xmrig | 9d338ce48d3074aa4df000466dca9260efd92478cd2b9009400f498f6abff207

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 19:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
Size

1.5MB
MD5

2ec5405f55fb2acf992f6309b01d1f20
SHA1

7960b367ed2d37744398eddeb4e01e07aac2965a
SHA256

9d338ce48d3074aa4df000466dca9260efd92478cd2b9009400f498f6abff207
SHA512

8d5494d72499fe797bdc74ec01835734fc336a22ea4c53b10955852070cfc1f316c0e30a2a6d958977ef1218435933c1d94bcd9e7099159e4ca4e0fdfa4f47cd
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XCejQCCLtZt4Hpti/3AFdH6RK:knw9oUUEEDlGUrMNi/3ADaQ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral2/memory/4636-11-0x00007FF792BE0000-0x00007FF792FD1000-memory.dmp	xmrig
behavioral2/memory/3500-220-0x00007FF67B200000-0x00007FF67B5F1000-memory.dmp	xmrig
behavioral2/memory/3932-233-0x00007FF73BD20000-0x00007FF73C111000-memory.dmp	xmrig
behavioral2/memory/2260-251-0x00007FF69B400000-0x00007FF69B7F1000-memory.dmp	xmrig
behavioral2/memory/5644-1404-0x00007FF62A750000-0x00007FF62AB41000-memory.dmp	xmrig
behavioral2/memory/4044-1930-0x00007FF6492C0000-0x00007FF6496B1000-memory.dmp	xmrig
behavioral2/memory/3100-1999-0x00007FF776490000-0x00007FF776881000-memory.dmp	xmrig
behavioral2/memory/2532-2021-0x00007FF6B8730000-0x00007FF6B8B21000-memory.dmp	xmrig
behavioral2/memory/5340-2022-0x00007FF63CAA0000-0x00007FF63CE91000-memory.dmp	xmrig
behavioral2/memory/3368-804-0x00007FF6D5830000-0x00007FF6D5C21000-memory.dmp	xmrig
behavioral2/memory/4636-799-0x00007FF792BE0000-0x00007FF792FD1000-memory.dmp	xmrig
behavioral2/memory/1552-2023-0x00007FF766650000-0x00007FF766A41000-memory.dmp	xmrig
behavioral2/memory/2192-260-0x00007FF650CB0000-0x00007FF6510A1000-memory.dmp	xmrig
behavioral2/memory/5608-257-0x00007FF6B80C0000-0x00007FF6B84B1000-memory.dmp	xmrig
behavioral2/memory/4768-254-0x00007FF6E9BD0000-0x00007FF6E9FC1000-memory.dmp	xmrig
behavioral2/memory/5660-253-0x00007FF682680000-0x00007FF682A71000-memory.dmp	xmrig
behavioral2/memory/3632-247-0x00007FF7C22A0000-0x00007FF7C2691000-memory.dmp	xmrig
behavioral2/memory/4076-226-0x00007FF6D31A0000-0x00007FF6D3591000-memory.dmp	xmrig
behavioral2/memory/4856-217-0x00007FF61D3F0000-0x00007FF61D7E1000-memory.dmp	xmrig
behavioral2/memory/5260-87-0x00007FF731330000-0x00007FF731721000-memory.dmp	xmrig
behavioral2/memory/3100-86-0x00007FF776490000-0x00007FF776881000-memory.dmp	xmrig
behavioral2/memory/5788-66-0x00007FF7604D0000-0x00007FF7608C1000-memory.dmp	xmrig
behavioral2/memory/5304-65-0x00007FF780C40000-0x00007FF781031000-memory.dmp	xmrig
behavioral2/memory/5420-59-0x00007FF6471E0000-0x00007FF6475D1000-memory.dmp	xmrig
behavioral2/memory/5644-50-0x00007FF62A750000-0x00007FF62AB41000-memory.dmp	xmrig
behavioral2/memory/5492-38-0x00007FF642940000-0x00007FF642D31000-memory.dmp	xmrig
behavioral2/memory/540-30-0x00007FF676740000-0x00007FF676B31000-memory.dmp	xmrig
behavioral2/memory/4636-2070-0x00007FF792BE0000-0x00007FF792FD1000-memory.dmp	xmrig
behavioral2/memory/3368-2072-0x00007FF6D5830000-0x00007FF6D5C21000-memory.dmp	xmrig
behavioral2/memory/4044-2074-0x00007FF6492C0000-0x00007FF6496B1000-memory.dmp	xmrig
behavioral2/memory/540-2076-0x00007FF676740000-0x00007FF676B31000-memory.dmp	xmrig
behavioral2/memory/5492-2078-0x00007FF642940000-0x00007FF642D31000-memory.dmp	xmrig
behavioral2/memory/5420-2080-0x00007FF6471E0000-0x00007FF6475D1000-memory.dmp	xmrig
behavioral2/memory/5644-2082-0x00007FF62A750000-0x00007FF62AB41000-memory.dmp	xmrig
behavioral2/memory/4588-2084-0x00007FF60DFF0000-0x00007FF60E3E1000-memory.dmp	xmrig
behavioral2/memory/5788-2086-0x00007FF7604D0000-0x00007FF7608C1000-memory.dmp	xmrig
behavioral2/memory/5304-2088-0x00007FF780C40000-0x00007FF781031000-memory.dmp	xmrig
behavioral2/memory/2532-2090-0x00007FF6B8730000-0x00007FF6B8B21000-memory.dmp	xmrig
behavioral2/memory/1552-2092-0x00007FF766650000-0x00007FF766A41000-memory.dmp	xmrig
behavioral2/memory/5340-2094-0x00007FF63CAA0000-0x00007FF63CE91000-memory.dmp	xmrig
behavioral2/memory/5260-2096-0x00007FF731330000-0x00007FF731721000-memory.dmp	xmrig
behavioral2/memory/3500-2100-0x00007FF67B200000-0x00007FF67B5F1000-memory.dmp	xmrig
behavioral2/memory/4076-2102-0x00007FF6D31A0000-0x00007FF6D3591000-memory.dmp	xmrig
behavioral2/memory/4856-2098-0x00007FF61D3F0000-0x00007FF61D7E1000-memory.dmp	xmrig
behavioral2/memory/3932-2104-0x00007FF73BD20000-0x00007FF73C111000-memory.dmp	xmrig
behavioral2/memory/3632-2106-0x00007FF7C22A0000-0x00007FF7C2691000-memory.dmp	xmrig
behavioral2/memory/5608-2114-0x00007FF6B80C0000-0x00007FF6B84B1000-memory.dmp	xmrig
behavioral2/memory/2192-2116-0x00007FF650CB0000-0x00007FF6510A1000-memory.dmp	xmrig
behavioral2/memory/4768-2112-0x00007FF6E9BD0000-0x00007FF6E9FC1000-memory.dmp	xmrig
behavioral2/memory/5660-2110-0x00007FF682680000-0x00007FF682A71000-memory.dmp	xmrig
behavioral2/memory/2260-2108-0x00007FF69B400000-0x00007FF69B7F1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4636	PuiECie.exe
3368	rXpvtFu.exe
4044	qGIShCy.exe
540	PUnRDTu.exe
5492	mgZtDrh.exe
5420	IqFZYAB.exe
5644	RyqLxfA.exe
4588	sfMmFJy.exe
5788	IfMtBRy.exe
5304	ZyjfQAG.exe
2532	aNrqUKU.exe
5340	LjuFBmj.exe
1552	FljaXaQ.exe
5260	OoYxasi.exe
4856	QyytkXr.exe
3500	XQKqzYQ.exe
4076	UrqxwID.exe
3932	rutlpbO.exe
3632	qYFrkpK.exe
2260	dHymcVO.exe
5660	jJXJwXX.exe
4768	pGVIhrJ.exe
5608	ZBGDwcn.exe
2192	eHLixBg.exe
5752	XwyJBfG.exe
3768	zQXuFsB.exe
1900	LbsZXSe.exe
5220	BtCxTlb.exe
3628	fTaLZKj.exe
3404	dzDmUwz.exe
6056	tSlUbzu.exe
824	ioFUvRU.exe
2184	ucjcBWK.exe
3708	dwwacIk.exe
3612	rdfuOeo.exe
3140	PhBThWk.exe
3340	EYVOlOg.exe
116	HhaPXZG.exe
2572	wkvwKAr.exe
2004	jKipOPq.exe
6000	VrxLALd.exe
3520	PVwusol.exe
1300	uVunaqj.exe
5144	kBRgPHw.exe
2712	gWxxkuy.exe
4656	HGnytLO.exe
5080	frgKHgT.exe
2112	SppPWLy.exe
3928	UAKOtIK.exe
2304	meltbRQ.exe
4188	fsnqjDm.exe
4360	ktHqbCv.exe
4736	XlsigIA.exe
5128	obpOTFe.exe
2800	MCXetNU.exe
776	AfzzvUd.exe
1440	uBgfnKF.exe
5704	bQNnVBg.exe
5736	FknpAcA.exe
4084	uoBwLfN.exe
4956	ZgBuXnl.exe
3476	HWvBHOz.exe
5396	ffqqulw.exe
816	YgZlujy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3100-0-0x00007FF776490000-0x00007FF776881000-memory.dmp	upx
behavioral2/files/0x0008000000023421-6.dat	upx
behavioral2/files/0x0007000000023425-8.dat	upx
behavioral2/memory/4636-11-0x00007FF792BE0000-0x00007FF792FD1000-memory.dmp	upx
behavioral2/files/0x0007000000023426-10.dat	upx
behavioral2/memory/3368-13-0x00007FF6D5830000-0x00007FF6D5C21000-memory.dmp	upx
behavioral2/files/0x0007000000023427-21.dat	upx
behavioral2/files/0x0007000000023428-28.dat	upx
behavioral2/files/0x000700000002342a-41.dat	upx
behavioral2/files/0x000700000002342b-46.dat	upx
behavioral2/files/0x000700000002342d-53.dat	upx
behavioral2/memory/4588-63-0x00007FF60DFF0000-0x00007FF60E3E1000-memory.dmp	upx
behavioral2/memory/5340-73-0x00007FF63CAA0000-0x00007FF63CE91000-memory.dmp	upx
behavioral2/files/0x000700000002342f-76.dat	upx
behavioral2/files/0x0007000000023431-82.dat	upx
behavioral2/files/0x0007000000023431-83.dat	upx
behavioral2/memory/1552-75-0x00007FF766650000-0x00007FF766A41000-memory.dmp	upx
behavioral2/files/0x0007000000023430-78.dat	upx
behavioral2/files/0x0007000000023432-91.dat	upx
behavioral2/files/0x0007000000023434-101.dat	upx
behavioral2/files/0x0007000000023436-111.dat	upx
behavioral2/files/0x0007000000023438-121.dat	upx
behavioral2/files/0x000700000002343d-146.dat	upx
behavioral2/files/0x000700000002343f-154.dat	upx
behavioral2/files/0x0007000000023441-166.dat	upx
behavioral2/memory/3500-220-0x00007FF67B200000-0x00007FF67B5F1000-memory.dmp	upx
behavioral2/memory/3932-233-0x00007FF73BD20000-0x00007FF73C111000-memory.dmp	upx
behavioral2/memory/2260-251-0x00007FF69B400000-0x00007FF69B7F1000-memory.dmp	upx
behavioral2/memory/5644-1404-0x00007FF62A750000-0x00007FF62AB41000-memory.dmp	upx
behavioral2/memory/4044-1930-0x00007FF6492C0000-0x00007FF6496B1000-memory.dmp	upx
behavioral2/memory/3100-1999-0x00007FF776490000-0x00007FF776881000-memory.dmp	upx
behavioral2/memory/2532-2021-0x00007FF6B8730000-0x00007FF6B8B21000-memory.dmp	upx
behavioral2/memory/5340-2022-0x00007FF63CAA0000-0x00007FF63CE91000-memory.dmp	upx
behavioral2/memory/3368-804-0x00007FF6D5830000-0x00007FF6D5C21000-memory.dmp	upx
behavioral2/memory/4636-799-0x00007FF792BE0000-0x00007FF792FD1000-memory.dmp	upx
behavioral2/memory/1552-2023-0x00007FF766650000-0x00007FF766A41000-memory.dmp	upx
behavioral2/memory/2192-260-0x00007FF650CB0000-0x00007FF6510A1000-memory.dmp	upx
behavioral2/memory/5608-257-0x00007FF6B80C0000-0x00007FF6B84B1000-memory.dmp	upx
behavioral2/memory/4768-254-0x00007FF6E9BD0000-0x00007FF6E9FC1000-memory.dmp	upx
behavioral2/memory/5660-253-0x00007FF682680000-0x00007FF682A71000-memory.dmp	upx
behavioral2/memory/3632-247-0x00007FF7C22A0000-0x00007FF7C2691000-memory.dmp	upx
behavioral2/memory/4076-226-0x00007FF6D31A0000-0x00007FF6D3591000-memory.dmp	upx
behavioral2/memory/4856-217-0x00007FF61D3F0000-0x00007FF61D7E1000-memory.dmp	upx
behavioral2/files/0x0007000000023443-176.dat	upx
behavioral2/files/0x0007000000023442-172.dat	upx
behavioral2/files/0x0007000000023440-161.dat	upx
behavioral2/files/0x000700000002343e-149.dat	upx
behavioral2/files/0x000700000002343c-141.dat	upx
behavioral2/files/0x000700000002343c-139.dat	upx
behavioral2/files/0x000700000002343b-136.dat	upx
behavioral2/files/0x0007000000023439-126.dat	upx
behavioral2/files/0x0007000000023438-119.dat	upx
behavioral2/files/0x0007000000023437-117.dat	upx
behavioral2/files/0x0007000000023436-109.dat	upx
behavioral2/files/0x0007000000023435-106.dat	upx
behavioral2/files/0x0008000000023422-96.dat	upx
behavioral2/memory/5260-87-0x00007FF731330000-0x00007FF731721000-memory.dmp	upx
behavioral2/memory/3100-86-0x00007FF776490000-0x00007FF776881000-memory.dmp	upx
behavioral2/memory/2532-70-0x00007FF6B8730000-0x00007FF6B8B21000-memory.dmp	upx
behavioral2/files/0x000700000002342e-67.dat	upx
behavioral2/memory/5788-66-0x00007FF7604D0000-0x00007FF7608C1000-memory.dmp	upx
behavioral2/memory/5304-65-0x00007FF780C40000-0x00007FF781031000-memory.dmp	upx
behavioral2/memory/5420-59-0x00007FF6471E0000-0x00007FF6475D1000-memory.dmp	upx
behavioral2/files/0x000700000002342c-55.dat	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\JwBELMo.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\zfQPZBQ.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\PNesvpL.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\lZNIXxn.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\pGVIhrJ.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\XjQmFRu.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\qLLUfYZ.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\nrDZaXl.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\wJtSHTo.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\bxpqIMZ.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\KcbgVrQ.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\ZgBuXnl.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\oWMGyPE.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\sGXXugM.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\MkIBxaS.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\MpudOML.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\qNBZexA.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\tbKSxJr.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\SkRxWUY.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\usUxhHA.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\LYlEkyK.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\lNasPKp.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\ZoQyAjM.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\mRhZdKp.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\zTfyEjD.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\mmwfaRM.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\ptNqcUp.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\ZyMZjvB.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\hMSxgot.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\fXXSgQH.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\EZQZNeM.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\jKipOPq.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\MYaIZad.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\PovIzsA.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\IvrdrZU.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\wjHWelh.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\HlULlvS.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\TGvbpvU.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\HRsXxtR.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\WzWjrjM.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\XdGxzQa.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\fIGxduf.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\IfMtBRy.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\cvKeNFp.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\jPSUMiN.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\DAEQOcn.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\xNbxJnP.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\tSlUbzu.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\HGcwIXU.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\yYipRsJ.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\mMuLXnQ.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\KYrpmJy.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\rfVYadQ.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\UjozrCy.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\rdTzYYP.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\cDhBGDG.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\INHPgZp.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\CIPuRMm.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\cTXFmFC.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\qfngQUo.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\qVhSWhO.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\yrTGdys.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\XxJWtpk.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
File created	C:\Windows\System32\qXYpVvq.exe	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2896	dwm.exe
Token: SeChangeNotifyPrivilege	2896	dwm.exe
Token: 33	2896	dwm.exe
Token: SeIncBasePriorityPrivilege	2896	dwm.exe
Token: SeShutdownPrivilege	2896	dwm.exe
Token: SeCreatePagefilePrivilege	2896	dwm.exe
Token: SeShutdownPrivilege	2896	dwm.exe
Token: SeCreatePagefilePrivilege	2896	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 4636	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	84
PID 3100 wrote to memory of 4636	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	84
PID 3100 wrote to memory of 3368	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	85
PID 3100 wrote to memory of 3368	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	85
PID 3100 wrote to memory of 4044	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	86
PID 3100 wrote to memory of 4044	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	86
PID 3100 wrote to memory of 540	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	87
PID 3100 wrote to memory of 540	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	87
PID 3100 wrote to memory of 5492	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	88
PID 3100 wrote to memory of 5492	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	88
PID 3100 wrote to memory of 5420	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	89
PID 3100 wrote to memory of 5420	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	89
PID 3100 wrote to memory of 5644	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	90
PID 3100 wrote to memory of 5644	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	90
PID 3100 wrote to memory of 4588	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	91
PID 3100 wrote to memory of 4588	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	91
PID 3100 wrote to memory of 5788	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	92
PID 3100 wrote to memory of 5788	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	92
PID 3100 wrote to memory of 5304	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	93
PID 3100 wrote to memory of 5304	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	93
PID 3100 wrote to memory of 2532	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	94
PID 3100 wrote to memory of 2532	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	94
PID 3100 wrote to memory of 5340	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	95
PID 3100 wrote to memory of 5340	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	95
PID 3100 wrote to memory of 1552	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	96
PID 3100 wrote to memory of 1552	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	96
PID 3100 wrote to memory of 5260	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	97
PID 3100 wrote to memory of 5260	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	97
PID 3100 wrote to memory of 4856	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	98
PID 3100 wrote to memory of 4856	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	98
PID 3100 wrote to memory of 3500	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	99
PID 3100 wrote to memory of 3500	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	99
PID 3100 wrote to memory of 4076	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	100
PID 3100 wrote to memory of 4076	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	100
PID 3100 wrote to memory of 3932	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	101
PID 3100 wrote to memory of 3932	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	101
PID 3100 wrote to memory of 3632	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	102
PID 3100 wrote to memory of 3632	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	102
PID 3100 wrote to memory of 2260	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	103
PID 3100 wrote to memory of 2260	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	103
PID 3100 wrote to memory of 5660	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	104
PID 3100 wrote to memory of 5660	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	104
PID 3100 wrote to memory of 4768	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	105
PID 3100 wrote to memory of 4768	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	105
PID 3100 wrote to memory of 5608	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	106
PID 3100 wrote to memory of 5608	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	106
PID 3100 wrote to memory of 2192	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	107
PID 3100 wrote to memory of 2192	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	107
PID 3100 wrote to memory of 5752	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	108
PID 3100 wrote to memory of 5752	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	108
PID 3100 wrote to memory of 3768	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	109
PID 3100 wrote to memory of 3768	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	109
PID 3100 wrote to memory of 1900	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	110
PID 3100 wrote to memory of 1900	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	110
PID 3100 wrote to memory of 5220	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	111
PID 3100 wrote to memory of 5220	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	111
PID 3100 wrote to memory of 3628	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	112
PID 3100 wrote to memory of 3628	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	112
PID 3100 wrote to memory of 3404	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	113
PID 3100 wrote to memory of 3404	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	113
PID 3100 wrote to memory of 6056	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	114
PID 3100 wrote to memory of 6056	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	114
PID 3100 wrote to memory of 824	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	115
PID 3100 wrote to memory of 824	3100	2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe	115

C:\Users\Admin\AppData\Local\Temp\2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\2ec5405f55fb2acf992f6309b01d1f20_NEIKI.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Windows\System32\PuiECie.exe
  C:\Windows\System32\PuiECie.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System32\rXpvtFu.exe
  C:\Windows\System32\rXpvtFu.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System32\qGIShCy.exe
  C:\Windows\System32\qGIShCy.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System32\PUnRDTu.exe
  C:\Windows\System32\PUnRDTu.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System32\mgZtDrh.exe
  C:\Windows\System32\mgZtDrh.exe
  2⤵
  - Executes dropped EXE
  PID:5492
- C:\Windows\System32\IqFZYAB.exe
  C:\Windows\System32\IqFZYAB.exe
  2⤵
  - Executes dropped EXE
  PID:5420
- C:\Windows\System32\RyqLxfA.exe
  C:\Windows\System32\RyqLxfA.exe
  2⤵
  - Executes dropped EXE
  PID:5644
- C:\Windows\System32\sfMmFJy.exe
  C:\Windows\System32\sfMmFJy.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System32\IfMtBRy.exe
  C:\Windows\System32\IfMtBRy.exe
  2⤵
  - Executes dropped EXE
  PID:5788
- C:\Windows\System32\ZyjfQAG.exe
  C:\Windows\System32\ZyjfQAG.exe
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Windows\System32\aNrqUKU.exe
  C:\Windows\System32\aNrqUKU.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System32\LjuFBmj.exe
  C:\Windows\System32\LjuFBmj.exe
  2⤵
  - Executes dropped EXE
  PID:5340
- C:\Windows\System32\FljaXaQ.exe
  C:\Windows\System32\FljaXaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System32\OoYxasi.exe
  C:\Windows\System32\OoYxasi.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System32\QyytkXr.exe
  C:\Windows\System32\QyytkXr.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System32\XQKqzYQ.exe
  C:\Windows\System32\XQKqzYQ.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System32\UrqxwID.exe
  C:\Windows\System32\UrqxwID.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System32\rutlpbO.exe
  C:\Windows\System32\rutlpbO.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System32\qYFrkpK.exe
  C:\Windows\System32\qYFrkpK.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System32\dHymcVO.exe
  C:\Windows\System32\dHymcVO.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System32\jJXJwXX.exe
  C:\Windows\System32\jJXJwXX.exe
  2⤵
  - Executes dropped EXE
  PID:5660
- C:\Windows\System32\pGVIhrJ.exe
  C:\Windows\System32\pGVIhrJ.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System32\ZBGDwcn.exe
  C:\Windows\System32\ZBGDwcn.exe
  2⤵
  - Executes dropped EXE
  PID:5608
- C:\Windows\System32\eHLixBg.exe
  C:\Windows\System32\eHLixBg.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System32\XwyJBfG.exe
  C:\Windows\System32\XwyJBfG.exe
  2⤵
  - Executes dropped EXE
  PID:5752
- C:\Windows\System32\zQXuFsB.exe
  C:\Windows\System32\zQXuFsB.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System32\LbsZXSe.exe
  C:\Windows\System32\LbsZXSe.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System32\BtCxTlb.exe
  C:\Windows\System32\BtCxTlb.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System32\fTaLZKj.exe
  C:\Windows\System32\fTaLZKj.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System32\dzDmUwz.exe
  C:\Windows\System32\dzDmUwz.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System32\tSlUbzu.exe
  C:\Windows\System32\tSlUbzu.exe
  2⤵
  - Executes dropped EXE
  PID:6056
- C:\Windows\System32\ioFUvRU.exe
  C:\Windows\System32\ioFUvRU.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System32\ucjcBWK.exe
  C:\Windows\System32\ucjcBWK.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System32\dwwacIk.exe
  C:\Windows\System32\dwwacIk.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System32\rdfuOeo.exe
  C:\Windows\System32\rdfuOeo.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System32\PhBThWk.exe
  C:\Windows\System32\PhBThWk.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System32\EYVOlOg.exe
  C:\Windows\System32\EYVOlOg.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System32\HhaPXZG.exe
  C:\Windows\System32\HhaPXZG.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System32\wkvwKAr.exe
  C:\Windows\System32\wkvwKAr.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System32\jKipOPq.exe
  C:\Windows\System32\jKipOPq.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System32\VrxLALd.exe
  C:\Windows\System32\VrxLALd.exe
  2⤵
  - Executes dropped EXE
  PID:6000
- C:\Windows\System32\PVwusol.exe
  C:\Windows\System32\PVwusol.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System32\uVunaqj.exe
  C:\Windows\System32\uVunaqj.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System32\kBRgPHw.exe
  C:\Windows\System32\kBRgPHw.exe
  2⤵
  - Executes dropped EXE
  PID:5144
- C:\Windows\System32\gWxxkuy.exe
  C:\Windows\System32\gWxxkuy.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System32\HGnytLO.exe
  C:\Windows\System32\HGnytLO.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System32\frgKHgT.exe
  C:\Windows\System32\frgKHgT.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System32\SppPWLy.exe
  C:\Windows\System32\SppPWLy.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System32\meltbRQ.exe
  C:\Windows\System32\meltbRQ.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System32\UAKOtIK.exe
  C:\Windows\System32\UAKOtIK.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System32\fsnqjDm.exe
  C:\Windows\System32\fsnqjDm.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System32\ktHqbCv.exe
  C:\Windows\System32\ktHqbCv.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System32\obpOTFe.exe
  C:\Windows\System32\obpOTFe.exe
  2⤵
  - Executes dropped EXE
  PID:5128
- C:\Windows\System32\XlsigIA.exe
  C:\Windows\System32\XlsigIA.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System32\MCXetNU.exe
  C:\Windows\System32\MCXetNU.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System32\AfzzvUd.exe
  C:\Windows\System32\AfzzvUd.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System32\uBgfnKF.exe
  C:\Windows\System32\uBgfnKF.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System32\bQNnVBg.exe
  C:\Windows\System32\bQNnVBg.exe
  2⤵
  - Executes dropped EXE
  PID:5704
- C:\Windows\System32\FknpAcA.exe
  C:\Windows\System32\FknpAcA.exe
  2⤵
  - Executes dropped EXE
  PID:5736
- C:\Windows\System32\uoBwLfN.exe
  C:\Windows\System32\uoBwLfN.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System32\HWvBHOz.exe
  C:\Windows\System32\HWvBHOz.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System32\ZgBuXnl.exe
  C:\Windows\System32\ZgBuXnl.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System32\ffqqulw.exe
  C:\Windows\System32\ffqqulw.exe
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Windows\System32\YgZlujy.exe
  C:\Windows\System32\YgZlujy.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System32\wNGxYAu.exe
  C:\Windows\System32\wNGxYAu.exe
  2⤵
  PID:376
- C:\Windows\System32\qgfDDLn.exe
  C:\Windows\System32\qgfDDLn.exe
  2⤵
  PID:5656
- C:\Windows\System32\clXvOZA.exe
  C:\Windows\System32\clXvOZA.exe
  2⤵
  PID:3444
- C:\Windows\System32\gfFfskf.exe
  C:\Windows\System32\gfFfskf.exe
  2⤵
  PID:5664
- C:\Windows\System32\JZWAVQZ.exe
  C:\Windows\System32\JZWAVQZ.exe
  2⤵
  PID:5448
- C:\Windows\System32\oWMGyPE.exe
  C:\Windows\System32\oWMGyPE.exe
  2⤵
  PID:1000
- C:\Windows\System32\lnOBymK.exe
  C:\Windows\System32\lnOBymK.exe
  2⤵
  PID:5140
- C:\Windows\System32\UqrUtbw.exe
  C:\Windows\System32\UqrUtbw.exe
  2⤵
  PID:796
- C:\Windows\System32\CqgMWwR.exe
  C:\Windows\System32\CqgMWwR.exe
  2⤵
  PID:5668
- C:\Windows\System32\vjkzRLF.exe
  C:\Windows\System32\vjkzRLF.exe
  2⤵
  PID:3780
- C:\Windows\System32\BCoVlEw.exe
  C:\Windows\System32\BCoVlEw.exe
  2⤵
  PID:1020
- C:\Windows\System32\dMkDsVZ.exe
  C:\Windows\System32\dMkDsVZ.exe
  2⤵
  PID:2404
- C:\Windows\System32\ZDhWgsE.exe
  C:\Windows\System32\ZDhWgsE.exe
  2⤵
  PID:4148
- C:\Windows\System32\fDpONSf.exe
  C:\Windows\System32\fDpONSf.exe
  2⤵
  PID:1532
- C:\Windows\System32\yRrvdhm.exe
  C:\Windows\System32\yRrvdhm.exe
  2⤵
  PID:1748
- C:\Windows\System32\GzBaEap.exe
  C:\Windows\System32\GzBaEap.exe
  2⤵
  PID:4412
- C:\Windows\System32\MYaIZad.exe
  C:\Windows\System32\MYaIZad.exe
  2⤵
  PID:3004
- C:\Windows\System32\kqZDqJn.exe
  C:\Windows\System32\kqZDqJn.exe
  2⤵
  PID:5436
- C:\Windows\System32\rpoIzWr.exe
  C:\Windows\System32\rpoIzWr.exe
  2⤵
  PID:6012
- C:\Windows\System32\fLtolIL.exe
  C:\Windows\System32\fLtolIL.exe
  2⤵
  PID:448
- C:\Windows\System32\WYpmFzK.exe
  C:\Windows\System32\WYpmFzK.exe
  2⤵
  PID:4972
- C:\Windows\System32\llMXtGh.exe
  C:\Windows\System32\llMXtGh.exe
  2⤵
  PID:1760
- C:\Windows\System32\BJukvMX.exe
  C:\Windows\System32\BJukvMX.exe
  2⤵
  PID:3600
- C:\Windows\System32\fZjGFje.exe
  C:\Windows\System32\fZjGFje.exe
  2⤵
  PID:3996
- C:\Windows\System32\yrTGdys.exe
  C:\Windows\System32\yrTGdys.exe
  2⤵
  PID:400
- C:\Windows\System32\nmiVvoN.exe
  C:\Windows\System32\nmiVvoN.exe
  2⤵
  PID:5404
- C:\Windows\System32\RUIEgxW.exe
  C:\Windows\System32\RUIEgxW.exe
  2⤵
  PID:6140
- C:\Windows\System32\zmAVlYh.exe
  C:\Windows\System32\zmAVlYh.exe
  2⤵
  PID:5764
- C:\Windows\System32\hNKyRLH.exe
  C:\Windows\System32\hNKyRLH.exe
  2⤵
  PID:3056
- C:\Windows\System32\KGhSSbO.exe
  C:\Windows\System32\KGhSSbO.exe
  2⤵
  PID:5652
- C:\Windows\System32\HHlBWNq.exe
  C:\Windows\System32\HHlBWNq.exe
  2⤵
  PID:860
- C:\Windows\System32\CFpLDqY.exe
  C:\Windows\System32\CFpLDqY.exe
  2⤵
  PID:4860
- C:\Windows\System32\MvYXoVw.exe
  C:\Windows\System32\MvYXoVw.exe
  2⤵
  PID:4988
- C:\Windows\System32\BOTxcwk.exe
  C:\Windows\System32\BOTxcwk.exe
  2⤵
  PID:4552
- C:\Windows\System32\xhIeFwQ.exe
  C:\Windows\System32\xhIeFwQ.exe
  2⤵
  PID:6020
- C:\Windows\System32\EMcQQgi.exe
  C:\Windows\System32\EMcQQgi.exe
  2⤵
  PID:1540
- C:\Windows\System32\mMuLXnQ.exe
  C:\Windows\System32\mMuLXnQ.exe
  2⤵
  PID:2232
- C:\Windows\System32\XNdSmgv.exe
  C:\Windows\System32\XNdSmgv.exe
  2⤵
  PID:4280
- C:\Windows\System32\GCOvqWQ.exe
  C:\Windows\System32\GCOvqWQ.exe
  2⤵
  PID:3068
- C:\Windows\System32\DyuqErG.exe
  C:\Windows\System32\DyuqErG.exe
  2⤵
  PID:5052
- C:\Windows\System32\eMvOdpL.exe
  C:\Windows\System32\eMvOdpL.exe
  2⤵
  PID:4192
- C:\Windows\System32\EdJzJSl.exe
  C:\Windows\System32\EdJzJSl.exe
  2⤵
  PID:2612
- C:\Windows\System32\AdbfCYn.exe
  C:\Windows\System32\AdbfCYn.exe
  2⤵
  PID:2920
- C:\Windows\System32\XjQmFRu.exe
  C:\Windows\System32\XjQmFRu.exe
  2⤵
  PID:4472
- C:\Windows\System32\qNBZexA.exe
  C:\Windows\System32\qNBZexA.exe
  2⤵
  PID:5000
- C:\Windows\System32\qLLUfYZ.exe
  C:\Windows\System32\qLLUfYZ.exe
  2⤵
  PID:5580
- C:\Windows\System32\GCajOjD.exe
  C:\Windows\System32\GCajOjD.exe
  2⤵
  PID:2976
- C:\Windows\System32\IvrdrZU.exe
  C:\Windows\System32\IvrdrZU.exe
  2⤵
  PID:2888
- C:\Windows\System32\LLmCIww.exe
  C:\Windows\System32\LLmCIww.exe
  2⤵
  PID:5320
- C:\Windows\System32\OVTvcUe.exe
  C:\Windows\System32\OVTvcUe.exe
  2⤵
  PID:3820
- C:\Windows\System32\deLfsCp.exe
  C:\Windows\System32\deLfsCp.exe
  2⤵
  PID:1764
- C:\Windows\System32\iYEudKN.exe
  C:\Windows\System32\iYEudKN.exe
  2⤵
  PID:5132
- C:\Windows\System32\uFzdcYq.exe
  C:\Windows\System32\uFzdcYq.exe
  2⤵
  PID:5316
- C:\Windows\System32\nIrDtXW.exe
  C:\Windows\System32\nIrDtXW.exe
  2⤵
  PID:996
- C:\Windows\System32\JwBELMo.exe
  C:\Windows\System32\JwBELMo.exe
  2⤵
  PID:3744
- C:\Windows\System32\WmxKtsm.exe
  C:\Windows\System32\WmxKtsm.exe
  2⤵
  PID:1672
- C:\Windows\System32\nSztqwP.exe
  C:\Windows\System32\nSztqwP.exe
  2⤵
  PID:5412
- C:\Windows\System32\iIUrLdJ.exe
  C:\Windows\System32\iIUrLdJ.exe
  2⤵
  PID:3896
- C:\Windows\System32\WgftBmJ.exe
  C:\Windows\System32\WgftBmJ.exe
  2⤵
  PID:3596
- C:\Windows\System32\uailkBW.exe
  C:\Windows\System32\uailkBW.exe
  2⤵
  PID:3976
- C:\Windows\System32\JcgXFxt.exe
  C:\Windows\System32\JcgXFxt.exe
  2⤵
  PID:4896
- C:\Windows\System32\ANeXIQL.exe
  C:\Windows\System32\ANeXIQL.exe
  2⤵
  PID:2780
- C:\Windows\System32\BgDxCfF.exe
  C:\Windows\System32\BgDxCfF.exe
  2⤵
  PID:1724
- C:\Windows\System32\vIAVSEr.exe
  C:\Windows\System32\vIAVSEr.exe
  2⤵
  PID:2432
- C:\Windows\System32\GHouNxS.exe
  C:\Windows\System32\GHouNxS.exe
  2⤵
  PID:3672
- C:\Windows\System32\IaMREZN.exe
  C:\Windows\System32\IaMREZN.exe
  2⤵
  PID:4336
- C:\Windows\System32\bqGHzlr.exe
  C:\Windows\System32\bqGHzlr.exe
  2⤵
  PID:1876
- C:\Windows\System32\lSpKgSH.exe
  C:\Windows\System32\lSpKgSH.exe
  2⤵
  PID:1356
- C:\Windows\System32\aASrfox.exe
  C:\Windows\System32\aASrfox.exe
  2⤵
  PID:2396
- C:\Windows\System32\NGdXfMq.exe
  C:\Windows\System32\NGdXfMq.exe
  2⤵
  PID:3756
- C:\Windows\System32\sizlxwD.exe
  C:\Windows\System32\sizlxwD.exe
  2⤵
  PID:1916
- C:\Windows\System32\dyxjxde.exe
  C:\Windows\System32\dyxjxde.exe
  2⤵
  PID:4464
- C:\Windows\System32\VkSvdpv.exe
  C:\Windows\System32\VkSvdpv.exe
  2⤵
  PID:4248
- C:\Windows\System32\emHJmFB.exe
  C:\Windows\System32\emHJmFB.exe
  2⤵
  PID:4296
- C:\Windows\System32\XxJWtpk.exe
  C:\Windows\System32\XxJWtpk.exe
  2⤵
  PID:3492
- C:\Windows\System32\nsGtqqj.exe
  C:\Windows\System32\nsGtqqj.exe
  2⤵
  PID:4984
- C:\Windows\System32\XmCVERV.exe
  C:\Windows\System32\XmCVERV.exe
  2⤵
  PID:1216
- C:\Windows\System32\oKUILey.exe
  C:\Windows\System32\oKUILey.exe
  2⤵
  PID:4544
- C:\Windows\System32\tbKSxJr.exe
  C:\Windows\System32\tbKSxJr.exe
  2⤵
  PID:5760
- C:\Windows\System32\EjXqioj.exe
  C:\Windows\System32\EjXqioj.exe
  2⤵
  PID:4184
- C:\Windows\System32\JdPwviu.exe
  C:\Windows\System32\JdPwviu.exe
  2⤵
  PID:396
- C:\Windows\System32\OsQgjTK.exe
  C:\Windows\System32\OsQgjTK.exe
  2⤵
  PID:5292
- C:\Windows\System32\ODSdSjI.exe
  C:\Windows\System32\ODSdSjI.exe
  2⤵
  PID:3112
- C:\Windows\System32\FCOjEQi.exe
  C:\Windows\System32\FCOjEQi.exe
  2⤵
  PID:2640
- C:\Windows\System32\MpiKmxu.exe
  C:\Windows\System32\MpiKmxu.exe
  2⤵
  PID:4792
- C:\Windows\System32\ADPmLGV.exe
  C:\Windows\System32\ADPmLGV.exe
  2⤵
  PID:4468
- C:\Windows\System32\dFMfBqK.exe
  C:\Windows\System32\dFMfBqK.exe
  2⤵
  PID:4108
- C:\Windows\System32\CBnMJcF.exe
  C:\Windows\System32\CBnMJcF.exe
  2⤵
  PID:5728
- C:\Windows\System32\ZyMZjvB.exe
  C:\Windows\System32\ZyMZjvB.exe
  2⤵
  PID:6156
- C:\Windows\System32\NZtHZzP.exe
  C:\Windows\System32\NZtHZzP.exe
  2⤵
  PID:6180
- C:\Windows\System32\FrXZGnc.exe
  C:\Windows\System32\FrXZGnc.exe
  2⤵
  PID:6200
- C:\Windows\System32\lObuZlZ.exe
  C:\Windows\System32\lObuZlZ.exe
  2⤵
  PID:6220
- C:\Windows\System32\pINLCcl.exe
  C:\Windows\System32\pINLCcl.exe
  2⤵
  PID:6240
- C:\Windows\System32\vNMHWnw.exe
  C:\Windows\System32\vNMHWnw.exe
  2⤵
  PID:6256
- C:\Windows\System32\VwTinQt.exe
  C:\Windows\System32\VwTinQt.exe
  2⤵
  PID:6276
- C:\Windows\System32\AwcMjrJ.exe
  C:\Windows\System32\AwcMjrJ.exe
  2⤵
  PID:6296
- C:\Windows\System32\NVySCOF.exe
  C:\Windows\System32\NVySCOF.exe
  2⤵
  PID:6324
- C:\Windows\System32\fxuCjYl.exe
  C:\Windows\System32\fxuCjYl.exe
  2⤵
  PID:6380
- C:\Windows\System32\JKIpskG.exe
  C:\Windows\System32\JKIpskG.exe
  2⤵
  PID:6400
- C:\Windows\System32\dSsFEzc.exe
  C:\Windows\System32\dSsFEzc.exe
  2⤵
  PID:6424
- C:\Windows\System32\yWSfdqN.exe
  C:\Windows\System32\yWSfdqN.exe
  2⤵
  PID:6468
- C:\Windows\System32\sxuFbCa.exe
  C:\Windows\System32\sxuFbCa.exe
  2⤵
  PID:6488
- C:\Windows\System32\kQhGwSZ.exe
  C:\Windows\System32\kQhGwSZ.exe
  2⤵
  PID:6520
- C:\Windows\System32\WDuhaDj.exe
  C:\Windows\System32\WDuhaDj.exe
  2⤵
  PID:6588
- C:\Windows\System32\HYLVPZp.exe
  C:\Windows\System32\HYLVPZp.exe
  2⤵
  PID:6628
- C:\Windows\System32\mGcuaFK.exe
  C:\Windows\System32\mGcuaFK.exe
  2⤵
  PID:6656
- C:\Windows\System32\UuKWCpw.exe
  C:\Windows\System32\UuKWCpw.exe
  2⤵
  PID:6676
- C:\Windows\System32\bCSwWcU.exe
  C:\Windows\System32\bCSwWcU.exe
  2⤵
  PID:6696
- C:\Windows\System32\xiETRAA.exe
  C:\Windows\System32\xiETRAA.exe
  2⤵
  PID:6716
- C:\Windows\System32\ZoQyAjM.exe
  C:\Windows\System32\ZoQyAjM.exe
  2⤵
  PID:6736
- C:\Windows\System32\BjNwqcS.exe
  C:\Windows\System32\BjNwqcS.exe
  2⤵
  PID:6756
- C:\Windows\System32\NShKAbu.exe
  C:\Windows\System32\NShKAbu.exe
  2⤵
  PID:6792
- C:\Windows\System32\rIDgUsz.exe
  C:\Windows\System32\rIDgUsz.exe
  2⤵
  PID:6844
- C:\Windows\System32\CbjUXTr.exe
  C:\Windows\System32\CbjUXTr.exe
  2⤵
  PID:6872
- C:\Windows\System32\ZlzrZlt.exe
  C:\Windows\System32\ZlzrZlt.exe
  2⤵
  PID:6920
- C:\Windows\System32\QoRzBCC.exe
  C:\Windows\System32\QoRzBCC.exe
  2⤵
  PID:6944
- C:\Windows\System32\jxvqVLW.exe
  C:\Windows\System32\jxvqVLW.exe
  2⤵
  PID:6964
- C:\Windows\System32\KbTgfcD.exe
  C:\Windows\System32\KbTgfcD.exe
  2⤵
  PID:6992
- C:\Windows\System32\HpVTQgT.exe
  C:\Windows\System32\HpVTQgT.exe
  2⤵
  PID:7012
- C:\Windows\System32\nXGkjDX.exe
  C:\Windows\System32\nXGkjDX.exe
  2⤵
  PID:7036
- C:\Windows\System32\EePEvAr.exe
  C:\Windows\System32\EePEvAr.exe
  2⤵
  PID:7068
- C:\Windows\System32\DuySBwz.exe
  C:\Windows\System32\DuySBwz.exe
  2⤵
  PID:7092
- C:\Windows\System32\VKGTyMv.exe
  C:\Windows\System32\VKGTyMv.exe
  2⤵
  PID:7108
- C:\Windows\System32\OYjCoZu.exe
  C:\Windows\System32\OYjCoZu.exe
  2⤵
  PID:7136
- C:\Windows\System32\eoNHcYt.exe
  C:\Windows\System32\eoNHcYt.exe
  2⤵
  PID:7156
- C:\Windows\System32\jxPUUzZ.exe
  C:\Windows\System32\jxPUUzZ.exe
  2⤵
  PID:1752
- C:\Windows\System32\XdNowzK.exe
  C:\Windows\System32\XdNowzK.exe
  2⤵
  PID:6264
- C:\Windows\System32\gyrzmst.exe
  C:\Windows\System32\gyrzmst.exe
  2⤵
  PID:6392
- C:\Windows\System32\LpHkguB.exe
  C:\Windows\System32\LpHkguB.exe
  2⤵
  PID:6432
- C:\Windows\System32\fylOtOs.exe
  C:\Windows\System32\fylOtOs.exe
  2⤵
  PID:6496
- C:\Windows\System32\cBzmoLY.exe
  C:\Windows\System32\cBzmoLY.exe
  2⤵
  PID:6568
- C:\Windows\System32\qExFWLy.exe
  C:\Windows\System32\qExFWLy.exe
  2⤵
  PID:6640
- C:\Windows\System32\qRNHFXL.exe
  C:\Windows\System32\qRNHFXL.exe
  2⤵
  PID:6684
- C:\Windows\System32\BpWExCr.exe
  C:\Windows\System32\BpWExCr.exe
  2⤵
  PID:6732
- C:\Windows\System32\smpkKnu.exe
  C:\Windows\System32\smpkKnu.exe
  2⤵
  PID:6828
- C:\Windows\System32\hICaNGe.exe
  C:\Windows\System32\hICaNGe.exe
  2⤵
  PID:6804
- C:\Windows\System32\AmACSHx.exe
  C:\Windows\System32\AmACSHx.exe
  2⤵
  PID:6904
- C:\Windows\System32\gamOHMO.exe
  C:\Windows\System32\gamOHMO.exe
  2⤵
  PID:6960
- C:\Windows\System32\GxQqGWm.exe
  C:\Windows\System32\GxQqGWm.exe
  2⤵
  PID:7032
- C:\Windows\System32\tcKTKsQ.exe
  C:\Windows\System32\tcKTKsQ.exe
  2⤵
  PID:7020
- C:\Windows\System32\PwLatCb.exe
  C:\Windows\System32\PwLatCb.exe
  2⤵
  PID:7104
- C:\Windows\System32\BpjCDwZ.exe
  C:\Windows\System32\BpjCDwZ.exe
  2⤵
  PID:6356
- C:\Windows\System32\UghqWaf.exe
  C:\Windows\System32\UghqWaf.exe
  2⤵
  PID:6500
- C:\Windows\System32\cFMwvOi.exe
  C:\Windows\System32\cFMwvOi.exe
  2⤵
  PID:6728
- C:\Windows\System32\KKZwXXH.exe
  C:\Windows\System32\KKZwXXH.exe
  2⤵
  PID:6768
- C:\Windows\System32\vDqzdgd.exe
  C:\Windows\System32\vDqzdgd.exe
  2⤵
  PID:6864
- C:\Windows\System32\LvLsNgz.exe
  C:\Windows\System32\LvLsNgz.exe
  2⤵
  PID:7044
- C:\Windows\System32\HRsXxtR.exe
  C:\Windows\System32\HRsXxtR.exe
  2⤵
  PID:6460
- C:\Windows\System32\UsOUoUn.exe
  C:\Windows\System32\UsOUoUn.exe
  2⤵
  PID:6612
- C:\Windows\System32\oKUCDHA.exe
  C:\Windows\System32\oKUCDHA.exe
  2⤵
  PID:6788
- C:\Windows\System32\kEGKpNV.exe
  C:\Windows\System32\kEGKpNV.exe
  2⤵
  PID:7088
- C:\Windows\System32\cvKeNFp.exe
  C:\Windows\System32\cvKeNFp.exe
  2⤵
  PID:2036
- C:\Windows\System32\YQDjyWF.exe
  C:\Windows\System32\YQDjyWF.exe
  2⤵
  PID:7172
- C:\Windows\System32\dpSLYyF.exe
  C:\Windows\System32\dpSLYyF.exe
  2⤵
  PID:7196
- C:\Windows\System32\DUGAbVv.exe
  C:\Windows\System32\DUGAbVv.exe
  2⤵
  PID:7220
- C:\Windows\System32\KmWEIYt.exe
  C:\Windows\System32\KmWEIYt.exe
  2⤵
  PID:7244
- C:\Windows\System32\HBvDaVL.exe
  C:\Windows\System32\HBvDaVL.exe
  2⤵
  PID:7284
- C:\Windows\System32\AHglFVC.exe
  C:\Windows\System32\AHglFVC.exe
  2⤵
  PID:7312
- C:\Windows\System32\zQaIOlw.exe
  C:\Windows\System32\zQaIOlw.exe
  2⤵
  PID:7328
- C:\Windows\System32\opaXwfP.exe
  C:\Windows\System32\opaXwfP.exe
  2⤵
  PID:7372
- C:\Windows\System32\rveKmtl.exe
  C:\Windows\System32\rveKmtl.exe
  2⤵
  PID:7408
- C:\Windows\System32\LRAWiPr.exe
  C:\Windows\System32\LRAWiPr.exe
  2⤵
  PID:7456
- C:\Windows\System32\INHPgZp.exe
  C:\Windows\System32\INHPgZp.exe
  2⤵
  PID:7484
- C:\Windows\System32\WUxCnUk.exe
  C:\Windows\System32\WUxCnUk.exe
  2⤵
  PID:7508
- C:\Windows\System32\FhghHOD.exe
  C:\Windows\System32\FhghHOD.exe
  2⤵
  PID:7532
- C:\Windows\System32\NgsFfVQ.exe
  C:\Windows\System32\NgsFfVQ.exe
  2⤵
  PID:7556
- C:\Windows\System32\lVqKgEo.exe
  C:\Windows\System32\lVqKgEo.exe
  2⤵
  PID:7596
- C:\Windows\System32\TqEngqK.exe
  C:\Windows\System32\TqEngqK.exe
  2⤵
  PID:7616
- C:\Windows\System32\MscBXOC.exe
  C:\Windows\System32\MscBXOC.exe
  2⤵
  PID:7640
- C:\Windows\System32\XFScwub.exe
  C:\Windows\System32\XFScwub.exe
  2⤵
  PID:7660
- C:\Windows\System32\bdezXOe.exe
  C:\Windows\System32\bdezXOe.exe
  2⤵
  PID:7688
- C:\Windows\System32\zfQPZBQ.exe
  C:\Windows\System32\zfQPZBQ.exe
  2⤵
  PID:7744
- C:\Windows\System32\GkuXDPl.exe
  C:\Windows\System32\GkuXDPl.exe
  2⤵
  PID:7760
- C:\Windows\System32\ERmxbMb.exe
  C:\Windows\System32\ERmxbMb.exe
  2⤵
  PID:7784
- C:\Windows\System32\YtRyxmE.exe
  C:\Windows\System32\YtRyxmE.exe
  2⤵
  PID:7804
- C:\Windows\System32\IzJNOsy.exe
  C:\Windows\System32\IzJNOsy.exe
  2⤵
  PID:7820
- C:\Windows\System32\EUmOFSx.exe
  C:\Windows\System32\EUmOFSx.exe
  2⤵
  PID:7836
- C:\Windows\System32\zHHCbeN.exe
  C:\Windows\System32\zHHCbeN.exe
  2⤵
  PID:7856
- C:\Windows\System32\XdGxzQa.exe
  C:\Windows\System32\XdGxzQa.exe
  2⤵
  PID:7872
- C:\Windows\System32\KTQhwpD.exe
  C:\Windows\System32\KTQhwpD.exe
  2⤵
  PID:7908
- C:\Windows\System32\WnTtGdI.exe
  C:\Windows\System32\WnTtGdI.exe
  2⤵
  PID:7940
- C:\Windows\System32\ixcWYrr.exe
  C:\Windows\System32\ixcWYrr.exe
  2⤵
  PID:7968
- C:\Windows\System32\FujCzeR.exe
  C:\Windows\System32\FujCzeR.exe
  2⤵
  PID:8056
- C:\Windows\System32\pFuxVqu.exe
  C:\Windows\System32\pFuxVqu.exe
  2⤵
  PID:8076
- C:\Windows\System32\AOwnetn.exe
  C:\Windows\System32\AOwnetn.exe
  2⤵
  PID:8108
- C:\Windows\System32\XCLggzm.exe
  C:\Windows\System32\XCLggzm.exe
  2⤵
  PID:8128
- C:\Windows\System32\iezwguv.exe
  C:\Windows\System32\iezwguv.exe
  2⤵
  PID:8152
- C:\Windows\System32\yutAtyO.exe
  C:\Windows\System32\yutAtyO.exe
  2⤵
  PID:8172
- C:\Windows\System32\JOJrKTK.exe
  C:\Windows\System32\JOJrKTK.exe
  2⤵
  PID:640
- C:\Windows\System32\yWliZkC.exe
  C:\Windows\System32\yWliZkC.exe
  2⤵
  PID:6988
- C:\Windows\System32\xllMJBO.exe
  C:\Windows\System32\xllMJBO.exe
  2⤵
  PID:7216
- C:\Windows\System32\UdYsHQY.exe
  C:\Windows\System32\UdYsHQY.exe
  2⤵
  PID:7304
- C:\Windows\System32\lGDmlOz.exe
  C:\Windows\System32\lGDmlOz.exe
  2⤵
  PID:7392
- C:\Windows\System32\wvcVjnh.exe
  C:\Windows\System32\wvcVjnh.exe
  2⤵
  PID:7388
- C:\Windows\System32\EBfrOuV.exe
  C:\Windows\System32\EBfrOuV.exe
  2⤵
  PID:7500
- C:\Windows\System32\vqPxmYc.exe
  C:\Windows\System32\vqPxmYc.exe
  2⤵
  PID:7568
- C:\Windows\System32\LfEbvui.exe
  C:\Windows\System32\LfEbvui.exe
  2⤵
  PID:7636
- C:\Windows\System32\iUMHqqv.exe
  C:\Windows\System32\iUMHqqv.exe
  2⤵
  PID:7668
- C:\Windows\System32\gxBluzR.exe
  C:\Windows\System32\gxBluzR.exe
  2⤵
  PID:7772
- C:\Windows\System32\HUufVTH.exe
  C:\Windows\System32\HUufVTH.exe
  2⤵
  PID:7828
- C:\Windows\System32\DgvXqXl.exe
  C:\Windows\System32\DgvXqXl.exe
  2⤵
  PID:7896
- C:\Windows\System32\EgUBoth.exe
  C:\Windows\System32\EgUBoth.exe
  2⤵
  PID:7928
- C:\Windows\System32\nrDZaXl.exe
  C:\Windows\System32\nrDZaXl.exe
  2⤵
  PID:7976
- C:\Windows\System32\LkvCMcg.exe
  C:\Windows\System32\LkvCMcg.exe
  2⤵
  PID:8072
- C:\Windows\System32\mnSKVCm.exe
  C:\Windows\System32\mnSKVCm.exe
  2⤵
  PID:8120
- C:\Windows\System32\qXYpVvq.exe
  C:\Windows\System32\qXYpVvq.exe
  2⤵
  PID:7204
- C:\Windows\System32\vlyauFH.exe
  C:\Windows\System32\vlyauFH.exe
  2⤵
  PID:5184
- C:\Windows\System32\BVEpEXy.exe
  C:\Windows\System32\BVEpEXy.exe
  2⤵
  PID:7548
- C:\Windows\System32\izoAmiS.exe
  C:\Windows\System32\izoAmiS.exe
  2⤵
  PID:7632
- C:\Windows\System32\KYrpmJy.exe
  C:\Windows\System32\KYrpmJy.exe
  2⤵
  PID:8004
- C:\Windows\System32\CIPuRMm.exe
  C:\Windows\System32\CIPuRMm.exe
  2⤵
  PID:7992
- C:\Windows\System32\FkrLtVX.exe
  C:\Windows\System32\FkrLtVX.exe
  2⤵
  PID:8016
- C:\Windows\System32\mRhZdKp.exe
  C:\Windows\System32\mRhZdKp.exe
  2⤵
  PID:7320
- C:\Windows\System32\YklaBmW.exe
  C:\Windows\System32\YklaBmW.exe
  2⤵
  PID:7852
- C:\Windows\System32\QjuNamj.exe
  C:\Windows\System32\QjuNamj.exe
  2⤵
  PID:6708
- C:\Windows\System32\bKkJVya.exe
  C:\Windows\System32\bKkJVya.exe
  2⤵
  PID:4976
- C:\Windows\System32\mNGTAeF.exe
  C:\Windows\System32\mNGTAeF.exe
  2⤵
  PID:7732
- C:\Windows\System32\wjHWelh.exe
  C:\Windows\System32\wjHWelh.exe
  2⤵
  PID:372
- C:\Windows\System32\DbnPhXr.exe
  C:\Windows\System32\DbnPhXr.exe
  2⤵
  PID:8224
- C:\Windows\System32\YtofQgc.exe
  C:\Windows\System32\YtofQgc.exe
  2⤵
  PID:8264
- C:\Windows\System32\PLBijpz.exe
  C:\Windows\System32\PLBijpz.exe
  2⤵
  PID:8300
- C:\Windows\System32\ZFdXtdy.exe
  C:\Windows\System32\ZFdXtdy.exe
  2⤵
  PID:8316
- C:\Windows\System32\tomyzjV.exe
  C:\Windows\System32\tomyzjV.exe
  2⤵
  PID:8344
- C:\Windows\System32\zTfyEjD.exe
  C:\Windows\System32\zTfyEjD.exe
  2⤵
  PID:8388
- C:\Windows\System32\twqjMdx.exe
  C:\Windows\System32\twqjMdx.exe
  2⤵
  PID:8412
- C:\Windows\System32\GfFdOKm.exe
  C:\Windows\System32\GfFdOKm.exe
  2⤵
  PID:8436
- C:\Windows\System32\wuRcTBZ.exe
  C:\Windows\System32\wuRcTBZ.exe
  2⤵
  PID:8464
- C:\Windows\System32\HGcwIXU.exe
  C:\Windows\System32\HGcwIXU.exe
  2⤵
  PID:8488
- C:\Windows\System32\lCmdWdX.exe
  C:\Windows\System32\lCmdWdX.exe
  2⤵
  PID:8508
- C:\Windows\System32\yDPOpBq.exe
  C:\Windows\System32\yDPOpBq.exe
  2⤵
  PID:8528
- C:\Windows\System32\TWQHjTO.exe
  C:\Windows\System32\TWQHjTO.exe
  2⤵
  PID:8560
- C:\Windows\System32\KHuznUd.exe
  C:\Windows\System32\KHuznUd.exe
  2⤵
  PID:8584
- C:\Windows\System32\hvGGSNW.exe
  C:\Windows\System32\hvGGSNW.exe
  2⤵
  PID:8604
- C:\Windows\System32\iOQtpgC.exe
  C:\Windows\System32\iOQtpgC.exe
  2⤵
  PID:8628
- C:\Windows\System32\gqULweG.exe
  C:\Windows\System32\gqULweG.exe
  2⤵
  PID:8660
- C:\Windows\System32\LhzCaIE.exe
  C:\Windows\System32\LhzCaIE.exe
  2⤵
  PID:8684
- C:\Windows\System32\GEHyOJb.exe
  C:\Windows\System32\GEHyOJb.exe
  2⤵
  PID:8720
- C:\Windows\System32\fNZQciQ.exe
  C:\Windows\System32\fNZQciQ.exe
  2⤵
  PID:8756
- C:\Windows\System32\HazlSad.exe
  C:\Windows\System32\HazlSad.exe
  2⤵
  PID:8784
- C:\Windows\System32\FOlbnlz.exe
  C:\Windows\System32\FOlbnlz.exe
  2⤵
  PID:8804
- C:\Windows\System32\ZJeJRKS.exe
  C:\Windows\System32\ZJeJRKS.exe
  2⤵
  PID:8844
- C:\Windows\System32\DZOgeNA.exe
  C:\Windows\System32\DZOgeNA.exe
  2⤵
  PID:8864
- C:\Windows\System32\PMoCgWg.exe
  C:\Windows\System32\PMoCgWg.exe
  2⤵
  PID:8888
- C:\Windows\System32\IZLfQZW.exe
  C:\Windows\System32\IZLfQZW.exe
  2⤵
  PID:8908
- C:\Windows\System32\jqlQsTW.exe
  C:\Windows\System32\jqlQsTW.exe
  2⤵
  PID:8936
- C:\Windows\System32\SmnRMLr.exe
  C:\Windows\System32\SmnRMLr.exe
  2⤵
  PID:9000
- C:\Windows\System32\DzRqoiq.exe
  C:\Windows\System32\DzRqoiq.exe
  2⤵
  PID:9020
- C:\Windows\System32\ZtWQQBG.exe
  C:\Windows\System32\ZtWQQBG.exe
  2⤵
  PID:9048
- C:\Windows\System32\ZRWnTlC.exe
  C:\Windows\System32\ZRWnTlC.exe
  2⤵
  PID:9064
- C:\Windows\System32\cTXFmFC.exe
  C:\Windows\System32\cTXFmFC.exe
  2⤵
  PID:9088
- C:\Windows\System32\xbQkCXI.exe
  C:\Windows\System32\xbQkCXI.exe
  2⤵
  PID:9112
- C:\Windows\System32\GvBPVhI.exe
  C:\Windows\System32\GvBPVhI.exe
  2⤵
  PID:9152
- C:\Windows\System32\ypjkdxU.exe
  C:\Windows\System32\ypjkdxU.exe
  2⤵
  PID:9192
- C:\Windows\System32\NmJNZLG.exe
  C:\Windows\System32\NmJNZLG.exe
  2⤵
  PID:7904
- C:\Windows\System32\HtKZnAN.exe
  C:\Windows\System32\HtKZnAN.exe
  2⤵
  PID:8196
- C:\Windows\System32\pqNEnEY.exe
  C:\Windows\System32\pqNEnEY.exe
  2⤵
  PID:8332
- C:\Windows\System32\rXolYPA.exe
  C:\Windows\System32\rXolYPA.exe
  2⤵
  PID:8356
- C:\Windows\System32\sKiPAsa.exe
  C:\Windows\System32\sKiPAsa.exe
  2⤵
  PID:8428
- C:\Windows\System32\ZGnqbwY.exe
  C:\Windows\System32\ZGnqbwY.exe
  2⤵
  PID:8548
- C:\Windows\System32\hMSxgot.exe
  C:\Windows\System32\hMSxgot.exe
  2⤵
  PID:8536
- C:\Windows\System32\TuZVCFW.exe
  C:\Windows\System32\TuZVCFW.exe
  2⤵
  PID:8580
- C:\Windows\System32\jTIecXe.exe
  C:\Windows\System32\jTIecXe.exe
  2⤵
  PID:8616
- C:\Windows\System32\AHFevZP.exe
  C:\Windows\System32\AHFevZP.exe
  2⤵
  PID:8768
- C:\Windows\System32\XaRvtvd.exe
  C:\Windows\System32\XaRvtvd.exe
  2⤵
  PID:8792
- C:\Windows\System32\ClcIMVB.exe
  C:\Windows\System32\ClcIMVB.exe
  2⤵
  PID:8832
- C:\Windows\System32\azlbKfw.exe
  C:\Windows\System32\azlbKfw.exe
  2⤵
  PID:8952
- C:\Windows\System32\jGISnfN.exe
  C:\Windows\System32\jGISnfN.exe
  2⤵
  PID:9080
- C:\Windows\System32\tnxKMls.exe
  C:\Windows\System32\tnxKMls.exe
  2⤵
  PID:9084
- C:\Windows\System32\mrZguCG.exe
  C:\Windows\System32\mrZguCG.exe
  2⤵
  PID:9176
- C:\Windows\System32\zJyBlgP.exe
  C:\Windows\System32\zJyBlgP.exe
  2⤵
  PID:9208
- C:\Windows\System32\Wmcnkyy.exe
  C:\Windows\System32\Wmcnkyy.exe
  2⤵
  PID:8312
- C:\Windows\System32\SCgAGDA.exe
  C:\Windows\System32\SCgAGDA.exe
  2⤵
  PID:8368
- C:\Windows\System32\fDYainR.exe
  C:\Windows\System32\fDYainR.exe
  2⤵
  PID:8504
- C:\Windows\System32\LOfKsmI.exe
  C:\Windows\System32\LOfKsmI.exe
  2⤵
  PID:8600
- C:\Windows\System32\fXXSgQH.exe
  C:\Windows\System32\fXXSgQH.exe
  2⤵
  PID:8860
- C:\Windows\System32\geQPOpM.exe
  C:\Windows\System32\geQPOpM.exe
  2⤵
  PID:9104
- C:\Windows\System32\OrsFvYg.exe
  C:\Windows\System32\OrsFvYg.exe
  2⤵
  PID:9212
- C:\Windows\System32\MdAjNLH.exe
  C:\Windows\System32\MdAjNLH.exe
  2⤵
  PID:8396
- C:\Windows\System32\wCPFixY.exe
  C:\Windows\System32\wCPFixY.exe
  2⤵
  PID:8592
- C:\Windows\System32\JrlUVjc.exe
  C:\Windows\System32\JrlUVjc.exe
  2⤵
  PID:8968
- C:\Windows\System32\iGDDNIz.exe
  C:\Windows\System32\iGDDNIz.exe
  2⤵
  PID:9136
- C:\Windows\System32\ILPwobZ.exe
  C:\Windows\System32\ILPwobZ.exe
  2⤵
  PID:9228
- C:\Windows\System32\FfwXjsM.exe
  C:\Windows\System32\FfwXjsM.exe
  2⤵
  PID:9256
- C:\Windows\System32\LkKuHiy.exe
  C:\Windows\System32\LkKuHiy.exe
  2⤵
  PID:9296
- C:\Windows\System32\RXBHstL.exe
  C:\Windows\System32\RXBHstL.exe
  2⤵
  PID:9316
- C:\Windows\System32\eXPasie.exe
  C:\Windows\System32\eXPasie.exe
  2⤵
  PID:9340
- C:\Windows\System32\HwzZvXR.exe
  C:\Windows\System32\HwzZvXR.exe
  2⤵
  PID:9364
- C:\Windows\System32\LbbbJnM.exe
  C:\Windows\System32\LbbbJnM.exe
  2⤵
  PID:9392
- C:\Windows\System32\DVMZIHP.exe
  C:\Windows\System32\DVMZIHP.exe
  2⤵
  PID:9416
- C:\Windows\System32\qHZuOlW.exe
  C:\Windows\System32\qHZuOlW.exe
  2⤵
  PID:9436
- C:\Windows\System32\fFCfPtm.exe
  C:\Windows\System32\fFCfPtm.exe
  2⤵
  PID:9456
- C:\Windows\System32\hjPznfq.exe
  C:\Windows\System32\hjPznfq.exe
  2⤵
  PID:9500
- C:\Windows\System32\QsDdQvz.exe
  C:\Windows\System32\QsDdQvz.exe
  2⤵
  PID:9536
- C:\Windows\System32\rdTzYYP.exe
  C:\Windows\System32\rdTzYYP.exe
  2⤵
  PID:9564
- C:\Windows\System32\hyzknMo.exe
  C:\Windows\System32\hyzknMo.exe
  2⤵
  PID:9588
- C:\Windows\System32\DNXWJva.exe
  C:\Windows\System32\DNXWJva.exe
  2⤵
  PID:9604
- C:\Windows\System32\CeBzLtV.exe
  C:\Windows\System32\CeBzLtV.exe
  2⤵
  PID:9628
- C:\Windows\System32\HIZoyBW.exe
  C:\Windows\System32\HIZoyBW.exe
  2⤵
  PID:9644
- C:\Windows\System32\eoRuISy.exe
  C:\Windows\System32\eoRuISy.exe
  2⤵
  PID:9664
- C:\Windows\System32\zOACNwf.exe
  C:\Windows\System32\zOACNwf.exe
  2⤵
  PID:9680
- C:\Windows\System32\kZzkpjS.exe
  C:\Windows\System32\kZzkpjS.exe
  2⤵
  PID:9704
- C:\Windows\System32\ComYIuo.exe
  C:\Windows\System32\ComYIuo.exe
  2⤵
  PID:9720
- C:\Windows\System32\GbdcxvV.exe
  C:\Windows\System32\GbdcxvV.exe
  2⤵
  PID:9760
- C:\Windows\System32\AiUsZWx.exe
  C:\Windows\System32\AiUsZWx.exe
  2⤵
  PID:9836
- C:\Windows\System32\hEfpTML.exe
  C:\Windows\System32\hEfpTML.exe
  2⤵
  PID:9868
- C:\Windows\System32\ZIAPabZ.exe
  C:\Windows\System32\ZIAPabZ.exe
  2⤵
  PID:9900
- C:\Windows\System32\trEWOzc.exe
  C:\Windows\System32\trEWOzc.exe
  2⤵
  PID:9928
- C:\Windows\System32\XLIanuA.exe
  C:\Windows\System32\XLIanuA.exe
  2⤵
  PID:9972
- C:\Windows\System32\mnXVWxK.exe
  C:\Windows\System32\mnXVWxK.exe
  2⤵
  PID:9992
- C:\Windows\System32\KwixVQl.exe
  C:\Windows\System32\KwixVQl.exe
  2⤵
  PID:10016
- C:\Windows\System32\xcMHPzn.exe
  C:\Windows\System32\xcMHPzn.exe
  2⤵
  PID:10044
- C:\Windows\System32\cDhBGDG.exe
  C:\Windows\System32\cDhBGDG.exe
  2⤵
  PID:10068
- C:\Windows\System32\bwtjamk.exe
  C:\Windows\System32\bwtjamk.exe
  2⤵
  PID:10084
- C:\Windows\System32\IpzopHv.exe
  C:\Windows\System32\IpzopHv.exe
  2⤵
  PID:10112
- C:\Windows\System32\GCAyogF.exe
  C:\Windows\System32\GCAyogF.exe
  2⤵
  PID:10132
- C:\Windows\System32\KcumiWC.exe
  C:\Windows\System32\KcumiWC.exe
  2⤵
  PID:10176
- C:\Windows\System32\aOtNUbc.exe
  C:\Windows\System32\aOtNUbc.exe
  2⤵
  PID:10228
- C:\Windows\System32\ZNqgTHJ.exe
  C:\Windows\System32\ZNqgTHJ.exe
  2⤵
  PID:9236
- C:\Windows\System32\tJfOoxP.exe
  C:\Windows\System32\tJfOoxP.exe
  2⤵
  PID:9268
- C:\Windows\System32\ptNqcUp.exe
  C:\Windows\System32\ptNqcUp.exe
  2⤵
  PID:9304
- C:\Windows\System32\sIqhtGA.exe
  C:\Windows\System32\sIqhtGA.exe
  2⤵
  PID:9384
- C:\Windows\System32\BPMPCcp.exe
  C:\Windows\System32\BPMPCcp.exe
  2⤵
  PID:4852
- C:\Windows\System32\RlWcxRv.exe
  C:\Windows\System32\RlWcxRv.exe
  2⤵
  PID:9488
- C:\Windows\System32\qxyCExN.exe
  C:\Windows\System32\qxyCExN.exe
  2⤵
  PID:9524
- C:\Windows\System32\ksWpZcX.exe
  C:\Windows\System32\ksWpZcX.exe
  2⤵
  PID:9572
- C:\Windows\System32\EZQZNeM.exe
  C:\Windows\System32\EZQZNeM.exe
  2⤵
  PID:9660
- C:\Windows\System32\cuzrDtJ.exe
  C:\Windows\System32\cuzrDtJ.exe
  2⤵
  PID:9700
- C:\Windows\System32\ppHxqjw.exe
  C:\Windows\System32\ppHxqjw.exe
  2⤵
  PID:9752
- C:\Windows\System32\tiBlnMI.exe
  C:\Windows\System32\tiBlnMI.exe
  2⤵
  PID:1604
- C:\Windows\System32\uxOELUB.exe
  C:\Windows\System32\uxOELUB.exe
  2⤵
  PID:5432
- C:\Windows\System32\JgNmsDi.exe
  C:\Windows\System32\JgNmsDi.exe
  2⤵
  PID:9884
- C:\Windows\System32\rKAvyQm.exe
  C:\Windows\System32\rKAvyQm.exe
  2⤵
  PID:10024
- C:\Windows\System32\tOKuHKs.exe
  C:\Windows\System32\tOKuHKs.exe
  2⤵
  PID:10080
- C:\Windows\System32\wXVGUWT.exe
  C:\Windows\System32\wXVGUWT.exe
  2⤵
  PID:10128
- C:\Windows\System32\qfngQUo.exe
  C:\Windows\System32\qfngQUo.exe
  2⤵
  PID:10168
- C:\Windows\System32\spKGMEa.exe
  C:\Windows\System32\spKGMEa.exe
  2⤵
  PID:9312
- C:\Windows\System32\gqyHdVr.exe
  C:\Windows\System32\gqyHdVr.exe
  2⤵
  PID:9428
- C:\Windows\System32\KunhOuH.exe
  C:\Windows\System32\KunhOuH.exe
  2⤵
  PID:9544
- C:\Windows\System32\CYJhcUx.exe
  C:\Windows\System32\CYJhcUx.exe
  2⤵
  PID:9600
- C:\Windows\System32\SkRxWUY.exe
  C:\Windows\System32\SkRxWUY.exe
  2⤵
  PID:9796
- C:\Windows\System32\kzljsVN.exe
  C:\Windows\System32\kzljsVN.exe
  2⤵
  PID:9860
- C:\Windows\System32\Qqwdzyv.exe
  C:\Windows\System32\Qqwdzyv.exe
  2⤵
  PID:10124
- C:\Windows\System32\YcFSZVc.exe
  C:\Windows\System32\YcFSZVc.exe
  2⤵
  PID:9624
- C:\Windows\System32\wZptSXI.exe
  C:\Windows\System32\wZptSXI.exe
  2⤵
  PID:9584
- C:\Windows\System32\dDdIvIh.exe
  C:\Windows\System32\dDdIvIh.exe
  2⤵
  PID:9984
- C:\Windows\System32\PNesvpL.exe
  C:\Windows\System32\PNesvpL.exe
  2⤵
  PID:10236
- C:\Windows\System32\xwPbJsn.exe
  C:\Windows\System32\xwPbJsn.exe
  2⤵
  PID:9728
- C:\Windows\System32\VfNJDdn.exe
  C:\Windows\System32\VfNJDdn.exe
  2⤵
  PID:10260
- C:\Windows\System32\dBhXhNN.exe
  C:\Windows\System32\dBhXhNN.exe
  2⤵
  PID:10300
- C:\Windows\System32\wJSWhhJ.exe
  C:\Windows\System32\wJSWhhJ.exe
  2⤵
  PID:10320
- C:\Windows\System32\VoKJhxx.exe
  C:\Windows\System32\VoKJhxx.exe
  2⤵
  PID:10344
- C:\Windows\System32\GAuOBOt.exe
  C:\Windows\System32\GAuOBOt.exe
  2⤵
  PID:10380
- C:\Windows\System32\spnvXfp.exe
  C:\Windows\System32\spnvXfp.exe
  2⤵
  PID:10408
- C:\Windows\System32\RpQelPT.exe
  C:\Windows\System32\RpQelPT.exe
  2⤵
  PID:10436
- C:\Windows\System32\QROYqQQ.exe
  C:\Windows\System32\QROYqQQ.exe
  2⤵
  PID:10460
- C:\Windows\System32\aYoXFVw.exe
  C:\Windows\System32\aYoXFVw.exe
  2⤵
  PID:10484
- C:\Windows\System32\tQgffCF.exe
  C:\Windows\System32\tQgffCF.exe
  2⤵
  PID:10532
- C:\Windows\System32\MDctejb.exe
  C:\Windows\System32\MDctejb.exe
  2⤵
  PID:10552
- C:\Windows\System32\XirOGrF.exe
  C:\Windows\System32\XirOGrF.exe
  2⤵
  PID:10576
- C:\Windows\System32\OtHsbFX.exe
  C:\Windows\System32\OtHsbFX.exe
  2⤵
  PID:10604
- C:\Windows\System32\DBpNBzY.exe
  C:\Windows\System32\DBpNBzY.exe
  2⤵
  PID:10700
- C:\Windows\System32\yUReYiD.exe
  C:\Windows\System32\yUReYiD.exe
  2⤵
  PID:10752
- C:\Windows\System32\fUZXZyI.exe
  C:\Windows\System32\fUZXZyI.exe
  2⤵
  PID:10804
- C:\Windows\System32\kaNfOKp.exe
  C:\Windows\System32\kaNfOKp.exe
  2⤵
  PID:10820
- C:\Windows\System32\XEzhggO.exe
  C:\Windows\System32\XEzhggO.exe
  2⤵
  PID:10844
- C:\Windows\System32\usUxhHA.exe
  C:\Windows\System32\usUxhHA.exe
  2⤵
  PID:10860
- C:\Windows\System32\BbpMCCd.exe
  C:\Windows\System32\BbpMCCd.exe
  2⤵
  PID:10876
- C:\Windows\System32\FMqfPyE.exe
  C:\Windows\System32\FMqfPyE.exe
  2⤵
  PID:10920
- C:\Windows\System32\rgZlCzS.exe
  C:\Windows\System32\rgZlCzS.exe
  2⤵
  PID:10940
- C:\Windows\System32\qVhSWhO.exe
  C:\Windows\System32\qVhSWhO.exe
  2⤵
  PID:10960
- C:\Windows\System32\hRBkjZE.exe
  C:\Windows\System32\hRBkjZE.exe
  2⤵
  PID:10992
- C:\Windows\System32\tJKWHCG.exe
  C:\Windows\System32\tJKWHCG.exe
  2⤵
  PID:11040
- C:\Windows\System32\sJEgjuv.exe
  C:\Windows\System32\sJEgjuv.exe
  2⤵
  PID:11064
- C:\Windows\System32\uZXFMEb.exe
  C:\Windows\System32\uZXFMEb.exe
  2⤵
  PID:11088
- C:\Windows\System32\LYlEkyK.exe
  C:\Windows\System32\LYlEkyK.exe
  2⤵
  PID:11168
- C:\Windows\System32\lOaWZpU.exe
  C:\Windows\System32\lOaWZpU.exe
  2⤵
  PID:11192
- C:\Windows\System32\kfSAjsd.exe
  C:\Windows\System32\kfSAjsd.exe
  2⤵
  PID:11212
- C:\Windows\System32\hylFfBK.exe
  C:\Windows\System32\hylFfBK.exe
  2⤵
  PID:11240
- C:\Windows\System32\mmwfaRM.exe
  C:\Windows\System32\mmwfaRM.exe
  2⤵
  PID:9908
- C:\Windows\System32\vtwauEK.exe
  C:\Windows\System32\vtwauEK.exe
  2⤵
  PID:10272
- C:\Windows\System32\PovIzsA.exe
  C:\Windows\System32\PovIzsA.exe
  2⤵
  PID:10376
- C:\Windows\System32\ExcgTxM.exe
  C:\Windows\System32\ExcgTxM.exe
  2⤵
  PID:10444
- C:\Windows\System32\cwaYGrE.exe
  C:\Windows\System32\cwaYGrE.exe
  2⤵
  PID:10468
- C:\Windows\System32\ThoDNPI.exe
  C:\Windows\System32\ThoDNPI.exe
  2⤵
  PID:10524
- C:\Windows\System32\fIGxduf.exe
  C:\Windows\System32\fIGxduf.exe
  2⤵
  PID:10724
- C:\Windows\System32\pdpbEot.exe
  C:\Windows\System32\pdpbEot.exe
  2⤵
  PID:10764
- C:\Windows\System32\XqIFDmI.exe
  C:\Windows\System32\XqIFDmI.exe
  2⤵
  PID:10664
- C:\Windows\System32\MNUMCck.exe
  C:\Windows\System32\MNUMCck.exe
  2⤵
  PID:10692
- C:\Windows\System32\EWFMwad.exe
  C:\Windows\System32\EWFMwad.exe
  2⤵
  PID:10744
- C:\Windows\System32\CDilcrK.exe
  C:\Windows\System32\CDilcrK.exe
  2⤵
  PID:10620
- C:\Windows\System32\IsJKQGh.exe
  C:\Windows\System32\IsJKQGh.exe
  2⤵
  PID:10636
- C:\Windows\System32\GRtOiLM.exe
  C:\Windows\System32\GRtOiLM.exe
  2⤵
  PID:10768
- C:\Windows\System32\cXUjVlO.exe
  C:\Windows\System32\cXUjVlO.exe
  2⤵
  PID:10796
- C:\Windows\System32\kDFfZQa.exe
  C:\Windows\System32\kDFfZQa.exe
  2⤵
  PID:11000
- C:\Windows\System32\JjRcNWg.exe
  C:\Windows\System32\JjRcNWg.exe
  2⤵
  PID:10936
- C:\Windows\System32\tUokWpE.exe
  C:\Windows\System32\tUokWpE.exe
  2⤵
  PID:11156
- C:\Windows\System32\aWjBQhb.exe
  C:\Windows\System32\aWjBQhb.exe
  2⤵
  PID:11204
- C:\Windows\System32\OwFTgHG.exe
  C:\Windows\System32\OwFTgHG.exe
  2⤵
  PID:11252
- C:\Windows\System32\NvnOuMk.exe
  C:\Windows\System32\NvnOuMk.exe
  2⤵
  PID:10316
- C:\Windows\System32\YuQCCIm.exe
  C:\Windows\System32\YuQCCIm.exe
  2⤵
  PID:10584
- C:\Windows\System32\lCNeKlg.exe
  C:\Windows\System32\lCNeKlg.exe
  2⤵
  PID:10684
- C:\Windows\System32\AUxXLKX.exe
  C:\Windows\System32\AUxXLKX.exe
  2⤵
  PID:10748
- C:\Windows\System32\zSfGwDo.exe
  C:\Windows\System32\zSfGwDo.exe
  2⤵
  PID:10784
- C:\Windows\System32\RykKIAb.exe
  C:\Windows\System32\RykKIAb.exe
  2⤵
  PID:10812
- C:\Windows\System32\tsJECuy.exe
  C:\Windows\System32\tsJECuy.exe
  2⤵
  PID:11100
- C:\Windows\System32\QXpLIqy.exe
  C:\Windows\System32\QXpLIqy.exe
  2⤵
  PID:10252
- C:\Windows\System32\wmAslzf.exe
  C:\Windows\System32\wmAslzf.exe
  2⤵
  PID:11236
- C:\Windows\System32\atMsiWo.exe
  C:\Windows\System32\atMsiWo.exe
  2⤵
  PID:3204
- C:\Windows\System32\oQEZXxt.exe
  C:\Windows\System32\oQEZXxt.exe
  2⤵
  PID:10916
- C:\Windows\System32\oEsLirS.exe
  C:\Windows\System32\oEsLirS.exe
  2⤵
  PID:10372
- C:\Windows\System32\cXShPZK.exe
  C:\Windows\System32\cXShPZK.exe
  2⤵
  PID:10328
- C:\Windows\System32\zhptqen.exe
  C:\Windows\System32\zhptqen.exe
  2⤵
  PID:11080
- C:\Windows\System32\fUXJSAI.exe
  C:\Windows\System32\fUXJSAI.exe
  2⤵
  PID:11288
- C:\Windows\System32\RWnuEyK.exe
  C:\Windows\System32\RWnuEyK.exe
  2⤵
  PID:11308
- C:\Windows\System32\kXJNowQ.exe
  C:\Windows\System32\kXJNowQ.exe
  2⤵
  PID:11328
- C:\Windows\System32\rfVYadQ.exe
  C:\Windows\System32\rfVYadQ.exe
  2⤵
  PID:11344
- C:\Windows\System32\ravVjgy.exe
  C:\Windows\System32\ravVjgy.exe
  2⤵
  PID:11380
- C:\Windows\System32\yYipRsJ.exe
  C:\Windows\System32\yYipRsJ.exe
  2⤵
  PID:11420
- C:\Windows\System32\vOGwufc.exe
  C:\Windows\System32\vOGwufc.exe
  2⤵
  PID:11448
- C:\Windows\System32\cVKXQFp.exe
  C:\Windows\System32\cVKXQFp.exe
  2⤵
  PID:11496
- C:\Windows\System32\sGXXugM.exe
  C:\Windows\System32\sGXXugM.exe
  2⤵
  PID:11520
- C:\Windows\System32\RduzOFC.exe
  C:\Windows\System32\RduzOFC.exe
  2⤵
  PID:11544
- C:\Windows\System32\WGZZjPF.exe
  C:\Windows\System32\WGZZjPF.exe
  2⤵
  PID:11564
- C:\Windows\System32\kqqwiqy.exe
  C:\Windows\System32\kqqwiqy.exe
  2⤵
  PID:11588
- C:\Windows\System32\EECAmzd.exe
  C:\Windows\System32\EECAmzd.exe
  2⤵
  PID:11612
- C:\Windows\System32\kSsDmGW.exe
  C:\Windows\System32\kSsDmGW.exe
  2⤵
  PID:11632
- C:\Windows\System32\KSRjbVv.exe
  C:\Windows\System32\KSRjbVv.exe
  2⤵
  PID:11684
- C:\Windows\System32\YXERmBO.exe
  C:\Windows\System32\YXERmBO.exe
  2⤵
  PID:11708
- C:\Windows\System32\lZNIXxn.exe
  C:\Windows\System32\lZNIXxn.exe
  2⤵
  PID:11728
- C:\Windows\System32\tjKidSC.exe
  C:\Windows\System32\tjKidSC.exe
  2⤵
  PID:11760
- C:\Windows\System32\NPyIRrL.exe
  C:\Windows\System32\NPyIRrL.exe
  2⤵
  PID:11784
- C:\Windows\System32\AjzlJOE.exe
  C:\Windows\System32\AjzlJOE.exe
  2⤵
  PID:11812
- C:\Windows\System32\IroacTJ.exe
  C:\Windows\System32\IroacTJ.exe
  2⤵
  PID:11848
- C:\Windows\System32\ALlzGfV.exe
  C:\Windows\System32\ALlzGfV.exe
  2⤵
  PID:11876
- C:\Windows\System32\MkIBxaS.exe
  C:\Windows\System32\MkIBxaS.exe
  2⤵
  PID:11908
- C:\Windows\System32\EfxuuHX.exe
  C:\Windows\System32\EfxuuHX.exe
  2⤵
  PID:11928
- C:\Windows\System32\zaYKJOR.exe
  C:\Windows\System32\zaYKJOR.exe
  2⤵
  PID:11976
- C:\Windows\System32\yNcFCpc.exe
  C:\Windows\System32\yNcFCpc.exe
  2⤵
  PID:12012
- C:\Windows\System32\tDSxjHl.exe
  C:\Windows\System32\tDSxjHl.exe
  2⤵
  PID:12028
- C:\Windows\System32\wnbRHSn.exe
  C:\Windows\System32\wnbRHSn.exe
  2⤵
  PID:12056
- C:\Windows\System32\tlwGTwR.exe
  C:\Windows\System32\tlwGTwR.exe
  2⤵
  PID:12076
- C:\Windows\System32\dnniKOZ.exe
  C:\Windows\System32\dnniKOZ.exe
  2⤵
  PID:12096
- C:\Windows\System32\nAWmUZM.exe
  C:\Windows\System32\nAWmUZM.exe
  2⤵
  PID:12128
- C:\Windows\System32\jRvTEQG.exe
  C:\Windows\System32\jRvTEQG.exe
  2⤵
  PID:12156
- C:\Windows\System32\CIjyiJW.exe
  C:\Windows\System32\CIjyiJW.exe
  2⤵
  PID:12172
- C:\Windows\System32\grXkhMR.exe
  C:\Windows\System32\grXkhMR.exe
  2⤵
  PID:12232
- C:\Windows\System32\WzWjrjM.exe
  C:\Windows\System32\WzWjrjM.exe
  2⤵
  PID:12260
- C:\Windows\System32\GvefqxP.exe
  C:\Windows\System32\GvefqxP.exe
  2⤵
  PID:12280
- C:\Windows\System32\JwuWKcW.exe
  C:\Windows\System32\JwuWKcW.exe
  2⤵
  PID:11300
- C:\Windows\System32\XZVJCEq.exe
  C:\Windows\System32\XZVJCEq.exe
  2⤵
  PID:11324
- C:\Windows\System32\XhBBJHG.exe
  C:\Windows\System32\XhBBJHG.exe
  2⤵
  PID:11376
- C:\Windows\System32\GmySKAn.exe
  C:\Windows\System32\GmySKAn.exe
  2⤵
  PID:11512
- C:\Windows\System32\iLIaCbd.exe
  C:\Windows\System32\iLIaCbd.exe
  2⤵
  PID:11556
- C:\Windows\System32\fVFCFxu.exe
  C:\Windows\System32\fVFCFxu.exe
  2⤵
  PID:11628
- C:\Windows\System32\sVNkwFs.exe
  C:\Windows\System32\sVNkwFs.exe
  2⤵
  PID:11700
- C:\Windows\System32\QMySXuO.exe
  C:\Windows\System32\QMySXuO.exe
  2⤵
  PID:11780
- C:\Windows\System32\IPgitkj.exe
  C:\Windows\System32\IPgitkj.exe
  2⤵
  PID:11828
- C:\Windows\System32\dcAVXUt.exe
  C:\Windows\System32\dcAVXUt.exe
  2⤵
  PID:11924
- C:\Windows\System32\vHIxmdD.exe
  C:\Windows\System32\vHIxmdD.exe
  2⤵
  PID:11964
- C:\Windows\System32\syZNUzo.exe
  C:\Windows\System32\syZNUzo.exe
  2⤵
  PID:12024
- C:\Windows\System32\RHLopIy.exe
  C:\Windows\System32\RHLopIy.exe
  2⤵
  PID:12088
- C:\Windows\System32\zwvInoE.exe
  C:\Windows\System32\zwvInoE.exe
  2⤵
  PID:12140
- C:\Windows\System32\FHARrSV.exe
  C:\Windows\System32\FHARrSV.exe
  2⤵
  PID:12164
- C:\Windows\System32\qItWQHX.exe
  C:\Windows\System32\qItWQHX.exe
  2⤵
  PID:12248
- C:\Windows\System32\SkkhdWA.exe
  C:\Windows\System32\SkkhdWA.exe
  2⤵
  PID:11320
- C:\Windows\System32\vHnXlFk.exe
  C:\Windows\System32\vHnXlFk.exe
  2⤵
  PID:11472
- C:\Windows\System32\DSsLEmQ.exe
  C:\Windows\System32\DSsLEmQ.exe
  2⤵
  PID:11664
- C:\Windows\System32\wrPxjet.exe
  C:\Windows\System32\wrPxjet.exe
  2⤵
  PID:11724
- C:\Windows\System32\zrhTELZ.exe
  C:\Windows\System32\zrhTELZ.exe
  2⤵
  PID:11856
- C:\Windows\System32\dIbimQs.exe
  C:\Windows\System32\dIbimQs.exe
  2⤵
  PID:11988
- C:\Windows\System32\lHsKjmt.exe
  C:\Windows\System32\lHsKjmt.exe
  2⤵
  PID:12188
- C:\Windows\System32\CXHrziK.exe
  C:\Windows\System32\CXHrziK.exe
  2⤵
  PID:11432
- C:\Windows\System32\UYIbaYF.exe
  C:\Windows\System32\UYIbaYF.exe
  2⤵
  PID:11692
- C:\Windows\System32\TditYkK.exe
  C:\Windows\System32\TditYkK.exe
  2⤵
  PID:12072
- C:\Windows\System32\EQMaRpH.exe
  C:\Windows\System32\EQMaRpH.exe
  2⤵
  PID:11580
- C:\Windows\System32\GrvyrJf.exe
  C:\Windows\System32\GrvyrJf.exe
  2⤵
  PID:12292
- C:\Windows\System32\wJtSHTo.exe
  C:\Windows\System32\wJtSHTo.exe
  2⤵
  PID:12332
- C:\Windows\System32\TuwHFgn.exe
  C:\Windows\System32\TuwHFgn.exe
  2⤵
  PID:12356
- C:\Windows\System32\KNyuChO.exe
  C:\Windows\System32\KNyuChO.exe
  2⤵
  PID:12388
- C:\Windows\System32\yMatXjg.exe
  C:\Windows\System32\yMatXjg.exe
  2⤵
  PID:12412
- C:\Windows\System32\NVQNirK.exe
  C:\Windows\System32\NVQNirK.exe
  2⤵
  PID:12432
- C:\Windows\System32\hIQixuF.exe
  C:\Windows\System32\hIQixuF.exe
  2⤵
  PID:12460
- C:\Windows\System32\AeQrumE.exe
  C:\Windows\System32\AeQrumE.exe
  2⤵
  PID:12476
- C:\Windows\System32\lhxPpqt.exe
  C:\Windows\System32\lhxPpqt.exe
  2⤵
  PID:12496
- C:\Windows\System32\xNNuxFQ.exe
  C:\Windows\System32\xNNuxFQ.exe
  2⤵
  PID:12524
- C:\Windows\System32\PaiawMM.exe
  C:\Windows\System32\PaiawMM.exe
  2⤵
  PID:12540
- C:\Windows\System32\cZjUNZE.exe
  C:\Windows\System32\cZjUNZE.exe
  2⤵
  PID:12564
- C:\Windows\System32\HlULlvS.exe
  C:\Windows\System32\HlULlvS.exe
  2⤵
  PID:12632
- C:\Windows\System32\WqlfBQC.exe
  C:\Windows\System32\WqlfBQC.exe
  2⤵
  PID:12664
- C:\Windows\System32\HRyasiR.exe
  C:\Windows\System32\HRyasiR.exe
  2⤵
  PID:12700
- C:\Windows\System32\HdkdAwq.exe
  C:\Windows\System32\HdkdAwq.exe
  2⤵
  PID:12724
- C:\Windows\System32\UjozrCy.exe
  C:\Windows\System32\UjozrCy.exe
  2⤵
  PID:12748
- C:\Windows\System32\FvnuOWB.exe
  C:\Windows\System32\FvnuOWB.exe
  2⤵
  PID:12780
- C:\Windows\System32\dtuIGOY.exe
  C:\Windows\System32\dtuIGOY.exe
  2⤵
  PID:12808
- C:\Windows\System32\ROjhvtV.exe
  C:\Windows\System32\ROjhvtV.exe
  2⤵
  PID:12828
- C:\Windows\System32\iUUBTVu.exe
  C:\Windows\System32\iUUBTVu.exe
  2⤵
  PID:12860
- C:\Windows\System32\lqBTEVD.exe
  C:\Windows\System32\lqBTEVD.exe
  2⤵
  PID:12896
- C:\Windows\System32\UjIziAd.exe
  C:\Windows\System32\UjIziAd.exe
  2⤵
  PID:12916
- C:\Windows\System32\lNasPKp.exe
  C:\Windows\System32\lNasPKp.exe
  2⤵
  PID:12940
- C:\Windows\System32\vASfXxq.exe
  C:\Windows\System32\vASfXxq.exe
  2⤵
  PID:12960
- C:\Windows\System32\VTsDfTp.exe
  C:\Windows\System32\VTsDfTp.exe
  2⤵
  PID:12996
- C:\Windows\System32\TGvbpvU.exe
  C:\Windows\System32\TGvbpvU.exe
  2⤵
  PID:13016
- C:\Windows\System32\AqFstlP.exe
  C:\Windows\System32\AqFstlP.exe
  2⤵
  PID:13044
- C:\Windows\System32\Nubyewc.exe
  C:\Windows\System32\Nubyewc.exe
  2⤵
  PID:13108
- C:\Windows\System32\jPSUMiN.exe
  C:\Windows\System32\jPSUMiN.exe
  2⤵
  PID:13124
- C:\Windows\System32\nLokBbG.exe
  C:\Windows\System32\nLokBbG.exe
  2⤵
  PID:13144
- C:\Windows\System32\HQQMCtC.exe
  C:\Windows\System32\HQQMCtC.exe
  2⤵
  PID:13188
- C:\Windows\System32\EprUIZh.exe
  C:\Windows\System32\EprUIZh.exe
  2⤵
  PID:13216
- C:\Windows\System32\keuGduI.exe
  C:\Windows\System32\keuGduI.exe
  2⤵
  PID:13240
- C:\Windows\System32\HmLFZRW.exe
  C:\Windows\System32\HmLFZRW.exe
  2⤵
  PID:13260
- C:\Windows\System32\BajeGBc.exe
  C:\Windows\System32\BajeGBc.exe
  2⤵
  PID:13300
- C:\Windows\System32\MKrBjUY.exe
  C:\Windows\System32\MKrBjUY.exe
  2⤵
  PID:11916
- C:\Windows\System32\DAEQOcn.exe
  C:\Windows\System32\DAEQOcn.exe
  2⤵
  PID:12368
- C:\Windows\System32\LGctsLw.exe
  C:\Windows\System32\LGctsLw.exe
  2⤵
  PID:12400
- C:\Windows\System32\htJbnsF.exe
  C:\Windows\System32\htJbnsF.exe
  2⤵
  PID:12440
- C:\Windows\System32\DGqJJiU.exe
  C:\Windows\System32\DGqJJiU.exe
  2⤵
  PID:12484
- C:\Windows\System32\WZqnWlF.exe
  C:\Windows\System32\WZqnWlF.exe
  2⤵
  PID:12536
- C:\Windows\System32\ciJsQNy.exe
  C:\Windows\System32\ciJsQNy.exe
  2⤵
  PID:12572
- C:\Windows\System32\RyKwiiX.exe
  C:\Windows\System32\RyKwiiX.exe
  2⤵
  PID:5712
- C:\Windows\System32\RHpIABs.exe
  C:\Windows\System32\RHpIABs.exe
  2⤵
  PID:12680
- C:\Windows\System32\THVGHMT.exe
  C:\Windows\System32\THVGHMT.exe
  2⤵
  PID:12744
- C:\Windows\System32\bxpqIMZ.exe
  C:\Windows\System32\bxpqIMZ.exe
  2⤵
  PID:12824
- C:\Windows\System32\DljNToQ.exe
  C:\Windows\System32\DljNToQ.exe
  2⤵
  PID:12876
- C:\Windows\System32\KcbgVrQ.exe
  C:\Windows\System32\KcbgVrQ.exe
  2⤵
  PID:12924
- C:\Windows\System32\WebxPHr.exe
  C:\Windows\System32\WebxPHr.exe
  2⤵
  PID:12976
- C:\Windows\System32\ZtlbfAi.exe
  C:\Windows\System32\ZtlbfAi.exe
  2⤵
  PID:13084
- C:\Windows\System32\IeHotNg.exe
  C:\Windows\System32\IeHotNg.exe
  2⤵
  PID:13180
- C:\Windows\System32\jQJviTV.exe
  C:\Windows\System32\jQJviTV.exe
  2⤵
  PID:13248
- C:\Windows\System32\wjttOFg.exe
  C:\Windows\System32\wjttOFg.exe
  2⤵
  PID:13284
- C:\Windows\System32\MgwawsK.exe
  C:\Windows\System32\MgwawsK.exe
  2⤵
  PID:12344
- C:\Windows\System32\xoXxYki.exe
  C:\Windows\System32\xoXxYki.exe
  2⤵
  PID:12508
- C:\Windows\System32\OAoIudX.exe
  C:\Windows\System32\OAoIudX.exe
  2⤵
  PID:5996
- C:\Windows\System32\DyKUSeg.exe
  C:\Windows\System32\DyKUSeg.exe
  2⤵
  PID:13232

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BtCxTlb.exe

Filesize
1.5MB

MD5
7900aa1a7c86a2ddc20b3ee565e0128a

SHA1
a7ff11451cc5d081551e6527cb64f357abc8afeb

SHA256
668e80652d298e885bfa6a723d4778d0d42d0aee60209a8967bf2a2a3d200cca

SHA512
c7b936d27be4a918a4c405847e4839cea2e2beb59b9815533b8dbf6706b546a44ce340c09b9815aed5bfd42c16e7b6195f3722f7055a76302b0d0317ecd76da9

Download Submit
C:\Windows\System32\FljaXaQ.exe

Filesize
1.5MB

MD5
74fe81b565beda775764dcacecf3ab95

SHA1
e59c42adbca1c40a89d730b8a3884cc742947cbb

SHA256
1fc923f6354a8eb59122535c1ec81e078d1d482126016f465c19c1c8a028e886

SHA512
fb484e04c6384f18982eac0cc3f2d77745a9839eaf5e15bb5b7ea95c93642789d1b2d4d980453bb5b71787809ef425c2304ccf3d7cb8bbe6db1512e31ed8484f

Download Submit
C:\Windows\System32\IfMtBRy.exe

Filesize
1.5MB

MD5
e552bd4ef30d8e02b29d843f7a65e1ae

SHA1
80961dd206fed1aed59e46bfdfc828ae964fc107

SHA256
058b04a155581fa80b3d24d55dd653c034232328d0ff1b30c85aac0ca66840ff

SHA512
33b5797563c68683fc6231cca3b129e536c411637b35d51dbeb825cb7f4d7d965bcaa587f87274efb17016887c94e7d6dfa7880f0fc9fd97edc6ddaa5f9e4980

Download Submit
C:\Windows\System32\IfMtBRy.exe

Filesize
1.5MB

MD5
d51c6a5a4d55575212c9dbca5d24161e

SHA1
ea88e920655af9d49a47bcc01a77ffc030b1b310

SHA256
f5f261dd94949fda6206991e0063d9c1faa16919e23c1b0686b1878415965869

SHA512
88cced6a335e4a9b1567eab8590386b65ef4754e3497c24c1981f1994036b2341dcc16c9b5ec44faeeb5abae4684d78ec7a8740f30487f44cfbf4f29e7576a69

Download Submit
C:\Windows\System32\IqFZYAB.exe

Filesize
1.5MB

MD5
5ebca948bf60e92c7f81b58db6fc1b12

SHA1
b422e9c32a23bdb8b847e54023ac4800fa79ea35

SHA256
5910bf2047804b88b12691072f408ff9460aedd14488468df7073c02596fa72b

SHA512
860f24e06b8b4466e238bf3790e4ae87cdeead726b99ee58793c6b565bdfb4cfafba76b216f760823bb116d64403d863d25edd1192159be221ab4fc0ae8647b2

Download Submit
C:\Windows\System32\LbsZXSe.exe

Filesize
1.5MB

MD5
a80b40e6cdb26871fb32dc60b2fde044

SHA1
3f0aaeb93c63283370b1ffdf79fa00b9877757e6

SHA256
17b1a2f1741c0df4861338bd0737f881d5db60167ea9956b428b96b63a1a4b99

SHA512
a67c5c1dc7d7d5b1f6556a62d3443c6092433775ae6b4b175e9d2d01b01c785bb5ec323df9510417ae1202495c252153b39508f6b556c53d58684aed906175c4

Download Submit
C:\Windows\System32\LjuFBmj.exe

Filesize
1.5MB

MD5
eeb5d4bd48be1e98a59cfa018c0dabbd

SHA1
3b2ed89ff62782fac40477a22f634ab63a17322b

SHA256
4d30a0259c19ae934f32313efc0057fcaa98874b5830e2f31355922fbe86da61

SHA512
e02256319abe2bea9175558974fe66eeb03e6896f1f8e4fa3ee202098d6e6bdad4e903354ec7e1eac3a6efe3b4f8b17a87974738ea0ec09784b6859ea95e45fb

Download Submit
C:\Windows\System32\OoYxasi.exe

Filesize
1.5MB

MD5
9dbaf2a2a4f865dcce1645e0179e6f18

SHA1
0b29914e8ece4ee6e0fa126180b598dd76f30dd8

SHA256
7355d885cc30496aaf742a48a508c0a1cc026730f22b8e8571b76544101d1b94

SHA512
9e89788c9f50ced069264a9ca878594534d1c71d4b342af21920ce91993ef953aa78315c423f1a68ce6a9330a60659b902b46399cc703a8933e9b857016d206d

Download Submit
C:\Windows\System32\OoYxasi.exe

Filesize
1.2MB

MD5
f8d567c0dee768b96869b64d61bc009f

SHA1
07c55d57bc5154d08a20e9620c7ad2dede6346ca

SHA256
2eec03563cb908397dd005d750c587f031e5e61bc299ae8a88f0d20829b3eb6d

SHA512
d6b264440473313929bc25d7c595d1ebf782edaad2c3c70582d6022f4075d1bc211a481931a308f7cbf16b67472f6e53ffe2289457427a01ff3c2f39c4e8f41b

Download Submit
C:\Windows\System32\PUnRDTu.exe

Filesize
1.5MB

MD5
8145ddde71e276da8f1df7276f61a12a

SHA1
254330a879d4e3fe48051d0abd7b0265aad9b8e1

SHA256
0a90770430806084e638dec4b5722cd8bba1d8e6f127741222cac158d0047c47

SHA512
9e8a3542d3b2d1ebc1c0381f05c3778ad39538aa0685c02d2b336460afe664a4356e9619ee8b0b770696fb1fb1b34c5051fa402ac83580d2dfa41838b50c5398

Download Submit
C:\Windows\System32\PuiECie.exe

Filesize
1.5MB

MD5
6fe37ea9e619a61bc547da53b49e8e2d

SHA1
b0b1f30e04bcd46c1c5b040168e0a358e34c2bfb

SHA256
218edb550a15d7ddc0104a2357b5f5ffb88bc3e8e244ce83e4564c9b5b50c97c

SHA512
7ba9e4cf175e0056fb51e5b39323ed12d674c2d2046b18d5181f6ce38bd4e8c3b5f1adf7378b27abcdc4546f59efbc66337230320c06f4e9ba1f140d1c83f519

Download Submit
C:\Windows\System32\QyytkXr.exe

Filesize
1.5MB

MD5
9ab5cb7061aca05ebe59dea88beae053

SHA1
488d23a1fb80d310a67c01865c3a38be3a3668db

SHA256
ab40f694b9c3f064e55c756c41f23354c3d97ee30b205a9c47320415289b12d9

SHA512
c5eb2e48346ac6d3cad27bf713c6bd6a1949e48e8c4b3e99cb47014b26351d56b54ab65d331ae275706e976ab2136b58e32789e46df67e968225dc310f665155

Download Submit
C:\Windows\System32\RyqLxfA.exe

Filesize
1.5MB

MD5
63f3b5f7c60839d8f94b085ec84904d4

SHA1
1a241c5fd4045695006d876daf34015f979b3e5e

SHA256
95518848dba14205186dc7056cdb37bbfa3d480838503651c9ebf2850572f07b

SHA512
4f30aa3551aa596d478943693d48ad2f4001422534bb957e53f4fc835d12d333610f20b7c5b7558070ea88afbb06d2bb1ae18180d8cf5f8e3f4a1525018a4faf

Download Submit
C:\Windows\System32\UrqxwID.exe

Filesize
1.5MB

MD5
d197a682b8ead069d511ad4269f3a72c

SHA1
5674ce94546aac6d228e4958dece7dddab009663

SHA256
be157e84db78ac6a264ff2a1e68915559437ca3c60326ad468f04b652067c257

SHA512
3a643b8b0b871506124d23d06fa16331941fd716c5e82acd317503ea354c34803f716a4f0c11b2a7b5ba4052c12654506d09ada8ecdbad0db25c81d51f732d30

Download Submit
C:\Windows\System32\XQKqzYQ.exe

Filesize
1.5MB

MD5
446da989c6a3f946202cfc1591433fd9

SHA1
62b8e035ef7aa03cb623e398a6853e9ed997f65b

SHA256
8cc09604f31dc844c5cf1637d4ff21931e3a77ad080e204aaa025c88de97d2fa

SHA512
89ded9b9961709e7a84bc04d911b59f0ef3ee8e48f1c0689936c76de9e4f97df8aae3b6e24b275a74f6ab54f8c5ffe7b5ae2c34418126b842cfa230c7d1964b9

Download Submit
C:\Windows\System32\XwyJBfG.exe

Filesize
1.4MB

MD5
d8e6ec01acc9beef1ac0fc64bb3de8a0

SHA1
cd58ce157c0b1acf21a76702534b3b4a6b3dae02

SHA256
e2a1ba34f55e56c163c16cecef688f2978f02490a1aa300d5587ffdf4b5a50fd

SHA512
f563e9c35cb32fe54ead7a47976f41312f2afd1927a45d45031a706b9dd1caa2604c983747c984bd1c12f305322f36a37d1056003e1b15e97708d5ec24f75564

Download Submit
C:\Windows\System32\XwyJBfG.exe

Filesize
1.5MB

MD5
a3e1a86d198ff57d54d305b765c1e469

SHA1
c01810534ab573acc00a86978f6eaf408aa27d77

SHA256
5b6c705f2132c95d7e6b37c2ca8573953c07977f73b052ef22b252c50e7bd7a7

SHA512
b6b56cd225c66ce8a47f6a4b41a6124e968c17f19527034e119500a96151607999df0011072e296095f2b3219ffd51e1e3e33e3bde04c3feb0e8f9d63ebadd6b

Download Submit
C:\Windows\System32\ZyjfQAG.exe

Filesize
1.5MB

MD5
f736e2809ca5d56bd59fb165eb204dff

SHA1
903bf84e5212c1bc73e7f782b3d24be676163920

SHA256
5bf7db860d601c29d7fed107e4af7adceedb9a3b6c79a96074780ec59f5dc658

SHA512
5e1208f3d77e7b0e831acf9a4acb8a9d522f4956c9b05b89f0eebf90db221041a55b132129597a95ce17af1817af3e934a901b751085b4587a9cd0d25886e1e9

Download Submit
C:\Windows\System32\aNrqUKU.exe

Filesize
1.5MB

MD5
2ada6fc8b95853ddd4f9806ceedeb31c

SHA1
6514c69d522f898df5048e6c5558b62fb0599343

SHA256
00dbe09440fe0c70d8f49ae7175233fcbf7347b9bb423e59d85defb023755efd

SHA512
4b101276cf6b6288b7ce5f6f8e350aa669f6f445b64225770bb47e5109656c1ce2f72b448c3f2fc7b9965a600e64a7152d25040b3781134be4cbe30f05f2aa76

Download Submit
C:\Windows\System32\dHymcVO.exe

Filesize
1.5MB

MD5
66e1fdb20977b03d112d6e152f38987a

SHA1
55641d5de279f12e98b2db3ad24606fe75486895

SHA256
156b2d594bddda1d6a41a9435cbf18f7518efa314275f174d533f47e8fcb4c83

SHA512
ddcfa4e9be7cad7f67af59e6dde7aaf6b3be6b420a6fe5fd7168aa75d22dde19a02db5bfb4c49f523f490f7e9b5dd8416e05c50ef884093d7302c893dea5477d

Download Submit
C:\Windows\System32\dzDmUwz.exe

Filesize
1.5MB

MD5
05bc6cb27db8387ab762efb2d6141f59

SHA1
b7795e168ad320ba00e5e6f8c2ecf16bcf500fd4

SHA256
e71b3d1e4a28c773a72c01e294c87a522c3d00277d3629ad318d4bc58ec84ccd

SHA512
d2400a0130ade508bbfebb8ffb7f104ab0934881812eaf99d705d3cc859e7f85c567b0ed67230c78b8ebefd712267f11f5ac19603e1ae125b49bf06bbbe2114c

Download Submit
C:\Windows\System32\eHLixBg.exe

Filesize
1.5MB

MD5
354e98b02db024de20cf18876061500e

SHA1
02ebaf9378f77445b031ffcc2fa710c195631fcd

SHA256
ba3ec367f478ad09f841847ba206a8250bc67fa62108a870db9c287bc4661e90

SHA512
5c7c2306e60a62a2c4d87ca5347df4ee297b37a5a9beda55876fbe8b1ee87340a35c7a1ae0d97bfcd42ba9b4d27f5d8af64809d65b2ddc0693c1e0272981901d

Download Submit
C:\Windows\System32\fTaLZKj.exe

Filesize
1.5MB

MD5
68574744c50151da928661913e12e978

SHA1
588da52e60cdaad56dd81f521ea6984f42900fc0

SHA256
b2907716be8aca76f2e27dffe8c14338b1795aa17eb5364c29bc3858582851a1

SHA512
37a70d5e1cd7dccde0ff1c84f24162e53287aca43db86d1115b9643af421ff26e93f1d3028ec20954774ace70783031fa42f6ffe176afd8ad1889c6a4cc5ecb6

Download Submit
C:\Windows\System32\ioFUvRU.exe

Filesize
1.5MB

MD5
7f552beec073b4a4b99c104bb8751f78

SHA1
4d5d6748ca239d1d95750bcf47fd92b254aa38cf

SHA256
25621ec5d57dfd9c30bce194e7904eb101f0abab55c8b9a615694ef6905dab3c

SHA512
d66e758c3beee8dafcb6f725f21d9c7059078435f08b4daa0cadfc0fcc9031456ec316d4c87a1095968c2540d3e920d4cf018b74a10f1065d125e37be93cbb85

Download Submit
C:\Windows\System32\jJXJwXX.exe

Filesize
1.5MB

MD5
b1bb2d8eb4f2df7352756f8dd763b9b0

SHA1
e5aa5ed92127fb55ab88f92ad730440946782546

SHA256
dbc8346e9fe552a0e718c7c39b71769559fc04d3e88ba18550559417780ca0f7

SHA512
2ad951b9f2974e300ad0a534c1c6986d0cf7d8b0569982cc58f0175003ca61da149cf121aeeb8cea1d56324fd08ea130bdee6366d0532899d2c325659ccb2045

Download Submit
C:\Windows\System32\jJXJwXX.exe

Filesize
1.2MB

MD5
a42a2bc77ecd3cc0a8d8b13192c6a5eb

SHA1
56c7ef0e81b1e79e1b37b92a5c71acb2d6ca362d

SHA256
92c3707cacecd25df19e0e442b830eec383a259a4481780ffd35767b52283d54

SHA512
cf56fd7362642dc5d717b7506a808b259b39dccebb342a717ca8dd3b0e0fe3214c4bb293203db21be82965a5af039b92ea70898d94c24c461b5311f8775261ed

Download Submit
C:\Windows\System32\mgZtDrh.exe

Filesize
1.5MB

MD5
aead8ebbbd467fac8d33556fdc8cbf3c

SHA1
f54de25837e82f818fc10e6ddc6f3f955b84994a

SHA256
877cd569b47fe7e3d52a3a73646e2358c6a3da0b2f4e35a8d22fa71f8b37775c

SHA512
7b20f7025cb9b166be3b438a0e616d20f8b2840ea1d26c9f0ebd40be083e8c29b0df7e7f15cadac41f1e3b3099502247718707f7d09273d3cf3ed0306b099b2e

Download Submit
C:\Windows\System32\pGVIhrJ.exe

Filesize
1.5MB

MD5
26ab640c999a981f5da292dd596a5063

SHA1
008421a2a2228997a58393b77ae543fe434d3069

SHA256
e1b6e11c74bce75b0661a5ee51eda7587387258b7aa9c02e91b5851250ff295c

SHA512
d5c930f536f0a97e00a5c428843dfcacddbc6b966f90e70919ba80a0650e10a50ee9d3fd5b85420cf4a45d922233127a50ff23ab2c71405a48029570461aff49

Download Submit
C:\Windows\System32\qGIShCy.exe

Filesize
1.5MB

MD5
ff67d575855fa6472d94e00aa38c4aaa

SHA1
fd6d62eab7b83314e5abdb3023643d63d76930a1

SHA256
e52abcc740cf954fb7d57a08e1453fc0ac03baf197385a8dadea46aadf8115aa

SHA512
8e33472655e65aa6fa00ae85c24e661a8465de105b76b022643ce9058d7bf99167fbdd7ae3dd538ee82c255a0d4ff1e4f4523f77ac19cb9da961420922ea5945

Download Submit
C:\Windows\System32\qYFrkpK.exe

Filesize
448KB

MD5
cd3b865bd20cb43107d9da43af57f025

SHA1
e285ab87b9758fc9b720b6b1ef202542ad1a17f1

SHA256
5b880ae160d2157c2b042bea106b6e589e80fd46737ff6520e98271679fafc9f

SHA512
67ff98eabbf3838dc2d6e206fcb0deb2899386e970383b182e380c8540d872872da51342ff3267380fd7bb9b7dd0c06ea80a33edb0b58fe48a5204bddef363d7

Download Submit
C:\Windows\System32\qYFrkpK.exe

Filesize
1.5MB

MD5
9bd311e93fd5070550eaaf30834632e7

SHA1
d53d333bc5c57ab30b088cc1c08f411e595f94d5

SHA256
053a5fc71f2a3379db30311d4279b0fd4fd8faeb5c11971f90358efede4d3bdf

SHA512
d0d98e6e942a17a9629be12745c8b944fc2cfef32f05a78817d48482b0c781daeeff4d019bb7b1077e55bdc95c614c07c8f345bea9db3c4ef3f4b48419c10d2c

Download Submit
C:\Windows\System32\rXpvtFu.exe

Filesize
1.5MB

MD5
b4c21f47d26a8b95bd9d19a930bd1558

SHA1
d58d84bce30c84f88026a0313bb5d34ca295256c

SHA256
762e17261b5005cd8b2052028dded14ee5243f07f42716047e567eed545a076a

SHA512
e021e792170608a97a802e82865794f4e6114008e80c66c8bcbaef2891037ebd78c89718773a7058b647b2047146508a73addeaf57d294ccdfe5be717ba817dc

Download Submit
C:\Windows\System32\rutlpbO.exe

Filesize
1.5MB

MD5
628bda3de6b0ffdcddc986a37eb082ad

SHA1
99a062871baf8b2b9bd54dd1ea97b53c34662e82

SHA256
1493cf60ecbeed5404ed867aca4eb43cfefb5ce1827ab49c166f15ec3d7da761

SHA512
c9484af24e7235b414424be4c60381b72736e406391ff9db93383052c022f42c4d1e3f43c90f5fe0746f2929347a932073583e5905ae6d1c2acac27f3f1756f7

Download Submit
C:\Windows\System32\sfMmFJy.exe

Filesize
1.5MB

MD5
77ca01c77c225eee0ce73d75b60bcfd3

SHA1
8d3813182c8b34d1d6a443a5ae66dea8330d0926

SHA256
722f1f991f4668331152b3ec940c17c8078e48485bc4e1a09954adbc3dc8dd59

SHA512
e73e456d9b0bd32224e34725c477d1b6403a842ab2e595151756c8040c5847531d43830737359b7b991ba0f4c4e196233c12328a07b4a6f6c858a688ae1ac068

Download Submit
C:\Windows\System32\tSlUbzu.exe

Filesize
1.5MB

MD5
7a6667acbc2a7799bc5051f1140cad9c

SHA1
7a27b3c1a94be325b23c72f46559222ca2968764

SHA256
c5e78127dd3481912ddf26723dbcb2d0593b186098e579535763f0667a252771

SHA512
9c2ea80927f5d00b66822e0337214907f5bb9258381304b5f3395e3a8f312acea6a26916955f3c4474d4563c6599b3506207a25792b6de1246bd61dd356bb1d8

Download Submit
C:\Windows\System32\zQXuFsB.exe

Filesize
1.5MB

MD5
e12250282588d6dc564fcbcbdccd16b6

SHA1
0d5292d225bda16745b8b208b95042f260a70742

SHA256
85b77ab89c950e1793e1551509b5de2240b996b61f1d0d04a45c0e6421b8ac86

SHA512
127a0809cd0fadab7a0aa8dc86e94a438a9358d8a4b725422338445c1ebbb6d4ca6ec2637769f96ea6c0e35c26d2713694e81816a60524269ca1682ab970d9b8

Download Submit
memory/540-30-0x00007FF676740000-0x00007FF676B31000-memory.dmp

Filesize
3.9MB

Download
memory/540-2076-0x00007FF676740000-0x00007FF676B31000-memory.dmp

Filesize
3.9MB

Download
memory/1552-2023-0x00007FF766650000-0x00007FF766A41000-memory.dmp

Filesize
3.9MB

Download
memory/1552-2092-0x00007FF766650000-0x00007FF766A41000-memory.dmp

Filesize
3.9MB

Download
memory/1552-75-0x00007FF766650000-0x00007FF766A41000-memory.dmp

Filesize
3.9MB

Download
memory/2192-2116-0x00007FF650CB0000-0x00007FF6510A1000-memory.dmp

Filesize
3.9MB

Download
memory/2192-260-0x00007FF650CB0000-0x00007FF6510A1000-memory.dmp

Filesize
3.9MB

Download
memory/2260-251-0x00007FF69B400000-0x00007FF69B7F1000-memory.dmp

Filesize
3.9MB

Download
memory/2260-2108-0x00007FF69B400000-0x00007FF69B7F1000-memory.dmp

Filesize
3.9MB

Download
memory/2532-2090-0x00007FF6B8730000-0x00007FF6B8B21000-memory.dmp

Filesize
3.9MB

Download
memory/2532-70-0x00007FF6B8730000-0x00007FF6B8B21000-memory.dmp

Filesize
3.9MB

Download
memory/2532-2021-0x00007FF6B8730000-0x00007FF6B8B21000-memory.dmp

Filesize
3.9MB

Download
memory/3100-1999-0x00007FF776490000-0x00007FF776881000-memory.dmp

Filesize
3.9MB

Download
memory/3100-1-0x000001ED332A0000-0x000001ED332B0000-memory.dmp

Filesize
64KB

Download
memory/3100-0-0x00007FF776490000-0x00007FF776881000-memory.dmp

Filesize
3.9MB

Download
memory/3100-86-0x00007FF776490000-0x00007FF776881000-memory.dmp

Filesize
3.9MB

Download
memory/3368-2072-0x00007FF6D5830000-0x00007FF6D5C21000-memory.dmp

Filesize
3.9MB

Download
memory/3368-804-0x00007FF6D5830000-0x00007FF6D5C21000-memory.dmp

Filesize
3.9MB

Download
memory/3368-13-0x00007FF6D5830000-0x00007FF6D5C21000-memory.dmp

Filesize
3.9MB

Download
memory/3500-220-0x00007FF67B200000-0x00007FF67B5F1000-memory.dmp

Filesize
3.9MB

Download
memory/3500-2100-0x00007FF67B200000-0x00007FF67B5F1000-memory.dmp

Filesize
3.9MB

Download
memory/3632-2106-0x00007FF7C22A0000-0x00007FF7C2691000-memory.dmp

Filesize
3.9MB

Download
memory/3632-247-0x00007FF7C22A0000-0x00007FF7C2691000-memory.dmp

Filesize
3.9MB

Download
memory/3932-233-0x00007FF73BD20000-0x00007FF73C111000-memory.dmp

Filesize
3.9MB

Download
memory/3932-2104-0x00007FF73BD20000-0x00007FF73C111000-memory.dmp

Filesize
3.9MB

Download
memory/4044-1930-0x00007FF6492C0000-0x00007FF6496B1000-memory.dmp

Filesize
3.9MB

Download
memory/4044-2074-0x00007FF6492C0000-0x00007FF6496B1000-memory.dmp

Filesize
3.9MB

Download
memory/4044-20-0x00007FF6492C0000-0x00007FF6496B1000-memory.dmp

Filesize
3.9MB

Download
memory/4076-226-0x00007FF6D31A0000-0x00007FF6D3591000-memory.dmp

Filesize
3.9MB

Download
memory/4076-2102-0x00007FF6D31A0000-0x00007FF6D3591000-memory.dmp

Filesize
3.9MB

Download
memory/4588-2084-0x00007FF60DFF0000-0x00007FF60E3E1000-memory.dmp

Filesize
3.9MB

Download
memory/4588-63-0x00007FF60DFF0000-0x00007FF60E3E1000-memory.dmp

Filesize
3.9MB

Download
memory/4636-799-0x00007FF792BE0000-0x00007FF792FD1000-memory.dmp

Filesize
3.9MB

Download
memory/4636-2070-0x00007FF792BE0000-0x00007FF792FD1000-memory.dmp

Filesize
3.9MB

Download
memory/4636-11-0x00007FF792BE0000-0x00007FF792FD1000-memory.dmp

Filesize
3.9MB

Download
memory/4768-2112-0x00007FF6E9BD0000-0x00007FF6E9FC1000-memory.dmp

Filesize
3.9MB

Download
memory/4768-254-0x00007FF6E9BD0000-0x00007FF6E9FC1000-memory.dmp

Filesize
3.9MB

Download
memory/4856-2098-0x00007FF61D3F0000-0x00007FF61D7E1000-memory.dmp

Filesize
3.9MB

Download
memory/4856-217-0x00007FF61D3F0000-0x00007FF61D7E1000-memory.dmp

Filesize
3.9MB

Download
memory/5260-87-0x00007FF731330000-0x00007FF731721000-memory.dmp

Filesize
3.9MB

Download
memory/5260-2096-0x00007FF731330000-0x00007FF731721000-memory.dmp

Filesize
3.9MB

Download
memory/5304-2088-0x00007FF780C40000-0x00007FF781031000-memory.dmp

Filesize
3.9MB

Download
memory/5304-65-0x00007FF780C40000-0x00007FF781031000-memory.dmp

Filesize
3.9MB

Download
memory/5340-2022-0x00007FF63CAA0000-0x00007FF63CE91000-memory.dmp

Filesize
3.9MB

Download
memory/5340-73-0x00007FF63CAA0000-0x00007FF63CE91000-memory.dmp

Filesize
3.9MB

Download
memory/5340-2094-0x00007FF63CAA0000-0x00007FF63CE91000-memory.dmp

Filesize
3.9MB

Download
memory/5420-59-0x00007FF6471E0000-0x00007FF6475D1000-memory.dmp

Filesize
3.9MB

Download
memory/5420-2080-0x00007FF6471E0000-0x00007FF6475D1000-memory.dmp

Filesize
3.9MB

Download
memory/5492-38-0x00007FF642940000-0x00007FF642D31000-memory.dmp

Filesize
3.9MB

Download
memory/5492-2078-0x00007FF642940000-0x00007FF642D31000-memory.dmp

Filesize
3.9MB

Download
memory/5608-2114-0x00007FF6B80C0000-0x00007FF6B84B1000-memory.dmp

Filesize
3.9MB

Download
memory/5608-257-0x00007FF6B80C0000-0x00007FF6B84B1000-memory.dmp

Filesize
3.9MB

Download
memory/5644-2082-0x00007FF62A750000-0x00007FF62AB41000-memory.dmp

Filesize
3.9MB

Download
memory/5644-50-0x00007FF62A750000-0x00007FF62AB41000-memory.dmp

Filesize
3.9MB

Download
memory/5644-1404-0x00007FF62A750000-0x00007FF62AB41000-memory.dmp

Filesize
3.9MB

Download
memory/5660-253-0x00007FF682680000-0x00007FF682A71000-memory.dmp

Filesize
3.9MB

Download
memory/5660-2110-0x00007FF682680000-0x00007FF682A71000-memory.dmp

Filesize
3.9MB

Download
memory/5788-66-0x00007FF7604D0000-0x00007FF7608C1000-memory.dmp

Filesize
3.9MB

Download
memory/5788-2086-0x00007FF7604D0000-0x00007FF7608C1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads