xmrig | 5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
Size

3.1MB
MD5

30016c779168b9dbce55e5dbc4a117c0
SHA1

1933aa7b456ef27ae111576e9f0c1f72646c64af
SHA256

5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5
SHA512

29ab1a40a5e552f42697b1a7c5da5362ec4f1ac894848e834e5019ee333f3967758b71a6bd9d1bca2cc8f7009304d47ab33751ae8c80842aeb4a55b88c080c3a
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc4P:wFWPClFf

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1852-0-0x00007FF637110000-0x00007FF637505000-memory.dmp	xmrig
behavioral2/files/0x0008000000023474-4.dat	xmrig
behavioral2/memory/2836-11-0x00007FF7850C0000-0x00007FF7854B5000-memory.dmp	xmrig
behavioral2/files/0x0007000000023478-12.dat	xmrig
behavioral2/files/0x0007000000023479-17.dat	xmrig
behavioral2/files/0x000700000002347b-27.dat	xmrig
behavioral2/files/0x000700000002347a-29.dat	xmrig
behavioral2/files/0x000700000002347c-34.dat	xmrig
behavioral2/files/0x000700000002347d-39.dat	xmrig
behavioral2/files/0x000700000002347f-47.dat	xmrig
behavioral2/files/0x0007000000023480-54.dat	xmrig
behavioral2/files/0x0007000000023482-62.dat	xmrig
behavioral2/files/0x0007000000023483-69.dat	xmrig
behavioral2/files/0x0007000000023485-79.dat	xmrig
behavioral2/files/0x0007000000023487-89.dat	xmrig
behavioral2/files/0x000700000002348f-129.dat	xmrig
behavioral2/files/0x0007000000023492-144.dat	xmrig
behavioral2/files/0x0007000000023496-164.dat	xmrig
behavioral2/files/0x0007000000023495-159.dat	xmrig
behavioral2/files/0x0007000000023494-154.dat	xmrig
behavioral2/files/0x0007000000023493-149.dat	xmrig
behavioral2/files/0x0007000000023491-139.dat	xmrig
behavioral2/files/0x0007000000023490-134.dat	xmrig
behavioral2/files/0x000700000002348e-124.dat	xmrig
behavioral2/files/0x000700000002348d-119.dat	xmrig
behavioral2/files/0x000700000002348c-114.dat	xmrig
behavioral2/files/0x000700000002348b-109.dat	xmrig
behavioral2/files/0x000700000002348a-104.dat	xmrig
behavioral2/files/0x0007000000023489-99.dat	xmrig
behavioral2/files/0x0007000000023488-94.dat	xmrig
behavioral2/files/0x0007000000023486-84.dat	xmrig
behavioral2/files/0x0007000000023484-74.dat	xmrig
behavioral2/files/0x0007000000023481-59.dat	xmrig
behavioral2/files/0x000700000002347e-44.dat	xmrig
behavioral2/memory/512-22-0x00007FF742A50000-0x00007FF742E45000-memory.dmp	xmrig
behavioral2/memory/3212-19-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp	xmrig
behavioral2/memory/424-931-0x00007FF733040000-0x00007FF733435000-memory.dmp	xmrig
behavioral2/memory/3220-940-0x00007FF696F70000-0x00007FF697365000-memory.dmp	xmrig
behavioral2/memory/4844-943-0x00007FF69BED0000-0x00007FF69C2C5000-memory.dmp	xmrig
behavioral2/memory/5020-937-0x00007FF62F5F0000-0x00007FF62F9E5000-memory.dmp	xmrig
behavioral2/memory/2776-934-0x00007FF7B1140000-0x00007FF7B1535000-memory.dmp	xmrig
behavioral2/memory/3268-949-0x00007FF674BA0000-0x00007FF674F95000-memory.dmp	xmrig
behavioral2/memory/1372-954-0x00007FF7945C0000-0x00007FF7949B5000-memory.dmp	xmrig
behavioral2/memory/4428-965-0x00007FF6849E0000-0x00007FF684DD5000-memory.dmp	xmrig
behavioral2/memory/2380-967-0x00007FF607CD0000-0x00007FF6080C5000-memory.dmp	xmrig
behavioral2/memory/3820-969-0x00007FF7BB0D0000-0x00007FF7BB4C5000-memory.dmp	xmrig
behavioral2/memory/2908-973-0x00007FF777BE0000-0x00007FF777FD5000-memory.dmp	xmrig
behavioral2/memory/1876-958-0x00007FF7558B0000-0x00007FF755CA5000-memory.dmp	xmrig
behavioral2/memory/4388-975-0x00007FF7B6040000-0x00007FF7B6435000-memory.dmp	xmrig
behavioral2/memory/3748-977-0x00007FF6A71D0000-0x00007FF6A75C5000-memory.dmp	xmrig
behavioral2/memory/1836-993-0x00007FF631BB0000-0x00007FF631FA5000-memory.dmp	xmrig
behavioral2/memory/4944-991-0x00007FF635C10000-0x00007FF636005000-memory.dmp	xmrig
behavioral2/memory/2596-990-0x00007FF734360000-0x00007FF734755000-memory.dmp	xmrig
behavioral2/memory/4500-987-0x00007FF6DB170000-0x00007FF6DB565000-memory.dmp	xmrig
behavioral2/memory/3676-986-0x00007FF61AE20000-0x00007FF61B215000-memory.dmp	xmrig
behavioral2/memory/3092-983-0x00007FF648C90000-0x00007FF649085000-memory.dmp	xmrig
behavioral2/memory/4344-980-0x00007FF735610000-0x00007FF735A05000-memory.dmp	xmrig
behavioral2/memory/1852-1904-0x00007FF637110000-0x00007FF637505000-memory.dmp	xmrig
behavioral2/memory/3212-1905-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp	xmrig
behavioral2/memory/2836-1906-0x00007FF7850C0000-0x00007FF7854B5000-memory.dmp	xmrig
behavioral2/memory/3212-1907-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp	xmrig
behavioral2/memory/512-1908-0x00007FF742A50000-0x00007FF742E45000-memory.dmp	xmrig
behavioral2/memory/4844-1910-0x00007FF69BED0000-0x00007FF69C2C5000-memory.dmp	xmrig
behavioral2/memory/5020-1913-0x00007FF62F5F0000-0x00007FF62F9E5000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2836	OTDUsGB.exe
3212	LYJuZwf.exe
512	HQIcWMl.exe
424	DAXvcvM.exe
2776	HNOIXgy.exe
5020	zOpbqQM.exe
3220	AQZFHMT.exe
4844	kInddUh.exe
3268	tnSviUX.exe
1372	PrSujSm.exe
1876	iJoKGFB.exe
4428	wSdsmtT.exe
2380	UMpOEKj.exe
3820	SkrZmDp.exe
2908	zaQBqes.exe
4388	gSTkHwK.exe
3748	QwHveOQ.exe
4344	HcXXUYG.exe
3092	dVMfovU.exe
3676	sGPeXIO.exe
4500	sjutShF.exe
2596	SCBRdpH.exe
4944	oGoXOVz.exe
1836	dyVivdm.exe
1236	EifYzTa.exe
3616	dagBeHb.exe
1660	DwanaaR.exe
5088	XPVGMoc.exe
3064	GpKmgme.exe
4520	xgjBAiD.exe
1952	lgDNCQw.exe
2764	danTnzY.exe
3960	tUYrksG.exe
2904	xbLeYek.exe
2592	xnzbzLN.exe
4532	jOjowzr.exe
4528	hiONxxb.exe
3744	dwuWCsA.exe
4456	YYegdiB.exe
4376	kxSKqte.exe
4684	KwAVWdq.exe
1692	tZNgwrj.exe
2280	GdoMHQJ.exe
1376	zXPzsxs.exe
3592	IpQNurd.exe
4348	MosVolZ.exe
4380	LTFRPgK.exe
3152	cJdVlfl.exe
4884	FbYUOLC.exe
3104	pGuLZTM.exe
4912	FPhXgGz.exe
3780	bnZwMXk.exe
5024	DuqjwNJ.exe
436	uIjYVIY.exe
1184	RzEAIZR.exe
2544	uiuzDJl.exe
1052	DbWyxUL.exe
1428	VURuumx.exe
2552	YcsoOQz.exe
4368	FHkmjFW.exe
4040	DQLmMKd.exe
4872	DmHjFWr.exe
4672	oaNiwEU.exe
4568	OzALlpq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1852-0-0x00007FF637110000-0x00007FF637505000-memory.dmp	upx
behavioral2/files/0x0008000000023474-4.dat	upx
behavioral2/memory/2836-11-0x00007FF7850C0000-0x00007FF7854B5000-memory.dmp	upx
behavioral2/files/0x0007000000023478-12.dat	upx
behavioral2/files/0x0007000000023479-17.dat	upx
behavioral2/files/0x000700000002347b-27.dat	upx
behavioral2/files/0x000700000002347a-29.dat	upx
behavioral2/files/0x000700000002347c-34.dat	upx
behavioral2/files/0x000700000002347d-39.dat	upx
behavioral2/files/0x000700000002347f-47.dat	upx
behavioral2/files/0x0007000000023480-54.dat	upx
behavioral2/files/0x0007000000023482-62.dat	upx
behavioral2/files/0x0007000000023483-69.dat	upx
behavioral2/files/0x0007000000023485-79.dat	upx
behavioral2/files/0x0007000000023487-89.dat	upx
behavioral2/files/0x000700000002348f-129.dat	upx
behavioral2/files/0x0007000000023492-144.dat	upx
behavioral2/files/0x0007000000023496-164.dat	upx
behavioral2/files/0x0007000000023495-159.dat	upx
behavioral2/files/0x0007000000023494-154.dat	upx
behavioral2/files/0x0007000000023493-149.dat	upx
behavioral2/files/0x0007000000023491-139.dat	upx
behavioral2/files/0x0007000000023490-134.dat	upx
behavioral2/files/0x000700000002348e-124.dat	upx
behavioral2/files/0x000700000002348d-119.dat	upx
behavioral2/files/0x000700000002348c-114.dat	upx
behavioral2/files/0x000700000002348b-109.dat	upx
behavioral2/files/0x000700000002348a-104.dat	upx
behavioral2/files/0x0007000000023489-99.dat	upx
behavioral2/files/0x0007000000023488-94.dat	upx
behavioral2/files/0x0007000000023486-84.dat	upx
behavioral2/files/0x0007000000023484-74.dat	upx
behavioral2/files/0x0007000000023481-59.dat	upx
behavioral2/files/0x000700000002347e-44.dat	upx
behavioral2/memory/512-22-0x00007FF742A50000-0x00007FF742E45000-memory.dmp	upx
behavioral2/memory/3212-19-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp	upx
behavioral2/memory/424-931-0x00007FF733040000-0x00007FF733435000-memory.dmp	upx
behavioral2/memory/3220-940-0x00007FF696F70000-0x00007FF697365000-memory.dmp	upx
behavioral2/memory/4844-943-0x00007FF69BED0000-0x00007FF69C2C5000-memory.dmp	upx
behavioral2/memory/5020-937-0x00007FF62F5F0000-0x00007FF62F9E5000-memory.dmp	upx
behavioral2/memory/2776-934-0x00007FF7B1140000-0x00007FF7B1535000-memory.dmp	upx
behavioral2/memory/3268-949-0x00007FF674BA0000-0x00007FF674F95000-memory.dmp	upx
behavioral2/memory/1372-954-0x00007FF7945C0000-0x00007FF7949B5000-memory.dmp	upx
behavioral2/memory/4428-965-0x00007FF6849E0000-0x00007FF684DD5000-memory.dmp	upx
behavioral2/memory/2380-967-0x00007FF607CD0000-0x00007FF6080C5000-memory.dmp	upx
behavioral2/memory/3820-969-0x00007FF7BB0D0000-0x00007FF7BB4C5000-memory.dmp	upx
behavioral2/memory/2908-973-0x00007FF777BE0000-0x00007FF777FD5000-memory.dmp	upx
behavioral2/memory/1876-958-0x00007FF7558B0000-0x00007FF755CA5000-memory.dmp	upx
behavioral2/memory/4388-975-0x00007FF7B6040000-0x00007FF7B6435000-memory.dmp	upx
behavioral2/memory/3748-977-0x00007FF6A71D0000-0x00007FF6A75C5000-memory.dmp	upx
behavioral2/memory/1836-993-0x00007FF631BB0000-0x00007FF631FA5000-memory.dmp	upx
behavioral2/memory/4944-991-0x00007FF635C10000-0x00007FF636005000-memory.dmp	upx
behavioral2/memory/2596-990-0x00007FF734360000-0x00007FF734755000-memory.dmp	upx
behavioral2/memory/4500-987-0x00007FF6DB170000-0x00007FF6DB565000-memory.dmp	upx
behavioral2/memory/3676-986-0x00007FF61AE20000-0x00007FF61B215000-memory.dmp	upx
behavioral2/memory/3092-983-0x00007FF648C90000-0x00007FF649085000-memory.dmp	upx
behavioral2/memory/4344-980-0x00007FF735610000-0x00007FF735A05000-memory.dmp	upx
behavioral2/memory/1852-1904-0x00007FF637110000-0x00007FF637505000-memory.dmp	upx
behavioral2/memory/3212-1905-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp	upx
behavioral2/memory/2836-1906-0x00007FF7850C0000-0x00007FF7854B5000-memory.dmp	upx
behavioral2/memory/3212-1907-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp	upx
behavioral2/memory/512-1908-0x00007FF742A50000-0x00007FF742E45000-memory.dmp	upx
behavioral2/memory/4844-1910-0x00007FF69BED0000-0x00007FF69C2C5000-memory.dmp	upx
behavioral2/memory/5020-1913-0x00007FF62F5F0000-0x00007FF62F9E5000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\QncZXsa.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\fwqsGeP.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\GiUCOCJ.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\GPNaLLd.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\BPXQBHX.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\wSdsmtT.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\ZqzaNCd.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\mbJZxnQ.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\YDVDqgV.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\vgtBjNk.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\UMhpjOG.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\Mjmknhu.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\PDulCKd.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\ZwimFZJ.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\vBZxaOK.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\JQinsCk.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\bzmrHdf.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\RPfGFRk.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\HlbQoag.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\ABCzDHL.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\ovGQuqO.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\pdNsLrL.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\LTFRPgK.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\TnXHmLP.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\rcIpmQH.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\kbckUFz.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\GtxiRMj.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\cMBmBDf.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\etjrwts.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\qHxqurV.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\sfgvybf.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\XmXVvZs.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\ShJEPDU.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\wPVzpds.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\KgGtEJv.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\CQFPLCS.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\BZAxOic.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\PFcRURA.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\bnZwMXk.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\CXxdYwz.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\PNzFXCI.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\AQZFHMT.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\LEBgNlq.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\JfyCgRj.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\YErrdFN.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\JpvynEp.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\JbVMShm.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\BBNyHdm.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\zisBwYi.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\cwOwZke.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\wgqrhqy.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\vmJilNM.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\VVcTOni.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\ZwZYMDe.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\ZFjVqOf.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\bmgoMax.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\JLtoYyv.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\rIKxmmf.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\otPdbQq.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\QSZxQvz.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\OFSlvVr.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\AYhGaIG.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\NvtMFwj.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
File created	C:\Windows\System32\bmmMTVS.exe	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13308	dwm.exe
Token: SeChangeNotifyPrivilege	13308	dwm.exe
Token: 33	13308	dwm.exe
Token: SeIncBasePriorityPrivilege	13308	dwm.exe
Token: SeShutdownPrivilege	13308	dwm.exe
Token: SeCreatePagefilePrivilege	13308	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2836	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	84
PID 1852 wrote to memory of 2836	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	84
PID 1852 wrote to memory of 3212	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	85
PID 1852 wrote to memory of 3212	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	85
PID 1852 wrote to memory of 512	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	86
PID 1852 wrote to memory of 512	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	86
PID 1852 wrote to memory of 424	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	87
PID 1852 wrote to memory of 424	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	87
PID 1852 wrote to memory of 2776	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	88
PID 1852 wrote to memory of 2776	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	88
PID 1852 wrote to memory of 5020	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	89
PID 1852 wrote to memory of 5020	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	89
PID 1852 wrote to memory of 3220	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	90
PID 1852 wrote to memory of 3220	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	90
PID 1852 wrote to memory of 4844	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	91
PID 1852 wrote to memory of 4844	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	91
PID 1852 wrote to memory of 3268	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	92
PID 1852 wrote to memory of 3268	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	92
PID 1852 wrote to memory of 1372	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	93
PID 1852 wrote to memory of 1372	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	93
PID 1852 wrote to memory of 1876	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	94
PID 1852 wrote to memory of 1876	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	94
PID 1852 wrote to memory of 4428	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	95
PID 1852 wrote to memory of 4428	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	95
PID 1852 wrote to memory of 2380	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	96
PID 1852 wrote to memory of 2380	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	96
PID 1852 wrote to memory of 3820	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	97
PID 1852 wrote to memory of 3820	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	97
PID 1852 wrote to memory of 2908	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	98
PID 1852 wrote to memory of 2908	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	98
PID 1852 wrote to memory of 4388	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	99
PID 1852 wrote to memory of 4388	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	99
PID 1852 wrote to memory of 3748	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	100
PID 1852 wrote to memory of 3748	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	100
PID 1852 wrote to memory of 4344	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	101
PID 1852 wrote to memory of 4344	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	101
PID 1852 wrote to memory of 3092	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	102
PID 1852 wrote to memory of 3092	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	102
PID 1852 wrote to memory of 3676	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	103
PID 1852 wrote to memory of 3676	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	103
PID 1852 wrote to memory of 4500	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	104
PID 1852 wrote to memory of 4500	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	104
PID 1852 wrote to memory of 2596	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	105
PID 1852 wrote to memory of 2596	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	105
PID 1852 wrote to memory of 4944	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	106
PID 1852 wrote to memory of 4944	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	106
PID 1852 wrote to memory of 1836	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	107
PID 1852 wrote to memory of 1836	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	107
PID 1852 wrote to memory of 1236	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	108
PID 1852 wrote to memory of 1236	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	108
PID 1852 wrote to memory of 3616	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	109
PID 1852 wrote to memory of 3616	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	109
PID 1852 wrote to memory of 1660	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	110
PID 1852 wrote to memory of 1660	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	110
PID 1852 wrote to memory of 5088	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	111
PID 1852 wrote to memory of 5088	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	111
PID 1852 wrote to memory of 3064	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	112
PID 1852 wrote to memory of 3064	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	112
PID 1852 wrote to memory of 4520	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	113
PID 1852 wrote to memory of 4520	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	113
PID 1852 wrote to memory of 1952	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	114
PID 1852 wrote to memory of 1952	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	114
PID 1852 wrote to memory of 2764	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	115
PID 1852 wrote to memory of 2764	1852	5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5e360b3f6ccbb8a2d3bc0b0b7c0a74aeb3d3fe609e76fb0646a8c9677f4c2dd5_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\System32\OTDUsGB.exe
  C:\Windows\System32\OTDUsGB.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System32\LYJuZwf.exe
  C:\Windows\System32\LYJuZwf.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System32\HQIcWMl.exe
  C:\Windows\System32\HQIcWMl.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System32\DAXvcvM.exe
  C:\Windows\System32\DAXvcvM.exe
  2⤵
  - Executes dropped EXE
  PID:424
- C:\Windows\System32\HNOIXgy.exe
  C:\Windows\System32\HNOIXgy.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System32\zOpbqQM.exe
  C:\Windows\System32\zOpbqQM.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System32\AQZFHMT.exe
  C:\Windows\System32\AQZFHMT.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System32\kInddUh.exe
  C:\Windows\System32\kInddUh.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System32\tnSviUX.exe
  C:\Windows\System32\tnSviUX.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System32\PrSujSm.exe
  C:\Windows\System32\PrSujSm.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System32\iJoKGFB.exe
  C:\Windows\System32\iJoKGFB.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System32\wSdsmtT.exe
  C:\Windows\System32\wSdsmtT.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System32\UMpOEKj.exe
  C:\Windows\System32\UMpOEKj.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System32\SkrZmDp.exe
  C:\Windows\System32\SkrZmDp.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System32\zaQBqes.exe
  C:\Windows\System32\zaQBqes.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System32\gSTkHwK.exe
  C:\Windows\System32\gSTkHwK.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System32\QwHveOQ.exe
  C:\Windows\System32\QwHveOQ.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System32\HcXXUYG.exe
  C:\Windows\System32\HcXXUYG.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System32\dVMfovU.exe
  C:\Windows\System32\dVMfovU.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System32\sGPeXIO.exe
  C:\Windows\System32\sGPeXIO.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System32\sjutShF.exe
  C:\Windows\System32\sjutShF.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System32\SCBRdpH.exe
  C:\Windows\System32\SCBRdpH.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System32\oGoXOVz.exe
  C:\Windows\System32\oGoXOVz.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System32\dyVivdm.exe
  C:\Windows\System32\dyVivdm.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System32\EifYzTa.exe
  C:\Windows\System32\EifYzTa.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System32\dagBeHb.exe
  C:\Windows\System32\dagBeHb.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System32\DwanaaR.exe
  C:\Windows\System32\DwanaaR.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System32\XPVGMoc.exe
  C:\Windows\System32\XPVGMoc.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System32\GpKmgme.exe
  C:\Windows\System32\GpKmgme.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System32\xgjBAiD.exe
  C:\Windows\System32\xgjBAiD.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System32\lgDNCQw.exe
  C:\Windows\System32\lgDNCQw.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System32\danTnzY.exe
  C:\Windows\System32\danTnzY.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System32\tUYrksG.exe
  C:\Windows\System32\tUYrksG.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System32\xbLeYek.exe
  C:\Windows\System32\xbLeYek.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System32\xnzbzLN.exe
  C:\Windows\System32\xnzbzLN.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System32\jOjowzr.exe
  C:\Windows\System32\jOjowzr.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System32\hiONxxb.exe
  C:\Windows\System32\hiONxxb.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System32\dwuWCsA.exe
  C:\Windows\System32\dwuWCsA.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System32\YYegdiB.exe
  C:\Windows\System32\YYegdiB.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System32\kxSKqte.exe
  C:\Windows\System32\kxSKqte.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System32\KwAVWdq.exe
  C:\Windows\System32\KwAVWdq.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System32\tZNgwrj.exe
  C:\Windows\System32\tZNgwrj.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System32\GdoMHQJ.exe
  C:\Windows\System32\GdoMHQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System32\zXPzsxs.exe
  C:\Windows\System32\zXPzsxs.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System32\IpQNurd.exe
  C:\Windows\System32\IpQNurd.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System32\MosVolZ.exe
  C:\Windows\System32\MosVolZ.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System32\LTFRPgK.exe
  C:\Windows\System32\LTFRPgK.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System32\cJdVlfl.exe
  C:\Windows\System32\cJdVlfl.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System32\FbYUOLC.exe
  C:\Windows\System32\FbYUOLC.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System32\pGuLZTM.exe
  C:\Windows\System32\pGuLZTM.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System32\FPhXgGz.exe
  C:\Windows\System32\FPhXgGz.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System32\bnZwMXk.exe
  C:\Windows\System32\bnZwMXk.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System32\DuqjwNJ.exe
  C:\Windows\System32\DuqjwNJ.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System32\uIjYVIY.exe
  C:\Windows\System32\uIjYVIY.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System32\RzEAIZR.exe
  C:\Windows\System32\RzEAIZR.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System32\uiuzDJl.exe
  C:\Windows\System32\uiuzDJl.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System32\DbWyxUL.exe
  C:\Windows\System32\DbWyxUL.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System32\VURuumx.exe
  C:\Windows\System32\VURuumx.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System32\YcsoOQz.exe
  C:\Windows\System32\YcsoOQz.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System32\FHkmjFW.exe
  C:\Windows\System32\FHkmjFW.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System32\DQLmMKd.exe
  C:\Windows\System32\DQLmMKd.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System32\DmHjFWr.exe
  C:\Windows\System32\DmHjFWr.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\oaNiwEU.exe
  C:\Windows\System32\oaNiwEU.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System32\OzALlpq.exe
  C:\Windows\System32\OzALlpq.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System32\FRbKBhq.exe
  C:\Windows\System32\FRbKBhq.exe
  2⤵
  PID:2276
- C:\Windows\System32\wddzadE.exe
  C:\Windows\System32\wddzadE.exe
  2⤵
  PID:2456
- C:\Windows\System32\JbVMShm.exe
  C:\Windows\System32\JbVMShm.exe
  2⤵
  PID:2576
- C:\Windows\System32\cwOwZke.exe
  C:\Windows\System32\cwOwZke.exe
  2⤵
  PID:3656
- C:\Windows\System32\AseYsiH.exe
  C:\Windows\System32\AseYsiH.exe
  2⤵
  PID:1480
- C:\Windows\System32\JQinsCk.exe
  C:\Windows\System32\JQinsCk.exe
  2⤵
  PID:2484
- C:\Windows\System32\pZNeBce.exe
  C:\Windows\System32\pZNeBce.exe
  2⤵
  PID:2336
- C:\Windows\System32\ZGjvdrm.exe
  C:\Windows\System32\ZGjvdrm.exe
  2⤵
  PID:4540
- C:\Windows\System32\RSCouYZ.exe
  C:\Windows\System32\RSCouYZ.exe
  2⤵
  PID:4408
- C:\Windows\System32\GxGJJuQ.exe
  C:\Windows\System32\GxGJJuQ.exe
  2⤵
  PID:5132
- C:\Windows\System32\rZDyRHI.exe
  C:\Windows\System32\rZDyRHI.exe
  2⤵
  PID:5172
- C:\Windows\System32\PJuJaSg.exe
  C:\Windows\System32\PJuJaSg.exe
  2⤵
  PID:5200
- C:\Windows\System32\XjfSWJC.exe
  C:\Windows\System32\XjfSWJC.exe
  2⤵
  PID:5216
- C:\Windows\System32\vEIGxJl.exe
  C:\Windows\System32\vEIGxJl.exe
  2⤵
  PID:5244
- C:\Windows\System32\fxHGUNa.exe
  C:\Windows\System32\fxHGUNa.exe
  2⤵
  PID:5272
- C:\Windows\System32\zCMYPOM.exe
  C:\Windows\System32\zCMYPOM.exe
  2⤵
  PID:5300
- C:\Windows\System32\inuWXrB.exe
  C:\Windows\System32\inuWXrB.exe
  2⤵
  PID:5340
- C:\Windows\System32\LTeDIXn.exe
  C:\Windows\System32\LTeDIXn.exe
  2⤵
  PID:5356
- C:\Windows\System32\ksrLCfg.exe
  C:\Windows\System32\ksrLCfg.exe
  2⤵
  PID:5392
- C:\Windows\System32\mosMBij.exe
  C:\Windows\System32\mosMBij.exe
  2⤵
  PID:5424
- C:\Windows\System32\SIWHayO.exe
  C:\Windows\System32\SIWHayO.exe
  2⤵
  PID:5440
- C:\Windows\System32\rIKxmmf.exe
  C:\Windows\System32\rIKxmmf.exe
  2⤵
  PID:5468
- C:\Windows\System32\FcgqMAk.exe
  C:\Windows\System32\FcgqMAk.exe
  2⤵
  PID:5504
- C:\Windows\System32\RTSujlI.exe
  C:\Windows\System32\RTSujlI.exe
  2⤵
  PID:5536
- C:\Windows\System32\XJHufGC.exe
  C:\Windows\System32\XJHufGC.exe
  2⤵
  PID:5564
- C:\Windows\System32\FLRTnhK.exe
  C:\Windows\System32\FLRTnhK.exe
  2⤵
  PID:5580
- C:\Windows\System32\cvinZSu.exe
  C:\Windows\System32\cvinZSu.exe
  2⤵
  PID:5608
- C:\Windows\System32\GbXxhtm.exe
  C:\Windows\System32\GbXxhtm.exe
  2⤵
  PID:5636
- C:\Windows\System32\AGkFFxK.exe
  C:\Windows\System32\AGkFFxK.exe
  2⤵
  PID:5676
- C:\Windows\System32\ShJEPDU.exe
  C:\Windows\System32\ShJEPDU.exe
  2⤵
  PID:5692
- C:\Windows\System32\bzmrHdf.exe
  C:\Windows\System32\bzmrHdf.exe
  2⤵
  PID:5720
- C:\Windows\System32\JwwFWlm.exe
  C:\Windows\System32\JwwFWlm.exe
  2⤵
  PID:5760
- C:\Windows\System32\vBZxaOK.exe
  C:\Windows\System32\vBZxaOK.exe
  2⤵
  PID:5776
- C:\Windows\System32\CbFbKMk.exe
  C:\Windows\System32\CbFbKMk.exe
  2⤵
  PID:5804
- C:\Windows\System32\TNWCAzi.exe
  C:\Windows\System32\TNWCAzi.exe
  2⤵
  PID:5844
- C:\Windows\System32\HkbnRbk.exe
  C:\Windows\System32\HkbnRbk.exe
  2⤵
  PID:5860
- C:\Windows\System32\UfnMZVS.exe
  C:\Windows\System32\UfnMZVS.exe
  2⤵
  PID:5900
- C:\Windows\System32\LrVkUBX.exe
  C:\Windows\System32\LrVkUBX.exe
  2⤵
  PID:5916
- C:\Windows\System32\GlCLBDV.exe
  C:\Windows\System32\GlCLBDV.exe
  2⤵
  PID:5944
- C:\Windows\System32\ZGyDcPw.exe
  C:\Windows\System32\ZGyDcPw.exe
  2⤵
  PID:5972
- C:\Windows\System32\XTUWJal.exe
  C:\Windows\System32\XTUWJal.exe
  2⤵
  PID:6000
- C:\Windows\System32\fITtFZS.exe
  C:\Windows\System32\fITtFZS.exe
  2⤵
  PID:6036
- C:\Windows\System32\qOwiwly.exe
  C:\Windows\System32\qOwiwly.exe
  2⤵
  PID:6056
- C:\Windows\System32\fWrdSAi.exe
  C:\Windows\System32\fWrdSAi.exe
  2⤵
  PID:6084
- C:\Windows\System32\ovstNqQ.exe
  C:\Windows\System32\ovstNqQ.exe
  2⤵
  PID:6124
- C:\Windows\System32\WQpLhot.exe
  C:\Windows\System32\WQpLhot.exe
  2⤵
  PID:6140
- C:\Windows\System32\GoZxhGD.exe
  C:\Windows\System32\GoZxhGD.exe
  2⤵
  PID:4404
- C:\Windows\System32\xGHrBzx.exe
  C:\Windows\System32\xGHrBzx.exe
  2⤵
  PID:2236
- C:\Windows\System32\rcBSMzv.exe
  C:\Windows\System32\rcBSMzv.exe
  2⤵
  PID:3924
- C:\Windows\System32\pwwLPNV.exe
  C:\Windows\System32\pwwLPNV.exe
  2⤵
  PID:4472
- C:\Windows\System32\EyvPTCe.exe
  C:\Windows\System32\EyvPTCe.exe
  2⤵
  PID:2604
- C:\Windows\System32\NjzGSon.exe
  C:\Windows\System32\NjzGSon.exe
  2⤵
  PID:1108
- C:\Windows\System32\AgmbfRU.exe
  C:\Windows\System32\AgmbfRU.exe
  2⤵
  PID:5180
- C:\Windows\System32\iMODXTD.exe
  C:\Windows\System32\iMODXTD.exe
  2⤵
  PID:5232
- C:\Windows\System32\kVkXkOb.exe
  C:\Windows\System32\kVkXkOb.exe
  2⤵
  PID:5316
- C:\Windows\System32\GFWTREL.exe
  C:\Windows\System32\GFWTREL.exe
  2⤵
  PID:5364
- C:\Windows\System32\XmXVvZs.exe
  C:\Windows\System32\XmXVvZs.exe
  2⤵
  PID:5432
- C:\Windows\System32\CHUKLqf.exe
  C:\Windows\System32\CHUKLqf.exe
  2⤵
  PID:5484
- C:\Windows\System32\sZRtkeS.exe
  C:\Windows\System32\sZRtkeS.exe
  2⤵
  PID:5576
- C:\Windows\System32\FfVtyfd.exe
  C:\Windows\System32\FfVtyfd.exe
  2⤵
  PID:5616
- C:\Windows\System32\KQXkjmA.exe
  C:\Windows\System32\KQXkjmA.exe
  2⤵
  PID:5704
- C:\Windows\System32\BnhmjRR.exe
  C:\Windows\System32\BnhmjRR.exe
  2⤵
  PID:5772
- C:\Windows\System32\RSBjFYy.exe
  C:\Windows\System32\RSBjFYy.exe
  2⤵
  PID:5820
- C:\Windows\System32\RKBrINy.exe
  C:\Windows\System32\RKBrINy.exe
  2⤵
  PID:5876
- C:\Windows\System32\bkBSMCl.exe
  C:\Windows\System32\bkBSMCl.exe
  2⤵
  PID:5996
- C:\Windows\System32\eDxIRXM.exe
  C:\Windows\System32\eDxIRXM.exe
  2⤵
  PID:6016
- C:\Windows\System32\DVHWNSu.exe
  C:\Windows\System32\DVHWNSu.exe
  2⤵
  PID:6096
- C:\Windows\System32\QncZXsa.exe
  C:\Windows\System32\QncZXsa.exe
  2⤵
  PID:3520
- C:\Windows\System32\RaDUgMU.exe
  C:\Windows\System32\RaDUgMU.exe
  2⤵
  PID:4432
- C:\Windows\System32\WdzYSKt.exe
  C:\Windows\System32\WdzYSKt.exe
  2⤵
  PID:4576
- C:\Windows\System32\BigBjiv.exe
  C:\Windows\System32\BigBjiv.exe
  2⤵
  PID:5260
- C:\Windows\System32\iGCjgan.exe
  C:\Windows\System32\iGCjgan.exe
  2⤵
  PID:5436
- C:\Windows\System32\HkyWnjh.exe
  C:\Windows\System32\HkyWnjh.exe
  2⤵
  PID:5480
- C:\Windows\System32\SBIDASu.exe
  C:\Windows\System32\SBIDASu.exe
  2⤵
  PID:5732
- C:\Windows\System32\RPfGFRk.exe
  C:\Windows\System32\RPfGFRk.exe
  2⤵
  PID:5872
- C:\Windows\System32\gMqsQqW.exe
  C:\Windows\System32\gMqsQqW.exe
  2⤵
  PID:6152
- C:\Windows\System32\zcCaHvN.exe
  C:\Windows\System32\zcCaHvN.exe
  2⤵
  PID:6180
- C:\Windows\System32\LEBgNlq.exe
  C:\Windows\System32\LEBgNlq.exe
  2⤵
  PID:6208
- C:\Windows\System32\UMhpjOG.exe
  C:\Windows\System32\UMhpjOG.exe
  2⤵
  PID:6248
- C:\Windows\System32\qUrUGtO.exe
  C:\Windows\System32\qUrUGtO.exe
  2⤵
  PID:6264
- C:\Windows\System32\jBxXljF.exe
  C:\Windows\System32\jBxXljF.exe
  2⤵
  PID:6292
- C:\Windows\System32\DFELTax.exe
  C:\Windows\System32\DFELTax.exe
  2⤵
  PID:6332
- C:\Windows\System32\wvEPCDj.exe
  C:\Windows\System32\wvEPCDj.exe
  2⤵
  PID:6348
- C:\Windows\System32\bmgoMax.exe
  C:\Windows\System32\bmgoMax.exe
  2⤵
  PID:6376
- C:\Windows\System32\dznNYQz.exe
  C:\Windows\System32\dznNYQz.exe
  2⤵
  PID:6404
- C:\Windows\System32\eFzmIIp.exe
  C:\Windows\System32\eFzmIIp.exe
  2⤵
  PID:6432
- C:\Windows\System32\hSYOLKC.exe
  C:\Windows\System32\hSYOLKC.exe
  2⤵
  PID:6460
- C:\Windows\System32\NxJGhYi.exe
  C:\Windows\System32\NxJGhYi.exe
  2⤵
  PID:6488
- C:\Windows\System32\IJgpowk.exe
  C:\Windows\System32\IJgpowk.exe
  2⤵
  PID:6528
- C:\Windows\System32\FTpZcba.exe
  C:\Windows\System32\FTpZcba.exe
  2⤵
  PID:6544
- C:\Windows\System32\nlQuGXn.exe
  C:\Windows\System32\nlQuGXn.exe
  2⤵
  PID:6580
- C:\Windows\System32\nIEBCcN.exe
  C:\Windows\System32\nIEBCcN.exe
  2⤵
  PID:6600
- C:\Windows\System32\zCcTyFd.exe
  C:\Windows\System32\zCcTyFd.exe
  2⤵
  PID:6640
- C:\Windows\System32\VPGXXXb.exe
  C:\Windows\System32\VPGXXXb.exe
  2⤵
  PID:6668
- C:\Windows\System32\MFPCpkr.exe
  C:\Windows\System32\MFPCpkr.exe
  2⤵
  PID:6684
- C:\Windows\System32\qsmWrUc.exe
  C:\Windows\System32\qsmWrUc.exe
  2⤵
  PID:6712
- C:\Windows\System32\plRjYTM.exe
  C:\Windows\System32\plRjYTM.exe
  2⤵
  PID:6740
- C:\Windows\System32\EddHzaY.exe
  C:\Windows\System32\EddHzaY.exe
  2⤵
  PID:6768
- C:\Windows\System32\OKrAEoC.exe
  C:\Windows\System32\OKrAEoC.exe
  2⤵
  PID:6796
- C:\Windows\System32\ainCHKv.exe
  C:\Windows\System32\ainCHKv.exe
  2⤵
  PID:6824
- C:\Windows\System32\PRyFQVR.exe
  C:\Windows\System32\PRyFQVR.exe
  2⤵
  PID:6852
- C:\Windows\System32\HLLYfcH.exe
  C:\Windows\System32\HLLYfcH.exe
  2⤵
  PID:6880
- C:\Windows\System32\rKtKqub.exe
  C:\Windows\System32\rKtKqub.exe
  2⤵
  PID:6908
- C:\Windows\System32\HlbQoag.exe
  C:\Windows\System32\HlbQoag.exe
  2⤵
  PID:6948
- C:\Windows\System32\CRHFMVG.exe
  C:\Windows\System32\CRHFMVG.exe
  2⤵
  PID:6964
- C:\Windows\System32\ZwZYMDe.exe
  C:\Windows\System32\ZwZYMDe.exe
  2⤵
  PID:6992
- C:\Windows\System32\eFlWAFE.exe
  C:\Windows\System32\eFlWAFE.exe
  2⤵
  PID:7020
- C:\Windows\System32\WtvxqZV.exe
  C:\Windows\System32\WtvxqZV.exe
  2⤵
  PID:7048
- C:\Windows\System32\Mjmknhu.exe
  C:\Windows\System32\Mjmknhu.exe
  2⤵
  PID:7088
- C:\Windows\System32\vgtBjNk.exe
  C:\Windows\System32\vgtBjNk.exe
  2⤵
  PID:7104
- C:\Windows\System32\TZpKIqe.exe
  C:\Windows\System32\TZpKIqe.exe
  2⤵
  PID:7144
- C:\Windows\System32\uFmAnEI.exe
  C:\Windows\System32\uFmAnEI.exe
  2⤵
  PID:7160
- C:\Windows\System32\DUdJuul.exe
  C:\Windows\System32\DUdJuul.exe
  2⤵
  PID:6068
- C:\Windows\System32\OBcevMa.exe
  C:\Windows\System32\OBcevMa.exe
  2⤵
  PID:4596
- C:\Windows\System32\wLGmBJy.exe
  C:\Windows\System32\wLGmBJy.exe
  2⤵
  PID:5228
- C:\Windows\System32\YaFUhrE.exe
  C:\Windows\System32\YaFUhrE.exe
  2⤵
  PID:5596
- C:\Windows\System32\SwAiQhf.exe
  C:\Windows\System32\SwAiQhf.exe
  2⤵
  PID:6148
- C:\Windows\System32\totXpVU.exe
  C:\Windows\System32\totXpVU.exe
  2⤵
  PID:6220
- C:\Windows\System32\wTEopsC.exe
  C:\Windows\System32\wTEopsC.exe
  2⤵
  PID:6288
- C:\Windows\System32\GSnuUgR.exe
  C:\Windows\System32\GSnuUgR.exe
  2⤵
  PID:6340
- C:\Windows\System32\SVXAzQW.exe
  C:\Windows\System32\SVXAzQW.exe
  2⤵
  PID:6416
- C:\Windows\System32\pPgZTrI.exe
  C:\Windows\System32\pPgZTrI.exe
  2⤵
  PID:6476
- C:\Windows\System32\tskWEol.exe
  C:\Windows\System32\tskWEol.exe
  2⤵
  PID:6536
- C:\Windows\System32\foOeJQe.exe
  C:\Windows\System32\foOeJQe.exe
  2⤵
  PID:6596
- C:\Windows\System32\hTOyFeg.exe
  C:\Windows\System32\hTOyFeg.exe
  2⤵
  PID:6660
- C:\Windows\System32\WYayBSY.exe
  C:\Windows\System32\WYayBSY.exe
  2⤵
  PID:6736
- C:\Windows\System32\BzhsraN.exe
  C:\Windows\System32\BzhsraN.exe
  2⤵
  PID:6804
- C:\Windows\System32\pDMWNaJ.exe
  C:\Windows\System32\pDMWNaJ.exe
  2⤵
  PID:6872
- C:\Windows\System32\giUYnBa.exe
  C:\Windows\System32\giUYnBa.exe
  2⤵
  PID:6932
- C:\Windows\System32\YEQcrlA.exe
  C:\Windows\System32\YEQcrlA.exe
  2⤵
  PID:6980
- C:\Windows\System32\KxagyWW.exe
  C:\Windows\System32\KxagyWW.exe
  2⤵
  PID:7060
- C:\Windows\System32\SLazJVf.exe
  C:\Windows\System32\SLazJVf.exe
  2⤵
  PID:7156
- C:\Windows\System32\SSujmqR.exe
  C:\Windows\System32\SSujmqR.exe
  2⤵
  PID:5940
- C:\Windows\System32\hnXixkE.exe
  C:\Windows\System32\hnXixkE.exe
  2⤵
  PID:5324
- C:\Windows\System32\XEjteyq.exe
  C:\Windows\System32\XEjteyq.exe
  2⤵
  PID:6192
- C:\Windows\System32\wPVzpds.exe
  C:\Windows\System32\wPVzpds.exe
  2⤵
  PID:6388
- C:\Windows\System32\QSZxQvz.exe
  C:\Windows\System32\QSZxQvz.exe
  2⤵
  PID:6512
- C:\Windows\System32\PrHgHmL.exe
  C:\Windows\System32\PrHgHmL.exe
  2⤵
  PID:6648
- C:\Windows\System32\UEtwpgS.exe
  C:\Windows\System32\UEtwpgS.exe
  2⤵
  PID:6756
- C:\Windows\System32\ZfKoeoq.exe
  C:\Windows\System32\ZfKoeoq.exe
  2⤵
  PID:6960
- C:\Windows\System32\fwqsGeP.exe
  C:\Windows\System32\fwqsGeP.exe
  2⤵
  PID:7204
- C:\Windows\System32\Ollnxnl.exe
  C:\Windows\System32\Ollnxnl.exe
  2⤵
  PID:7224
- C:\Windows\System32\xnaFaBb.exe
  C:\Windows\System32\xnaFaBb.exe
  2⤵
  PID:7252
- C:\Windows\System32\qRfSMAb.exe
  C:\Windows\System32\qRfSMAb.exe
  2⤵
  PID:7292
- C:\Windows\System32\WMzELle.exe
  C:\Windows\System32\WMzELle.exe
  2⤵
  PID:7308
- C:\Windows\System32\JMGFkxV.exe
  C:\Windows\System32\JMGFkxV.exe
  2⤵
  PID:7336
- C:\Windows\System32\AvCxdyu.exe
  C:\Windows\System32\AvCxdyu.exe
  2⤵
  PID:7376
- C:\Windows\System32\GYjNDod.exe
  C:\Windows\System32\GYjNDod.exe
  2⤵
  PID:7392
- C:\Windows\System32\VgGpZyA.exe
  C:\Windows\System32\VgGpZyA.exe
  2⤵
  PID:7420
- C:\Windows\System32\APDJeVQ.exe
  C:\Windows\System32\APDJeVQ.exe
  2⤵
  PID:7460
- C:\Windows\System32\jcQrORO.exe
  C:\Windows\System32\jcQrORO.exe
  2⤵
  PID:7476
- C:\Windows\System32\WVRxGkg.exe
  C:\Windows\System32\WVRxGkg.exe
  2⤵
  PID:7504
- C:\Windows\System32\hcQCSob.exe
  C:\Windows\System32\hcQCSob.exe
  2⤵
  PID:7532
- C:\Windows\System32\igWGrFR.exe
  C:\Windows\System32\igWGrFR.exe
  2⤵
  PID:7560
- C:\Windows\System32\iBrkKXA.exe
  C:\Windows\System32\iBrkKXA.exe
  2⤵
  PID:7588
- C:\Windows\System32\ngZCsyb.exe
  C:\Windows\System32\ngZCsyb.exe
  2⤵
  PID:7616
- C:\Windows\System32\nAtUkkd.exe
  C:\Windows\System32\nAtUkkd.exe
  2⤵
  PID:7644
- C:\Windows\System32\jAnjUtT.exe
  C:\Windows\System32\jAnjUtT.exe
  2⤵
  PID:7668
- C:\Windows\System32\HcxOjup.exe
  C:\Windows\System32\HcxOjup.exe
  2⤵
  PID:7700
- C:\Windows\System32\AyhesPd.exe
  C:\Windows\System32\AyhesPd.exe
  2⤵
  PID:7728
- C:\Windows\System32\xmljoZA.exe
  C:\Windows\System32\xmljoZA.exe
  2⤵
  PID:7756
- C:\Windows\System32\almPWwE.exe
  C:\Windows\System32\almPWwE.exe
  2⤵
  PID:7784
- C:\Windows\System32\BBNyHdm.exe
  C:\Windows\System32\BBNyHdm.exe
  2⤵
  PID:7812
- C:\Windows\System32\IgDgdGb.exe
  C:\Windows\System32\IgDgdGb.exe
  2⤵
  PID:7840
- C:\Windows\System32\DWidFZI.exe
  C:\Windows\System32\DWidFZI.exe
  2⤵
  PID:7880
- C:\Windows\System32\tKmsaSR.exe
  C:\Windows\System32\tKmsaSR.exe
  2⤵
  PID:7896
- C:\Windows\System32\fHDWbPH.exe
  C:\Windows\System32\fHDWbPH.exe
  2⤵
  PID:7924
- C:\Windows\System32\JaWPTZt.exe
  C:\Windows\System32\JaWPTZt.exe
  2⤵
  PID:7960
- C:\Windows\System32\QoqMnjs.exe
  C:\Windows\System32\QoqMnjs.exe
  2⤵
  PID:7980
- C:\Windows\System32\MsiHiVh.exe
  C:\Windows\System32\MsiHiVh.exe
  2⤵
  PID:8008
- C:\Windows\System32\nOcKbmM.exe
  C:\Windows\System32\nOcKbmM.exe
  2⤵
  PID:8036
- C:\Windows\System32\IcLJecV.exe
  C:\Windows\System32\IcLJecV.exe
  2⤵
  PID:8064
- C:\Windows\System32\cymKEPI.exe
  C:\Windows\System32\cymKEPI.exe
  2⤵
  PID:8092
- C:\Windows\System32\TFxVqkb.exe
  C:\Windows\System32\TFxVqkb.exe
  2⤵
  PID:8132
- C:\Windows\System32\zisBwYi.exe
  C:\Windows\System32\zisBwYi.exe
  2⤵
  PID:8148
- C:\Windows\System32\kbckUFz.exe
  C:\Windows\System32\kbckUFz.exe
  2⤵
  PID:8176
- C:\Windows\System32\xhmJUjd.exe
  C:\Windows\System32\xhmJUjd.exe
  2⤵
  PID:7044
- C:\Windows\System32\sDKEerf.exe
  C:\Windows\System32\sDKEerf.exe
  2⤵
  PID:5960
- C:\Windows\System32\kCfwNpA.exe
  C:\Windows\System32\kCfwNpA.exe
  2⤵
  PID:6260
- C:\Windows\System32\bDSrhwz.exe
  C:\Windows\System32\bDSrhwz.exe
  2⤵
  PID:6632
- C:\Windows\System32\EGzUtlx.exe
  C:\Windows\System32\EGzUtlx.exe
  2⤵
  PID:6892
- C:\Windows\System32\KfHUXNy.exe
  C:\Windows\System32\KfHUXNy.exe
  2⤵
  PID:7236
- C:\Windows\System32\geIuaNr.exe
  C:\Windows\System32\geIuaNr.exe
  2⤵
  PID:7304
- C:\Windows\System32\ASehvIu.exe
  C:\Windows\System32\ASehvIu.exe
  2⤵
  PID:7360
- C:\Windows\System32\otPdbQq.exe
  C:\Windows\System32\otPdbQq.exe
  2⤵
  PID:7432
- C:\Windows\System32\UyGPFTh.exe
  C:\Windows\System32\UyGPFTh.exe
  2⤵
  PID:7468
- C:\Windows\System32\eUEmMnk.exe
  C:\Windows\System32\eUEmMnk.exe
  2⤵
  PID:7544
- C:\Windows\System32\JgPHiig.exe
  C:\Windows\System32\JgPHiig.exe
  2⤵
  PID:7612
- C:\Windows\System32\NIuzhFv.exe
  C:\Windows\System32\NIuzhFv.exe
  2⤵
  PID:7664
- C:\Windows\System32\JWLXUYZ.exe
  C:\Windows\System32\JWLXUYZ.exe
  2⤵
  PID:7716
- C:\Windows\System32\HccnSTR.exe
  C:\Windows\System32\HccnSTR.exe
  2⤵
  PID:7772
- C:\Windows\System32\xWBoknU.exe
  C:\Windows\System32\xWBoknU.exe
  2⤵
  PID:7852
- C:\Windows\System32\DxaOvuY.exe
  C:\Windows\System32\DxaOvuY.exe
  2⤵
  PID:7920
- C:\Windows\System32\fHAbrXM.exe
  C:\Windows\System32\fHAbrXM.exe
  2⤵
  PID:7956
- C:\Windows\System32\iWQtKrG.exe
  C:\Windows\System32\iWQtKrG.exe
  2⤵
  PID:8020
- C:\Windows\System32\QDHDTxy.exe
  C:\Windows\System32\QDHDTxy.exe
  2⤵
  PID:8104
- C:\Windows\System32\AvHAPkt.exe
  C:\Windows\System32\AvHAPkt.exe
  2⤵
  PID:8140
- C:\Windows\System32\bpzidJx.exe
  C:\Windows\System32\bpzidJx.exe
  2⤵
  PID:6988
- C:\Windows\System32\gxRKJku.exe
  C:\Windows\System32\gxRKJku.exe
  2⤵
  PID:5800
- C:\Windows\System32\qDPbBkQ.exe
  C:\Windows\System32\qDPbBkQ.exe
  2⤵
  PID:7264
- C:\Windows\System32\fRkxytW.exe
  C:\Windows\System32\fRkxytW.exe
  2⤵
  PID:1992
- C:\Windows\System32\MfcAsus.exe
  C:\Windows\System32\MfcAsus.exe
  2⤵
  PID:7472
- C:\Windows\System32\vmdaiLh.exe
  C:\Windows\System32\vmdaiLh.exe
  2⤵
  PID:3384
- C:\Windows\System32\rnOFgUr.exe
  C:\Windows\System32\rnOFgUr.exe
  2⤵
  PID:7780
- C:\Windows\System32\sNNqUBJ.exe
  C:\Windows\System32\sNNqUBJ.exe
  2⤵
  PID:7908
- C:\Windows\System32\rBdPWom.exe
  C:\Windows\System32\rBdPWom.exe
  2⤵
  PID:1908
- C:\Windows\System32\cOXyuGn.exe
  C:\Windows\System32\cOXyuGn.exe
  2⤵
  PID:8056
- C:\Windows\System32\eDBkYjQ.exe
  C:\Windows\System32\eDBkYjQ.exe
  2⤵
  PID:8164
- C:\Windows\System32\YDVDqgV.exe
  C:\Windows\System32\YDVDqgV.exe
  2⤵
  PID:1292
- C:\Windows\System32\PyXbssu.exe
  C:\Windows\System32\PyXbssu.exe
  2⤵
  PID:7388
- C:\Windows\System32\kttLCqR.exe
  C:\Windows\System32\kttLCqR.exe
  2⤵
  PID:4996
- C:\Windows\System32\EuCLDoi.exe
  C:\Windows\System32\EuCLDoi.exe
  2⤵
  PID:4252
- C:\Windows\System32\ZLmxAEU.exe
  C:\Windows\System32\ZLmxAEU.exe
  2⤵
  PID:7936
- C:\Windows\System32\UZPAVYh.exe
  C:\Windows\System32\UZPAVYh.exe
  2⤵
  PID:8212
- C:\Windows\System32\rjIhxrI.exe
  C:\Windows\System32\rjIhxrI.exe
  2⤵
  PID:8240
- C:\Windows\System32\oofuaYB.exe
  C:\Windows\System32\oofuaYB.exe
  2⤵
  PID:8280
- C:\Windows\System32\QcYXwqz.exe
  C:\Windows\System32\QcYXwqz.exe
  2⤵
  PID:8296
- C:\Windows\System32\PQQeJzk.exe
  C:\Windows\System32\PQQeJzk.exe
  2⤵
  PID:8336
- C:\Windows\System32\VjVWZUF.exe
  C:\Windows\System32\VjVWZUF.exe
  2⤵
  PID:8360
- C:\Windows\System32\ZYBVfRd.exe
  C:\Windows\System32\ZYBVfRd.exe
  2⤵
  PID:8380
- C:\Windows\System32\boAdGIb.exe
  C:\Windows\System32\boAdGIb.exe
  2⤵
  PID:8408
- C:\Windows\System32\ASooFpl.exe
  C:\Windows\System32\ASooFpl.exe
  2⤵
  PID:8436
- C:\Windows\System32\RoqTWeB.exe
  C:\Windows\System32\RoqTWeB.exe
  2⤵
  PID:8516
- C:\Windows\System32\TiLCjOy.exe
  C:\Windows\System32\TiLCjOy.exe
  2⤵
  PID:8540
- C:\Windows\System32\jTBUQZZ.exe
  C:\Windows\System32\jTBUQZZ.exe
  2⤵
  PID:8584
- C:\Windows\System32\SzlBYSr.exe
  C:\Windows\System32\SzlBYSr.exe
  2⤵
  PID:8608
- C:\Windows\System32\lCBGYqa.exe
  C:\Windows\System32\lCBGYqa.exe
  2⤵
  PID:8628
- C:\Windows\System32\pSaSItd.exe
  C:\Windows\System32\pSaSItd.exe
  2⤵
  PID:8648
- C:\Windows\System32\LlXBqdG.exe
  C:\Windows\System32\LlXBqdG.exe
  2⤵
  PID:8684
- C:\Windows\System32\OarKelc.exe
  C:\Windows\System32\OarKelc.exe
  2⤵
  PID:8700
- C:\Windows\System32\qJiEdWc.exe
  C:\Windows\System32\qJiEdWc.exe
  2⤵
  PID:8756
- C:\Windows\System32\sFqKtEN.exe
  C:\Windows\System32\sFqKtEN.exe
  2⤵
  PID:8772
- C:\Windows\System32\BaJlkOY.exe
  C:\Windows\System32\BaJlkOY.exe
  2⤵
  PID:8796
- C:\Windows\System32\nBvEOsP.exe
  C:\Windows\System32\nBvEOsP.exe
  2⤵
  PID:8868
- C:\Windows\System32\JOUxwzt.exe
  C:\Windows\System32\JOUxwzt.exe
  2⤵
  PID:8920
- C:\Windows\System32\wPazTpk.exe
  C:\Windows\System32\wPazTpk.exe
  2⤵
  PID:8984
- C:\Windows\System32\OGbTbqe.exe
  C:\Windows\System32\OGbTbqe.exe
  2⤵
  PID:9076
- C:\Windows\System32\pixZVaV.exe
  C:\Windows\System32\pixZVaV.exe
  2⤵
  PID:9096
- C:\Windows\System32\lrLggkM.exe
  C:\Windows\System32\lrLggkM.exe
  2⤵
  PID:9124
- C:\Windows\System32\DGeHYpa.exe
  C:\Windows\System32\DGeHYpa.exe
  2⤵
  PID:9200
- C:\Windows\System32\PqRCnGe.exe
  C:\Windows\System32\PqRCnGe.exe
  2⤵
  PID:332
- C:\Windows\System32\WUxSgCj.exe
  C:\Windows\System32\WUxSgCj.exe
  2⤵
  PID:7352
- C:\Windows\System32\lfJOgNP.exe
  C:\Windows\System32\lfJOgNP.exe
  2⤵
  PID:7800
- C:\Windows\System32\QrbAhfj.exe
  C:\Windows\System32\QrbAhfj.exe
  2⤵
  PID:8236
- C:\Windows\System32\WTxFjhf.exe
  C:\Windows\System32\WTxFjhf.exe
  2⤵
  PID:2140
- C:\Windows\System32\uXxqCXS.exe
  C:\Windows\System32\uXxqCXS.exe
  2⤵
  PID:3788
- C:\Windows\System32\CwrBsXp.exe
  C:\Windows\System32\CwrBsXp.exe
  2⤵
  PID:1380
- C:\Windows\System32\CjDWIpv.exe
  C:\Windows\System32\CjDWIpv.exe
  2⤵
  PID:8376
- C:\Windows\System32\ABCzDHL.exe
  C:\Windows\System32\ABCzDHL.exe
  2⤵
  PID:5064
- C:\Windows\System32\jiNliDl.exe
  C:\Windows\System32\jiNliDl.exe
  2⤵
  PID:8420
- C:\Windows\System32\ovGQuqO.exe
  C:\Windows\System32\ovGQuqO.exe
  2⤵
  PID:1576
- C:\Windows\System32\QMbufDb.exe
  C:\Windows\System32\QMbufDb.exe
  2⤵
  PID:2144
- C:\Windows\System32\hLrPsdu.exe
  C:\Windows\System32\hLrPsdu.exe
  2⤵
  PID:1740
- C:\Windows\System32\jAvNMhk.exe
  C:\Windows\System32\jAvNMhk.exe
  2⤵
  PID:1152
- C:\Windows\System32\kOfbhCA.exe
  C:\Windows\System32\kOfbhCA.exe
  2⤵
  PID:2760
- C:\Windows\System32\SjfVXoj.exe
  C:\Windows\System32\SjfVXoj.exe
  2⤵
  PID:8500
- C:\Windows\System32\NQwpfaY.exe
  C:\Windows\System32\NQwpfaY.exe
  2⤵
  PID:8624
- C:\Windows\System32\OFSlvVr.exe
  C:\Windows\System32\OFSlvVr.exe
  2⤵
  PID:8712
- C:\Windows\System32\aiSVIMK.exe
  C:\Windows\System32\aiSVIMK.exe
  2⤵
  PID:8812
- C:\Windows\System32\DUYgfaz.exe
  C:\Windows\System32\DUYgfaz.exe
  2⤵
  PID:8832
- C:\Windows\System32\PDulCKd.exe
  C:\Windows\System32\PDulCKd.exe
  2⤵
  PID:8996
- C:\Windows\System32\krruKfn.exe
  C:\Windows\System32\krruKfn.exe
  2⤵
  PID:2504
- C:\Windows\System32\YWccpgY.exe
  C:\Windows\System32\YWccpgY.exe
  2⤵
  PID:9088
- C:\Windows\System32\FWutIng.exe
  C:\Windows\System32\FWutIng.exe
  2⤵
  PID:8864
- C:\Windows\System32\pIKaVSj.exe
  C:\Windows\System32\pIKaVSj.exe
  2⤵
  PID:9172
- C:\Windows\System32\SlnTEeM.exe
  C:\Windows\System32\SlnTEeM.exe
  2⤵
  PID:9108
- C:\Windows\System32\sKyOnxz.exe
  C:\Windows\System32\sKyOnxz.exe
  2⤵
  PID:7176
- C:\Windows\System32\tmhPbui.exe
  C:\Windows\System32\tmhPbui.exe
  2⤵
  PID:8228
- C:\Windows\System32\GtxiRMj.exe
  C:\Windows\System32\GtxiRMj.exe
  2⤵
  PID:8328
- C:\Windows\System32\makgcus.exe
  C:\Windows\System32\makgcus.exe
  2⤵
  PID:1164
- C:\Windows\System32\WxsESdX.exe
  C:\Windows\System32\WxsESdX.exe
  2⤵
  PID:956
- C:\Windows\System32\vkIBTtx.exe
  C:\Windows\System32\vkIBTtx.exe
  2⤵
  PID:8476
- C:\Windows\System32\ZqzaNCd.exe
  C:\Windows\System32\ZqzaNCd.exe
  2⤵
  PID:8504
- C:\Windows\System32\BmZojPa.exe
  C:\Windows\System32\BmZojPa.exe
  2⤵
  PID:8644
- C:\Windows\System32\SNaIGCP.exe
  C:\Windows\System32\SNaIGCP.exe
  2⤵
  PID:8932
- C:\Windows\System32\cYduzGJ.exe
  C:\Windows\System32\cYduzGJ.exe
  2⤵
  PID:448
- C:\Windows\System32\yxQACrs.exe
  C:\Windows\System32\yxQACrs.exe
  2⤵
  PID:4224
- C:\Windows\System32\PrLhgVE.exe
  C:\Windows\System32\PrLhgVE.exe
  2⤵
  PID:9104
- C:\Windows\System32\HJjAlin.exe
  C:\Windows\System32\HJjAlin.exe
  2⤵
  PID:3356
- C:\Windows\System32\WVSHtRK.exe
  C:\Windows\System32\WVSHtRK.exe
  2⤵
  PID:4964
- C:\Windows\System32\ZwjmXeG.exe
  C:\Windows\System32\ZwjmXeG.exe
  2⤵
  PID:396
- C:\Windows\System32\FJglJOK.exe
  C:\Windows\System32\FJglJOK.exe
  2⤵
  PID:8956
- C:\Windows\System32\ByTaWNp.exe
  C:\Windows\System32\ByTaWNp.exe
  2⤵
  PID:9084
- C:\Windows\System32\qBhYeTm.exe
  C:\Windows\System32\qBhYeTm.exe
  2⤵
  PID:920
- C:\Windows\System32\oiUcasq.exe
  C:\Windows\System32\oiUcasq.exe
  2⤵
  PID:732
- C:\Windows\System32\fDwTDnR.exe
  C:\Windows\System32\fDwTDnR.exe
  2⤵
  PID:8972
- C:\Windows\System32\xvnJmza.exe
  C:\Windows\System32\xvnJmza.exe
  2⤵
  PID:9232
- C:\Windows\System32\KgGtEJv.exe
  C:\Windows\System32\KgGtEJv.exe
  2⤵
  PID:9288
- C:\Windows\System32\MctOsQE.exe
  C:\Windows\System32\MctOsQE.exe
  2⤵
  PID:9304
- C:\Windows\System32\dEKjcEO.exe
  C:\Windows\System32\dEKjcEO.exe
  2⤵
  PID:9332
- C:\Windows\System32\VYjGkHJ.exe
  C:\Windows\System32\VYjGkHJ.exe
  2⤵
  PID:9352
- C:\Windows\System32\ckNdwNs.exe
  C:\Windows\System32\ckNdwNs.exe
  2⤵
  PID:9388
- C:\Windows\System32\smLHkCc.exe
  C:\Windows\System32\smLHkCc.exe
  2⤵
  PID:9420
- C:\Windows\System32\mCpdTLJ.exe
  C:\Windows\System32\mCpdTLJ.exe
  2⤵
  PID:9456
- C:\Windows\System32\PeYnDTK.exe
  C:\Windows\System32\PeYnDTK.exe
  2⤵
  PID:9472
- C:\Windows\System32\fGAMBsd.exe
  C:\Windows\System32\fGAMBsd.exe
  2⤵
  PID:9520
- C:\Windows\System32\MJDLZYe.exe
  C:\Windows\System32\MJDLZYe.exe
  2⤵
  PID:9560
- C:\Windows\System32\HUzxNGd.exe
  C:\Windows\System32\HUzxNGd.exe
  2⤵
  PID:9600
- C:\Windows\System32\rDCowzF.exe
  C:\Windows\System32\rDCowzF.exe
  2⤵
  PID:9656
- C:\Windows\System32\CXxdYwz.exe
  C:\Windows\System32\CXxdYwz.exe
  2⤵
  PID:9676
- C:\Windows\System32\QlirNlw.exe
  C:\Windows\System32\QlirNlw.exe
  2⤵
  PID:9716
- C:\Windows\System32\mWEDxVo.exe
  C:\Windows\System32\mWEDxVo.exe
  2⤵
  PID:9744
- C:\Windows\System32\OoWtIKo.exe
  C:\Windows\System32\OoWtIKo.exe
  2⤵
  PID:9768
- C:\Windows\System32\uIziKGV.exe
  C:\Windows\System32\uIziKGV.exe
  2⤵
  PID:9796
- C:\Windows\System32\yHFgfjy.exe
  C:\Windows\System32\yHFgfjy.exe
  2⤵
  PID:9844
- C:\Windows\System32\JfyCgRj.exe
  C:\Windows\System32\JfyCgRj.exe
  2⤵
  PID:9868
- C:\Windows\System32\XTJiRNV.exe
  C:\Windows\System32\XTJiRNV.exe
  2⤵
  PID:9904
- C:\Windows\System32\ofMpGQV.exe
  C:\Windows\System32\ofMpGQV.exe
  2⤵
  PID:9960
- C:\Windows\System32\CiHyJhR.exe
  C:\Windows\System32\CiHyJhR.exe
  2⤵
  PID:10004
- C:\Windows\System32\RviFeDf.exe
  C:\Windows\System32\RviFeDf.exe
  2⤵
  PID:10032
- C:\Windows\System32\WvuBCMt.exe
  C:\Windows\System32\WvuBCMt.exe
  2⤵
  PID:10060
- C:\Windows\System32\UrRLsBs.exe
  C:\Windows\System32\UrRLsBs.exe
  2⤵
  PID:10080
- C:\Windows\System32\jcJmEhz.exe
  C:\Windows\System32\jcJmEhz.exe
  2⤵
  PID:10112
- C:\Windows\System32\rFitGgN.exe
  C:\Windows\System32\rFitGgN.exe
  2⤵
  PID:10132
- C:\Windows\System32\SMReiFY.exe
  C:\Windows\System32\SMReiFY.exe
  2⤵
  PID:10160
- C:\Windows\System32\DRXGwFF.exe
  C:\Windows\System32\DRXGwFF.exe
  2⤵
  PID:10216
- C:\Windows\System32\ywqShZA.exe
  C:\Windows\System32\ywqShZA.exe
  2⤵
  PID:3392
- C:\Windows\System32\Uhnwggs.exe
  C:\Windows\System32\Uhnwggs.exe
  2⤵
  PID:8948
- C:\Windows\System32\snafpPs.exe
  C:\Windows\System32\snafpPs.exe
  2⤵
  PID:9064
- C:\Windows\System32\fSrxvRt.exe
  C:\Windows\System32\fSrxvRt.exe
  2⤵
  PID:9324
- C:\Windows\System32\hPJiMje.exe
  C:\Windows\System32\hPJiMje.exe
  2⤵
  PID:9340
- C:\Windows\System32\SMleUHS.exe
  C:\Windows\System32\SMleUHS.exe
  2⤵
  PID:9444
- C:\Windows\System32\zkHEOaF.exe
  C:\Windows\System32\zkHEOaF.exe
  2⤵
  PID:9544
- C:\Windows\System32\mocGHSR.exe
  C:\Windows\System32\mocGHSR.exe
  2⤵
  PID:9664
- C:\Windows\System32\nuiKkIx.exe
  C:\Windows\System32\nuiKkIx.exe
  2⤵
  PID:9740
- C:\Windows\System32\blugDwj.exe
  C:\Windows\System32\blugDwj.exe
  2⤵
  PID:9816
- C:\Windows\System32\ucBXuXz.exe
  C:\Windows\System32\ucBXuXz.exe
  2⤵
  PID:9864
- C:\Windows\System32\Fevmuer.exe
  C:\Windows\System32\Fevmuer.exe
  2⤵
  PID:9976
- C:\Windows\System32\NqkwocO.exe
  C:\Windows\System32\NqkwocO.exe
  2⤵
  PID:10076
- C:\Windows\System32\gRDqqfo.exe
  C:\Windows\System32\gRDqqfo.exe
  2⤵
  PID:10144
- C:\Windows\System32\MJheCsN.exe
  C:\Windows\System32\MJheCsN.exe
  2⤵
  PID:9224
- C:\Windows\System32\RmzqjOX.exe
  C:\Windows\System32\RmzqjOX.exe
  2⤵
  PID:9372
- C:\Windows\System32\kSySkfU.exe
  C:\Windows\System32\kSySkfU.exe
  2⤵
  PID:3048
- C:\Windows\System32\oXXPKLU.exe
  C:\Windows\System32\oXXPKLU.exe
  2⤵
  PID:9624
- C:\Windows\System32\CQFPLCS.exe
  C:\Windows\System32\CQFPLCS.exe
  2⤵
  PID:9828
- C:\Windows\System32\RzdJkRt.exe
  C:\Windows\System32\RzdJkRt.exe
  2⤵
  PID:10180
- C:\Windows\System32\wtkzJbf.exe
  C:\Windows\System32\wtkzJbf.exe
  2⤵
  PID:9432
- C:\Windows\System32\kQpMViy.exe
  C:\Windows\System32\kQpMViy.exe
  2⤵
  PID:9780
- C:\Windows\System32\kkpUFvl.exe
  C:\Windows\System32\kkpUFvl.exe
  2⤵
  PID:10120
- C:\Windows\System32\rzASIqu.exe
  C:\Windows\System32\rzASIqu.exe
  2⤵
  PID:10248
- C:\Windows\System32\EhPyzZv.exe
  C:\Windows\System32\EhPyzZv.exe
  2⤵
  PID:10276
- C:\Windows\System32\ltKfoAo.exe
  C:\Windows\System32\ltKfoAo.exe
  2⤵
  PID:10292
- C:\Windows\System32\BUttysk.exe
  C:\Windows\System32\BUttysk.exe
  2⤵
  PID:10336
- C:\Windows\System32\pzIESBW.exe
  C:\Windows\System32\pzIESBW.exe
  2⤵
  PID:10364
- C:\Windows\System32\NfWdGUy.exe
  C:\Windows\System32\NfWdGUy.exe
  2⤵
  PID:10380
- C:\Windows\System32\zBWPogU.exe
  C:\Windows\System32\zBWPogU.exe
  2⤵
  PID:10420
- C:\Windows\System32\KcoyiyM.exe
  C:\Windows\System32\KcoyiyM.exe
  2⤵
  PID:10448
- C:\Windows\System32\ChpRyrc.exe
  C:\Windows\System32\ChpRyrc.exe
  2⤵
  PID:10476
- C:\Windows\System32\ZGOHdsA.exe
  C:\Windows\System32\ZGOHdsA.exe
  2⤵
  PID:10492
- C:\Windows\System32\JhoDNHa.exe
  C:\Windows\System32\JhoDNHa.exe
  2⤵
  PID:10520
- C:\Windows\System32\gKXhCDh.exe
  C:\Windows\System32\gKXhCDh.exe
  2⤵
  PID:10552
- C:\Windows\System32\uECmMsX.exe
  C:\Windows\System32\uECmMsX.exe
  2⤵
  PID:10588
- C:\Windows\System32\kdwJyhc.exe
  C:\Windows\System32\kdwJyhc.exe
  2⤵
  PID:10608
- C:\Windows\System32\CeoUPmN.exe
  C:\Windows\System32\CeoUPmN.exe
  2⤵
  PID:10636
- C:\Windows\System32\vWmoygc.exe
  C:\Windows\System32\vWmoygc.exe
  2⤵
  PID:10660
- C:\Windows\System32\lfXJAcJ.exe
  C:\Windows\System32\lfXJAcJ.exe
  2⤵
  PID:10688
- C:\Windows\System32\ilIlaqp.exe
  C:\Windows\System32\ilIlaqp.exe
  2⤵
  PID:10732
- C:\Windows\System32\pOatIeI.exe
  C:\Windows\System32\pOatIeI.exe
  2⤵
  PID:10756
- C:\Windows\System32\qYBTOnP.exe
  C:\Windows\System32\qYBTOnP.exe
  2⤵
  PID:10784
- C:\Windows\System32\XBXNjfs.exe
  C:\Windows\System32\XBXNjfs.exe
  2⤵
  PID:10812
- C:\Windows\System32\iIJGqUJ.exe
  C:\Windows\System32\iIJGqUJ.exe
  2⤵
  PID:10832
- C:\Windows\System32\YBgVLRL.exe
  C:\Windows\System32\YBgVLRL.exe
  2⤵
  PID:10868
- C:\Windows\System32\OfSlioY.exe
  C:\Windows\System32\OfSlioY.exe
  2⤵
  PID:10884
- C:\Windows\System32\obUBSNF.exe
  C:\Windows\System32\obUBSNF.exe
  2⤵
  PID:10924
- C:\Windows\System32\qpeHxkV.exe
  C:\Windows\System32\qpeHxkV.exe
  2⤵
  PID:10952
- C:\Windows\System32\BXfuqHI.exe
  C:\Windows\System32\BXfuqHI.exe
  2⤵
  PID:10980
- C:\Windows\System32\GiUCOCJ.exe
  C:\Windows\System32\GiUCOCJ.exe
  2⤵
  PID:11008
- C:\Windows\System32\qMVXvkb.exe
  C:\Windows\System32\qMVXvkb.exe
  2⤵
  PID:11044
- C:\Windows\System32\dQgfIGW.exe
  C:\Windows\System32\dQgfIGW.exe
  2⤵
  PID:11092
- C:\Windows\System32\coBeKJO.exe
  C:\Windows\System32\coBeKJO.exe
  2⤵
  PID:11112
- C:\Windows\System32\ZFjVqOf.exe
  C:\Windows\System32\ZFjVqOf.exe
  2⤵
  PID:11152
- C:\Windows\System32\mfsQPPQ.exe
  C:\Windows\System32\mfsQPPQ.exe
  2⤵
  PID:11180
- C:\Windows\System32\CyglViK.exe
  C:\Windows\System32\CyglViK.exe
  2⤵
  PID:11208
- C:\Windows\System32\GYbWTVq.exe
  C:\Windows\System32\GYbWTVq.exe
  2⤵
  PID:11236
- C:\Windows\System32\yREuqTj.exe
  C:\Windows\System32\yREuqTj.exe
  2⤵
  PID:9260
- C:\Windows\System32\sNJimpg.exe
  C:\Windows\System32\sNJimpg.exe
  2⤵
  PID:10284
- C:\Windows\System32\BUUfmkL.exe
  C:\Windows\System32\BUUfmkL.exe
  2⤵
  PID:10360
- C:\Windows\System32\seApwcZ.exe
  C:\Windows\System32\seApwcZ.exe
  2⤵
  PID:10432
- C:\Windows\System32\NDKIdkG.exe
  C:\Windows\System32\NDKIdkG.exe
  2⤵
  PID:10484
- C:\Windows\System32\AiKHKmo.exe
  C:\Windows\System32\AiKHKmo.exe
  2⤵
  PID:10560
- C:\Windows\System32\ETPURim.exe
  C:\Windows\System32\ETPURim.exe
  2⤵
  PID:10616
- C:\Windows\System32\rjngkpO.exe
  C:\Windows\System32\rjngkpO.exe
  2⤵
  PID:10712
- C:\Windows\System32\qQURZlS.exe
  C:\Windows\System32\qQURZlS.exe
  2⤵
  PID:10768
- C:\Windows\System32\RbAhrKj.exe
  C:\Windows\System32\RbAhrKj.exe
  2⤵
  PID:10808
- C:\Windows\System32\cSmjCzN.exe
  C:\Windows\System32\cSmjCzN.exe
  2⤵
  PID:10904
- C:\Windows\System32\TKWbBhE.exe
  C:\Windows\System32\TKWbBhE.exe
  2⤵
  PID:10964
- C:\Windows\System32\cMBmBDf.exe
  C:\Windows\System32\cMBmBDf.exe
  2⤵
  PID:11032
- C:\Windows\System32\rQtJXEZ.exe
  C:\Windows\System32\rQtJXEZ.exe
  2⤵
  PID:11124
- C:\Windows\System32\PCQlxfY.exe
  C:\Windows\System32\PCQlxfY.exe
  2⤵
  PID:11192
- C:\Windows\System32\QTFKcKk.exe
  C:\Windows\System32\QTFKcKk.exe
  2⤵
  PID:11252
- C:\Windows\System32\jSPMAbY.exe
  C:\Windows\System32\jSPMAbY.exe
  2⤵
  PID:10348
- C:\Windows\System32\JwtPqWT.exe
  C:\Windows\System32\JwtPqWT.exe
  2⤵
  PID:10488
- C:\Windows\System32\lFWAkNG.exe
  C:\Windows\System32\lFWAkNG.exe
  2⤵
  PID:10596
- C:\Windows\System32\vYdvjzo.exe
  C:\Windows\System32\vYdvjzo.exe
  2⤵
  PID:10748
- C:\Windows\System32\dpepMbK.exe
  C:\Windows\System32\dpepMbK.exe
  2⤵
  PID:10948
- C:\Windows\System32\HauTfhF.exe
  C:\Windows\System32\HauTfhF.exe
  2⤵
  PID:11108
- C:\Windows\System32\nmVBiqB.exe
  C:\Windows\System32\nmVBiqB.exe
  2⤵
  PID:10260
- C:\Windows\System32\ZwimFZJ.exe
  C:\Windows\System32\ZwimFZJ.exe
  2⤵
  PID:10620
- C:\Windows\System32\BYdDNSy.exe
  C:\Windows\System32\BYdDNSy.exe
  2⤵
  PID:10864
- C:\Windows\System32\vkowYcJ.exe
  C:\Windows\System32\vkowYcJ.exe
  2⤵
  PID:11228
- C:\Windows\System32\NUNByZz.exe
  C:\Windows\System32\NUNByZz.exe
  2⤵
  PID:11080
- C:\Windows\System32\YErrdFN.exe
  C:\Windows\System32\YErrdFN.exe
  2⤵
  PID:5048
- C:\Windows\System32\mdSnHXH.exe
  C:\Windows\System32\mdSnHXH.exe
  2⤵
  PID:11304
- C:\Windows\System32\ddqbGYg.exe
  C:\Windows\System32\ddqbGYg.exe
  2⤵
  PID:11324
- C:\Windows\System32\WGszWnC.exe
  C:\Windows\System32\WGszWnC.exe
  2⤵
  PID:11348
- C:\Windows\System32\eTpuVFe.exe
  C:\Windows\System32\eTpuVFe.exe
  2⤵
  PID:11388
- C:\Windows\System32\JjAXIYm.exe
  C:\Windows\System32\JjAXIYm.exe
  2⤵
  PID:11416
- C:\Windows\System32\wgqrhqy.exe
  C:\Windows\System32\wgqrhqy.exe
  2⤵
  PID:11444
- C:\Windows\System32\kDoKjIH.exe
  C:\Windows\System32\kDoKjIH.exe
  2⤵
  PID:11472
- C:\Windows\System32\uTVEenl.exe
  C:\Windows\System32\uTVEenl.exe
  2⤵
  PID:11500
- C:\Windows\System32\YRRsQfU.exe
  C:\Windows\System32\YRRsQfU.exe
  2⤵
  PID:11528
- C:\Windows\System32\gKsCacM.exe
  C:\Windows\System32\gKsCacM.exe
  2⤵
  PID:11552
- C:\Windows\System32\nQKQCNu.exe
  C:\Windows\System32\nQKQCNu.exe
  2⤵
  PID:11604
- C:\Windows\System32\hfoDtVl.exe
  C:\Windows\System32\hfoDtVl.exe
  2⤵
  PID:11644
- C:\Windows\System32\SWvZPpx.exe
  C:\Windows\System32\SWvZPpx.exe
  2⤵
  PID:11676
- C:\Windows\System32\aPgnjrb.exe
  C:\Windows\System32\aPgnjrb.exe
  2⤵
  PID:11692
- C:\Windows\System32\CSfdYDC.exe
  C:\Windows\System32\CSfdYDC.exe
  2⤵
  PID:11720
- C:\Windows\System32\XPQwtNb.exe
  C:\Windows\System32\XPQwtNb.exe
  2⤵
  PID:11760
- C:\Windows\System32\ElXSXxP.exe
  C:\Windows\System32\ElXSXxP.exe
  2⤵
  PID:11788
- C:\Windows\System32\GVJTRVA.exe
  C:\Windows\System32\GVJTRVA.exe
  2⤵
  PID:11816
- C:\Windows\System32\hDueyiq.exe
  C:\Windows\System32\hDueyiq.exe
  2⤵
  PID:11844
- C:\Windows\System32\SnnqSQk.exe
  C:\Windows\System32\SnnqSQk.exe
  2⤵
  PID:11860
- C:\Windows\System32\ECCHKUx.exe
  C:\Windows\System32\ECCHKUx.exe
  2⤵
  PID:11900
- C:\Windows\System32\QHMBlur.exe
  C:\Windows\System32\QHMBlur.exe
  2⤵
  PID:11928
- C:\Windows\System32\qDOyVZr.exe
  C:\Windows\System32\qDOyVZr.exe
  2⤵
  PID:11944
- C:\Windows\System32\ZRTszrF.exe
  C:\Windows\System32\ZRTszrF.exe
  2⤵
  PID:11984
- C:\Windows\System32\SxDZjFb.exe
  C:\Windows\System32\SxDZjFb.exe
  2⤵
  PID:12012
- C:\Windows\System32\rGeWhRs.exe
  C:\Windows\System32\rGeWhRs.exe
  2⤵
  PID:12040
- C:\Windows\System32\agYdMQN.exe
  C:\Windows\System32\agYdMQN.exe
  2⤵
  PID:12068
- C:\Windows\System32\wYNKHKv.exe
  C:\Windows\System32\wYNKHKv.exe
  2⤵
  PID:12100
- C:\Windows\System32\EPiREBg.exe
  C:\Windows\System32\EPiREBg.exe
  2⤵
  PID:12128
- C:\Windows\System32\TyscWNs.exe
  C:\Windows\System32\TyscWNs.exe
  2⤵
  PID:12144
- C:\Windows\System32\mpDchHh.exe
  C:\Windows\System32\mpDchHh.exe
  2⤵
  PID:12184
- C:\Windows\System32\kPxdUwO.exe
  C:\Windows\System32\kPxdUwO.exe
  2⤵
  PID:12200
- C:\Windows\System32\AYyEEmQ.exe
  C:\Windows\System32\AYyEEmQ.exe
  2⤵
  PID:12248
- C:\Windows\System32\nYYgFlF.exe
  C:\Windows\System32\nYYgFlF.exe
  2⤵
  PID:12276
- C:\Windows\System32\itWcrWf.exe
  C:\Windows\System32\itWcrWf.exe
  2⤵
  PID:11280
- C:\Windows\System32\xQEfwtL.exe
  C:\Windows\System32\xQEfwtL.exe
  2⤵
  PID:11360
- C:\Windows\System32\cYvwtUq.exe
  C:\Windows\System32\cYvwtUq.exe
  2⤵
  PID:11428
- C:\Windows\System32\PNzFXCI.exe
  C:\Windows\System32\PNzFXCI.exe
  2⤵
  PID:11492
- C:\Windows\System32\VwDkolK.exe
  C:\Windows\System32\VwDkolK.exe
  2⤵
  PID:11576
- C:\Windows\System32\edRctlE.exe
  C:\Windows\System32\edRctlE.exe
  2⤵
  PID:11656
- C:\Windows\System32\pdNsLrL.exe
  C:\Windows\System32\pdNsLrL.exe
  2⤵
  PID:11716
- C:\Windows\System32\vmJilNM.exe
  C:\Windows\System32\vmJilNM.exe
  2⤵
  PID:11780
- C:\Windows\System32\exlNgOY.exe
  C:\Windows\System32\exlNgOY.exe
  2⤵
  PID:11800
- C:\Windows\System32\BRuhWlm.exe
  C:\Windows\System32\BRuhWlm.exe
  2⤵
  PID:11836
- C:\Windows\System32\DChFjTF.exe
  C:\Windows\System32\DChFjTF.exe
  2⤵
  PID:11936
- C:\Windows\System32\ofXDVzl.exe
  C:\Windows\System32\ofXDVzl.exe
  2⤵
  PID:12032
- C:\Windows\System32\uuXCYNK.exe
  C:\Windows\System32\uuXCYNK.exe
  2⤵
  PID:12088
- C:\Windows\System32\QtNWswm.exe
  C:\Windows\System32\QtNWswm.exe
  2⤵
  PID:12140
- C:\Windows\System32\HHhQMUK.exe
  C:\Windows\System32\HHhQMUK.exe
  2⤵
  PID:12240
- C:\Windows\System32\itMxYEe.exe
  C:\Windows\System32\itMxYEe.exe
  2⤵
  PID:12260
- C:\Windows\System32\LoPLMZP.exe
  C:\Windows\System32\LoPLMZP.exe
  2⤵
  PID:11412
- C:\Windows\System32\RNMSeHz.exe
  C:\Windows\System32\RNMSeHz.exe
  2⤵
  PID:11600
- C:\Windows\System32\fQEZeav.exe
  C:\Windows\System32\fQEZeav.exe
  2⤵
  PID:11748
- C:\Windows\System32\OBNuUxB.exe
  C:\Windows\System32\OBNuUxB.exe
  2⤵
  PID:11832
- C:\Windows\System32\GAjtEkE.exe
  C:\Windows\System32\GAjtEkE.exe
  2⤵
  PID:12080
- C:\Windows\System32\LBVkToP.exe
  C:\Windows\System32\LBVkToP.exe
  2⤵
  PID:12176
- C:\Windows\System32\XEATRfL.exe
  C:\Windows\System32\XEATRfL.exe
  2⤵
  PID:11540
- C:\Windows\System32\sloMYpd.exe
  C:\Windows\System32\sloMYpd.exe
  2⤵
  PID:11912
- C:\Windows\System32\iIOPeNx.exe
  C:\Windows\System32\iIOPeNx.exe
  2⤵
  PID:12196
- C:\Windows\System32\RlIHBuE.exe
  C:\Windows\System32\RlIHBuE.exe
  2⤵
  PID:1264
- C:\Windows\System32\bcIBfgb.exe
  C:\Windows\System32\bcIBfgb.exe
  2⤵
  PID:4364
- C:\Windows\System32\GPNaLLd.exe
  C:\Windows\System32\GPNaLLd.exe
  2⤵
  PID:4580
- C:\Windows\System32\eYFQrRI.exe
  C:\Windows\System32\eYFQrRI.exe
  2⤵
  PID:432
- C:\Windows\System32\heqeLpg.exe
  C:\Windows\System32\heqeLpg.exe
  2⤵
  PID:12316
- C:\Windows\System32\yvshLjo.exe
  C:\Windows\System32\yvshLjo.exe
  2⤵
  PID:12344
- C:\Windows\System32\pkjREZE.exe
  C:\Windows\System32\pkjREZE.exe
  2⤵
  PID:12372
- C:\Windows\System32\RGLPcit.exe
  C:\Windows\System32\RGLPcit.exe
  2⤵
  PID:12392
- C:\Windows\System32\JpvynEp.exe
  C:\Windows\System32\JpvynEp.exe
  2⤵
  PID:12428
- C:\Windows\System32\pplNSyL.exe
  C:\Windows\System32\pplNSyL.exe
  2⤵
  PID:12456
- C:\Windows\System32\tjjRkWC.exe
  C:\Windows\System32\tjjRkWC.exe
  2⤵
  PID:12484
- C:\Windows\System32\qMHAvLj.exe
  C:\Windows\System32\qMHAvLj.exe
  2⤵
  PID:12512
- C:\Windows\System32\WEaZaye.exe
  C:\Windows\System32\WEaZaye.exe
  2⤵
  PID:12540
- C:\Windows\System32\izFqdUf.exe
  C:\Windows\System32\izFqdUf.exe
  2⤵
  PID:12568
- C:\Windows\System32\pDDlfsF.exe
  C:\Windows\System32\pDDlfsF.exe
  2⤵
  PID:12592
- C:\Windows\System32\aFjNexr.exe
  C:\Windows\System32\aFjNexr.exe
  2⤵
  PID:12624
- C:\Windows\System32\kJHFMVW.exe
  C:\Windows\System32\kJHFMVW.exe
  2⤵
  PID:12652
- C:\Windows\System32\etjrwts.exe
  C:\Windows\System32\etjrwts.exe
  2⤵
  PID:12680
- C:\Windows\System32\THgfAiq.exe
  C:\Windows\System32\THgfAiq.exe
  2⤵
  PID:12708
- C:\Windows\System32\AYhGaIG.exe
  C:\Windows\System32\AYhGaIG.exe
  2⤵
  PID:12732
- C:\Windows\System32\YVNTVHN.exe
  C:\Windows\System32\YVNTVHN.exe
  2⤵
  PID:12764
- C:\Windows\System32\XSafPrd.exe
  C:\Windows\System32\XSafPrd.exe
  2⤵
  PID:12792
- C:\Windows\System32\Fwvmyos.exe
  C:\Windows\System32\Fwvmyos.exe
  2⤵
  PID:12820
- C:\Windows\System32\cyeKsje.exe
  C:\Windows\System32\cyeKsje.exe
  2⤵
  PID:12848
- C:\Windows\System32\GrHVxEe.exe
  C:\Windows\System32\GrHVxEe.exe
  2⤵
  PID:12876
- C:\Windows\System32\BHnyesA.exe
  C:\Windows\System32\BHnyesA.exe
  2⤵
  PID:12896
- C:\Windows\System32\xeDMtia.exe
  C:\Windows\System32\xeDMtia.exe
  2⤵
  PID:12932
- C:\Windows\System32\JqkHLpN.exe
  C:\Windows\System32\JqkHLpN.exe
  2⤵
  PID:12952
- C:\Windows\System32\HHjuCaa.exe
  C:\Windows\System32\HHjuCaa.exe
  2⤵
  PID:12988
- C:\Windows\System32\WYWhzDi.exe
  C:\Windows\System32\WYWhzDi.exe
  2⤵
  PID:13016
- C:\Windows\System32\OKAssOh.exe
  C:\Windows\System32\OKAssOh.exe
  2⤵
  PID:13044
- C:\Windows\System32\VVcTOni.exe
  C:\Windows\System32\VVcTOni.exe
  2⤵
  PID:13072
- C:\Windows\System32\MprkJci.exe
  C:\Windows\System32\MprkJci.exe
  2⤵
  PID:13088
- C:\Windows\System32\BZAxOic.exe
  C:\Windows\System32\BZAxOic.exe
  2⤵
  PID:13128
- C:\Windows\System32\wyhAsGS.exe
  C:\Windows\System32\wyhAsGS.exe
  2⤵
  PID:13164
- C:\Windows\System32\qHxqurV.exe
  C:\Windows\System32\qHxqurV.exe
  2⤵
  PID:13184
- C:\Windows\System32\hsjagAI.exe
  C:\Windows\System32\hsjagAI.exe
  2⤵
  PID:13212
- C:\Windows\System32\zmzeOfp.exe
  C:\Windows\System32\zmzeOfp.exe
  2⤵
  PID:13240
- C:\Windows\System32\PFcRURA.exe
  C:\Windows\System32\PFcRURA.exe
  2⤵
  PID:13268
- C:\Windows\System32\zCRtJvM.exe
  C:\Windows\System32\zCRtJvM.exe
  2⤵
  PID:13296
- C:\Windows\System32\AkUWlrV.exe
  C:\Windows\System32\AkUWlrV.exe
  2⤵
  PID:12300
- C:\Windows\System32\sfgvybf.exe
  C:\Windows\System32\sfgvybf.exe
  2⤵
  PID:12368
- C:\Windows\System32\gzGLbiI.exe
  C:\Windows\System32\gzGLbiI.exe
  2⤵
  PID:12440
- C:\Windows\System32\rxpTXJa.exe
  C:\Windows\System32\rxpTXJa.exe
  2⤵
  PID:12504
- C:\Windows\System32\cGrWdmz.exe
  C:\Windows\System32\cGrWdmz.exe
  2⤵
  PID:12564
- C:\Windows\System32\WYhnfCz.exe
  C:\Windows\System32\WYhnfCz.exe
  2⤵
  PID:12668
- C:\Windows\System32\tvsxZem.exe
  C:\Windows\System32\tvsxZem.exe
  2⤵
  PID:12704
- C:\Windows\System32\FUKRVyV.exe
  C:\Windows\System32\FUKRVyV.exe
  2⤵
  PID:12776
- C:\Windows\System32\JLtoYyv.exe
  C:\Windows\System32\JLtoYyv.exe
  2⤵
  PID:12868
- C:\Windows\System32\bIrVsWO.exe
  C:\Windows\System32\bIrVsWO.exe
  2⤵
  PID:12972
- C:\Windows\System32\PYUJOte.exe
  C:\Windows\System32\PYUJOte.exe
  2⤵
  PID:13040
- C:\Windows\System32\DBzebVx.exe
  C:\Windows\System32\DBzebVx.exe
  2⤵
  PID:13100
- C:\Windows\System32\mbJZxnQ.exe
  C:\Windows\System32\mbJZxnQ.exe
  2⤵
  PID:13204
- C:\Windows\System32\RTCwxWQ.exe
  C:\Windows\System32\RTCwxWQ.exe
  2⤵
  PID:13288
- C:\Windows\System32\NiECOat.exe
  C:\Windows\System32\NiECOat.exe
  2⤵
  PID:11332
- C:\Windows\System32\xBEtmch.exe
  C:\Windows\System32\xBEtmch.exe
  2⤵
  PID:12496
- C:\Windows\System32\kMuLdOU.exe
  C:\Windows\System32\kMuLdOU.exe
  2⤵
  PID:12676
- C:\Windows\System32\xNckAaP.exe
  C:\Windows\System32\xNckAaP.exe
  2⤵
  PID:12844

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AQZFHMT.exe

Filesize
3.1MB

MD5
8f13d1da57d6823172ac429e0829db48

SHA1
6a1fca3fe0e95418a76768bdc4be3afee17e4840

SHA256
83b8658a3a5702cc3f7d155f8d33a0cc190e3eb8ad01c0dd13f9027a5f2937b2

SHA512
d0a346dea464ffc530a2623e2c33855af88b86995acd2afa04fcfac1c687786291a72d038331435f3725ec5760d8e32f64bf967a4fe9acd57d09d754cae381fc

Download Submit
C:\Windows\System32\DAXvcvM.exe

Filesize
3.1MB

MD5
ce6799d4182733be95b1a407a5ece025

SHA1
179ebc7b0960ff70a93f72bb6da6df34a9dfe686

SHA256
f44fa07b5760c7581c0ddc95ebdba5bd2186b4ebfbc9df2a2063a0cb812e50c7

SHA512
381137ace9b8b368b9991ba22cd223065adf396814993f7c0a084d66e002b69218bced24c1dde7c972c222d1a4cf1063b80e199e2a3e4932e67065c2429e23d0

Download Submit
C:\Windows\System32\DwanaaR.exe

Filesize
3.1MB

MD5
05ac2ee346622c9030a21e0a91b0e91a

SHA1
25c87a933f7c2f0442646b5717eb0df522a976ca

SHA256
0ad6602f6ad651f47dda6d5700765de7cd8056e4045beb7b7394ae8d3ea96e93

SHA512
ce764ff3e6945328f3d305af5a6c16398bfdcb4f52fc39d1cd215826454b0040dc09f2390eb5b6416c8aaf68484d7cab14cdb00424de77bcb2971bfb7f76661d

Download Submit
C:\Windows\System32\EifYzTa.exe

Filesize
3.1MB

MD5
95792f43beda9047ccf5b46b882f7fc7

SHA1
f3cb1c58f072b1a6a3ae99bf50be28ee42a5384c

SHA256
094b16d53a129434665344514ad7e14ae93f8f69fdaa97a71f732b8a46d19824

SHA512
0f6d9f2264ebf07df0ad2140c844f6c14e801ecc7a1bf9c16ba510dc72d768cd6c7fcea7ed2c1e9e96e4be7e7041c786a41086b38cc662e3ee7a84b616360e9b

Download Submit
C:\Windows\System32\GpKmgme.exe

Filesize
3.1MB

MD5
d64443ee333ec89332046597884b16e8

SHA1
d8bfeb3edbd9c74e8feb507ebb6cb6d55089fad3

SHA256
cbe0c640c28e0b7581418e5a55b37214c7d47cf62a78fc3fbe84655b3b8d7ca6

SHA512
c4f41a15a851c3abc5e7a76dfc451fa64b4eaf724dea4217caf07af44f6022b9e0ced99c1f94cf6e872258f6798693fa418fe0eaadeb31df25d12b877f574dcd

Download Submit
C:\Windows\System32\HNOIXgy.exe

Filesize
3.1MB

MD5
add55138e0e7cb661246e4ec08d29975

SHA1
ec72913be2139c1ecc4de7b7d52c313dea552785

SHA256
ad6e3f23e5b1a29a8985f692878e84e743c570fc3320c3733d6e2d9637a4d519

SHA512
7d584b0ea33df3f01828e0bde3a1013cd7b986325f436484cf91d5a3b9468953af0d2628d62b7bdea04837588b8820c4a665e40c86f452bea29f0dd69e4faf5e

Download Submit
C:\Windows\System32\HQIcWMl.exe

Filesize
3.1MB

MD5
dd40c23bebf3524c7a3831dc394fdfe9

SHA1
6e44466d528cbb52936f49c33a233d5a32f52b4b

SHA256
109ab31d2375a9d10daa1dce50f9bc9567f786970999cd6fddfb1673b9e09828

SHA512
31984558d7f893ff18c3cab558aa07d2d5fa1df6e4953ca548f04c4b12dbf019a6999d1e3349531cdb8f2abc4dedc0591628ee95b489959395a8f3e540da03b6

Download Submit
C:\Windows\System32\HcXXUYG.exe

Filesize
3.1MB

MD5
51bd19216e1cd6709b0df4d9af24d2fc

SHA1
147382e266aa18d5e9deba8609d834380482e7cc

SHA256
043e42a90f7c3e196bafa51038015b5f9fd8056217e2129735a88f6eea3afa02

SHA512
d95aa8137d9499b3a23c40859074f8a186817c11678c4a0f8edfca17c9a450de5ac5e4d26f3fe3de122a38d5242dc019c29d51c9462d1c19f2113d232f866b82

Download Submit
C:\Windows\System32\LYJuZwf.exe

Filesize
3.1MB

MD5
b2ac0fc64e73aad39fdaff0726885d3a

SHA1
7330ee5ae7ca949e1ab3f710938819fac4c21417

SHA256
f4a29d3462c66a58172acfd26bdcff5423a9dfc274a9fa3931cfcae9a7042244

SHA512
fd604d86c973eb327e4cffaf4152812acaedfae4810649278be3a09331bf17b2ab34b944d62952a80017c510656a246ad820a8d369b3fa10047e40bd7916cb12

Download Submit
C:\Windows\System32\OTDUsGB.exe

Filesize
3.1MB

MD5
2c48dd5b2d9c80a0d7f60e049bbd7a95

SHA1
39453c2b6f7ab0f85637848836316625460395dc

SHA256
83dab4424347b4a1a9d70a85306f75e8458c27f7488710f7442aff7cbd3e0706

SHA512
04f0c3d4746abbfb2ac6ac2bb94df07468110b97b269161c7a30b48c1f357d4c9837f87a06032df5c8d4fa182e5e73479573f793ad7dd3aff439c5f965bbfd58

Download Submit
C:\Windows\System32\PrSujSm.exe

Filesize
3.1MB

MD5
864e852025dbce2f050e87c127776f2f

SHA1
8a183966fd9738db599eb45dba9261056a204cac

SHA256
7d628cf810b4eefac491cc92894dae3abde0676c34f35988399d94f0a67e10fc

SHA512
047c4cff446a2359e7d14ac15a66bd17412ff19ae3912ab2e96953847ca1a18477f2e047fd56e987e5ccd0375e95a3ecfca7c8f14d416ce9c238b9b352985d29

Download Submit
C:\Windows\System32\QwHveOQ.exe

Filesize
3.1MB

MD5
eed3f841dca09be28cc9a4c74d898469

SHA1
b015b743d5dc7da84343524a24cbfb91bfb25b5c

SHA256
41f3b6b5666111dad015145e8144c2d2491a9d335f8dbd007706dca854f2cbbc

SHA512
58280abf8936a200b491bdd1307a3924b292654865bfde3f3d196d750f66604069e039b92be17f2a5cb7b101d4bc475fd87d83d2a025d4a7e8182049687b7251

Download Submit
C:\Windows\System32\SCBRdpH.exe

Filesize
3.1MB

MD5
b9e371ba062432440120b84b7772872d

SHA1
7be9b470a4321c97dc14504a7b16fbadcbac662e

SHA256
231e254def2c26e1d680a427d924ce8adc750f1841359ae40267122bcdc3735b

SHA512
f94e2acfbbcc4c64f168263291089d80955f2b4c4a8ecfef6430c42916b2a0925ff67c9a913ae13627a5b563cca3a93a0a8b948bb000fade0aada0bbae3e019c

Download Submit
C:\Windows\System32\SkrZmDp.exe

Filesize
3.1MB

MD5
b3aac2ca07dcc0657266672ee6fa582c

SHA1
1327c2086b7bc89402a10004f3356a6cd9dd2a9d

SHA256
8e1a41b624341edf26af50c8cbe93543c310f31e90ea09ea5bb23182e1832e80

SHA512
76074a5ac70cc5be22b3eeb72191684c10761915f2efc6480df635238417e9fa612b5b0edf442355a1c4a82459439f52c2a7a3f88268575faa18204600dbc54a

Download Submit
C:\Windows\System32\UMpOEKj.exe

Filesize
3.1MB

MD5
4722a7e42657e152901e1be457bc3918

SHA1
b49bcb245dbab551d03f50809ee1a48911120c1c

SHA256
fc39f05ff03dee70d5d679c94c178ccf8915f31f23e55d70f84b2533ef177a82

SHA512
e1cbea8d410574fc244750c34114e763a45999fce5172408097885099d31a31f04983f35c195d6d6a42b890c1ffe2369ecbb8967ac590aea967ebb070ae92afe

Download Submit
C:\Windows\System32\XPVGMoc.exe

Filesize
3.1MB

MD5
33af906cc656245dc34067f0f1cdc551

SHA1
133d20b9779a1e074f83e76d66e2d8cfc289b60a

SHA256
7f696c65d26f5c4effe9ac1a8b15c62288a885c16667b284e3790abb549c8752

SHA512
a6b04a6949d807effbf6749f6652635b4a8eed63d166154cfc75aaac21a1c14e784e99b0695ecd04ed5840f1c780fdc2d553be3d66c951de9669fbef24a01f56

Download Submit
C:\Windows\System32\dVMfovU.exe

Filesize
3.1MB

MD5
cf8de64538474de11f667ee2ad345d15

SHA1
fd07d755a08b718f5f3bf4d20db5e470b2b17f92

SHA256
13378dbfaff34bba43e81545b0d366669691d263e1c92700fba351fc82aa8390

SHA512
685226bed0c1dd76e5a645400186b9fa3ac9f34be497e6ebbd764b8a391f6fbf0bb2da3226603e84070f2144c9d5c14d55801781bd075e6bb0d4fa540dfc4950

Download Submit
C:\Windows\System32\dagBeHb.exe

Filesize
3.1MB

MD5
238b755a0f151cf0dbb12c60b65a925c

SHA1
e9f612618f38d6558a2319fea0a7d45d4431c51d

SHA256
f6d08f40bb505d56977d03ed6f88e564a563a7f8ccf8bc7a031567cecb29ae00

SHA512
4806d9eca2f95a39a209e838c5021ca7603ec3f5054e030512b66a4009ce817e969365bdab41f1d55121004510233260c5b7c2918bca7c4079ec744985a13b51

Download Submit
C:\Windows\System32\danTnzY.exe

Filesize
3.1MB

MD5
2bc0ea790dbe6f75ecbc0f6fe8001181

SHA1
77953b09ac5848c52d7ec0a24aeacd48c5522a73

SHA256
1340120b03e793f3eca27ef2ad7737546cf53a05c804a00eb0aae8efa184d035

SHA512
a8e26d72c6dc54361329067672477ce92a9503a6ee9961bac89a1e3292ab3a01f148412cec975731f8300fdd6b9656c37134c7e8de55022f0c4414188459f551

Download Submit
C:\Windows\System32\dyVivdm.exe

Filesize
3.1MB

MD5
9743c0f16feb34df9fabdede699c37a6

SHA1
20f11960217f87b78fe5be17b9b4c1e3b2c39a97

SHA256
13d0984cde69c9e5c2d80420cc629a0f7f3c9b039625dc125a08f3da520f3a0b

SHA512
17e2c34e920ace104b6aac125a22c6413e1cfec9e276451d1f50ca4949f76eb948493331d041d74fdff088c26d5fb87f0b40ccb0b77c45ae9a2334b89fff2644

Download Submit
C:\Windows\System32\gSTkHwK.exe

Filesize
3.1MB

MD5
a85349e8fcce96f218e467026c23ddf7

SHA1
f6976fe2b329119bd521b8f2ff2d471da5bfa3f1

SHA256
5ce7b80d361925c1cd9dec18314a5bd8a3ece7d111efe031801b34b21a5b7c4f

SHA512
d546d0e10bcfbae2623098b35eba74e2780289a119c4cb924792770e2fb60708beabf42314990ac0a2a388ad3b8f922f2806e51150c4d167b916017c44b2bd4c

Download Submit
C:\Windows\System32\iJoKGFB.exe

Filesize
3.1MB

MD5
f976384b54ee653667579d5064711320

SHA1
284652a592061a42845ded8260d6178d39011889

SHA256
6aeb2e73c8d2f145a2f9bd2e0340d970bc2ca87176be0b2e081af4119ceee636

SHA512
b1cd8161bbc57a09e3780cb3992077c4beefb284042a5e497ad525fa469afdc532185b84adf706e701307f409a5285fb258dbddf01f3aed0ecff3080f93f3947

Download Submit
C:\Windows\System32\kInddUh.exe

Filesize
3.1MB

MD5
2bd6b794a9a2495f34d2509d8aee15b7

SHA1
4683f31ba0ca9e6187983b2cf0cae2322aa77431

SHA256
11b26f1313350fb68bd967376a803880b0c06540e384eca442ee59bcda657cb2

SHA512
39d2e6d338480d4c4b936f8da8c7d17d006785de23541890be0bbbfa695c452419b8aefd39eb07f1a95a122c7fb68b62b66f22642c60713391cb73793715b879

Download Submit
C:\Windows\System32\lgDNCQw.exe

Filesize
3.1MB

MD5
0872d8bce0759f55ea03e4fed19cfa3f

SHA1
70d8fa2a44f3441c89fc53563441d2736abaee1c

SHA256
2b354b6f481a5d216de36ff16395ecac70fea556661c8c47989ffe0f8debaa53

SHA512
7c2ac1fc77e10c672b717d21f9b1859b08cad7983808820315e38b7fa7d0e43e275625940e95c5d8c440eec60a11fdc4c18555b4633e4c29b2d2731413545515

Download Submit
C:\Windows\System32\oGoXOVz.exe

Filesize
3.1MB

MD5
96c4c34751be0d7eb8b40e1391c67d6d

SHA1
c485167e26ed4b1d4ac02427d3875047eb24328d

SHA256
5a164531658d265ad3a66cf960b7d48a14d0af166ae3c37ec9ca80a71c9f63f3

SHA512
eba33c9ad28797043d5bd1d9c60283556859c9911c2c4c7e93c698b3cecbc180540f5a7d72565d0c0b9063ec2cc8a3c74449b77eee8cd5cad20d6ef1169cf250

Download Submit
C:\Windows\System32\sGPeXIO.exe

Filesize
3.1MB

MD5
5f2e4025a2ad8f5531f185469f380b46

SHA1
c92b17d695b266fa140ff8d3a7b24cfe73ea397f

SHA256
ad3cd60888ec29de4b4ce60d245f9b9a83a0db819e2403b948da064266faca74

SHA512
1fbd18825983ee2dce5e1103cfcbde65592b5776581c702950200f1444453cc473e725cfa6f1e8c018072fe9e52ce86304bd1f95c695f5f09189639aeeb0bdcc

Download Submit
C:\Windows\System32\sjutShF.exe

Filesize
3.1MB

MD5
fa718d144431f628df3e1b8974f36965

SHA1
ca2ca50c386363389c2203174fac7d7c41eaa6b0

SHA256
f4b03e32a8c52985e570f443df045df462fda23f9916ab601ac377c7a61cc1e6

SHA512
e2f0fe6ea274a26969844471211386219a9a1ad84b43169db11c68a4412a6ac3921f6c823a519e8693a30379deade0cfeae1d4563280d05111990486ad002f7f

Download Submit
C:\Windows\System32\tnSviUX.exe

Filesize
3.1MB

MD5
0b19c81a3549965b29b9936b27ba4e65

SHA1
a962653351f36ddbb42854c3eb2d3564ba9014d8

SHA256
2f9ebc8397b3d00e9216c9f8c426bab2e807a14f73a5c2b1c7acec3381a4a8e2

SHA512
cc501d871e2be2923a70bce5619e0030496b5c3c63012f11f3b1638da34b99a462ac437f724417ddd143a8993da83cda4d8653043e7dec9a52297f736da305da

Download Submit
C:\Windows\System32\wSdsmtT.exe

Filesize
3.1MB

MD5
6d2cf0ccaf6039280199eb48672247da

SHA1
9d08bf0751df79f61fe3d6afd19b627eb150d950

SHA256
9cc6782ed27f2d63eda9d03eb54c427c65494c27152f60eff9157c202e8fa629

SHA512
342076429f72783ed44165fd24c8197ace1b8508c73e85626739748848c36b29a729d54266ed1b982d69ecb457de5fe9e8bf75be088fa7d5640c9e0861a2fa44

Download Submit
C:\Windows\System32\xgjBAiD.exe

Filesize
3.1MB

MD5
59cfdfd0fa8a9f2abfff256fa549f6e3

SHA1
cc992cd4c62ac410169c73a7714502c5dc4f1947

SHA256
fc7941c9b6e087ff3e99d44ffe5ef76211b825dcfe9dd20b80bf6c8ce7676994

SHA512
1de5de8b772c22d6c385c3243a16a2ecba1184495f4a9947c0afe9bdf824f09e29b83ec04f9a03c4c056e7ca0faf668b9ac95b3f36a519a5c0d6320e1e0a87a2

Download Submit
C:\Windows\System32\zOpbqQM.exe

Filesize
3.1MB

MD5
3e914d0c4d97a3cc4bc56a3fe9434b28

SHA1
28e1e5c96ba9940832a0755e34f9853005e25b60

SHA256
88efbeeb49c810d7325a4c1f25d9f4530d78990a1391f22e755ec7aad5db97a3

SHA512
087394f618d86da9faf625533d1d8fabf29d6df99973893030044b147abc250896e8dc97d2ce9ce56ac869c664dcfa28b55a6974c5e86df8a9f52719e4c01d80

Download Submit
C:\Windows\System32\zaQBqes.exe

Filesize
3.1MB

MD5
e87147f96f3ec1466546649458efbffa

SHA1
61561bb4616b4842066ce4bf2533d4ccffaffdda

SHA256
1275a222e9c35e8f45d552043107e0b221d82134e2443f96981c166d56285452

SHA512
8c1ae8859be57c2eb0ddd83a30eae616afd7ca8985897e6f50e5f70f785bdb34c41a3350b1edae817a60c180f26f78d66dfb960e63cee943da082dced304d98b

Download Submit
memory/424-931-0x00007FF733040000-0x00007FF733435000-memory.dmp

Filesize
4.0MB

Download
memory/424-1909-0x00007FF733040000-0x00007FF733435000-memory.dmp

Filesize
4.0MB

Download
memory/512-1908-0x00007FF742A50000-0x00007FF742E45000-memory.dmp

Filesize
4.0MB

Download
memory/512-22-0x00007FF742A50000-0x00007FF742E45000-memory.dmp

Filesize
4.0MB

Download
memory/1372-1922-0x00007FF7945C0000-0x00007FF7949B5000-memory.dmp

Filesize
4.0MB

Download
memory/1372-954-0x00007FF7945C0000-0x00007FF7949B5000-memory.dmp

Filesize
4.0MB

Download
memory/1836-1923-0x00007FF631BB0000-0x00007FF631FA5000-memory.dmp

Filesize
4.0MB

Download
memory/1836-993-0x00007FF631BB0000-0x00007FF631FA5000-memory.dmp

Filesize
4.0MB

Download
memory/1852-1-0x00000272FCF50000-0x00000272FCF60000-memory.dmp

Filesize
64KB

Download
memory/1852-0-0x00007FF637110000-0x00007FF637505000-memory.dmp

Filesize
4.0MB

Download
memory/1852-1904-0x00007FF637110000-0x00007FF637505000-memory.dmp

Filesize
4.0MB

Download
memory/1876-1919-0x00007FF7558B0000-0x00007FF755CA5000-memory.dmp

Filesize
4.0MB

Download
memory/1876-958-0x00007FF7558B0000-0x00007FF755CA5000-memory.dmp

Filesize
4.0MB

Download
memory/2380-1918-0x00007FF607CD0000-0x00007FF6080C5000-memory.dmp

Filesize
4.0MB

Download
memory/2380-967-0x00007FF607CD0000-0x00007FF6080C5000-memory.dmp

Filesize
4.0MB

Download
memory/2596-1925-0x00007FF734360000-0x00007FF734755000-memory.dmp

Filesize
4.0MB

Download
memory/2596-990-0x00007FF734360000-0x00007FF734755000-memory.dmp

Filesize
4.0MB

Download
memory/2776-934-0x00007FF7B1140000-0x00007FF7B1535000-memory.dmp

Filesize
4.0MB

Download
memory/2776-1911-0x00007FF7B1140000-0x00007FF7B1535000-memory.dmp

Filesize
4.0MB

Download
memory/2836-11-0x00007FF7850C0000-0x00007FF7854B5000-memory.dmp

Filesize
4.0MB

Download
memory/2836-1906-0x00007FF7850C0000-0x00007FF7854B5000-memory.dmp

Filesize
4.0MB

Download
memory/2908-1917-0x00007FF777BE0000-0x00007FF777FD5000-memory.dmp

Filesize
4.0MB

Download
memory/2908-973-0x00007FF777BE0000-0x00007FF777FD5000-memory.dmp

Filesize
4.0MB

Download
memory/3092-983-0x00007FF648C90000-0x00007FF649085000-memory.dmp

Filesize
4.0MB

Download
memory/3092-1928-0x00007FF648C90000-0x00007FF649085000-memory.dmp

Filesize
4.0MB

Download
memory/3212-1905-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp

Filesize
4.0MB

Download
memory/3212-1907-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp

Filesize
4.0MB

Download
memory/3212-19-0x00007FF7F7530000-0x00007FF7F7925000-memory.dmp

Filesize
4.0MB

Download
memory/3220-1912-0x00007FF696F70000-0x00007FF697365000-memory.dmp

Filesize
4.0MB

Download
memory/3220-940-0x00007FF696F70000-0x00007FF697365000-memory.dmp

Filesize
4.0MB

Download
memory/3268-1914-0x00007FF674BA0000-0x00007FF674F95000-memory.dmp

Filesize
4.0MB

Download
memory/3268-949-0x00007FF674BA0000-0x00007FF674F95000-memory.dmp

Filesize
4.0MB

Download
memory/3676-1926-0x00007FF61AE20000-0x00007FF61B215000-memory.dmp

Filesize
4.0MB

Download
memory/3676-986-0x00007FF61AE20000-0x00007FF61B215000-memory.dmp

Filesize
4.0MB

Download
memory/3748-1927-0x00007FF6A71D0000-0x00007FF6A75C5000-memory.dmp

Filesize
4.0MB

Download
memory/3748-977-0x00007FF6A71D0000-0x00007FF6A75C5000-memory.dmp

Filesize
4.0MB

Download
memory/3820-969-0x00007FF7BB0D0000-0x00007FF7BB4C5000-memory.dmp

Filesize
4.0MB

Download
memory/3820-1915-0x00007FF7BB0D0000-0x00007FF7BB4C5000-memory.dmp

Filesize
4.0MB

Download
memory/4344-1916-0x00007FF735610000-0x00007FF735A05000-memory.dmp

Filesize
4.0MB

Download
memory/4344-980-0x00007FF735610000-0x00007FF735A05000-memory.dmp

Filesize
4.0MB

Download
memory/4388-1921-0x00007FF7B6040000-0x00007FF7B6435000-memory.dmp

Filesize
4.0MB

Download
memory/4388-975-0x00007FF7B6040000-0x00007FF7B6435000-memory.dmp

Filesize
4.0MB

Download
memory/4428-965-0x00007FF6849E0000-0x00007FF684DD5000-memory.dmp

Filesize
4.0MB

Download
memory/4428-1920-0x00007FF6849E0000-0x00007FF684DD5000-memory.dmp

Filesize
4.0MB

Download
memory/4500-987-0x00007FF6DB170000-0x00007FF6DB565000-memory.dmp

Filesize
4.0MB

Download
memory/4500-1924-0x00007FF6DB170000-0x00007FF6DB565000-memory.dmp

Filesize
4.0MB

Download
memory/4844-1910-0x00007FF69BED0000-0x00007FF69C2C5000-memory.dmp

Filesize
4.0MB

Download
memory/4844-943-0x00007FF69BED0000-0x00007FF69C2C5000-memory.dmp

Filesize
4.0MB

Download
memory/4944-1929-0x00007FF635C10000-0x00007FF636005000-memory.dmp

Filesize
4.0MB

Download
memory/4944-991-0x00007FF635C10000-0x00007FF636005000-memory.dmp

Filesize
4.0MB

Download
memory/5020-1913-0x00007FF62F5F0000-0x00007FF62F9E5000-memory.dmp

Filesize
4.0MB

Download
memory/5020-937-0x00007FF62F5F0000-0x00007FF62F9E5000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads