xmrig | 0a8391bea681e8a1974239b63b60f67049441fdda670775faf7b5477c6e92076

Analysis

max time kernel
115s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f046a2a5819b87e798a85d81e50db090_NEIKI.exe
Size

2.0MB
MD5

f046a2a5819b87e798a85d81e50db090
SHA1

04c3d75b1c0c54553cca3731a3aab59623b3321e
SHA256

0a8391bea681e8a1974239b63b60f67049441fdda670775faf7b5477c6e92076
SHA512

261b9d1939e60e4dfb128edfebe3316dca4e4210a212156bf9be2cf5885ef584117c723db04435ac2be59a5e3d2d0cd51f29dfe3b9b57272cf33f91977314a29
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQOY2UrwgfF:BemTLkNdfE0pZrQV

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3996-0-0x00007FF772670000-0x00007FF7729C4000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b78-8.dat	xmrig
behavioral2/memory/1436-16-0x00007FF606C10000-0x00007FF606F64000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b80-25.dat	xmrig
behavioral2/files/0x000a000000023b7f-30.dat	xmrig
behavioral2/memory/4992-41-0x00007FF7577E0000-0x00007FF757B34000-memory.dmp	xmrig
behavioral2/memory/1096-46-0x00007FF6267B0000-0x00007FF626B04000-memory.dmp	xmrig
behavioral2/memory/2632-49-0x00007FF68A770000-0x00007FF68AAC4000-memory.dmp	xmrig
behavioral2/memory/396-50-0x00007FF616A90000-0x00007FF616DE4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b82-47.dat	xmrig
behavioral2/memory/4296-45-0x00007FF676880000-0x00007FF676BD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b81-43.dat	xmrig
behavioral2/memory/1788-42-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp	xmrig
behavioral2/memory/4584-38-0x00007FF6D2CF0000-0x00007FF6D3044000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b7e-28.dat	xmrig
behavioral2/files/0x000a000000023b7d-26.dat	xmrig
behavioral2/files/0x000a000000023b7c-12.dat	xmrig
behavioral2/files/0x000a000000023b84-63.dat	xmrig
behavioral2/files/0x000b000000023b79-64.dat	xmrig
behavioral2/files/0x000a000000023b88-84.dat	xmrig
behavioral2/files/0x000a000000023b8a-91.dat	xmrig
behavioral2/files/0x000a000000023b8f-112.dat	xmrig
behavioral2/files/0x000a000000023b93-131.dat	xmrig
behavioral2/files/0x000a000000023b98-163.dat	xmrig
behavioral2/memory/3416-189-0x00007FF781920000-0x00007FF781C74000-memory.dmp	xmrig
behavioral2/memory/5068-194-0x00007FF686F80000-0x00007FF6872D4000-memory.dmp	xmrig
behavioral2/memory/3244-209-0x00007FF75DC70000-0x00007FF75DFC4000-memory.dmp	xmrig
behavioral2/memory/972-215-0x00007FF71ABB0000-0x00007FF71AF04000-memory.dmp	xmrig
behavioral2/memory/3536-218-0x00007FF6185E0000-0x00007FF618934000-memory.dmp	xmrig
behavioral2/memory/1044-217-0x00007FF62CA00000-0x00007FF62CD54000-memory.dmp	xmrig
behavioral2/memory/4048-216-0x00007FF6F1200000-0x00007FF6F1554000-memory.dmp	xmrig
behavioral2/memory/1212-214-0x00007FF7D9210000-0x00007FF7D9564000-memory.dmp	xmrig
behavioral2/memory/3100-213-0x00007FF606D40000-0x00007FF607094000-memory.dmp	xmrig
behavioral2/memory/1088-212-0x00007FF7CA8A0000-0x00007FF7CABF4000-memory.dmp	xmrig
behavioral2/memory/4284-211-0x00007FF733680000-0x00007FF7339D4000-memory.dmp	xmrig
behavioral2/memory/1192-210-0x00007FF6DDC80000-0x00007FF6DDFD4000-memory.dmp	xmrig
behavioral2/memory/4728-205-0x00007FF6B04B0000-0x00007FF6B0804000-memory.dmp	xmrig
behavioral2/memory/4740-204-0x00007FF66D000000-0x00007FF66D354000-memory.dmp	xmrig
behavioral2/memory/1608-193-0x00007FF73FA80000-0x00007FF73FDD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b92-184.dat	xmrig
behavioral2/memory/4128-182-0x00007FF734740000-0x00007FF734A94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b9f-181.dat	xmrig
behavioral2/files/0x000a000000023b9e-180.dat	xmrig
behavioral2/files/0x000a000000023b91-177.dat	xmrig
behavioral2/files/0x000a000000023b9d-176.dat	xmrig
behavioral2/files/0x000a000000023b9c-175.dat	xmrig
behavioral2/files/0x000a000000023b90-172.dat	xmrig
behavioral2/files/0x000a000000023b9b-169.dat	xmrig
behavioral2/files/0x000a000000023b9a-168.dat	xmrig
behavioral2/files/0x000a000000023b99-166.dat	xmrig
behavioral2/memory/4344-157-0x00007FF7F2450000-0x00007FF7F27A4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b97-155.dat	xmrig
behavioral2/files/0x000a000000023b96-153.dat	xmrig
behavioral2/files/0x000a000000023b8c-152.dat	xmrig
behavioral2/files/0x000a000000023b95-148.dat	xmrig
behavioral2/files/0x000a000000023b8b-143.dat	xmrig
behavioral2/files/0x000a000000023b8e-137.dat	xmrig
behavioral2/files/0x000a000000023b94-134.dat	xmrig
behavioral2/files/0x000a000000023b8d-130.dat	xmrig
behavioral2/memory/1520-127-0x00007FF642940000-0x00007FF642C94000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b87-115.dat	xmrig
behavioral2/memory/2128-105-0x00007FF621C80000-0x00007FF621FD4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b89-120.dat	xmrig
behavioral2/files/0x000a000000023b86-102.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1436	lGqjHzb.exe
4584	hRajjAO.exe
2632	lMAXAUh.exe
4992	AKqkSIG.exe
1788	PBUyAqa.exe
4296	CSALAnJ.exe
1096	DwfduPW.exe
396	UhRNwYw.exe
4424	hpiSxDZ.exe
2424	yEKOQez.exe
2128	hIeHIXH.exe
1212	qUUYluN.exe
972	JaYBGNo.exe
1520	WwVhFfR.exe
4344	ziVNtVX.exe
4128	RfzKzSl.exe
3416	Dqnfqty.exe
4048	uAovRRq.exe
1608	iGlIWVh.exe
1044	OaGUgqP.exe
5068	yJwyqiy.exe
4740	kOZzAHF.exe
4728	SXVxLia.exe
3536	EGsayDO.exe
3244	nlJVASU.exe
1192	YEIhHQz.exe
4284	zeelIET.exe
1088	GWQVouy.exe
3100	RaNHhtw.exe
1932	KVVLigD.exe
3012	tbVfGYm.exe
2840	RkxOAhS.exe
468	nMPMFwm.exe
3920	rZjihHU.exe
1660	gMYYqyR.exe
4748	CKRJMmJ.exe
4432	aFmghGS.exe
1592	aAfymSj.exe
2164	kbqeSGh.exe
2432	wYaoACu.exe
404	sFTWsFD.exe
4948	sFcIVzb.exe
4256	qYuwueo.exe
60	QhoJahA.exe
4912	PFWCzdz.exe
3132	hkhPqnp.exe
3212	LdKNcLV.exe
1040	BDmWTBm.exe
2436	fLtzVWy.exe
2856	ZYOYnSy.exe
1376	THAJIjf.exe
4012	MmwlgbV.exe
1940	eoNdMGT.exe
1812	YXIYWeV.exe
3888	qZghkmh.exe
1964	rbEyvpS.exe
1448	cvrRPph.exe
2816	VnQeOaI.exe
2864	mMjjuaA.exe
3668	zBLwTWc.exe
4852	OxQNtUA.exe
5028	BLlxRjs.exe
3588	YqAFbeC.exe
3484	TEHdJGG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3996-0-0x00007FF772670000-0x00007FF7729C4000-memory.dmp	upx
behavioral2/files/0x000b000000023b78-8.dat	upx
behavioral2/memory/1436-16-0x00007FF606C10000-0x00007FF606F64000-memory.dmp	upx
behavioral2/files/0x000a000000023b80-25.dat	upx
behavioral2/files/0x000a000000023b7f-30.dat	upx
behavioral2/memory/4992-41-0x00007FF7577E0000-0x00007FF757B34000-memory.dmp	upx
behavioral2/memory/1096-46-0x00007FF6267B0000-0x00007FF626B04000-memory.dmp	upx
behavioral2/memory/2632-49-0x00007FF68A770000-0x00007FF68AAC4000-memory.dmp	upx
behavioral2/memory/396-50-0x00007FF616A90000-0x00007FF616DE4000-memory.dmp	upx
behavioral2/files/0x000a000000023b82-47.dat	upx
behavioral2/memory/4296-45-0x00007FF676880000-0x00007FF676BD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b81-43.dat	upx
behavioral2/memory/1788-42-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp	upx
behavioral2/memory/4584-38-0x00007FF6D2CF0000-0x00007FF6D3044000-memory.dmp	upx
behavioral2/files/0x000a000000023b7e-28.dat	upx
behavioral2/files/0x000a000000023b7d-26.dat	upx
behavioral2/files/0x000a000000023b7c-12.dat	upx
behavioral2/files/0x000a000000023b84-63.dat	upx
behavioral2/files/0x000b000000023b79-64.dat	upx
behavioral2/files/0x000a000000023b88-84.dat	upx
behavioral2/files/0x000a000000023b8a-91.dat	upx
behavioral2/files/0x000a000000023b8f-112.dat	upx
behavioral2/files/0x000a000000023b93-131.dat	upx
behavioral2/files/0x000a000000023b98-163.dat	upx
behavioral2/memory/3416-189-0x00007FF781920000-0x00007FF781C74000-memory.dmp	upx
behavioral2/memory/5068-194-0x00007FF686F80000-0x00007FF6872D4000-memory.dmp	upx
behavioral2/memory/3244-209-0x00007FF75DC70000-0x00007FF75DFC4000-memory.dmp	upx
behavioral2/memory/972-215-0x00007FF71ABB0000-0x00007FF71AF04000-memory.dmp	upx
behavioral2/memory/3536-218-0x00007FF6185E0000-0x00007FF618934000-memory.dmp	upx
behavioral2/memory/1044-217-0x00007FF62CA00000-0x00007FF62CD54000-memory.dmp	upx
behavioral2/memory/4048-216-0x00007FF6F1200000-0x00007FF6F1554000-memory.dmp	upx
behavioral2/memory/1212-214-0x00007FF7D9210000-0x00007FF7D9564000-memory.dmp	upx
behavioral2/memory/3100-213-0x00007FF606D40000-0x00007FF607094000-memory.dmp	upx
behavioral2/memory/1088-212-0x00007FF7CA8A0000-0x00007FF7CABF4000-memory.dmp	upx
behavioral2/memory/4284-211-0x00007FF733680000-0x00007FF7339D4000-memory.dmp	upx
behavioral2/memory/1192-210-0x00007FF6DDC80000-0x00007FF6DDFD4000-memory.dmp	upx
behavioral2/memory/4728-205-0x00007FF6B04B0000-0x00007FF6B0804000-memory.dmp	upx
behavioral2/memory/4740-204-0x00007FF66D000000-0x00007FF66D354000-memory.dmp	upx
behavioral2/memory/1608-193-0x00007FF73FA80000-0x00007FF73FDD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b92-184.dat	upx
behavioral2/memory/4128-182-0x00007FF734740000-0x00007FF734A94000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-181.dat	upx
behavioral2/files/0x000a000000023b9e-180.dat	upx
behavioral2/files/0x000a000000023b91-177.dat	upx
behavioral2/files/0x000a000000023b9d-176.dat	upx
behavioral2/files/0x000a000000023b9c-175.dat	upx
behavioral2/files/0x000a000000023b90-172.dat	upx
behavioral2/files/0x000a000000023b9b-169.dat	upx
behavioral2/files/0x000a000000023b9a-168.dat	upx
behavioral2/files/0x000a000000023b99-166.dat	upx
behavioral2/memory/4344-157-0x00007FF7F2450000-0x00007FF7F27A4000-memory.dmp	upx
behavioral2/files/0x000a000000023b97-155.dat	upx
behavioral2/files/0x000a000000023b96-153.dat	upx
behavioral2/files/0x000a000000023b8c-152.dat	upx
behavioral2/files/0x000a000000023b95-148.dat	upx
behavioral2/files/0x000a000000023b8b-143.dat	upx
behavioral2/files/0x000a000000023b8e-137.dat	upx
behavioral2/files/0x000a000000023b94-134.dat	upx
behavioral2/files/0x000a000000023b8d-130.dat	upx
behavioral2/memory/1520-127-0x00007FF642940000-0x00007FF642C94000-memory.dmp	upx
behavioral2/files/0x000a000000023b87-115.dat	upx
behavioral2/memory/2128-105-0x00007FF621C80000-0x00007FF621FD4000-memory.dmp	upx
behavioral2/files/0x000a000000023b89-120.dat	upx
behavioral2/files/0x000a000000023b86-102.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QsIGQHv.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\CDSfxQh.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\uIsioZZ.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\PhHFKUI.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\nfTZTjO.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\EmDbwvb.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\uzhnbmk.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\tbVfGYm.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\NytolhH.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\WCPqcmB.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\yJwyqiy.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\UcMuVnJ.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\EnQxPQN.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\jzHBIfc.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\HVaYoFk.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\LdKNcLV.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\VnQeOaI.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\vjJagSr.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\qeKuxYH.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\ickdOWM.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\oziIKTa.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\sCfrLNT.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\fLtzVWy.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\FbclIzy.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\FhUqmFa.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\ZLBRCzd.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\QdvvydL.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\eUdaYlO.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\CpcJbvD.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\XiWcJOJ.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\DwfduPW.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\YqAFbeC.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\EzSlebh.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\UbTKIDi.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\pPGAAZv.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\BoPEVST.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\VyTOQEG.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\PxEAHHp.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\gudrGtp.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\NPBttPz.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\HPZNMzy.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\Tsadczb.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\ziVNtVX.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\GWQVouy.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\RaNHhtw.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\NdDGhim.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\UiKZEhZ.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\eIsFEvc.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\bJlxJfg.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\asGAYkE.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\zfQWlDf.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\AYdJTvO.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\QCXDvxi.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\gnMIOeO.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\GpoTpEB.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\ILsVoEb.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\YeaNRui.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\GDXtkBd.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\NilZZHS.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\nviEIVK.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\bopxNXe.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\TSHmiAL.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\SXVxLia.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe
File created	C:\Windows\System\nmAfRxH.exe	f046a2a5819b87e798a85d81e50db090_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15008	dwm.exe
Token: SeChangeNotifyPrivilege	15008	dwm.exe
Token: 33	15008	dwm.exe
Token: SeIncBasePriorityPrivilege	15008	dwm.exe
Token: SeShutdownPrivilege	15008	dwm.exe
Token: SeCreatePagefilePrivilege	15008	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 1436	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	84
PID 3996 wrote to memory of 1436	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	84
PID 3996 wrote to memory of 4584	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	85
PID 3996 wrote to memory of 4584	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	85
PID 3996 wrote to memory of 2632	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	86
PID 3996 wrote to memory of 2632	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	86
PID 3996 wrote to memory of 4992	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	87
PID 3996 wrote to memory of 4992	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	87
PID 3996 wrote to memory of 1788	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	88
PID 3996 wrote to memory of 1788	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	88
PID 3996 wrote to memory of 4296	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	89
PID 3996 wrote to memory of 4296	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	89
PID 3996 wrote to memory of 1096	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	90
PID 3996 wrote to memory of 1096	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	90
PID 3996 wrote to memory of 396	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	91
PID 3996 wrote to memory of 396	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	91
PID 3996 wrote to memory of 4424	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	92
PID 3996 wrote to memory of 4424	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	92
PID 3996 wrote to memory of 2424	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	93
PID 3996 wrote to memory of 2424	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	93
PID 3996 wrote to memory of 2128	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	94
PID 3996 wrote to memory of 2128	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	94
PID 3996 wrote to memory of 1212	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	95
PID 3996 wrote to memory of 1212	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	95
PID 3996 wrote to memory of 972	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	96
PID 3996 wrote to memory of 972	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	96
PID 3996 wrote to memory of 1520	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	97
PID 3996 wrote to memory of 1520	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	97
PID 3996 wrote to memory of 4344	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	98
PID 3996 wrote to memory of 4344	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	98
PID 3996 wrote to memory of 4128	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	99
PID 3996 wrote to memory of 4128	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	99
PID 3996 wrote to memory of 3416	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	100
PID 3996 wrote to memory of 3416	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	100
PID 3996 wrote to memory of 4048	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	101
PID 3996 wrote to memory of 4048	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	101
PID 3996 wrote to memory of 1608	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	102
PID 3996 wrote to memory of 1608	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	102
PID 3996 wrote to memory of 1044	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	103
PID 3996 wrote to memory of 1044	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	103
PID 3996 wrote to memory of 1192	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	104
PID 3996 wrote to memory of 1192	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	104
PID 3996 wrote to memory of 5068	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	105
PID 3996 wrote to memory of 5068	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	105
PID 3996 wrote to memory of 4740	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	106
PID 3996 wrote to memory of 4740	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	106
PID 3996 wrote to memory of 4728	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	107
PID 3996 wrote to memory of 4728	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	107
PID 3996 wrote to memory of 1932	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	108
PID 3996 wrote to memory of 1932	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	108
PID 3996 wrote to memory of 3536	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	109
PID 3996 wrote to memory of 3536	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	109
PID 3996 wrote to memory of 3244	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	110
PID 3996 wrote to memory of 3244	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	110
PID 3996 wrote to memory of 4284	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	111
PID 3996 wrote to memory of 4284	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	111
PID 3996 wrote to memory of 1088	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	112
PID 3996 wrote to memory of 1088	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	112
PID 3996 wrote to memory of 3100	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	113
PID 3996 wrote to memory of 3100	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	113
PID 3996 wrote to memory of 3012	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	114
PID 3996 wrote to memory of 3012	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	114
PID 3996 wrote to memory of 2840	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	115
PID 3996 wrote to memory of 2840	3996	f046a2a5819b87e798a85d81e50db090_NEIKI.exe	115

C:\Users\Admin\AppData\Local\Temp\f046a2a5819b87e798a85d81e50db090_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\f046a2a5819b87e798a85d81e50db090_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\System\lGqjHzb.exe
  C:\Windows\System\lGqjHzb.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\hRajjAO.exe
  C:\Windows\System\hRajjAO.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\lMAXAUh.exe
  C:\Windows\System\lMAXAUh.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\AKqkSIG.exe
  C:\Windows\System\AKqkSIG.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\PBUyAqa.exe
  C:\Windows\System\PBUyAqa.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\CSALAnJ.exe
  C:\Windows\System\CSALAnJ.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\DwfduPW.exe
  C:\Windows\System\DwfduPW.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\UhRNwYw.exe
  C:\Windows\System\UhRNwYw.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\hpiSxDZ.exe
  C:\Windows\System\hpiSxDZ.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\yEKOQez.exe
  C:\Windows\System\yEKOQez.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\hIeHIXH.exe
  C:\Windows\System\hIeHIXH.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\qUUYluN.exe
  C:\Windows\System\qUUYluN.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\JaYBGNo.exe
  C:\Windows\System\JaYBGNo.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\WwVhFfR.exe
  C:\Windows\System\WwVhFfR.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\ziVNtVX.exe
  C:\Windows\System\ziVNtVX.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\RfzKzSl.exe
  C:\Windows\System\RfzKzSl.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\Dqnfqty.exe
  C:\Windows\System\Dqnfqty.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\uAovRRq.exe
  C:\Windows\System\uAovRRq.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\iGlIWVh.exe
  C:\Windows\System\iGlIWVh.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\OaGUgqP.exe
  C:\Windows\System\OaGUgqP.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\YEIhHQz.exe
  C:\Windows\System\YEIhHQz.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\yJwyqiy.exe
  C:\Windows\System\yJwyqiy.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\kOZzAHF.exe
  C:\Windows\System\kOZzAHF.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\SXVxLia.exe
  C:\Windows\System\SXVxLia.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\KVVLigD.exe
  C:\Windows\System\KVVLigD.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\EGsayDO.exe
  C:\Windows\System\EGsayDO.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\nlJVASU.exe
  C:\Windows\System\nlJVASU.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\zeelIET.exe
  C:\Windows\System\zeelIET.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\GWQVouy.exe
  C:\Windows\System\GWQVouy.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\RaNHhtw.exe
  C:\Windows\System\RaNHhtw.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\tbVfGYm.exe
  C:\Windows\System\tbVfGYm.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\RkxOAhS.exe
  C:\Windows\System\RkxOAhS.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\nMPMFwm.exe
  C:\Windows\System\nMPMFwm.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\rZjihHU.exe
  C:\Windows\System\rZjihHU.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\gMYYqyR.exe
  C:\Windows\System\gMYYqyR.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\CKRJMmJ.exe
  C:\Windows\System\CKRJMmJ.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\aFmghGS.exe
  C:\Windows\System\aFmghGS.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\aAfymSj.exe
  C:\Windows\System\aAfymSj.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\kbqeSGh.exe
  C:\Windows\System\kbqeSGh.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\wYaoACu.exe
  C:\Windows\System\wYaoACu.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\sFTWsFD.exe
  C:\Windows\System\sFTWsFD.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\sFcIVzb.exe
  C:\Windows\System\sFcIVzb.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\qYuwueo.exe
  C:\Windows\System\qYuwueo.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\QhoJahA.exe
  C:\Windows\System\QhoJahA.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\PFWCzdz.exe
  C:\Windows\System\PFWCzdz.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\hkhPqnp.exe
  C:\Windows\System\hkhPqnp.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\LdKNcLV.exe
  C:\Windows\System\LdKNcLV.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\BDmWTBm.exe
  C:\Windows\System\BDmWTBm.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\fLtzVWy.exe
  C:\Windows\System\fLtzVWy.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\ZYOYnSy.exe
  C:\Windows\System\ZYOYnSy.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\THAJIjf.exe
  C:\Windows\System\THAJIjf.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\MmwlgbV.exe
  C:\Windows\System\MmwlgbV.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\eoNdMGT.exe
  C:\Windows\System\eoNdMGT.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\YXIYWeV.exe
  C:\Windows\System\YXIYWeV.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\qZghkmh.exe
  C:\Windows\System\qZghkmh.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\rbEyvpS.exe
  C:\Windows\System\rbEyvpS.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\VnQeOaI.exe
  C:\Windows\System\VnQeOaI.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\cvrRPph.exe
  C:\Windows\System\cvrRPph.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\mMjjuaA.exe
  C:\Windows\System\mMjjuaA.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\zBLwTWc.exe
  C:\Windows\System\zBLwTWc.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\OxQNtUA.exe
  C:\Windows\System\OxQNtUA.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\BLlxRjs.exe
  C:\Windows\System\BLlxRjs.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\YqAFbeC.exe
  C:\Windows\System\YqAFbeC.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\TEHdJGG.exe
  C:\Windows\System\TEHdJGG.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\zVQZWgc.exe
  C:\Windows\System\zVQZWgc.exe
  2⤵
  PID:3548
- C:\Windows\System\XTgbkTz.exe
  C:\Windows\System\XTgbkTz.exe
  2⤵
  PID:4136
- C:\Windows\System\CqFkLuh.exe
  C:\Windows\System\CqFkLuh.exe
  2⤵
  PID:4956
- C:\Windows\System\nCViabB.exe
  C:\Windows\System\nCViabB.exe
  2⤵
  PID:2664
- C:\Windows\System\ICfkEOb.exe
  C:\Windows\System\ICfkEOb.exe
  2⤵
  PID:1100
- C:\Windows\System\MmhRgNG.exe
  C:\Windows\System\MmhRgNG.exe
  2⤵
  PID:5072
- C:\Windows\System\WpYrduk.exe
  C:\Windows\System\WpYrduk.exe
  2⤵
  PID:1196
- C:\Windows\System\cgmkeiG.exe
  C:\Windows\System\cgmkeiG.exe
  2⤵
  PID:2692
- C:\Windows\System\TKVLvbT.exe
  C:\Windows\System\TKVLvbT.exe
  2⤵
  PID:3216
- C:\Windows\System\StGBbye.exe
  C:\Windows\System\StGBbye.exe
  2⤵
  PID:3844
- C:\Windows\System\udKvCJS.exe
  C:\Windows\System\udKvCJS.exe
  2⤵
  PID:216
- C:\Windows\System\vxCylJq.exe
  C:\Windows\System\vxCylJq.exe
  2⤵
  PID:3740
- C:\Windows\System\xlZxLxM.exe
  C:\Windows\System\xlZxLxM.exe
  2⤵
  PID:4292
- C:\Windows\System\nNiCjry.exe
  C:\Windows\System\nNiCjry.exe
  2⤵
  PID:4892
- C:\Windows\System\UbtelGF.exe
  C:\Windows\System\UbtelGF.exe
  2⤵
  PID:4208
- C:\Windows\System\oWGyZqV.exe
  C:\Windows\System\oWGyZqV.exe
  2⤵
  PID:4648
- C:\Windows\System\RKCRRJk.exe
  C:\Windows\System\RKCRRJk.exe
  2⤵
  PID:3128
- C:\Windows\System\AKYLrfO.exe
  C:\Windows\System\AKYLrfO.exe
  2⤵
  PID:452
- C:\Windows\System\FxOLcvF.exe
  C:\Windows\System\FxOLcvF.exe
  2⤵
  PID:4984
- C:\Windows\System\TkgdGcR.exe
  C:\Windows\System\TkgdGcR.exe
  2⤵
  PID:2228
- C:\Windows\System\sYISGGJ.exe
  C:\Windows\System\sYISGGJ.exe
  2⤵
  PID:4932
- C:\Windows\System\KGKVLDg.exe
  C:\Windows\System\KGKVLDg.exe
  2⤵
  PID:1048
- C:\Windows\System\cNYYUSX.exe
  C:\Windows\System\cNYYUSX.exe
  2⤵
  PID:4436
- C:\Windows\System\LZwryWq.exe
  C:\Windows\System\LZwryWq.exe
  2⤵
  PID:3692
- C:\Windows\System\OgmLxFk.exe
  C:\Windows\System\OgmLxFk.exe
  2⤵
  PID:2392
- C:\Windows\System\yhWiGjQ.exe
  C:\Windows\System\yhWiGjQ.exe
  2⤵
  PID:640
- C:\Windows\System\VyTOQEG.exe
  C:\Windows\System\VyTOQEG.exe
  2⤵
  PID:4388
- C:\Windows\System\ENmtOIj.exe
  C:\Windows\System\ENmtOIj.exe
  2⤵
  PID:4924
- C:\Windows\System\igmZrgw.exe
  C:\Windows\System\igmZrgw.exe
  2⤵
  PID:4880
- C:\Windows\System\jKIHMKY.exe
  C:\Windows\System\jKIHMKY.exe
  2⤵
  PID:2076
- C:\Windows\System\WRWROfe.exe
  C:\Windows\System\WRWROfe.exe
  2⤵
  PID:4004
- C:\Windows\System\zKcFWXi.exe
  C:\Windows\System\zKcFWXi.exe
  2⤵
  PID:3928
- C:\Windows\System\GuRueiz.exe
  C:\Windows\System\GuRueiz.exe
  2⤵
  PID:1920
- C:\Windows\System\XUujOVY.exe
  C:\Windows\System\XUujOVY.exe
  2⤵
  PID:5148
- C:\Windows\System\YXeuJyb.exe
  C:\Windows\System\YXeuJyb.exe
  2⤵
  PID:5172
- C:\Windows\System\uWAneLV.exe
  C:\Windows\System\uWAneLV.exe
  2⤵
  PID:5204
- C:\Windows\System\MFgiyvb.exe
  C:\Windows\System\MFgiyvb.exe
  2⤵
  PID:5240
- C:\Windows\System\EZzElNN.exe
  C:\Windows\System\EZzElNN.exe
  2⤵
  PID:5276
- C:\Windows\System\yKQDCLL.exe
  C:\Windows\System\yKQDCLL.exe
  2⤵
  PID:5300
- C:\Windows\System\aUBoRKO.exe
  C:\Windows\System\aUBoRKO.exe
  2⤵
  PID:5340
- C:\Windows\System\mMcCigM.exe
  C:\Windows\System\mMcCigM.exe
  2⤵
  PID:5376
- C:\Windows\System\hKWTVkH.exe
  C:\Windows\System\hKWTVkH.exe
  2⤵
  PID:5396
- C:\Windows\System\IgJwVYX.exe
  C:\Windows\System\IgJwVYX.exe
  2⤵
  PID:5440
- C:\Windows\System\kwDWGSQ.exe
  C:\Windows\System\kwDWGSQ.exe
  2⤵
  PID:5456
- C:\Windows\System\GJwwwrh.exe
  C:\Windows\System\GJwwwrh.exe
  2⤵
  PID:5492
- C:\Windows\System\pjkiVeF.exe
  C:\Windows\System\pjkiVeF.exe
  2⤵
  PID:5524
- C:\Windows\System\BueCjwk.exe
  C:\Windows\System\BueCjwk.exe
  2⤵
  PID:5560
- C:\Windows\System\TmjWTep.exe
  C:\Windows\System\TmjWTep.exe
  2⤵
  PID:5592
- C:\Windows\System\eXNaukR.exe
  C:\Windows\System\eXNaukR.exe
  2⤵
  PID:5620
- C:\Windows\System\xHjaIOM.exe
  C:\Windows\System\xHjaIOM.exe
  2⤵
  PID:5640
- C:\Windows\System\EzSlebh.exe
  C:\Windows\System\EzSlebh.exe
  2⤵
  PID:5668
- C:\Windows\System\qlKnVVo.exe
  C:\Windows\System\qlKnVVo.exe
  2⤵
  PID:5708
- C:\Windows\System\HPIGJnF.exe
  C:\Windows\System\HPIGJnF.exe
  2⤵
  PID:5732
- C:\Windows\System\yAtMFdp.exe
  C:\Windows\System\yAtMFdp.exe
  2⤵
  PID:5748
- C:\Windows\System\dRsAZFB.exe
  C:\Windows\System\dRsAZFB.exe
  2⤵
  PID:5776
- C:\Windows\System\KKEGMMg.exe
  C:\Windows\System\KKEGMMg.exe
  2⤵
  PID:5800
- C:\Windows\System\QMTQJOH.exe
  C:\Windows\System\QMTQJOH.exe
  2⤵
  PID:5836
- C:\Windows\System\qcpZUxv.exe
  C:\Windows\System\qcpZUxv.exe
  2⤵
  PID:5872
- C:\Windows\System\QYdwvnK.exe
  C:\Windows\System\QYdwvnK.exe
  2⤵
  PID:5904
- C:\Windows\System\ECVjFED.exe
  C:\Windows\System\ECVjFED.exe
  2⤵
  PID:5928
- C:\Windows\System\lxzKGHv.exe
  C:\Windows\System\lxzKGHv.exe
  2⤵
  PID:5944
- C:\Windows\System\KQiPxjr.exe
  C:\Windows\System\KQiPxjr.exe
  2⤵
  PID:5996
- C:\Windows\System\qMoQpje.exe
  C:\Windows\System\qMoQpje.exe
  2⤵
  PID:6016
- C:\Windows\System\RaoHZUO.exe
  C:\Windows\System\RaoHZUO.exe
  2⤵
  PID:6040
- C:\Windows\System\IMWfNGL.exe
  C:\Windows\System\IMWfNGL.exe
  2⤵
  PID:6072
- C:\Windows\System\xgpyoMt.exe
  C:\Windows\System\xgpyoMt.exe
  2⤵
  PID:6112
- C:\Windows\System\kuzQKQl.exe
  C:\Windows\System\kuzQKQl.exe
  2⤵
  PID:6136
- C:\Windows\System\gtgpuZZ.exe
  C:\Windows\System\gtgpuZZ.exe
  2⤵
  PID:4752
- C:\Windows\System\yRgpLzc.exe
  C:\Windows\System\yRgpLzc.exe
  2⤵
  PID:5164
- C:\Windows\System\nbxrycU.exe
  C:\Windows\System\nbxrycU.exe
  2⤵
  PID:5196
- C:\Windows\System\TyUHRfN.exe
  C:\Windows\System\TyUHRfN.exe
  2⤵
  PID:5252
- C:\Windows\System\tEqaSZE.exe
  C:\Windows\System\tEqaSZE.exe
  2⤵
  PID:5328
- C:\Windows\System\dXVqNNn.exe
  C:\Windows\System\dXVqNNn.exe
  2⤵
  PID:5412
- C:\Windows\System\PxEAHHp.exe
  C:\Windows\System\PxEAHHp.exe
  2⤵
  PID:5500
- C:\Windows\System\csIOjwR.exe
  C:\Windows\System\csIOjwR.exe
  2⤵
  PID:5604
- C:\Windows\System\aSQRyRh.exe
  C:\Windows\System\aSQRyRh.exe
  2⤵
  PID:5656
- C:\Windows\System\iLoVTBb.exe
  C:\Windows\System\iLoVTBb.exe
  2⤵
  PID:5744
- C:\Windows\System\mniwLlh.exe
  C:\Windows\System\mniwLlh.exe
  2⤵
  PID:5808
- C:\Windows\System\gQhwCwV.exe
  C:\Windows\System\gQhwCwV.exe
  2⤵
  PID:5896
- C:\Windows\System\fYOBuXo.exe
  C:\Windows\System\fYOBuXo.exe
  2⤵
  PID:5936
- C:\Windows\System\tOhdxnw.exe
  C:\Windows\System\tOhdxnw.exe
  2⤵
  PID:6004
- C:\Windows\System\PitOflx.exe
  C:\Windows\System\PitOflx.exe
  2⤵
  PID:6092
- C:\Windows\System\hqQFRaA.exe
  C:\Windows\System\hqQFRaA.exe
  2⤵
  PID:5144
- C:\Windows\System\WzmTRnx.exe
  C:\Windows\System\WzmTRnx.exe
  2⤵
  PID:5312
- C:\Windows\System\hqNaxjH.exe
  C:\Windows\System\hqNaxjH.exe
  2⤵
  PID:5484
- C:\Windows\System\SknlIqA.exe
  C:\Windows\System\SknlIqA.exe
  2⤵
  PID:5768
- C:\Windows\System\ZLeBpvp.exe
  C:\Windows\System\ZLeBpvp.exe
  2⤵
  PID:5860
- C:\Windows\System\MZBcXzW.exe
  C:\Windows\System\MZBcXzW.exe
  2⤵
  PID:5920
- C:\Windows\System\vMbAUMC.exe
  C:\Windows\System\vMbAUMC.exe
  2⤵
  PID:5360
- C:\Windows\System\ohKGxnO.exe
  C:\Windows\System\ohKGxnO.exe
  2⤵
  PID:4032
- C:\Windows\System\oazOyRc.exe
  C:\Windows\System\oazOyRc.exe
  2⤵
  PID:5856
- C:\Windows\System\wEJGQpt.exe
  C:\Windows\System\wEJGQpt.exe
  2⤵
  PID:5720
- C:\Windows\System\wBjUsih.exe
  C:\Windows\System\wBjUsih.exe
  2⤵
  PID:4844
- C:\Windows\System\jWWrNxF.exe
  C:\Windows\System\jWWrNxF.exe
  2⤵
  PID:5184
- C:\Windows\System\VDSonJr.exe
  C:\Windows\System\VDSonJr.exe
  2⤵
  PID:5576
- C:\Windows\System\dvwKCNm.exe
  C:\Windows\System\dvwKCNm.exe
  2⤵
  PID:4200
- C:\Windows\System\ElrFnib.exe
  C:\Windows\System\ElrFnib.exe
  2⤵
  PID:6172
- C:\Windows\System\rKvQZPr.exe
  C:\Windows\System\rKvQZPr.exe
  2⤵
  PID:6200
- C:\Windows\System\LgJIGPw.exe
  C:\Windows\System\LgJIGPw.exe
  2⤵
  PID:6232
- C:\Windows\System\NdDGhim.exe
  C:\Windows\System\NdDGhim.exe
  2⤵
  PID:6252
- C:\Windows\System\KbYieHo.exe
  C:\Windows\System\KbYieHo.exe
  2⤵
  PID:6284
- C:\Windows\System\FZXPtiY.exe
  C:\Windows\System\FZXPtiY.exe
  2⤵
  PID:6316
- C:\Windows\System\OMydijm.exe
  C:\Windows\System\OMydijm.exe
  2⤵
  PID:6340
- C:\Windows\System\detQlrp.exe
  C:\Windows\System\detQlrp.exe
  2⤵
  PID:6356
- C:\Windows\System\LzugMSf.exe
  C:\Windows\System\LzugMSf.exe
  2⤵
  PID:6372
- C:\Windows\System\WFXhThl.exe
  C:\Windows\System\WFXhThl.exe
  2⤵
  PID:6388
- C:\Windows\System\mahCvTu.exe
  C:\Windows\System\mahCvTu.exe
  2⤵
  PID:6416
- C:\Windows\System\zDXfkiG.exe
  C:\Windows\System\zDXfkiG.exe
  2⤵
  PID:6448
- C:\Windows\System\eLctbkp.exe
  C:\Windows\System\eLctbkp.exe
  2⤵
  PID:6484
- C:\Windows\System\nXmDAwb.exe
  C:\Windows\System\nXmDAwb.exe
  2⤵
  PID:6524
- C:\Windows\System\XHtcqgk.exe
  C:\Windows\System\XHtcqgk.exe
  2⤵
  PID:6552
- C:\Windows\System\DuiIhjI.exe
  C:\Windows\System\DuiIhjI.exe
  2⤵
  PID:6592
- C:\Windows\System\UbTKIDi.exe
  C:\Windows\System\UbTKIDi.exe
  2⤵
  PID:6636
- C:\Windows\System\CcxmUTV.exe
  C:\Windows\System\CcxmUTV.exe
  2⤵
  PID:6664
- C:\Windows\System\SONhyfm.exe
  C:\Windows\System\SONhyfm.exe
  2⤵
  PID:6692
- C:\Windows\System\enkauBF.exe
  C:\Windows\System\enkauBF.exe
  2⤵
  PID:6708
- C:\Windows\System\MMcetJn.exe
  C:\Windows\System\MMcetJn.exe
  2⤵
  PID:6724
- C:\Windows\System\mxCsBBZ.exe
  C:\Windows\System\mxCsBBZ.exe
  2⤵
  PID:6756
- C:\Windows\System\amkkqtH.exe
  C:\Windows\System\amkkqtH.exe
  2⤵
  PID:6788
- C:\Windows\System\tjGBxOB.exe
  C:\Windows\System\tjGBxOB.exe
  2⤵
  PID:6816
- C:\Windows\System\ZKeYRzc.exe
  C:\Windows\System\ZKeYRzc.exe
  2⤵
  PID:6860
- C:\Windows\System\JgLYsNh.exe
  C:\Windows\System\JgLYsNh.exe
  2⤵
  PID:6900
- C:\Windows\System\sLEciRo.exe
  C:\Windows\System\sLEciRo.exe
  2⤵
  PID:6928
- C:\Windows\System\Yjizzdk.exe
  C:\Windows\System\Yjizzdk.exe
  2⤵
  PID:6968
- C:\Windows\System\MmpHSHB.exe
  C:\Windows\System\MmpHSHB.exe
  2⤵
  PID:6996
- C:\Windows\System\pCmOOwz.exe
  C:\Windows\System\pCmOOwz.exe
  2⤵
  PID:7012
- C:\Windows\System\HiAMZyM.exe
  C:\Windows\System\HiAMZyM.exe
  2⤵
  PID:7048
- C:\Windows\System\IdYouym.exe
  C:\Windows\System\IdYouym.exe
  2⤵
  PID:7068
- C:\Windows\System\zfQWlDf.exe
  C:\Windows\System\zfQWlDf.exe
  2⤵
  PID:7100
- C:\Windows\System\EqmlOYB.exe
  C:\Windows\System\EqmlOYB.exe
  2⤵
  PID:7124
- C:\Windows\System\yQkvKDQ.exe
  C:\Windows\System\yQkvKDQ.exe
  2⤵
  PID:7160
- C:\Windows\System\EpWVjFf.exe
  C:\Windows\System\EpWVjFf.exe
  2⤵
  PID:6196
- C:\Windows\System\cSnCooM.exe
  C:\Windows\System\cSnCooM.exe
  2⤵
  PID:6240
- C:\Windows\System\uzhnbmk.exe
  C:\Windows\System\uzhnbmk.exe
  2⤵
  PID:6352
- C:\Windows\System\nmAfRxH.exe
  C:\Windows\System\nmAfRxH.exe
  2⤵
  PID:6380
- C:\Windows\System\XTizhge.exe
  C:\Windows\System\XTizhge.exe
  2⤵
  PID:6440
- C:\Windows\System\UkfKMVN.exe
  C:\Windows\System\UkfKMVN.exe
  2⤵
  PID:6544
- C:\Windows\System\FfHiLMQ.exe
  C:\Windows\System\FfHiLMQ.exe
  2⤵
  PID:6548
- C:\Windows\System\eRPVKaf.exe
  C:\Windows\System\eRPVKaf.exe
  2⤵
  PID:6680
- C:\Windows\System\kQBNrIi.exe
  C:\Windows\System\kQBNrIi.exe
  2⤵
  PID:6768
- C:\Windows\System\gudrGtp.exe
  C:\Windows\System\gudrGtp.exe
  2⤵
  PID:6812
- C:\Windows\System\UVGvCeO.exe
  C:\Windows\System\UVGvCeO.exe
  2⤵
  PID:6884
- C:\Windows\System\qdorvYK.exe
  C:\Windows\System\qdorvYK.exe
  2⤵
  PID:6896
- C:\Windows\System\HcsDZYS.exe
  C:\Windows\System\HcsDZYS.exe
  2⤵
  PID:7004
- C:\Windows\System\USsqBHq.exe
  C:\Windows\System\USsqBHq.exe
  2⤵
  PID:7096
- C:\Windows\System\aIIwOro.exe
  C:\Windows\System\aIIwOro.exe
  2⤵
  PID:6156
- C:\Windows\System\RacygIj.exe
  C:\Windows\System\RacygIj.exe
  2⤵
  PID:6296
- C:\Windows\System\vqErMYS.exe
  C:\Windows\System\vqErMYS.exe
  2⤵
  PID:6384
- C:\Windows\System\nFIxFxY.exe
  C:\Windows\System\nFIxFxY.exe
  2⤵
  PID:6676
- C:\Windows\System\QpMmuId.exe
  C:\Windows\System\QpMmuId.exe
  2⤵
  PID:6836
- C:\Windows\System\eCYALOi.exe
  C:\Windows\System\eCYALOi.exe
  2⤵
  PID:7064
- C:\Windows\System\iAXRCnW.exe
  C:\Windows\System\iAXRCnW.exe
  2⤵
  PID:6472
- C:\Windows\System\ALYLUAy.exe
  C:\Windows\System\ALYLUAy.exe
  2⤵
  PID:6716
- C:\Windows\System\HQEYqHw.exe
  C:\Windows\System\HQEYqHw.exe
  2⤵
  PID:6368
- C:\Windows\System\AYdJTvO.exe
  C:\Windows\System\AYdJTvO.exe
  2⤵
  PID:6720
- C:\Windows\System\jwQsSow.exe
  C:\Windows\System\jwQsSow.exe
  2⤵
  PID:7184
- C:\Windows\System\iQNDDcB.exe
  C:\Windows\System\iQNDDcB.exe
  2⤵
  PID:7224
- C:\Windows\System\htMkWaI.exe
  C:\Windows\System\htMkWaI.exe
  2⤵
  PID:7252
- C:\Windows\System\rRKkBVu.exe
  C:\Windows\System\rRKkBVu.exe
  2⤵
  PID:7280
- C:\Windows\System\ItDjRLR.exe
  C:\Windows\System\ItDjRLR.exe
  2⤵
  PID:7300
- C:\Windows\System\ZktpWzM.exe
  C:\Windows\System\ZktpWzM.exe
  2⤵
  PID:7336
- C:\Windows\System\hdKYfNx.exe
  C:\Windows\System\hdKYfNx.exe
  2⤵
  PID:7364
- C:\Windows\System\cnbVmrR.exe
  C:\Windows\System\cnbVmrR.exe
  2⤵
  PID:7396
- C:\Windows\System\itFnBDo.exe
  C:\Windows\System\itFnBDo.exe
  2⤵
  PID:7412
- C:\Windows\System\BzlyVwk.exe
  C:\Windows\System\BzlyVwk.exe
  2⤵
  PID:7440
- C:\Windows\System\FiLgVBN.exe
  C:\Windows\System\FiLgVBN.exe
  2⤵
  PID:7464
- C:\Windows\System\CrYtzZH.exe
  C:\Windows\System\CrYtzZH.exe
  2⤵
  PID:7500
- C:\Windows\System\RuXqPnF.exe
  C:\Windows\System\RuXqPnF.exe
  2⤵
  PID:7524
- C:\Windows\System\qeiGvBs.exe
  C:\Windows\System\qeiGvBs.exe
  2⤵
  PID:7560
- C:\Windows\System\oCxvIGM.exe
  C:\Windows\System\oCxvIGM.exe
  2⤵
  PID:7596
- C:\Windows\System\ZSgoUqs.exe
  C:\Windows\System\ZSgoUqs.exe
  2⤵
  PID:7616
- C:\Windows\System\sPeapMG.exe
  C:\Windows\System\sPeapMG.exe
  2⤵
  PID:7652
- C:\Windows\System\iDmhpWq.exe
  C:\Windows\System\iDmhpWq.exe
  2⤵
  PID:7692
- C:\Windows\System\FbclIzy.exe
  C:\Windows\System\FbclIzy.exe
  2⤵
  PID:7716
- C:\Windows\System\CwsgmdT.exe
  C:\Windows\System\CwsgmdT.exe
  2⤵
  PID:7744
- C:\Windows\System\zNTCuoX.exe
  C:\Windows\System\zNTCuoX.exe
  2⤵
  PID:7764
- C:\Windows\System\wTKguwU.exe
  C:\Windows\System\wTKguwU.exe
  2⤵
  PID:7800
- C:\Windows\System\LIhmyHB.exe
  C:\Windows\System\LIhmyHB.exe
  2⤵
  PID:7828
- C:\Windows\System\dvxwFAT.exe
  C:\Windows\System\dvxwFAT.exe
  2⤵
  PID:7868
- C:\Windows\System\pypqvEz.exe
  C:\Windows\System\pypqvEz.exe
  2⤵
  PID:7896
- C:\Windows\System\WnOgjrs.exe
  C:\Windows\System\WnOgjrs.exe
  2⤵
  PID:7920
- C:\Windows\System\CHfChvo.exe
  C:\Windows\System\CHfChvo.exe
  2⤵
  PID:7948
- C:\Windows\System\KvAGkHe.exe
  C:\Windows\System\KvAGkHe.exe
  2⤵
  PID:7992
- C:\Windows\System\xvhUsFH.exe
  C:\Windows\System\xvhUsFH.exe
  2⤵
  PID:8028
- C:\Windows\System\NPBttPz.exe
  C:\Windows\System\NPBttPz.exe
  2⤵
  PID:8068
- C:\Windows\System\saszLtq.exe
  C:\Windows\System\saszLtq.exe
  2⤵
  PID:8088
- C:\Windows\System\UcMuVnJ.exe
  C:\Windows\System\UcMuVnJ.exe
  2⤵
  PID:8124
- C:\Windows\System\OhLQaLK.exe
  C:\Windows\System\OhLQaLK.exe
  2⤵
  PID:8156
- C:\Windows\System\YObfVnQ.exe
  C:\Windows\System\YObfVnQ.exe
  2⤵
  PID:8172
- C:\Windows\System\jIuOTYp.exe
  C:\Windows\System\jIuOTYp.exe
  2⤵
  PID:7200
- C:\Windows\System\eIsFEvc.exe
  C:\Windows\System\eIsFEvc.exe
  2⤵
  PID:7296
- C:\Windows\System\TSdwXMZ.exe
  C:\Windows\System\TSdwXMZ.exe
  2⤵
  PID:7392
- C:\Windows\System\dOpfmCJ.exe
  C:\Windows\System\dOpfmCJ.exe
  2⤵
  PID:7488
- C:\Windows\System\gjCSvEm.exe
  C:\Windows\System\gjCSvEm.exe
  2⤵
  PID:7556
- C:\Windows\System\hkyZylj.exe
  C:\Windows\System\hkyZylj.exe
  2⤵
  PID:7624
- C:\Windows\System\mRoqhDS.exe
  C:\Windows\System\mRoqhDS.exe
  2⤵
  PID:7712
- C:\Windows\System\HenVUwg.exe
  C:\Windows\System\HenVUwg.exe
  2⤵
  PID:7796
- C:\Windows\System\nsYsGyO.exe
  C:\Windows\System\nsYsGyO.exe
  2⤵
  PID:7888
- C:\Windows\System\KrvVTCe.exe
  C:\Windows\System\KrvVTCe.exe
  2⤵
  PID:8016
- C:\Windows\System\dUZLDCD.exe
  C:\Windows\System\dUZLDCD.exe
  2⤵
  PID:8080
- C:\Windows\System\vduzjUg.exe
  C:\Windows\System\vduzjUg.exe
  2⤵
  PID:8144
- C:\Windows\System\cYovVlG.exe
  C:\Windows\System\cYovVlG.exe
  2⤵
  PID:7176
- C:\Windows\System\uIsioZZ.exe
  C:\Windows\System\uIsioZZ.exe
  2⤵
  PID:7516
- C:\Windows\System\RtmOeZJ.exe
  C:\Windows\System\RtmOeZJ.exe
  2⤵
  PID:7684
- C:\Windows\System\ajjtMVr.exe
  C:\Windows\System\ajjtMVr.exe
  2⤵
  PID:7968
- C:\Windows\System\hfKILMg.exe
  C:\Windows\System\hfKILMg.exe
  2⤵
  PID:7608
- C:\Windows\System\fSufRfZ.exe
  C:\Windows\System\fSufRfZ.exe
  2⤵
  PID:7880
- C:\Windows\System\gmTIzVZ.exe
  C:\Windows\System\gmTIzVZ.exe
  2⤵
  PID:7964
- C:\Windows\System\ByugVOZ.exe
  C:\Windows\System\ByugVOZ.exe
  2⤵
  PID:8216
- C:\Windows\System\ygFFYCe.exe
  C:\Windows\System\ygFFYCe.exe
  2⤵
  PID:8244
- C:\Windows\System\OEtCWDu.exe
  C:\Windows\System\OEtCWDu.exe
  2⤵
  PID:8260
- C:\Windows\System\ndxnsEJ.exe
  C:\Windows\System\ndxnsEJ.exe
  2⤵
  PID:8288
- C:\Windows\System\BTJvlHN.exe
  C:\Windows\System\BTJvlHN.exe
  2⤵
  PID:8324
- C:\Windows\System\wDUYFTh.exe
  C:\Windows\System\wDUYFTh.exe
  2⤵
  PID:8356
- C:\Windows\System\thlcNQg.exe
  C:\Windows\System\thlcNQg.exe
  2⤵
  PID:8380
- C:\Windows\System\MkntNEJ.exe
  C:\Windows\System\MkntNEJ.exe
  2⤵
  PID:8408
- C:\Windows\System\zqougTk.exe
  C:\Windows\System\zqougTk.exe
  2⤵
  PID:8424
- C:\Windows\System\TdLCyzh.exe
  C:\Windows\System\TdLCyzh.exe
  2⤵
  PID:8440
- C:\Windows\System\wzsHDhr.exe
  C:\Windows\System\wzsHDhr.exe
  2⤵
  PID:8456
- C:\Windows\System\QrDgGqx.exe
  C:\Windows\System\QrDgGqx.exe
  2⤵
  PID:8472
- C:\Windows\System\AZNINGZ.exe
  C:\Windows\System\AZNINGZ.exe
  2⤵
  PID:8500
- C:\Windows\System\aBOLXJx.exe
  C:\Windows\System\aBOLXJx.exe
  2⤵
  PID:8520
- C:\Windows\System\IrWGXXS.exe
  C:\Windows\System\IrWGXXS.exe
  2⤵
  PID:8544
- C:\Windows\System\MuOjXpd.exe
  C:\Windows\System\MuOjXpd.exe
  2⤵
  PID:8564
- C:\Windows\System\YLmuxjG.exe
  C:\Windows\System\YLmuxjG.exe
  2⤵
  PID:8600
- C:\Windows\System\mnynLMU.exe
  C:\Windows\System\mnynLMU.exe
  2⤵
  PID:8624
- C:\Windows\System\tomZxQW.exe
  C:\Windows\System\tomZxQW.exe
  2⤵
  PID:8648
- C:\Windows\System\ORrxhyd.exe
  C:\Windows\System\ORrxhyd.exe
  2⤵
  PID:8668
- C:\Windows\System\UqYiKJk.exe
  C:\Windows\System\UqYiKJk.exe
  2⤵
  PID:8700
- C:\Windows\System\reKpKKo.exe
  C:\Windows\System\reKpKKo.exe
  2⤵
  PID:8732
- C:\Windows\System\UiKZEhZ.exe
  C:\Windows\System\UiKZEhZ.exe
  2⤵
  PID:8760
- C:\Windows\System\asGAYkE.exe
  C:\Windows\System\asGAYkE.exe
  2⤵
  PID:8796
- C:\Windows\System\bSzGfau.exe
  C:\Windows\System\bSzGfau.exe
  2⤵
  PID:8820
- C:\Windows\System\vlAQXDa.exe
  C:\Windows\System\vlAQXDa.exe
  2⤵
  PID:8844
- C:\Windows\System\AkfWjxK.exe
  C:\Windows\System\AkfWjxK.exe
  2⤵
  PID:8884
- C:\Windows\System\ILsVoEb.exe
  C:\Windows\System\ILsVoEb.exe
  2⤵
  PID:8908
- C:\Windows\System\meVQmxW.exe
  C:\Windows\System\meVQmxW.exe
  2⤵
  PID:8940
- C:\Windows\System\EPtohMn.exe
  C:\Windows\System\EPtohMn.exe
  2⤵
  PID:8968
- C:\Windows\System\Vqzlihu.exe
  C:\Windows\System\Vqzlihu.exe
  2⤵
  PID:9000
- C:\Windows\System\ICZaSBB.exe
  C:\Windows\System\ICZaSBB.exe
  2⤵
  PID:9024
- C:\Windows\System\fjkGhYw.exe
  C:\Windows\System\fjkGhYw.exe
  2⤵
  PID:9052
- C:\Windows\System\hhDNPfN.exe
  C:\Windows\System\hhDNPfN.exe
  2⤵
  PID:9084
- C:\Windows\System\IxoZuUw.exe
  C:\Windows\System\IxoZuUw.exe
  2⤵
  PID:9116
- C:\Windows\System\vtOjGsu.exe
  C:\Windows\System\vtOjGsu.exe
  2⤵
  PID:9144
- C:\Windows\System\ZcOeEVA.exe
  C:\Windows\System\ZcOeEVA.exe
  2⤵
  PID:9168
- C:\Windows\System\PhHFKUI.exe
  C:\Windows\System\PhHFKUI.exe
  2⤵
  PID:9196
- C:\Windows\System\MoHojUz.exe
  C:\Windows\System\MoHojUz.exe
  2⤵
  PID:7360
- C:\Windows\System\CIFBBAP.exe
  C:\Windows\System\CIFBBAP.exe
  2⤵
  PID:8252
- C:\Windows\System\LsXLCVQ.exe
  C:\Windows\System\LsXLCVQ.exe
  2⤵
  PID:8344
- C:\Windows\System\UBqwUNT.exe
  C:\Windows\System\UBqwUNT.exe
  2⤵
  PID:8400
- C:\Windows\System\kOOEhVS.exe
  C:\Windows\System\kOOEhVS.exe
  2⤵
  PID:8512
- C:\Windows\System\qTUGGwN.exe
  C:\Windows\System\qTUGGwN.exe
  2⤵
  PID:8516
- C:\Windows\System\FIEmHsO.exe
  C:\Windows\System\FIEmHsO.exe
  2⤵
  PID:8584
- C:\Windows\System\zGtPtiM.exe
  C:\Windows\System\zGtPtiM.exe
  2⤵
  PID:8776
- C:\Windows\System\NiYvVqh.exe
  C:\Windows\System\NiYvVqh.exe
  2⤵
  PID:8788
- C:\Windows\System\LiXQyWs.exe
  C:\Windows\System\LiXQyWs.exe
  2⤵
  PID:8832
- C:\Windows\System\VxqBrPw.exe
  C:\Windows\System\VxqBrPw.exe
  2⤵
  PID:8900
- C:\Windows\System\QCXDvxi.exe
  C:\Windows\System\QCXDvxi.exe
  2⤵
  PID:8992
- C:\Windows\System\IrKfXgy.exe
  C:\Windows\System\IrKfXgy.exe
  2⤵
  PID:9012
- C:\Windows\System\ApegsHo.exe
  C:\Windows\System\ApegsHo.exe
  2⤵
  PID:9180
- C:\Windows\System\LPlULJr.exe
  C:\Windows\System\LPlULJr.exe
  2⤵
  PID:9188
- C:\Windows\System\OBkmNgR.exe
  C:\Windows\System\OBkmNgR.exe
  2⤵
  PID:8312
- C:\Windows\System\TofIcKT.exe
  C:\Windows\System\TofIcKT.exe
  2⤵
  PID:8492
- C:\Windows\System\EPBKvJD.exe
  C:\Windows\System\EPBKvJD.exe
  2⤵
  PID:8752
- C:\Windows\System\EnQxPQN.exe
  C:\Windows\System\EnQxPQN.exe
  2⤵
  PID:8772
- C:\Windows\System\nWusWig.exe
  C:\Windows\System\nWusWig.exe
  2⤵
  PID:8868
- C:\Windows\System\FOKbMYD.exe
  C:\Windows\System\FOKbMYD.exe
  2⤵
  PID:8432
- C:\Windows\System\cfSwsUJ.exe
  C:\Windows\System\cfSwsUJ.exe
  2⤵
  PID:8464
- C:\Windows\System\VLzqQld.exe
  C:\Windows\System\VLzqQld.exe
  2⤵
  PID:8232
- C:\Windows\System\QNOBgpQ.exe
  C:\Windows\System\QNOBgpQ.exe
  2⤵
  PID:7788
- C:\Windows\System\HPZNMzy.exe
  C:\Windows\System\HPZNMzy.exe
  2⤵
  PID:9092
- C:\Windows\System\NeBsASH.exe
  C:\Windows\System\NeBsASH.exe
  2⤵
  PID:9240
- C:\Windows\System\VeAvHiC.exe
  C:\Windows\System\VeAvHiC.exe
  2⤵
  PID:9272
- C:\Windows\System\iejlAEs.exe
  C:\Windows\System\iejlAEs.exe
  2⤵
  PID:9308
- C:\Windows\System\LnQNfxh.exe
  C:\Windows\System\LnQNfxh.exe
  2⤵
  PID:9348
- C:\Windows\System\SMVBNNW.exe
  C:\Windows\System\SMVBNNW.exe
  2⤵
  PID:9376
- C:\Windows\System\APTFDtC.exe
  C:\Windows\System\APTFDtC.exe
  2⤵
  PID:9412
- C:\Windows\System\rJcMUhh.exe
  C:\Windows\System\rJcMUhh.exe
  2⤵
  PID:9440
- C:\Windows\System\DgqegLH.exe
  C:\Windows\System\DgqegLH.exe
  2⤵
  PID:9468
- C:\Windows\System\XrooBpj.exe
  C:\Windows\System\XrooBpj.exe
  2⤵
  PID:9496
- C:\Windows\System\ReoaFIb.exe
  C:\Windows\System\ReoaFIb.exe
  2⤵
  PID:9524
- C:\Windows\System\vQMbofm.exe
  C:\Windows\System\vQMbofm.exe
  2⤵
  PID:9552
- C:\Windows\System\FRWtdDj.exe
  C:\Windows\System\FRWtdDj.exe
  2⤵
  PID:9580
- C:\Windows\System\ozdwOJj.exe
  C:\Windows\System\ozdwOJj.exe
  2⤵
  PID:9596
- C:\Windows\System\TwCRugN.exe
  C:\Windows\System\TwCRugN.exe
  2⤵
  PID:9616
- C:\Windows\System\WJvfNGX.exe
  C:\Windows\System\WJvfNGX.exe
  2⤵
  PID:9632
- C:\Windows\System\MylsuHI.exe
  C:\Windows\System\MylsuHI.exe
  2⤵
  PID:9660
- C:\Windows\System\QsIGQHv.exe
  C:\Windows\System\QsIGQHv.exe
  2⤵
  PID:9692
- C:\Windows\System\pPGAAZv.exe
  C:\Windows\System\pPGAAZv.exe
  2⤵
  PID:9732
- C:\Windows\System\xnMJiON.exe
  C:\Windows\System\xnMJiON.exe
  2⤵
  PID:9768
- C:\Windows\System\jfmYSNy.exe
  C:\Windows\System\jfmYSNy.exe
  2⤵
  PID:9796
- C:\Windows\System\MthIebf.exe
  C:\Windows\System\MthIebf.exe
  2⤵
  PID:9824
- C:\Windows\System\cOpAKiH.exe
  C:\Windows\System\cOpAKiH.exe
  2⤵
  PID:9864
- C:\Windows\System\crpwXVI.exe
  C:\Windows\System\crpwXVI.exe
  2⤵
  PID:9892
- C:\Windows\System\USbWmvt.exe
  C:\Windows\System\USbWmvt.exe
  2⤵
  PID:9920
- C:\Windows\System\DcnAABG.exe
  C:\Windows\System\DcnAABG.exe
  2⤵
  PID:9948
- C:\Windows\System\cRuWbOJ.exe
  C:\Windows\System\cRuWbOJ.exe
  2⤵
  PID:9976
- C:\Windows\System\aftExcz.exe
  C:\Windows\System\aftExcz.exe
  2⤵
  PID:9992
- C:\Windows\System\EUpCxEM.exe
  C:\Windows\System\EUpCxEM.exe
  2⤵
  PID:10020
- C:\Windows\System\CmnqjWi.exe
  C:\Windows\System\CmnqjWi.exe
  2⤵
  PID:10048
- C:\Windows\System\wOhiFHl.exe
  C:\Windows\System\wOhiFHl.exe
  2⤵
  PID:10084
- C:\Windows\System\jvTEiUq.exe
  C:\Windows\System\jvTEiUq.exe
  2⤵
  PID:10116
- C:\Windows\System\iHtzLmo.exe
  C:\Windows\System\iHtzLmo.exe
  2⤵
  PID:10144
- C:\Windows\System\VihSomW.exe
  C:\Windows\System\VihSomW.exe
  2⤵
  PID:10172
- C:\Windows\System\EjdyJlS.exe
  C:\Windows\System\EjdyJlS.exe
  2⤵
  PID:10200
- C:\Windows\System\QEeXfwJ.exe
  C:\Windows\System\QEeXfwJ.exe
  2⤵
  PID:10228
- C:\Windows\System\UGEayZs.exe
  C:\Windows\System\UGEayZs.exe
  2⤵
  PID:8904
- C:\Windows\System\LUGhdvs.exe
  C:\Windows\System\LUGhdvs.exe
  2⤵
  PID:9252
- C:\Windows\System\UPzzLnd.exe
  C:\Windows\System\UPzzLnd.exe
  2⤵
  PID:9360
- C:\Windows\System\gvzhsyd.exe
  C:\Windows\System\gvzhsyd.exe
  2⤵
  PID:9424
- C:\Windows\System\dpakWfZ.exe
  C:\Windows\System\dpakWfZ.exe
  2⤵
  PID:9508
- C:\Windows\System\zoYRVrs.exe
  C:\Windows\System\zoYRVrs.exe
  2⤵
  PID:9564
- C:\Windows\System\IORKnhe.exe
  C:\Windows\System\IORKnhe.exe
  2⤵
  PID:9648
- C:\Windows\System\AbZZntI.exe
  C:\Windows\System\AbZZntI.exe
  2⤵
  PID:9672
- C:\Windows\System\efCNxfq.exe
  C:\Windows\System\efCNxfq.exe
  2⤵
  PID:9716
- C:\Windows\System\BUQtCnP.exe
  C:\Windows\System\BUQtCnP.exe
  2⤵
  PID:9780
- C:\Windows\System\LseYPYn.exe
  C:\Windows\System\LseYPYn.exe
  2⤵
  PID:8588
- C:\Windows\System\XwAicyZ.exe
  C:\Windows\System\XwAicyZ.exe
  2⤵
  PID:9888
- C:\Windows\System\FJraynE.exe
  C:\Windows\System\FJraynE.exe
  2⤵
  PID:9960
- C:\Windows\System\AMICMgX.exe
  C:\Windows\System\AMICMgX.exe
  2⤵
  PID:10008
- C:\Windows\System\UwrQION.exe
  C:\Windows\System\UwrQION.exe
  2⤵
  PID:10080
- C:\Windows\System\pnRjZRm.exe
  C:\Windows\System\pnRjZRm.exe
  2⤵
  PID:10156
- C:\Windows\System\cvrsMyU.exe
  C:\Windows\System\cvrsMyU.exe
  2⤵
  PID:9228
- C:\Windows\System\TdTsjJu.exe
  C:\Windows\System\TdTsjJu.exe
  2⤵
  PID:9340
- C:\Windows\System\vjJagSr.exe
  C:\Windows\System\vjJagSr.exe
  2⤵
  PID:9612
- C:\Windows\System\gqSiFoO.exe
  C:\Windows\System\gqSiFoO.exe
  2⤵
  PID:9724
- C:\Windows\System\vmJMbve.exe
  C:\Windows\System\vmJMbve.exe
  2⤵
  PID:10036
- C:\Windows\System\TdbceUA.exe
  C:\Windows\System\TdbceUA.exe
  2⤵
  PID:10196
- C:\Windows\System\Tsadczb.exe
  C:\Windows\System\Tsadczb.exe
  2⤵
  PID:9232
- C:\Windows\System\CDSfxQh.exe
  C:\Windows\System\CDSfxQh.exe
  2⤵
  PID:9760
- C:\Windows\System\ydHPQvQ.exe
  C:\Windows\System\ydHPQvQ.exe
  2⤵
  PID:10244
- C:\Windows\System\qFKXsGn.exe
  C:\Windows\System\qFKXsGn.exe
  2⤵
  PID:10284
- C:\Windows\System\xooyvmT.exe
  C:\Windows\System\xooyvmT.exe
  2⤵
  PID:10316
- C:\Windows\System\uLsoFjx.exe
  C:\Windows\System\uLsoFjx.exe
  2⤵
  PID:10344
- C:\Windows\System\BVzjXOg.exe
  C:\Windows\System\BVzjXOg.exe
  2⤵
  PID:10360
- C:\Windows\System\KQTwAUU.exe
  C:\Windows\System\KQTwAUU.exe
  2⤵
  PID:10388
- C:\Windows\System\QWRLppE.exe
  C:\Windows\System\QWRLppE.exe
  2⤵
  PID:10416
- C:\Windows\System\nfTZTjO.exe
  C:\Windows\System\nfTZTjO.exe
  2⤵
  PID:10456
- C:\Windows\System\ydRgaEr.exe
  C:\Windows\System\ydRgaEr.exe
  2⤵
  PID:10484
- C:\Windows\System\MDNPCFo.exe
  C:\Windows\System\MDNPCFo.exe
  2⤵
  PID:10512
- C:\Windows\System\XdTNIDS.exe
  C:\Windows\System\XdTNIDS.exe
  2⤵
  PID:10532
- C:\Windows\System\lTQwQIg.exe
  C:\Windows\System\lTQwQIg.exe
  2⤵
  PID:10568
- C:\Windows\System\vIvQoRc.exe
  C:\Windows\System\vIvQoRc.exe
  2⤵
  PID:10596
- C:\Windows\System\iwkmhCx.exe
  C:\Windows\System\iwkmhCx.exe
  2⤵
  PID:10632
- C:\Windows\System\NNYkPAg.exe
  C:\Windows\System\NNYkPAg.exe
  2⤵
  PID:10656
- C:\Windows\System\oxisJMm.exe
  C:\Windows\System\oxisJMm.exe
  2⤵
  PID:10672
- C:\Windows\System\SNUxGpv.exe
  C:\Windows\System\SNUxGpv.exe
  2⤵
  PID:10688
- C:\Windows\System\zzTuyXI.exe
  C:\Windows\System\zzTuyXI.exe
  2⤵
  PID:10728
- C:\Windows\System\bJlxJfg.exe
  C:\Windows\System\bJlxJfg.exe
  2⤵
  PID:10764
- C:\Windows\System\JmAUMlb.exe
  C:\Windows\System\JmAUMlb.exe
  2⤵
  PID:10796
- C:\Windows\System\agMMVdw.exe
  C:\Windows\System\agMMVdw.exe
  2⤵
  PID:10824
- C:\Windows\System\ZVrszOO.exe
  C:\Windows\System\ZVrszOO.exe
  2⤵
  PID:10852
- C:\Windows\System\eqXEwyY.exe
  C:\Windows\System\eqXEwyY.exe
  2⤵
  PID:10880
- C:\Windows\System\cJnzoFH.exe
  C:\Windows\System\cJnzoFH.exe
  2⤵
  PID:10908
- C:\Windows\System\FhUqmFa.exe
  C:\Windows\System\FhUqmFa.exe
  2⤵
  PID:10936
- C:\Windows\System\hRGMjyi.exe
  C:\Windows\System\hRGMjyi.exe
  2⤵
  PID:10964
- C:\Windows\System\NVcxoHC.exe
  C:\Windows\System\NVcxoHC.exe
  2⤵
  PID:10992
- C:\Windows\System\jYYUeWW.exe
  C:\Windows\System\jYYUeWW.exe
  2⤵
  PID:11020
- C:\Windows\System\nRrBton.exe
  C:\Windows\System\nRrBton.exe
  2⤵
  PID:11044
- C:\Windows\System\haZUSOE.exe
  C:\Windows\System\haZUSOE.exe
  2⤵
  PID:11064
- C:\Windows\System\fdeYEkf.exe
  C:\Windows\System\fdeYEkf.exe
  2⤵
  PID:11092
- C:\Windows\System\SyAOCGN.exe
  C:\Windows\System\SyAOCGN.exe
  2⤵
  PID:11124
- C:\Windows\System\RvMddPp.exe
  C:\Windows\System\RvMddPp.exe
  2⤵
  PID:11148
- C:\Windows\System\YuEAnXT.exe
  C:\Windows\System\YuEAnXT.exe
  2⤵
  PID:11176
- C:\Windows\System\JlIgTpd.exe
  C:\Windows\System\JlIgTpd.exe
  2⤵
  PID:11192
- C:\Windows\System\QbPVciO.exe
  C:\Windows\System\QbPVciO.exe
  2⤵
  PID:11224
- C:\Windows\System\tNjaQan.exe
  C:\Windows\System\tNjaQan.exe
  2⤵
  PID:11256
- C:\Windows\System\jzHBIfc.exe
  C:\Windows\System\jzHBIfc.exe
  2⤵
  PID:10276
- C:\Windows\System\covKxVx.exe
  C:\Windows\System\covKxVx.exe
  2⤵
  PID:10340
- C:\Windows\System\byLQptx.exe
  C:\Windows\System\byLQptx.exe
  2⤵
  PID:10404
- C:\Windows\System\kVlOweU.exe
  C:\Windows\System\kVlOweU.exe
  2⤵
  PID:10444
- C:\Windows\System\anuMIkf.exe
  C:\Windows\System\anuMIkf.exe
  2⤵
  PID:10504
- C:\Windows\System\jkGjZdd.exe
  C:\Windows\System\jkGjZdd.exe
  2⤵
  PID:10552
- C:\Windows\System\HxWeinN.exe
  C:\Windows\System\HxWeinN.exe
  2⤵
  PID:10624
- C:\Windows\System\ZLBRCzd.exe
  C:\Windows\System\ZLBRCzd.exe
  2⤵
  PID:10712
- C:\Windows\System\tKERAeo.exe
  C:\Windows\System\tKERAeo.exe
  2⤵
  PID:10772
- C:\Windows\System\PcmClMe.exe
  C:\Windows\System\PcmClMe.exe
  2⤵
  PID:10820
- C:\Windows\System\pXvYGyw.exe
  C:\Windows\System\pXvYGyw.exe
  2⤵
  PID:10876
- C:\Windows\System\PaYpLhi.exe
  C:\Windows\System\PaYpLhi.exe
  2⤵
  PID:10956
- C:\Windows\System\PmElbLC.exe
  C:\Windows\System\PmElbLC.exe
  2⤵
  PID:11036
- C:\Windows\System\NrqqtIo.exe
  C:\Windows\System\NrqqtIo.exe
  2⤵
  PID:11084
- C:\Windows\System\AqvFjlU.exe
  C:\Windows\System\AqvFjlU.exe
  2⤵
  PID:11188
- C:\Windows\System\FniaEyc.exe
  C:\Windows\System\FniaEyc.exe
  2⤵
  PID:9756
- C:\Windows\System\lkiUsvJ.exe
  C:\Windows\System\lkiUsvJ.exe
  2⤵
  PID:10400
- C:\Windows\System\aojUvwg.exe
  C:\Windows\System\aojUvwg.exe
  2⤵
  PID:10540
- C:\Windows\System\amJxeKZ.exe
  C:\Windows\System\amJxeKZ.exe
  2⤵
  PID:10580
- C:\Windows\System\FZGTzBy.exe
  C:\Windows\System\FZGTzBy.exe
  2⤵
  PID:10812
- C:\Windows\System\mFkgHiL.exe
  C:\Windows\System\mFkgHiL.exe
  2⤵
  PID:11076
- C:\Windows\System\YtyKUAa.exe
  C:\Windows\System\YtyKUAa.exe
  2⤵
  PID:11104
- C:\Windows\System\NDxOBut.exe
  C:\Windows\System\NDxOBut.exe
  2⤵
  PID:10352
- C:\Windows\System\trIlyej.exe
  C:\Windows\System\trIlyej.exe
  2⤵
  PID:10640
- C:\Windows\System\DICFHLs.exe
  C:\Windows\System\DICFHLs.exe
  2⤵
  PID:11016
- C:\Windows\System\myHVJMX.exe
  C:\Windows\System\myHVJMX.exe
  2⤵
  PID:10664
- C:\Windows\System\XlMWTRW.exe
  C:\Windows\System\XlMWTRW.exe
  2⤵
  PID:10300
- C:\Windows\System\zeJRpCZ.exe
  C:\Windows\System\zeJRpCZ.exe
  2⤵
  PID:11288
- C:\Windows\System\nviEIVK.exe
  C:\Windows\System\nviEIVK.exe
  2⤵
  PID:11316
- C:\Windows\System\xAIREKw.exe
  C:\Windows\System\xAIREKw.exe
  2⤵
  PID:11344
- C:\Windows\System\mRbDPos.exe
  C:\Windows\System\mRbDPos.exe
  2⤵
  PID:11372
- C:\Windows\System\yWlzPfs.exe
  C:\Windows\System\yWlzPfs.exe
  2⤵
  PID:11400
- C:\Windows\System\BlEeqVR.exe
  C:\Windows\System\BlEeqVR.exe
  2⤵
  PID:11428
- C:\Windows\System\NjWYHCo.exe
  C:\Windows\System\NjWYHCo.exe
  2⤵
  PID:11452
- C:\Windows\System\NytolhH.exe
  C:\Windows\System\NytolhH.exe
  2⤵
  PID:11468
- C:\Windows\System\EhPhAbs.exe
  C:\Windows\System\EhPhAbs.exe
  2⤵
  PID:11484
- C:\Windows\System\cuxzEHA.exe
  C:\Windows\System\cuxzEHA.exe
  2⤵
  PID:11516
- C:\Windows\System\cmBNnJh.exe
  C:\Windows\System\cmBNnJh.exe
  2⤵
  PID:11544
- C:\Windows\System\KNjqheU.exe
  C:\Windows\System\KNjqheU.exe
  2⤵
  PID:11576
- C:\Windows\System\yHIPExz.exe
  C:\Windows\System\yHIPExz.exe
  2⤵
  PID:11608
- C:\Windows\System\ruoDHTX.exe
  C:\Windows\System\ruoDHTX.exe
  2⤵
  PID:11636
- C:\Windows\System\QdvvydL.exe
  C:\Windows\System\QdvvydL.exe
  2⤵
  PID:11668
- C:\Windows\System\xQWXxEa.exe
  C:\Windows\System\xQWXxEa.exe
  2⤵
  PID:11696
- C:\Windows\System\wnIBhHr.exe
  C:\Windows\System\wnIBhHr.exe
  2⤵
  PID:11720
- C:\Windows\System\QjdlzfV.exe
  C:\Windows\System\QjdlzfV.exe
  2⤵
  PID:11748
- C:\Windows\System\vodXTFn.exe
  C:\Windows\System\vodXTFn.exe
  2⤵
  PID:11780
- C:\Windows\System\WehWreQ.exe
  C:\Windows\System\WehWreQ.exe
  2⤵
  PID:11796
- C:\Windows\System\urbBlSN.exe
  C:\Windows\System\urbBlSN.exe
  2⤵
  PID:11832
- C:\Windows\System\bIoJAIg.exe
  C:\Windows\System\bIoJAIg.exe
  2⤵
  PID:11868
- C:\Windows\System\BqrMtsQ.exe
  C:\Windows\System\BqrMtsQ.exe
  2⤵
  PID:11892
- C:\Windows\System\IhUnscA.exe
  C:\Windows\System\IhUnscA.exe
  2⤵
  PID:11928
- C:\Windows\System\IdgLUCS.exe
  C:\Windows\System\IdgLUCS.exe
  2⤵
  PID:11956
- C:\Windows\System\NRPRpAw.exe
  C:\Windows\System\NRPRpAw.exe
  2⤵
  PID:11984
- C:\Windows\System\SKkKVEd.exe
  C:\Windows\System\SKkKVEd.exe
  2⤵
  PID:12012
- C:\Windows\System\ZxysgFt.exe
  C:\Windows\System\ZxysgFt.exe
  2⤵
  PID:12040
- C:\Windows\System\dIDtZCC.exe
  C:\Windows\System\dIDtZCC.exe
  2⤵
  PID:12068
- C:\Windows\System\brGHnsO.exe
  C:\Windows\System\brGHnsO.exe
  2⤵
  PID:12084
- C:\Windows\System\ohVXOwC.exe
  C:\Windows\System\ohVXOwC.exe
  2⤵
  PID:12100
- C:\Windows\System\bopxNXe.exe
  C:\Windows\System\bopxNXe.exe
  2⤵
  PID:12128
- C:\Windows\System\KspAUqC.exe
  C:\Windows\System\KspAUqC.exe
  2⤵
  PID:12152
- C:\Windows\System\QmOrjBt.exe
  C:\Windows\System\QmOrjBt.exe
  2⤵
  PID:12184
- C:\Windows\System\wGoQUsn.exe
  C:\Windows\System\wGoQUsn.exe
  2⤵
  PID:12216
- C:\Windows\System\YEQbTio.exe
  C:\Windows\System\YEQbTio.exe
  2⤵
  PID:12240
- C:\Windows\System\MOAqHYQ.exe
  C:\Windows\System\MOAqHYQ.exe
  2⤵
  PID:12260
- C:\Windows\System\GyKzopx.exe
  C:\Windows\System\GyKzopx.exe
  2⤵
  PID:12284
- C:\Windows\System\XcroCPO.exe
  C:\Windows\System\XcroCPO.exe
  2⤵
  PID:11328
- C:\Windows\System\HOBYOhI.exe
  C:\Windows\System\HOBYOhI.exe
  2⤵
  PID:11392
- C:\Windows\System\dGwdVPc.exe
  C:\Windows\System\dGwdVPc.exe
  2⤵
  PID:11444
- C:\Windows\System\zWaJgHv.exe
  C:\Windows\System\zWaJgHv.exe
  2⤵
  PID:11536
- C:\Windows\System\IzuDqbc.exe
  C:\Windows\System\IzuDqbc.exe
  2⤵
  PID:11528
- C:\Windows\System\ZziYRKx.exe
  C:\Windows\System\ZziYRKx.exe
  2⤵
  PID:11648
- C:\Windows\System\DMLXKKD.exe
  C:\Windows\System\DMLXKKD.exe
  2⤵
  PID:11716
- C:\Windows\System\gOhgCqA.exe
  C:\Windows\System\gOhgCqA.exe
  2⤵
  PID:11816
- C:\Windows\System\alvHEAH.exe
  C:\Windows\System\alvHEAH.exe
  2⤵
  PID:11916
- C:\Windows\System\rKyrTCM.exe
  C:\Windows\System\rKyrTCM.exe
  2⤵
  PID:11952
- C:\Windows\System\SLvxcPG.exe
  C:\Windows\System\SLvxcPG.exe
  2⤵
  PID:12076
- C:\Windows\System\IYXacGa.exe
  C:\Windows\System\IYXacGa.exe
  2⤵
  PID:12116
- C:\Windows\System\TbzinBx.exe
  C:\Windows\System\TbzinBx.exe
  2⤵
  PID:12176
- C:\Windows\System\NFBeuxg.exe
  C:\Windows\System\NFBeuxg.exe
  2⤵
  PID:12200
- C:\Windows\System\uagzGQe.exe
  C:\Windows\System\uagzGQe.exe
  2⤵
  PID:11284
- C:\Windows\System\PSBhLBf.exe
  C:\Windows\System\PSBhLBf.exe
  2⤵
  PID:11356
- C:\Windows\System\SnXNiLA.exe
  C:\Windows\System\SnXNiLA.exe
  2⤵
  PID:11532
- C:\Windows\System\pfDTWns.exe
  C:\Windows\System\pfDTWns.exe
  2⤵
  PID:11744
- C:\Windows\System\qeKuxYH.exe
  C:\Windows\System\qeKuxYH.exe
  2⤵
  PID:11900
- C:\Windows\System\LRRqTod.exe
  C:\Windows\System\LRRqTod.exe
  2⤵
  PID:12092
- C:\Windows\System\SdNvapM.exe
  C:\Windows\System\SdNvapM.exe
  2⤵
  PID:12248
- C:\Windows\System\tsbfKTJ.exe
  C:\Windows\System\tsbfKTJ.exe
  2⤵
  PID:11464
- C:\Windows\System\eQKnZcV.exe
  C:\Windows\System\eQKnZcV.exe
  2⤵
  PID:11688
- C:\Windows\System\AWnaXnD.exe
  C:\Windows\System\AWnaXnD.exe
  2⤵
  PID:11972
- C:\Windows\System\TkgjHHR.exe
  C:\Windows\System\TkgjHHR.exe
  2⤵
  PID:12064
- C:\Windows\System\EmDbwvb.exe
  C:\Windows\System\EmDbwvb.exe
  2⤵
  PID:11856
- C:\Windows\System\cSogGyy.exe
  C:\Windows\System\cSogGyy.exe
  2⤵
  PID:12308
- C:\Windows\System\uZxedbj.exe
  C:\Windows\System\uZxedbj.exe
  2⤵
  PID:12348
- C:\Windows\System\iCATQnc.exe
  C:\Windows\System\iCATQnc.exe
  2⤵
  PID:12376
- C:\Windows\System\ZLhMCPJ.exe
  C:\Windows\System\ZLhMCPJ.exe
  2⤵
  PID:12404
- C:\Windows\System\GYijXSC.exe
  C:\Windows\System\GYijXSC.exe
  2⤵
  PID:12432
- C:\Windows\System\oziIKTa.exe
  C:\Windows\System\oziIKTa.exe
  2⤵
  PID:12460
- C:\Windows\System\hMbXedS.exe
  C:\Windows\System\hMbXedS.exe
  2⤵
  PID:12488
- C:\Windows\System\zGgJdIs.exe
  C:\Windows\System\zGgJdIs.exe
  2⤵
  PID:12504
- C:\Windows\System\MYjGRWi.exe
  C:\Windows\System\MYjGRWi.exe
  2⤵
  PID:12532
- C:\Windows\System\XhlguPF.exe
  C:\Windows\System\XhlguPF.exe
  2⤵
  PID:12560
- C:\Windows\System\oAAMhkV.exe
  C:\Windows\System\oAAMhkV.exe
  2⤵
  PID:12588
- C:\Windows\System\ZrGVOuF.exe
  C:\Windows\System\ZrGVOuF.exe
  2⤵
  PID:12616
- C:\Windows\System\sbbUlzY.exe
  C:\Windows\System\sbbUlzY.exe
  2⤵
  PID:12644
- C:\Windows\System\LsHHUpV.exe
  C:\Windows\System\LsHHUpV.exe
  2⤵
  PID:12668
- C:\Windows\System\RFeHRIv.exe
  C:\Windows\System\RFeHRIv.exe
  2⤵
  PID:12700
- C:\Windows\System\nlgtzdF.exe
  C:\Windows\System\nlgtzdF.exe
  2⤵
  PID:12724
- C:\Windows\System\TbmgTRT.exe
  C:\Windows\System\TbmgTRT.exe
  2⤵
  PID:12760
- C:\Windows\System\vTOZFtd.exe
  C:\Windows\System\vTOZFtd.exe
  2⤵
  PID:12776
- C:\Windows\System\oqfFYMW.exe
  C:\Windows\System\oqfFYMW.exe
  2⤵
  PID:12800
- C:\Windows\System\hCRtPuT.exe
  C:\Windows\System\hCRtPuT.exe
  2⤵
  PID:12832
- C:\Windows\System\tqVPmAg.exe
  C:\Windows\System\tqVPmAg.exe
  2⤵
  PID:12864
- C:\Windows\System\FFuGNbu.exe
  C:\Windows\System\FFuGNbu.exe
  2⤵
  PID:12896
- C:\Windows\System\qtWOCcF.exe
  C:\Windows\System\qtWOCcF.exe
  2⤵
  PID:12916
- C:\Windows\System\EMnbnDp.exe
  C:\Windows\System\EMnbnDp.exe
  2⤵
  PID:12952
- C:\Windows\System\kahEhIl.exe
  C:\Windows\System\kahEhIl.exe
  2⤵
  PID:12984
- C:\Windows\System\fVbPUbv.exe
  C:\Windows\System\fVbPUbv.exe
  2⤵
  PID:13012
- C:\Windows\System\UZdZpGX.exe
  C:\Windows\System\UZdZpGX.exe
  2⤵
  PID:13044
- C:\Windows\System\qzMjkzC.exe
  C:\Windows\System\qzMjkzC.exe
  2⤵
  PID:13072
- C:\Windows\System\RwXBhrD.exe
  C:\Windows\System\RwXBhrD.exe
  2⤵
  PID:13104
- C:\Windows\System\WVbRWhr.exe
  C:\Windows\System\WVbRWhr.exe
  2⤵
  PID:13136
- C:\Windows\System\gMQnMRG.exe
  C:\Windows\System\gMQnMRG.exe
  2⤵
  PID:13168
- C:\Windows\System\EcDmrBK.exe
  C:\Windows\System\EcDmrBK.exe
  2⤵
  PID:13200
- C:\Windows\System\AGbJyBS.exe
  C:\Windows\System\AGbJyBS.exe
  2⤵
  PID:13216
- C:\Windows\System\qyvfgup.exe
  C:\Windows\System\qyvfgup.exe
  2⤵
  PID:13236
- C:\Windows\System\TlFkDni.exe
  C:\Windows\System\TlFkDni.exe
  2⤵
  PID:13280
- C:\Windows\System\OIUHOMQ.exe
  C:\Windows\System\OIUHOMQ.exe
  2⤵
  PID:13296
- C:\Windows\System\ZYdPVIu.exe
  C:\Windows\System\ZYdPVIu.exe
  2⤵
  PID:11652
- C:\Windows\System\lsLMSzx.exe
  C:\Windows\System\lsLMSzx.exe
  2⤵
  PID:12332
- C:\Windows\System\kVMnALU.exe
  C:\Windows\System\kVMnALU.exe
  2⤵
  PID:12416
- C:\Windows\System\knlbaaj.exe
  C:\Windows\System\knlbaaj.exe
  2⤵
  PID:12484
- C:\Windows\System\fCNHdcT.exe
  C:\Windows\System\fCNHdcT.exe
  2⤵
  PID:12524
- C:\Windows\System\TqFixUi.exe
  C:\Windows\System\TqFixUi.exe
  2⤵
  PID:12604
- C:\Windows\System\FtopZmD.exe
  C:\Windows\System\FtopZmD.exe
  2⤵
  PID:12684
- C:\Windows\System\phErojg.exe
  C:\Windows\System\phErojg.exe
  2⤵
  PID:12748
- C:\Windows\System\IKlykLO.exe
  C:\Windows\System\IKlykLO.exe
  2⤵
  PID:12884
- C:\Windows\System\DARJeRf.exe
  C:\Windows\System\DARJeRf.exe
  2⤵
  PID:12940
- C:\Windows\System\fzAtHCi.exe
  C:\Windows\System\fzAtHCi.exe
  2⤵
  PID:12908
- C:\Windows\System\BiiBGrb.exe
  C:\Windows\System\BiiBGrb.exe
  2⤵
  PID:13116
- C:\Windows\System\BbHzzyx.exe
  C:\Windows\System\BbHzzyx.exe
  2⤵
  PID:13176
- C:\Windows\System\fvOdyzF.exe
  C:\Windows\System\fvOdyzF.exe
  2⤵
  PID:13208
- C:\Windows\System\jxSWryJ.exe
  C:\Windows\System\jxSWryJ.exe
  2⤵
  PID:11368
- C:\Windows\System\knLQvoC.exe
  C:\Windows\System\knLQvoC.exe
  2⤵
  PID:12304
- C:\Windows\System\HVeCNXW.exe
  C:\Windows\System\HVeCNXW.exe
  2⤵
  PID:12548
- C:\Windows\System\RiuVdoc.exe
  C:\Windows\System\RiuVdoc.exe
  2⤵
  PID:12808
- C:\Windows\System\BzubiEG.exe
  C:\Windows\System\BzubiEG.exe
  2⤵
  PID:12816
- C:\Windows\System\DDHhYMv.exe
  C:\Windows\System\DDHhYMv.exe
  2⤵
  PID:12708
- C:\Windows\System\cRIIaQw.exe
  C:\Windows\System\cRIIaQw.exe
  2⤵
  PID:13008
- C:\Windows\System\nOFNstB.exe
  C:\Windows\System\nOFNstB.exe
  2⤵
  PID:13268
- C:\Windows\System\AfperqK.exe
  C:\Windows\System\AfperqK.exe
  2⤵
  PID:12716
- C:\Windows\System\vhMqUdr.exe
  C:\Windows\System\vhMqUdr.exe
  2⤵
  PID:13344
- C:\Windows\System\OygbKfM.exe
  C:\Windows\System\OygbKfM.exe
  2⤵
  PID:13364
- C:\Windows\System\VRiNiSP.exe
  C:\Windows\System\VRiNiSP.exe
  2⤵
  PID:13380
- C:\Windows\System\yqVhFwx.exe
  C:\Windows\System\yqVhFwx.exe
  2⤵
  PID:13404
- C:\Windows\System\ZlYEzRj.exe
  C:\Windows\System\ZlYEzRj.exe
  2⤵
  PID:13432
- C:\Windows\System\uAJxhhi.exe
  C:\Windows\System\uAJxhhi.exe
  2⤵
  PID:13456
- C:\Windows\System\gnMIOeO.exe
  C:\Windows\System\gnMIOeO.exe
  2⤵
  PID:13488
- C:\Windows\System\kKDQejd.exe
  C:\Windows\System\kKDQejd.exe
  2⤵
  PID:13512
- C:\Windows\System\TSHmiAL.exe
  C:\Windows\System\TSHmiAL.exe
  2⤵
  PID:13548
- C:\Windows\System\ISHpMnl.exe
  C:\Windows\System\ISHpMnl.exe
  2⤵
  PID:13564
- C:\Windows\System\DoZtqAe.exe
  C:\Windows\System\DoZtqAe.exe
  2⤵
  PID:13580
- C:\Windows\System\oonCqOd.exe
  C:\Windows\System\oonCqOd.exe
  2⤵
  PID:13600
- C:\Windows\System\aBtCEzc.exe
  C:\Windows\System\aBtCEzc.exe
  2⤵
  PID:13620
- C:\Windows\System\cwtacxH.exe
  C:\Windows\System\cwtacxH.exe
  2⤵
  PID:13648
- C:\Windows\System\stoWhhx.exe
  C:\Windows\System\stoWhhx.exe
  2⤵
  PID:13676
- C:\Windows\System\ypZmaKc.exe
  C:\Windows\System\ypZmaKc.exe
  2⤵
  PID:13708
- C:\Windows\System\nRgdcoJ.exe
  C:\Windows\System\nRgdcoJ.exe
  2⤵
  PID:13732
- C:\Windows\System\YODtmby.exe
  C:\Windows\System\YODtmby.exe
  2⤵
  PID:13864
- C:\Windows\System\ljzGvau.exe
  C:\Windows\System\ljzGvau.exe
  2⤵
  PID:13884
- C:\Windows\System\ZxhrwKt.exe
  C:\Windows\System\ZxhrwKt.exe
  2⤵
  PID:13904
- C:\Windows\System\mgjbEyl.exe
  C:\Windows\System\mgjbEyl.exe
  2⤵
  PID:13936
- C:\Windows\System\nCKiwYS.exe
  C:\Windows\System\nCKiwYS.exe
  2⤵
  PID:13968
- C:\Windows\System\inTqsNW.exe
  C:\Windows\System\inTqsNW.exe
  2⤵
  PID:13996
- C:\Windows\System\SZXCPDs.exe
  C:\Windows\System\SZXCPDs.exe
  2⤵
  PID:14040
- C:\Windows\System\cjARwzU.exe
  C:\Windows\System\cjARwzU.exe
  2⤵
  PID:14084
- C:\Windows\System\bgPWzFB.exe
  C:\Windows\System\bgPWzFB.exe
  2⤵
  PID:14100
- C:\Windows\System\YAGpIBr.exe
  C:\Windows\System\YAGpIBr.exe
  2⤵
  PID:14140
- C:\Windows\System\XdSBUTo.exe
  C:\Windows\System\XdSBUTo.exe
  2⤵
  PID:14160
- C:\Windows\System\ZYbpIWZ.exe
  C:\Windows\System\ZYbpIWZ.exe
  2⤵
  PID:14192
- C:\Windows\System\sGMzxpo.exe
  C:\Windows\System\sGMzxpo.exe
  2⤵
  PID:14232
- C:\Windows\System\sCfrLNT.exe
  C:\Windows\System\sCfrLNT.exe
  2⤵
  PID:14252
- C:\Windows\System\GGMcXbh.exe
  C:\Windows\System\GGMcXbh.exe
  2⤵
  PID:14280
- C:\Windows\System\ugdOkih.exe
  C:\Windows\System\ugdOkih.exe
  2⤵
  PID:14308
- C:\Windows\System\knffRlV.exe
  C:\Windows\System\knffRlV.exe
  2⤵
  PID:14324
- C:\Windows\System\WCPqcmB.exe
  C:\Windows\System\WCPqcmB.exe
  2⤵
  PID:12556
- C:\Windows\System\jRmZnys.exe
  C:\Windows\System\jRmZnys.exe
  2⤵
  PID:13332
- C:\Windows\System\qaDekPW.exe
  C:\Windows\System\qaDekPW.exe
  2⤵
  PID:12768
- C:\Windows\System\vXreKxe.exe
  C:\Windows\System\vXreKxe.exe
  2⤵
  PID:13420
- C:\Windows\System\zDItuwG.exe
  C:\Windows\System\zDItuwG.exe
  2⤵
  PID:13392
- C:\Windows\System\jegXRps.exe
  C:\Windows\System\jegXRps.exe
  2⤵
  PID:13544
- C:\Windows\System\TFrXCoB.exe
  C:\Windows\System\TFrXCoB.exe
  2⤵
  PID:4144
- C:\Windows\System\YeaNRui.exe
  C:\Windows\System\YeaNRui.exe
  2⤵
  PID:13560
- C:\Windows\System\NEJVCsq.exe
  C:\Windows\System\NEJVCsq.exe
  2⤵
  PID:13696
- C:\Windows\System\cqIXihx.exe
  C:\Windows\System\cqIXihx.exe
  2⤵
  PID:13632
- C:\Windows\System\tjLKUHx.exe
  C:\Windows\System\tjLKUHx.exe
  2⤵
  PID:13744
- C:\Windows\System\GDXtkBd.exe
  C:\Windows\System\GDXtkBd.exe
  2⤵
  PID:13896
- C:\Windows\System\aBMpfLu.exe
  C:\Windows\System\aBMpfLu.exe
  2⤵
  PID:14048
- C:\Windows\System\CEoynkO.exe
  C:\Windows\System\CEoynkO.exe
  2⤵
  PID:14096
- C:\Windows\System\cwPAcms.exe
  C:\Windows\System\cwPAcms.exe
  2⤵
  PID:14136
- C:\Windows\System\UnWWBXn.exe
  C:\Windows\System\UnWWBXn.exe
  2⤵
  PID:14220
- C:\Windows\System\eUdaYlO.exe
  C:\Windows\System\eUdaYlO.exe
  2⤵
  PID:14240
- C:\Windows\System\CpcJbvD.exe
  C:\Windows\System\CpcJbvD.exe
  2⤵
  PID:14260
- C:\Windows\System\AAguJgK.exe
  C:\Windows\System\AAguJgK.exe
  2⤵
  PID:13000
- C:\Windows\System\hEegRAM.exe
  C:\Windows\System\hEegRAM.exe
  2⤵
  PID:13356
- C:\Windows\System\FZFUdHc.exe
  C:\Windows\System\FZFUdHc.exe
  2⤵
  PID:5044
- C:\Windows\System\nOnsdCt.exe
  C:\Windows\System\nOnsdCt.exe
  2⤵
  PID:13720
- C:\Windows\System\lKxWgIK.exe
  C:\Windows\System\lKxWgIK.exe
  2⤵
  PID:13948
- C:\Windows\System\KsgaVRY.exe
  C:\Windows\System\KsgaVRY.exe
  2⤵
  PID:14184
- C:\Windows\System\sgpARnK.exe
  C:\Windows\System\sgpARnK.exe
  2⤵
  PID:14180
- C:\Windows\System\vXlLGMW.exe
  C:\Windows\System\vXlLGMW.exe
  2⤵
  PID:4544
- C:\Windows\System\TQQxppF.exe
  C:\Windows\System\TQQxppF.exe
  2⤵
  PID:13352
- C:\Windows\System\HisRlPp.exe
  C:\Windows\System\HisRlPp.exe
  2⤵
  PID:13644
- C:\Windows\System\NilZZHS.exe
  C:\Windows\System\NilZZHS.exe
  2⤵
  PID:13912
- C:\Windows\System\brbYzoM.exe
  C:\Windows\System\brbYzoM.exe
  2⤵
  PID:13956
- C:\Windows\System\vPuiWif.exe
  C:\Windows\System\vPuiWif.exe
  2⤵
  PID:14376
- C:\Windows\System\xIcRuNG.exe
  C:\Windows\System\xIcRuNG.exe
  2⤵
  PID:14440
- C:\Windows\System\hCoWpuI.exe
  C:\Windows\System\hCoWpuI.exe
  2⤵
  PID:14492

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AKqkSIG.exe

Filesize
2.0MB

MD5
feb1122c1c5628d2324f4936cf2c5b3a

SHA1
f43f040452954ee4c8c4c2ca5f54c5ddf8b6dd0a

SHA256
5439984f38d09550edb5d3d01ae1419b148068f36fbb0f1d8c6771e152e36eef

SHA512
10a8f467992b892330ac74419825ace1f4215a6a873b53dbc5e1e999c44adcaf3d651ab95366dbae6edb752c4a4d42c971b5e1faf62655478d6584af9210dc9c

Download Submit
C:\Windows\System\CKRJMmJ.exe

Filesize
2.0MB

MD5
2e464eb3a400646cee8cd9377cf79217

SHA1
b88adfec6e7b9c4fc3421029a2b19700d9ba5a23

SHA256
03b895b304f719e968b1fbbcd5084bb5cf79f566009025f50685ef833de40f7a

SHA512
b720068774cee365238af8dcd14cc46fef6f07753ee64f5eb8159e3abc3fb4e4a549908199db678ae8c3868ac84b354d48fc3a9960bfef0eb0723733f98fa7b4

Download Submit
C:\Windows\System\CSALAnJ.exe

Filesize
2.0MB

MD5
735d23bcf9f6f1f57633b69f7adde7d1

SHA1
81f2356a622972ba466b784fa1f9359e634eaaab

SHA256
33229943dff96d1f6c8c3570e613986efe4edf682d8bc8d86d238da1b8e20809

SHA512
c580dbc460d0925cb770afc2759c57b345773bf263c00568805b83b90066baef93f37523151d413af3372965fc550de34bc98f3a00b069af1086a5f64bd36a46

Download Submit
C:\Windows\System\Dqnfqty.exe

Filesize
2.0MB

MD5
00ca3dece320096cfa232b203f73a81a

SHA1
af4f99a28ea32e95997ed98b0be3a35fff05fd5c

SHA256
2cd5b731fa15935c277e2a09ec435bc65dc8a97decc72ecebfef04b035559091

SHA512
c0eb723d787fff2ea358d267a23489ba5b9ee2d46501c30309284237b55d5802d1166f205b9fd2bce0aab0b90dd4133d5fb56b7c1dbfd174672209d61a40771b

Download Submit
C:\Windows\System\DwfduPW.exe

Filesize
2.0MB

MD5
fa0997c85440249ea47f30ece95fe7f4

SHA1
d04e57f37042c1c044705b048e956b5c10d57e32

SHA256
671b1384fbd1c8212432493a34a9e7eec865625f5403c27ad810976b50aa0db8

SHA512
ade2e0a888cb7ba7ad00b15f9aa64545a5de552a684fd4cd4416c23d81bd3a9a1f729e938ff18b59840ca8dfe91ecc1f9c7a152f6f58a0564f35a9485bb0a996

Download Submit
C:\Windows\System\EGsayDO.exe

Filesize
2.0MB

MD5
72290ba20d1294ee4635c530c5c9a200

SHA1
ba760a14fc613a8d41687b8da64f49a2c8a6d40b

SHA256
6c7d2aebd370db84ff390e2e8a386be514569413643ca6067f816e006bc91e63

SHA512
9f2b7fc9e791210c1860406165c3959a855596cfe26a18041ff6dfd55f6410f6dfa7dcd49f93bf8bb90679aa87092c6e274e86f3e04915386136e083d01b4a3a

Download Submit
C:\Windows\System\GWQVouy.exe

Filesize
2.0MB

MD5
e6b0c30a0e640104561e08d7b5f52400

SHA1
050fe0458badf85a54bf9a17159e3c4e880bcb77

SHA256
a3b8908d0fa3efc11859c367b6be8641b932495a043a499c2bf4607ec51a6417

SHA512
8d4a7a1438af1230e5a210c9b9ee81807d2456e835631c64965baede66a43cea9b1c771278482d2416b26951dbb37ffb3c4eb283795f48495638b7460643f4e6

Download Submit
C:\Windows\System\JaYBGNo.exe

Filesize
2.0MB

MD5
20a3e3d4f6ab38c7490e834ffe49b2f4

SHA1
24b37d77384f910291b9218eae9d9e3bbdfd01e0

SHA256
a9f294b3bc3d3e0d6cb43d3ea08c8c609ae2aa3fc3be293d329b07dad4daccc4

SHA512
b6d48354d9dc39d04f9788e9bda42173453f5817ba5143bad51c26db639735fcd295926870cd2ad9e26af508788012909b875705f795a7c0d298c1cfed957810

Download Submit
C:\Windows\System\KVVLigD.exe

Filesize
2.0MB

MD5
f61981951fbc8253c73f418ffd42d66f

SHA1
6b35bdce32e93023bca74373b41afc30e455ba53

SHA256
143e92a297dbc89d0957a34469b260714ebaa5924de82b4665415bfb0d4a98e6

SHA512
d1429b5b616c2d957ab115b1973af71cf167aaab2bb660ad6808e82604ea455d7436ae9a15f70a6ff6cb49b2312a6e539fe78ce41e04dabb5fa9564a2ade0a81

Download Submit
C:\Windows\System\OaGUgqP.exe

Filesize
2.0MB

MD5
bb3dd4918540bdf30c6217ea4c617126

SHA1
d38b30926473691e2daf6f114d853862af3ba369

SHA256
0be6fbc6813bcc767c12b34091c07c4e16a2bdfa91b4be16ae618ed0407907c5

SHA512
088914319f33bc993bda455c595c4cb0b87d9d9ffd31753ce8f3ed577dd47be24e1785a26a5b93e429149512c14d0907685129b5f3dd4789f9c0e87532738fd1

Download Submit
C:\Windows\System\PBUyAqa.exe

Filesize
2.0MB

MD5
21d4b78415d9bf1529f5e921b9db31e0

SHA1
bf62e3a3992434efa957e62c21ccfb5e5be824ed

SHA256
4d6e2bd3b265ae069d50c948ee948734469fa4bfba9e2daa5ad4b4ce48faa74e

SHA512
07598097123f7a8bfcd35c318fc5abaad81b9b2bdb3690d788b6af146566c6c9df9019095be40a820954ef96e4dde5d5ae9ba608f223e92a70347d8bdb4f7db0

Download Submit
C:\Windows\System\RaNHhtw.exe

Filesize
2.0MB

MD5
0f04762612373ea97107f5bf4ef8d184

SHA1
517b498d53ce2ab53ed5da53430b9f1e7b2ecb85

SHA256
23435ff9fedda3a943e7d638374465e258bf21f4d1e6720b37f207c1d5e0a0e5

SHA512
ec2cf852d9c1ffe554c1cd2913e49894f3462fa0a4ef4f72ed634f5fb7ea26e9a7845599ad48476f68be9cfddc4a61657fe3672c87f53a472236bf7fda67b74b

Download Submit
C:\Windows\System\RfzKzSl.exe

Filesize
2.0MB

MD5
2c2640801d21431411ffb5da678e4ca2

SHA1
feea14f47758d607f95f35eea5c35ff18a9dab18

SHA256
37a6a2287691dd39abb94575338a2b0b0852b1d339579cbeed709e5af24bbc71

SHA512
bf6aceaabc41d2a0cbbda607a3370f3d283221b8494d4d3d97daac2c8c74ac9e392ab02cc625a39b21b10be111acf72bbc705a0dbf443bd0f705d51b81cf9705

Download Submit
C:\Windows\System\RkxOAhS.exe

Filesize
2.0MB

MD5
40c74ee1ab90d2e06d97213734e9e7bc

SHA1
40648daf72d8bd47034322ee6d2dd7bdee32af01

SHA256
a5f109b0b5d07ba28df2edeca5277277a3e7e84e8e1c2144c9ff035ae2ca1d83

SHA512
a51d55298829147b783935c263f095ad8ef056d403fa9c883464742c7cebc03d297ea79b77c754c8f3cd7435438a4780523696ffdbd890574f49518b6e5dbf70

Download Submit
C:\Windows\System\SXVxLia.exe

Filesize
2.0MB

MD5
4358833aa20d28b351cdbd70ca257c66

SHA1
a74c00ce621bcdd6a9723b644cb3381635e8541d

SHA256
a113ab9ee1a0f0e3eeb5b96010de1bb5d3fcfe4fd2f486523de637a51551da32

SHA512
9343192b67ab6558adcf9e49aad92b12ac2daff418d7cdf60ddd94c727c6201b6219646109282f10f14520d1f955a25ef084a00da58dd5c28900944a3640b8f2

Download Submit
C:\Windows\System\UhRNwYw.exe

Filesize
2.0MB

MD5
0ec84c325fa4a4c51f938aba4f83e229

SHA1
b03364421bf251b2fb5170771a428675c12ad73f

SHA256
8c9eaabe89393eabf40adb2ec861748f641bbd277c27f4e237b2c7da48213253

SHA512
afb4da02cb68bf2b9835f2923543a932d68e0a00bb646471694000446c4993ebeb63c31529ba9b7d7ed152ec0afe2a7a363c06d60946b60333c33871c5ac3af4

Download Submit
C:\Windows\System\WwVhFfR.exe

Filesize
2.0MB

MD5
00f77ccf31289c92c67840f5b9c5a36d

SHA1
387064bf98d0201a33e5c23fa0225135a4f63fa0

SHA256
bd768fc975d3d4a5d105ff69058d6c4abda4cd00ed497b74ec7edfd523e6a304

SHA512
f006907db37dcefcf343ec462c1b2da4ca4fc500d22435475840a98e12aae2798dac1f734f63d4d3f2e4d07e47e4f1378a442174ef5389b4bc5b4e1e1cec1820

Download Submit
C:\Windows\System\YEIhHQz.exe

Filesize
2.0MB

MD5
fe003f2df2bd8da5737580566c5f40b0

SHA1
6a3c665371639284a5c04ce81eaf8f2e76d336cd

SHA256
e30c0b2e53448e5b6f7daa200062e5077a13b7e0123f4237c61a015ddb42e4ef

SHA512
d1d565e98bff8d85b87ede78e1161eb39c89e26b09dfb87395e700bbf0db075deabd326383c88cb157a980b94e9835c94660b8f761af6bfeea89b92666b6ad96

Download Submit
C:\Windows\System\aAfymSj.exe

Filesize
2.0MB

MD5
6b0a3c2392de9f82ac82c2d66b8f431c

SHA1
3cc6f96bbb966d4fcf02d91dd9bc8b388b1a91f5

SHA256
999ca96b9952388e1792d6cc15c5973b77044e905410a5420df5385cff81722b

SHA512
676ff517c8738e6196bc4c1456053e7adda5a836fe7c57a9aa90282460644ae0713cddf63190c6c8c01c832a3d60b07e92172b14e82d743f28d8dd711c034005

Download Submit
C:\Windows\System\aFmghGS.exe

Filesize
2.0MB

MD5
0c017d97ca915cd1deb474dfe6be6077

SHA1
efa74f6e31371209cd50af7cf39aed4d2e0bc349

SHA256
627dd56dd3ca1d8b4cb2af7f9d5b9c7027878c1399c734e290e5c7a6231c68a1

SHA512
c20df5013b82da7f0e48f8c8882dd381e2d066d36c7c7487d95beaec3d49c53a27b9b392bdba91198023c80c81361d53590ecd308fecb9906b35efcf8b10329c

Download Submit
C:\Windows\System\gMYYqyR.exe

Filesize
2.0MB

MD5
fdcb871166843b8e81373d8702f3562b

SHA1
66917ca42dc72c65287e6450983be9ef5a4051b4

SHA256
10c51e0adaec22855b8ed2a870af820a72a831b0eaf881dda8bb4bb47a138eab

SHA512
43bc875dc3ca04b2c3bdf9980709145122704ab853043d75a54f72796d752256d23f3511c0730bdf1a5635a1dd2371e8017f5bfeae2cb80e72eeea24dd31255e

Download Submit
C:\Windows\System\hIeHIXH.exe

Filesize
2.0MB

MD5
3a29b81da9475ac1a21605164060824a

SHA1
c40bfc6b615be7f62289b4881d3270e9a0c04fa6

SHA256
001aff906d10cfc265c012a4458ed2767af2312e0bba09af08e76079526ec8ca

SHA512
117c73e3eb93c1c1a52af8d7ec963eb0e88131f3750940e1f2ad6203b351b05732d87f0936e93dad708b8499770468092c0259c9bb97f307c45f4d9696958ca8

Download Submit
C:\Windows\System\hRajjAO.exe

Filesize
2.0MB

MD5
4790181365ef67c410ee9feed6e8df56

SHA1
0a855325b76f6a10a73ac46dc4a4e65454ba2795

SHA256
c19482684d6f9b6bbadae06dfbf57f24e9846d9da8881d007457775361526d04

SHA512
07b149ae0dcb3292fc8ddc5497e0a0c039f26fa53e9b62ec3e5cf4b5ff09c98144058f72896797141218ce5bd2b9b2fccf2dca624e7809b5caae9ff95615a77c

Download Submit
C:\Windows\System\hpiSxDZ.exe

Filesize
2.0MB

MD5
79abfe2879e50ce0b9eea0413b69f860

SHA1
47f3ed902b5a5dc26494ddd232afce6fb61de290

SHA256
2679eeb8f6fe4c34492686b5a24ea5c561ba8f93731fc22131455d8816e9441e

SHA512
04245e6fda475a1c4814a1ee8e94e8d5d52e851f6e521ffd9283b9b274bb62523ef2d58d4443742edca5ae0309801c6238887ae060f56565d2ae44a551b62618

Download Submit
C:\Windows\System\iGlIWVh.exe

Filesize
2.0MB

MD5
5da2221be269fc5fbdc5ffa0f27c062c

SHA1
c5ddfd3b35f1e5263037fcd773d7803dce829f52

SHA256
fd89bb2cd20cbcd3e2a90db52fdc22684a7896c3b1322efd968aa72be2e822a0

SHA512
a66ff7e305e3e2e43b13b224a16e7d2f0be80d44ffb9fae0567fc50c774d53a6f6fff6a01817c6c6b3284b918ffc2987c88a4216362c44db248a4d2e024729c7

Download Submit
C:\Windows\System\kOZzAHF.exe

Filesize
2.0MB

MD5
cddbc90a1ea3343c0f5537777db37ebf

SHA1
5db0a11da97c28e72e3914a5d9af5a8eda074fb9

SHA256
ba64fe88c1a096f3236b0b27345e8a4691529ed544d80d805e390f0d96468ea5

SHA512
d3054b0379562152c93b95a96528fb76382e9c7467582e087fc07376be60d29806136a4bfe387affe8b20618de35bb65f1b9979b5cd154110eaae7104ac87879

Download Submit
C:\Windows\System\lGqjHzb.exe

Filesize
2.0MB

MD5
85fea88c9ca83681f2b396823d5d12f0

SHA1
7ee322374a314ee4604adb2e9ad3ee9d779e86b4

SHA256
dc9a0315013510454e8543a2eeeb118c88e43aa871bbbbefc1877ac78b2439b2

SHA512
0660f9a8554f9f55103506d354204dc223a2dc040e7186ddd92c46163716b974df9e875692be80df6d374251e2e83d1280e15782e804192c895c422fa7a9b1fc

Download Submit
C:\Windows\System\lMAXAUh.exe

Filesize
2.0MB

MD5
7ec8a624d9b08c69b4322825f5b63525

SHA1
d6d332a46e162ccd039c1464befd128a5e482bee

SHA256
db99d91b06689cede7a0e97cda2dda72591d4d988158bfd5ab8846c54439fa08

SHA512
a4bf09742327a32d61fdebf986dc3a005c9165c18c9a2a45e6a4c5d720c5fed95327c2406329ba0dcd6edc81f29ca1c6dfeada0f2be60745931a6ce3c5e99990

Download Submit
C:\Windows\System\nMPMFwm.exe

Filesize
2.0MB

MD5
be6a3b4c7e6d214cb290e8abbabb1185

SHA1
10361d9d5ee35e879e03660ab69709a795b99d95

SHA256
74ff7507081bc6d0619de6c29520c8b16c6b4ece6bf03962ea2404bfac80aa54

SHA512
ad9a839be3238f3aee428e2c355d76764a4cd9ac3942210b5e5afd6391f73d6bf92ca0c2ff6d388f050660ec0a7ae954f2b2f12edf5f049060265b16c945d388

Download Submit
C:\Windows\System\nlJVASU.exe

Filesize
2.0MB

MD5
ac29e95f99200fa8c4587ecbd09a77aa

SHA1
dd1bfe004ea2114f20d451fceba9e0339d81919f

SHA256
39b9f0383502b2e272174d90979cb2c57dad57bf4e17c5c21f3af1521d2833d1

SHA512
330baae6cdf9f6b68044c8a391354817ddf4c78ee8e57c9a45f5c24fcd5f67cce3c5218b761a905f378dc2f29833dc3743041c29c49407fb0b91084890acf375

Download Submit
C:\Windows\System\qUUYluN.exe

Filesize
2.0MB

MD5
e4b11d35b8fbbdd6bbdad8b40a538e15

SHA1
84fb2f8375641b2a8af28db7fed3cff68fd6f790

SHA256
57059646586d045ba3d14fd5570467d758b49713446b09d5981c920daa203d96

SHA512
bd1c42b0c1e4bd8872b4297b56eab12fc945ab3ebddd13af5d8894433dc67bd24bedb94f1dae5ca83feb65460e9cb8c5951dbb65d8c120b169f5df5052dba9b2

Download Submit
C:\Windows\System\rZjihHU.exe

Filesize
2.0MB

MD5
06b45ab6f6382bd3cb1da813790e1d40

SHA1
3ef0551b1c01f2ca95208c79eaf3a38aa408f9fc

SHA256
be41a34401f134ef7467402c517462f91986630437f28f476eee54d057828535

SHA512
34f104409759ba01cb26152dcc879b8d3ec6dcf1616dfea62b44b699ca5f718bcde05cc29912bf4c091ba6e396ff6b34bb08c410fa5cde9df1dd966ee79e7283

Download Submit
C:\Windows\System\tbVfGYm.exe

Filesize
2.0MB

MD5
9d3aeb26ab91c608d0b721f4b9f1f568

SHA1
22f237f123da2c6e83fd64d342892a9852735f4e

SHA256
9ac9313f007a01822db4de9d54838e6ed6fd77051e7be5fa1608b58cdefa925b

SHA512
e708a3cd43097e92a414ca1acd0904ed6a3f7fa02770b71b277e7f0c7641d80635180a7aa9f055a023d55a4bd0eeaf324063f67d0e892e8481b7f5db38eafff4

Download Submit
C:\Windows\System\uAovRRq.exe

Filesize
2.0MB

MD5
3dfb554e596678897249579dd7f10713

SHA1
631bbf8bc473c40cb48370c1109f03cc603d22f4

SHA256
4d1e84927240ec1c6d883f656023a5f45db530bcf24e232d19bc12d37f8b5d4c

SHA512
d4e199ce6876720349435e4565acf86d3890b15323a8a7203745acdfa50e9df1656118e7505d439092d0f80df70e1186cfa563ed48f9fb310412785a3d065eaa

Download Submit
C:\Windows\System\yEKOQez.exe

Filesize
2.0MB

MD5
ddf7d1a67fd27b982039e8a51449e366

SHA1
f49921b91fa85ed9e026dbeb2dc4062b45f86001

SHA256
1afa4711368d3852aabcf4e226bb1479bd464f0458642c6aa0c445d45a3b7084

SHA512
3fa316a0306614e02fcf3f753bde58edd7b33f9ff74b902415c7ee1cf3d9cc375ce1370c2d2b980c96ad011e3ed4aa4dcc330a272e4c87a7fc1329298313b413

Download Submit
C:\Windows\System\yJwyqiy.exe

Filesize
2.0MB

MD5
529db2eafb6a0da3249327719f8f3720

SHA1
6640508b4657fd8f1de2ced9564a8a592aa21b44

SHA256
3449ddc41205dbf7897731c9d829dcaa5e5c0e2b7ba5c9d6f52558553e0e2d6a

SHA512
265e23e427797190d05dd4bf9644c18c5d33a7460c3d76dcbd60244d12c8e0b9759112f255e949303edfbc06deb9b4017aa84adfdc076ee13bead322bba7f4a6

Download Submit
C:\Windows\System\zeelIET.exe

Filesize
2.0MB

MD5
c94657792f74d491f251ac8b45f42674

SHA1
b45fb8db11d2d148068ce7a37577373be4d94ce9

SHA256
86d513bba8642db8eb35e2451860366d948e30f0592fe57d270f68ba70396e87

SHA512
2e5bce3fe8883902d763f9b62dec871008fbeb9b15b1157bc22472cad227e0375e5533dcde89bf3d6637dfae0d7518322daeed119ae75b38c55c0edb584d5573

Download Submit
C:\Windows\System\ziVNtVX.exe

Filesize
2.0MB

MD5
176f82c75198f3b9a5496963583241d3

SHA1
ac3557f7aec3b2b1519328e09ede3b605bf98967

SHA256
1b9a023d04e2585386a221ac146ff55d5c6c03f4212a9d088e31d4b9f5c8921f

SHA512
c30e7ac3521671e7d55fc0fb06d928fa662559817443ecbe193fd4b99074b767935296ba75b82301590206a32eb8803c112a0905650a89c1b5ead07277317f5c

Download Submit
memory/396-50-0x00007FF616A90000-0x00007FF616DE4000-memory.dmp

Filesize
3.3MB

Download
memory/396-2135-0x00007FF616A90000-0x00007FF616DE4000-memory.dmp

Filesize
3.3MB

Download
memory/972-2153-0x00007FF71ABB0000-0x00007FF71AF04000-memory.dmp

Filesize
3.3MB

Download
memory/972-215-0x00007FF71ABB0000-0x00007FF71AF04000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2154-0x00007FF62CA00000-0x00007FF62CD54000-memory.dmp

Filesize
3.3MB

Download
memory/1044-217-0x00007FF62CA00000-0x00007FF62CD54000-memory.dmp

Filesize
3.3MB

Download
memory/1088-212-0x00007FF7CA8A0000-0x00007FF7CABF4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2155-0x00007FF7CA8A0000-0x00007FF7CABF4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-2136-0x00007FF6267B0000-0x00007FF626B04000-memory.dmp

Filesize
3.3MB

Download
memory/1096-46-0x00007FF6267B0000-0x00007FF626B04000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2158-0x00007FF6DDC80000-0x00007FF6DDFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-210-0x00007FF6DDC80000-0x00007FF6DDFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1212-214-0x00007FF7D9210000-0x00007FF7D9564000-memory.dmp

Filesize
3.3MB

Download
memory/1212-2142-0x00007FF7D9210000-0x00007FF7D9564000-memory.dmp

Filesize
3.3MB

Download
memory/1436-16-0x00007FF606C10000-0x00007FF606F64000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2133-0x00007FF606C10000-0x00007FF606F64000-memory.dmp

Filesize
3.3MB

Download
memory/1436-2126-0x00007FF606C10000-0x00007FF606F64000-memory.dmp

Filesize
3.3MB

Download
memory/1520-2128-0x00007FF642940000-0x00007FF642C94000-memory.dmp

Filesize
3.3MB

Download
memory/1520-2152-0x00007FF642940000-0x00007FF642C94000-memory.dmp

Filesize
3.3MB

Download
memory/1520-127-0x00007FF642940000-0x00007FF642C94000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2144-0x00007FF73FA80000-0x00007FF73FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-193-0x00007FF73FA80000-0x00007FF73FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-42-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp

Filesize
3.3MB

Download
memory/1788-2132-0x00007FF6EC8D0000-0x00007FF6ECC24000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2141-0x00007FF621C80000-0x00007FF621FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-105-0x00007FF621C80000-0x00007FF621FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2127-0x00007FF621C80000-0x00007FF621FD4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-79-0x00007FF773BA0000-0x00007FF773EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2139-0x00007FF773BA0000-0x00007FF773EF4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-49-0x00007FF68A770000-0x00007FF68AAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2131-0x00007FF68A770000-0x00007FF68AAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3100-2147-0x00007FF606D40000-0x00007FF607094000-memory.dmp

Filesize
3.3MB

Download
memory/3100-213-0x00007FF606D40000-0x00007FF607094000-memory.dmp

Filesize
3.3MB

Download
memory/3244-209-0x00007FF75DC70000-0x00007FF75DFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2157-0x00007FF75DC70000-0x00007FF75DFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3416-189-0x00007FF781920000-0x00007FF781C74000-memory.dmp

Filesize
3.3MB

Download
memory/3416-2140-0x00007FF781920000-0x00007FF781C74000-memory.dmp

Filesize
3.3MB

Download
memory/3536-2156-0x00007FF6185E0000-0x00007FF618934000-memory.dmp

Filesize
3.3MB

Download
memory/3536-218-0x00007FF6185E0000-0x00007FF618934000-memory.dmp

Filesize
3.3MB

Download
memory/3996-1-0x000001DEA25C0000-0x000001DEA25D0000-memory.dmp

Filesize
64KB

Download
memory/3996-2125-0x00007FF772670000-0x00007FF7729C4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-0-0x00007FF772670000-0x00007FF7729C4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2149-0x00007FF6F1200000-0x00007FF6F1554000-memory.dmp

Filesize
3.3MB

Download
memory/4048-216-0x00007FF6F1200000-0x00007FF6F1554000-memory.dmp

Filesize
3.3MB

Download
memory/4128-182-0x00007FF734740000-0x00007FF734A94000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2151-0x00007FF734740000-0x00007FF734A94000-memory.dmp

Filesize
3.3MB

Download
memory/4284-2148-0x00007FF733680000-0x00007FF7339D4000-memory.dmp

Filesize
3.3MB

Download
memory/4284-211-0x00007FF733680000-0x00007FF7339D4000-memory.dmp

Filesize
3.3MB

Download
memory/4296-2137-0x00007FF676880000-0x00007FF676BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4296-45-0x00007FF676880000-0x00007FF676BD4000-memory.dmp

Filesize
3.3MB

Download
memory/4344-2143-0x00007FF7F2450000-0x00007FF7F27A4000-memory.dmp

Filesize
3.3MB

Download
memory/4344-157-0x00007FF7F2450000-0x00007FF7F27A4000-memory.dmp

Filesize
3.3MB

Download
memory/4344-2129-0x00007FF7F2450000-0x00007FF7F27A4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-71-0x00007FF7DE9A0000-0x00007FF7DECF4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2138-0x00007FF7DE9A0000-0x00007FF7DECF4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-38-0x00007FF6D2CF0000-0x00007FF6D3044000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2130-0x00007FF6D2CF0000-0x00007FF6D3044000-memory.dmp

Filesize
3.3MB

Download
memory/4728-205-0x00007FF6B04B0000-0x00007FF6B0804000-memory.dmp

Filesize
3.3MB

Download
memory/4728-2145-0x00007FF6B04B0000-0x00007FF6B0804000-memory.dmp

Filesize
3.3MB

Download
memory/4740-204-0x00007FF66D000000-0x00007FF66D354000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2150-0x00007FF66D000000-0x00007FF66D354000-memory.dmp

Filesize
3.3MB

Download
memory/4992-41-0x00007FF7577E0000-0x00007FF757B34000-memory.dmp

Filesize
3.3MB

Download
memory/4992-2134-0x00007FF7577E0000-0x00007FF757B34000-memory.dmp

Filesize
3.3MB

Download
memory/5068-194-0x00007FF686F80000-0x00007FF6872D4000-memory.dmp

Filesize
3.3MB

Download
memory/5068-2146-0x00007FF686F80000-0x00007FF6872D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads