xmrig | bde363e15ac494e42d6ee2e806c9466a310fb5c51f0b75f7ea3f15d88bfbe548

Analysis

max time kernel
133s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
Size

2.0MB
MD5

c63b6a4166b8d1ffea67f316ec5dc130
SHA1

c3a0fad5813c2a28e3ac9ac4866fc3f6298e4bcc
SHA256

bde363e15ac494e42d6ee2e806c9466a310fb5c51f0b75f7ea3f15d88bfbe548
SHA512

ab1b45849280f2bc6b3d7cdf88584afe23c8a366769fdca4f6201c066d8f42b0abeef024601175de9618e4831a6422bf40f6c4ce50ab87fb152f03fec779989e
SSDEEP

24576:JanwhSe11QSONCpGJCjETPl+Me7bPMS8Ykgc3uNdEqnyeAMfEnbdZmT26/XYg:knw9oUUEEDl+xTMS8TgnnpAMfGw21g

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 52 IoCs

miner

resource	yara_rule
behavioral2/memory/5112-27-0x00007FF65ABF0000-0x00007FF65AFE1000-memory.dmp	xmrig
behavioral2/memory/1800-29-0x00007FF6C76A0000-0x00007FF6C7A91000-memory.dmp	xmrig
behavioral2/memory/4308-47-0x00007FF7DFEF0000-0x00007FF7E02E1000-memory.dmp	xmrig
behavioral2/memory/3096-62-0x00007FF6CB8C0000-0x00007FF6CBCB1000-memory.dmp	xmrig
behavioral2/memory/3300-57-0x00007FF6EFDB0000-0x00007FF6F01A1000-memory.dmp	xmrig
behavioral2/memory/3976-40-0x00007FF614E20000-0x00007FF615211000-memory.dmp	xmrig
behavioral2/memory/2068-26-0x00007FF74E0F0000-0x00007FF74E4E1000-memory.dmp	xmrig
behavioral2/memory/232-15-0x00007FF670E80000-0x00007FF671271000-memory.dmp	xmrig
behavioral2/memory/2936-84-0x00007FF7EAFC0000-0x00007FF7EB3B1000-memory.dmp	xmrig
behavioral2/memory/4560-92-0x00007FF6F9FC0000-0x00007FF6FA3B1000-memory.dmp	xmrig
behavioral2/memory/2236-106-0x00007FF7F34B0000-0x00007FF7F38A1000-memory.dmp	xmrig
behavioral2/memory/4128-99-0x00007FF777260000-0x00007FF777651000-memory.dmp	xmrig
behavioral2/memory/4000-89-0x00007FF7E78D0000-0x00007FF7E7CC1000-memory.dmp	xmrig
behavioral2/memory/3556-86-0x00007FF68E410000-0x00007FF68E801000-memory.dmp	xmrig
behavioral2/memory/4012-111-0x00007FF647CF0000-0x00007FF6480E1000-memory.dmp	xmrig
behavioral2/memory/3896-112-0x00007FF7E0160000-0x00007FF7E0551000-memory.dmp	xmrig
behavioral2/memory/4032-155-0x00007FF73A380000-0x00007FF73A771000-memory.dmp	xmrig
behavioral2/memory/4792-157-0x00007FF678380000-0x00007FF678771000-memory.dmp	xmrig
behavioral2/memory/3300-148-0x00007FF6EFDB0000-0x00007FF6F01A1000-memory.dmp	xmrig
behavioral2/memory/2180-126-0x00007FF7CFAE0000-0x00007FF7CFED1000-memory.dmp	xmrig
behavioral2/memory/4224-129-0x00007FF710490000-0x00007FF710881000-memory.dmp	xmrig
behavioral2/memory/3780-1479-0x00007FF74A860000-0x00007FF74AC51000-memory.dmp	xmrig
behavioral2/memory/2236-1878-0x00007FF7F34B0000-0x00007FF7F38A1000-memory.dmp	xmrig
behavioral2/memory/2244-2024-0x00007FF6B3720000-0x00007FF6B3B11000-memory.dmp	xmrig
behavioral2/memory/808-2044-0x00007FF651080000-0x00007FF651471000-memory.dmp	xmrig
behavioral2/memory/3580-2045-0x00007FF62A7A0000-0x00007FF62AB91000-memory.dmp	xmrig
behavioral2/memory/2544-2059-0x00007FF737CF0000-0x00007FF7380E1000-memory.dmp	xmrig
behavioral2/memory/2936-2061-0x00007FF7EAFC0000-0x00007FF7EB3B1000-memory.dmp	xmrig
behavioral2/memory/232-2065-0x00007FF670E80000-0x00007FF671271000-memory.dmp	xmrig
behavioral2/memory/1800-2067-0x00007FF6C76A0000-0x00007FF6C7A91000-memory.dmp	xmrig
behavioral2/memory/2068-2069-0x00007FF74E0F0000-0x00007FF74E4E1000-memory.dmp	xmrig
behavioral2/memory/5112-2071-0x00007FF65ABF0000-0x00007FF65AFE1000-memory.dmp	xmrig
behavioral2/memory/4012-2073-0x00007FF647CF0000-0x00007FF6480E1000-memory.dmp	xmrig
behavioral2/memory/4308-2077-0x00007FF7DFEF0000-0x00007FF7E02E1000-memory.dmp	xmrig
behavioral2/memory/2180-2079-0x00007FF7CFAE0000-0x00007FF7CFED1000-memory.dmp	xmrig
behavioral2/memory/3976-2075-0x00007FF614E20000-0x00007FF615211000-memory.dmp	xmrig
behavioral2/memory/3300-2083-0x00007FF6EFDB0000-0x00007FF6F01A1000-memory.dmp	xmrig
behavioral2/memory/3096-2081-0x00007FF6CB8C0000-0x00007FF6CBCB1000-memory.dmp	xmrig
behavioral2/memory/3556-2104-0x00007FF68E410000-0x00007FF68E801000-memory.dmp	xmrig
behavioral2/memory/4128-2110-0x00007FF777260000-0x00007FF777651000-memory.dmp	xmrig
behavioral2/memory/4000-2112-0x00007FF7E78D0000-0x00007FF7E7CC1000-memory.dmp	xmrig
behavioral2/memory/4560-2108-0x00007FF6F9FC0000-0x00007FF6FA3B1000-memory.dmp	xmrig
behavioral2/memory/4792-2106-0x00007FF678380000-0x00007FF678771000-memory.dmp	xmrig
behavioral2/memory/3896-2116-0x00007FF7E0160000-0x00007FF7E0551000-memory.dmp	xmrig
behavioral2/memory/3780-2114-0x00007FF74A860000-0x00007FF74AC51000-memory.dmp	xmrig
behavioral2/memory/2236-2118-0x00007FF7F34B0000-0x00007FF7F38A1000-memory.dmp	xmrig
behavioral2/memory/2244-2120-0x00007FF6B3720000-0x00007FF6B3B11000-memory.dmp	xmrig
behavioral2/memory/4224-2122-0x00007FF710490000-0x00007FF710881000-memory.dmp	xmrig
behavioral2/memory/4032-2124-0x00007FF73A380000-0x00007FF73A771000-memory.dmp	xmrig
behavioral2/memory/3580-2128-0x00007FF62A7A0000-0x00007FF62AB91000-memory.dmp	xmrig
behavioral2/memory/2544-2130-0x00007FF737CF0000-0x00007FF7380E1000-memory.dmp	xmrig
behavioral2/memory/808-2126-0x00007FF651080000-0x00007FF651471000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
232	xpbsGyw.exe
1800	rPmrShi.exe
2068	LmeudNl.exe
5112	ujWyqPV.exe
4012	GndHmWc.exe
3976	njCeQMc.exe
4308	MmlHmLV.exe
2180	oQBCWaS.exe
3300	ZkRrxre.exe
3096	xybZVTo.exe
4792	UgbnHoB.exe
3556	SaRJAON.exe
4000	rdvwPta.exe
4560	DGZxUkk.exe
4128	sQiIflo.exe
2236	kZNZlpk.exe
3780	kTyZGqm.exe
3896	TCegQPd.exe
2244	JLCHSuf.exe
4224	wzvQcOm.exe
808	TOBQlQp.exe
3580	GzzPmAu.exe
4032	WQWUkzW.exe
2544	FhVaQRg.exe
4228	hfCzFqK.exe
1868	jnUPCIy.exe
3636	tFIetie.exe
4624	QdbNnUE.exe
3212	kOAsiix.exe
4564	ROTbTDl.exe
3068	PyelMSu.exe
1884	GnOdeAv.exe
5008	hucXedh.exe
4824	UsXtykP.exe
2336	DVmTvgh.exe
4432	DvZWXPQ.exe
1160	WXAfpcq.exe
1364	aeuVXRw.exe
4020	yjbpUwi.exe
680	WtxEBFX.exe
5088	YHCXBxh.exe
4956	SJEHSyx.exe
1584	fuKnKsL.exe
1740	SmtJIWX.exe
968	zamZTmT.exe
544	qGmgLvC.exe
3240	GFWkbVU.exe
1164	CxxrKOM.exe
2128	ryqnaWt.exe
1356	IUsifve.exe
1960	FgEseqz.exe
1172	tqKQOxz.exe
2080	dajrdJg.exe
2756	ILbpQGv.exe
448	aAClogH.exe
224	PuWQkcb.exe
3332	sBqiMyY.exe
2644	eBZxWUz.exe
1532	mFFFqWM.exe
2524	IxTOUzk.exe
1748	oMcmqfl.exe
5076	OxDRpDT.exe
2332	liFoLYr.exe
2012	VQtqYww.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2936-0-0x00007FF7EAFC0000-0x00007FF7EB3B1000-memory.dmp	upx
behavioral2/files/0x0008000000023444-4.dat	upx
behavioral2/files/0x000700000002344b-9.dat	upx
behavioral2/files/0x0008000000023447-11.dat	upx
behavioral2/files/0x000700000002344c-22.dat	upx
behavioral2/files/0x000700000002344d-28.dat	upx
behavioral2/memory/5112-27-0x00007FF65ABF0000-0x00007FF65AFE1000-memory.dmp	upx
behavioral2/memory/1800-29-0x00007FF6C76A0000-0x00007FF6C7A91000-memory.dmp	upx
behavioral2/memory/4012-30-0x00007FF647CF0000-0x00007FF6480E1000-memory.dmp	upx
behavioral2/files/0x000700000002344e-36.dat	upx
behavioral2/files/0x000700000002344f-42.dat	upx
behavioral2/memory/4308-47-0x00007FF7DFEF0000-0x00007FF7E02E1000-memory.dmp	upx
behavioral2/files/0x0007000000023450-49.dat	upx
behavioral2/memory/2180-48-0x00007FF7CFAE0000-0x00007FF7CFED1000-memory.dmp	upx
behavioral2/files/0x0007000000023451-54.dat	upx
behavioral2/files/0x0007000000023452-60.dat	upx
behavioral2/memory/3096-62-0x00007FF6CB8C0000-0x00007FF6CBCB1000-memory.dmp	upx
behavioral2/memory/3300-57-0x00007FF6EFDB0000-0x00007FF6F01A1000-memory.dmp	upx
behavioral2/memory/3976-40-0x00007FF614E20000-0x00007FF615211000-memory.dmp	upx
behavioral2/memory/2068-26-0x00007FF74E0F0000-0x00007FF74E4E1000-memory.dmp	upx
behavioral2/files/0x0007000000023453-65.dat	upx
behavioral2/files/0x0008000000023448-68.dat	upx
behavioral2/memory/232-15-0x00007FF670E80000-0x00007FF671271000-memory.dmp	upx
behavioral2/memory/4792-77-0x00007FF678380000-0x00007FF678771000-memory.dmp	upx
behavioral2/files/0x0007000000023456-80.dat	upx
behavioral2/memory/2936-84-0x00007FF7EAFC0000-0x00007FF7EB3B1000-memory.dmp	upx
behavioral2/memory/4560-92-0x00007FF6F9FC0000-0x00007FF6FA3B1000-memory.dmp	upx
behavioral2/files/0x0007000000023459-98.dat	upx
behavioral2/files/0x000700000002345a-109.dat	upx
behavioral2/memory/2236-106-0x00007FF7F34B0000-0x00007FF7F38A1000-memory.dmp	upx
behavioral2/memory/3780-101-0x00007FF74A860000-0x00007FF74AC51000-memory.dmp	upx
behavioral2/files/0x0007000000023458-100.dat	upx
behavioral2/memory/4128-99-0x00007FF777260000-0x00007FF777651000-memory.dmp	upx
behavioral2/files/0x0007000000023457-94.dat	upx
behavioral2/memory/4000-89-0x00007FF7E78D0000-0x00007FF7E7CC1000-memory.dmp	upx
behavioral2/memory/3556-86-0x00007FF68E410000-0x00007FF68E801000-memory.dmp	upx
behavioral2/files/0x0007000000023454-81.dat	upx
behavioral2/memory/4012-111-0x00007FF647CF0000-0x00007FF6480E1000-memory.dmp	upx
behavioral2/memory/3896-112-0x00007FF7E0160000-0x00007FF7E0551000-memory.dmp	upx
behavioral2/files/0x000700000002345b-115.dat	upx
behavioral2/files/0x000700000002345f-139.dat	upx
behavioral2/memory/4032-155-0x00007FF73A380000-0x00007FF73A771000-memory.dmp	upx
behavioral2/memory/4792-157-0x00007FF678380000-0x00007FF678771000-memory.dmp	upx
behavioral2/files/0x0007000000023461-164.dat	upx
behavioral2/files/0x0007000000023465-170.dat	upx
behavioral2/files/0x0007000000023464-162.dat	upx
behavioral2/files/0x0007000000023463-160.dat	upx
behavioral2/memory/2544-159-0x00007FF737CF0000-0x00007FF7380E1000-memory.dmp	upx
behavioral2/files/0x0007000000023462-158.dat	upx
behavioral2/memory/3300-148-0x00007FF6EFDB0000-0x00007FF6F01A1000-memory.dmp	upx
behavioral2/memory/3580-145-0x00007FF62A7A0000-0x00007FF62AB91000-memory.dmp	upx
behavioral2/files/0x0007000000023460-136.dat	upx
behavioral2/memory/808-137-0x00007FF651080000-0x00007FF651471000-memory.dmp	upx
behavioral2/files/0x000700000002345e-134.dat	upx
behavioral2/memory/2180-126-0x00007FF7CFAE0000-0x00007FF7CFED1000-memory.dmp	upx
behavioral2/files/0x0007000000023466-174.dat	upx
behavioral2/files/0x0007000000023469-187.dat	upx
behavioral2/files/0x0007000000023468-188.dat	upx
behavioral2/files/0x0007000000023467-181.dat	upx
behavioral2/memory/4224-129-0x00007FF710490000-0x00007FF710881000-memory.dmp	upx
behavioral2/files/0x000700000002345d-122.dat	upx
behavioral2/memory/2244-116-0x00007FF6B3720000-0x00007FF6B3B11000-memory.dmp	upx
behavioral2/memory/3780-1479-0x00007FF74A860000-0x00007FF74AC51000-memory.dmp	upx
behavioral2/memory/2236-1878-0x00007FF7F34B0000-0x00007FF7F38A1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\aLWURZD.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\ttZQWjY.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\WQWUkzW.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\ejXhulU.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\AIDPBke.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\sCXSaID.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\RdWusyb.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\RAmvcRX.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\worBeyv.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\cYPhszq.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\pZxjSFN.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\YtnHTcQ.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\lGCSAUV.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\VYFLfdm.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\miYiWLL.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\fauDepY.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\mDqHwMY.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\SPBhMfq.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\sbXFpaK.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\jKnoWwK.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\ORHYRnm.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\wfOYQxR.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\TJvPyAN.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\BXxsKan.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\GVSNIgR.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\MjYuIHQ.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\KHJpScF.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\BTxyKjF.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\aaBIdMi.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\GFWkbVU.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\LjZjKld.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\XhxfMnV.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\dDONEIV.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\KgZzCDR.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\hAMCpPb.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\ZNriFQl.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\KgYFVEl.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\fAnNasf.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\hopcmBy.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\LdvcUHZ.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\BUjGzZr.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\kZvwLNJ.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\vuQeaWR.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\UMJhiFm.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\PLnIPsb.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\GiAdsAw.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\JKFGGZd.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\FIZpQlz.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\rXyDuwv.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\jgIddKa.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\xKZLKvl.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\DmzcBYh.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\bleHeJc.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\KtpUbMz.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\nCagVUz.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\zXSykmX.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\nZnlBcj.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\xpbsGyw.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\liFoLYr.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\xlcenIL.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\nxKLzJb.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\CwNqtyl.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\YqabKRG.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
File created	C:\Windows\System32\WCSyuKZ.exe	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13904	dwm.exe
Token: SeChangeNotifyPrivilege	13904	dwm.exe
Token: 33	13904	dwm.exe
Token: SeIncBasePriorityPrivilege	13904	dwm.exe
Token: SeShutdownPrivilege	13904	dwm.exe
Token: SeCreatePagefilePrivilege	13904	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 232	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	86
PID 2936 wrote to memory of 232	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	86
PID 2936 wrote to memory of 1800	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	87
PID 2936 wrote to memory of 1800	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	87
PID 2936 wrote to memory of 2068	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	88
PID 2936 wrote to memory of 2068	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	88
PID 2936 wrote to memory of 5112	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	89
PID 2936 wrote to memory of 5112	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	89
PID 2936 wrote to memory of 4012	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	90
PID 2936 wrote to memory of 4012	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	90
PID 2936 wrote to memory of 3976	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	91
PID 2936 wrote to memory of 3976	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	91
PID 2936 wrote to memory of 4308	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	92
PID 2936 wrote to memory of 4308	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	92
PID 2936 wrote to memory of 2180	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	93
PID 2936 wrote to memory of 2180	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	93
PID 2936 wrote to memory of 3300	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	94
PID 2936 wrote to memory of 3300	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	94
PID 2936 wrote to memory of 3096	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	95
PID 2936 wrote to memory of 3096	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	95
PID 2936 wrote to memory of 4792	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	96
PID 2936 wrote to memory of 4792	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	96
PID 2936 wrote to memory of 3556	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	97
PID 2936 wrote to memory of 3556	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	97
PID 2936 wrote to memory of 4000	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	98
PID 2936 wrote to memory of 4000	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	98
PID 2936 wrote to memory of 4560	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	99
PID 2936 wrote to memory of 4560	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	99
PID 2936 wrote to memory of 4128	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	100
PID 2936 wrote to memory of 4128	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	100
PID 2936 wrote to memory of 2236	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	101
PID 2936 wrote to memory of 2236	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	101
PID 2936 wrote to memory of 3780	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	102
PID 2936 wrote to memory of 3780	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	102
PID 2936 wrote to memory of 3896	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	103
PID 2936 wrote to memory of 3896	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	103
PID 2936 wrote to memory of 2244	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	106
PID 2936 wrote to memory of 2244	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	106
PID 2936 wrote to memory of 4224	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	107
PID 2936 wrote to memory of 4224	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	107
PID 2936 wrote to memory of 808	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	109
PID 2936 wrote to memory of 808	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	109
PID 2936 wrote to memory of 3580	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	110
PID 2936 wrote to memory of 3580	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	110
PID 2936 wrote to memory of 4032	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	111
PID 2936 wrote to memory of 4032	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	111
PID 2936 wrote to memory of 3636	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	112
PID 2936 wrote to memory of 3636	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	112
PID 2936 wrote to memory of 2544	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	113
PID 2936 wrote to memory of 2544	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	113
PID 2936 wrote to memory of 4228	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	114
PID 2936 wrote to memory of 4228	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	114
PID 2936 wrote to memory of 1868	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	115
PID 2936 wrote to memory of 1868	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	115
PID 2936 wrote to memory of 4624	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	116
PID 2936 wrote to memory of 4624	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	116
PID 2936 wrote to memory of 3212	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	117
PID 2936 wrote to memory of 3212	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	117
PID 2936 wrote to memory of 4564	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	118
PID 2936 wrote to memory of 4564	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	118
PID 2936 wrote to memory of 3068	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	119
PID 2936 wrote to memory of 3068	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	119
PID 2936 wrote to memory of 1884	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	120
PID 2936 wrote to memory of 1884	2936	c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe	120

C:\Users\Admin\AppData\Local\Temp\c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c63b6a4166b8d1ffea67f316ec5dc130_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\System32\xpbsGyw.exe
  C:\Windows\System32\xpbsGyw.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System32\rPmrShi.exe
  C:\Windows\System32\rPmrShi.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System32\LmeudNl.exe
  C:\Windows\System32\LmeudNl.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System32\ujWyqPV.exe
  C:\Windows\System32\ujWyqPV.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System32\GndHmWc.exe
  C:\Windows\System32\GndHmWc.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System32\njCeQMc.exe
  C:\Windows\System32\njCeQMc.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System32\MmlHmLV.exe
  C:\Windows\System32\MmlHmLV.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System32\oQBCWaS.exe
  C:\Windows\System32\oQBCWaS.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System32\ZkRrxre.exe
  C:\Windows\System32\ZkRrxre.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System32\xybZVTo.exe
  C:\Windows\System32\xybZVTo.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System32\UgbnHoB.exe
  C:\Windows\System32\UgbnHoB.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System32\SaRJAON.exe
  C:\Windows\System32\SaRJAON.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System32\rdvwPta.exe
  C:\Windows\System32\rdvwPta.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System32\DGZxUkk.exe
  C:\Windows\System32\DGZxUkk.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System32\sQiIflo.exe
  C:\Windows\System32\sQiIflo.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System32\kZNZlpk.exe
  C:\Windows\System32\kZNZlpk.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System32\kTyZGqm.exe
  C:\Windows\System32\kTyZGqm.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System32\TCegQPd.exe
  C:\Windows\System32\TCegQPd.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System32\JLCHSuf.exe
  C:\Windows\System32\JLCHSuf.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System32\wzvQcOm.exe
  C:\Windows\System32\wzvQcOm.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System32\TOBQlQp.exe
  C:\Windows\System32\TOBQlQp.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System32\GzzPmAu.exe
  C:\Windows\System32\GzzPmAu.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System32\WQWUkzW.exe
  C:\Windows\System32\WQWUkzW.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System32\tFIetie.exe
  C:\Windows\System32\tFIetie.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System32\FhVaQRg.exe
  C:\Windows\System32\FhVaQRg.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System32\hfCzFqK.exe
  C:\Windows\System32\hfCzFqK.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System32\jnUPCIy.exe
  C:\Windows\System32\jnUPCIy.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System32\QdbNnUE.exe
  C:\Windows\System32\QdbNnUE.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System32\kOAsiix.exe
  C:\Windows\System32\kOAsiix.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System32\ROTbTDl.exe
  C:\Windows\System32\ROTbTDl.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System32\PyelMSu.exe
  C:\Windows\System32\PyelMSu.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System32\GnOdeAv.exe
  C:\Windows\System32\GnOdeAv.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System32\hucXedh.exe
  C:\Windows\System32\hucXedh.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System32\UsXtykP.exe
  C:\Windows\System32\UsXtykP.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System32\DVmTvgh.exe
  C:\Windows\System32\DVmTvgh.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System32\DvZWXPQ.exe
  C:\Windows\System32\DvZWXPQ.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System32\WXAfpcq.exe
  C:\Windows\System32\WXAfpcq.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System32\aeuVXRw.exe
  C:\Windows\System32\aeuVXRw.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System32\yjbpUwi.exe
  C:\Windows\System32\yjbpUwi.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System32\WtxEBFX.exe
  C:\Windows\System32\WtxEBFX.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System32\YHCXBxh.exe
  C:\Windows\System32\YHCXBxh.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System32\SJEHSyx.exe
  C:\Windows\System32\SJEHSyx.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System32\fuKnKsL.exe
  C:\Windows\System32\fuKnKsL.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System32\SmtJIWX.exe
  C:\Windows\System32\SmtJIWX.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System32\zamZTmT.exe
  C:\Windows\System32\zamZTmT.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System32\qGmgLvC.exe
  C:\Windows\System32\qGmgLvC.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System32\GFWkbVU.exe
  C:\Windows\System32\GFWkbVU.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System32\CxxrKOM.exe
  C:\Windows\System32\CxxrKOM.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System32\ryqnaWt.exe
  C:\Windows\System32\ryqnaWt.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System32\IUsifve.exe
  C:\Windows\System32\IUsifve.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System32\FgEseqz.exe
  C:\Windows\System32\FgEseqz.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System32\tqKQOxz.exe
  C:\Windows\System32\tqKQOxz.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System32\dajrdJg.exe
  C:\Windows\System32\dajrdJg.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System32\ILbpQGv.exe
  C:\Windows\System32\ILbpQGv.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System32\aAClogH.exe
  C:\Windows\System32\aAClogH.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System32\PuWQkcb.exe
  C:\Windows\System32\PuWQkcb.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System32\sBqiMyY.exe
  C:\Windows\System32\sBqiMyY.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System32\eBZxWUz.exe
  C:\Windows\System32\eBZxWUz.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System32\mFFFqWM.exe
  C:\Windows\System32\mFFFqWM.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System32\IxTOUzk.exe
  C:\Windows\System32\IxTOUzk.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System32\oMcmqfl.exe
  C:\Windows\System32\oMcmqfl.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System32\OxDRpDT.exe
  C:\Windows\System32\OxDRpDT.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System32\liFoLYr.exe
  C:\Windows\System32\liFoLYr.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System32\VQtqYww.exe
  C:\Windows\System32\VQtqYww.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System32\hnYFfbz.exe
  C:\Windows\System32\hnYFfbz.exe
  2⤵
  PID:4864
- C:\Windows\System32\SbHAKUE.exe
  C:\Windows\System32\SbHAKUE.exe
  2⤵
  PID:3672
- C:\Windows\System32\vbCILom.exe
  C:\Windows\System32\vbCILom.exe
  2⤵
  PID:4876
- C:\Windows\System32\cYPhszq.exe
  C:\Windows\System32\cYPhszq.exe
  2⤵
  PID:2816
- C:\Windows\System32\BdXbzaP.exe
  C:\Windows\System32\BdXbzaP.exe
  2⤵
  PID:1412
- C:\Windows\System32\EAlzaBz.exe
  C:\Windows\System32\EAlzaBz.exe
  2⤵
  PID:4260
- C:\Windows\System32\vfXQKCt.exe
  C:\Windows\System32\vfXQKCt.exe
  2⤵
  PID:3868
- C:\Windows\System32\TuHEvqH.exe
  C:\Windows\System32\TuHEvqH.exe
  2⤵
  PID:4860
- C:\Windows\System32\IEHhqOc.exe
  C:\Windows\System32\IEHhqOc.exe
  2⤵
  PID:556
- C:\Windows\System32\BoDwhzn.exe
  C:\Windows\System32\BoDwhzn.exe
  2⤵
  PID:3732
- C:\Windows\System32\FmHnloA.exe
  C:\Windows\System32\FmHnloA.exe
  2⤵
  PID:3084
- C:\Windows\System32\xlcenIL.exe
  C:\Windows\System32\xlcenIL.exe
  2⤵
  PID:3720
- C:\Windows\System32\jTNAjgk.exe
  C:\Windows\System32\jTNAjgk.exe
  2⤵
  PID:3960
- C:\Windows\System32\aMASoWx.exe
  C:\Windows\System32\aMASoWx.exe
  2⤵
  PID:4708
- C:\Windows\System32\LdvcUHZ.exe
  C:\Windows\System32\LdvcUHZ.exe
  2⤵
  PID:2456
- C:\Windows\System32\CNSLdMx.exe
  C:\Windows\System32\CNSLdMx.exe
  2⤵
  PID:5016
- C:\Windows\System32\YGUFEDa.exe
  C:\Windows\System32\YGUFEDa.exe
  2⤵
  PID:2264
- C:\Windows\System32\kGvbqFN.exe
  C:\Windows\System32\kGvbqFN.exe
  2⤵
  PID:1932
- C:\Windows\System32\chcRAKS.exe
  C:\Windows\System32\chcRAKS.exe
  2⤵
  PID:3572
- C:\Windows\System32\ZweJiUa.exe
  C:\Windows\System32\ZweJiUa.exe
  2⤵
  PID:2140
- C:\Windows\System32\gmGojBN.exe
  C:\Windows\System32\gmGojBN.exe
  2⤵
  PID:5124
- C:\Windows\System32\MtjYlgd.exe
  C:\Windows\System32\MtjYlgd.exe
  2⤵
  PID:5144
- C:\Windows\System32\XwGOVCv.exe
  C:\Windows\System32\XwGOVCv.exe
  2⤵
  PID:5200
- C:\Windows\System32\COXmckj.exe
  C:\Windows\System32\COXmckj.exe
  2⤵
  PID:5236
- C:\Windows\System32\yMhwbhM.exe
  C:\Windows\System32\yMhwbhM.exe
  2⤵
  PID:5272
- C:\Windows\System32\XKbuMes.exe
  C:\Windows\System32\XKbuMes.exe
  2⤵
  PID:5304
- C:\Windows\System32\aeKGTTP.exe
  C:\Windows\System32\aeKGTTP.exe
  2⤵
  PID:5328
- C:\Windows\System32\xSjqFCA.exe
  C:\Windows\System32\xSjqFCA.exe
  2⤵
  PID:5356
- C:\Windows\System32\ZPSPUQg.exe
  C:\Windows\System32\ZPSPUQg.exe
  2⤵
  PID:5376
- C:\Windows\System32\abMZWdI.exe
  C:\Windows\System32\abMZWdI.exe
  2⤵
  PID:5396
- C:\Windows\System32\vpIaWwb.exe
  C:\Windows\System32\vpIaWwb.exe
  2⤵
  PID:5420
- C:\Windows\System32\sCLnDok.exe
  C:\Windows\System32\sCLnDok.exe
  2⤵
  PID:5452
- C:\Windows\System32\IwLFUYI.exe
  C:\Windows\System32\IwLFUYI.exe
  2⤵
  PID:5472
- C:\Windows\System32\lKzzUqe.exe
  C:\Windows\System32\lKzzUqe.exe
  2⤵
  PID:5496
- C:\Windows\System32\LXNqbSS.exe
  C:\Windows\System32\LXNqbSS.exe
  2⤵
  PID:5512
- C:\Windows\System32\pZxjSFN.exe
  C:\Windows\System32\pZxjSFN.exe
  2⤵
  PID:5560
- C:\Windows\System32\YEPGREM.exe
  C:\Windows\System32\YEPGREM.exe
  2⤵
  PID:5584
- C:\Windows\System32\HToXKTq.exe
  C:\Windows\System32\HToXKTq.exe
  2⤵
  PID:5636
- C:\Windows\System32\abedyWS.exe
  C:\Windows\System32\abedyWS.exe
  2⤵
  PID:5668
- C:\Windows\System32\mDqHwMY.exe
  C:\Windows\System32\mDqHwMY.exe
  2⤵
  PID:5724
- C:\Windows\System32\UmpkAjY.exe
  C:\Windows\System32\UmpkAjY.exe
  2⤵
  PID:5740
- C:\Windows\System32\ofyDdbv.exe
  C:\Windows\System32\ofyDdbv.exe
  2⤵
  PID:5756
- C:\Windows\System32\vgDfVIt.exe
  C:\Windows\System32\vgDfVIt.exe
  2⤵
  PID:5784
- C:\Windows\System32\fsBVOTu.exe
  C:\Windows\System32\fsBVOTu.exe
  2⤵
  PID:5824
- C:\Windows\System32\DmzcBYh.exe
  C:\Windows\System32\DmzcBYh.exe
  2⤵
  PID:5844
- C:\Windows\System32\bPqgnoA.exe
  C:\Windows\System32\bPqgnoA.exe
  2⤵
  PID:5880
- C:\Windows\System32\SUSxktv.exe
  C:\Windows\System32\SUSxktv.exe
  2⤵
  PID:5900
- C:\Windows\System32\DtTNups.exe
  C:\Windows\System32\DtTNups.exe
  2⤵
  PID:5932
- C:\Windows\System32\btCklVY.exe
  C:\Windows\System32\btCklVY.exe
  2⤵
  PID:5948
- C:\Windows\System32\mtlazjm.exe
  C:\Windows\System32\mtlazjm.exe
  2⤵
  PID:5972
- C:\Windows\System32\eUWUpIf.exe
  C:\Windows\System32\eUWUpIf.exe
  2⤵
  PID:5992
- C:\Windows\System32\aIgPNYD.exe
  C:\Windows\System32\aIgPNYD.exe
  2⤵
  PID:6016
- C:\Windows\System32\kiCAiuq.exe
  C:\Windows\System32\kiCAiuq.exe
  2⤵
  PID:6040
- C:\Windows\System32\pRRXdIe.exe
  C:\Windows\System32\pRRXdIe.exe
  2⤵
  PID:6112
- C:\Windows\System32\EKSacDp.exe
  C:\Windows\System32\EKSacDp.exe
  2⤵
  PID:6136
- C:\Windows\System32\VcMNFSU.exe
  C:\Windows\System32\VcMNFSU.exe
  2⤵
  PID:5140
- C:\Windows\System32\qqSwaRx.exe
  C:\Windows\System32\qqSwaRx.exe
  2⤵
  PID:5168
- C:\Windows\System32\DIYvJoj.exe
  C:\Windows\System32\DIYvJoj.exe
  2⤵
  PID:5224
- C:\Windows\System32\MPoQDSD.exe
  C:\Windows\System32\MPoQDSD.exe
  2⤵
  PID:5300
- C:\Windows\System32\XZAicBN.exe
  C:\Windows\System32\XZAicBN.exe
  2⤵
  PID:4340
- C:\Windows\System32\OPZbCXw.exe
  C:\Windows\System32\OPZbCXw.exe
  2⤵
  PID:5368
- C:\Windows\System32\BUjGzZr.exe
  C:\Windows\System32\BUjGzZr.exe
  2⤵
  PID:5440
- C:\Windows\System32\StZZCvL.exe
  C:\Windows\System32\StZZCvL.exe
  2⤵
  PID:5532
- C:\Windows\System32\TibNplg.exe
  C:\Windows\System32\TibNplg.exe
  2⤵
  PID:5556
- C:\Windows\System32\YuGzefV.exe
  C:\Windows\System32\YuGzefV.exe
  2⤵
  PID:5612
- C:\Windows\System32\YjPsORv.exe
  C:\Windows\System32\YjPsORv.exe
  2⤵
  PID:5696
- C:\Windows\System32\gbwycVj.exe
  C:\Windows\System32\gbwycVj.exe
  2⤵
  PID:5732
- C:\Windows\System32\KTpbAiu.exe
  C:\Windows\System32\KTpbAiu.exe
  2⤵
  PID:5816
- C:\Windows\System32\aiPOvHg.exe
  C:\Windows\System32\aiPOvHg.exe
  2⤵
  PID:5872
- C:\Windows\System32\JKFGGZd.exe
  C:\Windows\System32\JKFGGZd.exe
  2⤵
  PID:5944
- C:\Windows\System32\diCnrfz.exe
  C:\Windows\System32\diCnrfz.exe
  2⤵
  PID:6068
- C:\Windows\System32\ImbCAEE.exe
  C:\Windows\System32\ImbCAEE.exe
  2⤵
  PID:6096
- C:\Windows\System32\GVSNIgR.exe
  C:\Windows\System32\GVSNIgR.exe
  2⤵
  PID:4148
- C:\Windows\System32\tZlzktT.exe
  C:\Windows\System32\tZlzktT.exe
  2⤵
  PID:4360
- C:\Windows\System32\oLeTwBY.exe
  C:\Windows\System32\oLeTwBY.exe
  2⤵
  PID:5220
- C:\Windows\System32\zuJhgsw.exe
  C:\Windows\System32\zuJhgsw.exe
  2⤵
  PID:5256
- C:\Windows\System32\ovBtPQe.exe
  C:\Windows\System32\ovBtPQe.exe
  2⤵
  PID:5388
- C:\Windows\System32\EXgKbvN.exe
  C:\Windows\System32\EXgKbvN.exe
  2⤵
  PID:5572
- C:\Windows\System32\qIJTjoQ.exe
  C:\Windows\System32\qIJTjoQ.exe
  2⤵
  PID:5648
- C:\Windows\System32\KMZFtAL.exe
  C:\Windows\System32\KMZFtAL.exe
  2⤵
  PID:5920
- C:\Windows\System32\gCmbkLI.exe
  C:\Windows\System32\gCmbkLI.exe
  2⤵
  PID:6084
- C:\Windows\System32\nJIBrMx.exe
  C:\Windows\System32\nJIBrMx.exe
  2⤵
  PID:5160
- C:\Windows\System32\FvNmNqG.exe
  C:\Windows\System32\FvNmNqG.exe
  2⤵
  PID:5364
- C:\Windows\System32\dqfQaVd.exe
  C:\Windows\System32\dqfQaVd.exe
  2⤵
  PID:5428
- C:\Windows\System32\tWuNnDR.exe
  C:\Windows\System32\tWuNnDR.exe
  2⤵
  PID:5604
- C:\Windows\System32\BMHLTsI.exe
  C:\Windows\System32\BMHLTsI.exe
  2⤵
  PID:6132
- C:\Windows\System32\XBKOhQz.exe
  C:\Windows\System32\XBKOhQz.exe
  2⤵
  PID:5392
- C:\Windows\System32\EmMubAh.exe
  C:\Windows\System32\EmMubAh.exe
  2⤵
  PID:5908
- C:\Windows\System32\SPBhMfq.exe
  C:\Windows\System32\SPBhMfq.exe
  2⤵
  PID:6164
- C:\Windows\System32\OHgMSjK.exe
  C:\Windows\System32\OHgMSjK.exe
  2⤵
  PID:6200
- C:\Windows\System32\fgnhNTN.exe
  C:\Windows\System32\fgnhNTN.exe
  2⤵
  PID:6224
- C:\Windows\System32\tdhxNHO.exe
  C:\Windows\System32\tdhxNHO.exe
  2⤵
  PID:6248
- C:\Windows\System32\cIWaWSf.exe
  C:\Windows\System32\cIWaWSf.exe
  2⤵
  PID:6264
- C:\Windows\System32\ycBJnXx.exe
  C:\Windows\System32\ycBJnXx.exe
  2⤵
  PID:6324
- C:\Windows\System32\oKiUidD.exe
  C:\Windows\System32\oKiUidD.exe
  2⤵
  PID:6348
- C:\Windows\System32\dMeCUly.exe
  C:\Windows\System32\dMeCUly.exe
  2⤵
  PID:6368
- C:\Windows\System32\bIEEIBZ.exe
  C:\Windows\System32\bIEEIBZ.exe
  2⤵
  PID:6396
- C:\Windows\System32\LamOlNd.exe
  C:\Windows\System32\LamOlNd.exe
  2⤵
  PID:6428
- C:\Windows\System32\WNHSGdf.exe
  C:\Windows\System32\WNHSGdf.exe
  2⤵
  PID:6444
- C:\Windows\System32\eABuTOU.exe
  C:\Windows\System32\eABuTOU.exe
  2⤵
  PID:6492
- C:\Windows\System32\UJBKxlb.exe
  C:\Windows\System32\UJBKxlb.exe
  2⤵
  PID:6516
- C:\Windows\System32\nxKLzJb.exe
  C:\Windows\System32\nxKLzJb.exe
  2⤵
  PID:6540
- C:\Windows\System32\KgZzCDR.exe
  C:\Windows\System32\KgZzCDR.exe
  2⤵
  PID:6556
- C:\Windows\System32\kxmfeMN.exe
  C:\Windows\System32\kxmfeMN.exe
  2⤵
  PID:6604
- C:\Windows\System32\ZakDxBj.exe
  C:\Windows\System32\ZakDxBj.exe
  2⤵
  PID:6632
- C:\Windows\System32\kDuOZOB.exe
  C:\Windows\System32\kDuOZOB.exe
  2⤵
  PID:6656
- C:\Windows\System32\UFAbXFL.exe
  C:\Windows\System32\UFAbXFL.exe
  2⤵
  PID:6676
- C:\Windows\System32\XruDynk.exe
  C:\Windows\System32\XruDynk.exe
  2⤵
  PID:6696
- C:\Windows\System32\JsGzbCv.exe
  C:\Windows\System32\JsGzbCv.exe
  2⤵
  PID:6736
- C:\Windows\System32\rVunoZp.exe
  C:\Windows\System32\rVunoZp.exe
  2⤵
  PID:6772
- C:\Windows\System32\NPCtowK.exe
  C:\Windows\System32\NPCtowK.exe
  2⤵
  PID:6792
- C:\Windows\System32\moInSSA.exe
  C:\Windows\System32\moInSSA.exe
  2⤵
  PID:6836
- C:\Windows\System32\XuSPuqi.exe
  C:\Windows\System32\XuSPuqi.exe
  2⤵
  PID:6864
- C:\Windows\System32\eKgfOVy.exe
  C:\Windows\System32\eKgfOVy.exe
  2⤵
  PID:6884
- C:\Windows\System32\XPaQcAf.exe
  C:\Windows\System32\XPaQcAf.exe
  2⤵
  PID:6916
- C:\Windows\System32\mGmvpvB.exe
  C:\Windows\System32\mGmvpvB.exe
  2⤵
  PID:6932
- C:\Windows\System32\kZvwLNJ.exe
  C:\Windows\System32\kZvwLNJ.exe
  2⤵
  PID:6952
- C:\Windows\System32\nRjnvlz.exe
  C:\Windows\System32\nRjnvlz.exe
  2⤵
  PID:6976
- C:\Windows\System32\CZXpnpS.exe
  C:\Windows\System32\CZXpnpS.exe
  2⤵
  PID:6992
- C:\Windows\System32\oqALVsz.exe
  C:\Windows\System32\oqALVsz.exe
  2⤵
  PID:7052
- C:\Windows\System32\hciztTp.exe
  C:\Windows\System32\hciztTp.exe
  2⤵
  PID:7104
- C:\Windows\System32\hpeVnWk.exe
  C:\Windows\System32\hpeVnWk.exe
  2⤵
  PID:7140
- C:\Windows\System32\oFCLMzb.exe
  C:\Windows\System32\oFCLMzb.exe
  2⤵
  PID:5676
- C:\Windows\System32\ZuqwGVk.exe
  C:\Windows\System32\ZuqwGVk.exe
  2⤵
  PID:6196
- C:\Windows\System32\JOJcyII.exe
  C:\Windows\System32\JOJcyII.exe
  2⤵
  PID:6304
- C:\Windows\System32\vIdCCye.exe
  C:\Windows\System32\vIdCCye.exe
  2⤵
  PID:6364
- C:\Windows\System32\eORJPqy.exe
  C:\Windows\System32\eORJPqy.exe
  2⤵
  PID:6452
- C:\Windows\System32\SsXgaOk.exe
  C:\Windows\System32\SsXgaOk.exe
  2⤵
  PID:6468
- C:\Windows\System32\HWZkqrl.exe
  C:\Windows\System32\HWZkqrl.exe
  2⤵
  PID:6528
- C:\Windows\System32\zlFxxHD.exe
  C:\Windows\System32\zlFxxHD.exe
  2⤵
  PID:6628
- C:\Windows\System32\zKljhGg.exe
  C:\Windows\System32\zKljhGg.exe
  2⤵
  PID:6712
- C:\Windows\System32\PiADyMB.exe
  C:\Windows\System32\PiADyMB.exe
  2⤵
  PID:6768
- C:\Windows\System32\JmqyaoF.exe
  C:\Windows\System32\JmqyaoF.exe
  2⤵
  PID:6832
- C:\Windows\System32\dRajIUp.exe
  C:\Windows\System32\dRajIUp.exe
  2⤵
  PID:6816
- C:\Windows\System32\qaigNAb.exe
  C:\Windows\System32\qaigNAb.exe
  2⤵
  PID:6924
- C:\Windows\System32\rpPbIjR.exe
  C:\Windows\System32\rpPbIjR.exe
  2⤵
  PID:6964
- C:\Windows\System32\wfOYQxR.exe
  C:\Windows\System32\wfOYQxR.exe
  2⤵
  PID:6960
- C:\Windows\System32\YtnHTcQ.exe
  C:\Windows\System32\YtnHTcQ.exe
  2⤵
  PID:7064
- C:\Windows\System32\Qogrunx.exe
  C:\Windows\System32\Qogrunx.exe
  2⤵
  PID:7120
- C:\Windows\System32\VTtWHzT.exe
  C:\Windows\System32\VTtWHzT.exe
  2⤵
  PID:6236
- C:\Windows\System32\bnfqneh.exe
  C:\Windows\System32\bnfqneh.exe
  2⤵
  PID:6388
- C:\Windows\System32\HzdQruf.exe
  C:\Windows\System32\HzdQruf.exe
  2⤵
  PID:6524
- C:\Windows\System32\NkUsPwd.exe
  C:\Windows\System32\NkUsPwd.exe
  2⤵
  PID:6668
- C:\Windows\System32\wDzPApq.exe
  C:\Windows\System32\wDzPApq.exe
  2⤵
  PID:6788
- C:\Windows\System32\kAggiCF.exe
  C:\Windows\System32\kAggiCF.exe
  2⤵
  PID:7000
- C:\Windows\System32\fUOocVB.exe
  C:\Windows\System32\fUOocVB.exe
  2⤵
  PID:7132
- C:\Windows\System32\QkxMCkv.exe
  C:\Windows\System32\QkxMCkv.exe
  2⤵
  PID:6308
- C:\Windows\System32\lBjuLtS.exe
  C:\Windows\System32\lBjuLtS.exe
  2⤵
  PID:6800
- C:\Windows\System32\okJuoai.exe
  C:\Windows\System32\okJuoai.exe
  2⤵
  PID:6828
- C:\Windows\System32\eAoIFLU.exe
  C:\Windows\System32\eAoIFLU.exe
  2⤵
  PID:6688
- C:\Windows\System32\CTbfymR.exe
  C:\Windows\System32\CTbfymR.exe
  2⤵
  PID:6912
- C:\Windows\System32\YtYxVFc.exe
  C:\Windows\System32\YtYxVFc.exe
  2⤵
  PID:7184
- C:\Windows\System32\KoZwiJv.exe
  C:\Windows\System32\KoZwiJv.exe
  2⤵
  PID:7212
- C:\Windows\System32\XsLLIlR.exe
  C:\Windows\System32\XsLLIlR.exe
  2⤵
  PID:7236
- C:\Windows\System32\WZSwSlP.exe
  C:\Windows\System32\WZSwSlP.exe
  2⤵
  PID:7256
- C:\Windows\System32\ddDPyrX.exe
  C:\Windows\System32\ddDPyrX.exe
  2⤵
  PID:7296
- C:\Windows\System32\YApNsVL.exe
  C:\Windows\System32\YApNsVL.exe
  2⤵
  PID:7316
- C:\Windows\System32\nvjENjh.exe
  C:\Windows\System32\nvjENjh.exe
  2⤵
  PID:7352
- C:\Windows\System32\jPMwspd.exe
  C:\Windows\System32\jPMwspd.exe
  2⤵
  PID:7376
- C:\Windows\System32\rKjpIYt.exe
  C:\Windows\System32\rKjpIYt.exe
  2⤵
  PID:7404
- C:\Windows\System32\CwNqtyl.exe
  C:\Windows\System32\CwNqtyl.exe
  2⤵
  PID:7428
- C:\Windows\System32\PKLRiSR.exe
  C:\Windows\System32\PKLRiSR.exe
  2⤵
  PID:7456
- C:\Windows\System32\aaLmdRt.exe
  C:\Windows\System32\aaLmdRt.exe
  2⤵
  PID:7488
- C:\Windows\System32\jZybtSS.exe
  C:\Windows\System32\jZybtSS.exe
  2⤵
  PID:7508
- C:\Windows\System32\qwNGcUe.exe
  C:\Windows\System32\qwNGcUe.exe
  2⤵
  PID:7544
- C:\Windows\System32\vBNOtdK.exe
  C:\Windows\System32\vBNOtdK.exe
  2⤵
  PID:7572
- C:\Windows\System32\NidHUbf.exe
  C:\Windows\System32\NidHUbf.exe
  2⤵
  PID:7600
- C:\Windows\System32\MClfYtb.exe
  C:\Windows\System32\MClfYtb.exe
  2⤵
  PID:7620
- C:\Windows\System32\FmgYotL.exe
  C:\Windows\System32\FmgYotL.exe
  2⤵
  PID:7676
- C:\Windows\System32\RrUWTld.exe
  C:\Windows\System32\RrUWTld.exe
  2⤵
  PID:7720
- C:\Windows\System32\fZuLtod.exe
  C:\Windows\System32\fZuLtod.exe
  2⤵
  PID:7748
- C:\Windows\System32\DzDbsSt.exe
  C:\Windows\System32\DzDbsSt.exe
  2⤵
  PID:7776
- C:\Windows\System32\FuwOgaa.exe
  C:\Windows\System32\FuwOgaa.exe
  2⤵
  PID:7800
- C:\Windows\System32\rEHQTQx.exe
  C:\Windows\System32\rEHQTQx.exe
  2⤵
  PID:7824
- C:\Windows\System32\HYbbQFG.exe
  C:\Windows\System32\HYbbQFG.exe
  2⤵
  PID:7868
- C:\Windows\System32\XyzdRLo.exe
  C:\Windows\System32\XyzdRLo.exe
  2⤵
  PID:7900
- C:\Windows\System32\DskUlTi.exe
  C:\Windows\System32\DskUlTi.exe
  2⤵
  PID:7924
- C:\Windows\System32\nCagVUz.exe
  C:\Windows\System32\nCagVUz.exe
  2⤵
  PID:7952
- C:\Windows\System32\LuJcLYQ.exe
  C:\Windows\System32\LuJcLYQ.exe
  2⤵
  PID:7972
- C:\Windows\System32\mWRNPIN.exe
  C:\Windows\System32\mWRNPIN.exe
  2⤵
  PID:8016
- C:\Windows\System32\mnPBvFw.exe
  C:\Windows\System32\mnPBvFw.exe
  2⤵
  PID:8040
- C:\Windows\System32\odSluuD.exe
  C:\Windows\System32\odSluuD.exe
  2⤵
  PID:8068
- C:\Windows\System32\vuQeaWR.exe
  C:\Windows\System32\vuQeaWR.exe
  2⤵
  PID:8092
- C:\Windows\System32\VTAFtzu.exe
  C:\Windows\System32\VTAFtzu.exe
  2⤵
  PID:8116
- C:\Windows\System32\ejXhulU.exe
  C:\Windows\System32\ejXhulU.exe
  2⤵
  PID:8156
- C:\Windows\System32\FZWgkQJ.exe
  C:\Windows\System32\FZWgkQJ.exe
  2⤵
  PID:8180
- C:\Windows\System32\FWDvNlI.exe
  C:\Windows\System32\FWDvNlI.exe
  2⤵
  PID:7208
- C:\Windows\System32\zZItihC.exe
  C:\Windows\System32\zZItihC.exe
  2⤵
  PID:7276
- C:\Windows\System32\SfLlFew.exe
  C:\Windows\System32\SfLlFew.exe
  2⤵
  PID:7308
- C:\Windows\System32\lBbXPOb.exe
  C:\Windows\System32\lBbXPOb.exe
  2⤵
  PID:7372
- C:\Windows\System32\NsaKRLY.exe
  C:\Windows\System32\NsaKRLY.exe
  2⤵
  PID:7396
- C:\Windows\System32\XdaDWlN.exe
  C:\Windows\System32\XdaDWlN.exe
  2⤵
  PID:7468
- C:\Windows\System32\lXArkFM.exe
  C:\Windows\System32\lXArkFM.exe
  2⤵
  PID:7580
- C:\Windows\System32\zXSykmX.exe
  C:\Windows\System32\zXSykmX.exe
  2⤵
  PID:7660
- C:\Windows\System32\UMJhiFm.exe
  C:\Windows\System32\UMJhiFm.exe
  2⤵
  PID:7744
- C:\Windows\System32\sbXFpaK.exe
  C:\Windows\System32\sbXFpaK.exe
  2⤵
  PID:7816
- C:\Windows\System32\yIoqFje.exe
  C:\Windows\System32\yIoqFje.exe
  2⤵
  PID:7892
- C:\Windows\System32\hVUTHig.exe
  C:\Windows\System32\hVUTHig.exe
  2⤵
  PID:7964
- C:\Windows\System32\jKnoWwK.exe
  C:\Windows\System32\jKnoWwK.exe
  2⤵
  PID:8012
- C:\Windows\System32\TMBJsuz.exe
  C:\Windows\System32\TMBJsuz.exe
  2⤵
  PID:8080
- C:\Windows\System32\iviQZhr.exe
  C:\Windows\System32\iviQZhr.exe
  2⤵
  PID:8152
- C:\Windows\System32\AIDPBke.exe
  C:\Windows\System32\AIDPBke.exe
  2⤵
  PID:7232
- C:\Windows\System32\NnsrkCy.exe
  C:\Windows\System32\NnsrkCy.exe
  2⤵
  PID:7336
- C:\Windows\System32\LeHRUCB.exe
  C:\Windows\System32\LeHRUCB.exe
  2⤵
  PID:7552
- C:\Windows\System32\oLcHjos.exe
  C:\Windows\System32\oLcHjos.exe
  2⤵
  PID:7672
- C:\Windows\System32\htWgoZU.exe
  C:\Windows\System32\htWgoZU.exe
  2⤵
  PID:7772
- C:\Windows\System32\IxLDEkh.exe
  C:\Windows\System32\IxLDEkh.exe
  2⤵
  PID:8008
- C:\Windows\System32\DFDxjLc.exe
  C:\Windows\System32\DFDxjLc.exe
  2⤵
  PID:8136
- C:\Windows\System32\XaAWKJh.exe
  C:\Windows\System32\XaAWKJh.exe
  2⤵
  PID:7392
- C:\Windows\System32\eNsrBSn.exe
  C:\Windows\System32\eNsrBSn.exe
  2⤵
  PID:7640
- C:\Windows\System32\AELiTnk.exe
  C:\Windows\System32\AELiTnk.exe
  2⤵
  PID:7304
- C:\Windows\System32\lVxZCgy.exe
  C:\Windows\System32\lVxZCgy.exe
  2⤵
  PID:8064
- C:\Windows\System32\pCayMag.exe
  C:\Windows\System32\pCayMag.exe
  2⤵
  PID:8208
- C:\Windows\System32\bleHeJc.exe
  C:\Windows\System32\bleHeJc.exe
  2⤵
  PID:8232
- C:\Windows\System32\NCVvcSm.exe
  C:\Windows\System32\NCVvcSm.exe
  2⤵
  PID:8256
- C:\Windows\System32\mXXJXfP.exe
  C:\Windows\System32\mXXJXfP.exe
  2⤵
  PID:8288
- C:\Windows\System32\GmaAOyL.exe
  C:\Windows\System32\GmaAOyL.exe
  2⤵
  PID:8308
- C:\Windows\System32\KgYFVEl.exe
  C:\Windows\System32\KgYFVEl.exe
  2⤵
  PID:8360
- C:\Windows\System32\aCYvbfK.exe
  C:\Windows\System32\aCYvbfK.exe
  2⤵
  PID:8400
- C:\Windows\System32\VeNCMPK.exe
  C:\Windows\System32\VeNCMPK.exe
  2⤵
  PID:8444
- C:\Windows\System32\SnboRuT.exe
  C:\Windows\System32\SnboRuT.exe
  2⤵
  PID:8480
- C:\Windows\System32\jmZsNvU.exe
  C:\Windows\System32\jmZsNvU.exe
  2⤵
  PID:8528
- C:\Windows\System32\bVsTfgC.exe
  C:\Windows\System32\bVsTfgC.exe
  2⤵
  PID:8560
- C:\Windows\System32\viLoQTM.exe
  C:\Windows\System32\viLoQTM.exe
  2⤵
  PID:8596
- C:\Windows\System32\USaeEyv.exe
  C:\Windows\System32\USaeEyv.exe
  2⤵
  PID:8624
- C:\Windows\System32\ctIMzwZ.exe
  C:\Windows\System32\ctIMzwZ.exe
  2⤵
  PID:8656
- C:\Windows\System32\TmKCHGo.exe
  C:\Windows\System32\TmKCHGo.exe
  2⤵
  PID:8688
- C:\Windows\System32\sCXSaID.exe
  C:\Windows\System32\sCXSaID.exe
  2⤵
  PID:8716
- C:\Windows\System32\FHgCTnC.exe
  C:\Windows\System32\FHgCTnC.exe
  2⤵
  PID:8756
- C:\Windows\System32\zNdyJtV.exe
  C:\Windows\System32\zNdyJtV.exe
  2⤵
  PID:8784
- C:\Windows\System32\wGCSnCU.exe
  C:\Windows\System32\wGCSnCU.exe
  2⤵
  PID:8812
- C:\Windows\System32\liyDSjC.exe
  C:\Windows\System32\liyDSjC.exe
  2⤵
  PID:8848
- C:\Windows\System32\kBMvgxn.exe
  C:\Windows\System32\kBMvgxn.exe
  2⤵
  PID:8880
- C:\Windows\System32\ctFdCFw.exe
  C:\Windows\System32\ctFdCFw.exe
  2⤵
  PID:8932
- C:\Windows\System32\LoULPgV.exe
  C:\Windows\System32\LoULPgV.exe
  2⤵
  PID:8956
- C:\Windows\System32\mgxpfos.exe
  C:\Windows\System32\mgxpfos.exe
  2⤵
  PID:8980
- C:\Windows\System32\COwdefy.exe
  C:\Windows\System32\COwdefy.exe
  2⤵
  PID:9020
- C:\Windows\System32\fcRzXyD.exe
  C:\Windows\System32\fcRzXyD.exe
  2⤵
  PID:9048
- C:\Windows\System32\ihATzuG.exe
  C:\Windows\System32\ihATzuG.exe
  2⤵
  PID:9080
- C:\Windows\System32\lThPgai.exe
  C:\Windows\System32\lThPgai.exe
  2⤵
  PID:9100
- C:\Windows\System32\ePNQxvd.exe
  C:\Windows\System32\ePNQxvd.exe
  2⤵
  PID:9128
- C:\Windows\System32\aZztoQd.exe
  C:\Windows\System32\aZztoQd.exe
  2⤵
  PID:9144
- C:\Windows\System32\nwrIxqm.exe
  C:\Windows\System32\nwrIxqm.exe
  2⤵
  PID:9168
- C:\Windows\System32\uehqzdF.exe
  C:\Windows\System32\uehqzdF.exe
  2⤵
  PID:9192
- C:\Windows\System32\CJqabuU.exe
  C:\Windows\System32\CJqabuU.exe
  2⤵
  PID:8200
- C:\Windows\System32\oPmlUtq.exe
  C:\Windows\System32\oPmlUtq.exe
  2⤵
  PID:8276
- C:\Windows\System32\wbmFIav.exe
  C:\Windows\System32\wbmFIav.exe
  2⤵
  PID:8332
- C:\Windows\System32\fXezlwd.exe
  C:\Windows\System32\fXezlwd.exe
  2⤵
  PID:8416
- C:\Windows\System32\AwAVhNt.exe
  C:\Windows\System32\AwAVhNt.exe
  2⤵
  PID:8468
- C:\Windows\System32\yZJHCsj.exe
  C:\Windows\System32\yZJHCsj.exe
  2⤵
  PID:8568
- C:\Windows\System32\wtyeqQa.exe
  C:\Windows\System32\wtyeqQa.exe
  2⤵
  PID:8664
- C:\Windows\System32\QUzQgUH.exe
  C:\Windows\System32\QUzQgUH.exe
  2⤵
  PID:8808
- C:\Windows\System32\hjIqAFR.exe
  C:\Windows\System32\hjIqAFR.exe
  2⤵
  PID:8912
- C:\Windows\System32\jLljSCL.exe
  C:\Windows\System32\jLljSCL.exe
  2⤵
  PID:9016
- C:\Windows\System32\cTQSJwY.exe
  C:\Windows\System32\cTQSJwY.exe
  2⤵
  PID:9108
- C:\Windows\System32\thveOtW.exe
  C:\Windows\System32\thveOtW.exe
  2⤵
  PID:8520
- C:\Windows\System32\LRYEgvO.exe
  C:\Windows\System32\LRYEgvO.exe
  2⤵
  PID:8516
- C:\Windows\System32\SfhTWmU.exe
  C:\Windows\System32\SfhTWmU.exe
  2⤵
  PID:8952
- C:\Windows\System32\ymDraVp.exe
  C:\Windows\System32\ymDraVp.exe
  2⤵
  PID:8240
- C:\Windows\System32\MFrFGue.exe
  C:\Windows\System32\MFrFGue.exe
  2⤵
  PID:9176
- C:\Windows\System32\MjYuIHQ.exe
  C:\Windows\System32\MjYuIHQ.exe
  2⤵
  PID:8304
- C:\Windows\System32\oOdwfrt.exe
  C:\Windows\System32\oOdwfrt.exe
  2⤵
  PID:8464
- C:\Windows\System32\gQQNDDI.exe
  C:\Windows\System32\gQQNDDI.exe
  2⤵
  PID:8616
- C:\Windows\System32\NSlHzry.exe
  C:\Windows\System32\NSlHzry.exe
  2⤵
  PID:9164
- C:\Windows\System32\fDCeEog.exe
  C:\Windows\System32\fDCeEog.exe
  2⤵
  PID:8432
- C:\Windows\System32\qmlaAFA.exe
  C:\Windows\System32\qmlaAFA.exe
  2⤵
  PID:9260
- C:\Windows\System32\NaKTJCn.exe
  C:\Windows\System32\NaKTJCn.exe
  2⤵
  PID:9304
- C:\Windows\System32\MeFyNfS.exe
  C:\Windows\System32\MeFyNfS.exe
  2⤵
  PID:9328
- C:\Windows\System32\yRYQevY.exe
  C:\Windows\System32\yRYQevY.exe
  2⤵
  PID:9352
- C:\Windows\System32\fLYOznP.exe
  C:\Windows\System32\fLYOznP.exe
  2⤵
  PID:9372
- C:\Windows\System32\arPsgOk.exe
  C:\Windows\System32\arPsgOk.exe
  2⤵
  PID:9408
- C:\Windows\System32\QFTvKHs.exe
  C:\Windows\System32\QFTvKHs.exe
  2⤵
  PID:9428
- C:\Windows\System32\mOUyvKD.exe
  C:\Windows\System32\mOUyvKD.exe
  2⤵
  PID:9468
- C:\Windows\System32\ddceVcR.exe
  C:\Windows\System32\ddceVcR.exe
  2⤵
  PID:9500
- C:\Windows\System32\iccgjri.exe
  C:\Windows\System32\iccgjri.exe
  2⤵
  PID:9528
- C:\Windows\System32\daezuDZ.exe
  C:\Windows\System32\daezuDZ.exe
  2⤵
  PID:9556
- C:\Windows\System32\kTKjcHe.exe
  C:\Windows\System32\kTKjcHe.exe
  2⤵
  PID:9580
- C:\Windows\System32\voYMUCS.exe
  C:\Windows\System32\voYMUCS.exe
  2⤵
  PID:9600
- C:\Windows\System32\cmLBlet.exe
  C:\Windows\System32\cmLBlet.exe
  2⤵
  PID:9624
- C:\Windows\System32\xlAJIun.exe
  C:\Windows\System32\xlAJIun.exe
  2⤵
  PID:9644
- C:\Windows\System32\hxoDoeC.exe
  C:\Windows\System32\hxoDoeC.exe
  2⤵
  PID:9672
- C:\Windows\System32\aPIkqJd.exe
  C:\Windows\System32\aPIkqJd.exe
  2⤵
  PID:9732
- C:\Windows\System32\rpEXPry.exe
  C:\Windows\System32\rpEXPry.exe
  2⤵
  PID:9752
- C:\Windows\System32\gklcJJt.exe
  C:\Windows\System32\gklcJJt.exe
  2⤵
  PID:9788
- C:\Windows\System32\mdLTWUt.exe
  C:\Windows\System32\mdLTWUt.exe
  2⤵
  PID:9816
- C:\Windows\System32\uTUvLKV.exe
  C:\Windows\System32\uTUvLKV.exe
  2⤵
  PID:9844
- C:\Windows\System32\GJQHbbW.exe
  C:\Windows\System32\GJQHbbW.exe
  2⤵
  PID:9868
- C:\Windows\System32\AaOEoor.exe
  C:\Windows\System32\AaOEoor.exe
  2⤵
  PID:9892
- C:\Windows\System32\ahoIcOg.exe
  C:\Windows\System32\ahoIcOg.exe
  2⤵
  PID:9928
- C:\Windows\System32\DAKTbui.exe
  C:\Windows\System32\DAKTbui.exe
  2⤵
  PID:9952
- C:\Windows\System32\mtPqVpn.exe
  C:\Windows\System32\mtPqVpn.exe
  2⤵
  PID:9980
- C:\Windows\System32\wsZbjHC.exe
  C:\Windows\System32\wsZbjHC.exe
  2⤵
  PID:10012
- C:\Windows\System32\isOyVwu.exe
  C:\Windows\System32\isOyVwu.exe
  2⤵
  PID:10036
- C:\Windows\System32\KHJpScF.exe
  C:\Windows\System32\KHJpScF.exe
  2⤵
  PID:10056
- C:\Windows\System32\PevWDxT.exe
  C:\Windows\System32\PevWDxT.exe
  2⤵
  PID:10096
- C:\Windows\System32\ceyrXXd.exe
  C:\Windows\System32\ceyrXXd.exe
  2⤵
  PID:10128
- C:\Windows\System32\ngRBCsl.exe
  C:\Windows\System32\ngRBCsl.exe
  2⤵
  PID:10148
- C:\Windows\System32\FLFxffF.exe
  C:\Windows\System32\FLFxffF.exe
  2⤵
  PID:10180
- C:\Windows\System32\ZCUzwZt.exe
  C:\Windows\System32\ZCUzwZt.exe
  2⤵
  PID:10208
- C:\Windows\System32\lubpYRe.exe
  C:\Windows\System32\lubpYRe.exe
  2⤵
  PID:10228
- C:\Windows\System32\dmjQeBS.exe
  C:\Windows\System32\dmjQeBS.exe
  2⤵
  PID:9228
- C:\Windows\System32\vtrsxkM.exe
  C:\Windows\System32\vtrsxkM.exe
  2⤵
  PID:9244
- C:\Windows\System32\oUiNTXE.exe
  C:\Windows\System32\oUiNTXE.exe
  2⤵
  PID:9320
- C:\Windows\System32\dAlJWSg.exe
  C:\Windows\System32\dAlJWSg.exe
  2⤵
  PID:9424
- C:\Windows\System32\FXgFfiL.exe
  C:\Windows\System32\FXgFfiL.exe
  2⤵
  PID:9480
- C:\Windows\System32\fzbqSxv.exe
  C:\Windows\System32\fzbqSxv.exe
  2⤵
  PID:9568
- C:\Windows\System32\ycHArhU.exe
  C:\Windows\System32\ycHArhU.exe
  2⤵
  PID:9596
- C:\Windows\System32\FIZpQlz.exe
  C:\Windows\System32\FIZpQlz.exe
  2⤵
  PID:9652
- C:\Windows\System32\TJvPyAN.exe
  C:\Windows\System32\TJvPyAN.exe
  2⤵
  PID:9748
- C:\Windows\System32\UaPjXcH.exe
  C:\Windows\System32\UaPjXcH.exe
  2⤵
  PID:9804
- C:\Windows\System32\JSkqzlI.exe
  C:\Windows\System32\JSkqzlI.exe
  2⤵
  PID:9900
- C:\Windows\System32\QuCZgOu.exe
  C:\Windows\System32\QuCZgOu.exe
  2⤵
  PID:9924
- C:\Windows\System32\NNiDtZV.exe
  C:\Windows\System32\NNiDtZV.exe
  2⤵
  PID:9992
- C:\Windows\System32\dTXuqpC.exe
  C:\Windows\System32\dTXuqpC.exe
  2⤵
  PID:10052
- C:\Windows\System32\IgDFaMg.exe
  C:\Windows\System32\IgDFaMg.exe
  2⤵
  PID:10108
- C:\Windows\System32\xpeAPiX.exe
  C:\Windows\System32\xpeAPiX.exe
  2⤵
  PID:10220
- C:\Windows\System32\xzMfjOi.exe
  C:\Windows\System32\xzMfjOi.exe
  2⤵
  PID:10236
- C:\Windows\System32\MHtsbQV.exe
  C:\Windows\System32\MHtsbQV.exe
  2⤵
  PID:9324
- C:\Windows\System32\rXyDuwv.exe
  C:\Windows\System32\rXyDuwv.exe
  2⤵
  PID:9548
- C:\Windows\System32\SYnJZiE.exe
  C:\Windows\System32\SYnJZiE.exe
  2⤵
  PID:9700
- C:\Windows\System32\hkEvtbW.exe
  C:\Windows\System32\hkEvtbW.exe
  2⤵
  PID:9912
- C:\Windows\System32\qnXgYsp.exe
  C:\Windows\System32\qnXgYsp.exe
  2⤵
  PID:10028
- C:\Windows\System32\yOjSuiw.exe
  C:\Windows\System32\yOjSuiw.exe
  2⤵
  PID:10160
- C:\Windows\System32\EUPQhCx.exe
  C:\Windows\System32\EUPQhCx.exe
  2⤵
  PID:9276
- C:\Windows\System32\sAfWfVD.exe
  C:\Windows\System32\sAfWfVD.exe
  2⤵
  PID:9536
- C:\Windows\System32\Dkkkygt.exe
  C:\Windows\System32\Dkkkygt.exe
  2⤵
  PID:9916
- C:\Windows\System32\hbZdrdw.exe
  C:\Windows\System32\hbZdrdw.exe
  2⤵
  PID:9508
- C:\Windows\System32\VyQdyZF.exe
  C:\Windows\System32\VyQdyZF.exe
  2⤵
  PID:9608
- C:\Windows\System32\gJkTFfP.exe
  C:\Windows\System32\gJkTFfP.exe
  2⤵
  PID:10248
- C:\Windows\System32\NoaaxfP.exe
  C:\Windows\System32\NoaaxfP.exe
  2⤵
  PID:10276
- C:\Windows\System32\akAoOXd.exe
  C:\Windows\System32\akAoOXd.exe
  2⤵
  PID:10328
- C:\Windows\System32\VXslJAd.exe
  C:\Windows\System32\VXslJAd.exe
  2⤵
  PID:10384
- C:\Windows\System32\lGCSAUV.exe
  C:\Windows\System32\lGCSAUV.exe
  2⤵
  PID:10416
- C:\Windows\System32\kraOccN.exe
  C:\Windows\System32\kraOccN.exe
  2⤵
  PID:10440
- C:\Windows\System32\fDHnNMi.exe
  C:\Windows\System32\fDHnNMi.exe
  2⤵
  PID:10476
- C:\Windows\System32\rJAJkrA.exe
  C:\Windows\System32\rJAJkrA.exe
  2⤵
  PID:10512
- C:\Windows\System32\diYdRPg.exe
  C:\Windows\System32\diYdRPg.exe
  2⤵
  PID:10532
- C:\Windows\System32\nZnlBcj.exe
  C:\Windows\System32\nZnlBcj.exe
  2⤵
  PID:10572
- C:\Windows\System32\ZCTDaRZ.exe
  C:\Windows\System32\ZCTDaRZ.exe
  2⤵
  PID:10596
- C:\Windows\System32\wkhHEsu.exe
  C:\Windows\System32\wkhHEsu.exe
  2⤵
  PID:10628
- C:\Windows\System32\AjNIzGB.exe
  C:\Windows\System32\AjNIzGB.exe
  2⤵
  PID:10648
- C:\Windows\System32\LXOvAmv.exe
  C:\Windows\System32\LXOvAmv.exe
  2⤵
  PID:10672
- C:\Windows\System32\vHOKPVT.exe
  C:\Windows\System32\vHOKPVT.exe
  2⤵
  PID:10696
- C:\Windows\System32\WNEddzY.exe
  C:\Windows\System32\WNEddzY.exe
  2⤵
  PID:10720
- C:\Windows\System32\sZztThr.exe
  C:\Windows\System32\sZztThr.exe
  2⤵
  PID:10744
- C:\Windows\System32\QNPLzOK.exe
  C:\Windows\System32\QNPLzOK.exe
  2⤵
  PID:10796
- C:\Windows\System32\bDLSTDv.exe
  C:\Windows\System32\bDLSTDv.exe
  2⤵
  PID:10816
- C:\Windows\System32\LzZsrTJ.exe
  C:\Windows\System32\LzZsrTJ.exe
  2⤵
  PID:10840
- C:\Windows\System32\zuXyfPi.exe
  C:\Windows\System32\zuXyfPi.exe
  2⤵
  PID:10868
- C:\Windows\System32\xVwcGgl.exe
  C:\Windows\System32\xVwcGgl.exe
  2⤵
  PID:10892
- C:\Windows\System32\IpMOyMU.exe
  C:\Windows\System32\IpMOyMU.exe
  2⤵
  PID:10912
- C:\Windows\System32\zAzXTtY.exe
  C:\Windows\System32\zAzXTtY.exe
  2⤵
  PID:10956
- C:\Windows\System32\kNPkeck.exe
  C:\Windows\System32\kNPkeck.exe
  2⤵
  PID:10988
- C:\Windows\System32\IxYuXKY.exe
  C:\Windows\System32\IxYuXKY.exe
  2⤵
  PID:11016
- C:\Windows\System32\LLDCTky.exe
  C:\Windows\System32\LLDCTky.exe
  2⤵
  PID:11032
- C:\Windows\System32\QgcrjoI.exe
  C:\Windows\System32\QgcrjoI.exe
  2⤵
  PID:11056
- C:\Windows\System32\RdWusyb.exe
  C:\Windows\System32\RdWusyb.exe
  2⤵
  PID:11092
- C:\Windows\System32\hOGeBqN.exe
  C:\Windows\System32\hOGeBqN.exe
  2⤵
  PID:11112
- C:\Windows\System32\drNhijJ.exe
  C:\Windows\System32\drNhijJ.exe
  2⤵
  PID:11136
- C:\Windows\System32\kMkLITY.exe
  C:\Windows\System32\kMkLITY.exe
  2⤵
  PID:11156
- C:\Windows\System32\KEShNpK.exe
  C:\Windows\System32\KEShNpK.exe
  2⤵
  PID:11176
- C:\Windows\System32\jgIddKa.exe
  C:\Windows\System32\jgIddKa.exe
  2⤵
  PID:11200
- C:\Windows\System32\FnCANvF.exe
  C:\Windows\System32\FnCANvF.exe
  2⤵
  PID:11224
- C:\Windows\System32\YqabKRG.exe
  C:\Windows\System32\YqabKRG.exe
  2⤵
  PID:11252
- C:\Windows\System32\KtpUbMz.exe
  C:\Windows\System32\KtpUbMz.exe
  2⤵
  PID:10244
- C:\Windows\System32\aLWURZD.exe
  C:\Windows\System32\aLWURZD.exe
  2⤵
  PID:10376
- C:\Windows\System32\hMdNpiN.exe
  C:\Windows\System32\hMdNpiN.exe
  2⤵
  PID:10464
- C:\Windows\System32\ePwspbu.exe
  C:\Windows\System32\ePwspbu.exe
  2⤵
  PID:10508
- C:\Windows\System32\fAnNasf.exe
  C:\Windows\System32\fAnNasf.exe
  2⤵
  PID:10592
- C:\Windows\System32\NcVTsnG.exe
  C:\Windows\System32\NcVTsnG.exe
  2⤵
  PID:10644
- C:\Windows\System32\uQRwBUX.exe
  C:\Windows\System32\uQRwBUX.exe
  2⤵
  PID:10740
- C:\Windows\System32\cbeCPEz.exe
  C:\Windows\System32\cbeCPEz.exe
  2⤵
  PID:10804
- C:\Windows\System32\ORHYRnm.exe
  C:\Windows\System32\ORHYRnm.exe
  2⤵
  PID:10908
- C:\Windows\System32\UTMvnug.exe
  C:\Windows\System32\UTMvnug.exe
  2⤵
  PID:10952
- C:\Windows\System32\lWrtkov.exe
  C:\Windows\System32\lWrtkov.exe
  2⤵
  PID:11048
- C:\Windows\System32\VYFLfdm.exe
  C:\Windows\System32\VYFLfdm.exe
  2⤵
  PID:11108
- C:\Windows\System32\pURjHsv.exe
  C:\Windows\System32\pURjHsv.exe
  2⤵
  PID:11260
- C:\Windows\System32\eJTNLPp.exe
  C:\Windows\System32\eJTNLPp.exe
  2⤵
  PID:11208
- C:\Windows\System32\SuEpmBf.exe
  C:\Windows\System32\SuEpmBf.exe
  2⤵
  PID:10264
- C:\Windows\System32\JbjLoHl.exe
  C:\Windows\System32\JbjLoHl.exe
  2⤵
  PID:10344
- C:\Windows\System32\LWnUlzg.exe
  C:\Windows\System32\LWnUlzg.exe
  2⤵
  PID:10564
- C:\Windows\System32\ZvxwhhS.exe
  C:\Windows\System32\ZvxwhhS.exe
  2⤵
  PID:10712
- C:\Windows\System32\igZfKvM.exe
  C:\Windows\System32\igZfKvM.exe
  2⤵
  PID:10928
- C:\Windows\System32\rvmNIZP.exe
  C:\Windows\System32\rvmNIZP.exe
  2⤵
  PID:11012
- C:\Windows\System32\uhVkoPx.exe
  C:\Windows\System32\uhVkoPx.exe
  2⤵
  PID:11120
- C:\Windows\System32\DWwxeOr.exe
  C:\Windows\System32\DWwxeOr.exe
  2⤵
  PID:10320
- C:\Windows\System32\cuLElcY.exe
  C:\Windows\System32\cuLElcY.exe
  2⤵
  PID:10864
- C:\Windows\System32\UwgIdNC.exe
  C:\Windows\System32\UwgIdNC.exe
  2⤵
  PID:10272
- C:\Windows\System32\hAMCpPb.exe
  C:\Windows\System32\hAMCpPb.exe
  2⤵
  PID:11272
- C:\Windows\System32\eIPCePQ.exe
  C:\Windows\System32\eIPCePQ.exe
  2⤵
  PID:11296
- C:\Windows\System32\dzzbAKj.exe
  C:\Windows\System32\dzzbAKj.exe
  2⤵
  PID:11316
- C:\Windows\System32\mWmohhp.exe
  C:\Windows\System32\mWmohhp.exe
  2⤵
  PID:11344
- C:\Windows\System32\pkmiTkV.exe
  C:\Windows\System32\pkmiTkV.exe
  2⤵
  PID:11364
- C:\Windows\System32\KEKyfvq.exe
  C:\Windows\System32\KEKyfvq.exe
  2⤵
  PID:11412
- C:\Windows\System32\YcswjKg.exe
  C:\Windows\System32\YcswjKg.exe
  2⤵
  PID:11432
- C:\Windows\System32\BFXnqUm.exe
  C:\Windows\System32\BFXnqUm.exe
  2⤵
  PID:11452
- C:\Windows\System32\HbrLqCS.exe
  C:\Windows\System32\HbrLqCS.exe
  2⤵
  PID:11484
- C:\Windows\System32\hopcmBy.exe
  C:\Windows\System32\hopcmBy.exe
  2⤵
  PID:11536
- C:\Windows\System32\ZXEsLta.exe
  C:\Windows\System32\ZXEsLta.exe
  2⤵
  PID:11556
- C:\Windows\System32\LYNQWlR.exe
  C:\Windows\System32\LYNQWlR.exe
  2⤵
  PID:11580
- C:\Windows\System32\boWKCmM.exe
  C:\Windows\System32\boWKCmM.exe
  2⤵
  PID:11600
- C:\Windows\System32\tkkNtVf.exe
  C:\Windows\System32\tkkNtVf.exe
  2⤵
  PID:11624
- C:\Windows\System32\yjttSHk.exe
  C:\Windows\System32\yjttSHk.exe
  2⤵
  PID:11656
- C:\Windows\System32\eMEJAFC.exe
  C:\Windows\System32\eMEJAFC.exe
  2⤵
  PID:11680
- C:\Windows\System32\WCSyuKZ.exe
  C:\Windows\System32\WCSyuKZ.exe
  2⤵
  PID:11712
- C:\Windows\System32\LEiQVaS.exe
  C:\Windows\System32\LEiQVaS.exe
  2⤵
  PID:11744
- C:\Windows\System32\ttZQWjY.exe
  C:\Windows\System32\ttZQWjY.exe
  2⤵
  PID:11768
- C:\Windows\System32\JtGGqwt.exe
  C:\Windows\System32\JtGGqwt.exe
  2⤵
  PID:11796
- C:\Windows\System32\KqqMbYa.exe
  C:\Windows\System32\KqqMbYa.exe
  2⤵
  PID:11828
- C:\Windows\System32\PzJCzNM.exe
  C:\Windows\System32\PzJCzNM.exe
  2⤵
  PID:11864
- C:\Windows\System32\sJtGyts.exe
  C:\Windows\System32\sJtGyts.exe
  2⤵
  PID:11880
- C:\Windows\System32\BTxyKjF.exe
  C:\Windows\System32\BTxyKjF.exe
  2⤵
  PID:11916
- C:\Windows\System32\eOcuPfJ.exe
  C:\Windows\System32\eOcuPfJ.exe
  2⤵
  PID:11936
- C:\Windows\System32\cMALXJL.exe
  C:\Windows\System32\cMALXJL.exe
  2⤵
  PID:11976
- C:\Windows\System32\LjZjKld.exe
  C:\Windows\System32\LjZjKld.exe
  2⤵
  PID:12004
- C:\Windows\System32\PmTjGsp.exe
  C:\Windows\System32\PmTjGsp.exe
  2⤵
  PID:12028
- C:\Windows\System32\pOCymlm.exe
  C:\Windows\System32\pOCymlm.exe
  2⤵
  PID:12048
- C:\Windows\System32\miYiWLL.exe
  C:\Windows\System32\miYiWLL.exe
  2⤵
  PID:12072
- C:\Windows\System32\RAmvcRX.exe
  C:\Windows\System32\RAmvcRX.exe
  2⤵
  PID:12096
- C:\Windows\System32\gJLoUIU.exe
  C:\Windows\System32\gJLoUIU.exe
  2⤵
  PID:12128
- C:\Windows\System32\lRtaGhd.exe
  C:\Windows\System32\lRtaGhd.exe
  2⤵
  PID:12164
- C:\Windows\System32\TmIdCnr.exe
  C:\Windows\System32\TmIdCnr.exe
  2⤵
  PID:12200
- C:\Windows\System32\TegWqrh.exe
  C:\Windows\System32\TegWqrh.exe
  2⤵
  PID:12216
- C:\Windows\System32\qNdTZxB.exe
  C:\Windows\System32\qNdTZxB.exe
  2⤵
  PID:12244
- C:\Windows\System32\MFtCffB.exe
  C:\Windows\System32\MFtCffB.exe
  2⤵
  PID:12280
- C:\Windows\System32\fkldeGw.exe
  C:\Windows\System32\fkldeGw.exe
  2⤵
  PID:11284
- C:\Windows\System32\qokRBKG.exe
  C:\Windows\System32\qokRBKG.exe
  2⤵
  PID:11360
- C:\Windows\System32\GLSQaxR.exe
  C:\Windows\System32\GLSQaxR.exe
  2⤵
  PID:11352
- C:\Windows\System32\UnNnjpd.exe
  C:\Windows\System32\UnNnjpd.exe
  2⤵
  PID:11468
- C:\Windows\System32\smZVSYZ.exe
  C:\Windows\System32\smZVSYZ.exe
  2⤵
  PID:11492
- C:\Windows\System32\OREIcwE.exe
  C:\Windows\System32\OREIcwE.exe
  2⤵
  PID:10680
- C:\Windows\System32\dGSCaBF.exe
  C:\Windows\System32\dGSCaBF.exe
  2⤵
  PID:11616
- C:\Windows\System32\pCyjPtC.exe
  C:\Windows\System32\pCyjPtC.exe
  2⤵
  PID:11644
- C:\Windows\System32\xMxpxey.exe
  C:\Windows\System32\xMxpxey.exe
  2⤵
  PID:11808
- C:\Windows\System32\wPbVOBH.exe
  C:\Windows\System32\wPbVOBH.exe
  2⤵
  PID:11856
- C:\Windows\System32\vnMhHqK.exe
  C:\Windows\System32\vnMhHqK.exe
  2⤵
  PID:11932
- C:\Windows\System32\nDthILY.exe
  C:\Windows\System32\nDthILY.exe
  2⤵
  PID:12060
- C:\Windows\System32\DglyFTG.exe
  C:\Windows\System32\DglyFTG.exe
  2⤵
  PID:12152
- C:\Windows\System32\JHbiWVN.exe
  C:\Windows\System32\JHbiWVN.exe
  2⤵
  PID:12264
- C:\Windows\System32\RdHpedo.exe
  C:\Windows\System32\RdHpedo.exe
  2⤵
  PID:11312
- C:\Windows\System32\GjVmzZQ.exe
  C:\Windows\System32\GjVmzZQ.exe
  2⤵
  PID:11652
- C:\Windows\System32\IGxwzvZ.exe
  C:\Windows\System32\IGxwzvZ.exe
  2⤵
  PID:11852
- C:\Windows\System32\iYqFhfS.exe
  C:\Windows\System32\iYqFhfS.exe
  2⤵
  PID:11968
- C:\Windows\System32\OWAcyUR.exe
  C:\Windows\System32\OWAcyUR.exe
  2⤵
  PID:11192
- C:\Windows\System32\aQsifyH.exe
  C:\Windows\System32\aQsifyH.exe
  2⤵
  PID:11780
- C:\Windows\System32\elByICa.exe
  C:\Windows\System32\elByICa.exe
  2⤵
  PID:11988
- C:\Windows\System32\kWFtOJV.exe
  C:\Windows\System32\kWFtOJV.exe
  2⤵
  PID:12308
- C:\Windows\System32\jkboLwi.exe
  C:\Windows\System32\jkboLwi.exe
  2⤵
  PID:12364
- C:\Windows\System32\XmHfEaL.exe
  C:\Windows\System32\XmHfEaL.exe
  2⤵
  PID:12380
- C:\Windows\System32\OwTnfiy.exe
  C:\Windows\System32\OwTnfiy.exe
  2⤵
  PID:12400
- C:\Windows\System32\XhxfMnV.exe
  C:\Windows\System32\XhxfMnV.exe
  2⤵
  PID:12444
- C:\Windows\System32\klmnbiW.exe
  C:\Windows\System32\klmnbiW.exe
  2⤵
  PID:12476
- C:\Windows\System32\UIcaWnT.exe
  C:\Windows\System32\UIcaWnT.exe
  2⤵
  PID:12500
- C:\Windows\System32\UAjCTSZ.exe
  C:\Windows\System32\UAjCTSZ.exe
  2⤵
  PID:12528
- C:\Windows\System32\NgqTDCR.exe
  C:\Windows\System32\NgqTDCR.exe
  2⤵
  PID:12556
- C:\Windows\System32\xNqesFy.exe
  C:\Windows\System32\xNqesFy.exe
  2⤵
  PID:12580
- C:\Windows\System32\VMgTrBa.exe
  C:\Windows\System32\VMgTrBa.exe
  2⤵
  PID:12596
- C:\Windows\System32\toFaQnG.exe
  C:\Windows\System32\toFaQnG.exe
  2⤵
  PID:12624
- C:\Windows\System32\Ekmxrec.exe
  C:\Windows\System32\Ekmxrec.exe
  2⤵
  PID:12648
- C:\Windows\System32\xQfGZvD.exe
  C:\Windows\System32\xQfGZvD.exe
  2⤵
  PID:12668
- C:\Windows\System32\WKXpghA.exe
  C:\Windows\System32\WKXpghA.exe
  2⤵
  PID:12696
- C:\Windows\System32\xOttagt.exe
  C:\Windows\System32\xOttagt.exe
  2⤵
  PID:12732
- C:\Windows\System32\GJSQwRt.exe
  C:\Windows\System32\GJSQwRt.exe
  2⤵
  PID:12772
- C:\Windows\System32\kLArgDn.exe
  C:\Windows\System32\kLArgDn.exe
  2⤵
  PID:12800
- C:\Windows\System32\xHsBQte.exe
  C:\Windows\System32\xHsBQte.exe
  2⤵
  PID:12840
- C:\Windows\System32\aFgoUfH.exe
  C:\Windows\System32\aFgoUfH.exe
  2⤵
  PID:12860
- C:\Windows\System32\BESwdXA.exe
  C:\Windows\System32\BESwdXA.exe
  2⤵
  PID:12900
- C:\Windows\System32\BQcVdAU.exe
  C:\Windows\System32\BQcVdAU.exe
  2⤵
  PID:12928
- C:\Windows\System32\xAxvAuh.exe
  C:\Windows\System32\xAxvAuh.exe
  2⤵
  PID:12952
- C:\Windows\System32\uWOcoIo.exe
  C:\Windows\System32\uWOcoIo.exe
  2⤵
  PID:12980
- C:\Windows\System32\eVBErQX.exe
  C:\Windows\System32\eVBErQX.exe
  2⤵
  PID:13020
- C:\Windows\System32\FAPGivX.exe
  C:\Windows\System32\FAPGivX.exe
  2⤵
  PID:13044
- C:\Windows\System32\cUCpORR.exe
  C:\Windows\System32\cUCpORR.exe
  2⤵
  PID:13072
- C:\Windows\System32\MXpRXRy.exe
  C:\Windows\System32\MXpRXRy.exe
  2⤵
  PID:13088
- C:\Windows\System32\Wadaasx.exe
  C:\Windows\System32\Wadaasx.exe
  2⤵
  PID:13132
- C:\Windows\System32\HZiakbz.exe
  C:\Windows\System32\HZiakbz.exe
  2⤵
  PID:13156
- C:\Windows\System32\yaBdXcI.exe
  C:\Windows\System32\yaBdXcI.exe
  2⤵
  PID:13192
- C:\Windows\System32\TwJktlg.exe
  C:\Windows\System32\TwJktlg.exe
  2⤵
  PID:13212
- C:\Windows\System32\QiLOToY.exe
  C:\Windows\System32\QiLOToY.exe
  2⤵
  PID:13236
- C:\Windows\System32\GzaCIYv.exe
  C:\Windows\System32\GzaCIYv.exe
  2⤵
  PID:13276
- C:\Windows\System32\uQvjvCL.exe
  C:\Windows\System32\uQvjvCL.exe
  2⤵
  PID:13304
- C:\Windows\System32\iVPVZiC.exe
  C:\Windows\System32\iVPVZiC.exe
  2⤵
  PID:12316
- C:\Windows\System32\NgTHZjg.exe
  C:\Windows\System32\NgTHZjg.exe
  2⤵
  PID:12376
- C:\Windows\System32\PLnIPsb.exe
  C:\Windows\System32\PLnIPsb.exe
  2⤵
  PID:12440
- C:\Windows\System32\PseqzJH.exe
  C:\Windows\System32\PseqzJH.exe
  2⤵
  PID:12492
- C:\Windows\System32\JnOalUX.exe
  C:\Windows\System32\JnOalUX.exe
  2⤵
  PID:12520
- C:\Windows\System32\hSvhzjM.exe
  C:\Windows\System32\hSvhzjM.exe
  2⤵
  PID:12604
- C:\Windows\System32\aaBIdMi.exe
  C:\Windows\System32\aaBIdMi.exe
  2⤵
  PID:12660
- C:\Windows\System32\mEwylzn.exe
  C:\Windows\System32\mEwylzn.exe
  2⤵
  PID:12712
- C:\Windows\System32\cYVGHrK.exe
  C:\Windows\System32\cYVGHrK.exe
  2⤵
  PID:12808
- C:\Windows\System32\JXwKdqw.exe
  C:\Windows\System32\JXwKdqw.exe
  2⤵
  PID:12876
- C:\Windows\System32\MgGHwzD.exe
  C:\Windows\System32\MgGHwzD.exe
  2⤵
  PID:12964
- C:\Windows\System32\gkQPbqH.exe
  C:\Windows\System32\gkQPbqH.exe
  2⤵
  PID:13008
- C:\Windows\System32\nvJIZfa.exe
  C:\Windows\System32\nvJIZfa.exe
  2⤵
  PID:13052
- C:\Windows\System32\bHQopiq.exe
  C:\Windows\System32\bHQopiq.exe
  2⤵
  PID:13144
- C:\Windows\System32\dDONEIV.exe
  C:\Windows\System32\dDONEIV.exe
  2⤵
  PID:13220
- C:\Windows\System32\fauDepY.exe
  C:\Windows\System32\fauDepY.exe
  2⤵
  PID:13300
- C:\Windows\System32\WAJuuLC.exe
  C:\Windows\System32\WAJuuLC.exe
  2⤵
  PID:11672
- C:\Windows\System32\siDJHvH.exe
  C:\Windows\System32\siDJHvH.exe
  2⤵
  PID:12460
- C:\Windows\System32\FEaORDQ.exe
  C:\Windows\System32\FEaORDQ.exe
  2⤵
  PID:12656
- C:\Windows\System32\FROffcP.exe
  C:\Windows\System32\FROffcP.exe
  2⤵
  PID:12756
- C:\Windows\System32\nKsmtvv.exe
  C:\Windows\System32\nKsmtvv.exe
  2⤵
  PID:12940
- C:\Windows\System32\QZTqmGW.exe
  C:\Windows\System32\QZTqmGW.exe
  2⤵
  PID:13060
- C:\Windows\System32\CxXcAaa.exe
  C:\Windows\System32\CxXcAaa.exe
  2⤵
  PID:13172
- C:\Windows\System32\esNGkmI.exe
  C:\Windows\System32\esNGkmI.exe
  2⤵
  PID:12436
- C:\Windows\System32\MqTLjTK.exe
  C:\Windows\System32\MqTLjTK.exe
  2⤵
  PID:12568
- C:\Windows\System32\gQIEofq.exe
  C:\Windows\System32\gQIEofq.exe
  2⤵
  PID:1192
- C:\Windows\System32\xKZLKvl.exe
  C:\Windows\System32\xKZLKvl.exe
  2⤵
  PID:13332
- C:\Windows\System32\sVXslhz.exe
  C:\Windows\System32\sVXslhz.exe
  2⤵
  PID:13348
- C:\Windows\System32\WIWihiM.exe
  C:\Windows\System32\WIWihiM.exe
  2⤵
  PID:13364
- C:\Windows\System32\JChZxaT.exe
  C:\Windows\System32\JChZxaT.exe
  2⤵
  PID:13380
- C:\Windows\System32\gsvASdu.exe
  C:\Windows\System32\gsvASdu.exe
  2⤵
  PID:13396
- C:\Windows\System32\AZtlvAT.exe
  C:\Windows\System32\AZtlvAT.exe
  2⤵
  PID:13412
- C:\Windows\System32\zVxcQrJ.exe
  C:\Windows\System32\zVxcQrJ.exe
  2⤵
  PID:13428
- C:\Windows\System32\UPCdLgm.exe
  C:\Windows\System32\UPCdLgm.exe
  2⤵
  PID:13444
- C:\Windows\System32\vAsLaXg.exe
  C:\Windows\System32\vAsLaXg.exe
  2⤵
  PID:13460
- C:\Windows\System32\tijmkfL.exe
  C:\Windows\System32\tijmkfL.exe
  2⤵
  PID:13480
- C:\Windows\System32\OywIekR.exe
  C:\Windows\System32\OywIekR.exe
  2⤵
  PID:13508
- C:\Windows\System32\UDSdPKl.exe
  C:\Windows\System32\UDSdPKl.exe
  2⤵
  PID:13588
- C:\Windows\System32\BXxsKan.exe
  C:\Windows\System32\BXxsKan.exe
  2⤵
  PID:13660
- C:\Windows\System32\ZNriFQl.exe
  C:\Windows\System32\ZNriFQl.exe
  2⤵
  PID:13716
- C:\Windows\System32\pXqnwRX.exe
  C:\Windows\System32\pXqnwRX.exe
  2⤵
  PID:13744
- C:\Windows\System32\aQQKHOM.exe
  C:\Windows\System32\aQQKHOM.exe
  2⤵
  PID:13772
- C:\Windows\System32\FkYAZNa.exe
  C:\Windows\System32\FkYAZNa.exe
  2⤵
  PID:13788
- C:\Windows\System32\exBuCJG.exe
  C:\Windows\System32\exBuCJG.exe
  2⤵
  PID:13808
- C:\Windows\System32\JJhosOT.exe
  C:\Windows\System32\JJhosOT.exe
  2⤵
  PID:13836
- C:\Windows\System32\KsEhVUe.exe
  C:\Windows\System32\KsEhVUe.exe
  2⤵
  PID:13864
- C:\Windows\System32\MMdVhrR.exe
  C:\Windows\System32\MMdVhrR.exe
  2⤵
  PID:13912
- C:\Windows\System32\bbSefTb.exe
  C:\Windows\System32\bbSefTb.exe
  2⤵
  PID:13944
- C:\Windows\System32\MuXEzqn.exe
  C:\Windows\System32\MuXEzqn.exe
  2⤵
  PID:13972
- C:\Windows\System32\xUpuHXw.exe
  C:\Windows\System32\xUpuHXw.exe
  2⤵
  PID:13992
- C:\Windows\System32\nmETMjB.exe
  C:\Windows\System32\nmETMjB.exe
  2⤵
  PID:14016
- C:\Windows\System32\CSUkfsi.exe
  C:\Windows\System32\CSUkfsi.exe
  2⤵
  PID:14036
- C:\Windows\System32\tlWRNmJ.exe
  C:\Windows\System32\tlWRNmJ.exe
  2⤵
  PID:14064
- C:\Windows\System32\gqiTKMd.exe
  C:\Windows\System32\gqiTKMd.exe
  2⤵
  PID:14112
- C:\Windows\System32\zObDKid.exe
  C:\Windows\System32\zObDKid.exe
  2⤵
  PID:14136
- C:\Windows\System32\GjOVqOy.exe
  C:\Windows\System32\GjOVqOy.exe
  2⤵
  PID:14156
- C:\Windows\System32\jLANOxl.exe
  C:\Windows\System32\jLANOxl.exe
  2⤵
  PID:14172
- C:\Windows\System32\GiAdsAw.exe
  C:\Windows\System32\GiAdsAw.exe
  2⤵
  PID:14192
- C:\Windows\System32\JDwYSWb.exe
  C:\Windows\System32\JDwYSWb.exe
  2⤵
  PID:14228
- C:\Windows\System32\worBeyv.exe
  C:\Windows\System32\worBeyv.exe
  2⤵
  PID:14260
- C:\Windows\System32\ZimLNkk.exe
  C:\Windows\System32\ZimLNkk.exe
  2⤵
  PID:14292
- C:\Windows\System32\KCyvjzW.exe
  C:\Windows\System32\KCyvjzW.exe
  2⤵
  PID:14324
- C:\Windows\System32\prrKXld.exe
  C:\Windows\System32\prrKXld.exe
  2⤵
  PID:12908
- C:\Windows\System32\ejPNWeK.exe
  C:\Windows\System32\ejPNWeK.exe
  2⤵
  PID:13116
- C:\Windows\System32\AosNApF.exe
  C:\Windows\System32\AosNApF.exe
  2⤵
  PID:13316
- C:\Windows\System32\TMDsWOt.exe
  C:\Windows\System32\TMDsWOt.exe
  2⤵
  PID:13388

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\DGZxUkk.exe

Filesize
2.0MB

MD5
8b54546bf7925da51022d2e13ddbbafa

SHA1
36940c038d67b60ab343767bd0b2ec4cb55cc334

SHA256
9f639ab87cbfd3978ec63e2807ae0df0cb24a4f79ef2bb729eef341d415c21ea

SHA512
eaa39f566d004f75e45c63ae17ed2906d909473ee946d658b6597474d0924bb492fe8590209d45fdb2b0726195a527c07ec5a90d64d0bb298eb8f11ff0f1cd41

Download Submit
C:\Windows\System32\FhVaQRg.exe

Filesize
2.0MB

MD5
ed3d86b06c2ba0dc608737637395b434

SHA1
349b24008e0339029d95efd11a3746967b6ef495

SHA256
469104f5f94fabe5752ca028209c2eac67dc9f64d12813ab83d0ec498d91dc7f

SHA512
f28c989e82eb27c0c1fde7696823a65a0f2ca9d55ef4fb0c0a4ff41bb06c4db6127bbf3c878074f40f67f9e4309a86bb410cb5d17396e1408b8d5ff47a2269ef

Download Submit
C:\Windows\System32\GnOdeAv.exe

Filesize
2.0MB

MD5
d380261a53fc36df970b467d8e71b3b0

SHA1
ab972d65b7b78e5c8465233f16a395f9de2ec490

SHA256
c8880468008c54387654a87e76cd7c53f86ace72067add4f45f7baaeb1d9b879

SHA512
4d3397ae004a419715d3c5c0195527b9e5ff25a350367f6b8d5351aa313a18c65f52d2b7b155fe8e0efeae0b855d56d25a1a7c9e2e22bb3ebedbe16e305734da

Download Submit
C:\Windows\System32\GndHmWc.exe

Filesize
2.0MB

MD5
338e13883139ae3d98bf133e8823837b

SHA1
f452659d14d0fb63e16a3d341bf7d83d5daf7439

SHA256
340c29e9e5380db8cd1ca7bab720d8ab21f0ee5ddfd3150974405874ea8f8636

SHA512
b5cfd326ca1397a89408dae36b506c702ce5e0d3485da88a723147f7106a85009d1230a63122bece1cd2a87a0413155e1ef6242159f54b8a8ed11a05e1dbfb30

Download Submit
C:\Windows\System32\GzzPmAu.exe

Filesize
2.0MB

MD5
0bb6e88bcbf986b76aea4ae3be1bf555

SHA1
29173152846657f009fb43227c56cc847a03073a

SHA256
a23c826c9193300723ab0f5393f5595b9c322d53811615b7663865b453d17d85

SHA512
34f4dfd7290c55a6a4dbad167409ae7ed1d84b161dcf7184400a1a8aa1e09d7d32a058bc02e1c0d7fd11e75df654f7bf4f8f6aa4951d4983febf7cb33acc207d

Download Submit
C:\Windows\System32\JLCHSuf.exe

Filesize
2.0MB

MD5
35368288dcded2d66d76760b094cf75e

SHA1
6741fbd99231cce96ddce141d46d6f0eaa8470f0

SHA256
ddc6709356c9b9d139e31cfa2c9dc18de05b8b2eda785d9e469bd9c357342cfe

SHA512
174c15bfddd3ccd0baeae3f6deeb511e917f7b368848c1a21a563ad11caff28400377a85c47d7356a2840e04c143b443f50c3fcd4ce32c779a1e9576408a9cf9

Download Submit
C:\Windows\System32\LmeudNl.exe

Filesize
2.0MB

MD5
c90db4c5d9e3a4b95cdf131723242441

SHA1
fc9371fa5ee5e6469a6740f485d921ca7a82cac1

SHA256
d415649c5ab0f7212b15ce5279e810be9e11397592973f9f883574747b6db484

SHA512
19ffc92f80f00011698dc71bc954860172b950bd1da219600be4b8780e30d200a5573f09ca2a6bc977d315f4c4974c59d7c11c08e3aa2b17978626e99659776c

Download Submit
C:\Windows\System32\MmlHmLV.exe

Filesize
2.0MB

MD5
dadb1512623f17f8b57a141ee2ea474f

SHA1
6d3dfa9d9a90a9abebf0da8e622759a288c2ae5a

SHA256
3faa63ebe0ee76778ee592796dd164130f82308b3adab658a6dd04e90e1e0e29

SHA512
a5def9be69b4bad1f954c9b74d2dbe1325c5beecd9a34173ad2583a594487957109f52f6ce709fb3b3e56132d4504532efbcaf65377c1b82f72ecf6a24bf3d3e

Download Submit
C:\Windows\System32\PyelMSu.exe

Filesize
2.0MB

MD5
58c54e69bfed222c2f78da5cfbbce008

SHA1
dbbd42f571ed93f48e9d62eb966ea061dc717990

SHA256
5154e0a217275843d0ab5def59374608cb0a168c2d213610f49fa7dcbbc6e3af

SHA512
f2a35f3eb7d25b7edb0afcca9deb06c44a8db41ddbb97296c955e9c96fc0bcaaece5bac3498c8fb0c134f785d17505beee72d05392a558d8e824008aaf640ef0

Download Submit
C:\Windows\System32\QdbNnUE.exe

Filesize
2.0MB

MD5
eb264eaac60fc37f6189cc1dc4194982

SHA1
54bc79a9fb36e963163883051995c1ca077f65d7

SHA256
3fccc2447262d0f010b222f5a20c1ad8435c25feaaa3f7b741df2d032299fc1f

SHA512
baf6b21ba8c689345bc8c839273b56ba0d1873cf7c1155c622ed8935b8ccd9fa81bea4c1cbe975b6ab4dcc53820a28b0b7de2a3f67af105df93ab4b3f85cf73f

Download Submit
C:\Windows\System32\ROTbTDl.exe

Filesize
2.0MB

MD5
874811afaaf44a6def5a922a87ff143c

SHA1
8126a20369ba6b135f9f70a9f3916d3803630fbe

SHA256
f22fe35a3f757be039cb40282e9a0a14c5a74e39523793c9d6f800d58a69e956

SHA512
3811570771788e051cc59a9e3002b3e1185ef44268a6d4d23d64235065bbd8836b26e48c685a8f5525423ec911060ec4d8923c473c1ace949fb46b16d506b48e

Download Submit
C:\Windows\System32\SaRJAON.exe

Filesize
2.0MB

MD5
b68ac819eb56be8cbb68e31543cb7f0c

SHA1
95b62dab49d3bf2457cf121536e7d791816df68b

SHA256
dbfc5bc192821a6cd58ffa86640ef2a0e48bc71c6e878eec0490687011ebd812

SHA512
6be78262d853bc7bde2fe98aafb49c553513f8206567b6bed058a58a0dedc0f78ec2dd13918556fa49549acd5f8236229c771577b25d9d31c0df0ece43c2d3ee

Download Submit
C:\Windows\System32\TCegQPd.exe

Filesize
2.0MB

MD5
d08359f07724f2a9a174ef3b9f5d15c1

SHA1
13586f797162f8d9bbeb08054cc40de234623a38

SHA256
865e68dff3ccf203a63dc98d20feca2c223280fc28a5e8d1189d421d2d49f834

SHA512
b936bebf85e0790a2ec2f90e06027789d519c0f93369fe650f22b3014bae11a8c1181b5cc5d3b4ad0999d35215bc704faa54eb7a893064b21bb57f3cd9fd8833

Download Submit
C:\Windows\System32\TOBQlQp.exe

Filesize
2.0MB

MD5
69055c3d839b58a8c4c7bebc23a9d96c

SHA1
0fcc09c14b9d46e220ba357ba74367abea0a832b

SHA256
8e44b8d4add07a1379075f571ea13320f288601054b31d8c70cc6b4a7ff887f8

SHA512
1bb39603bc1df584226f3e45c7c0004527570e18e22a3a2d6533de49e2ade7ccf2f4bc1e11cee50f2dc2eb89a7d2caaacdba3eeea2869fe9a6dae998ce4ca48b

Download Submit
C:\Windows\System32\UgbnHoB.exe

Filesize
2.0MB

MD5
cd07dd1f75649b5be94872b19c5d8596

SHA1
efc6aad3db6486845755ee111f2fba47e35ecbca

SHA256
b08c57e2ec44a155de63228fdcf1255a51549ab56f858ba27635f0c28f4a494c

SHA512
1af50c8a52ed2f480ae95968caa4b6e300ac487ab454800496545830ab3f7e15cffc2ef87928487a912d4bfcd03c948974ecdd25e528741ba743aabcd8a97a16

Download Submit
C:\Windows\System32\WQWUkzW.exe

Filesize
2.0MB

MD5
941f352d71cbee3db7e577a3f6490f39

SHA1
1bf03ccd31bfbaf652016d44a8a43ec6a1716487

SHA256
615023b8781e916700becb224e4d6626ddea0d03c85985895abbcc356e32a2e6

SHA512
eb068c9191fabcde3357c1042aaff61c79135bde561ce3537d6046397b5f74ac9a4369fb7d0e15f3375256c09ccdc141cecdc683aec85650c270f39eae38000c

Download Submit
C:\Windows\System32\ZkRrxre.exe

Filesize
2.0MB

MD5
a7adf792afb49e6ac43c32d06aa61ce4

SHA1
3fd59c2d5977b95f271ec441635a8ded87dba8ca

SHA256
e24487323b965ce7e92ba5888e58d25f3d351d94146beaf4fe412624952b1fd8

SHA512
09a50c6a5691c66bfe50bd3fadfbf39d86d5412c4611038bf606f54041d59d4d0a15634aa30375dc446c679f07cd8a0a20b7616827267d19b7435e33e8575d44

Download Submit
C:\Windows\System32\hfCzFqK.exe

Filesize
2.0MB

MD5
467f4dcf0c5657dd7439d0ba40abe4e6

SHA1
a5780ca27ad5c03551e313693aac371cba1972e8

SHA256
0325b2d833e047079929672b9f4cae398b1a45786d4bd1acd57f400314008279

SHA512
29439634c0bdf0b8c887a6d90f5d2588d9a745e934993765faec673118484757652a72944b69f3d09a5d583c22700bc70020b5f10b42d24f698d8dc5f6adcf1e

Download Submit
C:\Windows\System32\jnUPCIy.exe

Filesize
2.0MB

MD5
dd03d49740261d05a56efa2cf68e89d0

SHA1
c25d0577d0708c6078aed54a86b45701cb8a78c0

SHA256
c563c95f766bb6be1b78613750758d95c7d6910a16ee457bcab42bad3d378b12

SHA512
0051c7ab6a67d77f91a639aa45b5b8c8acf21bf3ccb5adae1a0183c00fa7810c4bb4b3d4d9242ad573a07141f9eb7f7afd3e291e0540c47d55d8fa7131f27a58

Download Submit
C:\Windows\System32\kOAsiix.exe

Filesize
2.0MB

MD5
189e7e8b634ab3f862b868dca12f557f

SHA1
4d0b81cd8c8f98a61c347c1b458e28e2edd32a74

SHA256
c2bb74e44be1045a40324cd42bdbdc99ef5d4fb1b78b74e54fb52ac766c95aba

SHA512
2d9b5291f78dca547f8878edc139917355cf97a34421a1b89049b702163cb63bdbea18da42825c73b38bf3e8c5cecda131f4e251ac58b16086de4da3c7627e54

Download Submit
C:\Windows\System32\kTyZGqm.exe

Filesize
2.0MB

MD5
5884465e8acafd45ee467b544afdfabd

SHA1
234a45dd784ed025f1fcc59f5c64f0cabf6755b4

SHA256
4e5cfb701d46b399c4c374baa01e8a9d7be96d4f676cb277579995603ff9e34c

SHA512
2757a78687e7cb905b9dec52073fd19a13aad9cfc23552ed4b06a6e1282bf74339224323256e6835aff3f0b38216d258516818d6192f823b75bda8889078ce9d

Download Submit
C:\Windows\System32\kZNZlpk.exe

Filesize
2.0MB

MD5
ae053134c248305a695d8bab6d29279c

SHA1
2e6368eabae1cc3b70415155de9f1c407e1cdefa

SHA256
0e06a83d45df23d79a0b656ae7f75be130d67b538732bb8266aa2a1ef2fa38bb

SHA512
5fbe1fddf9edc537b63b428125aa383322cfc4d58281f2d96076c93955782e91cdd32ac8801e6dfb5eede54693a8bf727f7f5bb308bd720451791374651e3f20

Download Submit
C:\Windows\System32\njCeQMc.exe

Filesize
2.0MB

MD5
3ac9b047e85744954b53aa303c52e08e

SHA1
63277597007b90c463a8184c0aa5e41b3dc72e99

SHA256
3be4236632b165058ca0b5c2af554288d697df20b29bc31196cd31052e9e9398

SHA512
c6b7a8597cd90b3265b06ac9d95127309cec7d46428e068674c2849eb3b2308b63c317e878eb27c8b2b41bce0e8566fc5fca69a009a5c5fe56c1428890f5fb8f

Download Submit
C:\Windows\System32\oQBCWaS.exe

Filesize
2.0MB

MD5
3a85d12a0bf076f2074393a0782f050b

SHA1
865d4b79002fa33fd17c0f91cd59be995564f00f

SHA256
c0d32ee95d20b00a989f45230e5ae7361a073a587e390b5042bf42f02a98f6f0

SHA512
b6ca54dd4f73d71a5e03f54c7ab50b6b657cde449aacd34f9eef187c4858f988a6e093c0895b0b4cfa453f036d7ae2c0010169cae012d8a537e714526980b69c

Download Submit
C:\Windows\System32\rPmrShi.exe

Filesize
2.0MB

MD5
21510e32acef6186a537e3396c7fcbac

SHA1
f474d3a5b51ff2334abc62d6d2f6f92f63942cf3

SHA256
ccdcb65797d8151528a8609623945595aee0c0ee3baf3266d8337db929264f76

SHA512
b0bb30980b6f4d3da932c2a0de0c5d2231acab89df8d70809fd1317a66d50e008ed9572bb0eec06700ec2cf40ed9ced613ed9ae9a86a47c7a5154b76f800c656

Download Submit
C:\Windows\System32\rdvwPta.exe

Filesize
2.0MB

MD5
aceb3fd5742852d520f671adea591d86

SHA1
78d05a2cf23b3aeaa36991b90c828c6346dafafb

SHA256
be9eb11d06fe4671cfcb9ee4f85f3212bac95f5f3fc9a68164ba812d8cedaeb9

SHA512
5303f70d16136194675d648088a0d8695340e6db4e1e998f1e91e0879012d5a2cac6b224113513a1e00ae44176abce91abd671548ce6b7407d09eee74a9cfe74

Download Submit
C:\Windows\System32\sQiIflo.exe

Filesize
2.0MB

MD5
065b164ae3ef898b2f2d51ae8f8936f2

SHA1
7bce26956a3b2daf7eff41ae1ef94d3d846ea1fd

SHA256
b6e7c5b28adbb1e5401679310d90a208a7514983b75426934497db4e39cb2600

SHA512
b2218bd50d0a143403dcd361a965b1316663daec0121bf2d3ae44d57adf1295fb420457e04adff53b7a78bee215f8e45d1687cda858804e97e683dc3d3d66fa8

Download Submit
C:\Windows\System32\tFIetie.exe

Filesize
2.0MB

MD5
eead11f3ed728d56182256e34d3ccbd6

SHA1
432b92eff2c1ac43d1cba44d01501c1d27ccb532

SHA256
ad73e4c7a5d1f2b17ea7f0d3aaa692e0a2e0575e5360cf64601e3953caaa4016

SHA512
0542f4efe823483733b9196cf518bf9700748ea419c7d0c43f6d1827d7c0b722c348dfc45377094181fcdee2c4c356eeda1b7fa4a9f6be541a74dd99587c62e7

Download Submit
C:\Windows\System32\ujWyqPV.exe

Filesize
2.0MB

MD5
7a38b74dea08baaf17119d0e99e1e9d3

SHA1
409852ad7cb2c5488d032a295bb092a990d0715d

SHA256
f4bb950eff74287a05a3dc8b1175a6e12050c31cd8d3aeafabc40bb121c79cae

SHA512
1756982c52810dd7baec1384647431ff65f20b50ac53738eba1b127ea8aa33eee4c44fa06e09d59a9e653ddb3ccf94af5dce7c30845e0eab11e619bb40c73a93

Download Submit
C:\Windows\System32\wzvQcOm.exe

Filesize
2.0MB

MD5
57b5f7c8b8e3162d931cdc5d6e43f07e

SHA1
61430b0a355fbaafccbc7cbd213cc71d0289aa82

SHA256
2f01a9ebad7d31fcefd7c0adc211ab1cad9a4c4972461a901008e96db6d630e4

SHA512
f8f40cc8e033cb065b160ce2c4be0596197f2b53cc0e85801cef0972b64e87c332c5baa7718383798c2011dc0978b2dba3b81b40e4a1b53c7758308899346186

Download Submit
C:\Windows\System32\xpbsGyw.exe

Filesize
2.0MB

MD5
500ce27b163163de8fc8b379a4554ef9

SHA1
e3e637f6e48670c838f3cbc2e007cd89450f6d8c

SHA256
6152ebf4759ab80fb1efe7cf433fca131169dc5f117c39736ef4954bebc73b36

SHA512
2a3bbf804305d999a6ddb332bff75300207c65f4cd046ca108a56856bf55e2ebb52e209bd4bbe9cf63cd677dfd19b86584636fd727b0f8a67e8ac58c9bbf185c

Download Submit
C:\Windows\System32\xybZVTo.exe

Filesize
2.0MB

MD5
02f449878ee109b477b293c85aabed2e

SHA1
ea9248e1632e2032d1e68a09004a6f95c9af4497

SHA256
dc0c4e010b02f987e83f67381a6a9cbbd2bb991b2702aa89b81feffd685403df

SHA512
9d9b9ed20a17eb31ee9bb6051803ef2b2077e0eb0615cc438218349b7cd38618b6e416c3ec4f85bdece0f247b9e1fdaffdc131ecab2d38951919070487ca3df5

Download Submit
memory/232-15-0x00007FF670E80000-0x00007FF671271000-memory.dmp

Filesize
3.9MB

Download
memory/232-2065-0x00007FF670E80000-0x00007FF671271000-memory.dmp

Filesize
3.9MB

Download
memory/808-2126-0x00007FF651080000-0x00007FF651471000-memory.dmp

Filesize
3.9MB

Download
memory/808-2044-0x00007FF651080000-0x00007FF651471000-memory.dmp

Filesize
3.9MB

Download
memory/808-137-0x00007FF651080000-0x00007FF651471000-memory.dmp

Filesize
3.9MB

Download
memory/1800-29-0x00007FF6C76A0000-0x00007FF6C7A91000-memory.dmp

Filesize
3.9MB

Download
memory/1800-2067-0x00007FF6C76A0000-0x00007FF6C7A91000-memory.dmp

Filesize
3.9MB

Download
memory/2068-26-0x00007FF74E0F0000-0x00007FF74E4E1000-memory.dmp

Filesize
3.9MB

Download
memory/2068-2069-0x00007FF74E0F0000-0x00007FF74E4E1000-memory.dmp

Filesize
3.9MB

Download
memory/2180-48-0x00007FF7CFAE0000-0x00007FF7CFED1000-memory.dmp

Filesize
3.9MB

Download
memory/2180-126-0x00007FF7CFAE0000-0x00007FF7CFED1000-memory.dmp

Filesize
3.9MB

Download
memory/2180-2079-0x00007FF7CFAE0000-0x00007FF7CFED1000-memory.dmp

Filesize
3.9MB

Download
memory/2236-2118-0x00007FF7F34B0000-0x00007FF7F38A1000-memory.dmp

Filesize
3.9MB

Download
memory/2236-1878-0x00007FF7F34B0000-0x00007FF7F38A1000-memory.dmp

Filesize
3.9MB

Download
memory/2236-106-0x00007FF7F34B0000-0x00007FF7F38A1000-memory.dmp

Filesize
3.9MB

Download
memory/2244-116-0x00007FF6B3720000-0x00007FF6B3B11000-memory.dmp

Filesize
3.9MB

Download
memory/2244-2120-0x00007FF6B3720000-0x00007FF6B3B11000-memory.dmp

Filesize
3.9MB

Download
memory/2244-2024-0x00007FF6B3720000-0x00007FF6B3B11000-memory.dmp

Filesize
3.9MB

Download
memory/2544-159-0x00007FF737CF0000-0x00007FF7380E1000-memory.dmp

Filesize
3.9MB

Download
memory/2544-2059-0x00007FF737CF0000-0x00007FF7380E1000-memory.dmp

Filesize
3.9MB

Download
memory/2544-2130-0x00007FF737CF0000-0x00007FF7380E1000-memory.dmp

Filesize
3.9MB

Download
memory/2936-0-0x00007FF7EAFC0000-0x00007FF7EB3B1000-memory.dmp

Filesize
3.9MB

Download
memory/2936-2061-0x00007FF7EAFC0000-0x00007FF7EB3B1000-memory.dmp

Filesize
3.9MB

Download
memory/2936-1-0x0000019E3F420000-0x0000019E3F430000-memory.dmp

Filesize
64KB

Download
memory/2936-84-0x00007FF7EAFC0000-0x00007FF7EB3B1000-memory.dmp

Filesize
3.9MB

Download
memory/3096-62-0x00007FF6CB8C0000-0x00007FF6CBCB1000-memory.dmp

Filesize
3.9MB

Download
memory/3096-2081-0x00007FF6CB8C0000-0x00007FF6CBCB1000-memory.dmp

Filesize
3.9MB

Download
memory/3300-57-0x00007FF6EFDB0000-0x00007FF6F01A1000-memory.dmp

Filesize
3.9MB

Download
memory/3300-2083-0x00007FF6EFDB0000-0x00007FF6F01A1000-memory.dmp

Filesize
3.9MB

Download
memory/3300-148-0x00007FF6EFDB0000-0x00007FF6F01A1000-memory.dmp

Filesize
3.9MB

Download
memory/3556-86-0x00007FF68E410000-0x00007FF68E801000-memory.dmp

Filesize
3.9MB

Download
memory/3556-2104-0x00007FF68E410000-0x00007FF68E801000-memory.dmp

Filesize
3.9MB

Download
memory/3580-2128-0x00007FF62A7A0000-0x00007FF62AB91000-memory.dmp

Filesize
3.9MB

Download
memory/3580-145-0x00007FF62A7A0000-0x00007FF62AB91000-memory.dmp

Filesize
3.9MB

Download
memory/3580-2045-0x00007FF62A7A0000-0x00007FF62AB91000-memory.dmp

Filesize
3.9MB

Download
memory/3780-101-0x00007FF74A860000-0x00007FF74AC51000-memory.dmp

Filesize
3.9MB

Download
memory/3780-2114-0x00007FF74A860000-0x00007FF74AC51000-memory.dmp

Filesize
3.9MB

Download
memory/3780-1479-0x00007FF74A860000-0x00007FF74AC51000-memory.dmp

Filesize
3.9MB

Download
memory/3896-2116-0x00007FF7E0160000-0x00007FF7E0551000-memory.dmp

Filesize
3.9MB

Download
memory/3896-112-0x00007FF7E0160000-0x00007FF7E0551000-memory.dmp

Filesize
3.9MB

Download
memory/3976-40-0x00007FF614E20000-0x00007FF615211000-memory.dmp

Filesize
3.9MB

Download
memory/3976-2075-0x00007FF614E20000-0x00007FF615211000-memory.dmp

Filesize
3.9MB

Download
memory/4000-89-0x00007FF7E78D0000-0x00007FF7E7CC1000-memory.dmp

Filesize
3.9MB

Download
memory/4000-2112-0x00007FF7E78D0000-0x00007FF7E7CC1000-memory.dmp

Filesize
3.9MB

Download
memory/4012-2073-0x00007FF647CF0000-0x00007FF6480E1000-memory.dmp

Filesize
3.9MB

Download
memory/4012-111-0x00007FF647CF0000-0x00007FF6480E1000-memory.dmp

Filesize
3.9MB

Download
memory/4012-30-0x00007FF647CF0000-0x00007FF6480E1000-memory.dmp

Filesize
3.9MB

Download
memory/4032-2124-0x00007FF73A380000-0x00007FF73A771000-memory.dmp

Filesize
3.9MB

Download
memory/4032-155-0x00007FF73A380000-0x00007FF73A771000-memory.dmp

Filesize
3.9MB

Download
memory/4128-2110-0x00007FF777260000-0x00007FF777651000-memory.dmp

Filesize
3.9MB

Download
memory/4128-99-0x00007FF777260000-0x00007FF777651000-memory.dmp

Filesize
3.9MB

Download
memory/4224-129-0x00007FF710490000-0x00007FF710881000-memory.dmp

Filesize
3.9MB

Download
memory/4224-2122-0x00007FF710490000-0x00007FF710881000-memory.dmp

Filesize
3.9MB

Download
memory/4308-2077-0x00007FF7DFEF0000-0x00007FF7E02E1000-memory.dmp

Filesize
3.9MB

Download
memory/4308-47-0x00007FF7DFEF0000-0x00007FF7E02E1000-memory.dmp

Filesize
3.9MB

Download
memory/4560-92-0x00007FF6F9FC0000-0x00007FF6FA3B1000-memory.dmp

Filesize
3.9MB

Download
memory/4560-2108-0x00007FF6F9FC0000-0x00007FF6FA3B1000-memory.dmp

Filesize
3.9MB

Download
memory/4792-2106-0x00007FF678380000-0x00007FF678771000-memory.dmp

Filesize
3.9MB

Download
memory/4792-157-0x00007FF678380000-0x00007FF678771000-memory.dmp

Filesize
3.9MB

Download
memory/4792-77-0x00007FF678380000-0x00007FF678771000-memory.dmp

Filesize
3.9MB

Download
memory/5112-2071-0x00007FF65ABF0000-0x00007FF65AFE1000-memory.dmp

Filesize
3.9MB

Download
memory/5112-27-0x00007FF65ABF0000-0x00007FF65AFE1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads