xmrig | 69459e519a6720900f96c3f2c1c267a9b63d6fc16f2f6f8e093ac2f90ceee226

Analysis

max time kernel
103s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
Size

2.1MB
MD5

7ef06bb8176ee60439301d32933b76b0
SHA1

0ed062199b4745ff0df1339528e241c4d0f2ed0f
SHA256

69459e519a6720900f96c3f2c1c267a9b63d6fc16f2f6f8e093ac2f90ceee226
SHA512

ec95db73ecb875991cd0ab3d16b7fe7ed6fcdce4a77685323da27bb1b1e01b395bc8b2ac099f6844dbcfc4da77f07285bcbb0b31c37f1364eeb7d4eb2a880f99
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQwNU6ff91f2W:oemTLkNdfE0pZrQQ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/1020-0-0x00007FF776710000-0x00007FF776A64000-memory.dmp	xmrig
C:\Windows\System\LMDCEqY.exe	xmrig
C:\Windows\System\MkMhnys.exe	xmrig
behavioral2/memory/2452-10-0x00007FF76D820000-0x00007FF76DB74000-memory.dmp	xmrig
C:\Windows\System\CdsfFqX.exe	xmrig
C:\Windows\System\FJxWORe.exe	xmrig
C:\Windows\System\dIIYufQ.exe	xmrig
C:\Windows\System\NgVUnZV.exe	xmrig
C:\Windows\System\tMuoEEf.exe	xmrig
behavioral2/memory/392-42-0x00007FF764300000-0x00007FF764654000-memory.dmp	xmrig
behavioral2/memory/2496-34-0x00007FF600900000-0x00007FF600C54000-memory.dmp	xmrig
behavioral2/memory/552-33-0x00007FF7A02F0000-0x00007FF7A0644000-memory.dmp	xmrig
behavioral2/memory/1228-28-0x00007FF66FB90000-0x00007FF66FEE4000-memory.dmp	xmrig
behavioral2/memory/1912-26-0x00007FF6C39D0000-0x00007FF6C3D24000-memory.dmp	xmrig
behavioral2/memory/1804-22-0x00007FF6CE690000-0x00007FF6CE9E4000-memory.dmp	xmrig
C:\Windows\System\etpiPAN.exe	xmrig
C:\Windows\System\fYQepel.exe	xmrig
C:\Windows\System\hXrwgIl.exe	xmrig
C:\Windows\System\AuiVzhI.exe	xmrig
behavioral2/memory/1624-82-0x00007FF716CF0000-0x00007FF717044000-memory.dmp	xmrig
C:\Windows\System\azEhdSN.exe	xmrig
C:\Windows\System\ErfQeml.exe	xmrig
C:\Windows\System\ANDQsCT.exe	xmrig
behavioral2/memory/4668-149-0x00007FF7A6F00000-0x00007FF7A7254000-memory.dmp	xmrig
behavioral2/memory/2088-150-0x00007FF6528F0000-0x00007FF652C44000-memory.dmp	xmrig
behavioral2/memory/3192-152-0x00007FF619C80000-0x00007FF619FD4000-memory.dmp	xmrig
behavioral2/memory/2592-154-0x00007FF7A73D0000-0x00007FF7A7724000-memory.dmp	xmrig
behavioral2/memory/1672-156-0x00007FF7B6900000-0x00007FF7B6C54000-memory.dmp	xmrig
behavioral2/memory/3380-158-0x00007FF745230000-0x00007FF745584000-memory.dmp	xmrig
behavioral2/memory/3164-164-0x00007FF63BC60000-0x00007FF63BFB4000-memory.dmp	xmrig
C:\Windows\System\WpnRCJR.exe	xmrig
C:\Windows\System\tEnItOC.exe	xmrig
C:\Windows\System\YQFixWu.exe	xmrig
C:\Windows\System\vUWkFXZ.exe	xmrig
C:\Windows\System\AkoQMQV.exe	xmrig
C:\Windows\System\JEVhcYW.exe	xmrig
C:\Windows\System\nYyxtrP.exe	xmrig
C:\Windows\System\apbJQMY.exe	xmrig
C:\Windows\System\GSIhGzv.exe	xmrig
behavioral2/memory/2872-165-0x00007FF7F1230000-0x00007FF7F1584000-memory.dmp	xmrig
behavioral2/memory/1664-163-0x00007FF7A0630000-0x00007FF7A0984000-memory.dmp	xmrig
behavioral2/memory/1612-162-0x00007FF785980000-0x00007FF785CD4000-memory.dmp	xmrig
behavioral2/memory/4604-161-0x00007FF63EEE0000-0x00007FF63F234000-memory.dmp	xmrig
behavioral2/memory/668-160-0x00007FF7AE2F0000-0x00007FF7AE644000-memory.dmp	xmrig
behavioral2/memory/1088-159-0x00007FF790950000-0x00007FF790CA4000-memory.dmp	xmrig
behavioral2/memory/1328-157-0x00007FF64F150000-0x00007FF64F4A4000-memory.dmp	xmrig
behavioral2/memory/560-155-0x00007FF7A7500000-0x00007FF7A7854000-memory.dmp	xmrig
behavioral2/memory/2824-153-0x00007FF7F8810000-0x00007FF7F8B64000-memory.dmp	xmrig
behavioral2/memory/3928-151-0x00007FF6F36F0000-0x00007FF6F3A44000-memory.dmp	xmrig
C:\Windows\System\rDuEVuo.exe	xmrig
C:\Windows\System\zXmaYal.exe	xmrig
C:\Windows\System\ScoOZOY.exe	xmrig
C:\Windows\System\wjbZlkQ.exe	xmrig
C:\Windows\System\KnPCZnd.exe	xmrig
C:\Windows\System\apeWLwS.exe	xmrig
C:\Windows\System\atmrAYA.exe	xmrig
C:\Windows\System\EDBDlue.exe	xmrig
C:\Windows\System\dbnNDkN.exe	xmrig
behavioral2/memory/976-75-0x00007FF720ED0000-0x00007FF721224000-memory.dmp	xmrig
behavioral2/memory/740-68-0x00007FF64D460000-0x00007FF64D7B4000-memory.dmp	xmrig
behavioral2/memory/1724-65-0x00007FF7A02D0000-0x00007FF7A0624000-memory.dmp	xmrig
behavioral2/memory/3244-60-0x00007FF74D7C0000-0x00007FF74DB14000-memory.dmp	xmrig
C:\Windows\System\hyTVSVg.exe	xmrig
behavioral2/memory/2452-733-0x00007FF76D820000-0x00007FF76DB74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

LMDCEqY.exeFJxWORe.exeMkMhnys.exeCdsfFqX.exedIIYufQ.exeNgVUnZV.exetMuoEEf.exeetpiPAN.exehyTVSVg.exefYQepel.exehXrwgIl.exedbnNDkN.exeAuiVzhI.exeEDBDlue.exeatmrAYA.exeapeWLwS.exeKnPCZnd.exeazEhdSN.exewjbZlkQ.exeScoOZOY.exeErfQeml.exezXmaYal.exerDuEVuo.exeGSIhGzv.exeapbJQMY.exeJEVhcYW.exenYyxtrP.exeANDQsCT.exeAkoQMQV.exevUWkFXZ.exeWpnRCJR.exeYQFixWu.exetEnItOC.exeOYTErOR.exePzBjNZc.exezIjyHHs.exeOWwbUIo.exeaiHozmM.exeRzfIhXJ.exeUyKevWS.exeINdcBZJ.exeuVBeeve.exepmxWWRJ.exeYeuYChb.exeHxrvZuQ.exeIonUAem.exeJpqpFUn.exenrlWTUX.exezyvpTJh.exekkgwbxp.exeRkbURim.exeFcLllOo.exeDOqcnse.exeZMJWgSG.exeWBhQaLi.exewVbCCWM.exeOFxjkss.exeUypYfVl.exelfrrJaZ.exeDdOMNnU.exeTNsfjKG.exeecvlTJW.exeeHgrbWy.exeeMMADbi.exe

pid	process
2452	LMDCEqY.exe
1804	FJxWORe.exe
1912	MkMhnys.exe
1228	CdsfFqX.exe
552	dIIYufQ.exe
2496	NgVUnZV.exe
392	tMuoEEf.exe
3244	etpiPAN.exe
1724	hyTVSVg.exe
740	fYQepel.exe
1624	hXrwgIl.exe
976	dbnNDkN.exe
4668	AuiVzhI.exe
2872	EDBDlue.exe
2088	atmrAYA.exe
3928	apeWLwS.exe
3192	KnPCZnd.exe
2824	azEhdSN.exe
2592	wjbZlkQ.exe
560	ScoOZOY.exe
1672	ErfQeml.exe
1328	zXmaYal.exe
3380	rDuEVuo.exe
1088	GSIhGzv.exe
668	apbJQMY.exe
4604	JEVhcYW.exe
1612	nYyxtrP.exe
1664	ANDQsCT.exe
3164	AkoQMQV.exe
4652	vUWkFXZ.exe
4284	WpnRCJR.exe
3708	YQFixWu.exe
4416	tEnItOC.exe
2168	OYTErOR.exe
4776	PzBjNZc.exe
1608	zIjyHHs.exe
3956	OWwbUIo.exe
1016	aiHozmM.exe
2144	RzfIhXJ.exe
808	UyKevWS.exe
4516	INdcBZJ.exe
2784	uVBeeve.exe
4232	pmxWWRJ.exe
4712	YeuYChb.exe
4164	HxrvZuQ.exe
1308	IonUAem.exe
2500	JpqpFUn.exe
3084	nrlWTUX.exe
3132	zyvpTJh.exe
224	kkgwbxp.exe
3052	RkbURim.exe
4880	FcLllOo.exe
1840	DOqcnse.exe
2420	ZMJWgSG.exe
3392	WBhQaLi.exe
2132	wVbCCWM.exe
3976	OFxjkss.exe
5052	UypYfVl.exe
812	lfrrJaZ.exe
1956	DdOMNnU.exe
1204	TNsfjKG.exe
4260	ecvlTJW.exe
2932	eHgrbWy.exe
4960	eMMADbi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1020-0-0x00007FF776710000-0x00007FF776A64000-memory.dmp	upx
C:\Windows\System\LMDCEqY.exe	upx
C:\Windows\System\MkMhnys.exe	upx
behavioral2/memory/2452-10-0x00007FF76D820000-0x00007FF76DB74000-memory.dmp	upx
C:\Windows\System\CdsfFqX.exe	upx
C:\Windows\System\FJxWORe.exe	upx
C:\Windows\System\dIIYufQ.exe	upx
C:\Windows\System\NgVUnZV.exe	upx
C:\Windows\System\tMuoEEf.exe	upx
behavioral2/memory/392-42-0x00007FF764300000-0x00007FF764654000-memory.dmp	upx
behavioral2/memory/2496-34-0x00007FF600900000-0x00007FF600C54000-memory.dmp	upx
behavioral2/memory/552-33-0x00007FF7A02F0000-0x00007FF7A0644000-memory.dmp	upx
behavioral2/memory/1228-28-0x00007FF66FB90000-0x00007FF66FEE4000-memory.dmp	upx
behavioral2/memory/1912-26-0x00007FF6C39D0000-0x00007FF6C3D24000-memory.dmp	upx
behavioral2/memory/1804-22-0x00007FF6CE690000-0x00007FF6CE9E4000-memory.dmp	upx
C:\Windows\System\etpiPAN.exe	upx
C:\Windows\System\fYQepel.exe	upx
C:\Windows\System\hXrwgIl.exe	upx
C:\Windows\System\AuiVzhI.exe	upx
behavioral2/memory/1624-82-0x00007FF716CF0000-0x00007FF717044000-memory.dmp	upx
C:\Windows\System\azEhdSN.exe	upx
C:\Windows\System\ErfQeml.exe	upx
C:\Windows\System\ANDQsCT.exe	upx
behavioral2/memory/4668-149-0x00007FF7A6F00000-0x00007FF7A7254000-memory.dmp	upx
behavioral2/memory/2088-150-0x00007FF6528F0000-0x00007FF652C44000-memory.dmp	upx
behavioral2/memory/3192-152-0x00007FF619C80000-0x00007FF619FD4000-memory.dmp	upx
behavioral2/memory/2592-154-0x00007FF7A73D0000-0x00007FF7A7724000-memory.dmp	upx
behavioral2/memory/1672-156-0x00007FF7B6900000-0x00007FF7B6C54000-memory.dmp	upx
behavioral2/memory/3380-158-0x00007FF745230000-0x00007FF745584000-memory.dmp	upx
behavioral2/memory/3164-164-0x00007FF63BC60000-0x00007FF63BFB4000-memory.dmp	upx
C:\Windows\System\WpnRCJR.exe	upx
C:\Windows\System\tEnItOC.exe	upx
C:\Windows\System\YQFixWu.exe	upx
C:\Windows\System\vUWkFXZ.exe	upx
C:\Windows\System\AkoQMQV.exe	upx
C:\Windows\System\JEVhcYW.exe	upx
C:\Windows\System\nYyxtrP.exe	upx
C:\Windows\System\apbJQMY.exe	upx
C:\Windows\System\GSIhGzv.exe	upx
behavioral2/memory/2872-165-0x00007FF7F1230000-0x00007FF7F1584000-memory.dmp	upx
behavioral2/memory/1664-163-0x00007FF7A0630000-0x00007FF7A0984000-memory.dmp	upx
behavioral2/memory/1612-162-0x00007FF785980000-0x00007FF785CD4000-memory.dmp	upx
behavioral2/memory/4604-161-0x00007FF63EEE0000-0x00007FF63F234000-memory.dmp	upx
behavioral2/memory/668-160-0x00007FF7AE2F0000-0x00007FF7AE644000-memory.dmp	upx
behavioral2/memory/1088-159-0x00007FF790950000-0x00007FF790CA4000-memory.dmp	upx
behavioral2/memory/1328-157-0x00007FF64F150000-0x00007FF64F4A4000-memory.dmp	upx
behavioral2/memory/560-155-0x00007FF7A7500000-0x00007FF7A7854000-memory.dmp	upx
behavioral2/memory/2824-153-0x00007FF7F8810000-0x00007FF7F8B64000-memory.dmp	upx
behavioral2/memory/3928-151-0x00007FF6F36F0000-0x00007FF6F3A44000-memory.dmp	upx
C:\Windows\System\rDuEVuo.exe	upx
C:\Windows\System\zXmaYal.exe	upx
C:\Windows\System\ScoOZOY.exe	upx
C:\Windows\System\wjbZlkQ.exe	upx
C:\Windows\System\KnPCZnd.exe	upx
C:\Windows\System\apeWLwS.exe	upx
C:\Windows\System\atmrAYA.exe	upx
C:\Windows\System\EDBDlue.exe	upx
C:\Windows\System\dbnNDkN.exe	upx
behavioral2/memory/976-75-0x00007FF720ED0000-0x00007FF721224000-memory.dmp	upx
behavioral2/memory/740-68-0x00007FF64D460000-0x00007FF64D7B4000-memory.dmp	upx
behavioral2/memory/1724-65-0x00007FF7A02D0000-0x00007FF7A0624000-memory.dmp	upx
behavioral2/memory/3244-60-0x00007FF74D7C0000-0x00007FF74DB14000-memory.dmp	upx
C:\Windows\System\hyTVSVg.exe	upx
behavioral2/memory/2452-733-0x00007FF76D820000-0x00007FF76DB74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\VddzZIZ.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\POpwCMq.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\KKIelXM.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\dSNHDXz.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\ScoOZOY.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\WFjbSWg.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\QLeuXno.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\uGjsOTA.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\VfnxZZu.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\XlMfvDJ.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\xhvtkAj.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\wDiBGGn.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\hQDEPMh.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\XlXsoNl.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\vUWkFXZ.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\zeKyxST.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\SetOPVH.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\TeMZWHf.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\yzDHDeh.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\ESJFOZr.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\crCmBjH.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\azEhdSN.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\UBXbeyG.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\cFLcceG.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\yYJTENE.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\FcWmYje.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\FmGAslw.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\AOrMmCY.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\sjecjAU.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\ONtYDzI.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\meFdYIQ.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\ORlNNlb.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\AkoQMQV.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\DrVLMJz.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\BICpvjx.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\mLyQeys.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\Azmrnca.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\XohdHNI.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\QGjHFKa.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\epgpCIc.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\bgGABhT.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\MPbRdlb.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\uyqUriy.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\fykdoir.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\pUBeyER.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\EHoanix.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\SrqWCkN.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\lXwJVXu.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\nbJOjgn.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\OFxjkss.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\JFbBTUk.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\QoVrypU.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\LfPyImN.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\mysCXtg.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\JPMBAtz.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\FLCLnyk.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\iueNsVU.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\QvfBSzl.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\XakWkwX.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\uAwNcJb.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\TVrzgMd.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\uLLlLsv.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\hZSMPMZ.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
File created	C:\Windows\System\KHJErva.exe	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	4208	dwm.exe
Token: SeChangeNotifyPrivilege	4208	dwm.exe
Token: 33	4208	dwm.exe
Token: SeIncBasePriorityPrivilege	4208	dwm.exe
Token: SeShutdownPrivilege	4208	dwm.exe
Token: SeCreatePagefilePrivilege	4208	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe

description	pid	process	target process
PID 1020 wrote to memory of 2452	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	LMDCEqY.exe
PID 1020 wrote to memory of 2452	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	LMDCEqY.exe
PID 1020 wrote to memory of 1804	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	FJxWORe.exe
PID 1020 wrote to memory of 1804	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	FJxWORe.exe
PID 1020 wrote to memory of 1912	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	MkMhnys.exe
PID 1020 wrote to memory of 1912	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	MkMhnys.exe
PID 1020 wrote to memory of 1228	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	CdsfFqX.exe
PID 1020 wrote to memory of 1228	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	CdsfFqX.exe
PID 1020 wrote to memory of 552	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	dIIYufQ.exe
PID 1020 wrote to memory of 552	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	dIIYufQ.exe
PID 1020 wrote to memory of 2496	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	NgVUnZV.exe
PID 1020 wrote to memory of 2496	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	NgVUnZV.exe
PID 1020 wrote to memory of 392	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	tMuoEEf.exe
PID 1020 wrote to memory of 392	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	tMuoEEf.exe
PID 1020 wrote to memory of 3244	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	etpiPAN.exe
PID 1020 wrote to memory of 3244	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	etpiPAN.exe
PID 1020 wrote to memory of 1724	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	hyTVSVg.exe
PID 1020 wrote to memory of 1724	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	hyTVSVg.exe
PID 1020 wrote to memory of 740	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	fYQepel.exe
PID 1020 wrote to memory of 740	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	fYQepel.exe
PID 1020 wrote to memory of 1624	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	hXrwgIl.exe
PID 1020 wrote to memory of 1624	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	hXrwgIl.exe
PID 1020 wrote to memory of 976	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	dbnNDkN.exe
PID 1020 wrote to memory of 976	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	dbnNDkN.exe
PID 1020 wrote to memory of 4668	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	AuiVzhI.exe
PID 1020 wrote to memory of 4668	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	AuiVzhI.exe
PID 1020 wrote to memory of 2872	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	EDBDlue.exe
PID 1020 wrote to memory of 2872	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	EDBDlue.exe
PID 1020 wrote to memory of 2088	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	atmrAYA.exe
PID 1020 wrote to memory of 2088	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	atmrAYA.exe
PID 1020 wrote to memory of 3928	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	apeWLwS.exe
PID 1020 wrote to memory of 3928	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	apeWLwS.exe
PID 1020 wrote to memory of 3192	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	KnPCZnd.exe
PID 1020 wrote to memory of 3192	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	KnPCZnd.exe
PID 1020 wrote to memory of 2824	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	azEhdSN.exe
PID 1020 wrote to memory of 2824	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	azEhdSN.exe
PID 1020 wrote to memory of 2592	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	wjbZlkQ.exe
PID 1020 wrote to memory of 2592	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	wjbZlkQ.exe
PID 1020 wrote to memory of 560	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	ScoOZOY.exe
PID 1020 wrote to memory of 560	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	ScoOZOY.exe
PID 1020 wrote to memory of 1672	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	ErfQeml.exe
PID 1020 wrote to memory of 1672	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	ErfQeml.exe
PID 1020 wrote to memory of 1328	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	zXmaYal.exe
PID 1020 wrote to memory of 1328	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	zXmaYal.exe
PID 1020 wrote to memory of 3380	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	rDuEVuo.exe
PID 1020 wrote to memory of 3380	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	rDuEVuo.exe
PID 1020 wrote to memory of 1088	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	GSIhGzv.exe
PID 1020 wrote to memory of 1088	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	GSIhGzv.exe
PID 1020 wrote to memory of 668	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	apbJQMY.exe
PID 1020 wrote to memory of 668	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	apbJQMY.exe
PID 1020 wrote to memory of 4604	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	JEVhcYW.exe
PID 1020 wrote to memory of 4604	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	JEVhcYW.exe
PID 1020 wrote to memory of 1612	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	nYyxtrP.exe
PID 1020 wrote to memory of 1612	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	nYyxtrP.exe
PID 1020 wrote to memory of 1664	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	ANDQsCT.exe
PID 1020 wrote to memory of 1664	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	ANDQsCT.exe
PID 1020 wrote to memory of 3164	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	AkoQMQV.exe
PID 1020 wrote to memory of 3164	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	AkoQMQV.exe
PID 1020 wrote to memory of 4652	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	vUWkFXZ.exe
PID 1020 wrote to memory of 4652	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	vUWkFXZ.exe
PID 1020 wrote to memory of 4284	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	WpnRCJR.exe
PID 1020 wrote to memory of 4284	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	WpnRCJR.exe
PID 1020 wrote to memory of 3708	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	YQFixWu.exe
PID 1020 wrote to memory of 3708	1020	7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe	YQFixWu.exe

C:\Users\Admin\AppData\Local\Temp\7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7ef06bb8176ee60439301d32933b76b0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1020

C:\Windows\System\LMDCEqY.exe
C:\Windows\System\LMDCEqY.exe
2⤵
- Executes dropped EXE
PID:2452

C:\Windows\System\FJxWORe.exe
C:\Windows\System\FJxWORe.exe
2⤵
- Executes dropped EXE
PID:1804

C:\Windows\System\MkMhnys.exe
C:\Windows\System\MkMhnys.exe
2⤵
- Executes dropped EXE
PID:1912

C:\Windows\System\CdsfFqX.exe
C:\Windows\System\CdsfFqX.exe
2⤵
- Executes dropped EXE
PID:1228

C:\Windows\System\dIIYufQ.exe
C:\Windows\System\dIIYufQ.exe
2⤵
- Executes dropped EXE
PID:552

C:\Windows\System\NgVUnZV.exe
C:\Windows\System\NgVUnZV.exe
2⤵
- Executes dropped EXE
PID:2496

C:\Windows\System\tMuoEEf.exe
C:\Windows\System\tMuoEEf.exe
2⤵
- Executes dropped EXE
PID:392

C:\Windows\System\etpiPAN.exe
C:\Windows\System\etpiPAN.exe
2⤵
- Executes dropped EXE
PID:3244

C:\Windows\System\hyTVSVg.exe
C:\Windows\System\hyTVSVg.exe
2⤵
- Executes dropped EXE
PID:1724

C:\Windows\System\fYQepel.exe
C:\Windows\System\fYQepel.exe
2⤵
- Executes dropped EXE
PID:740

C:\Windows\System\hXrwgIl.exe
C:\Windows\System\hXrwgIl.exe
2⤵
- Executes dropped EXE
PID:1624

C:\Windows\System\dbnNDkN.exe
C:\Windows\System\dbnNDkN.exe
2⤵
- Executes dropped EXE
PID:976

C:\Windows\System\AuiVzhI.exe
C:\Windows\System\AuiVzhI.exe
2⤵
- Executes dropped EXE
PID:4668

C:\Windows\System\EDBDlue.exe
C:\Windows\System\EDBDlue.exe
2⤵
- Executes dropped EXE
PID:2872

C:\Windows\System\atmrAYA.exe
C:\Windows\System\atmrAYA.exe
2⤵
- Executes dropped EXE
PID:2088

C:\Windows\System\apeWLwS.exe
C:\Windows\System\apeWLwS.exe
2⤵
- Executes dropped EXE
PID:3928

C:\Windows\System\KnPCZnd.exe
C:\Windows\System\KnPCZnd.exe
2⤵
- Executes dropped EXE
PID:3192

C:\Windows\System\azEhdSN.exe
C:\Windows\System\azEhdSN.exe
2⤵
- Executes dropped EXE
PID:2824

C:\Windows\System\wjbZlkQ.exe
C:\Windows\System\wjbZlkQ.exe
2⤵
- Executes dropped EXE
PID:2592

C:\Windows\System\ScoOZOY.exe
C:\Windows\System\ScoOZOY.exe
2⤵
- Executes dropped EXE
PID:560

C:\Windows\System\ErfQeml.exe
C:\Windows\System\ErfQeml.exe
2⤵
- Executes dropped EXE
PID:1672

C:\Windows\System\zXmaYal.exe
C:\Windows\System\zXmaYal.exe
2⤵
- Executes dropped EXE
PID:1328

C:\Windows\System\rDuEVuo.exe
C:\Windows\System\rDuEVuo.exe
2⤵
- Executes dropped EXE
PID:3380

C:\Windows\System\GSIhGzv.exe
C:\Windows\System\GSIhGzv.exe
2⤵
- Executes dropped EXE
PID:1088

C:\Windows\System\apbJQMY.exe
C:\Windows\System\apbJQMY.exe
2⤵
- Executes dropped EXE
PID:668

C:\Windows\System\JEVhcYW.exe
C:\Windows\System\JEVhcYW.exe
2⤵
- Executes dropped EXE
PID:4604

C:\Windows\System\nYyxtrP.exe
C:\Windows\System\nYyxtrP.exe
2⤵
- Executes dropped EXE
PID:1612

C:\Windows\System\ANDQsCT.exe
C:\Windows\System\ANDQsCT.exe
2⤵
- Executes dropped EXE
PID:1664

C:\Windows\System\AkoQMQV.exe
C:\Windows\System\AkoQMQV.exe
2⤵
- Executes dropped EXE
PID:3164

C:\Windows\System\vUWkFXZ.exe
C:\Windows\System\vUWkFXZ.exe
2⤵
- Executes dropped EXE
PID:4652

C:\Windows\System\WpnRCJR.exe
C:\Windows\System\WpnRCJR.exe
2⤵
- Executes dropped EXE
PID:4284

C:\Windows\System\YQFixWu.exe
C:\Windows\System\YQFixWu.exe
2⤵
- Executes dropped EXE
PID:3708

C:\Windows\System\tEnItOC.exe
C:\Windows\System\tEnItOC.exe
2⤵
- Executes dropped EXE
PID:4416

C:\Windows\System\OYTErOR.exe
C:\Windows\System\OYTErOR.exe
2⤵
- Executes dropped EXE
PID:2168

C:\Windows\System\PzBjNZc.exe
C:\Windows\System\PzBjNZc.exe
2⤵
- Executes dropped EXE
PID:4776

C:\Windows\System\zIjyHHs.exe
C:\Windows\System\zIjyHHs.exe
2⤵
- Executes dropped EXE
PID:1608

C:\Windows\System\OWwbUIo.exe
C:\Windows\System\OWwbUIo.exe
2⤵
- Executes dropped EXE
PID:3956

C:\Windows\System\aiHozmM.exe
C:\Windows\System\aiHozmM.exe
2⤵
- Executes dropped EXE
PID:1016

C:\Windows\System\RzfIhXJ.exe
C:\Windows\System\RzfIhXJ.exe
2⤵
- Executes dropped EXE
PID:2144

C:\Windows\System\UyKevWS.exe
C:\Windows\System\UyKevWS.exe
2⤵
- Executes dropped EXE
PID:808

C:\Windows\System\INdcBZJ.exe
C:\Windows\System\INdcBZJ.exe
2⤵
- Executes dropped EXE
PID:4516

C:\Windows\System\uVBeeve.exe
C:\Windows\System\uVBeeve.exe
2⤵
- Executes dropped EXE
PID:2784

C:\Windows\System\pmxWWRJ.exe
C:\Windows\System\pmxWWRJ.exe
2⤵
- Executes dropped EXE
PID:4232

C:\Windows\System\YeuYChb.exe
C:\Windows\System\YeuYChb.exe
2⤵
- Executes dropped EXE
PID:4712

C:\Windows\System\HxrvZuQ.exe
C:\Windows\System\HxrvZuQ.exe
2⤵
- Executes dropped EXE
PID:4164

C:\Windows\System\IonUAem.exe
C:\Windows\System\IonUAem.exe
2⤵
- Executes dropped EXE
PID:1308

C:\Windows\System\JpqpFUn.exe
C:\Windows\System\JpqpFUn.exe
2⤵
- Executes dropped EXE
PID:2500

C:\Windows\System\nrlWTUX.exe
C:\Windows\System\nrlWTUX.exe
2⤵
- Executes dropped EXE
PID:3084

C:\Windows\System\zyvpTJh.exe
C:\Windows\System\zyvpTJh.exe
2⤵
- Executes dropped EXE
PID:3132

C:\Windows\System\kkgwbxp.exe
C:\Windows\System\kkgwbxp.exe
2⤵
- Executes dropped EXE
PID:224

C:\Windows\System\RkbURim.exe
C:\Windows\System\RkbURim.exe
2⤵
- Executes dropped EXE
PID:3052

C:\Windows\System\FcLllOo.exe
C:\Windows\System\FcLllOo.exe
2⤵
- Executes dropped EXE
PID:4880

C:\Windows\System\DOqcnse.exe
C:\Windows\System\DOqcnse.exe
2⤵
- Executes dropped EXE
PID:1840

C:\Windows\System\ZMJWgSG.exe
C:\Windows\System\ZMJWgSG.exe
2⤵
- Executes dropped EXE
PID:2420

C:\Windows\System\WBhQaLi.exe
C:\Windows\System\WBhQaLi.exe
2⤵
- Executes dropped EXE
PID:3392

C:\Windows\System\wVbCCWM.exe
C:\Windows\System\wVbCCWM.exe
2⤵
- Executes dropped EXE
PID:2132

C:\Windows\System\OFxjkss.exe
C:\Windows\System\OFxjkss.exe
2⤵
- Executes dropped EXE
PID:3976

C:\Windows\System\UypYfVl.exe
C:\Windows\System\UypYfVl.exe
2⤵
- Executes dropped EXE
PID:5052

C:\Windows\System\lfrrJaZ.exe
C:\Windows\System\lfrrJaZ.exe
2⤵
- Executes dropped EXE
PID:812

C:\Windows\System\DdOMNnU.exe
C:\Windows\System\DdOMNnU.exe
2⤵
- Executes dropped EXE
PID:1956

C:\Windows\System\TNsfjKG.exe
C:\Windows\System\TNsfjKG.exe
2⤵
- Executes dropped EXE
PID:1204

C:\Windows\System\ecvlTJW.exe
C:\Windows\System\ecvlTJW.exe
2⤵
- Executes dropped EXE
PID:4260

C:\Windows\System\eHgrbWy.exe
C:\Windows\System\eHgrbWy.exe
2⤵
- Executes dropped EXE
PID:2932

C:\Windows\System\eMMADbi.exe
C:\Windows\System\eMMADbi.exe
2⤵
- Executes dropped EXE
PID:4960

C:\Windows\System\oeUkRgl.exe
C:\Windows\System\oeUkRgl.exe
2⤵
PID:1504

C:\Windows\System\FcWmYje.exe
C:\Windows\System\FcWmYje.exe
2⤵
PID:2624

C:\Windows\System\IzXYjLL.exe
C:\Windows\System\IzXYjLL.exe
2⤵
PID:2096

C:\Windows\System\SuyVkWG.exe
C:\Windows\System\SuyVkWG.exe
2⤵
PID:3280

C:\Windows\System\gTMJBHh.exe
C:\Windows\System\gTMJBHh.exe
2⤵
PID:460

C:\Windows\System\xPrJVwE.exe
C:\Windows\System\xPrJVwE.exe
2⤵
PID:4408

C:\Windows\System\RLvePtH.exe
C:\Windows\System\RLvePtH.exe
2⤵
PID:1424

C:\Windows\System\areLnZW.exe
C:\Windows\System\areLnZW.exe
2⤵
PID:1776

C:\Windows\System\SrmFnON.exe
C:\Windows\System\SrmFnON.exe
2⤵
PID:2288

C:\Windows\System\AJNVURr.exe
C:\Windows\System\AJNVURr.exe
2⤵
PID:1420

C:\Windows\System\jcsquTP.exe
C:\Windows\System\jcsquTP.exe
2⤵
PID:4432

C:\Windows\System\rTkuvhG.exe
C:\Windows\System\rTkuvhG.exe
2⤵
PID:4184

C:\Windows\System\cpWJOXb.exe
C:\Windows\System\cpWJOXb.exe
2⤵
PID:1272

C:\Windows\System\Hdgubjw.exe
C:\Windows\System\Hdgubjw.exe
2⤵
PID:844

C:\Windows\System\JxWieWG.exe
C:\Windows\System\JxWieWG.exe
2⤵
PID:3372

C:\Windows\System\LXuXfog.exe
C:\Windows\System\LXuXfog.exe
2⤵
PID:2560

C:\Windows\System\JMOiJeB.exe
C:\Windows\System\JMOiJeB.exe
2⤵
PID:4884

C:\Windows\System\GkclPks.exe
C:\Windows\System\GkclPks.exe
2⤵
PID:676

C:\Windows\System\JFbBTUk.exe
C:\Windows\System\JFbBTUk.exe
2⤵
PID:4216

C:\Windows\System\MrVEtho.exe
C:\Windows\System\MrVEtho.exe
2⤵
PID:524

C:\Windows\System\yKkcnOn.exe
C:\Windows\System\yKkcnOn.exe
2⤵
PID:1920

C:\Windows\System\eWuMKEL.exe
C:\Windows\System\eWuMKEL.exe
2⤵
PID:3660

C:\Windows\System\zDWJSiL.exe
C:\Windows\System\zDWJSiL.exe
2⤵
PID:4472

C:\Windows\System\exAyVwn.exe
C:\Windows\System\exAyVwn.exe
2⤵
PID:444

C:\Windows\System\DbAIqDZ.exe
C:\Windows\System\DbAIqDZ.exe
2⤵
PID:2924

C:\Windows\System\aUOunFo.exe
C:\Windows\System\aUOunFo.exe
2⤵
PID:4932

C:\Windows\System\hIDcAPV.exe
C:\Windows\System\hIDcAPV.exe
2⤵
PID:2216

C:\Windows\System\WFjbSWg.exe
C:\Windows\System\WFjbSWg.exe
2⤵
PID:2652

C:\Windows\System\rVvLzCX.exe
C:\Windows\System\rVvLzCX.exe
2⤵
PID:2856

C:\Windows\System\SWtlLjn.exe
C:\Windows\System\SWtlLjn.exe
2⤵
PID:1676

C:\Windows\System\IEKGoIW.exe
C:\Windows\System\IEKGoIW.exe
2⤵
PID:3948

C:\Windows\System\DDnrgVD.exe
C:\Windows\System\DDnrgVD.exe
2⤵
PID:4080

C:\Windows\System\xOyfryu.exe
C:\Windows\System\xOyfryu.exe
2⤵
PID:4044

C:\Windows\System\fAUavDV.exe
C:\Windows\System\fAUavDV.exe
2⤵
PID:624

C:\Windows\System\fncrvMr.exe
C:\Windows\System\fncrvMr.exe
2⤵
PID:4868

C:\Windows\System\smDhWYe.exe
C:\Windows\System\smDhWYe.exe
2⤵
PID:636

C:\Windows\System\EPhtbdT.exe
C:\Windows\System\EPhtbdT.exe
2⤵
PID:5152

C:\Windows\System\FrMqqjG.exe
C:\Windows\System\FrMqqjG.exe
2⤵
PID:5168

C:\Windows\System\XhwlAXW.exe
C:\Windows\System\XhwlAXW.exe
2⤵
PID:5196

C:\Windows\System\FBeAARH.exe
C:\Windows\System\FBeAARH.exe
2⤵
PID:5224

C:\Windows\System\fhIYtBg.exe
C:\Windows\System\fhIYtBg.exe
2⤵
PID:5252

C:\Windows\System\BOXpBQL.exe
C:\Windows\System\BOXpBQL.exe
2⤵
PID:5280

C:\Windows\System\huvIoYW.exe
C:\Windows\System\huvIoYW.exe
2⤵
PID:5308

C:\Windows\System\UBXbeyG.exe
C:\Windows\System\UBXbeyG.exe
2⤵
PID:5336

C:\Windows\System\AOHJXKU.exe
C:\Windows\System\AOHJXKU.exe
2⤵
PID:5372

C:\Windows\System\tByNtmi.exe
C:\Windows\System\tByNtmi.exe
2⤵
PID:5396

C:\Windows\System\oSdZYrN.exe
C:\Windows\System\oSdZYrN.exe
2⤵
PID:5412

C:\Windows\System\KoaAXoQ.exe
C:\Windows\System\KoaAXoQ.exe
2⤵
PID:5432

C:\Windows\System\LXoBMCY.exe
C:\Windows\System\LXoBMCY.exe
2⤵
PID:5468

C:\Windows\System\wqTSvpk.exe
C:\Windows\System\wqTSvpk.exe
2⤵
PID:5496

C:\Windows\System\CADXhYu.exe
C:\Windows\System\CADXhYu.exe
2⤵
PID:5520

C:\Windows\System\rfnAKDH.exe
C:\Windows\System\rfnAKDH.exe
2⤵
PID:5552

C:\Windows\System\YpZwIsD.exe
C:\Windows\System\YpZwIsD.exe
2⤵
PID:5580

C:\Windows\System\LwHdDgX.exe
C:\Windows\System\LwHdDgX.exe
2⤵
PID:5608

C:\Windows\System\wjhENiX.exe
C:\Windows\System\wjhENiX.exe
2⤵
PID:5624

C:\Windows\System\FmGAslw.exe
C:\Windows\System\FmGAslw.exe
2⤵
PID:5648

C:\Windows\System\AxQlpfq.exe
C:\Windows\System\AxQlpfq.exe
2⤵
PID:5676

C:\Windows\System\MZIVibZ.exe
C:\Windows\System\MZIVibZ.exe
2⤵
PID:5708

C:\Windows\System\tqNNQzq.exe
C:\Windows\System\tqNNQzq.exe
2⤵
PID:5736

C:\Windows\System\zwauxTS.exe
C:\Windows\System\zwauxTS.exe
2⤵
PID:5784

C:\Windows\System\YMqdZKh.exe
C:\Windows\System\YMqdZKh.exe
2⤵
PID:5816

C:\Windows\System\bVKVMgd.exe
C:\Windows\System\bVKVMgd.exe
2⤵
PID:5844

C:\Windows\System\UItMWjz.exe
C:\Windows\System\UItMWjz.exe
2⤵
PID:5860

C:\Windows\System\QCbxeCB.exe
C:\Windows\System\QCbxeCB.exe
2⤵
PID:5900

C:\Windows\System\hZSMPMZ.exe
C:\Windows\System\hZSMPMZ.exe
2⤵
PID:5928

C:\Windows\System\zeKyxST.exe
C:\Windows\System\zeKyxST.exe
2⤵
PID:5956

C:\Windows\System\dQZWaZK.exe
C:\Windows\System\dQZWaZK.exe
2⤵
PID:5976

C:\Windows\System\jEoNosw.exe
C:\Windows\System\jEoNosw.exe
2⤵
PID:6004

C:\Windows\System\FcyCDti.exe
C:\Windows\System\FcyCDti.exe
2⤵
PID:6040

C:\Windows\System\IMKkOPG.exe
C:\Windows\System\IMKkOPG.exe
2⤵
PID:6068

C:\Windows\System\RAJrRZG.exe
C:\Windows\System\RAJrRZG.exe
2⤵
PID:6096

C:\Windows\System\FLCLnyk.exe
C:\Windows\System\FLCLnyk.exe
2⤵
PID:6116

C:\Windows\System\qZRgCVR.exe
C:\Windows\System\qZRgCVR.exe
2⤵
PID:5144

C:\Windows\System\KGllOKi.exe
C:\Windows\System\KGllOKi.exe
2⤵
PID:5164

C:\Windows\System\eEzIobW.exe
C:\Windows\System\eEzIobW.exe
2⤵
PID:5220

C:\Windows\System\mcmwGqq.exe
C:\Windows\System\mcmwGqq.exe
2⤵
PID:3696

C:\Windows\System\CYBgihL.exe
C:\Windows\System\CYBgihL.exe
2⤵
PID:3296

C:\Windows\System\RdPCWvV.exe
C:\Windows\System\RdPCWvV.exe
2⤵
PID:2644

C:\Windows\System\DnrSWHj.exe
C:\Windows\System\DnrSWHj.exe
2⤵
PID:5404

C:\Windows\System\pAllLdr.exe
C:\Windows\System\pAllLdr.exe
2⤵
PID:5408

C:\Windows\System\xzJzbtH.exe
C:\Windows\System\xzJzbtH.exe
2⤵
PID:5540

C:\Windows\System\jLDpMII.exe
C:\Windows\System\jLDpMII.exe
2⤵
PID:5604

C:\Windows\System\kiuNMVA.exe
C:\Windows\System\kiuNMVA.exe
2⤵
PID:5636

C:\Windows\System\xboUjnP.exe
C:\Windows\System\xboUjnP.exe
2⤵
PID:5696

C:\Windows\System\VxIFoHG.exe
C:\Windows\System\VxIFoHG.exe
2⤵
PID:5728

C:\Windows\System\sWLlxAT.exe
C:\Windows\System\sWLlxAT.exe
2⤵
PID:5804

C:\Windows\System\rXiIIoO.exe
C:\Windows\System\rXiIIoO.exe
2⤵
PID:5896

C:\Windows\System\HDeSBlA.exe
C:\Windows\System\HDeSBlA.exe
2⤵
PID:5944

C:\Windows\System\vpblJCo.exe
C:\Windows\System\vpblJCo.exe
2⤵
PID:6060

C:\Windows\System\QLeuXno.exe
C:\Windows\System\QLeuXno.exe
2⤵
PID:6108

C:\Windows\System\tKyzXYJ.exe
C:\Windows\System\tKyzXYJ.exe
2⤵
PID:5128

C:\Windows\System\EHUAMyr.exe
C:\Windows\System\EHUAMyr.exe
2⤵
PID:1636

C:\Windows\System\ppxjXUC.exe
C:\Windows\System\ppxjXUC.exe
2⤵
PID:5424

C:\Windows\System\tmDkHqH.exe
C:\Windows\System\tmDkHqH.exe
2⤵
PID:5600

C:\Windows\System\hNRkXPF.exe
C:\Windows\System\hNRkXPF.exe
2⤵
PID:5672

C:\Windows\System\TYwUCtQ.exe
C:\Windows\System\TYwUCtQ.exe
2⤵
PID:5876

C:\Windows\System\SyOQKgp.exe
C:\Windows\System\SyOQKgp.exe
2⤵
PID:6036

C:\Windows\System\qIncOwu.exe
C:\Windows\System\qIncOwu.exe
2⤵
PID:6132

C:\Windows\System\tGBQoFL.exe
C:\Windows\System\tGBQoFL.exe
2⤵
PID:5488

C:\Windows\System\YNXGcAg.exe
C:\Windows\System\YNXGcAg.exe
2⤵
PID:5940

C:\Windows\System\gsselAO.exe
C:\Windows\System\gsselAO.exe
2⤵
PID:6140

C:\Windows\System\hsZizLj.exe
C:\Windows\System\hsZizLj.exe
2⤵
PID:5852

C:\Windows\System\RICkwmS.exe
C:\Windows\System\RICkwmS.exe
2⤵
PID:6164

C:\Windows\System\QoVrypU.exe
C:\Windows\System\QoVrypU.exe
2⤵
PID:6184

C:\Windows\System\pKQRrgh.exe
C:\Windows\System\pKQRrgh.exe
2⤵
PID:6208

C:\Windows\System\eexpnBg.exe
C:\Windows\System\eexpnBg.exe
2⤵
PID:6248

C:\Windows\System\fVAOCUr.exe
C:\Windows\System\fVAOCUr.exe
2⤵
PID:6276

C:\Windows\System\AQxRLOf.exe
C:\Windows\System\AQxRLOf.exe
2⤵
PID:6292

C:\Windows\System\fWFbsjE.exe
C:\Windows\System\fWFbsjE.exe
2⤵
PID:6332

C:\Windows\System\lzehfqg.exe
C:\Windows\System\lzehfqg.exe
2⤵
PID:6360

C:\Windows\System\yYtHBBF.exe
C:\Windows\System\yYtHBBF.exe
2⤵
PID:6376

C:\Windows\System\XNLevWy.exe
C:\Windows\System\XNLevWy.exe
2⤵
PID:6408

C:\Windows\System\uyqUriy.exe
C:\Windows\System\uyqUriy.exe
2⤵
PID:6444

C:\Windows\System\GMRUWLQ.exe
C:\Windows\System\GMRUWLQ.exe
2⤵
PID:6460

C:\Windows\System\pHxtUTn.exe
C:\Windows\System\pHxtUTn.exe
2⤵
PID:6500

C:\Windows\System\ELYhYHR.exe
C:\Windows\System\ELYhYHR.exe
2⤵
PID:6528

C:\Windows\System\KGOlBCw.exe
C:\Windows\System\KGOlBCw.exe
2⤵
PID:6556

C:\Windows\System\JRiLIer.exe
C:\Windows\System\JRiLIer.exe
2⤵
PID:6572

C:\Windows\System\yXKZmEP.exe
C:\Windows\System\yXKZmEP.exe
2⤵
PID:6600

C:\Windows\System\UqjfVRl.exe
C:\Windows\System\UqjfVRl.exe
2⤵
PID:6620

C:\Windows\System\HTmRngr.exe
C:\Windows\System\HTmRngr.exe
2⤵
PID:6656

C:\Windows\System\qccmNZX.exe
C:\Windows\System\qccmNZX.exe
2⤵
PID:6684

C:\Windows\System\DUmoOFL.exe
C:\Windows\System\DUmoOFL.exe
2⤵
PID:6716

C:\Windows\System\PpPOnyi.exe
C:\Windows\System\PpPOnyi.exe
2⤵
PID:6756

C:\Windows\System\eqHCubQ.exe
C:\Windows\System\eqHCubQ.exe
2⤵
PID:6780

C:\Windows\System\PvBPvnj.exe
C:\Windows\System\PvBPvnj.exe
2⤵
PID:6796

C:\Windows\System\QFiUOHd.exe
C:\Windows\System\QFiUOHd.exe
2⤵
PID:6824

C:\Windows\System\ALRCYLY.exe
C:\Windows\System\ALRCYLY.exe
2⤵
PID:6856

C:\Windows\System\FtoaDIQ.exe
C:\Windows\System\FtoaDIQ.exe
2⤵
PID:6880

C:\Windows\System\TbBWKGs.exe
C:\Windows\System\TbBWKGs.exe
2⤵
PID:6920

C:\Windows\System\HpOxlJu.exe
C:\Windows\System\HpOxlJu.exe
2⤵
PID:6936

C:\Windows\System\zMjoyaV.exe
C:\Windows\System\zMjoyaV.exe
2⤵
PID:6968

C:\Windows\System\wxHoJsv.exe
C:\Windows\System\wxHoJsv.exe
2⤵
PID:6992

C:\Windows\System\nmlxXcW.exe
C:\Windows\System\nmlxXcW.exe
2⤵
PID:7016

C:\Windows\System\xhvtkAj.exe
C:\Windows\System\xhvtkAj.exe
2⤵
PID:7052

C:\Windows\System\ZHocSlm.exe
C:\Windows\System\ZHocSlm.exe
2⤵
PID:7092

C:\Windows\System\fRVxDkQ.exe
C:\Windows\System\fRVxDkQ.exe
2⤵
PID:7120

C:\Windows\System\itbBEYq.exe
C:\Windows\System\itbBEYq.exe
2⤵
PID:7148

C:\Windows\System\OWWpdUe.exe
C:\Windows\System\OWWpdUe.exe
2⤵
PID:6148

C:\Windows\System\zygFZac.exe
C:\Windows\System\zygFZac.exe
2⤵
PID:6224

C:\Windows\System\WOPQpkz.exe
C:\Windows\System\WOPQpkz.exe
2⤵
PID:6244

C:\Windows\System\MlMJwvp.exe
C:\Windows\System\MlMJwvp.exe
2⤵
PID:6324

C:\Windows\System\hqZJwOu.exe
C:\Windows\System\hqZJwOu.exe
2⤵
PID:6356

C:\Windows\System\JQbDOLL.exe
C:\Windows\System\JQbDOLL.exe
2⤵
PID:6480

C:\Windows\System\wSqjznQ.exe
C:\Windows\System\wSqjznQ.exe
2⤵
PID:6548

C:\Windows\System\KGQpRYM.exe
C:\Windows\System\KGQpRYM.exe
2⤵
PID:6588

C:\Windows\System\ArrWRfd.exe
C:\Windows\System\ArrWRfd.exe
2⤵
PID:6648

C:\Windows\System\GvnCOVw.exe
C:\Windows\System\GvnCOVw.exe
2⤵
PID:6704

C:\Windows\System\mKLdJZa.exe
C:\Windows\System\mKLdJZa.exe
2⤵
PID:6776

C:\Windows\System\KHJErva.exe
C:\Windows\System\KHJErva.exe
2⤵
PID:6808

C:\Windows\System\HRARvmX.exe
C:\Windows\System\HRARvmX.exe
2⤵
PID:6864

C:\Windows\System\TVrzgMd.exe
C:\Windows\System\TVrzgMd.exe
2⤵
PID:6916

C:\Windows\System\HJeUCLi.exe
C:\Windows\System\HJeUCLi.exe
2⤵
PID:6956

C:\Windows\System\xpsDVCT.exe
C:\Windows\System\xpsDVCT.exe
2⤵
PID:7116

C:\Windows\System\JoMptuM.exe
C:\Windows\System\JoMptuM.exe
2⤵
PID:6192

C:\Windows\System\VddzZIZ.exe
C:\Windows\System\VddzZIZ.exe
2⤵
PID:6392

C:\Windows\System\AltTuQC.exe
C:\Windows\System\AltTuQC.exe
2⤵
PID:6496

C:\Windows\System\zqnBtAL.exe
C:\Windows\System\zqnBtAL.exe
2⤵
PID:6608

C:\Windows\System\mchgcQT.exe
C:\Windows\System\mchgcQT.exe
2⤵
PID:7008

C:\Windows\System\mhjVkjG.exe
C:\Windows\System\mhjVkjG.exe
2⤵
PID:7032

C:\Windows\System\OmjQvCL.exe
C:\Windows\System\OmjQvCL.exe
2⤵
PID:7112

C:\Windows\System\KKIelXM.exe
C:\Windows\System\KKIelXM.exe
2⤵
PID:6440

C:\Windows\System\IIhsZwf.exe
C:\Windows\System\IIhsZwf.exe
2⤵
PID:6748

C:\Windows\System\YZxeKUI.exe
C:\Windows\System\YZxeKUI.exe
2⤵
PID:6836

C:\Windows\System\OcLcaPx.exe
C:\Windows\System\OcLcaPx.exe
2⤵
PID:7104

C:\Windows\System\wDiBGGn.exe
C:\Windows\System\wDiBGGn.exe
2⤵
PID:7200

C:\Windows\System\OkwOylh.exe
C:\Windows\System\OkwOylh.exe
2⤵
PID:7240

C:\Windows\System\dBvmGCj.exe
C:\Windows\System\dBvmGCj.exe
2⤵
PID:7268

C:\Windows\System\rUYJiGJ.exe
C:\Windows\System\rUYJiGJ.exe
2⤵
PID:7296

C:\Windows\System\RmZVgLa.exe
C:\Windows\System\RmZVgLa.exe
2⤵
PID:7316

C:\Windows\System\LXUnvCp.exe
C:\Windows\System\LXUnvCp.exe
2⤵
PID:7340

C:\Windows\System\vpwcWtK.exe
C:\Windows\System\vpwcWtK.exe
2⤵
PID:7356

C:\Windows\System\wOaRdJI.exe
C:\Windows\System\wOaRdJI.exe
2⤵
PID:7396

C:\Windows\System\RyDvklo.exe
C:\Windows\System\RyDvklo.exe
2⤵
PID:7416

C:\Windows\System\fkpHDuz.exe
C:\Windows\System\fkpHDuz.exe
2⤵
PID:7452

C:\Windows\System\OQyNCAU.exe
C:\Windows\System\OQyNCAU.exe
2⤵
PID:7480

C:\Windows\System\pepAHGm.exe
C:\Windows\System\pepAHGm.exe
2⤵
PID:7520

C:\Windows\System\yIGTZWB.exe
C:\Windows\System\yIGTZWB.exe
2⤵
PID:7548

C:\Windows\System\ONtYDzI.exe
C:\Windows\System\ONtYDzI.exe
2⤵
PID:7572

C:\Windows\System\wsNsIuS.exe
C:\Windows\System\wsNsIuS.exe
2⤵
PID:7592

C:\Windows\System\uPyyZti.exe
C:\Windows\System\uPyyZti.exe
2⤵
PID:7632

C:\Windows\System\vmmLKTB.exe
C:\Windows\System\vmmLKTB.exe
2⤵
PID:7660

C:\Windows\System\LfPyImN.exe
C:\Windows\System\LfPyImN.exe
2⤵
PID:7680

C:\Windows\System\ExoyFbv.exe
C:\Windows\System\ExoyFbv.exe
2⤵
PID:7708

C:\Windows\System\FpmrPJC.exe
C:\Windows\System\FpmrPJC.exe
2⤵
PID:7736

C:\Windows\System\VOkzYpt.exe
C:\Windows\System\VOkzYpt.exe
2⤵
PID:7768

C:\Windows\System\bNxLsnZ.exe
C:\Windows\System\bNxLsnZ.exe
2⤵
PID:7796

C:\Windows\System\POpwCMq.exe
C:\Windows\System\POpwCMq.exe
2⤵
PID:7820

C:\Windows\System\qPXoyCA.exe
C:\Windows\System\qPXoyCA.exe
2⤵
PID:7860

C:\Windows\System\DrVLMJz.exe
C:\Windows\System\DrVLMJz.exe
2⤵
PID:7876

C:\Windows\System\xUJpIyv.exe
C:\Windows\System\xUJpIyv.exe
2⤵
PID:7916

C:\Windows\System\FDOfqZd.exe
C:\Windows\System\FDOfqZd.exe
2⤵
PID:7944

C:\Windows\System\JCrCVMB.exe
C:\Windows\System\JCrCVMB.exe
2⤵
PID:7960

C:\Windows\System\UjKyPXi.exe
C:\Windows\System\UjKyPXi.exe
2⤵
PID:7976

C:\Windows\System\bAlTUWu.exe
C:\Windows\System\bAlTUWu.exe
2⤵
PID:8012

C:\Windows\System\KxDsdmU.exe
C:\Windows\System\KxDsdmU.exe
2⤵
PID:8056

C:\Windows\System\YEDGqVp.exe
C:\Windows\System\YEDGqVp.exe
2⤵
PID:8080

C:\Windows\System\WFlYHNh.exe
C:\Windows\System\WFlYHNh.exe
2⤵
PID:8108

C:\Windows\System\MElixGD.exe
C:\Windows\System\MElixGD.exe
2⤵
PID:8148

C:\Windows\System\meFdYIQ.exe
C:\Windows\System\meFdYIQ.exe
2⤵
PID:8180

C:\Windows\System\fuizZiV.exe
C:\Windows\System\fuizZiV.exe
2⤵
PID:6344

C:\Windows\System\fgspBHS.exe
C:\Windows\System\fgspBHS.exe
2⤵
PID:7192

C:\Windows\System\YMyvSWa.exe
C:\Windows\System\YMyvSWa.exe
2⤵
PID:7288

C:\Windows\System\FenTPBl.exe
C:\Windows\System\FenTPBl.exe
2⤵
PID:7324

C:\Windows\System\DaLgzdI.exe
C:\Windows\System\DaLgzdI.exe
2⤵
PID:7436

C:\Windows\System\SetOPVH.exe
C:\Windows\System\SetOPVH.exe
2⤵
PID:7472

C:\Windows\System\mysCXtg.exe
C:\Windows\System\mysCXtg.exe
2⤵
PID:7540

C:\Windows\System\GrYGBuE.exe
C:\Windows\System\GrYGBuE.exe
2⤵
PID:7584

C:\Windows\System\iHnxkMk.exe
C:\Windows\System\iHnxkMk.exe
2⤵
PID:7676

C:\Windows\System\nIzxmGa.exe
C:\Windows\System\nIzxmGa.exe
2⤵
PID:7732

C:\Windows\System\BGzKVST.exe
C:\Windows\System\BGzKVST.exe
2⤵
PID:7728

C:\Windows\System\fZXKzVo.exe
C:\Windows\System\fZXKzVo.exe
2⤵
PID:7848

C:\Windows\System\JKYqRFy.exe
C:\Windows\System\JKYqRFy.exe
2⤵
PID:7928

C:\Windows\System\sCHQmuM.exe
C:\Windows\System\sCHQmuM.exe
2⤵
PID:8036

C:\Windows\System\GwNUUvS.exe
C:\Windows\System\GwNUUvS.exe
2⤵
PID:8100

C:\Windows\System\omWsmwn.exe
C:\Windows\System\omWsmwn.exe
2⤵
PID:8172

C:\Windows\System\nuCilAv.exe
C:\Windows\System\nuCilAv.exe
2⤵
PID:7224

C:\Windows\System\PLZMQyQ.exe
C:\Windows\System\PLZMQyQ.exe
2⤵
PID:7304

C:\Windows\System\AcNIfZJ.exe
C:\Windows\System\AcNIfZJ.exe
2⤵
PID:7424

C:\Windows\System\HRPQDCp.exe
C:\Windows\System\HRPQDCp.exe
2⤵
PID:7616

C:\Windows\System\wLUPUBW.exe
C:\Windows\System\wLUPUBW.exe
2⤵
PID:7784

C:\Windows\System\NcLhwdc.exe
C:\Windows\System\NcLhwdc.exe
2⤵
PID:7840

C:\Windows\System\iXqPDZk.exe
C:\Windows\System\iXqPDZk.exe
2⤵
PID:8052

C:\Windows\System\BVKPuNF.exe
C:\Windows\System\BVKPuNF.exe
2⤵
PID:7248

C:\Windows\System\BMgBOOU.exe
C:\Windows\System\BMgBOOU.exe
2⤵
PID:7608

C:\Windows\System\IoJlEyK.exe
C:\Windows\System\IoJlEyK.exe
2⤵
PID:8168

C:\Windows\System\hdoFdXf.exe
C:\Windows\System\hdoFdXf.exe
2⤵
PID:8188

C:\Windows\System\TKbQHmG.exe
C:\Windows\System\TKbQHmG.exe
2⤵
PID:8196

C:\Windows\System\dorJYMe.exe
C:\Windows\System\dorJYMe.exe
2⤵
PID:8220

C:\Windows\System\iKZxWZp.exe
C:\Windows\System\iKZxWZp.exe
2⤵
PID:8260

C:\Windows\System\rlLxZTu.exe
C:\Windows\System\rlLxZTu.exe
2⤵
PID:8276

C:\Windows\System\cFzFfoG.exe
C:\Windows\System\cFzFfoG.exe
2⤵
PID:8296

C:\Windows\System\JrVjcDY.exe
C:\Windows\System\JrVjcDY.exe
2⤵
PID:8344

C:\Windows\System\NInFWPt.exe
C:\Windows\System\NInFWPt.exe
2⤵
PID:8372

C:\Windows\System\YVuFrUs.exe
C:\Windows\System\YVuFrUs.exe
2⤵
PID:8388

C:\Windows\System\zAPqKgY.exe
C:\Windows\System\zAPqKgY.exe
2⤵
PID:8416

C:\Windows\System\WUqjJQi.exe
C:\Windows\System\WUqjJQi.exe
2⤵
PID:8444

C:\Windows\System\tKYLNLw.exe
C:\Windows\System\tKYLNLw.exe
2⤵
PID:8484

C:\Windows\System\BICpvjx.exe
C:\Windows\System\BICpvjx.exe
2⤵
PID:8516

C:\Windows\System\CHgTYcT.exe
C:\Windows\System\CHgTYcT.exe
2⤵
PID:8536

C:\Windows\System\cDoTtQC.exe
C:\Windows\System\cDoTtQC.exe
2⤵
PID:8572

C:\Windows\System\vnJlcam.exe
C:\Windows\System\vnJlcam.exe
2⤵
PID:8600

C:\Windows\System\JmcqRJe.exe
C:\Windows\System\JmcqRJe.exe
2⤵
PID:8616

C:\Windows\System\BbbimcZ.exe
C:\Windows\System\BbbimcZ.exe
2⤵
PID:8656

C:\Windows\System\gfJuhtF.exe
C:\Windows\System\gfJuhtF.exe
2⤵
PID:8688

C:\Windows\System\hRzFKIG.exe
C:\Windows\System\hRzFKIG.exe
2⤵
PID:8712

C:\Windows\System\kQVgIiC.exe
C:\Windows\System\kQVgIiC.exe
2⤵
PID:8744

C:\Windows\System\eDiFGVZ.exe
C:\Windows\System\eDiFGVZ.exe
2⤵
PID:8760

C:\Windows\System\vcSIYBl.exe
C:\Windows\System\vcSIYBl.exe
2⤵
PID:8800

C:\Windows\System\mLyQeys.exe
C:\Windows\System\mLyQeys.exe
2⤵
PID:8828

C:\Windows\System\FVreJvM.exe
C:\Windows\System\FVreJvM.exe
2⤵
PID:8844

C:\Windows\System\SEYJvlP.exe
C:\Windows\System\SEYJvlP.exe
2⤵
PID:8884

C:\Windows\System\rvtObhE.exe
C:\Windows\System\rvtObhE.exe
2⤵
PID:8908

C:\Windows\System\PDFeuRi.exe
C:\Windows\System\PDFeuRi.exe
2⤵
PID:8940

C:\Windows\System\pcgFfQn.exe
C:\Windows\System\pcgFfQn.exe
2⤵
PID:8956

C:\Windows\System\bGaoQXa.exe
C:\Windows\System\bGaoQXa.exe
2⤵
PID:8996

C:\Windows\System\wgeUYOw.exe
C:\Windows\System\wgeUYOw.exe
2⤵
PID:9024

C:\Windows\System\jCSSLRN.exe
C:\Windows\System\jCSSLRN.exe
2⤵
PID:9052

C:\Windows\System\xTPuiDj.exe
C:\Windows\System\xTPuiDj.exe
2⤵
PID:9080

C:\Windows\System\qGDzPya.exe
C:\Windows\System\qGDzPya.exe
2⤵
PID:9108

C:\Windows\System\eDVHDuE.exe
C:\Windows\System\eDVHDuE.exe
2⤵
PID:9136

C:\Windows\System\AeOeIlT.exe
C:\Windows\System\AeOeIlT.exe
2⤵
PID:9164

C:\Windows\System\zzlQPzW.exe
C:\Windows\System\zzlQPzW.exe
2⤵
PID:9192

C:\Windows\System\ZIMyydv.exe
C:\Windows\System\ZIMyydv.exe
2⤵
PID:7988

C:\Windows\System\GbDgFjB.exe
C:\Windows\System\GbDgFjB.exe
2⤵
PID:8256

C:\Windows\System\TeMZWHf.exe
C:\Windows\System\TeMZWHf.exe
2⤵
PID:8316

C:\Windows\System\whaVOpT.exe
C:\Windows\System\whaVOpT.exe
2⤵
PID:8384

C:\Windows\System\uGjsOTA.exe
C:\Windows\System\uGjsOTA.exe
2⤵
PID:8412

C:\Windows\System\aGWYCaV.exe
C:\Windows\System\aGWYCaV.exe
2⤵
PID:8500

C:\Windows\System\nZmVzzE.exe
C:\Windows\System\nZmVzzE.exe
2⤵
PID:8584

C:\Windows\System\bbHOEbh.exe
C:\Windows\System\bbHOEbh.exe
2⤵
PID:8652

C:\Windows\System\RVnsPCN.exe
C:\Windows\System\RVnsPCN.exe
2⤵
PID:8696

C:\Windows\System\NUUMLIf.exe
C:\Windows\System\NUUMLIf.exe
2⤵
PID:8752

C:\Windows\System\ZhSOCgr.exe
C:\Windows\System\ZhSOCgr.exe
2⤵
PID:8840

C:\Windows\System\ZpynZGd.exe
C:\Windows\System\ZpynZGd.exe
2⤵
PID:8876

C:\Windows\System\fUTUyVC.exe
C:\Windows\System\fUTUyVC.exe
2⤵
PID:8924

C:\Windows\System\xiErdpr.exe
C:\Windows\System\xiErdpr.exe
2⤵
PID:9020

C:\Windows\System\BNeLmQc.exe
C:\Windows\System\BNeLmQc.exe
2⤵
PID:9076

C:\Windows\System\NEkNbrw.exe
C:\Windows\System\NEkNbrw.exe
2⤵
PID:9148

C:\Windows\System\idwFsRx.exe
C:\Windows\System\idwFsRx.exe
2⤵
PID:9212

C:\Windows\System\PgCJBHX.exe
C:\Windows\System\PgCJBHX.exe
2⤵
PID:8364

C:\Windows\System\SokdiEF.exe
C:\Windows\System\SokdiEF.exe
2⤵
PID:8496

C:\Windows\System\gQMvsGS.exe
C:\Windows\System\gQMvsGS.exe
2⤵
PID:8648

C:\Windows\System\QuOnazA.exe
C:\Windows\System\QuOnazA.exe
2⤵
PID:8872

C:\Windows\System\LBxjCrG.exe
C:\Windows\System\LBxjCrG.exe
2⤵
PID:8952

C:\Windows\System\mLASZWt.exe
C:\Windows\System\mLASZWt.exe
2⤵
PID:9104

C:\Windows\System\yjXIPQf.exe
C:\Windows\System\yjXIPQf.exe
2⤵
PID:8284

C:\Windows\System\LkGwbAw.exe
C:\Windows\System\LkGwbAw.exe
2⤵
PID:8400

C:\Windows\System\gntkyWr.exe
C:\Windows\System\gntkyWr.exe
2⤵
PID:8672

C:\Windows\System\sxAvqrN.exe
C:\Windows\System\sxAvqrN.exe
2⤵
PID:8972

C:\Windows\System\EKVGZPl.exe
C:\Windows\System\EKVGZPl.exe
2⤵
PID:8512

C:\Windows\System\WBJHdDD.exe
C:\Windows\System\WBJHdDD.exe
2⤵
PID:8304

C:\Windows\System\JizLBSL.exe
C:\Windows\System\JizLBSL.exe
2⤵
PID:9228

C:\Windows\System\cbUnsqi.exe
C:\Windows\System\cbUnsqi.exe
2⤵
PID:9284

C:\Windows\System\Azmrnca.exe
C:\Windows\System\Azmrnca.exe
2⤵
PID:9304

C:\Windows\System\kFqYLfB.exe
C:\Windows\System\kFqYLfB.exe
2⤵
PID:9332

C:\Windows\System\qjjjyAJ.exe
C:\Windows\System\qjjjyAJ.exe
2⤵
PID:9372

C:\Windows\System\rJYhHIE.exe
C:\Windows\System\rJYhHIE.exe
2⤵
PID:9412

C:\Windows\System\etLDjIT.exe
C:\Windows\System\etLDjIT.exe
2⤵
PID:9440

C:\Windows\System\tvbqwpd.exe
C:\Windows\System\tvbqwpd.exe
2⤵
PID:9468

C:\Windows\System\BJUZhgn.exe
C:\Windows\System\BJUZhgn.exe
2⤵
PID:9496

C:\Windows\System\pnqtpsm.exe
C:\Windows\System\pnqtpsm.exe
2⤵
PID:9528

C:\Windows\System\mSTNluZ.exe
C:\Windows\System\mSTNluZ.exe
2⤵
PID:9552

C:\Windows\System\YpotPci.exe
C:\Windows\System\YpotPci.exe
2⤵
PID:9580

C:\Windows\System\aZQQVKT.exe
C:\Windows\System\aZQQVKT.exe
2⤵
PID:9596

C:\Windows\System\aKyLqvk.exe
C:\Windows\System\aKyLqvk.exe
2⤵
PID:9648

C:\Windows\System\tSiZDQk.exe
C:\Windows\System\tSiZDQk.exe
2⤵
PID:9664

C:\Windows\System\RiyhuZL.exe
C:\Windows\System\RiyhuZL.exe
2⤵
PID:9692

C:\Windows\System\DmOHlSI.exe
C:\Windows\System\DmOHlSI.exe
2⤵
PID:9732

C:\Windows\System\OucZbbW.exe
C:\Windows\System\OucZbbW.exe
2⤵
PID:9760

C:\Windows\System\xrwQquW.exe
C:\Windows\System\xrwQquW.exe
2⤵
PID:9776

C:\Windows\System\pYkAehz.exe
C:\Windows\System\pYkAehz.exe
2⤵
PID:9808

C:\Windows\System\oxzGXVl.exe
C:\Windows\System\oxzGXVl.exe
2⤵
PID:9844

C:\Windows\System\EQPBccr.exe
C:\Windows\System\EQPBccr.exe
2⤵
PID:9860

C:\Windows\System\UlvRmwX.exe
C:\Windows\System\UlvRmwX.exe
2⤵
PID:9888

C:\Windows\System\wEDbZGU.exe
C:\Windows\System\wEDbZGU.exe
2⤵
PID:9928

C:\Windows\System\SGFNvSJ.exe
C:\Windows\System\SGFNvSJ.exe
2⤵
PID:9956

C:\Windows\System\GQGOmRY.exe
C:\Windows\System\GQGOmRY.exe
2⤵
PID:9984

C:\Windows\System\NdbvdqV.exe
C:\Windows\System\NdbvdqV.exe
2⤵
PID:10000

C:\Windows\System\kdMWxXf.exe
C:\Windows\System\kdMWxXf.exe
2⤵
PID:10040

C:\Windows\System\zoipZPb.exe
C:\Windows\System\zoipZPb.exe
2⤵
PID:10068

C:\Windows\System\nlwrEBE.exe
C:\Windows\System\nlwrEBE.exe
2⤵
PID:10096

C:\Windows\System\Bdwpgat.exe
C:\Windows\System\Bdwpgat.exe
2⤵
PID:10124

C:\Windows\System\gFswtxL.exe
C:\Windows\System\gFswtxL.exe
2⤵
PID:10152

C:\Windows\System\GVOpQAf.exe
C:\Windows\System\GVOpQAf.exe
2⤵
PID:10168

C:\Windows\System\uLLlLsv.exe
C:\Windows\System\uLLlLsv.exe
2⤵
PID:10208

C:\Windows\System\icIdHgT.exe
C:\Windows\System\icIdHgT.exe
2⤵
PID:10224

C:\Windows\System\WtXzkvL.exe
C:\Windows\System\WtXzkvL.exe
2⤵
PID:9252

C:\Windows\System\dSNHDXz.exe
C:\Windows\System\dSNHDXz.exe
2⤵
PID:9264

C:\Windows\System\zrjBjFQ.exe
C:\Windows\System\zrjBjFQ.exe
2⤵
PID:9292

C:\Windows\System\CBkDOWg.exe
C:\Windows\System\CBkDOWg.exe
2⤵
PID:9404

C:\Windows\System\OcTjPce.exe
C:\Windows\System\OcTjPce.exe
2⤵
PID:9520

C:\Windows\System\npTFkZs.exe
C:\Windows\System\npTFkZs.exe
2⤵
PID:9544

C:\Windows\System\ttgCKAj.exe
C:\Windows\System\ttgCKAj.exe
2⤵
PID:9576

C:\Windows\System\cNLbukY.exe
C:\Windows\System\cNLbukY.exe
2⤵
PID:9656

C:\Windows\System\iaszGTy.exe
C:\Windows\System\iaszGTy.exe
2⤵
PID:9772

C:\Windows\System\HnWTzTg.exe
C:\Windows\System\HnWTzTg.exe
2⤵
PID:9852

C:\Windows\System\sxnmqEC.exe
C:\Windows\System\sxnmqEC.exe
2⤵
PID:9876

C:\Windows\System\qGTcBLA.exe
C:\Windows\System\qGTcBLA.exe
2⤵
PID:9952

C:\Windows\System\vZkoeEf.exe
C:\Windows\System\vZkoeEf.exe
2⤵
PID:10024

C:\Windows\System\ngHYBbE.exe
C:\Windows\System\ngHYBbE.exe
2⤵
PID:10080

C:\Windows\System\iCdUQBD.exe
C:\Windows\System\iCdUQBD.exe
2⤵
PID:10120

C:\Windows\System\PZHkviZ.exe
C:\Windows\System\PZHkviZ.exe
2⤵
PID:10164

C:\Windows\System\aUFPOnU.exe
C:\Windows\System\aUFPOnU.exe
2⤵
PID:10236

C:\Windows\System\yzDHDeh.exe
C:\Windows\System\yzDHDeh.exe
2⤵
PID:9296

C:\Windows\System\wkmbvOW.exe
C:\Windows\System\wkmbvOW.exe
2⤵
PID:9480

C:\Windows\System\ObOzpnA.exe
C:\Windows\System\ObOzpnA.exe
2⤵
PID:9592

C:\Windows\System\UQhJfby.exe
C:\Windows\System\UQhJfby.exe
2⤵
PID:9796

C:\Windows\System\veBLcyY.exe
C:\Windows\System\veBLcyY.exe
2⤵
PID:9368

C:\Windows\System\kPxuohQ.exe
C:\Windows\System\kPxuohQ.exe
2⤵
PID:10060

C:\Windows\System\CdpbVjV.exe
C:\Windows\System\CdpbVjV.exe
2⤵
PID:2176

C:\Windows\System\iueNsVU.exe
C:\Windows\System\iueNsVU.exe
2⤵
PID:9248

C:\Windows\System\PXAyExM.exe
C:\Windows\System\PXAyExM.exe
2⤵
PID:9548

C:\Windows\System\JFCaABk.exe
C:\Windows\System\JFCaABk.exe
2⤵
PID:9880

C:\Windows\System\IhhfxZL.exe
C:\Windows\System\IhhfxZL.exe
2⤵
PID:10160

C:\Windows\System\FcUdMkz.exe
C:\Windows\System\FcUdMkz.exe
2⤵
PID:928

C:\Windows\System\gPVhZFh.exe
C:\Windows\System\gPVhZFh.exe
2⤵
PID:10248

C:\Windows\System\GVDIsrS.exe
C:\Windows\System\GVDIsrS.exe
2⤵
PID:10272

C:\Windows\System\QXHvFIE.exe
C:\Windows\System\QXHvFIE.exe
2⤵
PID:10304

C:\Windows\System\hQDEPMh.exe
C:\Windows\System\hQDEPMh.exe
2⤵
PID:10324

C:\Windows\System\zxhVvHI.exe
C:\Windows\System\zxhVvHI.exe
2⤵
PID:10348

C:\Windows\System\nKgODqk.exe
C:\Windows\System\nKgODqk.exe
2⤵
PID:10384

C:\Windows\System\fJmCfFn.exe
C:\Windows\System\fJmCfFn.exe
2⤵
PID:10424

C:\Windows\System\MvzATGg.exe
C:\Windows\System\MvzATGg.exe
2⤵
PID:10440

C:\Windows\System\zqQzleO.exe
C:\Windows\System\zqQzleO.exe
2⤵
PID:10480

C:\Windows\System\ESJFOZr.exe
C:\Windows\System\ESJFOZr.exe
2⤵
PID:10504

C:\Windows\System\mtZngdf.exe
C:\Windows\System\mtZngdf.exe
2⤵
PID:10524

C:\Windows\System\cFLcceG.exe
C:\Windows\System\cFLcceG.exe
2⤵
PID:10552

C:\Windows\System\vZEXuTg.exe
C:\Windows\System\vZEXuTg.exe
2⤵
PID:10580

C:\Windows\System\vcjWHST.exe
C:\Windows\System\vcjWHST.exe
2⤵
PID:10616

C:\Windows\System\TWnsYHj.exe
C:\Windows\System\TWnsYHj.exe
2⤵
PID:10636

C:\Windows\System\UzmaLRg.exe
C:\Windows\System\UzmaLRg.exe
2⤵
PID:10656

C:\Windows\System\vsSoFUg.exe
C:\Windows\System\vsSoFUg.exe
2⤵
PID:10680

C:\Windows\System\vfmbSNI.exe
C:\Windows\System\vfmbSNI.exe
2⤵
PID:10720

C:\Windows\System\pLIyVVo.exe
C:\Windows\System\pLIyVVo.exe
2⤵
PID:10748

C:\Windows\System\mpMUVRn.exe
C:\Windows\System\mpMUVRn.exe
2⤵
PID:10780

C:\Windows\System\RHYbEvp.exe
C:\Windows\System\RHYbEvp.exe
2⤵
PID:10804

C:\Windows\System\crCmBjH.exe
C:\Windows\System\crCmBjH.exe
2⤵
PID:10828

C:\Windows\System\MvHMDbf.exe
C:\Windows\System\MvHMDbf.exe
2⤵
PID:10860

C:\Windows\System\bgGABhT.exe
C:\Windows\System\bgGABhT.exe
2⤵
PID:10896

C:\Windows\System\zkhvGXX.exe
C:\Windows\System\zkhvGXX.exe
2⤵
PID:10924

C:\Windows\System\dPoZQcM.exe
C:\Windows\System\dPoZQcM.exe
2⤵
PID:10944

C:\Windows\System\VDznDia.exe
C:\Windows\System\VDznDia.exe
2⤵
PID:10984

C:\Windows\System\qfEbSpd.exe
C:\Windows\System\qfEbSpd.exe
2⤵
PID:11012

C:\Windows\System\KxnvMkA.exe
C:\Windows\System\KxnvMkA.exe
2⤵
PID:11028

C:\Windows\System\FWxXbpX.exe
C:\Windows\System\FWxXbpX.exe
2⤵
PID:11068

C:\Windows\System\iefkpCn.exe
C:\Windows\System\iefkpCn.exe
2⤵
PID:11096

C:\Windows\System\vRCjynm.exe
C:\Windows\System\vRCjynm.exe
2⤵
PID:11124

C:\Windows\System\rmxzEkf.exe
C:\Windows\System\rmxzEkf.exe
2⤵
PID:11152

C:\Windows\System\gChHHmu.exe
C:\Windows\System\gChHHmu.exe
2⤵
PID:11180

C:\Windows\System\ImBQVDD.exe
C:\Windows\System\ImBQVDD.exe
2⤵
PID:11208

C:\Windows\System\NJrlyWI.exe
C:\Windows\System\NJrlyWI.exe
2⤵
PID:11236

C:\Windows\System\AOrMmCY.exe
C:\Windows\System\AOrMmCY.exe
2⤵
PID:9996

C:\Windows\System\SDUqfjq.exe
C:\Windows\System\SDUqfjq.exe
2⤵
PID:10288

C:\Windows\System\NRxeCDe.exe
C:\Windows\System\NRxeCDe.exe
2⤵
PID:10340

C:\Windows\System\uzQgtMD.exe
C:\Windows\System\uzQgtMD.exe
2⤵
PID:10400

C:\Windows\System\VfnxZZu.exe
C:\Windows\System\VfnxZZu.exe
2⤵
PID:10472

C:\Windows\System\difheXx.exe
C:\Windows\System\difheXx.exe
2⤵
PID:10544

C:\Windows\System\gpXuqgm.exe
C:\Windows\System\gpXuqgm.exe
2⤵
PID:10612

C:\Windows\System\MDFhDSl.exe
C:\Windows\System\MDFhDSl.exe
2⤵
PID:10664

C:\Windows\System\IHlXRVz.exe
C:\Windows\System\IHlXRVz.exe
2⤵
PID:10740

C:\Windows\System\mRWzypJ.exe
C:\Windows\System\mRWzypJ.exe
2⤵
PID:10792

C:\Windows\System\MPbRdlb.exe
C:\Windows\System\MPbRdlb.exe
2⤵
PID:10852

C:\Windows\System\aeWfQev.exe
C:\Windows\System\aeWfQev.exe
2⤵
PID:10932

C:\Windows\System\fykdoir.exe
C:\Windows\System\fykdoir.exe
2⤵
PID:10996

C:\Windows\System\roNUMBJ.exe
C:\Windows\System\roNUMBJ.exe
2⤵
PID:11060

C:\Windows\System\tnKOKVF.exe
C:\Windows\System\tnKOKVF.exe
2⤵
PID:11120

C:\Windows\System\MWwMEXc.exe
C:\Windows\System\MWwMEXc.exe
2⤵
PID:11196

C:\Windows\System\pUBeyER.exe
C:\Windows\System\pUBeyER.exe
2⤵
PID:11256

C:\Windows\System\iSjAJmd.exe
C:\Windows\System\iSjAJmd.exe
2⤵
PID:10316

C:\Windows\System\OleOZKa.exe
C:\Windows\System\OleOZKa.exe
2⤵
PID:10512

C:\Windows\System\EfBAimb.exe
C:\Windows\System\EfBAimb.exe
2⤵
PID:10648

C:\Windows\System\kWAIumG.exe
C:\Windows\System\kWAIumG.exe
2⤵
PID:10800

C:\Windows\System\AkPsYwV.exe
C:\Windows\System\AkPsYwV.exe
2⤵
PID:10956

C:\Windows\System\pcHYMlR.exe
C:\Windows\System\pcHYMlR.exe
2⤵
PID:11088

C:\Windows\System\TnsLNbM.exe
C:\Windows\System\TnsLNbM.exe
2⤵
PID:11220

C:\Windows\System\igTmLXx.exe
C:\Windows\System\igTmLXx.exe
2⤵
PID:4628

C:\Windows\System\IEKEFot.exe
C:\Windows\System\IEKEFot.exe
2⤵
PID:10572

C:\Windows\System\aEHcwLe.exe
C:\Windows\System\aEHcwLe.exe
2⤵
PID:10824

C:\Windows\System\LxMhKQK.exe
C:\Windows\System\LxMhKQK.exe
2⤵
PID:11268

C:\Windows\System\YsGzxdz.exe
C:\Windows\System\YsGzxdz.exe
2⤵
PID:11336

C:\Windows\System\gscbJzM.exe
C:\Windows\System\gscbJzM.exe
2⤵
PID:11360

C:\Windows\System\QvfBSzl.exe
C:\Windows\System\QvfBSzl.exe
2⤵
PID:11380

C:\Windows\System\QijHOpm.exe
C:\Windows\System\QijHOpm.exe
2⤵
PID:11420

C:\Windows\System\Ynglgmv.exe
C:\Windows\System\Ynglgmv.exe
2⤵
PID:11448

C:\Windows\System\IGOSvxw.exe
C:\Windows\System\IGOSvxw.exe
2⤵
PID:11472

C:\Windows\System\EkQcjjv.exe
C:\Windows\System\EkQcjjv.exe
2⤵
PID:11492

C:\Windows\System\SlMYdOX.exe
C:\Windows\System\SlMYdOX.exe
2⤵
PID:11532

C:\Windows\System\hqEyUUR.exe
C:\Windows\System\hqEyUUR.exe
2⤵
PID:11548

C:\Windows\System\mNEbVMm.exe
C:\Windows\System\mNEbVMm.exe
2⤵
PID:11580

C:\Windows\System\WFUEJzM.exe
C:\Windows\System\WFUEJzM.exe
2⤵
PID:11604

C:\Windows\System\dtZOGBH.exe
C:\Windows\System\dtZOGBH.exe
2⤵
PID:11640

C:\Windows\System\VhNtBWL.exe
C:\Windows\System\VhNtBWL.exe
2⤵
PID:11660

C:\Windows\System\JdOBxla.exe
C:\Windows\System\JdOBxla.exe
2⤵
PID:11688

C:\Windows\System\OQuDesD.exe
C:\Windows\System\OQuDesD.exe
2⤵
PID:11716

C:\Windows\System\cRWuZJD.exe
C:\Windows\System\cRWuZJD.exe
2⤵
PID:11756

C:\Windows\System\iKIVEAQ.exe
C:\Windows\System\iKIVEAQ.exe
2⤵
PID:11784

C:\Windows\System\XlMfvDJ.exe
C:\Windows\System\XlMfvDJ.exe
2⤵
PID:11808

C:\Windows\System\ZzITmrk.exe
C:\Windows\System\ZzITmrk.exe
2⤵
PID:11840

C:\Windows\System\VsvflrL.exe
C:\Windows\System\VsvflrL.exe
2⤵
PID:11856

C:\Windows\System\dqiBeRv.exe
C:\Windows\System\dqiBeRv.exe
2⤵
PID:11884

C:\Windows\System\WaAkqbM.exe
C:\Windows\System\WaAkqbM.exe
2⤵
PID:11920

C:\Windows\System\PZUcwGk.exe
C:\Windows\System\PZUcwGk.exe
2⤵
PID:11952

C:\Windows\System\ZOLankF.exe
C:\Windows\System\ZOLankF.exe
2⤵
PID:11972

C:\Windows\System\JiDpKaN.exe
C:\Windows\System\JiDpKaN.exe
2⤵
PID:12008

C:\Windows\System\oHeerjv.exe
C:\Windows\System\oHeerjv.exe
2⤵
PID:12028

C:\Windows\System\QiclwOm.exe
C:\Windows\System\QiclwOm.exe
2⤵
PID:12052

C:\Windows\System\RvUhOXY.exe
C:\Windows\System\RvUhOXY.exe
2⤵
PID:12080

C:\Windows\System\wycEsPn.exe
C:\Windows\System\wycEsPn.exe
2⤵
PID:12120

C:\Windows\System\FDcMSrc.exe
C:\Windows\System\FDcMSrc.exe
2⤵
PID:12136

C:\Windows\System\tfxjysa.exe
C:\Windows\System\tfxjysa.exe
2⤵
PID:12176

C:\Windows\System\FOAAERX.exe
C:\Windows\System\FOAAERX.exe
2⤵
PID:12204

C:\Windows\System\SOXKcwI.exe
C:\Windows\System\SOXKcwI.exe
2⤵
PID:12232

C:\Windows\System\VBMfKgI.exe
C:\Windows\System\VBMfKgI.exe
2⤵
PID:12248

C:\Windows\System\iZGtIOx.exe
C:\Windows\System\iZGtIOx.exe
2⤵
PID:12276

C:\Windows\System\NZrabqJ.exe
C:\Windows\System\NZrabqJ.exe
2⤵
PID:10452

C:\Windows\System\nbSMbkE.exe
C:\Windows\System\nbSMbkE.exe
2⤵
PID:11292

C:\Windows\System\SODSPPd.exe
C:\Windows\System\SODSPPd.exe
2⤵
PID:11352

C:\Windows\System\qjoQReF.exe
C:\Windows\System\qjoQReF.exe
2⤵
PID:11408

C:\Windows\System\eDFbhPL.exe
C:\Windows\System\eDFbhPL.exe
2⤵
PID:11456

C:\Windows\System\FxiNGyO.exe
C:\Windows\System\FxiNGyO.exe
2⤵
PID:11516

C:\Windows\System\qEyGPqy.exe
C:\Windows\System\qEyGPqy.exe
2⤵
PID:11632

C:\Windows\System\IpUcwAq.exe
C:\Windows\System\IpUcwAq.exe
2⤵
PID:11672

C:\Windows\System\kisUFJo.exe
C:\Windows\System\kisUFJo.exe
2⤵
PID:3576

C:\Windows\System\NAtFhrF.exe
C:\Windows\System\NAtFhrF.exe
2⤵
PID:11748

C:\Windows\System\dnRgVnc.exe
C:\Windows\System\dnRgVnc.exe
2⤵
PID:11816

C:\Windows\System\MblSkdz.exe
C:\Windows\System\MblSkdz.exe
2⤵
PID:11852

C:\Windows\System\hsYkPfW.exe
C:\Windows\System\hsYkPfW.exe
2⤵
PID:11944

C:\Windows\System\EHoanix.exe
C:\Windows\System\EHoanix.exe
2⤵
PID:12004

C:\Windows\System\zrWdGEZ.exe
C:\Windows\System\zrWdGEZ.exe
2⤵
PID:12096

C:\Windows\System\PrXKpqf.exe
C:\Windows\System\PrXKpqf.exe
2⤵
PID:12132

C:\Windows\System\ErqhZbw.exe
C:\Windows\System\ErqhZbw.exe
2⤵
PID:12188

C:\Windows\System\XlXsoNl.exe
C:\Windows\System\XlXsoNl.exe
2⤵
PID:12244

C:\Windows\System\DFOedrs.exe
C:\Windows\System\DFOedrs.exe
2⤵
PID:11148

C:\Windows\System\TypBqeZ.exe
C:\Windows\System\TypBqeZ.exe
2⤵
PID:11372

C:\Windows\System\gcCyTse.exe
C:\Windows\System\gcCyTse.exe
2⤵
PID:11544

C:\Windows\System\PBxkLnY.exe
C:\Windows\System\PBxkLnY.exe
2⤵
PID:11704

C:\Windows\System\hHBcyNK.exe
C:\Windows\System\hHBcyNK.exe
2⤵
PID:11792

C:\Windows\System\QjWnhCl.exe
C:\Windows\System\QjWnhCl.exe
2⤵
PID:11960

C:\Windows\System\ZjgNBZJ.exe
C:\Windows\System\ZjgNBZJ.exe
2⤵
PID:12112

C:\Windows\System\kPqHMcU.exe
C:\Windows\System\kPqHMcU.exe
2⤵
PID:11252

C:\Windows\System\cutPSdl.exe
C:\Windows\System\cutPSdl.exe
2⤵
PID:11460

C:\Windows\System\iKAxbzx.exe
C:\Windows\System\iKAxbzx.exe
2⤵
PID:11772

C:\Windows\System\JixspmX.exe
C:\Windows\System\JixspmX.exe
2⤵
PID:12172

C:\Windows\System\pwhqRKa.exe
C:\Windows\System\pwhqRKa.exe
2⤵
PID:11300

C:\Windows\System\VIBIIlh.exe
C:\Windows\System\VIBIIlh.exe
2⤵
PID:12076

C:\Windows\System\MxhFUNd.exe
C:\Windows\System\MxhFUNd.exe
2⤵
PID:12304

C:\Windows\System\xOqexsY.exe
C:\Windows\System\xOqexsY.exe
2⤵
PID:12332

C:\Windows\System\MrnTksQ.exe
C:\Windows\System\MrnTksQ.exe
2⤵
PID:12360

C:\Windows\System\XxzvzZJ.exe
C:\Windows\System\XxzvzZJ.exe
2⤵
PID:12388

C:\Windows\System\wStWSWE.exe
C:\Windows\System\wStWSWE.exe
2⤵
PID:12416

C:\Windows\System\fbOisNL.exe
C:\Windows\System\fbOisNL.exe
2⤵
PID:12440

C:\Windows\System\SBasTUZ.exe
C:\Windows\System\SBasTUZ.exe
2⤵
PID:12460

C:\Windows\System\ZqXHRew.exe
C:\Windows\System\ZqXHRew.exe
2⤵
PID:12500

C:\Windows\System\SenLbDE.exe
C:\Windows\System\SenLbDE.exe
2⤵
PID:12528

C:\Windows\System\XohdHNI.exe
C:\Windows\System\XohdHNI.exe
2⤵
PID:12544

C:\Windows\System\aXfIRlg.exe
C:\Windows\System\aXfIRlg.exe
2⤵
PID:12572

C:\Windows\System\RNvreiu.exe
C:\Windows\System\RNvreiu.exe
2⤵
PID:12612

C:\Windows\System\PGQWGic.exe
C:\Windows\System\PGQWGic.exe
2⤵
PID:12640

C:\Windows\System\KUqIOfU.exe
C:\Windows\System\KUqIOfU.exe
2⤵
PID:12668

C:\Windows\System\uuNbqEZ.exe
C:\Windows\System\uuNbqEZ.exe
2⤵
PID:12696

C:\Windows\System\TVTplPV.exe
C:\Windows\System\TVTplPV.exe
2⤵
PID:12712

C:\Windows\System\UJESwwg.exe
C:\Windows\System\UJESwwg.exe
2⤵
PID:12740

C:\Windows\System\FHAbzqf.exe
C:\Windows\System\FHAbzqf.exe
2⤵
PID:12772

C:\Windows\System\ByQGONT.exe
C:\Windows\System\ByQGONT.exe
2⤵
PID:12808

C:\Windows\System\ZLNOXJF.exe
C:\Windows\System\ZLNOXJF.exe
2⤵
PID:12824

C:\Windows\System\mNZfMml.exe
C:\Windows\System\mNZfMml.exe
2⤵
PID:12864

C:\Windows\System\eNQDqCp.exe
C:\Windows\System\eNQDqCp.exe
2⤵
PID:12892

C:\Windows\System\BuoktOc.exe
C:\Windows\System\BuoktOc.exe
2⤵
PID:12916

C:\Windows\System\WIBhjAt.exe
C:\Windows\System\WIBhjAt.exe
2⤵
PID:12936

C:\Windows\System\ufqNtYl.exe
C:\Windows\System\ufqNtYl.exe
2⤵
PID:12964

C:\Windows\System\XfRfimw.exe
C:\Windows\System\XfRfimw.exe
2⤵
PID:13004

C:\Windows\System\ytKHCSa.exe
C:\Windows\System\ytKHCSa.exe
2⤵
PID:13020

C:\Windows\System\CzfJNSR.exe
C:\Windows\System\CzfJNSR.exe
2⤵
PID:13048

C:\Windows\System\dyxWryG.exe
C:\Windows\System\dyxWryG.exe
2⤵
PID:13088

C:\Windows\System\LFGgINc.exe
C:\Windows\System\LFGgINc.exe
2⤵
PID:13108

C:\Windows\System\KZcsICN.exe
C:\Windows\System\KZcsICN.exe
2⤵
PID:13132

C:\Windows\System\iiXdBQA.exe
C:\Windows\System\iiXdBQA.exe
2⤵
PID:13160

C:\Windows\System\fmMxBoe.exe
C:\Windows\System\fmMxBoe.exe
2⤵
PID:13200

C:\Windows\System\uDpIQrH.exe
C:\Windows\System\uDpIQrH.exe
2⤵
PID:13216

C:\Windows\System\hmKJNZe.exe
C:\Windows\System\hmKJNZe.exe
2⤵
PID:13256

C:\Windows\System\kxyzPbV.exe
C:\Windows\System\kxyzPbV.exe
2⤵
PID:13284

C:\Windows\System\sgOnsZJ.exe
C:\Windows\System\sgOnsZJ.exe
2⤵
PID:12240

C:\Windows\System\WEzsvGc.exe
C:\Windows\System\WEzsvGc.exe
2⤵
PID:12328

C:\Windows\System\CVbSvoC.exe
C:\Windows\System\CVbSvoC.exe
2⤵
PID:12408

C:\Windows\System\SrqWCkN.exe
C:\Windows\System\SrqWCkN.exe
2⤵
PID:12484

C:\Windows\System\kzyQjiC.exe
C:\Windows\System\kzyQjiC.exe
2⤵
PID:12540

C:\Windows\System\GFtnOSD.exe
C:\Windows\System\GFtnOSD.exe
2⤵
PID:12604

C:\Windows\System\CiZRqzy.exe
C:\Windows\System\CiZRqzy.exe
2⤵
PID:12684

C:\Windows\System\CNZAoCo.exe
C:\Windows\System\CNZAoCo.exe
2⤵
PID:12752

C:\Windows\System\mPyAStg.exe
C:\Windows\System\mPyAStg.exe
2⤵
PID:12800

C:\Windows\System\Ucnywzv.exe
C:\Windows\System\Ucnywzv.exe
2⤵
PID:12840

C:\Windows\System\zjuziDJ.exe
C:\Windows\System\zjuziDJ.exe
2⤵
PID:12908

C:\Windows\System\DTEcFqM.exe
C:\Windows\System\DTEcFqM.exe
2⤵
PID:12948

C:\Windows\System\sfYDuPg.exe
C:\Windows\System\sfYDuPg.exe
2⤵
PID:13016

C:\Windows\System\tkrfJpp.exe
C:\Windows\System\tkrfJpp.exe
2⤵
PID:13124

C:\Windows\System\RYmsalL.exe
C:\Windows\System\RYmsalL.exe
2⤵
PID:13172

C:\Windows\System\hWYXSxT.exe
C:\Windows\System\hWYXSxT.exe
2⤵
PID:13240

C:\Windows\System\eerNivI.exe
C:\Windows\System\eerNivI.exe
2⤵
PID:13308

C:\Windows\System\nNDCZxn.exe
C:\Windows\System\nNDCZxn.exe
2⤵
PID:4312

C:\Windows\System\IXBFPCz.exe
C:\Windows\System\IXBFPCz.exe
2⤵
PID:12512

C:\Windows\System\ZGwiSqk.exe
C:\Windows\System\ZGwiSqk.exe
2⤵
PID:12704

C:\Windows\System\TUikAvO.exe
C:\Windows\System\TUikAvO.exe
2⤵
PID:12860

C:\Windows\System\ZrPHRNP.exe
C:\Windows\System\ZrPHRNP.exe
2⤵
PID:12996

C:\Windows\System\pOGzDdh.exe
C:\Windows\System\pOGzDdh.exe
2⤵
PID:12224

C:\Windows\System\CQiqfiP.exe
C:\Windows\System\CQiqfiP.exe
2⤵
PID:13300

C:\Windows\System\nDYmuwJ.exe
C:\Windows\System\nDYmuwJ.exe
2⤵
PID:12452

C:\Windows\System\XlCExcb.exe
C:\Windows\System\XlCExcb.exe
2⤵
PID:4964

C:\Windows\System\JLvogwN.exe
C:\Windows\System\JLvogwN.exe
2⤵
PID:12888

C:\Windows\System\WyavNPR.exe
C:\Windows\System\WyavNPR.exe
2⤵
PID:12356

C:\Windows\System\PIXnQiU.exe
C:\Windows\System\PIXnQiU.exe
2⤵
PID:13328

C:\Windows\System\cbPSjUC.exe
C:\Windows\System\cbPSjUC.exe
2⤵
PID:13356

C:\Windows\System\sAzEBdH.exe
C:\Windows\System\sAzEBdH.exe
2⤵
PID:13384

C:\Windows\System\gTHvbmT.exe
C:\Windows\System\gTHvbmT.exe
2⤵
PID:13400

C:\Windows\System\lXwJVXu.exe
C:\Windows\System\lXwJVXu.exe
2⤵
PID:13440

C:\Windows\System\FXFSIHK.exe
C:\Windows\System\FXFSIHK.exe
2⤵
PID:13464

C:\Windows\System\MSaXGQZ.exe
C:\Windows\System\MSaXGQZ.exe
2⤵
PID:13692

C:\Windows\System\PwcafYY.exe
C:\Windows\System\PwcafYY.exe
2⤵
PID:13708

C:\Windows\System\CQnrEfD.exe
C:\Windows\System\CQnrEfD.exe
2⤵
PID:13732

C:\Windows\System\YHQIoKS.exe
C:\Windows\System\YHQIoKS.exe
2⤵
PID:13752

C:\Windows\System\mSBNPkM.exe
C:\Windows\System\mSBNPkM.exe
2⤵
PID:13768

C:\Windows\System\WAXaGzz.exe
C:\Windows\System\WAXaGzz.exe
2⤵
PID:13808

C:\Windows\System\ByMmzhh.exe
C:\Windows\System\ByMmzhh.exe
2⤵
PID:13836

C:\Windows\System\pAzgoVp.exe
C:\Windows\System\pAzgoVp.exe
2⤵
PID:13876

C:\Windows\System\betcNan.exe
C:\Windows\System\betcNan.exe
2⤵
PID:13912

C:\Windows\System\XpbGJPb.exe
C:\Windows\System\XpbGJPb.exe
2⤵
PID:13932

C:\Windows\System\nNlyQEa.exe
C:\Windows\System\nNlyQEa.exe
2⤵
PID:13960

C:\Windows\System\DRMSyet.exe
C:\Windows\System\DRMSyet.exe
2⤵
PID:14000

C:\Windows\System\JPMBAtz.exe
C:\Windows\System\JPMBAtz.exe
2⤵
PID:14028

C:\Windows\System\uoMXbLD.exe
C:\Windows\System\uoMXbLD.exe
2⤵
PID:14052

C:\Windows\System\wBIXXgb.exe
C:\Windows\System\wBIXXgb.exe
2⤵
PID:14072

C:\Windows\System\XxtWvuE.exe
C:\Windows\System\XxtWvuE.exe
2⤵
PID:14092

C:\Windows\System\LyryfbX.exe
C:\Windows\System\LyryfbX.exe
2⤵
PID:14140

C:\Windows\System\EmQqGsd.exe
C:\Windows\System\EmQqGsd.exe
2⤵
PID:14156

C:\Windows\System\FMADdWi.exe
C:\Windows\System\FMADdWi.exe
2⤵
PID:14184

C:\Windows\System\lSupSDg.exe
C:\Windows\System\lSupSDg.exe
2⤵
PID:14216

C:\Windows\System\HZYMeEK.exe
C:\Windows\System\HZYMeEK.exe
2⤵
PID:14240

C:\Windows\System\txDuUGr.exe
C:\Windows\System\txDuUGr.exe
2⤵
PID:14280

C:\Windows\System\nAgqjJm.exe
C:\Windows\System\nAgqjJm.exe
2⤵
PID:14300

C:\Windows\System\YoypFRr.exe
C:\Windows\System\YoypFRr.exe
2⤵
PID:13320

C:\Windows\System\oYHerdX.exe
C:\Windows\System\oYHerdX.exe
2⤵
PID:13412

C:\Windows\System\HkrVmIH.exe
C:\Windows\System\HkrVmIH.exe
2⤵
PID:12928

C:\Windows\System\AHCmEVW.exe
C:\Windows\System\AHCmEVW.exe
2⤵
PID:13504

C:\Windows\System\GRtVICx.exe
C:\Windows\System\GRtVICx.exe
2⤵
PID:13540

C:\Windows\System\nZSUFCT.exe
C:\Windows\System\nZSUFCT.exe
2⤵
PID:13568

C:\Windows\System\riPAaVZ.exe
C:\Windows\System\riPAaVZ.exe
2⤵
PID:13596

C:\Windows\System\YFzRnWp.exe
C:\Windows\System\YFzRnWp.exe
2⤵
PID:13632

C:\Windows\System\RDSQCUZ.exe
C:\Windows\System\RDSQCUZ.exe
2⤵
PID:13700

C:\Windows\System\hdLrHUH.exe
C:\Windows\System\hdLrHUH.exe
2⤵
PID:13780

C:\Windows\System\ynzsTSn.exe
C:\Windows\System\ynzsTSn.exe
2⤵
PID:13748

C:\Windows\System\XakWkwX.exe
C:\Windows\System\XakWkwX.exe
2⤵
PID:13852

C:\Windows\System\taRWWnk.exe
C:\Windows\System\taRWWnk.exe
2⤵
PID:13864

C:\Windows\System\aVhgBHm.exe
C:\Windows\System\aVhgBHm.exe
2⤵
PID:13924

C:\Windows\System\QddlGGR.exe
C:\Windows\System\QddlGGR.exe
2⤵
PID:13988

C:\Windows\System\tdedILF.exe
C:\Windows\System\tdedILF.exe
2⤵
PID:14060

C:\Windows\System\mYjHHGu.exe
C:\Windows\System\mYjHHGu.exe
2⤵
PID:14084

C:\Windows\System\buzVYBt.exe
C:\Windows\System\buzVYBt.exe
2⤵
PID:14180

C:\Windows\System\aApCand.exe
C:\Windows\System\aApCand.exe
2⤵
PID:14232

C:\Windows\System\lxZvxvz.exe
C:\Windows\System\lxZvxvz.exe
2⤵
PID:14324

C:\Windows\System\PzGpRDe.exe
C:\Windows\System\PzGpRDe.exe
2⤵
PID:13484

C:\Windows\System\nbJOjgn.exe
C:\Windows\System\nbJOjgn.exe
2⤵
PID:13532

C:\Windows\System\lelxKwv.exe
C:\Windows\System\lelxKwv.exe
2⤵
PID:13592

C:\Windows\System\aeHoVFR.exe
C:\Windows\System\aeHoVFR.exe
2⤵
PID:13764

C:\Windows\System\SwhogGP.exe
C:\Windows\System\SwhogGP.exe
2⤵
PID:13804

C:\Windows\System\uAwNcJb.exe
C:\Windows\System\uAwNcJb.exe
2⤵
PID:13896

C:\Windows\System\sjcyjaq.exe
C:\Windows\System\sjcyjaq.exe
2⤵
PID:14020

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4208

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ANDQsCT.exe
Filesize
2.1MB

MD5
98f1ab2f209649060b6adbad35f2b411

SHA1
4bd545046e8fc93ef936d38b2ced26258077ee60

SHA256
0977a77ad84beef8af753579027cd76a801507668b4e10028ce7078748fb59d7

SHA512
2180b7547261ead4339d96b1b2ad7fb654859668688a89f0917589cfc19779a1c27efde628c3357f38ec99dc0483228df356556aa12ba861b4b7ab03e879c96c

Download Submit
C:\Windows\System\AkoQMQV.exe
Filesize
2.1MB

MD5
459afb510f8bc3d31e8acfccc2f56e8b

SHA1
b9580844b2acda083c8125008bcaa099e947a135

SHA256
4a28d72e2e1cd53e301739f3c5cb13464b445bcad3493b2efb8b4b5f03045a10

SHA512
0fef81e2bfccd164b2d5ca96431bad847242360f75b83f826e8d93d1d83c5382d3579a258214c635bbd5d8286ab3dd163815dd575c07c4ecda527845aa7e7800

Download Submit
C:\Windows\System\AuiVzhI.exe
Filesize
2.1MB

MD5
0f9965511c432c6d7f1b105b5102e757

SHA1
fd78ce98dd64aea16fbcc2a450e7b77293e82558

SHA256
a05ff3e60e76b8bd60c3057c12e68eae3b07403d798ecd8b548b056405d8990b

SHA512
06c44b113800d7426bcad01468449750ac4fa256c1f4515411aae35184d49c6bcc9ed615c8f8575df0ed7694832a8e9c85fe264394f5f912802577a04469daf0

Download Submit
C:\Windows\System\CdsfFqX.exe
Filesize
2.1MB

MD5
d2f9477c92ba1c4f84a214f3d4529089

SHA1
fb5befd359709b0dbf74274e81bcdf167de8e012

SHA256
12b83768fd8b39acd32a7613a5a0abf1814fbf4265f4c067d93082a2ee35d9f4

SHA512
a383607d28a07f2d2c87d89e066047f878f16839e53b86a80596bd3580f2f57c392091eda5ae1c8d9b682d8a62b93c38ad8087e6410c68b6883ac61647c69cf1

Download Submit
C:\Windows\System\EDBDlue.exe
Filesize
2.1MB

MD5
56e95b1c6b17c080b6b13c93bd73cf22

SHA1
44d9f150fa4bf37102946822de5a5b4287eace57

SHA256
f67b770c640ba7097b666395e937a3c98ef636f444e37344f66cfbca471ebc48

SHA512
0511fff7901c36a2623471ca80ba2f3c0676ec7ca6fa9ef00176ea9506150b1b379bf8ed7d5df100a3b8fa31cdc5f50422ab6c112ffd570a52ac1722c1ffa393

Download Submit
C:\Windows\System\ErfQeml.exe
Filesize
2.1MB

MD5
6ae680ffea6a764164bb6fe39a78a991

SHA1
7791ffbbe9311f73de8ae74f53f281d7f0697375

SHA256
c0cd7895dc15d678b1d43867ae77eb36543d98ce7563b1a03af6f87d4b3d5f7f

SHA512
847417e522da9a42ec5ba667ffff68037b7ef358da6dc492d4071f7132dd4e583b53c45f4842ea73e2cb7e459b266487f7ccb97a90ac9a2acc968d810f89eb2a

Download Submit
C:\Windows\System\FJxWORe.exe
Filesize
2.1MB

MD5
05fb8676b9296fc18f65b06322a1b2ef

SHA1
cfbcfa91517aef1915192f988aa8717e6981a37a

SHA256
73d0b7be6f46d5cd78eabf10fdcc1457cfc20ba195d8ccf8a83470b740c2c4fb

SHA512
ad8c4dfccd344542f86ff3f8adf3b5ae3afa76087882e0dfe9338cc336fa6b31ab64aca4ebc89697bf844897e01b19ef89480332de3a77e1eae913fabc51b709

Download Submit
C:\Windows\System\GSIhGzv.exe
Filesize
2.1MB

MD5
fa0977669ce8d006ffc8b2e534db19c0

SHA1
9025110ff72724351a6991ca133d3620305fdd3b

SHA256
e904a093ce4120f315979ab6275edfad82e0faff61a99988678d19eb4f857311

SHA512
77de7dd355f92209823479cacec0b35adf70f972d84e4f8cc8589e8503e12aa1d8fc35cea29c0005e4dbdb0aecea8e62aad6c1d214e94a0ef9a65904694d8bb1

Download Submit
C:\Windows\System\JEVhcYW.exe
Filesize
2.1MB

MD5
1489c45f27903201869311dbf5c08612

SHA1
edad32616870bff21351cfe6023f130c262089c6

SHA256
3327be8cb04ae835a8b3cb03d8faf52e19171a02cf864bb5ef0c23600c0fd603

SHA512
dfc4971de8fa0a65eb16fd98d8250a7efc7d0a40563e65b8fb4685b36b4d38d9d8eda4d104e49d077cc9ab2536bab7411c8455c9cee7e6ea0d914d0ff4cf5eb4

Download Submit
C:\Windows\System\KnPCZnd.exe
Filesize
2.1MB

MD5
99d7aa30433c8aa78b535acd31aaade1

SHA1
e8f06976f4dcc03a97fac7f66324b6c0b142cf9a

SHA256
03004240b3298b24c8fe3dbcf24c4b77dd42596a76873391e559c5a069d692ff

SHA512
21a6e6aa84e3a583ffe2014568fb05a2ee023208999f98f9ff81898c4fa16e885112636138c6429535919f4c73be4cd7bac01fbf38cc5d6b1b9311b71d178378

Download Submit
C:\Windows\System\LMDCEqY.exe
Filesize
2.1MB

MD5
c6132f9fdbf2bf6846851c5b59647974

SHA1
a2ffc789fc0bf089996c8e6706ea3ef1c8d8a870

SHA256
388e337bc6c3683b1594435d0f045241e1a9c01684885cf4d0099f4b06bf46ea

SHA512
a26c6560c13fd442323bed246f6e2feabd6ac4c0666f8e1652728452aa072747e0dad069dab69f329a19807a3fdb4f74ecf831b92a716e4471a8abcc4b4e7c62

Download Submit
C:\Windows\System\MkMhnys.exe
Filesize
2.1MB

MD5
b49f5d93e12a52b6bedb845573c2b025

SHA1
2c0fe28ddd5f10ee559d2e27b7b016c9e8709202

SHA256
7cb194552428fddeb6ad6ce9ba754655c9d3142bd8a3104b7f86d3db0adf30d8

SHA512
e55848ce646d8ddbdf8f63dc8ceadd542e605e64056c3fcbe84fd67e7aca45dbb4dcea385cff4411446197b6e6a6202642cef8b0f068dfd31b0cfdcaea98ce98

Download Submit
C:\Windows\System\NgVUnZV.exe
Filesize
2.1MB

MD5
a04002a32b9c1daeeae20ecc32c733dd

SHA1
29c8aeb3ea64733d384e8ef9e915490c3722c98c

SHA256
9d374c0d962debcb573a32d1d8b0a58402510bf6487251710cc16dd6d3f74caa

SHA512
c09cdee8ccb49b9e726288957abb1e2dcc59b169269c64791c462d919c1b92c2d6c026bb6c009c08ce69709126fce018e7c69dc3fb754d867afa772f9b76a204

Download Submit
C:\Windows\System\ScoOZOY.exe
Filesize
2.1MB

MD5
16c4c5fdf4e66e903e3c683f9ad74726

SHA1
23176ef5b9dd44dceb98e84ffa27a4a2705f7e6a

SHA256
6b75af940cfc9de4475eec80a791ce656c921dedea9b95470b31dfc5f428fc46

SHA512
36357df5a90f633c536eba3dee2dab1d800be4596dd04315907b0b08823f9fb5d01590286880a7d4406145bec6257aa55dba99aa5b38fa3ad0fb7e38c6ffba76

Download Submit
C:\Windows\System\WpnRCJR.exe
Filesize
2.1MB

MD5
53d9d10632ba03cb40e276eeb6c0458b

SHA1
2787cca26ae31705ca1365abc67649e72ce4b9ec

SHA256
af24db0ea43f6d6d974d902e97c0931b3b479a3527df809bee42df31b7d3f4f5

SHA512
d92efe075a13fbe953ed42055c0233980910a06d0e99cad12a713c9d2a054597a8703eac5fd8051bbe697086e4b0d479fd4acab75402719853166cfeb6ac83cf

Download Submit
C:\Windows\System\YQFixWu.exe
Filesize
2.1MB

MD5
2909584e515c747b8846f64208ed8123

SHA1
0170ab628d529b3b6ec15ba1004126fd8e0f71e4

SHA256
6e6f442a2f1a0975ae26c3f3faaf7be3bd1404ec3fd5083154505e7cc28209d2

SHA512
477c9742cb2cabd5e9144b8b7a0317da1dc1fd31f8fd96bb9307c386c91d7359c80f518f984ea97b83a001b7bca841348e3fbe65438ca727589902473404506a

Download Submit
C:\Windows\System\apbJQMY.exe
Filesize
2.1MB

MD5
b3e0a022a9b53c6b564355ca08dbf399

SHA1
37594d5e600223d7e2d1278072efe898342b4b0f

SHA256
ddc8f2be89be84caa3eecba1736fbd191b23f0fb5689676bbce537f869e19812

SHA512
c9389dc7e7185b1f758ff94755a1836f8ab68ce7672e9c97d7ee01050d452767c231e53c19df40461053abeb9355c012b8a1d653faa05fcb37310042d44c50b0

Download Submit
C:\Windows\System\apeWLwS.exe
Filesize
2.1MB

MD5
ae9ce3d59baeffc9ffc7d4aff3a88c84

SHA1
cf168b05b4b4f1eb63573802003114f3c21274b1

SHA256
b31e1f3c1663f5d2b6cb6379146e0345b2f70b4502d835384a14b74ed687da62

SHA512
877196f0bc100173b09e462af030751c89f4618632fb93abd781ed7c408009e6c28787d80cf3ec44fc09edae71c444a28892690a5251995036806485a4ab00ac

Download Submit
C:\Windows\System\atmrAYA.exe
Filesize
2.1MB

MD5
88f6042efeef13f45350e71037b1a1f0

SHA1
8fe7222cce7efef97d01941e3323d2d534b0c148

SHA256
02e4402cd64992c2178005c044e2f35faa7c25f45b0bdceb45de300670427caf

SHA512
5139fdad84450bb4e511d8fd76eda5111fa948d05f26062165a1325e30f680ef1d1839e07c36a6d02f20d2018fc9566c52b876b72c181d7803acec01384290b0

Download Submit
C:\Windows\System\azEhdSN.exe
Filesize
2.1MB

MD5
61d128b555b0ff6a53e8feb504798d36

SHA1
3fa8d435cedc4a03874b0f7e261412b682c0cf4d

SHA256
d8b8942e58c87ded6efade8c41c01aa16d4a4e86bcdea95d14e8487c14c5cfef

SHA512
ec9a0524af823feb9e745075d089241813d43dd3bddb9f67d0c7a87ec2e631a3b59bbefb7f4f73b28a58a6292bc9edb0f0e982f23f7290f2087f7b575caf74dc

Download Submit
C:\Windows\System\dIIYufQ.exe
Filesize
2.1MB

MD5
54cb1a2ff72471a36e6f32b3f58c71db

SHA1
d916231e139cf0ad3adf88c97bb0ad66c2a0dba8

SHA256
b08bc5d699901348e6476a5dcadacd547fe5cc1a82053ff86dc9608529da1c93

SHA512
1eb25c9ab73eeebee6dc54774afe1c6c251ab680d69b63fef5cff5e0828032c4913f953bd3abf37633b6713da0031c8718d0b716a8bf774cdeabfcb7433854a7

Download Submit
C:\Windows\System\dbnNDkN.exe
Filesize
2.1MB

MD5
9eedf3755675109f4d4a972997271eba

SHA1
209c692d3b761677c3c3baf389e17730d123f37f

SHA256
b9dd3503f6f89e68ab564595543ffb9027e77f0b46095238913fa1f02548f987

SHA512
918073ebcda0b7f2db5d344743e5e462d03c3fd6947ee1c6ee1e2b406712661f37787204114ceb2b03ea5876ce2b295e98facc7cdf0acc6b249a1b78e9a4a815

Download Submit
C:\Windows\System\etpiPAN.exe
Filesize
2.1MB

MD5
91d4d2b5d74f41a9a6e3fde4063683cc

SHA1
453b219ae324e5488a3e9b3e324d95239251296d

SHA256
93e75f9d616965e8778cb8b7887510769850ab430e32e7085bddb0ecbd0fdaaf

SHA512
465bf514326aae73a98c5657fba121aa9f27202ded062e181450546bfe4f0600b3d2f382e91a271d56b5bd0821407d24df53ad36a5d930c15930e63a48d54e50

Download Submit
C:\Windows\System\fYQepel.exe
Filesize
2.1MB

MD5
70c89da5edd982f5a11c2aad30459c98

SHA1
9160813d8f948d8e0f2305d64cddf1389acf0d03

SHA256
d0ec7bfe68c533974fa1c313699c80b23c7308cb43f7ad6797ff00daedec5456

SHA512
604858250d16a037751bfbe5dad1f11278b49ab1a55a93330bb8b2a12356a4b4b336254e17016b7b4c462a15fb34c02e02155f6009193bfe86b1a61c83eda2c6

Download Submit
C:\Windows\System\hXrwgIl.exe
Filesize
2.1MB

MD5
f2c3b4a4a4edb1ef5bd4bfc6d425697a

SHA1
0ee52fa5bc0b58511fd4d50f88eac924d4a99ae6

SHA256
8e24e99f93730cc569a7a5cb4ecdbec1b42444db946d04dce48c1dedb7b0ecc9

SHA512
7467daa008f930f5206a1c08652f50097dc72b67d4b81828faa2f67ce2b3ec0f7effbec710f2ef4c7b97541ce6695dc3da7b5d46e21f827dfc759b23312f627c

Download Submit
C:\Windows\System\hyTVSVg.exe
Filesize
2.1MB

MD5
d339db2c7fcb7ced99e39508133c8f3c

SHA1
e71d8b885fd88340996c0cd80acddb522ac696fd

SHA256
22c1fdad403bb500874715f6b1f1753e75f580058a89972023ee26291170d568

SHA512
c8f8716c19336f21a5f06ced1cad33935786d413269895af976551814e0b39eef8ae4c081df216e910db9571ca1aae361da199c7e9285e25521ebeb90a96f612

Download Submit
C:\Windows\System\nYyxtrP.exe
Filesize
2.1MB

MD5
206f60def74d387907e5ee194716e190

SHA1
fc953d30265d872713c30904b60c482b3a69da12

SHA256
196f43725b4ac769d1d45583bd36cbb6fd042acd35f254e251f9844276fc8b2c

SHA512
5bdb10059dbb0c7a329df86278333ae4d211233c0d6f962f915a270e684064aded2a41ee8f611d928471e66ef329446b2e2c49d2cef00e8ba0be48ea718e73b9

Download Submit
C:\Windows\System\rDuEVuo.exe
Filesize
2.1MB

MD5
0b9a91bdf15db75144af97c0d7f6ecb0

SHA1
6bd5764d8ca665156c33085cf52b3221eb5e39eb

SHA256
992ec1dea0c37db8c47fc338addda57dbdd3c367c0dea687fbb495f07409c1ea

SHA512
69644bbb8b3464502faf93b31a648e960fea035c45c77822aaf7532d29cdf6ced3595f68c274015122d4933582e8f5a43aaaecfc8323368989653e2065a9b8d3

Download Submit
C:\Windows\System\tEnItOC.exe
Filesize
2.1MB

MD5
5093d0db98ae0e4a46b6000c0f8eda0a

SHA1
6625ec46861fcee377f3cc815dafd1e7e8a64908

SHA256
f959790f666b6e8c5894318887809a263503270c30c4f35fb22ebfc224815604

SHA512
3e2b7d79b4858d9b477b78357bfb1633cd3f8c5bd1d146d2ad3c89b8d815c4f2fc0f5643d985e647a95989b75e264b6df6eb77cceb63b7a4575a2000f7b1e498

Download Submit
C:\Windows\System\tMuoEEf.exe
Filesize
2.1MB

MD5
a3d46f9f17cccc630f434cb90d44bbd0

SHA1
e0d6ed67e0ac5c4b27fd5c132845c8447b445545

SHA256
674ea2fddd37a4ad25e398e799016b8c243a5b2f23c15005408aa70db8d0b62f

SHA512
26f3207f5d676cf0744384a6233c70353519bb79349f78b231e1484376daf5d8e2d3f55ffed81df3f666f65e558c6eb4cab3e0cf733a0fd388f21ca92e018194

Download Submit
C:\Windows\System\vUWkFXZ.exe
Filesize
2.1MB

MD5
9276bd01c0e65ba11dbc010d759738a5

SHA1
1efa24f08506f402c40c16e2475b11183463b493

SHA256
1e1809c1d44ee51d9ffe207b5a519cac554522842ad4408ce397a03655a62d31

SHA512
9bb51632e1763cd0a3eba214a0729c88afce7c21ee3d81a65f8598c0ac14ae8d754002d4f2a50b2b2b754504ea3bc3b700eff6ab1c4601fcd8cfa3c6328d4121

Download Submit
C:\Windows\System\wjbZlkQ.exe
Filesize
2.1MB

MD5
b3295019e6082bd9f9f6c0d2f7dad305

SHA1
490e6d0e5b70ae86f85a9508e14d896c889f3cce

SHA256
e5f01d22b80d37b61b3edf507738112c2bdabe98bf3b3c7ad5e1c7441c0e9545

SHA512
77409e7a65742e2ed2e1d1d7eb16c896acdc6cd5eb638a92900e8abd0fa8ce09be04acfa49a58bc0b3a4ac044ae84fb32dcad99c163b9b7ff5305f4c5c536777

Download Submit
C:\Windows\System\zXmaYal.exe
Filesize
2.1MB

MD5
f153fdbdf9895840c4221e6aad3c27c5

SHA1
9753722869bd1b15ee5050fec7ba91a0c69d63e2

SHA256
f790d3ac58c35525565235e15846cc96beffec6f8e00a8d5ec14ef465f73ec35

SHA512
580a431417c06b69f2c82ef70bde58f18fe41c2e891658da263bac992da650d3f408c9ee6c9c351ec89cb4902bccbf09be9a9c73875ddecaabaefa80ac450253

Download Submit
memory/392-2190-0x00007FF764300000-0x00007FF764654000-memory.dmp

Filesize
3.3MB

Download
memory/392-42-0x00007FF764300000-0x00007FF764654000-memory.dmp

Filesize
3.3MB

Download
memory/552-1535-0x00007FF7A02F0000-0x00007FF7A0644000-memory.dmp

Filesize
3.3MB

Download
memory/552-33-0x00007FF7A02F0000-0x00007FF7A0644000-memory.dmp

Filesize
3.3MB

Download
memory/552-2188-0x00007FF7A02F0000-0x00007FF7A0644000-memory.dmp

Filesize
3.3MB

Download
memory/560-2205-0x00007FF7A7500000-0x00007FF7A7854000-memory.dmp

Filesize
3.3MB

Download
memory/560-155-0x00007FF7A7500000-0x00007FF7A7854000-memory.dmp

Filesize
3.3MB

Download
memory/668-2209-0x00007FF7AE2F0000-0x00007FF7AE644000-memory.dmp

Filesize
3.3MB

Download
memory/668-160-0x00007FF7AE2F0000-0x00007FF7AE644000-memory.dmp

Filesize
3.3MB

Download
memory/668-2179-0x00007FF7AE2F0000-0x00007FF7AE644000-memory.dmp

Filesize
3.3MB

Download
memory/740-2175-0x00007FF64D460000-0x00007FF64D7B4000-memory.dmp

Filesize
3.3MB

Download
memory/740-68-0x00007FF64D460000-0x00007FF64D7B4000-memory.dmp

Filesize
3.3MB

Download
memory/740-2193-0x00007FF64D460000-0x00007FF64D7B4000-memory.dmp

Filesize
3.3MB

Download
memory/976-2176-0x00007FF720ED0000-0x00007FF721224000-memory.dmp

Filesize
3.3MB

Download
memory/976-75-0x00007FF720ED0000-0x00007FF721224000-memory.dmp

Filesize
3.3MB

Download
memory/976-2195-0x00007FF720ED0000-0x00007FF721224000-memory.dmp

Filesize
3.3MB

Download
memory/1020-731-0x00007FF776710000-0x00007FF776A64000-memory.dmp

Filesize
3.3MB

Download
memory/1020-0-0x00007FF776710000-0x00007FF776A64000-memory.dmp

Filesize
3.3MB

Download
memory/1020-1-0x00000242A7820000-0x00000242A7830000-memory.dmp

Filesize
64KB

Download
memory/1088-2178-0x00007FF790950000-0x00007FF790CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-159-0x00007FF790950000-0x00007FF790CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-2207-0x00007FF790950000-0x00007FF790CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-1915-0x00007FF66FB90000-0x00007FF66FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-2187-0x00007FF66FB90000-0x00007FF66FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-28-0x00007FF66FB90000-0x00007FF66FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-157-0x00007FF64F150000-0x00007FF64F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2203-0x00007FF64F150000-0x00007FF64F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2210-0x00007FF785980000-0x00007FF785CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-162-0x00007FF785980000-0x00007FF785CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2181-0x00007FF785980000-0x00007FF785CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2196-0x00007FF716CF0000-0x00007FF717044000-memory.dmp

Filesize
3.3MB

Download
memory/1624-82-0x00007FF716CF0000-0x00007FF717044000-memory.dmp

Filesize
3.3MB

Download
memory/1664-163-0x00007FF7A0630000-0x00007FF7A0984000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2182-0x00007FF7A0630000-0x00007FF7A0984000-memory.dmp

Filesize
3.3MB

Download
memory/1664-2208-0x00007FF7A0630000-0x00007FF7A0984000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2204-0x00007FF7B6900000-0x00007FF7B6C54000-memory.dmp

Filesize
3.3MB

Download
memory/1672-156-0x00007FF7B6900000-0x00007FF7B6C54000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2192-0x00007FF7A02D0000-0x00007FF7A0624000-memory.dmp

Filesize
3.3MB

Download
memory/1724-65-0x00007FF7A02D0000-0x00007FF7A0624000-memory.dmp

Filesize
3.3MB

Download
memory/1804-22-0x00007FF6CE690000-0x00007FF6CE9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2185-0x00007FF6CE690000-0x00007FF6CE9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-26-0x00007FF6C39D0000-0x00007FF6C3D24000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2186-0x00007FF6C39D0000-0x00007FF6C3D24000-memory.dmp

Filesize
3.3MB

Download
memory/2088-150-0x00007FF6528F0000-0x00007FF652C44000-memory.dmp

Filesize
3.3MB

Download
memory/2088-2199-0x00007FF6528F0000-0x00007FF652C44000-memory.dmp

Filesize
3.3MB

Download
memory/2452-2184-0x00007FF76D820000-0x00007FF76DB74000-memory.dmp

Filesize
3.3MB

Download
memory/2452-10-0x00007FF76D820000-0x00007FF76DB74000-memory.dmp

Filesize
3.3MB

Download
memory/2452-733-0x00007FF76D820000-0x00007FF76DB74000-memory.dmp

Filesize
3.3MB

Download
memory/2496-34-0x00007FF600900000-0x00007FF600C54000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2189-0x00007FF600900000-0x00007FF600C54000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1917-0x00007FF600900000-0x00007FF600C54000-memory.dmp

Filesize
3.3MB

Download
memory/2592-154-0x00007FF7A73D0000-0x00007FF7A7724000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2201-0x00007FF7A73D0000-0x00007FF7A7724000-memory.dmp

Filesize
3.3MB

Download
memory/2824-153-0x00007FF7F8810000-0x00007FF7F8B64000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2202-0x00007FF7F8810000-0x00007FF7F8B64000-memory.dmp

Filesize
3.3MB

Download
memory/2872-165-0x00007FF7F1230000-0x00007FF7F1584000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2197-0x00007FF7F1230000-0x00007FF7F1584000-memory.dmp

Filesize
3.3MB

Download
memory/3164-2211-0x00007FF63BC60000-0x00007FF63BFB4000-memory.dmp

Filesize
3.3MB

Download
memory/3164-2183-0x00007FF63BC60000-0x00007FF63BFB4000-memory.dmp

Filesize
3.3MB

Download
memory/3164-164-0x00007FF63BC60000-0x00007FF63BFB4000-memory.dmp

Filesize
3.3MB

Download
memory/3192-152-0x00007FF619C80000-0x00007FF619FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3192-2198-0x00007FF619C80000-0x00007FF619FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2191-0x00007FF74D7C0000-0x00007FF74DB14000-memory.dmp

Filesize
3.3MB

Download
memory/3244-60-0x00007FF74D7C0000-0x00007FF74DB14000-memory.dmp

Filesize
3.3MB

Download
memory/3380-158-0x00007FF745230000-0x00007FF745584000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2206-0x00007FF745230000-0x00007FF745584000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2177-0x00007FF745230000-0x00007FF745584000-memory.dmp

Filesize
3.3MB

Download
memory/3928-151-0x00007FF6F36F0000-0x00007FF6F3A44000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2200-0x00007FF6F36F0000-0x00007FF6F3A44000-memory.dmp

Filesize
3.3MB

Download
memory/4604-161-0x00007FF63EEE0000-0x00007FF63F234000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2212-0x00007FF63EEE0000-0x00007FF63F234000-memory.dmp

Filesize
3.3MB

Download
memory/4604-2180-0x00007FF63EEE0000-0x00007FF63F234000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2194-0x00007FF7A6F00000-0x00007FF7A7254000-memory.dmp

Filesize
3.3MB

Download
memory/4668-149-0x00007FF7A6F00000-0x00007FF7A7254000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads