xmrig | 476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499

Analysis

max time kernel
123s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
Size

3.3MB
MD5

39f56af249688f5431414cf0442ef790
SHA1

db84540e6e7415abaf6b067783384bc5f2f15fc3
SHA256

476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499
SHA512

a133260b7c99a2000b7841e9f023455fd6806a040a75f7b51ded7a1d049b183820e1a9c5bea79b9b229e0696128995ff52eef8f45207e204f63d05a052000f64
SSDEEP

98304:N0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc4Y:NFWPClFI

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1756-0-0x00007FF60C240000-0x00007FF60C635000-memory.dmp	xmrig
behavioral2/files/0x0009000000023467-5.dat	xmrig
behavioral2/memory/1680-8-0x00007FF7EDD70000-0x00007FF7EE165000-memory.dmp	xmrig
behavioral2/files/0x0007000000023475-11.dat	xmrig
behavioral2/files/0x0007000000023476-10.dat	xmrig
behavioral2/memory/4620-14-0x00007FF7F7EE0000-0x00007FF7F82D5000-memory.dmp	xmrig
behavioral2/memory/3484-21-0x00007FF6436D0000-0x00007FF643AC5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023477-24.dat	xmrig
behavioral2/files/0x0007000000023478-27.dat	xmrig
behavioral2/files/0x000700000002347a-41.dat	xmrig
behavioral2/files/0x000700000002347b-46.dat	xmrig
behavioral2/files/0x000700000002347d-54.dat	xmrig
behavioral2/files/0x000700000002347e-61.dat	xmrig
behavioral2/files/0x0007000000023480-71.dat	xmrig
behavioral2/files/0x0007000000023483-84.dat	xmrig
behavioral2/files/0x0007000000023485-94.dat	xmrig
behavioral2/files/0x0007000000023487-106.dat	xmrig
behavioral2/files/0x000700000002348a-121.dat	xmrig
behavioral2/files/0x000700000002348e-139.dat	xmrig
behavioral2/memory/4964-801-0x00007FF71D3A0000-0x00007FF71D795000-memory.dmp	xmrig
behavioral2/memory/1044-811-0x00007FF7C63D0000-0x00007FF7C67C5000-memory.dmp	xmrig
behavioral2/memory/2920-816-0x00007FF64BB80000-0x00007FF64BF75000-memory.dmp	xmrig
behavioral2/memory/3896-823-0x00007FF6000F0000-0x00007FF6004E5000-memory.dmp	xmrig
behavioral2/memory/4252-839-0x00007FF6B33D0000-0x00007FF6B37C5000-memory.dmp	xmrig
behavioral2/memory/508-841-0x00007FF65AEA0000-0x00007FF65B295000-memory.dmp	xmrig
behavioral2/memory/1696-852-0x00007FF7A2780000-0x00007FF7A2B75000-memory.dmp	xmrig
behavioral2/memory/4624-850-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp	xmrig
behavioral2/memory/696-863-0x00007FF728790000-0x00007FF728B85000-memory.dmp	xmrig
behavioral2/memory/2256-860-0x00007FF610000000-0x00007FF6103F5000-memory.dmp	xmrig
behavioral2/memory/2824-858-0x00007FF7391A0000-0x00007FF739595000-memory.dmp	xmrig
behavioral2/memory/4568-845-0x00007FF699110000-0x00007FF699505000-memory.dmp	xmrig
behavioral2/memory/5052-833-0x00007FF6D03E0000-0x00007FF6D07D5000-memory.dmp	xmrig
behavioral2/memory/2504-871-0x00007FF6EA750000-0x00007FF6EAB45000-memory.dmp	xmrig
behavioral2/memory/4544-875-0x00007FF746EB0000-0x00007FF7472A5000-memory.dmp	xmrig
behavioral2/memory/624-868-0x00007FF677900000-0x00007FF677CF5000-memory.dmp	xmrig
behavioral2/memory/532-828-0x00007FF641BB0000-0x00007FF641FA5000-memory.dmp	xmrig
behavioral2/memory/4828-807-0x00007FF693880000-0x00007FF693C75000-memory.dmp	xmrig
behavioral2/memory/408-804-0x00007FF71D050000-0x00007FF71D445000-memory.dmp	xmrig
behavioral2/files/0x0007000000023493-166.dat	xmrig
behavioral2/files/0x0007000000023492-161.dat	xmrig
behavioral2/files/0x0007000000023491-156.dat	xmrig
behavioral2/files/0x0007000000023490-151.dat	xmrig
behavioral2/files/0x000700000002348f-146.dat	xmrig
behavioral2/files/0x000700000002348d-136.dat	xmrig
behavioral2/files/0x000700000002348c-131.dat	xmrig
behavioral2/files/0x000700000002348b-126.dat	xmrig
behavioral2/files/0x0007000000023489-116.dat	xmrig
behavioral2/files/0x0007000000023488-111.dat	xmrig
behavioral2/files/0x0007000000023486-101.dat	xmrig
behavioral2/files/0x0007000000023484-91.dat	xmrig
behavioral2/files/0x0007000000023482-81.dat	xmrig
behavioral2/files/0x0007000000023481-76.dat	xmrig
behavioral2/files/0x000700000002347f-66.dat	xmrig
behavioral2/files/0x000700000002347c-51.dat	xmrig
behavioral2/files/0x0007000000023479-36.dat	xmrig
behavioral2/memory/4976-30-0x00007FF6F5390000-0x00007FF6F5785000-memory.dmp	xmrig
behavioral2/memory/4840-28-0x00007FF6FA0F0000-0x00007FF6FA4E5000-memory.dmp	xmrig
behavioral2/memory/1756-1890-0x00007FF60C240000-0x00007FF60C635000-memory.dmp	xmrig
behavioral2/memory/4976-1891-0x00007FF6F5390000-0x00007FF6F5785000-memory.dmp	xmrig
behavioral2/memory/1756-1892-0x00007FF60C240000-0x00007FF60C635000-memory.dmp	xmrig
behavioral2/memory/1680-1893-0x00007FF7EDD70000-0x00007FF7EE165000-memory.dmp	xmrig
behavioral2/memory/4620-1894-0x00007FF7F7EE0000-0x00007FF7F82D5000-memory.dmp	xmrig
behavioral2/memory/3484-1895-0x00007FF6436D0000-0x00007FF643AC5000-memory.dmp	xmrig
behavioral2/memory/4840-1896-0x00007FF6FA0F0000-0x00007FF6FA4E5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1680	PxWIVWg.exe
4620	AlIqWyx.exe
3484	DzgpbzT.exe
4840	LvOytiH.exe
4976	OoChymT.exe
4964	IhOWbWl.exe
408	rbOeUAB.exe
4828	iODjGti.exe
1044	oSTtXRs.exe
2920	ZPCwgBH.exe
3896	ADyVAWJ.exe
532	kgbBJlf.exe
5052	YYvsGnF.exe
4252	cWbsVul.exe
508	NTXZmYj.exe
4568	cOfAneF.exe
4624	ZJqLMSb.exe
1696	tXKhRXP.exe
2824	bRopAfw.exe
2256	xdqHmSO.exe
696	jLPPWsV.exe
624	YPXnHUU.exe
2504	zGQmvnZ.exe
4544	DFaZXiS.exe
1144	NDbYjGD.exe
3660	qAinyhk.exe
4600	ZEMLHGD.exe
4984	jrDTfLx.exe
3552	bfmXsLh.exe
804	QyDffrk.exe
2396	UhYByov.exe
1564	xDNwBJr.exe
4044	UYsfbdi.exe
3936	JjOTkQT.exe
2464	VSDqgWd.exe
2716	bJQRKXu.exe
2416	JWrHaPP.exe
3416	NjNYhHH.exe
2064	JZtWUFQ.exe
3272	cZfcgFy.exe
856	qNiNVPB.exe
1036	WHTIDUy.exe
996	rGavupm.exe
756	cAtPOiT.exe
684	WerQenq.exe
1248	VCSfaWA.exe
2068	RTKQwcT.exe
4356	fOWIEpB.exe
4672	yFUUyGH.exe
1664	loPBxbZ.exe
4584	ZZqZERy.exe
4660	thKMLnF.exe
4580	hSOErUX.exe
4540	WyGioIU.exe
1944	WnlnaxY.exe
1632	QnhwrnJ.exe
4304	csBuaIM.exe
1080	dUKtumd.exe
4484	dipkNrW.exe
1276	xBgTSfB.exe
876	UkMZGBJ.exe
3020	lNguTxd.exe
1836	AuQKqwc.exe
4648	fngrkQl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1756-0-0x00007FF60C240000-0x00007FF60C635000-memory.dmp	upx
behavioral2/files/0x0009000000023467-5.dat	upx
behavioral2/memory/1680-8-0x00007FF7EDD70000-0x00007FF7EE165000-memory.dmp	upx
behavioral2/files/0x0007000000023475-11.dat	upx
behavioral2/files/0x0007000000023476-10.dat	upx
behavioral2/memory/4620-14-0x00007FF7F7EE0000-0x00007FF7F82D5000-memory.dmp	upx
behavioral2/memory/3484-21-0x00007FF6436D0000-0x00007FF643AC5000-memory.dmp	upx
behavioral2/files/0x0007000000023477-24.dat	upx
behavioral2/files/0x0007000000023478-27.dat	upx
behavioral2/files/0x000700000002347a-41.dat	upx
behavioral2/files/0x000700000002347b-46.dat	upx
behavioral2/files/0x000700000002347d-54.dat	upx
behavioral2/files/0x000700000002347e-61.dat	upx
behavioral2/files/0x0007000000023480-71.dat	upx
behavioral2/files/0x0007000000023483-84.dat	upx
behavioral2/files/0x0007000000023485-94.dat	upx
behavioral2/files/0x0007000000023487-106.dat	upx
behavioral2/files/0x000700000002348a-121.dat	upx
behavioral2/files/0x000700000002348e-139.dat	upx
behavioral2/memory/4964-801-0x00007FF71D3A0000-0x00007FF71D795000-memory.dmp	upx
behavioral2/memory/1044-811-0x00007FF7C63D0000-0x00007FF7C67C5000-memory.dmp	upx
behavioral2/memory/2920-816-0x00007FF64BB80000-0x00007FF64BF75000-memory.dmp	upx
behavioral2/memory/3896-823-0x00007FF6000F0000-0x00007FF6004E5000-memory.dmp	upx
behavioral2/memory/4252-839-0x00007FF6B33D0000-0x00007FF6B37C5000-memory.dmp	upx
behavioral2/memory/508-841-0x00007FF65AEA0000-0x00007FF65B295000-memory.dmp	upx
behavioral2/memory/1696-852-0x00007FF7A2780000-0x00007FF7A2B75000-memory.dmp	upx
behavioral2/memory/4624-850-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp	upx
behavioral2/memory/696-863-0x00007FF728790000-0x00007FF728B85000-memory.dmp	upx
behavioral2/memory/2256-860-0x00007FF610000000-0x00007FF6103F5000-memory.dmp	upx
behavioral2/memory/2824-858-0x00007FF7391A0000-0x00007FF739595000-memory.dmp	upx
behavioral2/memory/4568-845-0x00007FF699110000-0x00007FF699505000-memory.dmp	upx
behavioral2/memory/5052-833-0x00007FF6D03E0000-0x00007FF6D07D5000-memory.dmp	upx
behavioral2/memory/2504-871-0x00007FF6EA750000-0x00007FF6EAB45000-memory.dmp	upx
behavioral2/memory/4544-875-0x00007FF746EB0000-0x00007FF7472A5000-memory.dmp	upx
behavioral2/memory/624-868-0x00007FF677900000-0x00007FF677CF5000-memory.dmp	upx
behavioral2/memory/532-828-0x00007FF641BB0000-0x00007FF641FA5000-memory.dmp	upx
behavioral2/memory/4828-807-0x00007FF693880000-0x00007FF693C75000-memory.dmp	upx
behavioral2/memory/408-804-0x00007FF71D050000-0x00007FF71D445000-memory.dmp	upx
behavioral2/files/0x0007000000023493-166.dat	upx
behavioral2/files/0x0007000000023492-161.dat	upx
behavioral2/files/0x0007000000023491-156.dat	upx
behavioral2/files/0x0007000000023490-151.dat	upx
behavioral2/files/0x000700000002348f-146.dat	upx
behavioral2/files/0x000700000002348d-136.dat	upx
behavioral2/files/0x000700000002348c-131.dat	upx
behavioral2/files/0x000700000002348b-126.dat	upx
behavioral2/files/0x0007000000023489-116.dat	upx
behavioral2/files/0x0007000000023488-111.dat	upx
behavioral2/files/0x0007000000023486-101.dat	upx
behavioral2/files/0x0007000000023484-91.dat	upx
behavioral2/files/0x0007000000023482-81.dat	upx
behavioral2/files/0x0007000000023481-76.dat	upx
behavioral2/files/0x000700000002347f-66.dat	upx
behavioral2/files/0x000700000002347c-51.dat	upx
behavioral2/files/0x0007000000023479-36.dat	upx
behavioral2/memory/4976-30-0x00007FF6F5390000-0x00007FF6F5785000-memory.dmp	upx
behavioral2/memory/4840-28-0x00007FF6FA0F0000-0x00007FF6FA4E5000-memory.dmp	upx
behavioral2/memory/1756-1890-0x00007FF60C240000-0x00007FF60C635000-memory.dmp	upx
behavioral2/memory/4976-1891-0x00007FF6F5390000-0x00007FF6F5785000-memory.dmp	upx
behavioral2/memory/1756-1892-0x00007FF60C240000-0x00007FF60C635000-memory.dmp	upx
behavioral2/memory/1680-1893-0x00007FF7EDD70000-0x00007FF7EE165000-memory.dmp	upx
behavioral2/memory/4620-1894-0x00007FF7F7EE0000-0x00007FF7F82D5000-memory.dmp	upx
behavioral2/memory/3484-1895-0x00007FF6436D0000-0x00007FF643AC5000-memory.dmp	upx
behavioral2/memory/4840-1896-0x00007FF6FA0F0000-0x00007FF6FA4E5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\JYUrdVx.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\vmfDySX.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\Gwpzozp.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\FIKQFCX.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\nYsZcye.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\UhTXDsG.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\WFzDPjm.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\QMppumj.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\XmdnuGc.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\WJRzLEC.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\LieEmzP.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\MYrMOiC.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\ewjKgYd.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\qNiNVPB.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\xBgTSfB.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\PPVndsU.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\BIJYwxL.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\Yqpfmhb.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\WHTIDUy.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\fngrkQl.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\xOLEYje.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\TBbSCrQ.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\vIpHydk.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\EfBLWCv.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\GtDdMWe.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\myiGZWj.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\wEqAuXQ.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\fGleWiR.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\unfIHce.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\qzLsDcX.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\SCkaaFx.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\XxaFGrL.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\SoMWbqJ.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\ZpLvjmV.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\LAlbFQQ.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\pjYtQUI.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\sTIIGqG.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\MHuDydT.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\LshHoJR.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\ueOBVCc.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\gbYPOUW.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\nDukDcu.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\EzRBaxK.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\omziOfV.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\DrUCGEF.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\EcdDoIH.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\KFOhXWa.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\efxZyZD.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\NvFiaPp.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\EtbbJLE.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\MVaLSLU.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\OOhaCZh.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\KcFJOKw.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\QDTYxiY.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\dipkNrW.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\YHfTski.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\RZVCRbR.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\CvMPIYJ.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\tzcvXdR.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\UlZxnZq.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\AXzgfLy.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\nxYFAZs.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\qUwOXXE.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
File created	C:\Windows\System32\ijImGRG.exe	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13744	dwm.exe
Token: SeChangeNotifyPrivilege	13744	dwm.exe
Token: 33	13744	dwm.exe
Token: SeIncBasePriorityPrivilege	13744	dwm.exe
Token: SeShutdownPrivilege	13744	dwm.exe
Token: SeCreatePagefilePrivilege	13744	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1680	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	84
PID 1756 wrote to memory of 1680	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	84
PID 1756 wrote to memory of 4620	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	85
PID 1756 wrote to memory of 4620	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	85
PID 1756 wrote to memory of 3484	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	86
PID 1756 wrote to memory of 3484	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	86
PID 1756 wrote to memory of 4840	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	87
PID 1756 wrote to memory of 4840	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	87
PID 1756 wrote to memory of 4976	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	88
PID 1756 wrote to memory of 4976	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	88
PID 1756 wrote to memory of 4964	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	89
PID 1756 wrote to memory of 4964	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	89
PID 1756 wrote to memory of 408	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	90
PID 1756 wrote to memory of 408	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	90
PID 1756 wrote to memory of 4828	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	91
PID 1756 wrote to memory of 4828	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	91
PID 1756 wrote to memory of 1044	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	92
PID 1756 wrote to memory of 1044	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	92
PID 1756 wrote to memory of 2920	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	93
PID 1756 wrote to memory of 2920	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	93
PID 1756 wrote to memory of 3896	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	94
PID 1756 wrote to memory of 3896	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	94
PID 1756 wrote to memory of 532	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	95
PID 1756 wrote to memory of 532	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	95
PID 1756 wrote to memory of 5052	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	96
PID 1756 wrote to memory of 5052	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	96
PID 1756 wrote to memory of 4252	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	97
PID 1756 wrote to memory of 4252	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	97
PID 1756 wrote to memory of 508	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	98
PID 1756 wrote to memory of 508	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	98
PID 1756 wrote to memory of 4568	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	99
PID 1756 wrote to memory of 4568	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	99
PID 1756 wrote to memory of 4624	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	100
PID 1756 wrote to memory of 4624	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	100
PID 1756 wrote to memory of 1696	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	101
PID 1756 wrote to memory of 1696	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	101
PID 1756 wrote to memory of 2824	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	102
PID 1756 wrote to memory of 2824	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	102
PID 1756 wrote to memory of 2256	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	103
PID 1756 wrote to memory of 2256	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	103
PID 1756 wrote to memory of 696	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	104
PID 1756 wrote to memory of 696	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	104
PID 1756 wrote to memory of 624	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	105
PID 1756 wrote to memory of 624	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	105
PID 1756 wrote to memory of 2504	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	106
PID 1756 wrote to memory of 2504	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	106
PID 1756 wrote to memory of 4544	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	107
PID 1756 wrote to memory of 4544	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	107
PID 1756 wrote to memory of 1144	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	108
PID 1756 wrote to memory of 1144	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	108
PID 1756 wrote to memory of 3660	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	109
PID 1756 wrote to memory of 3660	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	109
PID 1756 wrote to memory of 4600	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	110
PID 1756 wrote to memory of 4600	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	110
PID 1756 wrote to memory of 4984	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	111
PID 1756 wrote to memory of 4984	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	111
PID 1756 wrote to memory of 3552	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	112
PID 1756 wrote to memory of 3552	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	112
PID 1756 wrote to memory of 804	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	113
PID 1756 wrote to memory of 804	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	113
PID 1756 wrote to memory of 2396	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	114
PID 1756 wrote to memory of 2396	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	114
PID 1756 wrote to memory of 1564	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	115
PID 1756 wrote to memory of 1564	1756	476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\476467a7aeca75c4d38a554c164b9c261162d0f797f1f284d0f031a6902be499_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\System32\PxWIVWg.exe
  C:\Windows\System32\PxWIVWg.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System32\AlIqWyx.exe
  C:\Windows\System32\AlIqWyx.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System32\DzgpbzT.exe
  C:\Windows\System32\DzgpbzT.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System32\LvOytiH.exe
  C:\Windows\System32\LvOytiH.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System32\OoChymT.exe
  C:\Windows\System32\OoChymT.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System32\IhOWbWl.exe
  C:\Windows\System32\IhOWbWl.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System32\rbOeUAB.exe
  C:\Windows\System32\rbOeUAB.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System32\iODjGti.exe
  C:\Windows\System32\iODjGti.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System32\oSTtXRs.exe
  C:\Windows\System32\oSTtXRs.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System32\ZPCwgBH.exe
  C:\Windows\System32\ZPCwgBH.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System32\ADyVAWJ.exe
  C:\Windows\System32\ADyVAWJ.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System32\kgbBJlf.exe
  C:\Windows\System32\kgbBJlf.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System32\YYvsGnF.exe
  C:\Windows\System32\YYvsGnF.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System32\cWbsVul.exe
  C:\Windows\System32\cWbsVul.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System32\NTXZmYj.exe
  C:\Windows\System32\NTXZmYj.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System32\cOfAneF.exe
  C:\Windows\System32\cOfAneF.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System32\ZJqLMSb.exe
  C:\Windows\System32\ZJqLMSb.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System32\tXKhRXP.exe
  C:\Windows\System32\tXKhRXP.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System32\bRopAfw.exe
  C:\Windows\System32\bRopAfw.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System32\xdqHmSO.exe
  C:\Windows\System32\xdqHmSO.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System32\jLPPWsV.exe
  C:\Windows\System32\jLPPWsV.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System32\YPXnHUU.exe
  C:\Windows\System32\YPXnHUU.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System32\zGQmvnZ.exe
  C:\Windows\System32\zGQmvnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System32\DFaZXiS.exe
  C:\Windows\System32\DFaZXiS.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System32\NDbYjGD.exe
  C:\Windows\System32\NDbYjGD.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System32\qAinyhk.exe
  C:\Windows\System32\qAinyhk.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System32\ZEMLHGD.exe
  C:\Windows\System32\ZEMLHGD.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System32\jrDTfLx.exe
  C:\Windows\System32\jrDTfLx.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System32\bfmXsLh.exe
  C:\Windows\System32\bfmXsLh.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System32\QyDffrk.exe
  C:\Windows\System32\QyDffrk.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System32\UhYByov.exe
  C:\Windows\System32\UhYByov.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System32\xDNwBJr.exe
  C:\Windows\System32\xDNwBJr.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System32\UYsfbdi.exe
  C:\Windows\System32\UYsfbdi.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System32\JjOTkQT.exe
  C:\Windows\System32\JjOTkQT.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System32\VSDqgWd.exe
  C:\Windows\System32\VSDqgWd.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System32\bJQRKXu.exe
  C:\Windows\System32\bJQRKXu.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System32\JWrHaPP.exe
  C:\Windows\System32\JWrHaPP.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System32\NjNYhHH.exe
  C:\Windows\System32\NjNYhHH.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System32\JZtWUFQ.exe
  C:\Windows\System32\JZtWUFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System32\cZfcgFy.exe
  C:\Windows\System32\cZfcgFy.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System32\qNiNVPB.exe
  C:\Windows\System32\qNiNVPB.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System32\WHTIDUy.exe
  C:\Windows\System32\WHTIDUy.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System32\rGavupm.exe
  C:\Windows\System32\rGavupm.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System32\cAtPOiT.exe
  C:\Windows\System32\cAtPOiT.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System32\WerQenq.exe
  C:\Windows\System32\WerQenq.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System32\VCSfaWA.exe
  C:\Windows\System32\VCSfaWA.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System32\RTKQwcT.exe
  C:\Windows\System32\RTKQwcT.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System32\fOWIEpB.exe
  C:\Windows\System32\fOWIEpB.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System32\yFUUyGH.exe
  C:\Windows\System32\yFUUyGH.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System32\loPBxbZ.exe
  C:\Windows\System32\loPBxbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System32\ZZqZERy.exe
  C:\Windows\System32\ZZqZERy.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System32\thKMLnF.exe
  C:\Windows\System32\thKMLnF.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System32\hSOErUX.exe
  C:\Windows\System32\hSOErUX.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System32\WyGioIU.exe
  C:\Windows\System32\WyGioIU.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System32\WnlnaxY.exe
  C:\Windows\System32\WnlnaxY.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System32\QnhwrnJ.exe
  C:\Windows\System32\QnhwrnJ.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System32\csBuaIM.exe
  C:\Windows\System32\csBuaIM.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System32\dUKtumd.exe
  C:\Windows\System32\dUKtumd.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System32\dipkNrW.exe
  C:\Windows\System32\dipkNrW.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System32\xBgTSfB.exe
  C:\Windows\System32\xBgTSfB.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System32\UkMZGBJ.exe
  C:\Windows\System32\UkMZGBJ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System32\lNguTxd.exe
  C:\Windows\System32\lNguTxd.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System32\AuQKqwc.exe
  C:\Windows\System32\AuQKqwc.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System32\fngrkQl.exe
  C:\Windows\System32\fngrkQl.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System32\WmALAlm.exe
  C:\Windows\System32\WmALAlm.exe
  2⤵
  PID:4056
- C:\Windows\System32\KFOhXWa.exe
  C:\Windows\System32\KFOhXWa.exe
  2⤵
  PID:1824
- C:\Windows\System32\mIwjaGj.exe
  C:\Windows\System32\mIwjaGj.exe
  2⤵
  PID:4784
- C:\Windows\System32\vRkPmnz.exe
  C:\Windows\System32\vRkPmnz.exe
  2⤵
  PID:3372
- C:\Windows\System32\micEuXF.exe
  C:\Windows\System32\micEuXF.exe
  2⤵
  PID:4280
- C:\Windows\System32\rQOBybi.exe
  C:\Windows\System32\rQOBybi.exe
  2⤵
  PID:3392
- C:\Windows\System32\zZnCOgA.exe
  C:\Windows\System32\zZnCOgA.exe
  2⤵
  PID:4656
- C:\Windows\System32\zObYJqr.exe
  C:\Windows\System32\zObYJqr.exe
  2⤵
  PID:2636
- C:\Windows\System32\QJByOuD.exe
  C:\Windows\System32\QJByOuD.exe
  2⤵
  PID:1920
- C:\Windows\System32\bftekMq.exe
  C:\Windows\System32\bftekMq.exe
  2⤵
  PID:1464
- C:\Windows\System32\njfiZaS.exe
  C:\Windows\System32\njfiZaS.exe
  2⤵
  PID:920
- C:\Windows\System32\cXgchRT.exe
  C:\Windows\System32\cXgchRT.exe
  2⤵
  PID:4488
- C:\Windows\System32\ybAFLsj.exe
  C:\Windows\System32\ybAFLsj.exe
  2⤵
  PID:4308
- C:\Windows\System32\HzpcPLF.exe
  C:\Windows\System32\HzpcPLF.exe
  2⤵
  PID:2240
- C:\Windows\System32\EZuFSKt.exe
  C:\Windows\System32\EZuFSKt.exe
  2⤵
  PID:5140
- C:\Windows\System32\aKCmiJF.exe
  C:\Windows\System32\aKCmiJF.exe
  2⤵
  PID:5168
- C:\Windows\System32\VGAbAyn.exe
  C:\Windows\System32\VGAbAyn.exe
  2⤵
  PID:5196
- C:\Windows\System32\DjuHssV.exe
  C:\Windows\System32\DjuHssV.exe
  2⤵
  PID:5224
- C:\Windows\System32\sNMbbhu.exe
  C:\Windows\System32\sNMbbhu.exe
  2⤵
  PID:5252
- C:\Windows\System32\stiflBf.exe
  C:\Windows\System32\stiflBf.exe
  2⤵
  PID:5280
- C:\Windows\System32\uluzPlC.exe
  C:\Windows\System32\uluzPlC.exe
  2⤵
  PID:5308
- C:\Windows\System32\RiGXWNS.exe
  C:\Windows\System32\RiGXWNS.exe
  2⤵
  PID:5336
- C:\Windows\System32\eZBdyAQ.exe
  C:\Windows\System32\eZBdyAQ.exe
  2⤵
  PID:5364
- C:\Windows\System32\PRILIUX.exe
  C:\Windows\System32\PRILIUX.exe
  2⤵
  PID:5392
- C:\Windows\System32\PLpfnEN.exe
  C:\Windows\System32\PLpfnEN.exe
  2⤵
  PID:5420
- C:\Windows\System32\hODbFqM.exe
  C:\Windows\System32\hODbFqM.exe
  2⤵
  PID:5448
- C:\Windows\System32\gRXfPsF.exe
  C:\Windows\System32\gRXfPsF.exe
  2⤵
  PID:5476
- C:\Windows\System32\pjYtQUI.exe
  C:\Windows\System32\pjYtQUI.exe
  2⤵
  PID:5504
- C:\Windows\System32\tzeyzFD.exe
  C:\Windows\System32\tzeyzFD.exe
  2⤵
  PID:5532
- C:\Windows\System32\qXycBWT.exe
  C:\Windows\System32\qXycBWT.exe
  2⤵
  PID:5560
- C:\Windows\System32\UvCPGbT.exe
  C:\Windows\System32\UvCPGbT.exe
  2⤵
  PID:5588
- C:\Windows\System32\ijImGRG.exe
  C:\Windows\System32\ijImGRG.exe
  2⤵
  PID:5616
- C:\Windows\System32\YHfTski.exe
  C:\Windows\System32\YHfTski.exe
  2⤵
  PID:5644
- C:\Windows\System32\JqCwHgT.exe
  C:\Windows\System32\JqCwHgT.exe
  2⤵
  PID:5672
- C:\Windows\System32\myiGZWj.exe
  C:\Windows\System32\myiGZWj.exe
  2⤵
  PID:5700
- C:\Windows\System32\fZuWVbs.exe
  C:\Windows\System32\fZuWVbs.exe
  2⤵
  PID:5728
- C:\Windows\System32\BRuOGKy.exe
  C:\Windows\System32\BRuOGKy.exe
  2⤵
  PID:5756
- C:\Windows\System32\uMuzebR.exe
  C:\Windows\System32\uMuzebR.exe
  2⤵
  PID:5784
- C:\Windows\System32\wPlGaBE.exe
  C:\Windows\System32\wPlGaBE.exe
  2⤵
  PID:5812
- C:\Windows\System32\yMuqFWp.exe
  C:\Windows\System32\yMuqFWp.exe
  2⤵
  PID:5840
- C:\Windows\System32\UJzogdL.exe
  C:\Windows\System32\UJzogdL.exe
  2⤵
  PID:5868
- C:\Windows\System32\vEqdzJD.exe
  C:\Windows\System32\vEqdzJD.exe
  2⤵
  PID:5896
- C:\Windows\System32\sXrQHrk.exe
  C:\Windows\System32\sXrQHrk.exe
  2⤵
  PID:5924
- C:\Windows\System32\TfFZqzr.exe
  C:\Windows\System32\TfFZqzr.exe
  2⤵
  PID:5952
- C:\Windows\System32\apXHNoz.exe
  C:\Windows\System32\apXHNoz.exe
  2⤵
  PID:5980
- C:\Windows\System32\PbkFPsY.exe
  C:\Windows\System32\PbkFPsY.exe
  2⤵
  PID:6008
- C:\Windows\System32\QMppumj.exe
  C:\Windows\System32\QMppumj.exe
  2⤵
  PID:6036
- C:\Windows\System32\ojUJbva.exe
  C:\Windows\System32\ojUJbva.exe
  2⤵
  PID:6064
- C:\Windows\System32\LocljpV.exe
  C:\Windows\System32\LocljpV.exe
  2⤵
  PID:6092
- C:\Windows\System32\JPZYDEi.exe
  C:\Windows\System32\JPZYDEi.exe
  2⤵
  PID:6120
- C:\Windows\System32\zEYEOsP.exe
  C:\Windows\System32\zEYEOsP.exe
  2⤵
  PID:964
- C:\Windows\System32\ZralQan.exe
  C:\Windows\System32\ZralQan.exe
  2⤵
  PID:5116
- C:\Windows\System32\jpBEozC.exe
  C:\Windows\System32\jpBEozC.exe
  2⤵
  PID:3104
- C:\Windows\System32\XTifcRo.exe
  C:\Windows\System32\XTifcRo.exe
  2⤵
  PID:4424
- C:\Windows\System32\LmRZFvq.exe
  C:\Windows\System32\LmRZFvq.exe
  2⤵
  PID:3640
- C:\Windows\System32\eDtsOVt.exe
  C:\Windows\System32\eDtsOVt.exe
  2⤵
  PID:744
- C:\Windows\System32\kpPXiri.exe
  C:\Windows\System32\kpPXiri.exe
  2⤵
  PID:5128
- C:\Windows\System32\PjUdFtK.exe
  C:\Windows\System32\PjUdFtK.exe
  2⤵
  PID:5208
- C:\Windows\System32\DZsISnF.exe
  C:\Windows\System32\DZsISnF.exe
  2⤵
  PID:5276
- C:\Windows\System32\qdMwiaZ.exe
  C:\Windows\System32\qdMwiaZ.exe
  2⤵
  PID:5324
- C:\Windows\System32\zsyGTXz.exe
  C:\Windows\System32\zsyGTXz.exe
  2⤵
  PID:5404
- C:\Windows\System32\xnlKtSg.exe
  C:\Windows\System32\xnlKtSg.exe
  2⤵
  PID:5472
- C:\Windows\System32\NHCgQWX.exe
  C:\Windows\System32\NHCgQWX.exe
  2⤵
  PID:5520
- C:\Windows\System32\PJMCNCq.exe
  C:\Windows\System32\PJMCNCq.exe
  2⤵
  PID:5600
- C:\Windows\System32\mPprPrI.exe
  C:\Windows\System32\mPprPrI.exe
  2⤵
  PID:5668
- C:\Windows\System32\DGcEMCh.exe
  C:\Windows\System32\DGcEMCh.exe
  2⤵
  PID:5716
- C:\Windows\System32\skkxpew.exe
  C:\Windows\System32\skkxpew.exe
  2⤵
  PID:5796
- C:\Windows\System32\IEsFbfj.exe
  C:\Windows\System32\IEsFbfj.exe
  2⤵
  PID:5864
- C:\Windows\System32\dPnvKwR.exe
  C:\Windows\System32\dPnvKwR.exe
  2⤵
  PID:5912
- C:\Windows\System32\gncugnu.exe
  C:\Windows\System32\gncugnu.exe
  2⤵
  PID:5968
- C:\Windows\System32\pjthQpX.exe
  C:\Windows\System32\pjthQpX.exe
  2⤵
  PID:6048
- C:\Windows\System32\vsQXVYJ.exe
  C:\Windows\System32\vsQXVYJ.exe
  2⤵
  PID:6116
- C:\Windows\System32\BtRcFJe.exe
  C:\Windows\System32\BtRcFJe.exe
  2⤵
  PID:3620
- C:\Windows\System32\EuMbkHf.exe
  C:\Windows\System32\EuMbkHf.exe
  2⤵
  PID:1204
- C:\Windows\System32\MmPDDHN.exe
  C:\Windows\System32\MmPDDHN.exe
  2⤵
  PID:5136
- C:\Windows\System32\txrKNrg.exe
  C:\Windows\System32\txrKNrg.exe
  2⤵
  PID:5248
- C:\Windows\System32\MWSaUBr.exe
  C:\Windows\System32\MWSaUBr.exe
  2⤵
  PID:5432
- C:\Windows\System32\rgxMvLx.exe
  C:\Windows\System32\rgxMvLx.exe
  2⤵
  PID:5576
- C:\Windows\System32\fQeHSnQ.exe
  C:\Windows\System32\fQeHSnQ.exe
  2⤵
  PID:5688
- C:\Windows\System32\nBVrbeT.exe
  C:\Windows\System32\nBVrbeT.exe
  2⤵
  PID:5892
- C:\Windows\System32\TbgFmtP.exe
  C:\Windows\System32\TbgFmtP.exe
  2⤵
  PID:6024
- C:\Windows\System32\EFHQYRs.exe
  C:\Windows\System32\EFHQYRs.exe
  2⤵
  PID:4508
- C:\Windows\System32\MggITUK.exe
  C:\Windows\System32\MggITUK.exe
  2⤵
  PID:2364
- C:\Windows\System32\wGXdUYP.exe
  C:\Windows\System32\wGXdUYP.exe
  2⤵
  PID:5500
- C:\Windows\System32\clCrEXZ.exe
  C:\Windows\System32\clCrEXZ.exe
  2⤵
  PID:5836
- C:\Windows\System32\fFfxgux.exe
  C:\Windows\System32\fFfxgux.exe
  2⤵
  PID:6104
- C:\Windows\System32\KAYGgLi.exe
  C:\Windows\System32\KAYGgLi.exe
  2⤵
  PID:6156
- C:\Windows\System32\nMXlSGv.exe
  C:\Windows\System32\nMXlSGv.exe
  2⤵
  PID:6184
- C:\Windows\System32\esGfStX.exe
  C:\Windows\System32\esGfStX.exe
  2⤵
  PID:6212
- C:\Windows\System32\mDlnFwj.exe
  C:\Windows\System32\mDlnFwj.exe
  2⤵
  PID:6240
- C:\Windows\System32\CirDkni.exe
  C:\Windows\System32\CirDkni.exe
  2⤵
  PID:6268
- C:\Windows\System32\QfkERIo.exe
  C:\Windows\System32\QfkERIo.exe
  2⤵
  PID:6296
- C:\Windows\System32\yGetLDs.exe
  C:\Windows\System32\yGetLDs.exe
  2⤵
  PID:6324
- C:\Windows\System32\gRigGki.exe
  C:\Windows\System32\gRigGki.exe
  2⤵
  PID:6352
- C:\Windows\System32\auZuJAD.exe
  C:\Windows\System32\auZuJAD.exe
  2⤵
  PID:6380
- C:\Windows\System32\pJccMug.exe
  C:\Windows\System32\pJccMug.exe
  2⤵
  PID:6408
- C:\Windows\System32\ZeFYxaK.exe
  C:\Windows\System32\ZeFYxaK.exe
  2⤵
  PID:6436
- C:\Windows\System32\kXOFfoa.exe
  C:\Windows\System32\kXOFfoa.exe
  2⤵
  PID:6464
- C:\Windows\System32\xyUxXio.exe
  C:\Windows\System32\xyUxXio.exe
  2⤵
  PID:6492
- C:\Windows\System32\BmfdbSX.exe
  C:\Windows\System32\BmfdbSX.exe
  2⤵
  PID:6520
- C:\Windows\System32\sTIIGqG.exe
  C:\Windows\System32\sTIIGqG.exe
  2⤵
  PID:6548
- C:\Windows\System32\HRINNiX.exe
  C:\Windows\System32\HRINNiX.exe
  2⤵
  PID:6576
- C:\Windows\System32\IZzfnAT.exe
  C:\Windows\System32\IZzfnAT.exe
  2⤵
  PID:6604
- C:\Windows\System32\IyZkIEn.exe
  C:\Windows\System32\IyZkIEn.exe
  2⤵
  PID:6632
- C:\Windows\System32\bBuZaeu.exe
  C:\Windows\System32\bBuZaeu.exe
  2⤵
  PID:6660
- C:\Windows\System32\okMawqd.exe
  C:\Windows\System32\okMawqd.exe
  2⤵
  PID:6688
- C:\Windows\System32\BPvBCKQ.exe
  C:\Windows\System32\BPvBCKQ.exe
  2⤵
  PID:6716
- C:\Windows\System32\ueOBVCc.exe
  C:\Windows\System32\ueOBVCc.exe
  2⤵
  PID:6744
- C:\Windows\System32\lWbiJuT.exe
  C:\Windows\System32\lWbiJuT.exe
  2⤵
  PID:6772
- C:\Windows\System32\hRDdztg.exe
  C:\Windows\System32\hRDdztg.exe
  2⤵
  PID:6800
- C:\Windows\System32\tZjLOev.exe
  C:\Windows\System32\tZjLOev.exe
  2⤵
  PID:6828
- C:\Windows\System32\twjmQOR.exe
  C:\Windows\System32\twjmQOR.exe
  2⤵
  PID:6856
- C:\Windows\System32\ZXVDrPX.exe
  C:\Windows\System32\ZXVDrPX.exe
  2⤵
  PID:6884
- C:\Windows\System32\vNjPxBl.exe
  C:\Windows\System32\vNjPxBl.exe
  2⤵
  PID:6912
- C:\Windows\System32\xOLEYje.exe
  C:\Windows\System32\xOLEYje.exe
  2⤵
  PID:6940
- C:\Windows\System32\SqAnIDS.exe
  C:\Windows\System32\SqAnIDS.exe
  2⤵
  PID:6968
- C:\Windows\System32\hahMfnW.exe
  C:\Windows\System32\hahMfnW.exe
  2⤵
  PID:6996
- C:\Windows\System32\mFBpYAI.exe
  C:\Windows\System32\mFBpYAI.exe
  2⤵
  PID:7024
- C:\Windows\System32\GNfojYY.exe
  C:\Windows\System32\GNfojYY.exe
  2⤵
  PID:7052
- C:\Windows\System32\jRebzgg.exe
  C:\Windows\System32\jRebzgg.exe
  2⤵
  PID:7080
- C:\Windows\System32\mGnXItU.exe
  C:\Windows\System32\mGnXItU.exe
  2⤵
  PID:7108
- C:\Windows\System32\ABqNhtG.exe
  C:\Windows\System32\ABqNhtG.exe
  2⤵
  PID:7136
- C:\Windows\System32\NnIbgkf.exe
  C:\Windows\System32\NnIbgkf.exe
  2⤵
  PID:7164
- C:\Windows\System32\rdLmjTc.exe
  C:\Windows\System32\rdLmjTc.exe
  2⤵
  PID:3948
- C:\Windows\System32\iWgfuSu.exe
  C:\Windows\System32\iWgfuSu.exe
  2⤵
  PID:6180
- C:\Windows\System32\OGZlVsw.exe
  C:\Windows\System32\OGZlVsw.exe
  2⤵
  PID:6228
- C:\Windows\System32\nsHEoTl.exe
  C:\Windows\System32\nsHEoTl.exe
  2⤵
  PID:6308
- C:\Windows\System32\uMEDXJl.exe
  C:\Windows\System32\uMEDXJl.exe
  2⤵
  PID:6364
- C:\Windows\System32\AdYNlwS.exe
  C:\Windows\System32\AdYNlwS.exe
  2⤵
  PID:6432
- C:\Windows\System32\HbKPTTO.exe
  C:\Windows\System32\HbKPTTO.exe
  2⤵
  PID:6480
- C:\Windows\System32\uDxSuKH.exe
  C:\Windows\System32\uDxSuKH.exe
  2⤵
  PID:6560
- C:\Windows\System32\efxZyZD.exe
  C:\Windows\System32\efxZyZD.exe
  2⤵
  PID:6628
- C:\Windows\System32\kKGxHjG.exe
  C:\Windows\System32\kKGxHjG.exe
  2⤵
  PID:6676
- C:\Windows\System32\arzcJhC.exe
  C:\Windows\System32\arzcJhC.exe
  2⤵
  PID:2424
- C:\Windows\System32\TFudpin.exe
  C:\Windows\System32\TFudpin.exe
  2⤵
  PID:6812
- C:\Windows\System32\dlUXeqO.exe
  C:\Windows\System32\dlUXeqO.exe
  2⤵
  PID:6880
- C:\Windows\System32\HSPbGbd.exe
  C:\Windows\System32\HSPbGbd.exe
  2⤵
  PID:6928
- C:\Windows\System32\IXPzarv.exe
  C:\Windows\System32\IXPzarv.exe
  2⤵
  PID:7008
- C:\Windows\System32\gbYPOUW.exe
  C:\Windows\System32\gbYPOUW.exe
  2⤵
  PID:7064
- C:\Windows\System32\TNwBwIg.exe
  C:\Windows\System32\TNwBwIg.exe
  2⤵
  PID:7132
- C:\Windows\System32\UiIbXXy.exe
  C:\Windows\System32\UiIbXXy.exe
  2⤵
  PID:5768
- C:\Windows\System32\xmgDzBm.exe
  C:\Windows\System32\xmgDzBm.exe
  2⤵
  PID:6256
- C:\Windows\System32\MvYmsmy.exe
  C:\Windows\System32\MvYmsmy.exe
  2⤵
  PID:6420
- C:\Windows\System32\PfMbMTw.exe
  C:\Windows\System32\PfMbMTw.exe
  2⤵
  PID:6532
- C:\Windows\System32\ChacEbP.exe
  C:\Windows\System32\ChacEbP.exe
  2⤵
  PID:6712
- C:\Windows\System32\gubxmna.exe
  C:\Windows\System32\gubxmna.exe
  2⤵
  PID:6868
- C:\Windows\System32\jGpuMkA.exe
  C:\Windows\System32\jGpuMkA.exe
  2⤵
  PID:6980
- C:\Windows\System32\RHKMdhr.exe
  C:\Windows\System32\RHKMdhr.exe
  2⤵
  PID:7120
- C:\Windows\System32\iwqerRP.exe
  C:\Windows\System32\iwqerRP.exe
  2⤵
  PID:6200
- C:\Windows\System32\GNzUIJD.exe
  C:\Windows\System32\GNzUIJD.exe
  2⤵
  PID:7188
- C:\Windows\System32\brGIuVx.exe
  C:\Windows\System32\brGIuVx.exe
  2⤵
  PID:7216
- C:\Windows\System32\JmyChyE.exe
  C:\Windows\System32\JmyChyE.exe
  2⤵
  PID:7244
- C:\Windows\System32\CKRBwgR.exe
  C:\Windows\System32\CKRBwgR.exe
  2⤵
  PID:7272
- C:\Windows\System32\vmfDySX.exe
  C:\Windows\System32\vmfDySX.exe
  2⤵
  PID:7300
- C:\Windows\System32\TVfSCio.exe
  C:\Windows\System32\TVfSCio.exe
  2⤵
  PID:7328
- C:\Windows\System32\wApKEzv.exe
  C:\Windows\System32\wApKEzv.exe
  2⤵
  PID:7356
- C:\Windows\System32\vMOnUyL.exe
  C:\Windows\System32\vMOnUyL.exe
  2⤵
  PID:7384
- C:\Windows\System32\EcVxjkB.exe
  C:\Windows\System32\EcVxjkB.exe
  2⤵
  PID:7412
- C:\Windows\System32\wBnKnYr.exe
  C:\Windows\System32\wBnKnYr.exe
  2⤵
  PID:7440
- C:\Windows\System32\YKIWiHo.exe
  C:\Windows\System32\YKIWiHo.exe
  2⤵
  PID:7468
- C:\Windows\System32\jnNbIaT.exe
  C:\Windows\System32\jnNbIaT.exe
  2⤵
  PID:7496
- C:\Windows\System32\qmfaxRi.exe
  C:\Windows\System32\qmfaxRi.exe
  2⤵
  PID:7524
- C:\Windows\System32\MUSUWyy.exe
  C:\Windows\System32\MUSUWyy.exe
  2⤵
  PID:7552
- C:\Windows\System32\MUuaAYx.exe
  C:\Windows\System32\MUuaAYx.exe
  2⤵
  PID:7580
- C:\Windows\System32\FYvHMKJ.exe
  C:\Windows\System32\FYvHMKJ.exe
  2⤵
  PID:7608
- C:\Windows\System32\BwtAIkC.exe
  C:\Windows\System32\BwtAIkC.exe
  2⤵
  PID:7636
- C:\Windows\System32\qUPywqX.exe
  C:\Windows\System32\qUPywqX.exe
  2⤵
  PID:7664
- C:\Windows\System32\USLhvvX.exe
  C:\Windows\System32\USLhvvX.exe
  2⤵
  PID:7692
- C:\Windows\System32\EWIvHNt.exe
  C:\Windows\System32\EWIvHNt.exe
  2⤵
  PID:7720
- C:\Windows\System32\frPmyRV.exe
  C:\Windows\System32\frPmyRV.exe
  2⤵
  PID:7748
- C:\Windows\System32\FpQhylS.exe
  C:\Windows\System32\FpQhylS.exe
  2⤵
  PID:7776
- C:\Windows\System32\fOqvANZ.exe
  C:\Windows\System32\fOqvANZ.exe
  2⤵
  PID:7804
- C:\Windows\System32\raHhyMo.exe
  C:\Windows\System32\raHhyMo.exe
  2⤵
  PID:7832
- C:\Windows\System32\tzcvXdR.exe
  C:\Windows\System32\tzcvXdR.exe
  2⤵
  PID:7860
- C:\Windows\System32\anOMSBH.exe
  C:\Windows\System32\anOMSBH.exe
  2⤵
  PID:7888
- C:\Windows\System32\MHuDydT.exe
  C:\Windows\System32\MHuDydT.exe
  2⤵
  PID:7916
- C:\Windows\System32\AkwoGAK.exe
  C:\Windows\System32\AkwoGAK.exe
  2⤵
  PID:7944
- C:\Windows\System32\RZVCRbR.exe
  C:\Windows\System32\RZVCRbR.exe
  2⤵
  PID:7972
- C:\Windows\System32\SzFDzvb.exe
  C:\Windows\System32\SzFDzvb.exe
  2⤵
  PID:8000
- C:\Windows\System32\YmxYrcw.exe
  C:\Windows\System32\YmxYrcw.exe
  2⤵
  PID:8076
- C:\Windows\System32\SCFjeoA.exe
  C:\Windows\System32\SCFjeoA.exe
  2⤵
  PID:8108
- C:\Windows\System32\NvFiaPp.exe
  C:\Windows\System32\NvFiaPp.exe
  2⤵
  PID:8128
- C:\Windows\System32\RhodUHr.exe
  C:\Windows\System32\RhodUHr.exe
  2⤵
  PID:8164
- C:\Windows\System32\HeDKdoc.exe
  C:\Windows\System32\HeDKdoc.exe
  2⤵
  PID:6536
- C:\Windows\System32\hJIQSmi.exe
  C:\Windows\System32\hJIQSmi.exe
  2⤵
  PID:2512
- C:\Windows\System32\UpYoTaY.exe
  C:\Windows\System32\UpYoTaY.exe
  2⤵
  PID:632
- C:\Windows\System32\KrEPvOm.exe
  C:\Windows\System32\KrEPvOm.exe
  2⤵
  PID:7200
- C:\Windows\System32\SSXGirY.exe
  C:\Windows\System32\SSXGirY.exe
  2⤵
  PID:7232
- C:\Windows\System32\EvCjdNM.exe
  C:\Windows\System32\EvCjdNM.exe
  2⤵
  PID:7296
- C:\Windows\System32\MdDkyeD.exe
  C:\Windows\System32\MdDkyeD.exe
  2⤵
  PID:7352
- C:\Windows\System32\umaNEOz.exe
  C:\Windows\System32\umaNEOz.exe
  2⤵
  PID:7464
- C:\Windows\System32\QXUpOwm.exe
  C:\Windows\System32\QXUpOwm.exe
  2⤵
  PID:7536
- C:\Windows\System32\WfZpCDQ.exe
  C:\Windows\System32\WfZpCDQ.exe
  2⤵
  PID:7576
- C:\Windows\System32\Tiwanwh.exe
  C:\Windows\System32\Tiwanwh.exe
  2⤵
  PID:7632
- C:\Windows\System32\Gwpzozp.exe
  C:\Windows\System32\Gwpzozp.exe
  2⤵
  PID:7772
- C:\Windows\System32\ZbtnZqg.exe
  C:\Windows\System32\ZbtnZqg.exe
  2⤵
  PID:7820
- C:\Windows\System32\xshDuBm.exe
  C:\Windows\System32\xshDuBm.exe
  2⤵
  PID:3672
- C:\Windows\System32\FIhkByX.exe
  C:\Windows\System32\FIhkByX.exe
  2⤵
  PID:7956
- C:\Windows\System32\nAtuhtb.exe
  C:\Windows\System32\nAtuhtb.exe
  2⤵
  PID:1964
- C:\Windows\System32\DZZCwlR.exe
  C:\Windows\System32\DZZCwlR.exe
  2⤵
  PID:3332
- C:\Windows\System32\WXgFPzU.exe
  C:\Windows\System32\WXgFPzU.exe
  2⤵
  PID:2476
- C:\Windows\System32\HAiPtos.exe
  C:\Windows\System32\HAiPtos.exe
  2⤵
  PID:1636
- C:\Windows\System32\IDxbiuB.exe
  C:\Windows\System32\IDxbiuB.exe
  2⤵
  PID:2036
- C:\Windows\System32\mdLRWAx.exe
  C:\Windows\System32\mdLRWAx.exe
  2⤵
  PID:2480
- C:\Windows\System32\Uuanzqq.exe
  C:\Windows\System32\Uuanzqq.exe
  2⤵
  PID:8104
- C:\Windows\System32\DQQXCWi.exe
  C:\Windows\System32\DQQXCWi.exe
  2⤵
  PID:8156
- C:\Windows\System32\PPVndsU.exe
  C:\Windows\System32\PPVndsU.exe
  2⤵
  PID:7428
- C:\Windows\System32\unfIHce.exe
  C:\Windows\System32\unfIHce.exe
  2⤵
  PID:7680
- C:\Windows\System32\aIXeRrf.exe
  C:\Windows\System32\aIXeRrf.exe
  2⤵
  PID:2308
- C:\Windows\System32\vybJwGS.exe
  C:\Windows\System32\vybJwGS.exe
  2⤵
  PID:1176
- C:\Windows\System32\VCJmCYA.exe
  C:\Windows\System32\VCJmCYA.exe
  2⤵
  PID:7396
- C:\Windows\System32\wVAVOkg.exe
  C:\Windows\System32\wVAVOkg.exe
  2⤵
  PID:7652
- C:\Windows\System32\ONORHgO.exe
  C:\Windows\System32\ONORHgO.exe
  2⤵
  PID:376
- C:\Windows\System32\vGcesCu.exe
  C:\Windows\System32\vGcesCu.exe
  2⤵
  PID:4032
- C:\Windows\System32\JYhYuaD.exe
  C:\Windows\System32\JYhYuaD.exe
  2⤵
  PID:2720
- C:\Windows\System32\XmdnuGc.exe
  C:\Windows\System32\XmdnuGc.exe
  2⤵
  PID:7260
- C:\Windows\System32\XxaFGrL.exe
  C:\Windows\System32\XxaFGrL.exe
  2⤵
  PID:8196
- C:\Windows\System32\PUlqExy.exe
  C:\Windows\System32\PUlqExy.exe
  2⤵
  PID:8224
- C:\Windows\System32\wOPtKOF.exe
  C:\Windows\System32\wOPtKOF.exe
  2⤵
  PID:8252
- C:\Windows\System32\SFJNDMn.exe
  C:\Windows\System32\SFJNDMn.exe
  2⤵
  PID:8280
- C:\Windows\System32\aESJiuE.exe
  C:\Windows\System32\aESJiuE.exe
  2⤵
  PID:8316
- C:\Windows\System32\wEqAuXQ.exe
  C:\Windows\System32\wEqAuXQ.exe
  2⤵
  PID:8336
- C:\Windows\System32\LOXBMTE.exe
  C:\Windows\System32\LOXBMTE.exe
  2⤵
  PID:8364
- C:\Windows\System32\qeQXmFe.exe
  C:\Windows\System32\qeQXmFe.exe
  2⤵
  PID:8384
- C:\Windows\System32\qzLsDcX.exe
  C:\Windows\System32\qzLsDcX.exe
  2⤵
  PID:8408
- C:\Windows\System32\PJfazzU.exe
  C:\Windows\System32\PJfazzU.exe
  2⤵
  PID:8440
- C:\Windows\System32\eAxzTML.exe
  C:\Windows\System32\eAxzTML.exe
  2⤵
  PID:8480
- C:\Windows\System32\jSrMVYQ.exe
  C:\Windows\System32\jSrMVYQ.exe
  2⤵
  PID:8508
- C:\Windows\System32\nDukDcu.exe
  C:\Windows\System32\nDukDcu.exe
  2⤵
  PID:8536
- C:\Windows\System32\hHkUakB.exe
  C:\Windows\System32\hHkUakB.exe
  2⤵
  PID:8564
- C:\Windows\System32\cbtWvSe.exe
  C:\Windows\System32\cbtWvSe.exe
  2⤵
  PID:8596
- C:\Windows\System32\UNimIOB.exe
  C:\Windows\System32\UNimIOB.exe
  2⤵
  PID:8624
- C:\Windows\System32\lAfHPbp.exe
  C:\Windows\System32\lAfHPbp.exe
  2⤵
  PID:8652
- C:\Windows\System32\eRfOCEr.exe
  C:\Windows\System32\eRfOCEr.exe
  2⤵
  PID:8680
- C:\Windows\System32\EzRBaxK.exe
  C:\Windows\System32\EzRBaxK.exe
  2⤵
  PID:8700
- C:\Windows\System32\EzACZWW.exe
  C:\Windows\System32\EzACZWW.exe
  2⤵
  PID:8776
- C:\Windows\System32\EtbbJLE.exe
  C:\Windows\System32\EtbbJLE.exe
  2⤵
  PID:8808
- C:\Windows\System32\yFYuRUx.exe
  C:\Windows\System32\yFYuRUx.exe
  2⤵
  PID:8844
- C:\Windows\System32\dNIBRCE.exe
  C:\Windows\System32\dNIBRCE.exe
  2⤵
  PID:8880
- C:\Windows\System32\LEBvyVG.exe
  C:\Windows\System32\LEBvyVG.exe
  2⤵
  PID:8908
- C:\Windows\System32\JRWKoLg.exe
  C:\Windows\System32\JRWKoLg.exe
  2⤵
  PID:8940
- C:\Windows\System32\awkAeec.exe
  C:\Windows\System32\awkAeec.exe
  2⤵
  PID:8964
- C:\Windows\System32\xGsdUnW.exe
  C:\Windows\System32\xGsdUnW.exe
  2⤵
  PID:8992
- C:\Windows\System32\jCLVNXT.exe
  C:\Windows\System32\jCLVNXT.exe
  2⤵
  PID:9020
- C:\Windows\System32\GBUNylR.exe
  C:\Windows\System32\GBUNylR.exe
  2⤵
  PID:9048
- C:\Windows\System32\KuMUbkm.exe
  C:\Windows\System32\KuMUbkm.exe
  2⤵
  PID:9076
- C:\Windows\System32\WOOIsdS.exe
  C:\Windows\System32\WOOIsdS.exe
  2⤵
  PID:9108
- C:\Windows\System32\OBIdoIz.exe
  C:\Windows\System32\OBIdoIz.exe
  2⤵
  PID:9144
- C:\Windows\System32\xroCruI.exe
  C:\Windows\System32\xroCruI.exe
  2⤵
  PID:9192
- C:\Windows\System32\MVaLSLU.exe
  C:\Windows\System32\MVaLSLU.exe
  2⤵
  PID:8088
- C:\Windows\System32\xGIBPEc.exe
  C:\Windows\System32\xGIBPEc.exe
  2⤵
  PID:4160
- C:\Windows\System32\GcOMoeE.exe
  C:\Windows\System32\GcOMoeE.exe
  2⤵
  PID:8300
- C:\Windows\System32\FagvGxc.exe
  C:\Windows\System32\FagvGxc.exe
  2⤵
  PID:8400
- C:\Windows\System32\rVbaJeO.exe
  C:\Windows\System32\rVbaJeO.exe
  2⤵
  PID:8452
- C:\Windows\System32\SkzBrEW.exe
  C:\Windows\System32\SkzBrEW.exe
  2⤵
  PID:8504
- C:\Windows\System32\yIUiHoJ.exe
  C:\Windows\System32\yIUiHoJ.exe
  2⤵
  PID:3708
- C:\Windows\System32\qPEXGBb.exe
  C:\Windows\System32\qPEXGBb.exe
  2⤵
  PID:8620
- C:\Windows\System32\lonUcOf.exe
  C:\Windows\System32\lonUcOf.exe
  2⤵
  PID:8668
- C:\Windows\System32\xImzHYF.exe
  C:\Windows\System32\xImzHYF.exe
  2⤵
  PID:8712
- C:\Windows\System32\SoMWbqJ.exe
  C:\Windows\System32\SoMWbqJ.exe
  2⤵
  PID:4124
- C:\Windows\System32\yVHdRFM.exe
  C:\Windows\System32\yVHdRFM.exe
  2⤵
  PID:7452
- C:\Windows\System32\BNJNpyv.exe
  C:\Windows\System32\BNJNpyv.exe
  2⤵
  PID:8920
- C:\Windows\System32\AMOloKe.exe
  C:\Windows\System32\AMOloKe.exe
  2⤵
  PID:8928
- C:\Windows\System32\MPGRvom.exe
  C:\Windows\System32\MPGRvom.exe
  2⤵
  PID:9012
- C:\Windows\System32\SBywbqD.exe
  C:\Windows\System32\SBywbqD.exe
  2⤵
  PID:7904
- C:\Windows\System32\pCNrdVv.exe
  C:\Windows\System32\pCNrdVv.exe
  2⤵
  PID:9140
- C:\Windows\System32\WJRzLEC.exe
  C:\Windows\System32\WJRzLEC.exe
  2⤵
  PID:8244
- C:\Windows\System32\KmIHjCm.exe
  C:\Windows\System32\KmIHjCm.exe
  2⤵
  PID:8376
- C:\Windows\System32\LshHoJR.exe
  C:\Windows\System32\LshHoJR.exe
  2⤵
  PID:8492
- C:\Windows\System32\XXHJEGy.exe
  C:\Windows\System32\XXHJEGy.exe
  2⤵
  PID:8644
- C:\Windows\System32\uMnKWVL.exe
  C:\Windows\System32\uMnKWVL.exe
  2⤵
  PID:7240
- C:\Windows\System32\MOuIrjn.exe
  C:\Windows\System32\MOuIrjn.exe
  2⤵
  PID:9004
- C:\Windows\System32\XLxdplM.exe
  C:\Windows\System32\XLxdplM.exe
  2⤵
  PID:9064
- C:\Windows\System32\lIURLdc.exe
  C:\Windows\System32\lIURLdc.exe
  2⤵
  PID:8612
- C:\Windows\System32\KoOfxxq.exe
  C:\Windows\System32\KoOfxxq.exe
  2⤵
  PID:8236
- C:\Windows\System32\UUrEKHx.exe
  C:\Windows\System32\UUrEKHx.exe
  2⤵
  PID:9232
- C:\Windows\System32\VCKYsEk.exe
  C:\Windows\System32\VCKYsEk.exe
  2⤵
  PID:9264
- C:\Windows\System32\UXgYDzo.exe
  C:\Windows\System32\UXgYDzo.exe
  2⤵
  PID:9304
- C:\Windows\System32\wlXJehi.exe
  C:\Windows\System32\wlXJehi.exe
  2⤵
  PID:9356
- C:\Windows\System32\QxccbeR.exe
  C:\Windows\System32\QxccbeR.exe
  2⤵
  PID:9416
- C:\Windows\System32\eERWKbR.exe
  C:\Windows\System32\eERWKbR.exe
  2⤵
  PID:9448
- C:\Windows\System32\uMkhUEf.exe
  C:\Windows\System32\uMkhUEf.exe
  2⤵
  PID:9476
- C:\Windows\System32\LieEmzP.exe
  C:\Windows\System32\LieEmzP.exe
  2⤵
  PID:9508
- C:\Windows\System32\ovOBNYH.exe
  C:\Windows\System32\ovOBNYH.exe
  2⤵
  PID:9544
- C:\Windows\System32\FzSbNHL.exe
  C:\Windows\System32\FzSbNHL.exe
  2⤵
  PID:9580
- C:\Windows\System32\GUlohIE.exe
  C:\Windows\System32\GUlohIE.exe
  2⤵
  PID:9616
- C:\Windows\System32\cuxFIhM.exe
  C:\Windows\System32\cuxFIhM.exe
  2⤵
  PID:9652
- C:\Windows\System32\flsAHHS.exe
  C:\Windows\System32\flsAHHS.exe
  2⤵
  PID:9680
- C:\Windows\System32\jBXytGU.exe
  C:\Windows\System32\jBXytGU.exe
  2⤵
  PID:9708
- C:\Windows\System32\rCjmbFt.exe
  C:\Windows\System32\rCjmbFt.exe
  2⤵
  PID:9736
- C:\Windows\System32\nYsZcye.exe
  C:\Windows\System32\nYsZcye.exe
  2⤵
  PID:9764
- C:\Windows\System32\kJuAkrq.exe
  C:\Windows\System32\kJuAkrq.exe
  2⤵
  PID:9792
- C:\Windows\System32\LlBGAhZ.exe
  C:\Windows\System32\LlBGAhZ.exe
  2⤵
  PID:9824
- C:\Windows\System32\emBmSjz.exe
  C:\Windows\System32\emBmSjz.exe
  2⤵
  PID:9852
- C:\Windows\System32\DLFgyxS.exe
  C:\Windows\System32\DLFgyxS.exe
  2⤵
  PID:9880
- C:\Windows\System32\OOhaCZh.exe
  C:\Windows\System32\OOhaCZh.exe
  2⤵
  PID:9908
- C:\Windows\System32\QydpCDI.exe
  C:\Windows\System32\QydpCDI.exe
  2⤵
  PID:9936
- C:\Windows\System32\MdKWWgU.exe
  C:\Windows\System32\MdKWWgU.exe
  2⤵
  PID:9964
- C:\Windows\System32\KiWhAeE.exe
  C:\Windows\System32\KiWhAeE.exe
  2⤵
  PID:9996
- C:\Windows\System32\boNvKVL.exe
  C:\Windows\System32\boNvKVL.exe
  2⤵
  PID:10028
- C:\Windows\System32\ofPsEXF.exe
  C:\Windows\System32\ofPsEXF.exe
  2⤵
  PID:10068
- C:\Windows\System32\ExhqGNO.exe
  C:\Windows\System32\ExhqGNO.exe
  2⤵
  PID:10084
- C:\Windows\System32\hYTNwec.exe
  C:\Windows\System32\hYTNwec.exe
  2⤵
  PID:10112
- C:\Windows\System32\lsVGiqQ.exe
  C:\Windows\System32\lsVGiqQ.exe
  2⤵
  PID:10132
- C:\Windows\System32\TqxWuFb.exe
  C:\Windows\System32\TqxWuFb.exe
  2⤵
  PID:10168
- C:\Windows\System32\eOiGgCF.exe
  C:\Windows\System32\eOiGgCF.exe
  2⤵
  PID:10196
- C:\Windows\System32\UQzneYL.exe
  C:\Windows\System32\UQzneYL.exe
  2⤵
  PID:10224
- C:\Windows\System32\bjMBDYG.exe
  C:\Windows\System32\bjMBDYG.exe
  2⤵
  PID:9248
- C:\Windows\System32\RXVEwfv.exe
  C:\Windows\System32\RXVEwfv.exe
  2⤵
  PID:9348
- C:\Windows\System32\ICgLAzy.exe
  C:\Windows\System32\ICgLAzy.exe
  2⤵
  PID:9444
- C:\Windows\System32\UzHskqI.exe
  C:\Windows\System32\UzHskqI.exe
  2⤵
  PID:9492
- C:\Windows\System32\BIJYwxL.exe
  C:\Windows\System32\BIJYwxL.exe
  2⤵
  PID:9596
- C:\Windows\System32\aTvmnkj.exe
  C:\Windows\System32\aTvmnkj.exe
  2⤵
  PID:9644
- C:\Windows\System32\qmlWKRa.exe
  C:\Windows\System32\qmlWKRa.exe
  2⤵
  PID:9732
- C:\Windows\System32\sHcoMXo.exe
  C:\Windows\System32\sHcoMXo.exe
  2⤵
  PID:9776
- C:\Windows\System32\PCWPSzg.exe
  C:\Windows\System32\PCWPSzg.exe
  2⤵
  PID:9844
- C:\Windows\System32\xQfGAOr.exe
  C:\Windows\System32\xQfGAOr.exe
  2⤵
  PID:9900
- C:\Windows\System32\UlZxnZq.exe
  C:\Windows\System32\UlZxnZq.exe
  2⤵
  PID:9960
- C:\Windows\System32\PAGKhBM.exe
  C:\Windows\System32\PAGKhBM.exe
  2⤵
  PID:10040
- C:\Windows\System32\GYRGAtu.exe
  C:\Windows\System32\GYRGAtu.exe
  2⤵
  PID:10076
- C:\Windows\System32\fGleWiR.exe
  C:\Windows\System32\fGleWiR.exe
  2⤵
  PID:10152
- C:\Windows\System32\DMFuHhG.exe
  C:\Windows\System32\DMFuHhG.exe
  2⤵
  PID:10216
- C:\Windows\System32\AXzgfLy.exe
  C:\Windows\System32\AXzgfLy.exe
  2⤵
  PID:9412
- C:\Windows\System32\HBsvAgB.exe
  C:\Windows\System32\HBsvAgB.exe
  2⤵
  PID:9572
- C:\Windows\System32\OMTSaRN.exe
  C:\Windows\System32\OMTSaRN.exe
  2⤵
  PID:9700
- C:\Windows\System32\iOjYnEU.exe
  C:\Windows\System32\iOjYnEU.exe
  2⤵
  PID:9840
- C:\Windows\System32\udhqmCa.exe
  C:\Windows\System32\udhqmCa.exe
  2⤵
  PID:10024
- C:\Windows\System32\JkrPwZe.exe
  C:\Windows\System32\JkrPwZe.exe
  2⤵
  PID:10100
- C:\Windows\System32\bcfMekb.exe
  C:\Windows\System32\bcfMekb.exe
  2⤵
  PID:9316
- C:\Windows\System32\OIZXOTl.exe
  C:\Windows\System32\OIZXOTl.exe
  2⤵
  PID:9672
- C:\Windows\System32\omziOfV.exe
  C:\Windows\System32\omziOfV.exe
  2⤵
  PID:10104
- C:\Windows\System32\AnPTzvL.exe
  C:\Windows\System32\AnPTzvL.exe
  2⤵
  PID:9804
- C:\Windows\System32\hxPCaBN.exe
  C:\Windows\System32\hxPCaBN.exe
  2⤵
  PID:9612
- C:\Windows\System32\Hyjttkr.exe
  C:\Windows\System32\Hyjttkr.exe
  2⤵
  PID:10260
- C:\Windows\System32\qlQeCgl.exe
  C:\Windows\System32\qlQeCgl.exe
  2⤵
  PID:10288
- C:\Windows\System32\pXBrIay.exe
  C:\Windows\System32\pXBrIay.exe
  2⤵
  PID:10316
- C:\Windows\System32\pfixgLU.exe
  C:\Windows\System32\pfixgLU.exe
  2⤵
  PID:10356
- C:\Windows\System32\nxYFAZs.exe
  C:\Windows\System32\nxYFAZs.exe
  2⤵
  PID:10372
- C:\Windows\System32\TJXTiSS.exe
  C:\Windows\System32\TJXTiSS.exe
  2⤵
  PID:10400
- C:\Windows\System32\UHZoIAt.exe
  C:\Windows\System32\UHZoIAt.exe
  2⤵
  PID:10428
- C:\Windows\System32\cESqeIv.exe
  C:\Windows\System32\cESqeIv.exe
  2⤵
  PID:10448
- C:\Windows\System32\bhFVamb.exe
  C:\Windows\System32\bhFVamb.exe
  2⤵
  PID:10484
- C:\Windows\System32\AuqhtXN.exe
  C:\Windows\System32\AuqhtXN.exe
  2⤵
  PID:10512
- C:\Windows\System32\QuvcyMd.exe
  C:\Windows\System32\QuvcyMd.exe
  2⤵
  PID:10540
- C:\Windows\System32\lMmBazs.exe
  C:\Windows\System32\lMmBazs.exe
  2⤵
  PID:10568
- C:\Windows\System32\QbOfAJS.exe
  C:\Windows\System32\QbOfAJS.exe
  2⤵
  PID:10596
- C:\Windows\System32\KprSsYE.exe
  C:\Windows\System32\KprSsYE.exe
  2⤵
  PID:10624
- C:\Windows\System32\gdiTiST.exe
  C:\Windows\System32\gdiTiST.exe
  2⤵
  PID:10652
- C:\Windows\System32\SQipSUM.exe
  C:\Windows\System32\SQipSUM.exe
  2⤵
  PID:10680
- C:\Windows\System32\ZBbGvMn.exe
  C:\Windows\System32\ZBbGvMn.exe
  2⤵
  PID:10708
- C:\Windows\System32\CkiDcMZ.exe
  C:\Windows\System32\CkiDcMZ.exe
  2⤵
  PID:10736
- C:\Windows\System32\jCNwRuw.exe
  C:\Windows\System32\jCNwRuw.exe
  2⤵
  PID:10764
- C:\Windows\System32\szpyZyA.exe
  C:\Windows\System32\szpyZyA.exe
  2⤵
  PID:10792
- C:\Windows\System32\qhMOsoD.exe
  C:\Windows\System32\qhMOsoD.exe
  2⤵
  PID:10808
- C:\Windows\System32\UhTXDsG.exe
  C:\Windows\System32\UhTXDsG.exe
  2⤵
  PID:10848
- C:\Windows\System32\GEAuPpx.exe
  C:\Windows\System32\GEAuPpx.exe
  2⤵
  PID:10876
- C:\Windows\System32\OZwbRgW.exe
  C:\Windows\System32\OZwbRgW.exe
  2⤵
  PID:10904
- C:\Windows\System32\bmYCmFS.exe
  C:\Windows\System32\bmYCmFS.exe
  2⤵
  PID:10932
- C:\Windows\System32\skPYnaq.exe
  C:\Windows\System32\skPYnaq.exe
  2⤵
  PID:10960
- C:\Windows\System32\ofMrtmf.exe
  C:\Windows\System32\ofMrtmf.exe
  2⤵
  PID:10988
- C:\Windows\System32\ElUMtmX.exe
  C:\Windows\System32\ElUMtmX.exe
  2⤵
  PID:11020
- C:\Windows\System32\JThtkID.exe
  C:\Windows\System32\JThtkID.exe
  2⤵
  PID:11048
- C:\Windows\System32\MlLQzjt.exe
  C:\Windows\System32\MlLQzjt.exe
  2⤵
  PID:11076
- C:\Windows\System32\TBbSCrQ.exe
  C:\Windows\System32\TBbSCrQ.exe
  2⤵
  PID:11104
- C:\Windows\System32\YrkBNDl.exe
  C:\Windows\System32\YrkBNDl.exe
  2⤵
  PID:11132
- C:\Windows\System32\rxRRXQG.exe
  C:\Windows\System32\rxRRXQG.exe
  2⤵
  PID:11160
- C:\Windows\System32\aXdSNQR.exe
  C:\Windows\System32\aXdSNQR.exe
  2⤵
  PID:11196
- C:\Windows\System32\CHAevXI.exe
  C:\Windows\System32\CHAevXI.exe
  2⤵
  PID:11252
- C:\Windows\System32\ZpLvjmV.exe
  C:\Windows\System32\ZpLvjmV.exe
  2⤵
  PID:10284
- C:\Windows\System32\FONTPWo.exe
  C:\Windows\System32\FONTPWo.exe
  2⤵
  PID:10336
- C:\Windows\System32\SIGBtyj.exe
  C:\Windows\System32\SIGBtyj.exe
  2⤵
  PID:10396
- C:\Windows\System32\slziroA.exe
  C:\Windows\System32\slziroA.exe
  2⤵
  PID:10468
- C:\Windows\System32\HjheaKs.exe
  C:\Windows\System32\HjheaKs.exe
  2⤵
  PID:10536
- C:\Windows\System32\TejNAWL.exe
  C:\Windows\System32\TejNAWL.exe
  2⤵
  PID:10592
- C:\Windows\System32\ilWyeJj.exe
  C:\Windows\System32\ilWyeJj.exe
  2⤵
  PID:10636
- C:\Windows\System32\aMyaiTG.exe
  C:\Windows\System32\aMyaiTG.exe
  2⤵
  PID:10704
- C:\Windows\System32\kffIfUt.exe
  C:\Windows\System32\kffIfUt.exe
  2⤵
  PID:10752
- C:\Windows\System32\svPAnXC.exe
  C:\Windows\System32\svPAnXC.exe
  2⤵
  PID:10828
- C:\Windows\System32\PrcOnyJ.exe
  C:\Windows\System32\PrcOnyJ.exe
  2⤵
  PID:10896
- C:\Windows\System32\JdhECLg.exe
  C:\Windows\System32\JdhECLg.exe
  2⤵
  PID:10956
- C:\Windows\System32\YRhSDwX.exe
  C:\Windows\System32\YRhSDwX.exe
  2⤵
  PID:11036
- C:\Windows\System32\ZiFCASx.exe
  C:\Windows\System32\ZiFCASx.exe
  2⤵
  PID:11088
- C:\Windows\System32\RDkYCsD.exe
  C:\Windows\System32\RDkYCsD.exe
  2⤵
  PID:11224
- C:\Windows\System32\CiNPjXt.exe
  C:\Windows\System32\CiNPjXt.exe
  2⤵
  PID:10312
- C:\Windows\System32\dfQqwhM.exe
  C:\Windows\System32\dfQqwhM.exe
  2⤵
  PID:10460
- C:\Windows\System32\IzoreEA.exe
  C:\Windows\System32\IzoreEA.exe
  2⤵
  PID:10584
- C:\Windows\System32\WQnjQuG.exe
  C:\Windows\System32\WQnjQuG.exe
  2⤵
  PID:10800
- C:\Windows\System32\CyKZcNO.exe
  C:\Windows\System32\CyKZcNO.exe
  2⤵
  PID:10984
- C:\Windows\System32\RFqDIWj.exe
  C:\Windows\System32\RFqDIWj.exe
  2⤵
  PID:11176
- C:\Windows\System32\dZQdtdR.exe
  C:\Windows\System32\dZQdtdR.exe
  2⤵
  PID:10500
- C:\Windows\System32\xSTxbtC.exe
  C:\Windows\System32\xSTxbtC.exe
  2⤵
  PID:10952
- C:\Windows\System32\UfsZpZn.exe
  C:\Windows\System32\UfsZpZn.exe
  2⤵
  PID:10368
- C:\Windows\System32\eXKaEwe.exe
  C:\Windows\System32\eXKaEwe.exe
  2⤵
  PID:11276
- C:\Windows\System32\HAsCUqZ.exe
  C:\Windows\System32\HAsCUqZ.exe
  2⤵
  PID:11304
- C:\Windows\System32\VOEZlfL.exe
  C:\Windows\System32\VOEZlfL.exe
  2⤵
  PID:11332
- C:\Windows\System32\aNUYyuc.exe
  C:\Windows\System32\aNUYyuc.exe
  2⤵
  PID:11352
- C:\Windows\System32\KcFJOKw.exe
  C:\Windows\System32\KcFJOKw.exe
  2⤵
  PID:11388
- C:\Windows\System32\JTqiJNL.exe
  C:\Windows\System32\JTqiJNL.exe
  2⤵
  PID:11416
- C:\Windows\System32\QDTYxiY.exe
  C:\Windows\System32\QDTYxiY.exe
  2⤵
  PID:11448
- C:\Windows\System32\GzNulZf.exe
  C:\Windows\System32\GzNulZf.exe
  2⤵
  PID:11476
- C:\Windows\System32\gohvqzN.exe
  C:\Windows\System32\gohvqzN.exe
  2⤵
  PID:11504
- C:\Windows\System32\UJxoKta.exe
  C:\Windows\System32\UJxoKta.exe
  2⤵
  PID:11532
- C:\Windows\System32\OpwXTYt.exe
  C:\Windows\System32\OpwXTYt.exe
  2⤵
  PID:11564
- C:\Windows\System32\SLxGmbe.exe
  C:\Windows\System32\SLxGmbe.exe
  2⤵
  PID:11592
- C:\Windows\System32\SiSUlVJ.exe
  C:\Windows\System32\SiSUlVJ.exe
  2⤵
  PID:11620
- C:\Windows\System32\KIxDzPm.exe
  C:\Windows\System32\KIxDzPm.exe
  2⤵
  PID:11648
- C:\Windows\System32\qUwOXXE.exe
  C:\Windows\System32\qUwOXXE.exe
  2⤵
  PID:11676
- C:\Windows\System32\fKKUqqX.exe
  C:\Windows\System32\fKKUqqX.exe
  2⤵
  PID:11704
- C:\Windows\System32\SIxyBly.exe
  C:\Windows\System32\SIxyBly.exe
  2⤵
  PID:11732
- C:\Windows\System32\CBstidM.exe
  C:\Windows\System32\CBstidM.exe
  2⤵
  PID:11760
- C:\Windows\System32\HfncLqX.exe
  C:\Windows\System32\HfncLqX.exe
  2⤵
  PID:11788
- C:\Windows\System32\odIbWUj.exe
  C:\Windows\System32\odIbWUj.exe
  2⤵
  PID:11816
- C:\Windows\System32\fILVjmn.exe
  C:\Windows\System32\fILVjmn.exe
  2⤵
  PID:11844
- C:\Windows\System32\VeGBIWb.exe
  C:\Windows\System32\VeGBIWb.exe
  2⤵
  PID:11876
- C:\Windows\System32\gqsizHK.exe
  C:\Windows\System32\gqsizHK.exe
  2⤵
  PID:11904
- C:\Windows\System32\jlBVdSB.exe
  C:\Windows\System32\jlBVdSB.exe
  2⤵
  PID:11936
- C:\Windows\System32\ratHtAN.exe
  C:\Windows\System32\ratHtAN.exe
  2⤵
  PID:11968
- C:\Windows\System32\AkVNSEw.exe
  C:\Windows\System32\AkVNSEw.exe
  2⤵
  PID:11996
- C:\Windows\System32\PuFJGPJ.exe
  C:\Windows\System32\PuFJGPJ.exe
  2⤵
  PID:12024
- C:\Windows\System32\NUHtBdk.exe
  C:\Windows\System32\NUHtBdk.exe
  2⤵
  PID:12052
- C:\Windows\System32\pILvQni.exe
  C:\Windows\System32\pILvQni.exe
  2⤵
  PID:12080
- C:\Windows\System32\CfuQpph.exe
  C:\Windows\System32\CfuQpph.exe
  2⤵
  PID:12108
- C:\Windows\System32\axQdQne.exe
  C:\Windows\System32\axQdQne.exe
  2⤵
  PID:12136
- C:\Windows\System32\dtsaRTg.exe
  C:\Windows\System32\dtsaRTg.exe
  2⤵
  PID:12164
- C:\Windows\System32\dVetjkn.exe
  C:\Windows\System32\dVetjkn.exe
  2⤵
  PID:12192
- C:\Windows\System32\tlpwfFH.exe
  C:\Windows\System32\tlpwfFH.exe
  2⤵
  PID:12220
- C:\Windows\System32\QaEDMpz.exe
  C:\Windows\System32\QaEDMpz.exe
  2⤵
  PID:12248
- C:\Windows\System32\YQXeBYF.exe
  C:\Windows\System32\YQXeBYF.exe
  2⤵
  PID:12276
- C:\Windows\System32\rVACjgH.exe
  C:\Windows\System32\rVACjgH.exe
  2⤵
  PID:11288
- C:\Windows\System32\AJHkLbv.exe
  C:\Windows\System32\AJHkLbv.exe
  2⤵
  PID:11348
- C:\Windows\System32\kUdFxme.exe
  C:\Windows\System32\kUdFxme.exe
  2⤵
  PID:11412
- C:\Windows\System32\qYklGNK.exe
  C:\Windows\System32\qYklGNK.exe
  2⤵
  PID:11492
- C:\Windows\System32\ZYPCuBg.exe
  C:\Windows\System32\ZYPCuBg.exe
  2⤵
  PID:11580
- C:\Windows\System32\HBMcHPy.exe
  C:\Windows\System32\HBMcHPy.exe
  2⤵
  PID:11616
- C:\Windows\System32\LAlbFQQ.exe
  C:\Windows\System32\LAlbFQQ.exe
  2⤵
  PID:11692
- C:\Windows\System32\nzsgLjL.exe
  C:\Windows\System32\nzsgLjL.exe
  2⤵
  PID:11752
- C:\Windows\System32\Yqpfmhb.exe
  C:\Windows\System32\Yqpfmhb.exe
  2⤵
  PID:11812
- C:\Windows\System32\vTkUXeU.exe
  C:\Windows\System32\vTkUXeU.exe
  2⤵
  PID:11892
- C:\Windows\System32\mQniwvb.exe
  C:\Windows\System32\mQniwvb.exe
  2⤵
  PID:11964
- C:\Windows\System32\TcDPwBj.exe
  C:\Windows\System32\TcDPwBj.exe
  2⤵
  PID:12036
- C:\Windows\System32\fMtzBsE.exe
  C:\Windows\System32\fMtzBsE.exe
  2⤵
  PID:12100
- C:\Windows\System32\daaaVeM.exe
  C:\Windows\System32\daaaVeM.exe
  2⤵
  PID:12160
- C:\Windows\System32\QOMwuja.exe
  C:\Windows\System32\QOMwuja.exe
  2⤵
  PID:12232
- C:\Windows\System32\hoiPuls.exe
  C:\Windows\System32\hoiPuls.exe
  2⤵
  PID:11272
- C:\Windows\System32\fMcQXiF.exe
  C:\Windows\System32\fMcQXiF.exe
  2⤵
  PID:11408
- C:\Windows\System32\UAoYlKV.exe
  C:\Windows\System32\UAoYlKV.exe
  2⤵
  PID:11588
- C:\Windows\System32\MYrMOiC.exe
  C:\Windows\System32\MYrMOiC.exe
  2⤵
  PID:11728
- C:\Windows\System32\lXqirVz.exe
  C:\Windows\System32\lXqirVz.exe
  2⤵
  PID:11872
- C:\Windows\System32\IYtBSXX.exe
  C:\Windows\System32\IYtBSXX.exe
  2⤵
  PID:11560
- C:\Windows\System32\gErUTss.exe
  C:\Windows\System32\gErUTss.exe
  2⤵
  PID:12188
- C:\Windows\System32\vIpHydk.exe
  C:\Windows\System32\vIpHydk.exe
  2⤵
  PID:11340
- C:\Windows\System32\BxjBgYT.exe
  C:\Windows\System32\BxjBgYT.exe
  2⤵
  PID:11668
- C:\Windows\System32\TKRkjXH.exe
  C:\Windows\System32\TKRkjXH.exe
  2⤵
  PID:12096
- C:\Windows\System32\kImHZMe.exe
  C:\Windows\System32\kImHZMe.exe
  2⤵
  PID:11720
- C:\Windows\System32\CbeVPDK.exe
  C:\Windows\System32\CbeVPDK.exe
  2⤵
  PID:11472
- C:\Windows\System32\TRebonK.exe
  C:\Windows\System32\TRebonK.exe
  2⤵
  PID:12304
- C:\Windows\System32\hHaWpbu.exe
  C:\Windows\System32\hHaWpbu.exe
  2⤵
  PID:12332
- C:\Windows\System32\GqkYclv.exe
  C:\Windows\System32\GqkYclv.exe
  2⤵
  PID:12360
- C:\Windows\System32\NZtIKLa.exe
  C:\Windows\System32\NZtIKLa.exe
  2⤵
  PID:12388
- C:\Windows\System32\iIkfpMS.exe
  C:\Windows\System32\iIkfpMS.exe
  2⤵
  PID:12416
- C:\Windows\System32\aqAsOnF.exe
  C:\Windows\System32\aqAsOnF.exe
  2⤵
  PID:12444
- C:\Windows\System32\cYvsEdw.exe
  C:\Windows\System32\cYvsEdw.exe
  2⤵
  PID:12472
- C:\Windows\System32\nxQUjnT.exe
  C:\Windows\System32\nxQUjnT.exe
  2⤵
  PID:12500
- C:\Windows\System32\hyIVpBu.exe
  C:\Windows\System32\hyIVpBu.exe
  2⤵
  PID:12524
- C:\Windows\System32\BVSrLZm.exe
  C:\Windows\System32\BVSrLZm.exe
  2⤵
  PID:12552
- C:\Windows\System32\LzinwGn.exe
  C:\Windows\System32\LzinwGn.exe
  2⤵
  PID:12572
- C:\Windows\System32\tAdeGLt.exe
  C:\Windows\System32\tAdeGLt.exe
  2⤵
  PID:12612
- C:\Windows\System32\xQjdQVj.exe
  C:\Windows\System32\xQjdQVj.exe
  2⤵
  PID:12656
- C:\Windows\System32\WCiplmd.exe
  C:\Windows\System32\WCiplmd.exe
  2⤵
  PID:12672
- C:\Windows\System32\PbHfHfp.exe
  C:\Windows\System32\PbHfHfp.exe
  2⤵
  PID:12700
- C:\Windows\System32\QbAosOX.exe
  C:\Windows\System32\QbAosOX.exe
  2⤵
  PID:12720
- C:\Windows\System32\tBVIzwX.exe
  C:\Windows\System32\tBVIzwX.exe
  2⤵
  PID:12760
- C:\Windows\System32\opnAnld.exe
  C:\Windows\System32\opnAnld.exe
  2⤵
  PID:12784
- C:\Windows\System32\mRHiELH.exe
  C:\Windows\System32\mRHiELH.exe
  2⤵
  PID:12836
- C:\Windows\System32\gPHBnMI.exe
  C:\Windows\System32\gPHBnMI.exe
  2⤵
  PID:12868
- C:\Windows\System32\SEIcFrE.exe
  C:\Windows\System32\SEIcFrE.exe
  2⤵
  PID:12912
- C:\Windows\System32\DrUCGEF.exe
  C:\Windows\System32\DrUCGEF.exe
  2⤵
  PID:12956
- C:\Windows\System32\aQTSIYv.exe
  C:\Windows\System32\aQTSIYv.exe
  2⤵
  PID:12988
- C:\Windows\System32\EcdDoIH.exe
  C:\Windows\System32\EcdDoIH.exe
  2⤵
  PID:13036
- C:\Windows\System32\FIKQFCX.exe
  C:\Windows\System32\FIKQFCX.exe
  2⤵
  PID:13088
- C:\Windows\System32\KJEDEqi.exe
  C:\Windows\System32\KJEDEqi.exe
  2⤵
  PID:13104
- C:\Windows\System32\OJaoVET.exe
  C:\Windows\System32\OJaoVET.exe
  2⤵
  PID:13124
- C:\Windows\System32\lZluvTf.exe
  C:\Windows\System32\lZluvTf.exe
  2⤵
  PID:13152
- C:\Windows\System32\iVNaGIj.exe
  C:\Windows\System32\iVNaGIj.exe
  2⤵
  PID:13204
- C:\Windows\System32\aWTMnDf.exe
  C:\Windows\System32\aWTMnDf.exe
  2⤵
  PID:13220
- C:\Windows\System32\eAxLsEs.exe
  C:\Windows\System32\eAxLsEs.exe
  2⤵
  PID:13260
- C:\Windows\System32\xvCcwdS.exe
  C:\Windows\System32\xvCcwdS.exe
  2⤵
  PID:13292
- C:\Windows\System32\tDbKuJa.exe
  C:\Windows\System32\tDbKuJa.exe
  2⤵
  PID:13308
- C:\Windows\System32\zBSAXcK.exe
  C:\Windows\System32\zBSAXcK.exe
  2⤵
  PID:12312
- C:\Windows\System32\kNxrfaW.exe
  C:\Windows\System32\kNxrfaW.exe
  2⤵
  PID:12384
- C:\Windows\System32\IemNRAw.exe
  C:\Windows\System32\IemNRAw.exe
  2⤵
  PID:12532
- C:\Windows\System32\GnKEfbC.exe
  C:\Windows\System32\GnKEfbC.exe
  2⤵
  PID:12568
- C:\Windows\System32\EfBLWCv.exe
  C:\Windows\System32\EfBLWCv.exe
  2⤵
  PID:12648
- C:\Windows\System32\xanGyTc.exe
  C:\Windows\System32\xanGyTc.exe
  2⤵
  PID:1480
- C:\Windows\System32\nIXpZar.exe
  C:\Windows\System32\nIXpZar.exe
  2⤵
  PID:12708
- C:\Windows\System32\BgHzGbS.exe
  C:\Windows\System32\BgHzGbS.exe
  2⤵
  PID:12780
- C:\Windows\System32\WDdChrr.exe
  C:\Windows\System32\WDdChrr.exe
  2⤵
  PID:12864
- C:\Windows\System32\IXPZNQB.exe
  C:\Windows\System32\IXPZNQB.exe
  2⤵
  PID:12816
- C:\Windows\System32\PVsAKrs.exe
  C:\Windows\System32\PVsAKrs.exe
  2⤵
  PID:11544
- C:\Windows\System32\CRzxhVX.exe
  C:\Windows\System32\CRzxhVX.exe
  2⤵
  PID:13136
- C:\Windows\System32\ZrFdDhk.exe
  C:\Windows\System32\ZrFdDhk.exe
  2⤵
  PID:13180
- C:\Windows\System32\hALUJex.exe
  C:\Windows\System32\hALUJex.exe
  2⤵
  PID:13244
- C:\Windows\System32\IbWvkbG.exe
  C:\Windows\System32\IbWvkbG.exe
  2⤵
  PID:12300
- C:\Windows\System32\fyQxUMe.exe
  C:\Windows\System32\fyQxUMe.exe
  2⤵
  PID:12516
- C:\Windows\System32\olqwLaq.exe
  C:\Windows\System32\olqwLaq.exe
  2⤵
  PID:5104
- C:\Windows\System32\FXYbguN.exe
  C:\Windows\System32\FXYbguN.exe
  2⤵
  PID:12752
- C:\Windows\System32\MkcRfrE.exe
  C:\Windows\System32\MkcRfrE.exe
  2⤵
  PID:12940
- C:\Windows\System32\pltndOt.exe
  C:\Windows\System32\pltndOt.exe
  2⤵
  PID:13120
- C:\Windows\System32\kGSjcgK.exe
  C:\Windows\System32\kGSjcgK.exe
  2⤵
  PID:13272
- C:\Windows\System32\IWMEhEd.exe
  C:\Windows\System32\IWMEhEd.exe
  2⤵
  PID:12548
- C:\Windows\System32\dBFmZel.exe
  C:\Windows\System32\dBFmZel.exe
  2⤵
  PID:12904
- C:\Windows\System32\TvmqMne.exe
  C:\Windows\System32\TvmqMne.exe
  2⤵
  PID:12432
- C:\Windows\System32\dhZtqUy.exe
  C:\Windows\System32\dhZtqUy.exe
  2⤵
  PID:13216

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ADyVAWJ.exe

Filesize
3.3MB

MD5
4037f60aeb8f810c750cf6ee813f0b2f

SHA1
888fc817b17d23878052adbcc2b82e9aeb31276a

SHA256
1e5a8a5daa75e5e2f5073dbbcc1ad67f3ca216cfca50f55743e3139668c683e1

SHA512
2b7456a90ea9ccabc351cc5102e31e27c010f888e25b7252bcdae8f3d04152090f244188c135d4f65cdf671c179bd4003d573630499f3363fc258b10fb6426e4

Download Submit
C:\Windows\System32\AlIqWyx.exe

Filesize
3.3MB

MD5
9422ba627a79ecfeece40ee7cb162b1c

SHA1
19f92f47efbf9f907415659ca14b9de1683fd2c6

SHA256
5e24c9dc16c76080f49a0d3dc93e6197132ee02477ce6f54d5688a23a6000e67

SHA512
def6a6ae67777aaf25466d3129633f080d9080cf718ac30ea7fea0dd2bb9314b2ce0d61f43629231eed6d6a1bc9cf17d979e1fa38bd4685a0e289bbe872f7193

Download Submit
C:\Windows\System32\DFaZXiS.exe

Filesize
3.3MB

MD5
3a9a57e7459895bdff31d9dcd747794d

SHA1
e339dff096db1cb73cdfa1ca3d24e210602d61db

SHA256
e2e262bd8d41af12f8131c319fcd634283385ca51d47e2674d4fb06e11e6c8b9

SHA512
7f5f37334a7c5ed7c54e400d7dcecc59eaff6932a4e4e9bbff1dd990017cd73d1203f2cd7fd7f8530a6edab7cf275a18a56333c49206e2aeb740467deafd8747

Download Submit
C:\Windows\System32\DzgpbzT.exe

Filesize
3.3MB

MD5
d208d6b10d6ba4899ade2f73079a3b62

SHA1
c552e9f63be57090decbfc05207466a0610a7eea

SHA256
b5542463fae560cc074ca800c739197e9a2598721d6f89fa285e96239f981398

SHA512
506eb69faf7e9805f3d98ff3bd41c07f2e0843c12f018dfe220a153a8cee9bad4629f475ba4ffcf4f81c67374e57f0069cd129d9c28e008f48a09b1681dc8fcc

Download Submit
C:\Windows\System32\IhOWbWl.exe

Filesize
3.3MB

MD5
55e46b8115903ed31515b68ea2db75da

SHA1
d4daf0d4ee86da0b81563f9548ef71d4e4597367

SHA256
70cb7ec49c2770cfd05463bc79a8fd643c8ca36fe32bc37ec862a2a8ff0b4c90

SHA512
e7a634fa9ca6cb4e01b04e48e3e35bd6483dafb8a548fc16942ec94e66d13ff898b0d287a342a808ced8c094e2e0a958afdb5fef44d7ab7c91502ef6d1167f1c

Download Submit
C:\Windows\System32\LvOytiH.exe

Filesize
3.3MB

MD5
0861f44b72b88cf17478c441eee87036

SHA1
392e136c2c8a866869dd0aa8cd23da908bfba6bd

SHA256
b64275ceadfc23e58603d880435978e73b549827d75f8120199fe4b43743df91

SHA512
0f6cbfefc743d08424fb1e0dbd5da13805369897026393fb6815ffa96b46868395a9cb8a0153b5ef6be39069e628fe446566aaadaca0807be5d5f8186bfcba6d

Download Submit
C:\Windows\System32\NDbYjGD.exe

Filesize
3.3MB

MD5
7405357088777e62c3cbc0ad41e0e59b

SHA1
a6001ca494984cc299097d28bffd32140784afc2

SHA256
e3a407044adec4ca2e4a36fedfa2a139db953e10dbd72567e4e3b7d38a49f539

SHA512
2fbd48aed4444cb865eb5f06ef5a276dfba8fe39c36efdd78570dca9ea9c42d1a4557b9619be784a10e27dba0253a8528f416cb23d61ee9e9deb4e5287618d65

Download Submit
C:\Windows\System32\NTXZmYj.exe

Filesize
3.3MB

MD5
d4f3f7ff11c9478619bc1442a7d2a515

SHA1
e443adb505a5f68b32b8c7a6f39d9fbf55b78a7c

SHA256
cd67c256f61f5c16e1bfe6cbb4a6363e9ce8130185a4dd7a6ce2d507673f31cb

SHA512
dafdbcfeac2e87381fd012e6786569312b5df1488c9a0294b41721b617cc617f5918b3ae76bc26388b6e97a264f143e1735f9affbf2fc3c933ccfe261e2fe492

Download Submit
C:\Windows\System32\OoChymT.exe

Filesize
3.3MB

MD5
1776cd3ab46c57012e1dd026ccb73375

SHA1
aab9bd7e32405086d9039230cb99b6c9804ba0cc

SHA256
1190ddda09d27b0b434970085a022cfe53888bcdcb78f7e0c4aefdddb35f1d0e

SHA512
af1aed4c0262f109d135f68c4687a8747ecad2609de1b05ff79f2499bbde6f09c78ce6ba46d39a761399258e38863ef54ad2dc508d29ab9beb324d0816607cb4

Download Submit
C:\Windows\System32\PxWIVWg.exe

Filesize
3.3MB

MD5
b212196ad5a84054b6328c7532635037

SHA1
672d3b2632fabd55acdef1dd55213b8e7b49cf52

SHA256
29594148a37dff38b86b7ce2c8578949135ccd4aac01cbd8b1409ab08dd29df0

SHA512
fd3821daa36ffef2c3ff45dd3ddf177076657c1c327967d55854f77659ef83e7620485fa4d77215ca5868769647ddbd24c07ce07f474ad3c0a358ee559816af4

Download Submit
C:\Windows\System32\QyDffrk.exe

Filesize
3.3MB

MD5
a76cc449aa418b8b5c2ea1eda7469c99

SHA1
6511974f2b9061435f5ec0a00caec6c7b4e36f6c

SHA256
fddb405d97211e269d63a59bab925bc854f8ddd4b212560848f520d37a81f06b

SHA512
930166e0ffff21918d53904d4df443415cee40975a5d3403fd9229da042b23c9cfc2e960f01a9404a3ed8a4838b895aeccd129608ede9dff4f35eac8b1689ef5

Download Submit
C:\Windows\System32\UhYByov.exe

Filesize
3.3MB

MD5
2b4b6a9e76ea753a5b5183b0f358e178

SHA1
018be20f76607a7d0dd7fb511dd8b68489d546a7

SHA256
e45f67b8e1f9c029a640066ce85248546459bdcb158148cd04cb1b2c93167ebc

SHA512
db1f41a0989a88c06b013544a11b2a489e5d65a4ed7669b2e3d3d774adcbfe79205f8c98d03a535a491623d84c788ceeb1ee3a6d441cef2767182c86b8c051a3

Download Submit
C:\Windows\System32\YPXnHUU.exe

Filesize
3.3MB

MD5
1ef4ffc6ef231716572e001e4afa47ae

SHA1
9d94a2375c3e7aa7e41be4a89d35b13eec6220a7

SHA256
86a191605cef4523ed6349fd026879e179917cba8c55c97e6ea7710e7b1000e1

SHA512
7be1a646d85bd8ccd733aa2bb30dbf2ddf2fa63eb6ccfacab003f28a69866d617f765f31a78f7b71ab384eaf7a692563b904aaa652b6a0760ecde016fb0ab00e

Download Submit
C:\Windows\System32\YYvsGnF.exe

Filesize
3.3MB

MD5
b0e751aceaa00b6535d61e03cdea4c34

SHA1
d26bbe86c2eb2c23f935b939de0fc11bd3f63fee

SHA256
12671597d0a2e4e3bb14f3370df865f7c085da0318ae2e72c2f63c944f56e1c2

SHA512
921caefbf53f82379443f73531a911ac22c2e491f0cd919f27add323b26be42cd97269f232b1319e345dbd77986a415ea0e62d2ae9d9f79d30d73605477cd74d

Download Submit
C:\Windows\System32\ZEMLHGD.exe

Filesize
3.3MB

MD5
3a0ba8a4334a0cafbc16de58307c6bca

SHA1
b8736ff8750641215e2ca169e0b35323ca4917be

SHA256
5a12a57d0a54752e2a13d1762f74467448542b21cb01a53883d6de39dd0be21c

SHA512
ed7085dec98810c0714fedeeda8009d8699d191b3565047a8b6b8d96540ee23394428f7a61405c06b115f9ed978222a6ebb198522ebe99377aca2cdc31a1f217

Download Submit
C:\Windows\System32\ZJqLMSb.exe

Filesize
3.3MB

MD5
51ff4709563a225f70a9a74582519fcb

SHA1
29041f917962522abfc4f1e1c7cfcd23e700af7f

SHA256
4c3d7262847cdfdb1412158e8b47a95cd452501e85bbc93646b950c6d6681271

SHA512
21e81e831f3b7410e4ed037e54b2c9276d986673fb6855557a2ccbe0762a3520f39150d0bcf1abe2dd58eab243669e8aeb1cc5bff75f32e838db02dc42cad12f

Download Submit
C:\Windows\System32\ZPCwgBH.exe

Filesize
3.3MB

MD5
3cb771726ab5d01c9f0af656256aa6cf

SHA1
8c1c6d07eb6e4fe61b956bcc8d1db9d7abca023c

SHA256
b91ffed37c680859e6c7dde3df5b301f7e519cd2fc6fa984bd1b3ab60881ea5c

SHA512
ed6ededf1c3d98b84de239038d7ca3b67294d647bb1fb9f6073b65d8e8b4299c00824692b644e43e7a8b6801aec2756dfd9a1a9541d721fd177c8f27786c286d

Download Submit
C:\Windows\System32\bRopAfw.exe

Filesize
3.3MB

MD5
ad4135d80f1b4b594141190a5a44ae3f

SHA1
30597ef7fa346b31343a2fc4710043fc6958b531

SHA256
9c5e196a89b5c10e24fb4d7fba90830c038e210afb9417c4793d61da7d10130f

SHA512
a6d8f55c1d44d6f7dc43a05a458a6d5ff52b862b124330c29fe305429e46c14e7f1b9879b290f8f7ec4e26237c0022d607020550a984020c9e3f9fc8473b055c

Download Submit
C:\Windows\System32\bfmXsLh.exe

Filesize
3.3MB

MD5
3fc6b4e9a8aeb235831d9e2ab1593b32

SHA1
ac4ede954343a1fb65f0e4c16a69d09ef96ea80b

SHA256
0f398cb0f5b25755cc70da5a66de21fc0b1a9a6891d8300452bdf0de034fd032

SHA512
7290217fc7db6fbef7ac3e41805c86db779e6ba74568d0579a7273499a1bfa5a7246a5b9b2c39c91793379c381b9424d2a49c20e3896cd329300b0e19048fc6c

Download Submit
C:\Windows\System32\cOfAneF.exe

Filesize
3.3MB

MD5
9af9f579e5e4a615c6ca66ccb03dddb5

SHA1
efc6b088ead145d82fc8e45c8a4191cdf2303148

SHA256
e94a5d1b5c044a5301c674a1e539f0f7d6ec281649d4da7e6aa2d47a76b96b96

SHA512
f5e151a6d4a0b641b6a28e41b1582526e56254a7aa08ce4ede70e6ae9a05961620627403b6a73b1af1fa960b3ce0a84a9d9f4ef7ce7db94068f98258609e38ec

Download Submit
C:\Windows\System32\cWbsVul.exe

Filesize
3.3MB

MD5
9384f5bcc48026a1107b693e3874f2a7

SHA1
45dd55919b9d35603623e2350c778502116c2856

SHA256
e28d4451416b32ad935b60f28bc04ad68fc7b675c613f594b8c90318d026a6b1

SHA512
0e8e99951e0c223967f3b0f7d6ebdc7cfd52929ba8f5226bbbcc21bdbd28f11595dcb9cab9c134d509485cebc88dfe0405e93fc8c10fc37850f739c30b633daa

Download Submit
C:\Windows\System32\iODjGti.exe

Filesize
3.3MB

MD5
3024d532948b125809a048919df7cb1c

SHA1
31433d4f7e75c8594feece57bf0f008226ae4aa8

SHA256
c4d1ec3add1ac2a594830289f17c9ec00a18b6059401fdd1c11ef754259a7f7d

SHA512
c1128e211ca398f36ee45716c97efe8870230206b29cfe80040a228fcfe7c0f1d368fe8bfa920d4a61b2a85352783de8bfc73b8ebe8242dda27740f91e703484

Download Submit
C:\Windows\System32\jLPPWsV.exe

Filesize
3.3MB

MD5
1c910878ae7f2dbe04f3f287aa16a434

SHA1
daf1ee629fafa23fe9aa8035a752823c21df04c0

SHA256
7f0fd9e8cc2706ad347cf89c37cc8ba6415589d51b1b3f31b7e4d8b1bbcbfe30

SHA512
efc2321d1772f976f73597cc3ddc44765ceda61ee7061dd6e24e6f18aa5d3fd1c79065a700dcf4e15692484bb8540b8dfdafaddb1914d16b8e4415682b9e2070

Download Submit
C:\Windows\System32\jrDTfLx.exe

Filesize
3.3MB

MD5
41b4005c5afe9b976a4e0d98b2d60ae9

SHA1
615acb3d6b85da00df7a32f02f3a2e9343935bbf

SHA256
e31c89099a08c1426f728a81ae1ca835d2b9d0659897d1cbdf08e566188a5821

SHA512
16ea2fd79c9ae63b58e47430df817774f7d809d461c2caa64425b2dccadf21e0a1a055864b4bce46bd7119da1258416101cda1cfb02fd80fc8dac9dc70297036

Download Submit
C:\Windows\System32\kgbBJlf.exe

Filesize
3.3MB

MD5
0731fa0e89f7fdd7e0e5398bb9a0866a

SHA1
eb8f1a25f737c89570e5c53b1b5f1037d19d2481

SHA256
e2586d8030816729f41ad6ccc81d21ca332145feb697d9deef83769d9ede8419

SHA512
c7f1be9824217ef42145e822eea354036dd3d39a865a3a690a5ceaa4b5548444c94cfea342582c561448189424bf3f958d0a11261797df3cbcf135aa0d44a8bf

Download Submit
C:\Windows\System32\oSTtXRs.exe

Filesize
3.3MB

MD5
8e60dd4b165c65d9ff15fa982cdf1f9e

SHA1
d90e5b1ad66c1fa7a95241c504c0523d3ca9be35

SHA256
94393b66a4597be0b7b1e22823304eebdc6562196b81a0f4ca1a899ebb53a971

SHA512
7b24539e12f5f61bb02f16e41c2059df574a47edb557c8c3f8618d62f2ffdfd0687557ed201a4e4f32c739fb9cc06d31a7c03f5cbca8085522499158fb7d937f

Download Submit
C:\Windows\System32\qAinyhk.exe

Filesize
3.3MB

MD5
b60d1a283a24013f2503e9e8942dbddc

SHA1
0864637827263d85bcbea0cd9d81eea75b50b609

SHA256
19af340dcfd16b76ac39b43d15506cb35c434f31767bbd2733b197c3200f39c3

SHA512
09c1564435466c0884eeaf68df43bfddb4706258900ea2c52a0a1653b2c4ef28732590b00064ec538d01ccd60eac1f418c7f23062d38baddd2bff7832dca8dde

Download Submit
C:\Windows\System32\rbOeUAB.exe

Filesize
3.3MB

MD5
fb9fbc7a1ef6be93593181764823459c

SHA1
e9d19791c97488f1466233c2e533c7e11f32b9fc

SHA256
1894b9d5b0c654dcc17e0279ec578db908aa48cfa9fb42bd16b6ac1eb0631dcc

SHA512
4f36ca101350d3a2efaa549c982ddf86260e289812d0b9f36411d5d4c677bb60653e0eddb56f2ed781ba3009bad1c0383bc489228659218b5ff84a023851c6d3

Download Submit
C:\Windows\System32\tXKhRXP.exe

Filesize
3.3MB

MD5
65862438c3941c12a6e2fd3d8c157191

SHA1
916814a116c8bef20e32e9820001688fb536e129

SHA256
623c2fbba6035ed53bd1e13d0c6da41b5705af97601e9ba23952d9451b20ee08

SHA512
626cffed7192e222a3de3c4d718ccc8cb877b2e2db3ebd60b0302cadb2c417605374aad3ef9baa1a131aa3383ca8a8f9b5841162166ef42a0d965a715bc1cdcf

Download Submit
C:\Windows\System32\xDNwBJr.exe

Filesize
3.3MB

MD5
e95378f2efc9395e3eb523b7588c24e7

SHA1
6e961a9654423271069f6653c5fd04d162a9a66d

SHA256
d8f900c3f7f0ffbec86fa602529db766044cbeb78ea63cd515056d2cead6f1b7

SHA512
43acd31a0e9ca5ae06e9d01d41105b2bde7e7b19de3278f60c918e4c6923894ed9729d19822ce092cd61f4dbc85e689354050efe50a7f21903cf3cce76eeafac

Download Submit
C:\Windows\System32\xdqHmSO.exe

Filesize
3.3MB

MD5
af3c06d57c2ac22409e72d430dde7111

SHA1
a65a03c491ed1f5f42993efd82ad49875f21a589

SHA256
005ce27ec8ada1380e63e348c3d241e752984909db160a1a8273e426953bc4b1

SHA512
ac2f9600164d1394fe7c7edebeafa6c934f3aa3dc0dde2f683318b1ae486815861f0a00796c635faf6ba088c82e78d55e96cc1cc0e5505d95bf3980ad9ab51dd

Download Submit
C:\Windows\System32\zGQmvnZ.exe

Filesize
3.3MB

MD5
37e68d0ebe558683db0efe360dc496a7

SHA1
d3a1d07d7a41d4da99f7650ba0d6eacd96acac17

SHA256
70c8b25ff9ee50b921097b3d600144e4244564324658edeb680953b3a498da2f

SHA512
44169452908cd2041dc689ff38786282f66278ef80a769003f8802ca1d36cba425405fd20349b1961b787db8e977c8fb053cf5a7826632ffea30d12845a7d207

Download Submit
memory/408-1897-0x00007FF71D050000-0x00007FF71D445000-memory.dmp

Filesize
4.0MB

Download
memory/408-804-0x00007FF71D050000-0x00007FF71D445000-memory.dmp

Filesize
4.0MB

Download
memory/508-841-0x00007FF65AEA0000-0x00007FF65B295000-memory.dmp

Filesize
4.0MB

Download
memory/508-1910-0x00007FF65AEA0000-0x00007FF65B295000-memory.dmp

Filesize
4.0MB

Download
memory/532-828-0x00007FF641BB0000-0x00007FF641FA5000-memory.dmp

Filesize
4.0MB

Download
memory/532-1907-0x00007FF641BB0000-0x00007FF641FA5000-memory.dmp

Filesize
4.0MB

Download
memory/624-1915-0x00007FF677900000-0x00007FF677CF5000-memory.dmp

Filesize
4.0MB

Download
memory/624-868-0x00007FF677900000-0x00007FF677CF5000-memory.dmp

Filesize
4.0MB

Download
memory/696-863-0x00007FF728790000-0x00007FF728B85000-memory.dmp

Filesize
4.0MB

Download
memory/696-1909-0x00007FF728790000-0x00007FF728B85000-memory.dmp

Filesize
4.0MB

Download
memory/1044-811-0x00007FF7C63D0000-0x00007FF7C67C5000-memory.dmp

Filesize
4.0MB

Download
memory/1044-1901-0x00007FF7C63D0000-0x00007FF7C67C5000-memory.dmp

Filesize
4.0MB

Download
memory/1680-1893-0x00007FF7EDD70000-0x00007FF7EE165000-memory.dmp

Filesize
4.0MB

Download
memory/1680-8-0x00007FF7EDD70000-0x00007FF7EE165000-memory.dmp

Filesize
4.0MB

Download
memory/1696-852-0x00007FF7A2780000-0x00007FF7A2B75000-memory.dmp

Filesize
4.0MB

Download
memory/1696-1912-0x00007FF7A2780000-0x00007FF7A2B75000-memory.dmp

Filesize
4.0MB

Download
memory/1756-0-0x00007FF60C240000-0x00007FF60C635000-memory.dmp

Filesize
4.0MB

Download
memory/1756-1-0x0000020A12F80000-0x0000020A12F90000-memory.dmp

Filesize
64KB

Download
memory/1756-1890-0x00007FF60C240000-0x00007FF60C635000-memory.dmp

Filesize
4.0MB

Download
memory/1756-1892-0x00007FF60C240000-0x00007FF60C635000-memory.dmp

Filesize
4.0MB

Download
memory/2256-1913-0x00007FF610000000-0x00007FF6103F5000-memory.dmp

Filesize
4.0MB

Download
memory/2256-860-0x00007FF610000000-0x00007FF6103F5000-memory.dmp

Filesize
4.0MB

Download
memory/2504-1908-0x00007FF6EA750000-0x00007FF6EAB45000-memory.dmp

Filesize
4.0MB

Download
memory/2504-871-0x00007FF6EA750000-0x00007FF6EAB45000-memory.dmp

Filesize
4.0MB

Download
memory/2824-858-0x00007FF7391A0000-0x00007FF739595000-memory.dmp

Filesize
4.0MB

Download
memory/2824-1911-0x00007FF7391A0000-0x00007FF739595000-memory.dmp

Filesize
4.0MB

Download
memory/2920-816-0x00007FF64BB80000-0x00007FF64BF75000-memory.dmp

Filesize
4.0MB

Download
memory/2920-1902-0x00007FF64BB80000-0x00007FF64BF75000-memory.dmp

Filesize
4.0MB

Download
memory/3484-1895-0x00007FF6436D0000-0x00007FF643AC5000-memory.dmp

Filesize
4.0MB

Download
memory/3484-21-0x00007FF6436D0000-0x00007FF643AC5000-memory.dmp

Filesize
4.0MB

Download
memory/3896-1903-0x00007FF6000F0000-0x00007FF6004E5000-memory.dmp

Filesize
4.0MB

Download
memory/3896-823-0x00007FF6000F0000-0x00007FF6004E5000-memory.dmp

Filesize
4.0MB

Download
memory/4252-1905-0x00007FF6B33D0000-0x00007FF6B37C5000-memory.dmp

Filesize
4.0MB

Download
memory/4252-839-0x00007FF6B33D0000-0x00007FF6B37C5000-memory.dmp

Filesize
4.0MB

Download
memory/4544-875-0x00007FF746EB0000-0x00007FF7472A5000-memory.dmp

Filesize
4.0MB

Download
memory/4544-1916-0x00007FF746EB0000-0x00007FF7472A5000-memory.dmp

Filesize
4.0MB

Download
memory/4568-1904-0x00007FF699110000-0x00007FF699505000-memory.dmp

Filesize
4.0MB

Download
memory/4568-845-0x00007FF699110000-0x00007FF699505000-memory.dmp

Filesize
4.0MB

Download
memory/4620-1894-0x00007FF7F7EE0000-0x00007FF7F82D5000-memory.dmp

Filesize
4.0MB

Download
memory/4620-14-0x00007FF7F7EE0000-0x00007FF7F82D5000-memory.dmp

Filesize
4.0MB

Download
memory/4624-1914-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp

Filesize
4.0MB

Download
memory/4624-850-0x00007FF6F3390000-0x00007FF6F3785000-memory.dmp

Filesize
4.0MB

Download
memory/4828-807-0x00007FF693880000-0x00007FF693C75000-memory.dmp

Filesize
4.0MB

Download
memory/4828-1898-0x00007FF693880000-0x00007FF693C75000-memory.dmp

Filesize
4.0MB

Download
memory/4840-1896-0x00007FF6FA0F0000-0x00007FF6FA4E5000-memory.dmp

Filesize
4.0MB

Download
memory/4840-28-0x00007FF6FA0F0000-0x00007FF6FA4E5000-memory.dmp

Filesize
4.0MB

Download
memory/4964-1899-0x00007FF71D3A0000-0x00007FF71D795000-memory.dmp

Filesize
4.0MB

Download
memory/4964-801-0x00007FF71D3A0000-0x00007FF71D795000-memory.dmp

Filesize
4.0MB

Download
memory/4976-1891-0x00007FF6F5390000-0x00007FF6F5785000-memory.dmp

Filesize
4.0MB

Download
memory/4976-1900-0x00007FF6F5390000-0x00007FF6F5785000-memory.dmp

Filesize
4.0MB

Download
memory/4976-30-0x00007FF6F5390000-0x00007FF6F5785000-memory.dmp

Filesize
4.0MB

Download
memory/5052-833-0x00007FF6D03E0000-0x00007FF6D07D5000-memory.dmp

Filesize
4.0MB

Download
memory/5052-1906-0x00007FF6D03E0000-0x00007FF6D07D5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads