xmrig | d3db590cf42c05b72d95c843db4ad30c44c0aa65246546972c11bb2fa7006ab0

Analysis

max time kernel
149s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
Size

1.6MB
MD5

66a7cb3dfd203cb06a0147427df794d0
SHA1

e612f7fc81feb4ae2bb8266a3dc03c1940193de9
SHA256

d3db590cf42c05b72d95c843db4ad30c44c0aa65246546972c11bb2fa7006ab0
SHA512

66ba9af5cedf7518484f17f80cf4b96c4679c851fe8bdee3105f844dcabc22a058e35a973b807ef2cc4f47ddf95a09f75b287d7694ec17a5de778f3b189dc43a
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv32wTidpo3IpuOQ+g4NOo:BezaTF8FcNkNdfE0pZ9ozt4wIX+d8P+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4456-0-0x00007FF7B2BB0000-0x00007FF7B2F04000-memory.dmp	xmrig
behavioral2/files/0x0006000000023288-5.dat	xmrig
behavioral2/files/0x00070000000233f3-33.dat	xmrig
behavioral2/memory/548-53-0x00007FF73E260000-0x00007FF73E5B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fe-66.dat	xmrig
behavioral2/files/0x0007000000023401-101.dat	xmrig
behavioral2/files/0x0007000000023403-114.dat	xmrig
behavioral2/files/0x000700000002340a-138.dat	xmrig
behavioral2/files/0x0007000000023410-156.dat	xmrig
behavioral2/files/0x000700000002340b-177.dat	xmrig
behavioral2/memory/4900-189-0x00007FF724230000-0x00007FF724584000-memory.dmp	xmrig
behavioral2/memory/2824-197-0x00007FF778C30000-0x00007FF778F84000-memory.dmp	xmrig
behavioral2/memory/4820-203-0x00007FF648B80000-0x00007FF648ED4000-memory.dmp	xmrig
behavioral2/memory/1428-206-0x00007FF6AB910000-0x00007FF6ABC64000-memory.dmp	xmrig
behavioral2/memory/3164-205-0x00007FF7CB2A0000-0x00007FF7CB5F4000-memory.dmp	xmrig
behavioral2/memory/5176-204-0x00007FF6DB9A0000-0x00007FF6DBCF4000-memory.dmp	xmrig
behavioral2/memory/760-202-0x00007FF69C390000-0x00007FF69C6E4000-memory.dmp	xmrig
behavioral2/memory/3204-201-0x00007FF6A8A30000-0x00007FF6A8D84000-memory.dmp	xmrig
behavioral2/memory/3112-200-0x00007FF7E9660000-0x00007FF7E99B4000-memory.dmp	xmrig
behavioral2/memory/1628-199-0x00007FF725E90000-0x00007FF7261E4000-memory.dmp	xmrig
behavioral2/memory/4796-198-0x00007FF7C5990000-0x00007FF7C5CE4000-memory.dmp	xmrig
behavioral2/memory/2720-196-0x00007FF6C5F30000-0x00007FF6C6284000-memory.dmp	xmrig
behavioral2/memory/456-195-0x00007FF673780000-0x00007FF673AD4000-memory.dmp	xmrig
behavioral2/memory/4432-194-0x00007FF7D5D00000-0x00007FF7D6054000-memory.dmp	xmrig
behavioral2/memory/5292-190-0x00007FF60B8B0000-0x00007FF60BC04000-memory.dmp	xmrig
behavioral2/memory/4708-183-0x00007FF7DBFD0000-0x00007FF7DC324000-memory.dmp	xmrig
behavioral2/memory/4984-182-0x00007FF68C0A0000-0x00007FF68C3F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-181.dat	xmrig
behavioral2/files/0x000700000002340d-179.dat	xmrig
behavioral2/memory/5008-176-0x00007FF7B6520000-0x00007FF7B6874000-memory.dmp	xmrig
behavioral2/memory/2608-169-0x00007FF72F5C0000-0x00007FF72F914000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-167.dat	xmrig
behavioral2/files/0x0007000000023408-165.dat	xmrig
behavioral2/files/0x0007000000023412-164.dat	xmrig
behavioral2/files/0x0007000000023407-162.dat	xmrig
behavioral2/files/0x0007000000023411-161.dat	xmrig
behavioral2/files/0x000700000002340c-159.dat	xmrig
behavioral2/files/0x0007000000023406-157.dat	xmrig
behavioral2/files/0x0007000000023405-154.dat	xmrig
behavioral2/files/0x000700000002340f-153.dat	xmrig
behavioral2/files/0x000700000002340e-152.dat	xmrig
behavioral2/memory/5416-151-0x00007FF611180000-0x00007FF6114D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023404-133.dat	xmrig
behavioral2/memory/5192-132-0x00007FF7FA300000-0x00007FF7FA654000-memory.dmp	xmrig
behavioral2/memory/4456-2163-0x00007FF7B2BB0000-0x00007FF7B2F04000-memory.dmp	xmrig
behavioral2/memory/3432-2165-0x00007FF76AA50000-0x00007FF76ADA4000-memory.dmp	xmrig
behavioral2/memory/548-2166-0x00007FF73E260000-0x00007FF73E5B4000-memory.dmp	xmrig
behavioral2/memory/984-2164-0x00007FF6CF330000-0x00007FF6CF684000-memory.dmp	xmrig
behavioral2/memory/3120-2168-0x00007FF658450000-0x00007FF6587A4000-memory.dmp	xmrig
behavioral2/memory/1508-2167-0x00007FF7A6D20000-0x00007FF7A7074000-memory.dmp	xmrig
behavioral2/memory/1252-131-0x00007FF761F10000-0x00007FF762264000-memory.dmp	xmrig
behavioral2/memory/3120-111-0x00007FF658450000-0x00007FF6587A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-105.dat	xmrig
behavioral2/files/0x00070000000233fd-99.dat	xmrig
behavioral2/files/0x00070000000233fc-89.dat	xmrig
behavioral2/files/0x00070000000233fa-87.dat	xmrig
behavioral2/files/0x00070000000233f9-81.dat	xmrig
behavioral2/memory/1508-78-0x00007FF7A6D20000-0x00007FF7A7074000-memory.dmp	xmrig
behavioral2/files/0x0007000000023400-77.dat	xmrig
behavioral2/files/0x00070000000233f8-75.dat	xmrig
behavioral2/memory/3320-73-0x00007FF6AC730000-0x00007FF6ACA84000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ff-72.dat	xmrig
behavioral2/files/0x00070000000233f7-70.dat	xmrig
behavioral2/files/0x00070000000233f6-60.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
5324	kWpADLf.exe
984	BcHwYmf.exe
3432	EkWeVuU.exe
548	CYHDukk.exe
3320	BGGUQEu.exe
1628	AQNngzp.exe
3112	sAdRxhn.exe
1508	BhFZkNb.exe
3120	kKlrWaN.exe
3204	LSJwBDH.exe
760	tAeAPjk.exe
1252	eZRgFNX.exe
5192	rWQpgzx.exe
5416	WthaUNG.exe
2608	ObcljiO.exe
4820	qREZUtJ.exe
5176	gBPDdFL.exe
5008	LMaieCN.exe
4984	SHMHPWg.exe
4708	gfjjqOA.exe
3164	yXxdJpx.exe
4900	ChldPpH.exe
5292	oRQltaG.exe
4432	gIUMdzF.exe
456	AEREfeV.exe
1428	LqLLwln.exe
2720	YzbyGTG.exe
2824	DnXIxgg.exe
4796	VpqPmpm.exe
4356	RwySJep.exe
2000	izMKWgl.exe
5740	LqZjJkB.exe
5404	MbrjCQK.exe
1616	PNNEdcU.exe
5708	GHVALlD.exe
5664	rqYuCws.exe
1476	dCSYTtG.exe
2940	LdleCLn.exe
948	kReCsVK.exe
3520	yZogDtM.exe
3184	MJfkwjc.exe
1492	IdJxiAe.exe
1880	IAcqTYx.exe
2524	TzWxKsB.exe
1432	rUpjwaE.exe
1544	bnhzAwU.exe
3428	vuDMiEg.exe
2016	UFSvFyE.exe
3716	RlIqwnX.exe
5576	SbhaCMs.exe
5520	yAgaqey.exe
2980	Jbcimsv.exe
2760	iNksZbF.exe
1860	HKcIGbk.exe
1340	mQQRaFZ.exe
5508	OuCIdVS.exe
2592	PgYDnKV.exe
5044	eeBKyrv.exe
1460	wHsFnov.exe
4204	ooVhyNU.exe
4172	zZXWGUS.exe
2088	cIhxntX.exe
2572	xpJzOYH.exe
5412	dWMSiSd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4456-0-0x00007FF7B2BB0000-0x00007FF7B2F04000-memory.dmp	upx
behavioral2/files/0x0006000000023288-5.dat	upx
behavioral2/files/0x00070000000233f3-33.dat	upx
behavioral2/memory/548-53-0x00007FF73E260000-0x00007FF73E5B4000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-66.dat	upx
behavioral2/files/0x0007000000023401-101.dat	upx
behavioral2/files/0x0007000000023403-114.dat	upx
behavioral2/files/0x000700000002340a-138.dat	upx
behavioral2/files/0x0007000000023410-156.dat	upx
behavioral2/files/0x000700000002340b-177.dat	upx
behavioral2/memory/4900-189-0x00007FF724230000-0x00007FF724584000-memory.dmp	upx
behavioral2/memory/2824-197-0x00007FF778C30000-0x00007FF778F84000-memory.dmp	upx
behavioral2/memory/4820-203-0x00007FF648B80000-0x00007FF648ED4000-memory.dmp	upx
behavioral2/memory/1428-206-0x00007FF6AB910000-0x00007FF6ABC64000-memory.dmp	upx
behavioral2/memory/3164-205-0x00007FF7CB2A0000-0x00007FF7CB5F4000-memory.dmp	upx
behavioral2/memory/5176-204-0x00007FF6DB9A0000-0x00007FF6DBCF4000-memory.dmp	upx
behavioral2/memory/760-202-0x00007FF69C390000-0x00007FF69C6E4000-memory.dmp	upx
behavioral2/memory/3204-201-0x00007FF6A8A30000-0x00007FF6A8D84000-memory.dmp	upx
behavioral2/memory/3112-200-0x00007FF7E9660000-0x00007FF7E99B4000-memory.dmp	upx
behavioral2/memory/1628-199-0x00007FF725E90000-0x00007FF7261E4000-memory.dmp	upx
behavioral2/memory/4796-198-0x00007FF7C5990000-0x00007FF7C5CE4000-memory.dmp	upx
behavioral2/memory/2720-196-0x00007FF6C5F30000-0x00007FF6C6284000-memory.dmp	upx
behavioral2/memory/456-195-0x00007FF673780000-0x00007FF673AD4000-memory.dmp	upx
behavioral2/memory/4432-194-0x00007FF7D5D00000-0x00007FF7D6054000-memory.dmp	upx
behavioral2/memory/5292-190-0x00007FF60B8B0000-0x00007FF60BC04000-memory.dmp	upx
behavioral2/memory/4708-183-0x00007FF7DBFD0000-0x00007FF7DC324000-memory.dmp	upx
behavioral2/memory/4984-182-0x00007FF68C0A0000-0x00007FF68C3F4000-memory.dmp	upx
behavioral2/files/0x0007000000023413-181.dat	upx
behavioral2/files/0x000700000002340d-179.dat	upx
behavioral2/memory/5008-176-0x00007FF7B6520000-0x00007FF7B6874000-memory.dmp	upx
behavioral2/memory/2608-169-0x00007FF72F5C0000-0x00007FF72F914000-memory.dmp	upx
behavioral2/files/0x0007000000023409-167.dat	upx
behavioral2/files/0x0007000000023408-165.dat	upx
behavioral2/files/0x0007000000023412-164.dat	upx
behavioral2/files/0x0007000000023407-162.dat	upx
behavioral2/files/0x0007000000023411-161.dat	upx
behavioral2/files/0x000700000002340c-159.dat	upx
behavioral2/files/0x0007000000023406-157.dat	upx
behavioral2/files/0x0007000000023405-154.dat	upx
behavioral2/files/0x000700000002340f-153.dat	upx
behavioral2/files/0x000700000002340e-152.dat	upx
behavioral2/memory/5416-151-0x00007FF611180000-0x00007FF6114D4000-memory.dmp	upx
behavioral2/files/0x0007000000023404-133.dat	upx
behavioral2/memory/5192-132-0x00007FF7FA300000-0x00007FF7FA654000-memory.dmp	upx
behavioral2/memory/4456-2163-0x00007FF7B2BB0000-0x00007FF7B2F04000-memory.dmp	upx
behavioral2/memory/3432-2165-0x00007FF76AA50000-0x00007FF76ADA4000-memory.dmp	upx
behavioral2/memory/548-2166-0x00007FF73E260000-0x00007FF73E5B4000-memory.dmp	upx
behavioral2/memory/984-2164-0x00007FF6CF330000-0x00007FF6CF684000-memory.dmp	upx
behavioral2/memory/3120-2168-0x00007FF658450000-0x00007FF6587A4000-memory.dmp	upx
behavioral2/memory/1508-2167-0x00007FF7A6D20000-0x00007FF7A7074000-memory.dmp	upx
behavioral2/memory/1252-131-0x00007FF761F10000-0x00007FF762264000-memory.dmp	upx
behavioral2/memory/3120-111-0x00007FF658450000-0x00007FF6587A4000-memory.dmp	upx
behavioral2/files/0x0007000000023402-105.dat	upx
behavioral2/files/0x00070000000233fd-99.dat	upx
behavioral2/files/0x00070000000233fc-89.dat	upx
behavioral2/files/0x00070000000233fa-87.dat	upx
behavioral2/files/0x00070000000233f9-81.dat	upx
behavioral2/memory/1508-78-0x00007FF7A6D20000-0x00007FF7A7074000-memory.dmp	upx
behavioral2/files/0x0007000000023400-77.dat	upx
behavioral2/files/0x00070000000233f8-75.dat	upx
behavioral2/memory/3320-73-0x00007FF6AC730000-0x00007FF6ACA84000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-72.dat	upx
behavioral2/files/0x00070000000233f7-70.dat	upx
behavioral2/files/0x00070000000233f6-60.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KcgzFFz.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\TIFvyjx.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\dAbWZdB.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\sFmRHiP.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\lnTkVeJ.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\tnbSdxP.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\UUqbicz.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\ayjFLvt.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\yEnbnAm.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\EobtDrV.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\MbrjCQK.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\EfjDpyL.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\bFYVZLl.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\MJPSzRm.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\BWfvoao.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\WSLvDMg.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\EaNceJQ.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\pvqrhaN.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\eSsfgOC.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\ILDznBh.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\xMpbzQs.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\dRnwDrn.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\LqLLwln.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\swNiavJ.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\mMbpSdq.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\BZStrBf.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\WJZrdKm.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\XfDIBvL.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\feCHsyI.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\jFvPfkk.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\OaQuMVf.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\pWWXmCl.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\NYBvYyo.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\LkXcXsj.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\OCMwhKM.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\wgJEVad.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\lVdJWqm.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\LMaieCN.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\DOavWHG.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\vevjsPc.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\NmQTfxo.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\EdAhKai.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\RwySJep.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\GUGbVuR.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\HvRbAQB.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\tUtswUA.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\ePFrWpn.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\Uugznga.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\cmOzVJE.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\eMOwCas.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\BiccNNe.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\AzGHUVD.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\uVEyyQG.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\sEmXnSw.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\QESkUsh.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\eaHZLtB.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\qqBGjDn.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\hssTvGq.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\UfeqzJT.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\tvxSYnl.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\eGzUdQc.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\VGndgsq.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\aETAfIB.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
File created	C:\Windows\System\xtSInXs.exe	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13180	dwm.exe
Token: SeChangeNotifyPrivilege	13180	dwm.exe
Token: 33	13180	dwm.exe
Token: SeIncBasePriorityPrivilege	13180	dwm.exe
Token: SeShutdownPrivilege	13180	dwm.exe
Token: SeCreatePagefilePrivilege	13180	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 5324	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	83
PID 4456 wrote to memory of 5324	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	83
PID 4456 wrote to memory of 984	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	84
PID 4456 wrote to memory of 984	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	84
PID 4456 wrote to memory of 3432	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	85
PID 4456 wrote to memory of 3432	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	85
PID 4456 wrote to memory of 3320	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	86
PID 4456 wrote to memory of 3320	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	86
PID 4456 wrote to memory of 548	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	87
PID 4456 wrote to memory of 548	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	87
PID 4456 wrote to memory of 1628	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	88
PID 4456 wrote to memory of 1628	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	88
PID 4456 wrote to memory of 3112	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	89
PID 4456 wrote to memory of 3112	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	89
PID 4456 wrote to memory of 760	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	90
PID 4456 wrote to memory of 760	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	90
PID 4456 wrote to memory of 1508	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	91
PID 4456 wrote to memory of 1508	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	91
PID 4456 wrote to memory of 3120	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	92
PID 4456 wrote to memory of 3120	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	92
PID 4456 wrote to memory of 3204	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	93
PID 4456 wrote to memory of 3204	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	93
PID 4456 wrote to memory of 1252	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	94
PID 4456 wrote to memory of 1252	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	94
PID 4456 wrote to memory of 5192	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	95
PID 4456 wrote to memory of 5192	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	95
PID 4456 wrote to memory of 5416	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	96
PID 4456 wrote to memory of 5416	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	96
PID 4456 wrote to memory of 2608	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	97
PID 4456 wrote to memory of 2608	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	97
PID 4456 wrote to memory of 4820	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	98
PID 4456 wrote to memory of 4820	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	98
PID 4456 wrote to memory of 5176	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	99
PID 4456 wrote to memory of 5176	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	99
PID 4456 wrote to memory of 5008	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	100
PID 4456 wrote to memory of 5008	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	100
PID 4456 wrote to memory of 4984	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	101
PID 4456 wrote to memory of 4984	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	101
PID 4456 wrote to memory of 4708	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	102
PID 4456 wrote to memory of 4708	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	102
PID 4456 wrote to memory of 3164	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	103
PID 4456 wrote to memory of 3164	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	103
PID 4456 wrote to memory of 4900	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	104
PID 4456 wrote to memory of 4900	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	104
PID 4456 wrote to memory of 5292	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	105
PID 4456 wrote to memory of 5292	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	105
PID 4456 wrote to memory of 4432	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	106
PID 4456 wrote to memory of 4432	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	106
PID 4456 wrote to memory of 456	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	107
PID 4456 wrote to memory of 456	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	107
PID 4456 wrote to memory of 1428	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	108
PID 4456 wrote to memory of 1428	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	108
PID 4456 wrote to memory of 2720	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	109
PID 4456 wrote to memory of 2720	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	109
PID 4456 wrote to memory of 2824	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	110
PID 4456 wrote to memory of 2824	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	110
PID 4456 wrote to memory of 4796	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	111
PID 4456 wrote to memory of 4796	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	111
PID 4456 wrote to memory of 4356	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	112
PID 4456 wrote to memory of 4356	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	112
PID 4456 wrote to memory of 2000	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	113
PID 4456 wrote to memory of 2000	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	113
PID 4456 wrote to memory of 5740	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	114
PID 4456 wrote to memory of 5740	4456	66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe	114

C:\Users\Admin\AppData\Local\Temp\66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\66a7cb3dfd203cb06a0147427df794d0_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Windows\System\kWpADLf.exe
  C:\Windows\System\kWpADLf.exe
  2⤵
  - Executes dropped EXE
  PID:5324
- C:\Windows\System\BcHwYmf.exe
  C:\Windows\System\BcHwYmf.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\EkWeVuU.exe
  C:\Windows\System\EkWeVuU.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\BGGUQEu.exe
  C:\Windows\System\BGGUQEu.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\CYHDukk.exe
  C:\Windows\System\CYHDukk.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\AQNngzp.exe
  C:\Windows\System\AQNngzp.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\sAdRxhn.exe
  C:\Windows\System\sAdRxhn.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\tAeAPjk.exe
  C:\Windows\System\tAeAPjk.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\BhFZkNb.exe
  C:\Windows\System\BhFZkNb.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\kKlrWaN.exe
  C:\Windows\System\kKlrWaN.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\LSJwBDH.exe
  C:\Windows\System\LSJwBDH.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\eZRgFNX.exe
  C:\Windows\System\eZRgFNX.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\rWQpgzx.exe
  C:\Windows\System\rWQpgzx.exe
  2⤵
  - Executes dropped EXE
  PID:5192
- C:\Windows\System\WthaUNG.exe
  C:\Windows\System\WthaUNG.exe
  2⤵
  - Executes dropped EXE
  PID:5416
- C:\Windows\System\ObcljiO.exe
  C:\Windows\System\ObcljiO.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\qREZUtJ.exe
  C:\Windows\System\qREZUtJ.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\gBPDdFL.exe
  C:\Windows\System\gBPDdFL.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\LMaieCN.exe
  C:\Windows\System\LMaieCN.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\SHMHPWg.exe
  C:\Windows\System\SHMHPWg.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\gfjjqOA.exe
  C:\Windows\System\gfjjqOA.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\yXxdJpx.exe
  C:\Windows\System\yXxdJpx.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\ChldPpH.exe
  C:\Windows\System\ChldPpH.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\oRQltaG.exe
  C:\Windows\System\oRQltaG.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System\gIUMdzF.exe
  C:\Windows\System\gIUMdzF.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\AEREfeV.exe
  C:\Windows\System\AEREfeV.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\LqLLwln.exe
  C:\Windows\System\LqLLwln.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\YzbyGTG.exe
  C:\Windows\System\YzbyGTG.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\DnXIxgg.exe
  C:\Windows\System\DnXIxgg.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\VpqPmpm.exe
  C:\Windows\System\VpqPmpm.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\RwySJep.exe
  C:\Windows\System\RwySJep.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\izMKWgl.exe
  C:\Windows\System\izMKWgl.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\LqZjJkB.exe
  C:\Windows\System\LqZjJkB.exe
  2⤵
  - Executes dropped EXE
  PID:5740
- C:\Windows\System\MbrjCQK.exe
  C:\Windows\System\MbrjCQK.exe
  2⤵
  - Executes dropped EXE
  PID:5404
- C:\Windows\System\PNNEdcU.exe
  C:\Windows\System\PNNEdcU.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\GHVALlD.exe
  C:\Windows\System\GHVALlD.exe
  2⤵
  - Executes dropped EXE
  PID:5708
- C:\Windows\System\rqYuCws.exe
  C:\Windows\System\rqYuCws.exe
  2⤵
  - Executes dropped EXE
  PID:5664
- C:\Windows\System\dCSYTtG.exe
  C:\Windows\System\dCSYTtG.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\LdleCLn.exe
  C:\Windows\System\LdleCLn.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\kReCsVK.exe
  C:\Windows\System\kReCsVK.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\yZogDtM.exe
  C:\Windows\System\yZogDtM.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\MJfkwjc.exe
  C:\Windows\System\MJfkwjc.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\IdJxiAe.exe
  C:\Windows\System\IdJxiAe.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\IAcqTYx.exe
  C:\Windows\System\IAcqTYx.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\TzWxKsB.exe
  C:\Windows\System\TzWxKsB.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\rUpjwaE.exe
  C:\Windows\System\rUpjwaE.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\bnhzAwU.exe
  C:\Windows\System\bnhzAwU.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\vuDMiEg.exe
  C:\Windows\System\vuDMiEg.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\UFSvFyE.exe
  C:\Windows\System\UFSvFyE.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\RlIqwnX.exe
  C:\Windows\System\RlIqwnX.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\SbhaCMs.exe
  C:\Windows\System\SbhaCMs.exe
  2⤵
  - Executes dropped EXE
  PID:5576
- C:\Windows\System\yAgaqey.exe
  C:\Windows\System\yAgaqey.exe
  2⤵
  - Executes dropped EXE
  PID:5520
- C:\Windows\System\Jbcimsv.exe
  C:\Windows\System\Jbcimsv.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\iNksZbF.exe
  C:\Windows\System\iNksZbF.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\HKcIGbk.exe
  C:\Windows\System\HKcIGbk.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\mQQRaFZ.exe
  C:\Windows\System\mQQRaFZ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\OuCIdVS.exe
  C:\Windows\System\OuCIdVS.exe
  2⤵
  - Executes dropped EXE
  PID:5508
- C:\Windows\System\PgYDnKV.exe
  C:\Windows\System\PgYDnKV.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\eeBKyrv.exe
  C:\Windows\System\eeBKyrv.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\wHsFnov.exe
  C:\Windows\System\wHsFnov.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\ooVhyNU.exe
  C:\Windows\System\ooVhyNU.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\zZXWGUS.exe
  C:\Windows\System\zZXWGUS.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\cIhxntX.exe
  C:\Windows\System\cIhxntX.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\xpJzOYH.exe
  C:\Windows\System\xpJzOYH.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\dWMSiSd.exe
  C:\Windows\System\dWMSiSd.exe
  2⤵
  - Executes dropped EXE
  PID:5412
- C:\Windows\System\YSHTKQv.exe
  C:\Windows\System\YSHTKQv.exe
  2⤵
  PID:4776
- C:\Windows\System\TGdKKGh.exe
  C:\Windows\System\TGdKKGh.exe
  2⤵
  PID:2020
- C:\Windows\System\vJxamwC.exe
  C:\Windows\System\vJxamwC.exe
  2⤵
  PID:5644
- C:\Windows\System\lxYoWsU.exe
  C:\Windows\System\lxYoWsU.exe
  2⤵
  PID:4516
- C:\Windows\System\SjFNQqD.exe
  C:\Windows\System\SjFNQqD.exe
  2⤵
  PID:5480
- C:\Windows\System\jFwDzbS.exe
  C:\Windows\System\jFwDzbS.exe
  2⤵
  PID:4480
- C:\Windows\System\HFEWlTM.exe
  C:\Windows\System\HFEWlTM.exe
  2⤵
  PID:4972
- C:\Windows\System\AARPSBh.exe
  C:\Windows\System\AARPSBh.exe
  2⤵
  PID:5488
- C:\Windows\System\PBFocSz.exe
  C:\Windows\System\PBFocSz.exe
  2⤵
  PID:2328
- C:\Windows\System\PsHodYH.exe
  C:\Windows\System\PsHodYH.exe
  2⤵
  PID:2748
- C:\Windows\System\TtrxSAE.exe
  C:\Windows\System\TtrxSAE.exe
  2⤵
  PID:1808
- C:\Windows\System\TucycxC.exe
  C:\Windows\System\TucycxC.exe
  2⤵
  PID:6120
- C:\Windows\System\iVLLFKn.exe
  C:\Windows\System\iVLLFKn.exe
  2⤵
  PID:5368
- C:\Windows\System\qexJMst.exe
  C:\Windows\System\qexJMst.exe
  2⤵
  PID:1156
- C:\Windows\System\WGXwPwQ.exe
  C:\Windows\System\WGXwPwQ.exe
  2⤵
  PID:4800
- C:\Windows\System\tLPrpQg.exe
  C:\Windows\System\tLPrpQg.exe
  2⤵
  PID:4292
- C:\Windows\System\BVhAobK.exe
  C:\Windows\System\BVhAobK.exe
  2⤵
  PID:4396
- C:\Windows\System\ZTHCinw.exe
  C:\Windows\System\ZTHCinw.exe
  2⤵
  PID:5364
- C:\Windows\System\frcDFAA.exe
  C:\Windows\System\frcDFAA.exe
  2⤵
  PID:440
- C:\Windows\System\HhuXGcN.exe
  C:\Windows\System\HhuXGcN.exe
  2⤵
  PID:6008
- C:\Windows\System\ZLMEISM.exe
  C:\Windows\System\ZLMEISM.exe
  2⤵
  PID:3804
- C:\Windows\System\GPQmlul.exe
  C:\Windows\System\GPQmlul.exe
  2⤵
  PID:3312
- C:\Windows\System\xfzNHFq.exe
  C:\Windows\System\xfzNHFq.exe
  2⤵
  PID:3228
- C:\Windows\System\jsiderP.exe
  C:\Windows\System\jsiderP.exe
  2⤵
  PID:4016
- C:\Windows\System\xydtlsg.exe
  C:\Windows\System\xydtlsg.exe
  2⤵
  PID:4960
- C:\Windows\System\HFzwZpv.exe
  C:\Windows\System\HFzwZpv.exe
  2⤵
  PID:5048
- C:\Windows\System\pHkaTCF.exe
  C:\Windows\System\pHkaTCF.exe
  2⤵
  PID:4512
- C:\Windows\System\jOSQhKj.exe
  C:\Windows\System\jOSQhKj.exe
  2⤵
  PID:2168
- C:\Windows\System\lNTkedB.exe
  C:\Windows\System\lNTkedB.exe
  2⤵
  PID:4828
- C:\Windows\System\DOavWHG.exe
  C:\Windows\System\DOavWHG.exe
  2⤵
  PID:516
- C:\Windows\System\XquqRTt.exe
  C:\Windows\System\XquqRTt.exe
  2⤵
  PID:5544
- C:\Windows\System\kwSuvUf.exe
  C:\Windows\System\kwSuvUf.exe
  2⤵
  PID:2968
- C:\Windows\System\cYGrWcN.exe
  C:\Windows\System\cYGrWcN.exe
  2⤵
  PID:3212
- C:\Windows\System\bjuglVK.exe
  C:\Windows\System\bjuglVK.exe
  2⤵
  PID:2084
- C:\Windows\System\GMjdjTk.exe
  C:\Windows\System\GMjdjTk.exe
  2⤵
  PID:1700
- C:\Windows\System\vcPXJvU.exe
  C:\Windows\System\vcPXJvU.exe
  2⤵
  PID:1992
- C:\Windows\System\tnbSdxP.exe
  C:\Windows\System\tnbSdxP.exe
  2⤵
  PID:1888
- C:\Windows\System\rkFvffy.exe
  C:\Windows\System\rkFvffy.exe
  2⤵
  PID:5280
- C:\Windows\System\yeIGYfW.exe
  C:\Windows\System\yeIGYfW.exe
  2⤵
  PID:3288
- C:\Windows\System\nstxEQU.exe
  C:\Windows\System\nstxEQU.exe
  2⤵
  PID:1496
- C:\Windows\System\wFuJYRQ.exe
  C:\Windows\System\wFuJYRQ.exe
  2⤵
  PID:1148
- C:\Windows\System\ncCuFIR.exe
  C:\Windows\System\ncCuFIR.exe
  2⤵
  PID:5036
- C:\Windows\System\UUqbicz.exe
  C:\Windows\System\UUqbicz.exe
  2⤵
  PID:5724
- C:\Windows\System\DIwSBNo.exe
  C:\Windows\System\DIwSBNo.exe
  2⤵
  PID:4668
- C:\Windows\System\AqCoXWt.exe
  C:\Windows\System\AqCoXWt.exe
  2⤵
  PID:4724
- C:\Windows\System\ChEsbUz.exe
  C:\Windows\System\ChEsbUz.exe
  2⤵
  PID:2344
- C:\Windows\System\fcHTIqL.exe
  C:\Windows\System\fcHTIqL.exe
  2⤵
  PID:5096
- C:\Windows\System\pZOFGAE.exe
  C:\Windows\System\pZOFGAE.exe
  2⤵
  PID:2336
- C:\Windows\System\eGzUdQc.exe
  C:\Windows\System\eGzUdQc.exe
  2⤵
  PID:5172
- C:\Windows\System\BiccNNe.exe
  C:\Windows\System\BiccNNe.exe
  2⤵
  PID:836
- C:\Windows\System\Nsunjkd.exe
  C:\Windows\System\Nsunjkd.exe
  2⤵
  PID:2056
- C:\Windows\System\gbJqXuW.exe
  C:\Windows\System\gbJqXuW.exe
  2⤵
  PID:464
- C:\Windows\System\UFajBLh.exe
  C:\Windows\System\UFajBLh.exe
  2⤵
  PID:5408
- C:\Windows\System\HKEzqMl.exe
  C:\Windows\System\HKEzqMl.exe
  2⤵
  PID:5776
- C:\Windows\System\eGejjtM.exe
  C:\Windows\System\eGejjtM.exe
  2⤵
  PID:3252
- C:\Windows\System\mqifUoO.exe
  C:\Windows\System\mqifUoO.exe
  2⤵
  PID:1568
- C:\Windows\System\OaQuMVf.exe
  C:\Windows\System\OaQuMVf.exe
  2⤵
  PID:4620
- C:\Windows\System\SXpepFg.exe
  C:\Windows\System\SXpepFg.exe
  2⤵
  PID:4076
- C:\Windows\System\JQNlNKz.exe
  C:\Windows\System\JQNlNKz.exe
  2⤵
  PID:3720
- C:\Windows\System\TczcNYj.exe
  C:\Windows\System\TczcNYj.exe
  2⤵
  PID:2584
- C:\Windows\System\IAqoAVo.exe
  C:\Windows\System\IAqoAVo.exe
  2⤵
  PID:2972
- C:\Windows\System\ZrYhvbV.exe
  C:\Windows\System\ZrYhvbV.exe
  2⤵
  PID:5160
- C:\Windows\System\mftksSA.exe
  C:\Windows\System\mftksSA.exe
  2⤵
  PID:4388
- C:\Windows\System\OSNhsUb.exe
  C:\Windows\System\OSNhsUb.exe
  2⤵
  PID:5076
- C:\Windows\System\RewQdAQ.exe
  C:\Windows\System\RewQdAQ.exe
  2⤵
  PID:748
- C:\Windows\System\ZsYDVXe.exe
  C:\Windows\System\ZsYDVXe.exe
  2⤵
  PID:1008
- C:\Windows\System\ZKpZBfa.exe
  C:\Windows\System\ZKpZBfa.exe
  2⤵
  PID:2480
- C:\Windows\System\ltIuLSR.exe
  C:\Windows\System\ltIuLSR.exe
  2⤵
  PID:4104
- C:\Windows\System\FuWfSEl.exe
  C:\Windows\System\FuWfSEl.exe
  2⤵
  PID:3640
- C:\Windows\System\HLhltzT.exe
  C:\Windows\System\HLhltzT.exe
  2⤵
  PID:1440
- C:\Windows\System\XuxNtvl.exe
  C:\Windows\System\XuxNtvl.exe
  2⤵
  PID:3740
- C:\Windows\System\OSxehME.exe
  C:\Windows\System\OSxehME.exe
  2⤵
  PID:5988
- C:\Windows\System\aKXUwpn.exe
  C:\Windows\System\aKXUwpn.exe
  2⤵
  PID:5204
- C:\Windows\System\mhIukak.exe
  C:\Windows\System\mhIukak.exe
  2⤵
  PID:1536
- C:\Windows\System\itxtJCs.exe
  C:\Windows\System\itxtJCs.exe
  2⤵
  PID:4736
- C:\Windows\System\ONpFfkW.exe
  C:\Windows\System\ONpFfkW.exe
  2⤵
  PID:5124
- C:\Windows\System\Fnixjan.exe
  C:\Windows\System\Fnixjan.exe
  2⤵
  PID:3992
- C:\Windows\System\XoCJeZP.exe
  C:\Windows\System\XoCJeZP.exe
  2⤵
  PID:4592
- C:\Windows\System\GSMViVZ.exe
  C:\Windows\System\GSMViVZ.exe
  2⤵
  PID:2136
- C:\Windows\System\mYbxfEA.exe
  C:\Windows\System\mYbxfEA.exe
  2⤵
  PID:1744
- C:\Windows\System\rJFSWnh.exe
  C:\Windows\System\rJFSWnh.exe
  2⤵
  PID:1936
- C:\Windows\System\eaHZLtB.exe
  C:\Windows\System\eaHZLtB.exe
  2⤵
  PID:6128
- C:\Windows\System\LiHyUGT.exe
  C:\Windows\System\LiHyUGT.exe
  2⤵
  PID:2808
- C:\Windows\System\jfAstBn.exe
  C:\Windows\System\jfAstBn.exe
  2⤵
  PID:2468
- C:\Windows\System\yZSncRG.exe
  C:\Windows\System\yZSncRG.exe
  2⤵
  PID:5752
- C:\Windows\System\DRESPyc.exe
  C:\Windows\System\DRESPyc.exe
  2⤵
  PID:2796
- C:\Windows\System\oxJHTPF.exe
  C:\Windows\System\oxJHTPF.exe
  2⤵
  PID:4808
- C:\Windows\System\VIrGIDG.exe
  C:\Windows\System\VIrGIDG.exe
  2⤵
  PID:5672
- C:\Windows\System\KcgzFFz.exe
  C:\Windows\System\KcgzFFz.exe
  2⤵
  PID:4136
- C:\Windows\System\DIDogtd.exe
  C:\Windows\System\DIDogtd.exe
  2⤵
  PID:6080
- C:\Windows\System\xKVBRqt.exe
  C:\Windows\System\xKVBRqt.exe
  2⤵
  PID:3020
- C:\Windows\System\AFMyUGl.exe
  C:\Windows\System\AFMyUGl.exe
  2⤵
  PID:3800
- C:\Windows\System\bcgYqLV.exe
  C:\Windows\System\bcgYqLV.exe
  2⤵
  PID:5744
- C:\Windows\System\npAmZKg.exe
  C:\Windows\System\npAmZKg.exe
  2⤵
  PID:1596
- C:\Windows\System\BCyMswo.exe
  C:\Windows\System\BCyMswo.exe
  2⤵
  PID:1028
- C:\Windows\System\kZPVuHL.exe
  C:\Windows\System\kZPVuHL.exe
  2⤵
  PID:4616
- C:\Windows\System\NKEtCkx.exe
  C:\Windows\System\NKEtCkx.exe
  2⤵
  PID:384
- C:\Windows\System\WUfPSaV.exe
  C:\Windows\System\WUfPSaV.exe
  2⤵
  PID:6152
- C:\Windows\System\OvpSoGz.exe
  C:\Windows\System\OvpSoGz.exe
  2⤵
  PID:6180
- C:\Windows\System\ISrCMsr.exe
  C:\Windows\System\ISrCMsr.exe
  2⤵
  PID:6208
- C:\Windows\System\LnFYMKZ.exe
  C:\Windows\System\LnFYMKZ.exe
  2⤵
  PID:6236
- C:\Windows\System\XtkKeuJ.exe
  C:\Windows\System\XtkKeuJ.exe
  2⤵
  PID:6276
- C:\Windows\System\ZUwUHxT.exe
  C:\Windows\System\ZUwUHxT.exe
  2⤵
  PID:6300
- C:\Windows\System\nSPeyDe.exe
  C:\Windows\System\nSPeyDe.exe
  2⤵
  PID:6328
- C:\Windows\System\qubIEZg.exe
  C:\Windows\System\qubIEZg.exe
  2⤵
  PID:6356
- C:\Windows\System\RmEzyFX.exe
  C:\Windows\System\RmEzyFX.exe
  2⤵
  PID:6388
- C:\Windows\System\zGQTpgj.exe
  C:\Windows\System\zGQTpgj.exe
  2⤵
  PID:6416
- C:\Windows\System\oPcQCBA.exe
  C:\Windows\System\oPcQCBA.exe
  2⤵
  PID:6444
- C:\Windows\System\pLXMADl.exe
  C:\Windows\System\pLXMADl.exe
  2⤵
  PID:6472
- C:\Windows\System\iTIwJjC.exe
  C:\Windows\System\iTIwJjC.exe
  2⤵
  PID:6508
- C:\Windows\System\IOJBxKj.exe
  C:\Windows\System\IOJBxKj.exe
  2⤵
  PID:6536
- C:\Windows\System\GUGbVuR.exe
  C:\Windows\System\GUGbVuR.exe
  2⤵
  PID:6568
- C:\Windows\System\BNwjIst.exe
  C:\Windows\System\BNwjIst.exe
  2⤵
  PID:6596
- C:\Windows\System\MDetUwO.exe
  C:\Windows\System\MDetUwO.exe
  2⤵
  PID:6624
- C:\Windows\System\SiYoIuO.exe
  C:\Windows\System\SiYoIuO.exe
  2⤵
  PID:6652
- C:\Windows\System\osnJgee.exe
  C:\Windows\System\osnJgee.exe
  2⤵
  PID:6704
- C:\Windows\System\VhNxdkT.exe
  C:\Windows\System\VhNxdkT.exe
  2⤵
  PID:6724
- C:\Windows\System\VKVjdfq.exe
  C:\Windows\System\VKVjdfq.exe
  2⤵
  PID:6756
- C:\Windows\System\jFvPfkk.exe
  C:\Windows\System\jFvPfkk.exe
  2⤵
  PID:6780
- C:\Windows\System\KRCZFVl.exe
  C:\Windows\System\KRCZFVl.exe
  2⤵
  PID:6808
- C:\Windows\System\akRUIrS.exe
  C:\Windows\System\akRUIrS.exe
  2⤵
  PID:6828
- C:\Windows\System\GfyGEIY.exe
  C:\Windows\System\GfyGEIY.exe
  2⤵
  PID:6864
- C:\Windows\System\QESkUsh.exe
  C:\Windows\System\QESkUsh.exe
  2⤵
  PID:6892
- C:\Windows\System\qzkksly.exe
  C:\Windows\System\qzkksly.exe
  2⤵
  PID:6928
- C:\Windows\System\waZKvGo.exe
  C:\Windows\System\waZKvGo.exe
  2⤵
  PID:6968
- C:\Windows\System\DWGuJYz.exe
  C:\Windows\System\DWGuJYz.exe
  2⤵
  PID:6996
- C:\Windows\System\phGXcrC.exe
  C:\Windows\System\phGXcrC.exe
  2⤵
  PID:7024
- C:\Windows\System\lcCgMGc.exe
  C:\Windows\System\lcCgMGc.exe
  2⤵
  PID:7064
- C:\Windows\System\qGryujm.exe
  C:\Windows\System\qGryujm.exe
  2⤵
  PID:7092
- C:\Windows\System\tIToRhh.exe
  C:\Windows\System\tIToRhh.exe
  2⤵
  PID:7124
- C:\Windows\System\WJpYsio.exe
  C:\Windows\System\WJpYsio.exe
  2⤵
  PID:7160
- C:\Windows\System\TGGmory.exe
  C:\Windows\System\TGGmory.exe
  2⤵
  PID:6176
- C:\Windows\System\vncwazV.exe
  C:\Windows\System\vncwazV.exe
  2⤵
  PID:6228
- C:\Windows\System\EaNceJQ.exe
  C:\Windows\System\EaNceJQ.exe
  2⤵
  PID:6296
- C:\Windows\System\twwuftS.exe
  C:\Windows\System\twwuftS.exe
  2⤵
  PID:6384
- C:\Windows\System\QItIOIZ.exe
  C:\Windows\System\QItIOIZ.exe
  2⤵
  PID:6456
- C:\Windows\System\vffSvmX.exe
  C:\Windows\System\vffSvmX.exe
  2⤵
  PID:6528
- C:\Windows\System\IoOnJRn.exe
  C:\Windows\System\IoOnJRn.exe
  2⤵
  PID:6592
- C:\Windows\System\phnldcp.exe
  C:\Windows\System\phnldcp.exe
  2⤵
  PID:6672
- C:\Windows\System\hLImcJm.exe
  C:\Windows\System\hLImcJm.exe
  2⤵
  PID:6772
- C:\Windows\System\TIFvyjx.exe
  C:\Windows\System\TIFvyjx.exe
  2⤵
  PID:6820
- C:\Windows\System\WHqXEZG.exe
  C:\Windows\System\WHqXEZG.exe
  2⤵
  PID:6888
- C:\Windows\System\AzGHUVD.exe
  C:\Windows\System\AzGHUVD.exe
  2⤵
  PID:6952
- C:\Windows\System\LEvDaoG.exe
  C:\Windows\System\LEvDaoG.exe
  2⤵
  PID:7048
- C:\Windows\System\mGsqPaY.exe
  C:\Windows\System\mGsqPaY.exe
  2⤵
  PID:7144
- C:\Windows\System\SeQsxEd.exe
  C:\Windows\System\SeQsxEd.exe
  2⤵
  PID:6284
- C:\Windows\System\ucfpEhD.exe
  C:\Windows\System\ucfpEhD.exe
  2⤵
  PID:6428
- C:\Windows\System\oyjwvIY.exe
  C:\Windows\System\oyjwvIY.exe
  2⤵
  PID:6588
- C:\Windows\System\rdpxlsh.exe
  C:\Windows\System\rdpxlsh.exe
  2⤵
  PID:6792
- C:\Windows\System\ZsTqshP.exe
  C:\Windows\System\ZsTqshP.exe
  2⤵
  PID:6948
- C:\Windows\System\swNiavJ.exe
  C:\Windows\System\swNiavJ.exe
  2⤵
  PID:7036
- C:\Windows\System\qqBGjDn.exe
  C:\Windows\System\qqBGjDn.exe
  2⤵
  PID:6164
- C:\Windows\System\JeYclsS.exe
  C:\Windows\System\JeYclsS.exe
  2⤵
  PID:6664
- C:\Windows\System\adYgpSZ.exe
  C:\Windows\System\adYgpSZ.exe
  2⤵
  PID:7156
- C:\Windows\System\kXmotXg.exe
  C:\Windows\System\kXmotXg.exe
  2⤵
  PID:6860
- C:\Windows\System\FxrBbxI.exe
  C:\Windows\System\FxrBbxI.exe
  2⤵
  PID:7196
- C:\Windows\System\BBZHEtE.exe
  C:\Windows\System\BBZHEtE.exe
  2⤵
  PID:7224
- C:\Windows\System\DtFWcAy.exe
  C:\Windows\System\DtFWcAy.exe
  2⤵
  PID:7252
- C:\Windows\System\NzITrlo.exe
  C:\Windows\System\NzITrlo.exe
  2⤵
  PID:7280
- C:\Windows\System\MxcbvIN.exe
  C:\Windows\System\MxcbvIN.exe
  2⤵
  PID:7308
- C:\Windows\System\gtMYthY.exe
  C:\Windows\System\gtMYthY.exe
  2⤵
  PID:7336
- C:\Windows\System\UwAqpEf.exe
  C:\Windows\System\UwAqpEf.exe
  2⤵
  PID:7364
- C:\Windows\System\lliTeOw.exe
  C:\Windows\System\lliTeOw.exe
  2⤵
  PID:7380
- C:\Windows\System\WZqnCkD.exe
  C:\Windows\System\WZqnCkD.exe
  2⤵
  PID:7420
- C:\Windows\System\sVbtBza.exe
  C:\Windows\System\sVbtBza.exe
  2⤵
  PID:7464
- C:\Windows\System\gWAKlEQ.exe
  C:\Windows\System\gWAKlEQ.exe
  2⤵
  PID:7496
- C:\Windows\System\FminFsc.exe
  C:\Windows\System\FminFsc.exe
  2⤵
  PID:7512
- C:\Windows\System\irRaprC.exe
  C:\Windows\System\irRaprC.exe
  2⤵
  PID:7540
- C:\Windows\System\RwmlGAg.exe
  C:\Windows\System\RwmlGAg.exe
  2⤵
  PID:7576
- C:\Windows\System\bTJMfuj.exe
  C:\Windows\System\bTJMfuj.exe
  2⤵
  PID:7604
- C:\Windows\System\NrOveIa.exe
  C:\Windows\System\NrOveIa.exe
  2⤵
  PID:7620
- C:\Windows\System\yeKHDIc.exe
  C:\Windows\System\yeKHDIc.exe
  2⤵
  PID:7648
- C:\Windows\System\ADobeUq.exe
  C:\Windows\System\ADobeUq.exe
  2⤵
  PID:7676
- C:\Windows\System\ziDUvRw.exe
  C:\Windows\System\ziDUvRw.exe
  2⤵
  PID:7708
- C:\Windows\System\LVVvdRD.exe
  C:\Windows\System\LVVvdRD.exe
  2⤵
  PID:7736
- C:\Windows\System\LJygFIo.exe
  C:\Windows\System\LJygFIo.exe
  2⤵
  PID:7768
- C:\Windows\System\hssTvGq.exe
  C:\Windows\System\hssTvGq.exe
  2⤵
  PID:7804
- C:\Windows\System\abZOFfx.exe
  C:\Windows\System\abZOFfx.exe
  2⤵
  PID:7836
- C:\Windows\System\rzGFXJq.exe
  C:\Windows\System\rzGFXJq.exe
  2⤵
  PID:7872
- C:\Windows\System\aFcVzoF.exe
  C:\Windows\System\aFcVzoF.exe
  2⤵
  PID:7908
- C:\Windows\System\RbzrbBD.exe
  C:\Windows\System\RbzrbBD.exe
  2⤵
  PID:7928
- C:\Windows\System\kHtwglP.exe
  C:\Windows\System\kHtwglP.exe
  2⤵
  PID:7964
- C:\Windows\System\uMyRSqI.exe
  C:\Windows\System\uMyRSqI.exe
  2⤵
  PID:7996
- C:\Windows\System\pWWXmCl.exe
  C:\Windows\System\pWWXmCl.exe
  2⤵
  PID:8024
- C:\Windows\System\HvRbAQB.exe
  C:\Windows\System\HvRbAQB.exe
  2⤵
  PID:8052
- C:\Windows\System\sJqJlPl.exe
  C:\Windows\System\sJqJlPl.exe
  2⤵
  PID:8080
- C:\Windows\System\vevjsPc.exe
  C:\Windows\System\vevjsPc.exe
  2⤵
  PID:8108
- C:\Windows\System\eceSlmA.exe
  C:\Windows\System\eceSlmA.exe
  2⤵
  PID:8144
- C:\Windows\System\fOEDrpe.exe
  C:\Windows\System\fOEDrpe.exe
  2⤵
  PID:8184
- C:\Windows\System\uSRKgfd.exe
  C:\Windows\System\uSRKgfd.exe
  2⤵
  PID:7208
- C:\Windows\System\NYBvYyo.exe
  C:\Windows\System\NYBvYyo.exe
  2⤵
  PID:7296
- C:\Windows\System\QsDyVxr.exe
  C:\Windows\System\QsDyVxr.exe
  2⤵
  PID:7352
- C:\Windows\System\CQfKjYH.exe
  C:\Windows\System\CQfKjYH.exe
  2⤵
  PID:7412
- C:\Windows\System\pzNhaPZ.exe
  C:\Windows\System\pzNhaPZ.exe
  2⤵
  PID:6564
- C:\Windows\System\WuhnxWI.exe
  C:\Windows\System\WuhnxWI.exe
  2⤵
  PID:7476
- C:\Windows\System\iDuTTWo.exe
  C:\Windows\System\iDuTTWo.exe
  2⤵
  PID:6916
- C:\Windows\System\cKqdHTe.exe
  C:\Windows\System\cKqdHTe.exe
  2⤵
  PID:7536
- C:\Windows\System\mBWFbKd.exe
  C:\Windows\System\mBWFbKd.exe
  2⤵
  PID:7612
- C:\Windows\System\QGWERyL.exe
  C:\Windows\System\QGWERyL.exe
  2⤵
  PID:7672
- C:\Windows\System\MzsakQA.exe
  C:\Windows\System\MzsakQA.exe
  2⤵
  PID:7728
- C:\Windows\System\cJxRBSX.exe
  C:\Windows\System\cJxRBSX.exe
  2⤵
  PID:7844
- C:\Windows\System\WSLvDMg.exe
  C:\Windows\System\WSLvDMg.exe
  2⤵
  PID:7888
- C:\Windows\System\qfFtmLZ.exe
  C:\Windows\System\qfFtmLZ.exe
  2⤵
  PID:7972
- C:\Windows\System\uPBERtS.exe
  C:\Windows\System\uPBERtS.exe
  2⤵
  PID:8040
- C:\Windows\System\wrAkLUy.exe
  C:\Windows\System\wrAkLUy.exe
  2⤵
  PID:8136
- C:\Windows\System\BqADhox.exe
  C:\Windows\System\BqADhox.exe
  2⤵
  PID:8176
- C:\Windows\System\ckDqOHB.exe
  C:\Windows\System\ckDqOHB.exe
  2⤵
  PID:7324
- C:\Windows\System\aHnAWVX.exe
  C:\Windows\System\aHnAWVX.exe
  2⤵
  PID:7448
- C:\Windows\System\WHgfQwT.exe
  C:\Windows\System\WHgfQwT.exe
  2⤵
  PID:6220
- C:\Windows\System\aSlLoYq.exe
  C:\Windows\System\aSlLoYq.exe
  2⤵
  PID:7532
- C:\Windows\System\AwDLxsG.exe
  C:\Windows\System\AwDLxsG.exe
  2⤵
  PID:7760
- C:\Windows\System\GFtsoKy.exe
  C:\Windows\System\GFtsoKy.exe
  2⤵
  PID:7952
- C:\Windows\System\TUcfbge.exe
  C:\Windows\System\TUcfbge.exe
  2⤵
  PID:8104
- C:\Windows\System\xIAxcXS.exe
  C:\Windows\System\xIAxcXS.exe
  2⤵
  PID:7248
- C:\Windows\System\dAbWZdB.exe
  C:\Windows\System\dAbWZdB.exe
  2⤵
  PID:7376
- C:\Windows\System\KOzafJL.exe
  C:\Windows\System\KOzafJL.exe
  2⤵
  PID:6644
- C:\Windows\System\pujGQyR.exe
  C:\Windows\System\pujGQyR.exe
  2⤵
  PID:8036
- C:\Windows\System\YoxLakU.exe
  C:\Windows\System\YoxLakU.exe
  2⤵
  PID:7192
- C:\Windows\System\uCnLJUN.exe
  C:\Windows\System\uCnLJUN.exe
  2⤵
  PID:7524
- C:\Windows\System\UyNRsbf.exe
  C:\Windows\System\UyNRsbf.exe
  2⤵
  PID:8212
- C:\Windows\System\OFurCnZ.exe
  C:\Windows\System\OFurCnZ.exe
  2⤵
  PID:8244
- C:\Windows\System\thXQRBU.exe
  C:\Windows\System\thXQRBU.exe
  2⤵
  PID:8268
- C:\Windows\System\tUtswUA.exe
  C:\Windows\System\tUtswUA.exe
  2⤵
  PID:8304
- C:\Windows\System\urtJQxZ.exe
  C:\Windows\System\urtJQxZ.exe
  2⤵
  PID:8332
- C:\Windows\System\sFmRHiP.exe
  C:\Windows\System\sFmRHiP.exe
  2⤵
  PID:8372
- C:\Windows\System\JqQNtWX.exe
  C:\Windows\System\JqQNtWX.exe
  2⤵
  PID:8400
- C:\Windows\System\rSUodnP.exe
  C:\Windows\System\rSUodnP.exe
  2⤵
  PID:8436
- C:\Windows\System\CooRHby.exe
  C:\Windows\System\CooRHby.exe
  2⤵
  PID:8468
- C:\Windows\System\dShquhZ.exe
  C:\Windows\System\dShquhZ.exe
  2⤵
  PID:8496
- C:\Windows\System\LkXcXsj.exe
  C:\Windows\System\LkXcXsj.exe
  2⤵
  PID:8532
- C:\Windows\System\OAzAvzJ.exe
  C:\Windows\System\OAzAvzJ.exe
  2⤵
  PID:8564
- C:\Windows\System\gaXpxbs.exe
  C:\Windows\System\gaXpxbs.exe
  2⤵
  PID:8592
- C:\Windows\System\JaMHkZM.exe
  C:\Windows\System\JaMHkZM.exe
  2⤵
  PID:8620
- C:\Windows\System\wSzcOAt.exe
  C:\Windows\System\wSzcOAt.exe
  2⤵
  PID:8648
- C:\Windows\System\uGcnvqS.exe
  C:\Windows\System\uGcnvqS.exe
  2⤵
  PID:8676
- C:\Windows\System\pGKsTFA.exe
  C:\Windows\System\pGKsTFA.exe
  2⤵
  PID:8700
- C:\Windows\System\XaBuxFV.exe
  C:\Windows\System\XaBuxFV.exe
  2⤵
  PID:8732
- C:\Windows\System\FOYLvpH.exe
  C:\Windows\System\FOYLvpH.exe
  2⤵
  PID:8756
- C:\Windows\System\SQHsIfe.exe
  C:\Windows\System\SQHsIfe.exe
  2⤵
  PID:8784
- C:\Windows\System\OFCRVAW.exe
  C:\Windows\System\OFCRVAW.exe
  2⤵
  PID:8808
- C:\Windows\System\iQlOtTb.exe
  C:\Windows\System\iQlOtTb.exe
  2⤵
  PID:8832
- C:\Windows\System\CaczniB.exe
  C:\Windows\System\CaczniB.exe
  2⤵
  PID:8852
- C:\Windows\System\OTMlmdH.exe
  C:\Windows\System\OTMlmdH.exe
  2⤵
  PID:8884
- C:\Windows\System\IiyeSil.exe
  C:\Windows\System\IiyeSil.exe
  2⤵
  PID:8916
- C:\Windows\System\QrGxibi.exe
  C:\Windows\System\QrGxibi.exe
  2⤵
  PID:8948
- C:\Windows\System\sVzIReg.exe
  C:\Windows\System\sVzIReg.exe
  2⤵
  PID:8968
- C:\Windows\System\hoHFAis.exe
  C:\Windows\System\hoHFAis.exe
  2⤵
  PID:9004
- C:\Windows\System\WCeJJzU.exe
  C:\Windows\System\WCeJJzU.exe
  2⤵
  PID:9028
- C:\Windows\System\KWrMiTw.exe
  C:\Windows\System\KWrMiTw.exe
  2⤵
  PID:9064
- C:\Windows\System\ayjFLvt.exe
  C:\Windows\System\ayjFLvt.exe
  2⤵
  PID:9096
- C:\Windows\System\NHhRduX.exe
  C:\Windows\System\NHhRduX.exe
  2⤵
  PID:9120
- C:\Windows\System\AETOugj.exe
  C:\Windows\System\AETOugj.exe
  2⤵
  PID:9148
- C:\Windows\System\utbFsoO.exe
  C:\Windows\System\utbFsoO.exe
  2⤵
  PID:9180
- C:\Windows\System\DTDGNhK.exe
  C:\Windows\System\DTDGNhK.exe
  2⤵
  PID:9212
- C:\Windows\System\mMbpSdq.exe
  C:\Windows\System\mMbpSdq.exe
  2⤵
  PID:8236
- C:\Windows\System\ukAcjsQ.exe
  C:\Windows\System\ukAcjsQ.exe
  2⤵
  PID:8264
- C:\Windows\System\KBqMirY.exe
  C:\Windows\System\KBqMirY.exe
  2⤵
  PID:8356
- C:\Windows\System\bpZCESJ.exe
  C:\Windows\System\bpZCESJ.exe
  2⤵
  PID:8396
- C:\Windows\System\eypxjjy.exe
  C:\Windows\System\eypxjjy.exe
  2⤵
  PID:8480
- C:\Windows\System\uVEyyQG.exe
  C:\Windows\System\uVEyyQG.exe
  2⤵
  PID:8544
- C:\Windows\System\AMQqdfG.exe
  C:\Windows\System\AMQqdfG.exe
  2⤵
  PID:8616
- C:\Windows\System\dZqwuVC.exe
  C:\Windows\System\dZqwuVC.exe
  2⤵
  PID:1436
- C:\Windows\System\IJpQuiM.exe
  C:\Windows\System\IJpQuiM.exe
  2⤵
  PID:8780
- C:\Windows\System\keEsyBh.exe
  C:\Windows\System\keEsyBh.exe
  2⤵
  PID:8768
- C:\Windows\System\TAGWTFv.exe
  C:\Windows\System\TAGWTFv.exe
  2⤵
  PID:8940
- C:\Windows\System\ePFrWpn.exe
  C:\Windows\System\ePFrWpn.exe
  2⤵
  PID:8980
- C:\Windows\System\TkkAlHC.exe
  C:\Windows\System\TkkAlHC.exe
  2⤵
  PID:8956
- C:\Windows\System\EfAYMLO.exe
  C:\Windows\System\EfAYMLO.exe
  2⤵
  PID:9076
- C:\Windows\System\tUblsKY.exe
  C:\Windows\System\tUblsKY.exe
  2⤵
  PID:9160
- C:\Windows\System\OCMwhKM.exe
  C:\Windows\System\OCMwhKM.exe
  2⤵
  PID:9200
- C:\Windows\System\EOCsion.exe
  C:\Windows\System\EOCsion.exe
  2⤵
  PID:8284
- C:\Windows\System\VcwFvnW.exe
  C:\Windows\System\VcwFvnW.exe
  2⤵
  PID:8392
- C:\Windows\System\gZWSfQr.exe
  C:\Windows\System\gZWSfQr.exe
  2⤵
  PID:8604
- C:\Windows\System\oAmdtMG.exe
  C:\Windows\System\oAmdtMG.exe
  2⤵
  PID:8792
- C:\Windows\System\lfzCHoa.exe
  C:\Windows\System\lfzCHoa.exe
  2⤵
  PID:8908
- C:\Windows\System\VNUfBLw.exe
  C:\Windows\System\VNUfBLw.exe
  2⤵
  PID:9140
- C:\Windows\System\amndDAe.exe
  C:\Windows\System\amndDAe.exe
  2⤵
  PID:8208
- C:\Windows\System\xITBrrq.exe
  C:\Windows\System\xITBrrq.exe
  2⤵
  PID:8428
- C:\Windows\System\PczYjHe.exe
  C:\Windows\System\PczYjHe.exe
  2⤵
  PID:8992
- C:\Windows\System\yNppYjZ.exe
  C:\Windows\System\yNppYjZ.exe
  2⤵
  PID:2164
- C:\Windows\System\qpEVaeQ.exe
  C:\Windows\System\qpEVaeQ.exe
  2⤵
  PID:9244
- C:\Windows\System\NXyOAqo.exe
  C:\Windows\System\NXyOAqo.exe
  2⤵
  PID:9280
- C:\Windows\System\nJINvis.exe
  C:\Windows\System\nJINvis.exe
  2⤵
  PID:9312
- C:\Windows\System\wvgQczy.exe
  C:\Windows\System\wvgQczy.exe
  2⤵
  PID:9432
- C:\Windows\System\yDXhKaQ.exe
  C:\Windows\System\yDXhKaQ.exe
  2⤵
  PID:9448
- C:\Windows\System\gugAqQa.exe
  C:\Windows\System\gugAqQa.exe
  2⤵
  PID:9476
- C:\Windows\System\KGDPwtA.exe
  C:\Windows\System\KGDPwtA.exe
  2⤵
  PID:9504
- C:\Windows\System\cEbnPnb.exe
  C:\Windows\System\cEbnPnb.exe
  2⤵
  PID:9532
- C:\Windows\System\spiTkNj.exe
  C:\Windows\System\spiTkNj.exe
  2⤵
  PID:9560
- C:\Windows\System\pvqrhaN.exe
  C:\Windows\System\pvqrhaN.exe
  2⤵
  PID:9588
- C:\Windows\System\UKbEeks.exe
  C:\Windows\System\UKbEeks.exe
  2⤵
  PID:9612
- C:\Windows\System\GMLNDUW.exe
  C:\Windows\System\GMLNDUW.exe
  2⤵
  PID:9640
- C:\Windows\System\kVnPRQe.exe
  C:\Windows\System\kVnPRQe.exe
  2⤵
  PID:9668
- C:\Windows\System\bmPcMDi.exe
  C:\Windows\System\bmPcMDi.exe
  2⤵
  PID:9696
- C:\Windows\System\gMdnjYX.exe
  C:\Windows\System\gMdnjYX.exe
  2⤵
  PID:9720
- C:\Windows\System\lAFdDgo.exe
  C:\Windows\System\lAFdDgo.exe
  2⤵
  PID:9748
- C:\Windows\System\KxvHJVQ.exe
  C:\Windows\System\KxvHJVQ.exe
  2⤵
  PID:9780
- C:\Windows\System\wgJEVad.exe
  C:\Windows\System\wgJEVad.exe
  2⤵
  PID:9804
- C:\Windows\System\OwXGSkh.exe
  C:\Windows\System\OwXGSkh.exe
  2⤵
  PID:9836
- C:\Windows\System\NmQTfxo.exe
  C:\Windows\System\NmQTfxo.exe
  2⤵
  PID:9864
- C:\Windows\System\hXalpQP.exe
  C:\Windows\System\hXalpQP.exe
  2⤵
  PID:9892
- C:\Windows\System\Uugznga.exe
  C:\Windows\System\Uugznga.exe
  2⤵
  PID:9920
- C:\Windows\System\PkTOSnG.exe
  C:\Windows\System\PkTOSnG.exe
  2⤵
  PID:9948
- C:\Windows\System\APrCTUu.exe
  C:\Windows\System\APrCTUu.exe
  2⤵
  PID:9976
- C:\Windows\System\wANZuPx.exe
  C:\Windows\System\wANZuPx.exe
  2⤵
  PID:10008
- C:\Windows\System\SgDXWDQ.exe
  C:\Windows\System\SgDXWDQ.exe
  2⤵
  PID:10032
- C:\Windows\System\BZStrBf.exe
  C:\Windows\System\BZStrBf.exe
  2⤵
  PID:10068
- C:\Windows\System\YEzJQid.exe
  C:\Windows\System\YEzJQid.exe
  2⤵
  PID:10100
- C:\Windows\System\beVDKCe.exe
  C:\Windows\System\beVDKCe.exe
  2⤵
  PID:10132
- C:\Windows\System\dQUBGxu.exe
  C:\Windows\System\dQUBGxu.exe
  2⤵
  PID:10160
- C:\Windows\System\eMCeVJl.exe
  C:\Windows\System\eMCeVJl.exe
  2⤵
  PID:10192
- C:\Windows\System\HYOSIyh.exe
  C:\Windows\System\HYOSIyh.exe
  2⤵
  PID:10220
- C:\Windows\System\Rffygpk.exe
  C:\Windows\System\Rffygpk.exe
  2⤵
  PID:8448
- C:\Windows\System\qOooKAq.exe
  C:\Windows\System\qOooKAq.exe
  2⤵
  PID:9260
- C:\Windows\System\anCXbmv.exe
  C:\Windows\System\anCXbmv.exe
  2⤵
  PID:9268
- C:\Windows\System\uqifCmn.exe
  C:\Windows\System\uqifCmn.exe
  2⤵
  PID:9272
- C:\Windows\System\vjeFjvo.exe
  C:\Windows\System\vjeFjvo.exe
  2⤵
  PID:1048
- C:\Windows\System\MkqtBBF.exe
  C:\Windows\System\MkqtBBF.exe
  2⤵
  PID:9352
- C:\Windows\System\AYuhEpI.exe
  C:\Windows\System\AYuhEpI.exe
  2⤵
  PID:9400
- C:\Windows\System\rqlxito.exe
  C:\Windows\System\rqlxito.exe
  2⤵
  PID:9332
- C:\Windows\System\DUDbROW.exe
  C:\Windows\System\DUDbROW.exe
  2⤵
  PID:9500
- C:\Windows\System\NJYywNy.exe
  C:\Windows\System\NJYywNy.exe
  2⤵
  PID:9572
- C:\Windows\System\YtBDKle.exe
  C:\Windows\System\YtBDKle.exe
  2⤵
  PID:9664
- C:\Windows\System\vfwjzEA.exe
  C:\Windows\System\vfwjzEA.exe
  2⤵
  PID:9716
- C:\Windows\System\vtynlIY.exe
  C:\Windows\System\vtynlIY.exe
  2⤵
  PID:9792
- C:\Windows\System\BSrckfv.exe
  C:\Windows\System\BSrckfv.exe
  2⤵
  PID:9848
- C:\Windows\System\VlLZmsd.exe
  C:\Windows\System\VlLZmsd.exe
  2⤵
  PID:9932
- C:\Windows\System\TPlFGWE.exe
  C:\Windows\System\TPlFGWE.exe
  2⤵
  PID:10000
- C:\Windows\System\HnApjuT.exe
  C:\Windows\System\HnApjuT.exe
  2⤵
  PID:10096
- C:\Windows\System\pSfnzZU.exe
  C:\Windows\System\pSfnzZU.exe
  2⤵
  PID:10148
- C:\Windows\System\zbOvQjy.exe
  C:\Windows\System\zbOvQjy.exe
  2⤵
  PID:10204
- C:\Windows\System\PEZBfQW.exe
  C:\Windows\System\PEZBfQW.exe
  2⤵
  PID:9248
- C:\Windows\System\ItqSrdp.exe
  C:\Windows\System\ItqSrdp.exe
  2⤵
  PID:9356
- C:\Windows\System\vyDjwqT.exe
  C:\Windows\System\vyDjwqT.exe
  2⤵
  PID:9396
- C:\Windows\System\tEgvGcZ.exe
  C:\Windows\System\tEgvGcZ.exe
  2⤵
  PID:9828
- C:\Windows\System\zHEhNlK.exe
  C:\Windows\System\zHEhNlK.exe
  2⤵
  PID:9960
- C:\Windows\System\SQvfqfS.exe
  C:\Windows\System\SQvfqfS.exe
  2⤵
  PID:9912
- C:\Windows\System\SNvrvIj.exe
  C:\Windows\System\SNvrvIj.exe
  2⤵
  PID:10156
- C:\Windows\System\CkInuwJ.exe
  C:\Windows\System\CkInuwJ.exe
  2⤵
  PID:9256
- C:\Windows\System\tNuPQCV.exe
  C:\Windows\System\tNuPQCV.exe
  2⤵
  PID:9556
- C:\Windows\System\UfeqzJT.exe
  C:\Windows\System\UfeqzJT.exe
  2⤵
  PID:10060
- C:\Windows\System\jdhjhuZ.exe
  C:\Windows\System\jdhjhuZ.exe
  2⤵
  PID:10244
- C:\Windows\System\ClBovnW.exe
  C:\Windows\System\ClBovnW.exe
  2⤵
  PID:10272
- C:\Windows\System\czvsOhc.exe
  C:\Windows\System\czvsOhc.exe
  2⤵
  PID:10316
- C:\Windows\System\QKnSnJD.exe
  C:\Windows\System\QKnSnJD.exe
  2⤵
  PID:10340
- C:\Windows\System\pjnNoZr.exe
  C:\Windows\System\pjnNoZr.exe
  2⤵
  PID:10376
- C:\Windows\System\wyyDtcG.exe
  C:\Windows\System\wyyDtcG.exe
  2⤵
  PID:10404
- C:\Windows\System\ylSkIGd.exe
  C:\Windows\System\ylSkIGd.exe
  2⤵
  PID:10432
- C:\Windows\System\tghovyt.exe
  C:\Windows\System\tghovyt.exe
  2⤵
  PID:10460
- C:\Windows\System\EYnZCCQ.exe
  C:\Windows\System\EYnZCCQ.exe
  2⤵
  PID:10488
- C:\Windows\System\ZFEHIJU.exe
  C:\Windows\System\ZFEHIJU.exe
  2⤵
  PID:10516
- C:\Windows\System\hPEYKBX.exe
  C:\Windows\System\hPEYKBX.exe
  2⤵
  PID:10544
- C:\Windows\System\eSsfgOC.exe
  C:\Windows\System\eSsfgOC.exe
  2⤵
  PID:10572
- C:\Windows\System\EOPZnla.exe
  C:\Windows\System\EOPZnla.exe
  2⤵
  PID:10600
- C:\Windows\System\sotXzWb.exe
  C:\Windows\System\sotXzWb.exe
  2⤵
  PID:10616
- C:\Windows\System\MBMuSYu.exe
  C:\Windows\System\MBMuSYu.exe
  2⤵
  PID:10632
- C:\Windows\System\PAtXJLx.exe
  C:\Windows\System\PAtXJLx.exe
  2⤵
  PID:10648
- C:\Windows\System\QdWhIwR.exe
  C:\Windows\System\QdWhIwR.exe
  2⤵
  PID:10664
- C:\Windows\System\EYinnwY.exe
  C:\Windows\System\EYinnwY.exe
  2⤵
  PID:10684
- C:\Windows\System\FQHIhiu.exe
  C:\Windows\System\FQHIhiu.exe
  2⤵
  PID:10720
- C:\Windows\System\ctZYJIQ.exe
  C:\Windows\System\ctZYJIQ.exe
  2⤵
  PID:10744
- C:\Windows\System\DpPIelL.exe
  C:\Windows\System\DpPIelL.exe
  2⤵
  PID:10772
- C:\Windows\System\lVdJWqm.exe
  C:\Windows\System\lVdJWqm.exe
  2⤵
  PID:10800
- C:\Windows\System\jPcPtfQ.exe
  C:\Windows\System\jPcPtfQ.exe
  2⤵
  PID:10836
- C:\Windows\System\uzLkePi.exe
  C:\Windows\System\uzLkePi.exe
  2⤵
  PID:10864
- C:\Windows\System\sGhgNFV.exe
  C:\Windows\System\sGhgNFV.exe
  2⤵
  PID:10900
- C:\Windows\System\VpRavKj.exe
  C:\Windows\System\VpRavKj.exe
  2⤵
  PID:10940
- C:\Windows\System\SYbWmkQ.exe
  C:\Windows\System\SYbWmkQ.exe
  2⤵
  PID:10964
- C:\Windows\System\bFOfCBu.exe
  C:\Windows\System\bFOfCBu.exe
  2⤵
  PID:10992
- C:\Windows\System\OIOCWkl.exe
  C:\Windows\System\OIOCWkl.exe
  2⤵
  PID:11016
- C:\Windows\System\fVYVlGF.exe
  C:\Windows\System\fVYVlGF.exe
  2⤵
  PID:11052
- C:\Windows\System\hTuKtcJ.exe
  C:\Windows\System\hTuKtcJ.exe
  2⤵
  PID:11080
- C:\Windows\System\YgwUfhZ.exe
  C:\Windows\System\YgwUfhZ.exe
  2⤵
  PID:11096
- C:\Windows\System\HDSnWjz.exe
  C:\Windows\System\HDSnWjz.exe
  2⤵
  PID:11112
- C:\Windows\System\ENbwWSl.exe
  C:\Windows\System\ENbwWSl.exe
  2⤵
  PID:11140
- C:\Windows\System\cmOzVJE.exe
  C:\Windows\System\cmOzVJE.exe
  2⤵
  PID:11176
- C:\Windows\System\WPtmYBP.exe
  C:\Windows\System\WPtmYBP.exe
  2⤵
  PID:11208
- C:\Windows\System\aMZKqFy.exe
  C:\Windows\System\aMZKqFy.exe
  2⤵
  PID:8196
- C:\Windows\System\uNgVevd.exe
  C:\Windows\System\uNgVevd.exe
  2⤵
  PID:9888
- C:\Windows\System\OkzmJqW.exe
  C:\Windows\System\OkzmJqW.exe
  2⤵
  PID:9136
- C:\Windows\System\wHeeSTA.exe
  C:\Windows\System\wHeeSTA.exe
  2⤵
  PID:10336
- C:\Windows\System\XaIVhQv.exe
  C:\Windows\System\XaIVhQv.exe
  2⤵
  PID:10396
- C:\Windows\System\XJciZtS.exe
  C:\Windows\System\XJciZtS.exe
  2⤵
  PID:10456
- C:\Windows\System\ILDznBh.exe
  C:\Windows\System\ILDznBh.exe
  2⤵
  PID:8168
- C:\Windows\System\mvfwjHX.exe
  C:\Windows\System\mvfwjHX.exe
  2⤵
  PID:10568
- C:\Windows\System\uIPJUah.exe
  C:\Windows\System\uIPJUah.exe
  2⤵
  PID:10612
- C:\Windows\System\ymesqbE.exe
  C:\Windows\System\ymesqbE.exe
  2⤵
  PID:10712
- C:\Windows\System\VGndgsq.exe
  C:\Windows\System\VGndgsq.exe
  2⤵
  PID:10732
- C:\Windows\System\FBkntJZ.exe
  C:\Windows\System\FBkntJZ.exe
  2⤵
  PID:10812
- C:\Windows\System\fHnCqIJ.exe
  C:\Windows\System\fHnCqIJ.exe
  2⤵
  PID:10852
- C:\Windows\System\DprEJJn.exe
  C:\Windows\System\DprEJJn.exe
  2⤵
  PID:10984
- C:\Windows\System\VnBNwES.exe
  C:\Windows\System\VnBNwES.exe
  2⤵
  PID:11048
- C:\Windows\System\YfxFKyc.exe
  C:\Windows\System\YfxFKyc.exe
  2⤵
  PID:11108
- C:\Windows\System\wIlqcLn.exe
  C:\Windows\System\wIlqcLn.exe
  2⤵
  PID:11188
- C:\Windows\System\tFZORoA.exe
  C:\Windows\System\tFZORoA.exe
  2⤵
  PID:11228
- C:\Windows\System\PFptdkS.exe
  C:\Windows\System\PFptdkS.exe
  2⤵
  PID:9240
- C:\Windows\System\eYmuGog.exe
  C:\Windows\System\eYmuGog.exe
  2⤵
  PID:10312
- C:\Windows\System\CbjDaBW.exe
  C:\Windows\System\CbjDaBW.exe
  2⤵
  PID:10500
- C:\Windows\System\EfjDpyL.exe
  C:\Windows\System\EfjDpyL.exe
  2⤵
  PID:10592
- C:\Windows\System\kiEVJIx.exe
  C:\Windows\System\kiEVJIx.exe
  2⤵
  PID:10792
- C:\Windows\System\SXetDBG.exe
  C:\Windows\System\SXetDBG.exe
  2⤵
  PID:10912
- C:\Windows\System\uQdVxZn.exe
  C:\Windows\System\uQdVxZn.exe
  2⤵
  PID:9632
- C:\Windows\System\RcglHCm.exe
  C:\Windows\System\RcglHCm.exe
  2⤵
  PID:11128
- C:\Windows\System\nPmgfkz.exe
  C:\Windows\System\nPmgfkz.exe
  2⤵
  PID:11252
- C:\Windows\System\palrVHH.exe
  C:\Windows\System\palrVHH.exe
  2⤵
  PID:8712
- C:\Windows\System\dGEuLDw.exe
  C:\Windows\System\dGEuLDw.exe
  2⤵
  PID:10608
- C:\Windows\System\HuNSbOG.exe
  C:\Windows\System\HuNSbOG.exe
  2⤵
  PID:11072
- C:\Windows\System\uoxPOIy.exe
  C:\Windows\System\uoxPOIy.exe
  2⤵
  PID:10480
- C:\Windows\System\nvVtTjb.exe
  C:\Windows\System\nvVtTjb.exe
  2⤵
  PID:11268
- C:\Windows\System\lbsbgBI.exe
  C:\Windows\System\lbsbgBI.exe
  2⤵
  PID:11300
- C:\Windows\System\bFYVZLl.exe
  C:\Windows\System\bFYVZLl.exe
  2⤵
  PID:11340
- C:\Windows\System\EgORbrY.exe
  C:\Windows\System\EgORbrY.exe
  2⤵
  PID:11372
- C:\Windows\System\cAKiJqs.exe
  C:\Windows\System\cAKiJqs.exe
  2⤵
  PID:11400
- C:\Windows\System\JGHEBqu.exe
  C:\Windows\System\JGHEBqu.exe
  2⤵
  PID:11436
- C:\Windows\System\VkzVygQ.exe
  C:\Windows\System\VkzVygQ.exe
  2⤵
  PID:11468
- C:\Windows\System\UBShDYm.exe
  C:\Windows\System\UBShDYm.exe
  2⤵
  PID:11496
- C:\Windows\System\pfEtQDC.exe
  C:\Windows\System\pfEtQDC.exe
  2⤵
  PID:11524
- C:\Windows\System\jYEHuOE.exe
  C:\Windows\System\jYEHuOE.exe
  2⤵
  PID:11552
- C:\Windows\System\XRvHOEJ.exe
  C:\Windows\System\XRvHOEJ.exe
  2⤵
  PID:11580
- C:\Windows\System\SKUBFnC.exe
  C:\Windows\System\SKUBFnC.exe
  2⤵
  PID:11608
- C:\Windows\System\VsjfeyP.exe
  C:\Windows\System\VsjfeyP.exe
  2⤵
  PID:11636
- C:\Windows\System\aETAfIB.exe
  C:\Windows\System\aETAfIB.exe
  2⤵
  PID:11664
- C:\Windows\System\BMtJKCK.exe
  C:\Windows\System\BMtJKCK.exe
  2⤵
  PID:11692
- C:\Windows\System\djtetsr.exe
  C:\Windows\System\djtetsr.exe
  2⤵
  PID:11720
- C:\Windows\System\QhVngxp.exe
  C:\Windows\System\QhVngxp.exe
  2⤵
  PID:11748
- C:\Windows\System\RohnQVI.exe
  C:\Windows\System\RohnQVI.exe
  2⤵
  PID:11776
- C:\Windows\System\LAsPnRh.exe
  C:\Windows\System\LAsPnRh.exe
  2⤵
  PID:11804
- C:\Windows\System\eVTxTok.exe
  C:\Windows\System\eVTxTok.exe
  2⤵
  PID:11832
- C:\Windows\System\mhJGkuA.exe
  C:\Windows\System\mhJGkuA.exe
  2⤵
  PID:11860
- C:\Windows\System\hMkfnBZ.exe
  C:\Windows\System\hMkfnBZ.exe
  2⤵
  PID:11904
- C:\Windows\System\APRjDLz.exe
  C:\Windows\System\APRjDLz.exe
  2⤵
  PID:11928
- C:\Windows\System\iAgaiVc.exe
  C:\Windows\System\iAgaiVc.exe
  2⤵
  PID:11960
- C:\Windows\System\jmCSluI.exe
  C:\Windows\System\jmCSluI.exe
  2⤵
  PID:11988
- C:\Windows\System\IOGaYZD.exe
  C:\Windows\System\IOGaYZD.exe
  2⤵
  PID:12028
- C:\Windows\System\wdDUEbt.exe
  C:\Windows\System\wdDUEbt.exe
  2⤵
  PID:12052
- C:\Windows\System\vzflZtt.exe
  C:\Windows\System\vzflZtt.exe
  2⤵
  PID:12084
- C:\Windows\System\ZIQZxxi.exe
  C:\Windows\System\ZIQZxxi.exe
  2⤵
  PID:12104
- C:\Windows\System\KyeXdMV.exe
  C:\Windows\System\KyeXdMV.exe
  2⤵
  PID:12140
- C:\Windows\System\LjPthqW.exe
  C:\Windows\System\LjPthqW.exe
  2⤵
  PID:12168
- C:\Windows\System\PlubToh.exe
  C:\Windows\System\PlubToh.exe
  2⤵
  PID:12196
- C:\Windows\System\zpqfMQT.exe
  C:\Windows\System\zpqfMQT.exe
  2⤵
  PID:12224
- C:\Windows\System\xtSInXs.exe
  C:\Windows\System\xtSInXs.exe
  2⤵
  PID:12256
- C:\Windows\System\Rqhbjga.exe
  C:\Windows\System\Rqhbjga.exe
  2⤵
  PID:12284
- C:\Windows\System\zTqWsNZ.exe
  C:\Windows\System\zTqWsNZ.exe
  2⤵
  PID:10216
- C:\Windows\System\oyxWPEm.exe
  C:\Windows\System\oyxWPEm.exe
  2⤵
  PID:11328
- C:\Windows\System\iAkCnyV.exe
  C:\Windows\System\iAkCnyV.exe
  2⤵
  PID:11428
- C:\Windows\System\necFurI.exe
  C:\Windows\System\necFurI.exe
  2⤵
  PID:11488
- C:\Windows\System\XWcjsrd.exe
  C:\Windows\System\XWcjsrd.exe
  2⤵
  PID:11548
- C:\Windows\System\ZfsrAyN.exe
  C:\Windows\System\ZfsrAyN.exe
  2⤵
  PID:11620
- C:\Windows\System\KRalqKO.exe
  C:\Windows\System\KRalqKO.exe
  2⤵
  PID:11684
- C:\Windows\System\PuamfNZ.exe
  C:\Windows\System\PuamfNZ.exe
  2⤵
  PID:11744
- C:\Windows\System\EunVAhw.exe
  C:\Windows\System\EunVAhw.exe
  2⤵
  PID:11824
- C:\Windows\System\DzOaqDz.exe
  C:\Windows\System\DzOaqDz.exe
  2⤵
  PID:11888
- C:\Windows\System\xRxiHbe.exe
  C:\Windows\System\xRxiHbe.exe
  2⤵
  PID:11984
- C:\Windows\System\uulFYVU.exe
  C:\Windows\System\uulFYVU.exe
  2⤵
  PID:12020
- C:\Windows\System\axtSKnp.exe
  C:\Windows\System\axtSKnp.exe
  2⤵
  PID:12092
- C:\Windows\System\ycsXdJg.exe
  C:\Windows\System\ycsXdJg.exe
  2⤵
  PID:12164
- C:\Windows\System\KYnFmJt.exe
  C:\Windows\System\KYnFmJt.exe
  2⤵
  PID:12264
- C:\Windows\System\rCTsKaU.exe
  C:\Windows\System\rCTsKaU.exe
  2⤵
  PID:11280
- C:\Windows\System\ITqdODy.exe
  C:\Windows\System\ITqdODy.exe
  2⤵
  PID:11408
- C:\Windows\System\IyVibEg.exe
  C:\Windows\System\IyVibEg.exe
  2⤵
  PID:11520
- C:\Windows\System\mdddAWl.exe
  C:\Windows\System\mdddAWl.exe
  2⤵
  PID:11712
- C:\Windows\System\rDUlzOx.exe
  C:\Windows\System\rDUlzOx.exe
  2⤵
  PID:11900
- C:\Windows\System\QjZxaYa.exe
  C:\Windows\System\QjZxaYa.exe
  2⤵
  PID:12068
- C:\Windows\System\TTDpcNa.exe
  C:\Windows\System\TTDpcNa.exe
  2⤵
  PID:12248
- C:\Windows\System\COyuZjB.exe
  C:\Windows\System\COyuZjB.exe
  2⤵
  PID:11192
- C:\Windows\System\EXNOsvl.exe
  C:\Windows\System\EXNOsvl.exe
  2⤵
  PID:11800
- C:\Windows\System\VoMUUoe.exe
  C:\Windows\System\VoMUUoe.exe
  2⤵
  PID:12184
- C:\Windows\System\dwAUcFZ.exe
  C:\Windows\System\dwAUcFZ.exe
  2⤵
  PID:11648
- C:\Windows\System\NUhzLPM.exe
  C:\Windows\System\NUhzLPM.exe
  2⤵
  PID:12124
- C:\Windows\System\QosBGbL.exe
  C:\Windows\System\QosBGbL.exe
  2⤵
  PID:12308
- C:\Windows\System\XXcdWMO.exe
  C:\Windows\System\XXcdWMO.exe
  2⤵
  PID:12336
- C:\Windows\System\fVohbPy.exe
  C:\Windows\System\fVohbPy.exe
  2⤵
  PID:12364
- C:\Windows\System\HNNdilb.exe
  C:\Windows\System\HNNdilb.exe
  2⤵
  PID:12392
- C:\Windows\System\ygdOaTH.exe
  C:\Windows\System\ygdOaTH.exe
  2⤵
  PID:12412
- C:\Windows\System\DXINBjM.exe
  C:\Windows\System\DXINBjM.exe
  2⤵
  PID:12432
- C:\Windows\System\lqQUMjy.exe
  C:\Windows\System\lqQUMjy.exe
  2⤵
  PID:12464
- C:\Windows\System\fNCYnhI.exe
  C:\Windows\System\fNCYnhI.exe
  2⤵
  PID:12492
- C:\Windows\System\aUMdwlZ.exe
  C:\Windows\System\aUMdwlZ.exe
  2⤵
  PID:12532
- C:\Windows\System\XivdpQi.exe
  C:\Windows\System\XivdpQi.exe
  2⤵
  PID:12560
- C:\Windows\System\FdCwiZq.exe
  C:\Windows\System\FdCwiZq.exe
  2⤵
  PID:12588
- C:\Windows\System\sVqMWXU.exe
  C:\Windows\System\sVqMWXU.exe
  2⤵
  PID:12616
- C:\Windows\System\WoOFejY.exe
  C:\Windows\System\WoOFejY.exe
  2⤵
  PID:12644
- C:\Windows\System\ukVGiAu.exe
  C:\Windows\System\ukVGiAu.exe
  2⤵
  PID:12672
- C:\Windows\System\KIBiEne.exe
  C:\Windows\System\KIBiEne.exe
  2⤵
  PID:12700
- C:\Windows\System\ZQWoNbd.exe
  C:\Windows\System\ZQWoNbd.exe
  2⤵
  PID:12728
- C:\Windows\System\GhuQvHL.exe
  C:\Windows\System\GhuQvHL.exe
  2⤵
  PID:12756
- C:\Windows\System\vtAIGjB.exe
  C:\Windows\System\vtAIGjB.exe
  2⤵
  PID:12784
- C:\Windows\System\YqDkOpJ.exe
  C:\Windows\System\YqDkOpJ.exe
  2⤵
  PID:12812
- C:\Windows\System\umjKDmm.exe
  C:\Windows\System\umjKDmm.exe
  2⤵
  PID:12840
- C:\Windows\System\tCbRSFy.exe
  C:\Windows\System\tCbRSFy.exe
  2⤵
  PID:12868
- C:\Windows\System\hrPNvgF.exe
  C:\Windows\System\hrPNvgF.exe
  2⤵
  PID:12896
- C:\Windows\System\RGLfouU.exe
  C:\Windows\System\RGLfouU.exe
  2⤵
  PID:12924
- C:\Windows\System\MimcAkk.exe
  C:\Windows\System\MimcAkk.exe
  2⤵
  PID:12952
- C:\Windows\System\UpcOTLb.exe
  C:\Windows\System\UpcOTLb.exe
  2⤵
  PID:12980
- C:\Windows\System\mScdXje.exe
  C:\Windows\System\mScdXje.exe
  2⤵
  PID:13008
- C:\Windows\System\hdMTjqO.exe
  C:\Windows\System\hdMTjqO.exe
  2⤵
  PID:13036
- C:\Windows\System\hIlJeDw.exe
  C:\Windows\System\hIlJeDw.exe
  2⤵
  PID:13064
- C:\Windows\System\QrtKUqP.exe
  C:\Windows\System\QrtKUqP.exe
  2⤵
  PID:13092
- C:\Windows\System\abihQBV.exe
  C:\Windows\System\abihQBV.exe
  2⤵
  PID:13120
- C:\Windows\System\xUXZNyV.exe
  C:\Windows\System\xUXZNyV.exe
  2⤵
  PID:13148
- C:\Windows\System\qrBJPPS.exe
  C:\Windows\System\qrBJPPS.exe
  2⤵
  PID:13192
- C:\Windows\System\PZoTcdm.exe
  C:\Windows\System\PZoTcdm.exe
  2⤵
  PID:13212
- C:\Windows\System\BMfEewg.exe
  C:\Windows\System\BMfEewg.exe
  2⤵
  PID:13240
- C:\Windows\System\enoTLKm.exe
  C:\Windows\System\enoTLKm.exe
  2⤵
  PID:13268
- C:\Windows\System\DQjaqWo.exe
  C:\Windows\System\DQjaqWo.exe
  2⤵
  PID:13292
- C:\Windows\System\jqDAMaM.exe
  C:\Windows\System\jqDAMaM.exe
  2⤵
  PID:12300
- C:\Windows\System\lnTkVeJ.exe
  C:\Windows\System\lnTkVeJ.exe
  2⤵
  PID:12360
- C:\Windows\System\jcBlFZn.exe
  C:\Windows\System\jcBlFZn.exe
  2⤵
  PID:12452
- C:\Windows\System\rEWitvM.exe
  C:\Windows\System\rEWitvM.exe
  2⤵
  PID:12516
- C:\Windows\System\xVuJBku.exe
  C:\Windows\System\xVuJBku.exe
  2⤵
  PID:12636
- C:\Windows\System\mMuoCEq.exe
  C:\Windows\System\mMuoCEq.exe
  2⤵
  PID:12712
- C:\Windows\System\GffzYYr.exe
  C:\Windows\System\GffzYYr.exe
  2⤵
  PID:12752
- C:\Windows\System\JdqAQkW.exe
  C:\Windows\System\JdqAQkW.exe
  2⤵
  PID:12804
- C:\Windows\System\LJHOaxn.exe
  C:\Windows\System\LJHOaxn.exe
  2⤵
  PID:12856
- C:\Windows\System\pOqvfam.exe
  C:\Windows\System\pOqvfam.exe
  2⤵
  PID:12888
- C:\Windows\System\HfQCFes.exe
  C:\Windows\System\HfQCFes.exe
  2⤵
  PID:12976
- C:\Windows\System\RzNPXho.exe
  C:\Windows\System\RzNPXho.exe
  2⤵
  PID:13116
- C:\Windows\System\qDZHpbG.exe
  C:\Windows\System\qDZHpbG.exe
  2⤵
  PID:13200
- C:\Windows\System\aOGqdWz.exe
  C:\Windows\System\aOGqdWz.exe
  2⤵
  PID:13276
- C:\Windows\System\FZlXbiR.exe
  C:\Windows\System\FZlXbiR.exe
  2⤵
  PID:12424
- C:\Windows\System\CfKoCfs.exe
  C:\Windows\System\CfKoCfs.exe
  2⤵
  PID:12548
- C:\Windows\System\kZamZYa.exe
  C:\Windows\System\kZamZYa.exe
  2⤵
  PID:12724
- C:\Windows\System\SemYekb.exe
  C:\Windows\System\SemYekb.exe
  2⤵
  PID:13088
- C:\Windows\System\JSVOBVb.exe
  C:\Windows\System\JSVOBVb.exe
  2⤵
  PID:13256
- C:\Windows\System\HrehAmx.exe
  C:\Windows\System\HrehAmx.exe
  2⤵
  PID:12776
- C:\Windows\System\oXgxgmY.exe
  C:\Windows\System\oXgxgmY.exe
  2⤵
  PID:12916
- C:\Windows\System\sSqoYUu.exe
  C:\Windows\System\sSqoYUu.exe
  2⤵
  PID:13236
- C:\Windows\System\pPWDMQS.exe
  C:\Windows\System\pPWDMQS.exe
  2⤵
  PID:13340
- C:\Windows\System\VTMrKiZ.exe
  C:\Windows\System\VTMrKiZ.exe
  2⤵
  PID:13376
- C:\Windows\System\NElWnqq.exe
  C:\Windows\System\NElWnqq.exe
  2⤵
  PID:13408
- C:\Windows\System\pzoBZvU.exe
  C:\Windows\System\pzoBZvU.exe
  2⤵
  PID:13436
- C:\Windows\System\QIAkAkd.exe
  C:\Windows\System\QIAkAkd.exe
  2⤵
  PID:13452
- C:\Windows\System\OjNyrVU.exe
  C:\Windows\System\OjNyrVU.exe
  2⤵
  PID:13496
- C:\Windows\System\TPAShDI.exe
  C:\Windows\System\TPAShDI.exe
  2⤵
  PID:13516
- C:\Windows\System\rUivUVJ.exe
  C:\Windows\System\rUivUVJ.exe
  2⤵
  PID:13552
- C:\Windows\System\QXWDhua.exe
  C:\Windows\System\QXWDhua.exe
  2⤵
  PID:13576
- C:\Windows\System\ZeOHZCQ.exe
  C:\Windows\System\ZeOHZCQ.exe
  2⤵
  PID:13620
- C:\Windows\System\AlLHorq.exe
  C:\Windows\System\AlLHorq.exe
  2⤵
  PID:13640
- C:\Windows\System\kSllJKD.exe
  C:\Windows\System\kSllJKD.exe
  2⤵
  PID:13680
- C:\Windows\System\aDNRwld.exe
  C:\Windows\System\aDNRwld.exe
  2⤵
  PID:13704
- C:\Windows\System\CQMqkHH.exe
  C:\Windows\System\CQMqkHH.exe
  2⤵
  PID:13728
- C:\Windows\System\EkHWlFZ.exe
  C:\Windows\System\EkHWlFZ.exe
  2⤵
  PID:13744
- C:\Windows\System\lZxuMAl.exe
  C:\Windows\System\lZxuMAl.exe
  2⤵
  PID:13772
- C:\Windows\System\zkbFwby.exe
  C:\Windows\System\zkbFwby.exe
  2⤵
  PID:13792
- C:\Windows\System\ZATAAUH.exe
  C:\Windows\System\ZATAAUH.exe
  2⤵
  PID:13824
- C:\Windows\System\DStQPLC.exe
  C:\Windows\System\DStQPLC.exe
  2⤵
  PID:13848
- C:\Windows\System\bDdkrsz.exe
  C:\Windows\System\bDdkrsz.exe
  2⤵
  PID:13888
- C:\Windows\System\WOQBjEc.exe
  C:\Windows\System\WOQBjEc.exe
  2⤵
  PID:13924
- C:\Windows\System\FlvyPkA.exe
  C:\Windows\System\FlvyPkA.exe
  2⤵
  PID:13964
- C:\Windows\System\tvxSYnl.exe
  C:\Windows\System\tvxSYnl.exe
  2⤵
  PID:13988
- C:\Windows\System\ptaaEzy.exe
  C:\Windows\System\ptaaEzy.exe
  2⤵
  PID:14012
- C:\Windows\System\yEnbnAm.exe
  C:\Windows\System\yEnbnAm.exe
  2⤵
  PID:14048
- C:\Windows\System\iOKsbyv.exe
  C:\Windows\System\iOKsbyv.exe
  2⤵
  PID:14080
- C:\Windows\System\eaWDdqR.exe
  C:\Windows\System\eaWDdqR.exe
  2⤵
  PID:14108
- C:\Windows\System\uqyyjOV.exe
  C:\Windows\System\uqyyjOV.exe
  2⤵
  PID:14140
- C:\Windows\System\fJAxcLy.exe
  C:\Windows\System\fJAxcLy.exe
  2⤵
  PID:14172
- C:\Windows\System\cQSXwlg.exe
  C:\Windows\System\cQSXwlg.exe
  2⤵
  PID:14204
- C:\Windows\System\SzRzpKA.exe
  C:\Windows\System\SzRzpKA.exe
  2⤵
  PID:14224
- C:\Windows\System\xDhsytW.exe
  C:\Windows\System\xDhsytW.exe
  2⤵
  PID:14244
- C:\Windows\System\PvoJJss.exe
  C:\Windows\System\PvoJJss.exe
  2⤵
  PID:14264
- C:\Windows\System\eopfWCv.exe
  C:\Windows\System\eopfWCv.exe
  2⤵
  PID:14292
- C:\Windows\System\XPApNQT.exe
  C:\Windows\System\XPApNQT.exe
  2⤵
  PID:14320
- C:\Windows\System\CErjLHp.exe
  C:\Windows\System\CErjLHp.exe
  2⤵
  PID:13332
- C:\Windows\System\kNrldvu.exe
  C:\Windows\System\kNrldvu.exe
  2⤵
  PID:13372
- C:\Windows\System\MoGtABw.exe
  C:\Windows\System\MoGtABw.exe
  2⤵
  PID:2516
- C:\Windows\System\IUQqZuz.exe
  C:\Windows\System\IUQqZuz.exe
  2⤵
  PID:13424
- C:\Windows\System\rFbjDdZ.exe
  C:\Windows\System\rFbjDdZ.exe
  2⤵
  PID:13444
- C:\Windows\System\WJZrdKm.exe
  C:\Windows\System\WJZrdKm.exe
  2⤵
  PID:13504
- C:\Windows\System\cOhjNNC.exe
  C:\Windows\System\cOhjNNC.exe
  2⤵
  PID:13628
- C:\Windows\System\hoVszRZ.exe
  C:\Windows\System\hoVszRZ.exe
  2⤵
  PID:13696
- C:\Windows\System\IvqUOag.exe
  C:\Windows\System\IvqUOag.exe
  2⤵
  PID:13740
- C:\Windows\System\JYFsHPJ.exe
  C:\Windows\System\JYFsHPJ.exe
  2⤵
  PID:13812
- C:\Windows\System\BnmveWu.exe
  C:\Windows\System\BnmveWu.exe
  2⤵
  PID:13820
- C:\Windows\System\XTejrDF.exe
  C:\Windows\System\XTejrDF.exe
  2⤵
  PID:13860
- C:\Windows\System\PwIwiDu.exe
  C:\Windows\System\PwIwiDu.exe
  2⤵
  PID:13912
- C:\Windows\System\MkJEvFl.exe
  C:\Windows\System\MkJEvFl.exe
  2⤵
  PID:14004
- C:\Windows\System\EsKuIyv.exe
  C:\Windows\System\EsKuIyv.exe
  2⤵
  PID:14072
- C:\Windows\System\mmXnRVU.exe
  C:\Windows\System\mmXnRVU.exe
  2⤵
  PID:14104
- C:\Windows\System\erzexVQ.exe
  C:\Windows\System\erzexVQ.exe
  2⤵
  PID:14232
- C:\Windows\System\jHXxhdW.exe
  C:\Windows\System\jHXxhdW.exe
  2⤵
  PID:14260
- C:\Windows\System\uOrCGiO.exe
  C:\Windows\System\uOrCGiO.exe
  2⤵
  PID:4804
- C:\Windows\System\ERzvuQQ.exe
  C:\Windows\System\ERzvuQQ.exe
  2⤵
  PID:13476
- C:\Windows\System\paWeWqX.exe
  C:\Windows\System\paWeWqX.exe
  2⤵
  PID:13788
- C:\Windows\System\JTsoUeW.exe
  C:\Windows\System\JTsoUeW.exe
  2⤵
  PID:13692
- C:\Windows\System\StUGzvC.exe
  C:\Windows\System\StUGzvC.exe
  2⤵
  PID:14184
- C:\Windows\System\WnzbwIV.exe
  C:\Windows\System\WnzbwIV.exe
  2⤵
  PID:13672

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AEREfeV.exe

Filesize
1.6MB

MD5
3f139c555e25e3a248acef5d0d4d2099

SHA1
eba1c44b4144223ba29391ed90223e8a4046973b

SHA256
2d7fae09e5ce56929eafebc693b9cdefa91d3412728448bb3de4d0540d90d68e

SHA512
2ccc61f2a0491a3e750502f3ddca746ea54b8b4976d3f607a85c44e18e681ab682ee23d8aecb13ebd162ee6111fce4b622fec4a68ec35c64d5437934c7401711

Download Submit
C:\Windows\System\AQNngzp.exe

Filesize
1.6MB

MD5
4831c3090c3d0cfed25f6074fab9530f

SHA1
7c5043adbd694b7e27e8990a182545232a37e6af

SHA256
f6bba8d86d50491e3646fafb009bffca8574524406ff01162bea227fae1420f5

SHA512
aa1467f21bce8383bd579b44877aef2014363f4b8e0c5d87caa8c7419980cbd23ba6d0a03b2f119872760d6af88abf93880f156c743fabfd120cad8ada5c1ff2

Download Submit
C:\Windows\System\BGGUQEu.exe

Filesize
1.6MB

MD5
b4e44b047893238377d1419d30acf4df

SHA1
33d4b45215a42fbdffa76cd2d06373e883cd1353

SHA256
4b78f85f3827593d04cbcf9edec39dd3bc5c6fbf39f33abfb1f49a563d1afc94

SHA512
6c7cd275054d427e4fce430c4d48288e1ba8acd056d81efea734fb0a2ea979adad9697af264703403e397fa3f86d262a7f03dcf572d9de19da14416d08c1bc6f

Download Submit
C:\Windows\System\BcHwYmf.exe

Filesize
1.6MB

MD5
36204fac0a95ed6464ef8f111574a9a4

SHA1
c3742dc79593e98bc8c0951de7fe9ebdc224806f

SHA256
9518f8ecddff922c1dfcfab7beca1eabab90b8eb053710a420a160b6d3291708

SHA512
fb396e7eed60f667f36dd6016b3f0c1c63fcf13f80020f0756f36352d35161ad6a5fea7d286be5ef484d1cc4938123200801e097dc28ff58a65401908fafcc4d

Download Submit
C:\Windows\System\BhFZkNb.exe

Filesize
1.6MB

MD5
e746a521d646356adacf3e8afcf35fe0

SHA1
03f496321095f9e831140f6d62de6eac40a44f34

SHA256
5004b46c2fe786e9d6f2d998927f243658fa122de9db5e4891714b13fb44ab28

SHA512
37490d07bc793d76fa85e1c4ecd0750d512fb9818ad28b58f64246dbb6cc261ca49867f1c0b357b65eedb26e3298608897155e4965b2eb7a35b292262427ae1d

Download Submit
C:\Windows\System\CYHDukk.exe

Filesize
1.6MB

MD5
f71497f6aeb6f3ccc2628b6926ba6516

SHA1
9b6a37e8e5b8956beaca2387327cfd71b068daff

SHA256
ca1d169bf64623f0cfb061d7819fd8965fbc64bcb5720267cd8bf98cac5ace5c

SHA512
8dccb323590d22e10282eb0aaba4f46aff2d5a34022a623fbee6a9c837ca72f5b23abbab70f3fbfdb19f7d72057a8ec4caba391e117d40bbb7c34227dcc478c2

Download Submit
C:\Windows\System\ChldPpH.exe

Filesize
1.6MB

MD5
830011bd7d302907a13b71ae7760c735

SHA1
8538f8ac0217cfcae03c40d5f34ec47863d08054

SHA256
c692fe2ebc4f410c0983dafaec4ec4bd05369d73c54b2718d51af91787938289

SHA512
27e8ca8be74a5bdba1e5c376a2bb2f9f4c7b5c9ba1c9c60535a82ecd0feaa43401731768a7ad662916a48cb0eec98838167395f2405a459f4b98ed1ac356ff14

Download Submit
C:\Windows\System\DnXIxgg.exe

Filesize
1.6MB

MD5
418a7b93dbb7c2c8913cff02ed46e9d1

SHA1
4aacb9ad11fea4f596c54a93ee4f9a90d938562f

SHA256
ab42c07520e83a99127ef889301b4ad7b0b1abb4133a446b91ec95545759356f

SHA512
e19b3f8066582df282fa93bcc73f587e510fdf40ca2ad9f47a8ef25831dffc7acee76c37fb8eaba669f47846b743965b0c03b45522d81314d31dfe983d7f4699

Download Submit
C:\Windows\System\EkWeVuU.exe

Filesize
1.6MB

MD5
150343b452af2937b49fb372ade768c3

SHA1
689253f62129d80652adbb15d847c5851b8e8944

SHA256
d107931fdacfcdaeef18aacf409924b11e90acae8628cc8b08ae3fe809d6c6bb

SHA512
0dc789657b8fc41cc8c81b9530fdb2a8bc4d9d1114b1677cb2c4abe734104a1d0082bf575ba1c326b900ac2052a16b987b0e16ff3c5057d90132865b9bb84e49

Download Submit
C:\Windows\System\GHVALlD.exe

Filesize
1.6MB

MD5
55d3b0d32bc89cb42a878946a6c041ac

SHA1
590167baf2411427dd58cb6c9d40738f783c3932

SHA256
734a63650900cf7e1fb56c838637a11ce186bdab98c63590e89802d8c1b26006

SHA512
43e619cdd189cfd0ea929260c7761ae80a664d814a1413a3ba70038af11ab96f465d71ae8ac6b197dd17d746f46a8375ed7fc8b691e269d608b4a7feaeb71cc5

Download Submit
C:\Windows\System\LMaieCN.exe

Filesize
1.6MB

MD5
3be02b541af70ed5a6d5a62f9f216749

SHA1
7dd2c1f1449cbcde4d1cb20f82213c6418a5b304

SHA256
0d21f34828c7af3fa63a03e84a8a6fd78bcff38e34e7a39cb5561bb69567adb7

SHA512
b249c93fa77b48ee8928ca9f8b58135e3831e3c409e4397a6fa8516ab626745ff0338e34d52866e959803e770d56fb9bb8c357895752a543f62f8dbb3cdc4770

Download Submit
C:\Windows\System\LSJwBDH.exe

Filesize
1.6MB

MD5
83092c6797812bfd340f5b0d216eeb3a

SHA1
1406447f66ea10cda5e27a10f3742e9783e868f9

SHA256
65e7368dadb8d700710c1b7c96dc77e1c8bd9b0ec910ab549dab244d6d2c0304

SHA512
cfb0bec24bdb50021900c40d496cfa634550f7dbb37f0fc6dd30dbee5ef77d60f87526b6f3bb56e4286f56de858289c0dedd05906412c40e974d9edcbb1772fb

Download Submit
C:\Windows\System\LqLLwln.exe

Filesize
1.6MB

MD5
5c6eece383d41d72cf8ae7fc07a49875

SHA1
e872f638807cc961d54c218c02cc486b263b8562

SHA256
096a41a7585013cd969f6dc3ab63dfcab4523d5852f25f6bb0f77f3bbb7bc256

SHA512
7400ae4c762917bc89fe9c5bf68c9b1e697228f5beb01bad458c93a6e6bf5f5547016ce3b5f467f12a4e86792456755a10757de45d7669bc5972c91b47e1af5b

Download Submit
C:\Windows\System\LqZjJkB.exe

Filesize
1.6MB

MD5
4bf620a74d50caf954bf9ab388792b0d

SHA1
2b33c586cb5c89e815567085ec1fb7dcf72442c5

SHA256
d18a12d7beb2315dfc165c3692ed0fac494c37a49b8deadbe5c88b8c71a4cc7c

SHA512
3df2209e2c9219fbb0445f0327822db777af5153b504e5552657f88f6519f11c434d38a96beeabab1c0bf92f7403fdfa49ac78b0a353e288e3da747ab5f091d4

Download Submit
C:\Windows\System\MbrjCQK.exe

Filesize
1.6MB

MD5
be445d8c4d767b89d7bf14934b86aa6b

SHA1
78659e5ab18fe1377fd1871eb2b6b04e79fcc578

SHA256
42afd0de8a9376dbcd8304df0a4f8fac523ecec773b4eefeb662c17e931ac42d

SHA512
5712cb8a9e551dcda64e845bd34b48fa91f502daeea74b92684ba5886dd2389f060658aa1d5bd17dd7a5ff0d964de204873fe6b5e4e66ab2a4db4050f75a8e19

Download Submit
C:\Windows\System\ObcljiO.exe

Filesize
1.6MB

MD5
8dccb013bbeed50bd463d84f0f4af57d

SHA1
438d69063c9e4ea5620c900778cdcbad52d56c19

SHA256
bd2e53f2ed7316daa8329390efe397ac238a2f7100d52beb2094b925c57c2e81

SHA512
83094115009b5434adbbd50b888a6079c4dea685cdb4e72e51fd63438ffc099c19f3c23a26983bbac5d81ffc7a0d7e63f3453f2a5d2eeafb86651cce8c2fb49c

Download Submit
C:\Windows\System\PNNEdcU.exe

Filesize
1.6MB

MD5
32e00fcd4b9373a91657078305df96c3

SHA1
ae68f9bd2fb2b35a5d4bbbe496dae058828a06ff

SHA256
55f25935afff72a851099c435dba9aa5ab14145f88ac14bbb203bf5cba5254c3

SHA512
d34bd448f09de952b8e3e5b36e4a2988bcb54b837e6b991b4358f7e15d1d25bbb88673716cae0c03f29bfb66a1ab548f04fcdfc33a541547d23e6a91b0655933

Download Submit
C:\Windows\System\RwySJep.exe

Filesize
1.6MB

MD5
050e090599b5c8b0b75d1fb5a4f6885f

SHA1
9439c1ffa75d4017756e2144cdf5029f21c31fc6

SHA256
f217388be3aec419703525abb9660e840919908e57299838c5b6720de84a05b2

SHA512
2e7beb122f3602b2fe1cb310f02c56a9cb895cf9e2055d4ceae2089483bc3baa875251c276bfa93996ed0f899f211c7c10a3ce74a309a3e7b8d3aac699f96d74

Download Submit
C:\Windows\System\SHMHPWg.exe

Filesize
1.6MB

MD5
4bf33fce99cbff9333badc823804241c

SHA1
eb472a80b51685deec8b90c5df2d4785af834176

SHA256
2ace073de6d6daaf66d029846cf8c81a0c104f8ef5bc52b42d674100a6802bfc

SHA512
02be4ef9eca1d0c63b3377a30a8f1bf04e709cc6dc8a3b4d144e98968466c9d68c45f0b9b2624ad9532b06570a45ffc51dde6062ae2a5f65161e15a82982452a

Download Submit
C:\Windows\System\VpqPmpm.exe

Filesize
1.6MB

MD5
b04c91dab8e7bfbb06a873c6e262c8bc

SHA1
acaa5a02526f92092ba9aba36abbc4cd1aa40623

SHA256
ffac6f2639426c28a4783e74888468802cf95452855ee4ee503fdeecac75d284

SHA512
774ec2dfa6111dcb27db689ca97b6245b9a8147567d7e4beee3202293aac06f053b10a356a9a206cacba8c96ab62194ac1a046cf3680acb49f26b4c783b7a3f7

Download Submit
C:\Windows\System\WthaUNG.exe

Filesize
1.6MB

MD5
faa2e53aeb52b7522ed11d051753f2eb

SHA1
3cb5c407cd65c10cc38cc0402e1b64e9186a1872

SHA256
66d660fee78aaed77137eb74e9d259aabec6852b7e784c9ac80bdabae47bcd4e

SHA512
2e4e71f413da6e6b1549dbf2b9f94229101986591d98810d9ba4702701954218f2351900fbfe68eab702db4779ad99861430231be0e2f840bc362d21b4d03411

Download Submit
C:\Windows\System\YzbyGTG.exe

Filesize
1.6MB

MD5
f66b920f67ca39e9d1536dbe0073666e

SHA1
ec1f9d9764d26b259078d661f9e67bc59e5d188b

SHA256
8e03acc6a311a8360d3bb2ce0ffac7f402a45f312d9f50914fb036c1b60fedfa

SHA512
ee7d65aef86486a0e91ca9062076bebd06222066b9608c1ae0175c3707abf12c25cfa179eb102b3ecc0c780f8879b27a22f3e62efcf971de4ae8cb4495516024

Download Submit
C:\Windows\System\eZRgFNX.exe

Filesize
1.6MB

MD5
572d2b061996596bb72a220e286f7492

SHA1
e5bb385b4e1aef92873bdabb74efd85dd6236a97

SHA256
6203806f444309d93adbc8031b27bbe48e7b366527fe5ba17aafc833f754ae66

SHA512
3322a06ed7842b60c9d8333a4d01a8b9d84eea9ff8795e2535e12272184de4d644a64f7c437c509cf39a6756001dfcd36ba9156cc3bc244bb472879a7ed35e7e

Download Submit
C:\Windows\System\gBPDdFL.exe

Filesize
1.6MB

MD5
3783353b1dc8f9af7923d5f8a7946f6e

SHA1
8c75b1fee475aed12dadbd63ea26a267320916b2

SHA256
37839691169aaebf80e673bb4766fee40fab9efa94053529c48fda2287ab2f59

SHA512
73aa9bb204b7a1c451a8f941fc6845d78b9f60150eef2ad52e098de9c949539393198a45fa64e168ab42511ac957779cba93f65314d654c596dfeebcc2c13851

Download Submit
C:\Windows\System\gIUMdzF.exe

Filesize
1.6MB

MD5
18aa953dcf3537b91bd0aa008406b3eb

SHA1
0afaf11c29d8a0bbbf3ff53dbfa2d7b49fa24e6a

SHA256
35c98f8c4c27af8a7748d653afe1b6c74640a13cfec672a73709ef15b2dd3f4a

SHA512
78201b83772c45079959f4190e4caf85452a21d339d18cff3cd1a15e302317c4467f8ba96bf970741ef703693f26c0e41efe4fac39fe280050a850ece3a3fc6b

Download Submit
C:\Windows\System\gfjjqOA.exe

Filesize
1.6MB

MD5
4e89f180d9398de3e1d8ac7fa6b9b277

SHA1
b54d15d0de11389e1c760780a0607cc6a230f486

SHA256
f5b75c6e54a1104a4e3857a2a2e7dda9789cde303ed4f93137b78e66352cf3a3

SHA512
4024aa9806085a9e3fcab8573b4d2eb92ebb1eda475f2b07010c3796f81381321bd59f921826e2f4fbd5dbf56a5444abda7fd5819f37c712a687a0f18eca4f51

Download Submit
C:\Windows\System\izMKWgl.exe

Filesize
1.6MB

MD5
d51f6b3d0666055b19c4176f61998498

SHA1
3effb87dd7f13d81a851af2b48cbebe8c85fb1a9

SHA256
0726791adf8ce211c56c15ff23b37f293574fe5a6f23425d421c5c923cf9ddd6

SHA512
b9c2dfaa1faf98bf983e3a6f867ad80008fff2180d521ae2c1ec01acd439a80ac657341d14fced032cec0d8ce5f4c7b786f05ba1599121d8301dded2a4c7d0c7

Download Submit
C:\Windows\System\kKlrWaN.exe

Filesize
1.6MB

MD5
9d6a35f74893a6f58bc8f06fa010a5fe

SHA1
77553d5e3e49d870f9724ad2247a5cfe224b58b7

SHA256
7439e4e2ccb9839e60660bd00f839de9eb416ee0c15fd01fd75efb2663dafd73

SHA512
f2254759202712603a282ed0a37b844193cd6994666e4bf527eaf8fa8be610ea4a2e74c11a498708e180e48b55e7a4e24e10d86c21c7fc4d8ee4d7e6d6bf4308

Download Submit
C:\Windows\System\kWpADLf.exe

Filesize
1.6MB

MD5
a384ad874064d0dca47cd540548231a9

SHA1
28a31979a84634931ad035f8412fa19342c4cba5

SHA256
8740594a4975f0b67ecdcde342ce0bbaaa715d3f0d1a17682da132cb7d29d4a7

SHA512
b58881a15f33c23d553984baaa2897f1f215c2a373ac9f42b1732ba52a664a4dd33ca4ac63033f844a569ce48c34a5d4422991c463fd7d9a43a0affd7381d196

Download Submit
C:\Windows\System\oRQltaG.exe

Filesize
1.6MB

MD5
8422c38d9f34bc46662fbd2226b03e39

SHA1
97dd2814d6bb32318a7ddb0f0b0e4e44b10ab1e2

SHA256
ee59161266276480b04680426d1904c4cac7c6b7e26cb8c2bad1e2627dea7a31

SHA512
8782b6937ae2c672ea55d974aab4bd6051301f0287801e9f8de25ebc155b54b41d3eef2cf65263810acef58ca24dc2a09ed1ca68f6e21e362b35bd05f6a59589

Download Submit
C:\Windows\System\qREZUtJ.exe

Filesize
1.6MB

MD5
d8e61876f1438431bd04607c116e9ab3

SHA1
63ceb274912a1c139d640006afdcbf9cb7f37be9

SHA256
4595528ce3341a6b2ff77a681abd019c883eb61e58a272271be8ac9b91f37818

SHA512
5c4f02d8f2ff05438b1f9a843b00cbfbbd47c51974898eb1d0d679adb898fba6cec3041b0a00668248134f28aa6f3fdb18dacfd05360fd4d2f25935901150877

Download Submit
C:\Windows\System\rWQpgzx.exe

Filesize
1.6MB

MD5
b1cac07af6b87f15dcff3bc85540680a

SHA1
8bafed6423e9bfacf02c63085268030f616b7531

SHA256
bc0d8e727d2a91ae2f98f8c6df767577e21365b906f84303bf8e2dc0ebb8b75e

SHA512
e3007cf4cd121c6604efbf0cec0ae5845a9c2bdf02d79121e74aa279b031fb7285254d0b5e6af0c5931785dbea76476cd8eba37a4c1285ab6b617525789bd705

Download Submit
C:\Windows\System\sAdRxhn.exe

Filesize
1.6MB

MD5
a3faf29d789f344f1c55ce6c9af75077

SHA1
baf0bce656400394680c728a52c527ce794a2b39

SHA256
b3e92edff1b26061d6637bac29ecd2156b8b5e856ca267b7b6ef6b8cec174156

SHA512
6f52950e152f394c90708d9504a9060fa976aa822a0a8ec6ede7673b4ff4cd08da606af1c3523ff8ceb2aac0e4b4dec90ef1bf0e8d92e3c728f664806153a21a

Download Submit
C:\Windows\System\tAeAPjk.exe

Filesize
1.6MB

MD5
e2170d7895a4dc43779ebd9b1c12dc28

SHA1
0003d3e3a9725cda3f3243faa7e71eca0699b834

SHA256
c431858127d7b61bcd3ff07e95971d1c670dc20d84c892b0f836df3851435ee2

SHA512
0d54ffb2436f2f48a09ebc3a8b014d490306c8854af8b4e4d5ee765c6b6f431af6173dc66a816ad7a00bee4bce61dc2c13f72187d1f7a9af834d655e34982a01

Download Submit
C:\Windows\System\yXxdJpx.exe

Filesize
1.6MB

MD5
9310e806c482eaeefdf660bc46b873e0

SHA1
89359699494157a5e2ac6ba6bce77dfa0d012dc9

SHA256
7cb0a744a54ed5662bafe74ad934e937e3588b24515a7db9e0d3e5c091cac7ed

SHA512
9b6cc67f874ff2b124036c28a892e84c6863f1fedb058020f6907fed2972a30fb91ea6573f40a857f5785f80a261770bcc22110fe40111a5537bbb291c5da9da

Download Submit
memory/456-2194-0x00007FF673780000-0x00007FF673AD4000-memory.dmp

Filesize
3.3MB

Download
memory/456-195-0x00007FF673780000-0x00007FF673AD4000-memory.dmp

Filesize
3.3MB

Download
memory/548-53-0x00007FF73E260000-0x00007FF73E5B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-2174-0x00007FF73E260000-0x00007FF73E5B4000-memory.dmp

Filesize
3.3MB

Download
memory/548-2166-0x00007FF73E260000-0x00007FF73E5B4000-memory.dmp

Filesize
3.3MB

Download
memory/760-202-0x00007FF69C390000-0x00007FF69C6E4000-memory.dmp

Filesize
3.3MB

Download
memory/760-2181-0x00007FF69C390000-0x00007FF69C6E4000-memory.dmp

Filesize
3.3MB

Download
memory/984-2172-0x00007FF6CF330000-0x00007FF6CF684000-memory.dmp

Filesize
3.3MB

Download
memory/984-29-0x00007FF6CF330000-0x00007FF6CF684000-memory.dmp

Filesize
3.3MB

Download
memory/984-2164-0x00007FF6CF330000-0x00007FF6CF684000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2182-0x00007FF761F10000-0x00007FF762264000-memory.dmp

Filesize
3.3MB

Download
memory/1252-131-0x00007FF761F10000-0x00007FF762264000-memory.dmp

Filesize
3.3MB

Download
memory/1428-206-0x00007FF6AB910000-0x00007FF6ABC64000-memory.dmp

Filesize
3.3MB

Download
memory/1428-2189-0x00007FF6AB910000-0x00007FF6ABC64000-memory.dmp

Filesize
3.3MB

Download
memory/1508-2167-0x00007FF7A6D20000-0x00007FF7A7074000-memory.dmp

Filesize
3.3MB

Download
memory/1508-78-0x00007FF7A6D20000-0x00007FF7A7074000-memory.dmp

Filesize
3.3MB

Download
memory/1508-2179-0x00007FF7A6D20000-0x00007FF7A7074000-memory.dmp

Filesize
3.3MB

Download
memory/1628-199-0x00007FF725E90000-0x00007FF7261E4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-2175-0x00007FF725E90000-0x00007FF7261E4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-169-0x00007FF72F5C0000-0x00007FF72F914000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2177-0x00007FF72F5C0000-0x00007FF72F914000-memory.dmp

Filesize
3.3MB

Download
memory/2720-196-0x00007FF6C5F30000-0x00007FF6C6284000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2196-0x00007FF6C5F30000-0x00007FF6C6284000-memory.dmp

Filesize
3.3MB

Download
memory/2824-197-0x00007FF778C30000-0x00007FF778F84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2191-0x00007FF778C30000-0x00007FF778F84000-memory.dmp

Filesize
3.3MB

Download
memory/3112-200-0x00007FF7E9660000-0x00007FF7E99B4000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2176-0x00007FF7E9660000-0x00007FF7E99B4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2180-0x00007FF658450000-0x00007FF6587A4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-111-0x00007FF658450000-0x00007FF6587A4000-memory.dmp

Filesize
3.3MB

Download
memory/3120-2168-0x00007FF658450000-0x00007FF6587A4000-memory.dmp

Filesize
3.3MB

Download
memory/3164-205-0x00007FF7CB2A0000-0x00007FF7CB5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3164-2190-0x00007FF7CB2A0000-0x00007FF7CB5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2173-0x00007FF6A8A30000-0x00007FF6A8D84000-memory.dmp

Filesize
3.3MB

Download
memory/3204-201-0x00007FF6A8A30000-0x00007FF6A8D84000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2171-0x00007FF6AC730000-0x00007FF6ACA84000-memory.dmp

Filesize
3.3MB

Download
memory/3320-73-0x00007FF6AC730000-0x00007FF6ACA84000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2170-0x00007FF76AA50000-0x00007FF76ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2165-0x00007FF76AA50000-0x00007FF76ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-47-0x00007FF76AA50000-0x00007FF76ADA4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-194-0x00007FF7D5D00000-0x00007FF7D6054000-memory.dmp

Filesize
3.3MB

Download
memory/4432-2193-0x00007FF7D5D00000-0x00007FF7D6054000-memory.dmp

Filesize
3.3MB

Download
memory/4456-2163-0x00007FF7B2BB0000-0x00007FF7B2F04000-memory.dmp

Filesize
3.3MB

Download
memory/4456-1-0x0000022FD2A20000-0x0000022FD2A30000-memory.dmp

Filesize
64KB

Download
memory/4456-0-0x00007FF7B2BB0000-0x00007FF7B2F04000-memory.dmp

Filesize
3.3MB

Download
memory/4708-183-0x00007FF7DBFD0000-0x00007FF7DC324000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2188-0x00007FF7DBFD0000-0x00007FF7DC324000-memory.dmp

Filesize
3.3MB

Download
memory/4796-2197-0x00007FF7C5990000-0x00007FF7C5CE4000-memory.dmp

Filesize
3.3MB

Download
memory/4796-198-0x00007FF7C5990000-0x00007FF7C5CE4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-203-0x00007FF648B80000-0x00007FF648ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2178-0x00007FF648B80000-0x00007FF648ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-189-0x00007FF724230000-0x00007FF724584000-memory.dmp

Filesize
3.3MB

Download
memory/4900-2192-0x00007FF724230000-0x00007FF724584000-memory.dmp

Filesize
3.3MB

Download
memory/4984-182-0x00007FF68C0A0000-0x00007FF68C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2187-0x00007FF68C0A0000-0x00007FF68C3F4000-memory.dmp

Filesize
3.3MB

Download
memory/5008-176-0x00007FF7B6520000-0x00007FF7B6874000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2186-0x00007FF7B6520000-0x00007FF7B6874000-memory.dmp

Filesize
3.3MB

Download
memory/5176-2185-0x00007FF6DB9A0000-0x00007FF6DBCF4000-memory.dmp

Filesize
3.3MB

Download
memory/5176-204-0x00007FF6DB9A0000-0x00007FF6DBCF4000-memory.dmp

Filesize
3.3MB

Download
memory/5192-132-0x00007FF7FA300000-0x00007FF7FA654000-memory.dmp

Filesize
3.3MB

Download
memory/5192-2184-0x00007FF7FA300000-0x00007FF7FA654000-memory.dmp

Filesize
3.3MB

Download
memory/5292-190-0x00007FF60B8B0000-0x00007FF60BC04000-memory.dmp

Filesize
3.3MB

Download
memory/5292-2195-0x00007FF60B8B0000-0x00007FF60BC04000-memory.dmp

Filesize
3.3MB

Download
memory/5324-2169-0x00007FF6773C0000-0x00007FF677714000-memory.dmp

Filesize
3.3MB

Download
memory/5324-14-0x00007FF6773C0000-0x00007FF677714000-memory.dmp

Filesize
3.3MB

Download
memory/5416-151-0x00007FF611180000-0x00007FF6114D4000-memory.dmp

Filesize
3.3MB

Download
memory/5416-2183-0x00007FF611180000-0x00007FF6114D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads