xmrig | 6d58fcbdeeca58f216b5bcd0fc338aae07d9596419ef58fac1623d92795ac974

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d93f7342802297edc8b945b46750c8e0_NEIKI.exe
Size

2.0MB
MD5

d93f7342802297edc8b945b46750c8e0
SHA1

0b234f3fd05dc5021d52cbee0d02e6ef186747d5
SHA256

6d58fcbdeeca58f216b5bcd0fc338aae07d9596419ef58fac1623d92795ac974
SHA512

0535c1d76b41476e38eb870de634d64c2f1c1498846d72f42d1f3703aade61683ed5a028df07ad15cb4021f9d9303dcb04ead5b33539f0a8bcf34d3504ec0fc4
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXIZbGb+7MxexcWTJ:BemTLkNdfE0pZr0

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4604-0-0x00007FF662BB0000-0x00007FF662F04000-memory.dmp	xmrig
behavioral2/files/0x000b000000023bb2-5.dat	xmrig
behavioral2/files/0x000a000000023bb7-7.dat	xmrig
behavioral2/files/0x0031000000023bbc-37.dat	xmrig
behavioral2/files/0x000a000000023bb9-36.dat	xmrig
behavioral2/files/0x000a000000023bbf-47.dat	xmrig
behavioral2/files/0x000a000000023bba-33.dat	xmrig
behavioral2/memory/1652-30-0x00007FF6E5490000-0x00007FF6E57E4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb8-29.dat	xmrig
behavioral2/memory/3116-24-0x00007FF7A7380000-0x00007FF7A76D4000-memory.dmp	xmrig
behavioral2/memory/3372-15-0x00007FF602B00000-0x00007FF602E54000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb6-11.dat	xmrig
behavioral2/memory/2900-56-0x00007FF60EA90000-0x00007FF60EDE4000-memory.dmp	xmrig
behavioral2/memory/4188-87-0x00007FF77E830000-0x00007FF77EB84000-memory.dmp	xmrig
behavioral2/memory/1560-103-0x00007FF7CAA70000-0x00007FF7CADC4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bcc-117.dat	xmrig
behavioral2/files/0x000a000000023bcd-131.dat	xmrig
behavioral2/memory/3148-140-0x00007FF7C5530000-0x00007FF7C5884000-memory.dmp	xmrig
behavioral2/memory/1892-143-0x00007FF672F70000-0x00007FF6732C4000-memory.dmp	xmrig
behavioral2/memory/4500-146-0x00007FF706DD0000-0x00007FF707124000-memory.dmp	xmrig
behavioral2/memory/3680-149-0x00007FF698E20000-0x00007FF699174000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bd0-165.dat	xmrig
behavioral2/files/0x000a000000023bd6-194.dat	xmrig
behavioral2/memory/3452-213-0x00007FF7C39F0000-0x00007FF7C3D44000-memory.dmp	xmrig
behavioral2/memory/3320-206-0x00007FF71A7D0000-0x00007FF71AB24000-memory.dmp	xmrig
behavioral2/memory/1204-205-0x00007FF644400000-0x00007FF644754000-memory.dmp	xmrig
behavioral2/memory/796-199-0x00007FF7EE910000-0x00007FF7EEC64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bd9-197.dat	xmrig
behavioral2/files/0x000a000000023bd8-196.dat	xmrig
behavioral2/files/0x000a000000023bd7-195.dat	xmrig
behavioral2/files/0x000a000000023bd5-193.dat	xmrig
behavioral2/files/0x000a000000023bd4-192.dat	xmrig
behavioral2/files/0x000a000000023bcf-187.dat	xmrig
behavioral2/files/0x000a000000023bd3-186.dat	xmrig
behavioral2/files/0x000a000000023bd2-181.dat	xmrig
behavioral2/files/0x000a000000023bce-173.dat	xmrig
behavioral2/files/0x000a000000023bd1-170.dat	xmrig
behavioral2/memory/1960-152-0x00007FF6A5A20000-0x00007FF6A5D74000-memory.dmp	xmrig
behavioral2/memory/5076-151-0x00007FF605C40000-0x00007FF605F94000-memory.dmp	xmrig
behavioral2/memory/2772-150-0x00007FF723410000-0x00007FF723764000-memory.dmp	xmrig
behavioral2/memory/892-148-0x00007FF773F30000-0x00007FF774284000-memory.dmp	xmrig
behavioral2/memory/2220-147-0x00007FF730270000-0x00007FF7305C4000-memory.dmp	xmrig
behavioral2/memory/3920-145-0x00007FF72A5A0000-0x00007FF72A8F4000-memory.dmp	xmrig
behavioral2/memory/3152-144-0x00007FF68ADB0000-0x00007FF68B104000-memory.dmp	xmrig
behavioral2/memory/1232-142-0x00007FF7AF0F0000-0x00007FF7AF444000-memory.dmp	xmrig
behavioral2/memory/1256-141-0x00007FF7CD420000-0x00007FF7CD774000-memory.dmp	xmrig
behavioral2/memory/4984-139-0x00007FF7C7880000-0x00007FF7C7BD4000-memory.dmp	xmrig
behavioral2/memory/3604-138-0x00007FF7FF250000-0x00007FF7FF5A4000-memory.dmp	xmrig
behavioral2/memory/532-135-0x00007FF7006D0000-0x00007FF700A24000-memory.dmp	xmrig
behavioral2/memory/544-132-0x00007FF62CCC0000-0x00007FF62D014000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bca-129.dat	xmrig
behavioral2/files/0x000a000000023bc9-127.dat	xmrig
behavioral2/files/0x000a000000023bc8-125.dat	xmrig
behavioral2/files/0x000a000000023bc7-123.dat	xmrig
behavioral2/files/0x000a000000023bc6-121.dat	xmrig
behavioral2/memory/4120-118-0x00007FF6BA780000-0x00007FF6BAAD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bcb-115.dat	xmrig
behavioral2/files/0x000a000000023bc4-113.dat	xmrig
behavioral2/files/0x0031000000023bbd-109.dat	xmrig
behavioral2/files/0x000a000000023bc1-107.dat	xmrig
behavioral2/memory/3508-106-0x00007FF7AEC90000-0x00007FF7AEFE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc3-98.dat	xmrig
behavioral2/files/0x000a000000023bbb-96.dat	xmrig
behavioral2/files/0x000a000000023bc5-83.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3372	RSTlOSg.exe
3116	aawfjlY.exe
1652	mQraoUU.exe
2220	pqyinkj.exe
2900	uRcYlhW.exe
4188	AIOjroE.exe
1560	KwgYSGJ.exe
3508	SNTbyKm.exe
892	laVaNQv.exe
4120	WWHCzje.exe
3680	QyNDKWT.exe
544	QyeFgbk.exe
532	lCokEtV.exe
3604	aVtLriq.exe
4984	rAnbVsA.exe
3148	IgngpVC.exe
1256	YmmpbbA.exe
2772	tPAoTbY.exe
1232	PKPIDek.exe
1892	nBrJriH.exe
3152	vOAXBXT.exe
3920	azmSZdd.exe
4500	PPNiSWO.exe
5076	vBsBTNK.exe
1960	nFVzCfB.exe
796	HFyiquZ.exe
1204	QBYuCOf.exe
3320	FpswcDT.exe
3452	KzHZSIa.exe
3000	zYqrEdi.exe
2848	ixsLbeu.exe
1896	hzIafHo.exe
4988	NnCWGMj.exe
3900	TQDaPjl.exe
3024	ObsCtFI.exe
612	ufnXwMZ.exe
2516	fiLPbIl.exe
2532	rlczCgO.exe
3828	ylXDIIZ.exe
4268	hcadVFg.exe
4832	JpGzDXi.exe
4340	aawaeHM.exe
4704	pYCODXJ.exe
1208	XiabPmZ.exe
4964	fOERNZj.exe
2644	QnHLqyj.exe
4740	UCQMlZU.exe
3952	HsTtUAo.exe
920	PWaYGSq.exe
4724	hzOiaeq.exe
4520	LTQMVOa.exe
3176	cadslMR.exe
4512	XZaeKYv.exe
2980	FCLSRWx.exe
4552	SEvtzwy.exe
4760	pKthiKi.exe
4236	cpqFQXf.exe
4020	TnRiNiV.exe
3628	PcLDjHc.exe
2964	ypldgnK.exe
840	QBtCCLg.exe
792	QYcondt.exe
3164	FJiurhh.exe
3984	lAdWTnt.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4604-0-0x00007FF662BB0000-0x00007FF662F04000-memory.dmp	upx
behavioral2/files/0x000b000000023bb2-5.dat	upx
behavioral2/files/0x000a000000023bb7-7.dat	upx
behavioral2/files/0x0031000000023bbc-37.dat	upx
behavioral2/files/0x000a000000023bb9-36.dat	upx
behavioral2/files/0x000a000000023bbf-47.dat	upx
behavioral2/files/0x000a000000023bba-33.dat	upx
behavioral2/memory/1652-30-0x00007FF6E5490000-0x00007FF6E57E4000-memory.dmp	upx
behavioral2/files/0x000a000000023bb8-29.dat	upx
behavioral2/memory/3116-24-0x00007FF7A7380000-0x00007FF7A76D4000-memory.dmp	upx
behavioral2/memory/3372-15-0x00007FF602B00000-0x00007FF602E54000-memory.dmp	upx
behavioral2/files/0x000a000000023bb6-11.dat	upx
behavioral2/memory/2900-56-0x00007FF60EA90000-0x00007FF60EDE4000-memory.dmp	upx
behavioral2/memory/4188-87-0x00007FF77E830000-0x00007FF77EB84000-memory.dmp	upx
behavioral2/memory/1560-103-0x00007FF7CAA70000-0x00007FF7CADC4000-memory.dmp	upx
behavioral2/files/0x000a000000023bcc-117.dat	upx
behavioral2/files/0x000a000000023bcd-131.dat	upx
behavioral2/memory/3148-140-0x00007FF7C5530000-0x00007FF7C5884000-memory.dmp	upx
behavioral2/memory/1892-143-0x00007FF672F70000-0x00007FF6732C4000-memory.dmp	upx
behavioral2/memory/4500-146-0x00007FF706DD0000-0x00007FF707124000-memory.dmp	upx
behavioral2/memory/3680-149-0x00007FF698E20000-0x00007FF699174000-memory.dmp	upx
behavioral2/files/0x000a000000023bd0-165.dat	upx
behavioral2/files/0x000a000000023bd6-194.dat	upx
behavioral2/memory/3452-213-0x00007FF7C39F0000-0x00007FF7C3D44000-memory.dmp	upx
behavioral2/memory/3320-206-0x00007FF71A7D0000-0x00007FF71AB24000-memory.dmp	upx
behavioral2/memory/1204-205-0x00007FF644400000-0x00007FF644754000-memory.dmp	upx
behavioral2/memory/796-199-0x00007FF7EE910000-0x00007FF7EEC64000-memory.dmp	upx
behavioral2/files/0x000a000000023bd9-197.dat	upx
behavioral2/files/0x000a000000023bd8-196.dat	upx
behavioral2/files/0x000a000000023bd7-195.dat	upx
behavioral2/files/0x000a000000023bd5-193.dat	upx
behavioral2/files/0x000a000000023bd4-192.dat	upx
behavioral2/files/0x000a000000023bcf-187.dat	upx
behavioral2/files/0x000a000000023bd3-186.dat	upx
behavioral2/files/0x000a000000023bd2-181.dat	upx
behavioral2/files/0x000a000000023bce-173.dat	upx
behavioral2/files/0x000a000000023bd1-170.dat	upx
behavioral2/memory/1960-152-0x00007FF6A5A20000-0x00007FF6A5D74000-memory.dmp	upx
behavioral2/memory/5076-151-0x00007FF605C40000-0x00007FF605F94000-memory.dmp	upx
behavioral2/memory/2772-150-0x00007FF723410000-0x00007FF723764000-memory.dmp	upx
behavioral2/memory/892-148-0x00007FF773F30000-0x00007FF774284000-memory.dmp	upx
behavioral2/memory/2220-147-0x00007FF730270000-0x00007FF7305C4000-memory.dmp	upx
behavioral2/memory/3920-145-0x00007FF72A5A0000-0x00007FF72A8F4000-memory.dmp	upx
behavioral2/memory/3152-144-0x00007FF68ADB0000-0x00007FF68B104000-memory.dmp	upx
behavioral2/memory/1232-142-0x00007FF7AF0F0000-0x00007FF7AF444000-memory.dmp	upx
behavioral2/memory/1256-141-0x00007FF7CD420000-0x00007FF7CD774000-memory.dmp	upx
behavioral2/memory/4984-139-0x00007FF7C7880000-0x00007FF7C7BD4000-memory.dmp	upx
behavioral2/memory/3604-138-0x00007FF7FF250000-0x00007FF7FF5A4000-memory.dmp	upx
behavioral2/memory/532-135-0x00007FF7006D0000-0x00007FF700A24000-memory.dmp	upx
behavioral2/memory/544-132-0x00007FF62CCC0000-0x00007FF62D014000-memory.dmp	upx
behavioral2/files/0x000a000000023bca-129.dat	upx
behavioral2/files/0x000a000000023bc9-127.dat	upx
behavioral2/files/0x000a000000023bc8-125.dat	upx
behavioral2/files/0x000a000000023bc7-123.dat	upx
behavioral2/files/0x000a000000023bc6-121.dat	upx
behavioral2/memory/4120-118-0x00007FF6BA780000-0x00007FF6BAAD4000-memory.dmp	upx
behavioral2/files/0x000a000000023bcb-115.dat	upx
behavioral2/files/0x000a000000023bc4-113.dat	upx
behavioral2/files/0x0031000000023bbd-109.dat	upx
behavioral2/files/0x000a000000023bc1-107.dat	upx
behavioral2/memory/3508-106-0x00007FF7AEC90000-0x00007FF7AEFE4000-memory.dmp	upx
behavioral2/files/0x000a000000023bc3-98.dat	upx
behavioral2/files/0x000a000000023bbb-96.dat	upx
behavioral2/files/0x000a000000023bc5-83.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NnCWGMj.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\LTQMVOa.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\cJuPHQG.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\XfteNoW.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\FglXpRg.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\jITnLPg.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\PKPIDek.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\miBpvUN.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\zAPNBGB.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\VNXKzIy.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\fDyPdZU.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\QBtCCLg.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\lddAjoZ.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\BGVsfdr.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\iMRTBOX.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\gjtTWEx.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\rWfSTFf.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\DEIadQO.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\aMDFIdc.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\ierhnyn.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\FGIXFRr.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\TmFrvMG.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\STgailg.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\GFplhTa.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\GdYkOiV.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\jWycOdj.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\WhAmbdf.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\eMEgjcV.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\suEhVmC.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\xlUqpDV.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\zhSDUcb.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\XauLdug.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\ToonzPA.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\lAdWTnt.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\cSadBmc.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\MkSfuKI.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\BESFYFo.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\SFlZFRJ.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\hyDNMQD.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\NJZKRwb.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\pWJUDHx.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\kmWbHfE.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\gFwmDgS.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\CfQCgZi.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\PAEEJIw.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\RVkqCHv.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\FBOcgNn.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\eDcZjoN.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\dzHAJOR.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\vEqhKXj.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\iKWKNoP.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\DSXQEnu.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\ruKvTtj.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\OcVMHXA.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\sxWKnyA.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\EOwDkMX.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\VkrFPqY.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\oZzyQNA.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\JeqpOxP.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\kNrOCci.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\qvXNtOa.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\UDXBVgM.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\HKiufAt.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe
File created	C:\Windows\System\nReXNVm.exe	d93f7342802297edc8b945b46750c8e0_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13696	dwm.exe
Token: SeChangeNotifyPrivilege	13696	dwm.exe
Token: 33	13696	dwm.exe
Token: SeIncBasePriorityPrivilege	13696	dwm.exe
Token: SeShutdownPrivilege	13696	dwm.exe
Token: SeCreatePagefilePrivilege	13696	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 3372	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	86
PID 4604 wrote to memory of 3372	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	86
PID 4604 wrote to memory of 3116	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	87
PID 4604 wrote to memory of 3116	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	87
PID 4604 wrote to memory of 1652	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	88
PID 4604 wrote to memory of 1652	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	88
PID 4604 wrote to memory of 2220	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	89
PID 4604 wrote to memory of 2220	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	89
PID 4604 wrote to memory of 4188	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	90
PID 4604 wrote to memory of 4188	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	90
PID 4604 wrote to memory of 2900	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	91
PID 4604 wrote to memory of 2900	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	91
PID 4604 wrote to memory of 892	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	92
PID 4604 wrote to memory of 892	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	92
PID 4604 wrote to memory of 1560	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	93
PID 4604 wrote to memory of 1560	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	93
PID 4604 wrote to memory of 544	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	94
PID 4604 wrote to memory of 544	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	94
PID 4604 wrote to memory of 3604	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	95
PID 4604 wrote to memory of 3604	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	95
PID 4604 wrote to memory of 3508	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	96
PID 4604 wrote to memory of 3508	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	96
PID 4604 wrote to memory of 4120	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	97
PID 4604 wrote to memory of 4120	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	97
PID 4604 wrote to memory of 3680	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	98
PID 4604 wrote to memory of 3680	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	98
PID 4604 wrote to memory of 532	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	99
PID 4604 wrote to memory of 532	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	99
PID 4604 wrote to memory of 4984	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	100
PID 4604 wrote to memory of 4984	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	100
PID 4604 wrote to memory of 3148	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	101
PID 4604 wrote to memory of 3148	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	101
PID 4604 wrote to memory of 1256	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	102
PID 4604 wrote to memory of 1256	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	102
PID 4604 wrote to memory of 2772	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	103
PID 4604 wrote to memory of 2772	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	103
PID 4604 wrote to memory of 1232	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	104
PID 4604 wrote to memory of 1232	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	104
PID 4604 wrote to memory of 1892	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	105
PID 4604 wrote to memory of 1892	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	105
PID 4604 wrote to memory of 3152	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	106
PID 4604 wrote to memory of 3152	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	106
PID 4604 wrote to memory of 3920	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	107
PID 4604 wrote to memory of 3920	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	107
PID 4604 wrote to memory of 4500	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	108
PID 4604 wrote to memory of 4500	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	108
PID 4604 wrote to memory of 5076	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	109
PID 4604 wrote to memory of 5076	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	109
PID 4604 wrote to memory of 1960	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	110
PID 4604 wrote to memory of 1960	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	110
PID 4604 wrote to memory of 796	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	111
PID 4604 wrote to memory of 796	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	111
PID 4604 wrote to memory of 1204	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	112
PID 4604 wrote to memory of 1204	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	112
PID 4604 wrote to memory of 3320	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	113
PID 4604 wrote to memory of 3320	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	113
PID 4604 wrote to memory of 3452	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	114
PID 4604 wrote to memory of 3452	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	114
PID 4604 wrote to memory of 3000	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	115
PID 4604 wrote to memory of 3000	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	115
PID 4604 wrote to memory of 2848	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	116
PID 4604 wrote to memory of 2848	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	116
PID 4604 wrote to memory of 1896	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	117
PID 4604 wrote to memory of 1896	4604	d93f7342802297edc8b945b46750c8e0_NEIKI.exe	117

C:\Users\Admin\AppData\Local\Temp\d93f7342802297edc8b945b46750c8e0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\d93f7342802297edc8b945b46750c8e0_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Windows\System\RSTlOSg.exe
  C:\Windows\System\RSTlOSg.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\aawfjlY.exe
  C:\Windows\System\aawfjlY.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\mQraoUU.exe
  C:\Windows\System\mQraoUU.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\pqyinkj.exe
  C:\Windows\System\pqyinkj.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\AIOjroE.exe
  C:\Windows\System\AIOjroE.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\uRcYlhW.exe
  C:\Windows\System\uRcYlhW.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\laVaNQv.exe
  C:\Windows\System\laVaNQv.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\KwgYSGJ.exe
  C:\Windows\System\KwgYSGJ.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\QyeFgbk.exe
  C:\Windows\System\QyeFgbk.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\aVtLriq.exe
  C:\Windows\System\aVtLriq.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\SNTbyKm.exe
  C:\Windows\System\SNTbyKm.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\WWHCzje.exe
  C:\Windows\System\WWHCzje.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\QyNDKWT.exe
  C:\Windows\System\QyNDKWT.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\lCokEtV.exe
  C:\Windows\System\lCokEtV.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\rAnbVsA.exe
  C:\Windows\System\rAnbVsA.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\IgngpVC.exe
  C:\Windows\System\IgngpVC.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\YmmpbbA.exe
  C:\Windows\System\YmmpbbA.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\tPAoTbY.exe
  C:\Windows\System\tPAoTbY.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\PKPIDek.exe
  C:\Windows\System\PKPIDek.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\nBrJriH.exe
  C:\Windows\System\nBrJriH.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\vOAXBXT.exe
  C:\Windows\System\vOAXBXT.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\azmSZdd.exe
  C:\Windows\System\azmSZdd.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\PPNiSWO.exe
  C:\Windows\System\PPNiSWO.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\vBsBTNK.exe
  C:\Windows\System\vBsBTNK.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\nFVzCfB.exe
  C:\Windows\System\nFVzCfB.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\HFyiquZ.exe
  C:\Windows\System\HFyiquZ.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\QBYuCOf.exe
  C:\Windows\System\QBYuCOf.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\FpswcDT.exe
  C:\Windows\System\FpswcDT.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\KzHZSIa.exe
  C:\Windows\System\KzHZSIa.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\zYqrEdi.exe
  C:\Windows\System\zYqrEdi.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\ixsLbeu.exe
  C:\Windows\System\ixsLbeu.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\hzIafHo.exe
  C:\Windows\System\hzIafHo.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\NnCWGMj.exe
  C:\Windows\System\NnCWGMj.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\TQDaPjl.exe
  C:\Windows\System\TQDaPjl.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\ObsCtFI.exe
  C:\Windows\System\ObsCtFI.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ufnXwMZ.exe
  C:\Windows\System\ufnXwMZ.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\fiLPbIl.exe
  C:\Windows\System\fiLPbIl.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\rlczCgO.exe
  C:\Windows\System\rlczCgO.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\ylXDIIZ.exe
  C:\Windows\System\ylXDIIZ.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\hcadVFg.exe
  C:\Windows\System\hcadVFg.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\JpGzDXi.exe
  C:\Windows\System\JpGzDXi.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\aawaeHM.exe
  C:\Windows\System\aawaeHM.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\pYCODXJ.exe
  C:\Windows\System\pYCODXJ.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\XiabPmZ.exe
  C:\Windows\System\XiabPmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\fOERNZj.exe
  C:\Windows\System\fOERNZj.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\QnHLqyj.exe
  C:\Windows\System\QnHLqyj.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\UCQMlZU.exe
  C:\Windows\System\UCQMlZU.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\HsTtUAo.exe
  C:\Windows\System\HsTtUAo.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\PWaYGSq.exe
  C:\Windows\System\PWaYGSq.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\hzOiaeq.exe
  C:\Windows\System\hzOiaeq.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\LTQMVOa.exe
  C:\Windows\System\LTQMVOa.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\cadslMR.exe
  C:\Windows\System\cadslMR.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\XZaeKYv.exe
  C:\Windows\System\XZaeKYv.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\FCLSRWx.exe
  C:\Windows\System\FCLSRWx.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\SEvtzwy.exe
  C:\Windows\System\SEvtzwy.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\pKthiKi.exe
  C:\Windows\System\pKthiKi.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\cpqFQXf.exe
  C:\Windows\System\cpqFQXf.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\TnRiNiV.exe
  C:\Windows\System\TnRiNiV.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\PcLDjHc.exe
  C:\Windows\System\PcLDjHc.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\ypldgnK.exe
  C:\Windows\System\ypldgnK.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\QBtCCLg.exe
  C:\Windows\System\QBtCCLg.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\QYcondt.exe
  C:\Windows\System\QYcondt.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\FJiurhh.exe
  C:\Windows\System\FJiurhh.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\lAdWTnt.exe
  C:\Windows\System\lAdWTnt.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\EKwzhBB.exe
  C:\Windows\System\EKwzhBB.exe
  2⤵
  PID:4880
- C:\Windows\System\UzVLvUi.exe
  C:\Windows\System\UzVLvUi.exe
  2⤵
  PID:3100
- C:\Windows\System\qGFdzuY.exe
  C:\Windows\System\qGFdzuY.exe
  2⤵
  PID:4612
- C:\Windows\System\mjaTRwp.exe
  C:\Windows\System\mjaTRwp.exe
  2⤵
  PID:2256
- C:\Windows\System\mLxZGXd.exe
  C:\Windows\System\mLxZGXd.exe
  2⤵
  PID:4332
- C:\Windows\System\uwrOvca.exe
  C:\Windows\System\uwrOvca.exe
  2⤵
  PID:1364
- C:\Windows\System\SwboHPl.exe
  C:\Windows\System\SwboHPl.exe
  2⤵
  PID:3256
- C:\Windows\System\WmYjudg.exe
  C:\Windows\System\WmYjudg.exe
  2⤵
  PID:2984
- C:\Windows\System\auiumMt.exe
  C:\Windows\System\auiumMt.exe
  2⤵
  PID:4296
- C:\Windows\System\TFHdCza.exe
  C:\Windows\System\TFHdCza.exe
  2⤵
  PID:452
- C:\Windows\System\idHvXxq.exe
  C:\Windows\System\idHvXxq.exe
  2⤵
  PID:3112
- C:\Windows\System\DWyPWRr.exe
  C:\Windows\System\DWyPWRr.exe
  2⤵
  PID:2352
- C:\Windows\System\teyGNuQ.exe
  C:\Windows\System\teyGNuQ.exe
  2⤵
  PID:2800
- C:\Windows\System\DrZAsFZ.exe
  C:\Windows\System\DrZAsFZ.exe
  2⤵
  PID:1424
- C:\Windows\System\ZfufEgp.exe
  C:\Windows\System\ZfufEgp.exe
  2⤵
  PID:3080
- C:\Windows\System\OyUioDb.exe
  C:\Windows\System\OyUioDb.exe
  2⤵
  PID:224
- C:\Windows\System\DlXwbrl.exe
  C:\Windows\System\DlXwbrl.exe
  2⤵
  PID:4016
- C:\Windows\System\QVRIxVq.exe
  C:\Windows\System\QVRIxVq.exe
  2⤵
  PID:4464
- C:\Windows\System\qvXNtOa.exe
  C:\Windows\System\qvXNtOa.exe
  2⤵
  PID:1852
- C:\Windows\System\KygFwBL.exe
  C:\Windows\System\KygFwBL.exe
  2⤵
  PID:872
- C:\Windows\System\wWPsUsM.exe
  C:\Windows\System\wWPsUsM.exe
  2⤵
  PID:4856
- C:\Windows\System\GVxAPRy.exe
  C:\Windows\System\GVxAPRy.exe
  2⤵
  PID:4216
- C:\Windows\System\JUAxerN.exe
  C:\Windows\System\JUAxerN.exe
  2⤵
  PID:4328
- C:\Windows\System\DIowgdp.exe
  C:\Windows\System\DIowgdp.exe
  2⤵
  PID:4632
- C:\Windows\System\uNZKaLs.exe
  C:\Windows\System\uNZKaLs.exe
  2⤵
  PID:4828
- C:\Windows\System\WAhoMTf.exe
  C:\Windows\System\WAhoMTf.exe
  2⤵
  PID:1180
- C:\Windows\System\iHhTJHd.exe
  C:\Windows\System\iHhTJHd.exe
  2⤵
  PID:608
- C:\Windows\System\ooEbNPB.exe
  C:\Windows\System\ooEbNPB.exe
  2⤵
  PID:2264
- C:\Windows\System\cVQrLzH.exe
  C:\Windows\System\cVQrLzH.exe
  2⤵
  PID:4560
- C:\Windows\System\revBdMr.exe
  C:\Windows\System\revBdMr.exe
  2⤵
  PID:4380
- C:\Windows\System\oiPUnnf.exe
  C:\Windows\System\oiPUnnf.exe
  2⤵
  PID:1996
- C:\Windows\System\zJIfCod.exe
  C:\Windows\System\zJIfCod.exe
  2⤵
  PID:4796
- C:\Windows\System\rHAvNbe.exe
  C:\Windows\System\rHAvNbe.exe
  2⤵
  PID:5132
- C:\Windows\System\wiOrULm.exe
  C:\Windows\System\wiOrULm.exe
  2⤵
  PID:5160
- C:\Windows\System\JFAvNVP.exe
  C:\Windows\System\JFAvNVP.exe
  2⤵
  PID:5188
- C:\Windows\System\eMEgjcV.exe
  C:\Windows\System\eMEgjcV.exe
  2⤵
  PID:5212
- C:\Windows\System\XYixVXg.exe
  C:\Windows\System\XYixVXg.exe
  2⤵
  PID:5244
- C:\Windows\System\dIZorEB.exe
  C:\Windows\System\dIZorEB.exe
  2⤵
  PID:5288
- C:\Windows\System\EsFnkNX.exe
  C:\Windows\System\EsFnkNX.exe
  2⤵
  PID:5328
- C:\Windows\System\suEhVmC.exe
  C:\Windows\System\suEhVmC.exe
  2⤵
  PID:5344
- C:\Windows\System\XGhSrLE.exe
  C:\Windows\System\XGhSrLE.exe
  2⤵
  PID:5372
- C:\Windows\System\JoaHsHa.exe
  C:\Windows\System\JoaHsHa.exe
  2⤵
  PID:5408
- C:\Windows\System\jOeWGGu.exe
  C:\Windows\System\jOeWGGu.exe
  2⤵
  PID:5484
- C:\Windows\System\BCBiESW.exe
  C:\Windows\System\BCBiESW.exe
  2⤵
  PID:5500
- C:\Windows\System\YXbhNlk.exe
  C:\Windows\System\YXbhNlk.exe
  2⤵
  PID:5524
- C:\Windows\System\rWfSTFf.exe
  C:\Windows\System\rWfSTFf.exe
  2⤵
  PID:5544
- C:\Windows\System\cwcIwpT.exe
  C:\Windows\System\cwcIwpT.exe
  2⤵
  PID:5568
- C:\Windows\System\XQYDemq.exe
  C:\Windows\System\XQYDemq.exe
  2⤵
  PID:5584
- C:\Windows\System\xlUqpDV.exe
  C:\Windows\System\xlUqpDV.exe
  2⤵
  PID:5604
- C:\Windows\System\YmaTdKc.exe
  C:\Windows\System\YmaTdKc.exe
  2⤵
  PID:5636
- C:\Windows\System\WZCCUPj.exe
  C:\Windows\System\WZCCUPj.exe
  2⤵
  PID:5664
- C:\Windows\System\STTYqoL.exe
  C:\Windows\System\STTYqoL.exe
  2⤵
  PID:5700
- C:\Windows\System\qwgqIhN.exe
  C:\Windows\System\qwgqIhN.exe
  2⤵
  PID:5736
- C:\Windows\System\QUbELzz.exe
  C:\Windows\System\QUbELzz.exe
  2⤵
  PID:5768
- C:\Windows\System\NjByJoJ.exe
  C:\Windows\System\NjByJoJ.exe
  2⤵
  PID:5792
- C:\Windows\System\ZmjBUbw.exe
  C:\Windows\System\ZmjBUbw.exe
  2⤵
  PID:5824
- C:\Windows\System\LuKDeKS.exe
  C:\Windows\System\LuKDeKS.exe
  2⤵
  PID:5860
- C:\Windows\System\MEIEKqk.exe
  C:\Windows\System\MEIEKqk.exe
  2⤵
  PID:5876
- C:\Windows\System\ngADQXe.exe
  C:\Windows\System\ngADQXe.exe
  2⤵
  PID:5904
- C:\Windows\System\WhAmbdf.exe
  C:\Windows\System\WhAmbdf.exe
  2⤵
  PID:5920
- C:\Windows\System\eDcZjoN.exe
  C:\Windows\System\eDcZjoN.exe
  2⤵
  PID:5956
- C:\Windows\System\wLNlWXi.exe
  C:\Windows\System\wLNlWXi.exe
  2⤵
  PID:5992
- C:\Windows\System\WKGTLWQ.exe
  C:\Windows\System\WKGTLWQ.exe
  2⤵
  PID:6024
- C:\Windows\System\NJZKRwb.exe
  C:\Windows\System\NJZKRwb.exe
  2⤵
  PID:6044
- C:\Windows\System\wWgsQmO.exe
  C:\Windows\System\wWgsQmO.exe
  2⤵
  PID:6080
- C:\Windows\System\pyGSJOO.exe
  C:\Windows\System\pyGSJOO.exe
  2⤵
  PID:6120
- C:\Windows\System\VlnzAoR.exe
  C:\Windows\System\VlnzAoR.exe
  2⤵
  PID:2764
- C:\Windows\System\pLwloNb.exe
  C:\Windows\System\pLwloNb.exe
  2⤵
  PID:5156
- C:\Windows\System\fQNOLFh.exe
  C:\Windows\System\fQNOLFh.exe
  2⤵
  PID:5204
- C:\Windows\System\sexHwEa.exe
  C:\Windows\System\sexHwEa.exe
  2⤵
  PID:5264
- C:\Windows\System\QMohwHX.exe
  C:\Windows\System\QMohwHX.exe
  2⤵
  PID:5308
- C:\Windows\System\lddAjoZ.exe
  C:\Windows\System\lddAjoZ.exe
  2⤵
  PID:5384
- C:\Windows\System\ZJAEcDs.exe
  C:\Windows\System\ZJAEcDs.exe
  2⤵
  PID:5436
- C:\Windows\System\oCxxMqN.exe
  C:\Windows\System\oCxxMqN.exe
  2⤵
  PID:5576
- C:\Windows\System\OyQCVMA.exe
  C:\Windows\System\OyQCVMA.exe
  2⤵
  PID:5624
- C:\Windows\System\mEpgxnT.exe
  C:\Windows\System\mEpgxnT.exe
  2⤵
  PID:5720
- C:\Windows\System\mYfrNYP.exe
  C:\Windows\System\mYfrNYP.exe
  2⤵
  PID:5776
- C:\Windows\System\nMJFzft.exe
  C:\Windows\System\nMJFzft.exe
  2⤵
  PID:5816
- C:\Windows\System\ZBHXmQK.exe
  C:\Windows\System\ZBHXmQK.exe
  2⤵
  PID:5892
- C:\Windows\System\IQNvJJK.exe
  C:\Windows\System\IQNvJJK.exe
  2⤵
  PID:5948
- C:\Windows\System\coCqSFz.exe
  C:\Windows\System\coCqSFz.exe
  2⤵
  PID:6032
- C:\Windows\System\eprKQLL.exe
  C:\Windows\System\eprKQLL.exe
  2⤵
  PID:6096
- C:\Windows\System\IZbEuSe.exe
  C:\Windows\System\IZbEuSe.exe
  2⤵
  PID:6132
- C:\Windows\System\DPzhFlQ.exe
  C:\Windows\System\DPzhFlQ.exe
  2⤵
  PID:5252
- C:\Windows\System\JfeTpxj.exe
  C:\Windows\System\JfeTpxj.exe
  2⤵
  PID:5516
- C:\Windows\System\YyqHRHq.exe
  C:\Windows\System\YyqHRHq.exe
  2⤵
  PID:5656
- C:\Windows\System\JBJpVpx.exe
  C:\Windows\System\JBJpVpx.exe
  2⤵
  PID:5808
- C:\Windows\System\vIBZLPX.exe
  C:\Windows\System\vIBZLPX.exe
  2⤵
  PID:5916
- C:\Windows\System\TPsiSwj.exe
  C:\Windows\System\TPsiSwj.exe
  2⤵
  PID:2464
- C:\Windows\System\hTBVAHs.exe
  C:\Windows\System\hTBVAHs.exe
  2⤵
  PID:5432
- C:\Windows\System\givzhmF.exe
  C:\Windows\System\givzhmF.exe
  2⤵
  PID:5660
- C:\Windows\System\MWrmmAn.exe
  C:\Windows\System\MWrmmAn.exe
  2⤵
  PID:6128
- C:\Windows\System\KYNUhRn.exe
  C:\Windows\System\KYNUhRn.exe
  2⤵
  PID:6056
- C:\Windows\System\MKwYCQw.exe
  C:\Windows\System\MKwYCQw.exe
  2⤵
  PID:6176
- C:\Windows\System\MTIJvhM.exe
  C:\Windows\System\MTIJvhM.exe
  2⤵
  PID:6212
- C:\Windows\System\ZYIenFQ.exe
  C:\Windows\System\ZYIenFQ.exe
  2⤵
  PID:6232
- C:\Windows\System\SeRdHMu.exe
  C:\Windows\System\SeRdHMu.exe
  2⤵
  PID:6260
- C:\Windows\System\alKnLzV.exe
  C:\Windows\System\alKnLzV.exe
  2⤵
  PID:6292
- C:\Windows\System\EtZSLNc.exe
  C:\Windows\System\EtZSLNc.exe
  2⤵
  PID:6328
- C:\Windows\System\fzHFkeB.exe
  C:\Windows\System\fzHFkeB.exe
  2⤵
  PID:6364
- C:\Windows\System\ijLVQhR.exe
  C:\Windows\System\ijLVQhR.exe
  2⤵
  PID:6384
- C:\Windows\System\iqQagRz.exe
  C:\Windows\System\iqQagRz.exe
  2⤵
  PID:6404
- C:\Windows\System\TmFrvMG.exe
  C:\Windows\System\TmFrvMG.exe
  2⤵
  PID:6440
- C:\Windows\System\DSXQEnu.exe
  C:\Windows\System\DSXQEnu.exe
  2⤵
  PID:6468
- C:\Windows\System\bWDmKcP.exe
  C:\Windows\System\bWDmKcP.exe
  2⤵
  PID:6484
- C:\Windows\System\UMtLkmq.exe
  C:\Windows\System\UMtLkmq.exe
  2⤵
  PID:6512
- C:\Windows\System\pdfkrYB.exe
  C:\Windows\System\pdfkrYB.exe
  2⤵
  PID:6540
- C:\Windows\System\NKWBBYn.exe
  C:\Windows\System\NKWBBYn.exe
  2⤵
  PID:6580
- C:\Windows\System\dtjnmBW.exe
  C:\Windows\System\dtjnmBW.exe
  2⤵
  PID:6612
- C:\Windows\System\rsGhcWA.exe
  C:\Windows\System\rsGhcWA.exe
  2⤵
  PID:6648
- C:\Windows\System\XpjQLNa.exe
  C:\Windows\System\XpjQLNa.exe
  2⤵
  PID:6696
- C:\Windows\System\iKWKNoP.exe
  C:\Windows\System\iKWKNoP.exe
  2⤵
  PID:6716
- C:\Windows\System\gnNAdVh.exe
  C:\Windows\System\gnNAdVh.exe
  2⤵
  PID:6732
- C:\Windows\System\uvCGJJc.exe
  C:\Windows\System\uvCGJJc.exe
  2⤵
  PID:6768
- C:\Windows\System\ADhvSED.exe
  C:\Windows\System\ADhvSED.exe
  2⤵
  PID:6788
- C:\Windows\System\GfAoHdO.exe
  C:\Windows\System\GfAoHdO.exe
  2⤵
  PID:6804
- C:\Windows\System\BQwIwmG.exe
  C:\Windows\System\BQwIwmG.exe
  2⤵
  PID:6824
- C:\Windows\System\NZKvtBS.exe
  C:\Windows\System\NZKvtBS.exe
  2⤵
  PID:6860
- C:\Windows\System\eRmUOkN.exe
  C:\Windows\System\eRmUOkN.exe
  2⤵
  PID:6876
- C:\Windows\System\YbuvwLh.exe
  C:\Windows\System\YbuvwLh.exe
  2⤵
  PID:6904
- C:\Windows\System\BeQgYti.exe
  C:\Windows\System\BeQgYti.exe
  2⤵
  PID:6940
- C:\Windows\System\gZYDhKW.exe
  C:\Windows\System\gZYDhKW.exe
  2⤵
  PID:6968
- C:\Windows\System\uhSOriI.exe
  C:\Windows\System\uhSOriI.exe
  2⤵
  PID:7008
- C:\Windows\System\nReXNVm.exe
  C:\Windows\System\nReXNVm.exe
  2⤵
  PID:7032
- C:\Windows\System\Pfgaqjw.exe
  C:\Windows\System\Pfgaqjw.exe
  2⤵
  PID:7076
- C:\Windows\System\SJkGtZY.exe
  C:\Windows\System\SJkGtZY.exe
  2⤵
  PID:7112
- C:\Windows\System\FaEsGYk.exe
  C:\Windows\System\FaEsGYk.exe
  2⤵
  PID:7128
- C:\Windows\System\ILJYtEo.exe
  C:\Windows\System\ILJYtEo.exe
  2⤵
  PID:7156
- C:\Windows\System\KNmZqrU.exe
  C:\Windows\System\KNmZqrU.exe
  2⤵
  PID:5652
- C:\Windows\System\CRNDpuN.exe
  C:\Windows\System\CRNDpuN.exe
  2⤵
  PID:6200
- C:\Windows\System\cJuPHQG.exe
  C:\Windows\System\cJuPHQG.exe
  2⤵
  PID:6284
- C:\Windows\System\hlZWhry.exe
  C:\Windows\System\hlZWhry.exe
  2⤵
  PID:6460
- C:\Windows\System\cSadBmc.exe
  C:\Windows\System\cSadBmc.exe
  2⤵
  PID:6496
- C:\Windows\System\TsOpJiY.exe
  C:\Windows\System\TsOpJiY.exe
  2⤵
  PID:6564
- C:\Windows\System\MMsLxYr.exe
  C:\Windows\System\MMsLxYr.exe
  2⤵
  PID:6568
- C:\Windows\System\PhGsPGt.exe
  C:\Windows\System\PhGsPGt.exe
  2⤵
  PID:6656
- C:\Windows\System\mzNxeDn.exe
  C:\Windows\System\mzNxeDn.exe
  2⤵
  PID:6780
- C:\Windows\System\dUIrrhP.exe
  C:\Windows\System\dUIrrhP.exe
  2⤵
  PID:6852
- C:\Windows\System\KnJfgON.exe
  C:\Windows\System\KnJfgON.exe
  2⤵
  PID:6888
- C:\Windows\System\DmdtgLp.exe
  C:\Windows\System\DmdtgLp.exe
  2⤵
  PID:6984
- C:\Windows\System\vfhBYNB.exe
  C:\Windows\System\vfhBYNB.exe
  2⤵
  PID:7056
- C:\Windows\System\MMrayeG.exe
  C:\Windows\System\MMrayeG.exe
  2⤵
  PID:7124
- C:\Windows\System\KBTblVs.exe
  C:\Windows\System\KBTblVs.exe
  2⤵
  PID:7092
- C:\Windows\System\ZULZTaF.exe
  C:\Windows\System\ZULZTaF.exe
  2⤵
  PID:6240
- C:\Windows\System\SBYEdkV.exe
  C:\Windows\System\SBYEdkV.exe
  2⤵
  PID:6300
- C:\Windows\System\kOSqdoq.exe
  C:\Windows\System\kOSqdoq.exe
  2⤵
  PID:6480
- C:\Windows\System\ekMOsYl.exe
  C:\Windows\System\ekMOsYl.exe
  2⤵
  PID:6552
- C:\Windows\System\OPKxmPt.exe
  C:\Windows\System\OPKxmPt.exe
  2⤵
  PID:6560
- C:\Windows\System\mliFkGu.exe
  C:\Windows\System\mliFkGu.exe
  2⤵
  PID:6800
- C:\Windows\System\IbvBbBU.exe
  C:\Windows\System\IbvBbBU.exe
  2⤵
  PID:6936
- C:\Windows\System\vMypsFJ.exe
  C:\Windows\System\vMypsFJ.exe
  2⤵
  PID:1124
- C:\Windows\System\qSrgEtT.exe
  C:\Windows\System\qSrgEtT.exe
  2⤵
  PID:5596
- C:\Windows\System\xZVxhqP.exe
  C:\Windows\System\xZVxhqP.exe
  2⤵
  PID:1084
- C:\Windows\System\DfFXdPz.exe
  C:\Windows\System\DfFXdPz.exe
  2⤵
  PID:6704
- C:\Windows\System\BGVsfdr.exe
  C:\Windows\System\BGVsfdr.exe
  2⤵
  PID:6956
- C:\Windows\System\yzltGvN.exe
  C:\Windows\System\yzltGvN.exe
  2⤵
  PID:2272
- C:\Windows\System\jEwCFKu.exe
  C:\Windows\System\jEwCFKu.exe
  2⤵
  PID:6428
- C:\Windows\System\mpGvbhm.exe
  C:\Windows\System\mpGvbhm.exe
  2⤵
  PID:7196
- C:\Windows\System\eqziWDz.exe
  C:\Windows\System\eqziWDz.exe
  2⤵
  PID:7228
- C:\Windows\System\ScFzaFK.exe
  C:\Windows\System\ScFzaFK.exe
  2⤵
  PID:7256
- C:\Windows\System\SlVqVWe.exe
  C:\Windows\System\SlVqVWe.exe
  2⤵
  PID:7284
- C:\Windows\System\zSPZXBn.exe
  C:\Windows\System\zSPZXBn.exe
  2⤵
  PID:7316
- C:\Windows\System\nRyTenf.exe
  C:\Windows\System\nRyTenf.exe
  2⤵
  PID:7340
- C:\Windows\System\qGVyqgf.exe
  C:\Windows\System\qGVyqgf.exe
  2⤵
  PID:7372
- C:\Windows\System\UAgSRmF.exe
  C:\Windows\System\UAgSRmF.exe
  2⤵
  PID:7404
- C:\Windows\System\EAKHxvD.exe
  C:\Windows\System\EAKHxvD.exe
  2⤵
  PID:7428
- C:\Windows\System\IHsCawh.exe
  C:\Windows\System\IHsCawh.exe
  2⤵
  PID:7456
- C:\Windows\System\VaLAgat.exe
  C:\Windows\System\VaLAgat.exe
  2⤵
  PID:7492
- C:\Windows\System\hKXGOPa.exe
  C:\Windows\System\hKXGOPa.exe
  2⤵
  PID:7508
- C:\Windows\System\iVgUCkd.exe
  C:\Windows\System\iVgUCkd.exe
  2⤵
  PID:7540
- C:\Windows\System\CJZIdik.exe
  C:\Windows\System\CJZIdik.exe
  2⤵
  PID:7564
- C:\Windows\System\TmuclqN.exe
  C:\Windows\System\TmuclqN.exe
  2⤵
  PID:7600
- C:\Windows\System\BFrmyMM.exe
  C:\Windows\System\BFrmyMM.exe
  2⤵
  PID:7620
- C:\Windows\System\Fubstbt.exe
  C:\Windows\System\Fubstbt.exe
  2⤵
  PID:7648
- C:\Windows\System\jRAwJUH.exe
  C:\Windows\System\jRAwJUH.exe
  2⤵
  PID:7676
- C:\Windows\System\FgsHyVn.exe
  C:\Windows\System\FgsHyVn.exe
  2⤵
  PID:7716
- C:\Windows\System\hwUfMwe.exe
  C:\Windows\System\hwUfMwe.exe
  2⤵
  PID:7744
- C:\Windows\System\cUGzzTm.exe
  C:\Windows\System\cUGzzTm.exe
  2⤵
  PID:7764
- C:\Windows\System\RjoVwIB.exe
  C:\Windows\System\RjoVwIB.exe
  2⤵
  PID:7788
- C:\Windows\System\nGwFjHV.exe
  C:\Windows\System\nGwFjHV.exe
  2⤵
  PID:7820
- C:\Windows\System\cAElipS.exe
  C:\Windows\System\cAElipS.exe
  2⤵
  PID:7848
- C:\Windows\System\gFwmDgS.exe
  C:\Windows\System\gFwmDgS.exe
  2⤵
  PID:7880
- C:\Windows\System\MeNebCa.exe
  C:\Windows\System\MeNebCa.exe
  2⤵
  PID:7916
- C:\Windows\System\QFebVeZ.exe
  C:\Windows\System\QFebVeZ.exe
  2⤵
  PID:7932
- C:\Windows\System\AhViVaS.exe
  C:\Windows\System\AhViVaS.exe
  2⤵
  PID:7968
- C:\Windows\System\cUAhRhL.exe
  C:\Windows\System\cUAhRhL.exe
  2⤵
  PID:7996
- C:\Windows\System\OshCAsU.exe
  C:\Windows\System\OshCAsU.exe
  2⤵
  PID:8024
- C:\Windows\System\uoTormZ.exe
  C:\Windows\System\uoTormZ.exe
  2⤵
  PID:8044
- C:\Windows\System\ZckyGmG.exe
  C:\Windows\System\ZckyGmG.exe
  2⤵
  PID:8060
- C:\Windows\System\pyufIRz.exe
  C:\Windows\System\pyufIRz.exe
  2⤵
  PID:8080
- C:\Windows\System\uddJlnQ.exe
  C:\Windows\System\uddJlnQ.exe
  2⤵
  PID:8112
- C:\Windows\System\LNCEuXf.exe
  C:\Windows\System\LNCEuXf.exe
  2⤵
  PID:8140
- C:\Windows\System\OvPzMej.exe
  C:\Windows\System\OvPzMej.exe
  2⤵
  PID:8176
- C:\Windows\System\LuoJSSa.exe
  C:\Windows\System\LuoJSSa.exe
  2⤵
  PID:6152
- C:\Windows\System\miBpvUN.exe
  C:\Windows\System\miBpvUN.exe
  2⤵
  PID:7252
- C:\Windows\System\jbkfzGq.exe
  C:\Windows\System\jbkfzGq.exe
  2⤵
  PID:7324
- C:\Windows\System\opvSJXZ.exe
  C:\Windows\System\opvSJXZ.exe
  2⤵
  PID:7360
- C:\Windows\System\UlNyJEx.exe
  C:\Windows\System\UlNyJEx.exe
  2⤵
  PID:7396
- C:\Windows\System\GruNSSe.exe
  C:\Windows\System\GruNSSe.exe
  2⤵
  PID:7504
- C:\Windows\System\ZiAlHHb.exe
  C:\Windows\System\ZiAlHHb.exe
  2⤵
  PID:7560
- C:\Windows\System\FwRXfYi.exe
  C:\Windows\System\FwRXfYi.exe
  2⤵
  PID:7632
- C:\Windows\System\ZrYILik.exe
  C:\Windows\System\ZrYILik.exe
  2⤵
  PID:7696
- C:\Windows\System\JqreZfJ.exe
  C:\Windows\System\JqreZfJ.exe
  2⤵
  PID:7776
- C:\Windows\System\lypaeFb.exe
  C:\Windows\System\lypaeFb.exe
  2⤵
  PID:7840
- C:\Windows\System\jfEmAmm.exe
  C:\Windows\System\jfEmAmm.exe
  2⤵
  PID:7888
- C:\Windows\System\HOkbhKU.exe
  C:\Windows\System\HOkbhKU.exe
  2⤵
  PID:7956
- C:\Windows\System\RdSbXkv.exe
  C:\Windows\System\RdSbXkv.exe
  2⤵
  PID:8056
- C:\Windows\System\iNZmeXW.exe
  C:\Windows\System\iNZmeXW.exe
  2⤵
  PID:8072
- C:\Windows\System\KiNfwPw.exe
  C:\Windows\System\KiNfwPw.exe
  2⤵
  PID:7044
- C:\Windows\System\OcVMHXA.exe
  C:\Windows\System\OcVMHXA.exe
  2⤵
  PID:7332
- C:\Windows\System\nkWdPuj.exe
  C:\Windows\System\nkWdPuj.exe
  2⤵
  PID:7388
- C:\Windows\System\mxnGmVH.exe
  C:\Windows\System\mxnGmVH.exe
  2⤵
  PID:7608
- C:\Windows\System\ypqEUZe.exe
  C:\Windows\System\ypqEUZe.exe
  2⤵
  PID:7672
- C:\Windows\System\xuCkoxi.exe
  C:\Windows\System\xuCkoxi.exe
  2⤵
  PID:7808
- C:\Windows\System\OLhpTNW.exe
  C:\Windows\System\OLhpTNW.exe
  2⤵
  PID:7928
- C:\Windows\System\JopRGCn.exe
  C:\Windows\System\JopRGCn.exe
  2⤵
  PID:8188
- C:\Windows\System\JWuJcpY.exe
  C:\Windows\System\JWuJcpY.exe
  2⤵
  PID:7276
- C:\Windows\System\hRekAVS.exe
  C:\Windows\System\hRekAVS.exe
  2⤵
  PID:7736
- C:\Windows\System\zvMAfXx.exe
  C:\Windows\System\zvMAfXx.exe
  2⤵
  PID:7900
- C:\Windows\System\ScxUyuk.exe
  C:\Windows\System\ScxUyuk.exe
  2⤵
  PID:7088
- C:\Windows\System\QNeCqrn.exe
  C:\Windows\System\QNeCqrn.exe
  2⤵
  PID:8200
- C:\Windows\System\GYECAEV.exe
  C:\Windows\System\GYECAEV.exe
  2⤵
  PID:8232
- C:\Windows\System\ZFGYtbl.exe
  C:\Windows\System\ZFGYtbl.exe
  2⤵
  PID:8256
- C:\Windows\System\XCySScD.exe
  C:\Windows\System\XCySScD.exe
  2⤵
  PID:8284
- C:\Windows\System\VaXMPKP.exe
  C:\Windows\System\VaXMPKP.exe
  2⤵
  PID:8312
- C:\Windows\System\gDMJNXI.exe
  C:\Windows\System\gDMJNXI.exe
  2⤵
  PID:8340
- C:\Windows\System\tfMOgQS.exe
  C:\Windows\System\tfMOgQS.exe
  2⤵
  PID:8368
- C:\Windows\System\zjSEDAh.exe
  C:\Windows\System\zjSEDAh.exe
  2⤵
  PID:8400
- C:\Windows\System\rCJSUub.exe
  C:\Windows\System\rCJSUub.exe
  2⤵
  PID:8424
- C:\Windows\System\UMfFJqT.exe
  C:\Windows\System\UMfFJqT.exe
  2⤵
  PID:8452
- C:\Windows\System\XfteNoW.exe
  C:\Windows\System\XfteNoW.exe
  2⤵
  PID:8480
- C:\Windows\System\nobvxJT.exe
  C:\Windows\System\nobvxJT.exe
  2⤵
  PID:8504
- C:\Windows\System\McuZpmC.exe
  C:\Windows\System\McuZpmC.exe
  2⤵
  PID:8532
- C:\Windows\System\ISkrCZb.exe
  C:\Windows\System\ISkrCZb.exe
  2⤵
  PID:8552
- C:\Windows\System\njDCJSZ.exe
  C:\Windows\System\njDCJSZ.exe
  2⤵
  PID:8580
- C:\Windows\System\iMRTBOX.exe
  C:\Windows\System\iMRTBOX.exe
  2⤵
  PID:8608
- C:\Windows\System\hxkkiHM.exe
  C:\Windows\System\hxkkiHM.exe
  2⤵
  PID:8648
- C:\Windows\System\FGIXFRr.exe
  C:\Windows\System\FGIXFRr.exe
  2⤵
  PID:8676
- C:\Windows\System\tJgYzLY.exe
  C:\Windows\System\tJgYzLY.exe
  2⤵
  PID:8716
- C:\Windows\System\sIuTwcx.exe
  C:\Windows\System\sIuTwcx.exe
  2⤵
  PID:8732
- C:\Windows\System\cQOdbZP.exe
  C:\Windows\System\cQOdbZP.exe
  2⤵
  PID:8760
- C:\Windows\System\STgailg.exe
  C:\Windows\System\STgailg.exe
  2⤵
  PID:8776
- C:\Windows\System\DEIadQO.exe
  C:\Windows\System\DEIadQO.exe
  2⤵
  PID:8800
- C:\Windows\System\mIuNrKB.exe
  C:\Windows\System\mIuNrKB.exe
  2⤵
  PID:8832
- C:\Windows\System\aSBjVEs.exe
  C:\Windows\System\aSBjVEs.exe
  2⤵
  PID:8856
- C:\Windows\System\MYIIsRq.exe
  C:\Windows\System\MYIIsRq.exe
  2⤵
  PID:8880
- C:\Windows\System\kWvwIxj.exe
  C:\Windows\System\kWvwIxj.exe
  2⤵
  PID:8916
- C:\Windows\System\aMDFIdc.exe
  C:\Windows\System\aMDFIdc.exe
  2⤵
  PID:8944
- C:\Windows\System\ZrYoWEf.exe
  C:\Windows\System\ZrYoWEf.exe
  2⤵
  PID:8972
- C:\Windows\System\IwWhrLb.exe
  C:\Windows\System\IwWhrLb.exe
  2⤵
  PID:9004
- C:\Windows\System\AAkZiZe.exe
  C:\Windows\System\AAkZiZe.exe
  2⤵
  PID:9028
- C:\Windows\System\OKWJRcM.exe
  C:\Windows\System\OKWJRcM.exe
  2⤵
  PID:9056
- C:\Windows\System\OpprEAT.exe
  C:\Windows\System\OpprEAT.exe
  2⤵
  PID:9088
- C:\Windows\System\KrPkKKq.exe
  C:\Windows\System\KrPkKKq.exe
  2⤵
  PID:9124
- C:\Windows\System\ETZukoa.exe
  C:\Windows\System\ETZukoa.exe
  2⤵
  PID:9144
- C:\Windows\System\JNIeZKN.exe
  C:\Windows\System\JNIeZKN.exe
  2⤵
  PID:9180
- C:\Windows\System\LXLQmCu.exe
  C:\Windows\System\LXLQmCu.exe
  2⤵
  PID:7224
- C:\Windows\System\YozmBOS.exe
  C:\Windows\System\YozmBOS.exe
  2⤵
  PID:8268
- C:\Windows\System\IsFFhDa.exe
  C:\Windows\System\IsFFhDa.exe
  2⤵
  PID:8296
- C:\Windows\System\aZWlQGe.exe
  C:\Windows\System\aZWlQGe.exe
  2⤵
  PID:8324
- C:\Windows\System\sddtTKg.exe
  C:\Windows\System\sddtTKg.exe
  2⤵
  PID:8356
- C:\Windows\System\LJPsJMs.exe
  C:\Windows\System\LJPsJMs.exe
  2⤵
  PID:8468
- C:\Windows\System\GlXXnSf.exe
  C:\Windows\System\GlXXnSf.exe
  2⤵
  PID:8464
- C:\Windows\System\XULdOfI.exe
  C:\Windows\System\XULdOfI.exe
  2⤵
  PID:8592
- C:\Windows\System\pAfdMCi.exe
  C:\Windows\System\pAfdMCi.exe
  2⤵
  PID:8644
- C:\Windows\System\krdyBPL.exe
  C:\Windows\System\krdyBPL.exe
  2⤵
  PID:8724
- C:\Windows\System\gSNfwbj.exe
  C:\Windows\System\gSNfwbj.exe
  2⤵
  PID:8788
- C:\Windows\System\FWTDUXt.exe
  C:\Windows\System\FWTDUXt.exe
  2⤵
  PID:8852
- C:\Windows\System\zAPNBGB.exe
  C:\Windows\System\zAPNBGB.exe
  2⤵
  PID:8932
- C:\Windows\System\DknQzfK.exe
  C:\Windows\System\DknQzfK.exe
  2⤵
  PID:9020
- C:\Windows\System\eQfrMMi.exe
  C:\Windows\System\eQfrMMi.exe
  2⤵
  PID:9048
- C:\Windows\System\ywkgsmx.exe
  C:\Windows\System\ywkgsmx.exe
  2⤵
  PID:9112
- C:\Windows\System\oqwGXov.exe
  C:\Windows\System\oqwGXov.exe
  2⤵
  PID:9160
- C:\Windows\System\QMUBsSZ.exe
  C:\Windows\System\QMUBsSZ.exe
  2⤵
  PID:8228
- C:\Windows\System\omoDtCv.exe
  C:\Windows\System\omoDtCv.exe
  2⤵
  PID:8500
- C:\Windows\System\QXrGGpZ.exe
  C:\Windows\System\QXrGGpZ.exe
  2⤵
  PID:8520
- C:\Windows\System\WdnVHPu.exe
  C:\Windows\System\WdnVHPu.exe
  2⤵
  PID:8660
- C:\Windows\System\YVXvtCc.exe
  C:\Windows\System\YVXvtCc.exe
  2⤵
  PID:8844
- C:\Windows\System\nwKBFTo.exe
  C:\Windows\System\nwKBFTo.exe
  2⤵
  PID:8912
- C:\Windows\System\AgooCCM.exe
  C:\Windows\System\AgooCCM.exe
  2⤵
  PID:8248
- C:\Windows\System\PuNZnGd.exe
  C:\Windows\System\PuNZnGd.exe
  2⤵
  PID:8304
- C:\Windows\System\bzrTZTS.exe
  C:\Windows\System\bzrTZTS.exe
  2⤵
  PID:8476
- C:\Windows\System\PacJwnd.exe
  C:\Windows\System\PacJwnd.exe
  2⤵
  PID:8408
- C:\Windows\System\njoPKLA.exe
  C:\Windows\System\njoPKLA.exe
  2⤵
  PID:9156
- C:\Windows\System\VgGBtub.exe
  C:\Windows\System\VgGBtub.exe
  2⤵
  PID:9236
- C:\Windows\System\YGoVYDt.exe
  C:\Windows\System\YGoVYDt.exe
  2⤵
  PID:9252
- C:\Windows\System\aDvBvgZ.exe
  C:\Windows\System\aDvBvgZ.exe
  2⤵
  PID:9268
- C:\Windows\System\DYYbkGi.exe
  C:\Windows\System\DYYbkGi.exe
  2⤵
  PID:9296
- C:\Windows\System\NzgNAmF.exe
  C:\Windows\System\NzgNAmF.exe
  2⤵
  PID:9328
- C:\Windows\System\IaKzJLP.exe
  C:\Windows\System\IaKzJLP.exe
  2⤵
  PID:9364
- C:\Windows\System\vhizitr.exe
  C:\Windows\System\vhizitr.exe
  2⤵
  PID:9392
- C:\Windows\System\lgJtINX.exe
  C:\Windows\System\lgJtINX.exe
  2⤵
  PID:9408
- C:\Windows\System\tQHEJhY.exe
  C:\Windows\System\tQHEJhY.exe
  2⤵
  PID:9444
- C:\Windows\System\NfSfdSs.exe
  C:\Windows\System\NfSfdSs.exe
  2⤵
  PID:9472
- C:\Windows\System\TjNHjGW.exe
  C:\Windows\System\TjNHjGW.exe
  2⤵
  PID:9492
- C:\Windows\System\tPYQxGr.exe
  C:\Windows\System\tPYQxGr.exe
  2⤵
  PID:9516
- C:\Windows\System\ZiwdnXL.exe
  C:\Windows\System\ZiwdnXL.exe
  2⤵
  PID:9552
- C:\Windows\System\OlVtzpf.exe
  C:\Windows\System\OlVtzpf.exe
  2⤵
  PID:9576
- C:\Windows\System\sxWKnyA.exe
  C:\Windows\System\sxWKnyA.exe
  2⤵
  PID:9600
- C:\Windows\System\OtaWRzu.exe
  C:\Windows\System\OtaWRzu.exe
  2⤵
  PID:9620
- C:\Windows\System\QjJMVMa.exe
  C:\Windows\System\QjJMVMa.exe
  2⤵
  PID:9652
- C:\Windows\System\OaaOJle.exe
  C:\Windows\System\OaaOJle.exe
  2⤵
  PID:9676
- C:\Windows\System\ggjoEzR.exe
  C:\Windows\System\ggjoEzR.exe
  2⤵
  PID:9720
- C:\Windows\System\GFplhTa.exe
  C:\Windows\System\GFplhTa.exe
  2⤵
  PID:9748
- C:\Windows\System\dzHAJOR.exe
  C:\Windows\System\dzHAJOR.exe
  2⤵
  PID:9780
- C:\Windows\System\nLmcrpo.exe
  C:\Windows\System\nLmcrpo.exe
  2⤵
  PID:9808
- C:\Windows\System\LOZdLaS.exe
  C:\Windows\System\LOZdLaS.exe
  2⤵
  PID:9840
- C:\Windows\System\XqHWbyS.exe
  C:\Windows\System\XqHWbyS.exe
  2⤵
  PID:9864
- C:\Windows\System\QdCrGig.exe
  C:\Windows\System\QdCrGig.exe
  2⤵
  PID:9896
- C:\Windows\System\SGPfkqv.exe
  C:\Windows\System\SGPfkqv.exe
  2⤵
  PID:9932
- C:\Windows\System\mRYaMJh.exe
  C:\Windows\System\mRYaMJh.exe
  2⤵
  PID:9956
- C:\Windows\System\VIklxqE.exe
  C:\Windows\System\VIklxqE.exe
  2⤵
  PID:9988
- C:\Windows\System\XxiqvXt.exe
  C:\Windows\System\XxiqvXt.exe
  2⤵
  PID:10024
- C:\Windows\System\AOHjech.exe
  C:\Windows\System\AOHjech.exe
  2⤵
  PID:10052
- C:\Windows\System\jdoeXmn.exe
  C:\Windows\System\jdoeXmn.exe
  2⤵
  PID:10084
- C:\Windows\System\gLpnjzs.exe
  C:\Windows\System\gLpnjzs.exe
  2⤵
  PID:10104
- C:\Windows\System\WsPrAFu.exe
  C:\Windows\System\WsPrAFu.exe
  2⤵
  PID:10132
- C:\Windows\System\ZGvRgoK.exe
  C:\Windows\System\ZGvRgoK.exe
  2⤵
  PID:10168
- C:\Windows\System\PAbomVn.exe
  C:\Windows\System\PAbomVn.exe
  2⤵
  PID:10188
- C:\Windows\System\nSbaiUh.exe
  C:\Windows\System\nSbaiUh.exe
  2⤵
  PID:10216
- C:\Windows\System\aAVGzyO.exe
  C:\Windows\System\aAVGzyO.exe
  2⤵
  PID:9220
- C:\Windows\System\UDXBVgM.exe
  C:\Windows\System\UDXBVgM.exe
  2⤵
  PID:9260
- C:\Windows\System\ejSIUxD.exe
  C:\Windows\System\ejSIUxD.exe
  2⤵
  PID:9312
- C:\Windows\System\HVHqwcn.exe
  C:\Windows\System\HVHqwcn.exe
  2⤵
  PID:9384
- C:\Windows\System\wrQiyhj.exe
  C:\Windows\System\wrQiyhj.exe
  2⤵
  PID:9420
- C:\Windows\System\fITOUtn.exe
  C:\Windows\System\fITOUtn.exe
  2⤵
  PID:9460
- C:\Windows\System\TuqRjOI.exe
  C:\Windows\System\TuqRjOI.exe
  2⤵
  PID:9540
- C:\Windows\System\MkSfuKI.exe
  C:\Windows\System\MkSfuKI.exe
  2⤵
  PID:9592
- C:\Windows\System\eTEvIdX.exe
  C:\Windows\System\eTEvIdX.exe
  2⤵
  PID:9668
- C:\Windows\System\UlqHBrx.exe
  C:\Windows\System\UlqHBrx.exe
  2⤵
  PID:9824
- C:\Windows\System\OjUfBmE.exe
  C:\Windows\System\OjUfBmE.exe
  2⤵
  PID:9880
- C:\Windows\System\iFUsFSg.exe
  C:\Windows\System\iFUsFSg.exe
  2⤵
  PID:9940
- C:\Windows\System\CODyJNn.exe
  C:\Windows\System\CODyJNn.exe
  2⤵
  PID:10004
- C:\Windows\System\JupVlVV.exe
  C:\Windows\System\JupVlVV.exe
  2⤵
  PID:10060
- C:\Windows\System\IHXwWVq.exe
  C:\Windows\System\IHXwWVq.exe
  2⤵
  PID:10124
- C:\Windows\System\mjHJPQj.exe
  C:\Windows\System\mjHJPQj.exe
  2⤵
  PID:10204
- C:\Windows\System\TYysxLL.exe
  C:\Windows\System\TYysxLL.exe
  2⤵
  PID:10232
- C:\Windows\System\FglXpRg.exe
  C:\Windows\System\FglXpRg.exe
  2⤵
  PID:9380
- C:\Windows\System\RkjPoiu.exe
  C:\Windows\System\RkjPoiu.exe
  2⤵
  PID:9432
- C:\Windows\System\UYdfWqo.exe
  C:\Windows\System\UYdfWqo.exe
  2⤵
  PID:9608
- C:\Windows\System\WfdBydg.exe
  C:\Windows\System\WfdBydg.exe
  2⤵
  PID:9708
- C:\Windows\System\BjjOWAE.exe
  C:\Windows\System\BjjOWAE.exe
  2⤵
  PID:9772
- C:\Windows\System\GtiNDmi.exe
  C:\Windows\System\GtiNDmi.exe
  2⤵
  PID:10144
- C:\Windows\System\ugzFkJE.exe
  C:\Windows\System\ugzFkJE.exe
  2⤵
  PID:10236
- C:\Windows\System\eRyxZLP.exe
  C:\Windows\System\eRyxZLP.exe
  2⤵
  PID:7548
- C:\Windows\System\IzWInTa.exe
  C:\Windows\System\IzWInTa.exe
  2⤵
  PID:9852
- C:\Windows\System\gdwBbzb.exe
  C:\Windows\System\gdwBbzb.exe
  2⤵
  PID:9284
- C:\Windows\System\aSJnNxo.exe
  C:\Windows\System\aSJnNxo.exe
  2⤵
  PID:10256
- C:\Windows\System\drelGBK.exe
  C:\Windows\System\drelGBK.exe
  2⤵
  PID:10284
- C:\Windows\System\cnXoXLx.exe
  C:\Windows\System\cnXoXLx.exe
  2⤵
  PID:10312
- C:\Windows\System\sMjOdWB.exe
  C:\Windows\System\sMjOdWB.exe
  2⤵
  PID:10340
- C:\Windows\System\jITnLPg.exe
  C:\Windows\System\jITnLPg.exe
  2⤵
  PID:10356
- C:\Windows\System\eyEzljT.exe
  C:\Windows\System\eyEzljT.exe
  2⤵
  PID:10396
- C:\Windows\System\khATKvd.exe
  C:\Windows\System\khATKvd.exe
  2⤵
  PID:10420
- C:\Windows\System\VZJXSkm.exe
  C:\Windows\System\VZJXSkm.exe
  2⤵
  PID:10440
- C:\Windows\System\VsXvhjS.exe
  C:\Windows\System\VsXvhjS.exe
  2⤵
  PID:10480
- C:\Windows\System\uQegbzY.exe
  C:\Windows\System\uQegbzY.exe
  2⤵
  PID:10504
- C:\Windows\System\wyMpQzp.exe
  C:\Windows\System\wyMpQzp.exe
  2⤵
  PID:10536
- C:\Windows\System\FhcndJg.exe
  C:\Windows\System\FhcndJg.exe
  2⤵
  PID:10564
- C:\Windows\System\iHqvdLG.exe
  C:\Windows\System\iHqvdLG.exe
  2⤵
  PID:10592
- C:\Windows\System\YbUReNo.exe
  C:\Windows\System\YbUReNo.exe
  2⤵
  PID:10624
- C:\Windows\System\jRKMBdm.exe
  C:\Windows\System\jRKMBdm.exe
  2⤵
  PID:10648
- C:\Windows\System\YRNhGxe.exe
  C:\Windows\System\YRNhGxe.exe
  2⤵
  PID:10688
- C:\Windows\System\ZqGWUFd.exe
  C:\Windows\System\ZqGWUFd.exe
  2⤵
  PID:10716
- C:\Windows\System\YGvPJsj.exe
  C:\Windows\System\YGvPJsj.exe
  2⤵
  PID:10736
- C:\Windows\System\pEwFtCl.exe
  C:\Windows\System\pEwFtCl.exe
  2⤵
  PID:10764
- C:\Windows\System\NtEVZUA.exe
  C:\Windows\System\NtEVZUA.exe
  2⤵
  PID:10788
- C:\Windows\System\YSJJTJF.exe
  C:\Windows\System\YSJJTJF.exe
  2⤵
  PID:10812
- C:\Windows\System\ruKvTtj.exe
  C:\Windows\System\ruKvTtj.exe
  2⤵
  PID:10832
- C:\Windows\System\sssLeZa.exe
  C:\Windows\System\sssLeZa.exe
  2⤵
  PID:10856
- C:\Windows\System\AxyGTfY.exe
  C:\Windows\System\AxyGTfY.exe
  2⤵
  PID:10888
- C:\Windows\System\NbTGCAk.exe
  C:\Windows\System\NbTGCAk.exe
  2⤵
  PID:10920
- C:\Windows\System\tisOYfs.exe
  C:\Windows\System\tisOYfs.exe
  2⤵
  PID:10940
- C:\Windows\System\hngfVdB.exe
  C:\Windows\System\hngfVdB.exe
  2⤵
  PID:10976
- C:\Windows\System\awEgjrA.exe
  C:\Windows\System\awEgjrA.exe
  2⤵
  PID:11012
- C:\Windows\System\fZdYrXA.exe
  C:\Windows\System\fZdYrXA.exe
  2⤵
  PID:11036
- C:\Windows\System\rNPonPn.exe
  C:\Windows\System\rNPonPn.exe
  2⤵
  PID:11068
- C:\Windows\System\LYijzgt.exe
  C:\Windows\System\LYijzgt.exe
  2⤵
  PID:11104
- C:\Windows\System\VvEZIxv.exe
  C:\Windows\System\VvEZIxv.exe
  2⤵
  PID:11124
- C:\Windows\System\sYFYkDZ.exe
  C:\Windows\System\sYFYkDZ.exe
  2⤵
  PID:11160
- C:\Windows\System\moxoyFI.exe
  C:\Windows\System\moxoyFI.exe
  2⤵
  PID:11180
- C:\Windows\System\NlBHafW.exe
  C:\Windows\System\NlBHafW.exe
  2⤵
  PID:11208
- C:\Windows\System\tVYhUMG.exe
  C:\Windows\System\tVYhUMG.exe
  2⤵
  PID:11236
- C:\Windows\System\RRiFEIp.exe
  C:\Windows\System\RRiFEIp.exe
  2⤵
  PID:11260
- C:\Windows\System\iPWEEYb.exe
  C:\Windows\System\iPWEEYb.exe
  2⤵
  PID:10036
- C:\Windows\System\skIGDJq.exe
  C:\Windows\System\skIGDJq.exe
  2⤵
  PID:10296
- C:\Windows\System\zYbIJmS.exe
  C:\Windows\System\zYbIJmS.exe
  2⤵
  PID:4440
- C:\Windows\System\yQOwJbh.exe
  C:\Windows\System\yQOwJbh.exe
  2⤵
  PID:10416
- C:\Windows\System\XBHFXXc.exe
  C:\Windows\System\XBHFXXc.exe
  2⤵
  PID:10516
- C:\Windows\System\lWWswfL.exe
  C:\Windows\System\lWWswfL.exe
  2⤵
  PID:10552
- C:\Windows\System\mawbWIi.exe
  C:\Windows\System\mawbWIi.exe
  2⤵
  PID:10584
- C:\Windows\System\psCfoFy.exe
  C:\Windows\System\psCfoFy.exe
  2⤵
  PID:10640
- C:\Windows\System\SBXJQqt.exe
  C:\Windows\System\SBXJQqt.exe
  2⤵
  PID:10732
- C:\Windows\System\LzXRjqR.exe
  C:\Windows\System\LzXRjqR.exe
  2⤵
  PID:10776
- C:\Windows\System\VGwoDhr.exe
  C:\Windows\System\VGwoDhr.exe
  2⤵
  PID:10844
- C:\Windows\System\OHbGKvQ.exe
  C:\Windows\System\OHbGKvQ.exe
  2⤵
  PID:10868
- C:\Windows\System\ViTlhDP.exe
  C:\Windows\System\ViTlhDP.exe
  2⤵
  PID:10956
- C:\Windows\System\pCaXakF.exe
  C:\Windows\System\pCaXakF.exe
  2⤵
  PID:11028
- C:\Windows\System\XAWwiLj.exe
  C:\Windows\System\XAWwiLj.exe
  2⤵
  PID:11080
- C:\Windows\System\uLwEciI.exe
  C:\Windows\System\uLwEciI.exe
  2⤵
  PID:3160
- C:\Windows\System\YaqPDys.exe
  C:\Windows\System\YaqPDys.exe
  2⤵
  PID:11224
- C:\Windows\System\RWWkxKq.exe
  C:\Windows\System\RWWkxKq.exe
  2⤵
  PID:2124
- C:\Windows\System\BESFYFo.exe
  C:\Windows\System\BESFYFo.exe
  2⤵
  PID:10276
- C:\Windows\System\lBuclcA.exe
  C:\Windows\System\lBuclcA.exe
  2⤵
  PID:10384
- C:\Windows\System\VabjvBI.exe
  C:\Windows\System\VabjvBI.exe
  2⤵
  PID:10580
- C:\Windows\System\vEqhKXj.exe
  C:\Windows\System\vEqhKXj.exe
  2⤵
  PID:10760
- C:\Windows\System\SFlZFRJ.exe
  C:\Windows\System\SFlZFRJ.exe
  2⤵
  PID:10824
- C:\Windows\System\YiTJTrn.exe
  C:\Windows\System\YiTJTrn.exe
  2⤵
  PID:10932
- C:\Windows\System\vTiFDui.exe
  C:\Windows\System\vTiFDui.exe
  2⤵
  PID:11064
- C:\Windows\System\dMkUjDo.exe
  C:\Windows\System\dMkUjDo.exe
  2⤵
  PID:10432
- C:\Windows\System\gaNLTXA.exe
  C:\Windows\System\gaNLTXA.exe
  2⤵
  PID:10744
- C:\Windows\System\PIReszd.exe
  C:\Windows\System\PIReszd.exe
  2⤵
  PID:10664
- C:\Windows\System\JcOEkDr.exe
  C:\Windows\System\JcOEkDr.exe
  2⤵
  PID:10324
- C:\Windows\System\xLEQrpV.exe
  C:\Windows\System\xLEQrpV.exe
  2⤵
  PID:11156
- C:\Windows\System\oURgDie.exe
  C:\Windows\System\oURgDie.exe
  2⤵
  PID:11272
- C:\Windows\System\CRqMUXY.exe
  C:\Windows\System\CRqMUXY.exe
  2⤵
  PID:11292
- C:\Windows\System\yZWdeyq.exe
  C:\Windows\System\yZWdeyq.exe
  2⤵
  PID:11308
- C:\Windows\System\bCDVNWC.exe
  C:\Windows\System\bCDVNWC.exe
  2⤵
  PID:11336
- C:\Windows\System\iCdIUTQ.exe
  C:\Windows\System\iCdIUTQ.exe
  2⤵
  PID:11376
- C:\Windows\System\XHIpNqq.exe
  C:\Windows\System\XHIpNqq.exe
  2⤵
  PID:11400
- C:\Windows\System\PFhTuRG.exe
  C:\Windows\System\PFhTuRG.exe
  2⤵
  PID:11440
- C:\Windows\System\hgQTLyH.exe
  C:\Windows\System\hgQTLyH.exe
  2⤵
  PID:11468
- C:\Windows\System\RzSnyZq.exe
  C:\Windows\System\RzSnyZq.exe
  2⤵
  PID:11508
- C:\Windows\System\bYUAALo.exe
  C:\Windows\System\bYUAALo.exe
  2⤵
  PID:11528
- C:\Windows\System\EHmCzsq.exe
  C:\Windows\System\EHmCzsq.exe
  2⤵
  PID:11552
- C:\Windows\System\fPUCKbU.exe
  C:\Windows\System\fPUCKbU.exe
  2⤵
  PID:11576
- C:\Windows\System\UKhhvGz.exe
  C:\Windows\System\UKhhvGz.exe
  2⤵
  PID:11604
- C:\Windows\System\lJlFDYN.exe
  C:\Windows\System\lJlFDYN.exe
  2⤵
  PID:11628
- C:\Windows\System\nmmXyUD.exe
  C:\Windows\System\nmmXyUD.exe
  2⤵
  PID:11652
- C:\Windows\System\qeglYoh.exe
  C:\Windows\System\qeglYoh.exe
  2⤵
  PID:11684
- C:\Windows\System\fScyCXH.exe
  C:\Windows\System\fScyCXH.exe
  2⤵
  PID:11716
- C:\Windows\System\tFKHmys.exe
  C:\Windows\System\tFKHmys.exe
  2⤵
  PID:11736
- C:\Windows\System\CfQCgZi.exe
  C:\Windows\System\CfQCgZi.exe
  2⤵
  PID:11760
- C:\Windows\System\JmwBazI.exe
  C:\Windows\System\JmwBazI.exe
  2⤵
  PID:11784
- C:\Windows\System\gtAhAUB.exe
  C:\Windows\System\gtAhAUB.exe
  2⤵
  PID:11820
- C:\Windows\System\RSVDxaS.exe
  C:\Windows\System\RSVDxaS.exe
  2⤵
  PID:11840
- C:\Windows\System\KrifITF.exe
  C:\Windows\System\KrifITF.exe
  2⤵
  PID:11872
- C:\Windows\System\CsUONJP.exe
  C:\Windows\System\CsUONJP.exe
  2⤵
  PID:11896
- C:\Windows\System\fFSHXVX.exe
  C:\Windows\System\fFSHXVX.exe
  2⤵
  PID:11916
- C:\Windows\System\BIIwLra.exe
  C:\Windows\System\BIIwLra.exe
  2⤵
  PID:11940
- C:\Windows\System\VNXKzIy.exe
  C:\Windows\System\VNXKzIy.exe
  2⤵
  PID:11960
- C:\Windows\System\JANtSkV.exe
  C:\Windows\System\JANtSkV.exe
  2⤵
  PID:11992
- C:\Windows\System\zyuarom.exe
  C:\Windows\System\zyuarom.exe
  2⤵
  PID:12024
- C:\Windows\System\lbtGxZe.exe
  C:\Windows\System\lbtGxZe.exe
  2⤵
  PID:12052
- C:\Windows\System\mWoMJBI.exe
  C:\Windows\System\mWoMJBI.exe
  2⤵
  PID:12080
- C:\Windows\System\HmBwHPn.exe
  C:\Windows\System\HmBwHPn.exe
  2⤵
  PID:12104
- C:\Windows\System\owcTSYZ.exe
  C:\Windows\System\owcTSYZ.exe
  2⤵
  PID:12128
- C:\Windows\System\LkZdUIC.exe
  C:\Windows\System\LkZdUIC.exe
  2⤵
  PID:12152
- C:\Windows\System\oFFiYzY.exe
  C:\Windows\System\oFFiYzY.exe
  2⤵
  PID:12188
- C:\Windows\System\fhayXCu.exe
  C:\Windows\System\fhayXCu.exe
  2⤵
  PID:12216
- C:\Windows\System\IJVzEzb.exe
  C:\Windows\System\IJVzEzb.exe
  2⤵
  PID:12236
- C:\Windows\System\CnEiNWX.exe
  C:\Windows\System\CnEiNWX.exe
  2⤵
  PID:12268
- C:\Windows\System\CJiGFUj.exe
  C:\Windows\System\CJiGFUj.exe
  2⤵
  PID:10948
- C:\Windows\System\kTgTiqb.exe
  C:\Windows\System\kTgTiqb.exe
  2⤵
  PID:11364
- C:\Windows\System\CRxCluU.exe
  C:\Windows\System\CRxCluU.exe
  2⤵
  PID:11320
- C:\Windows\System\ierhnyn.exe
  C:\Windows\System\ierhnyn.exe
  2⤵
  PID:11488
- C:\Windows\System\XjhrQTL.exe
  C:\Windows\System\XjhrQTL.exe
  2⤵
  PID:11792
- C:\Windows\System\ZntCmoA.exe
  C:\Windows\System\ZntCmoA.exe
  2⤵
  PID:11772
- C:\Windows\System\GdYkOiV.exe
  C:\Windows\System\GdYkOiV.exe
  2⤵
  PID:11816
- C:\Windows\System\WkprDdR.exe
  C:\Windows\System\WkprDdR.exe
  2⤵
  PID:4468
- C:\Windows\System\EOwDkMX.exe
  C:\Windows\System\EOwDkMX.exe
  2⤵
  PID:11892
- C:\Windows\System\uJpkvtx.exe
  C:\Windows\System\uJpkvtx.exe
  2⤵
  PID:12044
- C:\Windows\System\VkrFPqY.exe
  C:\Windows\System\VkrFPqY.exe
  2⤵
  PID:11984
- C:\Windows\System\ZBoBijA.exe
  C:\Windows\System\ZBoBijA.exe
  2⤵
  PID:12092
- C:\Windows\System\GYNiMOe.exe
  C:\Windows\System\GYNiMOe.exe
  2⤵
  PID:12200
- C:\Windows\System\ScvjimH.exe
  C:\Windows\System\ScvjimH.exe
  2⤵
  PID:12144
- C:\Windows\System\NFKxuzs.exe
  C:\Windows\System\NFKxuzs.exe
  2⤵
  PID:10412
- C:\Windows\System\PQBNILw.exe
  C:\Windows\System\PQBNILw.exe
  2⤵
  PID:11356
- C:\Windows\System\IZizqdP.exe
  C:\Windows\System\IZizqdP.exe
  2⤵
  PID:10608
- C:\Windows\System\PAEEJIw.exe
  C:\Windows\System\PAEEJIw.exe
  2⤵
  PID:11912
- C:\Windows\System\EcSGCGR.exe
  C:\Windows\System\EcSGCGR.exe
  2⤵
  PID:12064
- C:\Windows\System\hRwijlx.exe
  C:\Windows\System\hRwijlx.exe
  2⤵
  PID:12036
- C:\Windows\System\pIVCZeF.exe
  C:\Windows\System\pIVCZeF.exe
  2⤵
  PID:12276
- C:\Windows\System\JuoRsWI.exe
  C:\Windows\System\JuoRsWI.exe
  2⤵
  PID:11428
- C:\Windows\System\fDyPdZU.exe
  C:\Windows\System\fDyPdZU.exe
  2⤵
  PID:12140
- C:\Windows\System\RVkqCHv.exe
  C:\Windows\System\RVkqCHv.exe
  2⤵
  PID:12172
- C:\Windows\System\hyDNMQD.exe
  C:\Windows\System\hyDNMQD.exe
  2⤵
  PID:12308
- C:\Windows\System\IqYTGAj.exe
  C:\Windows\System\IqYTGAj.exe
  2⤵
  PID:12328
- C:\Windows\System\armmoyv.exe
  C:\Windows\System\armmoyv.exe
  2⤵
  PID:12364
- C:\Windows\System\mOaMjDf.exe
  C:\Windows\System\mOaMjDf.exe
  2⤵
  PID:12384
- C:\Windows\System\PDfvSJV.exe
  C:\Windows\System\PDfvSJV.exe
  2⤵
  PID:12412
- C:\Windows\System\nYLhZMF.exe
  C:\Windows\System\nYLhZMF.exe
  2⤵
  PID:12440
- C:\Windows\System\voVIohR.exe
  C:\Windows\System\voVIohR.exe
  2⤵
  PID:12468
- C:\Windows\System\GpHnsLT.exe
  C:\Windows\System\GpHnsLT.exe
  2⤵
  PID:12492
- C:\Windows\System\ErBTwRf.exe
  C:\Windows\System\ErBTwRf.exe
  2⤵
  PID:12528
- C:\Windows\System\nILOKaW.exe
  C:\Windows\System\nILOKaW.exe
  2⤵
  PID:12564
- C:\Windows\System\uYCsTXp.exe
  C:\Windows\System\uYCsTXp.exe
  2⤵
  PID:12592
- C:\Windows\System\HCvzQGM.exe
  C:\Windows\System\HCvzQGM.exe
  2⤵
  PID:12608
- C:\Windows\System\SKgSRgA.exe
  C:\Windows\System\SKgSRgA.exe
  2⤵
  PID:12624
- C:\Windows\System\oZzyQNA.exe
  C:\Windows\System\oZzyQNA.exe
  2⤵
  PID:12656
- C:\Windows\System\HgaIpnu.exe
  C:\Windows\System\HgaIpnu.exe
  2⤵
  PID:12692
- C:\Windows\System\GAWBlgW.exe
  C:\Windows\System\GAWBlgW.exe
  2⤵
  PID:12708
- C:\Windows\System\ZTeBWGu.exe
  C:\Windows\System\ZTeBWGu.exe
  2⤵
  PID:12740
- C:\Windows\System\QzWgvbZ.exe
  C:\Windows\System\QzWgvbZ.exe
  2⤵
  PID:12768
- C:\Windows\System\ImjOufS.exe
  C:\Windows\System\ImjOufS.exe
  2⤵
  PID:12792
- C:\Windows\System\ryTfzDI.exe
  C:\Windows\System\ryTfzDI.exe
  2⤵
  PID:12820
- C:\Windows\System\gwQxKCC.exe
  C:\Windows\System\gwQxKCC.exe
  2⤵
  PID:12860
- C:\Windows\System\pVIJUxb.exe
  C:\Windows\System\pVIJUxb.exe
  2⤵
  PID:12876
- C:\Windows\System\obqOfIp.exe
  C:\Windows\System\obqOfIp.exe
  2⤵
  PID:12908
- C:\Windows\System\jZmoIWw.exe
  C:\Windows\System\jZmoIWw.exe
  2⤵
  PID:12936
- C:\Windows\System\zpyGiDK.exe
  C:\Windows\System\zpyGiDK.exe
  2⤵
  PID:12968
- C:\Windows\System\pHfxsdi.exe
  C:\Windows\System\pHfxsdi.exe
  2⤵
  PID:13000
- C:\Windows\System\JeqpOxP.exe
  C:\Windows\System\JeqpOxP.exe
  2⤵
  PID:13020
- C:\Windows\System\uXPLwVD.exe
  C:\Windows\System\uXPLwVD.exe
  2⤵
  PID:13056
- C:\Windows\System\sERMyWm.exe
  C:\Windows\System\sERMyWm.exe
  2⤵
  PID:13088
- C:\Windows\System\gsxqeSC.exe
  C:\Windows\System\gsxqeSC.exe
  2⤵
  PID:13116
- C:\Windows\System\cCLtISD.exe
  C:\Windows\System\cCLtISD.exe
  2⤵
  PID:13152
- C:\Windows\System\wtqbtDE.exe
  C:\Windows\System\wtqbtDE.exe
  2⤵
  PID:13180
- C:\Windows\System\xcgeRnr.exe
  C:\Windows\System\xcgeRnr.exe
  2⤵
  PID:13208
- C:\Windows\System\fzVizYt.exe
  C:\Windows\System\fzVizYt.exe
  2⤵
  PID:13236
- C:\Windows\System\InSlbdk.exe
  C:\Windows\System\InSlbdk.exe
  2⤵
  PID:13264
- C:\Windows\System\sEaAJLb.exe
  C:\Windows\System\sEaAJLb.exe
  2⤵
  PID:13280
- C:\Windows\System\YDfUAQO.exe
  C:\Windows\System\YDfUAQO.exe
  2⤵
  PID:13308
- C:\Windows\System\unADwuo.exe
  C:\Windows\System\unADwuo.exe
  2⤵
  PID:12324
- C:\Windows\System\hgoXoOf.exe
  C:\Windows\System\hgoXoOf.exe
  2⤵
  PID:12356
- C:\Windows\System\EFoAMHO.exe
  C:\Windows\System\EFoAMHO.exe
  2⤵
  PID:12452
- C:\Windows\System\xdTGucx.exe
  C:\Windows\System\xdTGucx.exe
  2⤵
  PID:12488
- C:\Windows\System\trVJVCw.exe
  C:\Windows\System\trVJVCw.exe
  2⤵
  PID:12604
- C:\Windows\System\sXgUMGf.exe
  C:\Windows\System\sXgUMGf.exe
  2⤵
  PID:12640
- C:\Windows\System\qJwRkrm.exe
  C:\Windows\System\qJwRkrm.exe
  2⤵
  PID:12732
- C:\Windows\System\yPOOHWV.exe
  C:\Windows\System\yPOOHWV.exe
  2⤵
  PID:12812
- C:\Windows\System\XAItDud.exe
  C:\Windows\System\XAItDud.exe
  2⤵
  PID:12872
- C:\Windows\System\kqlSkji.exe
  C:\Windows\System\kqlSkji.exe
  2⤵
  PID:12924
- C:\Windows\System\pZZFLTi.exe
  C:\Windows\System\pZZFLTi.exe
  2⤵
  PID:12928
- C:\Windows\System\KMaKQcQ.exe
  C:\Windows\System\KMaKQcQ.exe
  2⤵
  PID:216
- C:\Windows\System\ZIneYeu.exe
  C:\Windows\System\ZIneYeu.exe
  2⤵
  PID:13044
- C:\Windows\System\MIXSzyK.exe
  C:\Windows\System\MIXSzyK.exe
  2⤵
  PID:13108
- C:\Windows\System\MIKcuSa.exe
  C:\Windows\System\MIKcuSa.exe
  2⤵
  PID:13200
- C:\Windows\System\OArFtMI.exe
  C:\Windows\System\OArFtMI.exe
  2⤵
  PID:13248
- C:\Windows\System\SQpYdVa.exe
  C:\Windows\System\SQpYdVa.exe
  2⤵
  PID:13296
- C:\Windows\System\QrXXKRr.exe
  C:\Windows\System\QrXXKRr.exe
  2⤵
  PID:12408
- C:\Windows\System\sKTWWvR.exe
  C:\Windows\System\sKTWWvR.exe
  2⤵
  PID:12536
- C:\Windows\System\DKlVHoB.exe
  C:\Windows\System\DKlVHoB.exe
  2⤵
  PID:12544
- C:\Windows\System\QzMMtRd.exe
  C:\Windows\System\QzMMtRd.exe
  2⤵
  PID:11696
- C:\Windows\System\HKiufAt.exe
  C:\Windows\System\HKiufAt.exe
  2⤵
  PID:12892
- C:\Windows\System\PBBWeBB.exe
  C:\Windows\System\PBBWeBB.exe
  2⤵
  PID:12980
- C:\Windows\System\dseGqmd.exe
  C:\Windows\System\dseGqmd.exe
  2⤵
  PID:13100
- C:\Windows\System\dhkgrsj.exe
  C:\Windows\System\dhkgrsj.exe
  2⤵
  PID:13252
- C:\Windows\System\GGwOhmi.exe
  C:\Windows\System\GGwOhmi.exe
  2⤵
  PID:12420
- C:\Windows\System\NlJqIsN.exe
  C:\Windows\System\NlJqIsN.exe
  2⤵
  PID:12576
- C:\Windows\System\wcRsZIl.exe
  C:\Windows\System\wcRsZIl.exe
  2⤵
  PID:3300
- C:\Windows\System\oYPncAR.exe
  C:\Windows\System\oYPncAR.exe
  2⤵
  PID:13332
- C:\Windows\System\qpxfFcN.exe
  C:\Windows\System\qpxfFcN.exe
  2⤵
  PID:13356
- C:\Windows\System\MxbizBZ.exe
  C:\Windows\System\MxbizBZ.exe
  2⤵
  PID:13388
- C:\Windows\System\dMOtaqq.exe
  C:\Windows\System\dMOtaqq.exe
  2⤵
  PID:13412
- C:\Windows\System\JDjgjmb.exe
  C:\Windows\System\JDjgjmb.exe
  2⤵
  PID:13432
- C:\Windows\System\HTamBGJ.exe
  C:\Windows\System\HTamBGJ.exe
  2⤵
  PID:13456
- C:\Windows\System\OeRxYcU.exe
  C:\Windows\System\OeRxYcU.exe
  2⤵
  PID:13488
- C:\Windows\System\knimbxO.exe
  C:\Windows\System\knimbxO.exe
  2⤵
  PID:13508
- C:\Windows\System\DUBwAWd.exe
  C:\Windows\System\DUBwAWd.exe
  2⤵
  PID:13536
- C:\Windows\System\JQwMcZw.exe
  C:\Windows\System\JQwMcZw.exe
  2⤵
  PID:13568
- C:\Windows\System\jWycOdj.exe
  C:\Windows\System\jWycOdj.exe
  2⤵
  PID:13600
- C:\Windows\System\hUEKyxL.exe
  C:\Windows\System\hUEKyxL.exe
  2⤵
  PID:13624
- C:\Windows\System\wgOATGD.exe
  C:\Windows\System\wgOATGD.exe
  2⤵
  PID:13660
- C:\Windows\System\LvvNNQx.exe
  C:\Windows\System\LvvNNQx.exe
  2⤵
  PID:13688
- C:\Windows\System\GGCRXOY.exe
  C:\Windows\System\GGCRXOY.exe
  2⤵
  PID:13712
- C:\Windows\System\zZCSnIn.exe
  C:\Windows\System\zZCSnIn.exe
  2⤵
  PID:13740
- C:\Windows\System\IfYUJDa.exe
  C:\Windows\System\IfYUJDa.exe
  2⤵
  PID:13768
- C:\Windows\System\lRIvWnK.exe
  C:\Windows\System\lRIvWnK.exe
  2⤵
  PID:13788
- C:\Windows\System\DvZpqqE.exe
  C:\Windows\System\DvZpqqE.exe
  2⤵
  PID:13812
- C:\Windows\System\rQzUKom.exe
  C:\Windows\System\rQzUKom.exe
  2⤵
  PID:13844
- C:\Windows\System\UxQnbay.exe
  C:\Windows\System\UxQnbay.exe
  2⤵
  PID:13864
- C:\Windows\System\TVRFbmz.exe
  C:\Windows\System\TVRFbmz.exe
  2⤵
  PID:13900
- C:\Windows\System\ajqhyzr.exe
  C:\Windows\System\ajqhyzr.exe
  2⤵
  PID:14020
- C:\Windows\System\zJVnVpp.exe
  C:\Windows\System\zJVnVpp.exe
  2⤵
  PID:14036
- C:\Windows\System\pWJUDHx.exe
  C:\Windows\System\pWJUDHx.exe
  2⤵
  PID:14056
- C:\Windows\System\FBOcgNn.exe
  C:\Windows\System\FBOcgNn.exe
  2⤵
  PID:14080
- C:\Windows\System\vIugIfj.exe
  C:\Windows\System\vIugIfj.exe
  2⤵
  PID:14100
- C:\Windows\System\duhrpiS.exe
  C:\Windows\System\duhrpiS.exe
  2⤵
  PID:14132
- C:\Windows\System\medgsoj.exe
  C:\Windows\System\medgsoj.exe
  2⤵
  PID:14156
- C:\Windows\System\lzCizDO.exe
  C:\Windows\System\lzCizDO.exe
  2⤵
  PID:14180
- C:\Windows\System\lrDRxTT.exe
  C:\Windows\System\lrDRxTT.exe
  2⤵
  PID:14204
- C:\Windows\System\crMKgBF.exe
  C:\Windows\System\crMKgBF.exe
  2⤵
  PID:14236
- C:\Windows\System\EDDLUCz.exe
  C:\Windows\System\EDDLUCz.exe
  2⤵
  PID:14252
- C:\Windows\System\CBzyYjt.exe
  C:\Windows\System\CBzyYjt.exe
  2⤵
  PID:14280
- C:\Windows\System\ACSRdpC.exe
  C:\Windows\System\ACSRdpC.exe
  2⤵
  PID:14296
- C:\Windows\System\dfUWolc.exe
  C:\Windows\System\dfUWolc.exe
  2⤵
  PID:14312
- C:\Windows\System\RbCfrER.exe
  C:\Windows\System\RbCfrER.exe
  2⤵
  PID:13256
- C:\Windows\System\JbvSuZe.exe
  C:\Windows\System\JbvSuZe.exe
  2⤵
  PID:12428
- C:\Windows\System\wBUWHlx.exe
  C:\Windows\System\wBUWHlx.exe
  2⤵
  PID:13072
- C:\Windows\System\jvwrzTe.exe
  C:\Windows\System\jvwrzTe.exe
  2⤵
  PID:13344
- C:\Windows\System\wzYbvHW.exe
  C:\Windows\System\wzYbvHW.exe
  2⤵
  PID:13468
- C:\Windows\System\kNiLbTP.exe
  C:\Windows\System\kNiLbTP.exe
  2⤵
  PID:13548
- C:\Windows\System\Wdpzuvt.exe
  C:\Windows\System\Wdpzuvt.exe
  2⤵
  PID:13584
- C:\Windows\System\eHdommd.exe
  C:\Windows\System\eHdommd.exe
  2⤵
  PID:3640
- C:\Windows\System\FeEKVOC.exe
  C:\Windows\System\FeEKVOC.exe
  2⤵
  PID:13684
- C:\Windows\System\FrjBLKu.exe
  C:\Windows\System\FrjBLKu.exe
  2⤵
  PID:13736
- C:\Windows\System\RYVfrbw.exe
  C:\Windows\System\RYVfrbw.exe
  2⤵
  PID:13836
- C:\Windows\System\caMcSTJ.exe
  C:\Windows\System\caMcSTJ.exe
  2⤵
  PID:13784
- C:\Windows\System\OlIHUBP.exe
  C:\Windows\System\OlIHUBP.exe
  2⤵
  PID:13876
- C:\Windows\System\kmWbHfE.exe
  C:\Windows\System\kmWbHfE.exe
  2⤵
  PID:13980
- C:\Windows\System\zDUCvZS.exe
  C:\Windows\System\zDUCvZS.exe
  2⤵
  PID:14064
- C:\Windows\System\MTwlSei.exe
  C:\Windows\System\MTwlSei.exe
  2⤵
  PID:14120
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14120 -s 248
    3⤵
    PID:13964
- C:\Windows\System\BecqMxB.exe
  C:\Windows\System\BecqMxB.exe
  2⤵
  PID:14304
- C:\Windows\System\JuzuSTD.exe
  C:\Windows\System\JuzuSTD.exe
  2⤵
  PID:13372

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AIOjroE.exe

Filesize
2.0MB

MD5
450c8305fbba41bfe165a6a3ed07a962

SHA1
ecf5b0541e8e825a397ba61858d22e1d35298469

SHA256
0ddbb0f219b50d25621abef5fdd24714a3a86e0aa3c3a72b90942eef82afccb1

SHA512
b043263e985de21da77457a362903ee6096374082fb161e67b97ad14e6d62b3e4abd1d0141a6dab33675a967019c8d4037b9c274179cb111915a2f7c00f3f8de

Download Submit
C:\Windows\System\FpswcDT.exe

Filesize
2.0MB

MD5
570351240409dbc38f9fc6319cacb33f

SHA1
9ea5c54e54447b19a371179fabbc69a0738aa61e

SHA256
8a4d86c022c71fcac9e07d84254b930b3900033e66fb3d8072a258fc63983292

SHA512
ac338fc063668293239cdcc76918c5cd876c059b6ee42f802177a8c6ebb6a77ef0d2c25fdf910dd0869590aa5493b7ad1147a5b48b6eda59b3c435f4f0f2735f

Download Submit
C:\Windows\System\HFyiquZ.exe

Filesize
2.0MB

MD5
7287f5af8ae287385121bff02c8297a8

SHA1
26bbb5f195fdf198743b236d44362dcfe3ecc560

SHA256
6aff13044eb4db2f9295e163a3842fc22e4b30a954106e74ca3e8933949a3de6

SHA512
e366b73a32eb9ab400b59efb5366d9059c04f492a206d0a669c66eb22fb80c162c8f63c9ae0a3ddbb3fca3fec207a499b1e2c8e0ff02a43bcf9a44d142522e4e

Download Submit
C:\Windows\System\IgngpVC.exe

Filesize
2.0MB

MD5
6528711f203cf8beebc38f0910fecef3

SHA1
de3b1ecd4f185d0012b64601087ab4dd5027e07f

SHA256
7aa4615e5c530c2d56b99613ed2f955f0c199f360d61d4bebce3116d3d51cf60

SHA512
5d212ea09d849afd951def1f68d45710b795e01debea2fe5a16d55f62b1dea22d3927c049bf5cd493e58ecd7ceed5aeeb3dcdcb9419e465e5971fc30519ce02d

Download Submit
C:\Windows\System\KwgYSGJ.exe

Filesize
2.0MB

MD5
659d07777c44d7b1269a4a5af26ab57b

SHA1
6fc4f3cb947b96402cc1bb390363d663ced9f6d6

SHA256
645ef3bdfd1eb2ae9ece1a5e0d6711002f86c60f5343c39d1802f69a1c55ac60

SHA512
3ce76b3fbcfc2f02a3fdb7e1f12e0995510e73f1c4b2aa694c55b8ff5a0f71cecc045862c542c23dda1d51a7779e92e0e461790ff78702de2f2c9608ef78340f

Download Submit
C:\Windows\System\KzHZSIa.exe

Filesize
2.0MB

MD5
c3e9acc063cb7ea5fb53382f459f5da4

SHA1
88faa8cf87f19e8214f065ba5e1a6f56787b2fd0

SHA256
3adab5d6a8d005ffcc717d3282a4f9370850a18c9182ccaf93a98835d031bc7c

SHA512
6631a7dcbd07b947c7423b64aea59adbacc6258521620844ad49bfcf4f7e06791427c44442d18764a00d2b0278e98054a695ab8e9c0ef3d7595128748f4d196f

Download Submit
C:\Windows\System\NnCWGMj.exe

Filesize
2.0MB

MD5
8713f0dc69dfccc5a903b31396857bfd

SHA1
63259fc910397e1af9d5deb082bc766802fea24c

SHA256
b3eee4366f94fcf4f717ac9afce9c8a22c862eae3901c17bc48b8193291dfedc

SHA512
9cb725d1eef58d8a9a78be1b3d95af6dd029f2423a2d9d860b25ae29866430d2776e87624aab16d46a125fe0bbf59764c8653d7b9b9951c9a32ed5bbe7702c88

Download Submit
C:\Windows\System\ObsCtFI.exe

Filesize
2.0MB

MD5
55d9296cb0a9a30d523204ff56758f88

SHA1
155d75ea01a2e2500cc9231f7f440233ddc66f3e

SHA256
1362aebb474e81aa4b725c8756e82052d0794ece1ca723ed5061ca9ef07e471e

SHA512
7a434d16307e130da300cddd9c5fd6ff7ca7697fae032aeccb73e59f1741ad3a126b0f271909584787eeee83c18f9f639b6b0b7d5f398d6bda54b2ddd8811eb4

Download Submit
C:\Windows\System\PKPIDek.exe

Filesize
2.0MB

MD5
55f65879c75ec675b311897f7ed37355

SHA1
35697afd5d36e4ddea119d43f1dd4f98ac2e3d61

SHA256
9017cc7e363d123a1dff6d74de50fb6aa88b78669bc8b7ef4ae331f6b7d08439

SHA512
07ba839063eef5eb186737c9529935aea00c26b0174d17fe59e2e46893c33f9a5a1a02cd73ea8f92f566419dbf51c49e9c52ae222c4249bff40ad908b51fdfe4

Download Submit
C:\Windows\System\PPNiSWO.exe

Filesize
2.0MB

MD5
9a505931543a5496a1603a61a2ffc60f

SHA1
904409741b044c7e8dc089d8cdd13079f76ee8f4

SHA256
c3cbc85bade55284e23e6b4448d4568f74848bf21d19c86d8977923431b08214

SHA512
18470717d7cf3604ddfe72a9190a990e1125042755ab6eab2f3308c908e67c646532dac2cfb532a77649ec186a165db423dc58a66bf807536498cd8a5414d9a9

Download Submit
C:\Windows\System\QBYuCOf.exe

Filesize
2.0MB

MD5
739e8f543a39015f0177b42f43332a00

SHA1
0887c1b3bc8621f5cf7adfbc91bd9966eca78d50

SHA256
592751d054130c5b6387cd54d58bb4dc187ea3c6d49ec387f685faf7536e4bf9

SHA512
47539d0886531f45d61e931cc4d8d62310f913206af4946abf6fe4a31313559f85574d4e0673c808db40f907ae4b27496738a0f0154076ff051403fd199814a3

Download Submit
C:\Windows\System\QyNDKWT.exe

Filesize
2.0MB

MD5
94b225e5b9f37bb1c96c98999f319d2e

SHA1
488b03c282850c51e341a5bc70c284ea0c7c82ef

SHA256
3a12284d5c1f439863b72054a58e05c6037eb6ca3b0f03ad19e14c25a95fc0e3

SHA512
4c2c267582d1e7fbbd586dfb737c07b4fb6810eac4bb2ba3317bb0502d722ebbcba07118056d23304a8f2860d70dc50e1a031149d65312dfe955097a308ce8a3

Download Submit
C:\Windows\System\QyeFgbk.exe

Filesize
2.0MB

MD5
3a99297defeac676877ae4c217e7e715

SHA1
3a34211816d471cda4bc082a23912e8e11e86175

SHA256
9888b42e5183fa577ac716cdffc060820f143fa545d1bb2c40995a18a1d886ff

SHA512
0232d677292c18460a7451608fd522cbcf22785f4de22ba348c62de88b970fdeb130b6d0d9c836b32642d7c669382ef9742bc74f67aecbcbc7a2ddbaa5c0f5bd

Download Submit
C:\Windows\System\RSTlOSg.exe

Filesize
2.0MB

MD5
174149e00fdc232e09d5315d325a97f7

SHA1
4113078327b308ce2e89f6fac916bfe9478c95b4

SHA256
7073e0486b00c4e926debeee8686ad0db48d2c390e0b33ca398fd0d95ee4a0cf

SHA512
2d743f5afc25ca79f1c4f347bac596db903320194d2ffab5595c59e911c093bf216983a21bb6262591e31357dfceadbf4fdc49818d4922eba83cdf5cb19b345a

Download Submit
C:\Windows\System\SNTbyKm.exe

Filesize
2.0MB

MD5
9ab0e3e8445fc1cacf87767f80317f38

SHA1
cdce997381f9e6c16c88651b219c6241fe9cd708

SHA256
1b30e8f094986e84eaea21b5cbae6da37495d9fa0d36c58b0cda05c980ae47c3

SHA512
f156f318defc643620bccfff2ddc9414fa6156b54e341dd9406859ce3e70a3c5cb610689356150836eb875c1cbc103af17b1f60eaea2641711fe27987773829e

Download Submit
C:\Windows\System\TQDaPjl.exe

Filesize
2.0MB

MD5
4ab9a545e0c9e7a9c6f8f837587a7408

SHA1
815cc77de6d13547c1a129061f62716d10c23829

SHA256
fa96d749f75f6f60fedcd6c582fe55465f541184572e57074689c33aa0529b56

SHA512
efafb866c4774a485cd0770d097068b7f458cc2e97620a31b2c66ee36fb68d7fe0ee5118b5cd00c5d4fbdab333a9f53a312ecc5e1e7a54e92a6263b04886e381

Download Submit
C:\Windows\System\WWHCzje.exe

Filesize
2.0MB

MD5
9e152eacde309874cdc72fb2b7b913d4

SHA1
e1619fd0df1e2b2e4f3637295b866b8b1b391f2f

SHA256
3ec88a8ed3561f049266d0fd963352a9c9c5c8ca758965020f4d895c3862eff7

SHA512
bd366b825b4c85962f65fb1ab1c9d77d5586d98bc1fb1fafa92cf309f3f7c980cd6c03e473c43e447afe119843b16bd9928e267026ad9c29e53c4a1c623a1256

Download Submit
C:\Windows\System\YmmpbbA.exe

Filesize
2.0MB

MD5
0606c7cd127ff34f2ed913f09e061338

SHA1
64210a9d40dc5ba75c53914f28e488b5f98d84ec

SHA256
d0496b5a3067e29311c790981ff9fc195adaec7568ef48f4d59b3c7837692495

SHA512
c2f3161ad63267ea110f5050f47579513b0111031a116ce631ced825b41cd6f4f121dd3111cd2c8dfe719a753a6dd3718c12070ff60ddd2587fbec384de0f206

Download Submit
C:\Windows\System\aVtLriq.exe

Filesize
2.0MB

MD5
8be84010ad7ad4acbcbb8db215c2d465

SHA1
1cba37a5427e9b9e84ecac0a47d831e7a0b3716a

SHA256
b2055a5d72038d30ca0101575512d4e085482894c36555cd8c6acf5db538461c

SHA512
d786733daa5360e8968dbdd79395ddadf7fc54515e17f8da4e188308cd60e9e51912269aeded837a172a1d99375402ff0757399efce2276877a5aa3e939336b1

Download Submit
C:\Windows\System\aawfjlY.exe

Filesize
2.0MB

MD5
8a98162ee0ae1a87effb2ece9108113a

SHA1
dbff20305315eb8ce021ce7ac73aed1331ea92e5

SHA256
47ae06485f28329340a126aeab056b72a77ded249d24f00e83faac9ed50afd46

SHA512
2fbb5980283306ed02996c6da0713d07d32d79a3b6981a967f0020e40a1c684488d84f3e1a94d1cf37e470a4b41ddb215c13a5cb2b1a37c882a603e925f44e0c

Download Submit
C:\Windows\System\azmSZdd.exe

Filesize
2.0MB

MD5
ea286310ed733ac7f338515003d9d8c9

SHA1
f4fbe6eefcf853e8097cac9fd943d2015b607e96

SHA256
4ded5fc78ed7e1b8d43dc69d8565258bcaec796bd4e35577142dd6ec675a6433

SHA512
80bc0bbd0d940cea7478842afe6ef22f9431e5ccc20e5cfb4de91539c1182af16624d4585723a45df00c470f88836a291922d174847aa145a3ca332d2cfcad87

Download Submit
C:\Windows\System\fiLPbIl.exe

Filesize
2.0MB

MD5
c3e8ade46f4f265e83f644d3d6a3c6a9

SHA1
07e831601e28e0fdef210a2fa295e0213cbc048e

SHA256
0c1adcded0bc07ef03b03aac16b48893f806de28307b2bb43e3827fbe00e32f2

SHA512
71b170f315dfa31730c16169da476f89eefd34deb9296a4f23f88c723ab890c09bbb995ba6265a8f2db8ba5a8b2986503404cbf2f7b1b3203a958578d369d1f8

Download Submit
C:\Windows\System\hzIafHo.exe

Filesize
2.0MB

MD5
44282ddafbb1a80145bc41e19fceee1b

SHA1
15cdf09049a858af832b9c87446dacf5ee93b454

SHA256
529bca5124bd5d084391127257903e599071f353c57b0900beb8d0baada67122

SHA512
2130de5ba8aaff44a5dfa7635786b964eed67d3967185c81f425223b4d10b77efff8222a9a5915a5ae4718f58eb9f773fd80523d496a6b5aa6bc574bc8a519d6

Download Submit
C:\Windows\System\ixsLbeu.exe

Filesize
2.0MB

MD5
5308b975bde64d2a109e28e5f2b780f3

SHA1
037fa1b50e775668667d849ecda4bba081b570f0

SHA256
2ff5c3e4bfa19a0ffa803daf1fcbfd2197b4155f452b5916426db3cc2d12bbde

SHA512
a422b5b796f4e85b2d88f6ef8273d7846ab7bc46a4d41df1a5d82e713df2f1d34398fdfb04d69374b6222a2b792b985b95775aa44a05a882e6f3f22e2728a390

Download Submit
C:\Windows\System\lCokEtV.exe

Filesize
2.0MB

MD5
c266d382fd46bf286fa4d13b35710445

SHA1
99d4d8468941cd6b4890cdd0d8f0b35a02937e99

SHA256
91e835e2cf84b282027868a32b84c248c86a5c0702d4bc7368f2e91c4aae8a95

SHA512
d4d288a6c5abc5c01f9fb13ff4da045292da459f94aca55efcbd397c1815705e5e42df1598ea15ff02ffcc0e2755b0df08701ca68025193ae2e1610ea8f78446

Download Submit
C:\Windows\System\laVaNQv.exe

Filesize
2.0MB

MD5
99bd1d0e0ea15c2bfe4d3f61429058e7

SHA1
e7497974ef45764b1bafa6f9650be7b9c557d119

SHA256
3b345c9ba563dd6a6740baf4e0e4843c84eaa5b0952242e0b8f48a9bab21a1e4

SHA512
e3c10be00a675ea2a63d8e0c7944b118d8092c5a484d95cf248d0a8ba6ae7ad12f8775850d5915066ef50086b867a65a5c19417936cf89a3888fe5491bf287cf

Download Submit
C:\Windows\System\mQraoUU.exe

Filesize
2.0MB

MD5
fee5cd71cf3a4f076867f529d4694e62

SHA1
f23a63ed76cf3f22a66611d081fe75e29d583195

SHA256
5d0bd4ac1ac02585c401935f86d4894c8a953b284143813c9e200bfc86db5369

SHA512
3883e0c6f81f79732b0651bc214d9b8331ceedf721d7ad754483c23150492c91fea59472a648f83138fb57ae17c25bd0590ad29b4b03d518a7477ffebaa2dcae

Download Submit
C:\Windows\System\nBrJriH.exe

Filesize
2.0MB

MD5
eceb4b4178e5922d64c4532120fafea6

SHA1
279fe482cf22d0eb0299693d43c76efe149fd148

SHA256
e1dd93d94e775372090aba42528c675202f257de20ccf06a72522566c0b080b5

SHA512
c0d985d344afac7c5206e398231819745f716d2ec8c4fadcc4d146fd7c92c53254d097ec2d34554aeede2d1202bac88b42bcd959c5d64fa44a21e08b2f305667

Download Submit
C:\Windows\System\nFVzCfB.exe

Filesize
2.0MB

MD5
3de6087b3c34baa9d07bf73583ee723d

SHA1
ea183db22099deff33e7add2e98fc070cd182836

SHA256
c67c741faf16b72a1fd267060a633811ca2346f68bd4857abccd06f8ee075084

SHA512
d06306e07d9bab58cddf2bb0d78d7c1f16e2e6f705b97304154aad9882ab6ba5aa8314e4d55fccc898b851871a1ec43e12c05d4eeeeaac3652e03ce19842e430

Download Submit
C:\Windows\System\pqyinkj.exe

Filesize
2.0MB

MD5
239c4c5bfd8807eeac89e697651c3bbf

SHA1
9642aec73ddf6e28f3376e86ca18e0202a51f017

SHA256
4c6bb51fd6e04b8b50c4b619a3cf7439ab2c68e4986bf887dff1487bfa406a3c

SHA512
8a31889d4085139e577d609c2d27aef70777144b660756b2490c0842069928c223e55c7f4d5e9a1975ecae8fba415e556d59e2bcd56cda5677624f59477ec642

Download Submit
C:\Windows\System\rAnbVsA.exe

Filesize
2.0MB

MD5
89a3801f3bdaa04d52ad7060d34b4fe0

SHA1
f8936183adc9d037e8c64e72d98ebcbca89a7621

SHA256
65f3bca9882d0e6d3f428b6133fa4ca8991221801d64d129e8fe8f36d8e98be5

SHA512
87f47da9aa3cdaed7b72ca585cdf5324b31ffd5d61b2c68c53906257b70daa6d37a36b1386961282b2b6d85ef495e3ecdb35f4f499a7c478eef71ff7991d658a

Download Submit
C:\Windows\System\tPAoTbY.exe

Filesize
2.0MB

MD5
f87f9f8120ca00545d33cfdd91eb5fe3

SHA1
cfa6667aae281088c45bffd58d8530b17f9db721

SHA256
ea51b606b193247d8196687569f1c73297f4887cd9cdf188ad3b7f9940d30ac1

SHA512
4c303b20cae966e5112e1c9153e2ae20135df369af70bb2dd0002895a825b749e64665c2c4875a7c0255e1973e483443eb8ae8275af376700fab5aa21c1669d0

Download Submit
C:\Windows\System\uRcYlhW.exe

Filesize
2.0MB

MD5
6075c68b5346a378aea9d962b669cb29

SHA1
3e3395be21bad5355434043222404a5e57a23b7c

SHA256
4965bed16526789ee484bb44b5b72a5c02ee29a10e2575db010f36b89e3a019d

SHA512
f6b22bd04eded48241f95d5ad7adf8b07c59d87719f2f7f932b466724f793cfb497425ad12d850054b2f6b0d9a5c4e51a377687cd5f5021a9389bb9c3647b906

Download Submit
C:\Windows\System\ufnXwMZ.exe

Filesize
2.0MB

MD5
b8c6bfefcf2a975ed9b5ae17c6ab514c

SHA1
733dbd81bc9e150b8d533970ba406615ae36ef4b

SHA256
1cdbd18a924968cedb6bb568af67be3d3b3c9681c1fad5b26fab0b2a261e738a

SHA512
eda071c61c2f36438eb99342540b12c1cc6a0ec1227b3af5cc5a6775aaa11d7430dfd6e51ec3131da74b053d5a64ca22870eb8c0f0eb0f57a3a304805060a5c6

Download Submit
C:\Windows\System\vBsBTNK.exe

Filesize
2.0MB

MD5
8bf68bc88a196d3a1c91a7d5d99a9c1e

SHA1
6eeba0e2736c481e1006c6c87c891bc7384c5eac

SHA256
d3da9e8b249e90a3f496ffd9e89113a7f414fe8496916a756710a4d07717342d

SHA512
1f109a8309941e965873c419198426ced8aa1aaff103bfbe478afbcf39f2e21fb7b24169c4b4a75fb89b64eb60979a7f6468cc651946714ce490b3ff687df00e

Download Submit
C:\Windows\System\vOAXBXT.exe

Filesize
2.0MB

MD5
bb5f2bba89e8ea772338befa4870a0e0

SHA1
ecec86416ac2ea6e6af0e621f1deb0570ad3552f

SHA256
b06b2c42b4ccde506df00bdd46bfb9c1427f7dfe94564b9a43f7d5e32edbdeb4

SHA512
7f0603120bb7f8293e1ec7d25867c08c693ab44f9fc429753979afde0e9e089e739c75eb099726d8af14277de22888ef722417267864168d486ba84a399399cf

Download Submit
C:\Windows\System\zYqrEdi.exe

Filesize
2.0MB

MD5
825b541738cac7ca4a6e751d8fa50523

SHA1
54c32a8cff565625ea836f4b6d74ea30f923df3f

SHA256
1b5f2807b3048b894dd340bdd7b70669a2b5c0fe1fead464676c6cd86a4d580f

SHA512
9bcbd8e1f7087f3ff2b87480b1e978fe4e9730c905b2a4f45ca24cd4c885ab54730befa6b168ac4b7af7fd6d1877152efb6f6bc027f5a9943e7db0dbfd659989

Download Submit
memory/532-2124-0x00007FF7006D0000-0x00007FF700A24000-memory.dmp

Filesize
3.3MB

Download
memory/532-135-0x00007FF7006D0000-0x00007FF700A24000-memory.dmp

Filesize
3.3MB

Download
memory/544-132-0x00007FF62CCC0000-0x00007FF62D014000-memory.dmp

Filesize
3.3MB

Download
memory/544-2129-0x00007FF62CCC0000-0x00007FF62D014000-memory.dmp

Filesize
3.3MB

Download
memory/796-199-0x00007FF7EE910000-0x00007FF7EEC64000-memory.dmp

Filesize
3.3MB

Download
memory/796-2148-0x00007FF7EE910000-0x00007FF7EEC64000-memory.dmp

Filesize
3.3MB

Download
memory/892-148-0x00007FF773F30000-0x00007FF774284000-memory.dmp

Filesize
3.3MB

Download
memory/892-2131-0x00007FF773F30000-0x00007FF774284000-memory.dmp

Filesize
3.3MB

Download
memory/1204-2147-0x00007FF644400000-0x00007FF644754000-memory.dmp

Filesize
3.3MB

Download
memory/1204-205-0x00007FF644400000-0x00007FF644754000-memory.dmp

Filesize
3.3MB

Download
memory/1232-142-0x00007FF7AF0F0000-0x00007FF7AF444000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2140-0x00007FF7AF0F0000-0x00007FF7AF444000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2126-0x00007FF7CD420000-0x00007FF7CD774000-memory.dmp

Filesize
3.3MB

Download
memory/1256-141-0x00007FF7CD420000-0x00007FF7CD774000-memory.dmp

Filesize
3.3MB

Download
memory/1560-103-0x00007FF7CAA70000-0x00007FF7CADC4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-2127-0x00007FF7CAA70000-0x00007FF7CADC4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2116-0x00007FF6E5490000-0x00007FF6E57E4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2122-0x00007FF6E5490000-0x00007FF6E57E4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-30-0x00007FF6E5490000-0x00007FF6E57E4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-2141-0x00007FF672F70000-0x00007FF6732C4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-143-0x00007FF672F70000-0x00007FF6732C4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2145-0x00007FF6A5A20000-0x00007FF6A5D74000-memory.dmp

Filesize
3.3MB

Download
memory/1960-152-0x00007FF6A5A20000-0x00007FF6A5D74000-memory.dmp

Filesize
3.3MB

Download
memory/2220-147-0x00007FF730270000-0x00007FF7305C4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-2130-0x00007FF730270000-0x00007FF7305C4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-150-0x00007FF723410000-0x00007FF723764000-memory.dmp

Filesize
3.3MB

Download
memory/2772-2142-0x00007FF723410000-0x00007FF723764000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2133-0x00007FF60EA90000-0x00007FF60EDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-56-0x00007FF60EA90000-0x00007FF60EDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2117-0x00007FF60EA90000-0x00007FF60EDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3116-2120-0x00007FF7A7380000-0x00007FF7A76D4000-memory.dmp

Filesize
3.3MB

Download
memory/3116-24-0x00007FF7A7380000-0x00007FF7A76D4000-memory.dmp

Filesize
3.3MB

Download
memory/3148-140-0x00007FF7C5530000-0x00007FF7C5884000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2136-0x00007FF7C5530000-0x00007FF7C5884000-memory.dmp

Filesize
3.3MB

Download
memory/3152-2138-0x00007FF68ADB0000-0x00007FF68B104000-memory.dmp

Filesize
3.3MB

Download
memory/3152-144-0x00007FF68ADB0000-0x00007FF68B104000-memory.dmp

Filesize
3.3MB

Download
memory/3320-206-0x00007FF71A7D0000-0x00007FF71AB24000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2143-0x00007FF71A7D0000-0x00007FF71AB24000-memory.dmp

Filesize
3.3MB

Download
memory/3372-15-0x00007FF602B00000-0x00007FF602E54000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2121-0x00007FF602B00000-0x00007FF602E54000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2115-0x00007FF602B00000-0x00007FF602E54000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2146-0x00007FF7C39F0000-0x00007FF7C3D44000-memory.dmp

Filesize
3.3MB

Download
memory/3452-213-0x00007FF7C39F0000-0x00007FF7C3D44000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2119-0x00007FF7AEC90000-0x00007FF7AEFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-106-0x00007FF7AEC90000-0x00007FF7AEFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2135-0x00007FF7AEC90000-0x00007FF7AEFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-138-0x00007FF7FF250000-0x00007FF7FF5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2125-0x00007FF7FF250000-0x00007FF7FF5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3680-149-0x00007FF698E20000-0x00007FF699174000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2132-0x00007FF698E20000-0x00007FF699174000-memory.dmp

Filesize
3.3MB

Download
memory/3920-145-0x00007FF72A5A0000-0x00007FF72A8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-2139-0x00007FF72A5A0000-0x00007FF72A8F4000-memory.dmp

Filesize
3.3MB

Download
memory/4120-118-0x00007FF6BA780000-0x00007FF6BAAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4120-2123-0x00007FF6BA780000-0x00007FF6BAAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4188-87-0x00007FF77E830000-0x00007FF77EB84000-memory.dmp

Filesize
3.3MB

Download
memory/4188-2118-0x00007FF77E830000-0x00007FF77EB84000-memory.dmp

Filesize
3.3MB

Download
memory/4188-2128-0x00007FF77E830000-0x00007FF77EB84000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2137-0x00007FF706DD0000-0x00007FF707124000-memory.dmp

Filesize
3.3MB

Download
memory/4500-146-0x00007FF706DD0000-0x00007FF707124000-memory.dmp

Filesize
3.3MB

Download
memory/4604-0-0x00007FF662BB0000-0x00007FF662F04000-memory.dmp

Filesize
3.3MB

Download
memory/4604-1-0x000001898DEC0000-0x000001898DED0000-memory.dmp

Filesize
64KB

Download
memory/4604-2114-0x00007FF662BB0000-0x00007FF662F04000-memory.dmp

Filesize
3.3MB

Download
memory/4984-139-0x00007FF7C7880000-0x00007FF7C7BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2134-0x00007FF7C7880000-0x00007FF7C7BD4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-151-0x00007FF605C40000-0x00007FF605F94000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2144-0x00007FF605C40000-0x00007FF605F94000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads