xmrig | 099a198643bdfd2879cc14774f9df01f1743cb49e124713bb6091fa302751f97

Analysis

max time kernel
132s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
Size

1.4MB
MD5

69c2fab6276852687306dfd888fe0630
SHA1

b3cb63e44dcbaf8ccaea63eeab6deefab37776bd
SHA256

099a198643bdfd2879cc14774f9df01f1743cb49e124713bb6091fa302751f97
SHA512

f67416d8b0f81d5ca750222f7ab6f3ccf3e99d399b783be9d127fe6f3687710383a0f6d970bf6e480a9db2b310b5115bb8a9f6d5133cc028688b9a7dd93df220
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727f8UhNnwSz7TD0SqKpTIr2ejZvU67NnX1vQnTzaH+:ROdWCCi7/rahUUvlhqLr2+W4x+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4956-14-0x00007FF700FB0000-0x00007FF701301000-memory.dmp	xmrig
behavioral2/memory/2804-200-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp	xmrig
behavioral2/memory/3696-199-0x00007FF696CE0000-0x00007FF697031000-memory.dmp	xmrig
behavioral2/memory/556-195-0x00007FF711770000-0x00007FF711AC1000-memory.dmp	xmrig
behavioral2/memory/1788-191-0x00007FF7DD5D0000-0x00007FF7DD921000-memory.dmp	xmrig
behavioral2/memory/3992-190-0x00007FF6FCBB0000-0x00007FF6FCF01000-memory.dmp	xmrig
behavioral2/memory/1504-184-0x00007FF642000000-0x00007FF642351000-memory.dmp	xmrig
behavioral2/memory/3856-180-0x00007FF6341D0000-0x00007FF634521000-memory.dmp	xmrig
behavioral2/memory/428-179-0x00007FF66BCD0000-0x00007FF66C021000-memory.dmp	xmrig
behavioral2/memory/500-173-0x00007FF794D50000-0x00007FF7950A1000-memory.dmp	xmrig
behavioral2/memory/1380-168-0x00007FF70C7F0000-0x00007FF70CB41000-memory.dmp	xmrig
behavioral2/memory/1540-167-0x00007FF6A5ED0000-0x00007FF6A6221000-memory.dmp	xmrig
behavioral2/memory/4192-163-0x00007FF75F760000-0x00007FF75FAB1000-memory.dmp	xmrig
behavioral2/memory/5096-141-0x00007FF67DB70000-0x00007FF67DEC1000-memory.dmp	xmrig
behavioral2/memory/4980-140-0x00007FF641D60000-0x00007FF6420B1000-memory.dmp	xmrig
behavioral2/memory/1548-133-0x00007FF6E7DA0000-0x00007FF6E80F1000-memory.dmp	xmrig
behavioral2/memory/4956-2182-0x00007FF700FB0000-0x00007FF701301000-memory.dmp	xmrig
behavioral2/memory/3248-2215-0x00007FF6B07B0000-0x00007FF6B0B01000-memory.dmp	xmrig
behavioral2/memory/3036-2216-0x00007FF713F80000-0x00007FF7142D1000-memory.dmp	xmrig
behavioral2/memory/4316-2218-0x00007FF74BED0000-0x00007FF74C221000-memory.dmp	xmrig
behavioral2/memory/2260-2220-0x00007FF757C20000-0x00007FF757F71000-memory.dmp	xmrig
behavioral2/memory/564-2219-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp	xmrig
behavioral2/memory/1084-2217-0x00007FF6884C0000-0x00007FF688811000-memory.dmp	xmrig
behavioral2/memory/4628-2221-0x00007FF7132E0000-0x00007FF713631000-memory.dmp	xmrig
behavioral2/memory/4184-2228-0x00007FF67BC30000-0x00007FF67BF81000-memory.dmp	xmrig
behavioral2/memory/2356-2225-0x00007FF753CF0000-0x00007FF754041000-memory.dmp	xmrig
behavioral2/memory/2984-2230-0x00007FF626BE0000-0x00007FF626F31000-memory.dmp	xmrig
behavioral2/memory/3048-2231-0x00007FF761750000-0x00007FF761AA1000-memory.dmp	xmrig
behavioral2/memory/2440-2229-0x00007FF6A8E80000-0x00007FF6A91D1000-memory.dmp	xmrig
behavioral2/memory/4956-2252-0x00007FF700FB0000-0x00007FF701301000-memory.dmp	xmrig
behavioral2/memory/244-2254-0x00007FF712130000-0x00007FF712481000-memory.dmp	xmrig
behavioral2/memory/3036-2258-0x00007FF713F80000-0x00007FF7142D1000-memory.dmp	xmrig
behavioral2/memory/3248-2256-0x00007FF6B07B0000-0x00007FF6B0B01000-memory.dmp	xmrig
behavioral2/memory/2356-2262-0x00007FF753CF0000-0x00007FF754041000-memory.dmp	xmrig
behavioral2/memory/1084-2260-0x00007FF6884C0000-0x00007FF688811000-memory.dmp	xmrig
behavioral2/memory/428-2264-0x00007FF66BCD0000-0x00007FF66C021000-memory.dmp	xmrig
behavioral2/memory/564-2274-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp	xmrig
behavioral2/memory/4184-2272-0x00007FF67BC30000-0x00007FF67BF81000-memory.dmp	xmrig
behavioral2/memory/3856-2280-0x00007FF6341D0000-0x00007FF634521000-memory.dmp	xmrig
behavioral2/memory/5096-2286-0x00007FF67DB70000-0x00007FF67DEC1000-memory.dmp	xmrig
behavioral2/memory/4628-2294-0x00007FF7132E0000-0x00007FF713631000-memory.dmp	xmrig
behavioral2/memory/4192-2296-0x00007FF75F760000-0x00007FF75FAB1000-memory.dmp	xmrig
behavioral2/memory/1788-2292-0x00007FF7DD5D0000-0x00007FF7DD921000-memory.dmp	xmrig
behavioral2/memory/3992-2290-0x00007FF6FCBB0000-0x00007FF6FCF01000-memory.dmp	xmrig
behavioral2/memory/1504-2288-0x00007FF642000000-0x00007FF642351000-memory.dmp	xmrig
behavioral2/memory/2260-2284-0x00007FF757C20000-0x00007FF757F71000-memory.dmp	xmrig
behavioral2/memory/1548-2282-0x00007FF6E7DA0000-0x00007FF6E80F1000-memory.dmp	xmrig
behavioral2/memory/3048-2278-0x00007FF761750000-0x00007FF761AA1000-memory.dmp	xmrig
behavioral2/memory/4980-2276-0x00007FF641D60000-0x00007FF6420B1000-memory.dmp	xmrig
behavioral2/memory/2984-2270-0x00007FF626BE0000-0x00007FF626F31000-memory.dmp	xmrig
behavioral2/memory/2440-2268-0x00007FF6A8E80000-0x00007FF6A91D1000-memory.dmp	xmrig
behavioral2/memory/4316-2267-0x00007FF74BED0000-0x00007FF74C221000-memory.dmp	xmrig
behavioral2/memory/556-2304-0x00007FF711770000-0x00007FF711AC1000-memory.dmp	xmrig
behavioral2/memory/1380-2333-0x00007FF70C7F0000-0x00007FF70CB41000-memory.dmp	xmrig
behavioral2/memory/3696-2310-0x00007FF696CE0000-0x00007FF697031000-memory.dmp	xmrig
behavioral2/memory/2804-2308-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp	xmrig
behavioral2/memory/500-2300-0x00007FF794D50000-0x00007FF7950A1000-memory.dmp	xmrig
behavioral2/memory/1540-2298-0x00007FF6A5ED0000-0x00007FF6A6221000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

JCeBMiR.exeMHlDIFg.exeSxEfLGN.exenwQzeCh.exekQPsVwQ.exelTmYGcm.exeWkEEQaG.exeYKsgTsC.exefwTvqkm.exeXRTtcMM.exeOqEprQA.exeTAvHZwu.exeYVeVhFA.exehGIwlGL.exewYXZXky.exeBefuOUp.exeiDgtqpS.exeMDDninl.exePWYzdWf.exerAsYYMh.exeMpjEHiq.exeuChVweR.exeMRtFjnL.exeOtarDNY.exeqPWAgAs.exePdawPad.exeeknQNqo.exetSJYwSg.exeLfWzEWz.exeOiTwaWW.exeadRRgaW.exeMHrcPdN.execJnGhCi.exelNXaRgV.exeEKagPdX.exeXnQWPIU.exexabSkWh.exeHRfxpOx.exepwJXUSZ.exeIjqjFps.exeswURlbj.exeVFBuJFQ.exeKvxRbjz.exeQFWslzP.exemfYTPBY.exeoaKBxUz.exesZDCxTg.exefGaojmX.exeiwjVflm.exeUJYFORC.exeRQuAQFW.exeiyzuJcM.exeMBBytkH.exebpmoqdY.exeWmlSoKH.exeUXezwfd.exeKgUAQRf.exeiAOxSgy.exeNmyrfAK.exeUvMGyOs.exeSnKPGSd.exejseozgg.exeKKqqwoy.exefvkLuSG.exe

pid	process
244	JCeBMiR.exe
4956	MHlDIFg.exe
3248	SxEfLGN.exe
3036	nwQzeCh.exe
2356	kQPsVwQ.exe
1084	lTmYGcm.exe
428	WkEEQaG.exe
4316	YKsgTsC.exe
4184	fwTvqkm.exe
2440	XRTtcMM.exe
2984	OqEprQA.exe
3856	TAvHZwu.exe
3048	YVeVhFA.exe
564	hGIwlGL.exe
2260	wYXZXky.exe
1548	BefuOUp.exe
4980	iDgtqpS.exe
5096	MDDninl.exe
1504	PWYzdWf.exe
3992	rAsYYMh.exe
1788	MpjEHiq.exe
4628	uChVweR.exe
4192	MRtFjnL.exe
1540	OtarDNY.exe
1380	qPWAgAs.exe
556	PdawPad.exe
500	eknQNqo.exe
3696	tSJYwSg.exe
2804	LfWzEWz.exe
4640	OiTwaWW.exe
4932	adRRgaW.exe
4564	MHrcPdN.exe
1936	cJnGhCi.exe
2100	lNXaRgV.exe
952	EKagPdX.exe
3884	XnQWPIU.exe
3764	xabSkWh.exe
1812	HRfxpOx.exe
3980	pwJXUSZ.exe
1916	IjqjFps.exe
2392	swURlbj.exe
1048	VFBuJFQ.exe
1112	KvxRbjz.exe
2500	QFWslzP.exe
3824	mfYTPBY.exe
860	oaKBxUz.exe
4652	sZDCxTg.exe
3112	fGaojmX.exe
4484	iwjVflm.exe
1704	UJYFORC.exe
4984	RQuAQFW.exe
1016	iyzuJcM.exe
4016	MBBytkH.exe
2728	bpmoqdY.exe
1404	WmlSoKH.exe
4824	UXezwfd.exe
4520	KgUAQRf.exe
1064	iAOxSgy.exe
4988	NmyrfAK.exe
1712	UvMGyOs.exe
4216	SnKPGSd.exe
4948	jseozgg.exe
736	KKqqwoy.exe
4228	fvkLuSG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/5104-0-0x00007FF6D3B00000-0x00007FF6D3E51000-memory.dmp	upx
C:\Windows\System\JCeBMiR.exe	upx
C:\Windows\System\MHlDIFg.exe	upx
behavioral2/memory/4956-14-0x00007FF700FB0000-0x00007FF701301000-memory.dmp	upx
C:\Windows\System\SxEfLGN.exe	upx
C:\Windows\System\nwQzeCh.exe	upx
C:\Windows\System\kQPsVwQ.exe	upx
C:\Windows\System\YKsgTsC.exe	upx
C:\Windows\System\MDDninl.exe	upx
behavioral2/memory/2984-78-0x00007FF626BE0000-0x00007FF626F31000-memory.dmp	upx
C:\Windows\System\TAvHZwu.exe	upx
C:\Windows\System\iDgtqpS.exe	upx
C:\Windows\System\uChVweR.exe	upx
C:\Windows\System\PdawPad.exe	upx
C:\Windows\System\LfWzEWz.exe	upx
behavioral2/memory/2804-200-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp	upx
behavioral2/memory/3696-199-0x00007FF696CE0000-0x00007FF697031000-memory.dmp	upx
behavioral2/memory/556-195-0x00007FF711770000-0x00007FF711AC1000-memory.dmp	upx
behavioral2/memory/1788-191-0x00007FF7DD5D0000-0x00007FF7DD921000-memory.dmp	upx
behavioral2/memory/3992-190-0x00007FF6FCBB0000-0x00007FF6FCF01000-memory.dmp	upx
C:\Windows\System\cJnGhCi.exe	upx
C:\Windows\System\adRRgaW.exe	upx
behavioral2/memory/1504-184-0x00007FF642000000-0x00007FF642351000-memory.dmp	upx
C:\Windows\System\MHrcPdN.exe	upx
behavioral2/memory/3856-180-0x00007FF6341D0000-0x00007FF634521000-memory.dmp	upx
behavioral2/memory/428-179-0x00007FF66BCD0000-0x00007FF66C021000-memory.dmp	upx
C:\Windows\System\OiTwaWW.exe	upx
behavioral2/memory/500-173-0x00007FF794D50000-0x00007FF7950A1000-memory.dmp	upx
behavioral2/memory/1380-168-0x00007FF70C7F0000-0x00007FF70CB41000-memory.dmp	upx
behavioral2/memory/1540-167-0x00007FF6A5ED0000-0x00007FF6A6221000-memory.dmp	upx
C:\Windows\System\tSJYwSg.exe	upx
behavioral2/memory/4192-163-0x00007FF75F760000-0x00007FF75FAB1000-memory.dmp	upx
C:\Windows\System\eknQNqo.exe	upx
C:\Windows\System\OtarDNY.exe	upx
behavioral2/memory/4628-152-0x00007FF7132E0000-0x00007FF713631000-memory.dmp	upx
C:\Windows\System\qPWAgAs.exe	upx
C:\Windows\System\MRtFjnL.exe	upx
C:\Windows\System\MpjEHiq.exe	upx
behavioral2/memory/5096-141-0x00007FF67DB70000-0x00007FF67DEC1000-memory.dmp	upx
behavioral2/memory/4980-140-0x00007FF641D60000-0x00007FF6420B1000-memory.dmp	upx
C:\Windows\System\rAsYYMh.exe	upx
behavioral2/memory/1548-133-0x00007FF6E7DA0000-0x00007FF6E80F1000-memory.dmp	upx
C:\Windows\System\PWYzdWf.exe	upx
behavioral2/memory/2260-122-0x00007FF757C20000-0x00007FF757F71000-memory.dmp	upx
C:\Windows\System\wYXZXky.exe	upx
behavioral2/memory/3048-91-0x00007FF761750000-0x00007FF761AA1000-memory.dmp	upx
C:\Windows\System\BefuOUp.exe	upx
C:\Windows\System\hGIwlGL.exe	upx
C:\Windows\System\YVeVhFA.exe	upx
behavioral2/memory/564-92-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp	upx
C:\Windows\System\OqEprQA.exe	upx
C:\Windows\System\XRTtcMM.exe	upx
C:\Windows\System\fwTvqkm.exe	upx
C:\Windows\System\WkEEQaG.exe	upx
behavioral2/memory/2440-77-0x00007FF6A8E80000-0x00007FF6A91D1000-memory.dmp	upx
behavioral2/memory/4184-76-0x00007FF67BC30000-0x00007FF67BF81000-memory.dmp	upx
behavioral2/memory/4316-75-0x00007FF74BED0000-0x00007FF74C221000-memory.dmp	upx
behavioral2/memory/1084-63-0x00007FF6884C0000-0x00007FF688811000-memory.dmp	upx
C:\Windows\System\lTmYGcm.exe	upx
behavioral2/memory/2356-42-0x00007FF753CF0000-0x00007FF754041000-memory.dmp	upx
behavioral2/memory/3036-26-0x00007FF713F80000-0x00007FF7142D1000-memory.dmp	upx
behavioral2/memory/3248-20-0x00007FF6B07B0000-0x00007FF6B0B01000-memory.dmp	upx
behavioral2/memory/244-10-0x00007FF712130000-0x00007FF712481000-memory.dmp	upx
behavioral2/memory/4956-2182-0x00007FF700FB0000-0x00007FF701301000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\HJPPAfC.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\NKxLaGX.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\hyojwFR.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\fhkaorM.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\mPeaamP.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\XnQWPIU.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\mTBjQdX.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\MLlIUAa.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\BRZpqyf.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\ipqwlVj.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\uBgHXlF.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\ZKhxqyy.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\IUaEqoD.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\fwHPyFz.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\ygxOPvu.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\zqueAWX.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\chYCnQD.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\rAyBDmH.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\TjVigfd.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\OhFUyLK.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\ZFtGnQu.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\jCEgECG.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\uQRobMO.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\LDGlqNR.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\TYUXJIS.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\kQPsVwQ.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\XaceAPp.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\DYLJhZz.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\HrKNmuM.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\zlQYXzC.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\KUBmwHN.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\oPyDZGr.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\RQuAQFW.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\RsbkHQi.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\HasGBkb.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\QzBTvPV.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\uhNgSBi.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\hKYGfgz.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\lrLYVyc.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\ClCVtXp.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\NMhtQEZ.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\YJFtpVo.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\ZKDmrxJ.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\xlABbgV.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\XItsVsa.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\SopkCxc.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\NtjWiJY.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\sUmTfUg.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\rqeAILi.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\frUiZpe.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\FJzVROy.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\eknQNqo.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\sZDCxTg.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\XSUkxaA.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\SpTizFb.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\TMVnHci.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\QFPzNwd.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\sXYhENH.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\AJwxMcd.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\YgJtvUz.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\LxsOKJV.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\QLiquro.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\fDaOEtt.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
File created	C:\Windows\System\SeMvpIs.exe	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	2304	dwm.exe
Token: SeChangeNotifyPrivilege	2304	dwm.exe
Token: 33	2304	dwm.exe
Token: SeIncBasePriorityPrivilege	2304	dwm.exe
Token: SeShutdownPrivilege	2304	dwm.exe
Token: SeCreatePagefilePrivilege	2304	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe

description	pid	process	target process
PID 5104 wrote to memory of 244	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	JCeBMiR.exe
PID 5104 wrote to memory of 244	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	JCeBMiR.exe
PID 5104 wrote to memory of 4956	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MHlDIFg.exe
PID 5104 wrote to memory of 4956	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MHlDIFg.exe
PID 5104 wrote to memory of 3248	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	SxEfLGN.exe
PID 5104 wrote to memory of 3248	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	SxEfLGN.exe
PID 5104 wrote to memory of 3036	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	nwQzeCh.exe
PID 5104 wrote to memory of 3036	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	nwQzeCh.exe
PID 5104 wrote to memory of 2356	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	kQPsVwQ.exe
PID 5104 wrote to memory of 2356	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	kQPsVwQ.exe
PID 5104 wrote to memory of 1084	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	lTmYGcm.exe
PID 5104 wrote to memory of 1084	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	lTmYGcm.exe
PID 5104 wrote to memory of 428	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	WkEEQaG.exe
PID 5104 wrote to memory of 428	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	WkEEQaG.exe
PID 5104 wrote to memory of 4316	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	YKsgTsC.exe
PID 5104 wrote to memory of 4316	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	YKsgTsC.exe
PID 5104 wrote to memory of 4184	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	fwTvqkm.exe
PID 5104 wrote to memory of 4184	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	fwTvqkm.exe
PID 5104 wrote to memory of 2440	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	XRTtcMM.exe
PID 5104 wrote to memory of 2440	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	XRTtcMM.exe
PID 5104 wrote to memory of 2984	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	OqEprQA.exe
PID 5104 wrote to memory of 2984	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	OqEprQA.exe
PID 5104 wrote to memory of 1548	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	BefuOUp.exe
PID 5104 wrote to memory of 1548	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	BefuOUp.exe
PID 5104 wrote to memory of 3856	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	TAvHZwu.exe
PID 5104 wrote to memory of 3856	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	TAvHZwu.exe
PID 5104 wrote to memory of 3048	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	YVeVhFA.exe
PID 5104 wrote to memory of 3048	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	YVeVhFA.exe
PID 5104 wrote to memory of 564	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	hGIwlGL.exe
PID 5104 wrote to memory of 564	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	hGIwlGL.exe
PID 5104 wrote to memory of 2260	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	wYXZXky.exe
PID 5104 wrote to memory of 2260	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	wYXZXky.exe
PID 5104 wrote to memory of 4980	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	iDgtqpS.exe
PID 5104 wrote to memory of 4980	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	iDgtqpS.exe
PID 5104 wrote to memory of 5096	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MDDninl.exe
PID 5104 wrote to memory of 5096	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MDDninl.exe
PID 5104 wrote to memory of 1504	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	PWYzdWf.exe
PID 5104 wrote to memory of 1504	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	PWYzdWf.exe
PID 5104 wrote to memory of 3992	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	rAsYYMh.exe
PID 5104 wrote to memory of 3992	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	rAsYYMh.exe
PID 5104 wrote to memory of 556	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	PdawPad.exe
PID 5104 wrote to memory of 556	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	PdawPad.exe
PID 5104 wrote to memory of 1788	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MpjEHiq.exe
PID 5104 wrote to memory of 1788	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MpjEHiq.exe
PID 5104 wrote to memory of 4628	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	uChVweR.exe
PID 5104 wrote to memory of 4628	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	uChVweR.exe
PID 5104 wrote to memory of 4192	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MRtFjnL.exe
PID 5104 wrote to memory of 4192	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MRtFjnL.exe
PID 5104 wrote to memory of 1540	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	OtarDNY.exe
PID 5104 wrote to memory of 1540	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	OtarDNY.exe
PID 5104 wrote to memory of 1380	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	qPWAgAs.exe
PID 5104 wrote to memory of 1380	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	qPWAgAs.exe
PID 5104 wrote to memory of 500	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	eknQNqo.exe
PID 5104 wrote to memory of 500	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	eknQNqo.exe
PID 5104 wrote to memory of 3696	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	tSJYwSg.exe
PID 5104 wrote to memory of 3696	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	tSJYwSg.exe
PID 5104 wrote to memory of 2804	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	LfWzEWz.exe
PID 5104 wrote to memory of 2804	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	LfWzEWz.exe
PID 5104 wrote to memory of 4640	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	OiTwaWW.exe
PID 5104 wrote to memory of 4640	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	OiTwaWW.exe
PID 5104 wrote to memory of 4932	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	adRRgaW.exe
PID 5104 wrote to memory of 4932	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	adRRgaW.exe
PID 5104 wrote to memory of 4564	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MHrcPdN.exe
PID 5104 wrote to memory of 4564	5104	69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe	MHrcPdN.exe

C:\Users\Admin\AppData\Local\Temp\69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\69c2fab6276852687306dfd888fe0630_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5104

C:\Windows\System\JCeBMiR.exe
C:\Windows\System\JCeBMiR.exe
2⤵
- Executes dropped EXE
PID:244

C:\Windows\System\MHlDIFg.exe
C:\Windows\System\MHlDIFg.exe
2⤵
- Executes dropped EXE
PID:4956

C:\Windows\System\SxEfLGN.exe
C:\Windows\System\SxEfLGN.exe
2⤵
- Executes dropped EXE
PID:3248

C:\Windows\System\nwQzeCh.exe
C:\Windows\System\nwQzeCh.exe
2⤵
- Executes dropped EXE
PID:3036

C:\Windows\System\kQPsVwQ.exe
C:\Windows\System\kQPsVwQ.exe
2⤵
- Executes dropped EXE
PID:2356

C:\Windows\System\lTmYGcm.exe
C:\Windows\System\lTmYGcm.exe
2⤵
- Executes dropped EXE
PID:1084

C:\Windows\System\WkEEQaG.exe
C:\Windows\System\WkEEQaG.exe
2⤵
- Executes dropped EXE
PID:428

C:\Windows\System\YKsgTsC.exe
C:\Windows\System\YKsgTsC.exe
2⤵
- Executes dropped EXE
PID:4316

C:\Windows\System\fwTvqkm.exe
C:\Windows\System\fwTvqkm.exe
2⤵
- Executes dropped EXE
PID:4184

C:\Windows\System\XRTtcMM.exe
C:\Windows\System\XRTtcMM.exe
2⤵
- Executes dropped EXE
PID:2440

C:\Windows\System\OqEprQA.exe
C:\Windows\System\OqEprQA.exe
2⤵
- Executes dropped EXE
PID:2984

C:\Windows\System\BefuOUp.exe
C:\Windows\System\BefuOUp.exe
2⤵
- Executes dropped EXE
PID:1548

C:\Windows\System\TAvHZwu.exe
C:\Windows\System\TAvHZwu.exe
2⤵
- Executes dropped EXE
PID:3856

C:\Windows\System\YVeVhFA.exe
C:\Windows\System\YVeVhFA.exe
2⤵
- Executes dropped EXE
PID:3048

C:\Windows\System\hGIwlGL.exe
C:\Windows\System\hGIwlGL.exe
2⤵
- Executes dropped EXE
PID:564

C:\Windows\System\wYXZXky.exe
C:\Windows\System\wYXZXky.exe
2⤵
- Executes dropped EXE
PID:2260

C:\Windows\System\iDgtqpS.exe
C:\Windows\System\iDgtqpS.exe
2⤵
- Executes dropped EXE
PID:4980

C:\Windows\System\MDDninl.exe
C:\Windows\System\MDDninl.exe
2⤵
- Executes dropped EXE
PID:5096

C:\Windows\System\PWYzdWf.exe
C:\Windows\System\PWYzdWf.exe
2⤵
- Executes dropped EXE
PID:1504

C:\Windows\System\rAsYYMh.exe
C:\Windows\System\rAsYYMh.exe
2⤵
- Executes dropped EXE
PID:3992

C:\Windows\System\PdawPad.exe
C:\Windows\System\PdawPad.exe
2⤵
- Executes dropped EXE
PID:556

C:\Windows\System\MpjEHiq.exe
C:\Windows\System\MpjEHiq.exe
2⤵
- Executes dropped EXE
PID:1788

C:\Windows\System\uChVweR.exe
C:\Windows\System\uChVweR.exe
2⤵
- Executes dropped EXE
PID:4628

C:\Windows\System\MRtFjnL.exe
C:\Windows\System\MRtFjnL.exe
2⤵
- Executes dropped EXE
PID:4192

C:\Windows\System\OtarDNY.exe
C:\Windows\System\OtarDNY.exe
2⤵
- Executes dropped EXE
PID:1540

C:\Windows\System\qPWAgAs.exe
C:\Windows\System\qPWAgAs.exe
2⤵
- Executes dropped EXE
PID:1380

C:\Windows\System\eknQNqo.exe
C:\Windows\System\eknQNqo.exe
2⤵
- Executes dropped EXE
PID:500

C:\Windows\System\tSJYwSg.exe
C:\Windows\System\tSJYwSg.exe
2⤵
- Executes dropped EXE
PID:3696

C:\Windows\System\LfWzEWz.exe
C:\Windows\System\LfWzEWz.exe
2⤵
- Executes dropped EXE
PID:2804

C:\Windows\System\OiTwaWW.exe
C:\Windows\System\OiTwaWW.exe
2⤵
- Executes dropped EXE
PID:4640

C:\Windows\System\adRRgaW.exe
C:\Windows\System\adRRgaW.exe
2⤵
- Executes dropped EXE
PID:4932

C:\Windows\System\MHrcPdN.exe
C:\Windows\System\MHrcPdN.exe
2⤵
- Executes dropped EXE
PID:4564

C:\Windows\System\cJnGhCi.exe
C:\Windows\System\cJnGhCi.exe
2⤵
- Executes dropped EXE
PID:1936

C:\Windows\System\lNXaRgV.exe
C:\Windows\System\lNXaRgV.exe
2⤵
- Executes dropped EXE
PID:2100

C:\Windows\System\EKagPdX.exe
C:\Windows\System\EKagPdX.exe
2⤵
- Executes dropped EXE
PID:952

C:\Windows\System\XnQWPIU.exe
C:\Windows\System\XnQWPIU.exe
2⤵
- Executes dropped EXE
PID:3884

C:\Windows\System\xabSkWh.exe
C:\Windows\System\xabSkWh.exe
2⤵
- Executes dropped EXE
PID:3764

C:\Windows\System\HRfxpOx.exe
C:\Windows\System\HRfxpOx.exe
2⤵
- Executes dropped EXE
PID:1812

C:\Windows\System\pwJXUSZ.exe
C:\Windows\System\pwJXUSZ.exe
2⤵
- Executes dropped EXE
PID:3980

C:\Windows\System\IjqjFps.exe
C:\Windows\System\IjqjFps.exe
2⤵
- Executes dropped EXE
PID:1916

C:\Windows\System\swURlbj.exe
C:\Windows\System\swURlbj.exe
2⤵
- Executes dropped EXE
PID:2392

C:\Windows\System\VFBuJFQ.exe
C:\Windows\System\VFBuJFQ.exe
2⤵
- Executes dropped EXE
PID:1048

C:\Windows\System\KvxRbjz.exe
C:\Windows\System\KvxRbjz.exe
2⤵
- Executes dropped EXE
PID:1112

C:\Windows\System\QFWslzP.exe
C:\Windows\System\QFWslzP.exe
2⤵
- Executes dropped EXE
PID:2500

C:\Windows\System\mfYTPBY.exe
C:\Windows\System\mfYTPBY.exe
2⤵
- Executes dropped EXE
PID:3824

C:\Windows\System\oaKBxUz.exe
C:\Windows\System\oaKBxUz.exe
2⤵
- Executes dropped EXE
PID:860

C:\Windows\System\sZDCxTg.exe
C:\Windows\System\sZDCxTg.exe
2⤵
- Executes dropped EXE
PID:4652

C:\Windows\System\fGaojmX.exe
C:\Windows\System\fGaojmX.exe
2⤵
- Executes dropped EXE
PID:3112

C:\Windows\System\iwjVflm.exe
C:\Windows\System\iwjVflm.exe
2⤵
- Executes dropped EXE
PID:4484

C:\Windows\System\UJYFORC.exe
C:\Windows\System\UJYFORC.exe
2⤵
- Executes dropped EXE
PID:1704

C:\Windows\System\RQuAQFW.exe
C:\Windows\System\RQuAQFW.exe
2⤵
- Executes dropped EXE
PID:4984

C:\Windows\System\iyzuJcM.exe
C:\Windows\System\iyzuJcM.exe
2⤵
- Executes dropped EXE
PID:1016

C:\Windows\System\MBBytkH.exe
C:\Windows\System\MBBytkH.exe
2⤵
- Executes dropped EXE
PID:4016

C:\Windows\System\bpmoqdY.exe
C:\Windows\System\bpmoqdY.exe
2⤵
- Executes dropped EXE
PID:2728

C:\Windows\System\WmlSoKH.exe
C:\Windows\System\WmlSoKH.exe
2⤵
- Executes dropped EXE
PID:1404

C:\Windows\System\UXezwfd.exe
C:\Windows\System\UXezwfd.exe
2⤵
- Executes dropped EXE
PID:4824

C:\Windows\System\KgUAQRf.exe
C:\Windows\System\KgUAQRf.exe
2⤵
- Executes dropped EXE
PID:4520

C:\Windows\System\iAOxSgy.exe
C:\Windows\System\iAOxSgy.exe
2⤵
- Executes dropped EXE
PID:1064

C:\Windows\System\NmyrfAK.exe
C:\Windows\System\NmyrfAK.exe
2⤵
- Executes dropped EXE
PID:4988

C:\Windows\System\UvMGyOs.exe
C:\Windows\System\UvMGyOs.exe
2⤵
- Executes dropped EXE
PID:1712

C:\Windows\System\SnKPGSd.exe
C:\Windows\System\SnKPGSd.exe
2⤵
- Executes dropped EXE
PID:4216

C:\Windows\System\jseozgg.exe
C:\Windows\System\jseozgg.exe
2⤵
- Executes dropped EXE
PID:4948

C:\Windows\System\KKqqwoy.exe
C:\Windows\System\KKqqwoy.exe
2⤵
- Executes dropped EXE
PID:736

C:\Windows\System\fvkLuSG.exe
C:\Windows\System\fvkLuSG.exe
2⤵
- Executes dropped EXE
PID:4228

C:\Windows\System\ZFtGnQu.exe
C:\Windows\System\ZFtGnQu.exe
2⤵
PID:456

C:\Windows\System\KpknBSw.exe
C:\Windows\System\KpknBSw.exe
2⤵
PID:4644

C:\Windows\System\mknIdfi.exe
C:\Windows\System\mknIdfi.exe
2⤵
PID:2396

C:\Windows\System\qPULooK.exe
C:\Windows\System\qPULooK.exe
2⤵
PID:3084

C:\Windows\System\LFJtFdX.exe
C:\Windows\System\LFJtFdX.exe
2⤵
PID:4556

C:\Windows\System\HNdUwPz.exe
C:\Windows\System\HNdUwPz.exe
2⤵
PID:4352

C:\Windows\System\uESchUB.exe
C:\Windows\System\uESchUB.exe
2⤵
PID:2768

C:\Windows\System\zQCDBDO.exe
C:\Windows\System\zQCDBDO.exe
2⤵
PID:3408

C:\Windows\System\hnaCBxh.exe
C:\Windows\System\hnaCBxh.exe
2⤵
PID:3636

C:\Windows\System\hpsQqOf.exe
C:\Windows\System\hpsQqOf.exe
2⤵
PID:5036

C:\Windows\System\mtImoLD.exe
C:\Windows\System\mtImoLD.exe
2⤵
PID:4160

C:\Windows\System\NzwhJWH.exe
C:\Windows\System\NzwhJWH.exe
2⤵
PID:1200

C:\Windows\System\mTBjQdX.exe
C:\Windows\System\mTBjQdX.exe
2⤵
PID:3836

C:\Windows\System\ONsnDCK.exe
C:\Windows\System\ONsnDCK.exe
2⤵
PID:1532

C:\Windows\System\MLlIUAa.exe
C:\Windows\System\MLlIUAa.exe
2⤵
PID:5124

C:\Windows\System\ZTAenmC.exe
C:\Windows\System\ZTAenmC.exe
2⤵
PID:5152

C:\Windows\System\BRZpqyf.exe
C:\Windows\System\BRZpqyf.exe
2⤵
PID:5180

C:\Windows\System\DfOwbfX.exe
C:\Windows\System\DfOwbfX.exe
2⤵
PID:5208

C:\Windows\System\SyNNtoI.exe
C:\Windows\System\SyNNtoI.exe
2⤵
PID:5240

C:\Windows\System\EEkZKPY.exe
C:\Windows\System\EEkZKPY.exe
2⤵
PID:5264

C:\Windows\System\zTHwnBu.exe
C:\Windows\System\zTHwnBu.exe
2⤵
PID:5292

C:\Windows\System\dUjsXwf.exe
C:\Windows\System\dUjsXwf.exe
2⤵
PID:5320

C:\Windows\System\SVuqLQx.exe
C:\Windows\System\SVuqLQx.exe
2⤵
PID:5348

C:\Windows\System\Bijcxlh.exe
C:\Windows\System\Bijcxlh.exe
2⤵
PID:5376

C:\Windows\System\krZqZRM.exe
C:\Windows\System\krZqZRM.exe
2⤵
PID:5404

C:\Windows\System\imsxXFK.exe
C:\Windows\System\imsxXFK.exe
2⤵
PID:5428

C:\Windows\System\Fudyklf.exe
C:\Windows\System\Fudyklf.exe
2⤵
PID:5456

C:\Windows\System\SeMvpIs.exe
C:\Windows\System\SeMvpIs.exe
2⤵
PID:5484

C:\Windows\System\jCEgECG.exe
C:\Windows\System\jCEgECG.exe
2⤵
PID:5516

C:\Windows\System\EWkKDic.exe
C:\Windows\System\EWkKDic.exe
2⤵
PID:5544

C:\Windows\System\VYkphvN.exe
C:\Windows\System\VYkphvN.exe
2⤵
PID:5572

C:\Windows\System\KgDAORr.exe
C:\Windows\System\KgDAORr.exe
2⤵
PID:5600

C:\Windows\System\sOroqYN.exe
C:\Windows\System\sOroqYN.exe
2⤵
PID:5628

C:\Windows\System\XSUkxaA.exe
C:\Windows\System\XSUkxaA.exe
2⤵
PID:5656

C:\Windows\System\ZkfqXzn.exe
C:\Windows\System\ZkfqXzn.exe
2⤵
PID:5684

C:\Windows\System\fJmGuSH.exe
C:\Windows\System\fJmGuSH.exe
2⤵
PID:5708

C:\Windows\System\AUpjpRO.exe
C:\Windows\System\AUpjpRO.exe
2⤵
PID:5740

C:\Windows\System\htHekBU.exe
C:\Windows\System\htHekBU.exe
2⤵
PID:5764

C:\Windows\System\zkGOUls.exe
C:\Windows\System\zkGOUls.exe
2⤵
PID:5796

C:\Windows\System\IUaEqoD.exe
C:\Windows\System\IUaEqoD.exe
2⤵
PID:5824

C:\Windows\System\AHPLIFu.exe
C:\Windows\System\AHPLIFu.exe
2⤵
PID:5848

C:\Windows\System\rOyWPdI.exe
C:\Windows\System\rOyWPdI.exe
2⤵
PID:5880

C:\Windows\System\GLeuUAk.exe
C:\Windows\System\GLeuUAk.exe
2⤵
PID:5908

C:\Windows\System\bGiiEWV.exe
C:\Windows\System\bGiiEWV.exe
2⤵
PID:5936

C:\Windows\System\OGlisbI.exe
C:\Windows\System\OGlisbI.exe
2⤵
PID:5964

C:\Windows\System\keURmKh.exe
C:\Windows\System\keURmKh.exe
2⤵
PID:5992

C:\Windows\System\cklbmMh.exe
C:\Windows\System\cklbmMh.exe
2⤵
PID:6020

C:\Windows\System\ADHxLCE.exe
C:\Windows\System\ADHxLCE.exe
2⤵
PID:6048

C:\Windows\System\BkhZlaR.exe
C:\Windows\System\BkhZlaR.exe
2⤵
PID:6076

C:\Windows\System\kAZHumf.exe
C:\Windows\System\kAZHumf.exe
2⤵
PID:6104

C:\Windows\System\uQRobMO.exe
C:\Windows\System\uQRobMO.exe
2⤵
PID:6132

C:\Windows\System\TYQfFql.exe
C:\Windows\System\TYQfFql.exe
2⤵
PID:3616

C:\Windows\System\sMmCmRt.exe
C:\Windows\System\sMmCmRt.exe
2⤵
PID:368

C:\Windows\System\MfnAjXj.exe
C:\Windows\System\MfnAjXj.exe
2⤵
PID:2020

C:\Windows\System\cBNlbML.exe
C:\Windows\System\cBNlbML.exe
2⤵
PID:4252

C:\Windows\System\GGWrldy.exe
C:\Windows\System\GGWrldy.exe
2⤵
PID:2096

C:\Windows\System\OatumWX.exe
C:\Windows\System\OatumWX.exe
2⤵
PID:5144

C:\Windows\System\WYEihQS.exe
C:\Windows\System\WYEihQS.exe
2⤵
PID:5220

C:\Windows\System\TNbZyhG.exe
C:\Windows\System\TNbZyhG.exe
2⤵
PID:5280

C:\Windows\System\rAysXFz.exe
C:\Windows\System\rAysXFz.exe
2⤵
PID:1536

C:\Windows\System\sQuVbnz.exe
C:\Windows\System\sQuVbnz.exe
2⤵
PID:5388

C:\Windows\System\frCRPpP.exe
C:\Windows\System\frCRPpP.exe
2⤵
PID:5444

C:\Windows\System\RotTPzw.exe
C:\Windows\System\RotTPzw.exe
2⤵
PID:5508

C:\Windows\System\MKFrdtZ.exe
C:\Windows\System\MKFrdtZ.exe
2⤵
PID:5584

C:\Windows\System\ipqwlVj.exe
C:\Windows\System\ipqwlVj.exe
2⤵
PID:5644

C:\Windows\System\yJPckId.exe
C:\Windows\System\yJPckId.exe
2⤵
PID:5704

C:\Windows\System\BWiwMBF.exe
C:\Windows\System\BWiwMBF.exe
2⤵
PID:5760

C:\Windows\System\fwHPyFz.exe
C:\Windows\System\fwHPyFz.exe
2⤵
PID:5816

C:\Windows\System\tcjyPmZ.exe
C:\Windows\System\tcjyPmZ.exe
2⤵
PID:5892

C:\Windows\System\hHqqFNE.exe
C:\Windows\System\hHqqFNE.exe
2⤵
PID:5928

C:\Windows\System\mMmKEsN.exe
C:\Windows\System\mMmKEsN.exe
2⤵
PID:6004

C:\Windows\System\IQoCQyo.exe
C:\Windows\System\IQoCQyo.exe
2⤵
PID:6036

C:\Windows\System\XmYXQEQ.exe
C:\Windows\System\XmYXQEQ.exe
2⤵
PID:6068

C:\Windows\System\mzFLMAP.exe
C:\Windows\System\mzFLMAP.exe
2⤵
PID:6124

C:\Windows\System\xSBfziR.exe
C:\Windows\System\xSBfziR.exe
2⤵
PID:216

C:\Windows\System\KFXRaix.exe
C:\Windows\System\KFXRaix.exe
2⤵
PID:3400

C:\Windows\System\HJPPAfC.exe
C:\Windows\System\HJPPAfC.exe
2⤵
PID:1968

C:\Windows\System\xWdvnJs.exe
C:\Windows\System\xWdvnJs.exe
2⤵
PID:5248

C:\Windows\System\MJnPuYG.exe
C:\Windows\System\MJnPuYG.exe
2⤵
PID:5360

C:\Windows\System\otCbDtZ.exe
C:\Windows\System\otCbDtZ.exe
2⤵
PID:5480

C:\Windows\System\dyUOmFo.exe
C:\Windows\System\dyUOmFo.exe
2⤵
PID:576

C:\Windows\System\dCBwmUj.exe
C:\Windows\System\dCBwmUj.exe
2⤵
PID:4380

C:\Windows\System\pleQGID.exe
C:\Windows\System\pleQGID.exe
2⤵
PID:5808

C:\Windows\System\CAbnTsD.exe
C:\Windows\System\CAbnTsD.exe
2⤵
PID:5864

C:\Windows\System\GMgwkQx.exe
C:\Windows\System\GMgwkQx.exe
2⤵
PID:5980

C:\Windows\System\jxSxOpF.exe
C:\Windows\System\jxSxOpF.exe
2⤵
PID:2384

C:\Windows\System\XItsVsa.exe
C:\Windows\System\XItsVsa.exe
2⤵
PID:856

C:\Windows\System\IVpylnV.exe
C:\Windows\System\IVpylnV.exe
2⤵
PID:1780

C:\Windows\System\eaFPqAp.exe
C:\Windows\System\eaFPqAp.exe
2⤵
PID:3320

C:\Windows\System\mAqxyEW.exe
C:\Windows\System\mAqxyEW.exe
2⤵
PID:5424

C:\Windows\System\HTCDLRs.exe
C:\Windows\System\HTCDLRs.exe
2⤵
PID:1948

C:\Windows\System\YDxQCQb.exe
C:\Windows\System\YDxQCQb.exe
2⤵
PID:5752

C:\Windows\System\DeOUoDM.exe
C:\Windows\System\DeOUoDM.exe
2⤵
PID:5844

C:\Windows\System\nSvWqlT.exe
C:\Windows\System\nSvWqlT.exe
2⤵
PID:4180

C:\Windows\System\EkwjtWF.exe
C:\Windows\System\EkwjtWF.exe
2⤵
PID:744

C:\Windows\System\uQsIGWD.exe
C:\Windows\System\uQsIGWD.exe
2⤵
PID:1376

C:\Windows\System\FAafdUo.exe
C:\Windows\System\FAafdUo.exe
2⤵
PID:5616

C:\Windows\System\ppleWEs.exe
C:\Windows\System\ppleWEs.exe
2⤵
PID:1308

C:\Windows\System\CpJpkNl.exe
C:\Windows\System\CpJpkNl.exe
2⤵
PID:1976

C:\Windows\System\UParmCW.exe
C:\Windows\System\UParmCW.exe
2⤵
PID:6168

C:\Windows\System\iNPXrcw.exe
C:\Windows\System\iNPXrcw.exe
2⤵
PID:6196

C:\Windows\System\opmpzvn.exe
C:\Windows\System\opmpzvn.exe
2⤵
PID:6228

C:\Windows\System\zsuDXzr.exe
C:\Windows\System\zsuDXzr.exe
2⤵
PID:6256

C:\Windows\System\jkvgYoA.exe
C:\Windows\System\jkvgYoA.exe
2⤵
PID:6284

C:\Windows\System\dfIGiZK.exe
C:\Windows\System\dfIGiZK.exe
2⤵
PID:6312

C:\Windows\System\nSHouet.exe
C:\Windows\System\nSHouet.exe
2⤵
PID:6340

C:\Windows\System\gSmyPeq.exe
C:\Windows\System\gSmyPeq.exe
2⤵
PID:6368

C:\Windows\System\DEESNbA.exe
C:\Windows\System\DEESNbA.exe
2⤵
PID:6396

C:\Windows\System\ZHxUvFC.exe
C:\Windows\System\ZHxUvFC.exe
2⤵
PID:6424

C:\Windows\System\xjvMGCb.exe
C:\Windows\System\xjvMGCb.exe
2⤵
PID:6452

C:\Windows\System\kZUmlYf.exe
C:\Windows\System\kZUmlYf.exe
2⤵
PID:6480

C:\Windows\System\zyZKYso.exe
C:\Windows\System\zyZKYso.exe
2⤵
PID:6508

C:\Windows\System\SopkCxc.exe
C:\Windows\System\SopkCxc.exe
2⤵
PID:6536

C:\Windows\System\IfuVPfS.exe
C:\Windows\System\IfuVPfS.exe
2⤵
PID:6564

C:\Windows\System\LhFwXPA.exe
C:\Windows\System\LhFwXPA.exe
2⤵
PID:6592

C:\Windows\System\pfUKsTG.exe
C:\Windows\System\pfUKsTG.exe
2⤵
PID:6620

C:\Windows\System\HfvqTyN.exe
C:\Windows\System\HfvqTyN.exe
2⤵
PID:6644

C:\Windows\System\KenfQXD.exe
C:\Windows\System\KenfQXD.exe
2⤵
PID:6676

C:\Windows\System\IhrCdSg.exe
C:\Windows\System\IhrCdSg.exe
2⤵
PID:6700

C:\Windows\System\DFTsovW.exe
C:\Windows\System\DFTsovW.exe
2⤵
PID:6732

C:\Windows\System\MFhGeSY.exe
C:\Windows\System\MFhGeSY.exe
2⤵
PID:6760

C:\Windows\System\aIRtClr.exe
C:\Windows\System\aIRtClr.exe
2⤵
PID:6788

C:\Windows\System\hjtGGHc.exe
C:\Windows\System\hjtGGHc.exe
2⤵
PID:6816

C:\Windows\System\HtbcDCr.exe
C:\Windows\System\HtbcDCr.exe
2⤵
PID:6840

C:\Windows\System\sUmTfUg.exe
C:\Windows\System\sUmTfUg.exe
2⤵
PID:6872

C:\Windows\System\RAEAeBC.exe
C:\Windows\System\RAEAeBC.exe
2⤵
PID:6900

C:\Windows\System\dSTVgKt.exe
C:\Windows\System\dSTVgKt.exe
2⤵
PID:6928

C:\Windows\System\sjNDqty.exe
C:\Windows\System\sjNDqty.exe
2⤵
PID:6956

C:\Windows\System\wJuwmtV.exe
C:\Windows\System\wJuwmtV.exe
2⤵
PID:7020

C:\Windows\System\yQSwjjV.exe
C:\Windows\System\yQSwjjV.exe
2⤵
PID:7064

C:\Windows\System\rqeAILi.exe
C:\Windows\System\rqeAILi.exe
2⤵
PID:7084

C:\Windows\System\kokxSIo.exe
C:\Windows\System\kokxSIo.exe
2⤵
PID:7104

C:\Windows\System\zKNXWfE.exe
C:\Windows\System\zKNXWfE.exe
2⤵
PID:7140

C:\Windows\System\pdlKWGW.exe
C:\Windows\System\pdlKWGW.exe
2⤵
PID:7160

C:\Windows\System\UddlavY.exe
C:\Windows\System\UddlavY.exe
2⤵
PID:2584

C:\Windows\System\lrLYVyc.exe
C:\Windows\System\lrLYVyc.exe
2⤵
PID:6164

C:\Windows\System\mSURhFv.exe
C:\Windows\System\mSURhFv.exe
2⤵
PID:6212

C:\Windows\System\ygxOPvu.exe
C:\Windows\System\ygxOPvu.exe
2⤵
PID:6276

C:\Windows\System\zKCIuvg.exe
C:\Windows\System\zKCIuvg.exe
2⤵
PID:6324

C:\Windows\System\hfcfXpA.exe
C:\Windows\System\hfcfXpA.exe
2⤵
PID:6384

C:\Windows\System\ECRzVFH.exe
C:\Windows\System\ECRzVFH.exe
2⤵
PID:6436

C:\Windows\System\FTjYfzi.exe
C:\Windows\System\FTjYfzi.exe
2⤵
PID:6472

C:\Windows\System\pMYabXt.exe
C:\Windows\System\pMYabXt.exe
2⤵
PID:6580

C:\Windows\System\XWXUFdZ.exe
C:\Windows\System\XWXUFdZ.exe
2⤵
PID:6636

C:\Windows\System\rdpSdsq.exe
C:\Windows\System\rdpSdsq.exe
2⤵
PID:6664

C:\Windows\System\WPMwSOl.exe
C:\Windows\System\WPMwSOl.exe
2⤵
PID:6696

C:\Windows\System\XaceAPp.exe
C:\Windows\System\XaceAPp.exe
2⤵
PID:6780

C:\Windows\System\tZjOQZy.exe
C:\Windows\System\tZjOQZy.exe
2⤵
PID:6836

C:\Windows\System\FspnaUW.exe
C:\Windows\System\FspnaUW.exe
2⤵
PID:6912

C:\Windows\System\iuLgYMi.exe
C:\Windows\System\iuLgYMi.exe
2⤵
PID:4456

C:\Windows\System\lMqoSWW.exe
C:\Windows\System\lMqoSWW.exe
2⤵
PID:1612

C:\Windows\System\HeIYWKk.exe
C:\Windows\System\HeIYWKk.exe
2⤵
PID:816

C:\Windows\System\qxkOfxp.exe
C:\Windows\System\qxkOfxp.exe
2⤵
PID:7000

C:\Windows\System\tAIoXzI.exe
C:\Windows\System\tAIoXzI.exe
2⤵
PID:7060

C:\Windows\System\sXYhENH.exe
C:\Windows\System\sXYhENH.exe
2⤵
PID:7120

C:\Windows\System\yQFDBDi.exe
C:\Windows\System\yQFDBDi.exe
2⤵
PID:3732

C:\Windows\System\lOMTuNf.exe
C:\Windows\System\lOMTuNf.exe
2⤵
PID:5420

C:\Windows\System\wOooJen.exe
C:\Windows\System\wOooJen.exe
2⤵
PID:6220

C:\Windows\System\NVyOIng.exe
C:\Windows\System\NVyOIng.exe
2⤵
PID:6332

C:\Windows\System\KiBkAYF.exe
C:\Windows\System\KiBkAYF.exe
2⤵
PID:6416

C:\Windows\System\MnffPrc.exe
C:\Windows\System\MnffPrc.exe
2⤵
PID:6744

C:\Windows\System\rsjQoLz.exe
C:\Windows\System\rsjQoLz.exe
2⤵
PID:4884

C:\Windows\System\RxCvfol.exe
C:\Windows\System\RxCvfol.exe
2⤵
PID:2756

C:\Windows\System\WOIaEhZ.exe
C:\Windows\System\WOIaEhZ.exe
2⤵
PID:6948

C:\Windows\System\XtVUDAZ.exe
C:\Windows\System\XtVUDAZ.exe
2⤵
PID:7076

C:\Windows\System\oLOqpnv.exe
C:\Windows\System\oLOqpnv.exe
2⤵
PID:3676

C:\Windows\System\jxvRdTP.exe
C:\Windows\System\jxvRdTP.exe
2⤵
PID:6360

C:\Windows\System\uaXonkf.exe
C:\Windows\System\uaXonkf.exe
2⤵
PID:6776

C:\Windows\System\HAPTDsV.exe
C:\Windows\System\HAPTDsV.exe
2⤵
PID:7080

C:\Windows\System\XAkLGbF.exe
C:\Windows\System\XAkLGbF.exe
2⤵
PID:3708

C:\Windows\System\eLHvjBr.exe
C:\Windows\System\eLHvjBr.exe
2⤵
PID:6524

C:\Windows\System\oeUPdAK.exe
C:\Windows\System\oeUPdAK.exe
2⤵
PID:7188

C:\Windows\System\HDpBbUa.exe
C:\Windows\System\HDpBbUa.exe
2⤵
PID:7224

C:\Windows\System\cNNYOFJ.exe
C:\Windows\System\cNNYOFJ.exe
2⤵
PID:7240

C:\Windows\System\qeOzYOE.exe
C:\Windows\System\qeOzYOE.exe
2⤵
PID:7260

C:\Windows\System\tsianym.exe
C:\Windows\System\tsianym.exe
2⤵
PID:7304

C:\Windows\System\AtfUimU.exe
C:\Windows\System\AtfUimU.exe
2⤵
PID:7324

C:\Windows\System\zfrrKdn.exe
C:\Windows\System\zfrrKdn.exe
2⤵
PID:7344

C:\Windows\System\OyQcLDt.exe
C:\Windows\System\OyQcLDt.exe
2⤵
PID:7368

C:\Windows\System\NKxLaGX.exe
C:\Windows\System\NKxLaGX.exe
2⤵
PID:7404

C:\Windows\System\AAAtycP.exe
C:\Windows\System\AAAtycP.exe
2⤵
PID:7468

C:\Windows\System\iJxbXJe.exe
C:\Windows\System\iJxbXJe.exe
2⤵
PID:7492

C:\Windows\System\RFXplOA.exe
C:\Windows\System\RFXplOA.exe
2⤵
PID:7508

C:\Windows\System\rOXEDzI.exe
C:\Windows\System\rOXEDzI.exe
2⤵
PID:7528

C:\Windows\System\axyYyFk.exe
C:\Windows\System\axyYyFk.exe
2⤵
PID:7548

C:\Windows\System\ghwFrim.exe
C:\Windows\System\ghwFrim.exe
2⤵
PID:7564

C:\Windows\System\FIbnzuY.exe
C:\Windows\System\FIbnzuY.exe
2⤵
PID:7596

C:\Windows\System\BWNJCae.exe
C:\Windows\System\BWNJCae.exe
2⤵
PID:7660

C:\Windows\System\wvjprmO.exe
C:\Windows\System\wvjprmO.exe
2⤵
PID:7680

C:\Windows\System\AJwxMcd.exe
C:\Windows\System\AJwxMcd.exe
2⤵
PID:7700

C:\Windows\System\LpetVDO.exe
C:\Windows\System\LpetVDO.exe
2⤵
PID:7728

C:\Windows\System\TaGGEld.exe
C:\Windows\System\TaGGEld.exe
2⤵
PID:7764

C:\Windows\System\nygFGna.exe
C:\Windows\System\nygFGna.exe
2⤵
PID:7804

C:\Windows\System\otqTYmf.exe
C:\Windows\System\otqTYmf.exe
2⤵
PID:7820

C:\Windows\System\YNtcZXJ.exe
C:\Windows\System\YNtcZXJ.exe
2⤵
PID:7844

C:\Windows\System\vSsNCCd.exe
C:\Windows\System\vSsNCCd.exe
2⤵
PID:7872

C:\Windows\System\vLTTCei.exe
C:\Windows\System\vLTTCei.exe
2⤵
PID:7892

C:\Windows\System\VJnsFRf.exe
C:\Windows\System\VJnsFRf.exe
2⤵
PID:7924

C:\Windows\System\zCRCMZE.exe
C:\Windows\System\zCRCMZE.exe
2⤵
PID:7968

C:\Windows\System\ddFyjqm.exe
C:\Windows\System\ddFyjqm.exe
2⤵
PID:7992

C:\Windows\System\LjbZCKr.exe
C:\Windows\System\LjbZCKr.exe
2⤵
PID:8008

C:\Windows\System\SfDwArL.exe
C:\Windows\System\SfDwArL.exe
2⤵
PID:8044

C:\Windows\System\RsbkHQi.exe
C:\Windows\System\RsbkHQi.exe
2⤵
PID:8060

C:\Windows\System\AaEPrzq.exe
C:\Windows\System\AaEPrzq.exe
2⤵
PID:8100

C:\Windows\System\nqoascS.exe
C:\Windows\System\nqoascS.exe
2⤵
PID:8120

C:\Windows\System\ymQLmXd.exe
C:\Windows\System\ymQLmXd.exe
2⤵
PID:8140

C:\Windows\System\sTboDZk.exe
C:\Windows\System\sTboDZk.exe
2⤵
PID:8180

C:\Windows\System\BlZEgVg.exe
C:\Windows\System\BlZEgVg.exe
2⤵
PID:6244

C:\Windows\System\BcUvnlX.exe
C:\Windows\System\BcUvnlX.exe
2⤵
PID:7248

C:\Windows\System\nPvPHAZ.exe
C:\Windows\System\nPvPHAZ.exe
2⤵
PID:7216

C:\Windows\System\sdZwYPs.exe
C:\Windows\System\sdZwYPs.exe
2⤵
PID:7340

C:\Windows\System\dbaYrrq.exe
C:\Windows\System\dbaYrrq.exe
2⤵
PID:7400

C:\Windows\System\KzmOKgi.exe
C:\Windows\System\KzmOKgi.exe
2⤵
PID:7396

C:\Windows\System\mLSNRqg.exe
C:\Windows\System\mLSNRqg.exe
2⤵
PID:7444

C:\Windows\System\YgJtvUz.exe
C:\Windows\System\YgJtvUz.exe
2⤵
PID:7504

C:\Windows\System\hDSeQSR.exe
C:\Windows\System\hDSeQSR.exe
2⤵
PID:7648

C:\Windows\System\LxsOKJV.exe
C:\Windows\System\LxsOKJV.exe
2⤵
PID:7652

C:\Windows\System\HDmPBvQ.exe
C:\Windows\System\HDmPBvQ.exe
2⤵
PID:7724

C:\Windows\System\QFSBeis.exe
C:\Windows\System\QFSBeis.exe
2⤵
PID:7836

C:\Windows\System\iiTnQUm.exe
C:\Windows\System\iiTnQUm.exe
2⤵
PID:7916

C:\Windows\System\qonTZPt.exe
C:\Windows\System\qonTZPt.exe
2⤵
PID:7964

C:\Windows\System\psQTrKC.exe
C:\Windows\System\psQTrKC.exe
2⤵
PID:8004

C:\Windows\System\bybXCMX.exe
C:\Windows\System\bybXCMX.exe
2⤵
PID:8080

C:\Windows\System\lHdnWXZ.exe
C:\Windows\System\lHdnWXZ.exe
2⤵
PID:8188

C:\Windows\System\sKBiFNQ.exe
C:\Windows\System\sKBiFNQ.exe
2⤵
PID:7452

C:\Windows\System\rwwpTvk.exe
C:\Windows\System\rwwpTvk.exe
2⤵
PID:7424

C:\Windows\System\UnAgvLf.exe
C:\Windows\System\UnAgvLf.exe
2⤵
PID:7784

C:\Windows\System\KmIDxGo.exe
C:\Windows\System\KmIDxGo.exe
2⤵
PID:7976

C:\Windows\System\PjLQYtI.exe
C:\Windows\System\PjLQYtI.exe
2⤵
PID:7888

C:\Windows\System\pEEkeZS.exe
C:\Windows\System\pEEkeZS.exe
2⤵
PID:7860

C:\Windows\System\BvztSaz.exe
C:\Windows\System\BvztSaz.exe
2⤵
PID:8148

C:\Windows\System\znYwHJh.exe
C:\Windows\System\znYwHJh.exe
2⤵
PID:7500

C:\Windows\System\iZUKbik.exe
C:\Windows\System\iZUKbik.exe
2⤵
PID:7816

C:\Windows\System\GBNtrJv.exe
C:\Windows\System\GBNtrJv.exe
2⤵
PID:7676

C:\Windows\System\vHwKkYV.exe
C:\Windows\System\vHwKkYV.exe
2⤵
PID:8196

C:\Windows\System\ClCVtXp.exe
C:\Windows\System\ClCVtXp.exe
2⤵
PID:8220

C:\Windows\System\MKeSUzg.exe
C:\Windows\System\MKeSUzg.exe
2⤵
PID:8264

C:\Windows\System\fsxZJfE.exe
C:\Windows\System\fsxZJfE.exe
2⤵
PID:8288

C:\Windows\System\Zbfxyrh.exe
C:\Windows\System\Zbfxyrh.exe
2⤵
PID:8304

C:\Windows\System\XEUKyAZ.exe
C:\Windows\System\XEUKyAZ.exe
2⤵
PID:8360

C:\Windows\System\LWsqGjg.exe
C:\Windows\System\LWsqGjg.exe
2⤵
PID:8388

C:\Windows\System\xvMoxov.exe
C:\Windows\System\xvMoxov.exe
2⤵
PID:8416

C:\Windows\System\JcgwtgT.exe
C:\Windows\System\JcgwtgT.exe
2⤵
PID:8436

C:\Windows\System\VWttHsp.exe
C:\Windows\System\VWttHsp.exe
2⤵
PID:8456

C:\Windows\System\RMZgqnr.exe
C:\Windows\System\RMZgqnr.exe
2⤵
PID:8500

C:\Windows\System\OhFUyLK.exe
C:\Windows\System\OhFUyLK.exe
2⤵
PID:8524

C:\Windows\System\PWJlBcp.exe
C:\Windows\System\PWJlBcp.exe
2⤵
PID:8544

C:\Windows\System\nFQTUPv.exe
C:\Windows\System\nFQTUPv.exe
2⤵
PID:8584

C:\Windows\System\BRGLNal.exe
C:\Windows\System\BRGLNal.exe
2⤵
PID:8608

C:\Windows\System\amGcSYv.exe
C:\Windows\System\amGcSYv.exe
2⤵
PID:8628

C:\Windows\System\ZsBkdqK.exe
C:\Windows\System\ZsBkdqK.exe
2⤵
PID:8652

C:\Windows\System\rESYERW.exe
C:\Windows\System\rESYERW.exe
2⤵
PID:8704

C:\Windows\System\rAnKMRn.exe
C:\Windows\System\rAnKMRn.exe
2⤵
PID:8752

C:\Windows\System\ovbHGxx.exe
C:\Windows\System\ovbHGxx.exe
2⤵
PID:8772

C:\Windows\System\NtMjsic.exe
C:\Windows\System\NtMjsic.exe
2⤵
PID:8812

C:\Windows\System\GdfNbBG.exe
C:\Windows\System\GdfNbBG.exe
2⤵
PID:8836

C:\Windows\System\LzrtBgk.exe
C:\Windows\System\LzrtBgk.exe
2⤵
PID:8868

C:\Windows\System\mtFOSKu.exe
C:\Windows\System\mtFOSKu.exe
2⤵
PID:8884

C:\Windows\System\RHVAnCi.exe
C:\Windows\System\RHVAnCi.exe
2⤵
PID:8916

C:\Windows\System\bEdTpbz.exe
C:\Windows\System\bEdTpbz.exe
2⤵
PID:8936

C:\Windows\System\jnJzXde.exe
C:\Windows\System\jnJzXde.exe
2⤵
PID:8968

C:\Windows\System\jJunsPh.exe
C:\Windows\System\jJunsPh.exe
2⤵
PID:9008

C:\Windows\System\koIVBdc.exe
C:\Windows\System\koIVBdc.exe
2⤵
PID:9036

C:\Windows\System\MBYLqTL.exe
C:\Windows\System\MBYLqTL.exe
2⤵
PID:9064

C:\Windows\System\VEbvKFu.exe
C:\Windows\System\VEbvKFu.exe
2⤵
PID:9084

C:\Windows\System\cJICmne.exe
C:\Windows\System\cJICmne.exe
2⤵
PID:9104

C:\Windows\System\hyojwFR.exe
C:\Windows\System\hyojwFR.exe
2⤵
PID:9124

C:\Windows\System\NNxFizd.exe
C:\Windows\System\NNxFizd.exe
2⤵
PID:9172

C:\Windows\System\acmhjMk.exe
C:\Windows\System\acmhjMk.exe
2⤵
PID:9196

C:\Windows\System\ggnfYur.exe
C:\Windows\System\ggnfYur.exe
2⤵
PID:7812

C:\Windows\System\zqAPnJM.exe
C:\Windows\System\zqAPnJM.exe
2⤵
PID:8236

C:\Windows\System\bjnAtiF.exe
C:\Windows\System\bjnAtiF.exe
2⤵
PID:8280

C:\Windows\System\NMhtQEZ.exe
C:\Windows\System\NMhtQEZ.exe
2⤵
PID:8316

C:\Windows\System\qinupfE.exe
C:\Windows\System\qinupfE.exe
2⤵
PID:8384

C:\Windows\System\EfPpEwq.exe
C:\Windows\System\EfPpEwq.exe
2⤵
PID:8472

C:\Windows\System\yNvmGNp.exe
