UMdbcVM.exe
  C:\Windows\System\UMdbcVM.exe
  2⤵
  PID:9672
- C:\Windows\System\cfcEYPv.exe
  C:\Windows\System\cfcEYPv.exe
  2⤵
  PID:9664
- C:\Windows\System\xLSTGin.exe
  C:\Windows\System\xLSTGin.exe
  2⤵
  PID:9780
- C:\Windows\System\kWHCCBo.exe
  C:\Windows\System\kWHCCBo.exe
  2⤵
  PID:9820
- C:\Windows\System\PVkIGUM.exe
  C:\Windows\System\PVkIGUM.exe
  2⤵
  PID:9884
- C:\Windows\System\HYZiQLw.exe
  C:\Windows\System\HYZiQLw.exe
  2⤵
  PID:9936
- C:\Windows\System\BvOUjaX.exe
  C:\Windows\System\BvOUjaX.exe
  2⤵
  PID:9984
- C:\Windows\System\ZpHqFjh.exe
  C:\Windows\System\ZpHqFjh.exe
  2⤵
  PID:10104
- C:\Windows\System\gqRYDDU.exe
  C:\Windows\System\gqRYDDU.exe
  2⤵
  PID:10156
- C:\Windows\System\mEqagLr.exe
  C:\Windows\System\mEqagLr.exe
  2⤵
  PID:8680
- C:\Windows\System\lhqLHGX.exe
  C:\Windows\System\lhqLHGX.exe
  2⤵
  PID:7668
- C:\Windows\System\EpiIbcK.exe
  C:\Windows\System\EpiIbcK.exe
  2⤵
  PID:9540
- C:\Windows\System\iInPkbw.exe
  C:\Windows\System\iInPkbw.exe
  2⤵
  PID:9516
- C:\Windows\System\iaXkHeD.exe
  C:\Windows\System\iaXkHeD.exe
  2⤵
  PID:9904
- C:\Windows\System\rBBeKlW.exe
  C:\Windows\System\rBBeKlW.exe
  2⤵
  PID:9752
- C:\Windows\System\uaXykOO.exe
  C:\Windows\System\uaXykOO.exe
  2⤵
  PID:10168
- C:\Windows\System\PVogrtk.exe
  C:\Windows\System\PVogrtk.exe
  2⤵
  PID:10140
- C:\Windows\System\YdRTBWy.exe
  C:\Windows\System\YdRTBWy.exe
  2⤵
  PID:9400
- C:\Windows\System\kbmbXHc.exe
  C:\Windows\System\kbmbXHc.exe
  2⤵
  PID:9336
- C:\Windows\System\KiDuqDG.exe
  C:\Windows\System\KiDuqDG.exe
  2⤵
  PID:10068
- C:\Windows\System\SbeekrH.exe
  C:\Windows\System\SbeekrH.exe
  2⤵
  PID:10216
- C:\Windows\System\rSRqKPk.exe
  C:\Windows\System\rSRqKPk.exe
  2⤵
  PID:10256
- C:\Windows\System\tRNUsno.exe
  C:\Windows\System\tRNUsno.exe
  2⤵
  PID:10276
- C:\Windows\System\bUdTpyd.exe
  C:\Windows\System\bUdTpyd.exe
  2⤵
  PID:10308
- C:\Windows\System\ohouqYa.exe
  C:\Windows\System\ohouqYa.exe
  2⤵
  PID:10332
- C:\Windows\System\FKsHVgE.exe
  C:\Windows\System\FKsHVgE.exe
  2⤵
  PID:10356
- C:\Windows\System\vAGvsYq.exe
  C:\Windows\System\vAGvsYq.exe
  2⤵
  PID:10376
- C:\Windows\System\OGGhqiY.exe
  C:\Windows\System\OGGhqiY.exe
  2⤵
  PID:10404
- C:\Windows\System\HViAmXC.exe
  C:\Windows\System\HViAmXC.exe
  2⤵
  PID:10440
- C:\Windows\System\VMCOPNg.exe
  C:\Windows\System\VMCOPNg.exe
  2⤵
  PID:10464
- C:\Windows\System\vlTdRXs.exe
  C:\Windows\System\vlTdRXs.exe
  2⤵
  PID:10488
- C:\Windows\System\faCpBVs.exe
  C:\Windows\System\faCpBVs.exe
  2⤵
  PID:10528
- C:\Windows\System\GlwNJYj.exe
  C:\Windows\System\GlwNJYj.exe
  2⤵
  PID:10548
- C:\Windows\System\eOqhpzY.exe
  C:\Windows\System\eOqhpzY.exe
  2⤵
  PID:10572
- C:\Windows\System\mdWxNSe.exe
  C:\Windows\System\mdWxNSe.exe
  2⤵
  PID:10596
- C:\Windows\System\HHHKWIN.exe
  C:\Windows\System\HHHKWIN.exe
  2⤵
  PID:10624
- C:\Windows\System\lTlplcg.exe
  C:\Windows\System\lTlplcg.exe
  2⤵
  PID:10648
- C:\Windows\System\vRaUelk.exe
  C:\Windows\System\vRaUelk.exe
  2⤵
  PID:10684
- C:\Windows\System\dmkemIt.exe
  C:\Windows\System\dmkemIt.exe
  2⤵
  PID:10712
- C:\Windows\System\jeryLAE.exe
  C:\Windows\System\jeryLAE.exe
  2⤵
  PID:10740
- C:\Windows\System\QhpdfIW.exe
  C:\Windows\System\QhpdfIW.exe
  2⤵
  PID:10760
- C:\Windows\System\yhYgCuh.exe
  C:\Windows\System\yhYgCuh.exe
  2⤵
  PID:10784
- C:\Windows\System\dVqYNjC.exe
  C:\Windows\System\dVqYNjC.exe
  2⤵
  PID:10804
- C:\Windows\System\CLYSZIB.exe
  C:\Windows\System\CLYSZIB.exe
  2⤵
  PID:10828
- C:\Windows\System\xHoMXrZ.exe
  C:\Windows\System\xHoMXrZ.exe
  2⤵
  PID:10848
- C:\Windows\System\VUDPzUE.exe
  C:\Windows\System\VUDPzUE.exe
  2⤵
  PID:10872
- C:\Windows\System\HfwqlDS.exe
  C:\Windows\System\HfwqlDS.exe
  2⤵
  PID:10896
- C:\Windows\System\EAxjfWi.exe
  C:\Windows\System\EAxjfWi.exe
  2⤵
  PID:10924
- C:\Windows\System\GVXMkih.exe
  C:\Windows\System\GVXMkih.exe
  2⤵
  PID:10948
- C:\Windows\System\shKWXms.exe
  C:\Windows\System\shKWXms.exe
  2⤵
  PID:10976
- C:\Windows\System\RloLbAX.exe
  C:\Windows\System\RloLbAX.exe
  2⤵
  PID:11004
- C:\Windows\System\hzcfpDq.exe
  C:\Windows\System\hzcfpDq.exe
  2⤵
  PID:11036
- C:\Windows\System\BZQEJem.exe
  C:\Windows\System\BZQEJem.exe
  2⤵
  PID:11072
- C:\Windows\System\KYELCkT.exe
  C:\Windows\System\KYELCkT.exe
  2⤵
  PID:11092
- C:\Windows\System\uqEEHJB.exe
  C:\Windows\System\uqEEHJB.exe
  2⤵
  PID:11116
- C:\Windows\System\lCBaCsU.exe
  C:\Windows\System\lCBaCsU.exe
  2⤵
  PID:11156
- C:\Windows\System\arSZMPo.exe
  C:\Windows\System\arSZMPo.exe
  2⤵
  PID:11172
- C:\Windows\System\JnWriWo.exe
  C:\Windows\System\JnWriWo.exe
  2⤵
  PID:11200
- C:\Windows\System\ymkpxWw.exe
  C:\Windows\System\ymkpxWw.exe
  2⤵
  PID:11232
- C:\Windows\System\JuqKgmW.exe
  C:\Windows\System\JuqKgmW.exe
  2⤵
  PID:11260
- C:\Windows\System\pHHxwoM.exe
  C:\Windows\System\pHHxwoM.exe
  2⤵
  PID:10152
- C:\Windows\System\TYLmILT.exe
  C:\Windows\System\TYLmILT.exe
  2⤵
  PID:10272
- C:\Windows\System\WWrYOyq.exe
  C:\Windows\System\WWrYOyq.exe
  2⤵
  PID:10244
- C:\Windows\System\zZORHoC.exe
  C:\Windows\System\zZORHoC.exe
  2⤵
  PID:10324
- C:\Windows\System\RkgHSOZ.exe
  C:\Windows\System\RkgHSOZ.exe
  2⤵
  PID:10348
- C:\Windows\System\PzJOTCa.exe
  C:\Windows\System\PzJOTCa.exe
  2⤵
  PID:10484
- C:\Windows\System\HbmrNBp.exe
  C:\Windows\System\HbmrNBp.exe
  2⤵
  PID:10620
- C:\Windows\System\QYXsSfL.exe
  C:\Windows\System\QYXsSfL.exe
  2⤵
  PID:10508
- C:\Windows\System\WhGQFFY.exe
  C:\Windows\System\WhGQFFY.exe
  2⤵
  PID:10736
- C:\Windows\System\iXqMGYo.exe
  C:\Windows\System\iXqMGYo.exe
  2⤵
  PID:10704
- C:\Windows\System\YuNKabS.exe
  C:\Windows\System\YuNKabS.exe
  2⤵
  PID:10752
- C:\Windows\System\RVuNoCg.exe
  C:\Windows\System\RVuNoCg.exe
  2⤵
  PID:10856
- C:\Windows\System\sCXMHXi.exe
  C:\Windows\System\sCXMHXi.exe
  2⤵
  PID:11016
- C:\Windows\System\QCWQUGu.exe
  C:\Windows\System\QCWQUGu.exe
  2⤵
  PID:11084
- C:\Windows\System\wfwLBdl.exe
  C:\Windows\System\wfwLBdl.exe
  2⤵
  PID:11148
- C:\Windows\System\aiTXMmM.exe
  C:\Windows\System\aiTXMmM.exe
  2⤵
  PID:10936
- C:\Windows\System\RzwGuIc.exe
  C:\Windows\System\RzwGuIc.exe
  2⤵
  PID:11112
- C:\Windows\System\QSsTkRg.exe
  C:\Windows\System\QSsTkRg.exe
  2⤵
  PID:10012
- C:\Windows\System\ScUCScT.exe
  C:\Windows\System\ScUCScT.exe
  2⤵
  PID:11088
- C:\Windows\System\vsMDTVh.exe
  C:\Windows\System\vsMDTVh.exe
  2⤵
  PID:9440
- C:\Windows\System\RaJjAEK.exe
  C:\Windows\System\RaJjAEK.exe
  2⤵
  PID:11168
- C:\Windows\System\KBTPAyg.exe
  C:\Windows\System\KBTPAyg.exe
  2⤵
  PID:10544
- C:\Windows\System\ywBWXfk.exe
  C:\Windows\System\ywBWXfk.exe
  2⤵
  PID:772
- C:\Windows\System\YODbryV.exe
  C:\Windows\System\YODbryV.exe
  2⤵
  PID:10800
- C:\Windows\System\TeQAyBt.exe
  C:\Windows\System\TeQAyBt.exe
  2⤵
  PID:10996
- C:\Windows\System\ulDdKcF.exe
  C:\Windows\System\ulDdKcF.exe
  2⤵
  PID:10592
- C:\Windows\System\PyZZZTv.exe
  C:\Windows\System\PyZZZTv.exe
  2⤵
  PID:11052
- C:\Windows\System\BHpaRrG.exe
  C:\Windows\System\BHpaRrG.exe
  2⤵
  PID:11284
- C:\Windows\System\jNwxvxd.exe
  C:\Windows\System\jNwxvxd.exe
  2⤵
  PID:11316
- C:\Windows\System\NrzXJwV.exe
  C:\Windows\System\NrzXJwV.exe
  2⤵
  PID:11336
- C:\Windows\System\DvbOaeB.exe
  C:\Windows\System\DvbOaeB.exe
  2⤵
  PID:11356
- C:\Windows\System\XFxoZep.exe
  C:\Windows\System\XFxoZep.exe
  2⤵
  PID:11388
- C:\Windows\System\PEmcDDL.exe
  C:\Windows\System\PEmcDDL.exe
  2⤵
  PID:11420
- C:\Windows\System\xWjMQvA.exe
  C:\Windows\System\xWjMQvA.exe
  2⤵
  PID:11444
- C:\Windows\System\znFxoCC.exe
  C:\Windows\System\znFxoCC.exe
  2⤵
  PID:11460
- C:\Windows\System\DAwfuQV.exe
  C:\Windows\System\DAwfuQV.exe
  2⤵
  PID:11480
- C:\Windows\System\eejVzQh.exe
  C:\Windows\System\eejVzQh.exe
  2⤵
  PID:11504
- C:\Windows\System\oWSajgb.exe
  C:\Windows\System\oWSajgb.exe
  2⤵
  PID:11544
- C:\Windows\System\mUozWBc.exe
  C:\Windows\System\mUozWBc.exe
  2⤵
  PID:11568
- C:\Windows\System\himkaGU.exe
  C:\Windows\System\himkaGU.exe
  2⤵
  PID:11596
- C:\Windows\System\tsMWmtm.exe
  C:\Windows\System\tsMWmtm.exe
  2⤵
  PID:11620
- C:\Windows\System\lCoBVgi.exe
  C:\Windows\System\lCoBVgi.exe
  2⤵
  PID:11644
- C:\Windows\System\AMwtLbi.exe
  C:\Windows\System\AMwtLbi.exe
  2⤵
  PID:11664
- C:\Windows\System\tJFHFfS.exe
  C:\Windows\System\tJFHFfS.exe
  2⤵
  PID:11688
- C:\Windows\System\pwdTOoP.exe
  C:\Windows\System\pwdTOoP.exe
  2⤵
  PID:11708
- C:\Windows\System\dYRngkO.exe
  C:\Windows\System\dYRngkO.exe
  2⤵
  PID:11728
- C:\Windows\System\nRsLoht.exe
  C:\Windows\System\nRsLoht.exe
  2⤵
  PID:11756
- C:\Windows\System\ESyCAhB.exe
  C:\Windows\System\ESyCAhB.exe
  2⤵
  PID:11784
- C:\Windows\System\LMQuxRx.exe
  C:\Windows\System\LMQuxRx.exe
  2⤵
  PID:11808
- C:\Windows\System\BHOHujR.exe
  C:\Windows\System\BHOHujR.exe
  2⤵
  PID:11840
- C:\Windows\System\NOuZUPj.exe
  C:\Windows\System\NOuZUPj.exe
  2⤵
  PID:11860
- C:\Windows\System\RLfEsoB.exe
  C:\Windows\System\RLfEsoB.exe
  2⤵
  PID:11876
- C:\Windows\System\ogRHWXI.exe
  C:\Windows\System\ogRHWXI.exe
  2⤵
  PID:11908
- C:\Windows\System\FerxxIS.exe
  C:\Windows\System\FerxxIS.exe
  2⤵
  PID:11932
- C:\Windows\System\QNcMKxq.exe
  C:\Windows\System\QNcMKxq.exe
  2⤵
  PID:11964
- C:\Windows\System\abDnSAs.exe
  C:\Windows\System\abDnSAs.exe
  2⤵
  PID:11992
- C:\Windows\System\SbqnyAu.exe
  C:\Windows\System\SbqnyAu.exe
  2⤵
  PID:12020
- C:\Windows\System\PBeSSLN.exe
  C:\Windows\System\PBeSSLN.exe
  2⤵
  PID:12052
- C:\Windows\System\QNZKKgy.exe
  C:\Windows\System\QNZKKgy.exe
  2⤵
  PID:12080
- C:\Windows\System\ILWCNHU.exe
  C:\Windows\System\ILWCNHU.exe
  2⤵
  PID:12108
- C:\Windows\System\XvwJoER.exe
  C:\Windows\System\XvwJoER.exe
  2⤵
  PID:12136
- C:\Windows\System\ZiOfoNz.exe
  C:\Windows\System\ZiOfoNz.exe
  2⤵
  PID:12156
- C:\Windows\System\pTSzXWl.exe
  C:\Windows\System\pTSzXWl.exe
  2⤵
  PID:12184
- C:\Windows\System\efZKham.exe
  C:\Windows\System\efZKham.exe
  2⤵
  PID:12208
- C:\Windows\System\XWyXsNF.exe
  C:\Windows\System\XWyXsNF.exe
  2⤵
  PID:12236
- C:\Windows\System\MdKWYVT.exe
  C:\Windows\System\MdKWYVT.exe
  2⤵
  PID:12256
- C:\Windows\System\hYQcVaH.exe
  C:\Windows\System\hYQcVaH.exe
  2⤵
  PID:12284
- C:\Windows\System\mcwvIqV.exe
  C:\Windows\System\mcwvIqV.exe
  2⤵
  PID:11064
- C:\Windows\System\haGeZQD.exe
  C:\Windows\System\haGeZQD.exe
  2⤵
  PID:1544
- C:\Windows\System\EPNJUAZ.exe
  C:\Windows\System\EPNJUAZ.exe
  2⤵
  PID:11328
- C:\Windows\System\IVPQwZP.exe
  C:\Windows\System\IVPQwZP.exe
  2⤵
  PID:11276
- C:\Windows\System\InVBxPD.exe
  C:\Windows\System\InVBxPD.exe
  2⤵
  PID:11476
- C:\Windows\System\HtSuDNM.exe
  C:\Windows\System\HtSuDNM.exe
  2⤵
  PID:11368
- C:\Windows\System\ppUVWtf.exe
  C:\Windows\System\ppUVWtf.exe
  2⤵
  PID:11272
- C:\Windows\System\XCOlVSZ.exe
  C:\Windows\System\XCOlVSZ.exe
  2⤵
  PID:11412
- C:\Windows\System\Jnmfduu.exe
  C:\Windows\System\Jnmfduu.exe
  2⤵
  PID:11608
- C:\Windows\System\nAqAYba.exe
  C:\Windows\System\nAqAYba.exe
  2⤵
  PID:11468
- C:\Windows\System\gIAIMwZ.exe
  C:\Windows\System\gIAIMwZ.exe
  2⤵
  PID:11656
- C:\Windows\System\yDOqJZx.exe
  C:\Windows\System\yDOqJZx.exe
  2⤵
  PID:11736
- C:\Windows\System\QYKgYqK.exe
  C:\Windows\System\QYKgYqK.exe
  2⤵
  PID:4624
- C:\Windows\System\qEwPnSF.exe
  C:\Windows\System\qEwPnSF.exe
  2⤵
  PID:11636
- C:\Windows\System\BkdgCVk.exe
  C:\Windows\System\BkdgCVk.exe
  2⤵
  PID:11852
- C:\Windows\System\zHSQhRH.exe
  C:\Windows\System\zHSQhRH.exe
  2⤵
  PID:11716
- C:\Windows\System\stGMwJJ.exe
  C:\Windows\System\stGMwJJ.exe
  2⤵
  PID:12004
- C:\Windows\System\OqqVmUe.exe
  C:\Windows\System\OqqVmUe.exe
  2⤵
  PID:12032
- C:\Windows\System\FCPgGdO.exe
  C:\Windows\System\FCPgGdO.exe
  2⤵
  PID:12076
- C:\Windows\System\jrbwJUF.exe
  C:\Windows\System\jrbwJUF.exe
  2⤵
  PID:11140
- C:\Windows\System\zTpCfIY.exe
  C:\Windows\System\zTpCfIY.exe
  2⤵
  PID:11440
- C:\Windows\System\hDAjkCf.exe
  C:\Windows\System\hDAjkCf.exe
  2⤵
  PID:11976
- C:\Windows\System\rvxzzhj.exe
  C:\Windows\System\rvxzzhj.exe
  2⤵
  PID:12272
- C:\Windows\System\yEEgRMu.exe
  C:\Windows\System\yEEgRMu.exe
  2⤵
  PID:11588
- C:\Windows\System\DoVAyqm.exe
  C:\Windows\System\DoVAyqm.exe
  2⤵
  PID:12132
- C:\Windows\System\GMNarrF.exe
  C:\Windows\System\GMNarrF.exe
  2⤵
  PID:12096
- C:\Windows\System\SBAwdyC.exe
  C:\Windows\System\SBAwdyC.exe
  2⤵
  PID:12300
- C:\Windows\System\JqJEkoP.exe
  C:\Windows\System\JqJEkoP.exe
  2⤵
  PID:12340
- C:\Windows\System\BdRhjeX.exe
  C:\Windows\System\BdRhjeX.exe
  2⤵
  PID:12364
- C:\Windows\System\IPPGHNU.exe
  C:\Windows\System\IPPGHNU.exe
  2⤵
  PID:12392
- C:\Windows\System\ovcSeeP.exe
  C:\Windows\System\ovcSeeP.exe
  2⤵
  PID:12416
- C:\Windows\System\ESNsBff.exe
  C:\Windows\System\ESNsBff.exe
  2⤵
  PID:12440
- C:\Windows\System\SYLFcQR.exe
  C:\Windows\System\SYLFcQR.exe
  2⤵
  PID:12472
- C:\Windows\System\GhxMiAN.exe
  C:\Windows\System\GhxMiAN.exe
  2⤵
  PID:12496
- C:\Windows\System\vaVsfej.exe
  C:\Windows\System\vaVsfej.exe
  2⤵
  PID:12520
- C:\Windows\System\JejhsFk.exe
  C:\Windows\System\JejhsFk.exe
  2⤵
  PID:12536
- C:\Windows\System\ZhnjlIM.exe
  C:\Windows\System\ZhnjlIM.exe
  2⤵
  PID:12560
- C:\Windows\System\vjpdyMZ.exe
  C:\Windows\System\vjpdyMZ.exe
  2⤵
  PID:12580
- C:\Windows\System\wZVGqoO.exe
  C:\Windows\System\wZVGqoO.exe
  2⤵
  PID:12612
- C:\Windows\System\wWidXGn.exe
  C:\Windows\System\wWidXGn.exe
  2⤵
  PID:12640
- C:\Windows\System\aLrXYnC.exe
  C:\Windows\System\aLrXYnC.exe
  2⤵
  PID:12668
- C:\Windows\System\pRxZBQO.exe
  C:\Windows\System\pRxZBQO.exe
  2⤵
  PID:12688
- C:\Windows\System\yoQUSpD.exe
  C:\Windows\System\yoQUSpD.exe
  2⤵
  PID:12720
- C:\Windows\System\pbvikTy.exe
  C:\Windows\System\pbvikTy.exe
  2⤵
  PID:12744
- C:\Windows\System\TWSgNxp.exe
  C:\Windows\System\TWSgNxp.exe
  2⤵
  PID:12764
- C:\Windows\System\qsWOyxq.exe
  C:\Windows\System\qsWOyxq.exe
  2⤵
  PID:12792
- C:\Windows\System\PYFzbXU.exe
  C:\Windows\System\PYFzbXU.exe
  2⤵
  PID:12820
- C:\Windows\System\hyLeXtg.exe
  C:\Windows\System\hyLeXtg.exe
  2⤵
  PID:12844
- C:\Windows\System\RFMZNOL.exe
  C:\Windows\System\RFMZNOL.exe
  2⤵
  PID:12864
- C:\Windows\System\sJCdxGx.exe
  C:\Windows\System\sJCdxGx.exe
  2⤵
  PID:12900
- C:\Windows\System\yfSRrYl.exe
  C:\Windows\System\yfSRrYl.exe
  2⤵
  PID:12924
- C:\Windows\System\XHZwrea.exe
  C:\Windows\System\XHZwrea.exe
  2⤵
  PID:12944
- C:\Windows\System\bQNUBzb.exe
  C:\Windows\System\bQNUBzb.exe
  2⤵
  PID:12972
- C:\Windows\System\NZPwlke.exe
  C:\Windows\System\NZPwlke.exe
  2⤵
  PID:13000
- C:\Windows\System\wYpwgLk.exe
  C:\Windows\System\wYpwgLk.exe
  2⤵
  PID:13032
- C:\Windows\System\MyBmLZn.exe
  C:\Windows\System\MyBmLZn.exe
  2⤵
  PID:13056
- C:\Windows\System\rwEqcSv.exe
  C:\Windows\System\rwEqcSv.exe
  2⤵
  PID:13076
- C:\Windows\System\TVKlmOo.exe
  C:\Windows\System\TVKlmOo.exe
  2⤵
  PID:13100
- C:\Windows\System\HHhZpmS.exe
  C:\Windows\System\HHhZpmS.exe
  2⤵
  PID:13132
- C:\Windows\System\PHXRGuw.exe
  C:\Windows\System\PHXRGuw.exe
  2⤵
  PID:13164
- C:\Windows\System\lRnTlVe.exe
  C:\Windows\System\lRnTlVe.exe
  2⤵
  PID:13188
- C:\Windows\System\XSGcAcT.exe
  C:\Windows\System\XSGcAcT.exe
  2⤵
  PID:13216
- C:\Windows\System\dlCtohg.exe
  C:\Windows\System\dlCtohg.exe
  2⤵
  PID:13236
- C:\Windows\System\xDnFeIR.exe
  C:\Windows\System\xDnFeIR.exe
  2⤵
  PID:13260
- C:\Windows\System\ZRXleAG.exe
  C:\Windows\System\ZRXleAG.exe
  2⤵
  PID:13280
- C:\Windows\System\wjVNNHI.exe
  C:\Windows\System\wjVNNHI.exe
  2⤵
  PID:13304
- C:\Windows\System\dLiqBsA.exe
  C:\Windows\System\dLiqBsA.exe
  2⤵
  PID:11616
- C:\Windows\System\gfkoJKu.exe
  C:\Windows\System\gfkoJKu.exe
  2⤵
  PID:11724
- C:\Windows\System\OrBCwBX.exe
  C:\Windows\System\OrBCwBX.exe
  2⤵
  PID:10392
- C:\Windows\System\luoeZQI.exe
  C:\Windows\System\luoeZQI.exe
  2⤵
  PID:12320
- C:\Windows\System\SWxiHzo.exe
  C:\Windows\System\SWxiHzo.exe
  2⤵
  PID:12380
- C:\Windows\System\IXqGOIM.exe
  C:\Windows\System\IXqGOIM.exe
  2⤵
  PID:12464
- C:\Windows\System\cpqljOh.exe
  C:\Windows\System\cpqljOh.exe
  2⤵
  PID:11904
- C:\Windows\System\pkAoJUD.exe
  C:\Windows\System\pkAoJUD.exe
  2⤵
  PID:12204
- C:\Windows\System\hKcCswo.exe
  C:\Windows\System\hKcCswo.exe
  2⤵
  PID:12596
- C:\Windows\System\XfBoZun.exe
  C:\Windows\System\XfBoZun.exe
  2⤵
  PID:12356
- C:\Windows\System\MennUBc.exe
  C:\Windows\System\MennUBc.exe
  2⤵
  PID:12400
- C:\Windows\System\sxFywIl.exe
  C:\Windows\System\sxFywIl.exe
  2⤵
  PID:12712
- C:\Windows\System\dtPKhGa.exe
  C:\Windows\System\dtPKhGa.exe
  2⤵
  PID:12776
- C:\Windows\System\NDhDXxw.exe
  C:\Windows\System\NDhDXxw.exe
  2⤵
  PID:12512
- C:\Windows\System\PUftCCb.exe
  C:\Windows\System\PUftCCb.exe
  2⤵
  PID:12532
- C:\Windows\System\SssOiZV.exe
  C:\Windows\System\SssOiZV.exe
  2⤵
  PID:12888
- C:\Windows\System\NgdscnR.exe
  C:\Windows\System\NgdscnR.exe
  2⤵
  PID:11380
- C:\Windows\System\kZOSouh.exe
  C:\Windows\System\kZOSouh.exe
  2⤵
  PID:13092
- C:\Windows\System\vgSieQu.exe
  C:\Windows\System\vgSieQu.exe
  2⤵
  PID:13176
- C:\Windows\System\BnJUVxF.exe
  C:\Windows\System\BnJUVxF.exe
  2⤵
  PID:12908
- C:\Windows\System\XHYIxIY.exe
  C:\Windows\System\XHYIxIY.exe
  2⤵
  PID:12960
- C:\Windows\System\WXtUlhl.exe
  C:\Windows\System\WXtUlhl.exe
  2⤵
  PID:12988
- C:\Windows\System\rkleclY.exe
  C:\Windows\System\rkleclY.exe
  2⤵
  PID:13044
- C:\Windows\System\AZdUbpD.exe
  C:\Windows\System\AZdUbpD.exe
  2⤵
  PID:12068
- C:\Windows\System\csgPwLz.exe
  C:\Windows\System\csgPwLz.exe
  2⤵
  PID:11984
- C:\Windows\System\TfCxwzP.exe
  C:\Windows\System\TfCxwzP.exe
  2⤵
  PID:13332
- C:\Windows\System\IRPPVLN.exe
  C:\Windows\System\IRPPVLN.exe
  2⤵
  PID:13360
- C:\Windows\System\OUPhuKO.exe
  C:\Windows\System\OUPhuKO.exe
  2⤵
  PID:13388
- C:\Windows\System\aOKsiKX.exe
  C:\Windows\System\aOKsiKX.exe
  2⤵
  PID:13412
- C:\Windows\System\jxMDGOJ.exe
  C:\Windows\System\jxMDGOJ.exe
  2⤵
  PID:13432
- C:\Windows\System\EbtHDlD.exe
  C:\Windows\System\EbtHDlD.exe
  2⤵
  PID:13464
- C:\Windows\System\xDESrpu.exe
  C:\Windows\System\xDESrpu.exe
  2⤵
  PID:13492
- C:\Windows\System\fftQvMe.exe
  C:\Windows\System\fftQvMe.exe
  2⤵
  PID:13508
- C:\Windows\System\Xzyvnyb.exe
  C:\Windows\System\Xzyvnyb.exe
  2⤵
  PID:13528
- C:\Windows\System\BVGzOcQ.exe
  C:\Windows\System\BVGzOcQ.exe
  2⤵
  PID:13556
- C:\Windows\System\FWgyceT.exe
  C:\Windows\System\FWgyceT.exe
  2⤵
  PID:13576
- C:\Windows\System\VfnbPQM.exe
  C:\Windows\System\VfnbPQM.exe
  2⤵
  PID:13604
- C:\Windows\System\iduSeHs.exe
  C:\Windows\System\iduSeHs.exe
  2⤵
  PID:13636
- C:\Windows\System\isNKJTl.exe
  C:\Windows\System\isNKJTl.exe
  2⤵
  PID:13664
- C:\Windows\System\pZyKxez.exe
  C:\Windows\System\pZyKxez.exe
  2⤵
  PID:13684
- C:\Windows\System\jRpaqsY.exe
  C:\Windows\System\jRpaqsY.exe
  2⤵
  PID:13708
- C:\Windows\System\xLtQdSh.exe
  C:\Windows\System\xLtQdSh.exe
  2⤵
  PID:13736
- C:\Windows\System\fTcwqvt.exe
  C:\Windows\System\fTcwqvt.exe
  2⤵
  PID:13756
- C:\Windows\System\CubzNTm.exe
  C:\Windows\System\CubzNTm.exe
  2⤵
  PID:13784
- C:\Windows\System\hBdqAkV.exe
  C:\Windows\System\hBdqAkV.exe
  2⤵
  PID:13808
- C:\Windows\System\drGUxrt.exe
  C:\Windows\System\drGUxrt.exe
  2⤵
  PID:13840
- C:\Windows\System\AiOhbIe.exe
  C:\Windows\System\AiOhbIe.exe
  2⤵
  PID:13860
- C:\Windows\System\cYoSBph.exe
  C:\Windows\System\cYoSBph.exe
  2⤵
  PID:13884
- C:\Windows\System\gprAMLr.exe
  C:\Windows\System\gprAMLr.exe
  2⤵
  PID:13912
- C:\Windows\System\BcCLwsZ.exe
  C:\Windows\System\BcCLwsZ.exe
  2⤵
  PID:13928
- C:\Windows\System\qRgfYkq.exe
  C:\Windows\System\qRgfYkq.exe
  2⤵
  PID:14300
- C:\Windows\System\BFyWMCa.exe
  C:\Windows\System\BFyWMCa.exe
  2⤵
  PID:14316
- C:\Windows\System\MtnVrcC.exe
  C:\Windows\System\MtnVrcC.exe
  2⤵
  PID:12388
- C:\Windows\System\YzfzgVd.exe
  C:\Windows\System\YzfzgVd.exe
  2⤵
  PID:12784
- C:\Windows\System\SHaalxs.exe
  C:\Windows\System\SHaalxs.exe
  2⤵
  PID:4712
- C:\Windows\System\LKNIdEa.exe
  C:\Windows\System\LKNIdEa.exe
  2⤵
  PID:13160
- C:\Windows\System\ectdquJ.exe
  C:\Windows\System\ectdquJ.exe
  2⤵
  PID:2944
- C:\Windows\System\xRhKuLc.exe
  C:\Windows\System\xRhKuLc.exe
  2⤵
  PID:12576
- C:\Windows\System\IgmebyG.exe
  C:\Windows\System\IgmebyG.exe
  2⤵
  PID:12456
- C:\Windows\System\kjRxfDM.exe
  C:\Windows\System\kjRxfDM.exe
  2⤵
  PID:12872
- C:\Windows\System\EQVhSJE.exe
  C:\Windows\System\EQVhSJE.exe
  2⤵
  PID:11612
- C:\Windows\System\uXIfTdb.exe
  C:\Windows\System\uXIfTdb.exe
  2⤵
  PID:12932
- C:\Windows\System\PSGqSfB.exe
  C:\Windows\System\PSGqSfB.exe
  2⤵
  PID:13724
- C:\Windows\System\LmDzqKj.exe
  C:\Windows\System\LmDzqKj.exe
  2⤵
  PID:13400
- C:\Windows\System\kxqNACI.exe
  C:\Windows\System\kxqNACI.exe
  2⤵
  PID:13488
- C:\Windows\System\caFrvTX.exe
  C:\Windows\System\caFrvTX.exe
  2⤵
  PID:13984
- C:\Windows\System\xwjiZCf.exe
  C:\Windows\System\xwjiZCf.exe
  2⤵
  PID:13596
- C:\Windows\System\wLRENic.exe
  C:\Windows\System\wLRENic.exe
  2⤵
  PID:14008
- C:\Windows\System\IHgiifC.exe
  C:\Windows\System\IHgiifC.exe
  2⤵
  PID:12492
- C:\Windows\System\IjePVEq.exe
  C:\Windows\System\IjePVEq.exe
  2⤵
  PID:12508

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AEvDRWE.exe

Filesize
1.9MB

MD5
821c33cbc5762102436ef3081a35a205

SHA1
712d8cc13ddbaa7b9230a17211867b10890107fe

SHA256
ed69fb96e7a86006967a134a81dfce19b270f65b64b6c140e93271cdc5ce0504

SHA512
475b622e9347a866ce777618b90140eb0f5f73bdf7c4f094a191654370e0fadbc0a0bec6b1c0be333046ba63624b157d204b18e956e536b736c9304ba04913ad

Download Submit
C:\Windows\System\ASEHOqj.exe

Filesize
1.9MB

MD5
358a10aa4524ad406535e2873366327d

SHA1
e4ccd7cffadb388df9cc9cb15214c524a372b27c

SHA256
f6a0a2cf80a3e170d520fa479298dcae5d390a4bb9cf6e611cb43e80becb2fe4

SHA512
b3aca11b9c593175111f07cf87cf3b8f4367323f1cf498482c88133e3cff1156de271e32ceeb92b2b2273be0ac5c52ad72fd143127eaea781509090fd005cecd

Download Submit
C:\Windows\System\AyWMFuq.exe

Filesize
1.9MB

MD5
14c9e4560d688984aa6c7355e7c918da

SHA1
2bdf9d8175158943cbaac1112e4677aeda889f68

SHA256
f798856f3b495072e1d218a4bf5c706604179b8328e8fb507d7ef9d2adc5876f

SHA512
eef050a5b4bf99414773884763e7a1093efea4a199316cff18948c64ed2d188d35f72a4c622af6d6b06f81658585af99ea6ae3fb33a00f50bdb80ff009692495

Download Submit
C:\Windows\System\CxoMtXX.exe

Filesize
1.9MB

MD5
fb98207a3bce7efc30457d3c7f6020fa

SHA1
f50c99a81450eea5acc5a4b5a6b364e55efbe0a9

SHA256
2889be6ac0288802735e2f760ee9c8e2760ecf71d6887708bba0be79b9b8550c

SHA512
ea51bfe0cc183a3290073484a655efb4d43cc9026e8490555bae7be808b0e71169d3a3016543a559cec94f5b99b199f6e1406423f271a8a2715295ad5ceab7bf

Download Submit
C:\Windows\System\FhBOblu.exe

Filesize
1.9MB

MD5
4e2ef6c2badf202ae07ba44086c1b227

SHA1
b300154fe6870a0147a81ac118cf015b7f4941f3

SHA256
8f09535cd53368dcb1dbf1b989682622afcc31ff62941ef67bc5ae79bb28fbe1

SHA512
235501e5b47dd82de70e16ad2bc828f179648337ac8638ebea1f748534830e5a5d0f8774ae0ea3ca53cd331ee6233b7c6063a915bb7abee63f616004d7c49ed1

Download Submit
C:\Windows\System\GCLAFqE.exe

Filesize
1.9MB

MD5
4f84a6db2bffa3c075aa384d23503ad6

SHA1
44d475486b17065090339591c11344e63a4a8ccd

SHA256
25cc6594f0f219fda53471f18eb0b7ef5a25cbec5aa3bc4ac3791231cdebab22

SHA512
ac5260db0497d11d707db5f76d2c24f3f6f33068ecdc4bcce134f584b848ca9bc206a6d5521f390d83f0ed1774a670722af27a1282eefe725a20fd43caa17ad2

Download Submit
C:\Windows\System\HpPvWMZ.exe

Filesize
1.9MB

MD5
f95208a8e753020db0d39f54b0e8f5c1

SHA1
b0b8d6291f2592918c019439db7fc61209a9943b

SHA256
55cbdf35c0a5bd1d77e2e844ef777c456f93a5520db58050be995d0a360e9772

SHA512
fa658615cb1d42972f646a529bb8475e36c336f8850998826c21a18dcf3aa4771cdac8595c65a7f53fc1d55bd92ba6eeae5e93f8624606f4acaa80f0dab38f0a

Download Submit
C:\Windows\System\IOHlizX.exe

Filesize
1.9MB

MD5
7663efcbfd8b481fdc46af8454d85b26

SHA1
a7137d921f379f535665f5e03a0c86ad8de47423

SHA256
d1b0d986f47c94a591e296b3477537876ae53b3191a675a68e5bdd47dcdbf810

SHA512
5dd7288bbaf374137752370e72fee467b77f72883b3aa8e0c254bee78f207edaa69954fd6da748e7dfed1210c52b5f15d9f1f67516e95651c14fb202a853a567

Download Submit
C:\Windows\System\KaKtBtE.exe

Filesize
1.9MB

MD5
7f4bb2b03182bab09e36d3af80c2baa1

SHA1
8bf9c0eb4ac3fb6b9de6fb815f236a779489a96f

SHA256
43c8f482bc452ed076de03626a0b454be49b48ae33baee3995b9e3a9080a965b

SHA512
729d738ddb71fe3de1ca9888ed2a915fd6f59e9285b9b526d67be1f79c76b39ecd7882c798d1076a8eee56b10f81c73982c471383a3438532f5c222cf3f2d3ba

Download Submit
C:\Windows\System\NuJAExy.exe

Filesize
1.9MB

MD5
b3909ca54a3e09d0f9e948bb6d8a6479

SHA1
418c0f97a870b303535bb13cd53a014db3645350

SHA256
9301963522dd21f56ca921d8c05c9d576a7c00b3660b17a30787d29190122e9b

SHA512
bc4fb75cab58eb2c45451e6d54c996b1a0672ab2e351e2c8ccbfb5d8fb7a1a8e3daaeddf2d9efee653b45b1a0ed89db5ddc0b4a16ec45c18257c465527dff97e

Download Submit
C:\Windows\System\SkSfFeE.exe

Filesize
1.9MB

MD5
8f0b251bfecd5a7f94de8d33ba8a6d8c

SHA1
767bd3560364e22a8d3516660af96174a8a85472

SHA256
b097fb310b8b47b490ec8994d3f6982d358a6101e21d22a0aad07dadafe46555

SHA512
a9c8da98b5eac3f4886d35a869b586870384c1d7b88352025617b571f557b5250ac4b23e1fc0a06f23243ee09bd57cc411ee6517dc64e7f64a666d9ea9bd450d

Download Submit
C:\Windows\System\TpKzpng.exe

Filesize
1.9MB

MD5
4c615d302e85e7c135331b370f49518c

SHA1
f9d3b726a3b3c44e204fd90bbb1e4061b99102e0

SHA256
485a15a089e086c3b6b69484a8c6e1db1194f071ec27519772a3ed9060265674

SHA512
2de9e7e6a99ae7150de79eeb8bc5690beb91536f6ddfdee2dab1db2fbf4f97ded59a0258f5985b4083e9569e3def0ba02dbb0e020eff5917ab47d939aed144cd

Download Submit
C:\Windows\System\VkWhKlq.exe

Filesize
1.9MB

MD5
110afc2e42d2180096a957ca60c5c464

SHA1
e7ceeb7590480079ee9faf56a48d8b9d63132c7e

SHA256
ede0265f952158be4d46d3f923395592152373dab24245f6633ca0f0ae2da10e

SHA512
7de08aff4d2f1e8f601e4c66b1867952a641d5413e9afbeb2f8702d97201fd0d97976da2d9e77a89992cd02ffe7d98739b382959f87f915ecdb0b0af3ddebcd4

Download Submit
C:\Windows\System\VvYMqVj.exe

Filesize
1.9MB

MD5
ca1bcb13d2b7fedd3df093a5b24419be

SHA1
32cfde0959798fecfae0a4af15b40afcfc79ba06

SHA256
046778433eb5f7c1a8bde345e16681386ed564282dce4ba3ecbb728267f4b7d3

SHA512
08e3f506bed1db23533afeb88220a46ad8b6e0e13a4520e6c1d4bda4e06a87f742fad277549eb28c40e46f00fb458cd87db1c57bcce54a14858091c5e09a313a

Download Submit
C:\Windows\System\WpanLBi.exe

Filesize
1.9MB

MD5
a017dcfe6e0cd92eced5756dc711de6c

SHA1
08aa01ac352c09ce2d9adfb8fe1a61551a3a623b

SHA256
071b8b3720538ddb5561f1cd0d826cfc07eef3c8898c42febe7496e47e60a993

SHA512
c6ae5d32cc301a1503a10748d1bff943f2fc5ba6f273a0a295215be02e7550acadd859dc3254d49dfa6aae6e45ee3dc3a8f1144455322c1ac9cb841e5ffe603a

Download Submit
C:\Windows\System\YOyEFFK.exe

Filesize
1.9MB

MD5
312d991afc3fcddc7a67f90a9a8a65f4

SHA1
360e1de77522f6d5e88f3609a446aec3ac852d78

SHA256
3ed6e14a2e550e5bcd451739f0d475a28f0b13cc7bd3786bf62d0edb99ad2b41

SHA512
e3425a8a7c5ef4ef3116ef5ac59335f9cf227edf0da3f85df74653e5cf484f13c711357eae1c75fe34f6daa586076b9ec1c5326ceeeca2c8da126959910a08ec

Download Submit
C:\Windows\System\bJjqAlS.exe

Filesize
1.9MB

MD5
b07fb244b6860c3b1a24dcc3c92c1e37

SHA1
70af694074438868691f2873921a6099ef5ab56c

SHA256
bb8c60a21a1bc69bda18d6a86f8c16e2e11430a19a773b21d056c9b0835b5491

SHA512
3e9637f7496a054f012d438ed7a51e0f153c6b865b53fc094f693c5db908d3445eb42b310c518f151ae3df362e71845ecf94454eb0e96481cf42ad8a3433bc2c

Download Submit
C:\Windows\System\bKzWmPh.exe

Filesize
1.9MB

MD5
4193cd00cea3aec89661fce6ceb8b211

SHA1
ff4e51c71503ece5cea9c13f5ddf1e73d08d9077

SHA256
c07aef8b7c01319dd716d9ec3892fe241ad421bac507719999f33e48b8320a0c

SHA512
ad27b7335cb89acc6e13a2ae822ab3c6ca276abbdd2457dd23f6db7a652c09e2071648c1be0aedc4dbed74b2dbd5361f3ab2a16ad03f375928c7be84992a1cca

Download Submit
C:\Windows\System\cCMnMJv.exe

Filesize
1.9MB

MD5
89c89bf3f0b74f8880621a1a88df3ae3

SHA1
4b4b0b5228c139743470c201220440c2ef9de64b

SHA256
11ac3e044c45178cebb9fb86c375399c14ce5da1fe180cf1a01aa2110479f79b

SHA512
e429f799195c2da5c5977b8d6c8c88a325eba843714f3ec7bfc7f9efa337d5ada6415fd70b6868c39970ec3255d9606ec0188bc5841cf9110203e92ca24a45e1

Download Submit
C:\Windows\System\cLBMMRH.exe

Filesize
1.9MB

MD5
5de4348ad8de364eafb590f125f47236

SHA1
fbd5135358f3fa62af78417c269797cc77268a96

SHA256
f3f1233b0e7bc0685ed21cb530beb2f2c4e0bba21eaf7ab8f67e34e61d8d0f5f

SHA512
c5bc8a9ec894c593db90d8f43ad70cfde69f502f803998481d065fdf7dc7433896f2d37a503c29dc7a5a07678608f2c105e963ecbe48812edae5087f0b83e14e

Download Submit
C:\Windows\System\ePBEuqQ.exe

Filesize
1.9MB

MD5
56e10413d0f75623e2959bdf0fcd1843

SHA1
856beb48838de06a7b4065542670b897afa269b4

SHA256
8c30d63f117894add88623fe82b9707a761336f95620d9293d18bc0992d08325

SHA512
e4cca503e8719c28264ce5bced3015cb0660bbab683ba36b423bdd37902b2755f1ac2307eb6c1b18c677c2fc3fd4f7ede05a9064b440ec7d327b9371335cd153

Download Submit
C:\Windows\System\heETYJl.exe

Filesize
1.9MB

MD5
dda2731df8876eb9b92f924c3be0d5c2

SHA1
87a5f29b63460e8f88e130c759fe83476b2737a7

SHA256
de81a9975d7df535d08c023a73124b45b7dd8d76dd19c14544cb58c6d5bbaec4

SHA512
5bd61afabe8506aa1d27c4c90911cde942719b9cf9bb95f3d42226a2dad13e00fa6639b037643916f35d080ad52d2e775ed68b223a126293c85ea0f7701f54ce

Download Submit
C:\Windows\System\jDiIGfj.exe

Filesize
1.9MB

MD5
819b5a89281947840c075124fdbea315

SHA1
76be4aad8eb5f9febba94d9cee6d45b1d6974e0c

SHA256
f6b6a7bfcea6a0a2a9805d1d2e688c0f944ec291d18cfb8ef6f06dbd8d295bc8

SHA512
b800d1d2036558561659b34324bc6cd5a4f38ff272b446902bee3393f1ba50a7b58010492711455daefa92bb60744cff8d0aef556c685e5593c9ef51c48adf8a

Download Submit
C:\Windows\System\jkhHYsV.exe

Filesize
1.9MB

MD5
78c9a036cd06cde4661924b6386f0c08

SHA1
1367ac57b03dc8e9996d15a54d65b9f55edc1c95

SHA256
3f5c2c03fb75c8b9649e1cce89c457c4ad3ed7b7849f956c3e0c253496c97fef

SHA512
088680c6511819877d9d4e59431533d80fb43787e3fd797a2e25aac3e96da7a2838adc37fbad748afa448ca4bcfeef0289f8b2b48f54ce540c52dbc478ed4222

Download Submit
C:\Windows\System\kSzluKo.exe

Filesize
1.9MB

MD5
5e98bce25e2ab821a2912970157d6a5a

SHA1
f2062821c9743cb53ee1d713a51cdc832cd291b9

SHA256
03d0a483657490c7d1987e6449b25acbff4ba53b990045b6e710505ef15f550a

SHA512
3d605496fc6d6b3da8f34a72ed58f14adbca49c6d386874e673e2494a2c9cd642718b6104ca82f08e5fb9b64160ed1d68dafa711c00c264f409039e7f299d994

Download Submit
C:\Windows\System\mdCgteY.exe

Filesize
1.9MB

MD5
3566e9fd48e285a859e352d447e03fec

SHA1
4ac150e4617f5ef3f1e21dd0196b401ffad5ff27

SHA256
00ec06c10c5b94ffc2140b6dd94a1b27b56ec8be812edc8348e4f1fcf6781c25

SHA512
a70716d9592836e566b5a3c92e4a423ba4815f1d792562e26b41ee80192acd0085657cc8996a32565ea5d9fb445d7e2577c6b15a2e6bdba243f7040174160d49

Download Submit
C:\Windows\System\ngEyvwT.exe

Filesize
1.9MB

MD5
b9fbfcac1cb2060cec1ef8d0ad74c0cc

SHA1
f1fb88406a8499d4dc3d266f06b73ad1f1dd6044

SHA256
6da3467ae38be7eecb97a2540b5dce5c5661831a5d0a828a10931f19162e5e61

SHA512
17756e8cef89c461cd8d3f9ee7ebf4bd6b4b2daa532d7c0249003b5fc59c320b8d2ff4ed31f1b7b8b6b2492cf59eeb0180029438e82e58aee43ac42b8c7ce032

Download Submit
C:\Windows\System\qyXnzvi.exe

Filesize
1.9MB

MD5
a8f3d3873e90b75e3a72ad226a12444d

SHA1
8857d839298ddb882143d48e10e750d32457b08c

SHA256
4478592983ddd6bcf085b4fc211fdb30cb314bd486531e8a17e301df8454711f

SHA512
186d3168af767c252c94bbf273c92e0c75be45256f2a63cdfb047ed2b87d8af964e43b6f7474479c56d9af8eab9ec42c2e8edba01aa7e90dc28278e7cb2296d0

Download Submit
C:\Windows\System\tGIxxCm.exe

Filesize
1.9MB

MD5
31b3258846b68f53a5b500b56a04c9ee

SHA1
2e244bf9a0496796bd661e6132a9a8287016adb4

SHA256
05b21059f7dfff545183911fc4cae74b964356e3988e805acef05634b6d8ce0d

SHA512
fd3a9d1238d0531e6d9d2390c923bb6e8b6fd2776d4479dc5a900bedcd719e391c5b7ffdb0138603d3bceb49490744227c91d8109d33c07cbf298a3be93604d1

Download Submit
C:\Windows\System\tiJHLEK.exe

Filesize
1.9MB

MD5
b0d1fbd31d3afdc7df411c15de1e7bf9

SHA1
a925b1b2491b6d51288a7912da6ab08e6da86b8e

SHA256
fc6803a3d91d436d23a77ac730575b5f72e387727f784a80724645b1314e685b

SHA512
f791325d622f20a75a6f184be3c2d2ebaf61abb6324b7c9ba4271374e391e5da068a267638e5acc910b9bd71d92c3ab914641b103fba1b0c604bdafc9986678b

Download Submit
C:\Windows\System\vVeCIgH.exe

Filesize
1.9MB

MD5
c1875c9fabc0a6ffd50f6e9ca0285145

SHA1
4a6877202ef71a66555e063dfd24408c86e1d089

SHA256
cda668dfa2111499af5887c0fb90665cd4b11bc2de79067a5d0d2ed7c684c0dd

SHA512
851d93cb4fb2d621b72a360a097b4ebc72eb9ddc6cff270d8c0a4990d8a105f23e89efb9a9574ffe5c51dbf9119cc02946e48342f02c6ff484a44cd1c85c8cae

Download Submit
C:\Windows\System\vtDtZzm.exe

Filesize
1.9MB

MD5
c27c5f15fccb50bbfe1534bc56304f94

SHA1
886e8fa599d190b0a5e1a5778f34aebc3b01b150

SHA256
2711083fc7586e0a91f0537eeccc17c309e69be62aa00f0a5703aa508f6b8fe2

SHA512
8144714809e2a1bb824913bd689e134a207bfce86ea1f3f670a8a370b7f7b68e9683020ab72bfd995e200f61fd3344783998ba265d65a38017481541d39dc6a8

Download Submit
C:\Windows\System\yDqtzVh.exe

Filesize
1.9MB

MD5
ce56c300841b44a7008d31a2e0887052

SHA1
bc5d33ed11a363c7d724da80c3861cc798c28af5

SHA256
257930fe7473562347338e5eb944f0f1f5a0c2e19c2f241a030b872053dc6aa6

SHA512
23625897ca5443241578291586285b11562777599499597411745286d467f821c694d51af1f9ea08765ab98657c65216bbbccff2208d7ad37072a03e284b81c3

Download Submit
C:\Windows\System\zPuiliN.exe

Filesize
1.9MB

MD5
823ea672b24559792296be99d577a804

SHA1
44fea7119370aed4c62c34e0bb0158b3be4823b9

SHA256
ab66b95617ff1b12c837f8c02a6830e67530c3c7f3d60bef344309c11b5d1049

SHA512
c3812158967650023a070bc79f4798786edb3c1171ccd1d593eccc13c0b598763e5dec32353ac48b2c68ac7551c83ee3e59c7458360cdf88b3bf8bbd5b115d9c

Download Submit
C:\Windows\System\zkBkZaL.exe

Filesize
1.9MB

MD5
c53502a277917f431724d765260cc04c

SHA1
7cba74045d326c49738e6012a489e3d9953e5a46

SHA256
0f296d104f11206df850cc038687e773a1192cef43aa96dc1a762db7910d3bfa

SHA512
8f8d83f8d67331e75ad747d5e44b9a9fbbf1b958fe940c93a6c3b8665098ab664400e08d9eb01d10d43e67575660ad72d94433f70f75d929c6d29efe004d685d

Download Submit
memory/648-2218-0x00007FF74FC50000-0x00007FF74FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/648-2206-0x00007FF74FC50000-0x00007FF74FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/648-108-0x00007FF74FC50000-0x00007FF74FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/876-175-0x00007FF6D0CF0000-0x00007FF6D1044000-memory.dmp

Filesize
3.3MB

Download
memory/876-2221-0x00007FF6D0CF0000-0x00007FF6D1044000-memory.dmp

Filesize
3.3MB

Download
memory/920-66-0x00007FF6E0670000-0x00007FF6E09C4000-memory.dmp

Filesize
3.3MB

Download
memory/920-2211-0x00007FF6E0670000-0x00007FF6E09C4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-2226-0x00007FF7D43A0000-0x00007FF7D46F4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-184-0x00007FF7D43A0000-0x00007FF7D46F4000-memory.dmp

Filesize
3.3MB

Download
memory/1140-2216-0x00007FF7AA9E0000-0x00007FF7AAD34000-memory.dmp

Filesize
3.3MB

Download
memory/1140-168-0x00007FF7AA9E0000-0x00007FF7AAD34000-memory.dmp

Filesize
3.3MB

Download
memory/1172-2227-0x00007FF622050000-0x00007FF6223A4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-196-0x00007FF622050000-0x00007FF6223A4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2204-0x00007FF63FFB0000-0x00007FF640304000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2217-0x00007FF63FFB0000-0x00007FF640304000-memory.dmp

Filesize
3.3MB

Download
memory/1252-48-0x00007FF63FFB0000-0x00007FF640304000-memory.dmp

Filesize
3.3MB

Download
memory/1492-194-0x00007FF6F99A0000-0x00007FF6F9CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2230-0x00007FF6F99A0000-0x00007FF6F9CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2220-0x00007FF76D5B0000-0x00007FF76D904000-memory.dmp

Filesize
3.3MB

Download
memory/1692-160-0x00007FF76D5B0000-0x00007FF76D904000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2222-0x00007FF64B290000-0x00007FF64B5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-176-0x00007FF64B290000-0x00007FF64B5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-191-0x00007FF6A4B70000-0x00007FF6A4EC4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2231-0x00007FF6A4B70000-0x00007FF6A4EC4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-37-0x00007FF654F30000-0x00007FF655284000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2214-0x00007FF654F30000-0x00007FF655284000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2205-0x00007FF654F30000-0x00007FF655284000-memory.dmp

Filesize
3.3MB

Download
memory/2460-195-0x00007FF7F48B0000-0x00007FF7F4C04000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2236-0x00007FF7F48B0000-0x00007FF7F4C04000-memory.dmp

Filesize
3.3MB

Download
memory/2584-2225-0x00007FF65A960000-0x00007FF65ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-189-0x00007FF65A960000-0x00007FF65ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2233-0x00007FF69AC90000-0x00007FF69AFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-185-0x00007FF69AC90000-0x00007FF69AFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2223-0x00007FF7D48E0000-0x00007FF7D4C34000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2207-0x00007FF7D48E0000-0x00007FF7D4C34000-memory.dmp

Filesize
3.3MB

Download
memory/2828-112-0x00007FF7D48E0000-0x00007FF7D4C34000-memory.dmp

Filesize
3.3MB

Download
memory/3048-36-0x00007FF7EE410000-0x00007FF7EE764000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2210-0x00007FF7EE410000-0x00007FF7EE764000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2208-0x00007FF6841A0000-0x00007FF6844F4000-memory.dmp

Filesize
3.3MB

Download
memory/3128-13-0x00007FF6841A0000-0x00007FF6844F4000-memory.dmp

Filesize
3.3MB

Download
memory/3276-2234-0x00007FF7CDED0000-0x00007FF7CE224000-memory.dmp

Filesize
3.3MB

Download
memory/3276-193-0x00007FF7CDED0000-0x00007FF7CE224000-memory.dmp

Filesize
3.3MB

Download
memory/3360-2229-0x00007FF6968E0000-0x00007FF696C34000-memory.dmp

Filesize
3.3MB

Download
memory/3360-198-0x00007FF6968E0000-0x00007FF696C34000-memory.dmp

Filesize
3.3MB

Download
memory/3364-87-0x00007FF7AFAC0000-0x00007FF7AFE14000-memory.dmp

Filesize
3.3MB

Download
memory/3364-2213-0x00007FF7AFAC0000-0x00007FF7AFE14000-memory.dmp

Filesize
3.3MB

Download
memory/3400-1-0x00000244EC570000-0x00000244EC580000-memory.dmp

Filesize
64KB

Download
memory/3400-0-0x00007FF64D170000-0x00007FF64D4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-52-0x00007FF6E6C80000-0x00007FF6E6FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-2212-0x00007FF6E6C80000-0x00007FF6E6FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2224-0x00007FF7E2E80000-0x00007FF7E31D4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-190-0x00007FF7E2E80000-0x00007FF7E31D4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-2235-0x00007FF7F42F0000-0x00007FF7F4644000-memory.dmp

Filesize
3.3MB

Download
memory/3716-200-0x00007FF7F42F0000-0x00007FF7F4644000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2228-0x00007FF63BCC0000-0x00007FF63C014000-memory.dmp

Filesize
3.3MB

Download
memory/4108-199-0x00007FF63BCC0000-0x00007FF63C014000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2209-0x00007FF795CB0000-0x00007FF796004000-memory.dmp

Filesize
3.3MB

Download
memory/4528-22-0x00007FF795CB0000-0x00007FF796004000-memory.dmp

Filesize
3.3MB

Download
memory/4564-192-0x00007FF6BA460000-0x00007FF6BA7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4564-2232-0x00007FF6BA460000-0x00007FF6BA7B4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-197-0x00007FF7B58D0000-0x00007FF7B5C24000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2219-0x00007FF7B58D0000-0x00007FF7B5C24000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2215-0x00007FF63A910000-0x00007FF63AC64000-memory.dmp

Filesize
3.3MB

Download
memory/4956-139-0x00007FF63A910000-0x00007FF63AC64000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads