xmrig | f683e8974cf2a51f3d1100bcf44a92749c2cf6454c8b0b209190cbb8735f1f54

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcd669b139b3896857060efa5e18b600_NEIKI.exe
Size

1.6MB
MD5

fcd669b139b3896857060efa5e18b600
SHA1

d5fe96b718dcbdb776c5ff6e576025489b05ce55
SHA256

f683e8974cf2a51f3d1100bcf44a92749c2cf6454c8b0b209190cbb8735f1f54
SHA512

9a0a8b66e122b5655ec4369262bd06e51057b3194f0e9a18c674d12effce3abc12526931202f5c790ad69cd0940084d1ee70be1f54bd20da515df3d33f142a7c
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv32wTMuX1fI5NXhXZYJYd:BezaTF8FcNkNdfE0pZ9ozt4wIXl1Jy

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3812-0-0x00007FF788520000-0x00007FF788874000-memory.dmp	xmrig
behavioral2/files/0x000900000002328e-5.dat	xmrig
behavioral2/files/0x000900000002341c-8.dat	xmrig
behavioral2/files/0x0008000000023422-12.dat	xmrig
behavioral2/files/0x0007000000023426-30.dat	xmrig
behavioral2/files/0x0007000000023424-36.dat	xmrig
behavioral2/memory/4360-78-0x00007FF62DBF0000-0x00007FF62DF44000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-95.dat	xmrig
behavioral2/files/0x0007000000023431-103.dat	xmrig
behavioral2/files/0x0007000000023433-114.dat	xmrig
behavioral2/memory/4752-128-0x00007FF733EF0000-0x00007FF734244000-memory.dmp	xmrig
behavioral2/files/0x000700000002343a-156.dat	xmrig
behavioral2/memory/1672-931-0x00007FF75E020000-0x00007FF75E374000-memory.dmp	xmrig
behavioral2/memory/4024-933-0x00007FF604400000-0x00007FF604754000-memory.dmp	xmrig
behavioral2/memory/220-930-0x00007FF633540000-0x00007FF633894000-memory.dmp	xmrig
behavioral2/memory/2560-937-0x00007FF62B120000-0x00007FF62B474000-memory.dmp	xmrig
behavioral2/memory/1324-942-0x00007FF66BCA0000-0x00007FF66BFF4000-memory.dmp	xmrig
behavioral2/memory/5080-946-0x00007FF78BB20000-0x00007FF78BE74000-memory.dmp	xmrig
behavioral2/memory/4924-964-0x00007FF7F19A0000-0x00007FF7F1CF4000-memory.dmp	xmrig
behavioral2/memory/4612-958-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp	xmrig
behavioral2/memory/2988-955-0x00007FF7C7130000-0x00007FF7C7484000-memory.dmp	xmrig
behavioral2/memory/920-973-0x00007FF6404D0000-0x00007FF640824000-memory.dmp	xmrig
behavioral2/memory/3916-985-0x00007FF6FC080000-0x00007FF6FC3D4000-memory.dmp	xmrig
behavioral2/memory/3872-980-0x00007FF7B2BC0000-0x00007FF7B2F14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-186.dat	xmrig
behavioral2/files/0x000700000002343e-184.dat	xmrig
behavioral2/files/0x000700000002343f-181.dat	xmrig
behavioral2/files/0x000700000002343d-179.dat	xmrig
behavioral2/files/0x000700000002343c-174.dat	xmrig
behavioral2/files/0x000700000002343b-169.dat	xmrig
behavioral2/files/0x0007000000023439-159.dat	xmrig
behavioral2/files/0x0007000000023438-154.dat	xmrig
behavioral2/files/0x0007000000023437-149.dat	xmrig
behavioral2/files/0x0007000000023436-144.dat	xmrig
behavioral2/files/0x0007000000023435-139.dat	xmrig
behavioral2/files/0x0007000000023434-134.dat	xmrig
behavioral2/memory/5020-127-0x00007FF6D4CC0000-0x00007FF6D5014000-memory.dmp	xmrig
behavioral2/memory/32-126-0x00007FF71B6A0000-0x00007FF71B9F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-121.dat	xmrig
behavioral2/memory/904-120-0x00007FF6CB4F0000-0x00007FF6CB844000-memory.dmp	xmrig
behavioral2/memory/4272-119-0x00007FF717950000-0x00007FF717CA4000-memory.dmp	xmrig
behavioral2/memory/3812-118-0x00007FF788520000-0x00007FF788874000-memory.dmp	xmrig
behavioral2/memory/1284-111-0x00007FF6FD170000-0x00007FF6FD4C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-107.dat	xmrig
behavioral2/memory/1192-106-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-101.dat	xmrig
behavioral2/memory/2300-100-0x00007FF694C70000-0x00007FF694FC4000-memory.dmp	xmrig
behavioral2/memory/3576-94-0x00007FF69DB90000-0x00007FF69DEE4000-memory.dmp	xmrig
behavioral2/memory/1272-90-0x00007FF7D42B0000-0x00007FF7D4604000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-85.dat	xmrig
behavioral2/files/0x000700000002342c-83.dat	xmrig
behavioral2/memory/4316-82-0x00007FF661A60000-0x00007FF661DB4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-74.dat	xmrig
behavioral2/files/0x000700000002342a-72.dat	xmrig
behavioral2/files/0x0007000000023428-69.dat	xmrig
behavioral2/memory/1328-67-0x00007FF6C5560000-0x00007FF6C58B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-63.dat	xmrig
behavioral2/files/0x0007000000023429-62.dat	xmrig
behavioral2/memory/756-61-0x00007FF602320000-0x00007FF602674000-memory.dmp	xmrig
behavioral2/memory/2560-60-0x00007FF62B120000-0x00007FF62B474000-memory.dmp	xmrig
behavioral2/memory/4024-56-0x00007FF604400000-0x00007FF604754000-memory.dmp	xmrig
behavioral2/memory/4816-50-0x00007FF78CBC0000-0x00007FF78CF14000-memory.dmp	xmrig
behavioral2/memory/1672-45-0x00007FF75E020000-0x00007FF75E374000-memory.dmp	xmrig
behavioral2/memory/220-41-0x00007FF633540000-0x00007FF633894000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
904	cJbXEtL.exe
32	rIMtlJG.exe
400	aVGvowQ.exe
5000	YZkyCHw.exe
4816	gkXxkFE.exe
220	AxabWgf.exe
4024	oguHeTA.exe
1672	mafuPZy.exe
756	SudHZyl.exe
2560	yoypVCJ.exe
1328	TXxclcT.exe
4360	eRNdhaP.exe
4316	bDOPjqx.exe
1272	dtBMBmN.exe
3576	PhHBrcD.exe
2300	magLnxf.exe
1284	PHuMsjg.exe
1192	JkYAFKK.exe
4272	PoMqITk.exe
5020	gwDbcUx.exe
4752	PFVbbJu.exe
1324	hKgRiEv.exe
5080	VYarOzd.exe
2988	KALjLwB.exe
4612	ycaKNXT.exe
4924	XQuccHh.exe
920	wazJwXw.exe
3872	Dmjmhbo.exe
3916	ZJfBZQD.exe
3880	HQcNCTC.exe
5064	fNAZsUB.exe
4252	PxgKxUw.exe
3464	IzEAqjx.exe
1668	tNkxkgw.exe
1256	HLRvUry.exe
680	hlGSppR.exe
3312	MdFAzXq.exe
2708	jGDsHcF.exe
4772	JgVmUpm.exe
4644	iZfVLbG.exe
1300	iMOKQKl.exe
5088	IqrUUys.exe
1884	hTVXTnB.exe
4452	JWihEtp.exe
2648	OwSYKIZ.exe
456	JMVWeCJ.exe
1504	xvmZoJZ.exe
4596	SIaGOsx.exe
3096	pWtpUga.exe
4800	AwrnXZU.exe
3692	dabDQUy.exe
208	BzWMlWu.exe
1728	JggfUEK.exe
1540	TFKzVeL.exe
2996	aZKxbfe.exe
1524	PSLJtvF.exe
3100	MoROBJm.exe
868	fCfTSSc.exe
664	EkihkRb.exe
4028	BDPeMUh.exe
4760	hQeCCuD.exe
1032	oWmoWnI.exe
1636	SJGtqZP.exe
4788	NZKvsPv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3812-0-0x00007FF788520000-0x00007FF788874000-memory.dmp	upx
behavioral2/files/0x000900000002328e-5.dat	upx
behavioral2/files/0x000900000002341c-8.dat	upx
behavioral2/files/0x0008000000023422-12.dat	upx
behavioral2/files/0x0007000000023426-30.dat	upx
behavioral2/files/0x0007000000023424-36.dat	upx
behavioral2/memory/4360-78-0x00007FF62DBF0000-0x00007FF62DF44000-memory.dmp	upx
behavioral2/files/0x000700000002342e-95.dat	upx
behavioral2/files/0x0007000000023431-103.dat	upx
behavioral2/files/0x0007000000023433-114.dat	upx
behavioral2/memory/4752-128-0x00007FF733EF0000-0x00007FF734244000-memory.dmp	upx
behavioral2/files/0x000700000002343a-156.dat	upx
behavioral2/memory/1672-931-0x00007FF75E020000-0x00007FF75E374000-memory.dmp	upx
behavioral2/memory/4024-933-0x00007FF604400000-0x00007FF604754000-memory.dmp	upx
behavioral2/memory/220-930-0x00007FF633540000-0x00007FF633894000-memory.dmp	upx
behavioral2/memory/2560-937-0x00007FF62B120000-0x00007FF62B474000-memory.dmp	upx
behavioral2/memory/1324-942-0x00007FF66BCA0000-0x00007FF66BFF4000-memory.dmp	upx
behavioral2/memory/5080-946-0x00007FF78BB20000-0x00007FF78BE74000-memory.dmp	upx
behavioral2/memory/4924-964-0x00007FF7F19A0000-0x00007FF7F1CF4000-memory.dmp	upx
behavioral2/memory/4612-958-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp	upx
behavioral2/memory/2988-955-0x00007FF7C7130000-0x00007FF7C7484000-memory.dmp	upx
behavioral2/memory/920-973-0x00007FF6404D0000-0x00007FF640824000-memory.dmp	upx
behavioral2/memory/3916-985-0x00007FF6FC080000-0x00007FF6FC3D4000-memory.dmp	upx
behavioral2/memory/3872-980-0x00007FF7B2BC0000-0x00007FF7B2F14000-memory.dmp	upx
behavioral2/files/0x0007000000023440-186.dat	upx
behavioral2/files/0x000700000002343e-184.dat	upx
behavioral2/files/0x000700000002343f-181.dat	upx
behavioral2/files/0x000700000002343d-179.dat	upx
behavioral2/files/0x000700000002343c-174.dat	upx
behavioral2/files/0x000700000002343b-169.dat	upx
behavioral2/files/0x0007000000023439-159.dat	upx
behavioral2/files/0x0007000000023438-154.dat	upx
behavioral2/files/0x0007000000023437-149.dat	upx
behavioral2/files/0x0007000000023436-144.dat	upx
behavioral2/files/0x0007000000023435-139.dat	upx
behavioral2/files/0x0007000000023434-134.dat	upx
behavioral2/memory/5020-127-0x00007FF6D4CC0000-0x00007FF6D5014000-memory.dmp	upx
behavioral2/memory/32-126-0x00007FF71B6A0000-0x00007FF71B9F4000-memory.dmp	upx
behavioral2/files/0x0007000000023432-121.dat	upx
behavioral2/memory/904-120-0x00007FF6CB4F0000-0x00007FF6CB844000-memory.dmp	upx
behavioral2/memory/4272-119-0x00007FF717950000-0x00007FF717CA4000-memory.dmp	upx
behavioral2/memory/3812-118-0x00007FF788520000-0x00007FF788874000-memory.dmp	upx
behavioral2/memory/1284-111-0x00007FF6FD170000-0x00007FF6FD4C4000-memory.dmp	upx
behavioral2/files/0x0007000000023430-107.dat	upx
behavioral2/memory/1192-106-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp	upx
behavioral2/files/0x000700000002342f-101.dat	upx
behavioral2/memory/2300-100-0x00007FF694C70000-0x00007FF694FC4000-memory.dmp	upx
behavioral2/memory/3576-94-0x00007FF69DB90000-0x00007FF69DEE4000-memory.dmp	upx
behavioral2/memory/1272-90-0x00007FF7D42B0000-0x00007FF7D4604000-memory.dmp	upx
behavioral2/files/0x000700000002342d-85.dat	upx
behavioral2/files/0x000700000002342c-83.dat	upx
behavioral2/memory/4316-82-0x00007FF661A60000-0x00007FF661DB4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-74.dat	upx
behavioral2/files/0x000700000002342a-72.dat	upx
behavioral2/files/0x0007000000023428-69.dat	upx
behavioral2/memory/1328-67-0x00007FF6C5560000-0x00007FF6C58B4000-memory.dmp	upx
behavioral2/files/0x0007000000023427-63.dat	upx
behavioral2/files/0x0007000000023429-62.dat	upx
behavioral2/memory/756-61-0x00007FF602320000-0x00007FF602674000-memory.dmp	upx
behavioral2/memory/2560-60-0x00007FF62B120000-0x00007FF62B474000-memory.dmp	upx
behavioral2/memory/4024-56-0x00007FF604400000-0x00007FF604754000-memory.dmp	upx
behavioral2/memory/4816-50-0x00007FF78CBC0000-0x00007FF78CF14000-memory.dmp	upx
behavioral2/memory/1672-45-0x00007FF75E020000-0x00007FF75E374000-memory.dmp	upx
behavioral2/memory/220-41-0x00007FF633540000-0x00007FF633894000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tvBJNJM.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\KEMCqJo.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\YeuqVvF.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\FMnOniu.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\ZuIYohr.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\zOeSQtc.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\FqYVVty.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\ggpyGYP.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\CPACjve.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\fxIizSx.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\OCgyxpQ.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\awkoAYx.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\GNbNSei.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\UOKAxqb.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\oVzHkVz.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\GzydGWc.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\YnCKYrh.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\IfrgaIf.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\ilQQPZW.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\KmesrZz.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\RWTxFnL.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\glmqMak.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\idjgHRD.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\skUBWTp.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\PFVbbJu.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\YNLrdqd.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\wKqFzSM.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\FyJKBmR.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\HJLifUD.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\awcSdmZ.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\cWjzmYk.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\VBxPnCi.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\cztlGHn.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\wHNWfmf.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\TrzDDKr.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\fmuVipv.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\LsZyPKI.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\GrgmlOG.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\pbgQebO.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\hTVXTnB.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\jRriEHW.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\SbYCgAU.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\XHwXhxu.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\QmaXBOC.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\zsLBXeR.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\aImqLRf.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\xzushNf.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\JHGhooI.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\BPQXIfR.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\WPrMNIp.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\BfmdjYm.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\XFKoFeh.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\Wzuaxkv.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\magLnxf.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\OwSYKIZ.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\XiskaYj.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\wGtwokF.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\DLhSKan.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\brxmdzF.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\cJbXEtL.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\phBVXmk.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\hhhtqbh.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\eKigifO.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe
File created	C:\Windows\System\oWmoWnI.exe	fcd669b139b3896857060efa5e18b600_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14452	dwm.exe
Token: SeChangeNotifyPrivilege	14452	dwm.exe
Token: 33	14452	dwm.exe
Token: SeIncBasePriorityPrivilege	14452	dwm.exe
Token: SeShutdownPrivilege	14452	dwm.exe
Token: SeCreatePagefilePrivilege	14452	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 904	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	83
PID 3812 wrote to memory of 904	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	83
PID 3812 wrote to memory of 32	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	84
PID 3812 wrote to memory of 32	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	84
PID 3812 wrote to memory of 400	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	85
PID 3812 wrote to memory of 400	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	85
PID 3812 wrote to memory of 5000	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	86
PID 3812 wrote to memory of 5000	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	86
PID 3812 wrote to memory of 4024	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	87
PID 3812 wrote to memory of 4024	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	87
PID 3812 wrote to memory of 4816	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	88
PID 3812 wrote to memory of 4816	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	88
PID 3812 wrote to memory of 220	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	89
PID 3812 wrote to memory of 220	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	89
PID 3812 wrote to memory of 1672	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	90
PID 3812 wrote to memory of 1672	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	90
PID 3812 wrote to memory of 2560	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	91
PID 3812 wrote to memory of 2560	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	91
PID 3812 wrote to memory of 756	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	92
PID 3812 wrote to memory of 756	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	92
PID 3812 wrote to memory of 1328	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	93
PID 3812 wrote to memory of 1328	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	93
PID 3812 wrote to memory of 4360	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	94
PID 3812 wrote to memory of 4360	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	94
PID 3812 wrote to memory of 4316	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	95
PID 3812 wrote to memory of 4316	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	95
PID 3812 wrote to memory of 1272	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	96
PID 3812 wrote to memory of 1272	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	96
PID 3812 wrote to memory of 3576	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	97
PID 3812 wrote to memory of 3576	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	97
PID 3812 wrote to memory of 2300	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	98
PID 3812 wrote to memory of 2300	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	98
PID 3812 wrote to memory of 1284	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	99
PID 3812 wrote to memory of 1284	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	99
PID 3812 wrote to memory of 1192	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	100
PID 3812 wrote to memory of 1192	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	100
PID 3812 wrote to memory of 4272	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	101
PID 3812 wrote to memory of 4272	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	101
PID 3812 wrote to memory of 5020	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	102
PID 3812 wrote to memory of 5020	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	102
PID 3812 wrote to memory of 4752	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	103
PID 3812 wrote to memory of 4752	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	103
PID 3812 wrote to memory of 1324	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	104
PID 3812 wrote to memory of 1324	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	104
PID 3812 wrote to memory of 5080	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	105
PID 3812 wrote to memory of 5080	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	105
PID 3812 wrote to memory of 2988	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	106
PID 3812 wrote to memory of 2988	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	106
PID 3812 wrote to memory of 4612	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	107
PID 3812 wrote to memory of 4612	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	107
PID 3812 wrote to memory of 4924	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	108
PID 3812 wrote to memory of 4924	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	108
PID 3812 wrote to memory of 920	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	109
PID 3812 wrote to memory of 920	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	109
PID 3812 wrote to memory of 3872	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	110
PID 3812 wrote to memory of 3872	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	110
PID 3812 wrote to memory of 3916	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	111
PID 3812 wrote to memory of 3916	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	111
PID 3812 wrote to memory of 3880	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	112
PID 3812 wrote to memory of 3880	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	112
PID 3812 wrote to memory of 5064	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	113
PID 3812 wrote to memory of 5064	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	113
PID 3812 wrote to memory of 4252	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	114
PID 3812 wrote to memory of 4252	3812	fcd669b139b3896857060efa5e18b600_NEIKI.exe	114

C:\Users\Admin\AppData\Local\Temp\fcd669b139b3896857060efa5e18b600_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\fcd669b139b3896857060efa5e18b600_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Windows\System\cJbXEtL.exe
  C:\Windows\System\cJbXEtL.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\rIMtlJG.exe
  C:\Windows\System\rIMtlJG.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\aVGvowQ.exe
  C:\Windows\System\aVGvowQ.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\YZkyCHw.exe
  C:\Windows\System\YZkyCHw.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\oguHeTA.exe
  C:\Windows\System\oguHeTA.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\gkXxkFE.exe
  C:\Windows\System\gkXxkFE.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\AxabWgf.exe
  C:\Windows\System\AxabWgf.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\mafuPZy.exe
  C:\Windows\System\mafuPZy.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\yoypVCJ.exe
  C:\Windows\System\yoypVCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\SudHZyl.exe
  C:\Windows\System\SudHZyl.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\TXxclcT.exe
  C:\Windows\System\TXxclcT.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\eRNdhaP.exe
  C:\Windows\System\eRNdhaP.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\bDOPjqx.exe
  C:\Windows\System\bDOPjqx.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\dtBMBmN.exe
  C:\Windows\System\dtBMBmN.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\PhHBrcD.exe
  C:\Windows\System\PhHBrcD.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\magLnxf.exe
  C:\Windows\System\magLnxf.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\PHuMsjg.exe
  C:\Windows\System\PHuMsjg.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\JkYAFKK.exe
  C:\Windows\System\JkYAFKK.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\PoMqITk.exe
  C:\Windows\System\PoMqITk.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\gwDbcUx.exe
  C:\Windows\System\gwDbcUx.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\PFVbbJu.exe
  C:\Windows\System\PFVbbJu.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\hKgRiEv.exe
  C:\Windows\System\hKgRiEv.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\VYarOzd.exe
  C:\Windows\System\VYarOzd.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\KALjLwB.exe
  C:\Windows\System\KALjLwB.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ycaKNXT.exe
  C:\Windows\System\ycaKNXT.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\XQuccHh.exe
  C:\Windows\System\XQuccHh.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\wazJwXw.exe
  C:\Windows\System\wazJwXw.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\Dmjmhbo.exe
  C:\Windows\System\Dmjmhbo.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\ZJfBZQD.exe
  C:\Windows\System\ZJfBZQD.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\HQcNCTC.exe
  C:\Windows\System\HQcNCTC.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\fNAZsUB.exe
  C:\Windows\System\fNAZsUB.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\PxgKxUw.exe
  C:\Windows\System\PxgKxUw.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\IzEAqjx.exe
  C:\Windows\System\IzEAqjx.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\tNkxkgw.exe
  C:\Windows\System\tNkxkgw.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\HLRvUry.exe
  C:\Windows\System\HLRvUry.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\hlGSppR.exe
  C:\Windows\System\hlGSppR.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\MdFAzXq.exe
  C:\Windows\System\MdFAzXq.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\jGDsHcF.exe
  C:\Windows\System\jGDsHcF.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\JgVmUpm.exe
  C:\Windows\System\JgVmUpm.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\iZfVLbG.exe
  C:\Windows\System\iZfVLbG.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\iMOKQKl.exe
  C:\Windows\System\iMOKQKl.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\IqrUUys.exe
  C:\Windows\System\IqrUUys.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\hTVXTnB.exe
  C:\Windows\System\hTVXTnB.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\JWihEtp.exe
  C:\Windows\System\JWihEtp.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\OwSYKIZ.exe
  C:\Windows\System\OwSYKIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\JMVWeCJ.exe
  C:\Windows\System\JMVWeCJ.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\xvmZoJZ.exe
  C:\Windows\System\xvmZoJZ.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\SIaGOsx.exe
  C:\Windows\System\SIaGOsx.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\pWtpUga.exe
  C:\Windows\System\pWtpUga.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\AwrnXZU.exe
  C:\Windows\System\AwrnXZU.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\dabDQUy.exe
  C:\Windows\System\dabDQUy.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\BzWMlWu.exe
  C:\Windows\System\BzWMlWu.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\JggfUEK.exe
  C:\Windows\System\JggfUEK.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\TFKzVeL.exe
  C:\Windows\System\TFKzVeL.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\aZKxbfe.exe
  C:\Windows\System\aZKxbfe.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\PSLJtvF.exe
  C:\Windows\System\PSLJtvF.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\MoROBJm.exe
  C:\Windows\System\MoROBJm.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\fCfTSSc.exe
  C:\Windows\System\fCfTSSc.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\EkihkRb.exe
  C:\Windows\System\EkihkRb.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\BDPeMUh.exe
  C:\Windows\System\BDPeMUh.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\hQeCCuD.exe
  C:\Windows\System\hQeCCuD.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\oWmoWnI.exe
  C:\Windows\System\oWmoWnI.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\SJGtqZP.exe
  C:\Windows\System\SJGtqZP.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\NZKvsPv.exe
  C:\Windows\System\NZKvsPv.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\BREDvUH.exe
  C:\Windows\System\BREDvUH.exe
  2⤵
  PID:4380
- C:\Windows\System\FqYVVty.exe
  C:\Windows\System\FqYVVty.exe
  2⤵
  PID:2928
- C:\Windows\System\VFLDfsD.exe
  C:\Windows\System\VFLDfsD.exe
  2⤵
  PID:3216
- C:\Windows\System\ZiHrPSJ.exe
  C:\Windows\System\ZiHrPSJ.exe
  2⤵
  PID:1916
- C:\Windows\System\hcdLlvM.exe
  C:\Windows\System\hcdLlvM.exe
  2⤵
  PID:2512
- C:\Windows\System\sgtTcNR.exe
  C:\Windows\System\sgtTcNR.exe
  2⤵
  PID:1968
- C:\Windows\System\yWVMfwU.exe
  C:\Windows\System\yWVMfwU.exe
  2⤵
  PID:64
- C:\Windows\System\HGlJrVM.exe
  C:\Windows\System\HGlJrVM.exe
  2⤵
  PID:4960
- C:\Windows\System\IgtVuPJ.exe
  C:\Windows\System\IgtVuPJ.exe
  2⤵
  PID:1780
- C:\Windows\System\OxgKRxg.exe
  C:\Windows\System\OxgKRxg.exe
  2⤵
  PID:3200
- C:\Windows\System\FlrUKHW.exe
  C:\Windows\System\FlrUKHW.exe
  2⤵
  PID:2340
- C:\Windows\System\MKFiGiB.exe
  C:\Windows\System\MKFiGiB.exe
  2⤵
  PID:876
- C:\Windows\System\LYQFjrd.exe
  C:\Windows\System\LYQFjrd.exe
  2⤵
  PID:3116
- C:\Windows\System\UMwSazc.exe
  C:\Windows\System\UMwSazc.exe
  2⤵
  PID:5148
- C:\Windows\System\WoyANgF.exe
  C:\Windows\System\WoyANgF.exe
  2⤵
  PID:5176
- C:\Windows\System\UesMnFo.exe
  C:\Windows\System\UesMnFo.exe
  2⤵
  PID:5204
- C:\Windows\System\HoBVarY.exe
  C:\Windows\System\HoBVarY.exe
  2⤵
  PID:5232
- C:\Windows\System\OCYnEcD.exe
  C:\Windows\System\OCYnEcD.exe
  2⤵
  PID:5264
- C:\Windows\System\qmHEwAm.exe
  C:\Windows\System\qmHEwAm.exe
  2⤵
  PID:5288
- C:\Windows\System\txoUONw.exe
  C:\Windows\System\txoUONw.exe
  2⤵
  PID:5316
- C:\Windows\System\qAPmwOW.exe
  C:\Windows\System\qAPmwOW.exe
  2⤵
  PID:5344
- C:\Windows\System\fbdtQsg.exe
  C:\Windows\System\fbdtQsg.exe
  2⤵
  PID:5372
- C:\Windows\System\yYVajEr.exe
  C:\Windows\System\yYVajEr.exe
  2⤵
  PID:5400
- C:\Windows\System\aIduejY.exe
  C:\Windows\System\aIduejY.exe
  2⤵
  PID:5428
- C:\Windows\System\rbNxBtr.exe
  C:\Windows\System\rbNxBtr.exe
  2⤵
  PID:5456
- C:\Windows\System\XpWlhBu.exe
  C:\Windows\System\XpWlhBu.exe
  2⤵
  PID:5484
- C:\Windows\System\qJtqMtV.exe
  C:\Windows\System\qJtqMtV.exe
  2⤵
  PID:5512
- C:\Windows\System\NGvfNgm.exe
  C:\Windows\System\NGvfNgm.exe
  2⤵
  PID:5540
- C:\Windows\System\Mxlcgjn.exe
  C:\Windows\System\Mxlcgjn.exe
  2⤵
  PID:5568
- C:\Windows\System\xSUCWof.exe
  C:\Windows\System\xSUCWof.exe
  2⤵
  PID:5596
- C:\Windows\System\siGKBdn.exe
  C:\Windows\System\siGKBdn.exe
  2⤵
  PID:5624
- C:\Windows\System\XXeSPmY.exe
  C:\Windows\System\XXeSPmY.exe
  2⤵
  PID:5652
- C:\Windows\System\ADZeFgw.exe
  C:\Windows\System\ADZeFgw.exe
  2⤵
  PID:5680
- C:\Windows\System\utiXwcQ.exe
  C:\Windows\System\utiXwcQ.exe
  2⤵
  PID:5708
- C:\Windows\System\FiNanuU.exe
  C:\Windows\System\FiNanuU.exe
  2⤵
  PID:5736
- C:\Windows\System\tjORSCw.exe
  C:\Windows\System\tjORSCw.exe
  2⤵
  PID:5764
- C:\Windows\System\vBjMtrT.exe
  C:\Windows\System\vBjMtrT.exe
  2⤵
  PID:5792
- C:\Windows\System\qbaTCCc.exe
  C:\Windows\System\qbaTCCc.exe
  2⤵
  PID:5820
- C:\Windows\System\aImqLRf.exe
  C:\Windows\System\aImqLRf.exe
  2⤵
  PID:5848
- C:\Windows\System\TfvngWb.exe
  C:\Windows\System\TfvngWb.exe
  2⤵
  PID:5876
- C:\Windows\System\QzcqGrU.exe
  C:\Windows\System\QzcqGrU.exe
  2⤵
  PID:5904
- C:\Windows\System\uJZQefZ.exe
  C:\Windows\System\uJZQefZ.exe
  2⤵
  PID:5932
- C:\Windows\System\BUHzGnt.exe
  C:\Windows\System\BUHzGnt.exe
  2⤵
  PID:5960
- C:\Windows\System\oqgyWpu.exe
  C:\Windows\System\oqgyWpu.exe
  2⤵
  PID:5988
- C:\Windows\System\pOaRCMg.exe
  C:\Windows\System\pOaRCMg.exe
  2⤵
  PID:6016
- C:\Windows\System\UmzDsXU.exe
  C:\Windows\System\UmzDsXU.exe
  2⤵
  PID:6044
- C:\Windows\System\CkyuRsB.exe
  C:\Windows\System\CkyuRsB.exe
  2⤵
  PID:6072
- C:\Windows\System\KDlXUpj.exe
  C:\Windows\System\KDlXUpj.exe
  2⤵
  PID:6100
- C:\Windows\System\bgGcpek.exe
  C:\Windows\System\bgGcpek.exe
  2⤵
  PID:6128
- C:\Windows\System\AYZdiDr.exe
  C:\Windows\System\AYZdiDr.exe
  2⤵
  PID:4400
- C:\Windows\System\XzIPAjG.exe
  C:\Windows\System\XzIPAjG.exe
  2⤵
  PID:416
- C:\Windows\System\kVLDyRP.exe
  C:\Windows\System\kVLDyRP.exe
  2⤵
  PID:4904
- C:\Windows\System\qvmiPSW.exe
  C:\Windows\System\qvmiPSW.exe
  2⤵
  PID:3628
- C:\Windows\System\ncQpbAe.exe
  C:\Windows\System\ncQpbAe.exe
  2⤵
  PID:4572
- C:\Windows\System\fQccxZo.exe
  C:\Windows\System\fQccxZo.exe
  2⤵
  PID:1892
- C:\Windows\System\GlGjtkm.exe
  C:\Windows\System\GlGjtkm.exe
  2⤵
  PID:4108
- C:\Windows\System\BVvYbLK.exe
  C:\Windows\System\BVvYbLK.exe
  2⤵
  PID:5168
- C:\Windows\System\UiagcOO.exe
  C:\Windows\System\UiagcOO.exe
  2⤵
  PID:5244
- C:\Windows\System\jWdqQgY.exe
  C:\Windows\System\jWdqQgY.exe
  2⤵
  PID:5304
- C:\Windows\System\fmuVipv.exe
  C:\Windows\System\fmuVipv.exe
  2⤵
  PID:5364
- C:\Windows\System\niqjVoO.exe
  C:\Windows\System\niqjVoO.exe
  2⤵
  PID:5440
- C:\Windows\System\SSYkQsU.exe
  C:\Windows\System\SSYkQsU.exe
  2⤵
  PID:5500
- C:\Windows\System\yAVcRTK.exe
  C:\Windows\System\yAVcRTK.exe
  2⤵
  PID:5560
- C:\Windows\System\bvUzANI.exe
  C:\Windows\System\bvUzANI.exe
  2⤵
  PID:5636
- C:\Windows\System\AWGqMor.exe
  C:\Windows\System\AWGqMor.exe
  2⤵
  PID:5696
- C:\Windows\System\FocVdgd.exe
  C:\Windows\System\FocVdgd.exe
  2⤵
  PID:5756
- C:\Windows\System\bhNISOU.exe
  C:\Windows\System\bhNISOU.exe
  2⤵
  PID:5832
- C:\Windows\System\ilQQPZW.exe
  C:\Windows\System\ilQQPZW.exe
  2⤵
  PID:5892
- C:\Windows\System\agUoNgG.exe
  C:\Windows\System\agUoNgG.exe
  2⤵
  PID:5952
- C:\Windows\System\gCNgipG.exe
  C:\Windows\System\gCNgipG.exe
  2⤵
  PID:6008
- C:\Windows\System\bSBDTxt.exe
  C:\Windows\System\bSBDTxt.exe
  2⤵
  PID:6084
- C:\Windows\System\rqmlUzQ.exe
  C:\Windows\System\rqmlUzQ.exe
  2⤵
  PID:2264
- C:\Windows\System\iShplwf.exe
  C:\Windows\System\iShplwf.exe
  2⤵
  PID:3840
- C:\Windows\System\cNfOKbB.exe
  C:\Windows\System\cNfOKbB.exe
  2⤵
  PID:4324
- C:\Windows\System\eGkInTb.exe
  C:\Windows\System\eGkInTb.exe
  2⤵
  PID:5140
- C:\Windows\System\ndNLGqS.exe
  C:\Windows\System\ndNLGqS.exe
  2⤵
  PID:6168
- C:\Windows\System\mIWovui.exe
  C:\Windows\System\mIWovui.exe
  2⤵
  PID:6196
- C:\Windows\System\jqxOtjn.exe
  C:\Windows\System\jqxOtjn.exe
  2⤵
  PID:6224
- C:\Windows\System\KGHqFQe.exe
  C:\Windows\System\KGHqFQe.exe
  2⤵
  PID:6252
- C:\Windows\System\CNnyncP.exe
  C:\Windows\System\CNnyncP.exe
  2⤵
  PID:6280
- C:\Windows\System\bbDCTGc.exe
  C:\Windows\System\bbDCTGc.exe
  2⤵
  PID:6308
- C:\Windows\System\tUQcwtV.exe
  C:\Windows\System\tUQcwtV.exe
  2⤵
  PID:6336
- C:\Windows\System\QFGEoSN.exe
  C:\Windows\System\QFGEoSN.exe
  2⤵
  PID:6364
- C:\Windows\System\XLLYLiT.exe
  C:\Windows\System\XLLYLiT.exe
  2⤵
  PID:6392
- C:\Windows\System\kvZrqlP.exe
  C:\Windows\System\kvZrqlP.exe
  2⤵
  PID:6420
- C:\Windows\System\uDEfJQR.exe
  C:\Windows\System\uDEfJQR.exe
  2⤵
  PID:6448
- C:\Windows\System\yGioPGx.exe
  C:\Windows\System\yGioPGx.exe
  2⤵
  PID:6476
- C:\Windows\System\coGfNnM.exe
  C:\Windows\System\coGfNnM.exe
  2⤵
  PID:6504
- C:\Windows\System\ULeUNTf.exe
  C:\Windows\System\ULeUNTf.exe
  2⤵
  PID:6532
- C:\Windows\System\NGpiFCl.exe
  C:\Windows\System\NGpiFCl.exe
  2⤵
  PID:6560
- C:\Windows\System\nMIfuJU.exe
  C:\Windows\System\nMIfuJU.exe
  2⤵
  PID:6600
- C:\Windows\System\PXsuJtY.exe
  C:\Windows\System\PXsuJtY.exe
  2⤵
  PID:6628
- C:\Windows\System\GhrLLNt.exe
  C:\Windows\System\GhrLLNt.exe
  2⤵
  PID:6656
- C:\Windows\System\kGSBeGK.exe
  C:\Windows\System\kGSBeGK.exe
  2⤵
  PID:6672
- C:\Windows\System\BijmPVd.exe
  C:\Windows\System\BijmPVd.exe
  2⤵
  PID:6700
- C:\Windows\System\KKcTuSS.exe
  C:\Windows\System\KKcTuSS.exe
  2⤵
  PID:6728
- C:\Windows\System\EuYOuGF.exe
  C:\Windows\System\EuYOuGF.exe
  2⤵
  PID:6756
- C:\Windows\System\KFAaMxR.exe
  C:\Windows\System\KFAaMxR.exe
  2⤵
  PID:6784
- C:\Windows\System\qYsNDTz.exe
  C:\Windows\System\qYsNDTz.exe
  2⤵
  PID:6812
- C:\Windows\System\xrUXqjP.exe
  C:\Windows\System\xrUXqjP.exe
  2⤵
  PID:6844
- C:\Windows\System\VtiKnim.exe
  C:\Windows\System\VtiKnim.exe
  2⤵
  PID:6876
- C:\Windows\System\sqiikgT.exe
  C:\Windows\System\sqiikgT.exe
  2⤵
  PID:6904
- C:\Windows\System\MvlJEec.exe
  C:\Windows\System\MvlJEec.exe
  2⤵
  PID:6932
- C:\Windows\System\KReuYjC.exe
  C:\Windows\System\KReuYjC.exe
  2⤵
  PID:6960
- C:\Windows\System\GQLJHlX.exe
  C:\Windows\System\GQLJHlX.exe
  2⤵
  PID:6988
- C:\Windows\System\upcNNBq.exe
  C:\Windows\System\upcNNBq.exe
  2⤵
  PID:7016
- C:\Windows\System\XiskaYj.exe
  C:\Windows\System\XiskaYj.exe
  2⤵
  PID:7036
- C:\Windows\System\TsUfjJv.exe
  C:\Windows\System\TsUfjJv.exe
  2⤵
  PID:7064
- C:\Windows\System\DVNPrGA.exe
  C:\Windows\System\DVNPrGA.exe
  2⤵
  PID:7092
- C:\Windows\System\IzHPtAa.exe
  C:\Windows\System\IzHPtAa.exe
  2⤵
  PID:7120
- C:\Windows\System\gfsdcqN.exe
  C:\Windows\System\gfsdcqN.exe
  2⤵
  PID:7144
- C:\Windows\System\kLkVKxu.exe
  C:\Windows\System\kLkVKxu.exe
  2⤵
  PID:5220
- C:\Windows\System\iUMfkrh.exe
  C:\Windows\System\iUMfkrh.exe
  2⤵
  PID:5392
- C:\Windows\System\qkPcSrV.exe
  C:\Windows\System\qkPcSrV.exe
  2⤵
  PID:5532
- C:\Windows\System\tvBJNJM.exe
  C:\Windows\System\tvBJNJM.exe
  2⤵
  PID:216
- C:\Windows\System\dYeonMj.exe
  C:\Windows\System\dYeonMj.exe
  2⤵
  PID:5804
- C:\Windows\System\NeTjniU.exe
  C:\Windows\System\NeTjniU.exe
  2⤵
  PID:5944
- C:\Windows\System\sEshLSZ.exe
  C:\Windows\System\sEshLSZ.exe
  2⤵
  PID:6112
- C:\Windows\System\MRTKyva.exe
  C:\Windows\System\MRTKyva.exe
  2⤵
  PID:2672
- C:\Windows\System\AjVqpvW.exe
  C:\Windows\System\AjVqpvW.exe
  2⤵
  PID:6152
- C:\Windows\System\jxaWflR.exe
  C:\Windows\System\jxaWflR.exe
  2⤵
  PID:6212
- C:\Windows\System\zvpeocp.exe
  C:\Windows\System\zvpeocp.exe
  2⤵
  PID:6272
- C:\Windows\System\RpvBXJk.exe
  C:\Windows\System\RpvBXJk.exe
  2⤵
  PID:6348
- C:\Windows\System\hqWgLmB.exe
  C:\Windows\System\hqWgLmB.exe
  2⤵
  PID:6404
- C:\Windows\System\ERVBxBC.exe
  C:\Windows\System\ERVBxBC.exe
  2⤵
  PID:3068
- C:\Windows\System\NiIvsSj.exe
  C:\Windows\System\NiIvsSj.exe
  2⤵
  PID:6520
- C:\Windows\System\qkCBrKG.exe
  C:\Windows\System\qkCBrKG.exe
  2⤵
  PID:6576
- C:\Windows\System\TCGBtan.exe
  C:\Windows\System\TCGBtan.exe
  2⤵
  PID:6644
- C:\Windows\System\DihkdTn.exe
  C:\Windows\System\DihkdTn.exe
  2⤵
  PID:6712
- C:\Windows\System\cWjzmYk.exe
  C:\Windows\System\cWjzmYk.exe
  2⤵
  PID:6768
- C:\Windows\System\jeBuCCC.exe
  C:\Windows\System\jeBuCCC.exe
  2⤵
  PID:6828
- C:\Windows\System\YeTDqEC.exe
  C:\Windows\System\YeTDqEC.exe
  2⤵
  PID:6900
- C:\Windows\System\wsiqlwl.exe
  C:\Windows\System\wsiqlwl.exe
  2⤵
  PID:2904
- C:\Windows\System\KmesrZz.exe
  C:\Windows\System\KmesrZz.exe
  2⤵
  PID:6984
- C:\Windows\System\mXDSiFh.exe
  C:\Windows\System\mXDSiFh.exe
  2⤵
  PID:7052
- C:\Windows\System\BiePpzS.exe
  C:\Windows\System\BiePpzS.exe
  2⤵
  PID:7108
- C:\Windows\System\wjDnYhO.exe
  C:\Windows\System\wjDnYhO.exe
  2⤵
  PID:5196
- C:\Windows\System\NBBUnec.exe
  C:\Windows\System\NBBUnec.exe
  2⤵
  PID:5608
- C:\Windows\System\lANWlOu.exe
  C:\Windows\System\lANWlOu.exe
  2⤵
  PID:5864
- C:\Windows\System\zOkiZCu.exe
  C:\Windows\System\zOkiZCu.exe
  2⤵
  PID:3460
- C:\Windows\System\DAPdQzN.exe
  C:\Windows\System\DAPdQzN.exe
  2⤵
  PID:6184
- C:\Windows\System\rpEGnoh.exe
  C:\Windows\System\rpEGnoh.exe
  2⤵
  PID:6320
- C:\Windows\System\GWZLvhM.exe
  C:\Windows\System\GWZLvhM.exe
  2⤵
  PID:6460
- C:\Windows\System\eEGdsEP.exe
  C:\Windows\System\eEGdsEP.exe
  2⤵
  PID:6612
- C:\Windows\System\skCiJiE.exe
  C:\Windows\System\skCiJiE.exe
  2⤵
  PID:6740
- C:\Windows\System\HaryoAW.exe
  C:\Windows\System\HaryoAW.exe
  2⤵
  PID:1380
- C:\Windows\System\pTVMWzF.exe
  C:\Windows\System\pTVMWzF.exe
  2⤵
  PID:7188
- C:\Windows\System\hEjcSvZ.exe
  C:\Windows\System\hEjcSvZ.exe
  2⤵
  PID:7212
- C:\Windows\System\kuCckCe.exe
  C:\Windows\System\kuCckCe.exe
  2⤵
  PID:7240
- C:\Windows\System\plMxxFK.exe
  C:\Windows\System\plMxxFK.exe
  2⤵
  PID:7272
- C:\Windows\System\sygqpPe.exe
  C:\Windows\System\sygqpPe.exe
  2⤵
  PID:7300
- C:\Windows\System\VNWBSpS.exe
  C:\Windows\System\VNWBSpS.exe
  2⤵
  PID:7324
- C:\Windows\System\iSAVPBm.exe
  C:\Windows\System\iSAVPBm.exe
  2⤵
  PID:7356
- C:\Windows\System\CjglnBh.exe
  C:\Windows\System\CjglnBh.exe
  2⤵
  PID:7384
- C:\Windows\System\aTOWons.exe
  C:\Windows\System\aTOWons.exe
  2⤵
  PID:7412
- C:\Windows\System\JzbYDnm.exe
  C:\Windows\System\JzbYDnm.exe
  2⤵
  PID:7436
- C:\Windows\System\qtcQQsc.exe
  C:\Windows\System\qtcQQsc.exe
  2⤵
  PID:7464
- C:\Windows\System\fMFkzom.exe
  C:\Windows\System\fMFkzom.exe
  2⤵
  PID:7492
- C:\Windows\System\UPEVJNW.exe
  C:\Windows\System\UPEVJNW.exe
  2⤵
  PID:7520
- C:\Windows\System\ooyZFAa.exe
  C:\Windows\System\ooyZFAa.exe
  2⤵
  PID:7552
- C:\Windows\System\Kzkmdkn.exe
  C:\Windows\System\Kzkmdkn.exe
  2⤵
  PID:7580
- C:\Windows\System\UJFSSdb.exe
  C:\Windows\System\UJFSSdb.exe
  2⤵
  PID:7604
- C:\Windows\System\hHyKQOw.exe
  C:\Windows\System\hHyKQOw.exe
  2⤵
  PID:7636
- C:\Windows\System\RtIYssJ.exe
  C:\Windows\System\RtIYssJ.exe
  2⤵
  PID:7664
- C:\Windows\System\BJUoxra.exe
  C:\Windows\System\BJUoxra.exe
  2⤵
  PID:7692
- C:\Windows\System\IfYvRqy.exe
  C:\Windows\System\IfYvRqy.exe
  2⤵
  PID:7720
- C:\Windows\System\jDCPATl.exe
  C:\Windows\System\jDCPATl.exe
  2⤵
  PID:7748
- C:\Windows\System\AYkySiD.exe
  C:\Windows\System\AYkySiD.exe
  2⤵
  PID:7776
- C:\Windows\System\ZTHkvCh.exe
  C:\Windows\System\ZTHkvCh.exe
  2⤵
  PID:7804
- C:\Windows\System\EheLReO.exe
  C:\Windows\System\EheLReO.exe
  2⤵
  PID:7828
- C:\Windows\System\ggpyGYP.exe
  C:\Windows\System\ggpyGYP.exe
  2⤵
  PID:7860
- C:\Windows\System\LsZyPKI.exe
  C:\Windows\System\LsZyPKI.exe
  2⤵
  PID:7888
- C:\Windows\System\cPAGket.exe
  C:\Windows\System\cPAGket.exe
  2⤵
  PID:7916
- C:\Windows\System\YhArZRV.exe
  C:\Windows\System\YhArZRV.exe
  2⤵
  PID:7940
- C:\Windows\System\vMzsOBk.exe
  C:\Windows\System\vMzsOBk.exe
  2⤵
  PID:7968
- C:\Windows\System\CunoCOf.exe
  C:\Windows\System\CunoCOf.exe
  2⤵
  PID:7996
- C:\Windows\System\NygsyZL.exe
  C:\Windows\System\NygsyZL.exe
  2⤵
  PID:8024
- C:\Windows\System\zQUFaFg.exe
  C:\Windows\System\zQUFaFg.exe
  2⤵
  PID:8056
- C:\Windows\System\VoSgWEk.exe
  C:\Windows\System\VoSgWEk.exe
  2⤵
  PID:8084
- C:\Windows\System\RWTxFnL.exe
  C:\Windows\System\RWTxFnL.exe
  2⤵
  PID:8108
- C:\Windows\System\GSAREcg.exe
  C:\Windows\System\GSAREcg.exe
  2⤵
  PID:8140
- C:\Windows\System\CjhJasD.exe
  C:\Windows\System\CjhJasD.exe
  2⤵
  PID:8168
- C:\Windows\System\OAoTqQT.exe
  C:\Windows\System\OAoTqQT.exe
  2⤵
  PID:6928
- C:\Windows\System\QpDLVNS.exe
  C:\Windows\System\QpDLVNS.exe
  2⤵
  PID:7032
- C:\Windows\System\dToDjkU.exe
  C:\Windows\System\dToDjkU.exe
  2⤵
  PID:7160
- C:\Windows\System\msQyjUP.exe
  C:\Windows\System\msQyjUP.exe
  2⤵
  PID:4408
- C:\Windows\System\awkoAYx.exe
  C:\Windows\System\awkoAYx.exe
  2⤵
  PID:516
- C:\Windows\System\sJsKmDW.exe
  C:\Windows\System\sJsKmDW.exe
  2⤵
  PID:6384
- C:\Windows\System\LfcISkE.exe
  C:\Windows\System\LfcISkE.exe
  2⤵
  PID:6684
- C:\Windows\System\YvaZzIq.exe
  C:\Windows\System\YvaZzIq.exe
  2⤵
  PID:7176
- C:\Windows\System\KbdOMAJ.exe
  C:\Windows\System\KbdOMAJ.exe
  2⤵
  PID:7228
- C:\Windows\System\CUoUOJX.exe
  C:\Windows\System\CUoUOJX.exe
  2⤵
  PID:4820
- C:\Windows\System\OoKlQLO.exe
  C:\Windows\System\OoKlQLO.exe
  2⤵
  PID:7344
- C:\Windows\System\iMeFQXS.exe
  C:\Windows\System\iMeFQXS.exe
  2⤵
  PID:7404
- C:\Windows\System\BfmdjYm.exe
  C:\Windows\System\BfmdjYm.exe
  2⤵
  PID:7456
- C:\Windows\System\jRriEHW.exe
  C:\Windows\System\jRriEHW.exe
  2⤵
  PID:1748
- C:\Windows\System\GNbNSei.exe
  C:\Windows\System\GNbNSei.exe
  2⤵
  PID:3688
- C:\Windows\System\bkkrTaX.exe
  C:\Windows\System\bkkrTaX.exe
  2⤵
  PID:7628
- C:\Windows\System\AnbsbGi.exe
  C:\Windows\System\AnbsbGi.exe
  2⤵
  PID:7680
- C:\Windows\System\COrVzlx.exe
  C:\Windows\System\COrVzlx.exe
  2⤵
  PID:4808
- C:\Windows\System\ABXVxng.exe
  C:\Windows\System\ABXVxng.exe
  2⤵
  PID:7796
- C:\Windows\System\BduKlsJ.exe
  C:\Windows\System\BduKlsJ.exe
  2⤵
  PID:7852
- C:\Windows\System\Eqywgfq.exe
  C:\Windows\System\Eqywgfq.exe
  2⤵
  PID:7908
- C:\Windows\System\bZAhOjb.exe
  C:\Windows\System\bZAhOjb.exe
  2⤵
  PID:7956
- C:\Windows\System\XJwOurF.exe
  C:\Windows\System\XJwOurF.exe
  2⤵
  PID:1768
- C:\Windows\System\QjgdEKk.exe
  C:\Windows\System\QjgdEKk.exe
  2⤵
  PID:8020
- C:\Windows\System\HAlolFF.exe
  C:\Windows\System\HAlolFF.exe
  2⤵
  PID:3520
- C:\Windows\System\AgwMyvM.exe
  C:\Windows\System\AgwMyvM.exe
  2⤵
  PID:1724
- C:\Windows\System\iTuxPOj.exe
  C:\Windows\System\iTuxPOj.exe
  2⤵
  PID:3128
- C:\Windows\System\jgqtZWs.exe
  C:\Windows\System\jgqtZWs.exe
  2⤵
  PID:8132
- C:\Windows\System\cezpTdw.exe
  C:\Windows\System\cezpTdw.exe
  2⤵
  PID:8188
- C:\Windows\System\gqIuAwj.exe
  C:\Windows\System\gqIuAwj.exe
  2⤵
  PID:380
- C:\Windows\System\Pdaebpy.exe
  C:\Windows\System\Pdaebpy.exe
  2⤵
  PID:6264
- C:\Windows\System\VEimTJK.exe
  C:\Windows\System\VEimTJK.exe
  2⤵
  PID:7172
- C:\Windows\System\KEMCqJo.exe
  C:\Windows\System\KEMCqJo.exe
  2⤵
  PID:7312
- C:\Windows\System\xxrAPWW.exe
  C:\Windows\System\xxrAPWW.exe
  2⤵
  PID:7452
- C:\Windows\System\UvoyTcB.exe
  C:\Windows\System\UvoyTcB.exe
  2⤵
  PID:7564
- C:\Windows\System\qsWltnX.exe
  C:\Windows\System\qsWltnX.exe
  2⤵
  PID:544
- C:\Windows\System\cmDKjHC.exe
  C:\Windows\System\cmDKjHC.exe
  2⤵
  PID:8076
- C:\Windows\System\lAQSEQz.exe
  C:\Windows\System\lAQSEQz.exe
  2⤵
  PID:8104
- C:\Windows\System\kORGUSd.exe
  C:\Windows\System\kORGUSd.exe
  2⤵
  PID:8180
- C:\Windows\System\yhBNAbV.exe
  C:\Windows\System\yhBNAbV.exe
  2⤵
  PID:6552
- C:\Windows\System\PvAbFSL.exe
  C:\Windows\System\PvAbFSL.exe
  2⤵
  PID:4092
- C:\Windows\System\gjoUVkz.exe
  C:\Windows\System\gjoUVkz.exe
  2⤵
  PID:7260
- C:\Windows\System\kRWlzpA.exe
  C:\Windows\System\kRWlzpA.exe
  2⤵
  PID:1372
- C:\Windows\System\ZuWvQKE.exe
  C:\Windows\System\ZuWvQKE.exe
  2⤵
  PID:3384
- C:\Windows\System\TtscZwP.exe
  C:\Windows\System\TtscZwP.exe
  2⤵
  PID:7764
- C:\Windows\System\OthtNBP.exe
  C:\Windows\System\OthtNBP.exe
  2⤵
  PID:8096
- C:\Windows\System\nmVwINw.exe
  C:\Windows\System\nmVwINw.exe
  2⤵
  PID:336
- C:\Windows\System\MWbIcVs.exe
  C:\Windows\System\MWbIcVs.exe
  2⤵
  PID:7256
- C:\Windows\System\uecMKLZ.exe
  C:\Windows\System\uecMKLZ.exe
  2⤵
  PID:3940
- C:\Windows\System\sCOvsDF.exe
  C:\Windows\System\sCOvsDF.exe
  2⤵
  PID:3952
- C:\Windows\System\xUOlNsi.exe
  C:\Windows\System\xUOlNsi.exe
  2⤵
  PID:3136
- C:\Windows\System\FdPONlz.exe
  C:\Windows\System\FdPONlz.exe
  2⤵
  PID:8268
- C:\Windows\System\ImZxveg.exe
  C:\Windows\System\ImZxveg.exe
  2⤵
  PID:8372
- C:\Windows\System\zeJUJiQ.exe
  C:\Windows\System\zeJUJiQ.exe
  2⤵
  PID:8388
- C:\Windows\System\byLCaVx.exe
  C:\Windows\System\byLCaVx.exe
  2⤵
  PID:8408
- C:\Windows\System\NOvRPme.exe
  C:\Windows\System\NOvRPme.exe
  2⤵
  PID:8456
- C:\Windows\System\CPACjve.exe
  C:\Windows\System\CPACjve.exe
  2⤵
  PID:8476
- C:\Windows\System\KuxxOim.exe
  C:\Windows\System\KuxxOim.exe
  2⤵
  PID:8492
- C:\Windows\System\aPNEXrY.exe
  C:\Windows\System\aPNEXrY.exe
  2⤵
  PID:8540
- C:\Windows\System\fxIizSx.exe
  C:\Windows\System\fxIizSx.exe
  2⤵
  PID:8560
- C:\Windows\System\XFKoFeh.exe
  C:\Windows\System\XFKoFeh.exe
  2⤵
  PID:8592
- C:\Windows\System\KNeFfOn.exe
  C:\Windows\System\KNeFfOn.exe
  2⤵
  PID:8624
- C:\Windows\System\fBFYidx.exe
  C:\Windows\System\fBFYidx.exe
  2⤵
  PID:8656
- C:\Windows\System\UYMXoHC.exe
  C:\Windows\System\UYMXoHC.exe
  2⤵
  PID:8676
- C:\Windows\System\otHjgeQ.exe
  C:\Windows\System\otHjgeQ.exe
  2⤵
  PID:8700
- C:\Windows\System\PIVECxd.exe
  C:\Windows\System\PIVECxd.exe
  2⤵
  PID:8740
- C:\Windows\System\UOKAxqb.exe
  C:\Windows\System\UOKAxqb.exe
  2⤵
  PID:8768
- C:\Windows\System\WZHecaZ.exe
  C:\Windows\System\WZHecaZ.exe
  2⤵
  PID:8796
- C:\Windows\System\xzushNf.exe
  C:\Windows\System\xzushNf.exe
  2⤵
  PID:8812
- C:\Windows\System\oVzHkVz.exe
  C:\Windows\System\oVzHkVz.exe
  2⤵
  PID:8840
- C:\Windows\System\JOPZbMw.exe
  C:\Windows\System\JOPZbMw.exe
  2⤵
  PID:8856
- C:\Windows\System\YeuqVvF.exe
  C:\Windows\System\YeuqVvF.exe
  2⤵
  PID:8888
- C:\Windows\System\MPhyXjv.exe
  C:\Windows\System\MPhyXjv.exe
  2⤵
  PID:8924
- C:\Windows\System\TTZLgnh.exe
  C:\Windows\System\TTZLgnh.exe
  2⤵
  PID:8952
- C:\Windows\System\KYdNlTx.exe
  C:\Windows\System\KYdNlTx.exe
  2⤵
  PID:8980
- C:\Windows\System\aKQRact.exe
  C:\Windows\System\aKQRact.exe
  2⤵
  PID:9004
- C:\Windows\System\Wzuaxkv.exe
  C:\Windows\System\Wzuaxkv.exe
  2⤵
  PID:9036
- C:\Windows\System\amRggKu.exe
  C:\Windows\System\amRggKu.exe
  2⤵
  PID:9064
- C:\Windows\System\ORpFQSp.exe
  C:\Windows\System\ORpFQSp.exe
  2⤵
  PID:9104
- C:\Windows\System\OZJimav.exe
  C:\Windows\System\OZJimav.exe
  2⤵
  PID:9132
- C:\Windows\System\woowXLZ.exe
  C:\Windows\System\woowXLZ.exe
  2⤵
  PID:9148
- C:\Windows\System\eXPdlhu.exe
  C:\Windows\System\eXPdlhu.exe
  2⤵
  PID:9168
- C:\Windows\System\EFYOAEJ.exe
  C:\Windows\System\EFYOAEJ.exe
  2⤵
  PID:9204
- C:\Windows\System\ItISQAT.exe
  C:\Windows\System\ItISQAT.exe
  2⤵
  PID:7372
- C:\Windows\System\cYKkHNc.exe
  C:\Windows\System\cYKkHNc.exe
  2⤵
  PID:4604
- C:\Windows\System\QuCXVXf.exe
  C:\Windows\System\QuCXVXf.exe
  2⤵
  PID:8264
- C:\Windows\System\yRhBAEr.exe
  C:\Windows\System\yRhBAEr.exe
  2⤵
  PID:2004
- C:\Windows\System\ZnWXAPh.exe
  C:\Windows\System\ZnWXAPh.exe
  2⤵
  PID:8364
- C:\Windows\System\YNLrdqd.exe
  C:\Windows\System\YNLrdqd.exe
  2⤵
  PID:8428
- C:\Windows\System\tMCuEbw.exe
  C:\Windows\System\tMCuEbw.exe
  2⤵
  PID:8524
- C:\Windows\System\wVovvdC.exe
  C:\Windows\System\wVovvdC.exe
  2⤵
  PID:8572
- C:\Windows\System\aygxmVj.exe
  C:\Windows\System\aygxmVj.exe
  2⤵
  PID:8692
- C:\Windows\System\OBFsuGk.exe
  C:\Windows\System\OBFsuGk.exe
  2⤵
  PID:8736
- C:\Windows\System\gPoQxVx.exe
  C:\Windows\System\gPoQxVx.exe
  2⤵
  PID:8824
- C:\Windows\System\JtfmXDY.exe
  C:\Windows\System\JtfmXDY.exe
  2⤵
  PID:8908
- C:\Windows\System\umGzAyu.exe
  C:\Windows\System\umGzAyu.exe
  2⤵
  PID:8916
- C:\Windows\System\xomOtns.exe
  C:\Windows\System\xomOtns.exe
  2⤵
  PID:8964
- C:\Windows\System\zFWAEpb.exe
  C:\Windows\System\zFWAEpb.exe
  2⤵
  PID:9056
- C:\Windows\System\TWCpLrP.exe
  C:\Windows\System\TWCpLrP.exe
  2⤵
  PID:9116
- C:\Windows\System\shNCEGS.exe
  C:\Windows\System\shNCEGS.exe
  2⤵
  PID:9176
- C:\Windows\System\gpITKah.exe
  C:\Windows\System\gpITKah.exe
  2⤵
  PID:6824
- C:\Windows\System\pgyLzug.exe
  C:\Windows\System\pgyLzug.exe
  2⤵
  PID:8288
- C:\Windows\System\GzydGWc.exe
  C:\Windows\System\GzydGWc.exe
  2⤵
  PID:8484
- C:\Windows\System\nbzerpn.exe
  C:\Windows\System\nbzerpn.exe
  2⤵
  PID:8632
- C:\Windows\System\qZtlvPn.exe
  C:\Windows\System\qZtlvPn.exe
  2⤵
  PID:8728
- C:\Windows\System\fullpmu.exe
  C:\Windows\System\fullpmu.exe
  2⤵
  PID:8896
- C:\Windows\System\GSGyYzt.exe
  C:\Windows\System\GSGyYzt.exe
  2⤵
  PID:9088
- C:\Windows\System\hCCaqKK.exe
  C:\Windows\System\hCCaqKK.exe
  2⤵
  PID:9188
- C:\Windows\System\nECLHvv.exe
  C:\Windows\System\nECLHvv.exe
  2⤵
  PID:8468
- C:\Windows\System\IjXEoCs.exe
  C:\Windows\System\IjXEoCs.exe
  2⤵
  PID:8936
- C:\Windows\System\VGeVYuk.exe
  C:\Windows\System\VGeVYuk.exe
  2⤵
  PID:2688
- C:\Windows\System\VcZkVjO.exe
  C:\Windows\System\VcZkVjO.exe
  2⤵
  PID:8712
- C:\Windows\System\uXgdwwc.exe
  C:\Windows\System\uXgdwwc.exe
  2⤵
  PID:9232
- C:\Windows\System\LVAtfyQ.exe
  C:\Windows\System\LVAtfyQ.exe
  2⤵
  PID:9260
- C:\Windows\System\ZweZitM.exe
  C:\Windows\System\ZweZitM.exe
  2⤵
  PID:9288
- C:\Windows\System\VRAuKZu.exe
  C:\Windows\System\VRAuKZu.exe
  2⤵
  PID:9304
- C:\Windows\System\OUlZYqL.exe
  C:\Windows\System\OUlZYqL.exe
  2⤵
  PID:9332
- C:\Windows\System\suJSevQ.exe
  C:\Windows\System\suJSevQ.exe
  2⤵
  PID:9360
- C:\Windows\System\FESLRRS.exe
  C:\Windows\System\FESLRRS.exe
  2⤵
  PID:9400
- C:\Windows\System\LRczjnY.exe
  C:\Windows\System\LRczjnY.exe
  2⤵
  PID:9420
- C:\Windows\System\xBCLemJ.exe
  C:\Windows\System\xBCLemJ.exe
  2⤵
  PID:9456
- C:\Windows\System\UCTaagC.exe
  C:\Windows\System\UCTaagC.exe
  2⤵
  PID:9476
- C:\Windows\System\KdQoXNI.exe
  C:\Windows\System\KdQoXNI.exe
  2⤵
  PID:9504
- C:\Windows\System\tBZdRYn.exe
  C:\Windows\System\tBZdRYn.exe
  2⤵
  PID:9536
- C:\Windows\System\gGqRYqY.exe
  C:\Windows\System\gGqRYqY.exe
  2⤵
  PID:9560
- C:\Windows\System\cLiZDNL.exe
  C:\Windows\System\cLiZDNL.exe
  2⤵
  PID:9584
- C:\Windows\System\CQdIUvk.exe
  C:\Windows\System\CQdIUvk.exe
  2⤵
  PID:9612
- C:\Windows\System\zrRlkZT.exe
  C:\Windows\System\zrRlkZT.exe
  2⤵
  PID:9640
- C:\Windows\System\HBUCJop.exe
  C:\Windows\System\HBUCJop.exe
  2⤵
  PID:9680
- C:\Windows\System\xyvXESB.exe
  C:\Windows\System\xyvXESB.exe
  2⤵
  PID:9704
- C:\Windows\System\fUDHdpd.exe
  C:\Windows\System\fUDHdpd.exe
  2⤵
  PID:9732
- C:\Windows\System\WqhUlCV.exe
  C:\Windows\System\WqhUlCV.exe
  2⤵
  PID:9748
- C:\Windows\System\HenWDxH.exe
  C:\Windows\System\HenWDxH.exe
  2⤵
  PID:9772
- C:\Windows\System\cwUsJOU.exe
  C:\Windows\System\cwUsJOU.exe
  2⤵
  PID:9820
- C:\Windows\System\uRdmFgt.exe
  C:\Windows\System\uRdmFgt.exe
  2⤵
  PID:9844
- C:\Windows\System\pErmBNI.exe
  C:\Windows\System\pErmBNI.exe
  2⤵
  PID:9864
- C:\Windows\System\SmbMptK.exe
  C:\Windows\System\SmbMptK.exe
  2⤵
  PID:9900
- C:\Windows\System\EKeobKd.exe
  C:\Windows\System\EKeobKd.exe
  2⤵
  PID:9928
- C:\Windows\System\TaltBTD.exe
  C:\Windows\System\TaltBTD.exe
  2⤵
  PID:9956
- C:\Windows\System\RNPudKC.exe
  C:\Windows\System\RNPudKC.exe
  2⤵
  PID:9980
- C:\Windows\System\uciDjry.exe
  C:\Windows\System\uciDjry.exe
  2⤵
  PID:10012
- C:\Windows\System\btQRWxV.exe
  C:\Windows\System\btQRWxV.exe
  2⤵
  PID:10052
- C:\Windows\System\ZxiHOIh.exe
  C:\Windows\System\ZxiHOIh.exe
  2⤵
  PID:10080
- C:\Windows\System\NrbjmPX.exe
  C:\Windows\System\NrbjmPX.exe
  2⤵
  PID:10100
- C:\Windows\System\wQTIZsZ.exe
  C:\Windows\System\wQTIZsZ.exe
  2⤵
  PID:10140
- C:\Windows\System\swGOsDU.exe
  C:\Windows\System\swGOsDU.exe
  2⤵
  PID:10168
- C:\Windows\System\FMnOniu.exe
  C:\Windows\System\FMnOniu.exe
  2⤵
  PID:10196
- C:\Windows\System\VBxPnCi.exe
  C:\Windows\System\VBxPnCi.exe
  2⤵
  PID:10212
- C:\Windows\System\wKqFzSM.exe
  C:\Windows\System\wKqFzSM.exe
  2⤵
  PID:9244
- C:\Windows\System\dZSMIEu.exe
  C:\Windows\System\dZSMIEu.exe
  2⤵
  PID:9284
- C:\Windows\System\PiJZXgj.exe
  C:\Windows\System\PiJZXgj.exe
  2⤵
  PID:9388
- C:\Windows\System\jNhUOYb.exe
  C:\Windows\System\jNhUOYb.exe
  2⤵
  PID:9448
- C:\Windows\System\mvSWPDt.exe
  C:\Windows\System\mvSWPDt.exe
  2⤵
  PID:9464
- C:\Windows\System\NAocnaV.exe
  C:\Windows\System\NAocnaV.exe
  2⤵
  PID:9532
- C:\Windows\System\HkEoeNs.exe
  C:\Windows\System\HkEoeNs.exe
  2⤵
  PID:9608
- C:\Windows\System\glmqMak.exe
  C:\Windows\System\glmqMak.exe
  2⤵
  PID:9656
- C:\Windows\System\yQXcJNl.exe
  C:\Windows\System\yQXcJNl.exe
  2⤵
  PID:9696
- C:\Windows\System\UyFoMWO.exe
  C:\Windows\System\UyFoMWO.exe
  2⤵
  PID:9764
- C:\Windows\System\dUfTzSk.exe
  C:\Windows\System\dUfTzSk.exe
  2⤵
  PID:9872
- C:\Windows\System\HKwWQSO.exe
  C:\Windows\System\HKwWQSO.exe
  2⤵
  PID:9920
- C:\Windows\System\UfJtPZV.exe
  C:\Windows\System\UfJtPZV.exe
  2⤵
  PID:9992
- C:\Windows\System\YiStzSm.exe
  C:\Windows\System\YiStzSm.exe
  2⤵
  PID:10064
- C:\Windows\System\zfhcFFx.exe
  C:\Windows\System\zfhcFFx.exe
  2⤵
  PID:10132
- C:\Windows\System\BKOAbLb.exe
  C:\Windows\System\BKOAbLb.exe
  2⤵
  PID:10164
- C:\Windows\System\DYppyGe.exe
  C:\Windows\System\DYppyGe.exe
  2⤵
  PID:10204
- C:\Windows\System\hiiDtTA.exe
  C:\Windows\System\hiiDtTA.exe
  2⤵
  PID:3684
- C:\Windows\System\JHGhooI.exe
  C:\Windows\System\JHGhooI.exe
  2⤵
  PID:9568
- C:\Windows\System\wEDSpzS.exe
  C:\Windows\System\wEDSpzS.exe
  2⤵
  PID:1620
- C:\Windows\System\SMsJUTP.exe
  C:\Windows\System\SMsJUTP.exe
  2⤵
  PID:9744
- C:\Windows\System\FthGSOK.exe
  C:\Windows\System\FthGSOK.exe
  2⤵
  PID:10000
- C:\Windows\System\ZCXjQVV.exe
  C:\Windows\System\ZCXjQVV.exe
  2⤵
  PID:10092
- C:\Windows\System\zaOhZId.exe
  C:\Windows\System\zaOhZId.exe
  2⤵
  PID:9220
- C:\Windows\System\nXQLFQd.exe
  C:\Windows\System\nXQLFQd.exe
  2⤵
  PID:9380
- C:\Windows\System\iwoOSER.exe
  C:\Windows\System\iwoOSER.exe
  2⤵
  PID:9636
- C:\Windows\System\lzDHRSx.exe
  C:\Windows\System\lzDHRSx.exe
  2⤵
  PID:9856
- C:\Windows\System\mbnzFKX.exe
  C:\Windows\System\mbnzFKX.exe
  2⤵
  PID:10152
- C:\Windows\System\XSqwDiX.exe
  C:\Windows\System\XSqwDiX.exe
  2⤵
  PID:10244
- C:\Windows\System\pPRgqgS.exe
  C:\Windows\System\pPRgqgS.exe
  2⤵
  PID:10276
- C:\Windows\System\mBnxuzp.exe
  C:\Windows\System\mBnxuzp.exe
  2⤵
  PID:10316
- C:\Windows\System\PlNDPQH.exe
  C:\Windows\System\PlNDPQH.exe
  2⤵
  PID:10352
- C:\Windows\System\vrRrOgb.exe
  C:\Windows\System\vrRrOgb.exe
  2⤵
  PID:10384
- C:\Windows\System\GcTiurf.exe
  C:\Windows\System\GcTiurf.exe
  2⤵
  PID:10404
- C:\Windows\System\SbYCgAU.exe
  C:\Windows\System\SbYCgAU.exe
  2⤵
  PID:10428
- C:\Windows\System\FyuTHJF.exe
  C:\Windows\System\FyuTHJF.exe
  2⤵
  PID:10464
- C:\Windows\System\aAfPQtb.exe
  C:\Windows\System\aAfPQtb.exe
  2⤵
  PID:10496
- C:\Windows\System\Nqdlvjw.exe
  C:\Windows\System\Nqdlvjw.exe
  2⤵
  PID:10528
- C:\Windows\System\PGtTdXR.exe
  C:\Windows\System\PGtTdXR.exe
  2⤵
  PID:10552
- C:\Windows\System\eixQLcD.exe
  C:\Windows\System\eixQLcD.exe
  2⤵
  PID:10580
- C:\Windows\System\kjZUfUs.exe
  C:\Windows\System\kjZUfUs.exe
  2⤵
  PID:10608
- C:\Windows\System\XHwXhxu.exe
  C:\Windows\System\XHwXhxu.exe
  2⤵
  PID:10636
- C:\Windows\System\LowOmkI.exe
  C:\Windows\System\LowOmkI.exe
  2⤵
  PID:10676
- C:\Windows\System\ecPqLIZ.exe
  C:\Windows\System\ecPqLIZ.exe
  2⤵
  PID:10692
- C:\Windows\System\HmOthSx.exe
  C:\Windows\System\HmOthSx.exe
  2⤵
  PID:10728
- C:\Windows\System\FRgaXmT.exe
  C:\Windows\System\FRgaXmT.exe
  2⤵
  PID:10752
- C:\Windows\System\TRhxBkX.exe
  C:\Windows\System\TRhxBkX.exe
  2⤵
  PID:10784
- C:\Windows\System\UIWSeRT.exe
  C:\Windows\System\UIWSeRT.exe
  2⤵
  PID:10804
- C:\Windows\System\DqvthCh.exe
  C:\Windows\System\DqvthCh.exe
  2⤵
  PID:10832
- C:\Windows\System\pZrHwIE.exe
  C:\Windows\System\pZrHwIE.exe
  2⤵
  PID:10856
- C:\Windows\System\VvDJvFM.exe
  C:\Windows\System\VvDJvFM.exe
  2⤵
  PID:10888
- C:\Windows\System\mHlOMgO.exe
  C:\Windows\System\mHlOMgO.exe
  2⤵
  PID:10908
- C:\Windows\System\QnfGaEU.exe
  C:\Windows\System\QnfGaEU.exe
  2⤵
  PID:10972
- C:\Windows\System\KFbCqja.exe
  C:\Windows\System\KFbCqja.exe
  2⤵
  PID:11012
- C:\Windows\System\NWTLwPZ.exe
  C:\Windows\System\NWTLwPZ.exe
  2⤵
  PID:11028
- C:\Windows\System\DXMoccM.exe
  C:\Windows\System\DXMoccM.exe
  2⤵
  PID:11044
- C:\Windows\System\xBpKVLD.exe
  C:\Windows\System\xBpKVLD.exe
  2⤵
  PID:11064
- C:\Windows\System\rvStsZE.exe
  C:\Windows\System\rvStsZE.exe
  2⤵
  PID:11112
- C:\Windows\System\eaLBhgb.exe
  C:\Windows\System\eaLBhgb.exe
  2⤵
  PID:11132
- C:\Windows\System\MEGwCIO.exe
  C:\Windows\System\MEGwCIO.exe
  2⤵
  PID:11156
- C:\Windows\System\NabcitE.exe
  C:\Windows\System\NabcitE.exe
  2⤵
  PID:11192
- C:\Windows\System\JIxkoAB.exe
  C:\Windows\System\JIxkoAB.exe
  2⤵
  PID:11236
- C:\Windows\System\uhvigsb.exe
  C:\Windows\System\uhvigsb.exe
  2⤵
  PID:9668
- C:\Windows\System\phBVXmk.exe
  C:\Windows\System\phBVXmk.exe
  2⤵
  PID:4792
- C:\Windows\System\ydKLjtp.exe
  C:\Windows\System\ydKLjtp.exe
  2⤵
  PID:10260
- C:\Windows\System\zjDAZJN.exe
  C:\Windows\System\zjDAZJN.exe
  2⤵
  PID:10348
- C:\Windows\System\HTpybZR.exe
  C:\Windows\System\HTpybZR.exe
  2⤵
  PID:364
- C:\Windows\System\ppikCag.exe
  C:\Windows\System\ppikCag.exe
  2⤵
  PID:10572
- C:\Windows\System\tYLIsUh.exe
  C:\Windows\System\tYLIsUh.exe
  2⤵
  PID:10668
- C:\Windows\System\YAKfnTT.exe
  C:\Windows\System\YAKfnTT.exe
  2⤵
  PID:1176
- C:\Windows\System\vqlxAae.exe
  C:\Windows\System\vqlxAae.exe
  2⤵
  PID:10796
- C:\Windows\System\AzUobyX.exe
  C:\Windows\System\AzUobyX.exe
  2⤵
  PID:10060
- C:\Windows\System\ujwdBuU.exe
  C:\Windows\System\ujwdBuU.exe
  2⤵
  PID:10904
- C:\Windows\System\hLHoGUn.exe
  C:\Windows\System\hLHoGUn.exe
  2⤵
  PID:11000
- C:\Windows\System\wYyhEgF.exe
  C:\Windows\System\wYyhEgF.exe
  2⤵
  PID:11024
- C:\Windows\System\BgbsSTt.exe
  C:\Windows\System\BgbsSTt.exe
  2⤵
  PID:11088
- C:\Windows\System\YnCKYrh.exe
  C:\Windows\System\YnCKYrh.exe
  2⤵
  PID:11188
- C:\Windows\System\kjZvVxD.exe
  C:\Windows\System\kjZvVxD.exe
  2⤵
  PID:9600
- C:\Windows\System\oiyiRsD.exe
  C:\Windows\System\oiyiRsD.exe
  2⤵
  PID:9788
- C:\Windows\System\sPcnLnK.exe
  C:\Windows\System\sPcnLnK.exe
  2⤵
  PID:10332
- C:\Windows\System\JrFtXpV.exe
  C:\Windows\System\JrFtXpV.exe
  2⤵
  PID:10596
- C:\Windows\System\OCgyxpQ.exe
  C:\Windows\System\OCgyxpQ.exe
  2⤵
  PID:4660
- C:\Windows\System\IESGfpq.exe
  C:\Windows\System\IESGfpq.exe
  2⤵
  PID:10820
- C:\Windows\System\NiZBpuD.exe
  C:\Windows\System\NiZBpuD.exe
  2⤵
  PID:11036
- C:\Windows\System\brMZoIj.exe
  C:\Windows\System\brMZoIj.exe
  2⤵
  PID:11152
- C:\Windows\System\lgGFARE.exe
  C:\Windows\System\lgGFARE.exe
  2⤵
  PID:10380
- C:\Windows\System\FPqYeQN.exe
  C:\Windows\System\FPqYeQN.exe
  2⤵
  PID:11076
- C:\Windows\System\UnCWlIO.exe
  C:\Windows\System\UnCWlIO.exe
  2⤵
  PID:11172
- C:\Windows\System\wGtwokF.exe
  C:\Windows\System\wGtwokF.exe
  2⤵
  PID:10684
- C:\Windows\System\xOaojpu.exe
  C:\Windows\System\xOaojpu.exe
  2⤵
  PID:11276
- C:\Windows\System\TvgOeDs.exe
  C:\Windows\System\TvgOeDs.exe
  2⤵
  PID:11304
- C:\Windows\System\UFsFcBY.exe
  C:\Windows\System\UFsFcBY.exe
  2⤵
  PID:11320
- C:\Windows\System\ULJjCDO.exe
  C:\Windows\System\ULJjCDO.exe
  2⤵
  PID:11340
- C:\Windows\System\pCKlmDh.exe
  C:\Windows\System\pCKlmDh.exe
  2⤵
  PID:11372
- C:\Windows\System\IVDAIxa.exe
  C:\Windows\System\IVDAIxa.exe
  2⤵
  PID:11424
- C:\Windows\System\FyJKBmR.exe
  C:\Windows\System\FyJKBmR.exe
  2⤵
  PID:11448
- C:\Windows\System\aBgVhEF.exe
  C:\Windows\System\aBgVhEF.exe
  2⤵
  PID:11468
- C:\Windows\System\kxHiUom.exe
  C:\Windows\System\kxHiUom.exe
  2⤵
  PID:11496
- C:\Windows\System\NihhUds.exe
  C:\Windows\System\NihhUds.exe
  2⤵
  PID:11544
- C:\Windows\System\QmaXBOC.exe
  C:\Windows\System\QmaXBOC.exe
  2⤵
  PID:11572
- C:\Windows\System\POoHpYU.exe
  C:\Windows\System\POoHpYU.exe
  2⤵
  PID:11600
- C:\Windows\System\pKalJdD.exe
  C:\Windows\System\pKalJdD.exe
  2⤵
  PID:11628
- C:\Windows\System\VBTJmRY.exe
  C:\Windows\System\VBTJmRY.exe
  2⤵
  PID:11656
- C:\Windows\System\qScdCfF.exe
  C:\Windows\System\qScdCfF.exe
  2⤵
  PID:11684
- C:\Windows\System\PMYvXUu.exe
  C:\Windows\System\PMYvXUu.exe
  2⤵
  PID:11700
- C:\Windows\System\mxLEHIp.exe
  C:\Windows\System\mxLEHIp.exe
  2⤵
  PID:11728
- C:\Windows\System\QowsFre.exe
  C:\Windows\System\QowsFre.exe
  2⤵
  PID:11756
- C:\Windows\System\GvTmJDC.exe
  C:\Windows\System\GvTmJDC.exe
  2⤵
  PID:11784
- C:\Windows\System\HmlyPZU.exe
  C:\Windows\System\HmlyPZU.exe
  2⤵
  PID:11824
- C:\Windows\System\kAxHmsS.exe
  C:\Windows\System\kAxHmsS.exe
  2⤵
  PID:11840
- C:\Windows\System\gPwnmbp.exe
  C:\Windows\System\gPwnmbp.exe
  2⤵
  PID:11868
- C:\Windows\System\BdLSxWT.exe
  C:\Windows\System\BdLSxWT.exe
  2⤵
  PID:11908
- C:\Windows\System\SJLNoWV.exe
  C:\Windows\System\SJLNoWV.exe
  2⤵
  PID:11924
- C:\Windows\System\WAYeyOM.exe
  C:\Windows\System\WAYeyOM.exe
  2⤵
  PID:11948
- C:\Windows\System\PSpxuAx.exe
  C:\Windows\System\PSpxuAx.exe
  2⤵
  PID:11980
- C:\Windows\System\cNaAieP.exe
  C:\Windows\System\cNaAieP.exe
  2⤵
  PID:12008
- C:\Windows\System\HagcNnt.exe
  C:\Windows\System\HagcNnt.exe
  2⤵
  PID:12028
- C:\Windows\System\wsTqCvh.exe
  C:\Windows\System\wsTqCvh.exe
  2⤵
  PID:12052
- C:\Windows\System\HMXNlTX.exe
  C:\Windows\System\HMXNlTX.exe
  2⤵
  PID:12072
- C:\Windows\System\XaerUXg.exe
  C:\Windows\System\XaerUXg.exe
  2⤵
  PID:12096
- C:\Windows\System\GrgmlOG.exe
  C:\Windows\System\GrgmlOG.exe
  2⤵
  PID:12140
- C:\Windows\System\ZuIYohr.exe
  C:\Windows\System\ZuIYohr.exe
  2⤵
  PID:12164
- C:\Windows\System\OTfxsCn.exe
  C:\Windows\System\OTfxsCn.exe
  2⤵
  PID:12204
- C:\Windows\System\ZeMMIhZ.exe
  C:\Windows\System\ZeMMIhZ.exe
  2⤵
  PID:12232
- C:\Windows\System\DLhSKan.exe
  C:\Windows\System\DLhSKan.exe
  2⤵
  PID:12260
- C:\Windows\System\kRsnEeC.exe
  C:\Windows\System\kRsnEeC.exe
  2⤵
  PID:11124
- C:\Windows\System\IPhIPag.exe
  C:\Windows\System\IPhIPag.exe
  2⤵
  PID:11292
- C:\Windows\System\nexwPsb.exe
  C:\Windows\System\nexwPsb.exe
  2⤵
  PID:11316
- C:\Windows\System\frJCQjE.exe
  C:\Windows\System\frJCQjE.exe
  2⤵
  PID:11392
- C:\Windows\System\OHhoUWM.exe
  C:\Windows\System\OHhoUWM.exe
  2⤵
  PID:11484
- C:\Windows\System\FItQfVg.exe
  C:\Windows\System\FItQfVg.exe
  2⤵
  PID:11528
- C:\Windows\System\AjZwiDE.exe
  C:\Windows\System\AjZwiDE.exe
  2⤵
  PID:11620
- C:\Windows\System\QWupotE.exe
  C:\Windows\System\QWupotE.exe
  2⤵
  PID:11676
- C:\Windows\System\BQDsLik.exe
  C:\Windows\System\BQDsLik.exe
  2⤵
  PID:11744
- C:\Windows\System\fisggic.exe
  C:\Windows\System\fisggic.exe
  2⤵
  PID:11856
- C:\Windows\System\bOlMygb.exe
  C:\Windows\System\bOlMygb.exe
  2⤵
  PID:11888
- C:\Windows\System\rSNzpyR.exe
  C:\Windows\System\rSNzpyR.exe
  2⤵
  PID:11960
- C:\Windows\System\KKHHnmb.exe
  C:\Windows\System\KKHHnmb.exe
  2⤵
  PID:12064
- C:\Windows\System\GcpESoE.exe
  C:\Windows\System\GcpESoE.exe
  2⤵
  PID:12080
- C:\Windows\System\HJLifUD.exe
  C:\Windows\System\HJLifUD.exe
  2⤵
  PID:12192
- C:\Windows\System\BmMQUKw.exe
  C:\Windows\System\BmMQUKw.exe
  2⤵
  PID:12228
- C:\Windows\System\awcSdmZ.exe
  C:\Windows\System\awcSdmZ.exe
  2⤵
  PID:11272
- C:\Windows\System\BPQXIfR.exe
  C:\Windows\System\BPQXIfR.exe
  2⤵
  PID:11364
- C:\Windows\System\SBFbIlK.exe
  C:\Windows\System\SBFbIlK.exe
  2⤵
  PID:11592
- C:\Windows\System\pnhtomt.exe
  C:\Windows\System\pnhtomt.exe
  2⤵
  PID:11668
- C:\Windows\System\cYDoFfU.exe
  C:\Windows\System\cYDoFfU.exe
  2⤵
  PID:11884
- C:\Windows\System\hhhtqbh.exe
  C:\Windows\System\hhhtqbh.exe
  2⤵
  PID:3064
- C:\Windows\System\QbgLkEJ.exe
  C:\Windows\System\QbgLkEJ.exe
  2⤵
  PID:12180
- C:\Windows\System\dLCXjdy.exe
  C:\Windows\System\dLCXjdy.exe
  2⤵
  PID:12276
- C:\Windows\System\YretmVs.exe
  C:\Windows\System\YretmVs.exe
  2⤵
  PID:11716
- C:\Windows\System\lyqfjiU.exe
  C:\Windows\System\lyqfjiU.exe
  2⤵
  PID:11996
- C:\Windows\System\kMJPynB.exe
  C:\Windows\System\kMJPynB.exe
  2⤵
  PID:12024
- C:\Windows\System\pmSWjmi.exe
  C:\Windows\System\pmSWjmi.exe
  2⤵
  PID:11584
- C:\Windows\System\hDVVmTX.exe
  C:\Windows\System\hDVVmTX.exe
  2⤵
  PID:11944
- C:\Windows\System\hwImXiI.exe
  C:\Windows\System\hwImXiI.exe
  2⤵
  PID:12308
- C:\Windows\System\GhefuYN.exe
  C:\Windows\System\GhefuYN.exe
  2⤵
  PID:12352
- C:\Windows\System\CKyNHwN.exe
  C:\Windows\System\CKyNHwN.exe
  2⤵
  PID:12372
- C:\Windows\System\sFjmbVd.exe
  C:\Windows\System\sFjmbVd.exe
  2⤵
  PID:12392
- C:\Windows\System\OTgutzu.exe
  C:\Windows\System\OTgutzu.exe
  2⤵
  PID:12420
- C:\Windows\System\wmBtEJZ.exe
  C:\Windows\System\wmBtEJZ.exe
  2⤵
  PID:12460
- C:\Windows\System\AHHNBGx.exe
  C:\Windows\System\AHHNBGx.exe
  2⤵
  PID:12492
- C:\Windows\System\rcFBNhx.exe
  C:\Windows\System\rcFBNhx.exe
  2⤵
  PID:12524
- C:\Windows\System\LJvisPq.exe
  C:\Windows\System\LJvisPq.exe
  2⤵
  PID:12544
- C:\Windows\System\PTvWBwC.exe
  C:\Windows\System\PTvWBwC.exe
  2⤵
  PID:12572
- C:\Windows\System\kBYdYLl.exe
  C:\Windows\System\kBYdYLl.exe
  2⤵
  PID:12596
- C:\Windows\System\TubOESo.exe
  C:\Windows\System\TubOESo.exe
  2⤵
  PID:12620
- C:\Windows\System\EOzShgU.exe
  C:\Windows\System\EOzShgU.exe
  2⤵
  PID:12660
- C:\Windows\System\IrvfCQs.exe
  C:\Windows\System\IrvfCQs.exe
  2⤵
  PID:12692
- C:\Windows\System\sVDEwSG.exe
  C:\Windows\System\sVDEwSG.exe
  2⤵
  PID:12720
- C:\Windows\System\eJYRfsz.exe
  C:\Windows\System\eJYRfsz.exe
  2⤵
  PID:12752
- C:\Windows\System\HrbQlUK.exe
  C:\Windows\System\HrbQlUK.exe
  2⤵
  PID:12776
- C:\Windows\System\vhoxJSW.exe
  C:\Windows\System\vhoxJSW.exe
  2⤵
  PID:12800
- C:\Windows\System\QMDbzLI.exe
  C:\Windows\System\QMDbzLI.exe
  2⤵
  PID:12820
- C:\Windows\System\RndxSxb.exe
  C:\Windows\System\RndxSxb.exe
  2⤵
  PID:12836
- C:\Windows\System\efCAHuO.exe
  C:\Windows\System\efCAHuO.exe
  2⤵
  PID:12868
- C:\Windows\System\sPAXsEU.exe
  C:\Windows\System\sPAXsEU.exe
  2⤵
  PID:12896
- C:\Windows\System\sVHebUK.exe
  C:\Windows\System\sVHebUK.exe
  2⤵
  PID:12920
- C:\Windows\System\khpLywE.exe
  C:\Windows\System\khpLywE.exe
  2⤵
  PID:12944
- C:\Windows\System\DJmWGpT.exe
  C:\Windows\System\DJmWGpT.exe
  2⤵
  PID:12972
- C:\Windows\System\TFLmiJV.exe
  C:\Windows\System\TFLmiJV.exe
  2⤵
  PID:13008
- C:\Windows\System\fAqUreC.exe
  C:\Windows\System\fAqUreC.exe
  2⤵
  PID:13028
- C:\Windows\System\MTiurld.exe
  C:\Windows\System\MTiurld.exe
  2⤵
  PID:13048
- C:\Windows\System\FZwalUl.exe
  C:\Windows\System\FZwalUl.exe
  2⤵
  PID:13076
- C:\Windows\System\GFXHloe.exe
  C:\Windows\System\GFXHloe.exe
  2⤵
  PID:13120
- C:\Windows\System\pouaoPW.exe
  C:\Windows\System\pouaoPW.exe
  2⤵
  PID:13164
- C:\Windows\System\akVCOAR.exe
  C:\Windows\System\akVCOAR.exe
  2⤵
  PID:13180
- C:\Windows\System\YwzegDc.exe
  C:\Windows\System\YwzegDc.exe
  2⤵
  PID:13204
- C:\Windows\System\VfDTFGk.exe
  C:\Windows\System\VfDTFGk.exe
  2⤵
  PID:13228
- C:\Windows\System\NJhbYUJ.exe
  C:\Windows\System\NJhbYUJ.exe
  2⤵
  PID:13280
- C:\Windows\System\jmDnhja.exe
  C:\Windows\System\jmDnhja.exe
  2⤵
  PID:13308
- C:\Windows\System\aIldJsU.exe
  C:\Windows\System\aIldJsU.exe
  2⤵
  PID:12320
- C:\Windows\System\IaRAMoP.exe
  C:\Windows\System\IaRAMoP.exe
  2⤵
  PID:12384
- C:\Windows\System\GKTWGSs.exe
  C:\Windows\System\GKTWGSs.exe
  2⤵
  PID:12452
- C:\Windows\System\JwSaaHn.exe
  C:\Windows\System\JwSaaHn.exe
  2⤵
  PID:12480
- C:\Windows\System\iNUrgXA.exe
  C:\Windows\System\iNUrgXA.exe
  2⤵
  PID:12484
- C:\Windows\System\wQROodE.exe
  C:\Windows\System\wQROodE.exe
  2⤵
  PID:12668
- C:\Windows\System\kvOVbyr.exe
  C:\Windows\System\kvOVbyr.exe
  2⤵
  PID:12708
- C:\Windows\System\JkDhAYh.exe
  C:\Windows\System\JkDhAYh.exe
  2⤵
  PID:12784
- C:\Windows\System\YYRLCCF.exe
  C:\Windows\System\YYRLCCF.exe
  2⤵
  PID:12816
- C:\Windows\System\lpyEqoJ.exe
  C:\Windows\System\lpyEqoJ.exe
  2⤵
  PID:12908
- C:\Windows\System\MRBGqXf.exe
  C:\Windows\System\MRBGqXf.exe
  2⤵
  PID:12968
- C:\Windows\System\cztlGHn.exe
  C:\Windows\System\cztlGHn.exe
  2⤵
  PID:12996
- C:\Windows\System\SvIUImB.exe
  C:\Windows\System\SvIUImB.exe
  2⤵
  PID:13088
- C:\Windows\System\KDCTrhO.exe
  C:\Windows\System\KDCTrhO.exe
  2⤵
  PID:13072
- C:\Windows\System\yDMYGoT.exe
  C:\Windows\System\yDMYGoT.exe
  2⤵
  PID:13148
- C:\Windows\System\zJajpVR.exe
  C:\Windows\System\zJajpVR.exe
  2⤵
  PID:13220
- C:\Windows\System\CPkUaLe.exe
  C:\Windows\System\CPkUaLe.exe
  2⤵
  PID:11384
- C:\Windows\System\nmaFZdY.exe
  C:\Windows\System\nmaFZdY.exe
  2⤵
  PID:12532
- C:\Windows\System\MKFrGYT.exe
  C:\Windows\System\MKFrGYT.exe
  2⤵
  PID:4240
- C:\Windows\System\DcsVOhH.exe
  C:\Windows\System\DcsVOhH.exe
  2⤵
  PID:3536
- C:\Windows\System\pbgQebO.exe
  C:\Windows\System\pbgQebO.exe
  2⤵
  PID:12736
- C:\Windows\System\qqFBVHW.exe
  C:\Windows\System\qqFBVHW.exe
  2⤵
  PID:12904
- C:\Windows\System\fhFNQfV.exe
  C:\Windows\System\fhFNQfV.exe
  2⤵
  PID:13040
- C:\Windows\System\liZlxkV.exe
  C:\Windows\System\liZlxkV.exe
  2⤵
  PID:13264
- C:\Windows\System\ekIpOUE.exe
  C:\Windows\System\ekIpOUE.exe
  2⤵
  PID:12512
- C:\Windows\System\WRYyPfO.exe
  C:\Windows\System\WRYyPfO.exe
  2⤵
  PID:4620
- C:\Windows\System\YJquwuF.exe
  C:\Windows\System\YJquwuF.exe
  2⤵
  PID:12768
- C:\Windows\System\ZqbRklD.exe
  C:\Windows\System\ZqbRklD.exe
  2⤵
  PID:13104
- C:\Windows\System\xZLUOIy.exe
  C:\Windows\System\xZLUOIy.exe
  2⤵
  PID:3108
- C:\Windows\System\qvWzeLd.exe
  C:\Windows\System\qvWzeLd.exe
  2⤵
  PID:13356
- C:\Windows\System\wHNWfmf.exe
  C:\Windows\System\wHNWfmf.exe
  2⤵
  PID:13384
- C:\Windows\System\xQPFAUc.exe
  C:\Windows\System\xQPFAUc.exe
  2⤵
  PID:13428
- C:\Windows\System\JXOvslu.exe
  C:\Windows\System\JXOvslu.exe
  2⤵
  PID:13444
- C:\Windows\System\qvhGQiu.exe
  C:\Windows\System\qvhGQiu.exe
  2⤵
  PID:13484
- C:\Windows\System\diueVee.exe
  C:\Windows\System\diueVee.exe
  2⤵
  PID:13516
- C:\Windows\System\vkUfEOr.exe
  C:\Windows\System\vkUfEOr.exe
  2⤵
  PID:13532
- C:\Windows\System\XAwwadG.exe
  C:\Windows\System\XAwwadG.exe
  2⤵
  PID:13556
- C:\Windows\System\XCqsduC.exe
  C:\Windows\System\XCqsduC.exe
  2⤵
  PID:13584
- C:\Windows\System\bvhDxSG.exe
  C:\Windows\System\bvhDxSG.exe
  2⤵
  PID:13628
- C:\Windows\System\pvLkDET.exe
  C:\Windows\System\pvLkDET.exe
  2⤵
  PID:13644
- C:\Windows\System\zpoKzKD.exe
  C:\Windows\System\zpoKzKD.exe
  2⤵
  PID:13672
- C:\Windows\System\VUGGmHp.exe
  C:\Windows\System\VUGGmHp.exe
  2⤵
  PID:13692
- C:\Windows\System\bztZhzX.exe
  C:\Windows\System\bztZhzX.exe
  2⤵
  PID:13716
- C:\Windows\System\WPrMNIp.exe
  C:\Windows\System\WPrMNIp.exe
  2⤵
  PID:13740
- C:\Windows\System\QnRMCHk.exe
  C:\Windows\System\QnRMCHk.exe
  2⤵
  PID:13784
- C:\Windows\System\AgnLYlu.exe
  C:\Windows\System\AgnLYlu.exe
  2⤵
  PID:13800
- C:\Windows\System\ukKqDRD.exe
  C:\Windows\System\ukKqDRD.exe
  2⤵
  PID:13832
- C:\Windows\System\eKigifO.exe
  C:\Windows\System\eKigifO.exe
  2⤵
  PID:13852
- C:\Windows\System\EStjORP.exe
  C:\Windows\System\EStjORP.exe
  2⤵
  PID:13880
- C:\Windows\System\WkRpDRz.exe
  C:\Windows\System\WkRpDRz.exe
  2⤵
  PID:13924
- C:\Windows\System\UoDkIsI.exe
  C:\Windows\System\UoDkIsI.exe
  2⤵
  PID:13944
- C:\Windows\System\PhxYNKr.exe
  C:\Windows\System\PhxYNKr.exe
  2⤵
  PID:13976
- C:\Windows\System\idjgHRD.exe
  C:\Windows\System\idjgHRD.exe
  2⤵
  PID:14008
- C:\Windows\System\OfzjNgW.exe
  C:\Windows\System\OfzjNgW.exe
  2⤵
  PID:14024
- C:\Windows\System\TrzDDKr.exe
  C:\Windows\System\TrzDDKr.exe
  2⤵
  PID:14064
- C:\Windows\System\vfOvYob.exe
  C:\Windows\System\vfOvYob.exe
  2⤵
  PID:14112
- C:\Windows\System\NPreIcO.exe
  C:\Windows\System\NPreIcO.exe
  2⤵
  PID:14128
- C:\Windows\System\skUBWTp.exe
  C:\Windows\System\skUBWTp.exe
  2⤵
  PID:14168
- C:\Windows\System\UtAQlOf.exe
  C:\Windows\System\UtAQlOf.exe
  2⤵
  PID:14184
- C:\Windows\System\lEnUnIH.exe
  C:\Windows\System\lEnUnIH.exe
  2⤵
  PID:14204
- C:\Windows\System\RNyEZZH.exe
  C:\Windows\System\RNyEZZH.exe
  2⤵
  PID:14232
- C:\Windows\System\PGjNNny.exe
  C:\Windows\System\PGjNNny.exe
  2⤵
  PID:14260
- C:\Windows\System\rteAVhr.exe
  C:\Windows\System\rteAVhr.exe
  2⤵
  PID:14288
- C:\Windows\System\bjNQHqX.exe
  C:\Windows\System\bjNQHqX.exe
  2⤵
  PID:12644
- C:\Windows\System\VTuieeQ.exe
  C:\Windows\System\VTuieeQ.exe
  2⤵
  PID:13316
- C:\Windows\System\IXcZCDx.exe
  C:\Windows\System\IXcZCDx.exe
  2⤵
  PID:13352
- C:\Windows\System\IUiIIbb.exe
  C:\Windows\System\IUiIIbb.exe
  2⤵
  PID:13400
- C:\Windows\System\Roognkh.exe
  C:\Windows\System\Roognkh.exe
  2⤵
  PID:13524
- C:\Windows\System\KCaXBjO.exe
  C:\Windows\System\KCaXBjO.exe
  2⤵
  PID:13580
- C:\Windows\System\UenosvI.exe
  C:\Windows\System\UenosvI.exe
  2⤵
  PID:13660
- C:\Windows\System\QKYcgTS.exe
  C:\Windows\System\QKYcgTS.exe
  2⤵
  PID:13712
- C:\Windows\System\DpDYlrl.exe
  C:\Windows\System\DpDYlrl.exe
  2⤵
  PID:13708
- C:\Windows\System\hcDQEnC.exe
  C:\Windows\System\hcDQEnC.exe
  2⤵
  PID:13828
- C:\Windows\System\FgriOtl.exe
  C:\Windows\System\FgriOtl.exe
  2⤵
  PID:13872
- C:\Windows\System\HpSqICE.exe
  C:\Windows\System\HpSqICE.exe
  2⤵
  PID:13896
- C:\Windows\System\PeJishj.exe
  C:\Windows\System\PeJishj.exe
  2⤵
  PID:13972
- C:\Windows\System\VfnxDyn.exe
  C:\Windows\System\VfnxDyn.exe
  2⤵
  PID:14048
- C:\Windows\System\aExyJGc.exe
  C:\Windows\System\aExyJGc.exe
  2⤵
  PID:14124
- C:\Windows\System\cOifinm.exe
  C:\Windows\System\cOifinm.exe
  2⤵
  PID:14176
- C:\Windows\System\emcouqi.exe
  C:\Windows\System\emcouqi.exe
  2⤵
  PID:14248
- C:\Windows\System\pIaPSue.exe
  C:\Windows\System\pIaPSue.exe
  2⤵
  PID:14332
- C:\Windows\System\mQSXfvk.exe
  C:\Windows\System\mQSXfvk.exe
  2⤵
  PID:13420
- C:\Windows\System\KSUFhlC.exe
  C:\Windows\System\KSUFhlC.exe
  2⤵
  PID:13640
- C:\Windows\System\WjyVHLa.exe
  C:\Windows\System\WjyVHLa.exe
  2⤵
  PID:13752
- C:\Windows\System\zsLBXeR.exe
  C:\Windows\System\zsLBXeR.exe
  2⤵
  PID:13864
- C:\Windows\System\KLzxayv.exe
  C:\Windows\System\KLzxayv.exe
  2⤵
  PID:14020
- C:\Windows\System\BtPikME.exe
  C:\Windows\System\BtPikME.exe
  2⤵
  PID:14192

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AxabWgf.exe

Filesize
1.6MB

MD5
ac8321f158062a8b7ac9b9bfbd19715f

SHA1
bb36fd2c020869ca18d1cdd4fdb2e4f47a5a1cb5

SHA256
40a362f489f061c0c273cbfceedc4a4cb4785e5760d779acaa95f3d9a50a0aa5

SHA512
a81033811fdb9846cd5a081c25ec6cd2b07dec20a14973570bee7efac893e93fafa9464e20dd4e995ee129b0e0d08fc58c25d05389b3a1a5ba0d2c57df4a7035

Download Submit
C:\Windows\System\Dmjmhbo.exe

Filesize
1.6MB

MD5
c243cb2bc092b226b09f35b668007691

SHA1
9cbb5b8499d6b49515cd3162ee6243cb7b259974

SHA256
4641f569ec57a19ad28ee1e4b12adc31cb2ab6704336a60efa2eea11a68eb95f

SHA512
ce785bfaf65cbb275563401973bc21dece4b2326b008a7378901aeb30d40c1c5f7c03f15d7ced977d33011c359a29b0d863bd19867bee24bab5a2fe5f4140b66

Download Submit
C:\Windows\System\HQcNCTC.exe

Filesize
1.6MB

MD5
f0b9450a01f6bf0c8513dff2ba2f9fda

SHA1
2e373573d4c1911fc9cdb4fb508b32be2604b435

SHA256
4304e049343136cb514ba57343d5217e337c6e10ceaeb969a593bcffe459e6d1

SHA512
baafbcb3f3a8313f22f8df39f53d9e3bb4652b376bf36721539746153ad994671eab5879ebf4b87ec8c55731afa21fa2f704540bc3c7c8c7309eae0da25fec58

Download Submit
C:\Windows\System\IzEAqjx.exe

Filesize
1.6MB

MD5
04ed5cb602c48896b2735fe20d9e634f

SHA1
51b031c741ec93971a2e338574514c07c87645e4

SHA256
63e0a3ba15517e791e4a6d649db0135b6679b32cbab08dae6a9a913632df89ad

SHA512
4d10b6ff44e8d6fd8ac400155f4ac9c1da06f53c0101defe6f9648aa7d56cb9519a0aa3eea83c3319817b2977b17399065a78d5b4ba35f3711952b2eaeb25dbe

Download Submit
C:\Windows\System\JkYAFKK.exe

Filesize
1.6MB

MD5
761fb40ed98151c49ce2b66b6d7af2ed

SHA1
b12eff8bdeb1eab3f309710e0128985736f35e91

SHA256
8e2002e81d5e8a2ee008fc9455cb397f6c075b3ae350faa26653ed79a4b316b3

SHA512
1933da2716ac9262410e46c548b8db192ca3a2da052449ab86d520a1f44f6175f6f69f6c897484c6d07c2236e38513ee832ecfe2a7a01008af99ee77e903bf68

Download Submit
C:\Windows\System\KALjLwB.exe

Filesize
1.6MB

MD5
93d51e069a2806a4d65cc35b1a035701

SHA1
b4a9a3a43eef70689267bbf9a5a3c55e68ebaea2

SHA256
110962578c8ad4acfb1632fc3b128611819b54dee826bfa245a0682c96ee7cc1

SHA512
dc31f8138fbdd9f93a052a76eccc8184c3253e832599b94f334f96588066f57abbf47949e9c7daf6f768b43086c0e974366e06cca32e34141a1404ce0117c3fb

Download Submit
C:\Windows\System\PFVbbJu.exe

Filesize
1.6MB

MD5
7d5fb2d51e4be481999ef35f39a1480e

SHA1
8a7f3cd254df092a33025571d5ef2972781c8c56

SHA256
49a0458a1ed99af0d9df70191f8b2797045d65a11152e0ea0e22c1961e81e151

SHA512
5a26af849534c8677ac445f119b46416ad7c4a5b747e382f647dc1d95be6a5f06042b16b775bbdb9e7b13d1e3d6c3bed303f423fc89acfbf9a180af728a93255

Download Submit
C:\Windows\System\PHuMsjg.exe

Filesize
1.6MB

MD5
be1b27074adcb2204552abe395185876

SHA1
93658c66d9382397cb112bf1005234bc5a332d9e

SHA256
6eaa9f33a5ded557aa633adbbdae735ecc6f392ce93dc4487e9f216a775d4dda

SHA512
3f816bd93fedcd615fbf8217e779c06f4d8fd0d829deb45c3f60991ca35baa540f6125bd4aa6c2fa2ac13ab02b20fbc454eba40b5e8f949819091ffaef7e2790

Download Submit
C:\Windows\System\PhHBrcD.exe

Filesize
1.6MB

MD5
f41b2a10ac4e04d567efe16532d55fec

SHA1
ff19503ecb5cdf4ca786aca1ba7eb89d5c9f8aed

SHA256
6e1a58937a1ebb1e98bbadbe043fdfda84e4277ddef9c1568b017501e0bc3b44

SHA512
83e9204cb8472d9620a3ad50f88ca2af28fcef233d7d5f680d0cc40eabdef20e3a8c19870d8de9c516db636a89f6250a7f528142cc74cc83db634591f00e3845

Download Submit
C:\Windows\System\PoMqITk.exe

Filesize
1.6MB

MD5
1c646725974b044b410bc59e32925cfc

SHA1
654e9dfc59ffe6d4cd51d58b1dbbabf4b3e7bd62

SHA256
c22f5e983758071c956d5d8d5cf257cb0d4b8f9403fac3c5f7313bfbfede00a0

SHA512
36c1efa811d7076b971ecc03d5a39ba46072d6372b1228485d8bce476319c39c29c37620f31ff4aa1049b7b83d0bda3bf1555b73dae9f2fcbd3b9ab226853a9c

Download Submit
C:\Windows\System\PxgKxUw.exe

Filesize
1.6MB

MD5
ff060fa5c77f336d2947df34b291613b

SHA1
42f3ded40022610415ba87fce47d13623c449bad

SHA256
a088220d7c10431139a76ba6d683036c4a3b6da3e6933a402406d8bead9397d4

SHA512
f563a695e63138f434b41b1627d5ad692430bdd8bfa93e5df465c04bb960d2a824c5a7b22a1f0689e8fb642a1d0c92e8b6df8a3690dba8551a8bea7762d19573

Download Submit
C:\Windows\System\SudHZyl.exe

Filesize
1.6MB

MD5
55d978caa18f2f4a811a592b19bddff4

SHA1
fba6d754bae6f284389eba7d524e153a85e20263

SHA256
e26b444651122e2b2770a2679de57bdbc83659d87ae3b5a31e851976f92e639f

SHA512
bb9adba3e883896ffa21b5dab774870d81ccbc428010a15ba0d9e8d20e82419e9479f7e7a712ea3bcae7a5a853b7702b3fa962bec675674031e53d7f5a5ac87e

Download Submit
C:\Windows\System\TXxclcT.exe

Filesize
1.6MB

MD5
2b7c171766285b3f916b65af6fccc5be

SHA1
d1bcf956fd04667e0c8e8672bd86276a889dc5f2

SHA256
75a868261d54fedc2dcedfe5e3445a268c62df61bf0f9e0a3e51c0f255897c46

SHA512
dd700d15ceacf8a8c28dfeb1a27890c9ddda5e5efb1cc3712414a01eff564c6413dd08f3ba4256e30c0b0abb5c24ab90bc32e0f0b5a8e4fdbdb5bf269f03e9ca

Download Submit
C:\Windows\System\VYarOzd.exe

Filesize
1.6MB

MD5
f69b1e2f80dbc798d9a340761b1d2285

SHA1
785ec060d94bc2240caf1879a56487b787855125

SHA256
4f269b438f81ae584e0bd2e171439f392c654529d4a23a1c1022c4dfe4a16c2a

SHA512
bd83d1e2f69a9c44fb0600e51893d747b279a2bd32ba2b45a3f85f209106ab850f72d2760149f7087e5523048acf62e8190b5a2830470f7de14e9a6515f9cc03

Download Submit
C:\Windows\System\XQuccHh.exe

Filesize
1.6MB

MD5
6e042f990eda36a1e6f9de90be680709

SHA1
d8581adeaf49ce08471ef6bd4945afa5ababb226

SHA256
659dca98201e63d00dc1eafe03df6150a37069ce18e4c4368a390d9c01cf3fa0

SHA512
3faad77545c27c3c92574039bee51c7b02cd18486db180d1230430a23381eff049c400e00514ad2a619acf308bec66ce6b27657ac1049df4ec13d471471b632e

Download Submit
C:\Windows\System\YZkyCHw.exe

Filesize
1.6MB

MD5
bfbf85ae242f99a2bf34af94654ef20a

SHA1
f4f39d865760ffe8840c7a4d1882ed72bece2a90

SHA256
13cb016d54061d25f0b47e8180ada0ef7e553416c53071b38183f5a8109c2817

SHA512
1095d8a3df8c71010d29539bc6b31f1dd234a9ba7db744017a70dea28f97ab045cef334bd5a76ec80f72404df1b8e94951451e8b0afbedc09b2c88eda8b487d7

Download Submit
C:\Windows\System\ZJfBZQD.exe

Filesize
1.6MB

MD5
3a188fe57aaaf2edd31932b811f433eb

SHA1
0d7bc8454cc8b66bfb3e450b17350b4a6b8e3f1e

SHA256
921e2dc4572240671f97080d483644c766c0ee494148beec7c9f846c55359caf

SHA512
907d576bde4f4a17603e8bc977fd49e68254c53aa7880f6536fd22007a147443d11e36582ff105883e9b684ab6d9d339bfcdf5001e7b2ed8a5b8284e7cb24194

Download Submit
C:\Windows\System\aVGvowQ.exe

Filesize
1.6MB

MD5
5c8aaf70f077c5d095a97abf3b49989e

SHA1
6bb042edb22819c1d1567140061cbcc5209a5dc3

SHA256
72f248ce1c037fb445f8815697a3656a6467cb37a3b2c2f4ac3272b2a5a2bd2d

SHA512
1238b08704c3329a46dcc8f772785fed869d7d670d6a0b220e927b27011505520ae6f16190d9780d09205539eadad3beb7d55e3057e22537be19d2e7a770d086

Download Submit
C:\Windows\System\bDOPjqx.exe

Filesize
1.6MB

MD5
d8d5210d389a0c1c5e6e1e9828364dea

SHA1
2d313b7a6c27795fa6a8ebce52470ce5692ca200

SHA256
c1276564702dce4e5410c5e7313c6513437dea6871f5e4a9e4774e79214095c0

SHA512
e840f2c8cba438754da0983c030d984b59aebd39df0bbf002c2c97fc4a703e9a96ced74a7496a2ac92c7b1c4b9758e4286c84efcff43408fc83c1b7b037622bc

Download Submit
C:\Windows\System\cJbXEtL.exe

Filesize
1.6MB

MD5
1f23bf05e1e87cbf17ea550cd9f82a22

SHA1
cb91db5da092b31b8b3489747e1e2e83bcc71be7

SHA256
9137f2daf4dc9f3961830a4e21af7ffed5a46ccb37c8043f28d1149b6f7b58c9

SHA512
81bcd781f6a9162b1c895cc7560d1c02b6a32519045b9371f96a394e567c34c64261acfba9071c556177e05c910ddef10d8a482a641209c4d9374efe3d5a7022

Download Submit
C:\Windows\System\dtBMBmN.exe

Filesize
1.6MB

MD5
ff579e66f4c180cb896dba6f37f21da4

SHA1
e9ffb835ff4d2239778746d38b7c562733684144

SHA256
2a2c9238e4a07b9875d29395ff75cb3e384282d983b412f64330f83f41358d5e

SHA512
cc3c1baade8a9720b3a752657c8197a8697eaebf20225eab03f25f323d0ae4b8cf3af5f165ee2b8541d520c352ac0b3ff82e51effc5f066f771d31e10875a9e9

Download Submit
C:\Windows\System\eRNdhaP.exe

Filesize
1.6MB

MD5
ae23dafe9862e3ffab0bb6481fdef43a

SHA1
f2eed0550ae7e86eb8f388a6418396c953cae8ce

SHA256
da96e0d9d40554d42be2e13e8211dd02457a0618d87dfb12830935885e91d53b

SHA512
a7a4bfc06b17cd30b954a114877ee2e991dd3061d9cbe4f97aa14f2d2a80c56c35c5ed5784cb2ecacf5b05de7f6c9a39ed2d0c9deb13d1e59210b472c94a4cab

Download Submit
C:\Windows\System\fNAZsUB.exe

Filesize
1.6MB

MD5
504ced312e85f0e713327a1a64694381

SHA1
a47ebc9ac1ee8ce91b993762aea306a04be2bb43

SHA256
49054e89ae773fc2f08dfd392b3173149e32d7ef6e58edc583c439e773761205

SHA512
e2855a748d61eb071eaea9d5b2668248b660847f486fcd4a4c4175638034ad16c2bd8561e0de4f4594ae1dbfe4059399f1b5f8fc2f28c877b837fe497300c95f

Download Submit
C:\Windows\System\gkXxkFE.exe

Filesize
1.6MB

MD5
403576b67df576c869f280b870e4f56a

SHA1
bbb919899f5f3fa05b50afb25852a6919fb7bf4f

SHA256
f1a09f16fb8cf39fe2899607fe8d3cb6f85416e2687571a10e395949b7a65e6d

SHA512
2eaeb938e46d5e90986dd8967a721b2d6bafdab0456d8058184c073481f84fcab3cc2d8abc0a863338b5dbef15eb6f732abd35f95d58cf0c9fbd1f6e6ee3e318

Download Submit
C:\Windows\System\gwDbcUx.exe

Filesize
1.6MB

MD5
b182d0ff481d8bf1a7ebcfc970743366

SHA1
ddc66dbff294737adbf1b2c649a0778daea1cf0b

SHA256
0fe266e1475e858c5004450a6c29269d394ba39ce014b4988e0746fec0e1c02d

SHA512
8dc42fcc6c9966e39b8a5977a13586f8fa11116d90cc4617d3d25d308bc56935aaa29a2459fb3c739364c52ce970fee82eae87d6766f3b0a6ceb093114c3e072

Download Submit
C:\Windows\System\hKgRiEv.exe

Filesize
1.6MB

MD5
2a3bf98956bcc13c2d1b81f42a2a7143

SHA1
088be1bb61d01f29d4e7fccf68ddfabdf7eb6b9d

SHA256
7d4a8bb2e50138184e0600a87ae2dd6e5fede70eeb2c45ee30aa4886fbeadd0c

SHA512
f9781ca485702c8bf70ad8486d3194cc8507d95816ba6c705584353a983e426f46168d76e9b5b68d4c0e5137e1097c79a57b4a1f63c870ad5ba0f9737abfccfe

Download Submit
C:\Windows\System\mafuPZy.exe

Filesize
1.6MB

MD5
1ff9bee11623e1c8125458f6b63ded7f

SHA1
e877f39666fccadc88040163f8ca78a69960a376

SHA256
008a64d4c91bf1a7f0ce23a1e483cfa334c37c88946cb9f69749e5625c1405c8

SHA512
5ca040282832c176bfd4d797637d52b659f994850363dbe85f9c6302b7610e9076233b87da5c04d8e8f59ae47a3d5945e88b1f1b05c611249c35a838617e5343

Download Submit
C:\Windows\System\magLnxf.exe

Filesize
1.6MB

MD5
d032fb386fd9a27593ddbf0f5417b162

SHA1
1a962245519d19a761308b047e36a24e3a08ed18

SHA256
b9912f3b1fb8d2930914928fedd598c262144735b469d1c1b69b24ba8e68542c

SHA512
011febba870a46c6ac9c34ccecaac4d358cde6179a44dc07c5926fae701ef4857b324d1a83f99ae285d1dd9b99314d8802859c9bb7908664c5fbba43571572e8

Download Submit
C:\Windows\System\oguHeTA.exe

Filesize
1.6MB

MD5
446853eb43bcaf1eba63fbd36427e794

SHA1
42c53738757c03083cdeb98e7e2b93bd80664447

SHA256
482f926b0017eae84b899a8ae9385956e931787644211733ae872609b6caa7b6

SHA512
cfaae8e5ed257b4a4a7b7c3a0364f9a5fee9d34981b1588230e235a228b4caabd8e55b40e82ca7f70635a59f3b06c41ce5f14c6e4c5e846e351346fea2167e14

Download Submit
C:\Windows\System\rIMtlJG.exe

Filesize
1.6MB

MD5
cf6f72be7a7da7f89827a6255411219a

SHA1
12d87102b778e79b75a6081b2479dd4351674cc7

SHA256
5597998b2ea74fd79945c2715978b9a49e5dd59b0a16710101c2231dbc84e973

SHA512
080251cc113bba3cb89e6305435b0a2ed63b810a0a03605ed5f4c39b5514f883956042bb58c9d8772928f935025e61463a716d949213b5fbb8352617b8f3627c

Download Submit
C:\Windows\System\wazJwXw.exe

Filesize
1.6MB

MD5
01e92adaf87c7359f45c48e08b2f5dd4

SHA1
3576eb78b0abaa427f5033292ad59bf80ffbbedc

SHA256
a11b7d56b485655efe77de0ef2aa5b5a8f31029b78de6a0855efc7edaa110491

SHA512
c92a244dede8b6079d626fc83d72cf3b16f3bc3b650a7beb3bffeca806654071d2148e611b7807b9e95f008c04d9401b404f1cd8967da021b875b199ba1955aa

Download Submit
C:\Windows\System\ycaKNXT.exe

Filesize
1.6MB

MD5
64eb17111631e3f4c92fa9b9c572fd66

SHA1
b36aad9cf96d69a2f05a7c17efbc181ea036d785

SHA256
56f3e43f18b5e119c4389d847926bd4346cde8f6ea765a7253bff77ae126ebb9

SHA512
4f1a8eff2eb4bb4093599c5c990f6940ab0d3138cc62e69effb454f6272dbaed53ab987ceb1dd38fd7bfbead0520648c8661d838031c4794dae54c1cb5de8eff

Download Submit
C:\Windows\System\yoypVCJ.exe

Filesize
1.6MB

MD5
346d80f8a39d32b6b872a352d4ac6a77

SHA1
e19ef6550201202e71b0c9b668646c674b4f11bf

SHA256
5d704f44f6730a55cb01288d8e183b5b60b2b61bdd5f3d35be51c6c7f7c6c72b

SHA512
f4d356458ab4523a8682535972bf66be1cac2be652cf6b148c1d2a78fbaff271e18db5d78b9f4a9b5084e135b9fa28bf97b0fe791f24252f16a58e5e194450bc

Download Submit
memory/32-2163-0x00007FF71B6A0000-0x00007FF71B9F4000-memory.dmp

Filesize
3.3MB

Download
memory/32-126-0x00007FF71B6A0000-0x00007FF71B9F4000-memory.dmp

Filesize
3.3MB

Download
memory/32-33-0x00007FF71B6A0000-0x00007FF71B9F4000-memory.dmp

Filesize
3.3MB

Download
memory/220-2168-0x00007FF633540000-0x00007FF633894000-memory.dmp

Filesize
3.3MB

Download
memory/220-930-0x00007FF633540000-0x00007FF633894000-memory.dmp

Filesize
3.3MB

Download
memory/220-41-0x00007FF633540000-0x00007FF633894000-memory.dmp

Filesize
3.3MB

Download
memory/400-2162-0x00007FF6CC750000-0x00007FF6CCAA4000-memory.dmp

Filesize
3.3MB

Download
memory/400-18-0x00007FF6CC750000-0x00007FF6CCAA4000-memory.dmp

Filesize
3.3MB

Download
memory/756-1449-0x00007FF602320000-0x00007FF602674000-memory.dmp

Filesize
3.3MB

Download
memory/756-2169-0x00007FF602320000-0x00007FF602674000-memory.dmp

Filesize
3.3MB

Download
memory/756-61-0x00007FF602320000-0x00007FF602674000-memory.dmp

Filesize
3.3MB

Download
memory/904-2164-0x00007FF6CB4F0000-0x00007FF6CB844000-memory.dmp

Filesize
3.3MB

Download
memory/904-120-0x00007FF6CB4F0000-0x00007FF6CB844000-memory.dmp

Filesize
3.3MB

Download
memory/904-14-0x00007FF6CB4F0000-0x00007FF6CB844000-memory.dmp

Filesize
3.3MB

Download
memory/920-973-0x00007FF6404D0000-0x00007FF640824000-memory.dmp

Filesize
3.3MB

Download
memory/920-2185-0x00007FF6404D0000-0x00007FF640824000-memory.dmp

Filesize
3.3MB

Download
memory/1192-106-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2157-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2181-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp

Filesize
3.3MB

Download
memory/1272-90-0x00007FF7D42B0000-0x00007FF7D4604000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2174-0x00007FF7D42B0000-0x00007FF7D4604000-memory.dmp

Filesize
3.3MB

Download
memory/1284-111-0x00007FF6FD170000-0x00007FF6FD4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1284-2188-0x00007FF6FD170000-0x00007FF6FD4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1284-2158-0x00007FF6FD170000-0x00007FF6FD4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1324-2179-0x00007FF66BCA0000-0x00007FF66BFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1324-942-0x00007FF66BCA0000-0x00007FF66BFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2171-0x00007FF6C5560000-0x00007FF6C58B4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-67-0x00007FF6C5560000-0x00007FF6C58B4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-1450-0x00007FF6C5560000-0x00007FF6C58B4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2190-0x00007FF75E020000-0x00007FF75E374000-memory.dmp

Filesize
3.3MB

Download
memory/1672-931-0x00007FF75E020000-0x00007FF75E374000-memory.dmp

Filesize
3.3MB

Download
memory/1672-45-0x00007FF75E020000-0x00007FF75E374000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2184-0x00007FF694C70000-0x00007FF694FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-100-0x00007FF694C70000-0x00007FF694FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2156-0x00007FF694C70000-0x00007FF694FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-937-0x00007FF62B120000-0x00007FF62B474000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2170-0x00007FF62B120000-0x00007FF62B474000-memory.dmp

Filesize
3.3MB

Download
memory/2560-60-0x00007FF62B120000-0x00007FF62B474000-memory.dmp

Filesize
3.3MB

Download
memory/2988-955-0x00007FF7C7130000-0x00007FF7C7484000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2186-0x00007FF7C7130000-0x00007FF7C7484000-memory.dmp

Filesize
3.3MB

Download
memory/3576-2175-0x00007FF69DB90000-0x00007FF69DEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3576-94-0x00007FF69DB90000-0x00007FF69DEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3576-2155-0x00007FF69DB90000-0x00007FF69DEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3812-118-0x00007FF788520000-0x00007FF788874000-memory.dmp

Filesize
3.3MB

Download
memory/3812-0-0x00007FF788520000-0x00007FF788874000-memory.dmp

Filesize
3.3MB

Download
memory/3812-1-0x0000023564AF0000-0x0000023564B00000-memory.dmp

Filesize
64KB

Download
memory/3872-2182-0x00007FF7B2BC0000-0x00007FF7B2F14000-memory.dmp

Filesize
3.3MB

Download
memory/3872-980-0x00007FF7B2BC0000-0x00007FF7B2F14000-memory.dmp

Filesize
3.3MB

Download
memory/3916-985-0x00007FF6FC080000-0x00007FF6FC3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3916-2183-0x00007FF6FC080000-0x00007FF6FC3D4000-memory.dmp

Filesize
3.3MB

Download
memory/4024-2165-0x00007FF604400000-0x00007FF604754000-memory.dmp

Filesize
3.3MB

Download
memory/4024-56-0x00007FF604400000-0x00007FF604754000-memory.dmp

Filesize
3.3MB

Download
memory/4024-933-0x00007FF604400000-0x00007FF604754000-memory.dmp

Filesize
3.3MB

Download
memory/4272-2159-0x00007FF717950000-0x00007FF717CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4272-2180-0x00007FF717950000-0x00007FF717CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4272-119-0x00007FF717950000-0x00007FF717CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-2154-0x00007FF661A60000-0x00007FF661DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-2173-0x00007FF661A60000-0x00007FF661DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-82-0x00007FF661A60000-0x00007FF661DB4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-78-0x00007FF62DBF0000-0x00007FF62DF44000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2172-0x00007FF62DBF0000-0x00007FF62DF44000-memory.dmp

Filesize
3.3MB

Download
memory/4612-958-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp

Filesize
3.3MB

Download
memory/4612-2177-0x00007FF7DCFE0000-0x00007FF7DD334000-memory.dmp

Filesize
3.3MB

Download
memory/4752-128-0x00007FF733EF0000-0x00007FF734244000-memory.dmp

Filesize
3.3MB

Download
memory/4752-2161-0x00007FF733EF0000-0x00007FF734244000-memory.dmp

Filesize
3.3MB

Download
memory/4752-2178-0x00007FF733EF0000-0x00007FF734244000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2166-0x00007FF78CBC0000-0x00007FF78CF14000-memory.dmp

Filesize
3.3MB

Download
memory/4816-50-0x00007FF78CBC0000-0x00007FF78CF14000-memory.dmp

Filesize
3.3MB

Download
memory/4924-964-0x00007FF7F19A0000-0x00007FF7F1CF4000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2189-0x00007FF7F19A0000-0x00007FF7F1CF4000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2167-0x00007FF616FB0000-0x00007FF617304000-memory.dmp

Filesize
3.3MB

Download
memory/5000-40-0x00007FF616FB0000-0x00007FF617304000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2160-0x00007FF6D4CC0000-0x00007FF6D5014000-memory.dmp

Filesize
3.3MB

Download
memory/5020-127-0x00007FF6D4CC0000-0x00007FF6D5014000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2176-0x00007FF6D4CC0000-0x00007FF6D5014000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2187-0x00007FF78BB20000-0x00007FF78BE74000-memory.dmp

Filesize
3.3MB

Download
memory/5080-946-0x00007FF78BB20000-0x00007FF78BE74000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads