xmrig | 63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
Size

1.2MB
MD5

397ee092ca61954a7189cdf98f8d5250
SHA1

5118bda454ef0e48bc53b048cc752a9e978fd95c
SHA256

63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d
SHA512

8a2614f85034553b6aad685d50c4e2b2176bcdd5c237b2126aa6f4a774c86616ad34cd21eb5ccca9936a823c49dd8541d1905817f0f3dd7bb12cef58ad912786
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlOqzJO0Rb8bodJj8RNY8:knw9oUUEEDlOuJPHjkD

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/3656-90-0x00007FF7E70B0000-0x00007FF7E74A1000-memory.dmp	xmrig
behavioral2/memory/5064-379-0x00007FF659410000-0x00007FF659801000-memory.dmp	xmrig
behavioral2/memory/868-381-0x00007FF7011D0000-0x00007FF7015C1000-memory.dmp	xmrig
behavioral2/memory/2328-89-0x00007FF78B830000-0x00007FF78BC21000-memory.dmp	xmrig
behavioral2/memory/4768-84-0x00007FF783DC0000-0x00007FF7841B1000-memory.dmp	xmrig
behavioral2/memory/1404-69-0x00007FF7BA160000-0x00007FF7BA551000-memory.dmp	xmrig
behavioral2/memory/1964-9-0x00007FF7FBE50000-0x00007FF7FC241000-memory.dmp	xmrig
behavioral2/memory/2856-386-0x00007FF6BF990000-0x00007FF6BFD81000-memory.dmp	xmrig
behavioral2/memory/888-393-0x00007FF7AE0D0000-0x00007FF7AE4C1000-memory.dmp	xmrig
behavioral2/memory/5116-396-0x00007FF7445C0000-0x00007FF7449B1000-memory.dmp	xmrig
behavioral2/memory/1552-413-0x00007FF7DA4A0000-0x00007FF7DA891000-memory.dmp	xmrig
behavioral2/memory/2396-416-0x00007FF7AA8E0000-0x00007FF7AACD1000-memory.dmp	xmrig
behavioral2/memory/2256-411-0x00007FF7FE530000-0x00007FF7FE921000-memory.dmp	xmrig
behavioral2/memory/2156-401-0x00007FF7946C0000-0x00007FF794AB1000-memory.dmp	xmrig
behavioral2/memory/1844-395-0x00007FF65BFD0000-0x00007FF65C3C1000-memory.dmp	xmrig
behavioral2/memory/2336-1975-0x00007FF6DBFF0000-0x00007FF6DC3E1000-memory.dmp	xmrig
behavioral2/memory/4348-1976-0x00007FF6DDE10000-0x00007FF6DE201000-memory.dmp	xmrig
behavioral2/memory/1200-1977-0x00007FF6DA030000-0x00007FF6DA421000-memory.dmp	xmrig
behavioral2/memory/4032-1978-0x00007FF62DAD0000-0x00007FF62DEC1000-memory.dmp	xmrig
behavioral2/memory/1668-1980-0x00007FF7DD860000-0x00007FF7DDC51000-memory.dmp	xmrig
behavioral2/memory/4276-1979-0x00007FF7EB890000-0x00007FF7EBC81000-memory.dmp	xmrig
behavioral2/memory/3396-2014-0x00007FF63F490000-0x00007FF63F881000-memory.dmp	xmrig
behavioral2/memory/4888-2013-0x00007FF656D90000-0x00007FF657181000-memory.dmp	xmrig
behavioral2/memory/2176-2015-0x00007FF7E69A0000-0x00007FF7E6D91000-memory.dmp	xmrig
behavioral2/memory/1584-2016-0x00007FF6E1F40000-0x00007FF6E2331000-memory.dmp	xmrig
behavioral2/memory/1964-2025-0x00007FF7FBE50000-0x00007FF7FC241000-memory.dmp	xmrig
behavioral2/memory/4348-2027-0x00007FF6DDE10000-0x00007FF6DE201000-memory.dmp	xmrig
behavioral2/memory/1200-2029-0x00007FF6DA030000-0x00007FF6DA421000-memory.dmp	xmrig
behavioral2/memory/4888-2031-0x00007FF656D90000-0x00007FF657181000-memory.dmp	xmrig
behavioral2/memory/4032-2033-0x00007FF62DAD0000-0x00007FF62DEC1000-memory.dmp	xmrig
behavioral2/memory/2328-2037-0x00007FF78B830000-0x00007FF78BC21000-memory.dmp	xmrig
behavioral2/memory/1404-2035-0x00007FF7BA160000-0x00007FF7BA551000-memory.dmp	xmrig
behavioral2/memory/868-2041-0x00007FF7011D0000-0x00007FF7015C1000-memory.dmp	xmrig
behavioral2/memory/4276-2053-0x00007FF7EB890000-0x00007FF7EBC81000-memory.dmp	xmrig
behavioral2/memory/1668-2051-0x00007FF7DD860000-0x00007FF7DDC51000-memory.dmp	xmrig
behavioral2/memory/5064-2049-0x00007FF659410000-0x00007FF659801000-memory.dmp	xmrig
behavioral2/memory/4768-2047-0x00007FF783DC0000-0x00007FF7841B1000-memory.dmp	xmrig
behavioral2/memory/3396-2039-0x00007FF63F490000-0x00007FF63F881000-memory.dmp	xmrig
behavioral2/memory/3656-2045-0x00007FF7E70B0000-0x00007FF7E74A1000-memory.dmp	xmrig
behavioral2/memory/1584-2043-0x00007FF6E1F40000-0x00007FF6E2331000-memory.dmp	xmrig
behavioral2/memory/1844-2063-0x00007FF65BFD0000-0x00007FF65C3C1000-memory.dmp	xmrig
behavioral2/memory/2156-2073-0x00007FF7946C0000-0x00007FF794AB1000-memory.dmp	xmrig
behavioral2/memory/2396-2069-0x00007FF7AA8E0000-0x00007FF7AACD1000-memory.dmp	xmrig
behavioral2/memory/2256-2071-0x00007FF7FE530000-0x00007FF7FE921000-memory.dmp	xmrig
behavioral2/memory/2176-2061-0x00007FF7E69A0000-0x00007FF7E6D91000-memory.dmp	xmrig
behavioral2/memory/1552-2059-0x00007FF7DA4A0000-0x00007FF7DA891000-memory.dmp	xmrig
behavioral2/memory/888-2066-0x00007FF7AE0D0000-0x00007FF7AE4C1000-memory.dmp	xmrig
behavioral2/memory/5116-2057-0x00007FF7445C0000-0x00007FF7449B1000-memory.dmp	xmrig
behavioral2/memory/2856-2055-0x00007FF6BF990000-0x00007FF6BFD81000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1964	hbsEoxo.exe
4348	meFPuZO.exe
4888	NTOYniJ.exe
1200	EOkPXwH.exe
2328	HIIjISM.exe
4032	mkskgxW.exe
1404	MYNSRMp.exe
3396	PTvCnGU.exe
4276	OrNOfvW.exe
3656	ZYgVmVF.exe
1668	bVGlRgY.exe
4768	qVIsyeJ.exe
1584	wyXeoNI.exe
5064	yVlwNko.exe
2176	tsFpcHz.exe
868	LHYkjKm.exe
1552	LTgUUEq.exe
2396	tkzcGIA.exe
2856	jETFyva.exe
888	CjQLoaU.exe
1844	ShRCfwg.exe
5116	DBGmVZT.exe
2156	GPNuDnW.exe
2256	MZBMqJe.exe
3164	zslAQPx.exe
2452	dKMphFc.exe
3672	NtYkoSK.exe
2408	blpdrTA.exe
556	iUoeKod.exe
3808	OVgmBZU.exe
4056	ePOffOp.exe
2592	rbeSgxZ.exe
1136	eiswTiR.exe
1696	KBzTwaf.exe
4968	PfcNvBb.exe
4452	VKPmGEG.exe
2596	QctAVsE.exe
4028	QDDQEeR.exe
4964	HqMvdTB.exe
316	HdUQeMd.exe
1912	oesoivK.exe
4156	OheaVNJ.exe
1464	FFRXWfN.exe
2612	HIAuXxq.exe
2972	bywcXlp.exe
4148	uOgSRss.exe
4404	yUnqBXY.exe
1644	ENKqbxW.exe
1040	RRJHnVn.exe
4980	xSWePaG.exe
4392	SYWpqQW.exe
4316	JixmIDt.exe
2728	wUIqPMR.exe
1484	VPaWdBt.exe
3452	XrcUGtn.exe
4360	kresako.exe
4556	HweeAJn.exe
512	XWzicxp.exe
3640	VomQXaL.exe
464	RRkXVbc.exe
3868	tMWrUtL.exe
3120	FDPWSXy.exe
1748	ltMUSwR.exe
4444	ILlAnvj.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2336-0-0x00007FF6DBFF0000-0x00007FF6DC3E1000-memory.dmp	upx
behavioral2/files/0x0006000000022f3f-4.dat	upx
behavioral2/files/0x000a0000000233ed-21.dat	upx
behavioral2/memory/4348-14-0x00007FF6DDE10000-0x00007FF6DE201000-memory.dmp	upx
behavioral2/files/0x0007000000023407-20.dat	upx
behavioral2/files/0x000700000002340a-30.dat	upx
behavioral2/files/0x0007000000023409-50.dat	upx
behavioral2/files/0x0007000000023408-55.dat	upx
behavioral2/files/0x000700000002340f-64.dat	upx
behavioral2/files/0x0007000000023413-72.dat	upx
behavioral2/files/0x0007000000023411-83.dat	upx
behavioral2/memory/2176-86-0x00007FF7E69A0000-0x00007FF7E6D91000-memory.dmp	upx
behavioral2/memory/3656-90-0x00007FF7E70B0000-0x00007FF7E74A1000-memory.dmp	upx
behavioral2/files/0x0007000000023416-106.dat	upx
behavioral2/files/0x0007000000023419-115.dat	upx
behavioral2/files/0x000700000002341a-131.dat	upx
behavioral2/files/0x000700000002341e-157.dat	upx
behavioral2/files/0x0007000000023421-172.dat	upx
behavioral2/memory/1584-369-0x00007FF6E1F40000-0x00007FF6E2331000-memory.dmp	upx
behavioral2/memory/5064-379-0x00007FF659410000-0x00007FF659801000-memory.dmp	upx
behavioral2/files/0x0007000000023422-175.dat	upx
behavioral2/files/0x0007000000023420-167.dat	upx
behavioral2/files/0x000700000002341f-162.dat	upx
behavioral2/files/0x000700000002341d-152.dat	upx
behavioral2/files/0x000700000002341c-147.dat	upx
behavioral2/files/0x000700000002341b-142.dat	upx
behavioral2/memory/868-381-0x00007FF7011D0000-0x00007FF7015C1000-memory.dmp	upx
behavioral2/files/0x00090000000233ee-129.dat	upx
behavioral2/files/0x0007000000023418-122.dat	upx
behavioral2/files/0x0007000000023415-118.dat	upx
behavioral2/files/0x0007000000023417-114.dat	upx
behavioral2/files/0x0007000000023414-110.dat	upx
behavioral2/files/0x0007000000023412-94.dat	upx
behavioral2/memory/2328-89-0x00007FF78B830000-0x00007FF78BC21000-memory.dmp	upx
behavioral2/files/0x0007000000023410-91.dat	upx
behavioral2/memory/4768-84-0x00007FF783DC0000-0x00007FF7841B1000-memory.dmp	upx
behavioral2/files/0x000700000002340b-80.dat	upx
behavioral2/files/0x000700000002340e-76.dat	upx
behavioral2/memory/1668-75-0x00007FF7DD860000-0x00007FF7DDC51000-memory.dmp	upx
behavioral2/memory/4276-74-0x00007FF7EB890000-0x00007FF7EBC81000-memory.dmp	upx
behavioral2/memory/3396-70-0x00007FF63F490000-0x00007FF63F881000-memory.dmp	upx
behavioral2/memory/1404-69-0x00007FF7BA160000-0x00007FF7BA551000-memory.dmp	upx
behavioral2/files/0x000700000002340c-63.dat	upx
behavioral2/files/0x000700000002340d-62.dat	upx
behavioral2/memory/4032-58-0x00007FF62DAD0000-0x00007FF62DEC1000-memory.dmp	upx
behavioral2/memory/1200-43-0x00007FF6DA030000-0x00007FF6DA421000-memory.dmp	upx
behavioral2/files/0x0007000000023406-40.dat	upx
behavioral2/memory/4888-28-0x00007FF656D90000-0x00007FF657181000-memory.dmp	upx
behavioral2/memory/1964-9-0x00007FF7FBE50000-0x00007FF7FC241000-memory.dmp	upx
behavioral2/memory/2856-386-0x00007FF6BF990000-0x00007FF6BFD81000-memory.dmp	upx
behavioral2/memory/888-393-0x00007FF7AE0D0000-0x00007FF7AE4C1000-memory.dmp	upx
behavioral2/memory/5116-396-0x00007FF7445C0000-0x00007FF7449B1000-memory.dmp	upx
behavioral2/memory/1552-413-0x00007FF7DA4A0000-0x00007FF7DA891000-memory.dmp	upx
behavioral2/memory/2396-416-0x00007FF7AA8E0000-0x00007FF7AACD1000-memory.dmp	upx
behavioral2/memory/2256-411-0x00007FF7FE530000-0x00007FF7FE921000-memory.dmp	upx
behavioral2/memory/2156-401-0x00007FF7946C0000-0x00007FF794AB1000-memory.dmp	upx
behavioral2/memory/1844-395-0x00007FF65BFD0000-0x00007FF65C3C1000-memory.dmp	upx
behavioral2/memory/2336-1975-0x00007FF6DBFF0000-0x00007FF6DC3E1000-memory.dmp	upx
behavioral2/memory/4348-1976-0x00007FF6DDE10000-0x00007FF6DE201000-memory.dmp	upx
behavioral2/memory/1200-1977-0x00007FF6DA030000-0x00007FF6DA421000-memory.dmp	upx
behavioral2/memory/4032-1978-0x00007FF62DAD0000-0x00007FF62DEC1000-memory.dmp	upx
behavioral2/memory/1668-1980-0x00007FF7DD860000-0x00007FF7DDC51000-memory.dmp	upx
behavioral2/memory/4276-1979-0x00007FF7EB890000-0x00007FF7EBC81000-memory.dmp	upx
behavioral2/memory/3396-2014-0x00007FF63F490000-0x00007FF63F881000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\GGPZQpt.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\czfVhSU.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\hHwJgNv.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\FgrrZZc.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\asjlcMA.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\DHbXwVT.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\GePbhnu.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\qPcZPaC.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\cMplCwB.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\XJmwgZb.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\jejqvVK.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\bVGlRgY.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\tMWrUtL.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\FDPWSXy.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\rUSCvyZ.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\VGxhxuN.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\alhgRIu.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\XQSYsCw.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\RiKQLVa.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\wzIOLMx.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\mksAuMq.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\VPaWdBt.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\YSstbUN.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\XymZqtn.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\cddTKwj.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\yMlNshT.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\rMbThva.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\diKPlPL.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\lEEzUam.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\jETFyva.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\uKcJcTb.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\HZEuhUi.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\MfzNCPC.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\gjLlVOy.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\uOgSRss.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\KEMzUpu.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\AbwIzKv.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\CBCHGbF.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\kFsdmjI.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\HozzktL.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\QUGGWDW.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\TghBRVq.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\kbvuzvr.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\OUBNmEH.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\PwVFlKo.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\rRDxiUd.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\fQPMqEZ.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\RjTZVsA.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\bQfXGUQ.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\qlYKiyu.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\mVnuBuq.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\JzSpSJI.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\EHUXkOF.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\PKIIvYP.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\zslAQPx.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\YrGnZOK.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\EeaEZkM.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\sKIITYK.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\XNlKbbT.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\HhMTYhk.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\GbRCueQ.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\ILlAnvj.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\FFyxpwc.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
File created	C:\Windows\System32\jSoqUFk.exe	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4924	dwm.exe
Token: SeChangeNotifyPrivilege	4924	dwm.exe
Token: 33	4924	dwm.exe
Token: SeIncBasePriorityPrivilege	4924	dwm.exe
Token: SeShutdownPrivilege	4924	dwm.exe
Token: SeCreatePagefilePrivilege	4924	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 1964	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	83
PID 2336 wrote to memory of 1964	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	83
PID 2336 wrote to memory of 4348	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	84
PID 2336 wrote to memory of 4348	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	84
PID 2336 wrote to memory of 4888	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	85
PID 2336 wrote to memory of 4888	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	85
PID 2336 wrote to memory of 1200	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	86
PID 2336 wrote to memory of 1200	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	86
PID 2336 wrote to memory of 1404	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	87
PID 2336 wrote to memory of 1404	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	87
PID 2336 wrote to memory of 2328	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	88
PID 2336 wrote to memory of 2328	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	88
PID 2336 wrote to memory of 4032	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	89
PID 2336 wrote to memory of 4032	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	89
PID 2336 wrote to memory of 3396	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	90
PID 2336 wrote to memory of 3396	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	90
PID 2336 wrote to memory of 4276	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	91
PID 2336 wrote to memory of 4276	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	91
PID 2336 wrote to memory of 3656	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	92
PID 2336 wrote to memory of 3656	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	92
PID 2336 wrote to memory of 4768	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	93
PID 2336 wrote to memory of 4768	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	93
PID 2336 wrote to memory of 1668	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	94
PID 2336 wrote to memory of 1668	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	94
PID 2336 wrote to memory of 1584	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	95
PID 2336 wrote to memory of 1584	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	95
PID 2336 wrote to memory of 868	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	96
PID 2336 wrote to memory of 868	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	96
PID 2336 wrote to memory of 5064	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	97
PID 2336 wrote to memory of 5064	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	97
PID 2336 wrote to memory of 2176	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	98
PID 2336 wrote to memory of 2176	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	98
PID 2336 wrote to memory of 1552	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	99
PID 2336 wrote to memory of 1552	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	99
PID 2336 wrote to memory of 2396	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	100
PID 2336 wrote to memory of 2396	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	100
PID 2336 wrote to memory of 2856	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	101
PID 2336 wrote to memory of 2856	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	101
PID 2336 wrote to memory of 888	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	102
PID 2336 wrote to memory of 888	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	102
PID 2336 wrote to memory of 1844	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	103
PID 2336 wrote to memory of 1844	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	103
PID 2336 wrote to memory of 5116	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	104
PID 2336 wrote to memory of 5116	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	104
PID 2336 wrote to memory of 2156	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	105
PID 2336 wrote to memory of 2156	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	105
PID 2336 wrote to memory of 2256	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	106
PID 2336 wrote to memory of 2256	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	106
PID 2336 wrote to memory of 3164	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	107
PID 2336 wrote to memory of 3164	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	107
PID 2336 wrote to memory of 2452	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	108
PID 2336 wrote to memory of 2452	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	108
PID 2336 wrote to memory of 3672	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	109
PID 2336 wrote to memory of 3672	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	109
PID 2336 wrote to memory of 2408	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	110
PID 2336 wrote to memory of 2408	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	110
PID 2336 wrote to memory of 556	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	111
PID 2336 wrote to memory of 556	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	111
PID 2336 wrote to memory of 3808	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	112
PID 2336 wrote to memory of 3808	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	112
PID 2336 wrote to memory of 4056	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	113
PID 2336 wrote to memory of 4056	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	113
PID 2336 wrote to memory of 2592	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	114
PID 2336 wrote to memory of 2592	2336	63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\63ed0e06352b6c761fc46d9c267695cee4ae549202772102945f6ba58d4b570d_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\System32\hbsEoxo.exe
  C:\Windows\System32\hbsEoxo.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System32\meFPuZO.exe
  C:\Windows\System32\meFPuZO.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System32\NTOYniJ.exe
  C:\Windows\System32\NTOYniJ.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System32\EOkPXwH.exe
  C:\Windows\System32\EOkPXwH.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System32\MYNSRMp.exe
  C:\Windows\System32\MYNSRMp.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System32\HIIjISM.exe
  C:\Windows\System32\HIIjISM.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System32\mkskgxW.exe
  C:\Windows\System32\mkskgxW.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System32\PTvCnGU.exe
  C:\Windows\System32\PTvCnGU.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System32\OrNOfvW.exe
  C:\Windows\System32\OrNOfvW.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System32\ZYgVmVF.exe
  C:\Windows\System32\ZYgVmVF.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System32\qVIsyeJ.exe
  C:\Windows\System32\qVIsyeJ.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System32\bVGlRgY.exe
  C:\Windows\System32\bVGlRgY.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System32\wyXeoNI.exe
  C:\Windows\System32\wyXeoNI.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System32\LHYkjKm.exe
  C:\Windows\System32\LHYkjKm.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System32\yVlwNko.exe
  C:\Windows\System32\yVlwNko.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System32\tsFpcHz.exe
  C:\Windows\System32\tsFpcHz.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System32\LTgUUEq.exe
  C:\Windows\System32\LTgUUEq.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System32\tkzcGIA.exe
  C:\Windows\System32\tkzcGIA.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System32\jETFyva.exe
  C:\Windows\System32\jETFyva.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System32\CjQLoaU.exe
  C:\Windows\System32\CjQLoaU.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System32\ShRCfwg.exe
  C:\Windows\System32\ShRCfwg.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System32\DBGmVZT.exe
  C:\Windows\System32\DBGmVZT.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System32\GPNuDnW.exe
  C:\Windows\System32\GPNuDnW.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System32\MZBMqJe.exe
  C:\Windows\System32\MZBMqJe.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System32\zslAQPx.exe
  C:\Windows\System32\zslAQPx.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System32\dKMphFc.exe
  C:\Windows\System32\dKMphFc.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System32\NtYkoSK.exe
  C:\Windows\System32\NtYkoSK.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System32\blpdrTA.exe
  C:\Windows\System32\blpdrTA.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System32\iUoeKod.exe
  C:\Windows\System32\iUoeKod.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System32\OVgmBZU.exe
  C:\Windows\System32\OVgmBZU.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System32\ePOffOp.exe
  C:\Windows\System32\ePOffOp.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System32\rbeSgxZ.exe
  C:\Windows\System32\rbeSgxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System32\eiswTiR.exe
  C:\Windows\System32\eiswTiR.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System32\KBzTwaf.exe
  C:\Windows\System32\KBzTwaf.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System32\PfcNvBb.exe
  C:\Windows\System32\PfcNvBb.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System32\VKPmGEG.exe
  C:\Windows\System32\VKPmGEG.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System32\QctAVsE.exe
  C:\Windows\System32\QctAVsE.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System32\QDDQEeR.exe
  C:\Windows\System32\QDDQEeR.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System32\HqMvdTB.exe
  C:\Windows\System32\HqMvdTB.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System32\HdUQeMd.exe
  C:\Windows\System32\HdUQeMd.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System32\oesoivK.exe
  C:\Windows\System32\oesoivK.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System32\OheaVNJ.exe
  C:\Windows\System32\OheaVNJ.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System32\FFRXWfN.exe
  C:\Windows\System32\FFRXWfN.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System32\HIAuXxq.exe
  C:\Windows\System32\HIAuXxq.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System32\bywcXlp.exe
  C:\Windows\System32\bywcXlp.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System32\uOgSRss.exe
  C:\Windows\System32\uOgSRss.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System32\yUnqBXY.exe
  C:\Windows\System32\yUnqBXY.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System32\ENKqbxW.exe
  C:\Windows\System32\ENKqbxW.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System32\RRJHnVn.exe
  C:\Windows\System32\RRJHnVn.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System32\xSWePaG.exe
  C:\Windows\System32\xSWePaG.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System32\SYWpqQW.exe
  C:\Windows\System32\SYWpqQW.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System32\JixmIDt.exe
  C:\Windows\System32\JixmIDt.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System32\wUIqPMR.exe
  C:\Windows\System32\wUIqPMR.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System32\VPaWdBt.exe
  C:\Windows\System32\VPaWdBt.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System32\XrcUGtn.exe
  C:\Windows\System32\XrcUGtn.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System32\kresako.exe
  C:\Windows\System32\kresako.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System32\HweeAJn.exe
  C:\Windows\System32\HweeAJn.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System32\XWzicxp.exe
  C:\Windows\System32\XWzicxp.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System32\VomQXaL.exe
  C:\Windows\System32\VomQXaL.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System32\RRkXVbc.exe
  C:\Windows\System32\RRkXVbc.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System32\tMWrUtL.exe
  C:\Windows\System32\tMWrUtL.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System32\FDPWSXy.exe
  C:\Windows\System32\FDPWSXy.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System32\ltMUSwR.exe
  C:\Windows\System32\ltMUSwR.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System32\ILlAnvj.exe
  C:\Windows\System32\ILlAnvj.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System32\YUuybgM.exe
  C:\Windows\System32\YUuybgM.exe
  2⤵
  PID:4164
- C:\Windows\System32\ksfIsyk.exe
  C:\Windows\System32\ksfIsyk.exe
  2⤵
  PID:4080
- C:\Windows\System32\uGgYhPt.exe
  C:\Windows\System32\uGgYhPt.exe
  2⤵
  PID:4992
- C:\Windows\System32\eUsQvsb.exe
  C:\Windows\System32\eUsQvsb.exe
  2⤵
  PID:2104
- C:\Windows\System32\FgrrZZc.exe
  C:\Windows\System32\FgrrZZc.exe
  2⤵
  PID:3440
- C:\Windows\System32\AtkPlPZ.exe
  C:\Windows\System32\AtkPlPZ.exe
  2⤵
  PID:2044
- C:\Windows\System32\YwNzuEI.exe
  C:\Windows\System32\YwNzuEI.exe
  2⤵
  PID:3076
- C:\Windows\System32\uxdJcHT.exe
  C:\Windows\System32\uxdJcHT.exe
  2⤵
  PID:4468
- C:\Windows\System32\YQbscBS.exe
  C:\Windows\System32\YQbscBS.exe
  2⤵
  PID:4476
- C:\Windows\System32\lAPIQSw.exe
  C:\Windows\System32\lAPIQSw.exe
  2⤵
  PID:1480
- C:\Windows\System32\NesiPaH.exe
  C:\Windows\System32\NesiPaH.exe
  2⤵
  PID:8
- C:\Windows\System32\OMbAwGO.exe
  C:\Windows\System32\OMbAwGO.exe
  2⤵
  PID:5032
- C:\Windows\System32\gvzEYIl.exe
  C:\Windows\System32\gvzEYIl.exe
  2⤵
  PID:3772
- C:\Windows\System32\WMvfVcS.exe
  C:\Windows\System32\WMvfVcS.exe
  2⤵
  PID:3712
- C:\Windows\System32\JrMkHoQ.exe
  C:\Windows\System32\JrMkHoQ.exe
  2⤵
  PID:3444
- C:\Windows\System32\GDzMMqq.exe
  C:\Windows\System32\GDzMMqq.exe
  2⤵
  PID:2992
- C:\Windows\System32\rTJGhFZ.exe
  C:\Windows\System32\rTJGhFZ.exe
  2⤵
  PID:3516
- C:\Windows\System32\NKBzftO.exe
  C:\Windows\System32\NKBzftO.exe
  2⤵
  PID:1712
- C:\Windows\System32\sWiwWKs.exe
  C:\Windows\System32\sWiwWKs.exe
  2⤵
  PID:2944
- C:\Windows\System32\bKdpPuV.exe
  C:\Windows\System32\bKdpPuV.exe
  2⤵
  PID:1804
- C:\Windows\System32\FVCYBEi.exe
  C:\Windows\System32\FVCYBEi.exe
  2⤵
  PID:3888
- C:\Windows\System32\SsJKAjH.exe
  C:\Windows\System32\SsJKAjH.exe
  2⤵
  PID:3488
- C:\Windows\System32\CmOtQMs.exe
  C:\Windows\System32\CmOtQMs.exe
  2⤵
  PID:2076
- C:\Windows\System32\ltmplWl.exe
  C:\Windows\System32\ltmplWl.exe
  2⤵
  PID:4456
- C:\Windows\System32\AObCwzS.exe
  C:\Windows\System32\AObCwzS.exe
  2⤵
  PID:1316
- C:\Windows\System32\MwTgHzw.exe
  C:\Windows\System32\MwTgHzw.exe
  2⤵
  PID:1820
- C:\Windows\System32\UtQdYnp.exe
  C:\Windows\System32\UtQdYnp.exe
  2⤵
  PID:2748
- C:\Windows\System32\UYmNtwO.exe
  C:\Windows\System32\UYmNtwO.exe
  2⤵
  PID:1492
- C:\Windows\System32\MCbCJPK.exe
  C:\Windows\System32\MCbCJPK.exe
  2⤵
  PID:4064
- C:\Windows\System32\cZfMapx.exe
  C:\Windows\System32\cZfMapx.exe
  2⤵
  PID:2016
- C:\Windows\System32\vFbTrLp.exe
  C:\Windows\System32\vFbTrLp.exe
  2⤵
  PID:2268
- C:\Windows\System32\ViOmamb.exe
  C:\Windows\System32\ViOmamb.exe
  2⤵
  PID:2284
- C:\Windows\System32\qDFbwHG.exe
  C:\Windows\System32\qDFbwHG.exe
  2⤵
  PID:624
- C:\Windows\System32\vfCxSdn.exe
  C:\Windows\System32\vfCxSdn.exe
  2⤵
  PID:1836
- C:\Windows\System32\OLmHJEZ.exe
  C:\Windows\System32\OLmHJEZ.exe
  2⤵
  PID:3492
- C:\Windows\System32\sMurMpS.exe
  C:\Windows\System32\sMurMpS.exe
  2⤵
  PID:3764
- C:\Windows\System32\ibnRiNn.exe
  C:\Windows\System32\ibnRiNn.exe
  2⤵
  PID:4548
- C:\Windows\System32\ewmQjET.exe
  C:\Windows\System32\ewmQjET.exe
  2⤵
  PID:2588
- C:\Windows\System32\kPOEbkO.exe
  C:\Windows\System32\kPOEbkO.exe
  2⤵
  PID:4332
- C:\Windows\System32\IMaNGTu.exe
  C:\Windows\System32\IMaNGTu.exe
  2⤵
  PID:3168
- C:\Windows\System32\ulEwDYO.exe
  C:\Windows\System32\ulEwDYO.exe
  2⤵
  PID:3588
- C:\Windows\System32\SwnBtyv.exe
  C:\Windows\System32\SwnBtyv.exe
  2⤵
  PID:4672
- C:\Windows\System32\uKcJcTb.exe
  C:\Windows\System32\uKcJcTb.exe
  2⤵
  PID:3740
- C:\Windows\System32\hgPIejD.exe
  C:\Windows\System32\hgPIejD.exe
  2⤵
  PID:5132
- C:\Windows\System32\RwwMPLn.exe
  C:\Windows\System32\RwwMPLn.exe
  2⤵
  PID:5152
- C:\Windows\System32\ABsXrNH.exe
  C:\Windows\System32\ABsXrNH.exe
  2⤵
  PID:5168
- C:\Windows\System32\rjlrBPJ.exe
  C:\Windows\System32\rjlrBPJ.exe
  2⤵
  PID:5184
- C:\Windows\System32\hnaEBXp.exe
  C:\Windows\System32\hnaEBXp.exe
  2⤵
  PID:5212
- C:\Windows\System32\fEhJSng.exe
  C:\Windows\System32\fEhJSng.exe
  2⤵
  PID:5264
- C:\Windows\System32\UiEDXiC.exe
  C:\Windows\System32\UiEDXiC.exe
  2⤵
  PID:5284
- C:\Windows\System32\pTqehZm.exe
  C:\Windows\System32\pTqehZm.exe
  2⤵
  PID:5304
- C:\Windows\System32\kZRlaEP.exe
  C:\Windows\System32\kZRlaEP.exe
  2⤵
  PID:5328
- C:\Windows\System32\bQfXGUQ.exe
  C:\Windows\System32\bQfXGUQ.exe
  2⤵
  PID:5344
- C:\Windows\System32\JyYenUN.exe
  C:\Windows\System32\JyYenUN.exe
  2⤵
  PID:5368
- C:\Windows\System32\PciqnhM.exe
  C:\Windows\System32\PciqnhM.exe
  2⤵
  PID:5388
- C:\Windows\System32\jMYSdrw.exe
  C:\Windows\System32\jMYSdrw.exe
  2⤵
  PID:5404
- C:\Windows\System32\MkSjoFn.exe
  C:\Windows\System32\MkSjoFn.exe
  2⤵
  PID:5420
- C:\Windows\System32\CfBxfvY.exe
  C:\Windows\System32\CfBxfvY.exe
  2⤵
  PID:5440
- C:\Windows\System32\JnNwQfa.exe
  C:\Windows\System32\JnNwQfa.exe
  2⤵
  PID:5516
- C:\Windows\System32\aCraMLJ.exe
  C:\Windows\System32\aCraMLJ.exe
  2⤵
  PID:5532
- C:\Windows\System32\dnxoeKq.exe
  C:\Windows\System32\dnxoeKq.exe
  2⤵
  PID:5548
- C:\Windows\System32\LFQUneR.exe
  C:\Windows\System32\LFQUneR.exe
  2⤵
  PID:5576
- C:\Windows\System32\zbNkdOW.exe
  C:\Windows\System32\zbNkdOW.exe
  2⤵
  PID:5672
- C:\Windows\System32\SdsEKQE.exe
  C:\Windows\System32\SdsEKQE.exe
  2⤵
  PID:5724
- C:\Windows\System32\BcLiXie.exe
  C:\Windows\System32\BcLiXie.exe
  2⤵
  PID:5760
- C:\Windows\System32\jLLshfR.exe
  C:\Windows\System32\jLLshfR.exe
  2⤵
  PID:5780
- C:\Windows\System32\DIfnyEQ.exe
  C:\Windows\System32\DIfnyEQ.exe
  2⤵
  PID:5860
- C:\Windows\System32\qOLhzTg.exe
  C:\Windows\System32\qOLhzTg.exe
  2⤵
  PID:5892
- C:\Windows\System32\nWUboiU.exe
  C:\Windows\System32\nWUboiU.exe
  2⤵
  PID:5908
- C:\Windows\System32\wlbEbVz.exe
  C:\Windows\System32\wlbEbVz.exe
  2⤵
  PID:5928
- C:\Windows\System32\ATxrkpE.exe
  C:\Windows\System32\ATxrkpE.exe
  2⤵
  PID:5944
- C:\Windows\System32\hCsPjIt.exe
  C:\Windows\System32\hCsPjIt.exe
  2⤵
  PID:5964
- C:\Windows\System32\BKBzFZk.exe
  C:\Windows\System32\BKBzFZk.exe
  2⤵
  PID:6004
- C:\Windows\System32\GePbhnu.exe
  C:\Windows\System32\GePbhnu.exe
  2⤵
  PID:6052
- C:\Windows\System32\mNFHZSA.exe
  C:\Windows\System32\mNFHZSA.exe
  2⤵
  PID:6084
- C:\Windows\System32\saAFMTx.exe
  C:\Windows\System32\saAFMTx.exe
  2⤵
  PID:6108
- C:\Windows\System32\YSstbUN.exe
  C:\Windows\System32\YSstbUN.exe
  2⤵
  PID:6128
- C:\Windows\System32\cdRePIr.exe
  C:\Windows\System32\cdRePIr.exe
  2⤵
  PID:4776
- C:\Windows\System32\XymZqtn.exe
  C:\Windows\System32\XymZqtn.exe
  2⤵
  PID:1884
- C:\Windows\System32\iYqmbQk.exe
  C:\Windows\System32\iYqmbQk.exe
  2⤵
  PID:5204
- C:\Windows\System32\yaixnsG.exe
  C:\Windows\System32\yaixnsG.exe
  2⤵
  PID:3376
- C:\Windows\System32\GTwlmvb.exe
  C:\Windows\System32\GTwlmvb.exe
  2⤵
  PID:5312
- C:\Windows\System32\pDabLhN.exe
  C:\Windows\System32\pDabLhN.exe
  2⤵
  PID:5456
- C:\Windows\System32\AJJocFU.exe
  C:\Windows\System32\AJJocFU.exe
  2⤵
  PID:5360
- C:\Windows\System32\QYERlUF.exe
  C:\Windows\System32\QYERlUF.exe
  2⤵
  PID:5300
- C:\Windows\System32\PsDmkzM.exe
  C:\Windows\System32\PsDmkzM.exe
  2⤵
  PID:5276
- C:\Windows\System32\FFyxpwc.exe
  C:\Windows\System32\FFyxpwc.exe
  2⤵
  PID:5584
- C:\Windows\System32\CIVZjPb.exe
  C:\Windows\System32\CIVZjPb.exe
  2⤵
  PID:5632
- C:\Windows\System32\TbBpEqh.exe
  C:\Windows\System32\TbBpEqh.exe
  2⤵
  PID:5524
- C:\Windows\System32\cNYlQxj.exe
  C:\Windows\System32\cNYlQxj.exe
  2⤵
  PID:5704
- C:\Windows\System32\rDNhmQD.exe
  C:\Windows\System32\rDNhmQD.exe
  2⤵
  PID:5748
- C:\Windows\System32\JqfaEfe.exe
  C:\Windows\System32\JqfaEfe.exe
  2⤵
  PID:5900
- C:\Windows\System32\qPcZPaC.exe
  C:\Windows\System32\qPcZPaC.exe
  2⤵
  PID:5960
- C:\Windows\System32\BWxMMzj.exe
  C:\Windows\System32\BWxMMzj.exe
  2⤵
  PID:4940
- C:\Windows\System32\Dfhgbay.exe
  C:\Windows\System32\Dfhgbay.exe
  2⤵
  PID:5124
- C:\Windows\System32\jsjFjow.exe
  C:\Windows\System32\jsjFjow.exe
  2⤵
  PID:4648
- C:\Windows\System32\lTbnyVQ.exe
  C:\Windows\System32\lTbnyVQ.exe
  2⤵
  PID:5412
- C:\Windows\System32\sbCfSxy.exe
  C:\Windows\System32\sbCfSxy.exe
  2⤵
  PID:5544
- C:\Windows\System32\NpaDZza.exe
  C:\Windows\System32\NpaDZza.exe
  2⤵
  PID:5504
- C:\Windows\System32\CqxWPFw.exe
  C:\Windows\System32\CqxWPFw.exe
  2⤵
  PID:5788
- C:\Windows\System32\VgqMiSW.exe
  C:\Windows\System32\VgqMiSW.exe
  2⤵
  PID:5668
- C:\Windows\System32\nNuGrTG.exe
  C:\Windows\System32\nNuGrTG.exe
  2⤵
  PID:5992
- C:\Windows\System32\UkEvyws.exe
  C:\Windows\System32\UkEvyws.exe
  2⤵
  PID:6068
- C:\Windows\System32\yiikkWG.exe
  C:\Windows\System32\yiikkWG.exe
  2⤵
  PID:6124
- C:\Windows\System32\SZUyFzq.exe
  C:\Windows\System32\SZUyFzq.exe
  2⤵
  PID:5224
- C:\Windows\System32\rBePPDh.exe
  C:\Windows\System32\rBePPDh.exe
  2⤵
  PID:5640
- C:\Windows\System32\asjlcMA.exe
  C:\Windows\System32\asjlcMA.exe
  2⤵
  PID:5128
- C:\Windows\System32\CBCHGbF.exe
  C:\Windows\System32\CBCHGbF.exe
  2⤵
  PID:6184
- C:\Windows\System32\wlqzVgC.exe
  C:\Windows\System32\wlqzVgC.exe
  2⤵
  PID:6200
- C:\Windows\System32\OUBNmEH.exe
  C:\Windows\System32\OUBNmEH.exe
  2⤵
  PID:6224
- C:\Windows\System32\yeHlJCE.exe
  C:\Windows\System32\yeHlJCE.exe
  2⤵
  PID:6244
- C:\Windows\System32\CTEKlln.exe
  C:\Windows\System32\CTEKlln.exe
  2⤵
  PID:6260
- C:\Windows\System32\EMWlfHm.exe
  C:\Windows\System32\EMWlfHm.exe
  2⤵
  PID:6284
- C:\Windows\System32\zLYCFZd.exe
  C:\Windows\System32\zLYCFZd.exe
  2⤵
  PID:6300
- C:\Windows\System32\NhzLqCp.exe
  C:\Windows\System32\NhzLqCp.exe
  2⤵
  PID:6324
- C:\Windows\System32\alhgRIu.exe
  C:\Windows\System32\alhgRIu.exe
  2⤵
  PID:6392
- C:\Windows\System32\PaFkfQm.exe
  C:\Windows\System32\PaFkfQm.exe
  2⤵
  PID:6448
- C:\Windows\System32\syubBJk.exe
  C:\Windows\System32\syubBJk.exe
  2⤵
  PID:6468
- C:\Windows\System32\NycIdkL.exe
  C:\Windows\System32\NycIdkL.exe
  2⤵
  PID:6512
- C:\Windows\System32\ffbczOY.exe
  C:\Windows\System32\ffbczOY.exe
  2⤵
  PID:6536
- C:\Windows\System32\PwVFlKo.exe
  C:\Windows\System32\PwVFlKo.exe
  2⤵
  PID:6552
- C:\Windows\System32\OuwWxZX.exe
  C:\Windows\System32\OuwWxZX.exe
  2⤵
  PID:6580
- C:\Windows\System32\cgtszZJ.exe
  C:\Windows\System32\cgtszZJ.exe
  2⤵
  PID:6596
- C:\Windows\System32\xaaZTlz.exe
  C:\Windows\System32\xaaZTlz.exe
  2⤵
  PID:6620
- C:\Windows\System32\GBzRHvY.exe
  C:\Windows\System32\GBzRHvY.exe
  2⤵
  PID:6636
- C:\Windows\System32\HZEuhUi.exe
  C:\Windows\System32\HZEuhUi.exe
  2⤵
  PID:6656
- C:\Windows\System32\kpudXKo.exe
  C:\Windows\System32\kpudXKo.exe
  2⤵
  PID:6672
- C:\Windows\System32\kyAGIKV.exe
  C:\Windows\System32\kyAGIKV.exe
  2⤵
  PID:6736
- C:\Windows\System32\lQInTld.exe
  C:\Windows\System32\lQInTld.exe
  2⤵
  PID:6760
- C:\Windows\System32\KEMzUpu.exe
  C:\Windows\System32\KEMzUpu.exe
  2⤵
  PID:6776
- C:\Windows\System32\ZPjtGtf.exe
  C:\Windows\System32\ZPjtGtf.exe
  2⤵
  PID:6800
- C:\Windows\System32\hkOkMUj.exe
  C:\Windows\System32\hkOkMUj.exe
  2⤵
  PID:6816
- C:\Windows\System32\qyZCRkz.exe
  C:\Windows\System32\qyZCRkz.exe
  2⤵
  PID:6840
- C:\Windows\System32\iiKDpGX.exe
  C:\Windows\System32\iiKDpGX.exe
  2⤵
  PID:6904
- C:\Windows\System32\vHJQLwh.exe
  C:\Windows\System32\vHJQLwh.exe
  2⤵
  PID:6932
- C:\Windows\System32\ZdtoFRH.exe
  C:\Windows\System32\ZdtoFRH.exe
  2⤵
  PID:6988
- C:\Windows\System32\BjqnDrk.exe
  C:\Windows\System32\BjqnDrk.exe
  2⤵
  PID:7032
- C:\Windows\System32\rdRxUsY.exe
  C:\Windows\System32\rdRxUsY.exe
  2⤵
  PID:7056
- C:\Windows\System32\jSHInnW.exe
  C:\Windows\System32\jSHInnW.exe
  2⤵
  PID:7084
- C:\Windows\System32\MBFbYKy.exe
  C:\Windows\System32\MBFbYKy.exe
  2⤵
  PID:7108
- C:\Windows\System32\pfrlxjJ.exe
  C:\Windows\System32\pfrlxjJ.exe
  2⤵
  PID:7124
- C:\Windows\System32\dirfuSb.exe
  C:\Windows\System32\dirfuSb.exe
  2⤵
  PID:7144
- C:\Windows\System32\ctAQVJC.exe
  C:\Windows\System32\ctAQVJC.exe
  2⤵
  PID:5416
- C:\Windows\System32\YrGnZOK.exe
  C:\Windows\System32\YrGnZOK.exe
  2⤵
  PID:6168
- C:\Windows\System32\EdChVZd.exe
  C:\Windows\System32\EdChVZd.exe
  2⤵
  PID:6236
- C:\Windows\System32\zGdqgsU.exe
  C:\Windows\System32\zGdqgsU.exe
  2⤵
  PID:6364
- C:\Windows\System32\PWMxgUS.exe
  C:\Windows\System32\PWMxgUS.exe
  2⤵
  PID:6268
- C:\Windows\System32\qoxFtFA.exe
  C:\Windows\System32\qoxFtFA.exe
  2⤵
  PID:6400
- C:\Windows\System32\UdgJYMy.exe
  C:\Windows\System32\UdgJYMy.exe
  2⤵
  PID:6460
- C:\Windows\System32\TktgRxY.exe
  C:\Windows\System32\TktgRxY.exe
  2⤵
  PID:6532
- C:\Windows\System32\zltbodm.exe
  C:\Windows\System32\zltbodm.exe
  2⤵
  PID:6548
- C:\Windows\System32\hQlfodR.exe
  C:\Windows\System32\hQlfodR.exe
  2⤵
  PID:6668
- C:\Windows\System32\SlaKmOV.exe
  C:\Windows\System32\SlaKmOV.exe
  2⤵
  PID:6680
- C:\Windows\System32\grKSLER.exe
  C:\Windows\System32\grKSLER.exe
  2⤵
  PID:6628
- C:\Windows\System32\wKckPJK.exe
  C:\Windows\System32\wKckPJK.exe
  2⤵
  PID:6768
- C:\Windows\System32\rlQksFf.exe
  C:\Windows\System32\rlQksFf.exe
  2⤵
  PID:6824
- C:\Windows\System32\aKKXDiq.exe
  C:\Windows\System32\aKKXDiq.exe
  2⤵
  PID:6948
- C:\Windows\System32\tQghGAy.exe
  C:\Windows\System32\tQghGAy.exe
  2⤵
  PID:7004
- C:\Windows\System32\ZFCtwPN.exe
  C:\Windows\System32\ZFCtwPN.exe
  2⤵
  PID:7052
- C:\Windows\System32\xbfPalZ.exe
  C:\Windows\System32\xbfPalZ.exe
  2⤵
  PID:7068
- C:\Windows\System32\uDsxRec.exe
  C:\Windows\System32\uDsxRec.exe
  2⤵
  PID:7140
- C:\Windows\System32\lCtwQcd.exe
  C:\Windows\System32\lCtwQcd.exe
  2⤵
  PID:6380
- C:\Windows\System32\xBTPRaH.exe
  C:\Windows\System32\xBTPRaH.exe
  2⤵
  PID:6632
- C:\Windows\System32\CAMBGfw.exe
  C:\Windows\System32\CAMBGfw.exe
  2⤵
  PID:6592
- C:\Windows\System32\UMivkbJ.exe
  C:\Windows\System32\UMivkbJ.exe
  2⤵
  PID:6944
- C:\Windows\System32\eeIdktS.exe
  C:\Windows\System32\eeIdktS.exe
  2⤵
  PID:7120
- C:\Windows\System32\WSyGhjw.exe
  C:\Windows\System32\WSyGhjw.exe
  2⤵
  PID:6160
- C:\Windows\System32\QqcjStx.exe
  C:\Windows\System32\QqcjStx.exe
  2⤵
  PID:6704
- C:\Windows\System32\VJvsvZt.exe
  C:\Windows\System32\VJvsvZt.exe
  2⤵
  PID:6744
- C:\Windows\System32\xkbxMNm.exe
  C:\Windows\System32\xkbxMNm.exe
  2⤵
  PID:5800
- C:\Windows\System32\cMplCwB.exe
  C:\Windows\System32\cMplCwB.exe
  2⤵
  PID:7188
- C:\Windows\System32\JiQQqhI.exe
  C:\Windows\System32\JiQQqhI.exe
  2⤵
  PID:7204
- C:\Windows\System32\gzGBOBA.exe
  C:\Windows\System32\gzGBOBA.exe
  2⤵
  PID:7228
- C:\Windows\System32\Knxolhl.exe
  C:\Windows\System32\Knxolhl.exe
  2⤵
  PID:7272
- C:\Windows\System32\oEZonCx.exe
  C:\Windows\System32\oEZonCx.exe
  2⤵
  PID:7292
- C:\Windows\System32\sBIHMoF.exe
  C:\Windows\System32\sBIHMoF.exe
  2⤵
  PID:7320
- C:\Windows\System32\frqKnxN.exe
  C:\Windows\System32\frqKnxN.exe
  2⤵
  PID:7344
- C:\Windows\System32\rjGJXto.exe
  C:\Windows\System32\rjGJXto.exe
  2⤵
  PID:7368
- C:\Windows\System32\ZJqGiDc.exe
  C:\Windows\System32\ZJqGiDc.exe
  2⤵
  PID:7408
- C:\Windows\System32\yMlNshT.exe
  C:\Windows\System32\yMlNshT.exe
  2⤵
  PID:7444
- C:\Windows\System32\bWgDLYv.exe
  C:\Windows\System32\bWgDLYv.exe
  2⤵
  PID:7464
- C:\Windows\System32\lecREwc.exe
  C:\Windows\System32\lecREwc.exe
  2⤵
  PID:7496
- C:\Windows\System32\enhMslo.exe
  C:\Windows\System32\enhMslo.exe
  2⤵
  PID:7520
- C:\Windows\System32\cRkInyM.exe
  C:\Windows\System32\cRkInyM.exe
  2⤵
  PID:7540
- C:\Windows\System32\AbwIzKv.exe
  C:\Windows\System32\AbwIzKv.exe
  2⤵
  PID:7556
- C:\Windows\System32\LoVqRgR.exe
  C:\Windows\System32\LoVqRgR.exe
  2⤵
  PID:7584
- C:\Windows\System32\NTzfiGf.exe
  C:\Windows\System32\NTzfiGf.exe
  2⤵
  PID:7632
- C:\Windows\System32\XEAmmur.exe
  C:\Windows\System32\XEAmmur.exe
  2⤵
  PID:7668
- C:\Windows\System32\spWQTNa.exe
  C:\Windows\System32\spWQTNa.exe
  2⤵
  PID:7696
- C:\Windows\System32\uEQWscA.exe
  C:\Windows\System32\uEQWscA.exe
  2⤵
  PID:7716
- C:\Windows\System32\DePsbcU.exe
  C:\Windows\System32\DePsbcU.exe
  2⤵
  PID:7748
- C:\Windows\System32\jIGEtza.exe
  C:\Windows\System32\jIGEtza.exe
  2⤵
  PID:7768
- C:\Windows\System32\UZhFkPa.exe
  C:\Windows\System32\UZhFkPa.exe
  2⤵
  PID:7784
- C:\Windows\System32\GALeeKX.exe
  C:\Windows\System32\GALeeKX.exe
  2⤵
  PID:7800
- C:\Windows\System32\PAqehrG.exe
  C:\Windows\System32\PAqehrG.exe
  2⤵
  PID:7832
- C:\Windows\System32\DucsxvX.exe
  C:\Windows\System32\DucsxvX.exe
  2⤵
  PID:7852
- C:\Windows\System32\ChpgRtR.exe
  C:\Windows\System32\ChpgRtR.exe
  2⤵
  PID:7900
- C:\Windows\System32\XrxKwIU.exe
  C:\Windows\System32\XrxKwIU.exe
  2⤵
  PID:7920
- C:\Windows\System32\xCgGbtc.exe
  C:\Windows\System32\xCgGbtc.exe
  2⤵
  PID:7940
- C:\Windows\System32\mmbUejt.exe
  C:\Windows\System32\mmbUejt.exe
  2⤵
  PID:7976
- C:\Windows\System32\rRDxiUd.exe
  C:\Windows\System32\rRDxiUd.exe
  2⤵
  PID:8008
- C:\Windows\System32\trgqqJN.exe
  C:\Windows\System32\trgqqJN.exe
  2⤵
  PID:8080
- C:\Windows\System32\VxQvjPL.exe
  C:\Windows\System32\VxQvjPL.exe
  2⤵
  PID:8096
- C:\Windows\System32\XQVahLA.exe
  C:\Windows\System32\XQVahLA.exe
  2⤵
  PID:8124
- C:\Windows\System32\XPTJpjZ.exe
  C:\Windows\System32\XPTJpjZ.exe
  2⤵
  PID:8148
- C:\Windows\System32\dXZdKSE.exe
  C:\Windows\System32\dXZdKSE.exe
  2⤵
  PID:8176
- C:\Windows\System32\XQSYsCw.exe
  C:\Windows\System32\XQSYsCw.exe
  2⤵
  PID:6868
- C:\Windows\System32\GwRcVZQ.exe
  C:\Windows\System32\GwRcVZQ.exe
  2⤵
  PID:6212
- C:\Windows\System32\oFFaMgZ.exe
  C:\Windows\System32\oFFaMgZ.exe
  2⤵
  PID:7284
- C:\Windows\System32\ZbTnZaE.exe
  C:\Windows\System32\ZbTnZaE.exe
  2⤵
  PID:7356
- C:\Windows\System32\SfESHQj.exe
  C:\Windows\System32\SfESHQj.exe
  2⤵
  PID:7376
- C:\Windows\System32\oMQarAK.exe
  C:\Windows\System32\oMQarAK.exe
  2⤵
  PID:7404
- C:\Windows\System32\sIOoNYE.exe
  C:\Windows\System32\sIOoNYE.exe
  2⤵
  PID:7424
- C:\Windows\System32\JQTTypM.exe
  C:\Windows\System32\JQTTypM.exe
  2⤵
  PID:7512
- C:\Windows\System32\fxVVPRx.exe
  C:\Windows\System32\fxVVPRx.exe
  2⤵
  PID:7728
- C:\Windows\System32\waPWfay.exe
  C:\Windows\System32\waPWfay.exe
  2⤵
  PID:7796
- C:\Windows\System32\DHbXwVT.exe
  C:\Windows\System32\DHbXwVT.exe
  2⤵
  PID:7848
- C:\Windows\System32\hMCagWn.exe
  C:\Windows\System32\hMCagWn.exe
  2⤵
  PID:7756
- C:\Windows\System32\EsBfPbn.exe
  C:\Windows\System32\EsBfPbn.exe
  2⤵
  PID:7880
- C:\Windows\System32\RJsDrci.exe
  C:\Windows\System32\RJsDrci.exe
  2⤵
  PID:8004
- C:\Windows\System32\VXSwmFO.exe
  C:\Windows\System32\VXSwmFO.exe
  2⤵
  PID:8044
- C:\Windows\System32\PVpARHM.exe
  C:\Windows\System32\PVpARHM.exe
  2⤵
  PID:8136
- C:\Windows\System32\uqeAuOW.exe
  C:\Windows\System32\uqeAuOW.exe
  2⤵
  PID:8144
- C:\Windows\System32\BBLYoPy.exe
  C:\Windows\System32\BBLYoPy.exe
  2⤵
  PID:7220
- C:\Windows\System32\OMFnkpS.exe
  C:\Windows\System32\OMFnkpS.exe
  2⤵
  PID:7504
- C:\Windows\System32\EyMQJIf.exe
  C:\Windows\System32\EyMQJIf.exe
  2⤵
  PID:7516
- C:\Windows\System32\akzWiCM.exe
  C:\Windows\System32\akzWiCM.exe
  2⤵
  PID:7680
- C:\Windows\System32\VjumCTp.exe
  C:\Windows\System32\VjumCTp.exe
  2⤵
  PID:7868
- C:\Windows\System32\TNdpBhD.exe
  C:\Windows\System32\TNdpBhD.exe
  2⤵
  PID:7100
- C:\Windows\System32\wjbphsl.exe
  C:\Windows\System32\wjbphsl.exe
  2⤵
  PID:8120
- C:\Windows\System32\rMbThva.exe
  C:\Windows\System32\rMbThva.exe
  2⤵
  PID:8088
- C:\Windows\System32\vknVWVN.exe
  C:\Windows\System32\vknVWVN.exe
  2⤵
  PID:7676
- C:\Windows\System32\eRGYycV.exe
  C:\Windows\System32\eRGYycV.exe
  2⤵
  PID:7888
- C:\Windows\System32\flhWLCr.exe
  C:\Windows\System32\flhWLCr.exe
  2⤵
  PID:8200
- C:\Windows\System32\KqgAMVq.exe
  C:\Windows\System32\KqgAMVq.exe
  2⤵
  PID:8248
- C:\Windows\System32\MgeFgVm.exe
  C:\Windows\System32\MgeFgVm.exe
  2⤵
  PID:8276
- C:\Windows\System32\wrzSODp.exe
  C:\Windows\System32\wrzSODp.exe
  2⤵
  PID:8300
- C:\Windows\System32\FnhZVUl.exe
  C:\Windows\System32\FnhZVUl.exe
  2⤵
  PID:8324
- C:\Windows\System32\cILgRdT.exe
  C:\Windows\System32\cILgRdT.exe
  2⤵
  PID:8364
- C:\Windows\System32\GJlbuGn.exe
  C:\Windows\System32\GJlbuGn.exe
  2⤵
  PID:8404
- C:\Windows\System32\ILhTRKG.exe
  C:\Windows\System32\ILhTRKG.exe
  2⤵
  PID:8436
- C:\Windows\System32\zdtXPoS.exe
  C:\Windows\System32\zdtXPoS.exe
  2⤵
  PID:8460
- C:\Windows\System32\avDZQxz.exe
  C:\Windows\System32\avDZQxz.exe
  2⤵
  PID:8480
- C:\Windows\System32\IXgTEBK.exe
  C:\Windows\System32\IXgTEBK.exe
  2⤵
  PID:8512
- C:\Windows\System32\wcEeiQt.exe
  C:\Windows\System32\wcEeiQt.exe
  2⤵
  PID:8540
- C:\Windows\System32\RiKQLVa.exe
  C:\Windows\System32\RiKQLVa.exe
  2⤵
  PID:8560
- C:\Windows\System32\eRPpbPm.exe
  C:\Windows\System32\eRPpbPm.exe
  2⤵
  PID:8600
- C:\Windows\System32\FBTgpJr.exe
  C:\Windows\System32\FBTgpJr.exe
  2⤵
  PID:8616
- C:\Windows\System32\dnPUBko.exe
  C:\Windows\System32\dnPUBko.exe
  2⤵
  PID:8636
- C:\Windows\System32\gfkCkyr.exe
  C:\Windows\System32\gfkCkyr.exe
  2⤵
  PID:8684
- C:\Windows\System32\CgKoHAM.exe
  C:\Windows\System32\CgKoHAM.exe
  2⤵
  PID:8712
- C:\Windows\System32\YVSrPoN.exe
  C:\Windows\System32\YVSrPoN.exe
  2⤵
  PID:8736
- C:\Windows\System32\eDCbpPL.exe
  C:\Windows\System32\eDCbpPL.exe
  2⤵
  PID:8756
- C:\Windows\System32\DDIPbhF.exe
  C:\Windows\System32\DDIPbhF.exe
  2⤵
  PID:8772
- C:\Windows\System32\phPjXly.exe
  C:\Windows\System32\phPjXly.exe
  2⤵
  PID:8804
- C:\Windows\System32\XJmwgZb.exe
  C:\Windows\System32\XJmwgZb.exe
  2⤵
  PID:8852
- C:\Windows\System32\BdmkBDo.exe
  C:\Windows\System32\BdmkBDo.exe
  2⤵
  PID:8872
- C:\Windows\System32\TpIsnAL.exe
  C:\Windows\System32\TpIsnAL.exe
  2⤵
  PID:8888
- C:\Windows\System32\KEyTeEo.exe
  C:\Windows\System32\KEyTeEo.exe
  2⤵
  PID:8912
- C:\Windows\System32\rRqJXMF.exe
  C:\Windows\System32\rRqJXMF.exe
  2⤵
  PID:8936
- C:\Windows\System32\qtidbyE.exe
  C:\Windows\System32\qtidbyE.exe
  2⤵
  PID:8960
- C:\Windows\System32\HozzktL.exe
  C:\Windows\System32\HozzktL.exe
  2⤵
  PID:8996
- C:\Windows\System32\RqbVIcp.exe
  C:\Windows\System32\RqbVIcp.exe
  2⤵
  PID:9020
- C:\Windows\System32\UBjMFIC.exe
  C:\Windows\System32\UBjMFIC.exe
  2⤵
  PID:9048
- C:\Windows\System32\ILofVSg.exe
  C:\Windows\System32\ILofVSg.exe
  2⤵
  PID:9068
- C:\Windows\System32\DMdDPvG.exe
  C:\Windows\System32\DMdDPvG.exe
  2⤵
  PID:9104
- C:\Windows\System32\nnqmdEj.exe
  C:\Windows\System32\nnqmdEj.exe
  2⤵
  PID:9120
- C:\Windows\System32\wIVWmGQ.exe
  C:\Windows\System32\wIVWmGQ.exe
  2⤵
  PID:9172
- C:\Windows\System32\hctrMyI.exe
  C:\Windows\System32\hctrMyI.exe
  2⤵
  PID:9200
- C:\Windows\System32\blvYPwa.exe
  C:\Windows\System32\blvYPwa.exe
  2⤵
  PID:7776
- C:\Windows\System32\hzLAsGD.exe
  C:\Windows\System32\hzLAsGD.exe
  2⤵
  PID:7928
- C:\Windows\System32\ZjdDYcJ.exe
  C:\Windows\System32\ZjdDYcJ.exe
  2⤵
  PID:8296
- C:\Windows\System32\XlpJAGr.exe
  C:\Windows\System32\XlpJAGr.exe
  2⤵
  PID:8340
- C:\Windows\System32\kGvuEEF.exe
  C:\Windows\System32\kGvuEEF.exe
  2⤵
  PID:8376
- C:\Windows\System32\diKPlPL.exe
  C:\Windows\System32\diKPlPL.exe
  2⤵
  PID:8468
- C:\Windows\System32\IjHgdYe.exe
  C:\Windows\System32\IjHgdYe.exe
  2⤵
  PID:8528
- C:\Windows\System32\BliiZZV.exe
  C:\Windows\System32\BliiZZV.exe
  2⤵
  PID:8592
- C:\Windows\System32\vYIPYHv.exe
  C:\Windows\System32\vYIPYHv.exe
  2⤵
  PID:8632
- C:\Windows\System32\idwpene.exe
  C:\Windows\System32\idwpene.exe
  2⤵
  PID:8724
- C:\Windows\System32\LHentnb.exe
  C:\Windows\System32\LHentnb.exe
  2⤵
  PID:8828
- C:\Windows\System32\qlYKiyu.exe
  C:\Windows\System32\qlYKiyu.exe
  2⤵
  PID:8904
- C:\Windows\System32\fucJZtB.exe
  C:\Windows\System32\fucJZtB.exe
  2⤵
  PID:8924
- C:\Windows\System32\CkfsNFx.exe
  C:\Windows\System32\CkfsNFx.exe
  2⤵
  PID:8952
- C:\Windows\System32\lEEzUam.exe
  C:\Windows\System32\lEEzUam.exe
  2⤵
  PID:9012
- C:\Windows\System32\GGPZQpt.exe
  C:\Windows\System32\GGPZQpt.exe
  2⤵
  PID:9092
- C:\Windows\System32\ferzZob.exe
  C:\Windows\System32\ferzZob.exe
  2⤵
  PID:9116
- C:\Windows\System32\dVOYhkE.exe
  C:\Windows\System32\dVOYhkE.exe
  2⤵
  PID:9144
- C:\Windows\System32\pRGtpBu.exe
  C:\Windows\System32\pRGtpBu.exe
  2⤵
  PID:8196
- C:\Windows\System32\FRhTcqF.exe
  C:\Windows\System32\FRhTcqF.exe
  2⤵
  PID:8312
- C:\Windows\System32\zRmAtIx.exe
  C:\Windows\System32\zRmAtIx.exe
  2⤵
  PID:9132
- C:\Windows\System32\PcbgjNA.exe
  C:\Windows\System32\PcbgjNA.exe
  2⤵
  PID:9128
- C:\Windows\System32\jdgnadM.exe
  C:\Windows\System32\jdgnadM.exe
  2⤵
  PID:9212
- C:\Windows\System32\sRkulKx.exe
  C:\Windows\System32\sRkulKx.exe
  2⤵
  PID:9228
- C:\Windows\System32\FAJeTSJ.exe
  C:\Windows\System32\FAJeTSJ.exe
  2⤵
  PID:9244
- C:\Windows\System32\beoBGJF.exe
  C:\Windows\System32\beoBGJF.exe
  2⤵
  PID:9260
- C:\Windows\System32\XAEOVAI.exe
  C:\Windows\System32\XAEOVAI.exe
  2⤵
  PID:9276
- C:\Windows\System32\vFNZuKD.exe
  C:\Windows\System32\vFNZuKD.exe
  2⤵
  PID:9292
- C:\Windows\System32\mQNOJEA.exe
  C:\Windows\System32\mQNOJEA.exe
  2⤵
  PID:9308
- C:\Windows\System32\MLdrclK.exe
  C:\Windows\System32\MLdrclK.exe
  2⤵
  PID:9324
- C:\Windows\System32\wBsktbY.exe
  C:\Windows\System32\wBsktbY.exe
  2⤵
  PID:9340
- C:\Windows\System32\gqmCEJe.exe
  C:\Windows\System32\gqmCEJe.exe
  2⤵
  PID:9356
- C:\Windows\System32\aSgOKej.exe
  C:\Windows\System32\aSgOKej.exe
  2⤵
  PID:9372
- C:\Windows\System32\cToJjCX.exe
  C:\Windows\System32\cToJjCX.exe
  2⤵
  PID:9388
- C:\Windows\System32\SnweKRM.exe
  C:\Windows\System32\SnweKRM.exe
  2⤵
  PID:9404
- C:\Windows\System32\wzIOLMx.exe
  C:\Windows\System32\wzIOLMx.exe
  2⤵
  PID:9424
- C:\Windows\System32\EeaEZkM.exe
  C:\Windows\System32\EeaEZkM.exe
  2⤵
  PID:9440
- C:\Windows\System32\XTFjxSt.exe
  C:\Windows\System32\XTFjxSt.exe
  2⤵
  PID:9524
- C:\Windows\System32\GHrWJiq.exe
  C:\Windows\System32\GHrWJiq.exe
  2⤵
  PID:9544
- C:\Windows\System32\BIXzPZZ.exe
  C:\Windows\System32\BIXzPZZ.exe
  2⤵
  PID:9576
- C:\Windows\System32\rWfZboh.exe
  C:\Windows\System32\rWfZboh.exe
  2⤵
  PID:9592
- C:\Windows\System32\gHfUnEC.exe
  C:\Windows\System32\gHfUnEC.exe
  2⤵
  PID:9608
- C:\Windows\System32\jejqvVK.exe
  C:\Windows\System32\jejqvVK.exe
  2⤵
  PID:9624
- C:\Windows\System32\bLFpgEK.exe
  C:\Windows\System32\bLFpgEK.exe
  2⤵
  PID:9640
- C:\Windows\System32\mRgkqFN.exe
  C:\Windows\System32\mRgkqFN.exe
  2⤵
  PID:9656
- C:\Windows\System32\IHodyaJ.exe
  C:\Windows\System32\IHodyaJ.exe
  2⤵
  PID:9672
- C:\Windows\System32\jSoqUFk.exe
  C:\Windows\System32\jSoqUFk.exe
  2⤵
  PID:9688
- C:\Windows\System32\lHkhKEk.exe
  C:\Windows\System32\lHkhKEk.exe
  2⤵
  PID:9736
- C:\Windows\System32\DazdvRq.exe
  C:\Windows\System32\DazdvRq.exe
  2⤵
  PID:9756
- C:\Windows\System32\GfnkkfJ.exe
  C:\Windows\System32\GfnkkfJ.exe
  2⤵
  PID:9844
- C:\Windows\System32\vIjYWzv.exe
  C:\Windows\System32\vIjYWzv.exe
  2⤵
  PID:9896
- C:\Windows\System32\FiGUbRR.exe
  C:\Windows\System32\FiGUbRR.exe
  2⤵
  PID:9916
- C:\Windows\System32\YhGcuqj.exe
  C:\Windows\System32\YhGcuqj.exe
  2⤵
  PID:9936
- C:\Windows\System32\mVnuBuq.exe
  C:\Windows\System32\mVnuBuq.exe
  2⤵
  PID:10108
- C:\Windows\System32\mMcoaDB.exe
  C:\Windows\System32\mMcoaDB.exe
  2⤵
  PID:10208
- C:\Windows\System32\KopGsQx.exe
  C:\Windows\System32\KopGsQx.exe
  2⤵
  PID:10236
- C:\Windows\System32\xdVIgoI.exe
  C:\Windows\System32\xdVIgoI.exe
  2⤵
  PID:8880
- C:\Windows\System32\cayiliv.exe
  C:\Windows\System32\cayiliv.exe
  2⤵
  PID:8420
- C:\Windows\System32\SSJeDiO.exe
  C:\Windows\System32\SSJeDiO.exe
  2⤵
  PID:9432
- C:\Windows\System32\PlkKZvV.exe
  C:\Windows\System32\PlkKZvV.exe
  2⤵
  PID:8288
- C:\Windows\System32\eSoyuZr.exe
  C:\Windows\System32\eSoyuZr.exe
  2⤵
  PID:9164
- C:\Windows\System32\CvZvXpT.exe
  C:\Windows\System32\CvZvXpT.exe
  2⤵
  PID:9224
- C:\Windows\System32\YDYTEcK.exe
  C:\Windows\System32\YDYTEcK.exe
  2⤵
  PID:8520
- C:\Windows\System32\IktFWSj.exe
  C:\Windows\System32\IktFWSj.exe
  2⤵
  PID:8608
- C:\Windows\System32\DykIQFK.exe
  C:\Windows\System32\DykIQFK.exe
  2⤵
  PID:9572
- C:\Windows\System32\xGEeBkH.exe
  C:\Windows\System32\xGEeBkH.exe
  2⤵
  PID:9500
- C:\Windows\System32\QUGGWDW.exe
  C:\Windows\System32\QUGGWDW.exe
  2⤵
  PID:9320
- C:\Windows\System32\ZYgooWf.exe
  C:\Windows\System32\ZYgooWf.exe
  2⤵
  PID:9420
- C:\Windows\System32\EoZZKGQ.exe
  C:\Windows\System32\EoZZKGQ.exe
  2⤵
  PID:9588
- C:\Windows\System32\pPhyVzT.exe
  C:\Windows\System32\pPhyVzT.exe
  2⤵
  PID:9584
- C:\Windows\System32\CDiEcXr.exe
  C:\Windows\System32\CDiEcXr.exe
  2⤵
  PID:9680
- C:\Windows\System32\nMzzUZa.exe
  C:\Windows\System32\nMzzUZa.exe
  2⤵
  PID:9800
- C:\Windows\System32\yktcesf.exe
  C:\Windows\System32\yktcesf.exe
  2⤵
  PID:9996
- C:\Windows\System32\nJaOyvl.exe
  C:\Windows\System32\nJaOyvl.exe
  2⤵
  PID:9904
- C:\Windows\System32\wSbbyho.exe
  C:\Windows\System32\wSbbyho.exe
  2⤵
  PID:10080
- C:\Windows\System32\UHgupqP.exe
  C:\Windows\System32\UHgupqP.exe
  2⤵
  PID:10116
- C:\Windows\System32\JHrPMLH.exe
  C:\Windows\System32\JHrPMLH.exe
  2⤵
  PID:8552
- C:\Windows\System32\MfzNCPC.exe
  C:\Windows\System32\MfzNCPC.exe
  2⤵
  PID:8536
- C:\Windows\System32\MrnlNGN.exe
  C:\Windows\System32\MrnlNGN.exe
  2⤵
  PID:9464
- C:\Windows\System32\jPiEgps.exe
  C:\Windows\System32\jPiEgps.exe
  2⤵
  PID:9240
- C:\Windows\System32\fwgfVzL.exe
  C:\Windows\System32\fwgfVzL.exe
  2⤵
  PID:9620
- C:\Windows\System32\EHquAzs.exe
  C:\Windows\System32\EHquAzs.exe
  2⤵
  PID:9348
- C:\Windows\System32\FeGwwXq.exe
  C:\Windows\System32\FeGwwXq.exe
  2⤵
  PID:9820
- C:\Windows\System32\uWFPohO.exe
  C:\Windows\System32\uWFPohO.exe
  2⤵
  PID:9880
- C:\Windows\System32\imFGIMj.exe
  C:\Windows\System32\imFGIMj.exe
  2⤵
  PID:10060
- C:\Windows\System32\JzSpSJI.exe
  C:\Windows\System32\JzSpSJI.exe
  2⤵
  PID:10224
- C:\Windows\System32\rUSCvyZ.exe
  C:\Windows\System32\rUSCvyZ.exe
  2⤵
  PID:8896
- C:\Windows\System32\hSyinIr.exe
  C:\Windows\System32\hSyinIr.exe
  2⤵
  PID:9668
- C:\Windows\System32\pNLtGmC.exe
  C:\Windows\System32\pNLtGmC.exe
  2⤵
  PID:8584
- C:\Windows\System32\RsAoXyW.exe
  C:\Windows\System32\RsAoXyW.exe
  2⤵
  PID:9220
- C:\Windows\System32\cPWCmke.exe
  C:\Windows\System32\cPWCmke.exe
  2⤵
  PID:9752
- C:\Windows\System32\hVDfulW.exe
  C:\Windows\System32\hVDfulW.exe
  2⤵
  PID:10260
- C:\Windows\System32\NRPUipV.exe
  C:\Windows\System32\NRPUipV.exe
  2⤵
  PID:10276
- C:\Windows\System32\wqLoqCG.exe
  C:\Windows\System32\wqLoqCG.exe
  2⤵
  PID:10300
- C:\Windows\System32\UiZLALp.exe
  C:\Windows\System32\UiZLALp.exe
  2⤵
  PID:10328
- C:\Windows\System32\KjGplzP.exe
  C:\Windows\System32\KjGplzP.exe
  2⤵
  PID:10380
- C:\Windows\System32\ONnNrFN.exe
  C:\Windows\System32\ONnNrFN.exe
  2⤵
  PID:10400
- C:\Windows\System32\dmIkORI.exe
  C:\Windows\System32\dmIkORI.exe
  2⤵
  PID:10424
- C:\Windows\System32\RvMwxoV.exe
  C:\Windows\System32\RvMwxoV.exe
  2⤵
  PID:10444
- C:\Windows\System32\rGHSxxl.exe
  C:\Windows\System32\rGHSxxl.exe
  2⤵
  PID:10460
- C:\Windows\System32\mksAuMq.exe
  C:\Windows\System32\mksAuMq.exe
  2⤵
  PID:10504
- C:\Windows\System32\hddANYe.exe
  C:\Windows\System32\hddANYe.exe
  2⤵
  PID:10532
- C:\Windows\System32\GbRCueQ.exe
  C:\Windows\System32\GbRCueQ.exe
  2⤵
  PID:10584
- C:\Windows\System32\HWCQfGC.exe
  C:\Windows\System32\HWCQfGC.exe
  2⤵
  PID:10612
- C:\Windows\System32\gKvfQmS.exe
  C:\Windows\System32\gKvfQmS.exe
  2⤵
  PID:10628
- C:\Windows\System32\VJwjAXv.exe
  C:\Windows\System32\VJwjAXv.exe
  2⤵
  PID:10652
- C:\Windows\System32\pShknod.exe
  C:\Windows\System32\pShknod.exe
  2⤵
  PID:10668
- C:\Windows\System32\lHkvzSO.exe
  C:\Windows\System32\lHkvzSO.exe
  2⤵
  PID:10696
- C:\Windows\System32\AFqSGgy.exe
  C:\Windows\System32\AFqSGgy.exe
  2⤵
  PID:10716
- C:\Windows\System32\SQqZkTe.exe
  C:\Windows\System32\SQqZkTe.exe
  2⤵
  PID:10760
- C:\Windows\System32\RXBitgJ.exe
  C:\Windows\System32\RXBitgJ.exe
  2⤵
  PID:10800
- C:\Windows\System32\ABwGReJ.exe
  C:\Windows\System32\ABwGReJ.exe
  2⤵
  PID:10832
- C:\Windows\System32\KaiYHzO.exe
  C:\Windows\System32\KaiYHzO.exe
  2⤵
  PID:10852
- C:\Windows\System32\eFTiZcW.exe
  C:\Windows\System32\eFTiZcW.exe
  2⤵
  PID:10884
- C:\Windows\System32\AxqDTFm.exe
  C:\Windows\System32\AxqDTFm.exe
  2⤵
  PID:10928
- C:\Windows\System32\TzatOKe.exe
  C:\Windows\System32\TzatOKe.exe
  2⤵
  PID:10944
- C:\Windows\System32\SXWAkcK.exe
  C:\Windows\System32\SXWAkcK.exe
  2⤵
  PID:10972
- C:\Windows\System32\WdDxoPk.exe
  C:\Windows\System32\WdDxoPk.exe
  2⤵
  PID:11000
- C:\Windows\System32\ImNjhty.exe
  C:\Windows\System32\ImNjhty.exe
  2⤵
  PID:11036
- C:\Windows\System32\rxBNsJD.exe
  C:\Windows\System32\rxBNsJD.exe
  2⤵
  PID:11060
- C:\Windows\System32\ljHHtpW.exe
  C:\Windows\System32\ljHHtpW.exe
  2⤵
  PID:11084
- C:\Windows\System32\qOIgmBn.exe
  C:\Windows\System32\qOIgmBn.exe
  2⤵
  PID:11116
- C:\Windows\System32\xKIUEzL.exe
  C:\Windows\System32\xKIUEzL.exe
  2⤵
  PID:11140
- C:\Windows\System32\dfgTCxH.exe
  C:\Windows\System32\dfgTCxH.exe
  2⤵
  PID:11156
- C:\Windows\System32\yyoNsqn.exe
  C:\Windows\System32\yyoNsqn.exe
  2⤵
  PID:11176
- C:\Windows\System32\GcXceOn.exe
  C:\Windows\System32\GcXceOn.exe
  2⤵
  PID:11192
- C:\Windows\System32\PCrdvjp.exe
  C:\Windows\System32\PCrdvjp.exe
  2⤵
  PID:11232
- C:\Windows\System32\sWKOeyq.exe
  C:\Windows\System32\sWKOeyq.exe
  2⤵
  PID:11248
- C:\Windows\System32\nYhxtbs.exe
  C:\Windows\System32\nYhxtbs.exe
  2⤵
  PID:10252
- C:\Windows\System32\kSFJvId.exe
  C:\Windows\System32\kSFJvId.exe
  2⤵
  PID:10272
- C:\Windows\System32\ccisKCP.exe
  C:\Windows\System32\ccisKCP.exe
  2⤵
  PID:10396
- C:\Windows\System32\tsHgFDY.exe
  C:\Windows\System32\tsHgFDY.exe
  2⤵
  PID:10432
- C:\Windows\System32\UnIyewE.exe
  C:\Windows\System32\UnIyewE.exe
  2⤵
  PID:10512
- C:\Windows\System32\BqFVQuH.exe
  C:\Windows\System32\BqFVQuH.exe
  2⤵
  PID:10592
- C:\Windows\System32\sKIITYK.exe
  C:\Windows\System32\sKIITYK.exe
  2⤵
  PID:10664
- C:\Windows\System32\eJyHpCy.exe
  C:\Windows\System32\eJyHpCy.exe
  2⤵
  PID:10712
- C:\Windows\System32\FNhSlGh.exe
  C:\Windows\System32\FNhSlGh.exe
  2⤵
  PID:10688
- C:\Windows\System32\HREgrxV.exe
  C:\Windows\System32\HREgrxV.exe
  2⤵
  PID:10848
- C:\Windows\System32\oLqmRPM.exe
  C:\Windows\System32\oLqmRPM.exe
  2⤵
  PID:10952
- C:\Windows\System32\tRsPpjW.exe
  C:\Windows\System32\tRsPpjW.exe
  2⤵
  PID:11048
- C:\Windows\System32\ECHZZGs.exe
  C:\Windows\System32\ECHZZGs.exe
  2⤵
  PID:11104
- C:\Windows\System32\DPpwuQn.exe
  C:\Windows\System32\DPpwuQn.exe
  2⤵
  PID:11152
- C:\Windows\System32\BLSHLgw.exe
  C:\Windows\System32\BLSHLgw.exe
  2⤵
  PID:11188
- C:\Windows\System32\NKbjflX.exe
  C:\Windows\System32\NKbjflX.exe
  2⤵
  PID:9944
- C:\Windows\System32\NlgReEx.exe
  C:\Windows\System32\NlgReEx.exe
  2⤵
  PID:11256
- C:\Windows\System32\UNlYXBK.exe
  C:\Windows\System32\UNlYXBK.exe
  2⤵
  PID:10324
- C:\Windows\System32\SijWGhB.exe
  C:\Windows\System32\SijWGhB.exe
  2⤵
  PID:10452
- C:\Windows\System32\qToVJvB.exe
  C:\Windows\System32\qToVJvB.exe
  2⤵
  PID:10540
- C:\Windows\System32\KxWrhcQ.exe
  C:\Windows\System32\KxWrhcQ.exe
  2⤵
  PID:10732
- C:\Windows\System32\ccaKjNf.exe
  C:\Windows\System32\ccaKjNf.exe
  2⤵
  PID:11044
- C:\Windows\System32\ifjaJcH.exe
  C:\Windows\System32\ifjaJcH.exe
  2⤵
  PID:11212
- C:\Windows\System32\qGZhsJs.exe
  C:\Windows\System32\qGZhsJs.exe
  2⤵
  PID:11224
- C:\Windows\System32\HKcAdQh.exe
  C:\Windows\System32\HKcAdQh.exe
  2⤵
  PID:10420
- C:\Windows\System32\uSEgJsJ.exe
  C:\Windows\System32\uSEgJsJ.exe
  2⤵
  PID:10788
- C:\Windows\System32\ZDaNasQ.exe
  C:\Windows\System32\ZDaNasQ.exe
  2⤵
  PID:11276
- C:\Windows\System32\XNlKbbT.exe
  C:\Windows\System32\XNlKbbT.exe
  2⤵
  PID:11304
- C:\Windows\System32\ZpeHNPx.exe
  C:\Windows\System32\ZpeHNPx.exe
  2⤵
  PID:11320
- C:\Windows\System32\AzjALDO.exe
  C:\Windows\System32\AzjALDO.exe
  2⤵
  PID:11348
- C:\Windows\System32\yMykXKP.exe
  C:\Windows\System32\yMykXKP.exe
  2⤵
  PID:11368
- C:\Windows\System32\HhMTYhk.exe
  C:\Windows\System32\HhMTYhk.exe
  2⤵
  PID:11448
- C:\Windows\System32\hFNxNzu.exe
  C:\Windows\System32\hFNxNzu.exe
  2⤵
  PID:11496
- C:\Windows\System32\mhtrmaP.exe
  C:\Windows\System32\mhtrmaP.exe
  2⤵
  PID:11520
- C:\Windows\System32\aWepOjV.exe
  C:\Windows\System32\aWepOjV.exe
  2⤵
  PID:11548
- C:\Windows\System32\xOOfwUr.exe
  C:\Windows\System32\xOOfwUr.exe
  2⤵
  PID:11576
- C:\Windows\System32\cddTKwj.exe
  C:\Windows\System32\cddTKwj.exe
  2⤵
  PID:11604
- C:\Windows\System32\oiioTuo.exe
  C:\Windows\System32\oiioTuo.exe
  2⤵
  PID:11636
- C:\Windows\System32\YuDbAAw.exe
  C:\Windows\System32\YuDbAAw.exe
  2⤵
  PID:11664
- C:\Windows\System32\eioAeSu.exe
  C:\Windows\System32\eioAeSu.exe
  2⤵
  PID:11688
- C:\Windows\System32\czfVhSU.exe
  C:\Windows\System32\czfVhSU.exe
  2⤵
  PID:11708
- C:\Windows\System32\sjwjNRW.exe
  C:\Windows\System32\sjwjNRW.exe
  2⤵
  PID:11748
- C:\Windows\System32\pwldtYX.exe
  C:\Windows\System32\pwldtYX.exe
  2⤵
  PID:11772
- C:\Windows\System32\Zkdzzvn.exe
  C:\Windows\System32\Zkdzzvn.exe
  2⤵
  PID:11796
- C:\Windows\System32\EvyLNqP.exe
  C:\Windows\System32\EvyLNqP.exe
  2⤵
  PID:11812
- C:\Windows\System32\drXJthb.exe
  C:\Windows\System32\drXJthb.exe
  2⤵
  PID:11836
- C:\Windows\System32\mNGbndT.exe
  C:\Windows\System32\mNGbndT.exe
  2⤵
  PID:11856
- C:\Windows\System32\ImuigkJ.exe
  C:\Windows\System32\ImuigkJ.exe
  2⤵
  PID:11916
- C:\Windows\System32\HCUkQkT.exe
  C:\Windows\System32\HCUkQkT.exe
  2⤵
  PID:11952
- C:\Windows\System32\oPiormE.exe
  C:\Windows\System32\oPiormE.exe
  2⤵
  PID:11972
- C:\Windows\System32\tcmJCzG.exe
  C:\Windows\System32\tcmJCzG.exe
  2⤵
  PID:12004
- C:\Windows\System32\FAhjZwy.exe
  C:\Windows\System32\FAhjZwy.exe
  2⤵
  PID:12028
- C:\Windows\System32\EHUXkOF.exe
  C:\Windows\System32\EHUXkOF.exe
  2⤵
  PID:12048
- C:\Windows\System32\rLIHlBR.exe
  C:\Windows\System32\rLIHlBR.exe
  2⤵
  PID:12064
- C:\Windows\System32\oxKbxkV.exe
  C:\Windows\System32\oxKbxkV.exe
  2⤵
  PID:12088
- C:\Windows\System32\VzjwKfE.exe
  C:\Windows\System32\VzjwKfE.exe
  2⤵
  PID:12116
- C:\Windows\System32\NgoPqMG.exe
  C:\Windows\System32\NgoPqMG.exe
  2⤵
  PID:12140
- C:\Windows\System32\GyualXc.exe
  C:\Windows\System32\GyualXc.exe
  2⤵
  PID:12172
- C:\Windows\System32\QzVpflT.exe
  C:\Windows\System32\QzVpflT.exe
  2⤵
  PID:12212
- C:\Windows\System32\uyMdzSH.exe
  C:\Windows\System32\uyMdzSH.exe
  2⤵
  PID:12232
- C:\Windows\System32\mZuiEAb.exe
  C:\Windows\System32\mZuiEAb.exe
  2⤵
  PID:12248
- C:\Windows\System32\aYZUdrn.exe
  C:\Windows\System32\aYZUdrn.exe
  2⤵
  PID:11096
- C:\Windows\System32\EiqwGAK.exe
  C:\Windows\System32\EiqwGAK.exe
  2⤵
  PID:10816
- C:\Windows\System32\MCBVByE.exe
  C:\Windows\System32\MCBVByE.exe
  2⤵
  PID:11364
- C:\Windows\System32\BZtwAIj.exe
  C:\Windows\System32\BZtwAIj.exe
  2⤵
  PID:11356
- C:\Windows\System32\WhFJpfl.exe
  C:\Windows\System32\WhFJpfl.exe
  2⤵
  PID:11440
- C:\Windows\System32\tdTlRxr.exe
  C:\Windows\System32\tdTlRxr.exe
  2⤵
  PID:11504
- C:\Windows\System32\owxerbj.exe
  C:\Windows\System32\owxerbj.exe
  2⤵
  PID:11584
- C:\Windows\System32\wtxLtaH.exe
  C:\Windows\System32\wtxLtaH.exe
  2⤵
  PID:11628
- C:\Windows\System32\OTceueO.exe
  C:\Windows\System32\OTceueO.exe
  2⤵
  PID:10780
- C:\Windows\System32\TmiSXzO.exe
  C:\Windows\System32\TmiSXzO.exe
  2⤵
  PID:11732
- C:\Windows\System32\FVeHlvO.exe
  C:\Windows\System32\FVeHlvO.exe
  2⤵
  PID:11824
- C:\Windows\System32\mlxZQns.exe
  C:\Windows\System32\mlxZQns.exe
  2⤵
  PID:11832
- C:\Windows\System32\WpmTQdf.exe
  C:\Windows\System32\WpmTQdf.exe
  2⤵
  PID:11928
- C:\Windows\System32\yWyBzto.exe
  C:\Windows\System32\yWyBzto.exe
  2⤵
  PID:12000
- C:\Windows\System32\gjLlVOy.exe
  C:\Windows\System32\gjLlVOy.exe
  2⤵
  PID:12012
- C:\Windows\System32\rzaltJd.exe
  C:\Windows\System32\rzaltJd.exe
  2⤵
  PID:12168
- C:\Windows\System32\aVUfYCT.exe
  C:\Windows\System32\aVUfYCT.exe
  2⤵
  PID:12208
- C:\Windows\System32\xmVDaky.exe
  C:\Windows\System32\xmVDaky.exe
  2⤵
  PID:11200
- C:\Windows\System32\rYFMkhp.exe
  C:\Windows\System32\rYFMkhp.exe
  2⤵
  PID:4044
- C:\Windows\System32\BPJMTvx.exe
  C:\Windows\System32\BPJMTvx.exe
  2⤵
  PID:11132
- C:\Windows\System32\gccXrsN.exe
  C:\Windows\System32\gccXrsN.exe
  2⤵
  PID:11396
- C:\Windows\System32\QUXUars.exe
  C:\Windows\System32\QUXUars.exe
  2⤵
  PID:11680
- C:\Windows\System32\AEMwXGl.exe
  C:\Windows\System32\AEMwXGl.exe
  2⤵
  PID:11700
- C:\Windows\System32\jSYwxUp.exe
  C:\Windows\System32\jSYwxUp.exe
  2⤵
  PID:12056
- C:\Windows\System32\fLsZLEu.exe
  C:\Windows\System32\fLsZLEu.exe
  2⤵
  PID:12020
- C:\Windows\System32\nmInXxv.exe
  C:\Windows\System32\nmInXxv.exe
  2⤵
  PID:12224
- C:\Windows\System32\louPEvF.exe
  C:\Windows\System32\louPEvF.exe
  2⤵
  PID:11292
- C:\Windows\System32\TghBRVq.exe
  C:\Windows\System32\TghBRVq.exe
  2⤵
  PID:11476
- C:\Windows\System32\lIsmcxl.exe
  C:\Windows\System32\lIsmcxl.exe
  2⤵
  PID:11868
- C:\Windows\System32\qmALgAu.exe
  C:\Windows\System32\qmALgAu.exe
  2⤵
  PID:3172
- C:\Windows\System32\TdurhDq.exe
  C:\Windows\System32\TdurhDq.exe
  2⤵
  PID:11556
- C:\Windows\System32\SyCIDpY.exe
  C:\Windows\System32\SyCIDpY.exe
  2⤵
  PID:11684
- C:\Windows\System32\wuVofUV.exe
  C:\Windows\System32\wuVofUV.exe
  2⤵
  PID:10360
- C:\Windows\System32\KhXqSLj.exe
  C:\Windows\System32\KhXqSLj.exe
  2⤵
  PID:12312
- C:\Windows\System32\eaQRWXY.exe
  C:\Windows\System32\eaQRWXY.exe
  2⤵
  PID:12340
- C:\Windows\System32\eJkaovw.exe
  C:\Windows\System32\eJkaovw.exe
  2⤵
  PID:12364
- C:\Windows\System32\dVdovRA.exe
  C:\Windows\System32\dVdovRA.exe
  2⤵
  PID:12384
- C:\Windows\System32\HOKSuOt.exe
  C:\Windows\System32\HOKSuOt.exe
  2⤵
  PID:12408
- C:\Windows\System32\hHwJgNv.exe
  C:\Windows\System32\hHwJgNv.exe
  2⤵
  PID:12432
- C:\Windows\System32\jnGepAE.exe
  C:\Windows\System32\jnGepAE.exe
  2⤵
  PID:12452
- C:\Windows\System32\rEdTATp.exe
  C:\Windows\System32\rEdTATp.exe
  2⤵
  PID:12484
- C:\Windows\System32\VKpCCoh.exe
  C:\Windows\System32\VKpCCoh.exe
  2⤵
  PID:12512
- C:\Windows\System32\NdfvXbm.exe
  C:\Windows\System32\NdfvXbm.exe
  2⤵
  PID:12544
- C:\Windows\System32\azrZLnA.exe
  C:\Windows\System32\azrZLnA.exe
  2⤵
  PID:12592
- C:\Windows\System32\qmfJqQT.exe
  C:\Windows\System32\qmfJqQT.exe
  2⤵
  PID:12620
- C:\Windows\System32\YoOpmYs.exe
  C:\Windows\System32\YoOpmYs.exe
  2⤵
  PID:12636
- C:\Windows\System32\cwScYli.exe
  C:\Windows\System32\cwScYli.exe
  2⤵
  PID:12652
- C:\Windows\System32\jDbDbpA.exe
  C:\Windows\System32\jDbDbpA.exe
  2⤵
  PID:12672
- C:\Windows\System32\VlhDtQb.exe
  C:\Windows\System32\VlhDtQb.exe
  2⤵
  PID:12688
- C:\Windows\System32\JHOGqkv.exe
  C:\Windows\System32\JHOGqkv.exe
  2⤵
  PID:12732
- C:\Windows\System32\tERNMnB.exe
  C:\Windows\System32\tERNMnB.exe
  2⤵
  PID:12784
- C:\Windows\System32\fpeFOCB.exe
  C:\Windows\System32\fpeFOCB.exe
  2⤵
  PID:12804
- C:\Windows\System32\MeRwxXU.exe
  C:\Windows\System32\MeRwxXU.exe
  2⤵
  PID:12824
- C:\Windows\System32\nZUTght.exe
  C:\Windows\System32\nZUTght.exe
  2⤵
  PID:12860
- C:\Windows\System32\wFkLBYj.exe
  C:\Windows\System32\wFkLBYj.exe
  2⤵
  PID:12876
- C:\Windows\System32\XNHpXsI.exe
  C:\Windows\System32\XNHpXsI.exe
  2⤵
  PID:12892
- C:\Windows\System32\IjeIgnC.exe
  C:\Windows\System32\IjeIgnC.exe
  2⤵
  PID:12920
- C:\Windows\System32\fUjNumm.exe
  C:\Windows\System32\fUjNumm.exe
  2⤵
  PID:12940
- C:\Windows\System32\AEqyLtB.exe
  C:\Windows\System32\AEqyLtB.exe
  2⤵
  PID:12956
- C:\Windows\System32\DaMpYys.exe
  C:\Windows\System32\DaMpYys.exe
  2⤵
  PID:12980
- C:\Windows\System32\kbvuzvr.exe
  C:\Windows\System32\kbvuzvr.exe
  2⤵
  PID:13004
- C:\Windows\System32\cLHdtDG.exe
  C:\Windows\System32\cLHdtDG.exe
  2⤵
  PID:13032
- C:\Windows\System32\ZMvENBV.exe
  C:\Windows\System32\ZMvENBV.exe
  2⤵
  PID:13100
- C:\Windows\System32\XNSrUeS.exe
  C:\Windows\System32\XNSrUeS.exe
  2⤵
  PID:13140
- C:\Windows\System32\DuyXSEa.exe
  C:\Windows\System32\DuyXSEa.exe
  2⤵
  PID:13160
- C:\Windows\System32\suwFeQR.exe
  C:\Windows\System32\suwFeQR.exe
  2⤵
  PID:13184
- C:\Windows\System32\pwNduqC.exe
  C:\Windows\System32\pwNduqC.exe
  2⤵
  PID:13224
- C:\Windows\System32\dTtryzw.exe
  C:\Windows\System32\dTtryzw.exe
  2⤵
  PID:13264
- C:\Windows\System32\GNMTnzj.exe
  C:\Windows\System32\GNMTnzj.exe
  2⤵
  PID:13288
- C:\Windows\System32\iZhNagD.exe
  C:\Windows\System32\iZhNagD.exe
  2⤵
  PID:12276
- C:\Windows\System32\xlDhFlT.exe
  C:\Windows\System32\xlDhFlT.exe
  2⤵
  PID:12336
- C:\Windows\System32\KsEPLoK.exe
  C:\Windows\System32\KsEPLoK.exe
  2⤵
  PID:12376
- C:\Windows\System32\MnXfuSo.exe
  C:\Windows\System32\MnXfuSo.exe
  2⤵
  PID:12428

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\CjQLoaU.exe

Filesize
1.2MB

MD5
f8a95d9e7284772f785f6ecb9cdda0da

SHA1
cabe24c1ca86b93e4171ff0ae82bb24e01c5c790

SHA256
51345c62240c4600f385437ae2ca82b275f91ab5be854760c1032343598f38a3

SHA512
4cf67cdbb588c61a9548b128e3a863f63da3363de65ee012c6d56a290f37a33978f9ff776920249722ceffa4c2a50b5dabf9e097d429e51dd0f01e204d572469

Download Submit
C:\Windows\System32\DBGmVZT.exe

Filesize
1.2MB

MD5
2b69675ab109e6efe0bdab28172e81ba

SHA1
ffd027f5ceeeb552105ff637e148c24296f9043f

SHA256
c115b5efa4a7cd44b9bbb85d11f95620bc0a043d21d94f00def868d728af67f0

SHA512
76035425fde21e2e99a020c4bfc7c841bc343c9062fffd00be33b60cd7f6df5aaaf590cff2c004ae1ece7a2804a22c72d731b0df7a22554a9b3c6f00dd30ad11

Download Submit
C:\Windows\System32\EOkPXwH.exe

Filesize
1.2MB

MD5
a7a0a5b3e2d201aa4d494609de9d37f5

SHA1
38a2cf12d28f548b1a4c46993c10b8ef9e3d0e3b

SHA256
d3c2b3233a159a49c9f746b03d734279bfaa6a438c0b0552cd700371529071c9

SHA512
d08c490b902cc5786ec689fec7442f8649e7579cb77c0775d61925905cd51e6b74c38ad3e88402b34684b7db97cc7e8b633696f31d66acf6ded26a2c960f34e9

Download Submit
C:\Windows\System32\GPNuDnW.exe

Filesize
1.2MB

MD5
d63fd16f3a6cb72c5e21f3f3a5c22160

SHA1
96afa2e19cd4fcf87f995b69239511758201570c

SHA256
b39f494b213b44441c93be961535c08d78b5a45258a83e6a7b0d3af2e5bdd2e1

SHA512
6ebb29f5e5cd92d3cf35c975b99d16b4f655bc4326c502cb328bc51e318b3e7ac82d2c580e4600fe2e06c2dbf2873b694fb73cc298af1e285def89f75cfd8c54

Download Submit
C:\Windows\System32\HIIjISM.exe

Filesize
1.2MB

MD5
2791fc1e9e7eb2ab28da2436d2b2b565

SHA1
6c7a3f9038ed32a7cfdd130aed7d210fcf9f48e0

SHA256
755d68537e383b17c30856b68a87301e4b6f0672a2b74ec8047edb6a24894163

SHA512
732fd9d720c0538d0c1bca7e6a093d78fc176dba1084ccb4ba49af12e3d6f28c53d85ec4f5cbda2e844b66bced0172f7830d9bbbb6c9850f79e860c6a6504bd5

Download Submit
C:\Windows\System32\LHYkjKm.exe

Filesize
1.2MB

MD5
97a182f54b2d341d1a9a83581bfab070

SHA1
1bd8f41432ca1316c80fb843e437206b6f835dfd

SHA256
2da17dc13f258a5650d6989b5883dfcf002251b527932a8719e83f30b02fb69b

SHA512
70ff02895ed3a0d2e4e0e95005a993e4ad10b2487de168283ddfff392be194b2393f9bfec2e59c3c42eda65e338fe9d3700c67e0b7e7ec6bd021a809893dccf9

Download Submit
C:\Windows\System32\LTgUUEq.exe

Filesize
1.2MB

MD5
c445df793de8eeb645bff326137c1d6c

SHA1
22fd66faef96d4bfe5a166699e768b032b2e08e2

SHA256
a9c42689d658a708e72f296435958710e4ba9e10a685785afcf954ef872ad02b

SHA512
34dcf04e979e402e4e1aafe12b4a666da8aa9f642b5fa045ebb71ec9eb13b94bcc20d896874c03616db9f63fc7484cc4e26f6c7c178495f7b9dd1fb0d29b96a7

Download Submit
C:\Windows\System32\MYNSRMp.exe

Filesize
1.2MB

MD5
6d209cf6b2cd3406f92766585f56c083

SHA1
a12866bdcd902ca25f13826179ad46bc32893db9

SHA256
b1b3eec5dce2bb16019fa9fffc14411e992b18f5e756e11412bbf87f8ded548b

SHA512
409a9233bfb4514a1013c7b1a42af9124e52a004b02c43f18647526a5b28f45a3c79949116b49800c4e1f25bf654628a23ecd6502bc59b6222b82bc26274d665

Download Submit
C:\Windows\System32\MZBMqJe.exe

Filesize
1.2MB

MD5
2ed8e3e6d40511cfa87150e28c2b01bf

SHA1
1acc4d2ef1582887a56a55ccef8366f194a932f6

SHA256
727a8d9a3fb03ad6bcd5b6596a0e54e2d76ec6985ca4393e336fdeb63ea8f181

SHA512
f869f9b3c7d116eebdebb11af068411cab2f9f4b28dbbebaccfe2e3df394d823939876ff7bb3af3edd767514b7a74af13b5098e1a7bf56dcbf59b06e915788a1

Download Submit
C:\Windows\System32\NTOYniJ.exe

Filesize
1.2MB

MD5
0499d24b2f9d5838a9f7810c793cc7f7

SHA1
c55f946f067b097e0efd1bf0c6326a113ad81fc7

SHA256
4b22bcc49ee6841aa9b58ab078c2314b071053237e2d1fe546b7445e0366725d

SHA512
0588e7315dbc3fec71d98618e77ce91058524dff55a0060e160f85d70f15b8aae46b9dc45db5000fd848e6d4879b57e591e8ac16c93e836483c3926149607608

Download Submit
C:\Windows\System32\NtYkoSK.exe

Filesize
1.2MB

MD5
7a16b57282379ce8383a16f9a2cd9278

SHA1
f4946abd640c6be561d9b48c43dbd897ff46cf23

SHA256
aebe561f599907126f6c9c3abeaa9a66a1a7dd55eac6468a5db23843e9fa8da9

SHA512
bbe247321cfddbd2c7f94293359e0eb57747bf0ff39d178ab6177490f3c2c051f85cb1841dd7217e68e9d4fbf85d7a72c74d2c47581352173489d52d6512bd28

Download Submit
C:\Windows\System32\OVgmBZU.exe

Filesize
1.2MB

MD5
ed629c648a6e7ee535cf916616878f75

SHA1
9c71edb2ad5bc4d90a554452612b10f6933d7e00

SHA256
58282f36697f2c10f404bb4a811505a0332a965739f2e90f0e962c7708a1baf6

SHA512
17fb72ae8a959f2f1829ac00c96f3a64c3df6f534a3318a290b8c26f2b282283c48f976316052f38cba14a558dd347ddf87e92a589fb712fc1317f2376958b2e

Download Submit
C:\Windows\System32\OrNOfvW.exe

Filesize
1.2MB

MD5
ea443661f2f01ab5721e22acfb1d4678

SHA1
19a2a494920885e08beff84c2400dea4f9315477

SHA256
d08e540eaacb7433d855d072a860e1216ead5b74021d2d2e872c702394c1b149

SHA512
6ca810abc688aa7a023311ff794c297907742f0a2209ea190c26b49aceec0d46d388ee0c0b8502ceea06e9d27a546e497071379550f3980ddc6e197061ca6434

Download Submit
C:\Windows\System32\PTvCnGU.exe

Filesize
1.2MB

MD5
7d8dcfa9548c0c60a7a4ed74a7373c64

SHA1
3f903aacf084f5d064c12574ae858453dd1fb9b2

SHA256
d240b57e319799d0e2f505179e4191fa1789bbd12d0c27914c2e46c26ccfb38e

SHA512
e8eda82c621891e84306389672e0a6d07081e1623af1a4926f91ef56ffdfbb1686a116f2ab704fc4725ebb9997a3687e9ab578a190e059afaa43c29a526bf513

Download Submit
C:\Windows\System32\ShRCfwg.exe

Filesize
1.2MB

MD5
5a125d3a2697f0f95890a15fd12a7cb8

SHA1
e9f62e37fe8deab7471c52b8ca7411778458bbe1

SHA256
e3eda7c3e0e1c2a1d07dcb5860380079761dc3b08043e9a228d0c6b3aae99579

SHA512
b00483a0e4dea920b1cafc3b13f7a06413c8fd32e3d4022aaa70084b6cc784cc4d84edf443b8fc21f91ec04c7296150aa1b1c93aaebf2af4cb11d1ee35c29943

Download Submit
C:\Windows\System32\ZYgVmVF.exe

Filesize
1.2MB

MD5
977172934e86b605fda01167afa3ceea

SHA1
0e77e52d05f5bd1bba1560737f3e3052b355f33d

SHA256
e7b2c36557b1365688d79a5a10c2a8b1bc8eb565f7df0abcc9fa3d0fb88490ac

SHA512
46ffeec50fd97ceecbcaedf6bf843491d861131100d79db716e02823c1ec030192e844ce01265329fd7f92267999edf2879a89e00d99604306e98f9e8fbe51c7

Download Submit
C:\Windows\System32\bVGlRgY.exe

Filesize
1.2MB

MD5
078aba9948d29ff6fdaa5254ad52a7cc

SHA1
c75d728d339084ca825ff87f608c0c81d641032d

SHA256
ec83e60a3e08898b9da6b2920a562997410abae91f0f434426ffce2ec2ba68be

SHA512
ebb4ef0490f0c5cc3d5839a82103a939119817115db3553c65264b9c079420e1640d6efd5eabc633fc2fcecf0c617d6eda6dca1582824552c2cd5a3a4d417b51

Download Submit
C:\Windows\System32\blpdrTA.exe

Filesize
1.2MB

MD5
6c42d93b1d2041eb26bdcaae851ea030

SHA1
cdc847fb73d44c2d0ed2bd79babe794f978fc0f0

SHA256
1efdc697b01a721376b9d5f15f0009733817ff0e8dbf08cb4b99ea2adacff629

SHA512
d2ec8e6724cb66987df9cf5a81c93eac838ca9923d2b3f9f27b83477bd2ed21870cb6cc41f72e5422ba32eea2aa1551136427b1ae0f2984ec8a7f59886e3a716

Download Submit
C:\Windows\System32\dKMphFc.exe

Filesize
1.2MB

MD5
39da27bc6e744ff699422df74b21b893

SHA1
c32cd202789f976f42e47f0e4c0160df2b2ef830

SHA256
2c5eb3e03cdbbf94fc339386d1dd565e7ded2ccd2e00b05412b749c274c9a3c9

SHA512
c8846a654e324e82e9c7144f48382b913aabe4fe10d109f5f46f283f68610f9c2f7a9c92abbf398594ee91c7795bf06a7691957807e87ca2fd1a9f96534db640

Download Submit
C:\Windows\System32\ePOffOp.exe

Filesize
1.2MB

MD5
fbac0ebd7f6b2c03647324661f0fcd7e

SHA1
262ca3bbd6edd9f3571b2399e02958610a882070

SHA256
ce89f94d95576cb20b540a249de17f9d4bdbce19dd9963b4ae91959507180270

SHA512
e0e2c4927bfec54914e748f0f7484699c1b2a5af3f6eca11742ae08d6d4fa43d0c69b409e15067c562e25c007402ec6e7f0949637fb73db36eadfba49f65e54c

Download Submit
C:\Windows\System32\hbsEoxo.exe

Filesize
1.2MB

MD5
c5afef55d433f4a75358b707cf4c2d6d

SHA1
0fd721922c27f9553a239e22597d7d60ffe45762

SHA256
88fd55eede27c01216d0385ae0706ca19c8fc233a26a9df7b25b3e456b9d3882

SHA512
abf88049979e2e34949a1264cd0c05b10c53cd7ee36adffe5a820519720b4bd925c72e50359be4b17f9db4ff6d86b5d90303d904f7bf5da8419fca1592feb0b4

Download Submit
C:\Windows\System32\iUoeKod.exe

Filesize
1.2MB

MD5
395ae22ff3eef28a9aea16918300053e

SHA1
a72ca7a0f3dd076972db742b6987c0c2d2b5afbb

SHA256
080d3d64184cefbde1246d42a008dd19266cabe4d5a1f236a7030acc1057ab14

SHA512
ebc45309102b943b4c23f66f9321df215a81acb443da721a5cdd73f259ac07066728ce14acc68f9565723aa723c616625967a73744ae51afb702f0a728f0203b

Download Submit
C:\Windows\System32\jETFyva.exe

Filesize
1.2MB

MD5
75a52918d265d079966d3f7f8b434d3d

SHA1
302530be52af4516ffb26525b083c499d209216d

SHA256
974fa14e270d487e9f64b22cf4102f9fcd1d237d4ade3a2d8ce4662da65945f5

SHA512
e6af2a58311f7db2395e46d0d97a92c314167ff963804c72a686829d7b180001b9ecdef0f4b0cfb0ca4b9530ab109d0b0970e6a9ad6df985fa124a92fca8d018

Download Submit
C:\Windows\System32\meFPuZO.exe

Filesize
1.2MB

MD5
ef144ffda7ab74666ccd69d0ab0aa77f

SHA1
45ccc80b7a902358c05bc94de0f8087de692d7d0

SHA256
4f8af5191bf5e2e5acf32cc18a2f5aa6b17b0ae33dcb3ce90c6c1d45ed413263

SHA512
171637fb472aab1ba1cd078fde5fe65bc24362066aee8731251b80f517b55c8049f11c0b6d8555736a5d849574b65f45c8b1588ce407b93340335803ec73581b

Download Submit
C:\Windows\System32\mkskgxW.exe

Filesize
1.2MB

MD5
7d4be607158f983b36a059ef688ec97b

SHA1
41cf6b7e0e674fe69824b79fb88a5068756bbeff

SHA256
db8fb26d26f8f50db3caf063f61c32cc5e06494d7d794f3b7f9d5e00f2ec866f

SHA512
fee0e8e5b40a83a0e44970d04a738147efed5bd407e30d636a58ff6bd12fc22489c9155b56645129841d14b281b0a10bafdfec4be51824f41eb8b1528285667b

Download Submit
C:\Windows\System32\qVIsyeJ.exe

Filesize
1.2MB

MD5
99bea15fb5086dd3ea81e24ff9e0ad25

SHA1
8f7dd186143c05d3aac3da3c210b95172c6d31b1

SHA256
8ab7cb3aa88b83a54d68d3c5dfe71e9e95b95913d558f7c1a8543f91aed38891

SHA512
d7059ac69222d14485f9b76d0b583ef1a43ca06472e110cb8cb45b0b7131511abb6e89b0cf10e7a04039daa5f8a0d80845a763bf4824253c6b9368e62e3bf2fe

Download Submit
C:\Windows\System32\rbeSgxZ.exe

Filesize
1.2MB

MD5
90b28565693720c0a1576f4579ff51a5

SHA1
78b111d2a841acc531227d601374ac4bfb8a43f2

SHA256
13be5401c65247a47884469af526c39c3e059753a12ca191c3f078f8ea7a0069

SHA512
220bb796d202616513e1e49ff9bc813e7282fd01d52a21d5bcc74202eeb71cf5cf1c09c9966f7a8844f879de1afaff284bf392210fcb1a1fe6720d1e7f52f467

Download Submit
C:\Windows\System32\tkzcGIA.exe

Filesize
1.2MB

MD5
4f4a1364ca0e359c8ce2c00596c50e22

SHA1
2b8d9aab2ac65f925dfdf19191418a4b3611df38

SHA256
7179b94cc8898175d9a4d0f2e5bd7eaa49e061c5399d5cb649e347b6cf5b1a9e

SHA512
cdb5f0a79b43501a5a486fd373f528380cf77080eb78b59e748375c2f3417db0c5ffff19ce020a034787671dc7014dd10c3a3d3513f808a529c1bf9e58a278f7

Download Submit
C:\Windows\System32\tsFpcHz.exe

Filesize
1.2MB

MD5
08e343360573bd530eff97e0c43a20f9

SHA1
b34b6528d02770b34130f95dac7a7730699c9b31

SHA256
a6c3f5d024751eef3e2655c52670689e3a501b5e2d33fb4c8004a26154100b69

SHA512
347b4eceb52eaf46b6871324928f3e0cf034f731f8e77c8158aac2de28d7f97cd068d505c6b3c46e16cc6bbd6ffa22fdf8d4c4a33895afad9f7dd8c16d2b0012

Download Submit
C:\Windows\System32\wyXeoNI.exe

Filesize
1.2MB

MD5
e2e2e2e374c1ed004445c6c89ffe2d6f

SHA1
33a8f68dc1b1ad43f7578251ac46764c9a4318a5

SHA256
8b8bcaad7c2a8a4deb6ae35110f6cc7c9ac0641bb15e57ed67ab09305aeb6b58

SHA512
e2d6de27fa24414b717b51b5933f57cc99dd2d0dde1c7a527002ad5b65bca5035206b6cfcfb8226c6fd3b2c42fa6373adfc2099ae0ae69f929f22e4be7c40b9e

Download Submit
C:\Windows\System32\yVlwNko.exe

Filesize
1.2MB

MD5
8af801c0ba9be19264c0dc66c7c1b4d1

SHA1
328021e3111917156c685f24560a5ee92e2618ac

SHA256
d8c0124ea2cf4bd5ecd1987631ad38460a5d50cc694339ad02e54a4d4331af81

SHA512
32878b8c15d13ebc950b293deeb8470a9cb8d095f4e6b214fd8c875b809c483347ce9c28742f0e255de3e6c26cfbfc269e6a0c268eaf4956b7af1ebaa00f6b73

Download Submit
C:\Windows\System32\zslAQPx.exe

Filesize
1.2MB

MD5
16c3f1c620c6dd411cfb3ca98d158f9d

SHA1
2eef082ab15bc3dc0d0e89896844da40ffb24190

SHA256
16936c35c4b2ec14b9da24455d8da885988f919e06c834117e8546aed0c7ec40

SHA512
33085b4cea52ef14ed1fc84ea5eadd23fcf0597ba20c814ea35202205b51e846882b0e7643938f2b4e8f21afb5d5c00675fea052f6c4068c3f9aea40ac365b77

Download Submit
memory/868-2041-0x00007FF7011D0000-0x00007FF7015C1000-memory.dmp

Filesize
3.9MB

Download
memory/868-381-0x00007FF7011D0000-0x00007FF7015C1000-memory.dmp

Filesize
3.9MB

Download
memory/888-2066-0x00007FF7AE0D0000-0x00007FF7AE4C1000-memory.dmp

Filesize
3.9MB

Download
memory/888-393-0x00007FF7AE0D0000-0x00007FF7AE4C1000-memory.dmp

Filesize
3.9MB

Download
memory/1200-43-0x00007FF6DA030000-0x00007FF6DA421000-memory.dmp

Filesize
3.9MB

Download
memory/1200-2029-0x00007FF6DA030000-0x00007FF6DA421000-memory.dmp

Filesize
3.9MB

Download
memory/1200-1977-0x00007FF6DA030000-0x00007FF6DA421000-memory.dmp

Filesize
3.9MB

Download
memory/1404-2035-0x00007FF7BA160000-0x00007FF7BA551000-memory.dmp

Filesize
3.9MB

Download
memory/1404-69-0x00007FF7BA160000-0x00007FF7BA551000-memory.dmp

Filesize
3.9MB

Download
memory/1552-2059-0x00007FF7DA4A0000-0x00007FF7DA891000-memory.dmp

Filesize
3.9MB

Download
memory/1552-413-0x00007FF7DA4A0000-0x00007FF7DA891000-memory.dmp

Filesize
3.9MB

Download
memory/1584-2043-0x00007FF6E1F40000-0x00007FF6E2331000-memory.dmp

Filesize
3.9MB

Download
memory/1584-369-0x00007FF6E1F40000-0x00007FF6E2331000-memory.dmp

Filesize
3.9MB

Download
memory/1584-2016-0x00007FF6E1F40000-0x00007FF6E2331000-memory.dmp

Filesize
3.9MB

Download
memory/1668-2051-0x00007FF7DD860000-0x00007FF7DDC51000-memory.dmp

Filesize
3.9MB

Download
memory/1668-1980-0x00007FF7DD860000-0x00007FF7DDC51000-memory.dmp

Filesize
3.9MB

Download
memory/1668-75-0x00007FF7DD860000-0x00007FF7DDC51000-memory.dmp

Filesize
3.9MB

Download
memory/1844-2063-0x00007FF65BFD0000-0x00007FF65C3C1000-memory.dmp

Filesize
3.9MB

Download
memory/1844-395-0x00007FF65BFD0000-0x00007FF65C3C1000-memory.dmp

Filesize
3.9MB

Download
memory/1964-2025-0x00007FF7FBE50000-0x00007FF7FC241000-memory.dmp

Filesize
3.9MB

Download
memory/1964-9-0x00007FF7FBE50000-0x00007FF7FC241000-memory.dmp

Filesize
3.9MB

Download
memory/2156-401-0x00007FF7946C0000-0x00007FF794AB1000-memory.dmp

Filesize
3.9MB

Download
memory/2156-2073-0x00007FF7946C0000-0x00007FF794AB1000-memory.dmp

Filesize
3.9MB

Download
memory/2176-86-0x00007FF7E69A0000-0x00007FF7E6D91000-memory.dmp

Filesize
3.9MB

Download
memory/2176-2061-0x00007FF7E69A0000-0x00007FF7E6D91000-memory.dmp

Filesize
3.9MB

Download
memory/2176-2015-0x00007FF7E69A0000-0x00007FF7E6D91000-memory.dmp

Filesize
3.9MB

Download
memory/2256-2071-0x00007FF7FE530000-0x00007FF7FE921000-memory.dmp

Filesize
3.9MB

Download
memory/2256-411-0x00007FF7FE530000-0x00007FF7FE921000-memory.dmp

Filesize
3.9MB

Download
memory/2328-89-0x00007FF78B830000-0x00007FF78BC21000-memory.dmp

Filesize
3.9MB

Download
memory/2328-2037-0x00007FF78B830000-0x00007FF78BC21000-memory.dmp

Filesize
3.9MB

Download
memory/2336-1975-0x00007FF6DBFF0000-0x00007FF6DC3E1000-memory.dmp

Filesize
3.9MB

Download
memory/2336-1-0x0000023AC5C80000-0x0000023AC5C90000-memory.dmp

Filesize
64KB

Download
memory/2336-0-0x00007FF6DBFF0000-0x00007FF6DC3E1000-memory.dmp

Filesize
3.9MB

Download
memory/2396-2069-0x00007FF7AA8E0000-0x00007FF7AACD1000-memory.dmp

Filesize
3.9MB

Download
memory/2396-416-0x00007FF7AA8E0000-0x00007FF7AACD1000-memory.dmp

Filesize
3.9MB

Download
memory/2856-2055-0x00007FF6BF990000-0x00007FF6BFD81000-memory.dmp

Filesize
3.9MB

Download
memory/2856-386-0x00007FF6BF990000-0x00007FF6BFD81000-memory.dmp

Filesize
3.9MB

Download
memory/3396-2014-0x00007FF63F490000-0x00007FF63F881000-memory.dmp

Filesize
3.9MB

Download
memory/3396-2039-0x00007FF63F490000-0x00007FF63F881000-memory.dmp

Filesize
3.9MB

Download
memory/3396-70-0x00007FF63F490000-0x00007FF63F881000-memory.dmp

Filesize
3.9MB

Download
memory/3656-90-0x00007FF7E70B0000-0x00007FF7E74A1000-memory.dmp

Filesize
3.9MB

Download
memory/3656-2045-0x00007FF7E70B0000-0x00007FF7E74A1000-memory.dmp

Filesize
3.9MB

Download
memory/4032-2033-0x00007FF62DAD0000-0x00007FF62DEC1000-memory.dmp

Filesize
3.9MB

Download
memory/4032-58-0x00007FF62DAD0000-0x00007FF62DEC1000-memory.dmp

Filesize
3.9MB

Download
memory/4032-1978-0x00007FF62DAD0000-0x00007FF62DEC1000-memory.dmp

Filesize
3.9MB

Download
memory/4276-74-0x00007FF7EB890000-0x00007FF7EBC81000-memory.dmp

Filesize
3.9MB

Download
memory/4276-2053-0x00007FF7EB890000-0x00007FF7EBC81000-memory.dmp

Filesize
3.9MB

Download
memory/4276-1979-0x00007FF7EB890000-0x00007FF7EBC81000-memory.dmp

Filesize
3.9MB

Download
memory/4348-14-0x00007FF6DDE10000-0x00007FF6DE201000-memory.dmp

Filesize
3.9MB

Download
memory/4348-1976-0x00007FF6DDE10000-0x00007FF6DE201000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2027-0x00007FF6DDE10000-0x00007FF6DE201000-memory.dmp

Filesize
3.9MB

Download
memory/4768-2047-0x00007FF783DC0000-0x00007FF7841B1000-memory.dmp

Filesize
3.9MB

Download
memory/4768-84-0x00007FF783DC0000-0x00007FF7841B1000-memory.dmp

Filesize
3.9MB

Download
memory/4888-28-0x00007FF656D90000-0x00007FF657181000-memory.dmp

Filesize
3.9MB

Download
memory/4888-2013-0x00007FF656D90000-0x00007FF657181000-memory.dmp

Filesize
3.9MB

Download
memory/4888-2031-0x00007FF656D90000-0x00007FF657181000-memory.dmp

Filesize
3.9MB

Download
memory/5064-2049-0x00007FF659410000-0x00007FF659801000-memory.dmp

Filesize
3.9MB

Download
memory/5064-379-0x00007FF659410000-0x00007FF659801000-memory.dmp

Filesize
3.9MB

Download
memory/5116-396-0x00007FF7445C0000-0x00007FF7449B1000-memory.dmp

Filesize
3.9MB

Download
memory/5116-2057-0x00007FF7445C0000-0x00007FF7449B1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads