xmrig | d6dc0cd8271f09b2e8a8998872424938653a4e3e5b52dcc5172acfc9d75f47b0

Analysis

max time kernel
105s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 14:01 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
Size

3.1MB
MD5

4027b97d6d79743717ddc269f8929260
SHA1

86548ef184477687be82789b5da4e17372f11206
SHA256

d6dc0cd8271f09b2e8a8998872424938653a4e3e5b52dcc5172acfc9d75f47b0
SHA512

86dc37b0df72f4820bc39a3d85980b21a91856b0d1afd215c7b6435661616cca87a47a03b64d2f7a0a430cca080364622e128319781be6fc6284fc8d25b0d920
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc40M:wFWPClFkM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4740-0-0x00007FF784420000-0x00007FF784815000-memory.dmp	xmrig
behavioral2/files/0x000d00000002337e-5.dat	xmrig
behavioral2/memory/1904-10-0x00007FF668D20000-0x00007FF669115000-memory.dmp	xmrig
behavioral2/files/0x000800000002341d-11.dat	xmrig
behavioral2/files/0x0008000000023420-9.dat	xmrig
behavioral2/memory/2480-14-0x00007FF6599A0000-0x00007FF659D95000-memory.dmp	xmrig
behavioral2/memory/4508-19-0x00007FF645390000-0x00007FF645785000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-22.dat	xmrig
behavioral2/files/0x0007000000023422-30.dat	xmrig
behavioral2/memory/4876-27-0x00007FF7E56B0000-0x00007FF7E5AA5000-memory.dmp	xmrig
behavioral2/memory/4180-32-0x00007FF727220000-0x00007FF727615000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-35.dat	xmrig
behavioral2/memory/1540-38-0x00007FF789DD0000-0x00007FF78A1C5000-memory.dmp	xmrig
behavioral2/files/0x000800000002341e-40.dat	xmrig
behavioral2/files/0x0007000000023424-47.dat	xmrig
behavioral2/memory/216-46-0x00007FF786D60000-0x00007FF787155000-memory.dmp	xmrig
behavioral2/memory/3100-53-0x00007FF62EEB0000-0x00007FF62F2A5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-55.dat	xmrig
behavioral2/memory/936-54-0x00007FF6C6DE0000-0x00007FF6C71D5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-59.dat	xmrig
behavioral2/memory/4740-62-0x00007FF784420000-0x00007FF784815000-memory.dmp	xmrig
behavioral2/files/0x0008000000023427-65.dat	xmrig
behavioral2/memory/1904-71-0x00007FF668D20000-0x00007FF669115000-memory.dmp	xmrig
behavioral2/files/0x0008000000023429-74.dat	xmrig
behavioral2/memory/4848-79-0x00007FF70CCA0000-0x00007FF70D095000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-92.dat	xmrig
behavioral2/files/0x000700000002342b-89.dat	xmrig
behavioral2/memory/4508-86-0x00007FF645390000-0x00007FF645785000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-97.dat	xmrig
behavioral2/files/0x000500000001e6e2-102.dat	xmrig
behavioral2/files/0x0007000000023430-117.dat	xmrig
behavioral2/files/0x0007000000023431-122.dat	xmrig
behavioral2/files/0x0007000000023433-130.dat	xmrig
behavioral2/files/0x0007000000023434-137.dat	xmrig
behavioral2/files/0x0007000000023439-160.dat	xmrig
behavioral2/files/0x000700000002343b-172.dat	xmrig
behavioral2/files/0x000700000002343c-177.dat	xmrig
behavioral2/files/0x000700000002343a-167.dat	xmrig
behavioral2/files/0x0007000000023438-157.dat	xmrig
behavioral2/files/0x0007000000023437-152.dat	xmrig
behavioral2/files/0x0007000000023436-147.dat	xmrig
behavioral2/files/0x0007000000023435-142.dat	xmrig
behavioral2/files/0x0007000000023432-127.dat	xmrig
behavioral2/files/0x000700000002342f-112.dat	xmrig
behavioral2/files/0x000700000002342e-107.dat	xmrig
behavioral2/files/0x000700000002342a-82.dat	xmrig
behavioral2/memory/3108-81-0x00007FF63C870000-0x00007FF63CC65000-memory.dmp	xmrig
behavioral2/memory/4216-76-0x00007FF7CB100000-0x00007FF7CB4F5000-memory.dmp	xmrig
behavioral2/memory/1276-70-0x00007FF6C2EF0000-0x00007FF6C32E5000-memory.dmp	xmrig
behavioral2/memory/2664-649-0x00007FF699AC0000-0x00007FF699EB5000-memory.dmp	xmrig
behavioral2/memory/3724-651-0x00007FF7DFB60000-0x00007FF7DFF55000-memory.dmp	xmrig
behavioral2/memory/3616-652-0x00007FF7A22D0000-0x00007FF7A26C5000-memory.dmp	xmrig
behavioral2/memory/3396-653-0x00007FF7FDDA0000-0x00007FF7FE195000-memory.dmp	xmrig
behavioral2/memory/5112-656-0x00007FF631150000-0x00007FF631545000-memory.dmp	xmrig
behavioral2/memory/1804-657-0x00007FF6F8260000-0x00007FF6F8655000-memory.dmp	xmrig
behavioral2/memory/1788-666-0x00007FF7393C0000-0x00007FF7397B5000-memory.dmp	xmrig
behavioral2/memory/2096-660-0x00007FF733F20000-0x00007FF734315000-memory.dmp	xmrig
behavioral2/memory/3288-669-0x00007FF6E8FF0000-0x00007FF6E93E5000-memory.dmp	xmrig
behavioral2/memory/4876-679-0x00007FF7E56B0000-0x00007FF7E5AA5000-memory.dmp	xmrig
behavioral2/memory/2640-677-0x00007FF7A5E90000-0x00007FF7A6285000-memory.dmp	xmrig
behavioral2/memory/2500-672-0x00007FF6AEB60000-0x00007FF6AEF55000-memory.dmp	xmrig
behavioral2/memory/1540-1297-0x00007FF789DD0000-0x00007FF78A1C5000-memory.dmp	xmrig
behavioral2/memory/4848-1986-0x00007FF70CCA0000-0x00007FF70D095000-memory.dmp	xmrig
behavioral2/memory/3108-1987-0x00007FF63C870000-0x00007FF63CC65000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1904	SyPvwHV.exe
2480	DUFAgqq.exe
4508	kfAKpwD.exe
4876	daLglJM.exe
4180	EzcxLuM.exe
1540	poliVpq.exe
216	YRgVZHB.exe
3100	MOynsLl.exe
936	jDXyIRB.exe
1276	osgffIi.exe
4216	gLPVEyX.exe
3108	LtzVLmH.exe
4848	yeopwCX.exe
2664	cqjEstz.exe
2640	nTMfhTU.exe
3724	klZkZhB.exe
3616	NETulmp.exe
3396	uKRyXRK.exe
5112	yzcTIlD.exe
1804	HKLcRAI.exe
2096	vEjMigU.exe
1788	wMGRdql.exe
3288	alJbzIl.exe
2500	ABdWhEt.exe
2060	OheGXQL.exe
4456	IukDqNg.exe
1944	LRAnYdA.exe
2260	uJUAXEk.exe
2428	pqeiaGX.exe
3060	JWkwLEn.exe
2248	FuiuUzr.exe
4904	ZdpIPIv.exe
1612	CowFhKB.exe
3428	cRHCPvW.exe
3548	RWOsHDz.exe
2460	NerQuAh.exe
2080	BKdPsAa.exe
2404	AwsjlTB.exe
1220	eRvvCkg.exe
3196	CRGfutb.exe
4300	wnkRsaB.exe
4292	HEGliTL.exe
944	ceGxJcO.exe
3876	APFAGtZ.exe
3908	eLrQRZB.exe
2188	BOADMSI.exe
2008	QJCpjIp.exe
2240	OssIjfm.exe
4664	ARwpNag.exe
1956	iaqnubD.exe
2232	rFLJnaq.exe
1472	HqMuRKA.exe
3236	NMlcEyl.exe
4012	rCWoYmo.exe
2172	ODbzRHq.exe
2108	VJNZSwo.exe
4152	jJkmXBe.exe
3356	TGOmIXH.exe
2600	KdfgGau.exe
4596	yYvcaLh.exe
1632	YxlLumq.exe
116	JlpldOR.exe
4736	aGZBdnz.exe
3488	TiZjZrT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4740-0-0x00007FF784420000-0x00007FF784815000-memory.dmp	upx
behavioral2/files/0x000d00000002337e-5.dat	upx
behavioral2/memory/1904-10-0x00007FF668D20000-0x00007FF669115000-memory.dmp	upx
behavioral2/files/0x000800000002341d-11.dat	upx
behavioral2/files/0x0008000000023420-9.dat	upx
behavioral2/memory/2480-14-0x00007FF6599A0000-0x00007FF659D95000-memory.dmp	upx
behavioral2/memory/4508-19-0x00007FF645390000-0x00007FF645785000-memory.dmp	upx
behavioral2/files/0x0007000000023421-22.dat	upx
behavioral2/files/0x0007000000023422-30.dat	upx
behavioral2/memory/4876-27-0x00007FF7E56B0000-0x00007FF7E5AA5000-memory.dmp	upx
behavioral2/memory/4180-32-0x00007FF727220000-0x00007FF727615000-memory.dmp	upx
behavioral2/files/0x0007000000023423-35.dat	upx
behavioral2/memory/1540-38-0x00007FF789DD0000-0x00007FF78A1C5000-memory.dmp	upx
behavioral2/files/0x000800000002341e-40.dat	upx
behavioral2/files/0x0007000000023424-47.dat	upx
behavioral2/memory/216-46-0x00007FF786D60000-0x00007FF787155000-memory.dmp	upx
behavioral2/memory/3100-53-0x00007FF62EEB0000-0x00007FF62F2A5000-memory.dmp	upx
behavioral2/files/0x0007000000023425-55.dat	upx
behavioral2/memory/936-54-0x00007FF6C6DE0000-0x00007FF6C71D5000-memory.dmp	upx
behavioral2/files/0x0007000000023426-59.dat	upx
behavioral2/memory/4740-62-0x00007FF784420000-0x00007FF784815000-memory.dmp	upx
behavioral2/files/0x0008000000023427-65.dat	upx
behavioral2/memory/1904-71-0x00007FF668D20000-0x00007FF669115000-memory.dmp	upx
behavioral2/files/0x0008000000023429-74.dat	upx
behavioral2/memory/4848-79-0x00007FF70CCA0000-0x00007FF70D095000-memory.dmp	upx
behavioral2/files/0x000700000002342c-92.dat	upx
behavioral2/files/0x000700000002342b-89.dat	upx
behavioral2/memory/4508-86-0x00007FF645390000-0x00007FF645785000-memory.dmp	upx
behavioral2/files/0x000700000002342d-97.dat	upx
behavioral2/files/0x000500000001e6e2-102.dat	upx
behavioral2/files/0x0007000000023430-117.dat	upx
behavioral2/files/0x0007000000023431-122.dat	upx
behavioral2/files/0x0007000000023433-130.dat	upx
behavioral2/files/0x0007000000023434-137.dat	upx
behavioral2/files/0x0007000000023439-160.dat	upx
behavioral2/files/0x000700000002343b-172.dat	upx
behavioral2/files/0x000700000002343c-177.dat	upx
behavioral2/files/0x000700000002343a-167.dat	upx
behavioral2/files/0x0007000000023438-157.dat	upx
behavioral2/files/0x0007000000023437-152.dat	upx
behavioral2/files/0x0007000000023436-147.dat	upx
behavioral2/files/0x0007000000023435-142.dat	upx
behavioral2/files/0x0007000000023432-127.dat	upx
behavioral2/files/0x000700000002342f-112.dat	upx
behavioral2/files/0x000700000002342e-107.dat	upx
behavioral2/files/0x000700000002342a-82.dat	upx
behavioral2/memory/3108-81-0x00007FF63C870000-0x00007FF63CC65000-memory.dmp	upx
behavioral2/memory/4216-76-0x00007FF7CB100000-0x00007FF7CB4F5000-memory.dmp	upx
behavioral2/memory/1276-70-0x00007FF6C2EF0000-0x00007FF6C32E5000-memory.dmp	upx
behavioral2/memory/2664-649-0x00007FF699AC0000-0x00007FF699EB5000-memory.dmp	upx
behavioral2/memory/3724-651-0x00007FF7DFB60000-0x00007FF7DFF55000-memory.dmp	upx
behavioral2/memory/3616-652-0x00007FF7A22D0000-0x00007FF7A26C5000-memory.dmp	upx
behavioral2/memory/3396-653-0x00007FF7FDDA0000-0x00007FF7FE195000-memory.dmp	upx
behavioral2/memory/5112-656-0x00007FF631150000-0x00007FF631545000-memory.dmp	upx
behavioral2/memory/1804-657-0x00007FF6F8260000-0x00007FF6F8655000-memory.dmp	upx
behavioral2/memory/1788-666-0x00007FF7393C0000-0x00007FF7397B5000-memory.dmp	upx
behavioral2/memory/2096-660-0x00007FF733F20000-0x00007FF734315000-memory.dmp	upx
behavioral2/memory/3288-669-0x00007FF6E8FF0000-0x00007FF6E93E5000-memory.dmp	upx
behavioral2/memory/4876-679-0x00007FF7E56B0000-0x00007FF7E5AA5000-memory.dmp	upx
behavioral2/memory/2640-677-0x00007FF7A5E90000-0x00007FF7A6285000-memory.dmp	upx
behavioral2/memory/2500-672-0x00007FF6AEB60000-0x00007FF6AEF55000-memory.dmp	upx
behavioral2/memory/1540-1297-0x00007FF789DD0000-0x00007FF78A1C5000-memory.dmp	upx
behavioral2/memory/4848-1986-0x00007FF70CCA0000-0x00007FF70D095000-memory.dmp	upx
behavioral2/memory/3108-1987-0x00007FF63C870000-0x00007FF63CC65000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\kPmhftr.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\daLglJM.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\LFvZSVO.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\dMDwqCz.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\pkEBxKt.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\gXTPGLt.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\KWfDXge.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\nXvtgVR.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\XEhOLCJ.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\DUFAgqq.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\hLgEsPs.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\YFMuTgH.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\TpPSTeQ.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\PKiSvHp.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\PSGCcmp.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\UfoDdpr.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\sOIuGxk.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\RZzdyGI.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\Tpehvpn.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\lGjDzZn.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\CemktlZ.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\OeLcMaJ.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\VJNZSwo.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\YONSVtp.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\Nhzngaf.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\WolRhyX.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\yNWPmbG.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\iDasNfZ.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\SzyNHAz.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\ICpqerq.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\qiNVGyt.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\PSsnhOM.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\DuHVXAb.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\HcdcDdZ.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\NkjIyDT.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\uJUAXEk.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\wWUoiWc.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\gryXyII.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\RcWojPu.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\XlDaZPu.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\PmyHdZJ.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\ACIRLlK.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\bHdbyrN.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\EvnEzwG.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\ykQRGvT.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\sEnLbCH.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\aBZgPNm.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\oqoBxeL.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\UwwjnEa.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\YwycQME.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\PAVgkiW.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\ZtvRucO.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\VQHwVac.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\ZLosIxS.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\LRAnYdA.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\cRHCPvW.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\eLrQRZB.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\xKcEqlY.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\aAeGIvP.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\zmHZCsb.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\kgquIhT.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\DZFvJvI.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\poliVpq.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
File created	C:\Windows\System32\jvEYnxi.exe	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 1904	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	81
PID 4740 wrote to memory of 1904	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	81
PID 4740 wrote to memory of 2480	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	83
PID 4740 wrote to memory of 2480	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	83
PID 4740 wrote to memory of 4508	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	84
PID 4740 wrote to memory of 4508	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	84
PID 4740 wrote to memory of 4876	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	86
PID 4740 wrote to memory of 4876	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	86
PID 4740 wrote to memory of 4180	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	87
PID 4740 wrote to memory of 4180	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	87
PID 4740 wrote to memory of 1540	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	88
PID 4740 wrote to memory of 1540	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	88
PID 4740 wrote to memory of 216	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	90
PID 4740 wrote to memory of 216	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	90
PID 4740 wrote to memory of 3100	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	91
PID 4740 wrote to memory of 3100	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	91
PID 4740 wrote to memory of 936	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	92
PID 4740 wrote to memory of 936	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	92
PID 4740 wrote to memory of 1276	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	93
PID 4740 wrote to memory of 1276	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	93
PID 4740 wrote to memory of 4216	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	94
PID 4740 wrote to memory of 4216	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	94
PID 4740 wrote to memory of 3108	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	95
PID 4740 wrote to memory of 3108	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	95
PID 4740 wrote to memory of 4848	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	96
PID 4740 wrote to memory of 4848	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	96
PID 4740 wrote to memory of 2664	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	97
PID 4740 wrote to memory of 2664	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	97
PID 4740 wrote to memory of 2640	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	98
PID 4740 wrote to memory of 2640	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	98
PID 4740 wrote to memory of 3724	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	99
PID 4740 wrote to memory of 3724	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	99
PID 4740 wrote to memory of 3616	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	100
PID 4740 wrote to memory of 3616	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	100
PID 4740 wrote to memory of 3396	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	101
PID 4740 wrote to memory of 3396	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	101
PID 4740 wrote to memory of 5112	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	102
PID 4740 wrote to memory of 5112	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	102
PID 4740 wrote to memory of 1804	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	103
PID 4740 wrote to memory of 1804	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	103
PID 4740 wrote to memory of 2096	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	104
PID 4740 wrote to memory of 2096	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	104
PID 4740 wrote to memory of 1788	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	105
PID 4740 wrote to memory of 1788	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	105
PID 4740 wrote to memory of 3288	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	106
PID 4740 wrote to memory of 3288	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	106
PID 4740 wrote to memory of 2500	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	107
PID 4740 wrote to memory of 2500	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	107
PID 4740 wrote to memory of 2060	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	108
PID 4740 wrote to memory of 2060	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	108
PID 4740 wrote to memory of 4456	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	109
PID 4740 wrote to memory of 4456	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	109
PID 4740 wrote to memory of 1944	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	110
PID 4740 wrote to memory of 1944	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	110
PID 4740 wrote to memory of 2260	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	111
PID 4740 wrote to memory of 2260	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	111
PID 4740 wrote to memory of 2428	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	112
PID 4740 wrote to memory of 2428	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	112
PID 4740 wrote to memory of 3060	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	113
PID 4740 wrote to memory of 3060	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	113
PID 4740 wrote to memory of 2248	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	114
PID 4740 wrote to memory of 2248	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	114
PID 4740 wrote to memory of 4904	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	115
PID 4740 wrote to memory of 4904	4740	4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4027b97d6d79743717ddc269f8929260_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\System32\SyPvwHV.exe
  C:\Windows\System32\SyPvwHV.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System32\DUFAgqq.exe
  C:\Windows\System32\DUFAgqq.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System32\kfAKpwD.exe
  C:\Windows\System32\kfAKpwD.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System32\daLglJM.exe
  C:\Windows\System32\daLglJM.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System32\EzcxLuM.exe
  C:\Windows\System32\EzcxLuM.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System32\poliVpq.exe
  C:\Windows\System32\poliVpq.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System32\YRgVZHB.exe
  C:\Windows\System32\YRgVZHB.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System32\MOynsLl.exe
  C:\Windows\System32\MOynsLl.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System32\jDXyIRB.exe
  C:\Windows\System32\jDXyIRB.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System32\osgffIi.exe
  C:\Windows\System32\osgffIi.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System32\gLPVEyX.exe
  C:\Windows\System32\gLPVEyX.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System32\LtzVLmH.exe
  C:\Windows\System32\LtzVLmH.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System32\yeopwCX.exe
  C:\Windows\System32\yeopwCX.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System32\cqjEstz.exe
  C:\Windows\System32\cqjEstz.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System32\nTMfhTU.exe
  C:\Windows\System32\nTMfhTU.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System32\klZkZhB.exe
  C:\Windows\System32\klZkZhB.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System32\NETulmp.exe
  C:\Windows\System32\NETulmp.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System32\uKRyXRK.exe
  C:\Windows\System32\uKRyXRK.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System32\yzcTIlD.exe
  C:\Windows\System32\yzcTIlD.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System32\HKLcRAI.exe
  C:\Windows\System32\HKLcRAI.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System32\vEjMigU.exe
  C:\Windows\System32\vEjMigU.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System32\wMGRdql.exe
  C:\Windows\System32\wMGRdql.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System32\alJbzIl.exe
  C:\Windows\System32\alJbzIl.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System32\ABdWhEt.exe
  C:\Windows\System32\ABdWhEt.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System32\OheGXQL.exe
  C:\Windows\System32\OheGXQL.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System32\IukDqNg.exe
  C:\Windows\System32\IukDqNg.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System32\LRAnYdA.exe
  C:\Windows\System32\LRAnYdA.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System32\uJUAXEk.exe
  C:\Windows\System32\uJUAXEk.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System32\pqeiaGX.exe
  C:\Windows\System32\pqeiaGX.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System32\JWkwLEn.exe
  C:\Windows\System32\JWkwLEn.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System32\FuiuUzr.exe
  C:\Windows\System32\FuiuUzr.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System32\ZdpIPIv.exe
  C:\Windows\System32\ZdpIPIv.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System32\CowFhKB.exe
  C:\Windows\System32\CowFhKB.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System32\cRHCPvW.exe
  C:\Windows\System32\cRHCPvW.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System32\RWOsHDz.exe
  C:\Windows\System32\RWOsHDz.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System32\NerQuAh.exe
  C:\Windows\System32\NerQuAh.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System32\BKdPsAa.exe
  C:\Windows\System32\BKdPsAa.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System32\AwsjlTB.exe
  C:\Windows\System32\AwsjlTB.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System32\eRvvCkg.exe
  C:\Windows\System32\eRvvCkg.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System32\CRGfutb.exe
  C:\Windows\System32\CRGfutb.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System32\wnkRsaB.exe
  C:\Windows\System32\wnkRsaB.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System32\HEGliTL.exe
  C:\Windows\System32\HEGliTL.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System32\ceGxJcO.exe
  C:\Windows\System32\ceGxJcO.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System32\APFAGtZ.exe
  C:\Windows\System32\APFAGtZ.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System32\eLrQRZB.exe
  C:\Windows\System32\eLrQRZB.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System32\BOADMSI.exe
  C:\Windows\System32\BOADMSI.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System32\QJCpjIp.exe
  C:\Windows\System32\QJCpjIp.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System32\OssIjfm.exe
  C:\Windows\System32\OssIjfm.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System32\ARwpNag.exe
  C:\Windows\System32\ARwpNag.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System32\iaqnubD.exe
  C:\Windows\System32\iaqnubD.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System32\rFLJnaq.exe
  C:\Windows\System32\rFLJnaq.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System32\HqMuRKA.exe
  C:\Windows\System32\HqMuRKA.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System32\NMlcEyl.exe
  C:\Windows\System32\NMlcEyl.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System32\rCWoYmo.exe
  C:\Windows\System32\rCWoYmo.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System32\ODbzRHq.exe
  C:\Windows\System32\ODbzRHq.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System32\VJNZSwo.exe
  C:\Windows\System32\VJNZSwo.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System32\jJkmXBe.exe
  C:\Windows\System32\jJkmXBe.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System32\TGOmIXH.exe
  C:\Windows\System32\TGOmIXH.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System32\KdfgGau.exe
  C:\Windows\System32\KdfgGau.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System32\yYvcaLh.exe
  C:\Windows\System32\yYvcaLh.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System32\YxlLumq.exe
  C:\Windows\System32\YxlLumq.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System32\JlpldOR.exe
  C:\Windows\System32\JlpldOR.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System32\aGZBdnz.exe
  C:\Windows\System32\aGZBdnz.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System32\TiZjZrT.exe
  C:\Windows\System32\TiZjZrT.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System32\aczelIk.exe
  C:\Windows\System32\aczelIk.exe
  2⤵
  PID:5076
- C:\Windows\System32\XzsaPie.exe
  C:\Windows\System32\XzsaPie.exe
  2⤵
  PID:3968
- C:\Windows\System32\xKcEqlY.exe
  C:\Windows\System32\xKcEqlY.exe
  2⤵
  PID:5116
- C:\Windows\System32\UsZnWrA.exe
  C:\Windows\System32\UsZnWrA.exe
  2⤵
  PID:3964
- C:\Windows\System32\ApxywnD.exe
  C:\Windows\System32\ApxywnD.exe
  2⤵
  PID:3840
- C:\Windows\System32\zmOJZiI.exe
  C:\Windows\System32\zmOJZiI.exe
  2⤵
  PID:3996
- C:\Windows\System32\vtUYBcl.exe
  C:\Windows\System32\vtUYBcl.exe
  2⤵
  PID:3980
- C:\Windows\System32\CSMQSRG.exe
  C:\Windows\System32\CSMQSRG.exe
  2⤵
  PID:4420
- C:\Windows\System32\GhpJlVp.exe
  C:\Windows\System32\GhpJlVp.exe
  2⤵
  PID:3328
- C:\Windows\System32\PSsnhOM.exe
  C:\Windows\System32\PSsnhOM.exe
  2⤵
  PID:5096
- C:\Windows\System32\HJMHeHV.exe
  C:\Windows\System32\HJMHeHV.exe
  2⤵
  PID:3292
- C:\Windows\System32\XihrEip.exe
  C:\Windows\System32\XihrEip.exe
  2⤵
  PID:3972
- C:\Windows\System32\GpSuBHi.exe
  C:\Windows\System32\GpSuBHi.exe
  2⤵
  PID:4536
- C:\Windows\System32\ImCWecF.exe
  C:\Windows\System32\ImCWecF.exe
  2⤵
  PID:2228
- C:\Windows\System32\jHRxeAL.exe
  C:\Windows\System32\jHRxeAL.exe
  2⤵
  PID:3112
- C:\Windows\System32\sYnMGeQ.exe
  C:\Windows\System32\sYnMGeQ.exe
  2⤵
  PID:5136
- C:\Windows\System32\yiOyrJc.exe
  C:\Windows\System32\yiOyrJc.exe
  2⤵
  PID:5164
- C:\Windows\System32\jvEYnxi.exe
  C:\Windows\System32\jvEYnxi.exe
  2⤵
  PID:5192
- C:\Windows\System32\qmmqVjT.exe
  C:\Windows\System32\qmmqVjT.exe
  2⤵
  PID:5220
- C:\Windows\System32\QqGuACa.exe
  C:\Windows\System32\QqGuACa.exe
  2⤵
  PID:5260
- C:\Windows\System32\PyPXnAf.exe
  C:\Windows\System32\PyPXnAf.exe
  2⤵
  PID:5276
- C:\Windows\System32\GkbFFJb.exe
  C:\Windows\System32\GkbFFJb.exe
  2⤵
  PID:5304
- C:\Windows\System32\TYykhHa.exe
  C:\Windows\System32\TYykhHa.exe
  2⤵
  PID:5344
- C:\Windows\System32\ayHrEqv.exe
  C:\Windows\System32\ayHrEqv.exe
  2⤵
  PID:5360
- C:\Windows\System32\rigApmb.exe
  C:\Windows\System32\rigApmb.exe
  2⤵
  PID:5388
- C:\Windows\System32\dCNvqgF.exe
  C:\Windows\System32\dCNvqgF.exe
  2⤵
  PID:5428
- C:\Windows\System32\XZTehzM.exe
  C:\Windows\System32\XZTehzM.exe
  2⤵
  PID:5456
- C:\Windows\System32\TWCxOrn.exe
  C:\Windows\System32\TWCxOrn.exe
  2⤵
  PID:5472
- C:\Windows\System32\depOczC.exe
  C:\Windows\System32\depOczC.exe
  2⤵
  PID:5512
- C:\Windows\System32\LFvZSVO.exe
  C:\Windows\System32\LFvZSVO.exe
  2⤵
  PID:5528
- C:\Windows\System32\idCpaeq.exe
  C:\Windows\System32\idCpaeq.exe
  2⤵
  PID:5568
- C:\Windows\System32\oFzPwwW.exe
  C:\Windows\System32\oFzPwwW.exe
  2⤵
  PID:5584
- C:\Windows\System32\aqUQGfy.exe
  C:\Windows\System32\aqUQGfy.exe
  2⤵
  PID:5624
- C:\Windows\System32\rNYNiNh.exe
  C:\Windows\System32\rNYNiNh.exe
  2⤵
  PID:5640
- C:\Windows\System32\iXcbBpM.exe
  C:\Windows\System32\iXcbBpM.exe
  2⤵
  PID:5668
- C:\Windows\System32\zYFTOaD.exe
  C:\Windows\System32\zYFTOaD.exe
  2⤵
  PID:5708
- C:\Windows\System32\myLmYNz.exe
  C:\Windows\System32\myLmYNz.exe
  2⤵
  PID:5724
- C:\Windows\System32\FhPjRVu.exe
  C:\Windows\System32\FhPjRVu.exe
  2⤵
  PID:5752
- C:\Windows\System32\WGnIvQw.exe
  C:\Windows\System32\WGnIvQw.exe
  2⤵
  PID:5792
- C:\Windows\System32\rhDGhle.exe
  C:\Windows\System32\rhDGhle.exe
  2⤵
  PID:5820
- C:\Windows\System32\RCFyiEl.exe
  C:\Windows\System32\RCFyiEl.exe
  2⤵
  PID:5836
- C:\Windows\System32\wgCkqBb.exe
  C:\Windows\System32\wgCkqBb.exe
  2⤵
  PID:5876
- C:\Windows\System32\QORnmVx.exe
  C:\Windows\System32\QORnmVx.exe
  2⤵
  PID:5892
- C:\Windows\System32\EuGFtrP.exe
  C:\Windows\System32\EuGFtrP.exe
  2⤵
  PID:5932
- C:\Windows\System32\FnAiDkv.exe
  C:\Windows\System32\FnAiDkv.exe
  2⤵
  PID:5948
- C:\Windows\System32\acnvUDi.exe
  C:\Windows\System32\acnvUDi.exe
  2⤵
  PID:5988
- C:\Windows\System32\rNcTIKm.exe
  C:\Windows\System32\rNcTIKm.exe
  2⤵
  PID:6004
- C:\Windows\System32\LCHUDgL.exe
  C:\Windows\System32\LCHUDgL.exe
  2⤵
  PID:6032
- C:\Windows\System32\ACIRLlK.exe
  C:\Windows\System32\ACIRLlK.exe
  2⤵
  PID:6060
- C:\Windows\System32\rbbiXNe.exe
  C:\Windows\System32\rbbiXNe.exe
  2⤵
  PID:6100
- C:\Windows\System32\jpndFCR.exe
  C:\Windows\System32\jpndFCR.exe
  2⤵
  PID:6128
- C:\Windows\System32\DRQQJME.exe
  C:\Windows\System32\DRQQJME.exe
  2⤵
  PID:4304
- C:\Windows\System32\WdeyQxd.exe
  C:\Windows\System32\WdeyQxd.exe
  2⤵
  PID:2052
- C:\Windows\System32\sOFAMdQ.exe
  C:\Windows\System32\sOFAMdQ.exe
  2⤵
  PID:3104
- C:\Windows\System32\zYYqVsL.exe
  C:\Windows\System32\zYYqVsL.exe
  2⤵
  PID:5132
- C:\Windows\System32\bHdbyrN.exe
  C:\Windows\System32\bHdbyrN.exe
  2⤵
  PID:5152
- C:\Windows\System32\lkmFPqX.exe
  C:\Windows\System32\lkmFPqX.exe
  2⤵
  PID:5232
- C:\Windows\System32\uxXazWt.exe
  C:\Windows\System32\uxXazWt.exe
  2⤵
  PID:5292
- C:\Windows\System32\IrzTBUT.exe
  C:\Windows\System32\IrzTBUT.exe
  2⤵
  PID:5384
- C:\Windows\System32\EuVvHrB.exe
  C:\Windows\System32\EuVvHrB.exe
  2⤵
  PID:5404
- C:\Windows\System32\AlaAZlw.exe
  C:\Windows\System32\AlaAZlw.exe
  2⤵
  PID:5520
- C:\Windows\System32\vWYYfCh.exe
  C:\Windows\System32\vWYYfCh.exe
  2⤵
  PID:5560
- C:\Windows\System32\dBzcvuw.exe
  C:\Windows\System32\dBzcvuw.exe
  2⤵
  PID:5600
- C:\Windows\System32\dMDwqCz.exe
  C:\Windows\System32\dMDwqCz.exe
  2⤵
  PID:5716
- C:\Windows\System32\daciyXj.exe
  C:\Windows\System32\daciyXj.exe
  2⤵
  PID:5748
- C:\Windows\System32\jIjbraI.exe
  C:\Windows\System32\jIjbraI.exe
  2⤵
  PID:5848
- C:\Windows\System32\vHIIJYM.exe
  C:\Windows\System32\vHIIJYM.exe
  2⤵
  PID:5888
- C:\Windows\System32\pmFOWyM.exe
  C:\Windows\System32\pmFOWyM.exe
  2⤵
  PID:5944
- C:\Windows\System32\PnvBLQx.exe
  C:\Windows\System32\PnvBLQx.exe
  2⤵
  PID:6044
- C:\Windows\System32\nWGcccP.exe
  C:\Windows\System32\nWGcccP.exe
  2⤵
  PID:6084
- C:\Windows\System32\TLjkkyG.exe
  C:\Windows\System32\TLjkkyG.exe
  2⤵
  PID:6136
- C:\Windows\System32\urnIiNZ.exe
  C:\Windows\System32\urnIiNZ.exe
  2⤵
  PID:2860
- C:\Windows\System32\MKxZJBN.exe
  C:\Windows\System32\MKxZJBN.exe
  2⤵
  PID:5252
- C:\Windows\System32\OtcBFoR.exe
  C:\Windows\System32\OtcBFoR.exe
  2⤵
  PID:5356
- C:\Windows\System32\RbLcKUx.exe
  C:\Windows\System32\RbLcKUx.exe
  2⤵
  PID:5552
- C:\Windows\System32\cnpCVjk.exe
  C:\Windows\System32\cnpCVjk.exe
  2⤵
  PID:5616
- C:\Windows\System32\lplYgAP.exe
  C:\Windows\System32\lplYgAP.exe
  2⤵
  PID:5812
- C:\Windows\System32\ZIfNLgf.exe
  C:\Windows\System32\ZIfNLgf.exe
  2⤵
  PID:5924
- C:\Windows\System32\MnJjbGb.exe
  C:\Windows\System32\MnJjbGb.exe
  2⤵
  PID:6072
- C:\Windows\System32\AdSDExW.exe
  C:\Windows\System32\AdSDExW.exe
  2⤵
  PID:4224
- C:\Windows\System32\AybOFYs.exe
  C:\Windows\System32\AybOFYs.exe
  2⤵
  PID:5328
- C:\Windows\System32\gFAoUFt.exe
  C:\Windows\System32\gFAoUFt.exe
  2⤵
  PID:6180
- C:\Windows\System32\ymlYbhR.exe
  C:\Windows\System32\ymlYbhR.exe
  2⤵
  PID:6196
- C:\Windows\System32\boEZDgs.exe
  C:\Windows\System32\boEZDgs.exe
  2⤵
  PID:6224
- C:\Windows\System32\yBkkqns.exe
  C:\Windows\System32\yBkkqns.exe
  2⤵
  PID:6264
- C:\Windows\System32\jIDxBwq.exe
  C:\Windows\System32\jIDxBwq.exe
  2⤵
  PID:6280
- C:\Windows\System32\tStyqHE.exe
  C:\Windows\System32\tStyqHE.exe
  2⤵
  PID:6308
- C:\Windows\System32\sICKdWq.exe
  C:\Windows\System32\sICKdWq.exe
  2⤵
  PID:6336
- C:\Windows\System32\ejJpnVx.exe
  C:\Windows\System32\ejJpnVx.exe
  2⤵
  PID:6376
- C:\Windows\System32\GHfiwGH.exe
  C:\Windows\System32\GHfiwGH.exe
  2⤵
  PID:6392
- C:\Windows\System32\TKXnnAi.exe
  C:\Windows\System32\TKXnnAi.exe
  2⤵
  PID:6420
- C:\Windows\System32\ZGfKpar.exe
  C:\Windows\System32\ZGfKpar.exe
  2⤵
  PID:6448
- C:\Windows\System32\hLgEsPs.exe
  C:\Windows\System32\hLgEsPs.exe
  2⤵
  PID:6488
- C:\Windows\System32\qMWiefR.exe
  C:\Windows\System32\qMWiefR.exe
  2⤵
  PID:6504
- C:\Windows\System32\QDKosOd.exe
  C:\Windows\System32\QDKosOd.exe
  2⤵
  PID:6544
- C:\Windows\System32\gvFMfLb.exe
  C:\Windows\System32\gvFMfLb.exe
  2⤵
  PID:6572
- C:\Windows\System32\bDrPiaz.exe
  C:\Windows\System32\bDrPiaz.exe
  2⤵
  PID:6596
- C:\Windows\System32\PPqLfOL.exe
  C:\Windows\System32\PPqLfOL.exe
  2⤵
  PID:6616
- C:\Windows\System32\zIXoRGH.exe
  C:\Windows\System32\zIXoRGH.exe
  2⤵
  PID:6644
- C:\Windows\System32\qafSqGR.exe
  C:\Windows\System32\qafSqGR.exe
  2⤵
  PID:6684
- C:\Windows\System32\DQtwuUu.exe
  C:\Windows\System32\DQtwuUu.exe
  2⤵
  PID:6700
- C:\Windows\System32\YFMuTgH.exe
  C:\Windows\System32\YFMuTgH.exe
  2⤵
  PID:6728
- C:\Windows\System32\zOhSlEt.exe
  C:\Windows\System32\zOhSlEt.exe
  2⤵
  PID:6768
- C:\Windows\System32\wPoStjh.exe
  C:\Windows\System32\wPoStjh.exe
  2⤵
  PID:6784
- C:\Windows\System32\TMNQIMp.exe
  C:\Windows\System32\TMNQIMp.exe
  2⤵
  PID:6812
- C:\Windows\System32\girJYGZ.exe
  C:\Windows\System32\girJYGZ.exe
  2⤵
  PID:6840
- C:\Windows\System32\UfoDdpr.exe
  C:\Windows\System32\UfoDdpr.exe
  2⤵
  PID:6868
- C:\Windows\System32\aAeGIvP.exe
  C:\Windows\System32\aAeGIvP.exe
  2⤵
  PID:6896
- C:\Windows\System32\AvupGuw.exe
  C:\Windows\System32\AvupGuw.exe
  2⤵
  PID:6936
- C:\Windows\System32\RYEgbFk.exe
  C:\Windows\System32\RYEgbFk.exe
  2⤵
  PID:6952
- C:\Windows\System32\rIVhAhs.exe
  C:\Windows\System32\rIVhAhs.exe
  2⤵
  PID:6980
- C:\Windows\System32\RqKZcvO.exe
  C:\Windows\System32\RqKZcvO.exe
  2⤵
  PID:7020
- C:\Windows\System32\iSzZNyc.exe
  C:\Windows\System32\iSzZNyc.exe
  2⤵
  PID:7036
- C:\Windows\System32\DRVnNOw.exe
  C:\Windows\System32\DRVnNOw.exe
  2⤵
  PID:7076
- C:\Windows\System32\vZPzwMX.exe
  C:\Windows\System32\vZPzwMX.exe
  2⤵
  PID:7092
- C:\Windows\System32\dvkvceZ.exe
  C:\Windows\System32\dvkvceZ.exe
  2⤵
  PID:7120
- C:\Windows\System32\rybeykc.exe
  C:\Windows\System32\rybeykc.exe
  2⤵
  PID:7160
- C:\Windows\System32\TFmpwNt.exe
  C:\Windows\System32\TFmpwNt.exe
  2⤵
  PID:5420
- C:\Windows\System32\qzaagHd.exe
  C:\Windows\System32\qzaagHd.exe
  2⤵
  PID:5916
- C:\Windows\System32\NmeLMBk.exe
  C:\Windows\System32\NmeLMBk.exe
  2⤵
  PID:4056
- C:\Windows\System32\leuhqjp.exe
  C:\Windows\System32\leuhqjp.exe
  2⤵
  PID:6172
- C:\Windows\System32\QRBwMYh.exe
  C:\Windows\System32\QRBwMYh.exe
  2⤵
  PID:6236
- C:\Windows\System32\uLrbWty.exe
  C:\Windows\System32\uLrbWty.exe
  2⤵
  PID:6320
- C:\Windows\System32\vEdSkpt.exe
  C:\Windows\System32\vEdSkpt.exe
  2⤵
  PID:6368
- C:\Windows\System32\XjbUOzi.exe
  C:\Windows\System32\XjbUOzi.exe
  2⤵
  PID:6408
- C:\Windows\System32\PONbYOB.exe
  C:\Windows\System32\PONbYOB.exe
  2⤵
  PID:6660
- C:\Windows\System32\mLfbMSW.exe
  C:\Windows\System32\mLfbMSW.exe
  2⤵
  PID:6740
- C:\Windows\System32\SIRofFi.exe
  C:\Windows\System32\SIRofFi.exe
  2⤵
  PID:6780
- C:\Windows\System32\omtxTib.exe
  C:\Windows\System32\omtxTib.exe
  2⤵
  PID:6828
- C:\Windows\System32\uOEWMBp.exe
  C:\Windows\System32\uOEWMBp.exe
  2⤵
  PID:6880
- C:\Windows\System32\kJdWazW.exe
  C:\Windows\System32\kJdWazW.exe
  2⤵
  PID:6912
- C:\Windows\System32\nXPiKuR.exe
  C:\Windows\System32\nXPiKuR.exe
  2⤵
  PID:7068
- C:\Windows\System32\uPuhsrW.exe
  C:\Windows\System32\uPuhsrW.exe
  2⤵
  PID:7116
- C:\Windows\System32\smpAHkS.exe
  C:\Windows\System32\smpAHkS.exe
  2⤵
  PID:5464
- C:\Windows\System32\StJIsRT.exe
  C:\Windows\System32\StJIsRT.exe
  2⤵
  PID:4580
- C:\Windows\System32\Tpehvpn.exe
  C:\Windows\System32\Tpehvpn.exe
  2⤵
  PID:488
- C:\Windows\System32\GKUIoPm.exe
  C:\Windows\System32\GKUIoPm.exe
  2⤵
  PID:4400
- C:\Windows\System32\AxlBlwR.exe
  C:\Windows\System32\AxlBlwR.exe
  2⤵
  PID:6304
- C:\Windows\System32\ufOfskA.exe
  C:\Windows\System32\ufOfskA.exe
  2⤵
  PID:2028
- C:\Windows\System32\ruQdyBb.exe
  C:\Windows\System32\ruQdyBb.exe
  2⤵
  PID:4516
- C:\Windows\System32\vOZtMHD.exe
  C:\Windows\System32\vOZtMHD.exe
  2⤵
  PID:228
- C:\Windows\System32\gGsgggu.exe
  C:\Windows\System32\gGsgggu.exe
  2⤵
  PID:6496
- C:\Windows\System32\XiXFDuL.exe
  C:\Windows\System32\XiXFDuL.exe
  2⤵
  PID:6836
- C:\Windows\System32\rryPRVK.exe
  C:\Windows\System32\rryPRVK.exe
  2⤵
  PID:6964
- C:\Windows\System32\JZDfupQ.exe
  C:\Windows\System32\JZDfupQ.exe
  2⤵
  PID:5072
- C:\Windows\System32\UwwjnEa.exe
  C:\Windows\System32\UwwjnEa.exe
  2⤵
  PID:6692
- C:\Windows\System32\KfQPPlC.exe
  C:\Windows\System32\KfQPPlC.exe
  2⤵
  PID:4052
- C:\Windows\System32\sGIXufj.exe
  C:\Windows\System32\sGIXufj.exe
  2⤵
  PID:1576
- C:\Windows\System32\RRyMzVA.exe
  C:\Windows\System32\RRyMzVA.exe
  2⤵
  PID:6360
- C:\Windows\System32\YONSVtp.exe
  C:\Windows\System32\YONSVtp.exe
  2⤵
  PID:3644
- C:\Windows\System32\EvnEzwG.exe
  C:\Windows\System32\EvnEzwG.exe
  2⤵
  PID:6908
- C:\Windows\System32\WnaHAyF.exe
  C:\Windows\System32\WnaHAyF.exe
  2⤵
  PID:1680
- C:\Windows\System32\yXhzMtv.exe
  C:\Windows\System32\yXhzMtv.exe
  2⤵
  PID:7048
- C:\Windows\System32\GWdnXzV.exe
  C:\Windows\System32\GWdnXzV.exe
  2⤵
  PID:224
- C:\Windows\System32\yYHHHFe.exe
  C:\Windows\System32\yYHHHFe.exe
  2⤵
  PID:6612
- C:\Windows\System32\Nhzngaf.exe
  C:\Windows\System32\Nhzngaf.exe
  2⤵
  PID:7176
- C:\Windows\System32\IpQIuvl.exe
  C:\Windows\System32\IpQIuvl.exe
  2⤵
  PID:7192
- C:\Windows\System32\CNrTIKK.exe
  C:\Windows\System32\CNrTIKK.exe
  2⤵
  PID:7236
- C:\Windows\System32\XJvDlCe.exe
  C:\Windows\System32\XJvDlCe.exe
  2⤵
  PID:7260
- C:\Windows\System32\vxMrvAL.exe
  C:\Windows\System32\vxMrvAL.exe
  2⤵
  PID:7280
- C:\Windows\System32\ybRjnWW.exe
  C:\Windows\System32\ybRjnWW.exe
  2⤵
  PID:7304
- C:\Windows\System32\qVtHZjj.exe
  C:\Windows\System32\qVtHZjj.exe
  2⤵
  PID:7324
- C:\Windows\System32\UyunvmV.exe
  C:\Windows\System32\UyunvmV.exe
  2⤵
  PID:7372
- C:\Windows\System32\fmfJBGV.exe
  C:\Windows\System32\fmfJBGV.exe
  2⤵
  PID:7400
- C:\Windows\System32\AKYsBPI.exe
  C:\Windows\System32\AKYsBPI.exe
  2⤵
  PID:7428
- C:\Windows\System32\wUUqGcQ.exe
  C:\Windows\System32\wUUqGcQ.exe
  2⤵
  PID:7456
- C:\Windows\System32\mBaMqCf.exe
  C:\Windows\System32\mBaMqCf.exe
  2⤵
  PID:7484
- C:\Windows\System32\IKthjQK.exe
  C:\Windows\System32\IKthjQK.exe
  2⤵
  PID:7512
- C:\Windows\System32\yiXKdUz.exe
  C:\Windows\System32\yiXKdUz.exe
  2⤵
  PID:7540
- C:\Windows\System32\ZlwBMWS.exe
  C:\Windows\System32\ZlwBMWS.exe
  2⤵
  PID:7568
- C:\Windows\System32\zmHZCsb.exe
  C:\Windows\System32\zmHZCsb.exe
  2⤵
  PID:7596
- C:\Windows\System32\ZdgrOLi.exe
  C:\Windows\System32\ZdgrOLi.exe
  2⤵
  PID:7612
- C:\Windows\System32\mMoHXvb.exe
  C:\Windows\System32\mMoHXvb.exe
  2⤵
  PID:7648
- C:\Windows\System32\xnbpCVA.exe
  C:\Windows\System32\xnbpCVA.exe
  2⤵
  PID:7668
- C:\Windows\System32\xfxzcFW.exe
  C:\Windows\System32\xfxzcFW.exe
  2⤵
  PID:7708
- C:\Windows\System32\Ceqpjan.exe
  C:\Windows\System32\Ceqpjan.exe
  2⤵
  PID:7724
- C:\Windows\System32\VpUSqve.exe
  C:\Windows\System32\VpUSqve.exe
  2⤵
  PID:7764
- C:\Windows\System32\blAGEGB.exe
  C:\Windows\System32\blAGEGB.exe
  2⤵
  PID:7792
- C:\Windows\System32\TPNMVbb.exe
  C:\Windows\System32\TPNMVbb.exe
  2⤵
  PID:7820
- C:\Windows\System32\kopNOGz.exe
  C:\Windows\System32\kopNOGz.exe
  2⤵
  PID:7848
- C:\Windows\System32\XBVhSFJ.exe
  C:\Windows\System32\XBVhSFJ.exe
  2⤵
  PID:7868
- C:\Windows\System32\DXlRPnT.exe
  C:\Windows\System32\DXlRPnT.exe
  2⤵
  PID:7912
- C:\Windows\System32\juwaDzI.exe
  C:\Windows\System32\juwaDzI.exe
  2⤵
  PID:7940
- C:\Windows\System32\qhohQiq.exe
  C:\Windows\System32\qhohQiq.exe
  2⤵
  PID:7968
- C:\Windows\System32\WolRhyX.exe
  C:\Windows\System32\WolRhyX.exe
  2⤵
  PID:7996
- C:\Windows\System32\LawzKdw.exe
  C:\Windows\System32\LawzKdw.exe
  2⤵
  PID:8024
- C:\Windows\System32\DLjSVBk.exe
  C:\Windows\System32\DLjSVBk.exe
  2⤵
  PID:8052
- C:\Windows\System32\ExYFQUW.exe
  C:\Windows\System32\ExYFQUW.exe
  2⤵
  PID:8080
- C:\Windows\System32\bOeRxzO.exe
  C:\Windows\System32\bOeRxzO.exe
  2⤵
  PID:8108
- C:\Windows\System32\UtKCUgJ.exe
  C:\Windows\System32\UtKCUgJ.exe
  2⤵
  PID:8124
- C:\Windows\System32\okCyNXR.exe
  C:\Windows\System32\okCyNXR.exe
  2⤵
  PID:8152
- C:\Windows\System32\bNAKbKb.exe
  C:\Windows\System32\bNAKbKb.exe
  2⤵
  PID:8188
- C:\Windows\System32\eqMtinc.exe
  C:\Windows\System32\eqMtinc.exe
  2⤵
  PID:7208
- C:\Windows\System32\RptmfPw.exe
  C:\Windows\System32\RptmfPw.exe
  2⤵
  PID:7296
- C:\Windows\System32\kgquIhT.exe
  C:\Windows\System32\kgquIhT.exe
  2⤵
  PID:7336
- C:\Windows\System32\jHhVlnb.exe
  C:\Windows\System32\jHhVlnb.exe
  2⤵
  PID:7412
- C:\Windows\System32\sdxseNF.exe
  C:\Windows\System32\sdxseNF.exe
  2⤵
  PID:7472
- C:\Windows\System32\DReohEy.exe
  C:\Windows\System32\DReohEy.exe
  2⤵
  PID:7528
- C:\Windows\System32\FCJnelx.exe
  C:\Windows\System32\FCJnelx.exe
  2⤵
  PID:5740
- C:\Windows\System32\fwuJqEr.exe
  C:\Windows\System32\fwuJqEr.exe
  2⤵
  PID:7640
- C:\Windows\System32\rNCAvyz.exe
  C:\Windows\System32\rNCAvyz.exe
  2⤵
  PID:7704
- C:\Windows\System32\OWnTwQA.exe
  C:\Windows\System32\OWnTwQA.exe
  2⤵
  PID:7784
- C:\Windows\System32\nUmIDrJ.exe
  C:\Windows\System32\nUmIDrJ.exe
  2⤵
  PID:7884
- C:\Windows\System32\PdhQuMf.exe
  C:\Windows\System32\PdhQuMf.exe
  2⤵
  PID:7952
- C:\Windows\System32\tAiEmmS.exe
  C:\Windows\System32\tAiEmmS.exe
  2⤵
  PID:8068
- C:\Windows\System32\tniXEeO.exe
  C:\Windows\System32\tniXEeO.exe
  2⤵
  PID:8120
- C:\Windows\System32\sEnLbCH.exe
  C:\Windows\System32\sEnLbCH.exe
  2⤵
  PID:6992
- C:\Windows\System32\mSqOaPt.exe
  C:\Windows\System32\mSqOaPt.exe
  2⤵
  PID:7268
- C:\Windows\System32\HMWvzTt.exe
  C:\Windows\System32\HMWvzTt.exe
  2⤵
  PID:7468
- C:\Windows\System32\EoVbIyO.exe
  C:\Windows\System32\EoVbIyO.exe
  2⤵
  PID:7656
- C:\Windows\System32\hZTNVly.exe
  C:\Windows\System32\hZTNVly.exe
  2⤵
  PID:7832
- C:\Windows\System32\CzLtMUL.exe
  C:\Windows\System32\CzLtMUL.exe
  2⤵
  PID:8064
- C:\Windows\System32\XvMFlOf.exe
  C:\Windows\System32\XvMFlOf.exe
  2⤵
  PID:8168
- C:\Windows\System32\sEyrAbR.exe
  C:\Windows\System32\sEyrAbR.exe
  2⤵
  PID:7532
- C:\Windows\System32\aAEmQfx.exe
  C:\Windows\System32\aAEmQfx.exe
  2⤵
  PID:7888
- C:\Windows\System32\fIyqQtS.exe
  C:\Windows\System32\fIyqQtS.exe
  2⤵
  PID:7448
- C:\Windows\System32\stThlma.exe
  C:\Windows\System32\stThlma.exe
  2⤵
  PID:7700
- C:\Windows\System32\SpkFgcZ.exe
  C:\Windows\System32\SpkFgcZ.exe
  2⤵
  PID:8212
- C:\Windows\System32\ZLosIxS.exe
  C:\Windows\System32\ZLosIxS.exe
  2⤵
  PID:8240
- C:\Windows\System32\rwxcGEc.exe
  C:\Windows\System32\rwxcGEc.exe
  2⤵
  PID:8268
- C:\Windows\System32\jQBelBk.exe
  C:\Windows\System32\jQBelBk.exe
  2⤵
  PID:8296
- C:\Windows\System32\AGSYzSz.exe
  C:\Windows\System32\AGSYzSz.exe
  2⤵
  PID:8324
- C:\Windows\System32\FGUOiwf.exe
  C:\Windows\System32\FGUOiwf.exe
  2⤵
  PID:8356
- C:\Windows\System32\ysTYFFC.exe
  C:\Windows\System32\ysTYFFC.exe
  2⤵
  PID:8384
- C:\Windows\System32\CjVimQB.exe
  C:\Windows\System32\CjVimQB.exe
  2⤵
  PID:8412
- C:\Windows\System32\pkEBxKt.exe
  C:\Windows\System32\pkEBxKt.exe
  2⤵
  PID:8440
- C:\Windows\System32\UiWoaad.exe
  C:\Windows\System32\UiWoaad.exe
  2⤵
  PID:8472
- C:\Windows\System32\yOutNcF.exe
  C:\Windows\System32\yOutNcF.exe
  2⤵
  PID:8500
- C:\Windows\System32\sOIuGxk.exe
  C:\Windows\System32\sOIuGxk.exe
  2⤵
  PID:8528
- C:\Windows\System32\tHqiEJe.exe
  C:\Windows\System32\tHqiEJe.exe
  2⤵
  PID:8560
- C:\Windows\System32\rXJGmRh.exe
  C:\Windows\System32\rXJGmRh.exe
  2⤵
  PID:8588
- C:\Windows\System32\sNcNHhq.exe
  C:\Windows\System32\sNcNHhq.exe
  2⤵
  PID:8616
- C:\Windows\System32\wWUoiWc.exe
  C:\Windows\System32\wWUoiWc.exe
  2⤵
  PID:8652
- C:\Windows\System32\ptOCOVu.exe
  C:\Windows\System32\ptOCOVu.exe
  2⤵
  PID:8684
- C:\Windows\System32\OBzdQXq.exe
  C:\Windows\System32\OBzdQXq.exe
  2⤵
  PID:8712
- C:\Windows\System32\blsUUFj.exe
  C:\Windows\System32\blsUUFj.exe
  2⤵
  PID:8744
- C:\Windows\System32\gXTPGLt.exe
  C:\Windows\System32\gXTPGLt.exe
  2⤵
  PID:8768
- C:\Windows\System32\GKtCktg.exe
  C:\Windows\System32\GKtCktg.exe
  2⤵
  PID:8800
- C:\Windows\System32\pILlUid.exe
  C:\Windows\System32\pILlUid.exe
  2⤵
  PID:8832
- C:\Windows\System32\yozOHfg.exe
  C:\Windows\System32\yozOHfg.exe
  2⤵
  PID:8864
- C:\Windows\System32\qPITyxN.exe
  C:\Windows\System32\qPITyxN.exe
  2⤵
  PID:8888
- C:\Windows\System32\eqrIaCR.exe
  C:\Windows\System32\eqrIaCR.exe
  2⤵
  PID:8928
- C:\Windows\System32\KWfDXge.exe
  C:\Windows\System32\KWfDXge.exe
  2⤵
  PID:8944
- C:\Windows\System32\pJWvwUh.exe
  C:\Windows\System32\pJWvwUh.exe
  2⤵
  PID:8988
- C:\Windows\System32\MBsJbuV.exe
  C:\Windows\System32\MBsJbuV.exe
  2⤵
  PID:9008
- C:\Windows\System32\pMjyedJ.exe
  C:\Windows\System32\pMjyedJ.exe
  2⤵
  PID:9032
- C:\Windows\System32\JQsSNkX.exe
  C:\Windows\System32\JQsSNkX.exe
  2⤵
  PID:9060
- C:\Windows\System32\DKnRJia.exe
  C:\Windows\System32\DKnRJia.exe
  2⤵
  PID:9088
- C:\Windows\System32\Rsnooae.exe
  C:\Windows\System32\Rsnooae.exe
  2⤵
  PID:9120
- C:\Windows\System32\IoflmZJ.exe
  C:\Windows\System32\IoflmZJ.exe
  2⤵
  PID:9152
- C:\Windows\System32\AhFvZok.exe
  C:\Windows\System32\AhFvZok.exe
  2⤵
  PID:9180
- C:\Windows\System32\TdJYMwD.exe
  C:\Windows\System32\TdJYMwD.exe
  2⤵
  PID:9208
- C:\Windows\System32\ZdZkFXY.exe
  C:\Windows\System32\ZdZkFXY.exe
  2⤵
  PID:8232
- C:\Windows\System32\HYAtQXe.exe
  C:\Windows\System32\HYAtQXe.exe
  2⤵
  PID:8284
- C:\Windows\System32\AFcWyqg.exe
  C:\Windows\System32\AFcWyqg.exe
  2⤵
  PID:8368
- C:\Windows\System32\zvcXwbj.exe
  C:\Windows\System32\zvcXwbj.exe
  2⤵
  PID:8432
- C:\Windows\System32\thNESxh.exe
  C:\Windows\System32\thNESxh.exe
  2⤵
  PID:8488
- C:\Windows\System32\stCZgoK.exe
  C:\Windows\System32\stCZgoK.exe
  2⤵
  PID:8572
- C:\Windows\System32\EAAQgyr.exe
  C:\Windows\System32\EAAQgyr.exe
  2⤵
  PID:8664
- C:\Windows\System32\AyxVEdx.exe
  C:\Windows\System32\AyxVEdx.exe
  2⤵
  PID:8708
- C:\Windows\System32\KXJtxXW.exe
  C:\Windows\System32\KXJtxXW.exe
  2⤵
  PID:8780
- C:\Windows\System32\zamsXmy.exe
  C:\Windows\System32\zamsXmy.exe
  2⤵
  PID:8856
- C:\Windows\System32\reMEVTb.exe
  C:\Windows\System32\reMEVTb.exe
  2⤵
  PID:2220
- C:\Windows\System32\DRTqqnO.exe
  C:\Windows\System32\DRTqqnO.exe
  2⤵
  PID:4544
- C:\Windows\System32\lLesmWW.exe
  C:\Windows\System32\lLesmWW.exe
  2⤵
  PID:7144
- C:\Windows\System32\owhYIzV.exe
  C:\Windows\System32\owhYIzV.exe
  2⤵
  PID:9016
- C:\Windows\System32\QqKsIVW.exe
  C:\Windows\System32\QqKsIVW.exe
  2⤵
  PID:9028
- C:\Windows\System32\JDtUKFE.exe
  C:\Windows\System32\JDtUKFE.exe
  2⤵
  PID:9100
- C:\Windows\System32\jbXpeAf.exe
  C:\Windows\System32\jbXpeAf.exe
  2⤵
  PID:9176
- C:\Windows\System32\szEmRhG.exe
  C:\Windows\System32\szEmRhG.exe
  2⤵
  PID:8260
- C:\Windows\System32\zVzFbsx.exe
  C:\Windows\System32\zVzFbsx.exe
  2⤵
  PID:8424
- C:\Windows\System32\AirGSML.exe
  C:\Windows\System32\AirGSML.exe
  2⤵
  PID:8612
- C:\Windows\System32\WaHckCn.exe
  C:\Windows\System32\WaHckCn.exe
  2⤵
  PID:8824
- C:\Windows\System32\LNjtSrt.exe
  C:\Windows\System32\LNjtSrt.exe
  2⤵
  PID:8788
- C:\Windows\System32\wxfdQLc.exe
  C:\Windows\System32\wxfdQLc.exe
  2⤵
  PID:8636
- C:\Windows\System32\GbFoGis.exe
  C:\Windows\System32\GbFoGis.exe
  2⤵
  PID:3612
- C:\Windows\System32\BhTcFOE.exe
  C:\Windows\System32\BhTcFOE.exe
  2⤵
  PID:9164
- C:\Windows\System32\kAWgfei.exe
  C:\Windows\System32\kAWgfei.exe
  2⤵
  PID:8200
- C:\Windows\System32\tgcQEyF.exe
  C:\Windows\System32\tgcQEyF.exe
  2⤵
  PID:8764
- C:\Windows\System32\jJXLSTW.exe
  C:\Windows\System32\jJXLSTW.exe
  2⤵
  PID:8676
- C:\Windows\System32\InkDmEF.exe
  C:\Windows\System32\InkDmEF.exe
  2⤵
  PID:8996
- C:\Windows\System32\GGsyXvs.exe
  C:\Windows\System32\GGsyXvs.exe
  2⤵
  PID:8672
- C:\Windows\System32\YwycQME.exe
  C:\Windows\System32\YwycQME.exe
  2⤵
  PID:8984
- C:\Windows\System32\qlCGTWy.exe
  C:\Windows\System32\qlCGTWy.exe
  2⤵
  PID:9244
- C:\Windows\System32\yNWPmbG.exe
  C:\Windows\System32\yNWPmbG.exe
  2⤵
  PID:9280
- C:\Windows\System32\YuARBTY.exe
  C:\Windows\System32\YuARBTY.exe
  2⤵
  PID:9308
- C:\Windows\System32\QNzlizY.exe
  C:\Windows\System32\QNzlizY.exe
  2⤵
  PID:9336
- C:\Windows\System32\YtvzVJT.exe
  C:\Windows\System32\YtvzVJT.exe
  2⤵
  PID:9364
- C:\Windows\System32\cJwumKd.exe
  C:\Windows\System32\cJwumKd.exe
  2⤵
  PID:9396
- C:\Windows\System32\rFIBvBL.exe
  C:\Windows\System32\rFIBvBL.exe
  2⤵
  PID:9436
- C:\Windows\System32\gryXyII.exe
  C:\Windows\System32\gryXyII.exe
  2⤵
  PID:9452
- C:\Windows\System32\iBjAnTN.exe
  C:\Windows\System32\iBjAnTN.exe
  2⤵
  PID:9480
- C:\Windows\System32\knIecLL.exe
  C:\Windows\System32\knIecLL.exe
  2⤵
  PID:9508
- C:\Windows\System32\BIEiSjR.exe
  C:\Windows\System32\BIEiSjR.exe
  2⤵
  PID:9536
- C:\Windows\System32\VdocOcs.exe
  C:\Windows\System32\VdocOcs.exe
  2⤵
  PID:9564
- C:\Windows\System32\YGjUoJo.exe
  C:\Windows\System32\YGjUoJo.exe
  2⤵
  PID:9592
- C:\Windows\System32\DuHVXAb.exe
  C:\Windows\System32\DuHVXAb.exe
  2⤵
  PID:9624
- C:\Windows\System32\ouJlRoA.exe
  C:\Windows\System32\ouJlRoA.exe
  2⤵
  PID:9656
- C:\Windows\System32\JesAHhQ.exe
  C:\Windows\System32\JesAHhQ.exe
  2⤵
  PID:9684
- C:\Windows\System32\dxcumkr.exe
  C:\Windows\System32\dxcumkr.exe
  2⤵
  PID:9712
- C:\Windows\System32\mveRijt.exe
  C:\Windows\System32\mveRijt.exe
  2⤵
  PID:9740
- C:\Windows\System32\KbSvODo.exe
  C:\Windows\System32\KbSvODo.exe
  2⤵
  PID:9768
- C:\Windows\System32\qJcHkUV.exe
  C:\Windows\System32\qJcHkUV.exe
  2⤵
  PID:9796
- C:\Windows\System32\rrwyiwH.exe
  C:\Windows\System32\rrwyiwH.exe
  2⤵
  PID:9836
- C:\Windows\System32\woTXjpN.exe
  C:\Windows\System32\woTXjpN.exe
  2⤵
  PID:9852
- C:\Windows\System32\OIPjxgG.exe
  C:\Windows\System32\OIPjxgG.exe
  2⤵
  PID:9880
- C:\Windows\System32\pelzEsk.exe
  C:\Windows\System32\pelzEsk.exe
  2⤵
  PID:9908
- C:\Windows\System32\UkxSOuQ.exe
  C:\Windows\System32\UkxSOuQ.exe
  2⤵
  PID:9936
- C:\Windows\System32\fSXAOas.exe
  C:\Windows\System32\fSXAOas.exe
  2⤵
  PID:9964
- C:\Windows\System32\pAILFtg.exe
  C:\Windows\System32\pAILFtg.exe
  2⤵
  PID:9992
- C:\Windows\System32\peLyzKf.exe
  C:\Windows\System32\peLyzKf.exe
  2⤵
  PID:10020
- C:\Windows\System32\PFuDvCN.exe
  C:\Windows\System32\PFuDvCN.exe
  2⤵
  PID:10048
- C:\Windows\System32\VnXcnHi.exe
  C:\Windows\System32\VnXcnHi.exe
  2⤵
  PID:10076
- C:\Windows\System32\ezjdPIl.exe
  C:\Windows\System32\ezjdPIl.exe
  2⤵
  PID:10104
- C:\Windows\System32\xgXRfrP.exe
  C:\Windows\System32\xgXRfrP.exe
  2⤵
  PID:10132
- C:\Windows\System32\HcdcDdZ.exe
  C:\Windows\System32\HcdcDdZ.exe
  2⤵
  PID:10160
- C:\Windows\System32\AuxanTS.exe
  C:\Windows\System32\AuxanTS.exe
  2⤵
  PID:10188
- C:\Windows\System32\YFOwAHY.exe
  C:\Windows\System32\YFOwAHY.exe
  2⤵
  PID:10216
- C:\Windows\System32\uAgZuBz.exe
  C:\Windows\System32\uAgZuBz.exe
  2⤵
  PID:9240
- C:\Windows\System32\AqcRaGt.exe
  C:\Windows\System32\AqcRaGt.exe
  2⤵
  PID:9300
- C:\Windows\System32\GPCMFzn.exe
  C:\Windows\System32\GPCMFzn.exe
  2⤵
  PID:9356
- C:\Windows\System32\auoGuRD.exe
  C:\Windows\System32\auoGuRD.exe
  2⤵
  PID:8396
- C:\Windows\System32\oVTZhGF.exe
  C:\Windows\System32\oVTZhGF.exe
  2⤵
  PID:9420
- C:\Windows\System32\EhbILJY.exe
  C:\Windows\System32\EhbILJY.exe
  2⤵
  PID:9500
- C:\Windows\System32\gydUiQP.exe
  C:\Windows\System32\gydUiQP.exe
  2⤵
  PID:9556
- C:\Windows\System32\GvUwhFz.exe
  C:\Windows\System32\GvUwhFz.exe
  2⤵
  PID:9636
- C:\Windows\System32\aBZgPNm.exe
  C:\Windows\System32\aBZgPNm.exe
  2⤵
  PID:9704
- C:\Windows\System32\SioisIY.exe
  C:\Windows\System32\SioisIY.exe
  2⤵
  PID:9764
- C:\Windows\System32\VUdoxIc.exe
  C:\Windows\System32\VUdoxIc.exe
  2⤵
  PID:8924
- C:\Windows\System32\FggqaVR.exe
  C:\Windows\System32\FggqaVR.exe
  2⤵
  PID:9000
- C:\Windows\System32\RZzdyGI.exe
  C:\Windows\System32\RZzdyGI.exe
  2⤵
  PID:9820
- C:\Windows\System32\wkETZGJ.exe
  C:\Windows\System32\wkETZGJ.exe
  2⤵
  PID:9864
- C:\Windows\System32\VHxATxr.exe
  C:\Windows\System32\VHxATxr.exe
  2⤵
  PID:9928
- C:\Windows\System32\kWAtIeP.exe
  C:\Windows\System32\kWAtIeP.exe
  2⤵
  PID:9988
- C:\Windows\System32\LhNUmjr.exe
  C:\Windows\System32\LhNUmjr.exe
  2⤵
  PID:8556
- C:\Windows\System32\ykldHYL.exe
  C:\Windows\System32\ykldHYL.exe
  2⤵
  PID:10116
- C:\Windows\System32\kzjJUKF.exe
  C:\Windows\System32\kzjJUKF.exe
  2⤵
  PID:10180
- C:\Windows\System32\eAVuija.exe
  C:\Windows\System32\eAVuija.exe
  2⤵
  PID:8048
- C:\Windows\System32\DdMnNNV.exe
  C:\Windows\System32\DdMnNNV.exe
  2⤵
  PID:9228
- C:\Windows\System32\XeNmMwN.exe
  C:\Windows\System32\XeNmMwN.exe
  2⤵
  PID:9492
- C:\Windows\System32\TpPSTeQ.exe
  C:\Windows\System32\TpPSTeQ.exe
  2⤵
  PID:9668
- C:\Windows\System32\TcIJFmP.exe
  C:\Windows\System32\TcIJFmP.exe
  2⤵
  PID:9148
- C:\Windows\System32\hTeOYfl.exe
  C:\Windows\System32\hTeOYfl.exe
  2⤵
  PID:9816
- C:\Windows\System32\roQihwE.exe
  C:\Windows\System32\roQihwE.exe
  2⤵
  PID:9956
- C:\Windows\System32\hUfBTkN.exe
  C:\Windows\System32\hUfBTkN.exe
  2⤵
  PID:10096
- C:\Windows\System32\BMMJrCZ.exe
  C:\Windows\System32\BMMJrCZ.exe
  2⤵
  PID:10208
- C:\Windows\System32\ilIOZOg.exe
  C:\Windows\System32\ilIOZOg.exe
  2⤵
  PID:9548
- C:\Windows\System32\zyNDcaF.exe
  C:\Windows\System32\zyNDcaF.exe
  2⤵
  PID:7556
- C:\Windows\System32\gegupzr.exe
  C:\Windows\System32\gegupzr.exe
  2⤵
  PID:10044
- C:\Windows\System32\aNRurua.exe
  C:\Windows\System32\aNRurua.exe
  2⤵
  PID:9532
- C:\Windows\System32\ooBpOHy.exe
  C:\Windows\System32\ooBpOHy.exe
  2⤵
  PID:10228
- C:\Windows\System32\Keogrlb.exe
  C:\Windows\System32\Keogrlb.exe
  2⤵
  PID:10040
- C:\Windows\System32\PLKWJtV.exe
  C:\Windows\System32\PLKWJtV.exe
  2⤵
  PID:10268
- C:\Windows\System32\JfwvybD.exe
  C:\Windows\System32\JfwvybD.exe
  2⤵
  PID:10296
- C:\Windows\System32\YtXJxme.exe
  C:\Windows\System32\YtXJxme.exe
  2⤵
  PID:10324
- C:\Windows\System32\EvLAqna.exe
  C:\Windows\System32\EvLAqna.exe
  2⤵
  PID:10352
- C:\Windows\System32\fVlQQvF.exe
  C:\Windows\System32\fVlQQvF.exe
  2⤵
  PID:10380
- C:\Windows\System32\mBfqHiM.exe
  C:\Windows\System32\mBfqHiM.exe
  2⤵
  PID:10408
- C:\Windows\System32\RRomaxH.exe
  C:\Windows\System32\RRomaxH.exe
  2⤵
  PID:10436
- C:\Windows\System32\vkKBnYF.exe
  C:\Windows\System32\vkKBnYF.exe
  2⤵
  PID:10464
- C:\Windows\System32\vBCgPQy.exe
  C:\Windows\System32\vBCgPQy.exe
  2⤵
  PID:10492
- C:\Windows\System32\XYMzpVh.exe
  C:\Windows\System32\XYMzpVh.exe
  2⤵
  PID:10520
- C:\Windows\System32\jUxgUBY.exe
  C:\Windows\System32\jUxgUBY.exe
  2⤵
  PID:10548
- C:\Windows\System32\mLuznAZ.exe
  C:\Windows\System32\mLuznAZ.exe
  2⤵
  PID:10576
- C:\Windows\System32\nXvtgVR.exe
  C:\Windows\System32\nXvtgVR.exe
  2⤵
  PID:10604
- C:\Windows\System32\PAVgkiW.exe
  C:\Windows\System32\PAVgkiW.exe
  2⤵
  PID:10632
- C:\Windows\System32\RsbKPAt.exe
  C:\Windows\System32\RsbKPAt.exe
  2⤵
  PID:10660
- C:\Windows\System32\rSWsFUQ.exe
  C:\Windows\System32\rSWsFUQ.exe
  2⤵
  PID:10688
- C:\Windows\System32\EREYLqe.exe
  C:\Windows\System32\EREYLqe.exe
  2⤵
  PID:10716
- C:\Windows\System32\oqoBxeL.exe
  C:\Windows\System32\oqoBxeL.exe
  2⤵
  PID:10744
- C:\Windows\System32\PfAmJnc.exe
  C:\Windows\System32\PfAmJnc.exe
  2⤵
  PID:10772
- C:\Windows\System32\kPmhftr.exe
  C:\Windows\System32\kPmhftr.exe
  2⤵
  PID:10800
- C:\Windows\System32\PAvAOZl.exe
  C:\Windows\System32\PAvAOZl.exe
  2⤵
  PID:10828
- C:\Windows\System32\WwQgfZw.exe
  C:\Windows\System32\WwQgfZw.exe
  2⤵
  PID:10856
- C:\Windows\System32\yWArZWM.exe
  C:\Windows\System32\yWArZWM.exe
  2⤵
  PID:10888
- C:\Windows\System32\zgOwQVm.exe
  C:\Windows\System32\zgOwQVm.exe
  2⤵
  PID:10916
- C:\Windows\System32\niGEBle.exe
  C:\Windows\System32\niGEBle.exe
  2⤵
  PID:10944
- C:\Windows\System32\fUXXPOs.exe
  C:\Windows\System32\fUXXPOs.exe
  2⤵
  PID:10972
- C:\Windows\System32\BsNaHkJ.exe
  C:\Windows\System32\BsNaHkJ.exe
  2⤵
  PID:11000
- C:\Windows\System32\grQXqIk.exe
  C:\Windows\System32\grQXqIk.exe
  2⤵
  PID:11028
- C:\Windows\System32\yZVOOxa.exe
  C:\Windows\System32\yZVOOxa.exe
  2⤵
  PID:11056
- C:\Windows\System32\yFejEcG.exe
  C:\Windows\System32\yFejEcG.exe
  2⤵
  PID:11084
- C:\Windows\System32\tTDQmiQ.exe
  C:\Windows\System32\tTDQmiQ.exe
  2⤵
  PID:11112
- C:\Windows\System32\buNpHBX.exe
  C:\Windows\System32\buNpHBX.exe
  2⤵
  PID:11140
- C:\Windows\System32\IdMQsrm.exe
  C:\Windows\System32\IdMQsrm.exe
  2⤵
  PID:11168
- C:\Windows\System32\sYXdWQy.exe
  C:\Windows\System32\sYXdWQy.exe
  2⤵
  PID:11196
- C:\Windows\System32\nQancNi.exe
  C:\Windows\System32\nQancNi.exe
  2⤵
  PID:11224
- C:\Windows\System32\wGJMFms.exe
  C:\Windows\System32\wGJMFms.exe
  2⤵
  PID:11260
- C:\Windows\System32\dDyZtcW.exe
  C:\Windows\System32\dDyZtcW.exe
  2⤵
  PID:10280
- C:\Windows\System32\dghwWpV.exe
  C:\Windows\System32\dghwWpV.exe
  2⤵
  PID:10364
- C:\Windows\System32\zrBIwly.exe
  C:\Windows\System32\zrBIwly.exe
  2⤵
  PID:10404
- C:\Windows\System32\dNeoIEA.exe
  C:\Windows\System32\dNeoIEA.exe
  2⤵
  PID:10480
- C:\Windows\System32\mgOAnuU.exe
  C:\Windows\System32\mgOAnuU.exe
  2⤵
  PID:9576
- C:\Windows\System32\iBEXGOT.exe
  C:\Windows\System32\iBEXGOT.exe
  2⤵
  PID:10596
- C:\Windows\System32\BddcSSm.exe
  C:\Windows\System32\BddcSSm.exe
  2⤵
  PID:10656
- C:\Windows\System32\VgxSMpH.exe
  C:\Windows\System32\VgxSMpH.exe
  2⤵
  PID:10732
- C:\Windows\System32\mMzNCRW.exe
  C:\Windows\System32\mMzNCRW.exe
  2⤵
  PID:10796
- C:\Windows\System32\mwHZYPt.exe
  C:\Windows\System32\mwHZYPt.exe
  2⤵
  PID:10852
- C:\Windows\System32\pwGKhbd.exe
  C:\Windows\System32\pwGKhbd.exe
  2⤵
  PID:10928
- C:\Windows\System32\UqzWZQW.exe
  C:\Windows\System32\UqzWZQW.exe
  2⤵
  PID:10996
- C:\Windows\System32\ubaGADo.exe
  C:\Windows\System32\ubaGADo.exe
  2⤵
  PID:11052
- C:\Windows\System32\dTctjKe.exe
  C:\Windows\System32\dTctjKe.exe
  2⤵
  PID:11124
- C:\Windows\System32\Zzqjcud.exe
  C:\Windows\System32\Zzqjcud.exe
  2⤵
  PID:11188
- C:\Windows\System32\ikYhZQm.exe
  C:\Windows\System32\ikYhZQm.exe
  2⤵
  PID:11248
- C:\Windows\System32\wNPOSEz.exe
  C:\Windows\System32\wNPOSEz.exe
  2⤵
  PID:10376
- C:\Windows\System32\HDFKjvJ.exe
  C:\Windows\System32\HDFKjvJ.exe
  2⤵
  PID:10516
- C:\Windows\System32\HIfwzFu.exe
  C:\Windows\System32\HIfwzFu.exe
  2⤵
  PID:10644
- C:\Windows\System32\zgKAioF.exe
  C:\Windows\System32\zgKAioF.exe
  2⤵
  PID:10820
- C:\Windows\System32\kUCbKJx.exe
  C:\Windows\System32\kUCbKJx.exe
  2⤵
  PID:10964
- C:\Windows\System32\ovNnhkt.exe
  C:\Windows\System32\ovNnhkt.exe
  2⤵
  PID:11104
- C:\Windows\System32\osbOjTH.exe
  C:\Windows\System32\osbOjTH.exe
  2⤵
  PID:10264
- C:\Windows\System32\uyfhZLA.exe
  C:\Windows\System32\uyfhZLA.exe
  2⤵
  PID:10624
- C:\Windows\System32\uhLqtzC.exe
  C:\Windows\System32\uhLqtzC.exe
  2⤵
  PID:10956
- C:\Windows\System32\VTszEFt.exe
  C:\Windows\System32\VTszEFt.exe
  2⤵
  PID:10456
- C:\Windows\System32\WyNMCxh.exe
  C:\Windows\System32\WyNMCxh.exe
  2⤵
  PID:10872
- C:\Windows\System32\ENNoaDB.exe
  C:\Windows\System32\ENNoaDB.exe
  2⤵
  PID:11108
- C:\Windows\System32\BgyOnOW.exe
  C:\Windows\System32\BgyOnOW.exe
  2⤵
  PID:11292
- C:\Windows\System32\ylFXnoh.exe
  C:\Windows\System32\ylFXnoh.exe
  2⤵
  PID:11320
- C:\Windows\System32\TzpQpvu.exe
  C:\Windows\System32\TzpQpvu.exe
  2⤵
  PID:11348
- C:\Windows\System32\YbZQIEY.exe
  C:\Windows\System32\YbZQIEY.exe
  2⤵
  PID:11376
- C:\Windows\System32\HIqQmON.exe
  C:\Windows\System32\HIqQmON.exe
  2⤵
  PID:11404
- C:\Windows\System32\UAOqMTc.exe
  C:\Windows\System32\UAOqMTc.exe
  2⤵
  PID:11432
- C:\Windows\System32\XFktSob.exe
  C:\Windows\System32\XFktSob.exe
  2⤵
  PID:11460
- C:\Windows\System32\lrGATuI.exe
  C:\Windows\System32\lrGATuI.exe
  2⤵
  PID:11488
- C:\Windows\System32\xbKyzdy.exe
  C:\Windows\System32\xbKyzdy.exe
  2⤵
  PID:11516
- C:\Windows\System32\urgnQGN.exe
  C:\Windows\System32\urgnQGN.exe
  2⤵
  PID:11548
- C:\Windows\System32\lGjDzZn.exe
  C:\Windows\System32\lGjDzZn.exe
  2⤵
  PID:11576
- C:\Windows\System32\oBvJwln.exe
  C:\Windows\System32\oBvJwln.exe
  2⤵
  PID:11604
- C:\Windows\System32\wdHcgHT.exe
  C:\Windows\System32\wdHcgHT.exe
  2⤵
  PID:11632
- C:\Windows\System32\dIHaVxo.exe
  C:\Windows\System32\dIHaVxo.exe
  2⤵
  PID:11660
- C:\Windows\System32\afBoZoq.exe
  C:\Windows\System32\afBoZoq.exe
  2⤵
  PID:11688
- C:\Windows\System32\OrYYrbw.exe
  C:\Windows\System32\OrYYrbw.exe
  2⤵
  PID:11716
- C:\Windows\System32\ykQRGvT.exe
  C:\Windows\System32\ykQRGvT.exe
  2⤵
  PID:11744
- C:\Windows\System32\zzJhcHW.exe
  C:\Windows\System32\zzJhcHW.exe
  2⤵
  PID:11772
- C:\Windows\System32\pVsPZGD.exe
  C:\Windows\System32\pVsPZGD.exe
  2⤵
  PID:11800
- C:\Windows\System32\KlyEgmb.exe
  C:\Windows\System32\KlyEgmb.exe
  2⤵
  PID:11816
- C:\Windows\System32\iwQHczV.exe
  C:\Windows\System32\iwQHczV.exe
  2⤵
  PID:11844
- C:\Windows\System32\FyKSlTU.exe
  C:\Windows\System32\FyKSlTU.exe
  2⤵
  PID:11860
- C:\Windows\System32\JiAXTul.exe
  C:\Windows\System32\JiAXTul.exe
  2⤵
  PID:11912
- C:\Windows\System32\vsSquWT.exe
  C:\Windows\System32\vsSquWT.exe
  2⤵
  PID:11940
- C:\Windows\System32\zIjZDYf.exe
  C:\Windows\System32\zIjZDYf.exe
  2⤵
  PID:11972
- C:\Windows\System32\gdMgrMl.exe
  C:\Windows\System32\gdMgrMl.exe
  2⤵
  PID:12000
- C:\Windows\System32\ZFQBcBS.exe
  C:\Windows\System32\ZFQBcBS.exe
  2⤵
  PID:12028
- C:\Windows\System32\YcBrtTf.exe
  C:\Windows\System32\YcBrtTf.exe
  2⤵
  PID:12056
- C:\Windows\System32\gAKbnSo.exe
  C:\Windows\System32\gAKbnSo.exe
  2⤵
  PID:12084
- C:\Windows\System32\ORQrPGp.exe
  C:\Windows\System32\ORQrPGp.exe
  2⤵
  PID:12112
- C:\Windows\System32\yAFgCUp.exe
  C:\Windows\System32\yAFgCUp.exe
  2⤵
  PID:12140
- C:\Windows\System32\XrfUMHe.exe
  C:\Windows\System32\XrfUMHe.exe
  2⤵
  PID:12168
- C:\Windows\System32\wJWgDEF.exe
  C:\Windows\System32\wJWgDEF.exe
  2⤵
  PID:12196
- C:\Windows\System32\hvnvUKw.exe
  C:\Windows\System32\hvnvUKw.exe
  2⤵
  PID:12224
- C:\Windows\System32\iDasNfZ.exe
  C:\Windows\System32\iDasNfZ.exe
  2⤵
  PID:12252
- C:\Windows\System32\jrxsPfA.exe
  C:\Windows\System32\jrxsPfA.exe
  2⤵
  PID:12280
- C:\Windows\System32\yMAVCXP.exe
  C:\Windows\System32\yMAVCXP.exe
  2⤵
  PID:11316
- C:\Windows\System32\jjJIfSj.exe
  C:\Windows\System32\jjJIfSj.exe
  2⤵
  PID:11388
- C:\Windows\System32\xgscaCT.exe
  C:\Windows\System32\xgscaCT.exe
  2⤵
  PID:11452
- C:\Windows\System32\cggoFYv.exe
  C:\Windows\System32\cggoFYv.exe
  2⤵
  PID:11508
- C:\Windows\System32\NouQgNE.exe
  C:\Windows\System32\NouQgNE.exe
  2⤵
  PID:11588
- C:\Windows\System32\DKMinqQ.exe
  C:\Windows\System32\DKMinqQ.exe
  2⤵
  PID:11672
- C:\Windows\System32\cznSceW.exe
  C:\Windows\System32\cznSceW.exe
  2⤵
  PID:3792
- C:\Windows\System32\QrRaHIR.exe
  C:\Windows\System32\QrRaHIR.exe
  2⤵
  PID:11768
- C:\Windows\System32\SzyNHAz.exe
  C:\Windows\System32\SzyNHAz.exe
  2⤵
  PID:11836
- C:\Windows\System32\FCEsfJj.exe
  C:\Windows\System32\FCEsfJj.exe
  2⤵
  PID:11880
- C:\Windows\System32\omlpvcE.exe
  C:\Windows\System32\omlpvcE.exe
  2⤵
  PID:11964
- C:\Windows\System32\hSWVKjX.exe
  C:\Windows\System32\hSWVKjX.exe
  2⤵
  PID:12024
- C:\Windows\System32\XyTfrmT.exe
  C:\Windows\System32\XyTfrmT.exe
  2⤵
  PID:12096
- C:\Windows\System32\XYIlGYQ.exe
  C:\Windows\System32\XYIlGYQ.exe
  2⤵
  PID:12160
- C:\Windows\System32\nOUpcuX.exe
  C:\Windows\System32\nOUpcuX.exe
  2⤵
  PID:12220
- C:\Windows\System32\DlxEKBh.exe
  C:\Windows\System32\DlxEKBh.exe
  2⤵
  PID:11284
- C:\Windows\System32\ZXMoLSc.exe
  C:\Windows\System32\ZXMoLSc.exe
  2⤵
  PID:11428
- C:\Windows\System32\Jpwvxdk.exe
  C:\Windows\System32\Jpwvxdk.exe
  2⤵
  PID:11568
- C:\Windows\System32\rFejjwg.exe
  C:\Windows\System32\rFejjwg.exe
  2⤵
  PID:11728
- C:\Windows\System32\DZFvJvI.exe
  C:\Windows\System32\DZFvJvI.exe
  2⤵
  PID:11876
- C:\Windows\System32\AEuJyGr.exe
  C:\Windows\System32\AEuJyGr.exe
  2⤵
  PID:12076
- C:\Windows\System32\GXyGZts.exe
  C:\Windows\System32\GXyGZts.exe
  2⤵
  PID:11544
- C:\Windows\System32\GfuUrnJ.exe
  C:\Windows\System32\GfuUrnJ.exe
  2⤵
  PID:12380
- C:\Windows\System32\mRcWGJj.exe
  C:\Windows\System32\mRcWGJj.exe
  2⤵
  PID:12396
- C:\Windows\System32\QhuBXOU.exe
  C:\Windows\System32\QhuBXOU.exe
  2⤵
  PID:12420
- C:\Windows\System32\GkiRZWE.exe
  C:\Windows\System32\GkiRZWE.exe
  2⤵
  PID:12464
- C:\Windows\System32\iQAMRLE.exe
  C:\Windows\System32\iQAMRLE.exe
  2⤵
  PID:12496
- C:\Windows\System32\ZtvRucO.exe
  C:\Windows\System32\ZtvRucO.exe
  2⤵
  PID:12524
- C:\Windows\System32\IwBiWrn.exe
  C:\Windows\System32\IwBiWrn.exe
  2⤵
  PID:12556
- C:\Windows\System32\YFTJNwK.exe
  C:\Windows\System32\YFTJNwK.exe
  2⤵
  PID:12580
- C:\Windows\System32\OknmynZ.exe
  C:\Windows\System32\OknmynZ.exe
  2⤵
  PID:12608
- C:\Windows\System32\NkjIyDT.exe
  C:\Windows\System32\NkjIyDT.exe
  2⤵
  PID:12636
- C:\Windows\System32\VIIjVRc.exe
  C:\Windows\System32\VIIjVRc.exe
  2⤵
  PID:12664
- C:\Windows\System32\xfvCtBp.exe
  C:\Windows\System32\xfvCtBp.exe
  2⤵
  PID:12692
- C:\Windows\System32\eEufljY.exe
  C:\Windows\System32\eEufljY.exe
  2⤵
  PID:12720
- C:\Windows\System32\QnrBVrf.exe
  C:\Windows\System32\QnrBVrf.exe
  2⤵
  PID:12748
- C:\Windows\System32\RcWojPu.exe
  C:\Windows\System32\RcWojPu.exe
  2⤵
  PID:12780
- C:\Windows\System32\oXgtTWP.exe
  C:\Windows\System32\oXgtTWP.exe
  2⤵
  PID:12808
- C:\Windows\System32\rmqDIMI.exe
  C:\Windows\System32\rmqDIMI.exe
  2⤵
  PID:12836
- C:\Windows\System32\juWGQje.exe
  C:\Windows\System32\juWGQje.exe
  2⤵
  PID:12864
- C:\Windows\System32\swdoxrT.exe
  C:\Windows\System32\swdoxrT.exe
  2⤵
  PID:12892
- C:\Windows\System32\BzcbCey.exe
  C:\Windows\System32\BzcbCey.exe
  2⤵
  PID:12920
- C:\Windows\System32\YFpvzCs.exe
  C:\Windows\System32\YFpvzCs.exe
  2⤵
  PID:12948
- C:\Windows\System32\ZmfaSqn.exe
  C:\Windows\System32\ZmfaSqn.exe
  2⤵
  PID:12976
- C:\Windows\System32\pTCeZic.exe
  C:\Windows\System32\pTCeZic.exe
  2⤵
  PID:13004
- C:\Windows\System32\hQffEKM.exe
  C:\Windows\System32\hQffEKM.exe
  2⤵
  PID:13032
- C:\Windows\System32\HARHNUQ.exe
  C:\Windows\System32\HARHNUQ.exe
  2⤵
  PID:13060
- C:\Windows\System32\dVpfFTQ.exe
  C:\Windows\System32\dVpfFTQ.exe
  2⤵
  PID:13088
- C:\Windows\System32\BEFkMVM.exe
  C:\Windows\System32\BEFkMVM.exe
  2⤵
  PID:13116
- C:\Windows\System32\mEHbXWx.exe
  C:\Windows\System32\mEHbXWx.exe
  2⤵
  PID:13144
- C:\Windows\System32\eEnDcfb.exe
  C:\Windows\System32\eEnDcfb.exe
  2⤵
  PID:13172
- C:\Windows\System32\myrThfd.exe
  C:\Windows\System32\myrThfd.exe
  2⤵
  PID:13200
- C:\Windows\System32\oMbJEMN.exe
  C:\Windows\System32\oMbJEMN.exe
  2⤵
  PID:13228
- C:\Windows\System32\QUCeCoJ.exe
  C:\Windows\System32\QUCeCoJ.exe
  2⤵
  PID:13256
- C:\Windows\System32\AjArDxZ.exe
  C:\Windows\System32\AjArDxZ.exe
  2⤵
  PID:13284
- C:\Windows\System32\RYRbzDr.exe
  C:\Windows\System32\RYRbzDr.exe
  2⤵
  PID:1292
- C:\Windows\System32\xcrrCTN.exe
  C:\Windows\System32\xcrrCTN.exe
  2⤵
  PID:12272
- C:\Windows\System32\AUquyZR.exe
  C:\Windows\System32\AUquyZR.exe
  2⤵
  PID:11572
- C:\Windows\System32\JhRAtDH.exe
  C:\Windows\System32\JhRAtDH.exe
  2⤵
  PID:11932
- C:\Windows\System32\KGJAYIN.exe
  C:\Windows\System32\KGJAYIN.exe
  2⤵
  PID:12292
- C:\Windows\System32\uguclTh.exe
  C:\Windows\System32\uguclTh.exe
  2⤵
  PID:12328
- C:\Windows\System32\OgLqHAE.exe
  C:\Windows\System32\OgLqHAE.exe
  2⤵
  PID:12368
- C:\Windows\System32\BMruPpn.exe
  C:\Windows\System32\BMruPpn.exe
  2⤵
  PID:12308
- C:\Windows\System32\OeLcMaJ.exe
  C:\Windows\System32\OeLcMaJ.exe
  2⤵
  PID:12432
- C:\Windows\System32\vHHKwVn.exe
  C:\Windows\System32\vHHKwVn.exe
  2⤵
  PID:12508
- C:\Windows\System32\mNDYvQC.exe
  C:\Windows\System32\mNDYvQC.exe
  2⤵
  PID:12576
- C:\Windows\System32\NglRTXH.exe
  C:\Windows\System32\NglRTXH.exe
  2⤵
  PID:12648
- C:\Windows\System32\qxrWkuk.exe
  C:\Windows\System32\qxrWkuk.exe
  2⤵
  PID:12712
- C:\Windows\System32\maZFWec.exe
  C:\Windows\System32\maZFWec.exe
  2⤵
  PID:12772
- C:\Windows\System32\TRJLWZX.exe
  C:\Windows\System32\TRJLWZX.exe
  2⤵
  PID:12852
- C:\Windows\System32\IhuGroV.exe
  C:\Windows\System32\IhuGroV.exe
  2⤵
  PID:12912
- C:\Windows\System32\xJcmVtx.exe
  C:\Windows\System32\xJcmVtx.exe
  2⤵
  PID:12972
- C:\Windows\System32\nWGKRmj.exe
  C:\Windows\System32\nWGKRmj.exe
  2⤵
  PID:13048
- C:\Windows\System32\aCccxxR.exe
  C:\Windows\System32\aCccxxR.exe
  2⤵
  PID:13108
- C:\Windows\System32\VQHwVac.exe
  C:\Windows\System32\VQHwVac.exe
  2⤵
  PID:13168
- C:\Windows\System32\GqJKwVn.exe
  C:\Windows\System32\GqJKwVn.exe
  2⤵
  PID:13240
- C:\Windows\System32\VkqoWNj.exe
  C:\Windows\System32\VkqoWNj.exe
  2⤵
  PID:13308
- C:\Windows\System32\ZeYUXaq.exe
  C:\Windows\System32\ZeYUXaq.exe
  2⤵
  PID:11540
- C:\Windows\System32\BqLVyyn.exe
  C:\Windows\System32\BqLVyyn.exe
  2⤵
  PID:12316
- C:\Windows\System32\BCGXuAI.exe
  C:\Windows\System32\BCGXuAI.exe
  2⤵
  PID:12484
- C:\Windows\System32\VSagGHY.exe
  C:\Windows\System32\VSagGHY.exe
  2⤵
  PID:12440
- C:\Windows\System32\heyxCxX.exe
  C:\Windows\System32\heyxCxX.exe
  2⤵
  PID:12604
- C:\Windows\System32\dCwFJIi.exe
  C:\Windows\System32\dCwFJIi.exe
  2⤵
  PID:12760
- C:\Windows\System32\mvkxyGa.exe
  C:\Windows\System32\mvkxyGa.exe
  2⤵
  PID:12908
- C:\Windows\System32\CemktlZ.exe
  C:\Windows\System32\CemktlZ.exe
  2⤵
  PID:13072
- C:\Windows\System32\IUgLuxV.exe
  C:\Windows\System32\IUgLuxV.exe
  2⤵
  PID:13224
- C:\Windows\System32\LQeYhLV.exe
  C:\Windows\System32\LQeYhLV.exe
  2⤵
  PID:11512
- C:\Windows\System32\IbPcCQH.exe
  C:\Windows\System32\IbPcCQH.exe
  2⤵
  PID:12304

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

5.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.181.190.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1B76E3AD440465E61269F73145BF64AF; domain=.bing.com; expires=Mon, 07-Jul-2025 14:01:56 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61F84FD2698C4A50BAA0B441EF4C8185 Ref B: LON04EDGE0918 Ref C: 2024-06-12T14:01:56Z
date: Wed, 12 Jun 2024 14:01:55 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1B76E3AD440465E61269F73145BF64AF

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=vD0RnomuWVx1VGsRz-S1_A_eH7Cam0h6aodvBl-SalM; domain=.bing.com; expires=Mon, 07-Jul-2025 14:01:56 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 84F275E2B8A64604839D008807B8284B Ref B: LON04EDGE0918 Ref C: 2024-06-12T14:01:56Z
date: Wed, 12 Jun 2024 14:01:55 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1B76E3AD440465E61269F73145BF64AF; MSPTC=vD0RnomuWVx1VGsRz-S1_A_eH7Cam0h6aodvBl-SalM

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2F08A8AC9F1841589A0997CF1FA32F89 Ref B: LON04EDGE0918 Ref C: 2024-06-12T14:01:56Z
date: Wed, 12 Jun 2024 14:01:56 GMT
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.75:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=1B76E3AD440465E61269F73145BF64AF; MSPTC=vD0RnomuWVx1VGsRz-S1_A_eH7Cam0h6aodvBl-SalM
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Wed, 12 Jun 2024 14:01:59 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.473d3e17.1718200919.18401af2
DNS

75.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.61.62.23.in-addr.arpa

IN PTR

Response

75.61.62.23.in-addr.arpa

IN PTR

a23-62-61-75deploystaticakamaitechnologiescom
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

138.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.107.17.2.in-addr.arpa

IN PTR

Response

138.107.17.2.in-addr.arpa

IN PTR

a2-17-107-138deploystaticakamaitechnologiescom
DNS

203.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.107.17.2.in-addr.arpa

IN PTR

Response

203.107.17.2.in-addr.arpa

IN PTR

a2-17-107-203deploystaticakamaitechnologiescom

204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid=

tls, http2

2.0kB
9.2kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=371d68ea285f4124b90ead35e23a23e4&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&anid=

HTTP Response

204
23.62.61.75:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.5kB
6.4kB
16
12

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

5.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

5.181.190.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

75.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

75.61.62.23.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

138.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

138.107.17.2.in-addr.arpa
8.8.8.8:53

203.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

203.107.17.2.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ABdWhEt.exe

Filesize
3.1MB

MD5
ed211f3bc3f36e16cb5c9589c33ad895

SHA1
b9f140aab25fcc39243878c592a57330db360b2a

SHA256
b0853069f9e58b9d3a675a7fd9d5258240e27ffa375629469cce813a377345e8

SHA512
0bd0444fede42bd4d397dd374d79921d130d1e8daa182e7ffe64b3886aed847ade70a88c9a893d4c50a9f44d802bf2b23bd8b2a6bd73b194bf857ce8e7ee3cdd

Download Submit
C:\Windows\System32\DUFAgqq.exe

Filesize
3.1MB

MD5
8e397968d53574d71ea9ec34084b8231

SHA1
5d916026e077c903d858e417bc5956f50ba5b700

SHA256
bd34ff98e8da1f496f8b70253f4c452ed2d7a8a6b5d12a534aa21f824a9d058d

SHA512
89063568e6b1d781d7517800f02345d2c6496b3d0a526e6044b1574e4d25a449581594c740053043b55b3cac92a6c57b8e8c5a596123cacc8f462d895c812d3b

Download Submit
C:\Windows\System32\EzcxLuM.exe

Filesize
3.1MB

MD5
61975e0d155a95ae07ead6be82f0e256

SHA1
0a54cff270e0914e17f09cf3c6a2d021ba182175

SHA256
34878e68d164838f4aad9aaf520a4831eedc041aec9043a4042f3113a42d8f72

SHA512
0e64a09c47b0fdfc99e11d64f04790ce8e499f68d5fdaceaf92c7f48e0b5e5ccd72e4fd5fbc24657c53965b402b72799afe8d50aa302783acf159bcbb3963547

Download Submit
C:\Windows\System32\FuiuUzr.exe

Filesize
3.1MB

MD5
39810ba65a57f6422d33543861fa35e9

SHA1
56b612103f9a07840807bf8908c0c4cd3a135fb7

SHA256
98161f92bb53a486b9fd840ea3f7d4d48e69e8a8c6f72ac65ccfa3648fb0ee3c

SHA512
23c4a873d09f957d3d041a630e8990e83428e06f9dde1e803b1e73d3d46e57468f4519d78290e67a8adaee0c9ba4eacf8316285821f68c382138f448bb844394

Download Submit
C:\Windows\System32\HKLcRAI.exe

Filesize
3.1MB

MD5
f07bd053286195ad6127707632215556

SHA1
610b350511e6ef73fdc19ef750cb96f55fea3f58

SHA256
81ab2b31cb40e9169b66425f9120918cdd2a50f1be16ef899c95f66411512054

SHA512
0b46902c6a75b9f708b17d9948ee8ca91481fdbc5f4efa2b886ea9896828e9c4e2071e0ce558b296ad21675748c8b15f708ef7f783da90c739fe1ea0e3d11a37

Download Submit
C:\Windows\System32\IukDqNg.exe

Filesize
3.1MB

MD5
32884c3c3f1ebc757136aa47b1ba958f

SHA1
411e1e2ec9421e4e09fb31458f872859bcd13960

SHA256
3247bf912fbf528633e047bac618cbc9f4e86ab434d5d37ec5b5d0c1a1bb4ed4

SHA512
aec28450d56ad1af91dc61f5e16dc17192549c4e73312afc9e22c5d39735c1fe0c5395566a9d6c0c6439a10b34f54027c99803adfc67ceb314e9377805ca7ce3

Download Submit
C:\Windows\System32\JWkwLEn.exe

Filesize
3.1MB

MD5
422aef08feebfdebe711e3e88bb42f17

SHA1
7cf97a07eeaa6912d9bb94c24140f0965ae84d81

SHA256
21687e1b9b6dd63aee44055a142b771ef726f2da3ae01a05f825459a1b040eaf

SHA512
921a27de84308457d7ca019fe619f23cb313752415b5f7fe1ee8872d8228db5a410e1e4e2d9806a3c3a9d5969e599af315f6c2cbb379afadfe9e90887b49d699

Download Submit
C:\Windows\System32\LRAnYdA.exe

Filesize
3.1MB

MD5
aadd0375d1dc54b723eedb5596292ba8

SHA1
253eeae7cf7467ba221ce00cbb69252f63a96ca8

SHA256
4ead6f3506f8b1854890ed15a24c4752faab6fc899aadd53018818a9132dcfc5

SHA512
f46ad72e1b3173522a5ba7f47d09bb421cddd1c1e45476da89c7b68986b683e929fd8fd47edde230a7b339565a72953617fa994b4d7a3b14c9e8deb6b83c1b92

Download Submit
C:\Windows\System32\LtzVLmH.exe

Filesize
3.1MB

MD5
0c232f41b286068c7a8c36e562dc0120

SHA1
91269751cfa9d4f7a362f0bb5a30cf513ce4ab04

SHA256
8059875d211da5ff389a8d9a71834e48a4c1e5cac9ab15b1bd67c0e1ec8dc230

SHA512
78eab266cc86b95193143e86febcd6fc56d91cbf02fc97a0f6ce520b4c65d3c826713812c51d3e87fb02a28f7a719c93532a9e3ddcc87ac2b221eafc1f4b021d

Download Submit
C:\Windows\System32\MOynsLl.exe

Filesize
3.1MB

MD5
7aa3c2cb826d2a242b3fb8f3a5c3d4b4

SHA1
28f19d6408ad7ff6331af14e9e535f4805a9d8fc

SHA256
09af8b9e38fcb5eadc273312ba4a1914fb7724b9e60f3c1ec39dcef803e9bbe4

SHA512
af68a3b8b6a0c10356a62a698273ea44d667e91033c203c2949fdaf0ec396ed2d91bf176b5ce4a428e439ea02c46f24c0fe8938a0798e69ff10a3c32130d648a

Download Submit
C:\Windows\System32\NETulmp.exe

Filesize
3.1MB

MD5
b3aeedae3820e6e4fc0930f45c8f4719

SHA1
46268ea32b700f3f64973fb079b81145d3e9b778

SHA256
d0e4bca50ada1441c4dd962e6eb05b66f108eb1c824a654298dec53d3e519055

SHA512
76d6ad4b85d9b00b84b674b6fc96bccd9c8f223cf64b43697182651510a78ffc279a31ed2f0f92a23a4f87ae9e2f8c81520ddf0c7bb6cc6969795088e8a3442a

Download Submit
C:\Windows\System32\OheGXQL.exe

Filesize
3.1MB

MD5
7a4b0be9c993104b4b9a2ab4a7fa640b

SHA1
e91d07e879a6d9f6aa0ddb6cfa5b832ac31377e1

SHA256
fa66f13b8761ec8b28079e6eeaa103c4e92067403e85f2cc0798fcce048f71c1

SHA512
485b8bfb9fa537f7bda880c3afe20a952f0a618d675f8ad1172c2d9ce3473698fab01e8ea357211a1d7964df86e1d2af09094a05c070ea70245087494a114e34

Download Submit
C:\Windows\System32\SyPvwHV.exe

Filesize
3.1MB

MD5
d18f4aa413e5641600d4b3b8fc632328

SHA1
b23bbb47f85a71d51fd7d70b48e4f59cac422898

SHA256
ed7dbed40b24aef6fcd936fc1f94abc7ab3625393e4d553bb78c7c80eadb4e52

SHA512
71ed58f9717a0f2c6b639e1ba073956232e97e029ac13f43d6eb1601771b5e953ce047c2f403073c6b312f5df997ed7b11a905c37bb392f07b8bc565947d7023

Download Submit
C:\Windows\System32\YRgVZHB.exe

Filesize
3.1MB

MD5
95d31d20dc2293a12d59e0bd0dcef62c

SHA1
db4a2c1e0ced9e24624d6b81933b42702e198811

SHA256
632bf0cb1e105a1857226a260e3c27aaedb55c3d163900a6c7fcc5368003d8d5

SHA512
c4326252ab8ac8c2235ff64419e17bf73cbc9812e927022f4c696be1a402b377fffe502342891a1e718cb223bbc1f0e0ea50ea46ac1af69c4748bb039dcf72e7

Download Submit
C:\Windows\System32\ZdpIPIv.exe

Filesize
3.1MB

MD5
2effcd0eae64cb2e9e8658171da2fd88

SHA1
3c7b50a96a9050cccc74e5dc95d7a2143a0aaebf

SHA256
c46227b65afaabff17c469c2eac485a68277ba2df8e997c01b1d3def558e79d5

SHA512
d877c83794d3b5b77c5917aa51f582c5584f3badae905b6f81cf7fd8a18f00e7e4c9175420ac15269301964273aa45ae01c49d89b44b7f6641aeb2754d7e4927

Download Submit
C:\Windows\System32\alJbzIl.exe

Filesize
3.1MB

MD5
30acdfb878f285223720f6cff44f0945

SHA1
fe5f3962109eb483231f52993f8d87acd96b14b4

SHA256
a0c8bfac50cc71970f012bd2de05171298c8c98f0c9aa89c003d80d4c79e4bb7

SHA512
a39897b9cd416eeafcdf39cc8ca88ecd41ba5b1d7c18423f158961e585b5586b574b864b10014b0d8792ba5e54cd9f34df63110b5dabefb6ec0711600b823155

Download Submit
C:\Windows\System32\cqjEstz.exe

Filesize
3.1MB

MD5
5a1a439b5a16fe3ca3d58faaa29e4f8b

SHA1
9b88254417c2d1b11a52f1b87fe6bd237b06e8b1

SHA256
c949912ba85502aaddd397d5689255043d0fe992e89985fb5b4203313e1038ba

SHA512
ee3b8a6ddc60c18ce0d30aa1bc67ec236fcf01340feb5dfd92526234c24078bda71b4820e86a3dd3533e0c7102d299964f6c29543ad41647c3b44941ceda95a4

Download Submit
C:\Windows\System32\daLglJM.exe

Filesize
3.1MB

MD5
a41382e9af0ea87f3e6f819ed8167646

SHA1
686bba827ed943c8295fc0dce1451bc0c9917db0

SHA256
053f93fbe8095377afca070eb8516cc93b7c7e8dddabe03b45e5e83076928ad1

SHA512
9bf819516361f5fa6efb56ad6d5080c59ca7d57083e78116bb8002fd6f4659f1988bf73069d495827fa8207e19f067b080d509cfcec3fe565c6b27d38812157f

Download Submit
C:\Windows\System32\gLPVEyX.exe

Filesize
3.1MB

MD5
4b905b7ae0d359beeba6b529728c4902

SHA1
fcccac2116483befe51c81d21c40d8ff5a0b3a17

SHA256
06efa2cd50377de8c379d0f0259ada8b0c70dd0661ef413808d8508844436243

SHA512
90bb5d0694df06d935738cce29cc29188feac5668b4ce9f00a653266e6f28d14596de027440e398de06572a1c835841cc5c87a9cb1b42b551d1e74371cb5c6bb

Download Submit
C:\Windows\System32\jDXyIRB.exe

Filesize
3.1MB

MD5
3c36e1df76e592a1faf0559047c2c193

SHA1
023c546cb1ff00d58e368a3816e3d185fd96e7ea

SHA256
f2b28d5e8b9b177e97b544634a1cfaaa7a907948e2cf385e0d9f48b33e3a429f

SHA512
4dbd36a1f47443a877fbf673f21744efe7fd6a910053e0d54a513f6b1dd829deec96872eca5ae7a5f8c8aee544af7592ea0aa18321e70ec84092ad525324314b

Download Submit
C:\Windows\System32\kfAKpwD.exe

Filesize
3.1MB

MD5
2b75deee8477d69e7557122d113c0643

SHA1
c20ca68ad0344ab738bcb15184ce3b9d1c7ffea8

SHA256
e24f318182160399d94e91fd07c36807ba4f5ed2559b2cda969223dd2c42e6af

SHA512
f117cf14c2cb182a6f946921d4e88dee796dddaaec15aa89cbc0ba349f885ce2423cc2659c5ab39f14ee4efd9422770233834473e4f5a6fc10a85b62d46e6c13

Download Submit
C:\Windows\System32\klZkZhB.exe

Filesize
3.1MB

MD5
1aae91c7bb2d058d88acce5dd0c4268b

SHA1
a234480871d239424e969c32b53b19e87e3a5c4d

SHA256
6fc0ffc8f80ba0a3d9c01a33ae4a4f58ce6c49a0e422c77ac86fefa377c53b1f

SHA512
3c46183a442b67d21abb255f8966171673a04913799a4126f0169a7df840f100349e29685058354d8776a015621bcc5e631c1111fcb6802708813a3f5910ecd1

Download Submit
C:\Windows\System32\nTMfhTU.exe

Filesize
3.1MB

MD5
d5ffec014757c2c390e8c19c1d2b2138

SHA1
0fc6e07a33270babd7c38814392469fa57b2cdf4

SHA256
21f5ea7acb606a24390cec60e7d2071d356da8c925a2b21fdc34d7613645a542

SHA512
13fc124a55a113fd5554961d1a78b161998f8aee45d92de86bea4b02c730a70f7782899f37b35d771cdfe76b70165adc905b0fd16079529edaf2a645bbb050d8

Download Submit
C:\Windows\System32\osgffIi.exe

Filesize
3.1MB

MD5
2526ccb109074d5233441882b8c9455d

SHA1
c8391a463f6b44a6ac0477bd4b0a925bd8439f6e

SHA256
0e094d4e563f564a1b0e780b546e406a5f9b3e646deea2a8b717faf7d9eca3b1

SHA512
3767774b2c7be4afe6398e344fecdb1c6cf3111f977ece1639c308e036887bf94c3d589c4ebb9d44d84502de627e0154adc694ec74d2675629137b61af60ce35

Download Submit
C:\Windows\System32\poliVpq.exe

Filesize
3.1MB

MD5
abe0d5af1c108052561f7fb6198ba428

SHA1
99bbe2ff5a7bcfc27195275f303fdfc656f1cd11

SHA256
4d10eac8c74ae3e1c18f3b77cafa8ad0124aba17ab91600dde2229bc30c44966

SHA512
5417f15bfdb0ceb6fde620316005468818f57b8f73a117d478b88911b8b694584de13882965af5a584d5b13f5499cbc8c486273288c0d8cbfae15df0b5ecc370

Download Submit
C:\Windows\System32\pqeiaGX.exe

Filesize
3.1MB

MD5
3c59761c41d72143cde507e32e309e3a

SHA1
3b85b222185597bfcadd45c8938b586839a8ca43

SHA256
ffb75e32ef517c99c42b326476f6f06e6e6486bc9172c68d97843bed750bf558

SHA512
4607e9f30384995542b01d0394d004d874152ab821391ae43343573b7d4034faaf075cd83db2355dfcb6e52d02afa63b55525f7947658d0a6fafd2b954066e71

Download Submit
C:\Windows\System32\uJUAXEk.exe

Filesize
3.1MB

MD5
4536e0ce1805e3466d8fd9aea6d4a044

SHA1
d2ba770013dd50ff8b45284b156828dd7ba3982c

SHA256
97f7671196d7f96d569b0f8733ecaef40a49fb4ded3dfbbf875110317e208d68

SHA512
5585845c3afcea1e79fd6a833d77e1b8722d408ad1ccd63a01d1160af1196acbdfce690aa4e62bfd5abea37e3784c61ad9adc6618272454b5f40bd63b91781b6

Download Submit
C:\Windows\System32\uKRyXRK.exe

Filesize
3.1MB

MD5
04cce5c45517d48409d24dcec00f1669

SHA1
67f5b20979962ff4609493f823577ec7774b97d0

SHA256
9a029773aa8190ffcc542cf32fbe944d795ef41e8564913479b08fb6bcf40018

SHA512
1f8c7c385bc501fd4192f26099d8029faa7a7dfea36f444f08ed9d3a207000e17ae03bbe583bbb6796755116ee127aadf06fe046438068d1d1460ed43924cd68

Download Submit
C:\Windows\System32\vEjMigU.exe

Filesize
3.1MB

MD5
eadbad774b1cb831654ed2d7e5ccfbf2

SHA1
4cae983e8dcfcca11430961f85d929e86bb59649

SHA256
5f877a9b576ba12f175348a3bcdf73b7d48fa1e65ce7a4af50de6ce16b02fca7

SHA512
caa431e401b74995f961238f3fd0766851b42f79356bb60912eb8e2a6d28de32a7158552a9c250902800eac6df977e635e65688ca143a356c12390ee04aeedb7

Download Submit
C:\Windows\System32\wMGRdql.exe

Filesize
3.1MB

MD5
d0422af3699c46501879494afba204c2

SHA1
f00a2f744f9692eb5c6aa443eeb037dcc2786fd5

SHA256
b71fa9cfe5bfacc8810cbbe2b2864396d84d674836537e7d48c900ad5d984dac

SHA512
27915d382a3e09b49029473d36e9f0b9517c72ea5b49589df1c1fa83e4b7ca93f1edd07699c279b80ec147523e866ab76b5276fa6b86d18d83fe0ae115cb9560

Download Submit
C:\Windows\System32\yeopwCX.exe

Filesize
3.1MB

MD5
de366b91dc1dcf4a6c99f7310ea6b727

SHA1
87274f6e0cc364b414f970270999995ab49de5f6

SHA256
f88d0fd08d3a7ac1720adf05fbe126e3d1ed1b511259fafcae11d1085db94214

SHA512
56ea93dcb7daf78a16aaf7110f1dbc50af544c74532c7e0ae0dfbdf08bfcbbf4c96916d376a0a988d939252be3450c72d0d601b19053c22f1665eeed227b73f6

Download Submit
C:\Windows\System32\yzcTIlD.exe

Filesize
3.1MB

MD5
d8b16c0a1a97838feee9690ffdffc6db

SHA1
52ffbfeb9af2fd50d33bd93fc6508d396bfc1cd3

SHA256
6fcb6db88e0cd4a8c6baea5d0012932c7130a64a5bfe170acf18aabafeb5e668

SHA512
635cab988fec76a797ec822a71a56c7b357e915f6d584ea7ac64bbd745d5cff17dc86e90192d29c250f26a08ac6b1840cee5ec8fe15d04c97aff2b7eeb8a86b9

Download Submit
memory/216-46-0x00007FF786D60000-0x00007FF787155000-memory.dmp

Filesize
4.0MB

Download
memory/216-1995-0x00007FF786D60000-0x00007FF787155000-memory.dmp

Filesize
4.0MB

Download
memory/936-54-0x00007FF6C6DE0000-0x00007FF6C71D5000-memory.dmp

Filesize
4.0MB

Download
memory/936-1998-0x00007FF6C6DE0000-0x00007FF6C71D5000-memory.dmp

Filesize
4.0MB

Download
memory/1276-70-0x00007FF6C2EF0000-0x00007FF6C32E5000-memory.dmp

Filesize
4.0MB

Download
memory/1276-1999-0x00007FF6C2EF0000-0x00007FF6C32E5000-memory.dmp

Filesize
4.0MB

Download
memory/1540-1996-0x00007FF789DD0000-0x00007FF78A1C5000-memory.dmp

Filesize
4.0MB

Download
memory/1540-38-0x00007FF789DD0000-0x00007FF78A1C5000-memory.dmp

Filesize
4.0MB

Download
memory/1540-1297-0x00007FF789DD0000-0x00007FF78A1C5000-memory.dmp

Filesize
4.0MB

Download
memory/1788-2007-0x00007FF7393C0000-0x00007FF7397B5000-memory.dmp

Filesize
4.0MB

Download
memory/1788-666-0x00007FF7393C0000-0x00007FF7397B5000-memory.dmp

Filesize
4.0MB

Download
memory/1804-2005-0x00007FF6F8260000-0x00007FF6F8655000-memory.dmp

Filesize
4.0MB

Download
memory/1804-657-0x00007FF6F8260000-0x00007FF6F8655000-memory.dmp

Filesize
4.0MB

Download
memory/1904-71-0x00007FF668D20000-0x00007FF669115000-memory.dmp

Filesize
4.0MB

Download
memory/1904-10-0x00007FF668D20000-0x00007FF669115000-memory.dmp

Filesize
4.0MB

Download
memory/1904-1990-0x00007FF668D20000-0x00007FF669115000-memory.dmp

Filesize
4.0MB

Download
memory/2096-660-0x00007FF733F20000-0x00007FF734315000-memory.dmp

Filesize
4.0MB

Download
memory/2096-2008-0x00007FF733F20000-0x00007FF734315000-memory.dmp

Filesize
4.0MB

Download
memory/2480-1991-0x00007FF6599A0000-0x00007FF659D95000-memory.dmp

Filesize
4.0MB

Download
memory/2480-14-0x00007FF6599A0000-0x00007FF659D95000-memory.dmp

Filesize
4.0MB

Download
memory/2500-2013-0x00007FF6AEB60000-0x00007FF6AEF55000-memory.dmp

Filesize
4.0MB

Download
memory/2500-672-0x00007FF6AEB60000-0x00007FF6AEF55000-memory.dmp

Filesize
4.0MB

Download
memory/2640-677-0x00007FF7A5E90000-0x00007FF7A6285000-memory.dmp

Filesize
4.0MB

Download
memory/2640-2003-0x00007FF7A5E90000-0x00007FF7A6285000-memory.dmp

Filesize
4.0MB

Download
memory/2664-2004-0x00007FF699AC0000-0x00007FF699EB5000-memory.dmp

Filesize
4.0MB

Download
memory/2664-649-0x00007FF699AC0000-0x00007FF699EB5000-memory.dmp

Filesize
4.0MB

Download
memory/2664-1988-0x00007FF699AC0000-0x00007FF699EB5000-memory.dmp

Filesize
4.0MB

Download
memory/3100-53-0x00007FF62EEB0000-0x00007FF62F2A5000-memory.dmp

Filesize
4.0MB

Download
memory/3100-1997-0x00007FF62EEB0000-0x00007FF62F2A5000-memory.dmp

Filesize
4.0MB

Download
memory/3108-81-0x00007FF63C870000-0x00007FF63CC65000-memory.dmp

Filesize
4.0MB

Download
memory/3108-1987-0x00007FF63C870000-0x00007FF63CC65000-memory.dmp

Filesize
4.0MB

Download
memory/3108-2002-0x00007FF63C870000-0x00007FF63CC65000-memory.dmp

Filesize
4.0MB

Download
memory/3288-669-0x00007FF6E8FF0000-0x00007FF6E93E5000-memory.dmp

Filesize
4.0MB

Download
memory/3288-2009-0x00007FF6E8FF0000-0x00007FF6E93E5000-memory.dmp

Filesize
4.0MB

Download
memory/3396-2010-0x00007FF7FDDA0000-0x00007FF7FE195000-memory.dmp

Filesize
4.0MB

Download
memory/3396-653-0x00007FF7FDDA0000-0x00007FF7FE195000-memory.dmp

Filesize
4.0MB

Download
memory/3616-2011-0x00007FF7A22D0000-0x00007FF7A26C5000-memory.dmp

Filesize
4.0MB

Download
memory/3616-652-0x00007FF7A22D0000-0x00007FF7A26C5000-memory.dmp

Filesize
4.0MB

Download
memory/3724-2012-0x00007FF7DFB60000-0x00007FF7DFF55000-memory.dmp

Filesize
4.0MB

Download
memory/3724-651-0x00007FF7DFB60000-0x00007FF7DFF55000-memory.dmp

Filesize
4.0MB

Download
memory/4180-32-0x00007FF727220000-0x00007FF727615000-memory.dmp

Filesize
4.0MB

Download
memory/4180-1994-0x00007FF727220000-0x00007FF727615000-memory.dmp

Filesize
4.0MB

Download
memory/4216-2000-0x00007FF7CB100000-0x00007FF7CB4F5000-memory.dmp

Filesize
4.0MB

Download
memory/4216-76-0x00007FF7CB100000-0x00007FF7CB4F5000-memory.dmp

Filesize
4.0MB

Download
memory/4508-86-0x00007FF645390000-0x00007FF645785000-memory.dmp

Filesize
4.0MB

Download
memory/4508-19-0x00007FF645390000-0x00007FF645785000-memory.dmp

Filesize
4.0MB

Download
memory/4508-1992-0x00007FF645390000-0x00007FF645785000-memory.dmp

Filesize
4.0MB

Download
memory/4740-0-0x00007FF784420000-0x00007FF784815000-memory.dmp

Filesize
4.0MB

Download
memory/4740-1989-0x00007FF784420000-0x00007FF784815000-memory.dmp

Filesize
4.0MB

Download
memory/4740-62-0x00007FF784420000-0x00007FF784815000-memory.dmp

Filesize
4.0MB

Download
memory/4740-1-0x000001D81BE70000-0x000001D81BE80000-memory.dmp

Filesize
64KB

Download
memory/4848-2001-0x00007FF70CCA0000-0x00007FF70D095000-memory.dmp

Filesize
4.0MB

Download
memory/4848-79-0x00007FF70CCA0000-0x00007FF70D095000-memory.dmp

Filesize
4.0MB

Download
memory/4848-1986-0x00007FF70CCA0000-0x00007FF70D095000-memory.dmp

Filesize
4.0MB

Download
memory/4876-27-0x00007FF7E56B0000-0x00007FF7E5AA5000-memory.dmp

Filesize
4.0MB

Download
memory/4876-1993-0x00007FF7E56B0000-0x00007FF7E5AA5000-memory.dmp

Filesize
4.0MB

Download
memory/4876-679-0x00007FF7E56B0000-0x00007FF7E5AA5000-memory.dmp

Filesize
4.0MB

Download
memory/5112-656-0x00007FF631150000-0x00007FF631545000-memory.dmp

Filesize
4.0MB

Download
memory/5112-2006-0x00007FF631150000-0x00007FF631545000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.