xmrig | 9736881fcb018a7a1816ce5d79051f24d60d0d33c25af4a67c78fbfb9587135b

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
Size

1.1MB
MD5

9217563dae1de5fcb4f349c379dddf40
SHA1

40a50cc3460973577d686a2aca1890ef88f7fc7a
SHA256

9736881fcb018a7a1816ce5d79051f24d60d0d33c25af4a67c78fbfb9587135b
SHA512

88d6f048e4b44344517aa079cf3272e527e04a77a6a65a638d37365d85cd6102eb07ba668ac80ace9ed5b31dec1d92a249c6812f565dfc14edbca961e8cc3dd2
SSDEEP

24576:RVIl/WDGCi7/qkat6Q5aILMCfmARMeXHZalNvqVDaFS:ROdWCCi7/raZ5aIwC+AjJX

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/4752-396-0x00007FF6F9A50000-0x00007FF6F9DA1000-memory.dmp	xmrig
behavioral2/memory/2432-398-0x00007FF6E2CC0000-0x00007FF6E3011000-memory.dmp	xmrig
behavioral2/memory/1672-412-0x00007FF659530000-0x00007FF659881000-memory.dmp	xmrig
behavioral2/memory/3376-426-0x00007FF7B0FF0000-0x00007FF7B1341000-memory.dmp	xmrig
behavioral2/memory/2036-441-0x00007FF6F7C10000-0x00007FF6F7F61000-memory.dmp	xmrig
behavioral2/memory/3052-443-0x00007FF69CC30000-0x00007FF69CF81000-memory.dmp	xmrig
behavioral2/memory/3396-446-0x00007FF7CADA0000-0x00007FF7CB0F1000-memory.dmp	xmrig
behavioral2/memory/1560-445-0x00007FF6384B0000-0x00007FF638801000-memory.dmp	xmrig
behavioral2/memory/4584-444-0x00007FF7F3500000-0x00007FF7F3851000-memory.dmp	xmrig
behavioral2/memory/3628-442-0x00007FF62AEC0000-0x00007FF62B211000-memory.dmp	xmrig
behavioral2/memory/4964-447-0x00007FF7DAC30000-0x00007FF7DAF81000-memory.dmp	xmrig
behavioral2/memory/4600-451-0x00007FF615490000-0x00007FF6157E1000-memory.dmp	xmrig
behavioral2/memory/4948-450-0x00007FF7C0C70000-0x00007FF7C0FC1000-memory.dmp	xmrig
behavioral2/memory/536-448-0x00007FF64C820000-0x00007FF64CB71000-memory.dmp	xmrig
behavioral2/memory/1116-449-0x00007FF754970000-0x00007FF754CC1000-memory.dmp	xmrig
behavioral2/memory/4072-440-0x00007FF723900000-0x00007FF723C51000-memory.dmp	xmrig
behavioral2/memory/3780-434-0x00007FF746A40000-0x00007FF746D91000-memory.dmp	xmrig
behavioral2/memory/1180-420-0x00007FF6F0A70000-0x00007FF6F0DC1000-memory.dmp	xmrig
behavioral2/memory/4932-417-0x00007FF7FA3F0000-0x00007FF7FA741000-memory.dmp	xmrig
behavioral2/memory/3500-409-0x00007FF6FF2B0000-0x00007FF6FF601000-memory.dmp	xmrig
behavioral2/memory/4004-405-0x00007FF65FFC0000-0x00007FF660311000-memory.dmp	xmrig
behavioral2/memory/4976-403-0x00007FF7B46B0000-0x00007FF7B4A01000-memory.dmp	xmrig
behavioral2/memory/4844-386-0x00007FF6DCC30000-0x00007FF6DCF81000-memory.dmp	xmrig
behavioral2/memory/544-383-0x00007FF7D1C60000-0x00007FF7D1FB1000-memory.dmp	xmrig
behavioral2/memory/1980-373-0x00007FF7464D0000-0x00007FF746821000-memory.dmp	xmrig
behavioral2/memory/2868-369-0x00007FF748A90000-0x00007FF748DE1000-memory.dmp	xmrig
behavioral2/memory/4140-32-0x00007FF78B7D0000-0x00007FF78BB21000-memory.dmp	xmrig
behavioral2/memory/3304-18-0x00007FF7B5D00000-0x00007FF7B6051000-memory.dmp	xmrig
behavioral2/memory/4172-2173-0x00007FF7E0260000-0x00007FF7E05B1000-memory.dmp	xmrig
behavioral2/memory/3304-2244-0x00007FF7B5D00000-0x00007FF7B6051000-memory.dmp	xmrig
behavioral2/memory/1980-2248-0x00007FF7464D0000-0x00007FF746821000-memory.dmp	xmrig
behavioral2/memory/544-2254-0x00007FF7D1C60000-0x00007FF7D1FB1000-memory.dmp	xmrig
behavioral2/memory/2868-2252-0x00007FF748A90000-0x00007FF748DE1000-memory.dmp	xmrig
behavioral2/memory/4600-2250-0x00007FF615490000-0x00007FF6157E1000-memory.dmp	xmrig
behavioral2/memory/4140-2246-0x00007FF78B7D0000-0x00007FF78BB21000-memory.dmp	xmrig
behavioral2/memory/816-2242-0x00007FF6AF890000-0x00007FF6AFBE1000-memory.dmp	xmrig
behavioral2/memory/4932-2274-0x00007FF7FA3F0000-0x00007FF7FA741000-memory.dmp	xmrig
behavioral2/memory/3780-2278-0x00007FF746A40000-0x00007FF746D91000-memory.dmp	xmrig
behavioral2/memory/3052-2284-0x00007FF69CC30000-0x00007FF69CF81000-memory.dmp	xmrig
behavioral2/memory/1560-2288-0x00007FF6384B0000-0x00007FF638801000-memory.dmp	xmrig
behavioral2/memory/4584-2286-0x00007FF7F3500000-0x00007FF7F3851000-memory.dmp	xmrig
behavioral2/memory/4072-2276-0x00007FF723900000-0x00007FF723C51000-memory.dmp	xmrig
behavioral2/memory/2036-2282-0x00007FF6F7C10000-0x00007FF6F7F61000-memory.dmp	xmrig
behavioral2/memory/3628-2280-0x00007FF62AEC0000-0x00007FF62B211000-memory.dmp	xmrig
behavioral2/memory/1180-2272-0x00007FF6F0A70000-0x00007FF6F0DC1000-memory.dmp	xmrig
behavioral2/memory/3376-2270-0x00007FF7B0FF0000-0x00007FF7B1341000-memory.dmp	xmrig
behavioral2/memory/3500-2266-0x00007FF6FF2B0000-0x00007FF6FF601000-memory.dmp	xmrig
behavioral2/memory/4004-2264-0x00007FF65FFC0000-0x00007FF660311000-memory.dmp	xmrig
behavioral2/memory/2432-2260-0x00007FF6E2CC0000-0x00007FF6E3011000-memory.dmp	xmrig
behavioral2/memory/1672-2268-0x00007FF659530000-0x00007FF659881000-memory.dmp	xmrig
behavioral2/memory/4844-2258-0x00007FF6DCC30000-0x00007FF6DCF81000-memory.dmp	xmrig
behavioral2/memory/4752-2256-0x00007FF6F9A50000-0x00007FF6F9DA1000-memory.dmp	xmrig
behavioral2/memory/4976-2262-0x00007FF7B46B0000-0x00007FF7B4A01000-memory.dmp	xmrig
behavioral2/memory/4964-2298-0x00007FF7DAC30000-0x00007FF7DAF81000-memory.dmp	xmrig
behavioral2/memory/4948-2295-0x00007FF7C0C70000-0x00007FF7C0FC1000-memory.dmp	xmrig
behavioral2/memory/3396-2293-0x00007FF7CADA0000-0x00007FF7CB0F1000-memory.dmp	xmrig
behavioral2/memory/536-2292-0x00007FF64C820000-0x00007FF64CB71000-memory.dmp	xmrig
behavioral2/memory/1116-2297-0x00007FF754970000-0x00007FF754CC1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
816	mhqwTLg.exe
3304	jZzFcDl.exe
4140	JedIkQd.exe
2868	IKUDVgU.exe
1980	LzvYweN.exe
4600	RFrcIde.exe
544	UipeDNX.exe
4844	NXFPunm.exe
4752	UCSbSiP.exe
2432	acPIMtD.exe
4976	OUIMqBH.exe
4004	iIGOjbX.exe
3500	iGItvUB.exe
1672	rQMTiNe.exe
4932	XEbBSgO.exe
1180	RvZQycH.exe
3376	LaHNlER.exe
3780	SvejRhu.exe
4072	eCnrOSg.exe
2036	mxJtbXb.exe
3628	bHeaNMK.exe
3052	ByEzJeB.exe
4584	AaCzJQr.exe
1560	zFejgca.exe
3396	dAceCpF.exe
4964	XqgjHLj.exe
536	OspVebU.exe
1116	kcpMwnQ.exe
4948	zbhKvUG.exe
4788	PMGGeCB.exe
3352	EyqIlbw.exe
1804	GaMnpKE.exe
4136	BbbrEqI.exe
2816	KDKvSSd.exe
3240	TZBvsMw.exe
1600	yiiuJNG.exe
4020	uVrYsIV.exe
2800	iEgyPqp.exe
3244	ZRuUFlj.exe
4344	XJvMJde.exe
3080	chGtCsD.exe
1208	UoKgWvW.exe
3880	xwYCZfI.exe
3848	aXIsAut.exe
2796	yAReZXr.exe
4700	KPPwWfz.exe
1228	vGHMmdN.exe
4540	KwTNVNa.exe
3492	SmVHsjc.exe
744	bonKqRd.exe
4892	vdagzLL.exe
4468	kpSDyts.exe
464	JruvPeC.exe
3820	ibPgnaG.exe
1692	bfEwUkY.exe
4160	wMVKznE.exe
4316	ISPhMMN.exe
3128	XMJztgd.exe
4476	WOfPAMI.exe
2392	MYVTzTJ.exe
2060	dfgRmTY.exe
1612	ApJJfsL.exe
1664	zRctWqR.exe
5084	LSiSFHX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4172-0-0x00007FF7E0260000-0x00007FF7E05B1000-memory.dmp	upx
behavioral2/files/0x000a000000023480-5.dat	upx
behavioral2/files/0x000700000002348f-7.dat	upx
behavioral2/files/0x000700000002348e-12.dat	upx
behavioral2/files/0x0007000000023490-20.dat	upx
behavioral2/files/0x0007000000023491-25.dat	upx
behavioral2/files/0x0007000000023492-37.dat	upx
behavioral2/files/0x0007000000023495-50.dat	upx
behavioral2/files/0x0007000000023496-56.dat	upx
behavioral2/files/0x000700000002349a-79.dat	upx
behavioral2/files/0x000700000002349c-89.dat	upx
behavioral2/files/0x000700000002349e-99.dat	upx
behavioral2/files/0x00070000000234a0-109.dat	upx
behavioral2/files/0x00070000000234a3-124.dat	upx
behavioral2/files/0x00070000000234a7-136.dat	upx
behavioral2/files/0x00070000000234a9-154.dat	upx
behavioral2/memory/4752-396-0x00007FF6F9A50000-0x00007FF6F9DA1000-memory.dmp	upx
behavioral2/memory/2432-398-0x00007FF6E2CC0000-0x00007FF6E3011000-memory.dmp	upx
behavioral2/memory/1672-412-0x00007FF659530000-0x00007FF659881000-memory.dmp	upx
behavioral2/memory/3376-426-0x00007FF7B0FF0000-0x00007FF7B1341000-memory.dmp	upx
behavioral2/memory/2036-441-0x00007FF6F7C10000-0x00007FF6F7F61000-memory.dmp	upx
behavioral2/memory/3052-443-0x00007FF69CC30000-0x00007FF69CF81000-memory.dmp	upx
behavioral2/memory/3396-446-0x00007FF7CADA0000-0x00007FF7CB0F1000-memory.dmp	upx
behavioral2/memory/1560-445-0x00007FF6384B0000-0x00007FF638801000-memory.dmp	upx
behavioral2/memory/4584-444-0x00007FF7F3500000-0x00007FF7F3851000-memory.dmp	upx
behavioral2/memory/3628-442-0x00007FF62AEC0000-0x00007FF62B211000-memory.dmp	upx
behavioral2/memory/4964-447-0x00007FF7DAC30000-0x00007FF7DAF81000-memory.dmp	upx
behavioral2/memory/4600-451-0x00007FF615490000-0x00007FF6157E1000-memory.dmp	upx
behavioral2/memory/4948-450-0x00007FF7C0C70000-0x00007FF7C0FC1000-memory.dmp	upx
behavioral2/memory/536-448-0x00007FF64C820000-0x00007FF64CB71000-memory.dmp	upx
behavioral2/memory/1116-449-0x00007FF754970000-0x00007FF754CC1000-memory.dmp	upx
behavioral2/memory/4072-440-0x00007FF723900000-0x00007FF723C51000-memory.dmp	upx
behavioral2/memory/3780-434-0x00007FF746A40000-0x00007FF746D91000-memory.dmp	upx
behavioral2/memory/1180-420-0x00007FF6F0A70000-0x00007FF6F0DC1000-memory.dmp	upx
behavioral2/memory/4932-417-0x00007FF7FA3F0000-0x00007FF7FA741000-memory.dmp	upx
behavioral2/memory/3500-409-0x00007FF6FF2B0000-0x00007FF6FF601000-memory.dmp	upx
behavioral2/memory/4004-405-0x00007FF65FFC0000-0x00007FF660311000-memory.dmp	upx
behavioral2/memory/4976-403-0x00007FF7B46B0000-0x00007FF7B4A01000-memory.dmp	upx
behavioral2/memory/4844-386-0x00007FF6DCC30000-0x00007FF6DCF81000-memory.dmp	upx
behavioral2/memory/544-383-0x00007FF7D1C60000-0x00007FF7D1FB1000-memory.dmp	upx
behavioral2/memory/1980-373-0x00007FF7464D0000-0x00007FF746821000-memory.dmp	upx
behavioral2/memory/2868-369-0x00007FF748A90000-0x00007FF748DE1000-memory.dmp	upx
behavioral2/files/0x00070000000234ad-166.dat	upx
behavioral2/files/0x00070000000234ab-164.dat	upx
behavioral2/files/0x00070000000234ac-161.dat	upx
behavioral2/files/0x00070000000234aa-159.dat	upx
behavioral2/files/0x00070000000234a8-149.dat	upx
behavioral2/files/0x00070000000234a6-139.dat	upx
behavioral2/files/0x00070000000234a5-134.dat	upx
behavioral2/files/0x00070000000234a4-129.dat	upx
behavioral2/files/0x00070000000234a2-119.dat	upx
behavioral2/files/0x00070000000234a1-114.dat	upx
behavioral2/files/0x000700000002349f-104.dat	upx
behavioral2/files/0x000700000002349d-94.dat	upx
behavioral2/files/0x000700000002349b-84.dat	upx
behavioral2/files/0x0007000000023499-71.dat	upx
behavioral2/files/0x0007000000023498-67.dat	upx
behavioral2/files/0x0007000000023497-62.dat	upx
behavioral2/files/0x0007000000023494-52.dat	upx
behavioral2/files/0x0007000000023493-41.dat	upx
behavioral2/memory/4140-32-0x00007FF78B7D0000-0x00007FF78BB21000-memory.dmp	upx
behavioral2/memory/3304-18-0x00007FF7B5D00000-0x00007FF7B6051000-memory.dmp	upx
behavioral2/memory/816-11-0x00007FF6AF890000-0x00007FF6AFBE1000-memory.dmp	upx
behavioral2/memory/4172-2173-0x00007FF7E0260000-0x00007FF7E05B1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AErSJYX.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\qUHOfgB.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\uVrYsIV.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\RNyBbML.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\ceSakmz.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\SGpWPAO.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\rXGsNzj.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\rYplXcS.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\BVeGIZM.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\MDKjJSC.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\bHeaNMK.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\zwbohvk.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\yWXjeRw.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\KdLCxhU.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\WfPPnIF.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\HVwoBEp.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\YxAgqxA.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\lauUvbN.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\SpQuNkp.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\JsYgfHc.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\FnXkbqQ.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\dfgRmTY.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\PbZPzuX.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\aNRPsxx.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\MDcfMEf.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\SVbcYNr.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\QklYQSF.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\CFTXxLa.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\XLhRQOm.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\pCJYkwz.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\KPPwWfz.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\XMJztgd.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\QzuJBSx.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\CmglbnB.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\GsYpCxi.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\qecJrrf.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\BupAXyX.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\hLuVUTO.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\yajuGlk.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\ADrorhQ.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\iMJgPWu.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\pnlthlj.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\chGtCsD.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\wMVKznE.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\BNFNRmR.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\oXLjJbS.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\UQceyLm.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\cKWbhHj.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\roSYCkp.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\lgLIDpm.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\LwUyQRf.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\AtDePKl.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\rQMTiNe.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\OspVebU.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\OMqSeQx.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\VUpBkBq.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\iFNLyFG.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\rtJiNIl.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\mFGaZip.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\cJjJEPM.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\sIXHhSP.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\HOmvXBe.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\TfhmSgi.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
File created	C:\Windows\System\BbbrEqI.exe	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5092	dwm.exe
Token: SeChangeNotifyPrivilege	5092	dwm.exe
Token: 33	5092	dwm.exe
Token: SeIncBasePriorityPrivilege	5092	dwm.exe
Token: SeShutdownPrivilege	5092	dwm.exe
Token: SeCreatePagefilePrivilege	5092	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 816	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	84
PID 4172 wrote to memory of 816	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	84
PID 4172 wrote to memory of 3304	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	85
PID 4172 wrote to memory of 3304	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	85
PID 4172 wrote to memory of 4140	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	86
PID 4172 wrote to memory of 4140	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	86
PID 4172 wrote to memory of 2868	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	87
PID 4172 wrote to memory of 2868	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	87
PID 4172 wrote to memory of 1980	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	88
PID 4172 wrote to memory of 1980	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	88
PID 4172 wrote to memory of 4600	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	89
PID 4172 wrote to memory of 4600	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	89
PID 4172 wrote to memory of 544	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	90
PID 4172 wrote to memory of 544	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	90
PID 4172 wrote to memory of 4752	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	91
PID 4172 wrote to memory of 4752	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	91
PID 4172 wrote to memory of 4844	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	92
PID 4172 wrote to memory of 4844	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	92
PID 4172 wrote to memory of 2432	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	93
PID 4172 wrote to memory of 2432	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	93
PID 4172 wrote to memory of 4976	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	94
PID 4172 wrote to memory of 4976	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	94
PID 4172 wrote to memory of 4004	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	95
PID 4172 wrote to memory of 4004	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	95
PID 4172 wrote to memory of 3500	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	96
PID 4172 wrote to memory of 3500	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	96
PID 4172 wrote to memory of 1672	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	97
PID 4172 wrote to memory of 1672	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	97
PID 4172 wrote to memory of 4932	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	98
PID 4172 wrote to memory of 4932	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	98
PID 4172 wrote to memory of 1180	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	99
PID 4172 wrote to memory of 1180	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	99
PID 4172 wrote to memory of 3376	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	100
PID 4172 wrote to memory of 3376	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	100
PID 4172 wrote to memory of 3780	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	101
PID 4172 wrote to memory of 3780	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	101
PID 4172 wrote to memory of 4072	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	102
PID 4172 wrote to memory of 4072	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	102
PID 4172 wrote to memory of 2036	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	103
PID 4172 wrote to memory of 2036	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	103
PID 4172 wrote to memory of 3628	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	104
PID 4172 wrote to memory of 3628	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	104
PID 4172 wrote to memory of 3052	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	105
PID 4172 wrote to memory of 3052	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	105
PID 4172 wrote to memory of 4584	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	106
PID 4172 wrote to memory of 4584	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	106
PID 4172 wrote to memory of 1560	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	107
PID 4172 wrote to memory of 1560	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	107
PID 4172 wrote to memory of 3396	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	108
PID 4172 wrote to memory of 3396	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	108
PID 4172 wrote to memory of 4964	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	109
PID 4172 wrote to memory of 4964	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	109
PID 4172 wrote to memory of 536	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	110
PID 4172 wrote to memory of 536	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	110
PID 4172 wrote to memory of 1116	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	111
PID 4172 wrote to memory of 1116	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	111
PID 4172 wrote to memory of 4948	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	112
PID 4172 wrote to memory of 4948	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	112
PID 4172 wrote to memory of 4788	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	113
PID 4172 wrote to memory of 4788	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	113
PID 4172 wrote to memory of 3352	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	114
PID 4172 wrote to memory of 3352	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	114
PID 4172 wrote to memory of 1804	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	115
PID 4172 wrote to memory of 1804	4172	9217563dae1de5fcb4f349c379dddf40_NEIKI.exe	115

C:\Users\Admin\AppData\Local\Temp\9217563dae1de5fcb4f349c379dddf40_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\9217563dae1de5fcb4f349c379dddf40_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Windows\System\mhqwTLg.exe
  C:\Windows\System\mhqwTLg.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\jZzFcDl.exe
  C:\Windows\System\jZzFcDl.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\JedIkQd.exe
  C:\Windows\System\JedIkQd.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\IKUDVgU.exe
  C:\Windows\System\IKUDVgU.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\LzvYweN.exe
  C:\Windows\System\LzvYweN.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\RFrcIde.exe
  C:\Windows\System\RFrcIde.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\UipeDNX.exe
  C:\Windows\System\UipeDNX.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\UCSbSiP.exe
  C:\Windows\System\UCSbSiP.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\NXFPunm.exe
  C:\Windows\System\NXFPunm.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\acPIMtD.exe
  C:\Windows\System\acPIMtD.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\OUIMqBH.exe
  C:\Windows\System\OUIMqBH.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\iIGOjbX.exe
  C:\Windows\System\iIGOjbX.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\iGItvUB.exe
  C:\Windows\System\iGItvUB.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\rQMTiNe.exe
  C:\Windows\System\rQMTiNe.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\XEbBSgO.exe
  C:\Windows\System\XEbBSgO.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\RvZQycH.exe
  C:\Windows\System\RvZQycH.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\LaHNlER.exe
  C:\Windows\System\LaHNlER.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\SvejRhu.exe
  C:\Windows\System\SvejRhu.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\eCnrOSg.exe
  C:\Windows\System\eCnrOSg.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\mxJtbXb.exe
  C:\Windows\System\mxJtbXb.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\bHeaNMK.exe
  C:\Windows\System\bHeaNMK.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\ByEzJeB.exe
  C:\Windows\System\ByEzJeB.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\AaCzJQr.exe
  C:\Windows\System\AaCzJQr.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\zFejgca.exe
  C:\Windows\System\zFejgca.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\dAceCpF.exe
  C:\Windows\System\dAceCpF.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\XqgjHLj.exe
  C:\Windows\System\XqgjHLj.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\OspVebU.exe
  C:\Windows\System\OspVebU.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\kcpMwnQ.exe
  C:\Windows\System\kcpMwnQ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\zbhKvUG.exe
  C:\Windows\System\zbhKvUG.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\PMGGeCB.exe
  C:\Windows\System\PMGGeCB.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\EyqIlbw.exe
  C:\Windows\System\EyqIlbw.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\GaMnpKE.exe
  C:\Windows\System\GaMnpKE.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\BbbrEqI.exe
  C:\Windows\System\BbbrEqI.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\KDKvSSd.exe
  C:\Windows\System\KDKvSSd.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\TZBvsMw.exe
  C:\Windows\System\TZBvsMw.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\yiiuJNG.exe
  C:\Windows\System\yiiuJNG.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\uVrYsIV.exe
  C:\Windows\System\uVrYsIV.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\iEgyPqp.exe
  C:\Windows\System\iEgyPqp.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ZRuUFlj.exe
  C:\Windows\System\ZRuUFlj.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\XJvMJde.exe
  C:\Windows\System\XJvMJde.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\chGtCsD.exe
  C:\Windows\System\chGtCsD.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\UoKgWvW.exe
  C:\Windows\System\UoKgWvW.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\xwYCZfI.exe
  C:\Windows\System\xwYCZfI.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\aXIsAut.exe
  C:\Windows\System\aXIsAut.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\yAReZXr.exe
  C:\Windows\System\yAReZXr.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\KPPwWfz.exe
  C:\Windows\System\KPPwWfz.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\vGHMmdN.exe
  C:\Windows\System\vGHMmdN.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\KwTNVNa.exe
  C:\Windows\System\KwTNVNa.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\SmVHsjc.exe
  C:\Windows\System\SmVHsjc.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\bonKqRd.exe
  C:\Windows\System\bonKqRd.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\vdagzLL.exe
  C:\Windows\System\vdagzLL.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\kpSDyts.exe
  C:\Windows\System\kpSDyts.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\JruvPeC.exe
  C:\Windows\System\JruvPeC.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\ibPgnaG.exe
  C:\Windows\System\ibPgnaG.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\bfEwUkY.exe
  C:\Windows\System\bfEwUkY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\wMVKznE.exe
  C:\Windows\System\wMVKznE.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\ISPhMMN.exe
  C:\Windows\System\ISPhMMN.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\XMJztgd.exe
  C:\Windows\System\XMJztgd.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\WOfPAMI.exe
  C:\Windows\System\WOfPAMI.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\MYVTzTJ.exe
  C:\Windows\System\MYVTzTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\dfgRmTY.exe
  C:\Windows\System\dfgRmTY.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ApJJfsL.exe
  C:\Windows\System\ApJJfsL.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\zRctWqR.exe
  C:\Windows\System\zRctWqR.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\LSiSFHX.exe
  C:\Windows\System\LSiSFHX.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\bxUUlki.exe
  C:\Windows\System\bxUUlki.exe
  2⤵
  PID:2124
- C:\Windows\System\qJuEQrb.exe
  C:\Windows\System\qJuEQrb.exe
  2⤵
  PID:4980
- C:\Windows\System\xPWOtyR.exe
  C:\Windows\System\xPWOtyR.exe
  2⤵
  PID:4032
- C:\Windows\System\UQceyLm.exe
  C:\Windows\System\UQceyLm.exe
  2⤵
  PID:4208
- C:\Windows\System\MJPSYHF.exe
  C:\Windows\System\MJPSYHF.exe
  2⤵
  PID:4164
- C:\Windows\System\PpKuLGh.exe
  C:\Windows\System\PpKuLGh.exe
  2⤵
  PID:1764
- C:\Windows\System\GJMnbnI.exe
  C:\Windows\System\GJMnbnI.exe
  2⤵
  PID:4232
- C:\Windows\System\JCboQvS.exe
  C:\Windows\System\JCboQvS.exe
  2⤵
  PID:1544
- C:\Windows\System\cohiQum.exe
  C:\Windows\System\cohiQum.exe
  2⤵
  PID:2140
- C:\Windows\System\IJYVRAf.exe
  C:\Windows\System\IJYVRAf.exe
  2⤵
  PID:4776
- C:\Windows\System\LyIsuyq.exe
  C:\Windows\System\LyIsuyq.exe
  2⤵
  PID:4724
- C:\Windows\System\cKWbhHj.exe
  C:\Windows\System\cKWbhHj.exe
  2⤵
  PID:4100
- C:\Windows\System\zwbohvk.exe
  C:\Windows\System\zwbohvk.exe
  2⤵
  PID:4064
- C:\Windows\System\VIUTwqu.exe
  C:\Windows\System\VIUTwqu.exe
  2⤵
  PID:2876
- C:\Windows\System\ceSakmz.exe
  C:\Windows\System\ceSakmz.exe
  2⤵
  PID:2424
- C:\Windows\System\pmoIxtU.exe
  C:\Windows\System\pmoIxtU.exe
  2⤵
  PID:556
- C:\Windows\System\VJqvwuO.exe
  C:\Windows\System\VJqvwuO.exe
  2⤵
  PID:3640
- C:\Windows\System\iDLTqAT.exe
  C:\Windows\System\iDLTqAT.exe
  2⤵
  PID:3816
- C:\Windows\System\JxMYmdN.exe
  C:\Windows\System\JxMYmdN.exe
  2⤵
  PID:4720
- C:\Windows\System\svpwnxp.exe
  C:\Windows\System\svpwnxp.exe
  2⤵
  PID:2980
- C:\Windows\System\cscwuDM.exe
  C:\Windows\System\cscwuDM.exe
  2⤵
  PID:4312
- C:\Windows\System\MAdjSgO.exe
  C:\Windows\System\MAdjSgO.exe
  2⤵
  PID:4168
- C:\Windows\System\MDcfMEf.exe
  C:\Windows\System\MDcfMEf.exe
  2⤵
  PID:5128
- C:\Windows\System\VGZtXrY.exe
  C:\Windows\System\VGZtXrY.exe
  2⤵
  PID:5156
- C:\Windows\System\tgKgaiR.exe
  C:\Windows\System\tgKgaiR.exe
  2⤵
  PID:5184
- C:\Windows\System\TBoynuT.exe
  C:\Windows\System\TBoynuT.exe
  2⤵
  PID:5212
- C:\Windows\System\AQxikAg.exe
  C:\Windows\System\AQxikAg.exe
  2⤵
  PID:5240
- C:\Windows\System\clLNLRF.exe
  C:\Windows\System\clLNLRF.exe
  2⤵
  PID:5268
- C:\Windows\System\pePdHNV.exe
  C:\Windows\System\pePdHNV.exe
  2⤵
  PID:5296
- C:\Windows\System\jvkByNJ.exe
  C:\Windows\System\jvkByNJ.exe
  2⤵
  PID:5324
- C:\Windows\System\SVbcYNr.exe
  C:\Windows\System\SVbcYNr.exe
  2⤵
  PID:5352
- C:\Windows\System\jpcftZv.exe
  C:\Windows\System\jpcftZv.exe
  2⤵
  PID:5380
- C:\Windows\System\qRSCHqp.exe
  C:\Windows\System\qRSCHqp.exe
  2⤵
  PID:5408
- C:\Windows\System\lCMKbWD.exe
  C:\Windows\System\lCMKbWD.exe
  2⤵
  PID:5436
- C:\Windows\System\MEBNCSg.exe
  C:\Windows\System\MEBNCSg.exe
  2⤵
  PID:5464
- C:\Windows\System\tekguri.exe
  C:\Windows\System\tekguri.exe
  2⤵
  PID:5492
- C:\Windows\System\tMUPUyf.exe
  C:\Windows\System\tMUPUyf.exe
  2⤵
  PID:5520
- C:\Windows\System\PbZPzuX.exe
  C:\Windows\System\PbZPzuX.exe
  2⤵
  PID:5572
- C:\Windows\System\JktJJXl.exe
  C:\Windows\System\JktJJXl.exe
  2⤵
  PID:5616
- C:\Windows\System\NwStFNN.exe
  C:\Windows\System\NwStFNN.exe
  2⤵
  PID:5636
- C:\Windows\System\IehJuNk.exe
  C:\Windows\System\IehJuNk.exe
  2⤵
  PID:5652
- C:\Windows\System\wjsDqtn.exe
  C:\Windows\System\wjsDqtn.exe
  2⤵
  PID:5672
- C:\Windows\System\sLdzsKC.exe
  C:\Windows\System\sLdzsKC.exe
  2⤵
  PID:5692
- C:\Windows\System\JFLKcjW.exe
  C:\Windows\System\JFLKcjW.exe
  2⤵
  PID:5724
- C:\Windows\System\DFrJllC.exe
  C:\Windows\System\DFrJllC.exe
  2⤵
  PID:5744
- C:\Windows\System\morVLSY.exe
  C:\Windows\System\morVLSY.exe
  2⤵
  PID:5776
- C:\Windows\System\PFDQJZh.exe
  C:\Windows\System\PFDQJZh.exe
  2⤵
  PID:5792
- C:\Windows\System\cRSwrNQ.exe
  C:\Windows\System\cRSwrNQ.exe
  2⤵
  PID:5876
- C:\Windows\System\TbCHjMH.exe
  C:\Windows\System\TbCHjMH.exe
  2⤵
  PID:5904
- C:\Windows\System\DbHCFcl.exe
  C:\Windows\System\DbHCFcl.exe
  2⤵
  PID:5936
- C:\Windows\System\mfapxCT.exe
  C:\Windows\System\mfapxCT.exe
  2⤵
  PID:5972
- C:\Windows\System\tcMdBaZ.exe
  C:\Windows\System\tcMdBaZ.exe
  2⤵
  PID:5992
- C:\Windows\System\guhuLLu.exe
  C:\Windows\System\guhuLLu.exe
  2⤵
  PID:6048
- C:\Windows\System\gIOnknS.exe
  C:\Windows\System\gIOnknS.exe
  2⤵
  PID:6076
- C:\Windows\System\sxyIJsF.exe
  C:\Windows\System\sxyIJsF.exe
  2⤵
  PID:6092
- C:\Windows\System\bEjoMmq.exe
  C:\Windows\System\bEjoMmq.exe
  2⤵
  PID:6116
- C:\Windows\System\CedoXiF.exe
  C:\Windows\System\CedoXiF.exe
  2⤵
  PID:6132
- C:\Windows\System\iMyIRZi.exe
  C:\Windows\System\iMyIRZi.exe
  2⤵
  PID:2856
- C:\Windows\System\cuIyKTq.exe
  C:\Windows\System\cuIyKTq.exe
  2⤵
  PID:3464
- C:\Windows\System\EJvEMWC.exe
  C:\Windows\System\EJvEMWC.exe
  2⤵
  PID:1752
- C:\Windows\System\zlxETAe.exe
  C:\Windows\System\zlxETAe.exe
  2⤵
  PID:2656
- C:\Windows\System\NdMdZUH.exe
  C:\Windows\System\NdMdZUH.exe
  2⤵
  PID:5200
- C:\Windows\System\MKaYyQb.exe
  C:\Windows\System\MKaYyQb.exe
  2⤵
  PID:5256
- C:\Windows\System\xjGcYFQ.exe
  C:\Windows\System\xjGcYFQ.exe
  2⤵
  PID:5376
- C:\Windows\System\fKxJgIi.exe
  C:\Windows\System\fKxJgIi.exe
  2⤵
  PID:2436
- C:\Windows\System\ZjLPfXk.exe
  C:\Windows\System\ZjLPfXk.exe
  2⤵
  PID:4028
- C:\Windows\System\aNRPsxx.exe
  C:\Windows\System\aNRPsxx.exe
  2⤵
  PID:5600
- C:\Windows\System\WGsCKfh.exe
  C:\Windows\System\WGsCKfh.exe
  2⤵
  PID:5688
- C:\Windows\System\hdObjjK.exe
  C:\Windows\System\hdObjjK.exe
  2⤵
  PID:5680
- C:\Windows\System\wmBlgdq.exe
  C:\Windows\System\wmBlgdq.exe
  2⤵
  PID:5732
- C:\Windows\System\OUKcFzO.exe
  C:\Windows\System\OUKcFzO.exe
  2⤵
  PID:2400
- C:\Windows\System\TIdopwF.exe
  C:\Windows\System\TIdopwF.exe
  2⤵
  PID:5812
- C:\Windows\System\BVXiKIU.exe
  C:\Windows\System\BVXiKIU.exe
  2⤵
  PID:4532
- C:\Windows\System\SVKClcm.exe
  C:\Windows\System\SVKClcm.exe
  2⤵
  PID:5000
- C:\Windows\System\gyempPy.exe
  C:\Windows\System\gyempPy.exe
  2⤵
  PID:5948
- C:\Windows\System\cwRWKWe.exe
  C:\Windows\System\cwRWKWe.exe
  2⤵
  PID:6012
- C:\Windows\System\opQidZb.exe
  C:\Windows\System\opQidZb.exe
  2⤵
  PID:2288
- C:\Windows\System\uxTEmeo.exe
  C:\Windows\System\uxTEmeo.exe
  2⤵
  PID:1660
- C:\Windows\System\cTIhrmG.exe
  C:\Windows\System\cTIhrmG.exe
  2⤵
  PID:3212
- C:\Windows\System\JsYgfHc.exe
  C:\Windows\System\JsYgfHc.exe
  2⤵
  PID:6088
- C:\Windows\System\ejRbVOU.exe
  C:\Windows\System\ejRbVOU.exe
  2⤵
  PID:1844
- C:\Windows\System\StWeyzf.exe
  C:\Windows\System\StWeyzf.exe
  2⤵
  PID:4904
- C:\Windows\System\tTHHZAu.exe
  C:\Windows\System\tTHHZAu.exe
  2⤵
  PID:3136
- C:\Windows\System\sZFAbcg.exe
  C:\Windows\System\sZFAbcg.exe
  2⤵
  PID:5400
- C:\Windows\System\tQIpliz.exe
  C:\Windows\System\tQIpliz.exe
  2⤵
  PID:5608
- C:\Windows\System\mHiRbbi.exe
  C:\Windows\System\mHiRbbi.exe
  2⤵
  PID:5704
- C:\Windows\System\SNBcgtl.exe
  C:\Windows\System\SNBcgtl.exe
  2⤵
  PID:5644
- C:\Windows\System\gVWaSDO.exe
  C:\Windows\System\gVWaSDO.exe
  2⤵
  PID:2368
- C:\Windows\System\ooUPGpO.exe
  C:\Windows\System\ooUPGpO.exe
  2⤵
  PID:1680
- C:\Windows\System\EGhVWhi.exe
  C:\Windows\System\EGhVWhi.exe
  2⤵
  PID:516
- C:\Windows\System\clyrNhv.exe
  C:\Windows\System\clyrNhv.exe
  2⤵
  PID:6040
- C:\Windows\System\SGpWPAO.exe
  C:\Windows\System\SGpWPAO.exe
  2⤵
  PID:1800
- C:\Windows\System\rXGsNzj.exe
  C:\Windows\System\rXGsNzj.exe
  2⤵
  PID:5016
- C:\Windows\System\ejLhPmu.exe
  C:\Windows\System\ejLhPmu.exe
  2⤵
  PID:4352
- C:\Windows\System\uFvJkmI.exe
  C:\Windows\System\uFvJkmI.exe
  2⤵
  PID:2556
- C:\Windows\System\DvhbUVV.exe
  C:\Windows\System\DvhbUVV.exe
  2⤵
  PID:6108
- C:\Windows\System\BkVieBo.exe
  C:\Windows\System\BkVieBo.exe
  2⤵
  PID:1840
- C:\Windows\System\FnXkbqQ.exe
  C:\Windows\System\FnXkbqQ.exe
  2⤵
  PID:5280
- C:\Windows\System\heqVTFH.exe
  C:\Windows\System\heqVTFH.exe
  2⤵
  PID:5852
- C:\Windows\System\WutGjjI.exe
  C:\Windows\System\WutGjjI.exe
  2⤵
  PID:6156
- C:\Windows\System\ltEGadB.exe
  C:\Windows\System\ltEGadB.exe
  2⤵
  PID:6180
- C:\Windows\System\gGagoIG.exe
  C:\Windows\System\gGagoIG.exe
  2⤵
  PID:6196
- C:\Windows\System\TrrUcJM.exe
  C:\Windows\System\TrrUcJM.exe
  2⤵
  PID:6228
- C:\Windows\System\rmgJjuM.exe
  C:\Windows\System\rmgJjuM.exe
  2⤵
  PID:6252
- C:\Windows\System\WTwFHHe.exe
  C:\Windows\System\WTwFHHe.exe
  2⤵
  PID:6268
- C:\Windows\System\ZsnteqN.exe
  C:\Windows\System\ZsnteqN.exe
  2⤵
  PID:6328
- C:\Windows\System\kEoERZb.exe
  C:\Windows\System\kEoERZb.exe
  2⤵
  PID:6388
- C:\Windows\System\GHeGAHm.exe
  C:\Windows\System\GHeGAHm.exe
  2⤵
  PID:6432
- C:\Windows\System\tlzqzgJ.exe
  C:\Windows\System\tlzqzgJ.exe
  2⤵
  PID:6468
- C:\Windows\System\ItGaTXK.exe
  C:\Windows\System\ItGaTXK.exe
  2⤵
  PID:6488
- C:\Windows\System\CFHBcRG.exe
  C:\Windows\System\CFHBcRG.exe
  2⤵
  PID:6524
- C:\Windows\System\DgbZNYv.exe
  C:\Windows\System\DgbZNYv.exe
  2⤵
  PID:6548
- C:\Windows\System\vjfasnA.exe
  C:\Windows\System\vjfasnA.exe
  2⤵
  PID:6608
- C:\Windows\System\wNgkmbV.exe
  C:\Windows\System\wNgkmbV.exe
  2⤵
  PID:6628
- C:\Windows\System\qLvcZew.exe
  C:\Windows\System\qLvcZew.exe
  2⤵
  PID:6644
- C:\Windows\System\BMpQOMn.exe
  C:\Windows\System\BMpQOMn.exe
  2⤵
  PID:6672
- C:\Windows\System\EyhVZQC.exe
  C:\Windows\System\EyhVZQC.exe
  2⤵
  PID:6700
- C:\Windows\System\dFZCRBA.exe
  C:\Windows\System\dFZCRBA.exe
  2⤵
  PID:6740
- C:\Windows\System\YbLWfrs.exe
  C:\Windows\System\YbLWfrs.exe
  2⤵
  PID:6772
- C:\Windows\System\aNaAwuf.exe
  C:\Windows\System\aNaAwuf.exe
  2⤵
  PID:6788
- C:\Windows\System\aCSQFbb.exe
  C:\Windows\System\aCSQFbb.exe
  2⤵
  PID:6820
- C:\Windows\System\BupAXyX.exe
  C:\Windows\System\BupAXyX.exe
  2⤵
  PID:6848
- C:\Windows\System\qVSQymT.exe
  C:\Windows\System\qVSQymT.exe
  2⤵
  PID:6876
- C:\Windows\System\AqNzjLp.exe
  C:\Windows\System\AqNzjLp.exe
  2⤵
  PID:6892
- C:\Windows\System\OdXyiGX.exe
  C:\Windows\System\OdXyiGX.exe
  2⤵
  PID:6924
- C:\Windows\System\BRuiMDJ.exe
  C:\Windows\System\BRuiMDJ.exe
  2⤵
  PID:6940
- C:\Windows\System\wIEfWED.exe
  C:\Windows\System\wIEfWED.exe
  2⤵
  PID:6968
- C:\Windows\System\IFEhqWQ.exe
  C:\Windows\System\IFEhqWQ.exe
  2⤵
  PID:6984
- C:\Windows\System\euaXMlQ.exe
  C:\Windows\System\euaXMlQ.exe
  2⤵
  PID:7020
- C:\Windows\System\BbZowTV.exe
  C:\Windows\System\BbZowTV.exe
  2⤵
  PID:7044
- C:\Windows\System\LKRzqjQ.exe
  C:\Windows\System\LKRzqjQ.exe
  2⤵
  PID:7064
- C:\Windows\System\eAzQEeN.exe
  C:\Windows\System\eAzQEeN.exe
  2⤵
  PID:7108
- C:\Windows\System\TzOkwkW.exe
  C:\Windows\System\TzOkwkW.exe
  2⤵
  PID:7124
- C:\Windows\System\TPzpsyI.exe
  C:\Windows\System\TPzpsyI.exe
  2⤵
  PID:7148
- C:\Windows\System\tSsnXtn.exe
  C:\Windows\System\tSsnXtn.exe
  2⤵
  PID:7164
- C:\Windows\System\ZhlfkFz.exe
  C:\Windows\System\ZhlfkFz.exe
  2⤵
  PID:6220
- C:\Windows\System\pHGrdjD.exe
  C:\Windows\System\pHGrdjD.exe
  2⤵
  PID:6264
- C:\Windows\System\hLuVUTO.exe
  C:\Windows\System\hLuVUTO.exe
  2⤵
  PID:6380
- C:\Windows\System\roSYCkp.exe
  C:\Windows\System\roSYCkp.exe
  2⤵
  PID:6336
- C:\Windows\System\fSTeFSi.exe
  C:\Windows\System\fSTeFSi.exe
  2⤵
  PID:6456
- C:\Windows\System\awfHxEu.exe
  C:\Windows\System\awfHxEu.exe
  2⤵
  PID:6516
- C:\Windows\System\uWLqecn.exe
  C:\Windows\System\uWLqecn.exe
  2⤵
  PID:6544
- C:\Windows\System\WlJwTQK.exe
  C:\Windows\System\WlJwTQK.exe
  2⤵
  PID:6664
- C:\Windows\System\SQVzIZA.exe
  C:\Windows\System\SQVzIZA.exe
  2⤵
  PID:6696
- C:\Windows\System\JiQfZpk.exe
  C:\Windows\System\JiQfZpk.exe
  2⤵
  PID:6112
- C:\Windows\System\TRKEZCX.exe
  C:\Windows\System\TRKEZCX.exe
  2⤵
  PID:6816
- C:\Windows\System\tKDqfEm.exe
  C:\Windows\System\tKDqfEm.exe
  2⤵
  PID:6864
- C:\Windows\System\XjMyrml.exe
  C:\Windows\System\XjMyrml.exe
  2⤵
  PID:6960
- C:\Windows\System\AihxbpQ.exe
  C:\Windows\System\AihxbpQ.exe
  2⤵
  PID:7060
- C:\Windows\System\WOqXlRS.exe
  C:\Windows\System\WOqXlRS.exe
  2⤵
  PID:5820
- C:\Windows\System\vHWiwhB.exe
  C:\Windows\System\vHWiwhB.exe
  2⤵
  PID:7096
- C:\Windows\System\sCoaHjT.exe
  C:\Windows\System\sCoaHjT.exe
  2⤵
  PID:7116
- C:\Windows\System\ChxoAGd.exe
  C:\Windows\System\ChxoAGd.exe
  2⤵
  PID:5764
- C:\Windows\System\lRVaHZJ.exe
  C:\Windows\System\lRVaHZJ.exe
  2⤵
  PID:748
- C:\Windows\System\MNdWVXq.exe
  C:\Windows\System\MNdWVXq.exe
  2⤵
  PID:6600
- C:\Windows\System\OAjJfee.exe
  C:\Windows\System\OAjJfee.exe
  2⤵
  PID:6832
- C:\Windows\System\yajuGlk.exe
  C:\Windows\System\yajuGlk.exe
  2⤵
  PID:6868
- C:\Windows\System\jfljoSJ.exe
  C:\Windows\System\jfljoSJ.exe
  2⤵
  PID:7000
- C:\Windows\System\JMyjJVP.exe
  C:\Windows\System\JMyjJVP.exe
  2⤵
  PID:2808
- C:\Windows\System\JasGFVH.exe
  C:\Windows\System\JasGFVH.exe
  2⤵
  PID:6368
- C:\Windows\System\TOniuxo.exe
  C:\Windows\System\TOniuxo.exe
  2⤵
  PID:7132
- C:\Windows\System\BewhhSo.exe
  C:\Windows\System\BewhhSo.exe
  2⤵
  PID:6720
- C:\Windows\System\qGtteHe.exe
  C:\Windows\System\qGtteHe.exe
  2⤵
  PID:6760
- C:\Windows\System\KGOGxhE.exe
  C:\Windows\System\KGOGxhE.exe
  2⤵
  PID:7028
- C:\Windows\System\pswcqYH.exe
  C:\Windows\System\pswcqYH.exe
  2⤵
  PID:2144
- C:\Windows\System\KBaftEc.exe
  C:\Windows\System\KBaftEc.exe
  2⤵
  PID:7184
- C:\Windows\System\DKNjVUR.exe
  C:\Windows\System\DKNjVUR.exe
  2⤵
  PID:7228
- C:\Windows\System\VNiswcW.exe
  C:\Windows\System\VNiswcW.exe
  2⤵
  PID:7276
- C:\Windows\System\vBuzQQX.exe
  C:\Windows\System\vBuzQQX.exe
  2⤵
  PID:7312
- C:\Windows\System\TjgKMrl.exe
  C:\Windows\System\TjgKMrl.exe
  2⤵
  PID:7352
- C:\Windows\System\cTYHaYT.exe
  C:\Windows\System\cTYHaYT.exe
  2⤵
  PID:7380
- C:\Windows\System\rqEyIUK.exe
  C:\Windows\System\rqEyIUK.exe
  2⤵
  PID:7428
- C:\Windows\System\zGEXzCY.exe
  C:\Windows\System\zGEXzCY.exe
  2⤵
  PID:7452
- C:\Windows\System\RdhxZqD.exe
  C:\Windows\System\RdhxZqD.exe
  2⤵
  PID:7472
- C:\Windows\System\oEmrMGB.exe
  C:\Windows\System\oEmrMGB.exe
  2⤵
  PID:7512
- C:\Windows\System\rtJiNIl.exe
  C:\Windows\System\rtJiNIl.exe
  2⤵
  PID:7536
- C:\Windows\System\xondJAz.exe
  C:\Windows\System\xondJAz.exe
  2⤵
  PID:7552
- C:\Windows\System\tMgqSyh.exe
  C:\Windows\System\tMgqSyh.exe
  2⤵
  PID:7596
- C:\Windows\System\LaPagVA.exe
  C:\Windows\System\LaPagVA.exe
  2⤵
  PID:7616
- C:\Windows\System\fRigbFn.exe
  C:\Windows\System\fRigbFn.exe
  2⤵
  PID:7652
- C:\Windows\System\gxQbyFq.exe
  C:\Windows\System\gxQbyFq.exe
  2⤵
  PID:7676
- C:\Windows\System\JaLEESE.exe
  C:\Windows\System\JaLEESE.exe
  2⤵
  PID:7704
- C:\Windows\System\OxDoOzk.exe
  C:\Windows\System\OxDoOzk.exe
  2⤵
  PID:7736
- C:\Windows\System\aGwQLHo.exe
  C:\Windows\System\aGwQLHo.exe
  2⤵
  PID:7756
- C:\Windows\System\IPLhVhn.exe
  C:\Windows\System\IPLhVhn.exe
  2⤵
  PID:7784
- C:\Windows\System\hjdjDow.exe
  C:\Windows\System\hjdjDow.exe
  2⤵
  PID:7820
- C:\Windows\System\UmKpKiv.exe
  C:\Windows\System\UmKpKiv.exe
  2⤵
  PID:7844
- C:\Windows\System\OQOCpGt.exe
  C:\Windows\System\OQOCpGt.exe
  2⤵
  PID:7860
- C:\Windows\System\FgegFAJ.exe
  C:\Windows\System\FgegFAJ.exe
  2⤵
  PID:7884
- C:\Windows\System\UJIMsQp.exe
  C:\Windows\System\UJIMsQp.exe
  2⤵
  PID:7912
- C:\Windows\System\OSFEzBU.exe
  C:\Windows\System\OSFEzBU.exe
  2⤵
  PID:7932
- C:\Windows\System\oiIhHso.exe
  C:\Windows\System\oiIhHso.exe
  2⤵
  PID:7964
- C:\Windows\System\rDmvcRz.exe
  C:\Windows\System\rDmvcRz.exe
  2⤵
  PID:7984
- C:\Windows\System\VdshPzG.exe
  C:\Windows\System\VdshPzG.exe
  2⤵
  PID:8024
- C:\Windows\System\hFeSPqH.exe
  C:\Windows\System\hFeSPqH.exe
  2⤵
  PID:8052
- C:\Windows\System\ZGqmWLP.exe
  C:\Windows\System\ZGqmWLP.exe
  2⤵
  PID:8088
- C:\Windows\System\eHbPsBR.exe
  C:\Windows\System\eHbPsBR.exe
  2⤵
  PID:8108
- C:\Windows\System\lMqTehY.exe
  C:\Windows\System\lMqTehY.exe
  2⤵
  PID:8136
- C:\Windows\System\fxlXSVw.exe
  C:\Windows\System\fxlXSVw.exe
  2⤵
  PID:8152
- C:\Windows\System\gEDOaSp.exe
  C:\Windows\System\gEDOaSp.exe
  2⤵
  PID:8172
- C:\Windows\System\bYUFcdE.exe
  C:\Windows\System\bYUFcdE.exe
  2⤵
  PID:3560
- C:\Windows\System\xDAQlTU.exe
  C:\Windows\System\xDAQlTU.exe
  2⤵
  PID:7196
- C:\Windows\System\xhrFCSX.exe
  C:\Windows\System\xhrFCSX.exe
  2⤵
  PID:7144
- C:\Windows\System\hNNaklX.exe
  C:\Windows\System\hNNaklX.exe
  2⤵
  PID:6732
- C:\Windows\System\ZJDHvnQ.exe
  C:\Windows\System\ZJDHvnQ.exe
  2⤵
  PID:7252
- C:\Windows\System\gndixFc.exe
  C:\Windows\System\gndixFc.exe
  2⤵
  PID:7304
- C:\Windows\System\XzitLFn.exe
  C:\Windows\System\XzitLFn.exe
  2⤵
  PID:7344
- C:\Windows\System\QSEJDLA.exe
  C:\Windows\System\QSEJDLA.exe
  2⤵
  PID:7468
- C:\Windows\System\DVClTdC.exe
  C:\Windows\System\DVClTdC.exe
  2⤵
  PID:7588
- C:\Windows\System\tEACCmK.exe
  C:\Windows\System\tEACCmK.exe
  2⤵
  PID:7612
- C:\Windows\System\qHxojfV.exe
  C:\Windows\System\qHxojfV.exe
  2⤵
  PID:7668
- C:\Windows\System\BNXptRI.exe
  C:\Windows\System\BNXptRI.exe
  2⤵
  PID:7804
- C:\Windows\System\vBstzIy.exe
  C:\Windows\System\vBstzIy.exe
  2⤵
  PID:7836
- C:\Windows\System\BaunkIt.exe
  C:\Windows\System\BaunkIt.exe
  2⤵
  PID:7952
- C:\Windows\System\SJCNNKu.exe
  C:\Windows\System\SJCNNKu.exe
  2⤵
  PID:7976
- C:\Windows\System\EhwWngw.exe
  C:\Windows\System\EhwWngw.exe
  2⤵
  PID:8076
- C:\Windows\System\mFGaZip.exe
  C:\Windows\System\mFGaZip.exe
  2⤵
  PID:8160
- C:\Windows\System\PLOnvMo.exe
  C:\Windows\System\PLOnvMo.exe
  2⤵
  PID:6260
- C:\Windows\System\JTJxsQY.exe
  C:\Windows\System\JTJxsQY.exe
  2⤵
  PID:7076
- C:\Windows\System\yhcOxnn.exe
  C:\Windows\System\yhcOxnn.exe
  2⤵
  PID:7332
- C:\Windows\System\CXZXyKd.exe
  C:\Windows\System\CXZXyKd.exe
  2⤵
  PID:7420
- C:\Windows\System\XzypmYZ.exe
  C:\Windows\System\XzypmYZ.exe
  2⤵
  PID:7664
- C:\Windows\System\TgNGGln.exe
  C:\Windows\System\TgNGGln.exe
  2⤵
  PID:7748
- C:\Windows\System\bgVXthZ.exe
  C:\Windows\System\bgVXthZ.exe
  2⤵
  PID:8048
- C:\Windows\System\fBOwTwW.exe
  C:\Windows\System\fBOwTwW.exe
  2⤵
  PID:8148
- C:\Windows\System\yrahiad.exe
  C:\Windows\System\yrahiad.exe
  2⤵
  PID:7648
- C:\Windows\System\QklYQSF.exe
  C:\Windows\System\QklYQSF.exe
  2⤵
  PID:7768
- C:\Windows\System\kCnzTpR.exe
  C:\Windows\System\kCnzTpR.exe
  2⤵
  PID:7224
- C:\Windows\System\mlTtxnU.exe
  C:\Windows\System\mlTtxnU.exe
  2⤵
  PID:7388
- C:\Windows\System\gpCvPqa.exe
  C:\Windows\System\gpCvPqa.exe
  2⤵
  PID:7896
- C:\Windows\System\ChuTiBM.exe
  C:\Windows\System\ChuTiBM.exe
  2⤵
  PID:8232
- C:\Windows\System\xbzufNo.exe
  C:\Windows\System\xbzufNo.exe
  2⤵
  PID:8252
- C:\Windows\System\zuYyiPY.exe
  C:\Windows\System\zuYyiPY.exe
  2⤵
  PID:8268
- C:\Windows\System\lcifIpO.exe
  C:\Windows\System\lcifIpO.exe
  2⤵
  PID:8288
- C:\Windows\System\hBquVAQ.exe
  C:\Windows\System\hBquVAQ.exe
  2⤵
  PID:8328
- C:\Windows\System\qkibyIB.exe
  C:\Windows\System\qkibyIB.exe
  2⤵
  PID:8344
- C:\Windows\System\GGDnHpm.exe
  C:\Windows\System\GGDnHpm.exe
  2⤵
  PID:8368
- C:\Windows\System\AuQlLXc.exe
  C:\Windows\System\AuQlLXc.exe
  2⤵
  PID:8400
- C:\Windows\System\koxDsRF.exe
  C:\Windows\System\koxDsRF.exe
  2⤵
  PID:8444
- C:\Windows\System\rYplXcS.exe
  C:\Windows\System\rYplXcS.exe
  2⤵
  PID:8464
- C:\Windows\System\HVXdrjg.exe
  C:\Windows\System\HVXdrjg.exe
  2⤵
  PID:8500
- C:\Windows\System\DWwDVaQ.exe
  C:\Windows\System\DWwDVaQ.exe
  2⤵
  PID:8536
- C:\Windows\System\UWckmhL.exe
  C:\Windows\System\UWckmhL.exe
  2⤵
  PID:8552
- C:\Windows\System\cJjJEPM.exe
  C:\Windows\System\cJjJEPM.exe
  2⤵
  PID:8572
- C:\Windows\System\uyfUaap.exe
  C:\Windows\System\uyfUaap.exe
  2⤵
  PID:8592
- C:\Windows\System\PgZyvFF.exe
  C:\Windows\System\PgZyvFF.exe
  2⤵
  PID:8612
- C:\Windows\System\XjTgJOu.exe
  C:\Windows\System\XjTgJOu.exe
  2⤵
  PID:8640
- C:\Windows\System\qAqjMXp.exe
  C:\Windows\System\qAqjMXp.exe
  2⤵
  PID:8668
- C:\Windows\System\OfErpBI.exe
  C:\Windows\System\OfErpBI.exe
  2⤵
  PID:8728
- C:\Windows\System\dZjVTSZ.exe
  C:\Windows\System\dZjVTSZ.exe
  2⤵
  PID:8784
- C:\Windows\System\nBXqTtA.exe
  C:\Windows\System\nBXqTtA.exe
  2⤵
  PID:8804
- C:\Windows\System\yBTPpQH.exe
  C:\Windows\System\yBTPpQH.exe
  2⤵
  PID:8824
- C:\Windows\System\tQQEpFy.exe
  C:\Windows\System\tQQEpFy.exe
  2⤵
  PID:8840
- C:\Windows\System\JxdLoGi.exe
  C:\Windows\System\JxdLoGi.exe
  2⤵
  PID:8860
- C:\Windows\System\XQWxxtH.exe
  C:\Windows\System\XQWxxtH.exe
  2⤵
  PID:8880
- C:\Windows\System\oBeRWyv.exe
  C:\Windows\System\oBeRWyv.exe
  2⤵
  PID:8932
- C:\Windows\System\voGbZrH.exe
  C:\Windows\System\voGbZrH.exe
  2⤵
  PID:8952
- C:\Windows\System\aNuBqka.exe
  C:\Windows\System\aNuBqka.exe
  2⤵
  PID:8972
- C:\Windows\System\sOmxqct.exe
  C:\Windows\System\sOmxqct.exe
  2⤵
  PID:9004
- C:\Windows\System\DUxepHr.exe
  C:\Windows\System\DUxepHr.exe
  2⤵
  PID:9024
- C:\Windows\System\pOnmOGY.exe
  C:\Windows\System\pOnmOGY.exe
  2⤵
  PID:9060
- C:\Windows\System\GurxIeS.exe
  C:\Windows\System\GurxIeS.exe
  2⤵
  PID:9080
- C:\Windows\System\QlCQtfw.exe
  C:\Windows\System\QlCQtfw.exe
  2⤵
  PID:9096
- C:\Windows\System\MUWTvfD.exe
  C:\Windows\System\MUWTvfD.exe
  2⤵
  PID:9120
- C:\Windows\System\oCuBpxf.exe
  C:\Windows\System\oCuBpxf.exe
  2⤵
  PID:9140
- C:\Windows\System\StvCxCf.exe
  C:\Windows\System\StvCxCf.exe
  2⤵
  PID:9160
- C:\Windows\System\BbqZATl.exe
  C:\Windows\System\BbqZATl.exe
  2⤵
  PID:7548
- C:\Windows\System\JfPkzZP.exe
  C:\Windows\System\JfPkzZP.exe
  2⤵
  PID:8212
- C:\Windows\System\UfcqPyi.exe
  C:\Windows\System\UfcqPyi.exe
  2⤵
  PID:8284
- C:\Windows\System\NIsiazz.exe
  C:\Windows\System\NIsiazz.exe
  2⤵
  PID:7296
- C:\Windows\System\PJzTLbT.exe
  C:\Windows\System\PJzTLbT.exe
  2⤵
  PID:8392
- C:\Windows\System\jTFShJr.exe
  C:\Windows\System\jTFShJr.exe
  2⤵
  PID:8488
- C:\Windows\System\gUMoJTJ.exe
  C:\Windows\System\gUMoJTJ.exe
  2⤵
  PID:8548
- C:\Windows\System\fdciCVF.exe
  C:\Windows\System\fdciCVF.exe
  2⤵
  PID:8584
- C:\Windows\System\gLFCSDt.exe
  C:\Windows\System\gLFCSDt.exe
  2⤵
  PID:8624
- C:\Windows\System\tLiRurE.exe
  C:\Windows\System\tLiRurE.exe
  2⤵
  PID:8704
- C:\Windows\System\yXpLjLf.exe
  C:\Windows\System\yXpLjLf.exe
  2⤵
  PID:8696
- C:\Windows\System\ORCUHqN.exe
  C:\Windows\System\ORCUHqN.exe
  2⤵
  PID:8792
- C:\Windows\System\MLaxCWB.exe
  C:\Windows\System\MLaxCWB.exe
  2⤵
  PID:8908
- C:\Windows\System\QyekFsA.exe
  C:\Windows\System\QyekFsA.exe
  2⤵
  PID:9048
- C:\Windows\System\wCaQQzj.exe
  C:\Windows\System\wCaQQzj.exe
  2⤵
  PID:9136
- C:\Windows\System\yuEWmUu.exe
  C:\Windows\System\yuEWmUu.exe
  2⤵
  PID:9156
- C:\Windows\System\frwjFBO.exe
  C:\Windows\System\frwjFBO.exe
  2⤵
  PID:8184
- C:\Windows\System\grQDSxe.exe
  C:\Windows\System\grQDSxe.exe
  2⤵
  PID:8480
- C:\Windows\System\qTljcIy.exe
  C:\Windows\System\qTljcIy.exe
  2⤵
  PID:8456
- C:\Windows\System\NrIRVkr.exe
  C:\Windows\System\NrIRVkr.exe
  2⤵
  PID:8568
- C:\Windows\System\fUYeUEw.exe
  C:\Windows\System\fUYeUEw.exe
  2⤵
  PID:8820
- C:\Windows\System\lgLIDpm.exe
  C:\Windows\System\lgLIDpm.exe
  2⤵
  PID:9040
- C:\Windows\System\TIPzwRS.exe
  C:\Windows\System\TIPzwRS.exe
  2⤵
  PID:9188
- C:\Windows\System\XiqUuvh.exe
  C:\Windows\System\XiqUuvh.exe
  2⤵
  PID:8768
- C:\Windows\System\LwUyQRf.exe
  C:\Windows\System\LwUyQRf.exe
  2⤵
  PID:9224
- C:\Windows\System\VvQxHsz.exe
  C:\Windows\System\VvQxHsz.exe
  2⤵
  PID:9276
- C:\Windows\System\AtDePKl.exe
  C:\Windows\System\AtDePKl.exe
  2⤵
  PID:9344
- C:\Windows\System\QQhwpmv.exe
  C:\Windows\System\QQhwpmv.exe
  2⤵
  PID:9368
- C:\Windows\System\kULVQkk.exe
  C:\Windows\System\kULVQkk.exe
  2⤵
  PID:9416
- C:\Windows\System\VLhrJyh.exe
  C:\Windows\System\VLhrJyh.exe
  2⤵
  PID:9432
- C:\Windows\System\hsZCAcQ.exe
  C:\Windows\System\hsZCAcQ.exe
  2⤵
  PID:9448
- C:\Windows\System\UvGqojm.exe
  C:\Windows\System\UvGqojm.exe
  2⤵
  PID:9464
- C:\Windows\System\DoeLXzQ.exe
  C:\Windows\System\DoeLXzQ.exe
  2⤵
  PID:9480
- C:\Windows\System\XvYuYWN.exe
  C:\Windows\System\XvYuYWN.exe
  2⤵
  PID:9504
- C:\Windows\System\acHBcQI.exe
  C:\Windows\System\acHBcQI.exe
  2⤵
  PID:9520
- C:\Windows\System\mDeyavU.exe
  C:\Windows\System\mDeyavU.exe
  2⤵
  PID:9540
- C:\Windows\System\XEkfhzT.exe
  C:\Windows\System\XEkfhzT.exe
  2⤵
  PID:9556
- C:\Windows\System\vSHcUUv.exe
  C:\Windows\System\vSHcUUv.exe
  2⤵
  PID:9600
- C:\Windows\System\bijmFFJ.exe
  C:\Windows\System\bijmFFJ.exe
  2⤵
  PID:9644
- C:\Windows\System\xdrjadX.exe
  C:\Windows\System\xdrjadX.exe
  2⤵
  PID:9664
- C:\Windows\System\yBupSpO.exe
  C:\Windows\System\yBupSpO.exe
  2⤵
  PID:9684
- C:\Windows\System\EFcrfsT.exe
  C:\Windows\System\EFcrfsT.exe
  2⤵
  PID:9764
- C:\Windows\System\ItBEJnM.exe
  C:\Windows\System\ItBEJnM.exe
  2⤵
  PID:9804
- C:\Windows\System\PBOlKBw.exe
  C:\Windows\System\PBOlKBw.exe
  2⤵
  PID:9832
- C:\Windows\System\mFThpry.exe
  C:\Windows\System\mFThpry.exe
  2⤵
  PID:9848
- C:\Windows\System\boHBvXt.exe
  C:\Windows\System\boHBvXt.exe
  2⤵
  PID:9924
- C:\Windows\System\aUNGRwD.exe
  C:\Windows\System\aUNGRwD.exe
  2⤵
  PID:9948
- C:\Windows\System\uOmGtPx.exe
  C:\Windows\System\uOmGtPx.exe
  2⤵
  PID:9972
- C:\Windows\System\XyGxcZM.exe
  C:\Windows\System\XyGxcZM.exe
  2⤵
  PID:9996
- C:\Windows\System\CPQlpjb.exe
  C:\Windows\System\CPQlpjb.exe
  2⤵
  PID:10016
- C:\Windows\System\CrrsBPa.exe
  C:\Windows\System\CrrsBPa.exe
  2⤵
  PID:10036
- C:\Windows\System\RRiPtvF.exe
  C:\Windows\System\RRiPtvF.exe
  2⤵
  PID:10064
- C:\Windows\System\biPoHrX.exe
  C:\Windows\System\biPoHrX.exe
  2⤵
  PID:10092
- C:\Windows\System\dVdbYta.exe
  C:\Windows\System\dVdbYta.exe
  2⤵
  PID:10120
- C:\Windows\System\yJqlPjq.exe
  C:\Windows\System\yJqlPjq.exe
  2⤵
  PID:10136
- C:\Windows\System\IvcHHIK.exe
  C:\Windows\System\IvcHHIK.exe
  2⤵
  PID:10164
- C:\Windows\System\vZfawXv.exe
  C:\Windows\System\vZfawXv.exe
  2⤵
  PID:10184
- C:\Windows\System\jqjSgMJ.exe
  C:\Windows\System\jqjSgMJ.exe
  2⤵
  PID:10212
- C:\Windows\System\huoAfbH.exe
  C:\Windows\System\huoAfbH.exe
  2⤵
  PID:10228
- C:\Windows\System\JfZVved.exe
  C:\Windows\System\JfZVved.exe
  2⤵
  PID:9284
- C:\Windows\System\LkbCZMR.exe
  C:\Windows\System\LkbCZMR.exe
  2⤵
  PID:9148
- C:\Windows\System\ADrorhQ.exe
  C:\Windows\System\ADrorhQ.exe
  2⤵
  PID:9308
- C:\Windows\System\jUzJZnb.exe
  C:\Windows\System\jUzJZnb.exe
  2⤵
  PID:8564
- C:\Windows\System\vBgHQuF.exe
  C:\Windows\System\vBgHQuF.exe
  2⤵
  PID:9336
- C:\Windows\System\IQigBdn.exe
  C:\Windows\System\IQigBdn.exe
  2⤵
  PID:9376
- C:\Windows\System\ompjnQI.exe
  C:\Windows\System\ompjnQI.exe
  2⤵
  PID:9404
- C:\Windows\System\sYkNaRb.exe
  C:\Windows\System\sYkNaRb.exe
  2⤵
  PID:9652
- C:\Windows\System\AtuMHbH.exe
  C:\Windows\System\AtuMHbH.exe
  2⤵
  PID:9660
- C:\Windows\System\tzoCRsM.exe
  C:\Windows\System\tzoCRsM.exe
  2⤵
  PID:9720
- C:\Windows\System\CFTXxLa.exe
  C:\Windows\System\CFTXxLa.exe
  2⤵
  PID:9844
- C:\Windows\System\HfpAbUe.exe
  C:\Windows\System\HfpAbUe.exe
  2⤵
  PID:9872
- C:\Windows\System\mPxKBFg.exe
  C:\Windows\System\mPxKBFg.exe
  2⤵
  PID:9944
- C:\Windows\System\WtPaEDU.exe
  C:\Windows\System\WtPaEDU.exe
  2⤵
  PID:9988
- C:\Windows\System\QCkOlnS.exe
  C:\Windows\System\QCkOlnS.exe
  2⤵
  PID:10052
- C:\Windows\System\qfDZAiU.exe
  C:\Windows\System\qfDZAiU.exe
  2⤵
  PID:10080
- C:\Windows\System\mgxiTCj.exe
  C:\Windows\System\mgxiTCj.exe
  2⤵
  PID:10176
- C:\Windows\System\lZGjEEh.exe
  C:\Windows\System\lZGjEEh.exe
  2⤵
  PID:9092
- C:\Windows\System\iqBlmss.exe
  C:\Windows\System\iqBlmss.exe
  2⤵
  PID:9012
- C:\Windows\System\pvHUfrP.exe
  C:\Windows\System\pvHUfrP.exe
  2⤵
  PID:8756
- C:\Windows\System\lkxpHAE.exe
  C:\Windows\System\lkxpHAE.exe
  2⤵
  PID:9260
- C:\Windows\System\FKEAIrM.exe
  C:\Windows\System\FKEAIrM.exe
  2⤵
  PID:9380
- C:\Windows\System\QVhtVde.exe
  C:\Windows\System\QVhtVde.exe
  2⤵
  PID:9656
- C:\Windows\System\fQjClmf.exe
  C:\Windows\System\fQjClmf.exe
  2⤵
  PID:9624
- C:\Windows\System\WLJCotD.exe
  C:\Windows\System\WLJCotD.exe
  2⤵
  PID:10128
- C:\Windows\System\uEynSdE.exe
  C:\Windows\System\uEynSdE.exe
  2⤵
  PID:8472
- C:\Windows\System\MCHBQtD.exe
  C:\Windows\System\MCHBQtD.exe
  2⤵
  PID:9240
- C:\Windows\System\BHpcysv.exe
  C:\Windows\System\BHpcysv.exe
  2⤵
  PID:9912
- C:\Windows\System\RHUHwYw.exe
  C:\Windows\System\RHUHwYw.exe
  2⤵
  PID:10012
- C:\Windows\System\WuTPobx.exe
  C:\Windows\System\WuTPobx.exe
  2⤵
  PID:9300
- C:\Windows\System\hPcVacw.exe
  C:\Windows\System\hPcVacw.exe
  2⤵
  PID:3120
- C:\Windows\System\yaBhDCa.exe
  C:\Windows\System\yaBhDCa.exe
  2⤵
  PID:10256
- C:\Windows\System\bvVyMpx.exe
  C:\Windows\System\bvVyMpx.exe
  2⤵
  PID:10288
- C:\Windows\System\YvTsGqi.exe
  C:\Windows\System\YvTsGqi.exe
  2⤵
  PID:10308
- C:\Windows\System\JttbSQu.exe
  C:\Windows\System\JttbSQu.exe
  2⤵
  PID:10324
- C:\Windows\System\SqKLcXp.exe
  C:\Windows\System\SqKLcXp.exe
  2⤵
  PID:10344
- C:\Windows\System\LEwRFpm.exe
  C:\Windows\System\LEwRFpm.exe
  2⤵
  PID:10364
- C:\Windows\System\VKvYbDD.exe
  C:\Windows\System\VKvYbDD.exe
  2⤵
  PID:10392
- C:\Windows\System\wVhpSVb.exe
  C:\Windows\System\wVhpSVb.exe
  2⤵
  PID:10408
- C:\Windows\System\CAerNTJ.exe
  C:\Windows\System\CAerNTJ.exe
  2⤵
  PID:10456
- C:\Windows\System\HVwoBEp.exe
  C:\Windows\System\HVwoBEp.exe
  2⤵
  PID:10472
- C:\Windows\System\EYClDGH.exe
  C:\Windows\System\EYClDGH.exe
  2⤵
  PID:10508
- C:\Windows\System\BVeGIZM.exe
  C:\Windows\System\BVeGIZM.exe
  2⤵
  PID:10552
- C:\Windows\System\BjOJMht.exe
  C:\Windows\System\BjOJMht.exe
  2⤵
  PID:10584
- C:\Windows\System\tDrWqdR.exe
  C:\Windows\System\tDrWqdR.exe
  2⤵
  PID:10612
- C:\Windows\System\duGlBVp.exe
  C:\Windows\System\duGlBVp.exe
  2⤵
  PID:10628
- C:\Windows\System\uusPxbc.exe
  C:\Windows\System\uusPxbc.exe
  2⤵
  PID:10648
- C:\Windows\System\iaIXGga.exe
  C:\Windows\System\iaIXGga.exe
  2⤵
  PID:10696
- C:\Windows\System\LDHFiYx.exe
  C:\Windows\System\LDHFiYx.exe
  2⤵
  PID:10720
- C:\Windows\System\sIXHhSP.exe
  C:\Windows\System\sIXHhSP.exe
  2⤵
  PID:10760
- C:\Windows\System\tzFCKQd.exe
  C:\Windows\System\tzFCKQd.exe
  2⤵
  PID:10784
- C:\Windows\System\kZVOPgQ.exe
  C:\Windows\System\kZVOPgQ.exe
  2⤵
  PID:10800
- C:\Windows\System\DtrjNdN.exe
  C:\Windows\System\DtrjNdN.exe
  2⤵
  PID:10832
- C:\Windows\System\nRTUuIX.exe
  C:\Windows\System\nRTUuIX.exe
  2⤵
  PID:10852
- C:\Windows\System\IgMIewo.exe
  C:\Windows\System\IgMIewo.exe
  2⤵
  PID:10872
- C:\Windows\System\fXrzLdz.exe
  C:\Windows\System\fXrzLdz.exe
  2⤵
  PID:10892
- C:\Windows\System\bNrIOOh.exe
  C:\Windows\System\bNrIOOh.exe
  2⤵
  PID:10912
- C:\Windows\System\hkDECbS.exe
  C:\Windows\System\hkDECbS.exe
  2⤵
  PID:10940
- C:\Windows\System\TUFVkXd.exe
  C:\Windows\System\TUFVkXd.exe
  2⤵
  PID:10988
- C:\Windows\System\PuZIJdS.exe
  C:\Windows\System\PuZIJdS.exe
  2⤵
  PID:11020
- C:\Windows\System\vfFNald.exe
  C:\Windows\System\vfFNald.exe
  2⤵
  PID:11044
- C:\Windows\System\mzpTIaV.exe
  C:\Windows\System\mzpTIaV.exe
  2⤵
  PID:11064
- C:\Windows\System\CJlsczQ.exe
  C:\Windows\System\CJlsczQ.exe
  2⤵
  PID:11124
- C:\Windows\System\mNuZfVq.exe
  C:\Windows\System\mNuZfVq.exe
  2⤵
  PID:11140
- C:\Windows\System\fZxtuTW.exe
  C:\Windows\System\fZxtuTW.exe
  2⤵
  PID:11168
- C:\Windows\System\JDMyevL.exe
  C:\Windows\System\JDMyevL.exe
  2⤵
  PID:11184
- C:\Windows\System\RkCwsKd.exe
  C:\Windows\System\RkCwsKd.exe
  2⤵
  PID:11216
- C:\Windows\System\Chwjvjh.exe
  C:\Windows\System\Chwjvjh.exe
  2⤵
  PID:11252
- C:\Windows\System\MDKjJSC.exe
  C:\Windows\System\MDKjJSC.exe
  2⤵
  PID:10280
- C:\Windows\System\xvsOAyB.exe
  C:\Windows\System\xvsOAyB.exe
  2⤵
  PID:10320
- C:\Windows\System\mhGYgle.exe
  C:\Windows\System\mhGYgle.exe
  2⤵
  PID:10352
- C:\Windows\System\YAxOkYM.exe
  C:\Windows\System\YAxOkYM.exe
  2⤵
  PID:10404
- C:\Windows\System\emniQGl.exe
  C:\Windows\System\emniQGl.exe
  2⤵
  PID:10504
- C:\Windows\System\uZEmDWO.exe
  C:\Windows\System\uZEmDWO.exe
  2⤵
  PID:10536
- C:\Windows\System\pZXGwRx.exe
  C:\Windows\System\pZXGwRx.exe
  2⤵
  PID:10604
- C:\Windows\System\FSvZrLg.exe
  C:\Windows\System\FSvZrLg.exe
  2⤵
  PID:10736
- C:\Windows\System\GsYpCxi.exe
  C:\Windows\System\GsYpCxi.exe
  2⤵
  PID:10692
- C:\Windows\System\BcSxITu.exe
  C:\Windows\System\BcSxITu.exe
  2⤵
  PID:10796
- C:\Windows\System\OMGQsVR.exe
  C:\Windows\System\OMGQsVR.exe
  2⤵
  PID:10820
- C:\Windows\System\nKXuRSM.exe
  C:\Windows\System\nKXuRSM.exe
  2⤵
  PID:10868
- C:\Windows\System\tsYhEUm.exe
  C:\Windows\System\tsYhEUm.exe
  2⤵
  PID:10984
- C:\Windows\System\sgJxTRH.exe
  C:\Windows\System\sgJxTRH.exe
  2⤵
  PID:11036
- C:\Windows\System\kXmiKhA.exe
  C:\Windows\System\kXmiKhA.exe
  2⤵
  PID:11108
- C:\Windows\System\RLbdypN.exe
  C:\Windows\System\RLbdypN.exe
  2⤵
  PID:11012
- C:\Windows\System\FMLnrQq.exe
  C:\Windows\System\FMLnrQq.exe
  2⤵
  PID:11156
- C:\Windows\System\fytkGVV.exe
  C:\Windows\System\fytkGVV.exe
  2⤵
  PID:10252
- C:\Windows\System\EOBxEwA.exe
  C:\Windows\System\EOBxEwA.exe
  2⤵
  PID:10316
- C:\Windows\System\FkPFswv.exe
  C:\Windows\System\FkPFswv.exe
  2⤵
  PID:10300
- C:\Windows\System\CnBzYms.exe
  C:\Windows\System\CnBzYms.exe
  2⤵
  PID:10580
- C:\Windows\System\LgIqlJN.exe
  C:\Windows\System\LgIqlJN.exe
  2⤵
  PID:10644
- C:\Windows\System\QGAIotT.exe
  C:\Windows\System\QGAIotT.exe
  2⤵
  PID:10780
- C:\Windows\System\xKuxABS.exe
  C:\Windows\System\xKuxABS.exe
  2⤵
  PID:11060
- C:\Windows\System\ILzYhUY.exe
  C:\Windows\System\ILzYhUY.exe
  2⤵
  PID:11164
- C:\Windows\System\vjVPGKn.exe
  C:\Windows\System\vjVPGKn.exe
  2⤵
  PID:10500
- C:\Windows\System\XQvFXOi.exe
  C:\Windows\System\XQvFXOi.exe
  2⤵
  PID:10384
- C:\Windows\System\lCALfle.exe
  C:\Windows\System\lCALfle.exe
  2⤵
  PID:10716
- C:\Windows\System\ErjaMFB.exe
  C:\Windows\System\ErjaMFB.exe
  2⤵
  PID:11268
- C:\Windows\System\DLcwhet.exe
  C:\Windows\System\DLcwhet.exe
  2⤵
  PID:11316
- C:\Windows\System\StSCRtz.exe
  C:\Windows\System\StSCRtz.exe
  2⤵
  PID:11364
- C:\Windows\System\ufbRzQQ.exe
  C:\Windows\System\ufbRzQQ.exe
  2⤵
  PID:11384
- C:\Windows\System\vrXiWLh.exe
  C:\Windows\System\vrXiWLh.exe
  2⤵
  PID:11408
- C:\Windows\System\oyWYWXn.exe
  C:\Windows\System\oyWYWXn.exe
  2⤵
  PID:11444
- C:\Windows\System\TQyuhIq.exe
  C:\Windows\System\TQyuhIq.exe
  2⤵
  PID:11472
- C:\Windows\System\XLhRQOm.exe
  C:\Windows\System\XLhRQOm.exe
  2⤵
  PID:11500
- C:\Windows\System\WCZLNQA.exe
  C:\Windows\System\WCZLNQA.exe
  2⤵
  PID:11524
- C:\Windows\System\pYgDJkd.exe
  C:\Windows\System\pYgDJkd.exe
  2⤵
  PID:11548
- C:\Windows\System\nfbrCls.exe
  C:\Windows\System\nfbrCls.exe
  2⤵
  PID:11572
- C:\Windows\System\iMJgPWu.exe
  C:\Windows\System\iMJgPWu.exe
  2⤵
  PID:11588
- C:\Windows\System\pnlthlj.exe
  C:\Windows\System\pnlthlj.exe
  2⤵
  PID:11604
- C:\Windows\System\YxAgqxA.exe
  C:\Windows\System\YxAgqxA.exe
  2⤵
  PID:11624
- C:\Windows\System\zqvEtAa.exe
  C:\Windows\System\zqvEtAa.exe
  2⤵
  PID:11664
- C:\Windows\System\BNFNRmR.exe
  C:\Windows\System\BNFNRmR.exe
  2⤵
  PID:11700
- C:\Windows\System\hwoLLxT.exe
  C:\Windows\System\hwoLLxT.exe
  2⤵
  PID:11720
- C:\Windows\System\VGaeuXy.exe
  C:\Windows\System\VGaeuXy.exe
  2⤵
  PID:11768
- C:\Windows\System\jrlSnsV.exe
  C:\Windows\System\jrlSnsV.exe
  2⤵
  PID:11804
- C:\Windows\System\RyowRny.exe
  C:\Windows\System\RyowRny.exe
  2⤵
  PID:11828
- C:\Windows\System\KGOmMjM.exe
  C:\Windows\System\KGOmMjM.exe
  2⤵
  PID:11884
- C:\Windows\System\xnJpAYi.exe
  C:\Windows\System\xnJpAYi.exe
  2⤵
  PID:11908
- C:\Windows\System\QKMATAX.exe
  C:\Windows\System\QKMATAX.exe
  2⤵
  PID:11924
- C:\Windows\System\pCJYkwz.exe
  C:\Windows\System\pCJYkwz.exe
  2⤵
  PID:11944
- C:\Windows\System\MlHHcTY.exe
  C:\Windows\System\MlHHcTY.exe
  2⤵
  PID:11960
- C:\Windows\System\NyHZtpF.exe
  C:\Windows\System\NyHZtpF.exe
  2⤵
  PID:11996
- C:\Windows\System\BJLizRn.exe
  C:\Windows\System\BJLizRn.exe
  2⤵
  PID:12024
- C:\Windows\System\jnoMHFU.exe
  C:\Windows\System\jnoMHFU.exe
  2⤵
  PID:12048
- C:\Windows\System\WmLiByg.exe
  C:\Windows\System\WmLiByg.exe
  2⤵
  PID:12072
- C:\Windows\System\HOmvXBe.exe
  C:\Windows\System\HOmvXBe.exe
  2⤵
  PID:12096
- C:\Windows\System\QIHPhBJ.exe
  C:\Windows\System\QIHPhBJ.exe
  2⤵
  PID:12112
- C:\Windows\System\XWmBWWU.exe
  C:\Windows\System\XWmBWWU.exe
  2⤵
  PID:12128
- C:\Windows\System\AiSPOrd.exe
  C:\Windows\System\AiSPOrd.exe
  2⤵
  PID:12172
- C:\Windows\System\FTMqzPM.exe
  C:\Windows\System\FTMqzPM.exe
  2⤵
  PID:12192
- C:\Windows\System\aniDlgN.exe
  C:\Windows\System\aniDlgN.exe
  2⤵
  PID:12212
- C:\Windows\System\mLsGtax.exe
  C:\Windows\System\mLsGtax.exe
  2⤵
  PID:12280
- C:\Windows\System\HISqRiT.exe
  C:\Windows\System\HISqRiT.exe
  2⤵
  PID:10088
- C:\Windows\System\KEQEvIS.exe
  C:\Windows\System\KEQEvIS.exe
  2⤵
  PID:11292
- C:\Windows\System\iQvNqIu.exe
  C:\Windows\System\iQvNqIu.exe
  2⤵
  PID:11008
- C:\Windows\System\pFbTATB.exe
  C:\Windows\System\pFbTATB.exe
  2⤵
  PID:11392
- C:\Windows\System\vYtGzyh.exe
  C:\Windows\System\vYtGzyh.exe
  2⤵
  PID:11400
- C:\Windows\System\pHcABPm.exe
  C:\Windows\System\pHcABPm.exe
  2⤵
  PID:11616
- C:\Windows\System\SQBBeED.exe
  C:\Windows\System\SQBBeED.exe
  2⤵
  PID:11748
- C:\Windows\System\NJbzPjk.exe
  C:\Windows\System\NJbzPjk.exe
  2⤵
  PID:11708
- C:\Windows\System\KDVySlM.exe
  C:\Windows\System\KDVySlM.exe
  2⤵
  PID:11816
- C:\Windows\System\lauUvbN.exe
  C:\Windows\System\lauUvbN.exe
  2⤵
  PID:11860
- C:\Windows\System\qHjrslC.exe
  C:\Windows\System\qHjrslC.exe
  2⤵
  PID:11916
- C:\Windows\System\IuZdspo.exe
  C:\Windows\System\IuZdspo.exe
  2⤵
  PID:11956
- C:\Windows\System\uQydNMn.exe
  C:\Windows\System\uQydNMn.exe
  2⤵
  PID:12032
- C:\Windows\System\qecJrrf.exe
  C:\Windows\System\qecJrrf.exe
  2⤵
  PID:12044
- C:\Windows\System\GTxmwSY.exe
  C:\Windows\System\GTxmwSY.exe
  2⤵
  PID:12120
- C:\Windows\System\AgOTCwE.exe
  C:\Windows\System\AgOTCwE.exe
  2⤵
  PID:12124
- C:\Windows\System\huqYJcz.exe
  C:\Windows\System\huqYJcz.exe
  2⤵
  PID:12264
- C:\Windows\System\nIsLTva.exe
  C:\Windows\System\nIsLTva.exe
  2⤵
  PID:11436
- C:\Windows\System\lAkVbMY.exe
  C:\Windows\System\lAkVbMY.exe
  2⤵
  PID:3508
- C:\Windows\System\LOoWmfS.exe
  C:\Windows\System\LOoWmfS.exe
  2⤵
  PID:11440
- C:\Windows\System\EYBWYsD.exe
  C:\Windows\System\EYBWYsD.exe
  2⤵
  PID:11600
- C:\Windows\System\rROtVuT.exe
  C:\Windows\System\rROtVuT.exe
  2⤵
  PID:11800
- C:\Windows\System\JMPayCw.exe
  C:\Windows\System\JMPayCw.exe
  2⤵
  PID:11856
- C:\Windows\System\QpPgLNq.exe
  C:\Windows\System\QpPgLNq.exe
  2⤵
  PID:11344
- C:\Windows\System\fccVRti.exe
  C:\Windows\System\fccVRti.exe
  2⤵
  PID:11952
- C:\Windows\System\TFcCauc.exe
  C:\Windows\System\TFcCauc.exe
  2⤵
  PID:12140
- C:\Windows\System\EEHPHTx.exe
  C:\Windows\System\EEHPHTx.exe
  2⤵
  PID:11300
- C:\Windows\System\VUpBkBq.exe
  C:\Windows\System\VUpBkBq.exe
  2⤵
  PID:11796
- C:\Windows\System\UXWOAMi.exe
  C:\Windows\System\UXWOAMi.exe
  2⤵
  PID:11840
- C:\Windows\System\RazZYfq.exe
  C:\Windows\System\RazZYfq.exe
  2⤵
  PID:12300
- C:\Windows\System\wfFNXHL.exe
  C:\Windows\System\wfFNXHL.exe
  2⤵
  PID:12328
- C:\Windows\System\IlYFIMg.exe
  C:\Windows\System\IlYFIMg.exe
  2⤵
  PID:12348
- C:\Windows\System\IdAnZBE.exe
  C:\Windows\System\IdAnZBE.exe
  2⤵
  PID:12416
- C:\Windows\System\gErHLzG.exe
  C:\Windows\System\gErHLzG.exe
  2⤵
  PID:12432
- C:\Windows\System\cPDopUj.exe
  C:\Windows\System\cPDopUj.exe
  2⤵
  PID:12488
- C:\Windows\System\EzTlSCu.exe
  C:\Windows\System\EzTlSCu.exe
  2⤵
  PID:12504
- C:\Windows\System\wEebuyE.exe
  C:\Windows\System\wEebuyE.exe
  2⤵
  PID:12524
- C:\Windows\System\fRSbkcg.exe
  C:\Windows\System\fRSbkcg.exe
  2⤵
  PID:12560
- C:\Windows\System\ZSFbLdM.exe
  C:\Windows\System\ZSFbLdM.exe
  2⤵
  PID:12600
- C:\Windows\System\WhABsmR.exe
  C:\Windows\System\WhABsmR.exe
  2⤵
  PID:12620
- C:\Windows\System\dpIiqIx.exe
  C:\Windows\System\dpIiqIx.exe
  2⤵
  PID:12644
- C:\Windows\System\AeAuGBS.exe
  C:\Windows\System\AeAuGBS.exe
  2⤵
  PID:12672
- C:\Windows\System\jTGWBDW.exe
  C:\Windows\System\jTGWBDW.exe
  2⤵
  PID:12688
- C:\Windows\System\tzTCorq.exe
  C:\Windows\System\tzTCorq.exe
  2⤵
  PID:12708
- C:\Windows\System\VWsecNn.exe
  C:\Windows\System\VWsecNn.exe
  2⤵
  PID:12748
- C:\Windows\System\odxCEnK.exe
  C:\Windows\System\odxCEnK.exe
  2⤵
  PID:12772
- C:\Windows\System\quGpyNk.exe
  C:\Windows\System\quGpyNk.exe
  2⤵
  PID:12800
- C:\Windows\System\BrszfQi.exe
  C:\Windows\System\BrszfQi.exe
  2⤵
  PID:12836
- C:\Windows\System\cRGNKab.exe
  C:\Windows\System\cRGNKab.exe
  2⤵
  PID:12856
- C:\Windows\System\yWdywAV.exe
  C:\Windows\System\yWdywAV.exe
  2⤵
  PID:12892
- C:\Windows\System\bwbxVOv.exe
  C:\Windows\System\bwbxVOv.exe
  2⤵
  PID:12924
- C:\Windows\System\cfRyruG.exe
  C:\Windows\System\cfRyruG.exe
  2⤵
  PID:12952
- C:\Windows\System\IWzqjnn.exe
  C:\Windows\System\IWzqjnn.exe
  2⤵
  PID:12984
- C:\Windows\System\VcmXxSf.exe
  C:\Windows\System\VcmXxSf.exe
  2⤵
  PID:13008
- C:\Windows\System\UBjeVAl.exe
  C:\Windows\System\UBjeVAl.exe
  2⤵
  PID:13028
- C:\Windows\System\RNyBbML.exe
  C:\Windows\System\RNyBbML.exe
  2⤵
  PID:13048
- C:\Windows\System\NGjndrn.exe
  C:\Windows\System\NGjndrn.exe
  2⤵
  PID:13108
- C:\Windows\System\AErSJYX.exe
  C:\Windows\System\AErSJYX.exe
  2⤵
  PID:13124
- C:\Windows\System\EKMfGJT.exe
  C:\Windows\System\EKMfGJT.exe
  2⤵
  PID:13148
- C:\Windows\System\tZUUWAF.exe
  C:\Windows\System\tZUUWAF.exe
  2⤵
  PID:13164
- C:\Windows\System\vsmeyJp.exe
  C:\Windows\System\vsmeyJp.exe
  2⤵
  PID:13208
- C:\Windows\System\Uifjpah.exe
  C:\Windows\System\Uifjpah.exe
  2⤵
  PID:13228
- C:\Windows\System\cMEhYaJ.exe
  C:\Windows\System\cMEhYaJ.exe
  2⤵
  PID:13248
- C:\Windows\System\uGxGcmy.exe
  C:\Windows\System\uGxGcmy.exe
  2⤵
  PID:13268
- C:\Windows\System\unINrDw.exe
  C:\Windows\System\unINrDw.exe
  2⤵
  PID:13288
- C:\Windows\System\YDZcYqC.exe
  C:\Windows\System\YDZcYqC.exe
  2⤵
  PID:13304
- C:\Windows\System\RHXvkCc.exe
  C:\Windows\System\RHXvkCc.exe
  2⤵
  PID:12184
- C:\Windows\System\ncsTcSW.exe
  C:\Windows\System\ncsTcSW.exe
  2⤵
  PID:12292
- C:\Windows\System\iFNLyFG.exe
  C:\Windows\System\iFNLyFG.exe
  2⤵
  PID:12324
- C:\Windows\System\zhnGoGc.exe
  C:\Windows\System\zhnGoGc.exe
  2⤵
  PID:12452
- C:\Windows\System\GJUjeyd.exe
  C:\Windows\System\GJUjeyd.exe
  2⤵
  PID:12516
- C:\Windows\System\sUgHnGG.exe
  C:\Windows\System\sUgHnGG.exe
  2⤵
  PID:12544
- C:\Windows\System\bUjjlYO.exe
  C:\Windows\System\bUjjlYO.exe
  2⤵
  PID:12656
- C:\Windows\System\ROpuILC.exe
  C:\Windows\System\ROpuILC.exe
  2⤵
  PID:12700
- C:\Windows\System\pGsLczp.exe
  C:\Windows\System\pGsLczp.exe
  2⤵
  PID:12756
- C:\Windows\System\qEkoZtk.exe
  C:\Windows\System\qEkoZtk.exe
  2⤵
  PID:12828
- C:\Windows\System\qTJGGTu.exe
  C:\Windows\System\qTJGGTu.exe
  2⤵
  PID:12868
- C:\Windows\System\ThTqzbw.exe
  C:\Windows\System\ThTqzbw.exe
  2⤵
  PID:12912
- C:\Windows\System\SctpNrb.exe
  C:\Windows\System\SctpNrb.exe
  2⤵
  PID:13020
- C:\Windows\System\lKdaTuQ.exe
  C:\Windows\System\lKdaTuQ.exe
  2⤵
  PID:1712
- C:\Windows\System\LCzYeAw.exe
  C:\Windows\System\LCzYeAw.exe
  2⤵
  PID:13224
- C:\Windows\System\HFFyzpH.exe
  C:\Windows\System\HFFyzpH.exe
  2⤵
  PID:11652
- C:\Windows\System\KCQvTbx.exe
  C:\Windows\System\KCQvTbx.exe
  2⤵
  PID:11696
- C:\Windows\System\OyizbFK.exe
  C:\Windows\System\OyizbFK.exe
  2⤵
  PID:12296
- C:\Windows\System\hUJTFME.exe
  C:\Windows\System\hUJTFME.exe
  2⤵
  PID:12548
- C:\Windows\System\KdLCxhU.exe
  C:\Windows\System\KdLCxhU.exe
  2⤵
  PID:12724
- C:\Windows\System\GQwYbDD.exe
  C:\Windows\System\GQwYbDD.exe
  2⤵
  PID:12680
- C:\Windows\System\OdffDeZ.exe
  C:\Windows\System\OdffDeZ.exe
  2⤵
  PID:13036
- C:\Windows\System\nIjQrmV.exe
  C:\Windows\System\nIjQrmV.exe
  2⤵
  PID:12964
- C:\Windows\System\ZKhRFNx.exe
  C:\Windows\System\ZKhRFNx.exe
  2⤵
  PID:13200
- C:\Windows\System\MdOdJKO.exe
  C:\Windows\System\MdOdJKO.exe
  2⤵
  PID:12444
- C:\Windows\System\tYYKgUq.exe
  C:\Windows\System\tYYKgUq.exe
  2⤵
  PID:220
- C:\Windows\System\GuccJNp.exe
  C:\Windows\System\GuccJNp.exe
  2⤵
  PID:12936
- C:\Windows\System\hmXztXN.exe
  C:\Windows\System\hmXztXN.exe
  2⤵
  PID:12992
- C:\Windows\System\ePmnAVj.exe
  C:\Windows\System\ePmnAVj.exe
  2⤵
  PID:11656
- C:\Windows\System\BsctdBm.exe
  C:\Windows\System\BsctdBm.exe
  2⤵
  PID:2636
- C:\Windows\System\ZpiLLfH.exe
  C:\Windows\System\ZpiLLfH.exe
  2⤵
  PID:13220
- C:\Windows\System\cIdFTjQ.exe
  C:\Windows\System\cIdFTjQ.exe
  2⤵
  PID:13336
- C:\Windows\System\kOnnWym.exe
  C:\Windows\System\kOnnWym.exe
  2⤵
  PID:13356
- C:\Windows\System\uZaASFj.exe
  C:\Windows\System\uZaASFj.exe
  2⤵
  PID:13372
- C:\Windows\System\lFLBLNO.exe
  C:\Windows\System\lFLBLNO.exe
  2⤵
  PID:13400
- C:\Windows\System\FhbkrCs.exe
  C:\Windows\System\FhbkrCs.exe
  2⤵
  PID:13420
- C:\Windows\System\pYZXXas.exe
  C:\Windows\System\pYZXXas.exe
  2⤵
  PID:13448
- C:\Windows\System\gLOzBUu.exe
  C:\Windows\System\gLOzBUu.exe
  2⤵
  PID:13468
- C:\Windows\System\KhRXaxS.exe
  C:\Windows\System\KhRXaxS.exe
  2⤵
  PID:13488
- C:\Windows\System\IRBvlNv.exe
  C:\Windows\System\IRBvlNv.exe
  2⤵
  PID:13556
- C:\Windows\System\tcNseFA.exe
  C:\Windows\System\tcNseFA.exe
  2⤵
  PID:13628
- C:\Windows\System\NujXtVo.exe
  C:\Windows\System\NujXtVo.exe
  2⤵
  PID:13644
- C:\Windows\System\JAguPqs.exe
  C:\Windows\System\JAguPqs.exe
  2⤵
  PID:13660
- C:\Windows\System\OjToCog.exe
  C:\Windows\System\OjToCog.exe
  2⤵
  PID:13676
- C:\Windows\System\CLhcwSD.exe
  C:\Windows\System\CLhcwSD.exe
  2⤵
  PID:13696
- C:\Windows\System\rcGueDL.exe
  C:\Windows\System\rcGueDL.exe
  2⤵
  PID:13740
- C:\Windows\System\oGEKKAZ.exe
  C:\Windows\System\oGEKKAZ.exe
  2⤵
  PID:13780
- C:\Windows\System\EMnKDEj.exe
  C:\Windows\System\EMnKDEj.exe
  2⤵
  PID:13800
- C:\Windows\System\trGTjZp.exe
  C:\Windows\System\trGTjZp.exe
  2⤵
  PID:13820
- C:\Windows\System\rqDeVIp.exe
  C:\Windows\System\rqDeVIp.exe
  2⤵
  PID:13836
- C:\Windows\System\WfPPnIF.exe
  C:\Windows\System\WfPPnIF.exe
  2⤵
  PID:13852
- C:\Windows\System\TfhmSgi.exe
  C:\Windows\System\TfhmSgi.exe
  2⤵
  PID:13872
- C:\Windows\System\TqVFduv.exe
  C:\Windows\System\TqVFduv.exe
  2⤵
  PID:13900
- C:\Windows\System\aCwnnUE.exe
  C:\Windows\System\aCwnnUE.exe
  2⤵
  PID:13940
- C:\Windows\System\SpQuNkp.exe
  C:\Windows\System\SpQuNkp.exe
  2⤵
  PID:13972
- C:\Windows\System\prLsODw.exe
  C:\Windows\System\prLsODw.exe
  2⤵
  PID:13996
- C:\Windows\System\ztcUsTn.exe
  C:\Windows\System\ztcUsTn.exe
  2⤵
  PID:14016
- C:\Windows\System\YCLOWij.exe
  C:\Windows\System\YCLOWij.exe
  2⤵
  PID:14032
- C:\Windows\System\ZOCykBP.exe
  C:\Windows\System\ZOCykBP.exe
  2⤵
  PID:14052
- C:\Windows\System\pOPijHF.exe
  C:\Windows\System\pOPijHF.exe
  2⤵
  PID:14116
- C:\Windows\System\rYreCAV.exe
  C:\Windows\System\rYreCAV.exe
  2⤵
  PID:14140
- C:\Windows\System\YMwPTdR.exe
  C:\Windows\System\YMwPTdR.exe
  2⤵
  PID:14176
- C:\Windows\System\FXzSILZ.exe
  C:\Windows\System\FXzSILZ.exe
  2⤵
  PID:14196
- C:\Windows\System\OkIwHUj.exe
  C:\Windows\System\OkIwHUj.exe
  2⤵
  PID:14244
- C:\Windows\System\yWXjeRw.exe
  C:\Windows\System\yWXjeRw.exe
  2⤵
  PID:14260
- C:\Windows\System\FGtWJeG.exe
  C:\Windows\System\FGtWJeG.exe
  2⤵
  PID:14324
- C:\Windows\System\QzuJBSx.exe
  C:\Windows\System\QzuJBSx.exe
  2⤵
  PID:12792
- C:\Windows\System\oUSmYPI.exe
  C:\Windows\System\oUSmYPI.exe
  2⤵
  PID:13332
- C:\Windows\System\sUBTdNy.exe
  C:\Windows\System\sUBTdNy.exe
  2⤵
  PID:13368
- C:\Windows\System\eEojcvd.exe
  C:\Windows\System\eEojcvd.exe
  2⤵
  PID:13364
- C:\Windows\System\EQzcKhP.exe
  C:\Windows\System\EQzcKhP.exe
  2⤵
  PID:13544
- C:\Windows\System\KlIKEnI.exe
  C:\Windows\System\KlIKEnI.exe
  2⤵
  PID:13608
- C:\Windows\System\nRJdNAq.exe
  C:\Windows\System\nRJdNAq.exe
  2⤵
  PID:13640
- C:\Windows\System\BJxSWoj.exe
  C:\Windows\System\BJxSWoj.exe
  2⤵
  PID:13672
- C:\Windows\System\tzOAlXG.exe
  C:\Windows\System\tzOAlXG.exe
  2⤵
  PID:13792
- C:\Windows\System\ScZIPuD.exe
  C:\Windows\System\ScZIPuD.exe
  2⤵
  PID:13832
- C:\Windows\System\yYDvVfF.exe
  C:\Windows\System\yYDvVfF.exe
  2⤵
  PID:13848

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AaCzJQr.exe

Filesize
1.1MB

MD5
4cd2de37bb6f6aaac788dbdc5cdc8669

SHA1
5a34e4e072d0a8f6665c47765a6c86c79f005164

SHA256
98ba9cb06f2979480207627fccfe36e7b4f8cdc74e9b0e0cc57b831763022fe5

SHA512
c05df6ff2bd3888eee9ce9d859d8c5c2d269158992b02e9385e01f88cd43a3be268dae55b5c47824432193b3bb03f6b204bdf46f70615e156d1f715c03651a98

Download Submit
C:\Windows\System\BbbrEqI.exe

Filesize
1.1MB

MD5
5a4dc6daf3d3397c17ffb77b9b4dac40

SHA1
b70967f760e3d32b00ec161a466bddc692d67e7d

SHA256
0530c8a16daee3fa9c983e6346b1fa6d755ecae01f4a7791414627efe7e5ab6f

SHA512
32ebae7c89d0a53201c681624b88f33dc6cf96fb52cefab65513cea3ee03c054ca79c7bdfcbc1d649685c4880daab8fe7ff859397d97230f327ca198b300073b

Download Submit
C:\Windows\System\ByEzJeB.exe

Filesize
1.1MB

MD5
ab1d461c5d59a589d09b03ed8c12d768

SHA1
14d15bff640f811becca3c1a75d539a17c887656

SHA256
03f9935bbaed5c5ba38411243db62a4ed10a10a8d3af615e171e0470fe0d6f06

SHA512
5e3b529976c65437bc4550e28f46cffa7a3e20c1a7b189f58b52a1f7802756672f634c92fef79031fa269f87639ea166e5fe97cf034cbb60243b4db1a1f53a5c

Download Submit
C:\Windows\System\EyqIlbw.exe

Filesize
1.1MB

MD5
ea4f3490b3b38d2e10359ee5af5883da

SHA1
3cacf80bd9c5815db254ebb406db1d39c5159e5f

SHA256
6e036f38de8a80cf3a3022e2b322dd80f5e8549ebf344f77c5fc7357c941c248

SHA512
f8f6df098be0530e2c3cc284fc55f7d158ed351259f4903ab83871a41ece313765b1871d0b1c7640254c237f7ab75b465c32d49c9c8ff72c57eba9926e83f269

Download Submit
C:\Windows\System\GaMnpKE.exe

Filesize
1.1MB

MD5
efd29abd150f24d7862d497145f6405c

SHA1
de13804a3500a2eee776388ace64370ca13bb1ad

SHA256
362dae2d9ca16eb731158a86270757e2cdd5feff478fd563af8c76a3962332dc

SHA512
9f6ace123e00b5c354f77ad8ae217b90a4844437d25c6d33a8b201ce52eab5bbd0c875d3a428d4b6df4482c661904db759c7dc52b4d557e3c1e5dd8c9c503b1e

Download Submit
C:\Windows\System\IKUDVgU.exe

Filesize
1.1MB

MD5
c3a82fca5afaa4647401cb833561e1b9

SHA1
5c2468e9c57abfbc505876b931d1ef06742b6221

SHA256
9114ec628e36266eaa759264c7a2b95d30c2b51c8d3de48c867d33dfef5b590f

SHA512
3c12e3f0e7848c1e81d87d96773d8763a45dfcd47b8fe5d1b7a8a7a593eea013d008820f428aeb7dcf5f5410f5e2919a5ad5bcb979f547db54b3fc0b7fd5f456

Download Submit
C:\Windows\System\JedIkQd.exe

Filesize
1.1MB

MD5
d872ecb3d04b4ad16bfdf0b2bc1f496f

SHA1
d53ead7ae6b02b569f3bbf2f8a0fe55c4bc141d7

SHA256
cff03a19b3d3c6674a710329c376e5fd8b49f42ec08451c9dcba0e3b4c5349f1

SHA512
b158002fd07cf1f6d3f006a7b5a5295b13744f54a5e943584d218846d280bf2a4eec072fad3c2e27fb99bce183b1ea64948635d892ea228dbd219a3f1fbedc54

Download Submit
C:\Windows\System\LaHNlER.exe

Filesize
1.1MB

MD5
57aceeaa9b722e7da65139128d37f444

SHA1
5383d7b5dfc96b2c1191cbdb828815f827d3983a

SHA256
6f4abd6a7cdd08a4210bdd6f14099d7a17bd05192355a666ff9296761e4a8f36

SHA512
1a77c4beccd32965aeef6274021b585d8f0ad6bdeb565c829f0cedaeafa9f60997c623dcc18c73c9d5775c2daedf6dbc1cefdbaacafdef17a7a6427c49ff87e9

Download Submit
C:\Windows\System\LzvYweN.exe

Filesize
1.1MB

MD5
8101ee458be8e835ede73723f2050849

SHA1
67b8a9bfd20961359d9a5d1fecedb7700e474426

SHA256
85b04cba848ea63d224c811347d145e7083f46c92ecacc1b5a92531dadd2008b

SHA512
17aaf4157d70042fb13d8514e86ff6f684cfdf17dc6baf2d0a867b619c5c1cd0e9692e520b6583026d55db92fe3bbb4983d59edb14c56fc0bf1119c6c961a220

Download Submit
C:\Windows\System\NXFPunm.exe

Filesize
1.1MB

MD5
b165fc9ed7fd7996a4baee6480c91680

SHA1
19eea7af409116ce564bfaff8e66fe9a3b83536d

SHA256
58ea3e6b4c33e60d5af6b9b08c6cc92d081ab60689a6a5f599ced8c4013f2fc5

SHA512
0e8c733b02b37bd9284956bb3cb8cae77b43be7752d2da12db3f8e2dcf6f314d08c18b8a08ea8fc1cda6da641cafca03f8c0d62aa23ac8b505da4e0305a3b1f6

Download Submit
C:\Windows\System\OUIMqBH.exe

Filesize
1.1MB

MD5
1d1d0234a93130bf259079baeee4fb99

SHA1
ab17c4c1905b460060998d0de5880bcd3b3b3779

SHA256
cbe450bb7975319a7bdbd8af4f0512e96ca407dd2b8206a26ceaebe92a760d8c

SHA512
64e2c896d8434593ba1025b0fb2972d5cc46d77ec14b181872d8f875f450ffc358b72e426ea063cfdf4b7930eb585717cb3c117953e3f8e2958b735202a030cc

Download Submit
C:\Windows\System\OspVebU.exe

Filesize
1.1MB

MD5
130b4790b678397f78522092762766a6

SHA1
232cacb7aed900e1d4f63979b94a67da8dc37a93

SHA256
8b8a7eb1fc8a829b1dba41db8afad0352066be714db7c5dfa496079a718c617f

SHA512
f51f464f43bdd0391522e58229c3f05137e82fbb58d576ab57a5aa8f3f2a7b556a2f5f3a8156edbd01c2e653e3ba9589bb2a7e0155a8c02bf433ad4eaecd847f

Download Submit
C:\Windows\System\PMGGeCB.exe

Filesize
1.1MB

MD5
aeb4d9778635ad24d977747b2cbc4349

SHA1
169497b109ddd509f1fdf8b0b70dab2467668fb7

SHA256
314e08504be5c504e77c9357ca3597cf7968f188638c4739bf3cda693ecc52fd

SHA512
1f79edebccc2e4067718d262df3f03236f1bda7e7b32de3d25f5ae146031a2a3aee0155b54dd5c3ffd17c73f68b8491defb8e75108b2fb78bfdea6620cba5587

Download Submit
C:\Windows\System\RFrcIde.exe

Filesize
1.1MB

MD5
e1d703e109ba7e157c6848b0bf4035ed

SHA1
ceb6d56ae5e03a7eb54f0679d421d2c737065eb3

SHA256
92de3a217895d9ecffa46c181ed55ac45f4d3ee628f3d47155709641a8ce8ae7

SHA512
be13f0b36e1391e34a03fc219cbce91135e7d9cdcb6ea6f56de7b0e77235284b311160252c5de658b75f0056dc2500b4a9d7323075beb9b75325c0145aa9dc6e

Download Submit
C:\Windows\System\RvZQycH.exe

Filesize
1.1MB

MD5
52520f9cf3ca8936d47367cc8e793d77

SHA1
67c88a60dc68afb4a4beb7cf499833c61d019e17

SHA256
2662a4d20de6411a5c9c37ba9735c323c2a90d384d21651e72920378afe8b9f6

SHA512
cdb9e1609300081c61a046ae50e773c0934b89e76cde6a0d14561ba43f1d876c153648ffb7bc41fae42f65441ededabbe1a1da6cf1c983bb3dd396cd613b856d

Download Submit
C:\Windows\System\SvejRhu.exe

Filesize
1.1MB

MD5
9c380e1fc95b322fc9518355d64dc796

SHA1
b81a18d8f2a1b559f40234b55d11f345cab4ac34

SHA256
222988ff068b4b2cad9d3daa66b6c4edf3e4a98991ef0f567e5a854ef5baf220

SHA512
19a223e6f51972d5abd7010be84dd1cb6b12ad2de7f67665b8b8390ec83bfde76ffe70e2bf5b448c9192ecf8e1f0514245c5b061ced62b982ea6a9dc098a56f4

Download Submit
C:\Windows\System\UCSbSiP.exe

Filesize
1.1MB

MD5
508537e3a458b14b5212758e8afe3763

SHA1
89f95d8766d341b16f193877d9b6bf3dbec0c1e4

SHA256
e8a3c2d5bd95d1dce4a2251df2ab30f4cb14d590d146e2973c7260ef92c6c6af

SHA512
9cf51bac418a3bb1b753eb7df994f804d97f29063fff3684eb3c143c890e8e604360865b2e8f94c9ba2c0bf81de98f29d998a490a1ed0d01e5cdf62a294cf37b

Download Submit
C:\Windows\System\UipeDNX.exe

Filesize
1.1MB

MD5
cdafebfa407dab0dce25648b717b8748

SHA1
7c987310c6a4983c3634e775b88d27f66fa9b2cf

SHA256
a46a0ef9dd42c8f05a8fdbc36e6931e0573bbfa001326db732e3e1af8bc276ca

SHA512
24e4393e8cf512b18e4b9c4a536f4cd5b8e0b7b2bfb96fab149c1dae67491697493ef4e8f49db04dcd3120218891834c363586ca19e62c97f84deaa0c370ae88

Download Submit
C:\Windows\System\XEbBSgO.exe

Filesize
1.1MB

MD5
9abb7ad8d843de7cd75f399c34dfa48d

SHA1
789dfa4dc2e46e9407026b53d7ceeeefa7357f23

SHA256
36513ae81da12f4b3bc836edabab99b427ddf33714b6c640fdd5e18768809691

SHA512
49e5f7ba7df9c80d1afa00b7388a76bc1b8f2b924ceb1ef498e06508e30913925bb3753580f08413ce1f363fee08f205828f8ca8c98cd1056578263a9101334c

Download Submit
C:\Windows\System\XqgjHLj.exe

Filesize
1.1MB

MD5
3ebb16c2fd696ac3d4d4b9c325e660e6

SHA1
39a28ea24bfb2d047e3382725050a625b6278692

SHA256
6ef3ebeb9b0e07fcec8f070dfa5d24be4565de98cc855b55cf2d141f35d28405

SHA512
9e20d84b5bea9eff97cc3b865dc7466ab0887f2a8c219442e1d7ccf45281fc2d1e0c3716666835c59368c81e22b15833a33986a2ed6dd024fa35de3868c864dc

Download Submit
C:\Windows\System\acPIMtD.exe

Filesize
1.1MB

MD5
356f5d0171445e1d233a78fe1c8fed29

SHA1
e6fce1e8be72397a0dbb78fe18bc31e556978bd5

SHA256
0984991390d0ad77ed20d0b824dfe4188eda7845f23a8051f89b778cd515f1cc

SHA512
c44aa700ab09411de1a322b0681fc670933b0433f41c21112646066423ad855c76209069f246833ffe16fc65cafe064685a48edc9d85f363fb08148089b5c018

Download Submit
C:\Windows\System\bHeaNMK.exe

Filesize
1.1MB

MD5
9c88e86138186d0727e19b29be5864dd

SHA1
231f80bf67b61bc17166e75bb4d06f59df1135df

SHA256
6af1bf0cdb1bcacc56de9a98a296ffb37c75360838df975148b28a889efa47f0

SHA512
53a14e71037d0eb36c9ede50f0d346c4f678e1cc05e6d11811553a8240a37d51216c1b7e3737ce5d15717d6a4e29f5a801cbf5a6c10a8932aaf5192f01490873

Download Submit
C:\Windows\System\dAceCpF.exe

Filesize
1.1MB

MD5
80592719f8c94d2f2737dbb1de76376e

SHA1
416881a349987842870dec75ad86f845c4514ad5

SHA256
ec42a359f536c3da70cd811259dbdedfd77c27442847698faee88043bec8d73f

SHA512
af018711b376a06e50e3175f57d78206b9c852bbcb68a38689a798aa4cc7178e9df44fdf5e9ca741c9a203bc890a139350277cd85f00f9dcda44750670ad510d

Download Submit
C:\Windows\System\eCnrOSg.exe

Filesize
1.1MB

MD5
ea05b33912c99af4926af7675284d480

SHA1
8ede1bd1bb8a3d7b14afd3f233a5412f9596f3f3

SHA256
94ddef3be4b58bc7896c5f88c91f7b0310be4bdf76f80004867e50eb2e1c0449

SHA512
ca68b03e2efca0833e5e8194592c885be4dc04a9b5edeff2325c4e6f76fabfe85368e9d9547d4a14e2c5a7d27ef6a2dc6e494430f45e9a820d5c4ed501071c0a

Download Submit
C:\Windows\System\iGItvUB.exe

Filesize
1.1MB

MD5
e56e1b7b002ab21b0155e9e330eea028

SHA1
1bedb84a68ce7e2e6505552e89a521abf0499552

SHA256
12c6f254c6afd7f69dc9b99dc85a072c2cb4889e95d5c22b46de94996d492aba

SHA512
c28002ae1e7332c47eaa7f84cb42c36874d3d12391e191c9d72071263f594f69fc2ab1ee88d89c236e8bfad5fceab89c1d8db873fbff61a2e41c8cf1c8a781ee

Download Submit
C:\Windows\System\iIGOjbX.exe

Filesize
1.1MB

MD5
850321cecf24a888a7e6118a3aa3e6d6

SHA1
9ac0879e674f50e429cd2335a98acdf4f95836f9

SHA256
c719d95d78c05fec40c799ed6aadc900b0f7dbf3be153c1882e5880633854474

SHA512
b5a018c08dd14e62ee203defb66c524387a6f41c6930a0c5eef32768d90c1520e6fdd1ac807c94a7f3ce7d873cb66b59f83e57699604933c98bc82393782448b

Download Submit
C:\Windows\System\jZzFcDl.exe

Filesize
1.1MB

MD5
c036754152041af421a9beb73991e300

SHA1
0ab5e45e57a86edbb6d65176cc9cf6829dd12922

SHA256
a31fa6986f656b39ba9d00d420785da416b36a37c2316b8936ed6d9a4b5f1501

SHA512
68c0b5e31a48bde0b087f6e89ced6ec86b9f91a9713b9b6d916e883be56b9f641b0b2f4830016a49e25899049a3dd81984519f084d4214237d54931f468b3f11

Download Submit
C:\Windows\System\kcpMwnQ.exe

Filesize
1.1MB

MD5
39de4192622cb552540c1816955e379b

SHA1
9828581962afde90688945229424da79611ae566

SHA256
c20bd4ea681c002ce77f39ab4e522b5cca1177762a4dafdf2a62246af8bd2d20

SHA512
1350bc5b8bf7384caee0456cc8835476973537968dd9bb3f860fdac8e65c50aef35e9485cb127dc5522e87262291c2461e623b31ccc615784fb2d6b07c555b03

Download Submit
C:\Windows\System\mhqwTLg.exe

Filesize
1.1MB

MD5
7c30e3c1016dc90622f51a326666a8ab

SHA1
bf2818731b809b6608794491c179c43e557e9eb8

SHA256
ada9b5b268c949ae3058792da06f229e7eb188381afd9a96fecb4f96cbd36155

SHA512
9883c296270b9000caa5b4d4b2e171118878828fc9543daa35a753abb53561140e3227b5b6e4fb3ff6c5c456c0f23f959c7111dd819c803ff7aa4d20fbf52095

Download Submit
C:\Windows\System\mxJtbXb.exe

Filesize
1.1MB

MD5
1e4813898d930387a155595438714845

SHA1
42c861bfe4ff64a3ff14cc32a5eff292162c4017

SHA256
b71ec8efede27e2a10cdb259f7dc478f4cb7e60621a5d8af55f5ecac25038e61

SHA512
b2133e615445a33abd57f8a4a936236e788d0e1273aa4d2e8f19b523f6bc1db42bc96920b37535426b60f9b8cb0b1421b5dfd55dea6b05344ce3aefe8bf14aa1

Download Submit
C:\Windows\System\rQMTiNe.exe

Filesize
1.1MB

MD5
784e463e70efcb142858ddab46dde02c

SHA1
00d1a7ffe315803212347d7dd50350b80f3d0c77

SHA256
107a638c4bd1cfc97d0d0e951c05a6c383d112978abd34c678922ad212d0b94a

SHA512
979d5e3801d2b73c2779f408ef027de5b78f998bf674400e1c5612d34a253f8a30f2d89bf0e938caf35cb03dd53f19df6202d03bc273bac2d559973a95349efc

Download Submit
C:\Windows\System\zFejgca.exe

Filesize
1.1MB

MD5
0c146f387f3037ab5ca3a6381fd527f9

SHA1
68dfc9d546993a9ed5a380efca525d42c4ee502b

SHA256
9abbd3eba35fdb01c53b621c6b69d2a4d46d640fdb531bfc2d353098414fbaf7

SHA512
1d23cf2218268e85e6cc06313310c47222875a10f3fdcf50a5df3a74ab7c9fc0eed7476d562e1baa973b74c3ccc5de8a1540268e20bc506e919ac0517a04517e

Download Submit
C:\Windows\System\zbhKvUG.exe

Filesize
1.1MB

MD5
e23bf1fba7405b8fd18ce527f454555f

SHA1
f0c75ef3621f8708c6397f16cd3c6e1ab9cb42e6

SHA256
268313c47956169deef44930fef8b95aaddb9bbaa2c6e0738c84b97c8baac30c

SHA512
6b6ced4c0d7dfeb0105ec6cbeb7cb5660accbd10e992a3b8d300eec6d3236188651cad4f74299a5a56a1d618ebe05ccab38d81cfa9caca498624fb2091a818fb

Download Submit
memory/536-2292-0x00007FF64C820000-0x00007FF64CB71000-memory.dmp

Filesize
3.3MB

Download
memory/536-448-0x00007FF64C820000-0x00007FF64CB71000-memory.dmp

Filesize
3.3MB

Download
memory/544-383-0x00007FF7D1C60000-0x00007FF7D1FB1000-memory.dmp

Filesize
3.3MB

Download
memory/544-2254-0x00007FF7D1C60000-0x00007FF7D1FB1000-memory.dmp

Filesize
3.3MB

Download
memory/816-2242-0x00007FF6AF890000-0x00007FF6AFBE1000-memory.dmp

Filesize
3.3MB

Download
memory/816-11-0x00007FF6AF890000-0x00007FF6AFBE1000-memory.dmp

Filesize
3.3MB

Download
memory/1116-2297-0x00007FF754970000-0x00007FF754CC1000-memory.dmp

Filesize
3.3MB

Download
memory/1116-449-0x00007FF754970000-0x00007FF754CC1000-memory.dmp

Filesize
3.3MB

Download
memory/1180-420-0x00007FF6F0A70000-0x00007FF6F0DC1000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2272-0x00007FF6F0A70000-0x00007FF6F0DC1000-memory.dmp

Filesize
3.3MB

Download
memory/1560-2288-0x00007FF6384B0000-0x00007FF638801000-memory.dmp

Filesize
3.3MB

Download
memory/1560-445-0x00007FF6384B0000-0x00007FF638801000-memory.dmp

Filesize
3.3MB

Download
memory/1672-412-0x00007FF659530000-0x00007FF659881000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2268-0x00007FF659530000-0x00007FF659881000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2248-0x00007FF7464D0000-0x00007FF746821000-memory.dmp

Filesize
3.3MB

Download
memory/1980-373-0x00007FF7464D0000-0x00007FF746821000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2282-0x00007FF6F7C10000-0x00007FF6F7F61000-memory.dmp

Filesize
3.3MB

Download
memory/2036-441-0x00007FF6F7C10000-0x00007FF6F7F61000-memory.dmp

Filesize
3.3MB

Download
memory/2432-398-0x00007FF6E2CC0000-0x00007FF6E3011000-memory.dmp

Filesize
3.3MB

Download
memory/2432-2260-0x00007FF6E2CC0000-0x00007FF6E3011000-memory.dmp

Filesize
3.3MB

Download
memory/2868-369-0x00007FF748A90000-0x00007FF748DE1000-memory.dmp

Filesize
3.3MB

Download
memory/2868-2252-0x00007FF748A90000-0x00007FF748DE1000-memory.dmp

Filesize
3.3MB

Download
memory/3052-443-0x00007FF69CC30000-0x00007FF69CF81000-memory.dmp

Filesize
3.3MB

Download
memory/3052-2284-0x00007FF69CC30000-0x00007FF69CF81000-memory.dmp

Filesize
3.3MB

Download
memory/3304-2244-0x00007FF7B5D00000-0x00007FF7B6051000-memory.dmp

Filesize
3.3MB

Download
memory/3304-18-0x00007FF7B5D00000-0x00007FF7B6051000-memory.dmp

Filesize
3.3MB

Download
memory/3376-426-0x00007FF7B0FF0000-0x00007FF7B1341000-memory.dmp

Filesize
3.3MB

Download
memory/3376-2270-0x00007FF7B0FF0000-0x00007FF7B1341000-memory.dmp

Filesize
3.3MB

Download
memory/3396-446-0x00007FF7CADA0000-0x00007FF7CB0F1000-memory.dmp

Filesize
3.3MB

Download
memory/3396-2293-0x00007FF7CADA0000-0x00007FF7CB0F1000-memory.dmp

Filesize
3.3MB

Download
memory/3500-409-0x00007FF6FF2B0000-0x00007FF6FF601000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2266-0x00007FF6FF2B0000-0x00007FF6FF601000-memory.dmp

Filesize
3.3MB

Download
memory/3628-442-0x00007FF62AEC0000-0x00007FF62B211000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2280-0x00007FF62AEC0000-0x00007FF62B211000-memory.dmp

Filesize
3.3MB

Download
memory/3780-2278-0x00007FF746A40000-0x00007FF746D91000-memory.dmp

Filesize
3.3MB

Download
memory/3780-434-0x00007FF746A40000-0x00007FF746D91000-memory.dmp

Filesize
3.3MB

Download
memory/4004-2264-0x00007FF65FFC0000-0x00007FF660311000-memory.dmp

Filesize
3.3MB

Download
memory/4004-405-0x00007FF65FFC0000-0x00007FF660311000-memory.dmp

Filesize
3.3MB

Download
memory/4072-440-0x00007FF723900000-0x00007FF723C51000-memory.dmp

Filesize
3.3MB

Download
memory/4072-2276-0x00007FF723900000-0x00007FF723C51000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2246-0x00007FF78B7D0000-0x00007FF78BB21000-memory.dmp

Filesize
3.3MB

Download
memory/4140-32-0x00007FF78B7D0000-0x00007FF78BB21000-memory.dmp

Filesize
3.3MB

Download
memory/4172-0-0x00007FF7E0260000-0x00007FF7E05B1000-memory.dmp

Filesize
3.3MB

Download
memory/4172-2173-0x00007FF7E0260000-0x00007FF7E05B1000-memory.dmp

Filesize
3.3MB

Download
memory/4172-1-0x000001AC518D0000-0x000001AC518E0000-memory.dmp

Filesize
64KB

Download
memory/4584-2286-0x00007FF7F3500000-0x00007FF7F3851000-memory.dmp

Filesize
3.3MB

Download
memory/4584-444-0x00007FF7F3500000-0x00007FF7F3851000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2250-0x00007FF615490000-0x00007FF6157E1000-memory.dmp

Filesize
3.3MB

Download
memory/4600-451-0x00007FF615490000-0x00007FF6157E1000-memory.dmp

Filesize
3.3MB

Download
memory/4752-2256-0x00007FF6F9A50000-0x00007FF6F9DA1000-memory.dmp

Filesize
3.3MB

Download
memory/4752-396-0x00007FF6F9A50000-0x00007FF6F9DA1000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2258-0x00007FF6DCC30000-0x00007FF6DCF81000-memory.dmp

Filesize
3.3MB

Download
memory/4844-386-0x00007FF6DCC30000-0x00007FF6DCF81000-memory.dmp

Filesize
3.3MB

Download
memory/4932-417-0x00007FF7FA3F0000-0x00007FF7FA741000-memory.dmp

Filesize
3.3MB

Download
memory/4932-2274-0x00007FF7FA3F0000-0x00007FF7FA741000-memory.dmp

Filesize
3.3MB

Download
memory/4948-2295-0x00007FF7C0C70000-0x00007FF7C0FC1000-memory.dmp

Filesize
3.3MB

Download
memory/4948-450-0x00007FF7C0C70000-0x00007FF7C0FC1000-memory.dmp

Filesize
3.3MB

Download
memory/4964-447-0x00007FF7DAC30000-0x00007FF7DAF81000-memory.dmp

Filesize
3.3MB

Download
memory/4964-2298-0x00007FF7DAC30000-0x00007FF7DAF81000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2262-0x00007FF7B46B0000-0x00007FF7B4A01000-memory.dmp

Filesize
3.3MB

Download
memory/4976-403-0x00007FF7B46B0000-0x00007FF7B4A01000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads