xmrig | 54371e47a7d574c7764cc9f0be4465ed928e96d25f07c96eb324ef062d7f8840

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
Size

2.2MB
MD5

71da2ead5dfbbe7755ec79b525947ef0
SHA1

f122541f9b556d9e2538f62da65a3f4d71e25a81
SHA256

54371e47a7d574c7764cc9f0be4465ed928e96d25f07c96eb324ef062d7f8840
SHA512

2346fd3277ee6f8a254005c34ebeb262f05eef852066eca8eada3641111c1fbc98ad9e5936ec1e05550a5c2deef3b471f17740554078fab9ccf0b4119eff95cd
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMmUETRy:BemTLkNdfE0pZrV56utgY

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3248-0-0x00007FF6A4050000-0x00007FF6A43A4000-memory.dmp	xmrig
C:\Windows\System\MzRBqli.exe	xmrig
C:\Windows\System\DuyQSyC.exe	xmrig
behavioral2/memory/1612-22-0x00007FF6A8A20000-0x00007FF6A8D74000-memory.dmp	xmrig
C:\Windows\System\duOOdzB.exe	xmrig
C:\Windows\System\UQCWBgl.exe	xmrig
C:\Windows\System\NkyLLEd.exe	xmrig
C:\Windows\System\kukoXNB.exe	xmrig
C:\Windows\System\UJUewVP.exe	xmrig
C:\Windows\System\Djbyvax.exe	xmrig
C:\Windows\System\zAHAlXq.exe	xmrig
C:\Windows\System\noGFqDB.exe	xmrig
C:\Windows\System\mEubpSN.exe	xmrig
C:\Windows\System\QPYIpFN.exe	xmrig
C:\Windows\System\wHiJKqM.exe	xmrig
C:\Windows\System\KXlyXNU.exe	xmrig
C:\Windows\System\RrorRXU.exe	xmrig
behavioral2/memory/448-677-0x00007FF682330000-0x00007FF682684000-memory.dmp	xmrig
C:\Windows\System\VygYbtd.exe	xmrig
C:\Windows\System\PdWgZUM.exe	xmrig
C:\Windows\System\HOnDekD.exe	xmrig
C:\Windows\System\QqxcOrL.exe	xmrig
C:\Windows\System\kZpJbFx.exe	xmrig
C:\Windows\System\jpkwxfU.exe	xmrig
C:\Windows\System\IVzIbKx.exe	xmrig
C:\Windows\System\XbjLNpj.exe	xmrig
C:\Windows\System\ZIBZjPs.exe	xmrig
behavioral2/memory/1948-678-0x00007FF686910000-0x00007FF686C64000-memory.dmp	xmrig
behavioral2/memory/3028-679-0x00007FF788B60000-0x00007FF788EB4000-memory.dmp	xmrig
C:\Windows\System\PclpHht.exe	xmrig
C:\Windows\System\YTFMCVy.exe	xmrig
C:\Windows\System\CYqNOXx.exe	xmrig
C:\Windows\System\zzFFtxY.exe	xmrig
C:\Windows\System\OOWOJpT.exe	xmrig
C:\Windows\System\GJiEeeX.exe	xmrig
C:\Windows\System\buXSFKl.exe	xmrig
C:\Windows\System\DwQIsBu.exe	xmrig
C:\Windows\System\rFTldjr.exe	xmrig
behavioral2/memory/2436-11-0x00007FF799B60000-0x00007FF799EB4000-memory.dmp	xmrig
behavioral2/memory/1332-680-0x00007FF75D6A0000-0x00007FF75D9F4000-memory.dmp	xmrig
behavioral2/memory/3660-681-0x00007FF7BE350000-0x00007FF7BE6A4000-memory.dmp	xmrig
behavioral2/memory/4100-682-0x00007FF728D90000-0x00007FF7290E4000-memory.dmp	xmrig
behavioral2/memory/4584-683-0x00007FF6AEDF0000-0x00007FF6AF144000-memory.dmp	xmrig
behavioral2/memory/1216-684-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp	xmrig
behavioral2/memory/4164-685-0x00007FF6CEB00000-0x00007FF6CEE54000-memory.dmp	xmrig
behavioral2/memory/4060-686-0x00007FF6C45E0000-0x00007FF6C4934000-memory.dmp	xmrig
behavioral2/memory/5036-708-0x00007FF75DDA0000-0x00007FF75E0F4000-memory.dmp	xmrig
behavioral2/memory/1432-745-0x00007FF6A1380000-0x00007FF6A16D4000-memory.dmp	xmrig
behavioral2/memory/4372-758-0x00007FF7CF6A0000-0x00007FF7CF9F4000-memory.dmp	xmrig
behavioral2/memory/4048-787-0x00007FF65C090000-0x00007FF65C3E4000-memory.dmp	xmrig
behavioral2/memory/1804-807-0x00007FF6E00D0000-0x00007FF6E0424000-memory.dmp	xmrig
behavioral2/memory/4120-822-0x00007FF69AEA0000-0x00007FF69B1F4000-memory.dmp	xmrig
behavioral2/memory/3884-831-0x00007FF765AE0000-0x00007FF765E34000-memory.dmp	xmrig
behavioral2/memory/1356-828-0x00007FF66BCB0000-0x00007FF66C004000-memory.dmp	xmrig
behavioral2/memory/408-836-0x00007FF6D9100000-0x00007FF6D9454000-memory.dmp	xmrig
behavioral2/memory/1008-817-0x00007FF761C80000-0x00007FF761FD4000-memory.dmp	xmrig
behavioral2/memory/4708-814-0x00007FF6115E0000-0x00007FF611934000-memory.dmp	xmrig
behavioral2/memory/904-802-0x00007FF6CDEF0000-0x00007FF6CE244000-memory.dmp	xmrig
behavioral2/memory/2924-791-0x00007FF768250000-0x00007FF7685A4000-memory.dmp	xmrig
behavioral2/memory/2148-776-0x00007FF74AA00000-0x00007FF74AD54000-memory.dmp	xmrig
behavioral2/memory/4828-730-0x00007FF7C6910000-0x00007FF7C6C64000-memory.dmp	xmrig
behavioral2/memory/4724-715-0x00007FF73FCA0000-0x00007FF73FFF4000-memory.dmp	xmrig
behavioral2/memory/3320-687-0x00007FF6A69A0000-0x00007FF6A6CF4000-memory.dmp	xmrig
behavioral2/memory/3248-2159-0x00007FF6A4050000-0x00007FF6A43A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

MzRBqli.exeDuyQSyC.exeduOOdzB.exerFTldjr.exeUQCWBgl.exeDwQIsBu.exeNkyLLEd.exekukoXNB.exebuXSFKl.exeGJiEeeX.exeUJUewVP.exeOOWOJpT.exezzFFtxY.exeDjbyvax.exeCYqNOXx.exeYTFMCVy.exezAHAlXq.exenoGFqDB.exePclpHht.exemEubpSN.exeZIBZjPs.exeQPYIpFN.exeXbjLNpj.exeIVzIbKx.exewHiJKqM.exejpkwxfU.exekZpJbFx.exeKXlyXNU.exeQqxcOrL.exeHOnDekD.exeVygYbtd.exePdWgZUM.exeRrorRXU.exegszfhcl.exeKkEhfIx.exevgeoMGr.exeYVwSimL.exeQmLsVmk.exeJAtuYqd.exephJbBVK.exefMNDtOM.execRHUlTz.exeonBuwvV.exenOcccvi.exeAPUiEPo.exeNrGcAUP.exenuirfRA.exeeczztrd.exeVEKrbLV.exebsnDbDg.exedkwYwya.execgtMQfK.exeGhtcLfc.exeMZnNBDv.exebDYSoBH.exelOYHqRL.exeWIZBvyP.exeyxJSKUm.exeRnDjlYT.exesysThHr.exexTAFnXj.exeVihmhvs.exeHsQrUcg.exeOyKypYx.exe

pid	process
2436	MzRBqli.exe
1612	DuyQSyC.exe
3884	duOOdzB.exe
448	rFTldjr.exe
408	UQCWBgl.exe
1948	DwQIsBu.exe
3028	NkyLLEd.exe
1332	kukoXNB.exe
3660	buXSFKl.exe
4100	GJiEeeX.exe
4584	UJUewVP.exe
1216	OOWOJpT.exe
4164	zzFFtxY.exe
4060	Djbyvax.exe
3320	CYqNOXx.exe
5036	YTFMCVy.exe
4724	zAHAlXq.exe
4828	noGFqDB.exe
1432	PclpHht.exe
4372	mEubpSN.exe
2148	ZIBZjPs.exe
4048	QPYIpFN.exe
2924	XbjLNpj.exe
904	IVzIbKx.exe
1804	wHiJKqM.exe
4708	jpkwxfU.exe
1008	kZpJbFx.exe
4120	KXlyXNU.exe
1356	QqxcOrL.exe
2588	HOnDekD.exe
3648	VygYbtd.exe
2536	PdWgZUM.exe
2440	RrorRXU.exe
3900	gszfhcl.exe
2028	KkEhfIx.exe
1916	vgeoMGr.exe
3504	YVwSimL.exe
4468	QmLsVmk.exe
3036	JAtuYqd.exe
4576	phJbBVK.exe
3972	fMNDtOM.exe
5064	cRHUlTz.exe
2316	onBuwvV.exe
1044	nOcccvi.exe
2700	APUiEPo.exe
2884	NrGcAUP.exe
4976	nuirfRA.exe
4888	eczztrd.exe
2340	VEKrbLV.exe
4432	bsnDbDg.exe
1164	dkwYwya.exe
4508	cgtMQfK.exe
4248	GhtcLfc.exe
2216	MZnNBDv.exe
3568	bDYSoBH.exe
3756	lOYHqRL.exe
4640	WIZBvyP.exe
4104	yxJSKUm.exe
4940	RnDjlYT.exe
1912	sysThHr.exe
3260	xTAFnXj.exe
5004	Vihmhvs.exe
4252	HsQrUcg.exe
5008	OyKypYx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3248-0-0x00007FF6A4050000-0x00007FF6A43A4000-memory.dmp	upx
C:\Windows\System\MzRBqli.exe	upx
C:\Windows\System\DuyQSyC.exe	upx
behavioral2/memory/1612-22-0x00007FF6A8A20000-0x00007FF6A8D74000-memory.dmp	upx
C:\Windows\System\duOOdzB.exe	upx
C:\Windows\System\UQCWBgl.exe	upx
C:\Windows\System\NkyLLEd.exe	upx
C:\Windows\System\kukoXNB.exe	upx
C:\Windows\System\UJUewVP.exe	upx
C:\Windows\System\Djbyvax.exe	upx
C:\Windows\System\zAHAlXq.exe	upx
C:\Windows\System\noGFqDB.exe	upx
C:\Windows\System\mEubpSN.exe	upx
C:\Windows\System\QPYIpFN.exe	upx
C:\Windows\System\wHiJKqM.exe	upx
C:\Windows\System\KXlyXNU.exe	upx
C:\Windows\System\RrorRXU.exe	upx
behavioral2/memory/448-677-0x00007FF682330000-0x00007FF682684000-memory.dmp	upx
C:\Windows\System\VygYbtd.exe	upx
C:\Windows\System\PdWgZUM.exe	upx
C:\Windows\System\HOnDekD.exe	upx
C:\Windows\System\QqxcOrL.exe	upx
C:\Windows\System\kZpJbFx.exe	upx
C:\Windows\System\jpkwxfU.exe	upx
C:\Windows\System\IVzIbKx.exe	upx
C:\Windows\System\XbjLNpj.exe	upx
C:\Windows\System\ZIBZjPs.exe	upx
behavioral2/memory/1948-678-0x00007FF686910000-0x00007FF686C64000-memory.dmp	upx
behavioral2/memory/3028-679-0x00007FF788B60000-0x00007FF788EB4000-memory.dmp	upx
C:\Windows\System\PclpHht.exe	upx
C:\Windows\System\YTFMCVy.exe	upx
C:\Windows\System\CYqNOXx.exe	upx
C:\Windows\System\zzFFtxY.exe	upx
C:\Windows\System\OOWOJpT.exe	upx
C:\Windows\System\GJiEeeX.exe	upx
C:\Windows\System\buXSFKl.exe	upx
C:\Windows\System\DwQIsBu.exe	upx
C:\Windows\System\rFTldjr.exe	upx
behavioral2/memory/2436-11-0x00007FF799B60000-0x00007FF799EB4000-memory.dmp	upx
behavioral2/memory/1332-680-0x00007FF75D6A0000-0x00007FF75D9F4000-memory.dmp	upx
behavioral2/memory/3660-681-0x00007FF7BE350000-0x00007FF7BE6A4000-memory.dmp	upx
behavioral2/memory/4100-682-0x00007FF728D90000-0x00007FF7290E4000-memory.dmp	upx
behavioral2/memory/4584-683-0x00007FF6AEDF0000-0x00007FF6AF144000-memory.dmp	upx
behavioral2/memory/1216-684-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp	upx
behavioral2/memory/4164-685-0x00007FF6CEB00000-0x00007FF6CEE54000-memory.dmp	upx
behavioral2/memory/4060-686-0x00007FF6C45E0000-0x00007FF6C4934000-memory.dmp	upx
behavioral2/memory/5036-708-0x00007FF75DDA0000-0x00007FF75E0F4000-memory.dmp	upx
behavioral2/memory/1432-745-0x00007FF6A1380000-0x00007FF6A16D4000-memory.dmp	upx
behavioral2/memory/4372-758-0x00007FF7CF6A0000-0x00007FF7CF9F4000-memory.dmp	upx
behavioral2/memory/4048-787-0x00007FF65C090000-0x00007FF65C3E4000-memory.dmp	upx
behavioral2/memory/1804-807-0x00007FF6E00D0000-0x00007FF6E0424000-memory.dmp	upx
behavioral2/memory/4120-822-0x00007FF69AEA0000-0x00007FF69B1F4000-memory.dmp	upx
behavioral2/memory/3884-831-0x00007FF765AE0000-0x00007FF765E34000-memory.dmp	upx
behavioral2/memory/1356-828-0x00007FF66BCB0000-0x00007FF66C004000-memory.dmp	upx
behavioral2/memory/408-836-0x00007FF6D9100000-0x00007FF6D9454000-memory.dmp	upx
behavioral2/memory/1008-817-0x00007FF761C80000-0x00007FF761FD4000-memory.dmp	upx
behavioral2/memory/4708-814-0x00007FF6115E0000-0x00007FF611934000-memory.dmp	upx
behavioral2/memory/904-802-0x00007FF6CDEF0000-0x00007FF6CE244000-memory.dmp	upx
behavioral2/memory/2924-791-0x00007FF768250000-0x00007FF7685A4000-memory.dmp	upx
behavioral2/memory/2148-776-0x00007FF74AA00000-0x00007FF74AD54000-memory.dmp	upx
behavioral2/memory/4828-730-0x00007FF7C6910000-0x00007FF7C6C64000-memory.dmp	upx
behavioral2/memory/4724-715-0x00007FF73FCA0000-0x00007FF73FFF4000-memory.dmp	upx
behavioral2/memory/3320-687-0x00007FF6A69A0000-0x00007FF6A6CF4000-memory.dmp	upx
behavioral2/memory/3248-2159-0x00007FF6A4050000-0x00007FF6A43A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\ZmExjzx.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\goZQcJI.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\PSRYXRK.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\xDdEqWb.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\RtCXDvH.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\dFETHEE.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\nOcccvi.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\xpJnSjx.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\mEGPxCv.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\mLwDeJP.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\kClZVGS.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\XiONNxw.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\qFRDehL.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\QZLPuUv.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\sSwomID.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\XvqnnSH.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\fEZgqLQ.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\fbiJofy.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\Iblxlnr.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\CPXTkVL.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\yfgajNJ.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\goteHCA.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\iRLqlDA.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\EpTYknG.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\XWzpDkM.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\cRHUlTz.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\xlDsgZs.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\WiwcbLc.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\QvWnteY.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\GBksrRt.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\lZhhkni.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\vNHidYo.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\OziHuNf.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\EIQqCes.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\goyyVKv.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\cmtdkoM.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\bsnDbDg.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\XorwDlu.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\DqlQnGo.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\CPwoDyp.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\ORgWtLx.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\IocSGbx.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\WvKluEG.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\GYWrnSH.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\BbfwuCr.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\DHKwXZm.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\eEOtyJQ.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\fWAVjOw.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\QAkBJDF.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\BkQkWCS.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\bUDVhrP.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\qlkhYwB.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\UZbHYjX.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\ngZrPed.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\QHFAwkZ.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\pNwVHrl.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\rmkpPOK.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\CZauevj.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\pXCWtmS.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\JJIvDQP.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\UWgYlTs.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\HVqMMHX.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\xZLGvCZ.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
File created	C:\Windows\System\hjMIgHK.exe	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	13584	dwm.exe
Token: SeChangeNotifyPrivilege	13584	dwm.exe
Token: 33	13584	dwm.exe
Token: SeIncBasePriorityPrivilege	13584	dwm.exe
Token: SeShutdownPrivilege	13584	dwm.exe
Token: SeCreatePagefilePrivilege	13584	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe

description	pid	process	target process
PID 3248 wrote to memory of 2436	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	MzRBqli.exe
PID 3248 wrote to memory of 2436	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	MzRBqli.exe
PID 3248 wrote to memory of 1612	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	DuyQSyC.exe
PID 3248 wrote to memory of 1612	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	DuyQSyC.exe
PID 3248 wrote to memory of 3884	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	duOOdzB.exe
PID 3248 wrote to memory of 3884	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	duOOdzB.exe
PID 3248 wrote to memory of 448	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	rFTldjr.exe
PID 3248 wrote to memory of 448	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	rFTldjr.exe
PID 3248 wrote to memory of 408	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	UQCWBgl.exe
PID 3248 wrote to memory of 408	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	UQCWBgl.exe
PID 3248 wrote to memory of 1948	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	DwQIsBu.exe
PID 3248 wrote to memory of 1948	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	DwQIsBu.exe
PID 3248 wrote to memory of 3028	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	NkyLLEd.exe
PID 3248 wrote to memory of 3028	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	NkyLLEd.exe
PID 3248 wrote to memory of 1332	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	kukoXNB.exe
PID 3248 wrote to memory of 1332	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	kukoXNB.exe
PID 3248 wrote to memory of 3660	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	buXSFKl.exe
PID 3248 wrote to memory of 3660	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	buXSFKl.exe
PID 3248 wrote to memory of 4100	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	GJiEeeX.exe
PID 3248 wrote to memory of 4100	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	GJiEeeX.exe
PID 3248 wrote to memory of 4584	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	UJUewVP.exe
PID 3248 wrote to memory of 4584	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	UJUewVP.exe
PID 3248 wrote to memory of 1216	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	OOWOJpT.exe
PID 3248 wrote to memory of 1216	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	OOWOJpT.exe
PID 3248 wrote to memory of 4164	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	zzFFtxY.exe
PID 3248 wrote to memory of 4164	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	zzFFtxY.exe
PID 3248 wrote to memory of 4060	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	Djbyvax.exe
PID 3248 wrote to memory of 4060	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	Djbyvax.exe
PID 3248 wrote to memory of 3320	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	CYqNOXx.exe
PID 3248 wrote to memory of 3320	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	CYqNOXx.exe
PID 3248 wrote to memory of 5036	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	YTFMCVy.exe
PID 3248 wrote to memory of 5036	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	YTFMCVy.exe
PID 3248 wrote to memory of 4724	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	zAHAlXq.exe
PID 3248 wrote to memory of 4724	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	zAHAlXq.exe
PID 3248 wrote to memory of 4828	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	noGFqDB.exe
PID 3248 wrote to memory of 4828	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	noGFqDB.exe
PID 3248 wrote to memory of 1432	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	PclpHht.exe
PID 3248 wrote to memory of 1432	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	PclpHht.exe
PID 3248 wrote to memory of 4372	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	mEubpSN.exe
PID 3248 wrote to memory of 4372	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	mEubpSN.exe
PID 3248 wrote to memory of 2148	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	ZIBZjPs.exe
PID 3248 wrote to memory of 2148	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	ZIBZjPs.exe
PID 3248 wrote to memory of 4048	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	QPYIpFN.exe
PID 3248 wrote to memory of 4048	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	QPYIpFN.exe
PID 3248 wrote to memory of 2924	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	XbjLNpj.exe
PID 3248 wrote to memory of 2924	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	XbjLNpj.exe
PID 3248 wrote to memory of 904	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	IVzIbKx.exe
PID 3248 wrote to memory of 904	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	IVzIbKx.exe
PID 3248 wrote to memory of 1804	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	wHiJKqM.exe
PID 3248 wrote to memory of 1804	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	wHiJKqM.exe
PID 3248 wrote to memory of 4708	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	jpkwxfU.exe
PID 3248 wrote to memory of 4708	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	jpkwxfU.exe
PID 3248 wrote to memory of 1008	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	kZpJbFx.exe
PID 3248 wrote to memory of 1008	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	kZpJbFx.exe
PID 3248 wrote to memory of 4120	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	KXlyXNU.exe
PID 3248 wrote to memory of 4120	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	KXlyXNU.exe
PID 3248 wrote to memory of 1356	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	QqxcOrL.exe
PID 3248 wrote to memory of 1356	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	QqxcOrL.exe
PID 3248 wrote to memory of 2588	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	HOnDekD.exe
PID 3248 wrote to memory of 2588	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	HOnDekD.exe
PID 3248 wrote to memory of 3648	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	VygYbtd.exe
PID 3248 wrote to memory of 3648	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	VygYbtd.exe
PID 3248 wrote to memory of 2536	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	PdWgZUM.exe
PID 3248 wrote to memory of 2536	3248	71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe	PdWgZUM.exe

C:\Users\Admin\AppData\Local\Temp\71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\71da2ead5dfbbe7755ec79b525947ef0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3248

C:\Windows\System\MzRBqli.exe
C:\Windows\System\MzRBqli.exe
2⤵
- Executes dropped EXE
PID:2436

C:\Windows\System\DuyQSyC.exe
C:\Windows\System\DuyQSyC.exe
2⤵
- Executes dropped EXE
PID:1612

C:\Windows\System\duOOdzB.exe
C:\Windows\System\duOOdzB.exe
2⤵
- Executes dropped EXE
PID:3884

C:\Windows\System\rFTldjr.exe
C:\Windows\System\rFTldjr.exe
2⤵
- Executes dropped EXE
PID:448

C:\Windows\System\UQCWBgl.exe
C:\Windows\System\UQCWBgl.exe
2⤵
- Executes dropped EXE
PID:408

C:\Windows\System\DwQIsBu.exe
C:\Windows\System\DwQIsBu.exe
2⤵
- Executes dropped EXE
PID:1948

C:\Windows\System\NkyLLEd.exe
C:\Windows\System\NkyLLEd.exe
2⤵
- Executes dropped EXE
PID:3028

C:\Windows\System\kukoXNB.exe
C:\Windows\System\kukoXNB.exe
2⤵
- Executes dropped EXE
PID:1332

C:\Windows\System\buXSFKl.exe
C:\Windows\System\buXSFKl.exe
2⤵
- Executes dropped EXE
PID:3660

C:\Windows\System\GJiEeeX.exe
C:\Windows\System\GJiEeeX.exe
2⤵
- Executes dropped EXE
PID:4100

C:\Windows\System\UJUewVP.exe
C:\Windows\System\UJUewVP.exe
2⤵
- Executes dropped EXE
PID:4584

C:\Windows\System\OOWOJpT.exe
C:\Windows\System\OOWOJpT.exe
2⤵
- Executes dropped EXE
PID:1216

C:\Windows\System\zzFFtxY.exe
C:\Windows\System\zzFFtxY.exe
2⤵
- Executes dropped EXE
PID:4164

C:\Windows\System\Djbyvax.exe
C:\Windows\System\Djbyvax.exe
2⤵
- Executes dropped EXE
PID:4060

C:\Windows\System\CYqNOXx.exe
C:\Windows\System\CYqNOXx.exe
2⤵
- Executes dropped EXE
PID:3320

C:\Windows\System\YTFMCVy.exe
C:\Windows\System\YTFMCVy.exe
2⤵
- Executes dropped EXE
PID:5036

C:\Windows\System\zAHAlXq.exe
C:\Windows\System\zAHAlXq.exe
2⤵
- Executes dropped EXE
PID:4724

C:\Windows\System\noGFqDB.exe
C:\Windows\System\noGFqDB.exe
2⤵
- Executes dropped EXE
PID:4828

C:\Windows\System\PclpHht.exe
C:\Windows\System\PclpHht.exe
2⤵
- Executes dropped EXE
PID:1432

C:\Windows\System\mEubpSN.exe
C:\Windows\System\mEubpSN.exe
2⤵
- Executes dropped EXE
PID:4372

C:\Windows\System\ZIBZjPs.exe
C:\Windows\System\ZIBZjPs.exe
2⤵
- Executes dropped EXE
PID:2148

C:\Windows\System\QPYIpFN.exe
C:\Windows\System\QPYIpFN.exe
2⤵
- Executes dropped EXE
PID:4048

C:\Windows\System\XbjLNpj.exe
C:\Windows\System\XbjLNpj.exe
2⤵
- Executes dropped EXE
PID:2924

C:\Windows\System\IVzIbKx.exe
C:\Windows\System\IVzIbKx.exe
2⤵
- Executes dropped EXE
PID:904

C:\Windows\System\wHiJKqM.exe
C:\Windows\System\wHiJKqM.exe
2⤵
- Executes dropped EXE
PID:1804

C:\Windows\System\jpkwxfU.exe
C:\Windows\System\jpkwxfU.exe
2⤵
- Executes dropped EXE
PID:4708

C:\Windows\System\kZpJbFx.exe
C:\Windows\System\kZpJbFx.exe
2⤵
- Executes dropped EXE
PID:1008

C:\Windows\System\KXlyXNU.exe
C:\Windows\System\KXlyXNU.exe
2⤵
- Executes dropped EXE
PID:4120

C:\Windows\System\QqxcOrL.exe
C:\Windows\System\QqxcOrL.exe
2⤵
- Executes dropped EXE
PID:1356

C:\Windows\System\HOnDekD.exe
C:\Windows\System\HOnDekD.exe
2⤵
- Executes dropped EXE
PID:2588

C:\Windows\System\VygYbtd.exe
C:\Windows\System\VygYbtd.exe
2⤵
- Executes dropped EXE
PID:3648

C:\Windows\System\PdWgZUM.exe
C:\Windows\System\PdWgZUM.exe
2⤵
- Executes dropped EXE
PID:2536

C:\Windows\System\RrorRXU.exe
C:\Windows\System\RrorRXU.exe
2⤵
- Executes dropped EXE
PID:2440

C:\Windows\System\gszfhcl.exe
C:\Windows\System\gszfhcl.exe
2⤵
- Executes dropped EXE
PID:3900

C:\Windows\System\KkEhfIx.exe
C:\Windows\System\KkEhfIx.exe
2⤵
- Executes dropped EXE
PID:2028

C:\Windows\System\vgeoMGr.exe
C:\Windows\System\vgeoMGr.exe
2⤵
- Executes dropped EXE
PID:1916

C:\Windows\System\YVwSimL.exe
C:\Windows\System\YVwSimL.exe
2⤵
- Executes dropped EXE
PID:3504

C:\Windows\System\QmLsVmk.exe
C:\Windows\System\QmLsVmk.exe
2⤵
- Executes dropped EXE
PID:4468

C:\Windows\System\JAtuYqd.exe
C:\Windows\System\JAtuYqd.exe
2⤵
- Executes dropped EXE
PID:3036

C:\Windows\System\phJbBVK.exe
C:\Windows\System\phJbBVK.exe
2⤵
- Executes dropped EXE
PID:4576

C:\Windows\System\fMNDtOM.exe
C:\Windows\System\fMNDtOM.exe
2⤵
- Executes dropped EXE
PID:3972

C:\Windows\System\cRHUlTz.exe
C:\Windows\System\cRHUlTz.exe
2⤵
- Executes dropped EXE
PID:5064

C:\Windows\System\onBuwvV.exe
C:\Windows\System\onBuwvV.exe
2⤵
- Executes dropped EXE
PID:2316

C:\Windows\System\nOcccvi.exe
C:\Windows\System\nOcccvi.exe
2⤵
- Executes dropped EXE
PID:1044

C:\Windows\System\APUiEPo.exe
C:\Windows\System\APUiEPo.exe
2⤵
- Executes dropped EXE
PID:2700

C:\Windows\System\NrGcAUP.exe
C:\Windows\System\NrGcAUP.exe
2⤵
- Executes dropped EXE
PID:2884

C:\Windows\System\nuirfRA.exe
C:\Windows\System\nuirfRA.exe
2⤵
- Executes dropped EXE
PID:4976

C:\Windows\System\eczztrd.exe
C:\Windows\System\eczztrd.exe
2⤵
- Executes dropped EXE
PID:4888

C:\Windows\System\VEKrbLV.exe
C:\Windows\System\VEKrbLV.exe
2⤵
- Executes dropped EXE
PID:2340

C:\Windows\System\bsnDbDg.exe
C:\Windows\System\bsnDbDg.exe
2⤵
- Executes dropped EXE
PID:4432

C:\Windows\System\dkwYwya.exe
C:\Windows\System\dkwYwya.exe
2⤵
- Executes dropped EXE
PID:1164

C:\Windows\System\cgtMQfK.exe
C:\Windows\System\cgtMQfK.exe
2⤵
- Executes dropped EXE
PID:4508

C:\Windows\System\GhtcLfc.exe
C:\Windows\System\GhtcLfc.exe
2⤵
- Executes dropped EXE
PID:4248

C:\Windows\System\MZnNBDv.exe
C:\Windows\System\MZnNBDv.exe
2⤵
- Executes dropped EXE
PID:2216

C:\Windows\System\bDYSoBH.exe
C:\Windows\System\bDYSoBH.exe
2⤵
- Executes dropped EXE
PID:3568

C:\Windows\System\lOYHqRL.exe
C:\Windows\System\lOYHqRL.exe
2⤵
- Executes dropped EXE
PID:3756

C:\Windows\System\WIZBvyP.exe
C:\Windows\System\WIZBvyP.exe
2⤵
- Executes dropped EXE
PID:4640

C:\Windows\System\yxJSKUm.exe
C:\Windows\System\yxJSKUm.exe
2⤵
- Executes dropped EXE
PID:4104

C:\Windows\System\RnDjlYT.exe
C:\Windows\System\RnDjlYT.exe
2⤵
- Executes dropped EXE
PID:4940

C:\Windows\System\sysThHr.exe
C:\Windows\System\sysThHr.exe
2⤵
- Executes dropped EXE
PID:1912

C:\Windows\System\xTAFnXj.exe
C:\Windows\System\xTAFnXj.exe
2⤵
- Executes dropped EXE
PID:3260

C:\Windows\System\Vihmhvs.exe
C:\Windows\System\Vihmhvs.exe
2⤵
- Executes dropped EXE
PID:5004

C:\Windows\System\HsQrUcg.exe
C:\Windows\System\HsQrUcg.exe
2⤵
- Executes dropped EXE
PID:4252

C:\Windows\System\OyKypYx.exe
C:\Windows\System\OyKypYx.exe
2⤵
- Executes dropped EXE
PID:5008

C:\Windows\System\hXIwMRM.exe
C:\Windows\System\hXIwMRM.exe
2⤵
PID:436

C:\Windows\System\UblNBod.exe
C:\Windows\System\UblNBod.exe
2⤵
PID:2424

C:\Windows\System\ixWDSnD.exe
C:\Windows\System\ixWDSnD.exe
2⤵
PID:3892

C:\Windows\System\qIGRSEU.exe
C:\Windows\System\qIGRSEU.exe
2⤵
PID:3356

C:\Windows\System\kIDKbaa.exe
C:\Windows\System\kIDKbaa.exe
2⤵
PID:3848

C:\Windows\System\GxPemna.exe
C:\Windows\System\GxPemna.exe
2⤵
PID:5108

C:\Windows\System\IdLxsrn.exe
C:\Windows\System\IdLxsrn.exe
2⤵
PID:1492

C:\Windows\System\slCtlqb.exe
C:\Windows\System\slCtlqb.exe
2⤵
PID:1240

C:\Windows\System\vwuWfeA.exe
C:\Windows\System\vwuWfeA.exe
2⤵
PID:4920

C:\Windows\System\AuuJpWH.exe
C:\Windows\System\AuuJpWH.exe
2⤵
PID:1940

C:\Windows\System\AoaaTaL.exe
C:\Windows\System\AoaaTaL.exe
2⤵
PID:3424

C:\Windows\System\CWGGRcd.exe
C:\Windows\System\CWGGRcd.exe
2⤵
PID:632

C:\Windows\System\NGjXrLF.exe
C:\Windows\System\NGjXrLF.exe
2⤵
PID:3420

C:\Windows\System\UWgYlTs.exe
C:\Windows\System\UWgYlTs.exe
2⤵
PID:2336

C:\Windows\System\yeBqmQN.exe
C:\Windows\System\yeBqmQN.exe
2⤵
PID:4748

C:\Windows\System\xpPDPBP.exe
C:\Windows\System\xpPDPBP.exe
2⤵
PID:5136

C:\Windows\System\hSglQEY.exe
C:\Windows\System\hSglQEY.exe
2⤵
PID:5168

C:\Windows\System\JJIvDQP.exe
C:\Windows\System\JJIvDQP.exe
2⤵
PID:5196

C:\Windows\System\oeiQIGM.exe
C:\Windows\System\oeiQIGM.exe
2⤵
PID:5224

C:\Windows\System\gvgAZla.exe
C:\Windows\System\gvgAZla.exe
2⤵
PID:5252

C:\Windows\System\pEsZqnO.exe
C:\Windows\System\pEsZqnO.exe
2⤵
PID:5280

C:\Windows\System\EaJJgjE.exe
C:\Windows\System\EaJJgjE.exe
2⤵
PID:5308

C:\Windows\System\zKfUoyZ.exe
C:\Windows\System\zKfUoyZ.exe
2⤵
PID:5336

C:\Windows\System\ZCvmiiG.exe
C:\Windows\System\ZCvmiiG.exe
2⤵
PID:5364

C:\Windows\System\KZEYfYy.exe
C:\Windows\System\KZEYfYy.exe
2⤵
PID:5392

C:\Windows\System\gYnfmHE.exe
C:\Windows\System\gYnfmHE.exe
2⤵
PID:5420

C:\Windows\System\bSqaYCh.exe
C:\Windows\System\bSqaYCh.exe
2⤵
PID:5448

C:\Windows\System\zDoShOR.exe
C:\Windows\System\zDoShOR.exe
2⤵
PID:5476

C:\Windows\System\vFCEmIH.exe
C:\Windows\System\vFCEmIH.exe
2⤵
PID:5504

C:\Windows\System\OjEduGC.exe
C:\Windows\System\OjEduGC.exe
2⤵
PID:5532

C:\Windows\System\NelAsuU.exe
C:\Windows\System\NelAsuU.exe
2⤵
PID:5560

C:\Windows\System\sZVjzWX.exe
C:\Windows\System\sZVjzWX.exe
2⤵
PID:5588

C:\Windows\System\GpRtDmO.exe
C:\Windows\System\GpRtDmO.exe
2⤵
PID:5616

C:\Windows\System\toRnGyQ.exe
C:\Windows\System\toRnGyQ.exe
2⤵
PID:5644

C:\Windows\System\YuzUWAj.exe
C:\Windows\System\YuzUWAj.exe
2⤵
PID:5672

C:\Windows\System\lEWnRBy.exe
C:\Windows\System\lEWnRBy.exe
2⤵
PID:5700

C:\Windows\System\jSbwkKd.exe
C:\Windows\System\jSbwkKd.exe
2⤵
PID:5728

C:\Windows\System\XhcRfbD.exe
C:\Windows\System\XhcRfbD.exe
2⤵
PID:5756

C:\Windows\System\BRKsfCU.exe
C:\Windows\System\BRKsfCU.exe
2⤵
PID:5784

C:\Windows\System\ZwKgIzz.exe
C:\Windows\System\ZwKgIzz.exe
2⤵
PID:5812

C:\Windows\System\pXwkXvz.exe
C:\Windows\System\pXwkXvz.exe
2⤵
PID:5840

C:\Windows\System\pzLznQJ.exe
C:\Windows\System\pzLznQJ.exe
2⤵
PID:5868

C:\Windows\System\jfzgyGC.exe
C:\Windows\System\jfzgyGC.exe
2⤵
PID:5896

C:\Windows\System\UvwNGoZ.exe
C:\Windows\System\UvwNGoZ.exe
2⤵
PID:5924

C:\Windows\System\GBksrRt.exe
C:\Windows\System\GBksrRt.exe
2⤵
PID:5952

C:\Windows\System\QagnMub.exe
C:\Windows\System\QagnMub.exe
2⤵
PID:5980

C:\Windows\System\bpPzXBC.exe
C:\Windows\System\bpPzXBC.exe
2⤵
PID:6008

C:\Windows\System\dqlcelg.exe
C:\Windows\System\dqlcelg.exe
2⤵
PID:6036

C:\Windows\System\yQBbaeq.exe
C:\Windows\System\yQBbaeq.exe
2⤵
PID:6064

C:\Windows\System\uMUgdgy.exe
C:\Windows\System\uMUgdgy.exe
2⤵
PID:6092

C:\Windows\System\mNzraLN.exe
C:\Windows\System\mNzraLN.exe
2⤵
PID:6120

C:\Windows\System\hAuXkgi.exe
C:\Windows\System\hAuXkgi.exe
2⤵
PID:4556

C:\Windows\System\xeZOyKE.exe
C:\Windows\System\xeZOyKE.exe
2⤵
PID:5092

C:\Windows\System\XiONNxw.exe
C:\Windows\System\XiONNxw.exe
2⤵
PID:1724

C:\Windows\System\gXXAFGp.exe
C:\Windows\System\gXXAFGp.exe
2⤵
PID:4560

C:\Windows\System\GxUtLFn.exe
C:\Windows\System\GxUtLFn.exe
2⤵
PID:1436

C:\Windows\System\VGzYGEC.exe
C:\Windows\System\VGzYGEC.exe
2⤵
PID:1580

C:\Windows\System\tolaKmf.exe
C:\Windows\System\tolaKmf.exe
2⤵
PID:5156

C:\Windows\System\ORgWtLx.exe
C:\Windows\System\ORgWtLx.exe
2⤵
PID:5216

C:\Windows\System\niGnKiS.exe
C:\Windows\System\niGnKiS.exe
2⤵
PID:5292

C:\Windows\System\IZPkkQf.exe
C:\Windows\System\IZPkkQf.exe
2⤵
PID:5356

C:\Windows\System\ekyUbXT.exe
C:\Windows\System\ekyUbXT.exe
2⤵
PID:5408

C:\Windows\System\DxKVBIV.exe
C:\Windows\System\DxKVBIV.exe
2⤵
PID:5468

C:\Windows\System\ZAlqiMO.exe
C:\Windows\System\ZAlqiMO.exe
2⤵
PID:5548

C:\Windows\System\yPLsSvl.exe
C:\Windows\System\yPLsSvl.exe
2⤵
PID:5608

C:\Windows\System\GhCNjit.exe
C:\Windows\System\GhCNjit.exe
2⤵
PID:5684

C:\Windows\System\xTgWOnB.exe
C:\Windows\System\xTgWOnB.exe
2⤵
PID:5744

C:\Windows\System\EKQGUya.exe
C:\Windows\System\EKQGUya.exe
2⤵
PID:5804

C:\Windows\System\BfGJYsm.exe
C:\Windows\System\BfGJYsm.exe
2⤵
PID:5880

C:\Windows\System\kWFeZHA.exe
C:\Windows\System\kWFeZHA.exe
2⤵
PID:5940

C:\Windows\System\ttAYJkq.exe
C:\Windows\System\ttAYJkq.exe
2⤵
PID:6000

C:\Windows\System\snqtGHM.exe
C:\Windows\System\snqtGHM.exe
2⤵
PID:6076

C:\Windows\System\XfsDbUh.exe
C:\Windows\System\XfsDbUh.exe
2⤵
PID:6136

C:\Windows\System\XVHtjJe.exe
C:\Windows\System\XVHtjJe.exe
2⤵
PID:3332

C:\Windows\System\lZhhkni.exe
C:\Windows\System\lZhhkni.exe
2⤵
PID:2820

C:\Windows\System\cjlkiWN.exe
C:\Windows\System\cjlkiWN.exe
2⤵
PID:5188

C:\Windows\System\rXLFwta.exe
C:\Windows\System\rXLFwta.exe
2⤵
PID:5328

C:\Windows\System\swOjAGs.exe
C:\Windows\System\swOjAGs.exe
2⤵
PID:5516

C:\Windows\System\lXvkaHX.exe
C:\Windows\System\lXvkaHX.exe
2⤵
PID:5656

C:\Windows\System\eEOtyJQ.exe
C:\Windows\System\eEOtyJQ.exe
2⤵
PID:6168

C:\Windows\System\CExYjmn.exe
C:\Windows\System\CExYjmn.exe
2⤵
PID:6196

C:\Windows\System\UoDrmRZ.exe
C:\Windows\System\UoDrmRZ.exe
2⤵
PID:6220

C:\Windows\System\WyEnbQL.exe
C:\Windows\System\WyEnbQL.exe
2⤵
PID:6252

C:\Windows\System\oZyxOit.exe
C:\Windows\System\oZyxOit.exe
2⤵
PID:6280

C:\Windows\System\WiwcbLc.exe
C:\Windows\System\WiwcbLc.exe
2⤵
PID:6308

C:\Windows\System\jVuToMI.exe
C:\Windows\System\jVuToMI.exe
2⤵
PID:6336

C:\Windows\System\yGmuHos.exe
C:\Windows\System\yGmuHos.exe
2⤵
PID:6364

C:\Windows\System\DQxnxyG.exe
C:\Windows\System\DQxnxyG.exe
2⤵
PID:6392

C:\Windows\System\fbiJofy.exe
C:\Windows\System\fbiJofy.exe
2⤵
PID:6420

C:\Windows\System\BsPAWyf.exe
C:\Windows\System\BsPAWyf.exe
2⤵
PID:6448

C:\Windows\System\uwJXsLU.exe
C:\Windows\System\uwJXsLU.exe
2⤵
PID:6476

C:\Windows\System\XnKzQWE.exe
C:\Windows\System\XnKzQWE.exe
2⤵
PID:6504

C:\Windows\System\DTYiwNK.exe
C:\Windows\System\DTYiwNK.exe
2⤵
PID:6532

C:\Windows\System\AloEHOy.exe
C:\Windows\System\AloEHOy.exe
2⤵
PID:6560

C:\Windows\System\gZJwuGs.exe
C:\Windows\System\gZJwuGs.exe
2⤵
PID:6588

C:\Windows\System\FgGhUkC.exe
C:\Windows\System\FgGhUkC.exe
2⤵
PID:6616

C:\Windows\System\hrxsJXJ.exe
C:\Windows\System\hrxsJXJ.exe
2⤵
PID:6644

C:\Windows\System\LChXVRj.exe
C:\Windows\System\LChXVRj.exe
2⤵
PID:6672

C:\Windows\System\yHvbrIM.exe
C:\Windows\System\yHvbrIM.exe
2⤵
PID:6700

C:\Windows\System\qleXjbL.exe
C:\Windows\System\qleXjbL.exe
2⤵
PID:6728

C:\Windows\System\KuDdwuf.exe
C:\Windows\System\KuDdwuf.exe
2⤵
PID:6756

C:\Windows\System\VgYUeqX.exe
C:\Windows\System\VgYUeqX.exe
2⤵
PID:6784

C:\Windows\System\rGukeIR.exe
C:\Windows\System\rGukeIR.exe
2⤵
PID:6812

C:\Windows\System\alVAasg.exe
C:\Windows\System\alVAasg.exe
2⤵
PID:6840

C:\Windows\System\BNOpEqN.exe
C:\Windows\System\BNOpEqN.exe
2⤵
PID:6868

C:\Windows\System\aPdUsFu.exe
C:\Windows\System\aPdUsFu.exe
2⤵
PID:6896

C:\Windows\System\bGHlOhk.exe
C:\Windows\System\bGHlOhk.exe
2⤵
PID:6924

C:\Windows\System\zAjjlXJ.exe
C:\Windows\System\zAjjlXJ.exe
2⤵
PID:6956

C:\Windows\System\RZbyhvR.exe
C:\Windows\System\RZbyhvR.exe
2⤵
PID:6980

C:\Windows\System\eFVHZSI.exe
C:\Windows\System\eFVHZSI.exe
2⤵
PID:7008

C:\Windows\System\UZbHYjX.exe
C:\Windows\System\UZbHYjX.exe
2⤵
PID:7040

C:\Windows\System\NnpnlEr.exe
C:\Windows\System\NnpnlEr.exe
2⤵
PID:7064

C:\Windows\System\rAboKIr.exe
C:\Windows\System\rAboKIr.exe
2⤵
PID:7092

C:\Windows\System\RSCwWKY.exe
C:\Windows\System\RSCwWKY.exe
2⤵
PID:7120

C:\Windows\System\cAoovkA.exe
C:\Windows\System\cAoovkA.exe
2⤵
PID:7148

C:\Windows\System\xNtTyIj.exe
C:\Windows\System\xNtTyIj.exe
2⤵
PID:5720

C:\Windows\System\otKeOkP.exe
C:\Windows\System\otKeOkP.exe
2⤵
PID:5856

C:\Windows\System\ZXgxZgf.exe
C:\Windows\System\ZXgxZgf.exe
2⤵
PID:6028

C:\Windows\System\QLXzSup.exe
C:\Windows\System\QLXzSup.exe
2⤵
PID:1888

C:\Windows\System\YvotLiv.exe
C:\Windows\System\YvotLiv.exe
2⤵
PID:5132

C:\Windows\System\IgQRKJn.exe
C:\Windows\System\IgQRKJn.exe
2⤵
PID:3732

C:\Windows\System\MeCmSvw.exe
C:\Windows\System\MeCmSvw.exe
2⤵
PID:6180

C:\Windows\System\kMoZAGe.exe
C:\Windows\System\kMoZAGe.exe
2⤵
PID:6236

C:\Windows\System\oyoRHmd.exe
C:\Windows\System\oyoRHmd.exe
2⤵
PID:3984

C:\Windows\System\YOMOcJW.exe
C:\Windows\System\YOMOcJW.exe
2⤵
PID:6328

C:\Windows\System\dKafrAc.exe
C:\Windows\System\dKafrAc.exe
2⤵
PID:6404

C:\Windows\System\hbYwbXs.exe
C:\Windows\System\hbYwbXs.exe
2⤵
PID:6464

C:\Windows\System\tIfqhZK.exe
C:\Windows\System\tIfqhZK.exe
2⤵
PID:6524

C:\Windows\System\Iblxlnr.exe
C:\Windows\System\Iblxlnr.exe
2⤵
PID:6600

C:\Windows\System\gqtQUdr.exe
C:\Windows\System\gqtQUdr.exe
2⤵
PID:6636

C:\Windows\System\caTlpry.exe
C:\Windows\System\caTlpry.exe
2⤵
PID:6712

C:\Windows\System\UBBRybe.exe
C:\Windows\System\UBBRybe.exe
2⤵
PID:6748

C:\Windows\System\erPHbaR.exe
C:\Windows\System\erPHbaR.exe
2⤵
PID:6824

C:\Windows\System\VzYXoRv.exe
C:\Windows\System\VzYXoRv.exe
2⤵
PID:6884

C:\Windows\System\VucYfTA.exe
C:\Windows\System\VucYfTA.exe
2⤵
PID:6940

C:\Windows\System\NHvxxFJ.exe
C:\Windows\System\NHvxxFJ.exe
2⤵
PID:6996

C:\Windows\System\VGWhvMD.exe
C:\Windows\System\VGWhvMD.exe
2⤵
PID:7060

C:\Windows\System\CRSszVR.exe
C:\Windows\System\CRSszVR.exe
2⤵
PID:3188

C:\Windows\System\PwhDocq.exe
C:\Windows\System\PwhDocq.exe
2⤵
PID:7140

C:\Windows\System\ZsAPXGe.exe
C:\Windows\System\ZsAPXGe.exe
2⤵
PID:5832

C:\Windows\System\yCEOjDS.exe
C:\Windows\System\yCEOjDS.exe
2⤵
PID:3200

C:\Windows\System\DDmIkzG.exe
C:\Windows\System\DDmIkzG.exe
2⤵
PID:6380

C:\Windows\System\GNdjfwu.exe
C:\Windows\System\GNdjfwu.exe
2⤵
PID:6492

C:\Windows\System\cGPuBFg.exe
C:\Windows\System\cGPuBFg.exe
2⤵
PID:6576

C:\Windows\System\hWxLnrT.exe
C:\Windows\System\hWxLnrT.exe
2⤵
PID:1524

C:\Windows\System\vuhzwKT.exe
C:\Windows\System\vuhzwKT.exe
2⤵
PID:6664

C:\Windows\System\EgDsqtN.exe
C:\Windows\System\EgDsqtN.exe
2⤵
PID:6720

C:\Windows\System\vUcEvZh.exe
C:\Windows\System\vUcEvZh.exe
2⤵
PID:6796

C:\Windows\System\HGyWnMC.exe
C:\Windows\System\HGyWnMC.exe
2⤵
PID:6856

C:\Windows\System\JIKKEyl.exe
C:\Windows\System\JIKKEyl.exe
2⤵
PID:6916

C:\Windows\System\YGNCjpA.exe
C:\Windows\System\YGNCjpA.exe
2⤵
PID:6972

C:\Windows\System\xpJnSjx.exe
C:\Windows\System\xpJnSjx.exe
2⤵
PID:2188

C:\Windows\System\PdfmLJs.exe
C:\Windows\System\PdfmLJs.exe
2⤵
PID:2976

C:\Windows\System\HquddOy.exe
C:\Windows\System\HquddOy.exe
2⤵
PID:2684

C:\Windows\System\qFRDehL.exe
C:\Windows\System\qFRDehL.exe
2⤵
PID:1800

C:\Windows\System\ZmExjzx.exe
C:\Windows\System\ZmExjzx.exe
2⤵
PID:4020

C:\Windows\System\vaDcSiS.exe
C:\Windows\System\vaDcSiS.exe
2⤵
PID:3316

C:\Windows\System\JroMJdP.exe
C:\Windows\System\JroMJdP.exe
2⤵
PID:2220

C:\Windows\System\qlkhYwB.exe
C:\Windows\System\qlkhYwB.exe
2⤵
PID:2420

C:\Windows\System\fWAVjOw.exe
C:\Windows\System\fWAVjOw.exe
2⤵
PID:5972

C:\Windows\System\HVqMMHX.exe
C:\Windows\System\HVqMMHX.exe
2⤵
PID:6776

C:\Windows\System\BabJbXJ.exe
C:\Windows\System\BabJbXJ.exe
2⤵
PID:388

C:\Windows\System\tqxKTJa.exe
C:\Windows\System\tqxKTJa.exe
2⤵
PID:1480

C:\Windows\System\aCmMeeu.exe
C:\Windows\System\aCmMeeu.exe
2⤵
PID:1728

C:\Windows\System\tLEtmHh.exe
C:\Windows\System\tLEtmHh.exe
2⤵
PID:536

C:\Windows\System\xDIPmPt.exe
C:\Windows\System\xDIPmPt.exe
2⤵
PID:6688

C:\Windows\System\JvWtHQH.exe
C:\Windows\System\JvWtHQH.exe
2⤵
PID:7188

C:\Windows\System\ngZrPed.exe
C:\Windows\System\ngZrPed.exe
2⤵
PID:7216

C:\Windows\System\xsoAPnw.exe
C:\Windows\System\xsoAPnw.exe
2⤵
PID:7236

C:\Windows\System\MFlxnzj.exe
C:\Windows\System\MFlxnzj.exe
2⤵
PID:7268

C:\Windows\System\zOgIBsA.exe
C:\Windows\System\zOgIBsA.exe
2⤵
PID:7304

C:\Windows\System\OEVecwI.exe
C:\Windows\System\OEVecwI.exe
2⤵
PID:7336

C:\Windows\System\UDXqitB.exe
C:\Windows\System\UDXqitB.exe
2⤵
PID:7364

C:\Windows\System\uAmgzhv.exe
C:\Windows\System\uAmgzhv.exe
2⤵
PID:7384

C:\Windows\System\ccWNlPR.exe
C:\Windows\System\ccWNlPR.exe
2⤵
PID:7488

C:\Windows\System\xZLGvCZ.exe
C:\Windows\System\xZLGvCZ.exe
2⤵
PID:7556

C:\Windows\System\BkRGazX.exe
C:\Windows\System\BkRGazX.exe
2⤵
PID:7584

C:\Windows\System\szCoFDS.exe
C:\Windows\System\szCoFDS.exe
2⤵
PID:7624

C:\Windows\System\iKmZXmu.exe
C:\Windows\System\iKmZXmu.exe
2⤵
PID:7672

C:\Windows\System\rixsrDy.exe
C:\Windows\System\rixsrDy.exe
2⤵
PID:7736

C:\Windows\System\Iftyimj.exe
C:\Windows\System\Iftyimj.exe
2⤵
PID:7760

C:\Windows\System\mEGPxCv.exe
C:\Windows\System\mEGPxCv.exe
2⤵
PID:7788

C:\Windows\System\TfxzBoa.exe
C:\Windows\System\TfxzBoa.exe
2⤵
PID:7816

C:\Windows\System\DeTlpKG.exe
C:\Windows\System\DeTlpKG.exe
2⤵
PID:7860

C:\Windows\System\hSNzSfJ.exe
C:\Windows\System\hSNzSfJ.exe
2⤵
PID:7900

C:\Windows\System\MptgsFN.exe
C:\Windows\System\MptgsFN.exe
2⤵
PID:7924

C:\Windows\System\SexymSH.exe
C:\Windows\System\SexymSH.exe
2⤵
PID:7940

C:\Windows\System\AhmnYZv.exe
C:\Windows\System\AhmnYZv.exe
2⤵
PID:7956

C:\Windows\System\BcOsCvV.exe
C:\Windows\System\BcOsCvV.exe
2⤵
PID:7972

C:\Windows\System\fAFUTgr.exe
C:\Windows\System\fAFUTgr.exe
2⤵
PID:7988

C:\Windows\System\igSwNQE.exe
C:\Windows\System\igSwNQE.exe
2⤵
PID:8004

C:\Windows\System\JeWUYJn.exe
C:\Windows\System\JeWUYJn.exe
2⤵
PID:8020

C:\Windows\System\CPXTkVL.exe
C:\Windows\System\CPXTkVL.exe
2⤵
PID:8036

C:\Windows\System\XRmKDji.exe
C:\Windows\System\XRmKDji.exe
2⤵
PID:8052

C:\Windows\System\XMguagb.exe
C:\Windows\System\XMguagb.exe
2⤵
PID:8068

C:\Windows\System\HnXQxxn.exe
C:\Windows\System\HnXQxxn.exe
2⤵
PID:8084

C:\Windows\System\UiFhZkR.exe
C:\Windows\System\UiFhZkR.exe
2⤵
PID:8112

C:\Windows\System\goZQcJI.exe
C:\Windows\System\goZQcJI.exe
2⤵
PID:7184

C:\Windows\System\zjUaNgD.exe
C:\Windows\System\zjUaNgD.exe
2⤵
PID:3560

C:\Windows\System\ryWTbbN.exe
C:\Windows\System\ryWTbbN.exe
2⤵
PID:7256

C:\Windows\System\VZgtQar.exe
C:\Windows\System\VZgtQar.exe
2⤵
PID:7300

C:\Windows\System\yJuLZoP.exe
C:\Windows\System\yJuLZoP.exe
2⤵
PID:7344

C:\Windows\System\xakVCdM.exe
C:\Windows\System\xakVCdM.exe
2⤵
PID:7372

C:\Windows\System\NlHeJNt.exe
C:\Windows\System\NlHeJNt.exe
2⤵
PID:7424

C:\Windows\System\GcXmehK.exe
C:\Windows\System\GcXmehK.exe
2⤵
PID:7464

C:\Windows\System\dSnKgmi.exe
C:\Windows\System\dSnKgmi.exe
2⤵
PID:7524

C:\Windows\System\piubxbb.exe
C:\Windows\System\piubxbb.exe
2⤵
PID:7568

C:\Windows\System\Dtpimeo.exe
C:\Windows\System\Dtpimeo.exe
2⤵
PID:7604

C:\Windows\System\vcRcYhq.exe
C:\Windows\System\vcRcYhq.exe
2⤵
PID:7636

C:\Windows\System\vNHidYo.exe
C:\Windows\System\vNHidYo.exe
2⤵
PID:7700

C:\Windows\System\OxhELDX.exe
C:\Windows\System\OxhELDX.exe
2⤵
PID:7744

C:\Windows\System\oShEBmj.exe
C:\Windows\System\oShEBmj.exe
2⤵
PID:7836

C:\Windows\System\NsyXiAP.exe
C:\Windows\System\NsyXiAP.exe
2⤵
PID:7812

C:\Windows\System\lvOnhzd.exe
C:\Windows\System\lvOnhzd.exe
2⤵
PID:7872

C:\Windows\System\wWoCIDr.exe
C:\Windows\System\wWoCIDr.exe
2⤵
PID:7916

C:\Windows\System\APiDZIp.exe
C:\Windows\System\APiDZIp.exe
2⤵
PID:7948

C:\Windows\System\VjbpSQr.exe
C:\Windows\System\VjbpSQr.exe
2⤵
PID:7980

C:\Windows\System\ZvxJCRF.exe
C:\Windows\System\ZvxJCRF.exe
2⤵
PID:8012

C:\Windows\System\PQTqHeK.exe
C:\Windows\System\PQTqHeK.exe
2⤵
PID:8044

C:\Windows\System\bflIHbv.exe
C:\Windows\System\bflIHbv.exe
2⤵
PID:8076

C:\Windows\System\QAkBJDF.exe
C:\Windows\System\QAkBJDF.exe
2⤵
PID:8100

C:\Windows\System\sdHVPGS.exe
C:\Windows\System\sdHVPGS.exe
2⤵
PID:8180

C:\Windows\System\axckrTZ.exe
C:\Windows\System\axckrTZ.exe
2⤵
PID:2152

C:\Windows\System\uZkRkxi.exe
C:\Windows\System\uZkRkxi.exe
2⤵
PID:2576

C:\Windows\System\QHFAwkZ.exe
C:\Windows\System\QHFAwkZ.exe
2⤵
PID:7112

C:\Windows\System\dYmfHxQ.exe
C:\Windows\System\dYmfHxQ.exe
2⤵
PID:7276

C:\Windows\System\JLVDWVb.exe
C:\Windows\System\JLVDWVb.exe
2⤵
PID:7360

C:\Windows\System\EaZaJkO.exe
C:\Windows\System\EaZaJkO.exe
2⤵
PID:7480

C:\Windows\System\pzrggTm.exe
C:\Windows\System\pzrggTm.exe
2⤵
PID:7540

C:\Windows\System\wuIbKSZ.exe
C:\Windows\System\wuIbKSZ.exe
2⤵
PID:7616

C:\Windows\System\gANnHLv.exe
C:\Windows\System\gANnHLv.exe
2⤵
PID:7724

C:\Windows\System\BFvZOQN.exe
C:\Windows\System\BFvZOQN.exe
2⤵
PID:7780

C:\Windows\System\enWgaeY.exe
C:\Windows\System\enWgaeY.exe
2⤵
PID:7856

C:\Windows\System\SNSZNxb.exe
C:\Windows\System\SNSZNxb.exe
2⤵
PID:7936

C:\Windows\System\LUMbTvR.exe
C:\Windows\System\LUMbTvR.exe
2⤵
PID:8000

C:\Windows\System\CKcvQnr.exe
C:\Windows\System\CKcvQnr.exe
2⤵
PID:8064

C:\Windows\System\IocSGbx.exe
C:\Windows\System\IocSGbx.exe
2⤵
PID:8176

C:\Windows\System\ZXSWmFw.exe
C:\Windows\System\ZXSWmFw.exe
2⤵
PID:2864

C:\Windows\System\ToFcjNt.exe
C:\Windows\System\ToFcjNt.exe
2⤵
PID:5712

C:\Windows\System\GCGrPBv.exe
C:\Windows\System\GCGrPBv.exe
2⤵
PID:7404

C:\Windows\System\nIfVrxM.exe
C:\Windows\System\nIfVrxM.exe
2⤵
PID:7520

C:\Windows\System\tmoGPsv.exe
C:\Windows\System\tmoGPsv.exe
2⤵
PID:7692

C:\Windows\System\ZRWFtTw.exe
C:\Windows\System\ZRWFtTw.exe
2⤵
PID:7844

C:\Windows\System\AOIWWDL.exe
C:\Windows\System\AOIWWDL.exe
2⤵
PID:7968

C:\Windows\System\IOapEZG.exe
C:\Windows\System\IOapEZG.exe
2⤵
PID:6628

C:\Windows\System\pBMaXGt.exe
C:\Windows\System\pBMaXGt.exe
2⤵
PID:7320

C:\Windows\System\hjMIgHK.exe
C:\Windows\System\hjMIgHK.exe
2⤵
PID:7664

C:\Windows\System\monQird.exe
C:\Windows\System\monQird.exe
2⤵
PID:7772

C:\Windows\System\QoGGYAp.exe
C:\Windows\System\QoGGYAp.exe
2⤵
PID:7932

C:\Windows\System\ZjOWEvt.exe
C:\Windows\System\ZjOWEvt.exe
2⤵
PID:8236

C:\Windows\System\JuzzSJv.exe
C:\Windows\System\JuzzSJv.exe
2⤵
PID:8280

C:\Windows\System\GqrvPea.exe
C:\Windows\System\GqrvPea.exe
2⤵
PID:8316

C:\Windows\System\StikLkU.exe
C:\Windows\System\StikLkU.exe
2⤵
PID:8356

C:\Windows\System\ripKLab.exe
C:\Windows\System\ripKLab.exe
2⤵
PID:8400

C:\Windows\System\VOTNtiP.exe
C:\Windows\System\VOTNtiP.exe
2⤵
PID:8444

C:\Windows\System\OuyFpKi.exe
C:\Windows\System\OuyFpKi.exe
2⤵
PID:8484

C:\Windows\System\SANHQed.exe
C:\Windows\System\SANHQed.exe
2⤵
PID:8712

C:\Windows\System\SiEUQCM.exe
C:\Windows\System\SiEUQCM.exe
2⤵
PID:8836

C:\Windows\System\rcnDeJE.exe
C:\Windows\System\rcnDeJE.exe
2⤵
PID:8940

C:\Windows\System\JCEJNWD.exe
C:\Windows\System\JCEJNWD.exe
2⤵
PID:8980

C:\Windows\System\ejNVizc.exe
C:\Windows\System\ejNVizc.exe
2⤵
PID:9012

C:\Windows\System\LKnIQXj.exe
C:\Windows\System\LKnIQXj.exe
2⤵
PID:9040

C:\Windows\System\YMnIcLv.exe
C:\Windows\System\YMnIcLv.exe
2⤵
PID:9068

C:\Windows\System\lKvlUxV.exe
C:\Windows\System\lKvlUxV.exe
2⤵
PID:9096

C:\Windows\System\cQxpdbQ.exe
C:\Windows\System\cQxpdbQ.exe
2⤵
PID:9148

C:\Windows\System\rWcUqQB.exe
C:\Windows\System\rWcUqQB.exe
2⤵
PID:9184

C:\Windows\System\QdIhLzr.exe
C:\Windows\System\QdIhLzr.exe
2⤵
PID:4992

C:\Windows\System\PSRYXRK.exe
C:\Windows\System\PSRYXRK.exe
2⤵
PID:7516

C:\Windows\System\qTPmevS.exe
C:\Windows\System\qTPmevS.exe
2⤵
PID:8340

C:\Windows\System\xVXFVUQ.exe
C:\Windows\System\xVXFVUQ.exe
2⤵
PID:8376

C:\Windows\System\XorwDlu.exe
C:\Windows\System\XorwDlu.exe
2⤵
PID:8700

C:\Windows\System\mTxxxSY.exe
C:\Windows\System\mTxxxSY.exe
2⤵
PID:8264

C:\Windows\System\wTkihmi.exe
C:\Windows\System\wTkihmi.exe
2⤵
PID:8324

C:\Windows\System\ozwkUpB.exe
C:\Windows\System\ozwkUpB.exe
2⤵
PID:8792

C:\Windows\System\OfckOAg.exe
C:\Windows\System\OfckOAg.exe
2⤵
PID:8612

C:\Windows\System\tpihAlC.exe
C:\Windows\System\tpihAlC.exe
2⤵
PID:8948

C:\Windows\System\YwTwnFg.exe
C:\Windows\System\YwTwnFg.exe
2⤵
PID:8928

C:\Windows\System\wudMXuu.exe
C:\Windows\System\wudMXuu.exe
2⤵
PID:8992

C:\Windows\System\PiWQlgD.exe
C:\Windows\System\PiWQlgD.exe
2⤵
PID:9032

C:\Windows\System\oExljJM.exe
C:\Windows\System\oExljJM.exe
2⤵
PID:9128

C:\Windows\System\mJAgNOI.exe
C:\Windows\System\mJAgNOI.exe
2⤵
PID:7840

C:\Windows\System\QenROpr.exe
C:\Windows\System\QenROpr.exe
2⤵
PID:7880

C:\Windows\System\sBOlrbY.exe
C:\Windows\System\sBOlrbY.exe
2⤵
PID:8216

C:\Windows\System\SLzErJD.exe
C:\Windows\System\SLzErJD.exe
2⤵
PID:8312

C:\Windows\System\SgjJUtz.exe
C:\Windows\System\SgjJUtz.exe
2⤵
PID:8936

C:\Windows\System\OziHuNf.exe
C:\Windows\System\OziHuNf.exe
2⤵
PID:8976

C:\Windows\System\JoTLjpG.exe
C:\Windows\System\JoTLjpG.exe
2⤵
PID:9092

C:\Windows\System\NyNQdYw.exe
C:\Windows\System\NyNQdYw.exe
2⤵
PID:8388

C:\Windows\System\PlZCcbt.exe
C:\Windows\System\PlZCcbt.exe
2⤵
PID:8516

C:\Windows\System\AkXsyoV.exe
C:\Windows\System\AkXsyoV.exe
2⤵
PID:9020

C:\Windows\System\mSSfLKj.exe
C:\Windows\System\mSSfLKj.exe
2⤵
PID:7232

C:\Windows\System\pLYtdcw.exe
C:\Windows\System\pLYtdcw.exe
2⤵
PID:9160

C:\Windows\System\GpgycEq.exe
C:\Windows\System\GpgycEq.exe
2⤵
PID:9244

C:\Windows\System\pyPZCoy.exe
C:\Windows\System\pyPZCoy.exe
2⤵
PID:9284

C:\Windows\System\XVMWBDE.exe
C:\Windows\System\XVMWBDE.exe
2⤵
PID:9316

C:\Windows\System\swWioNV.exe
C:\Windows\System\swWioNV.exe
2⤵
PID:9344

C:\Windows\System\DGHFGMe.exe
C:\Windows\System\DGHFGMe.exe
2⤵
PID:9376

C:\Windows\System\xDdEqWb.exe
C:\Windows\System\xDdEqWb.exe
2⤵
PID:9404

C:\Windows\System\pNwVHrl.exe
C:\Windows\System\pNwVHrl.exe
2⤵
PID:9428

C:\Windows\System\iDOMBhN.exe
C:\Windows\System\iDOMBhN.exe
2⤵
PID:9460

C:\Windows\System\ZqDVweU.exe
C:\Windows\System\ZqDVweU.exe
2⤵
PID:9488

C:\Windows\System\CuKOFTm.exe
C:\Windows\System\CuKOFTm.exe
2⤵
PID:9504

C:\Windows\System\BkQkWCS.exe
C:\Windows\System\BkQkWCS.exe
2⤵
PID:9528

C:\Windows\System\kFHEWHA.exe
C:\Windows\System\kFHEWHA.exe
2⤵
PID:9560

C:\Windows\System\zotmBpD.exe
C:\Windows\System\zotmBpD.exe
2⤵
PID:9600

C:\Windows\System\KyLUkaD.exe
C:\Windows\System\KyLUkaD.exe
2⤵
PID:9628

C:\Windows\System\VPstKdN.exe
C:\Windows\System\VPstKdN.exe
2⤵
PID:9644

C:\Windows\System\PHbyFBB.exe
C:\Windows\System\PHbyFBB.exe
2⤵
PID:9672

C:\Windows\System\xrAToTI.exe
C:\Windows\System\xrAToTI.exe
2⤵
PID:9700

C:\Windows\System\DPpFBsZ.exe
C:\Windows\System\DPpFBsZ.exe
2⤵
PID:9728

C:\Windows\System\lnSHfxK.exe
C:\Windows\System\lnSHfxK.exe
2⤵
PID:9776

C:\Windows\System\eolSuoI.exe
C:\Windows\System\eolSuoI.exe
2⤵
PID:9800

C:\Windows\System\GeWziDH.exe
C:\Windows\System\GeWziDH.exe
2⤵
PID:9828

C:\Windows\System\yfgajNJ.exe
C:\Windows\System\yfgajNJ.exe
2⤵
PID:9856

C:\Windows\System\wIUrRtY.exe
C:\Windows\System\wIUrRtY.exe
2⤵
PID:9896

C:\Windows\System\zegYZob.exe
C:\Windows\System\zegYZob.exe
2⤵
PID:9912

C:\Windows\System\EgEkvxC.exe
C:\Windows\System\EgEkvxC.exe
2⤵
PID:9940

C:\Windows\System\ToEgEOw.exe
C:\Windows\System\ToEgEOw.exe
2⤵
PID:9968

C:\Windows\System\UIwLdLO.exe
C:\Windows\System\UIwLdLO.exe
2⤵
PID:10008

C:\Windows\System\ENZWEDC.exe
C:\Windows\System\ENZWEDC.exe
2⤵
PID:10024

C:\Windows\System\REiLBQU.exe
C:\Windows\System\REiLBQU.exe
2⤵
PID:10052

C:\Windows\System\meXkpYF.exe
C:\Windows\System\meXkpYF.exe
2⤵
PID:10080

C:\Windows\System\MCbzRlY.exe
C:\Windows\System\MCbzRlY.exe
2⤵
PID:10108

C:\Windows\System\hdArplT.exe
C:\Windows\System\hdArplT.exe
2⤵
PID:10136

C:\Windows\System\yivBVOO.exe
C:\Windows\System\yivBVOO.exe
2⤵
PID:10164

C:\Windows\System\bHoAdgb.exe
C:\Windows\System\bHoAdgb.exe
2⤵
PID:10192

C:\Windows\System\YdmoglB.exe
C:\Windows\System\YdmoglB.exe
2⤵
PID:10220

C:\Windows\System\goteHCA.exe
C:\Windows\System\goteHCA.exe
2⤵
PID:8096

C:\Windows\System\SParzJr.exe
C:\Windows\System\SParzJr.exe
2⤵
PID:9300

C:\Windows\System\RRkNeoz.exe
C:\Windows\System\RRkNeoz.exe
2⤵
PID:9332

C:\Windows\System\IPRRPwJ.exe
C:\Windows\System\IPRRPwJ.exe
2⤵
PID:9392

C:\Windows\System\wjbOarQ.exe
C:\Windows\System\wjbOarQ.exe
2⤵
PID:9456

C:\Windows\System\fRNUOWV.exe
C:\Windows\System\fRNUOWV.exe
2⤵
PID:9520

C:\Windows\System\QUTpePf.exe
C:\Windows\System\QUTpePf.exe
2⤵
PID:9612

C:\Windows\System\sCIfmoe.exe
C:\Windows\System\sCIfmoe.exe
2⤵
PID:9584

C:\Windows\System\uHrooLr.exe
C:\Windows\System\uHrooLr.exe
2⤵
PID:9656

C:\Windows\System\nBUNzxH.exe
C:\Windows\System\nBUNzxH.exe
2⤵
PID:9756

C:\Windows\System\JfqRCTp.exe
C:\Windows\System\JfqRCTp.exe
2⤵
PID:9844

C:\Windows\System\eognFCe.exe
C:\Windows\System\eognFCe.exe
2⤵
PID:9908

C:\Windows\System\jQaHcjM.exe
C:\Windows\System\jQaHcjM.exe
2⤵
PID:9988

C:\Windows\System\cfqzzdY.exe
C:\Windows\System\cfqzzdY.exe
2⤵
PID:10048

C:\Windows\System\xewaFDQ.exe
C:\Windows\System\xewaFDQ.exe
2⤵
PID:10120

C:\Windows\System\sqMTHHM.exe
C:\Windows\System\sqMTHHM.exe
2⤵
PID:10180

C:\Windows\System\QbKDgyS.exe
C:\Windows\System\QbKDgyS.exe
2⤵
PID:10208

C:\Windows\System\BjkVRey.exe
C:\Windows\System\BjkVRey.exe
2⤵
PID:9312

C:\Windows\System\jWObBBw.exe
C:\Windows\System\jWObBBw.exe
2⤵
PID:9388

C:\Windows\System\aYHyxli.exe
C:\Windows\System\aYHyxli.exe
2⤵
PID:9588

C:\Windows\System\JPvSpJt.exe
C:\Windows\System\JPvSpJt.exe
2⤵
PID:9692

C:\Windows\System\oiokVOR.exe
C:\Windows\System\oiokVOR.exe
2⤵
PID:9868

C:\Windows\System\KdFOOuC.exe
C:\Windows\System\KdFOOuC.exe
2⤵
PID:10016

C:\Windows\System\mkxUvlA.exe
C:\Windows\System\mkxUvlA.exe
2⤵
PID:10132

C:\Windows\System\mCoDkWt.exe
C:\Windows\System\mCoDkWt.exe
2⤵
PID:4860

C:\Windows\System\VEESVxT.exe
C:\Windows\System\VEESVxT.exe
2⤵
PID:9620

C:\Windows\System\JzVQcHb.exe
C:\Windows\System\JzVQcHb.exe
2⤵
PID:9932

C:\Windows\System\THZXHzn.exe
C:\Windows\System\THZXHzn.exe
2⤵
PID:10236

C:\Windows\System\sYSlpOY.exe
C:\Windows\System\sYSlpOY.exe
2⤵
PID:3716

C:\Windows\System\ANmzmFn.exe
C:\Windows\System\ANmzmFn.exe
2⤵
PID:10124

C:\Windows\System\NpyEYbR.exe
C:\Windows\System\NpyEYbR.exe
2⤵
PID:10248

C:\Windows\System\EajCbJX.exe
C:\Windows\System\EajCbJX.exe
2⤵
PID:10288

C:\Windows\System\XGzHJAM.exe
C:\Windows\System\XGzHJAM.exe
2⤵
PID:10304

C:\Windows\System\uKkXSvq.exe
C:\Windows\System\uKkXSvq.exe
2⤵
PID:10344

C:\Windows\System\NPJSBMj.exe
C:\Windows\System\NPJSBMj.exe
2⤵
PID:10372

C:\Windows\System\TwLrKaR.exe
C:\Windows\System\TwLrKaR.exe
2⤵
PID:10400

C:\Windows\System\skLLGYw.exe
C:\Windows\System\skLLGYw.exe
2⤵
PID:10428

C:\Windows\System\ynAfwsz.exe
C:\Windows\System\ynAfwsz.exe
2⤵
PID:10456

C:\Windows\System\atmOwwK.exe
C:\Windows\System\atmOwwK.exe
2⤵
PID:10484

C:\Windows\System\FUblxoZ.exe
C:\Windows\System\FUblxoZ.exe
2⤵
PID:10508

C:\Windows\System\mSJEviR.exe
C:\Windows\System\mSJEviR.exe
2⤵
PID:10528

C:\Windows\System\RtCXDvH.exe
C:\Windows\System\RtCXDvH.exe
2⤵
PID:10564

C:\Windows\System\LdoYrUs.exe
C:\Windows\System\LdoYrUs.exe
2⤵
PID:10596

C:\Windows\System\pbMLezG.exe
C:\Windows\System\pbMLezG.exe
2⤵
PID:10616

C:\Windows\System\Rsdbcet.exe
C:\Windows\System\Rsdbcet.exe
2⤵
PID:10636

C:\Windows\System\TbIoMWL.exe
C:\Windows\System\TbIoMWL.exe
2⤵
PID:10676

C:\Windows\System\kMGyzgO.exe
C:\Windows\System\kMGyzgO.exe
2⤵
PID:10712

C:\Windows\System\kbciDhR.exe
C:\Windows\System\kbciDhR.exe
2⤵
PID:10728

C:\Windows\System\auZfoxq.exe
C:\Windows\System\auZfoxq.exe
2⤵
PID:10756

C:\Windows\System\HwNYkoO.exe
C:\Windows\System\HwNYkoO.exe
2⤵
PID:10796

C:\Windows\System\kVkuBLR.exe
C:\Windows\System\kVkuBLR.exe
2⤵
PID:10812

C:\Windows\System\ENRiHIv.exe
C:\Windows\System\ENRiHIv.exe
2⤵
PID:10832

C:\Windows\System\DKAyhqC.exe
C:\Windows\System\DKAyhqC.exe
2⤵
PID:10848

C:\Windows\System\iRLqlDA.exe
C:\Windows\System\iRLqlDA.exe
2⤵
PID:10880

C:\Windows\System\QayoeoM.exe
C:\Windows\System\QayoeoM.exe
2⤵
PID:10912

C:\Windows\System\cSoHZaU.exe
C:\Windows\System\cSoHZaU.exe
2⤵
PID:10936

C:\Windows\System\ixRejXx.exe
C:\Windows\System\ixRejXx.exe
2⤵
PID:10992

C:\Windows\System\iRHJeRA.exe
C:\Windows\System\iRHJeRA.exe
2⤵
PID:11020

C:\Windows\System\LXJMLfC.exe
C:\Windows\System\LXJMLfC.exe
2⤵
PID:11036

C:\Windows\System\ibBauqo.exe
C:\Windows\System\ibBauqo.exe
2⤵
PID:11076

C:\Windows\System\swcKyya.exe
C:\Windows\System\swcKyya.exe
2⤵
PID:11100

C:\Windows\System\VvqgzwY.exe
C:\Windows\System\VvqgzwY.exe
2⤵
PID:11120

C:\Windows\System\XZVdziJ.exe
C:\Windows\System\XZVdziJ.exe
2⤵
PID:11152

C:\Windows\System\zXUlEQB.exe
C:\Windows\System\zXUlEQB.exe
2⤵
PID:11180

C:\Windows\System\IVFBxNw.exe
C:\Windows\System\IVFBxNw.exe
2⤵
PID:11212

C:\Windows\System\jKXJSyU.exe
C:\Windows\System\jKXJSyU.exe
2⤵
PID:11252

C:\Windows\System\vuRIxol.exe
C:\Windows\System\vuRIxol.exe
2⤵
PID:10272

C:\Windows\System\EjRDxiq.exe
C:\Windows\System\EjRDxiq.exe
2⤵
PID:10336

C:\Windows\System\LhAduQc.exe
C:\Windows\System\LhAduQc.exe
2⤵
PID:10396

C:\Windows\System\pUVhMAQ.exe
C:\Windows\System\pUVhMAQ.exe
2⤵
PID:10452

C:\Windows\System\xcDKYNL.exe
C:\Windows\System\xcDKYNL.exe
2⤵
PID:10492

C:\Windows\System\EIQqCes.exe
C:\Windows\System\EIQqCes.exe
2⤵
PID:10580

C:\Windows\System\nBKFhgC.exe
C:\Windows\System\nBKFhgC.exe
2⤵
PID:10632

C:\Windows\System\VQCNFSS.exe
C:\Windows\System\VQCNFSS.exe
2⤵
PID:10748

C:\Windows\System\TpGmrpW.exe
C:\Windows\System\TpGmrpW.exe
2⤵
PID:10808

C:\Windows\System\WvKluEG.exe
C:\Windows\System\WvKluEG.exe
2⤵
PID:10828

C:\Windows\System\pzKqQWK.exe
C:\Windows\System\pzKqQWK.exe
2⤵
PID:10972

C:\Windows\System\DnjGiSY.exe
C:\Windows\System\DnjGiSY.exe
2⤵
PID:10932

C:\Windows\System\NFTmXug.exe
C:\Windows\System\NFTmXug.exe
2⤵
PID:11032

C:\Windows\System\UGJbxkA.exe
C:\Windows\System\UGJbxkA.exe
2⤵
PID:11056

C:\Windows\System\hAUHUXc.exe
C:\Windows\System\hAUHUXc.exe
2⤵
PID:11116

C:\Windows\System\zBvHOQO.exe
C:\Windows\System\zBvHOQO.exe
2⤵
PID:11240

C:\Windows\System\kVXAKFy.exe
C:\Windows\System\kVXAKFy.exe
2⤵
PID:10320

C:\Windows\System\gtaDyaX.exe
C:\Windows\System\gtaDyaX.exe
2⤵
PID:10448

C:\Windows\System\OPIcmbQ.exe
C:\Windows\System\OPIcmbQ.exe
2⤵
PID:3348

C:\Windows\System\Peuagcn.exe
C:\Windows\System\Peuagcn.exe
2⤵
PID:10720

C:\Windows\System\BIvHipq.exe
C:\Windows\System\BIvHipq.exe
2⤵
PID:10868

C:\Windows\System\iUrOMLw.exe
C:\Windows\System\iUrOMLw.exe
2⤵
PID:10924

C:\Windows\System\azVYxRy.exe
C:\Windows\System\azVYxRy.exe
2⤵
PID:11064

C:\Windows\System\mWXOXIX.exe
C:\Windows\System\mWXOXIX.exe
2⤵
PID:10244

C:\Windows\System\GzSvcts.exe
C:\Windows\System\GzSvcts.exe
2⤵
PID:10664

C:\Windows\System\hamOOkH.exe
C:\Windows\System\hamOOkH.exe
2⤵
PID:11012

C:\Windows\System\rBwjfGR.exe
C:\Windows\System\rBwjfGR.exe
2⤵
PID:10520

C:\Windows\System\ajiMsdT.exe
C:\Windows\System\ajiMsdT.exe
2⤵
PID:11192

C:\Windows\System\YRsICJG.exe
C:\Windows\System\YRsICJG.exe
2⤵
PID:11276

C:\Windows\System\QvWnteY.exe
C:\Windows\System\QvWnteY.exe
2⤵
PID:11304

C:\Windows\System\nxyuMCv.exe
C:\Windows\System\nxyuMCv.exe
2⤵
PID:11332

C:\Windows\System\MxMiLdQ.exe
C:\Windows\System\MxMiLdQ.exe
2⤵
PID:11348

C:\Windows\System\JKzzCHe.exe
C:\Windows\System\JKzzCHe.exe
2⤵
PID:11368

C:\Windows\System\REfHEmw.exe
C:\Windows\System\REfHEmw.exe
2⤵
PID:11404

C:\Windows\System\tlNHMGg.exe
C:\Windows\System\tlNHMGg.exe
2⤵
PID:11428

C:\Windows\System\EpTYknG.exe
C:\Windows\System\EpTYknG.exe
2⤵
PID:11452

C:\Windows\System\VplYBqj.exe
C:\Windows\System\VplYBqj.exe
2⤵
PID:11488

C:\Windows\System\wQZvJlO.exe
C:\Windows\System\wQZvJlO.exe
2⤵
PID:11516

C:\Windows\System\VZhbwNG.exe
C:\Windows\System\VZhbwNG.exe
2⤵
PID:11560

C:\Windows\System\fxeqevN.exe
C:\Windows\System\fxeqevN.exe
2⤵
PID:11588

C:\Windows\System\JKHcFSs.exe
C:\Windows\System\JKHcFSs.exe
2⤵
PID:11616

C:\Windows\System\WYlQIhr.exe
C:\Windows\System\WYlQIhr.exe
2⤵
PID:11632

C:\Windows\System\eOLYFEz.exe
C:\Windows\System\eOLYFEz.exe
2⤵
PID:11660

C:\Windows\System\BFRAlZU.exe
C:\Windows\System\BFRAlZU.exe
2⤵
PID:11696

C:\Windows\System\vaCVOSx.exe
C:\Windows\System\vaCVOSx.exe
2⤵
PID:11716

C:\Windows\System\RvdHQwp.exe
C:\Windows\System\RvdHQwp.exe
2⤵
PID:11756

C:\Windows\System\DGWHsGc.exe
C:\Windows\System\DGWHsGc.exe
2⤵
PID:11772

C:\Windows\System\KKhqTbj.exe
C:\Windows\System\KKhqTbj.exe
2⤵
PID:11800

C:\Windows\System\qFldepE.exe
C:\Windows\System\qFldepE.exe
2⤵
PID:11828

C:\Windows\System\NDJkfEb.exe
C:\Windows\System\NDJkfEb.exe
2⤵
PID:11856

C:\Windows\System\pbJhVxi.exe
C:\Windows\System\pbJhVxi.exe
2⤵
PID:11888

C:\Windows\System\hEUYOou.exe
C:\Windows\System\hEUYOou.exe
2⤵
PID:11912

C:\Windows\System\RVkJVUN.exe
C:\Windows\System\RVkJVUN.exe
2⤵
PID:11928

C:\Windows\System\EAQTuQH.exe
C:\Windows\System\EAQTuQH.exe
2⤵
PID:11972

C:\Windows\System\lsqtLoT.exe
C:\Windows\System\lsqtLoT.exe
2⤵
PID:11992

C:\Windows\System\SlHswcX.exe
C:\Windows\System\SlHswcX.exe
2⤵
PID:12016

C:\Windows\System\ArYmpCX.exe
C:\Windows\System\ArYmpCX.exe
2⤵
PID:12056

C:\Windows\System\YRkBOfs.exe
C:\Windows\System\YRkBOfs.exe
2⤵
PID:12084

C:\Windows\System\tckCfZG.exe
C:\Windows\System\tckCfZG.exe
2⤵
PID:12100

C:\Windows\System\SCfWcfS.exe
C:\Windows\System\SCfWcfS.exe
2⤵
PID:12152

C:\Windows\System\kudbdTM.exe
C:\Windows\System\kudbdTM.exe
2⤵
PID:12168

C:\Windows\System\QITCFaT.exe
C:\Windows\System\QITCFaT.exe
2⤵
PID:12196

C:\Windows\System\ornUhfG.exe
C:\Windows\System\ornUhfG.exe
2⤵
PID:12224

C:\Windows\System\aOfpdZS.exe
C:\Windows\System\aOfpdZS.exe
2⤵
PID:12264

C:\Windows\System\NesXSkK.exe
C:\Windows\System\NesXSkK.exe
2⤵
PID:3748

C:\Windows\System\dhyBmLD.exe
C:\Windows\System\dhyBmLD.exe
2⤵
PID:11300

C:\Windows\System\VaBtmfx.exe
C:\Windows\System\VaBtmfx.exe
2⤵
PID:11380

C:\Windows\System\TCyqoLO.exe
C:\Windows\System\TCyqoLO.exe
2⤵
PID:11424

C:\Windows\System\pvKQWle.exe
C:\Windows\System\pvKQWle.exe
2⤵
PID:11512

C:\Windows\System\mLwDeJP.exe
C:\Windows\System\mLwDeJP.exe
2⤵
PID:11576

C:\Windows\System\MVvqctJ.exe
C:\Windows\System\MVvqctJ.exe
2⤵
PID:11204

C:\Windows\System\CmZCYyX.exe
C:\Windows\System\CmZCYyX.exe
2⤵
PID:11680

C:\Windows\System\etbJKzF.exe
C:\Windows\System\etbJKzF.exe
2⤵
PID:11744

C:\Windows\System\goyyVKv.exe
C:\Windows\System\goyyVKv.exe
2⤵
PID:11848

C:\Windows\System\tzeCEED.exe
C:\Windows\System\tzeCEED.exe
2⤵
PID:11872

C:\Windows\System\YKRbXbQ.exe
C:\Windows\System\YKRbXbQ.exe
2⤵
PID:11964

C:\Windows\System\bttbjjO.exe
C:\Windows\System\bttbjjO.exe
2⤵
PID:12000

C:\Windows\System\XbGEwfU.exe
C:\Windows\System\XbGEwfU.exe
2⤵
PID:12080

C:\Windows\System\eXgbWES.exe
C:\Windows\System\eXgbWES.exe
2⤵
PID:12216

C:\Windows\System\QAqyDts.exe
C:\Windows\System\QAqyDts.exe
2⤵
PID:11060

C:\Windows\System\EuNxdJT.exe
C:\Windows\System\EuNxdJT.exe
2⤵
PID:11364

C:\Windows\System\fFOymoh.exe
C:\Windows\System\fFOymoh.exe
2⤵
PID:11468

C:\Windows\System\lYTkpHp.exe
C:\Windows\System\lYTkpHp.exe
2⤵
PID:11600

C:\Windows\System\GUeQzVA.exe
C:\Windows\System\GUeQzVA.exe
2⤵
PID:11824

C:\Windows\System\DqlQnGo.exe
C:\Windows\System\DqlQnGo.exe
2⤵
PID:11924

C:\Windows\System\lhZpFva.exe
C:\Windows\System\lhZpFva.exe
2⤵
PID:12132

C:\Windows\System\TbAEdYW.exe
C:\Windows\System\TbAEdYW.exe
2⤵
PID:12284

C:\Windows\System\JVJrJSY.exe
C:\Windows\System\JVJrJSY.exe
2⤵
PID:11844

C:\Windows\System\XWzpDkM.exe
C:\Windows\System\XWzpDkM.exe
2⤵
PID:12068

C:\Windows\System\DsorLVy.exe
C:\Windows\System\DsorLVy.exe
2⤵
PID:12208

C:\Windows\System\rvyRocw.exe
C:\Windows\System\rvyRocw.exe
2⤵
PID:12008

C:\Windows\System\Ncwfzay.exe
C:\Windows\System\Ncwfzay.exe
2⤵
PID:12296

C:\Windows\System\xlDsgZs.exe
C:\Windows\System\xlDsgZs.exe
2⤵
PID:12312

C:\Windows\System\GhQCdZW.exe
C:\Windows\System\GhQCdZW.exe
2⤵
PID:12328

C:\Windows\System\YfSNWYm.exe
C:\Windows\System\YfSNWYm.exe
2⤵
PID:12356

C:\Windows\System\UIsusNT.exe
C:\Windows\System\UIsusNT.exe
2⤵
PID:12384

C:\Windows\System\iyTcDpF.exe
C:\Windows\System\iyTcDpF.exe
2⤵
PID:12408

C:\Windows\System\UPVWQKT.exe
C:\Windows\System\UPVWQKT.exe
2⤵
PID:12432

C:\Windows\System\wrVQfKT.exe
C:\Windows\System\wrVQfKT.exe
2⤵
PID:12456

C:\Windows\System\TKnQyFI.exe
C:\Windows\System\TKnQyFI.exe
2⤵
PID:12488

C:\Windows\System\CwYDBPf.exe
C:\Windows\System\CwYDBPf.exe
2⤵
PID:12520

C:\Windows\System\pYjCinM.exe
C:\Windows\System\pYjCinM.exe
2⤵
PID:12544

C:\Windows\System\EmLZOAa.exe
C:\Windows\System\EmLZOAa.exe
2⤵
PID:12568

C:\Windows\System\PmvtRCE.exe
C:\Windows\System\PmvtRCE.exe
2⤵
PID:12596

C:\Windows\System\QZLPuUv.exe
C:\Windows\System\QZLPuUv.exe
2⤵
PID:12632

C:\Windows\System\bUDVhrP.exe
C:\Windows\System\bUDVhrP.exe
2⤵
PID:12660

C:\Windows\System\VrovKBe.exe
C:\Windows\System\VrovKBe.exe
2⤵
PID:12688

C:\Windows\System\sQMAakS.exe
C:\Windows\System\sQMAakS.exe
2⤵
PID:12704

C:\Windows\System\VMHICuC.exe
C:\Windows\System\VMHICuC.exe
2⤵
PID:12736

C:\Windows\System\dUKMykL.exe
C:\Windows\System\dUKMykL.exe
2⤵
PID:12764

C:\Windows\System\poUPcwu.exe
C:\Windows\System\poUPcwu.exe
2⤵
PID:12788

C:\Windows\System\AdcqvRB.exe
C:\Windows\System\AdcqvRB.exe
2⤵
PID:12812

C:\Windows\System\KfJfxre.exe
C:\Windows\System\KfJfxre.exe
2⤵
PID:12844

C:\Windows\System\mbGlmYW.exe
C:\Windows\System\mbGlmYW.exe
2⤵
PID:12876

C:\Windows\System\WPgtOmT.exe
C:\Windows\System\WPgtOmT.exe
2⤵
PID:12908

C:\Windows\System\xOSpyaf.exe
C:\Windows\System\xOSpyaf.exe
2⤵
PID:12928

C:\Windows\System\MTijsur.exe
C:\Windows\System\MTijsur.exe
2⤵
PID:12964

C:\Windows\System\qqQBofL.exe
C:\Windows\System\qqQBofL.exe
2⤵
PID:13008

C:\Windows\System\ppxLTFK.exe
C:\Windows\System\ppxLTFK.exe
2⤵
PID:13032

C:\Windows\System\sSwomID.exe
C:\Windows\System\sSwomID.exe
2⤵
PID:13068

C:\Windows\System\OkAopJo.exe
C:\Windows\System\OkAopJo.exe
2⤵
PID:13100

C:\Windows\System\KCZGQUf.exe
C:\Windows\System\KCZGQUf.exe
2⤵
PID:13128

C:\Windows\System\hbUzlGn.exe
C:\Windows\System\hbUzlGn.exe
2⤵
PID:13160

C:\Windows\System\XvqnnSH.exe
C:\Windows\System\XvqnnSH.exe
2⤵
PID:13204

C:\Windows\System\BYxLcaJ.exe
C:\Windows\System\BYxLcaJ.exe
2⤵
PID:13224

C:\Windows\System\rmkpPOK.exe
C:\Windows\System\rmkpPOK.exe
2⤵
PID:13252

C:\Windows\System\JQCXAZV.exe
C:\Windows\System\JQCXAZV.exe
2⤵
PID:13288

C:\Windows\System\XxnWBdC.exe
C:\Windows\System\XxnWBdC.exe
2⤵
PID:11548

C:\Windows\System\NkEFqMa.exe
C:\Windows\System\NkEFqMa.exe
2⤵
PID:12348

C:\Windows\System\nNAmCJQ.exe
C:\Windows\System\nNAmCJQ.exe
2⤵
PID:12448

C:\Windows\System\KMqPDvh.exe
C:\Windows\System\KMqPDvh.exe
2⤵
PID:12476

C:\Windows\System\eOpaQOI.exe
C:\Windows\System\eOpaQOI.exe
2⤵
PID:12592

C:\Windows\System\AjAkauC.exe
C:\Windows\System\AjAkauC.exe
2⤵
PID:12680

C:\Windows\System\exQNfDU.exe
C:\Windows\System\exQNfDU.exe
2⤵
PID:12712

C:\Windows\System\hcqmmWP.exe
C:\Windows\System\hcqmmWP.exe
2⤵
PID:12644

C:\Windows\System\xxHMQbN.exe
C:\Windows\System\xxHMQbN.exe
2⤵
PID:12700

C:\Windows\System\JPugYRt.exe
C:\Windows\System\JPugYRt.exe
2⤵
PID:12780

C:\Windows\System\JnwmfwX.exe
C:\Windows\System\JnwmfwX.exe
2⤵
PID:12824

C:\Windows\System\cSVoJQd.exe
C:\Windows\System\cSVoJQd.exe
2⤵
PID:12892

C:\Windows\System\FbpkXsL.exe
C:\Windows\System\FbpkXsL.exe
2⤵
PID:13108

C:\Windows\System\xhrQXPt.exe
C:\Windows\System\xhrQXPt.exe
2⤵
PID:13152

C:\Windows\System\ErnzIdL.exe
C:\Windows\System\ErnzIdL.exe
2⤵
PID:13124

C:\Windows\System\ExqGfyD.exe
C:\Windows\System\ExqGfyD.exe
2⤵
PID:13260

C:\Windows\System\zyheZzX.exe
C:\Windows\System\zyheZzX.exe
2⤵
PID:13240

C:\Windows\System\qmRRgWT.exe
C:\Windows\System\qmRRgWT.exe
2⤵
PID:12420

C:\Windows\System\rOAFMid.exe
C:\Windows\System\rOAFMid.exe
2⤵
PID:12732

C:\Windows\System\gEzVQlw.exe
C:\Windows\System\gEzVQlw.exe
2⤵
PID:12696

C:\Windows\System\CNbkDHZ.exe
C:\Windows\System\CNbkDHZ.exe
2⤵
PID:13076

C:\Windows\System\LRbDgFn.exe
C:\Windows\System\LRbDgFn.exe
2⤵
PID:12936

C:\Windows\System\uJHhnSi.exe
C:\Windows\System\uJHhnSi.exe
2⤵
PID:13156

C:\Windows\System\ZhIUAHK.exe
C:\Windows\System\ZhIUAHK.exe
2⤵
PID:4260

C:\Windows\System\XMXGIWj.exe
C:\Windows\System\XMXGIWj.exe
2⤵
PID:12368

C:\Windows\System\qefrYLZ.exe
C:\Windows\System\qefrYLZ.exe
2⤵
PID:12676

C:\Windows\System\CPwoDyp.exe
C:\Windows\System\CPwoDyp.exe
2⤵
PID:2696

C:\Windows\System\LkHRrQQ.exe
C:\Windows\System\LkHRrQQ.exe
2⤵
PID:13276

C:\Windows\System\EynSegJ.exe
C:\Windows\System\EynSegJ.exe
2⤵
PID:12540

C:\Windows\System\dhwbsfE.exe
C:\Windows\System\dhwbsfE.exe
2⤵
PID:12852

C:\Windows\System\nSBxQKa.exe
C:\Windows\System\nSBxQKa.exe
2⤵
PID:13332

C:\Windows\System\FvImWSQ.exe
C:\Windows\System\FvImWSQ.exe
2⤵
PID:13360

C:\Windows\System\HsYsvHM.exe
C:\Windows\System\HsYsvHM.exe
2⤵
PID:13392

C:\Windows\System\QhwfKvj.exe
C:\Windows\System\QhwfKvj.exe
2⤵
PID:13416

C:\Windows\System\YIIlXWW.exe
C:\Windows\System\YIIlXWW.exe
2⤵
PID:13448

C:\Windows\System\CZauevj.exe
C:\Windows\System\CZauevj.exe
2⤵
PID:13472

C:\Windows\System\eBNTCIG.exe
C:\Windows\System\eBNTCIG.exe
2⤵
PID:13492

C:\Windows\System\GYWrnSH.exe
C:\Windows\System\GYWrnSH.exe
2⤵
PID:13520

C:\Windows\System\dFETHEE.exe
C:\Windows\System\dFETHEE.exe
2⤵
PID:13544

C:\Windows\System\sRDjgXG.exe
C:\Windows\System\sRDjgXG.exe
2⤵
PID:13568

C:\Windows\System\pXCWtmS.exe
C:\Windows\System\pXCWtmS.exe
2⤵
PID:13596

C:\Windows\System\kClZVGS.exe
C:\Windows\System\kClZVGS.exe
2⤵
PID:13636

C:\Windows\System\BasNAJb.exe
C:\Windows\System\BasNAJb.exe
2⤵
PID:13664

C:\Windows\System\UEpDvYr.exe
C:\Windows\System\UEpDvYr.exe
2⤵
PID:13692

C:\Windows\System\MqtWJXb.exe
C:\Windows\System\MqtWJXb.exe
2⤵
PID:13724

C:\Windows\System\WqSQCNo.exe
C:\Windows\System\WqSQCNo.exe
2⤵
PID:13748

C:\Windows\System\cpCHQWS.exe
C:\Windows\System\cpCHQWS.exe
2⤵
PID:13764

C:\Windows\System\XdtdGxX.exe
C:\Windows\System\XdtdGxX.exe
2⤵
PID:13788

C:\Windows\System\JnCTHMd.exe
C:\Windows\System\JnCTHMd.exe
2⤵
PID:13816

C:\Windows\System\JbFZvhZ.exe
C:\Windows\System\JbFZvhZ.exe
2⤵
PID:13848

C:\Windows\System\cmtdkoM.exe
C:\Windows\System\cmtdkoM.exe
2⤵
PID:13876

C:\Windows\System\SUQnjJX.exe
C:\Windows\System\SUQnjJX.exe
2⤵
PID:13904

C:\Windows\System\mhntAks.exe
C:\Windows\System\mhntAks.exe
2⤵
PID:13940

C:\Windows\System\heMfPXr.exe
C:\Windows\System\heMfPXr.exe
2⤵
PID:13960

C:\Windows\System\vtTnmoJ.exe
C:\Windows\System\vtTnmoJ.exe
2⤵
PID:13984

C:\Windows\System\RniYVzH.exe
C:\Windows\System\RniYVzH.exe
2⤵
PID:14012

C:\Windows\System\qnTBezg.exe
C:\Windows\System\qnTBezg.exe
2⤵
PID:14044

C:\Windows\System\xUuBccM.exe
C:\Windows\System\xUuBccM.exe
2⤵
PID:14076

C:\Windows\System\GoUylFd.exe
C:\Windows\System\GoUylFd.exe
2⤵
PID:14116

C:\Windows\System\IODZwKn.exe
C:\Windows\System\IODZwKn.exe
2⤵
PID:14136

C:\Windows\System\IzyTBqA.exe
C:\Windows\System\IzyTBqA.exe
2⤵
PID:14168

C:\Windows\System\ASJcDvY.exe
C:\Windows\System\ASJcDvY.exe
2⤵
PID:14192

C:\Windows\System\tvupJAq.exe
C:\Windows\System\tvupJAq.exe
2⤵
PID:14220

C:\Windows\System\XfSQaAT.exe
C:\Windows\System\XfSQaAT.exe
2⤵
PID:14248

C:\Windows\System\XRbsesw.exe
C:\Windows\System\XRbsesw.exe
2⤵
PID:14276

C:\Windows\System\VfHaQNz.exe
C:\Windows\System\VfHaQNz.exe
2⤵
PID:14320

C:\Windows\System\pnYOcTN.exe
C:\Windows\System\pnYOcTN.exe
2⤵
PID:2256

C:\Windows\System\dqSuxGl.exe
C:\Windows\System\dqSuxGl.exe
2⤵
PID:13384

C:\Windows\System\SwuVllq.exe
C:\Windows\System\SwuVllq.exe
2⤵
PID:13408

C:\Windows\System\BbfwuCr.exe
C:\Windows\System\BbfwuCr.exe
2⤵
PID:13468

C:\Windows\System\yLfgpvD.exe
C:\Windows\System\yLfgpvD.exe
2⤵
PID:13552

C:\Windows\System\UoCNjHF.exe
C:\Windows\System\UoCNjHF.exe
2⤵
PID:13652

C:\Windows\System\vYlDAft.exe
C:\Windows\System\vYlDAft.exe
2⤵
PID:13680

C:\Windows\System\wHnpgTo.exe
C:\Windows\System\wHnpgTo.exe
2⤵
PID:13676

C:\Windows\System\wMfZMyv.exe
C:\Windows\System\wMfZMyv.exe
2⤵
PID:13776

C:\Windows\System\VqQKzml.exe
C:\Windows\System\VqQKzml.exe
2⤵
PID:1608

C:\Windows\System\XiDkFxS.exe
C:\Windows\System\XiDkFxS.exe
2⤵
PID:13860

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CYqNOXx.exe

Filesize
2.2MB

MD5
5a1988b21e4edd6c48fe62d01ca0bcfd

SHA1
491e29bcdfe40ebe8493b535bb19205ab0bccbf9

SHA256
30aa869ea0ba5b1d1de09ba62ae2de035962d8ddf0384aecdeb3df64cae53f17

SHA512
3953616461d67b8d5e677dfafba9af7c4f99c099f91ded16da7f1440dbe3c8262bcfb20d18fd064fdfadd5f7ddf3eb6a49273880c90590b31815a4983d1eee5b

Download Submit
C:\Windows\System\Djbyvax.exe

Filesize
2.2MB

MD5
9e4dea43b3c3465cae1b04788a13af51

SHA1
deced33a4f3aa49e8fc0eca8beaa0994680c5a7e

SHA256
12dccef3144d838489eb14c80a6ee85b4f8b286c3f2670629895d41c3752e3ce

SHA512
8fe9e183d861327e475e0907949d647d6c1b0f3c7b0a974b72834806b60ecf92433f089e7beb8e5808859d7f0475b31b3e72308fe6d04d29988ffc636def7dc4

Download Submit
C:\Windows\System\DuyQSyC.exe

Filesize
2.2MB

MD5
efe47f05767d7bf58cb3282592451648

SHA1
54efbc5e17bcf75babbf977f8812cbba72a71ad9

SHA256
841dcfa2892716177594dff316891256542833af42898caf9ccde3966c691125

SHA512
86da1ad06036e82a5724feb1fdc83a6e884d07e623d7c84f14e9a2077a72b352b24933545eaca1f341bcfaa0537c0ccae1ba82dc1768543a761b49ea743228c8

Download Submit
C:\Windows\System\DwQIsBu.exe

Filesize
2.2MB

MD5
66365943afc60532ae2901e52c49ab77

SHA1
16729546dcd0d0f7e56dd95607d82c628a1bfc2f

SHA256
f63a676bac5252c1e87d79f46b17c92501918b48d03ee7ef2f9fab3a58689ac5

SHA512
9745f23656e7418f039e4bc27a8a1ca3645ceed2a4c9be6b8d567f4b52a60802ca185b89366e0bd65a9c504ae51fe7d343132b8a1a15d568fb5b82d6be59b7f9

Download Submit
C:\Windows\System\GJiEeeX.exe

Filesize
2.2MB

MD5
e09275b64c6d9c101d746409e6b16f97

SHA1
67c0d1bb28718a64bb5a229fa4da60c250835c20

SHA256
758923512ba09b0701758b1852fbf49a281e07b494e9bbc358bbca938332a66e

SHA512
d29b54636c4c290723fcb179ef226dfae52802a5813a9bedaf054b3dfd951fe001d8f6bd50c0cf8b1546baf3921c5557281b973e22f795c91da8ae93adcf87ac

Download Submit
C:\Windows\System\HOnDekD.exe

Filesize
2.2MB

MD5
83fe012633c3e6fcc41c5b96658f70e0

SHA1
d6a6f0fed48c8e545f5e30349bb18164afed7dd4

SHA256
65c7ea0f3774d03417ecc690e9bdf117e7d024498c7136646a8af16dbd6e2c8a

SHA512
87f04dc42655d9d078e3efe0268fa819909703b183a68e84c07c9f44c3246e8d0e847de6442c4faa45313dbfa004e3c4f2ec23159cde4a0a14feb7be0cfc3712

Download Submit
C:\Windows\System\IVzIbKx.exe

Filesize
2.2MB

MD5
2b1212c122b98d54a762a3ace25471e5

SHA1
f455448d28cb2976e1cc91e1429765756205cb96

SHA256
9831561b836482654bbddc8b385b043f2bec79032866ded705ff1b1d1ee7ec59

SHA512
eef8f309577f59d23fdad6234dd740aa652e583e1383383b293ad728bf640213803c50b7fe493eb13f6f117b36d6b7212da0b21db7c7cb218b46f07a30a5744d

Download Submit
C:\Windows\System\KXlyXNU.exe

Filesize
2.2MB

MD5
b5781d67dac9870b731b6cbcd79f8d30

SHA1
3dfd4c40fad64c385df70dca7e8f6c3ffd1ecb8f

SHA256
7e4a914b0b654d90102dc0470ae2cbd3fdf9ccb0fbad38bb6e1b827ffde586bb

SHA512
58d213ccc5bf4683ef94ae7572a1316b7343ded2c62349358e1f384b900e51d2281618e5bf0a980c0d78cbaaf690f6d7f10e7adb28f5e21196228f9e780a722e

Download Submit
C:\Windows\System\MzRBqli.exe

Filesize
2.2MB

MD5
f5dcc22f49490eebd2d9449990e2b51e

SHA1
da512d854bc82c278547469061e261240adf6234

SHA256
16f5e9087b91f38777a012d4fe6d6860af0291291ecb7e1b0705376acac7d06b

SHA512
425db76fd24404b85b468a14ebef4510421f4bde304c5bbb862cf2859984bc4e261e0e0b712df630104da0c27c7bb49b3540d406508f6b1d37867249896b39e5

Download Submit
C:\Windows\System\NkyLLEd.exe

Filesize
2.2MB

MD5
01dfea4968880ae68c9c078c6621e397

SHA1
0b3b15d3dc0d4d420b0e67b8b333dc83d6de9ca1

SHA256
08a9ed8ccf400e080c0b9a9f0e5302fb64bbf28d17291742441747e3224a1544

SHA512
312d380f438bfd6e616da819badd0d0f8748599ed60bde39a916c775570d4f68519ebc265321c9346144921a187fb8f452e9b3e8f44ca59b66eda2de4db4f3bf

Download Submit
C:\Windows\System\OOWOJpT.exe

Filesize
2.2MB

MD5
3421a05d0bdac0c1b5030c22fbe5d2ef

SHA1
e9d9f381f9e19bd5401a31e0cda872b6ac5c735b

SHA256
1beddf8c87d2cc8571d504c1a7f22688979685080cc66692154e591d2e74e1de

SHA512
fbf88bb9a9040f61bd468b8067b3e7aefdaf7ee0a9794d61d9684ea7e93f8e3388d45597a1c6bf6f8d734e74a53abeb08b71bab824abcfe99e46b97a25fe6b7a

Download Submit
C:\Windows\System\PclpHht.exe

Filesize
2.2MB

MD5
8e11d126e4448a2fd84d90d81c9e3cf2

SHA1
b3a52f58b92cce692a5a0ae75cfcf2d8b6885ba2

SHA256
71860b2b2582091435e9df24dec72179aa93f8e8fd133081432e2f2a365115a4

SHA512
a2d02056e4ad7cd0fead8df55249b45a51c3a9f5ddebe24981e10b5fbddecf565bf8e10657a18c7a7f5742294c32d54a201e4a7120ac115dd2e1ba074be1049c

Download Submit
C:\Windows\System\PdWgZUM.exe

Filesize
2.2MB

MD5
050e3109c703b567ed41fe355e23aeae

SHA1
f766fcf13fe9cf373c27d2512b30628abfa4ff31

SHA256
964e675b7105cd738072d2185f4061023354c6a32e560ab46079d30f931798d7

SHA512
65a2900dc4173ccddf67f84b7acb1485daa83f086bbcba1e43f0380d444f601ce5d66c06c2b5df9adfab1edffb702762c73ebf8ec4668b07e1253c50a08b4757

Download Submit
C:\Windows\System\QPYIpFN.exe

Filesize
2.2MB

MD5
dec7df87deb75b776509fe74cba6d5c8

SHA1
1868feb8e9ae302679e9a46450a7c982d0b945ab

SHA256
424f04aeefa61462db42fe66e9d39b258206f9bb6c2cf3af154094ad379ae53f

SHA512
f8c855acaf56b14505d9eafed1e69b7b87abe9a911f5c14e9293dacd363ce27791bf1fdfe05a69785ecc1c3bf6934ec0aa132f5a2ea3ec85151aec3d79f44aaa

Download Submit
C:\Windows\System\QqxcOrL.exe

Filesize
2.2MB

MD5
115b9f3c68ca97d27cb694f21b0c871a

SHA1
47c911c93eb218aaa09e6d20e870bc4e0b574ffa

SHA256
5ae5c3dde22065411633d3d2fdca86373ba4dfa735877abc0d1518c71bb11410

SHA512
2ff774011fd71397bde95e17f382ddda2d305c4f83cb79c13bf536dd444e8aeca9d747beb63e5892f784830132088d1a014bd8720a6c69f0ca9e9a6ea3bb18f6

Download Submit
C:\Windows\System\RrorRXU.exe

Filesize
2.2MB

MD5
054ad2c8c6ceb65e80ad60ed6e7f65a4

SHA1
51e83ae3e250ffac716287485c9be07d5849aefd

SHA256
d77ffc19ef5fef947a6c8db8f82802a070a693a5adc54733f5f4c1d3d99e8809

SHA512
2e894d68cd16a8a429864b9a738942cde1b279b74a41a496d8f68c69a1b9ffb52dbd737e83fa72ff6f2722cb51e4bd6937d73502786d081e4c516dcacd1aa039

Download Submit
C:\Windows\System\UJUewVP.exe

Filesize
2.2MB

MD5
2d03bb212c2dfe80b35598cd327aba6c

SHA1
b532e35ae5e52cbe4c3654b84660d0f00d209473

SHA256
5202e7772e7870a631b7c655bd3374f11f570b284493b261e22f159fdfe0c43d

SHA512
7e6236acc08bce344d350c9c1fe80583115199705a27a48fcf074c61b76edff58b5c6f0f5b720bd89bda53645c630ab2f38ab3b06049bbacedd53b8cc3ba9c7b

Download Submit
C:\Windows\System\UQCWBgl.exe

Filesize
2.2MB

MD5
8f04c26e275a84b04b7d80973e43e864

SHA1
d184afff855ad4a172e0da053d93655aa90a595f

SHA256
ee78b6daa83a798801f24ecc279bc8af6a51827f1ba2703153e89b8de1c0dca5

SHA512
536e729a93e3330a709014e84d45559e15c940b542ba4ebd9e882bc5783335fffca3f2572a6177b939f8874015e44f9b0714e8a56abca9b25a6cc760e5d69da7

Download Submit
C:\Windows\System\VygYbtd.exe

Filesize
2.2MB

MD5
03019c89d04755b7246b1ed8273e06f7

SHA1
6ee7d5515de22cea9e31bba36ace417ed3fd3110

SHA256
b422dab8a819059700adfcb8eb7d41d241b4db14b3a780a400d5a02ac923fca1

SHA512
04812c9b77867bfc4f5450699245217f9d52864868c6081d08861176b2444f6183350a665f26dd75f42f134a4c392d5feef82b7a0ed4529fced270ecc94a1cb2

Download Submit
C:\Windows\System\XbjLNpj.exe

Filesize
2.2MB

MD5
53d56899b776fd23699cbea88df8a07e

SHA1
2ee524124cc54192a4b3131a81cb490a7bc66174

SHA256
00fadaacd9777d905edb46469c74efa49abe84b2899fa33c4600026a9c6b29f4

SHA512
d4370193650a34ef9f321b1c962853e12f938123cf8fd3c9723f085f6cca700a3b9cbb1979fce4e4b746b98c99bce9fd4eeae8c3b659980c6c7c707f6915ba36

Download Submit
C:\Windows\System\YTFMCVy.exe

Filesize
2.2MB

MD5
873e33f447862e62d5697d603191494b

SHA1
e4fc8c43e5aabb1564787912eda9abd038d097cc

SHA256
bb4f98186400226caace4e5ff5c201b66d2a3e87ad405a6b0fc5aa8e1ec3d9ae

SHA512
a34b411bf940536cfa632358bed10fcfcabe230df91745d1af1e5b8a910925fa95a445f380b6f4c4ecd7ffca064dd9076396e8a5153a342b789b8f0cc9516ecd

Download Submit
C:\Windows\System\ZIBZjPs.exe

Filesize
2.2MB

MD5
387cefb0b216bba1dbb4d72dade525f0

SHA1
6aa433a05b35235e7b8fff2c559aa7ece62a7a1c

SHA256
e361e30ea598881b7f4c0e094458c4473b934fcf62fc3a784801af989d0e19e6

SHA512
f74da8614f864ee61868fc80649e9042bc842b03229946b1fc347868d79b71ef61ac2568585808fc5a1be141a0e747c9c9561331fc64b480741e11d81a1c52ad

Download Submit
C:\Windows\System\buXSFKl.exe

Filesize
2.2MB

MD5
9b8e276131dfda39678336958c82ab80

SHA1
dbd97e23483abce8dec11680730181f0cfee0fd7

SHA256
84a656975e3c0c3f44a99d3149ee27ce9f4b710ae99a75f15d7589ad1c641950

SHA512
c2fd7eaf5da89d24c021b78197de90d3f83ec7fe5a8156b7ae22cdc0267719c947379bb79618c61bc50b687ef8961942994fc94fd81d397f853cd65bfdfb7620

Download Submit
C:\Windows\System\duOOdzB.exe

Filesize
2.2MB

MD5
4547876971fd3ea230d3555e16c1cb0a

SHA1
84b8750e9f3eac4d3029c5db0daf3933256304a7

SHA256
9d3976fcc0ab2002b8396a1ee8b1cd4fb3cbb44d65e3ca32791bdbe707938bd6

SHA512
d62bdbb56e1bc263a754fd91578de2d1d5c2323aab2b8b4978463f3a647621f2490e87daa9ec443ca10a2b68c3345dd87dca4e1b1e456d670cbeaedc3d51becd

Download Submit
C:\Windows\System\jpkwxfU.exe

Filesize
2.2MB

MD5
95e1432a0e81b724d314e29e93d07841

SHA1
31356d676648477e668724d6b46500015fea0f79

SHA256
95cdb94dba332f5881dd87bd4d212e0fdddde17193e89655a9283e094ef0711d

SHA512
15eb429ccb2990e8265d748821f013b4356a36452ac6171947080b9f3e39e9e38d607e596f6411c233dd09b90dc1bee9063722cb52466313dda0915001836c66

Download Submit
C:\Windows\System\kZpJbFx.exe

Filesize
2.2MB

MD5
ac4319ec3c4f859fea66744cd986f8a9

SHA1
d184e18891d7a8d6dd80a0166ed5a8d830ca10df

SHA256
b99417b34a277314fd72d4b12c9aeeda5271e9aa8d3683c21ac959d39825ccc3

SHA512
1924b61ebeafb4ff9e5fc4ffccd0d3b32f0884d52170c0d0189c521b588a546be238d03b972d16c1c84338937de2e973b5f79fe3bc79ee388c77f87391eb48b2

Download Submit
C:\Windows\System\kukoXNB.exe

Filesize
2.2MB

MD5
12ec90ff3c3af48ca865a2a1c65e9429

SHA1
b8288617704e9b3f4cf22e6294875c29422ae983

SHA256
626b593243a19ee61a2ccdce9780d67c063d8c10ac5efa5ab2d742edc09c74ff

SHA512
8a86ade30240c8099e205f1f8f97edd990a2342eade9b279f207882687eecea2e4732b84542a81502d73f6d345b744c9d65367a44bcd01f343461fe77d91345b

Download Submit
C:\Windows\System\mEubpSN.exe

Filesize
2.2MB

MD5
1f5c63fe3e11b638d4fb84f2484c63a3

SHA1
8a677ac43d085c87987002cf4ba50a3a0b71cd76

SHA256
9f0534098e26e8aca2ef79b6c4b665ae893d0f1774a8ec2beb102d4146c5a18f

SHA512
5aa478bebd4bcdf080e1f9e0e1f379cd685f44463d70f9c044f774709063cbdba7ffbc83f9f55957c6f0a49d192190552789726f3dc8c24e4838c734a42446bd

Download Submit
C:\Windows\System\noGFqDB.exe

Filesize
2.2MB

MD5
17a6ef8999cd4839adafac7b26781869

SHA1
2ee66fcabd9df5f51c3ca70138e1c02dfe271cbc

SHA256
7dfa4ce0a345512c3c0d496b379a07ad754ba6ca08f25f93ce660a238c22e503

SHA512
e5d00584eac052c04b15181923f019324ea54cc88b2d6e1f70ea9f1d127fe7bc1b5607c04c6ac9d0e05e1152806168061c24f3069d45d9839a19df5eb220165f

Download Submit
C:\Windows\System\rFTldjr.exe

Filesize
2.2MB

MD5
6160d86dccd0e9adf553ae95c152bc5d

SHA1
8a263a209471467e32b98a2c960537857b2f5535

SHA256
0a429077d42b57c396361d11ce10ab989a5d887f7c51d201712f449f70685943

SHA512
b155158734cf940e872cd67b65ad20b8f44ce8d0feb867bb4af15e784db0666815274b5a88894a33b964598d8ae21d4fb091f29cdc25dc47a79a1473c467f82e

Download Submit
C:\Windows\System\wHiJKqM.exe

Filesize
2.2MB

MD5
0b68ac3eacd3a478c3434724bb145b48

SHA1
01cf959b5475c003a6ff4073da57b0c3f812955d

SHA256
593c96f93e84cb145b9639bcf546c355d36d923abb4a8f8bcbfe9bdaa73dc5f2

SHA512
2b8bfa183aa52cdbb109ec39dd24100cc99226b5fd11feb89c732e97451b50b229d25c102fd6f056d6610a54dadbfe560ced0ab8ed9065d917444f4aa9309be6

Download Submit
C:\Windows\System\zAHAlXq.exe

Filesize
2.2MB

MD5
f294a39398fd3eb33156c09f786b8970

SHA1
58d67b97c22a681551f9531e17d8041302318e68

SHA256
d68e0f8beef3b4f24ed9199e319f64fd33709e0300c653c406a35ce67a7c6d45

SHA512
38120d9494d4c75d97ab01b9d79094ba6e9dc0d77e8fa8238a5c29d0e4c3c98a988d5e7e97b47b0f5f572f2e10e32e27a5703b77e738dda20459a639b771603b

Download Submit
C:\Windows\System\zzFFtxY.exe

Filesize
2.2MB

MD5
f68ab230589b160fe682ebd4a3b607c2

SHA1
12693b20eafa0beca0088fb0bc5417ae78014cf5

SHA256
a5b953fef5bc924edb95fea3cd00100c969d33c8d7b9ee19811d5066c4b0d240

SHA512
7bbbcaf11222c7a4349654bedb3fcaa34f43e99947f1057f6fd4a144f571cbbc0d6548c21caa5e62e79006b13dad70681fc8087738b953eb957044e0cdc4f69a

Download Submit
memory/408-836-0x00007FF6D9100000-0x00007FF6D9454000-memory.dmp

Filesize
3.3MB

Download
memory/408-2164-0x00007FF6D9100000-0x00007FF6D9454000-memory.dmp

Filesize
3.3MB

Download
memory/448-2162-0x00007FF682330000-0x00007FF682684000-memory.dmp

Filesize
3.3MB

Download
memory/448-677-0x00007FF682330000-0x00007FF682684000-memory.dmp

Filesize
3.3MB

Download
memory/904-802-0x00007FF6CDEF0000-0x00007FF6CE244000-memory.dmp

Filesize
3.3MB

Download
memory/904-2187-0x00007FF6CDEF0000-0x00007FF6CE244000-memory.dmp

Filesize
3.3MB

Download
memory/1008-817-0x00007FF761C80000-0x00007FF761FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2184-0x00007FF761C80000-0x00007FF761FD4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-2174-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp

Filesize
3.3MB

Download
memory/1216-684-0x00007FF7CC7C0000-0x00007FF7CCB14000-memory.dmp

Filesize
3.3MB

Download
memory/1332-680-0x00007FF75D6A0000-0x00007FF75D9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2173-0x00007FF75D6A0000-0x00007FF75D9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-2183-0x00007FF66BCB0000-0x00007FF66C004000-memory.dmp

Filesize
3.3MB

Download
memory/1356-828-0x00007FF66BCB0000-0x00007FF66C004000-memory.dmp

Filesize
3.3MB

Download
memory/1432-745-0x00007FF6A1380000-0x00007FF6A16D4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-2180-0x00007FF6A1380000-0x00007FF6A16D4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2160-0x00007FF6A8A20000-0x00007FF6A8D74000-memory.dmp

Filesize
3.3MB

Download
memory/1612-22-0x00007FF6A8A20000-0x00007FF6A8D74000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2186-0x00007FF6E00D0000-0x00007FF6E0424000-memory.dmp

Filesize
3.3MB

Download
memory/1804-807-0x00007FF6E00D0000-0x00007FF6E0424000-memory.dmp

Filesize
3.3MB

Download
memory/1948-2168-0x00007FF686910000-0x00007FF686C64000-memory.dmp

Filesize
3.3MB

Download
memory/1948-678-0x00007FF686910000-0x00007FF686C64000-memory.dmp

Filesize
3.3MB

Download
memory/2148-2178-0x00007FF74AA00000-0x00007FF74AD54000-memory.dmp

Filesize
3.3MB

Download
memory/2148-776-0x00007FF74AA00000-0x00007FF74AD54000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2161-0x00007FF799B60000-0x00007FF799EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-11-0x00007FF799B60000-0x00007FF799EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-791-0x00007FF768250000-0x00007FF7685A4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2188-0x00007FF768250000-0x00007FF7685A4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2167-0x00007FF788B60000-0x00007FF788EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-679-0x00007FF788B60000-0x00007FF788EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2159-0x00007FF6A4050000-0x00007FF6A43A4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-0-0x00007FF6A4050000-0x00007FF6A43A4000-memory.dmp

Filesize
3.3MB

Download
memory/3248-1-0x00000189E0A00000-0x00000189E0A10000-memory.dmp

Filesize
64KB

Download
memory/3320-2170-0x00007FF6A69A0000-0x00007FF6A6CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-687-0x00007FF6A69A0000-0x00007FF6A6CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-681-0x00007FF7BE350000-0x00007FF7BE6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-2175-0x00007FF7BE350000-0x00007FF7BE6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3884-2163-0x00007FF765AE0000-0x00007FF765E34000-memory.dmp

Filesize
3.3MB

Download
memory/3884-831-0x00007FF765AE0000-0x00007FF765E34000-memory.dmp

Filesize
3.3MB

Download
memory/4048-787-0x00007FF65C090000-0x00007FF65C3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-2177-0x00007FF65C090000-0x00007FF65C3E4000-memory.dmp

Filesize
3.3MB

Download
memory/4060-686-0x00007FF6C45E0000-0x00007FF6C4934000-memory.dmp

Filesize
3.3MB

Download
memory/4060-2165-0x00007FF6C45E0000-0x00007FF6C4934000-memory.dmp

Filesize
3.3MB

Download
memory/4100-682-0x00007FF728D90000-0x00007FF7290E4000-memory.dmp

Filesize
3.3MB

Download
memory/4100-2176-0x00007FF728D90000-0x00007FF7290E4000-memory.dmp

Filesize
3.3MB

Download
memory/4120-822-0x00007FF69AEA0000-0x00007FF69B1F4000-memory.dmp

Filesize
3.3MB

Download
memory/4120-2182-0x00007FF69AEA0000-0x00007FF69B1F4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2166-0x00007FF6CEB00000-0x00007FF6CEE54000-memory.dmp

Filesize
3.3MB

Download
memory/4164-685-0x00007FF6CEB00000-0x00007FF6CEE54000-memory.dmp

Filesize
3.3MB

Download
memory/4372-2179-0x00007FF7CF6A0000-0x00007FF7CF9F4000-memory.dmp

Filesize
3.3MB

Download
memory/4372-758-0x00007FF7CF6A0000-0x00007FF7CF9F4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2169-0x00007FF6AEDF0000-0x00007FF6AF144000-memory.dmp

Filesize
3.3MB

Download
memory/4584-683-0x00007FF6AEDF0000-0x00007FF6AF144000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2185-0x00007FF6115E0000-0x00007FF611934000-memory.dmp

Filesize
3.3MB

Download
memory/4708-814-0x00007FF6115E0000-0x00007FF611934000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2172-0x00007FF73FCA0000-0x00007FF73FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/4724-715-0x00007FF73FCA0000-0x00007FF73FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/4828-2181-0x00007FF7C6910000-0x00007FF7C6C64000-memory.dmp

Filesize
3.3MB

Download
memory/4828-730-0x00007FF7C6910000-0x00007FF7C6C64000-memory.dmp

Filesize
3.3MB

Download
memory/5036-708-0x00007FF75DDA0000-0x00007FF75E0F4000-memory.dmp

Filesize
3.3MB

Download
memory/5036-2171-0x00007FF75DDA0000-0x00007FF75E0F4000-memory.dmp

Filesize
3.3MB

Download