C:\Windows\System\yNvmGNp.exe
2⤵
PID:8488

C:\Windows\System\iEspyhP.exe
C:\Windows\System\iEspyhP.exe
2⤵
PID:8604

C:\Windows\System\DNfwhLx.exe
C:\Windows\System\DNfwhLx.exe
2⤵
PID:8668

C:\Windows\System\tFqwaYU.exe
C:\Windows\System\tFqwaYU.exe
2⤵
PID:8728

C:\Windows\System\puRYjeI.exe
C:\Windows\System\puRYjeI.exe
2⤵
PID:8792

C:\Windows\System\BJPUtkm.exe
C:\Windows\System\BJPUtkm.exe
2⤵
PID:8860

C:\Windows\System\BxIWcnX.exe
C:\Windows\System\BxIWcnX.exe
2⤵
PID:8908

C:\Windows\System\HasGBkb.exe
C:\Windows\System\HasGBkb.exe
2⤵
PID:8964

C:\Windows\System\zdLtyQm.exe
C:\Windows\System\zdLtyQm.exe
2⤵
PID:9044

C:\Windows\System\HIlJpmt.exe
C:\Windows\System\HIlJpmt.exe
2⤵
PID:9096

C:\Windows\System\oudUoNt.exe
C:\Windows\System\oudUoNt.exe
2⤵
PID:9120

C:\Windows\System\BkORzDD.exe
C:\Windows\System\BkORzDD.exe
2⤵
PID:9180

C:\Windows\System\HrKNmuM.exe
C:\Windows\System\HrKNmuM.exe
2⤵
PID:7292

C:\Windows\System\laSaKND.exe
C:\Windows\System\laSaKND.exe
2⤵
PID:8300

C:\Windows\System\qsZeArD.exe
C:\Windows\System\qsZeArD.exe
2⤵
PID:8480

C:\Windows\System\GcqKDjb.exe
C:\Windows\System\GcqKDjb.exe
2⤵
PID:8724

C:\Windows\System\yPmZKqM.exe
C:\Windows\System\yPmZKqM.exe
2⤵
PID:8848

C:\Windows\System\OvOzZqR.exe
C:\Windows\System\OvOzZqR.exe
2⤵
PID:9076

C:\Windows\System\PDlkqre.exe
C:\Windows\System\PDlkqre.exe
2⤵
PID:8272

C:\Windows\System\chYCnQD.exe
C:\Windows\System\chYCnQD.exe
2⤵
PID:8880

C:\Windows\System\APxQBeA.exe
C:\Windows\System\APxQBeA.exe
2⤵
PID:9000

C:\Windows\System\OavTeio.exe
C:\Windows\System\OavTeio.exe
2⤵
PID:9224

C:\Windows\System\EYujFYr.exe
C:\Windows\System\EYujFYr.exe
2⤵
PID:9256

C:\Windows\System\TlBKWEy.exe
C:\Windows\System\TlBKWEy.exe
2⤵
PID:9276

C:\Windows\System\VRXejQn.exe
C:\Windows\System\VRXejQn.exe
2⤵
PID:9292

C:\Windows\System\NbeXeHx.exe
C:\Windows\System\NbeXeHx.exe
2⤵
PID:9308

C:\Windows\System\oXTxmba.exe
C:\Windows\System\oXTxmba.exe
2⤵
PID:9356

C:\Windows\System\NhFpbLb.exe
C:\Windows\System\NhFpbLb.exe
2⤵
PID:9372

C:\Windows\System\MIitHXH.exe
C:\Windows\System\MIitHXH.exe
2⤵
PID:9400

C:\Windows\System\vMixISw.exe
C:\Windows\System\vMixISw.exe
2⤵
PID:9420

C:\Windows\System\SJStKbI.exe
C:\Windows\System\SJStKbI.exe
2⤵
PID:9440

C:\Windows\System\auEzIlw.exe
C:\Windows\System\auEzIlw.exe
2⤵
PID:9504

C:\Windows\System\HnXJkNq.exe
C:\Windows\System\HnXJkNq.exe
2⤵
PID:9528

C:\Windows\System\tGKOfOl.exe
C:\Windows\System\tGKOfOl.exe
2⤵
PID:9552

C:\Windows\System\whvvUzq.exe
C:\Windows\System\whvvUzq.exe
2⤵
PID:9568

C:\Windows\System\mzhPFpm.exe
C:\Windows\System\mzhPFpm.exe
2⤵
PID:9612

C:\Windows\System\FQdvNLh.exe
C:\Windows\System\FQdvNLh.exe
2⤵
PID:9628

C:\Windows\System\qCMvsKN.exe
C:\Windows\System\qCMvsKN.exe
2⤵
PID:9664

C:\Windows\System\LtMSxjH.exe
C:\Windows\System\LtMSxjH.exe
2⤵
PID:9700

C:\Windows\System\QejQlOS.exe
C:\Windows\System\QejQlOS.exe
2⤵
PID:9720

C:\Windows\System\XLlJGGV.exe
C:\Windows\System\XLlJGGV.exe
2⤵
PID:9740

C:\Windows\System\qkgyuwe.exe
C:\Windows\System\qkgyuwe.exe
2⤵
PID:9764

C:\Windows\System\NtjWiJY.exe
C:\Windows\System\NtjWiJY.exe
2⤵
PID:9788

C:\Windows\System\oNUmLdl.exe
C:\Windows\System\oNUmLdl.exe
2⤵
PID:9812

C:\Windows\System\zlQYXzC.exe
C:\Windows\System\zlQYXzC.exe
2⤵
PID:9836

C:\Windows\System\ZWFhXQG.exe
C:\Windows\System\ZWFhXQG.exe
2⤵
PID:9892

C:\Windows\System\TkpxdeN.exe
C:\Windows\System\TkpxdeN.exe
2⤵
PID:9912

C:\Windows\System\QzBTvPV.exe
C:\Windows\System\QzBTvPV.exe
2⤵
PID:9940

C:\Windows\System\sCoGjOU.exe
C:\Windows\System\sCoGjOU.exe
2⤵
PID:9956

C:\Windows\System\uBsausE.exe
C:\Windows\System\uBsausE.exe
2⤵
PID:9976

C:\Windows\System\StcvRAC.exe
C:\Windows\System\StcvRAC.exe
2⤵
PID:9996

C:\Windows\System\NnRtFYA.exe
C:\Windows\System\NnRtFYA.exe
2⤵
PID:10016

C:\Windows\System\CkWhlRh.exe
C:\Windows\System\CkWhlRh.exe
2⤵
PID:10040

C:\Windows\System\sOZypum.exe
C:\Windows\System\sOZypum.exe
2⤵
PID:10100

C:\Windows\System\qOZnNMn.exe
C:\Windows\System\qOZnNMn.exe
2⤵
PID:10116

C:\Windows\System\RxdybMz.exe
C:\Windows\System\RxdybMz.exe
2⤵
PID:10148

C:\Windows\System\TZsYQWg.exe
C:\Windows\System\TZsYQWg.exe
2⤵
PID:10204

C:\Windows\System\kAdgEEP.exe
C:\Windows\System\kAdgEEP.exe
2⤵
PID:10232

C:\Windows\System\EcJxukR.exe
C:\Windows\System\EcJxukR.exe
2⤵
PID:9236

C:\Windows\System\wPMcFor.exe
C:\Windows\System\wPMcFor.exe
2⤵
PID:9272

C:\Windows\System\fvJPOUA.exe
C:\Windows\System\fvJPOUA.exe
2⤵
PID:9304

C:\Windows\System\ecpFUzT.exe
C:\Windows\System\ecpFUzT.exe
2⤵
PID:9344

C:\Windows\System\hrKhkLI.exe
C:\Windows\System\hrKhkLI.exe
2⤵
PID:9436

C:\Windows\System\HkFeWqa.exe
C:\Windows\System\HkFeWqa.exe
2⤵
PID:9484

C:\Windows\System\wYuXkJN.exe
C:\Windows\System\wYuXkJN.exe
2⤵
PID:9516

C:\Windows\System\qbJvkfu.exe
C:\Windows\System\qbJvkfu.exe
2⤵
PID:9596

C:\Windows\System\ZkGcBiv.exe
C:\Windows\System\ZkGcBiv.exe
2⤵
PID:9672

C:\Windows\System\qDhNhqw.exe
C:\Windows\System\qDhNhqw.exe
2⤵
PID:9756

C:\Windows\System\lbUFXTB.exe
C:\Windows\System\lbUFXTB.exe
2⤵
PID:9716

C:\Windows\System\oTgoiVu.exe
C:\Windows\System\oTgoiVu.exe
2⤵
PID:9848

C:\Windows\System\RGKlwIL.exe
C:\Windows\System\RGKlwIL.exe
2⤵
PID:9968

C:\Windows\System\iZOqZjs.exe
C:\Windows\System\iZOqZjs.exe
2⤵
PID:10072

C:\Windows\System\NoRETOx.exe
C:\Windows\System\NoRETOx.exe
2⤵
PID:10144

C:\Windows\System\jEwUWCv.exe
C:\Windows\System\jEwUWCv.exe
2⤵
PID:10192

C:\Windows\System\rUhSgaN.exe
C:\Windows\System\rUhSgaN.exe
2⤵
PID:8720

C:\Windows\System\BjihfUH.exe
C:\Windows\System\BjihfUH.exe
2⤵
PID:9332

C:\Windows\System\gZvsiVk.exe
C:\Windows\System\gZvsiVk.exe
2⤵
PID:9416

C:\Windows\System\XGJXiwf.exe
C:\Windows\System\XGJXiwf.exe
2⤵
PID:9872

C:\Windows\System\tCzXpcA.exe
C:\Windows\System\tCzXpcA.exe
2⤵
PID:9984

C:\Windows\System\PYrfZMx.exe
C:\Windows\System\PYrfZMx.exe
2⤵
PID:9264

C:\Windows\System\DYLJhZz.exe
C:\Windows\System\DYLJhZz.exe
2⤵
PID:10248

C:\Windows\System\BzYuIgE.exe
C:\Windows\System\BzYuIgE.exe
2⤵
PID:10268

C:\Windows\System\DxMttSu.exe
C:\Windows\System\DxMttSu.exe
2⤵
PID:10284

C:\Windows\System\LwYhGEb.exe
C:\Windows\System\LwYhGEb.exe
2⤵
PID:10300

C:\Windows\System\kRBDrQi.exe
C:\Windows\System\kRBDrQi.exe
2⤵
PID:10316

C:\Windows\System\YJFtpVo.exe
C:\Windows\System\YJFtpVo.exe
2⤵
PID:10332

C:\Windows\System\tWAgFzd.exe
C:\Windows\System\tWAgFzd.exe
2⤵
PID:10348

C:\Windows\System\iOChisZ.exe
C:\Windows\System\iOChisZ.exe
2⤵
PID:10416

C:\Windows\System\ONVYBBu.exe
C:\Windows\System\ONVYBBu.exe
2⤵
PID:10432

C:\Windows\System\APHbZED.exe
C:\Windows\System\APHbZED.exe
2⤵
PID:10448

C:\Windows\System\qXHGvil.exe
C:\Windows\System\qXHGvil.exe
2⤵
PID:10464

C:\Windows\System\bQpCnxJ.exe
C:\Windows\System\bQpCnxJ.exe
2⤵
PID:10480

C:\Windows\System\AhAhtzn.exe
C:\Windows\System\AhAhtzn.exe
2⤵
PID:10556

C:\Windows\System\QLiquro.exe
C:\Windows\System\QLiquro.exe
2⤵
PID:10592

C:\Windows\System\fhkaorM.exe
C:\Windows\System\fhkaorM.exe
2⤵
PID:10616

C:\Windows\System\HGMWlrH.exe
C:\Windows\System\HGMWlrH.exe
2⤵
PID:10636

C:\Windows\System\VoTOfsQ.exe
C:\Windows\System\VoTOfsQ.exe
2⤵
PID:10708

C:\Windows\System\ADgspuS.exe
C:\Windows\System\ADgspuS.exe
2⤵
PID:10740

C:\Windows\System\LOvEBJx.exe
C:\Windows\System\LOvEBJx.exe
2⤵
PID:10760

C:\Windows\System\SpTizFb.exe
C:\Windows\System\SpTizFb.exe
2⤵
PID:10776

C:\Windows\System\vNxOQop.exe
C:\Windows\System\vNxOQop.exe
2⤵
PID:10832

C:\Windows\System\frUiZpe.exe
C:\Windows\System\frUiZpe.exe
2⤵
PID:10864

C:\Windows\System\TLaxOGJ.exe
C:\Windows\System\TLaxOGJ.exe
2⤵
PID:10884

C:\Windows\System\CTFMZKJ.exe
C:\Windows\System\CTFMZKJ.exe
2⤵
PID:10992

C:\Windows\System\nzSfSSV.exe
C:\Windows\System\nzSfSSV.exe
2⤵
PID:11016

C:\Windows\System\PvBXaIj.exe
C:\Windows\System\PvBXaIj.exe
2⤵
PID:11040

C:\Windows\System\jIisScs.exe
C:\Windows\System\jIisScs.exe
2⤵
PID:11072

C:\Windows\System\BeSzZSH.exe
C:\Windows\System\BeSzZSH.exe
2⤵
PID:11092

C:\Windows\System\kptmcxH.exe
C:\Windows\System\kptmcxH.exe
2⤵
PID:11120

C:\Windows\System\PIFgNGA.exe
C:\Windows\System\PIFgNGA.exe
2⤵
PID:11136

C:\Windows\System\HlcIBoB.exe
C:\Windows\System\HlcIBoB.exe
2⤵
PID:11160

C:\Windows\System\vuhFLML.exe
C:\Windows\System\vuhFLML.exe
2⤵
PID:11188

C:\Windows\System\CyCfQIO.exe
C:\Windows\System\CyCfQIO.exe
2⤵
PID:11208

C:\Windows\System\khaNhAM.exe
C:\Windows\System\khaNhAM.exe
2⤵
PID:11228

C:\Windows\System\KLYRubY.exe
C:\Windows\System\KLYRubY.exe
2⤵
PID:9904

C:\Windows\System\nWbDsJs.exe
C:\Windows\System\nWbDsJs.exe
2⤵
PID:9408

C:\Windows\System\UetZPHe.exe
C:\Windows\System\UetZPHe.exe
2⤵
PID:9540

C:\Windows\System\fNGfTzK.exe
C:\Windows\System\fNGfTzK.exe
2⤵
PID:9772

C:\Windows\System\GZXhlNi.exe
C:\Windows\System\GZXhlNi.exe
2⤵
PID:10408

C:\Windows\System\rAyBDmH.exe
C:\Windows\System\rAyBDmH.exe
2⤵
PID:10056

C:\Windows\System\GWelisP.exe
C:\Windows\System\GWelisP.exe
2⤵
PID:10180

C:\Windows\System\BvcGWtJ.exe
C:\Windows\System\BvcGWtJ.exe
2⤵
PID:9688

C:\Windows\System\YQYduQI.exe
C:\Windows\System\YQYduQI.exe
2⤵
PID:10344

C:\Windows\System\KcBezeL.exe
C:\Windows\System\KcBezeL.exe
2⤵
PID:10492

C:\Windows\System\yGDGECN.exe
C:\Windows\System\yGDGECN.exe
2⤵
PID:10524

C:\Windows\System\vtHzrrl.exe
C:\Windows\System\vtHzrrl.exe
2⤵
PID:10696

C:\Windows\System\PPKTZzn.exe
C:\Windows\System\PPKTZzn.exe
2⤵
PID:10768

C:\Windows\System\twbntcc.exe
C:\Windows\System\twbntcc.exe
2⤵
PID:10796

C:\Windows\System\zDTpVrc.exe
C:\Windows\System\zDTpVrc.exe
2⤵
PID:10860

C:\Windows\System\VOqlPBQ.exe
C:\Windows\System\VOqlPBQ.exe
2⤵
PID:11004

C:\Windows\System\ojjJPkF.exe
C:\Windows\System\ojjJPkF.exe
2⤵
PID:11032

C:\Windows\System\dFfHjDK.exe
C:\Windows\System\dFfHjDK.exe
2⤵
PID:11100

C:\Windows\System\czOVoIY.exe
C:\Windows\System\czOVoIY.exe
2⤵
PID:11156

C:\Windows\System\sgLFjFr.exe
C:\Windows\System\sgLFjFr.exe
2⤵
PID:9392

C:\Windows\System\Ydpnymq.exe
C:\Windows\System\Ydpnymq.exe
2⤵
PID:11244

C:\Windows\System\DfMymGQ.exe
C:\Windows\System\DfMymGQ.exe
2⤵
PID:10008

C:\Windows\System\hctJfMh.exe
C:\Windows\System\hctJfMh.exe
2⤵
PID:9964

C:\Windows\System\CCzOgSr.exe
C:\Windows\System\CCzOgSr.exe
2⤵
PID:10276

C:\Windows\System\QwLGPal.exe
C:\Windows\System\QwLGPal.exe
2⤵
PID:10688

C:\Windows\System\vuBDrJf.exe
C:\Windows\System\vuBDrJf.exe
2⤵
PID:10584

C:\Windows\System\kWpCMaX.exe
C:\Windows\System\kWpCMaX.exe
2⤵
PID:10752

C:\Windows\System\KzuaFqf.exe
C:\Windows\System\KzuaFqf.exe
2⤵
PID:10784

C:\Windows\System\WyJnIdL.exe
C:\Windows\System\WyJnIdL.exe
2⤵
PID:10976

C:\Windows\System\nqpDUGG.exe
C:\Windows\System\nqpDUGG.exe
2⤵
PID:11200

C:\Windows\System\ipansur.exe
C:\Windows\System\ipansur.exe
2⤵
PID:10400

C:\Windows\System\mBnNwmh.exe
C:\Windows\System\mBnNwmh.exe
2⤵
PID:10508

C:\Windows\System\IFEsApq.exe
C:\Windows\System\IFEsApq.exe
2⤵
PID:10520

C:\Windows\System\MsOOBvH.exe
C:\Windows\System\MsOOBvH.exe
2⤵
PID:11008

C:\Windows\System\uimZbjl.exe
C:\Windows\System\uimZbjl.exe
2⤵
PID:10324

C:\Windows\System\aUEUjHf.exe
C:\Windows\System\aUEUjHf.exe
2⤵
PID:11316

C:\Windows\System\lbNJxal.exe
C:\Windows\System\lbNJxal.exe
2⤵
PID:11364

C:\Windows\System\AGTASaO.exe
C:\Windows\System\AGTASaO.exe
2⤵
PID:11384

C:\Windows\System\rqSjGnd.exe
C:\Windows\System\rqSjGnd.exe
2⤵
PID:11416

C:\Windows\System\zGMfmFM.exe
C:\Windows\System\zGMfmFM.exe
2⤵
PID:11440

C:\Windows\System\NjGILsP.exe
C:\Windows\System\NjGILsP.exe
2⤵
PID:11480

C:\Windows\System\FjEeCyX.exe
C:\Windows\System\FjEeCyX.exe
2⤵
PID:11496

C:\Windows\System\XiyrAUF.exe
C:\Windows\System\XiyrAUF.exe
2⤵
PID:11524

C:\Windows\System\LuVQLzM.exe
C:\Windows\System\LuVQLzM.exe
2⤵
PID:11548

C:\Windows\System\eBNiDkW.exe
C:\Windows\System\eBNiDkW.exe
2⤵
PID:11572

C:\Windows\System\PdYIKdQ.exe
C:\Windows\System\PdYIKdQ.exe
2⤵
PID:11596

C:\Windows\System\ZKhxqyy.exe
C:\Windows\System\ZKhxqyy.exe
2⤵
PID:11620

C:\Windows\System\TjVigfd.exe
C:\Windows\System\TjVigfd.exe
2⤵
PID:11640

C:\Windows\System\eMuvZaR.exe
C:\Windows\System\eMuvZaR.exe
2⤵
PID:11660

C:\Windows\System\noEXgws.exe
C:\Windows\System\noEXgws.exe
2⤵
PID:11692

C:\Windows\System\PMaEwOI.exe
C:\Windows\System\PMaEwOI.exe
2⤵
PID:11720

C:\Windows\System\WVWeVqP.exe
C:\Windows\System\WVWeVqP.exe
2⤵
PID:11764

C:\Windows\System\qDRyYKc.exe
C:\Windows\System\qDRyYKc.exe
2⤵
PID:11808

C:\Windows\System\zmLcDcB.exe
C:\Windows\System\zmLcDcB.exe
2⤵
PID:11828

C:\Windows\System\JrtfuMJ.exe
C:\Windows\System\JrtfuMJ.exe
2⤵
PID:11848

C:\Windows\System\TMVnHci.exe
C:\Windows\System\TMVnHci.exe
2⤵
PID:11864

C:\Windows\System\WPjnMpP.exe
C:\Windows\System\WPjnMpP.exe
2⤵
PID:11896

C:\Windows\System\LDGlqNR.exe
C:\Windows\System\LDGlqNR.exe
2⤵
PID:11932

C:\Windows\System\QPujOzj.exe
C:\Windows\System\QPujOzj.exe
2⤵
PID:11956

C:\Windows\System\rAwINja.exe
C:\Windows\System\rAwINja.exe
2⤵
PID:12000

C:\Windows\System\iRMCupv.exe
C:\Windows\System\iRMCupv.exe
2⤵
PID:12020

C:\Windows\System\YnlYVxG.exe
C:\Windows\System\YnlYVxG.exe
2⤵
PID:12040

C:\Windows\System\NaiFRZz.exe
C:\Windows\System\NaiFRZz.exe
2⤵
PID:12060

C:\Windows\System\dhtUaFy.exe
C:\Windows\System\dhtUaFy.exe
2⤵
PID:12092

C:\Windows\System\nZalWBK.exe
C:\Windows\System\nZalWBK.exe
2⤵
PID:12116

C:\Windows\System\nitmGlk.exe
C:\Windows\System\nitmGlk.exe
2⤵
PID:12172

C:\Windows\System\UCoOFGk.exe
C:\Windows\System\UCoOFGk.exe
2⤵
PID:12200

C:\Windows\System\FgBFISt.exe
C:\Windows\System\FgBFISt.exe
2⤵
PID:12224

C:\Windows\System\inQhSLj.exe
C:\Windows\System\inQhSLj.exe
2⤵
PID:12240

C:\Windows\System\BVbUcWJ.exe
C:\Windows\System\BVbUcWJ.exe
2⤵
PID:12260

C:\Windows\System\KXSLKga.exe
C:\Windows\System\KXSLKga.exe
2⤵
PID:12280

C:\Windows\System\VxbIVvA.exe
C:\Windows\System\VxbIVvA.exe
2⤵
PID:10852

C:\Windows\System\GFdmarf.exe
C:\Windows\System\GFdmarf.exe
2⤵
PID:5088

C:\Windows\System\xOZmkqb.exe
C:\Windows\System\xOZmkqb.exe
2⤵
PID:11404

C:\Windows\System\dUCNYRo.exe
C:\Windows\System\dUCNYRo.exe
2⤵
PID:2268

C:\Windows\System\KnmOJXT.exe
C:\Windows\System\KnmOJXT.exe
2⤵
PID:11532

C:\Windows\System\USadOgA.exe
C:\Windows\System\USadOgA.exe
2⤵
PID:11580

C:\Windows\System\DaZTlfM.exe
C:\Windows\System\DaZTlfM.exe
2⤵
PID:10912

C:\Windows\System\sfCtpIU.exe
C:\Windows\System\sfCtpIU.exe
2⤵
PID:11732

C:\Windows\System\fDUnfcw.exe
C:\Windows\System\fDUnfcw.exe
2⤵
PID:11740

C:\Windows\System\lfnQBEb.exe
C:\Windows\System\lfnQBEb.exe
2⤵
PID:11840

C:\Windows\System\ZgKvrnb.exe
C:\Windows\System\ZgKvrnb.exe
2⤵
PID:11924

C:\Windows\System\LSCSPKt.exe
C:\Windows\System\LSCSPKt.exe
2⤵
PID:11964

C:\Windows\System\SXcYrYM.exe
C:\Windows\System\SXcYrYM.exe
2⤵
PID:11988

C:\Windows\System\venoIwb.exe
C:\Windows\System\venoIwb.exe
2⤵
PID:12036

C:\Windows\System\IszBwBR.exe
C:\Windows\System\IszBwBR.exe
2⤵
PID:12140

C:\Windows\System\dcDgObN.exe
C:\Windows\System\dcDgObN.exe
2⤵
PID:12232

C:\Windows\System\EWJYjvZ.exe
C:\Windows\System\EWJYjvZ.exe
2⤵
PID:12276

C:\Windows\System\anHUdVA.exe
C:\Windows\System\anHUdVA.exe
2⤵
PID:10820

C:\Windows\System\JGmyBTm.exe
C:\Windows\System\JGmyBTm.exe
2⤵
PID:11296

C:\Windows\System\UJijTSj.exe
C:\Windows\System\UJijTSj.exe
2⤵
PID:11432

C:\Windows\System\WJxXPek.exe
C:\Windows\System\WJxXPek.exe
2⤵
PID:11608

C:\Windows\System\bpPzIPc.exe
C:\Windows\System\bpPzIPc.exe
2⤵
PID:11688

C:\Windows\System\CPkXxDF.exe
C:\Windows\System\CPkXxDF.exe
2⤵
PID:11816

C:\Windows\System\mPeaamP.exe
C:\Windows\System\mPeaamP.exe
2⤵
PID:12128

C:\Windows\System\PlBgJlg.exe
C:\Windows\System\PlBgJlg.exe
2⤵
PID:12272

C:\Windows\System\FJzVROy.exe
C:\Windows\System\FJzVROy.exe
2⤵
PID:11348

C:\Windows\System\TUusXYb.exe
C:\Windows\System\TUusXYb.exe
2⤵
PID:11656

C:\Windows\System\UVfDcaz.exe
C:\Windows\System\UVfDcaz.exe
2⤵
PID:12028

C:\Windows\System\WPytfHf.exe
C:\Windows\System\WPytfHf.exe
2⤵
PID:11984

C:\Windows\System\xKzKfTY.exe
C:\Windows\System\xKzKfTY.exe
2⤵
PID:12292

C:\Windows\System\KUBmwHN.exe
C:\Windows\System\KUBmwHN.exe
2⤵
PID:12312

C:\Windows\System\SgFkSVU.exe
C:\Windows\System\SgFkSVU.exe
2⤵
PID:12340

C:\Windows\System\NztrzDD.exe
C:\Windows\System\NztrzDD.exe
2⤵
PID:12356

C:\Windows\System\hMaESkm.exe
C:\Windows\System\hMaESkm.exe
2⤵
PID:12380

C:\Windows\System\YzAmgpd.exe
C:\Windows\System\YzAmgpd.exe
2⤵
PID:12400

C:\Windows\System\dFpiAVO.exe
C:\Windows\System\dFpiAVO.exe
2⤵
PID:12432

C:\Windows\System\KGipfaE.exe
C:\Windows\System\KGipfaE.exe
2⤵
PID:12460

C:\Windows\System\ZKDmrxJ.exe
C:\Windows\System\ZKDmrxJ.exe
2⤵
PID:12528

C:\Windows\System\unMmIFL.exe
C:\Windows\System\unMmIFL.exe
2⤵
PID:12548

C:\Windows\System\KMiyXvD.exe
C:\Windows\System\KMiyXvD.exe
2⤵
PID:12572

C:\Windows\System\QFPzNwd.exe
C:\Windows\System\QFPzNwd.exe
2⤵
PID:12592

C:\Windows\System\QGqvsad.exe
C:\Windows\System\QGqvsad.exe
2⤵
PID:12644

C:\Windows\System\efCaBBZ.exe
C:\Windows\System\efCaBBZ.exe
2⤵
PID:12672

C:\Windows\System\zOsmNYs.exe
C:\Windows\System\zOsmNYs.exe
2⤵
PID:12696

C:\Windows\System\WIykNaQ.exe
C:\Windows\System\WIykNaQ.exe
2⤵
PID:12732

C:\Windows\System\wmMULXq.exe
C:\Windows\System\wmMULXq.exe
2⤵
PID:12752

C:\Windows\System\jUOLOmw.exe
C:\Windows\System\jUOLOmw.exe
2⤵
PID:12772

C:\Windows\System\gcHFZBl.exe
C:\Windows\System\gcHFZBl.exe
2⤵
PID:12796

C:\Windows\System\DcOqJJY.exe
C:\Windows\System\DcOqJJY.exe
2⤵
PID:12816

C:\Windows\System\DMWrmFP.exe
C:\Windows\System\DMWrmFP.exe
2⤵
PID:12836

C:\Windows\System\RJodivj.exe
C:\Windows\System\RJodivj.exe
2⤵
PID:12856

C:\Windows\System\DgkFeXt.exe
C:\Windows\System\DgkFeXt.exe
2⤵
PID:12872

C:\Windows\System\UgMBJuc.exe
C:\Windows\System\UgMBJuc.exe
2⤵
PID:12904

C:\Windows\System\RnQMlMv.exe
C:\Windows\System\RnQMlMv.exe
2⤵
PID:12968

C:\Windows\System\NjhCcEs.exe
C:\Windows\System\NjhCcEs.exe
2⤵
PID:13004

C:\Windows\System\RqQpIcl.exe
C:\Windows\System\RqQpIcl.exe
2⤵
PID:13024

C:\Windows\System\tbwqXeS.exe
C:\Windows\System\tbwqXeS.exe
2⤵
PID:13048

C:\Windows\System\WHKvlFg.exe
C:\Windows\System\WHKvlFg.exe
2⤵
PID:13064

C:\Windows\System\EuobLgs.exe
C:\Windows\System\EuobLgs.exe
2⤵
PID:13100

C:\Windows\System\YAsecyV.exe
C:\Windows\System\YAsecyV.exe
2⤵
PID:13120

C:\Windows\System\TIdtkrJ.exe
C:\Windows\System\TIdtkrJ.exe
2⤵
PID:13152

C:\Windows\System\ZUGCUSr.exe
C:\Windows\System\ZUGCUSr.exe
2⤵
PID:13176

C:\Windows\System\WBNKmuG.exe
C:\Windows\System\WBNKmuG.exe
2⤵
PID:13208

C:\Windows\System\vdwDuDx.exe
C:\Windows\System\vdwDuDx.exe
2⤵
PID:13228

C:\Windows\System\tWaBFNi.exe
C:\Windows\System\tWaBFNi.exe
2⤵
PID:13252

C:\Windows\System\EWRJUca.exe
C:\Windows\System\EWRJUca.exe
2⤵
PID:13292

C:\Windows\System\poKXshn.exe
C:\Windows\System\poKXshn.exe
2⤵
PID:11908

C:\Windows\System\TYUXJIS.exe
C:\Windows\System\TYUXJIS.exe
2⤵
PID:12300

C:\Windows\System\uBgHXlF.exe
C:\Windows\System\uBgHXlF.exe
2⤵
PID:12324

C:\Windows\System\oPyDZGr.exe
C:\Windows\System\oPyDZGr.exe
2⤵
PID:12392

C:\Windows\System\ILTPyGG.exe
C:\Windows\System\ILTPyGG.exe
2⤵
PID:12500

C:\Windows\System\lwkaMIk.exe
C:\Windows\System\lwkaMIk.exe
2⤵
PID:12564

C:\Windows\System\sOqkEoq.exe
C:\Windows\System\sOqkEoq.exe
2⤵
PID:12588

C:\Windows\System\qQIlaUl.exe
C:\Windows\System\qQIlaUl.exe
2⤵
PID:12680

C:\Windows\System\moIczhE.exe
C:\Windows\System\moIczhE.exe
2⤵
PID:12728

C:\Windows\System\cMxWydo.exe
C:\Windows\System\cMxWydo.exe
2⤵
PID:12868

C:\Windows\System\ACkQmBt.exe
C:\Windows\System\ACkQmBt.exe
2⤵
PID:12900

C:\Windows\System\pSyOoTe.exe
C:\Windows\System\pSyOoTe.exe
2⤵
PID:12956

C:\Windows\System\LXBsQxJ.exe
C:\Windows\System\LXBsQxJ.exe
2⤵
PID:12984

C:\Windows\System\mZLFZeu.exe
C:\Windows\System\mZLFZeu.exe
2⤵
PID:13044

C:\Windows\System\xlABbgV.exe
C:\Windows\System\xlABbgV.exe
2⤵
PID:13088

C:\Windows\System\ZkBcXmQ.exe
C:\Windows\System\ZkBcXmQ.exe
2⤵
PID:4032

C:\Windows\System\IClDDZf.exe
C:\Windows\System\IClDDZf.exe
2⤵
PID:12216

C:\Windows\System\mbngnMq.exe
C:\Windows\System\mbngnMq.exe
2⤵
PID:3660

C:\Windows\System\zUPuAUw.exe
C:\Windows\System\zUPuAUw.exe
2⤵
PID:1824

C:\Windows\System\LrlbxyQ.exe
C:\Windows\System\LrlbxyQ.exe
2⤵
PID:12452

C:\Windows\System\hCqTyud.exe
C:\Windows\System\hCqTyud.exe
2⤵
PID:12636

C:\Windows\System\zWVzrkP.exe
C:\Windows\System\zWVzrkP.exe
2⤵
PID:12708

C:\Windows\System\vJwqMpF.exe
C:\Windows\System\vJwqMpF.exe
2⤵
PID:12832

C:\Windows\System\wSAHuCq.exe
C:\Windows\System\wSAHuCq.exe
2⤵
PID:12844

C:\Windows\System\aYVkHUb.exe
C:\Windows\System\aYVkHUb.exe
2⤵
PID:13080

C:\Windows\System\erZtSKf.exe
C:\Windows\System\erZtSKf.exe
2⤵
PID:13224

C:\Windows\System\TXeYjmc.exe
C:\Windows\System\TXeYjmc.exe
2⤵
PID:12304

C:\Windows\System\bMRGiAI.exe
C:\Windows\System\bMRGiAI.exe
2⤵
PID:12740

C:\Windows\System\KpikPCa.exe
C:\Windows\System\KpikPCa.exe
2⤵
PID:12912

C:\Windows\System\euOnFVf.exe
C:\Windows\System\euOnFVf.exe
2⤵
PID:12332

C:\Windows\System\OXmqOuP.exe
C:\Windows\System\OXmqOuP.exe
2⤵
PID:13320

C:\Windows\System\HqNmQXV.exe
C:\Windows\System\HqNmQXV.exe
2⤵
PID:13340

C:\Windows\System\NEfxSwH.exe
C:\Windows\System\NEfxSwH.exe
2⤵
PID:13388

C:\Windows\System\uXzwNWc.exe
C:\Windows\System\uXzwNWc.exe
2⤵
PID:13416

C:\Windows\System\vDhKijw.exe
C:\Windows\System\vDhKijw.exe
2⤵
PID:13440

C:\Windows\System\yXJVMHX.exe
C:\Windows\System\yXJVMHX.exe
2⤵
PID:13456

C:\Windows\System\orsgwsd.exe
C:\Windows\System\orsgwsd.exe
2⤵
PID:13512

C:\Windows\System\ZvUIQmt.exe
C:\Windows\System\ZvUIQmt.exe
2⤵
PID:13536

C:\Windows\System\luFMeyg.exe
C:\Windows\System\luFMeyg.exe
2⤵
PID:13560

C:\Windows\System\uhNgSBi.exe
C:\Windows\System\uhNgSBi.exe
2⤵
PID:13604

C:\Windows\System\tDPysdX.exe
C:\Windows\System\tDPysdX.exe
2⤵
PID:13628

C:\Windows\System\qnpobPS.exe
C:\Windows\System\qnpobPS.exe
2⤵
PID:13644

C:\Windows\System\fctDgIF.exe
C:\Windows\System\fctDgIF.exe
2⤵
PID:13660

C:\Windows\System\ZoStHMG.exe
C:\Windows\System\ZoStHMG.exe
2⤵
PID:13680

C:\Windows\System\mdEKacl.exe
C:\Windows\System\mdEKacl.exe
2⤵
PID:13708

C:\Windows\System\QRecndK.exe
C:\Windows\System\QRecndK.exe
2⤵
PID:13732

C:\Windows\System\WCwtLjr.exe
C:\Windows\System\WCwtLjr.exe
2⤵
PID:13748

C:\Windows\System\AAnZjoj.exe
C:\Windows\System\AAnZjoj.exe
2⤵
PID:13776

C:\Windows\System\tsorFUZ.exe
C:\Windows\System\tsorFUZ.exe
2⤵
PID:13792

C:\Windows\System\lTVaubx.exe
C:\Windows\System\lTVaubx.exe
2⤵
PID:13816

C:\Windows\System\ylaUcQz.exe
C:\Windows\System\ylaUcQz.exe
2⤵
PID:13892

C:\Windows\System\KFcdcHq.exe
C:\Windows\System\KFcdcHq.exe
2⤵
PID:13920

C:\Windows\System\dWxvETE.exe
C:\Windows\System\dWxvETE.exe
2⤵
PID:13952

C:\Windows\System\HjAfHeb.exe
C:\Windows\System\HjAfHeb.exe
2⤵
PID:13984

C:\Windows\System\UDDQOAt.exe
C:\Windows\System\UDDQOAt.exe
2⤵
PID:14020

C:\Windows\System\hKYGfgz.exe
C:\Windows\System\hKYGfgz.exe
2⤵
PID:14036

C:\Windows\System\lbNuntk.exe
C:\Windows\System\lbNuntk.exe
2⤵
PID:14052

C:\Windows\System\GafyEWo.exe
C:\Windows\System\GafyEWo.exe
2⤵
PID:14080

C:\Windows\System\KxMzwLW.exe
C:\Windows\System\KxMzwLW.exe
2⤵
PID:14100

C:\Windows\System\vHgasJw.exe
C:\Windows\System\vHgasJw.exe
2⤵
PID:14124

C:\Windows\System\izWsVvM.exe
C:\Windows\System\izWsVvM.exe
2⤵
PID:14156

C:\Windows\System\FvEdMYk.exe
C:\Windows\System\FvEdMYk.exe
2⤵
PID:14192

C:\Windows\System\rhBaCsq.exe
C:\Windows\System\rhBaCsq.exe
2⤵
PID:14212

C:\Windows\System\YgGuCxV.exe
C:\Windows\System\YgGuCxV.exe
2⤵
PID:14232

C:\Windows\System\afuKbiP.exe
C:\Windows\System\afuKbiP.exe
2⤵
PID:14280

C:\Windows\System\ADXFSAV.exe
C:\Windows\System\ADXFSAV.exe
2⤵
PID:14320

C:\Windows\System\gYcGrKY.exe
C:\Windows\System\gYcGrKY.exe
2⤵
PID:12620

C:\Windows\System\zzGAlsA.exe
C:\Windows\System\zzGAlsA.exe
2⤵
PID:13384

C:\Windows\System\zqueAWX.exe
C:\Windows\System\zqueAWX.exe
2⤵
PID:13376

C:\Windows\System\IBbeGzQ.exe
C:\Windows\System\IBbeGzQ.exe
2⤵
PID:13472

C:\Windows\System\AQklGwa.exe
C:\Windows\System\AQklGwa.exe
2⤵
PID:13612

C:\Windows\System\hlIsKBP.exe
C:\Windows\System\hlIsKBP.exe
2⤵
PID:13640

C:\Windows\System\QoEDXqB.exe
C:\Windows\System\QoEDXqB.exe
2⤵
PID:13720

C:\Windows\System\JgIRHcO.exe
C:\Windows\System\JgIRHcO.exe
2⤵
PID:13768

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 13768 -s 248
3⤵
PID:3176

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2304

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BefuOUp.exe
Filesize
1.4MB

MD5
24050d20270c68c8f57d479c28d12d0a

SHA1
069516d673a45de4e544ae3d0ca07887bbc5f2c7

SHA256
4213639489c5f6df71ac1a006c821b294657d53204686009295d34ddcb329266

SHA512
91433faea742c9ee38be26a75ccad1cd666cbf0df1943b7a6cabc30adacd3eb834e35b5ad2f752c7bca68ddad0282f1bb6502fab51277eb66352d3a1e11a8073

Download Submit
C:\Windows\System\JCeBMiR.exe
Filesize
1.4MB

MD5
6820aef9f21a39eb6652490e78426ad2

SHA1
5d10f9bc41683345159e2cce62b87cca36adfd85

SHA256
d98276e92d0bbcd33c0fde46e4aec835286c960aeef2bd9f2ec0321f52668e1a

SHA512
ece172e03dbb44a82bbe5c0b16ad683864e6ce6e6e1eabb0a2379e68bc19dc68c4e329c9ff80a8c3db6644473cab87cf9fbc4c552acd265e022b8083c763889e

Download Submit
C:\Windows\System\LfWzEWz.exe
Filesize
1.4MB

MD5
c21c38a5a9948e2e2701e36e6f78602b

SHA1
a4679058dc60aa99305c1af2a3b6ca90e3cbbc89

SHA256
1a337f244701fe2bf570ce57b2ce5176ecffa0343a695335d737f9fa1efd5c15

SHA512
fb944b3369d5826d67a5f4f4250f6851c860f7a5395c90b4cfa2cc735aed3791484e990cc4eec2445638c57f39d518cad33ba0831b8537989737b1ebefa92141

Download Submit
C:\Windows\System\MDDninl.exe
Filesize
1.4MB

MD5
efb600db909b3c8068bc94ebf0b84f5f

SHA1
feb5020f9c8f25ea25ef236da70278e59feac5c2

SHA256
ac3c41d16167cd1fc1f03ed20a4f12216bcda5739146aacef3687e28d5275b6e

SHA512
98a47cdbdc82fee877844d921d4e5c1e7c097f6a290221ccd0db17859482424b165a44f844d5038f479148c61a3fb1d09b9e83339d6b8eff2d9070256e80c582

Download Submit
C:\Windows\System\MHlDIFg.exe
Filesize
1.4MB

MD5
70836e0116355fcfcf2bbc7e464bc9cc

SHA1
98835a5e433547c15b7bdad1d2f9a97b309ef3ba

SHA256
1114f9615577e650cf9ec01701d8dadf2c9671d88de4235c43ada5fe0fc16622

SHA512
912937bc5803e800556135a3a01eae578727bb84b97fa7b87b29fd4b8bab7b35fece3a6108ce3b54250692d62f3b9e121c4e1501f6149af0f48ddabfbcd841b4

Download Submit
C:\Windows\System\MHrcPdN.exe
Filesize
1.4MB

MD5
e0023a926bea27062635150f7f1a3db0

SHA1
49f7d0250e05403bd74081baa7afcba1cae186f6

SHA256
63159e113d05f8de379795544d714162846936a99f31610632e80117c4ed3b73

SHA512
54401ea8513cd4882e813c57ec76cb43e122b21662483823dd152ae87e73a174352aa745803fcf69ca04f56c5d57e0e4573d1d7cdbb1bf30e2daa9e9e08f246b

Download Submit
C:\Windows\System\MRtFjnL.exe
Filesize
1.4MB

MD5
191c5b86cbdb29ea5bccaab4d05572c3

SHA1
fcb55b8c372ca1332bc3e7193ed6608429c6294e

SHA256
937f7caa5a09a11accf41194b08f54dd0b7d46108c3f15d8d7b23d6297773f10

SHA512
2828ebd0163ff23f0feea7256fc69d17144d3f2faf5086aed569db86743b812f488b6e3dbc0e846090b3a75c3db50ca73da5af548fb086f58a77396f59f8316b

Download Submit
C:\Windows\System\MpjEHiq.exe
Filesize
1.4MB

MD5
fd19254834be853f51d41ac94455e55c

SHA1
7a798aa7c169b9527005a2f5b92cd075dbdfb4e2

SHA256
a143e7eff04d628a58c097f257e51799eb28dbb3810be83358da9c3e285d1fb4

SHA512
05fb27dbe82e1629bb25e261137f51ede802f3621041c4811b4ebab0de154c1ece403cb5b1e5f190303f19f4678ada7a54457567f10dce46aaa29ec1181b3fe9

Download Submit
C:\Windows\System\OiTwaWW.exe
Filesize
1.4MB

MD5
3a06d9bcc192c2a815720b40cf1346b0

SHA1
cb6e02b24e4a655227a2b4a4ab680d9ac4fa11b0

SHA256
035ce43391c0eaf00e4cdd62286ef4ee21d0b3c780abc88c7742c5ca4adbb59e

SHA512
e6519dbd4f27d6e4db6736a6455fcc32e29114e47891cc80e16a8d9ed30d3b493a475c49de650ce0e34d43deb6ec179dd98500021eea5d5b9b96051aed90fc7b

Download Submit
C:\Windows\System\OqEprQA.exe
Filesize
1.4MB

MD5
3039a437c27142c4df94fa634340ed35

SHA1
87ec7ede7547c72322d5c4c95e086fb70598e739

SHA256
54e014a95cdc28fa9bbbe041247b0f4c18ef6bcf14116806128f4b09fced0963

SHA512
fb934bbc2ae55f759ecfae44b45bdba1de39b091afca2825db4a8b7f37712f0dcfe35ed3e6d5c5010e95cff2a019da87b632abadabf0abb91023db50568cfd18

Download Submit
C:\Windows\System\OtarDNY.exe
Filesize
1.4MB

MD5
14fa04fa81c989338226645916e4d7b0

SHA1
149f7f434735acbf2cf6c20dd32cbfb1549e67eb

SHA256
0a49b651e4f32ad4d0b1f0f173af97e2b817abf904ec16f67fa120547f291a92

SHA512
2a646f4ca8f6c2ddd5dc975ec6c8a6342bd53224110d733c3cc6432681142dee662c4f328a49280af211b5bd1cd79a1f56568c7a5b429959a3623aaa549d34ee

Download Submit
C:\Windows\System\PWYzdWf.exe
Filesize
1.4MB

MD5
6d42a14dc70269dea598f551c5b22c75

SHA1
cc1925136434c7ee973afe9af120ffe350de8d29

SHA256
8b8f07ed3127fc66997339b1eedf3fb36782c1181373c841562a625b6904707f

SHA512
38008c3e6880634ab43f96fe75642d25b1fd91974a5fa6fea1627455959ec1e1b1026ac91f88e113f45ef65e90e8d6c4a9c9c1e19bb5f5b7dbf2f3d025ed6684

Download Submit
C:\Windows\System\PdawPad.exe
Filesize
1.4MB

MD5
392c85883707ca56efbe3aa01823ec6f

SHA1
7bc4ecacd1e7cccbd65b588ae4db8553ec21c72f

SHA256
f270e8e9edfc964737e4f218856137d83822a0d98cf32bb7b1db03502686c2c7

SHA512
f0631e73abd94fee077335ed4511aa8934b4877cc7d540565f21e991fc2e50cfda312f41fd0e54f4aa200778343d60ee59a5451cf9bdec36f0ae8348275cb82d

Download Submit
C:\Windows\System\SxEfLGN.exe
Filesize
1.4MB

MD5
24a98fc374abc92822bebf5c0fb628cb

SHA1
aaf7b726dce210a302a76a34f9acc696e11b6822

SHA256
63891ce61aa5668524c1fe3f2dc37d879ff3561d94f2d92e88e04c8f89f441ee

SHA512
d10bbdee3c105f68e3655b7d64e00b1ed4b210c76faf87874e13857326b4455c1a79fae03840160f25c4a7449ea43eddc7566aa4a045f35cf07846d50879d631

Download Submit
C:\Windows\System\TAvHZwu.exe
Filesize
1.4MB

MD5
c4931a2729619c55177e23dcd678201f

SHA1
cd860936228b097e3466ad4f91dd1ab0dacb8023

SHA256
35c7d5bad6d3a966745fc8f1e40d5f6c84e17589e855f6b0413a49d239240c70

SHA512
63d1474abeb488059e9d6921875fc07e2d00a1ae5484780f4d26cccd1ae692b45df989f95b17b6e6c50ccdd2961ba37b48c3663140c54d97d4eff2ca5b001771

Download Submit
C:\Windows\System\WkEEQaG.exe
Filesize
1.4MB

MD5
c5b871c0231153bd693e11426e72d37f

SHA1
f65975d6367eb2ea0d1fb3b89d247622ceeb0b24

SHA256
936415aa8e51ace752b6bd7f21fdfa3a9de2087d7afdedfa26547f3b4fe56cfc

SHA512
284cb89a4d51306ddfc1ecc6f5ffdb505ad2e7784508c53e4be95eedc09e6e95e05e55495ed316ddeedf9b6418534ecc4473ed051084c78114bf184c81e811f1

Download Submit
C:\Windows\System\XRTtcMM.exe
Filesize
1.4MB

MD5
7b80727d6939e233f1421d4a735aed7e

SHA1
c71eaa17b43d3712b5e922710d155700caf4662b

SHA256
19a4a5551bb65e30bba3f9184f36576f2e145aeaffe97668030437e67896be89

SHA512
4802bef85adde0eabd039d46479aab658c6203790f486db52cd130991ed68179ddacd27b209b1dda139679f1a73c60ede363f913ee5ce68006d451e962afa7da

Download Submit
C:\Windows\System\YKsgTsC.exe
Filesize
1.4MB

MD5
02e3af65d30c6d2ea81592c0aae7c016

SHA1
37dda5b95603be8fb8ddf51bfe99cc357a584799

SHA256
02063442402210ca9082a89331ad9a4ab4db62a4011bd8439b99b40a809ebb15

SHA512
9ad71a6499164a649c0948529b4d2910e947e955c4b5c108b55e0b16a3cbd85f5a1fecee607a4ad12f7201ad438ee0867659bddb8495fb104234a6da9d41c864

Download Submit
C:\Windows\System\YVeVhFA.exe
Filesize
1.4MB

MD5
e5d584ad3b5f19de66cae40c4ddd1301

SHA1
4581117b264aa2abe7b7f3243066bb7ddec340cc

SHA256
f8c3dcd8be422374be0962300c9991663ab2aab149ca27cc6019701875e89baa

SHA512
dca9651ee83ee7756806f9ff529fa96be350c6f721d3e488a1cfed47a41c66d3844443cb1642ad7cd861a1bce873efcc32e8322f96bb8a43abc8d198d9591430

Download Submit
C:\Windows\System\adRRgaW.exe
Filesize
1.4MB

MD5
4045613ce877eaa128ad65acc158c502

SHA1
d056da31e54c2d120eecd059695e9ee50d6f966a

SHA256
3e826a2f67f8d5c77cdfac4cf77350359de2fad4b84b05056db02e8779be25fd

SHA512
84d2b835f285fa3f8b0cb610b40635d5fe4373582346e6d72d873cac0f862c3855584fecf1e4021a6ecfeadf3cc43f355ca3e90ba4bafbb2f5e1b819db868638

Download Submit
C:\Windows\System\cJnGhCi.exe
Filesize
1.4MB

MD5
c2c96b68d2c5e856351b90603b8ca79e

SHA1
f6985f547fdf229efca9f7a8f188eb7ea3ebe302

SHA256
6c31c1d5c6984b73899679f098c7fc68703ec0fed94af75ce3b99b4f02fb4b1a

SHA512
80113fd5939d27c436b63dd31bba1590ac9ace4018ce792a9398c01e68cde2db287adfcf671fdf7b67cb3675441cd26c72ea1c8533c78b8f166474952724e9bd

Download Submit
C:\Windows\System\eknQNqo.exe
Filesize
1.4MB

MD5
0b33bb56fa0560f0a1602aeb3f2e2269

SHA1
991d6010ac082267d7df9edcc70ba1a544c472a8

SHA256
e3ce47e119415fd57807c6195a50e93039203340dbb48fec4f1440d1ff51bf72

SHA512
35f7e532f976121858166796649af236d08a52398221960fc4e5e0ef25aac5ed1acf51e228ea94265359c8e0635ebb59d3cd0e5dc6793acf16d754dee29dc0c6

Download Submit
C:\Windows\System\fwTvqkm.exe
Filesize
1.4MB

MD5
fa9f7d468521ebd864a805413be6e6bf

SHA1
600fbbecbb9ce9fb6448e8f7f872b99174855b38

SHA256
05a99a45c46c9e2cdb1ea78985f915b3131ccad17b385979b9a276dd9408947a

SHA512
5a7b3835a70fde31179455e5475e40e0fcf1073f3ad5a2fa07366004381b7497efff844af24f9500309bac423f14741a689941334080686f85fb3497a450e02b

Download Submit
C:\Windows\System\hGIwlGL.exe
Filesize
1.4MB

MD5
e3dfbb172a7b45ac650c4842852f5033

SHA1
b2b9692bab92c3c12d98785894ac161f954367ad

SHA256
8e23d48e4f423dc70d731dddb7a1d27fbbd1bfb3b270db34a273e69a5859452d

SHA512
d186daaea0d0daf25404248c324a1a47c27bfd3e6e6ec349b226a16371f8c2ea7af734d7deb1663802e79f23c6b5db802554d4c3228107b2bb53161093515782

Download Submit
C:\Windows\System\iDgtqpS.exe
Filesize
1.4MB

MD5
217d70a5298356a8121bbce78761e325

SHA1
cbe170125cb9a921667f1f05ae1e16c4e251660e

SHA256
f440913f9698438e8079f624607daac4121c713b0b252aadc47ff4c61f7b3a57

SHA512
11f703a439cd717d07fde8155528d721f0e4d164e31d3605b58afc90a636516ef7e74fd5d3da1544be0b0eb8a5cf3294f8b52d0bbf93af596b7ef1be2666adfe

Download Submit
C:\Windows\System\kQPsVwQ.exe
Filesize
1.4MB

MD5
cc3e4ee958c14dd09e43b0c7d91220ed

SHA1
a067cabfae7c954c16da513a0469b0d40b694273

SHA256
e132145f191cf5175bd3a0754f2e8ab2aa07610f224497c33e7f2f3e91af3c7f

SHA512
f3b3e2449da9aea9b7a68d54c8eb6a24a114696d5d6346604255706be592941dbbdca6c50683e32d3af2b3bb1f20bf1e98fb967203783cb2873fefafca9d24d2

Download Submit
C:\Windows\System\lTmYGcm.exe
Filesize
1.4MB

MD5
99d720feb42c32de8aa706415cb2efba

SHA1
f254a60deb71a68aa85e800a6f6997c9ebafe94d

SHA256
bd6eb4034e57930d50feda8b3dcc8b4108199e62f47b33d40cea25275e4d1695

SHA512
fc4d42b1627cfba64b7fc8ce10ab6084a18a2b4dba263314e33a542faa7ceee5ed1194c898439e4809d34408ec14921eaeab1eb617999a92f1edd477311d928c

Download Submit
C:\Windows\System\nwQzeCh.exe
Filesize
1.4MB

MD5
bad0f3a93763a509066a3eb1ecd1ac7d

SHA1
55130bf08302195cd81cd573d50b25cd545404cf

SHA256
f09d1f692daad21d14696b0de47620c9f5b620af0322312be4575278f067e603

SHA512
edee01746ada7622fcbe74912899796f5e39152a5ae07ecf6590515739990ef3b6c8bf52bd5685bda54c8da9c13b72bb68a1ae319746cee697bb8920100594d5

Download Submit
C:\Windows\System\qPWAgAs.exe
Filesize
1.4MB

MD5
709f6d50d04962ac7dc2fa487e9163ba

SHA1
31228af338e797f71f94d81c14e956bf5a7e36f9

SHA256
57b5ddcedad005dc588eaa5bd12bf3dda5ddc6481c02f2c3eaf04e7788d7fab8

SHA512
d32aff9160d446fdc26f7b2ae30b20722c3015ba7d38618c1d4bf4662837c9f1718e45d3937db75712f937bbbc2d59c22520786b8408990eb67aea3edf632af3

Download Submit
C:\Windows\System\rAsYYMh.exe
Filesize
1.4MB

MD5
028a47f56840685cc3eeaa9d2545527c

SHA1
6c7a57f209073772de12fe58b0a75f85bc585e50

SHA256
9ced6539083692c4530cc0a39bf78233b8622369f1625410b00d87a186e7b3ab

SHA512
6f2e524da0138fec972ac5aab39d28a40254b0af58b6a3e7d85f11db8c3fc8e27456661d704bdd0ae443a85dede910510809153603389043d22c88910951d336

Download Submit
C:\Windows\System\tSJYwSg.exe
Filesize
1.4MB

MD5
4f8f1d454aef0857638d8c813dbc474b

SHA1
3bc5998476ea9fde0c269a1063b941b84587ee5a

SHA256
2bd1f31670bd198a89d6a05288963e31d4e29f2b0c70a6539f757b816dfbe79a

SHA512
344fc482c945ce7db3c9b9c7577791db601ae516cadb78429925eb9ff6eeb0384629fccd87346adb24a9113a1f1dc02974a0c1267c7fa27db3eec15d02ff1acd

Download Submit
C:\Windows\System\uChVweR.exe
Filesize
1.4MB

MD5
1743770dfc7832be979b541ac3e8479d

SHA1
c54b2261249b878a1761fbdfd4dcad0c83e17cba

SHA256
152cbd47d75c98c980a7b321b0be1c23fadbba16a1e2380b148e81e5272b5a8e

SHA512
cf0b1b83b64c8c26fe4ac00f0bb35ab8b663cea3ab5357e50d7ae295b8f082b40a90d4e003ca1de2ca9de55dc245ba10861021c4a5f258842b6010257d27f6da

Download Submit
C:\Windows\System\wYXZXky.exe
Filesize
1.4MB

MD5
0867296e5c1348b1728586bceb052f8b

SHA1
68410421562dbdf5dc8a0ca39b2ed16a7817df8b

SHA256
f6ab3f2345eaa9f3edf998f5c0f6534d33e760058579a107b5a12855c5a0dd39

SHA512
bed8739478bb1377503672a5176eff0563e6b35011300e626c70e12d18cafc3c4b96bf3a279bf83f5b5fded8e8c11e82795cf4b0c8363c47d52437279c4f4643

Download Submit
memory/244-10-0x00007FF712130000-0x00007FF712481000-memory.dmp

Filesize
3.3MB

Download
memory/244-2254-0x00007FF712130000-0x00007FF712481000-memory.dmp

Filesize
3.3MB

Download
memory/428-179-0x00007FF66BCD0000-0x00007FF66C021000-memory.dmp

Filesize
3.3MB

Download
memory/428-2264-0x00007FF66BCD0000-0x00007FF66C021000-memory.dmp

Filesize
3.3MB

Download
memory/500-173-0x00007FF794D50000-0x00007FF7950A1000-memory.dmp

Filesize
3.3MB

Download
memory/500-2300-0x00007FF794D50000-0x00007FF7950A1000-memory.dmp

Filesize
3.3MB

Download
memory/556-2304-0x00007FF711770000-0x00007FF711AC1000-memory.dmp

Filesize
3.3MB

Download
memory/556-195-0x00007FF711770000-0x00007FF711AC1000-memory.dmp

Filesize
3.3MB

Download
memory/564-2219-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp

Filesize
3.3MB

Download
memory/564-2274-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp

Filesize
3.3MB

Download
memory/564-92-0x00007FF7CFD20000-0x00007FF7D0071000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2260-0x00007FF6884C0000-0x00007FF688811000-memory.dmp

Filesize
3.3MB

Download
memory/1084-63-0x00007FF6884C0000-0x00007FF688811000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2217-0x00007FF6884C0000-0x00007FF688811000-memory.dmp

Filesize
3.3MB

Download
memory/1380-2333-0x00007FF70C7F0000-0x00007FF70CB41000-memory.dmp

Filesize
3.3MB

Download
memory/1380-168-0x00007FF70C7F0000-0x00007FF70CB41000-memory.dmp

Filesize
3.3MB

Download
memory/1504-184-0x00007FF642000000-0x00007FF642351000-memory.dmp

Filesize
3.3MB

Download
memory/1504-2288-0x00007FF642000000-0x00007FF642351000-memory.dmp

Filesize
3.3MB

Download
memory/1540-167-0x00007FF6A5ED0000-0x00007FF6A6221000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2298-0x00007FF6A5ED0000-0x00007FF6A6221000-memory.dmp

Filesize
3.3MB

Download
memory/1548-133-0x00007FF6E7DA0000-0x00007FF6E80F1000-memory.dmp

Filesize
3.3MB

Download
memory/1548-2282-0x00007FF6E7DA0000-0x00007FF6E80F1000-memory.dmp

Filesize
3.3MB

Download
memory/1788-2292-0x00007FF7DD5D0000-0x00007FF7DD921000-memory.dmp

Filesize
3.3MB

Download
memory/1788-191-0x00007FF7DD5D0000-0x00007FF7DD921000-memory.dmp

Filesize
3.3MB

Download
memory/2260-122-0x00007FF757C20000-0x00007FF757F71000-memory.dmp

Filesize
3.3MB

Download
memory/2260-2220-0x00007FF757C20000-0x00007FF757F71000-memory.dmp

Filesize
3.3MB

Download
memory/2260-2284-0x00007FF757C20000-0x00007FF757F71000-memory.dmp

Filesize
3.3MB

Download
memory/2356-42-0x00007FF753CF0000-0x00007FF754041000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2262-0x00007FF753CF0000-0x00007FF754041000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2225-0x00007FF753CF0000-0x00007FF754041000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2229-0x00007FF6A8E80000-0x00007FF6A91D1000-memory.dmp

Filesize
3.3MB

Download
memory/2440-77-0x00007FF6A8E80000-0x00007FF6A91D1000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2268-0x00007FF6A8E80000-0x00007FF6A91D1000-memory.dmp

Filesize
3.3MB

Download
memory/2804-200-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2308-0x00007FF78F690000-0x00007FF78F9E1000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2270-0x00007FF626BE0000-0x00007FF626F31000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2230-0x00007FF626BE0000-0x00007FF626F31000-memory.dmp

Filesize
3.3MB

Download
memory/2984-78-0x00007FF626BE0000-0x00007FF626F31000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2216-0x00007FF713F80000-0x00007FF7142D1000-memory.dmp

Filesize
3.3MB

Download
memory/3036-26-0x00007FF713F80000-0x00007FF7142D1000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2258-0x00007FF713F80000-0x00007FF7142D1000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2231-0x00007FF761750000-0x00007FF761AA1000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2278-0x00007FF761750000-0x00007FF761AA1000-memory.dmp

Filesize
3.3MB

Download
memory/3048-91-0x00007FF761750000-0x00007FF761AA1000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2215-0x00007FF6B07B0000-0x00007FF6B0B01000-memory.dmp

Filesize
3.3MB

Download
memory/3248-20-0x00007FF6B07B0000-0x00007FF6B0B01000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2256-0x00007FF6B07B0000-0x00007FF6B0B01000-memory.dmp

Filesize
3.3MB

Download
memory/3696-199-0x00007FF696CE0000-0x00007FF697031000-memory.dmp

Filesize
3.3MB

Download
memory/3696-2310-0x00007FF696CE0000-0x00007FF697031000-memory.dmp

Filesize
3.3MB

Download
memory/3856-180-0x00007FF6341D0000-0x00007FF634521000-memory.dmp

Filesize
3.3MB

Download
memory/3856-2280-0x00007FF6341D0000-0x00007FF634521000-memory.dmp

Filesize
3.3MB

Download
memory/3992-190-0x00007FF6FCBB0000-0x00007FF6FCF01000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2290-0x00007FF6FCBB0000-0x00007FF6FCF01000-memory.dmp

Filesize
3.3MB

Download
memory/4184-2228-0x00007FF67BC30000-0x00007FF67BF81000-memory.dmp

Filesize
3.3MB

Download
memory/4184-2272-0x00007FF67BC30000-0x00007FF67BF81000-memory.dmp

Filesize
3.3MB

Download
memory/4184-76-0x00007FF67BC30000-0x00007FF67BF81000-memory.dmp

Filesize
3.3MB

Download
memory/4192-163-0x00007FF75F760000-0x00007FF75FAB1000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2296-0x00007FF75F760000-0x00007FF75FAB1000-memory.dmp

Filesize
3.3MB

Download
memory/4316-2267-0x00007FF74BED0000-0x00007FF74C221000-memory.dmp

Filesize
3.3MB

Download
memory/4316-75-0x00007FF74BED0000-0x00007FF74C221000-memory.dmp

Filesize
3.3MB

Download
memory/4316-2218-0x00007FF74BED0000-0x00007FF74C221000-memory.dmp

Filesize
3.3MB

Download
memory/4628-152-0x00007FF7132E0000-0x00007FF713631000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2294-0x00007FF7132E0000-0x00007FF713631000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2221-0x00007FF7132E0000-0x00007FF713631000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2252-0x00007FF700FB0000-0x00007FF701301000-memory.dmp

Filesize
3.3MB

Download
memory/4956-14-0x00007FF700FB0000-0x00007FF701301000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2182-0x00007FF700FB0000-0x00007FF701301000-memory.dmp

Filesize
3.3MB

Download
memory/4980-140-0x00007FF641D60000-0x00007FF6420B1000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2276-0x00007FF641D60000-0x00007FF6420B1000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2286-0x00007FF67DB70000-0x00007FF67DEC1000-memory.dmp

Filesize
3.3MB

Download
memory/5096-141-0x00007FF67DB70000-0x00007FF67DEC1000-memory.dmp

Filesize
3.3MB

Download
memory/5104-0-0x00007FF6D3B00000-0x00007FF6D3E51000-memory.dmp

Filesize
3.3MB

Download
memory/5104-1-0x00000204B1450000-0x00000204B1460000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads