xmrig | 5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
Size

1.7MB
MD5

48b7e84ea155dee0482c1965bc879d20
SHA1

e54f747356d0df7a43bc882cada27c957326d408
SHA256

5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728
SHA512

6c8c60fcf86a630a78f2a3b71d9863201ee65e3d18c6c35107b285ea08162b393e8e107e9aeec318693abaa4a9bbfcba50b6d9824b9fd7b112ec235708423e36
SSDEEP

49152:knw9oUUEEDlnCNfeT5J0aXiJP1+AiAcHe:kQUEEG

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/4148-106-0x00007FF6CE3B0000-0x00007FF6CE7A1000-memory.dmp	xmrig
behavioral2/memory/4044-137-0x00007FF6B0460000-0x00007FF6B0851000-memory.dmp	xmrig
behavioral2/memory/868-174-0x00007FF7CF7A0000-0x00007FF7CFB91000-memory.dmp	xmrig
behavioral2/memory/2920-149-0x00007FF766290000-0x00007FF766681000-memory.dmp	xmrig
behavioral2/memory/1632-134-0x00007FF750550000-0x00007FF750941000-memory.dmp	xmrig
behavioral2/memory/2908-103-0x00007FF77EBE0000-0x00007FF77EFD1000-memory.dmp	xmrig
behavioral2/memory/4948-97-0x00007FF61AF00000-0x00007FF61B2F1000-memory.dmp	xmrig
behavioral2/memory/4456-89-0x00007FF756C60000-0x00007FF757051000-memory.dmp	xmrig
behavioral2/memory/4236-83-0x00007FF6DAF60000-0x00007FF6DB351000-memory.dmp	xmrig
behavioral2/memory/4224-72-0x00007FF687F10000-0x00007FF688301000-memory.dmp	xmrig
behavioral2/memory/2484-66-0x00007FF63EE70000-0x00007FF63F261000-memory.dmp	xmrig
behavioral2/memory/1920-18-0x00007FF6F0830000-0x00007FF6F0C21000-memory.dmp	xmrig
behavioral2/memory/4532-1973-0x00007FF7007A0000-0x00007FF700B91000-memory.dmp	xmrig
behavioral2/memory/1920-1974-0x00007FF6F0830000-0x00007FF6F0C21000-memory.dmp	xmrig
behavioral2/memory/4420-1975-0x00007FF614260000-0x00007FF614651000-memory.dmp	xmrig
behavioral2/memory/5100-1976-0x00007FF707CC0000-0x00007FF7080B1000-memory.dmp	xmrig
behavioral2/memory/3784-1977-0x00007FF6A6E90000-0x00007FF6A7281000-memory.dmp	xmrig
behavioral2/memory/4676-2010-0x00007FF71B530000-0x00007FF71B921000-memory.dmp	xmrig
behavioral2/memory/4628-2011-0x00007FF7EC110000-0x00007FF7EC501000-memory.dmp	xmrig
behavioral2/memory/5116-2012-0x00007FF7F4BD0000-0x00007FF7F4FC1000-memory.dmp	xmrig
behavioral2/memory/5028-2013-0x00007FF6E4A00000-0x00007FF6E4DF1000-memory.dmp	xmrig
behavioral2/memory/3712-2014-0x00007FF6DDE00000-0x00007FF6DE1F1000-memory.dmp	xmrig
behavioral2/memory/4352-2015-0x00007FF7CEF80000-0x00007FF7CF371000-memory.dmp	xmrig
behavioral2/memory/4056-2016-0x00007FF6EA420000-0x00007FF6EA811000-memory.dmp	xmrig
behavioral2/memory/4960-2017-0x00007FF6E8300000-0x00007FF6E86F1000-memory.dmp	xmrig
behavioral2/memory/1920-2026-0x00007FF6F0830000-0x00007FF6F0C21000-memory.dmp	xmrig
behavioral2/memory/4340-2028-0x00007FF6B5430000-0x00007FF6B5821000-memory.dmp	xmrig
behavioral2/memory/4420-2030-0x00007FF614260000-0x00007FF614651000-memory.dmp	xmrig
behavioral2/memory/5100-2032-0x00007FF707CC0000-0x00007FF7080B1000-memory.dmp	xmrig
behavioral2/memory/4948-2046-0x00007FF61AF00000-0x00007FF61B2F1000-memory.dmp	xmrig
behavioral2/memory/4456-2048-0x00007FF756C60000-0x00007FF757051000-memory.dmp	xmrig
behavioral2/memory/1632-2050-0x00007FF750550000-0x00007FF750941000-memory.dmp	xmrig
behavioral2/memory/2484-2044-0x00007FF63EE70000-0x00007FF63F261000-memory.dmp	xmrig
behavioral2/memory/4224-2042-0x00007FF687F10000-0x00007FF688301000-memory.dmp	xmrig
behavioral2/memory/4236-2040-0x00007FF6DAF60000-0x00007FF6DB351000-memory.dmp	xmrig
behavioral2/memory/3784-2038-0x00007FF6A6E90000-0x00007FF6A7281000-memory.dmp	xmrig
behavioral2/memory/4148-2036-0x00007FF6CE3B0000-0x00007FF6CE7A1000-memory.dmp	xmrig
behavioral2/memory/2908-2034-0x00007FF77EBE0000-0x00007FF77EFD1000-memory.dmp	xmrig
behavioral2/memory/2920-2052-0x00007FF766290000-0x00007FF766681000-memory.dmp	xmrig
behavioral2/memory/4056-2077-0x00007FF6EA420000-0x00007FF6EA811000-memory.dmp	xmrig
behavioral2/memory/868-2075-0x00007FF7CF7A0000-0x00007FF7CFB91000-memory.dmp	xmrig
behavioral2/memory/4352-2073-0x00007FF7CEF80000-0x00007FF7CF371000-memory.dmp	xmrig
behavioral2/memory/4960-2071-0x00007FF6E8300000-0x00007FF6E86F1000-memory.dmp	xmrig
behavioral2/memory/5116-2064-0x00007FF7F4BD0000-0x00007FF7F4FC1000-memory.dmp	xmrig
behavioral2/memory/4676-2063-0x00007FF71B530000-0x00007FF71B921000-memory.dmp	xmrig
behavioral2/memory/4628-2060-0x00007FF7EC110000-0x00007FF7EC501000-memory.dmp	xmrig
behavioral2/memory/5028-2058-0x00007FF6E4A00000-0x00007FF6E4DF1000-memory.dmp	xmrig
behavioral2/memory/4044-2056-0x00007FF6B0460000-0x00007FF6B0851000-memory.dmp	xmrig
behavioral2/memory/3712-2054-0x00007FF6DDE00000-0x00007FF6DE1F1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4340	WTPbGdz.exe
1920	YBlpiHT.exe
5100	kHzywhp.exe
4420	lOURwRN.exe
2908	jbXeaLk.exe
3784	xNZXHcq.exe
2484	WRiejhu.exe
4224	oWlqelL.exe
4236	nezMDpp.exe
4456	BgUCvlg.exe
4948	ymlgDBB.exe
4148	TaHKWPT.exe
1632	MrejCyM.exe
4044	NPgytLf.exe
2920	yPWDDXM.exe
4676	TLGYQIl.exe
4628	tMAcFrd.exe
5116	ESZQnTY.exe
5028	WIFNSpT.exe
3712	RfltvBt.exe
868	PnDEUmg.exe
4352	EydbaeK.exe
4056	OdcTWoL.exe
4960	FONRKri.exe
4828	heJbROA.exe
4368	fHHAzHn.exe
1192	xpsyEkB.exe
1244	cHtiVxX.exe
2024	bkUFgLS.exe
4684	JmMybMA.exe
4380	XuHpFCx.exe
1644	XiGFQcq.exe
3444	eZBnrEv.exe
2444	QXxvQBT.exe
3460	zQKGbvn.exe
2072	KeSKmVA.exe
4812	GecLCfC.exe
4312	zTxdtjx.exe
3592	eUyniek.exe
4348	NpCzFRU.exe
4680	xGEBAMp.exe
216	sAunNsj.exe
4280	YGGVBfJ.exe
4512	uUgRBNn.exe
2244	GqcnTbz.exe
1432	Hhgvbtk.exe
2268	YTdMeay.exe
4400	WroBDMV.exe
2312	YFoUekm.exe
1580	IiuIrUY.exe
2440	HRmoIPS.exe
3924	amerXdq.exe
4388	RufVJUl.exe
812	flwouyE.exe
2044	yVylepW.exe
2464	MjNwjwv.exe
2548	TRPuCFe.exe
4448	XApehBb.exe
1420	bRBUqak.exe
2576	hEJDaIE.exe
1984	ZGrDrPs.exe
1668	vQvGvna.exe
5032	AocqsrT.exe
672	eyRxHgp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4532-0-0x00007FF7007A0000-0x00007FF700B91000-memory.dmp	upx
behavioral2/files/0x000900000002355f-5.dat	upx
behavioral2/files/0x0007000000023567-8.dat	upx
behavioral2/files/0x0007000000023570-47.dat	upx
behavioral2/files/0x000700000002356c-57.dat	upx
behavioral2/files/0x000700000002356d-62.dat	upx
behavioral2/files/0x0007000000023572-75.dat	upx
behavioral2/files/0x0007000000023578-96.dat	upx
behavioral2/memory/4628-99-0x00007FF7EC110000-0x00007FF7EC501000-memory.dmp	upx
behavioral2/memory/4148-106-0x00007FF6CE3B0000-0x00007FF6CE7A1000-memory.dmp	upx
behavioral2/memory/4044-137-0x00007FF6B0460000-0x00007FF6B0851000-memory.dmp	upx
behavioral2/files/0x0007000000023579-153.dat	upx
behavioral2/files/0x0007000000023582-173.dat	upx
behavioral2/memory/868-174-0x00007FF7CF7A0000-0x00007FF7CFB91000-memory.dmp	upx
behavioral2/memory/4960-172-0x00007FF6E8300000-0x00007FF6E86F1000-memory.dmp	upx
behavioral2/files/0x0007000000023581-168.dat	upx
behavioral2/files/0x0007000000023580-166.dat	upx
behavioral2/files/0x000700000002357f-164.dat	upx
behavioral2/files/0x000700000002357e-162.dat	upx
behavioral2/files/0x000700000002357d-160.dat	upx
behavioral2/files/0x000700000002357c-159.dat	upx
behavioral2/files/0x000700000002357b-157.dat	upx
behavioral2/files/0x000700000002357a-155.dat	upx
behavioral2/memory/4056-152-0x00007FF6EA420000-0x00007FF6EA811000-memory.dmp	upx
behavioral2/memory/4352-151-0x00007FF7CEF80000-0x00007FF7CF371000-memory.dmp	upx
behavioral2/memory/2920-149-0x00007FF766290000-0x00007FF766681000-memory.dmp	upx
behavioral2/memory/1632-134-0x00007FF750550000-0x00007FF750941000-memory.dmp	upx
behavioral2/files/0x0007000000023577-117.dat	upx
behavioral2/files/0x0007000000023576-113.dat	upx
behavioral2/files/0x0007000000023575-111.dat	upx
behavioral2/files/0x0007000000023574-109.dat	upx
behavioral2/files/0x0007000000023573-107.dat	upx
behavioral2/memory/2908-103-0x00007FF77EBE0000-0x00007FF77EFD1000-memory.dmp	upx
behavioral2/memory/3712-102-0x00007FF6DDE00000-0x00007FF6DE1F1000-memory.dmp	upx
behavioral2/memory/5028-101-0x00007FF6E4A00000-0x00007FF6E4DF1000-memory.dmp	upx
behavioral2/memory/5116-100-0x00007FF7F4BD0000-0x00007FF7F4FC1000-memory.dmp	upx
behavioral2/memory/4676-98-0x00007FF71B530000-0x00007FF71B921000-memory.dmp	upx
behavioral2/memory/4948-97-0x00007FF61AF00000-0x00007FF61B2F1000-memory.dmp	upx
behavioral2/memory/4456-89-0x00007FF756C60000-0x00007FF757051000-memory.dmp	upx
behavioral2/memory/4236-83-0x00007FF6DAF60000-0x00007FF6DB351000-memory.dmp	upx
behavioral2/files/0x0007000000023571-74.dat	upx
behavioral2/memory/4224-72-0x00007FF687F10000-0x00007FF688301000-memory.dmp	upx
behavioral2/memory/2484-66-0x00007FF63EE70000-0x00007FF63F261000-memory.dmp	upx
behavioral2/files/0x000700000002356f-65.dat	upx
behavioral2/files/0x000700000002356e-59.dat	upx
behavioral2/memory/3784-58-0x00007FF6A6E90000-0x00007FF6A7281000-memory.dmp	upx
behavioral2/files/0x000700000002356b-54.dat	upx
behavioral2/files/0x000700000002356a-52.dat	upx
behavioral2/memory/5100-50-0x00007FF707CC0000-0x00007FF7080B1000-memory.dmp	upx
behavioral2/files/0x0007000000023569-49.dat	upx
behavioral2/files/0x0007000000023568-35.dat	upx
behavioral2/memory/4420-26-0x00007FF614260000-0x00007FF614651000-memory.dmp	upx
behavioral2/memory/1920-18-0x00007FF6F0830000-0x00007FF6F0C21000-memory.dmp	upx
behavioral2/memory/4340-12-0x00007FF6B5430000-0x00007FF6B5821000-memory.dmp	upx
behavioral2/files/0x0007000000023566-11.dat	upx
behavioral2/files/0x0008000000023563-178.dat	upx
behavioral2/files/0x0007000000023584-183.dat	upx
behavioral2/memory/4532-1973-0x00007FF7007A0000-0x00007FF700B91000-memory.dmp	upx
behavioral2/memory/1920-1974-0x00007FF6F0830000-0x00007FF6F0C21000-memory.dmp	upx
behavioral2/memory/4420-1975-0x00007FF614260000-0x00007FF614651000-memory.dmp	upx
behavioral2/memory/5100-1976-0x00007FF707CC0000-0x00007FF7080B1000-memory.dmp	upx
behavioral2/memory/3784-1977-0x00007FF6A6E90000-0x00007FF6A7281000-memory.dmp	upx
behavioral2/memory/4676-2010-0x00007FF71B530000-0x00007FF71B921000-memory.dmp	upx
behavioral2/memory/4628-2011-0x00007FF7EC110000-0x00007FF7EC501000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\zTxdtjx.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\NbynvqS.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\JeCfkfw.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\TjWShWA.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\sMnrWEs.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\SqNouTr.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\NzislCV.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\jwIYxoL.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\CWsGojq.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\otYFwHQ.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\KATFGcJ.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\UFnlxJh.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\xBnjImg.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\RfltvBt.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\uUgRBNn.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\KOgihtX.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\NVSNdZh.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\TeLsucb.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\stlCnNG.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\tnNzzaf.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\ubUZyam.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\gZqJXAP.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\gbMSoMT.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\mXrswho.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\wcanZwv.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\aeoEysU.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\uXUhuGr.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\xbnaQSK.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\lXuKfEe.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\VZIaitS.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\RXjvFdW.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\bhwePie.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\WJAWlde.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\TdpKphm.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\wNBOURT.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\cYvehbm.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\BADaezy.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\somdiKA.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\RTZYSGv.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\yFcygBx.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\wVpRWyv.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\jslGeNY.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\FgiXhjX.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\BOTelVD.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\azMHoma.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\VVidLmq.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\iAgawoF.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\WIFNSpT.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\yuJOQAZ.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\QpedaXA.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\yfMOyVJ.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\yitLsnF.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\GlqVwKx.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\LxAiaCm.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\tBFMeSn.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\ktSKNru.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\XiGFQcq.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\JtgZFwe.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\GecojmL.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\bkUFgLS.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\CzNHuER.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\xFNTDTR.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\uFIOlqs.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
File created	C:\Windows\System32\YrfOZTo.exe	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2248	dwm.exe
Token: SeChangeNotifyPrivilege	2248	dwm.exe
Token: 33	2248	dwm.exe
Token: SeIncBasePriorityPrivilege	2248	dwm.exe
Token: SeShutdownPrivilege	2248	dwm.exe
Token: SeCreatePagefilePrivilege	2248	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 4340	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	84
PID 4532 wrote to memory of 4340	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	84
PID 4532 wrote to memory of 1920	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	85
PID 4532 wrote to memory of 1920	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	85
PID 4532 wrote to memory of 5100	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	86
PID 4532 wrote to memory of 5100	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	86
PID 4532 wrote to memory of 4420	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	87
PID 4532 wrote to memory of 4420	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	87
PID 4532 wrote to memory of 2908	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	88
PID 4532 wrote to memory of 2908	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	88
PID 4532 wrote to memory of 3784	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	89
PID 4532 wrote to memory of 3784	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	89
PID 4532 wrote to memory of 2484	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	90
PID 4532 wrote to memory of 2484	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	90
PID 4532 wrote to memory of 4148	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	91
PID 4532 wrote to memory of 4148	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	91
PID 4532 wrote to memory of 4224	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	92
PID 4532 wrote to memory of 4224	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	92
PID 4532 wrote to memory of 4236	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	93
PID 4532 wrote to memory of 4236	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	93
PID 4532 wrote to memory of 4456	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	94
PID 4532 wrote to memory of 4456	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	94
PID 4532 wrote to memory of 4948	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	95
PID 4532 wrote to memory of 4948	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	95
PID 4532 wrote to memory of 1632	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	96
PID 4532 wrote to memory of 1632	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	96
PID 4532 wrote to memory of 4044	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	97
PID 4532 wrote to memory of 4044	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	97
PID 4532 wrote to memory of 2920	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	98
PID 4532 wrote to memory of 2920	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	98
PID 4532 wrote to memory of 4676	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	99
PID 4532 wrote to memory of 4676	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	99
PID 4532 wrote to memory of 4628	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	100
PID 4532 wrote to memory of 4628	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	100
PID 4532 wrote to memory of 5116	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	101
PID 4532 wrote to memory of 5116	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	101
PID 4532 wrote to memory of 5028	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	102
PID 4532 wrote to memory of 5028	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	102
PID 4532 wrote to memory of 3712	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	103
PID 4532 wrote to memory of 3712	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	103
PID 4532 wrote to memory of 868	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	104
PID 4532 wrote to memory of 868	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	104
PID 4532 wrote to memory of 4352	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	105
PID 4532 wrote to memory of 4352	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	105
PID 4532 wrote to memory of 4056	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	106
PID 4532 wrote to memory of 4056	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	106
PID 4532 wrote to memory of 4960	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	107
PID 4532 wrote to memory of 4960	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	107
PID 4532 wrote to memory of 4828	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	108
PID 4532 wrote to memory of 4828	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	108
PID 4532 wrote to memory of 4368	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	109
PID 4532 wrote to memory of 4368	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	109
PID 4532 wrote to memory of 1192	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	110
PID 4532 wrote to memory of 1192	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	110
PID 4532 wrote to memory of 1244	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	111
PID 4532 wrote to memory of 1244	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	111
PID 4532 wrote to memory of 2024	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	112
PID 4532 wrote to memory of 2024	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	112
PID 4532 wrote to memory of 4684	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	113
PID 4532 wrote to memory of 4684	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	113
PID 4532 wrote to memory of 4380	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	114
PID 4532 wrote to memory of 4380	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	114
PID 4532 wrote to memory of 1644	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	115
PID 4532 wrote to memory of 1644	4532	5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a7bbdb2421db50022e53ade2262b6c495558c2a2a6f8514d3ac34fc6087d728_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Windows\System32\WTPbGdz.exe
  C:\Windows\System32\WTPbGdz.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System32\YBlpiHT.exe
  C:\Windows\System32\YBlpiHT.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System32\kHzywhp.exe
  C:\Windows\System32\kHzywhp.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System32\lOURwRN.exe
  C:\Windows\System32\lOURwRN.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System32\jbXeaLk.exe
  C:\Windows\System32\jbXeaLk.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System32\xNZXHcq.exe
  C:\Windows\System32\xNZXHcq.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System32\WRiejhu.exe
  C:\Windows\System32\WRiejhu.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System32\TaHKWPT.exe
  C:\Windows\System32\TaHKWPT.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System32\oWlqelL.exe
  C:\Windows\System32\oWlqelL.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System32\nezMDpp.exe
  C:\Windows\System32\nezMDpp.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System32\BgUCvlg.exe
  C:\Windows\System32\BgUCvlg.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System32\ymlgDBB.exe
  C:\Windows\System32\ymlgDBB.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System32\MrejCyM.exe
  C:\Windows\System32\MrejCyM.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System32\NPgytLf.exe
  C:\Windows\System32\NPgytLf.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System32\yPWDDXM.exe
  C:\Windows\System32\yPWDDXM.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System32\TLGYQIl.exe
  C:\Windows\System32\TLGYQIl.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System32\tMAcFrd.exe
  C:\Windows\System32\tMAcFrd.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System32\ESZQnTY.exe
  C:\Windows\System32\ESZQnTY.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System32\WIFNSpT.exe
  C:\Windows\System32\WIFNSpT.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\RfltvBt.exe
  C:\Windows\System32\RfltvBt.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System32\PnDEUmg.exe
  C:\Windows\System32\PnDEUmg.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System32\EydbaeK.exe
  C:\Windows\System32\EydbaeK.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System32\OdcTWoL.exe
  C:\Windows\System32\OdcTWoL.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System32\FONRKri.exe
  C:\Windows\System32\FONRKri.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System32\heJbROA.exe
  C:\Windows\System32\heJbROA.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System32\fHHAzHn.exe
  C:\Windows\System32\fHHAzHn.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System32\xpsyEkB.exe
  C:\Windows\System32\xpsyEkB.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System32\cHtiVxX.exe
  C:\Windows\System32\cHtiVxX.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System32\bkUFgLS.exe
  C:\Windows\System32\bkUFgLS.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System32\JmMybMA.exe
  C:\Windows\System32\JmMybMA.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System32\XuHpFCx.exe
  C:\Windows\System32\XuHpFCx.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System32\XiGFQcq.exe
  C:\Windows\System32\XiGFQcq.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System32\eZBnrEv.exe
  C:\Windows\System32\eZBnrEv.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System32\QXxvQBT.exe
  C:\Windows\System32\QXxvQBT.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System32\zQKGbvn.exe
  C:\Windows\System32\zQKGbvn.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System32\KeSKmVA.exe
  C:\Windows\System32\KeSKmVA.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System32\GecLCfC.exe
  C:\Windows\System32\GecLCfC.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System32\zTxdtjx.exe
  C:\Windows\System32\zTxdtjx.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System32\eUyniek.exe
  C:\Windows\System32\eUyniek.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System32\NpCzFRU.exe
  C:\Windows\System32\NpCzFRU.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System32\xGEBAMp.exe
  C:\Windows\System32\xGEBAMp.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System32\sAunNsj.exe
  C:\Windows\System32\sAunNsj.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System32\YGGVBfJ.exe
  C:\Windows\System32\YGGVBfJ.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System32\uUgRBNn.exe
  C:\Windows\System32\uUgRBNn.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System32\GqcnTbz.exe
  C:\Windows\System32\GqcnTbz.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System32\Hhgvbtk.exe
  C:\Windows\System32\Hhgvbtk.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System32\YTdMeay.exe
  C:\Windows\System32\YTdMeay.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System32\WroBDMV.exe
  C:\Windows\System32\WroBDMV.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System32\YFoUekm.exe
  C:\Windows\System32\YFoUekm.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System32\IiuIrUY.exe
  C:\Windows\System32\IiuIrUY.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System32\HRmoIPS.exe
  C:\Windows\System32\HRmoIPS.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System32\amerXdq.exe
  C:\Windows\System32\amerXdq.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System32\flwouyE.exe
  C:\Windows\System32\flwouyE.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System32\RufVJUl.exe
  C:\Windows\System32\RufVJUl.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System32\yVylepW.exe
  C:\Windows\System32\yVylepW.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System32\MjNwjwv.exe
  C:\Windows\System32\MjNwjwv.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System32\TRPuCFe.exe
  C:\Windows\System32\TRPuCFe.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System32\XApehBb.exe
  C:\Windows\System32\XApehBb.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System32\bRBUqak.exe
  C:\Windows\System32\bRBUqak.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System32\hEJDaIE.exe
  C:\Windows\System32\hEJDaIE.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System32\ZGrDrPs.exe
  C:\Windows\System32\ZGrDrPs.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System32\vQvGvna.exe
  C:\Windows\System32\vQvGvna.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System32\AocqsrT.exe
  C:\Windows\System32\AocqsrT.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System32\eyRxHgp.exe
  C:\Windows\System32\eyRxHgp.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System32\NxDYmJq.exe
  C:\Windows\System32\NxDYmJq.exe
  2⤵
  PID:4972
- C:\Windows\System32\ebXyPqD.exe
  C:\Windows\System32\ebXyPqD.exe
  2⤵
  PID:3124
- C:\Windows\System32\lXDATbF.exe
  C:\Windows\System32\lXDATbF.exe
  2⤵
  PID:3940
- C:\Windows\System32\mUFQKfu.exe
  C:\Windows\System32\mUFQKfu.exe
  2⤵
  PID:3540
- C:\Windows\System32\XhKjKIS.exe
  C:\Windows\System32\XhKjKIS.exe
  2⤵
  PID:2824
- C:\Windows\System32\ViBkFVC.exe
  C:\Windows\System32\ViBkFVC.exe
  2⤵
  PID:740
- C:\Windows\System32\RsCSvnf.exe
  C:\Windows\System32\RsCSvnf.exe
  2⤵
  PID:4900
- C:\Windows\System32\cgwTGYH.exe
  C:\Windows\System32\cgwTGYH.exe
  2⤵
  PID:3044
- C:\Windows\System32\epIlNia.exe
  C:\Windows\System32\epIlNia.exe
  2⤵
  PID:2424
- C:\Windows\System32\gVQYQSG.exe
  C:\Windows\System32\gVQYQSG.exe
  2⤵
  PID:1544
- C:\Windows\System32\cYNJOqF.exe
  C:\Windows\System32\cYNJOqF.exe
  2⤵
  PID:4488
- C:\Windows\System32\VLvaxXH.exe
  C:\Windows\System32\VLvaxXH.exe
  2⤵
  PID:2928
- C:\Windows\System32\OzBlpOl.exe
  C:\Windows\System32\OzBlpOl.exe
  2⤵
  PID:228
- C:\Windows\System32\WFNHptI.exe
  C:\Windows\System32\WFNHptI.exe
  2⤵
  PID:1040
- C:\Windows\System32\wuhftVo.exe
  C:\Windows\System32\wuhftVo.exe
  2⤵
  PID:4660
- C:\Windows\System32\tnKFqfX.exe
  C:\Windows\System32\tnKFqfX.exe
  2⤵
  PID:1352
- C:\Windows\System32\NwZjTxP.exe
  C:\Windows\System32\NwZjTxP.exe
  2⤵
  PID:468
- C:\Windows\System32\RXjvFdW.exe
  C:\Windows\System32\RXjvFdW.exe
  2⤵
  PID:1820
- C:\Windows\System32\wxCLIYE.exe
  C:\Windows\System32\wxCLIYE.exe
  2⤵
  PID:3120
- C:\Windows\System32\ZlFXTED.exe
  C:\Windows\System32\ZlFXTED.exe
  2⤵
  PID:2900
- C:\Windows\System32\KOgihtX.exe
  C:\Windows\System32\KOgihtX.exe
  2⤵
  PID:1760
- C:\Windows\System32\QSyufqh.exe
  C:\Windows\System32\QSyufqh.exe
  2⤵
  PID:2936
- C:\Windows\System32\qDJJqdA.exe
  C:\Windows\System32\qDJJqdA.exe
  2⤵
  PID:3828
- C:\Windows\System32\uCqgwgs.exe
  C:\Windows\System32\uCqgwgs.exe
  2⤵
  PID:2256
- C:\Windows\System32\oRJBQQY.exe
  C:\Windows\System32\oRJBQQY.exe
  2⤵
  PID:4892
- C:\Windows\System32\MGTMHYz.exe
  C:\Windows\System32\MGTMHYz.exe
  2⤵
  PID:3456
- C:\Windows\System32\gtKIuiw.exe
  C:\Windows\System32\gtKIuiw.exe
  2⤵
  PID:3048
- C:\Windows\System32\koiimSl.exe
  C:\Windows\System32\koiimSl.exe
  2⤵
  PID:4076
- C:\Windows\System32\YzbstfZ.exe
  C:\Windows\System32\YzbstfZ.exe
  2⤵
  PID:244
- C:\Windows\System32\LvgCjmC.exe
  C:\Windows\System32\LvgCjmC.exe
  2⤵
  PID:5004
- C:\Windows\System32\yXwPJaY.exe
  C:\Windows\System32\yXwPJaY.exe
  2⤵
  PID:4084
- C:\Windows\System32\jslGeNY.exe
  C:\Windows\System32\jslGeNY.exe
  2⤵
  PID:4412
- C:\Windows\System32\kxNGHfm.exe
  C:\Windows\System32\kxNGHfm.exe
  2⤵
  PID:1460
- C:\Windows\System32\NgEiqsl.exe
  C:\Windows\System32\NgEiqsl.exe
  2⤵
  PID:4004
- C:\Windows\System32\gMnDTZF.exe
  C:\Windows\System32\gMnDTZF.exe
  2⤵
  PID:4524
- C:\Windows\System32\mXbWkrJ.exe
  C:\Windows\System32\mXbWkrJ.exe
  2⤵
  PID:3672
- C:\Windows\System32\tBFMeSn.exe
  C:\Windows\System32\tBFMeSn.exe
  2⤵
  PID:3544
- C:\Windows\System32\CaJHmwW.exe
  C:\Windows\System32\CaJHmwW.exe
  2⤵
  PID:4908
- C:\Windows\System32\uUTKdtD.exe
  C:\Windows\System32\uUTKdtD.exe
  2⤵
  PID:5152
- C:\Windows\System32\TTAOGbt.exe
  C:\Windows\System32\TTAOGbt.exe
  2⤵
  PID:5184
- C:\Windows\System32\neoTlLr.exe
  C:\Windows\System32\neoTlLr.exe
  2⤵
  PID:5200
- C:\Windows\System32\LqZEJDj.exe
  C:\Windows\System32\LqZEJDj.exe
  2⤵
  PID:5224
- C:\Windows\System32\qIGdPPF.exe
  C:\Windows\System32\qIGdPPF.exe
  2⤵
  PID:5252
- C:\Windows\System32\yXUSVNH.exe
  C:\Windows\System32\yXUSVNH.exe
  2⤵
  PID:5272
- C:\Windows\System32\wmQzAsl.exe
  C:\Windows\System32\wmQzAsl.exe
  2⤵
  PID:5300
- C:\Windows\System32\BzPwJxI.exe
  C:\Windows\System32\BzPwJxI.exe
  2⤵
  PID:5324
- C:\Windows\System32\GsghoYa.exe
  C:\Windows\System32\GsghoYa.exe
  2⤵
  PID:5344
- C:\Windows\System32\KBfKYqf.exe
  C:\Windows\System32\KBfKYqf.exe
  2⤵
  PID:5424
- C:\Windows\System32\LrUglGY.exe
  C:\Windows\System32\LrUglGY.exe
  2⤵
  PID:5440
- C:\Windows\System32\lXgGeKY.exe
  C:\Windows\System32\lXgGeKY.exe
  2⤵
  PID:5484
- C:\Windows\System32\JFQVPOA.exe
  C:\Windows\System32\JFQVPOA.exe
  2⤵
  PID:5508
- C:\Windows\System32\BMRXnEM.exe
  C:\Windows\System32\BMRXnEM.exe
  2⤵
  PID:5528
- C:\Windows\System32\ficzqUL.exe
  C:\Windows\System32\ficzqUL.exe
  2⤵
  PID:5564
- C:\Windows\System32\JtgZFwe.exe
  C:\Windows\System32\JtgZFwe.exe
  2⤵
  PID:5580
- C:\Windows\System32\LotbVgV.exe
  C:\Windows\System32\LotbVgV.exe
  2⤵
  PID:5604
- C:\Windows\System32\RwKximS.exe
  C:\Windows\System32\RwKximS.exe
  2⤵
  PID:5624
- C:\Windows\System32\vZJPvUE.exe
  C:\Windows\System32\vZJPvUE.exe
  2⤵
  PID:5644
- C:\Windows\System32\yGkSENn.exe
  C:\Windows\System32\yGkSENn.exe
  2⤵
  PID:5704
- C:\Windows\System32\tnNzzaf.exe
  C:\Windows\System32\tnNzzaf.exe
  2⤵
  PID:5748
- C:\Windows\System32\jeDrZEJ.exe
  C:\Windows\System32\jeDrZEJ.exe
  2⤵
  PID:5764
- C:\Windows\System32\uZORxbR.exe
  C:\Windows\System32\uZORxbR.exe
  2⤵
  PID:5780
- C:\Windows\System32\yyHtBiS.exe
  C:\Windows\System32\yyHtBiS.exe
  2⤵
  PID:5816
- C:\Windows\System32\jwIYxoL.exe
  C:\Windows\System32\jwIYxoL.exe
  2⤵
  PID:5844
- C:\Windows\System32\giyLtYf.exe
  C:\Windows\System32\giyLtYf.exe
  2⤵
  PID:5876
- C:\Windows\System32\KATFGcJ.exe
  C:\Windows\System32\KATFGcJ.exe
  2⤵
  PID:5896
- C:\Windows\System32\DgXQihj.exe
  C:\Windows\System32\DgXQihj.exe
  2⤵
  PID:5920
- C:\Windows\System32\aDxKIBN.exe
  C:\Windows\System32\aDxKIBN.exe
  2⤵
  PID:5936
- C:\Windows\System32\ZctOBtn.exe
  C:\Windows\System32\ZctOBtn.exe
  2⤵
  PID:5956
- C:\Windows\System32\XWiRtST.exe
  C:\Windows\System32\XWiRtST.exe
  2⤵
  PID:6012
- C:\Windows\System32\fYFHmlc.exe
  C:\Windows\System32\fYFHmlc.exe
  2⤵
  PID:6028
- C:\Windows\System32\ZUUZUMM.exe
  C:\Windows\System32\ZUUZUMM.exe
  2⤵
  PID:6048
- C:\Windows\System32\hVfJILu.exe
  C:\Windows\System32\hVfJILu.exe
  2⤵
  PID:6080
- C:\Windows\System32\dmpjMIM.exe
  C:\Windows\System32\dmpjMIM.exe
  2⤵
  PID:6108
- C:\Windows\System32\RJtSsgi.exe
  C:\Windows\System32\RJtSsgi.exe
  2⤵
  PID:6140
- C:\Windows\System32\kMIVQhN.exe
  C:\Windows\System32\kMIVQhN.exe
  2⤵
  PID:2848
- C:\Windows\System32\CzNHuER.exe
  C:\Windows\System32\CzNHuER.exe
  2⤵
  PID:5240
- C:\Windows\System32\QAdffEu.exe
  C:\Windows\System32\QAdffEu.exe
  2⤵
  PID:5312
- C:\Windows\System32\FgiXhjX.exe
  C:\Windows\System32\FgiXhjX.exe
  2⤵
  PID:5372
- C:\Windows\System32\pmYtuqd.exe
  C:\Windows\System32\pmYtuqd.exe
  2⤵
  PID:5436
- C:\Windows\System32\bKHyTEk.exe
  C:\Windows\System32\bKHyTEk.exe
  2⤵
  PID:5544
- C:\Windows\System32\uShlyXG.exe
  C:\Windows\System32\uShlyXG.exe
  2⤵
  PID:5616
- C:\Windows\System32\FTGziUc.exe
  C:\Windows\System32\FTGziUc.exe
  2⤵
  PID:5636
- C:\Windows\System32\uuVxZMr.exe
  C:\Windows\System32\uuVxZMr.exe
  2⤵
  PID:5656
- C:\Windows\System32\XRwlynO.exe
  C:\Windows\System32\XRwlynO.exe
  2⤵
  PID:5744
- C:\Windows\System32\QSvtImw.exe
  C:\Windows\System32\QSvtImw.exe
  2⤵
  PID:5852
- C:\Windows\System32\LbHPExC.exe
  C:\Windows\System32\LbHPExC.exe
  2⤵
  PID:5888
- C:\Windows\System32\NbynvqS.exe
  C:\Windows\System32\NbynvqS.exe
  2⤵
  PID:5952
- C:\Windows\System32\mbAIYyU.exe
  C:\Windows\System32\mbAIYyU.exe
  2⤵
  PID:6044
- C:\Windows\System32\VRkFXJW.exe
  C:\Windows\System32\VRkFXJW.exe
  2⤵
  PID:6068
- C:\Windows\System32\kyFplvy.exe
  C:\Windows\System32\kyFplvy.exe
  2⤵
  PID:5268
- C:\Windows\System32\MsobdVD.exe
  C:\Windows\System32\MsobdVD.exe
  2⤵
  PID:5388
- C:\Windows\System32\SrJmDQw.exe
  C:\Windows\System32\SrJmDQw.exe
  2⤵
  PID:5600
- C:\Windows\System32\lyOdQbX.exe
  C:\Windows\System32\lyOdQbX.exe
  2⤵
  PID:5612
- C:\Windows\System32\AGuYXMg.exe
  C:\Windows\System32\AGuYXMg.exe
  2⤵
  PID:5828
- C:\Windows\System32\XmLvyjY.exe
  C:\Windows\System32\XmLvyjY.exe
  2⤵
  PID:5992
- C:\Windows\System32\zZZVLca.exe
  C:\Windows\System32\zZZVLca.exe
  2⤵
  PID:6040
- C:\Windows\System32\EHcUPyj.exe
  C:\Windows\System32\EHcUPyj.exe
  2⤵
  PID:5196
- C:\Windows\System32\zhRWDVa.exe
  C:\Windows\System32\zhRWDVa.exe
  2⤵
  PID:5432
- C:\Windows\System32\tQJzCFK.exe
  C:\Windows\System32\tQJzCFK.exe
  2⤵
  PID:5884
- C:\Windows\System32\saqRvxw.exe
  C:\Windows\System32\saqRvxw.exe
  2⤵
  PID:3512
- C:\Windows\System32\PEcfHTY.exe
  C:\Windows\System32\PEcfHTY.exe
  2⤵
  PID:6148
- C:\Windows\System32\sYUYwtk.exe
  C:\Windows\System32\sYUYwtk.exe
  2⤵
  PID:6172
- C:\Windows\System32\HtQkrQH.exe
  C:\Windows\System32\HtQkrQH.exe
  2⤵
  PID:6188
- C:\Windows\System32\cYvehbm.exe
  C:\Windows\System32\cYvehbm.exe
  2⤵
  PID:6216
- C:\Windows\System32\vwHsyub.exe
  C:\Windows\System32\vwHsyub.exe
  2⤵
  PID:6236
- C:\Windows\System32\pvdyIor.exe
  C:\Windows\System32\pvdyIor.exe
  2⤵
  PID:6252
- C:\Windows\System32\gljVfFE.exe
  C:\Windows\System32\gljVfFE.exe
  2⤵
  PID:6276
- C:\Windows\System32\gXojgMo.exe
  C:\Windows\System32\gXojgMo.exe
  2⤵
  PID:6292
- C:\Windows\System32\GecojmL.exe
  C:\Windows\System32\GecojmL.exe
  2⤵
  PID:6340
- C:\Windows\System32\mshLTxF.exe
  C:\Windows\System32\mshLTxF.exe
  2⤵
  PID:6396
- C:\Windows\System32\yUeQhVE.exe
  C:\Windows\System32\yUeQhVE.exe
  2⤵
  PID:6420
- C:\Windows\System32\maHzjpj.exe
  C:\Windows\System32\maHzjpj.exe
  2⤵
  PID:6436
- C:\Windows\System32\LDAMYcM.exe
  C:\Windows\System32\LDAMYcM.exe
  2⤵
  PID:6472
- C:\Windows\System32\ViQkomT.exe
  C:\Windows\System32\ViQkomT.exe
  2⤵
  PID:6520
- C:\Windows\System32\LujtxLp.exe
  C:\Windows\System32\LujtxLp.exe
  2⤵
  PID:6564
- C:\Windows\System32\WHElarE.exe
  C:\Windows\System32\WHElarE.exe
  2⤵
  PID:6580
- C:\Windows\System32\wkZaArs.exe
  C:\Windows\System32\wkZaArs.exe
  2⤵
  PID:6612
- C:\Windows\System32\bsLTCfX.exe
  C:\Windows\System32\bsLTCfX.exe
  2⤵
  PID:6636
- C:\Windows\System32\OFjQPHq.exe
  C:\Windows\System32\OFjQPHq.exe
  2⤵
  PID:6656
- C:\Windows\System32\tAgjGRU.exe
  C:\Windows\System32\tAgjGRU.exe
  2⤵
  PID:6684
- C:\Windows\System32\JeCfkfw.exe
  C:\Windows\System32\JeCfkfw.exe
  2⤵
  PID:6704
- C:\Windows\System32\grkjKrW.exe
  C:\Windows\System32\grkjKrW.exe
  2⤵
  PID:6732
- C:\Windows\System32\ewKitsB.exe
  C:\Windows\System32\ewKitsB.exe
  2⤵
  PID:6756
- C:\Windows\System32\CWsGojq.exe
  C:\Windows\System32\CWsGojq.exe
  2⤵
  PID:6776
- C:\Windows\System32\TEasFkc.exe
  C:\Windows\System32\TEasFkc.exe
  2⤵
  PID:6800
- C:\Windows\System32\QGHbnif.exe
  C:\Windows\System32\QGHbnif.exe
  2⤵
  PID:6820
- C:\Windows\System32\PGPCCDM.exe
  C:\Windows\System32\PGPCCDM.exe
  2⤵
  PID:6840
- C:\Windows\System32\qZoShON.exe
  C:\Windows\System32\qZoShON.exe
  2⤵
  PID:6860
- C:\Windows\System32\pwRjGGy.exe
  C:\Windows\System32\pwRjGGy.exe
  2⤵
  PID:6884
- C:\Windows\System32\FlBGrDi.exe
  C:\Windows\System32\FlBGrDi.exe
  2⤵
  PID:6908
- C:\Windows\System32\zCvhfeE.exe
  C:\Windows\System32\zCvhfeE.exe
  2⤵
  PID:6924
- C:\Windows\System32\bhwePie.exe
  C:\Windows\System32\bhwePie.exe
  2⤵
  PID:6944
- C:\Windows\System32\UTPQays.exe
  C:\Windows\System32\UTPQays.exe
  2⤵
  PID:6968
- C:\Windows\System32\HZHhwmf.exe
  C:\Windows\System32\HZHhwmf.exe
  2⤵
  PID:6988
- C:\Windows\System32\YGCyEwz.exe
  C:\Windows\System32\YGCyEwz.exe
  2⤵
  PID:7008
- C:\Windows\System32\LzvjBvU.exe
  C:\Windows\System32\LzvjBvU.exe
  2⤵
  PID:7032
- C:\Windows\System32\OtqDYsy.exe
  C:\Windows\System32\OtqDYsy.exe
  2⤵
  PID:7108
- C:\Windows\System32\hAMomUO.exe
  C:\Windows\System32\hAMomUO.exe
  2⤵
  PID:6208
- C:\Windows\System32\gnjNLqE.exe
  C:\Windows\System32\gnjNLqE.exe
  2⤵
  PID:6248
- C:\Windows\System32\YohWXeR.exe
  C:\Windows\System32\YohWXeR.exe
  2⤵
  PID:6284
- C:\Windows\System32\qPSarTx.exe
  C:\Windows\System32\qPSarTx.exe
  2⤵
  PID:6452
- C:\Windows\System32\HGqdddq.exe
  C:\Windows\System32\HGqdddq.exe
  2⤵
  PID:6480
- C:\Windows\System32\kJOGgnr.exe
  C:\Windows\System32\kJOGgnr.exe
  2⤵
  PID:6624
- C:\Windows\System32\FdufNGI.exe
  C:\Windows\System32\FdufNGI.exe
  2⤵
  PID:6788
- C:\Windows\System32\eBVJRoK.exe
  C:\Windows\System32\eBVJRoK.exe
  2⤵
  PID:6876
- C:\Windows\System32\eaXbBBE.exe
  C:\Windows\System32\eaXbBBE.exe
  2⤵
  PID:6880
- C:\Windows\System32\IyJRoqm.exe
  C:\Windows\System32\IyJRoqm.exe
  2⤵
  PID:6952
- C:\Windows\System32\WPKVSae.exe
  C:\Windows\System32\WPKVSae.exe
  2⤵
  PID:7140
- C:\Windows\System32\CVSVSId.exe
  C:\Windows\System32\CVSVSId.exe
  2⤵
  PID:6288
- C:\Windows\System32\QOiecpd.exe
  C:\Windows\System32\QOiecpd.exe
  2⤵
  PID:6412
- C:\Windows\System32\xFNTDTR.exe
  C:\Windows\System32\xFNTDTR.exe
  2⤵
  PID:6572
- C:\Windows\System32\mPbgCmI.exe
  C:\Windows\System32\mPbgCmI.exe
  2⤵
  PID:6768
- C:\Windows\System32\PvjUaqo.exe
  C:\Windows\System32\PvjUaqo.exe
  2⤵
  PID:6408
- C:\Windows\System32\lxMuhwZ.exe
  C:\Windows\System32\lxMuhwZ.exe
  2⤵
  PID:6536
- C:\Windows\System32\UXYXbOY.exe
  C:\Windows\System32\UXYXbOY.exe
  2⤵
  PID:6592
- C:\Windows\System32\mXrswho.exe
  C:\Windows\System32\mXrswho.exe
  2⤵
  PID:6712
- C:\Windows\System32\eFuiNOc.exe
  C:\Windows\System32\eFuiNOc.exe
  2⤵
  PID:6892
- C:\Windows\System32\nTbGjZn.exe
  C:\Windows\System32\nTbGjZn.exe
  2⤵
  PID:5864
- C:\Windows\System32\iDmdjye.exe
  C:\Windows\System32\iDmdjye.exe
  2⤵
  PID:6680
- C:\Windows\System32\PeBTuZb.exe
  C:\Windows\System32\PeBTuZb.exe
  2⤵
  PID:6496
- C:\Windows\System32\aHaEncc.exe
  C:\Windows\System32\aHaEncc.exe
  2⤵
  PID:6920
- C:\Windows\System32\tSXKFzO.exe
  C:\Windows\System32\tSXKFzO.exe
  2⤵
  PID:7152
- C:\Windows\System32\ubUZyam.exe
  C:\Windows\System32\ubUZyam.exe
  2⤵
  PID:7120
- C:\Windows\System32\Rudbuuv.exe
  C:\Windows\System32\Rudbuuv.exe
  2⤵
  PID:7184
- C:\Windows\System32\SXYZPGv.exe
  C:\Windows\System32\SXYZPGv.exe
  2⤵
  PID:7204
- C:\Windows\System32\bDWrCVb.exe
  C:\Windows\System32\bDWrCVb.exe
  2⤵
  PID:7260
- C:\Windows\System32\TsrZKag.exe
  C:\Windows\System32\TsrZKag.exe
  2⤵
  PID:7280
- C:\Windows\System32\hhDHnwK.exe
  C:\Windows\System32\hhDHnwK.exe
  2⤵
  PID:7320
- C:\Windows\System32\dMRYgZU.exe
  C:\Windows\System32\dMRYgZU.exe
  2⤵
  PID:7336
- C:\Windows\System32\MkiEZLe.exe
  C:\Windows\System32\MkiEZLe.exe
  2⤵
  PID:7352
- C:\Windows\System32\lCFVOwD.exe
  C:\Windows\System32\lCFVOwD.exe
  2⤵
  PID:7372
- C:\Windows\System32\gZqJXAP.exe
  C:\Windows\System32\gZqJXAP.exe
  2⤵
  PID:7408
- C:\Windows\System32\tWSpcuY.exe
  C:\Windows\System32\tWSpcuY.exe
  2⤵
  PID:7460
- C:\Windows\System32\cGHlNce.exe
  C:\Windows\System32\cGHlNce.exe
  2⤵
  PID:7476
- C:\Windows\System32\bRUyPNe.exe
  C:\Windows\System32\bRUyPNe.exe
  2⤵
  PID:7492
- C:\Windows\System32\vvwekfn.exe
  C:\Windows\System32\vvwekfn.exe
  2⤵
  PID:7520
- C:\Windows\System32\iJXZfBg.exe
  C:\Windows\System32\iJXZfBg.exe
  2⤵
  PID:7548
- C:\Windows\System32\yuJOQAZ.exe
  C:\Windows\System32\yuJOQAZ.exe
  2⤵
  PID:7564
- C:\Windows\System32\ZOXnZKh.exe
  C:\Windows\System32\ZOXnZKh.exe
  2⤵
  PID:7580
- C:\Windows\System32\hPlHilk.exe
  C:\Windows\System32\hPlHilk.exe
  2⤵
  PID:7632
- C:\Windows\System32\AYLaJRs.exe
  C:\Windows\System32\AYLaJRs.exe
  2⤵
  PID:7676
- C:\Windows\System32\DGeUDSa.exe
  C:\Windows\System32\DGeUDSa.exe
  2⤵
  PID:7692
- C:\Windows\System32\QjgfSxP.exe
  C:\Windows\System32\QjgfSxP.exe
  2⤵
  PID:7724
- C:\Windows\System32\OsUKlxB.exe
  C:\Windows\System32\OsUKlxB.exe
  2⤵
  PID:7748
- C:\Windows\System32\NVSNdZh.exe
  C:\Windows\System32\NVSNdZh.exe
  2⤵
  PID:7764
- C:\Windows\System32\zzNsNav.exe
  C:\Windows\System32\zzNsNav.exe
  2⤵
  PID:7804
- C:\Windows\System32\QNlCqQi.exe
  C:\Windows\System32\QNlCqQi.exe
  2⤵
  PID:7828
- C:\Windows\System32\nTEfQiZ.exe
  C:\Windows\System32\nTEfQiZ.exe
  2⤵
  PID:7856
- C:\Windows\System32\paHvcAP.exe
  C:\Windows\System32\paHvcAP.exe
  2⤵
  PID:7888
- C:\Windows\System32\EgighdB.exe
  C:\Windows\System32\EgighdB.exe
  2⤵
  PID:7916
- C:\Windows\System32\pltBHLa.exe
  C:\Windows\System32\pltBHLa.exe
  2⤵
  PID:7940
- C:\Windows\System32\BcAFXet.exe
  C:\Windows\System32\BcAFXet.exe
  2⤵
  PID:7960
- C:\Windows\System32\jTrdKMs.exe
  C:\Windows\System32\jTrdKMs.exe
  2⤵
  PID:7992
- C:\Windows\System32\WNvsDCc.exe
  C:\Windows\System32\WNvsDCc.exe
  2⤵
  PID:8044
- C:\Windows\System32\kdbdBgi.exe
  C:\Windows\System32\kdbdBgi.exe
  2⤵
  PID:8068
- C:\Windows\System32\SkGZmou.exe
  C:\Windows\System32\SkGZmou.exe
  2⤵
  PID:8088
- C:\Windows\System32\wcanZwv.exe
  C:\Windows\System32\wcanZwv.exe
  2⤵
  PID:8120
- C:\Windows\System32\ujVWWRP.exe
  C:\Windows\System32\ujVWWRP.exe
  2⤵
  PID:8148
- C:\Windows\System32\BOTelVD.exe
  C:\Windows\System32\BOTelVD.exe
  2⤵
  PID:8168
- C:\Windows\System32\wkAazxa.exe
  C:\Windows\System32\wkAazxa.exe
  2⤵
  PID:6868
- C:\Windows\System32\ZJCKHJh.exe
  C:\Windows\System32\ZJCKHJh.exe
  2⤵
  PID:6696
- C:\Windows\System32\SGfqSKQ.exe
  C:\Windows\System32\SGfqSKQ.exe
  2⤵
  PID:7268
- C:\Windows\System32\wZHGUIO.exe
  C:\Windows\System32\wZHGUIO.exe
  2⤵
  PID:7288
- C:\Windows\System32\NqBoJKq.exe
  C:\Windows\System32\NqBoJKq.exe
  2⤵
  PID:7404
- C:\Windows\System32\FHAxdnb.exe
  C:\Windows\System32\FHAxdnb.exe
  2⤵
  PID:7428
- C:\Windows\System32\OxROVGW.exe
  C:\Windows\System32\OxROVGW.exe
  2⤵
  PID:7488
- C:\Windows\System32\BADaezy.exe
  C:\Windows\System32\BADaezy.exe
  2⤵
  PID:7540
- C:\Windows\System32\TjWShWA.exe
  C:\Windows\System32\TjWShWA.exe
  2⤵
  PID:7612
- C:\Windows\System32\ABjQsxH.exe
  C:\Windows\System32\ABjQsxH.exe
  2⤵
  PID:7740
- C:\Windows\System32\aeoEysU.exe
  C:\Windows\System32\aeoEysU.exe
  2⤵
  PID:7784
- C:\Windows\System32\KGusViM.exe
  C:\Windows\System32\KGusViM.exe
  2⤵
  PID:7844
- C:\Windows\System32\gPzLCsv.exe
  C:\Windows\System32\gPzLCsv.exe
  2⤵
  PID:7896
- C:\Windows\System32\VjnBVJV.exe
  C:\Windows\System32\VjnBVJV.exe
  2⤵
  PID:7936
- C:\Windows\System32\zegUdng.exe
  C:\Windows\System32\zegUdng.exe
  2⤵
  PID:8016
- C:\Windows\System32\TwopMvl.exe
  C:\Windows\System32\TwopMvl.exe
  2⤵
  PID:8156
- C:\Windows\System32\rXvimrP.exe
  C:\Windows\System32\rXvimrP.exe
  2⤵
  PID:8160
- C:\Windows\System32\cDMahiA.exe
  C:\Windows\System32\cDMahiA.exe
  2⤵
  PID:7200
- C:\Windows\System32\azMHoma.exe
  C:\Windows\System32\azMHoma.exe
  2⤵
  PID:7248
- C:\Windows\System32\QVpfHZZ.exe
  C:\Windows\System32\QVpfHZZ.exe
  2⤵
  PID:7592
- C:\Windows\System32\BJBdKKp.exe
  C:\Windows\System32\BJBdKKp.exe
  2⤵
  PID:7660
- C:\Windows\System32\fzUQlKk.exe
  C:\Windows\System32\fzUQlKk.exe
  2⤵
  PID:7868
- C:\Windows\System32\URoBfGg.exe
  C:\Windows\System32\URoBfGg.exe
  2⤵
  PID:7976
- C:\Windows\System32\kVYGoeA.exe
  C:\Windows\System32\kVYGoeA.exe
  2⤵
  PID:8136
- C:\Windows\System32\DGnPPoT.exe
  C:\Windows\System32\DGnPPoT.exe
  2⤵
  PID:8188
- C:\Windows\System32\jUEffGu.exe
  C:\Windows\System32\jUEffGu.exe
  2⤵
  PID:7276
- C:\Windows\System32\WKNXhPu.exe
  C:\Windows\System32\WKNXhPu.exe
  2⤵
  PID:7796
- C:\Windows\System32\rBcXwda.exe
  C:\Windows\System32\rBcXwda.exe
  2⤵
  PID:6628
- C:\Windows\System32\LoLPpDj.exe
  C:\Windows\System32\LoLPpDj.exe
  2⤵
  PID:8212
- C:\Windows\System32\gOBttji.exe
  C:\Windows\System32\gOBttji.exe
  2⤵
  PID:8228
- C:\Windows\System32\ZMfhYYA.exe
  C:\Windows\System32\ZMfhYYA.exe
  2⤵
  PID:8292
- C:\Windows\System32\xdJAtwr.exe
  C:\Windows\System32\xdJAtwr.exe
  2⤵
  PID:8336
- C:\Windows\System32\DGkwiLU.exe
  C:\Windows\System32\DGkwiLU.exe
  2⤵
  PID:8352
- C:\Windows\System32\yNLatnG.exe
  C:\Windows\System32\yNLatnG.exe
  2⤵
  PID:8380
- C:\Windows\System32\vgcPgMw.exe
  C:\Windows\System32\vgcPgMw.exe
  2⤵
  PID:8404
- C:\Windows\System32\vqMvmxs.exe
  C:\Windows\System32\vqMvmxs.exe
  2⤵
  PID:8444
- C:\Windows\System32\ykzXHKW.exe
  C:\Windows\System32\ykzXHKW.exe
  2⤵
  PID:8460
- C:\Windows\System32\XZJnnjw.exe
  C:\Windows\System32\XZJnnjw.exe
  2⤵
  PID:8480
- C:\Windows\System32\BSLlLXl.exe
  C:\Windows\System32\BSLlLXl.exe
  2⤵
  PID:8516
- C:\Windows\System32\vfEDBxK.exe
  C:\Windows\System32\vfEDBxK.exe
  2⤵
  PID:8536
- C:\Windows\System32\DnGQUSi.exe
  C:\Windows\System32\DnGQUSi.exe
  2⤵
  PID:8564
- C:\Windows\System32\vxdSySi.exe
  C:\Windows\System32\vxdSySi.exe
  2⤵
  PID:8600
- C:\Windows\System32\TNztyoi.exe
  C:\Windows\System32\TNztyoi.exe
  2⤵
  PID:8648
- C:\Windows\System32\jSFlzSl.exe
  C:\Windows\System32\jSFlzSl.exe
  2⤵
  PID:8668
- C:\Windows\System32\KGOGKDu.exe
  C:\Windows\System32\KGOGKDu.exe
  2⤵
  PID:8696
- C:\Windows\System32\hBebLYI.exe
  C:\Windows\System32\hBebLYI.exe
  2⤵
  PID:8712
- C:\Windows\System32\VtAooZa.exe
  C:\Windows\System32\VtAooZa.exe
  2⤵
  PID:8760
- C:\Windows\System32\bcsBljK.exe
  C:\Windows\System32\bcsBljK.exe
  2⤵
  PID:8780
- C:\Windows\System32\OkxOGQK.exe
  C:\Windows\System32\OkxOGQK.exe
  2⤵
  PID:8800
- C:\Windows\System32\rtdKvDf.exe
  C:\Windows\System32\rtdKvDf.exe
  2⤵
  PID:8824
- C:\Windows\System32\mEsGDrI.exe
  C:\Windows\System32\mEsGDrI.exe
  2⤵
  PID:8844
- C:\Windows\System32\WJAWlde.exe
  C:\Windows\System32\WJAWlde.exe
  2⤵
  PID:8868
- C:\Windows\System32\HtzXXFw.exe
  C:\Windows\System32\HtzXXFw.exe
  2⤵
  PID:8892
- C:\Windows\System32\iktDQZN.exe
  C:\Windows\System32\iktDQZN.exe
  2⤵
  PID:8928
- C:\Windows\System32\azofPoA.exe
  C:\Windows\System32\azofPoA.exe
  2⤵
  PID:8948
- C:\Windows\System32\iaOYgKN.exe
  C:\Windows\System32\iaOYgKN.exe
  2⤵
  PID:8972
- C:\Windows\System32\nughbnd.exe
  C:\Windows\System32\nughbnd.exe
  2⤵
  PID:9004
- C:\Windows\System32\uXUhuGr.exe
  C:\Windows\System32\uXUhuGr.exe
  2⤵
  PID:9032
- C:\Windows\System32\kJKUsjl.exe
  C:\Windows\System32\kJKUsjl.exe
  2⤵
  PID:9048
- C:\Windows\System32\BsrtYwn.exe
  C:\Windows\System32\BsrtYwn.exe
  2⤵
  PID:9104
- C:\Windows\System32\EVjqFYD.exe
  C:\Windows\System32\EVjqFYD.exe
  2⤵
  PID:9136
- C:\Windows\System32\pANvqzh.exe
  C:\Windows\System32\pANvqzh.exe
  2⤵
  PID:9164
- C:\Windows\System32\LSOJsZc.exe
  C:\Windows\System32\LSOJsZc.exe
  2⤵
  PID:9180
- C:\Windows\System32\QknBmQk.exe
  C:\Windows\System32\QknBmQk.exe
  2⤵
  PID:8204
- C:\Windows\System32\CUJioBi.exe
  C:\Windows\System32\CUJioBi.exe
  2⤵
  PID:8224
- C:\Windows\System32\nLJUKdm.exe
  C:\Windows\System32\nLJUKdm.exe
  2⤵
  PID:8276
- C:\Windows\System32\zFIxcZe.exe
  C:\Windows\System32\zFIxcZe.exe
  2⤵
  PID:8348
- C:\Windows\System32\MAxcskP.exe
  C:\Windows\System32\MAxcskP.exe
  2⤵
  PID:8392
- C:\Windows\System32\daIlGTY.exe
  C:\Windows\System32\daIlGTY.exe
  2⤵
  PID:8436
- C:\Windows\System32\XCUBtSt.exe
  C:\Windows\System32\XCUBtSt.exe
  2⤵
  PID:8472
- C:\Windows\System32\AtqGdqg.exe
  C:\Windows\System32\AtqGdqg.exe
  2⤵
  PID:8544
- C:\Windows\System32\MWHwBPO.exe
  C:\Windows\System32\MWHwBPO.exe
  2⤵
  PID:8552
- C:\Windows\System32\iCLZMYm.exe
  C:\Windows\System32\iCLZMYm.exe
  2⤵
  PID:8684
- C:\Windows\System32\gAFGsCq.exe
  C:\Windows\System32\gAFGsCq.exe
  2⤵
  PID:8776
- C:\Windows\System32\zZbStAz.exe
  C:\Windows\System32\zZbStAz.exe
  2⤵
  PID:8864
- C:\Windows\System32\otYFwHQ.exe
  C:\Windows\System32\otYFwHQ.exe
  2⤵
  PID:8908
- C:\Windows\System32\xErISuS.exe
  C:\Windows\System32\xErISuS.exe
  2⤵
  PID:8064
- C:\Windows\System32\wNNuXiF.exe
  C:\Windows\System32\wNNuXiF.exe
  2⤵
  PID:9012
- C:\Windows\System32\somdiKA.exe
  C:\Windows\System32\somdiKA.exe
  2⤵
  PID:9040
- C:\Windows\System32\ktSKNru.exe
  C:\Windows\System32\ktSKNru.exe
  2⤵
  PID:9112
- C:\Windows\System32\ECcrgvJ.exe
  C:\Windows\System32\ECcrgvJ.exe
  2⤵
  PID:8060
- C:\Windows\System32\nAtSZec.exe
  C:\Windows\System32\nAtSZec.exe
  2⤵
  PID:8324
- C:\Windows\System32\TdpKphm.exe
  C:\Windows\System32\TdpKphm.exe
  2⤵
  PID:8628
- C:\Windows\System32\MojMNJh.exe
  C:\Windows\System32\MojMNJh.exe
  2⤵
  PID:8768
- C:\Windows\System32\GwGQEWb.exe
  C:\Windows\System32\GwGQEWb.exe
  2⤵
  PID:8888
- C:\Windows\System32\ZdbmqoE.exe
  C:\Windows\System32\ZdbmqoE.exe
  2⤵
  PID:9016
- C:\Windows\System32\DNAwcfS.exe
  C:\Windows\System32\DNAwcfS.exe
  2⤵
  PID:9200
- C:\Windows\System32\TZBKVpY.exe
  C:\Windows\System32\TZBKVpY.exe
  2⤵
  PID:8476
- C:\Windows\System32\wmHDioS.exe
  C:\Windows\System32\wmHDioS.exe
  2⤵
  PID:8936
- C:\Windows\System32\hXsEbse.exe
  C:\Windows\System32\hXsEbse.exe
  2⤵
  PID:9044
- C:\Windows\System32\IuJJMpx.exe
  C:\Windows\System32\IuJJMpx.exe
  2⤵
  PID:8840
- C:\Windows\System32\xcRhBmh.exe
  C:\Windows\System32\xcRhBmh.exe
  2⤵
  PID:8956
- C:\Windows\System32\sMEucUZ.exe
  C:\Windows\System32\sMEucUZ.exe
  2⤵
  PID:9240
- C:\Windows\System32\fAjtdpQ.exe
  C:\Windows\System32\fAjtdpQ.exe
  2⤵
  PID:9268
- C:\Windows\System32\wSUZOHS.exe
  C:\Windows\System32\wSUZOHS.exe
  2⤵
  PID:9288
- C:\Windows\System32\xbnaQSK.exe
  C:\Windows\System32\xbnaQSK.exe
  2⤵
  PID:9328
- C:\Windows\System32\BKHqQYG.exe
  C:\Windows\System32\BKHqQYG.exe
  2⤵
  PID:9380
- C:\Windows\System32\xzXXnJN.exe
  C:\Windows\System32\xzXXnJN.exe
  2⤵
  PID:9412
- C:\Windows\System32\LELOpuO.exe
  C:\Windows\System32\LELOpuO.exe
  2⤵
  PID:9428
- C:\Windows\System32\WOQJVoB.exe
  C:\Windows\System32\WOQJVoB.exe
  2⤵
  PID:9448
- C:\Windows\System32\OFUWHxj.exe
  C:\Windows\System32\OFUWHxj.exe
  2⤵
  PID:9484
- C:\Windows\System32\KQxxIXn.exe
  C:\Windows\System32\KQxxIXn.exe
  2⤵
  PID:9508
- C:\Windows\System32\DHrYKtt.exe
  C:\Windows\System32\DHrYKtt.exe
  2⤵
  PID:9532
- C:\Windows\System32\NsEzApD.exe
  C:\Windows\System32\NsEzApD.exe
  2⤵
  PID:9560
- C:\Windows\System32\nPizCSA.exe
  C:\Windows\System32\nPizCSA.exe
  2⤵
  PID:9588
- C:\Windows\System32\aimdJSp.exe
  C:\Windows\System32\aimdJSp.exe
  2⤵
  PID:9612
- C:\Windows\System32\YQDtOdy.exe
  C:\Windows\System32\YQDtOdy.exe
  2⤵
  PID:9636
- C:\Windows\System32\qNrsPYT.exe
  C:\Windows\System32\qNrsPYT.exe
  2⤵
  PID:9664
- C:\Windows\System32\duZFmcV.exe
  C:\Windows\System32\duZFmcV.exe
  2⤵
  PID:9688
- C:\Windows\System32\WNfYUkH.exe
  C:\Windows\System32\WNfYUkH.exe
  2⤵
  PID:9708
- C:\Windows\System32\BSpaBPT.exe
  C:\Windows\System32\BSpaBPT.exe
  2⤵
  PID:9736
- C:\Windows\System32\dZMykpx.exe
  C:\Windows\System32\dZMykpx.exe
  2⤵
  PID:9756
- C:\Windows\System32\jDSmice.exe
  C:\Windows\System32\jDSmice.exe
  2⤵
  PID:9808
- C:\Windows\System32\jrAqsBj.exe
  C:\Windows\System32\jrAqsBj.exe
  2⤵
  PID:9848
- C:\Windows\System32\tgbZilQ.exe
  C:\Windows\System32\tgbZilQ.exe
  2⤵
  PID:9872
- C:\Windows\System32\hpUPjMy.exe
  C:\Windows\System32\hpUPjMy.exe
  2⤵
  PID:9896
- C:\Windows\System32\lKhGjXh.exe
  C:\Windows\System32\lKhGjXh.exe
  2⤵
  PID:9916
- C:\Windows\System32\kmtcbTW.exe
  C:\Windows\System32\kmtcbTW.exe
  2⤵
  PID:9952
- C:\Windows\System32\boScJyF.exe
  C:\Windows\System32\boScJyF.exe
  2⤵
  PID:9972
- C:\Windows\System32\UFnlxJh.exe
  C:\Windows\System32\UFnlxJh.exe
  2⤵
  PID:10000
- C:\Windows\System32\ecWhFGY.exe
  C:\Windows\System32\ecWhFGY.exe
  2⤵
  PID:10020
- C:\Windows\System32\okksikP.exe
  C:\Windows\System32\okksikP.exe
  2⤵
  PID:10072
- C:\Windows\System32\eZfschZ.exe
  C:\Windows\System32\eZfschZ.exe
  2⤵
  PID:10228
- C:\Windows\System32\OWJiaxD.exe
  C:\Windows\System32\OWJiaxD.exe
  2⤵
  PID:8528
- C:\Windows\System32\LbsmgJh.exe
  C:\Windows\System32\LbsmgJh.exe
  2⤵
  PID:9304
- C:\Windows\System32\KYqjBcD.exe
  C:\Windows\System32\KYqjBcD.exe
  2⤵
  PID:9348
- C:\Windows\System32\dkWzeEK.exe
  C:\Windows\System32\dkWzeEK.exe
  2⤵
  PID:9420
- C:\Windows\System32\lXuKfEe.exe
  C:\Windows\System32\lXuKfEe.exe
  2⤵
  PID:9492
- C:\Windows\System32\wEJSjOV.exe
  C:\Windows\System32\wEJSjOV.exe
  2⤵
  PID:9500
- C:\Windows\System32\TeLsucb.exe
  C:\Windows\System32\TeLsucb.exe
  2⤵
  PID:9600
- C:\Windows\System32\NjCpgiv.exe
  C:\Windows\System32\NjCpgiv.exe
  2⤵
  PID:9644
- C:\Windows\System32\weImmxf.exe
  C:\Windows\System32\weImmxf.exe
  2⤵
  PID:9752
- C:\Windows\System32\eIicAzT.exe
  C:\Windows\System32\eIicAzT.exe
  2⤵
  PID:9800
- C:\Windows\System32\mkwKjKy.exe
  C:\Windows\System32\mkwKjKy.exe
  2⤵
  PID:9880
- C:\Windows\System32\sHjsJHG.exe
  C:\Windows\System32\sHjsJHG.exe
  2⤵
  PID:9948
- C:\Windows\System32\hxWETHw.exe
  C:\Windows\System32\hxWETHw.exe
  2⤵
  PID:10008
- C:\Windows\System32\UkwMtbc.exe
  C:\Windows\System32\UkwMtbc.exe
  2⤵
  PID:10068
- C:\Windows\System32\qYNCbyZ.exe
  C:\Windows\System32\qYNCbyZ.exe
  2⤵
  PID:10108
- C:\Windows\System32\MvfkWmh.exe
  C:\Windows\System32\MvfkWmh.exe
  2⤵
  PID:10156
- C:\Windows\System32\zIvWRWE.exe
  C:\Windows\System32\zIvWRWE.exe
  2⤵
  PID:10172
- C:\Windows\System32\THyMSvZ.exe
  C:\Windows\System32\THyMSvZ.exe
  2⤵
  PID:10040
- C:\Windows\System32\jzQsiWT.exe
  C:\Windows\System32\jzQsiWT.exe
  2⤵
  PID:10204
- C:\Windows\System32\wzbNPcy.exe
  C:\Windows\System32\wzbNPcy.exe
  2⤵
  PID:9408
- C:\Windows\System32\GEfSyiA.exe
  C:\Windows\System32\GEfSyiA.exe
  2⤵
  PID:9460
- C:\Windows\System32\ENbuoPz.exe
  C:\Windows\System32\ENbuoPz.exe
  2⤵
  PID:9572
- C:\Windows\System32\BTlhdxC.exe
  C:\Windows\System32\BTlhdxC.exe
  2⤵
  PID:9700
- C:\Windows\System32\RfHpHfq.exe
  C:\Windows\System32\RfHpHfq.exe
  2⤵
  PID:9836
- C:\Windows\System32\QpedaXA.exe
  C:\Windows\System32\QpedaXA.exe
  2⤵
  PID:10064
- C:\Windows\System32\ICCuWqb.exe
  C:\Windows\System32\ICCuWqb.exe
  2⤵
  PID:10140
- C:\Windows\System32\vLPdWzW.exe
  C:\Windows\System32\vLPdWzW.exe
  2⤵
  PID:10192
- C:\Windows\System32\RrClQTJ.exe
  C:\Windows\System32\RrClQTJ.exe
  2⤵
  PID:8368
- C:\Windows\System32\NzBQrXx.exe
  C:\Windows\System32\NzBQrXx.exe
  2⤵
  PID:9528
- C:\Windows\System32\IKTALGB.exe
  C:\Windows\System32\IKTALGB.exe
  2⤵
  PID:9988
- C:\Windows\System32\yjQAgFz.exe
  C:\Windows\System32\yjQAgFz.exe
  2⤵
  PID:10032
- C:\Windows\System32\SliLJke.exe
  C:\Windows\System32\SliLJke.exe
  2⤵
  PID:10244
- C:\Windows\System32\GSAJwUi.exe
  C:\Windows\System32\GSAJwUi.exe
  2⤵
  PID:10280
- C:\Windows\System32\XtgcHAk.exe
  C:\Windows\System32\XtgcHAk.exe
  2⤵
  PID:10304
- C:\Windows\System32\eWqmwRx.exe
  C:\Windows\System32\eWqmwRx.exe
  2⤵
  PID:10320
- C:\Windows\System32\uKbRwCc.exe
  C:\Windows\System32\uKbRwCc.exe
  2⤵
  PID:10344
- C:\Windows\System32\TPkqLvb.exe
  C:\Windows\System32\TPkqLvb.exe
  2⤵
  PID:10372
- C:\Windows\System32\vuHtguj.exe
  C:\Windows\System32\vuHtguj.exe
  2⤵
  PID:10396
- C:\Windows\System32\VIvjAzJ.exe
  C:\Windows\System32\VIvjAzJ.exe
  2⤵
  PID:10416
- C:\Windows\System32\GEUWMtK.exe
  C:\Windows\System32\GEUWMtK.exe
  2⤵
  PID:10444
- C:\Windows\System32\YGxjSMh.exe
  C:\Windows\System32\YGxjSMh.exe
  2⤵
  PID:10496
- C:\Windows\System32\MoXRLjI.exe
  C:\Windows\System32\MoXRLjI.exe
  2⤵
  PID:10528
- C:\Windows\System32\oDqkffN.exe
  C:\Windows\System32\oDqkffN.exe
  2⤵
  PID:10576
- C:\Windows\System32\ImRiYTS.exe
  C:\Windows\System32\ImRiYTS.exe
  2⤵
  PID:10592
- C:\Windows\System32\mqjtGVh.exe
  C:\Windows\System32\mqjtGVh.exe
  2⤵
  PID:10628
- C:\Windows\System32\UzqXBcp.exe
  C:\Windows\System32\UzqXBcp.exe
  2⤵
  PID:10676
- C:\Windows\System32\kdjzpOl.exe
  C:\Windows\System32\kdjzpOl.exe
  2⤵
  PID:10764
- C:\Windows\System32\JCvpNrC.exe
  C:\Windows\System32\JCvpNrC.exe
  2⤵
  PID:10780
- C:\Windows\System32\sMnrWEs.exe
  C:\Windows\System32\sMnrWEs.exe
  2⤵
  PID:10796
- C:\Windows\System32\yfMOyVJ.exe
  C:\Windows\System32\yfMOyVJ.exe
  2⤵
  PID:10844
- C:\Windows\System32\bxYyfWd.exe
  C:\Windows\System32\bxYyfWd.exe
  2⤵
  PID:10864
- C:\Windows\System32\gYaSKxZ.exe
  C:\Windows\System32\gYaSKxZ.exe
  2⤵
  PID:10888
- C:\Windows\System32\VVidLmq.exe
  C:\Windows\System32\VVidLmq.exe
  2⤵
  PID:10928
- C:\Windows\System32\MqxHrNo.exe
  C:\Windows\System32\MqxHrNo.exe
  2⤵
  PID:10948
- C:\Windows\System32\RTZYSGv.exe
  C:\Windows\System32\RTZYSGv.exe
  2⤵
  PID:10968
- C:\Windows\System32\JDUIgVo.exe
  C:\Windows\System32\JDUIgVo.exe
  2⤵
  PID:10992
- C:\Windows\System32\nxKhCdp.exe
  C:\Windows\System32\nxKhCdp.exe
  2⤵
  PID:11008
- C:\Windows\System32\xkPjjtn.exe
  C:\Windows\System32\xkPjjtn.exe
  2⤵
  PID:11060
- C:\Windows\System32\VQRhova.exe
  C:\Windows\System32\VQRhova.exe
  2⤵
  PID:11104
- C:\Windows\System32\VKCpcMe.exe
  C:\Windows\System32\VKCpcMe.exe
  2⤵
  PID:11132
- C:\Windows\System32\NNmhOHa.exe
  C:\Windows\System32\NNmhOHa.exe
  2⤵
  PID:11172
- C:\Windows\System32\chxmlrK.exe
  C:\Windows\System32\chxmlrK.exe
  2⤵
  PID:11188
- C:\Windows\System32\MnPJnFp.exe
  C:\Windows\System32\MnPJnFp.exe
  2⤵
  PID:11204
- C:\Windows\System32\gEgEWlc.exe
  C:\Windows\System32\gEgEWlc.exe
  2⤵
  PID:11224
- C:\Windows\System32\gUUUaRq.exe
  C:\Windows\System32\gUUUaRq.exe
  2⤵
  PID:11248
- C:\Windows\System32\VTrlfxd.exe
  C:\Windows\System32\VTrlfxd.exe
  2⤵
  PID:10176
- C:\Windows\System32\rwAMaPw.exe
  C:\Windows\System32\rwAMaPw.exe
  2⤵
  PID:10268
- C:\Windows\System32\yitLsnF.exe
  C:\Windows\System32\yitLsnF.exe
  2⤵
  PID:10340
- C:\Windows\System32\QMwKsvt.exe
  C:\Windows\System32\QMwKsvt.exe
  2⤵
  PID:10424
- C:\Windows\System32\iUVbTZE.exe
  C:\Windows\System32\iUVbTZE.exe
  2⤵
  PID:10452
- C:\Windows\System32\sPcbSka.exe
  C:\Windows\System32\sPcbSka.exe
  2⤵
  PID:10432
- C:\Windows\System32\OkRxKsj.exe
  C:\Windows\System32\OkRxKsj.exe
  2⤵
  PID:10564
- C:\Windows\System32\VfEpZwv.exe
  C:\Windows\System32\VfEpZwv.exe
  2⤵
  PID:10664
- C:\Windows\System32\ZgzmOLL.exe
  C:\Windows\System32\ZgzmOLL.exe
  2⤵
  PID:10724
- C:\Windows\System32\xHKAnzu.exe
  C:\Windows\System32\xHKAnzu.exe
  2⤵
  PID:10752
- C:\Windows\System32\tTIdWTK.exe
  C:\Windows\System32\tTIdWTK.exe
  2⤵
  PID:10776
- C:\Windows\System32\YOtwhqq.exe
  C:\Windows\System32\YOtwhqq.exe
  2⤵
  PID:10852
- C:\Windows\System32\vdodMsY.exe
  C:\Windows\System32\vdodMsY.exe
  2⤵
  PID:10900
- C:\Windows\System32\vpZdfeu.exe
  C:\Windows\System32\vpZdfeu.exe
  2⤵
  PID:10984
- C:\Windows\System32\VZIaitS.exe
  C:\Windows\System32\VZIaitS.exe
  2⤵
  PID:11028
- C:\Windows\System32\ZDDwhnX.exe
  C:\Windows\System32\ZDDwhnX.exe
  2⤵
  PID:11116
- C:\Windows\System32\jrYLCoG.exe
  C:\Windows\System32\jrYLCoG.exe
  2⤵
  PID:11156
- C:\Windows\System32\SBwysjc.exe
  C:\Windows\System32\SBwysjc.exe
  2⤵
  PID:11244
- C:\Windows\System32\dxWHRxA.exe
  C:\Windows\System32\dxWHRxA.exe
  2⤵
  PID:10252
- C:\Windows\System32\fEzxHZo.exe
  C:\Windows\System32\fEzxHZo.exe
  2⤵
  PID:10312
- C:\Windows\System32\hwSdqen.exe
  C:\Windows\System32\hwSdqen.exe
  2⤵
  PID:10504
- C:\Windows\System32\AHoDYEh.exe
  C:\Windows\System32\AHoDYEh.exe
  2⤵
  PID:10700
- C:\Windows\System32\WgvUQdJ.exe
  C:\Windows\System32\WgvUQdJ.exe
  2⤵
  PID:10736
- C:\Windows\System32\ULurYyD.exe
  C:\Windows\System32\ULurYyD.exe
  2⤵
  PID:10976
- C:\Windows\System32\hBlSImj.exe
  C:\Windows\System32\hBlSImj.exe
  2⤵
  PID:11196
- C:\Windows\System32\wwQwMoY.exe
  C:\Windows\System32\wwQwMoY.exe
  2⤵
  PID:9992
- C:\Windows\System32\EOooRnB.exe
  C:\Windows\System32\EOooRnB.exe
  2⤵
  PID:10692
- C:\Windows\System32\FmkygVm.exe
  C:\Windows\System32\FmkygVm.exe
  2⤵
  PID:10856
- C:\Windows\System32\xBghLFa.exe
  C:\Windows\System32\xBghLFa.exe
  2⤵
  PID:11080
- C:\Windows\System32\xdCrcqZ.exe
  C:\Windows\System32\xdCrcqZ.exe
  2⤵
  PID:10608
- C:\Windows\System32\wNBOURT.exe
  C:\Windows\System32\wNBOURT.exe
  2⤵
  PID:11212
- C:\Windows\System32\EcrgRIj.exe
  C:\Windows\System32\EcrgRIj.exe
  2⤵
  PID:11280
- C:\Windows\System32\zkrESgU.exe
  C:\Windows\System32\zkrESgU.exe
  2⤵
  PID:11304
- C:\Windows\System32\JnvjAGC.exe
  C:\Windows\System32\JnvjAGC.exe
  2⤵
  PID:11336
- C:\Windows\System32\aseOOpY.exe
  C:\Windows\System32\aseOOpY.exe
  2⤵
  PID:11352
- C:\Windows\System32\wxPtGEA.exe
  C:\Windows\System32\wxPtGEA.exe
  2⤵
  PID:11376
- C:\Windows\System32\hOjUSKT.exe
  C:\Windows\System32\hOjUSKT.exe
  2⤵
  PID:11400
- C:\Windows\System32\ERqdKMG.exe
  C:\Windows\System32\ERqdKMG.exe
  2⤵
  PID:11448
- C:\Windows\System32\FrZXyru.exe
  C:\Windows\System32\FrZXyru.exe
  2⤵
  PID:11480
- C:\Windows\System32\uFIOlqs.exe
  C:\Windows\System32\uFIOlqs.exe
  2⤵
  PID:11508
- C:\Windows\System32\ZIaCrcL.exe
  C:\Windows\System32\ZIaCrcL.exe
  2⤵
  PID:11536
- C:\Windows\System32\TtcMEyr.exe
  C:\Windows\System32\TtcMEyr.exe
  2⤵
  PID:11564
- C:\Windows\System32\zffKPJJ.exe
  C:\Windows\System32\zffKPJJ.exe
  2⤵
  PID:11584
- C:\Windows\System32\EFlNsEs.exe
  C:\Windows\System32\EFlNsEs.exe
  2⤵
  PID:11608
- C:\Windows\System32\JqMMDIB.exe
  C:\Windows\System32\JqMMDIB.exe
  2⤵
  PID:11644
- C:\Windows\System32\rlePUCO.exe
  C:\Windows\System32\rlePUCO.exe
  2⤵
  PID:11684
- C:\Windows\System32\WkYeBIl.exe
  C:\Windows\System32\WkYeBIl.exe
  2⤵
  PID:11704
- C:\Windows\System32\vGAfypJ.exe
  C:\Windows\System32\vGAfypJ.exe
  2⤵
  PID:11728
- C:\Windows\System32\uqaiSqi.exe
  C:\Windows\System32\uqaiSqi.exe
  2⤵
  PID:11752
- C:\Windows\System32\MQbUgCq.exe
  C:\Windows\System32\MQbUgCq.exe
  2⤵
  PID:11780
- C:\Windows\System32\MIBSnek.exe
  C:\Windows\System32\MIBSnek.exe
  2⤵
  PID:11828
- C:\Windows\System32\mGouujI.exe
  C:\Windows\System32\mGouujI.exe
  2⤵
  PID:11848
- C:\Windows\System32\dUxEaxS.exe
  C:\Windows\System32\dUxEaxS.exe
  2⤵
  PID:11876
- C:\Windows\System32\NUJZcbl.exe
  C:\Windows\System32\NUJZcbl.exe
  2⤵
  PID:11892
- C:\Windows\System32\Ujekobe.exe
  C:\Windows\System32\Ujekobe.exe
  2⤵
  PID:11920
- C:\Windows\System32\FsZozHq.exe
  C:\Windows\System32\FsZozHq.exe
  2⤵
  PID:11936
- C:\Windows\System32\vUjDPWe.exe
  C:\Windows\System32\vUjDPWe.exe
  2⤵
  PID:11956
- C:\Windows\System32\vVPDrVh.exe
  C:\Windows\System32\vVPDrVh.exe
  2⤵
  PID:11984
- C:\Windows\System32\uiKMfqh.exe
  C:\Windows\System32\uiKMfqh.exe
  2⤵
  PID:12000
- C:\Windows\System32\snVHAxZ.exe
  C:\Windows\System32\snVHAxZ.exe
  2⤵
  PID:12028
- C:\Windows\System32\DSxUIhn.exe
  C:\Windows\System32\DSxUIhn.exe
  2⤵
  PID:12076
- C:\Windows\System32\WEdJQtb.exe
  C:\Windows\System32\WEdJQtb.exe
  2⤵
  PID:12140
- C:\Windows\System32\yjvpGfX.exe
  C:\Windows\System32\yjvpGfX.exe
  2⤵
  PID:12164
- C:\Windows\System32\yFcygBx.exe
  C:\Windows\System32\yFcygBx.exe
  2⤵
  PID:12184
- C:\Windows\System32\Jpurext.exe
  C:\Windows\System32\Jpurext.exe
  2⤵
  PID:12204
- C:\Windows\System32\YrfOZTo.exe
  C:\Windows\System32\YrfOZTo.exe
  2⤵
  PID:12220
- C:\Windows\System32\FzLSPxm.exe
  C:\Windows\System32\FzLSPxm.exe
  2⤵
  PID:12240
- C:\Windows\System32\NqZgNCB.exe
  C:\Windows\System32\NqZgNCB.exe
  2⤵
  PID:12276
- C:\Windows\System32\YLGAeWm.exe
  C:\Windows\System32\YLGAeWm.exe
  2⤵
  PID:11296
- C:\Windows\System32\EKsFiWq.exe
  C:\Windows\System32\EKsFiWq.exe
  2⤵
  PID:11372
- C:\Windows\System32\bRRmTJq.exe
  C:\Windows\System32\bRRmTJq.exe
  2⤵
  PID:11392
- C:\Windows\System32\xENgblp.exe
  C:\Windows\System32\xENgblp.exe
  2⤵
  PID:11468
- C:\Windows\System32\DFgugmw.exe
  C:\Windows\System32\DFgugmw.exe
  2⤵
  PID:11516
- C:\Windows\System32\vMJqeuh.exe
  C:\Windows\System32\vMJqeuh.exe
  2⤵
  PID:11552
- C:\Windows\System32\dRblbqL.exe
  C:\Windows\System32\dRblbqL.exe
  2⤵
  PID:11640
- C:\Windows\System32\hwyyopC.exe
  C:\Windows\System32\hwyyopC.exe
  2⤵
  PID:11740
- C:\Windows\System32\SSUVBrU.exe
  C:\Windows\System32\SSUVBrU.exe
  2⤵
  PID:11820
- C:\Windows\System32\FgMvyOr.exe
  C:\Windows\System32\FgMvyOr.exe
  2⤵
  PID:11856
- C:\Windows\System32\TnuurCq.exe
  C:\Windows\System32\TnuurCq.exe
  2⤵
  PID:2152
- C:\Windows\System32\AKlymxy.exe
  C:\Windows\System32\AKlymxy.exe
  2⤵
  PID:12012
- C:\Windows\System32\eNWIilr.exe
  C:\Windows\System32\eNWIilr.exe
  2⤵
  PID:3256
- C:\Windows\System32\BqVdgNN.exe
  C:\Windows\System32\BqVdgNN.exe
  2⤵
  PID:12088
- C:\Windows\System32\VoxDGHA.exe
  C:\Windows\System32\VoxDGHA.exe
  2⤵
  PID:12232
- C:\Windows\System32\GeCeFkE.exe
  C:\Windows\System32\GeCeFkE.exe
  2⤵
  PID:11312
- C:\Windows\System32\CijgTuS.exe
  C:\Windows\System32\CijgTuS.exe
  2⤵
  PID:11600
- C:\Windows\System32\xdCvQzZ.exe
  C:\Windows\System32\xdCvQzZ.exe
  2⤵
  PID:11864
- C:\Windows\System32\XVnAjKL.exe
  C:\Windows\System32\XVnAjKL.exe
  2⤵
  PID:11904
- C:\Windows\System32\FIjqMbg.exe
  C:\Windows\System32\FIjqMbg.exe
  2⤵
  PID:11964
- C:\Windows\System32\UNLFqNd.exe
  C:\Windows\System32\UNLFqNd.exe
  2⤵
  PID:12268
- C:\Windows\System32\GlqVwKx.exe
  C:\Windows\System32\GlqVwKx.exe
  2⤵
  PID:11676
- C:\Windows\System32\ajxnJmm.exe
  C:\Windows\System32\ajxnJmm.exe
  2⤵
  PID:12008
- C:\Windows\System32\DGmZGjZ.exe
  C:\Windows\System32\DGmZGjZ.exe
  2⤵
  PID:12200
- C:\Windows\System32\egrDkqL.exe
  C:\Windows\System32\egrDkqL.exe
  2⤵
  PID:10436
- C:\Windows\System32\GEUwpHY.exe
  C:\Windows\System32\GEUwpHY.exe
  2⤵
  PID:12308
- C:\Windows\System32\PfgKZQL.exe
  C:\Windows\System32\PfgKZQL.exe
  2⤵
  PID:12332
- C:\Windows\System32\qNkpkFz.exe
  C:\Windows\System32\qNkpkFz.exe
  2⤵
  PID:12360
- C:\Windows\System32\PEVSlPZ.exe
  C:\Windows\System32\PEVSlPZ.exe
  2⤵
  PID:12384
- C:\Windows\System32\EkQlSZZ.exe
  C:\Windows\System32\EkQlSZZ.exe
  2⤵
  PID:12416
- C:\Windows\System32\UDLPdzB.exe
  C:\Windows\System32\UDLPdzB.exe
  2⤵
  PID:12456
- C:\Windows\System32\acSjZkb.exe
  C:\Windows\System32\acSjZkb.exe
  2⤵
  PID:12480
- C:\Windows\System32\PFVMGrL.exe
  C:\Windows\System32\PFVMGrL.exe
  2⤵
  PID:12500
- C:\Windows\System32\dlrqEMA.exe
  C:\Windows\System32\dlrqEMA.exe
  2⤵
  PID:12528
- C:\Windows\System32\hCQMxOk.exe
  C:\Windows\System32\hCQMxOk.exe
  2⤵
  PID:12564
- C:\Windows\System32\lgHyaBS.exe
  C:\Windows\System32\lgHyaBS.exe
  2⤵
  PID:12608
- C:\Windows\System32\DOASfpH.exe
  C:\Windows\System32\DOASfpH.exe
  2⤵
  PID:12628
- C:\Windows\System32\aiAYsmD.exe
  C:\Windows\System32\aiAYsmD.exe
  2⤵
  PID:12648
- C:\Windows\System32\ohgxBSE.exe
  C:\Windows\System32\ohgxBSE.exe
  2⤵
  PID:12672
- C:\Windows\System32\EKytTHE.exe
  C:\Windows\System32\EKytTHE.exe
  2⤵
  PID:12692
- C:\Windows\System32\ClfNbdd.exe
  C:\Windows\System32\ClfNbdd.exe
  2⤵
  PID:12708
- C:\Windows\System32\dPsiwiZ.exe
  C:\Windows\System32\dPsiwiZ.exe
  2⤵
  PID:12748
- C:\Windows\System32\fyvgwiD.exe
  C:\Windows\System32\fyvgwiD.exe
  2⤵
  PID:12788
- C:\Windows\System32\mlWMlAJ.exe
  C:\Windows\System32\mlWMlAJ.exe
  2⤵
  PID:12816
- C:\Windows\System32\LrfMPDR.exe
  C:\Windows\System32\LrfMPDR.exe
  2⤵
  PID:12852
- C:\Windows\System32\lDjILUS.exe
  C:\Windows\System32\lDjILUS.exe
  2⤵
  PID:12892
- C:\Windows\System32\DCTElLs.exe
  C:\Windows\System32\DCTElLs.exe
  2⤵
  PID:12912
- C:\Windows\System32\CAMPmfU.exe
  C:\Windows\System32\CAMPmfU.exe
  2⤵
  PID:12948
- C:\Windows\System32\yOLuUFf.exe
  C:\Windows\System32\yOLuUFf.exe
  2⤵
  PID:12968
- C:\Windows\System32\snFJCEr.exe
  C:\Windows\System32\snFJCEr.exe
  2⤵
  PID:12988
- C:\Windows\System32\wVpRWyv.exe
  C:\Windows\System32\wVpRWyv.exe
  2⤵
  PID:13004
- C:\Windows\System32\gvJLjvj.exe
  C:\Windows\System32\gvJLjvj.exe
  2⤵
  PID:13028
- C:\Windows\System32\nNfFvnO.exe
  C:\Windows\System32\nNfFvnO.exe
  2⤵
  PID:13048
- C:\Windows\System32\lRpBIAf.exe
  C:\Windows\System32\lRpBIAf.exe
  2⤵
  PID:13064
- C:\Windows\System32\cEklZvI.exe
  C:\Windows\System32\cEklZvI.exe
  2⤵
  PID:13112
- C:\Windows\System32\lfTwtPg.exe
  C:\Windows\System32\lfTwtPg.exe
  2⤵
  PID:13152
- C:\Windows\System32\uniWggX.exe
  C:\Windows\System32\uniWggX.exe
  2⤵
  PID:13192
- C:\Windows\System32\qKeYUyn.exe
  C:\Windows\System32\qKeYUyn.exe
  2⤵
  PID:13228
- C:\Windows\System32\xBnjImg.exe
  C:\Windows\System32\xBnjImg.exe
  2⤵
  PID:13244
- C:\Windows\System32\cKGtYcG.exe
  C:\Windows\System32\cKGtYcG.exe
  2⤵
  PID:13268
- C:\Windows\System32\rcYXWIj.exe
  C:\Windows\System32\rcYXWIj.exe
  2⤵
  PID:13292
- C:\Windows\System32\ZqPcDVC.exe
  C:\Windows\System32\ZqPcDVC.exe
  2⤵
  PID:12316
- C:\Windows\System32\OZMwlPb.exe
  C:\Windows\System32\OZMwlPb.exe
  2⤵
  PID:12348
- C:\Windows\System32\VWidPcr.exe
  C:\Windows\System32\VWidPcr.exe
  2⤵
  PID:3700
- C:\Windows\System32\GihirYa.exe
  C:\Windows\System32\GihirYa.exe
  2⤵
  PID:12396
- C:\Windows\System32\WuElGpP.exe
  C:\Windows\System32\WuElGpP.exe
  2⤵
  PID:12512
- C:\Windows\System32\xOSIJeQ.exe
  C:\Windows\System32\xOSIJeQ.exe
  2⤵
  PID:12620
- C:\Windows\System32\exfQvPn.exe
  C:\Windows\System32\exfQvPn.exe
  2⤵
  PID:12704
- C:\Windows\System32\GLrVChn.exe
  C:\Windows\System32\GLrVChn.exe
  2⤵
  PID:12732
- C:\Windows\System32\SqNouTr.exe
  C:\Windows\System32\SqNouTr.exe
  2⤵
  PID:12772
- C:\Windows\System32\oghLLJJ.exe
  C:\Windows\System32\oghLLJJ.exe
  2⤵
  PID:12832
- C:\Windows\System32\hQfiiMH.exe
  C:\Windows\System32\hQfiiMH.exe
  2⤵
  PID:12904
- C:\Windows\System32\lDZbYrL.exe
  C:\Windows\System32\lDZbYrL.exe
  2⤵
  PID:12996

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BgUCvlg.exe

Filesize
1.7MB

MD5
259074354e89ba770b8ba6278a1a0f40

SHA1
42314c75668366319f4e38ecd80da9030891d00b

SHA256
89c97ed04a94c4211f475ac9ad8dbb8280483d2a5e83fab6d15ceacbbabd407d

SHA512
aa8ed8175d1fe85f7ad22d2511ec28fc315152f24fad41bb55d6ce8c1909996d3314edf9bd66e6fd4d72a9e4f96cce16293287c85bc1a966d4e490a813949fa4

Download Submit
C:\Windows\System32\ESZQnTY.exe

Filesize
1.7MB

MD5
2dc26556d32f638a88161cf9bf296049

SHA1
f780d23bd0fe9179e7a6b993e086a1d94adfce5a

SHA256
b6a069f9b493396104431905a420b898aa7c7a69802ef6d154bc15d0ad66030c

SHA512
af7d1e53d830503746b5d30f447b2aabc29197c42d18d3e4f5a3b3e9dc669985acd9dd994c637c153e497aa63034cda934a079822bb322015f3b9c9334d0e133

Download Submit
C:\Windows\System32\EydbaeK.exe

Filesize
1.7MB

MD5
a727e4cb9436bda7f2ffd87c183a5c11

SHA1
384d18aba44429152228db4338892977194c9b55

SHA256
d6e2df1ccf34f79f08c96ecbc8e29a3631d5d1292fffc9d234e849ac44a6ce9a

SHA512
00c14b40ee03819ffcc6bca0b272c0492c5a07159d74f25423b1f33becd877a6548ee747723f4314492f274352529810ce1d52900f388f4190c93126dbc772bb

Download Submit
C:\Windows\System32\FONRKri.exe

Filesize
1.7MB

MD5
e84a63b053faa2083d946604eeaa2c11

SHA1
f8a6b40d76485c6ccba42701dd61e96a0fd1f85c

SHA256
f36c6fcd6c6a3e8df2004d6383a65ce02ae9958d0402540a41d3232355bc7e2f

SHA512
f896312942060f596a306c18be7475b528f48ec7e10b0ca3283c688c6e629a64b0dd39cdf4f504ef4eb3c5ef777ed457af0604e223d8f980a20daa1d4081fd75

Download Submit
C:\Windows\System32\JmMybMA.exe

Filesize
1.7MB

MD5
897019a25206fe39d6147ea29d34ad06

SHA1
4ba0f94608d0fe8aa7a62b88f76285c8458633b6

SHA256
a9435e069e1cafaf067a655eb14659675441a7baf72748773c8a9edb917fa56c

SHA512
f5d8d21b0e613597afc9bdda2751ed518808650e848b70549c193655f039387f51c6493a91f92bd728ae71365c73de2f5c115df7fccc29945c30794fa6832854

Download Submit
C:\Windows\System32\MrejCyM.exe

Filesize
1.7MB

MD5
31e1b6f033fbaa0ff16d69520013ff7c

SHA1
0b595a2dee79faf19795db9d42f5285167b2f619

SHA256
e24a22a125a9ba355bc65869c06f69ed6b15ae95450418f61e50cf2d1e600826

SHA512
9309eef603fce268255057223bd174d71b4f2224a5a7b6c672df1c3c5f9f258bc8f6cef2862ab29cfb0fe272b37edf73e9f51ded54b36bfdac2eeb8fa1a1aa8e

Download Submit
C:\Windows\System32\NPgytLf.exe

Filesize
1.7MB

MD5
85e9e85d56bb667d13b1237ca623d499

SHA1
fd91f58413eefe6e469bcbba11782c53641a1d03

SHA256
e916804437ea86fc9c2afee9b2a37fa0ce1e51715feb5c5f81851dfbe9ebc1aa

SHA512
5fa086a536ceec68673308ceb6190c2ee0105cd1c4d164a305d230c3e43bce042d5a77a863ba76e3a47542f5376d2f50c052d33e2232a1b36705137d2b72ac42

Download Submit
C:\Windows\System32\OdcTWoL.exe

Filesize
1.7MB

MD5
2a22b0cdf06ca8903986d8c8bbeeacfc

SHA1
7324454af695e7149bed93157d801d8193d443c9

SHA256
899803a9c334d44c6adbeeb8a584a1047b7ae771922096c0b4b3717863a9e7b8

SHA512
d53eaed8ae94ad4c91b9c2b3483af106ff8b9f3ed4903387bce1a11614708ac263c635bab81b8ddaec530820af65dd2fc322f7f9682e26a2905c2c7e18f05c78

Download Submit
C:\Windows\System32\PnDEUmg.exe

Filesize
1.7MB

MD5
d0e46cb49310ef370fcd3d7f10029df2

SHA1
a528158ef741d68cb79fa02ed1b48e895705293f

SHA256
143ae7162da3cfb38c36ee729f34cbdcbb4b850b1e61ff1ed17d0ea017c0ced8

SHA512
f8a2bc479c6a734f40dcd3565a28a84d2121ef345f408ac8563d3bd30364e8d11d96151621d6af0ea937ca9acfd209b41b5981796a8402e47f4446585a6b02e0

Download Submit
C:\Windows\System32\RfltvBt.exe

Filesize
1.7MB

MD5
3f04d0b6145ee9964e133507ac1eb28f

SHA1
70cbba5c55661136ebda593d3d33608c9c2cd638

SHA256
a0242869e1bba8a5f69c7a97ea9b9870cda6f29d03842e8408b0b4ff1ab76604

SHA512
47517812b9eb00c0721391d067fe31259f0d3b36cd2fb4ec12178d8af746078f9184553af042434a58c19e5232ddd62e758d1d3abd54a01da8c8450106c90c4c

Download Submit
C:\Windows\System32\TLGYQIl.exe

Filesize
1.7MB

MD5
1ec9e2d7e0b13e74bed97b2165f4d73e

SHA1
1b793cdeadcfa3905e21d961d1b069bd312ebd19

SHA256
327c5bf6e0f4288a84d383e0e0e080f3b86778ee7922215ac827196bb69ded80

SHA512
c97df75ae45e7e3c6556f0e1756f4449fad0d584c40da567dd86a3200727f4b15b20340e07560617811fb3ce303ee3acf11c3bf19fd72aafda2837e06cc962e7

Download Submit
C:\Windows\System32\TaHKWPT.exe

Filesize
1.7MB

MD5
3b37665b45b4e4e663e76a972c04abf9

SHA1
63ee16ae236c184d771eb6794b99ebf516a605f1

SHA256
e80f5f1152306fe065b5d2a92761973084c4e837147a8e4acb81aa49f65bc1e1

SHA512
4503dc32e9e78eccea98a80634f693055aeefc2e92b079f0de8b82bb090ed14867fd0d997c4e66c7c502365eecc0a8403ee1df98e7898e53a0411c824d020fed

Download Submit
C:\Windows\System32\WIFNSpT.exe

Filesize
1.7MB

MD5
86e319b50d110d3e3bd136ecc979d520

SHA1
8600805c5d5067b4799ffce72295c13764ac82cb

SHA256
d5a99ae88b6be087f9c810836f8608aef866de876957f178335a9f14a4e8ef53

SHA512
226fe678bb4cf46ef18fe157adff77d36b310d3bfb4d658383389bc4c83cd922f98bbf37ffe49da39e1e9caf4757d67b0c8e53f737cab58696834257b0f5cbd9

Download Submit
C:\Windows\System32\WRiejhu.exe

Filesize
1.7MB

MD5
b47970ece06df5e417f0ae6c23124b0b

SHA1
8c23c92167af62ce6f4e4741f619eb670c4f236b

SHA256
ae3c3b4706733256b26cec7b3f0e4bb35f0e3587d772566c421f035bf657b2db

SHA512
ae350c9b96da7c24f8ea98ccc65a39b49b82fdde45daa1f057b8f000a56be725557c87fda352536b6e4f123f0ffeb60b25da853e0dfb2bde047d95805130855b

Download Submit
C:\Windows\System32\WTPbGdz.exe

Filesize
1.7MB

MD5
189f035244567e1c83219fa7a7a6d9d8

SHA1
120e49fd325a851ffd25ed5d76134d07ec726f00

SHA256
230efb6a353f7f4072344e0f935728a7d82d9d1545db91210b8d6aaaff7f0a7a

SHA512
3aba4cf848bd8fca536f9b9f1febebc68ac9c7f8ef07cdb7b48b60f6c8be682af5bc2ffa7951d2af2a8dd6c2f0949151755b6d1435d33a86fb79f8d5f36b6085

Download Submit
C:\Windows\System32\XiGFQcq.exe

Filesize
1.7MB

MD5
18f43b40b9e6831e773d0d575f7d6700

SHA1
90c65e3554841c7f45ab2012d520fd78e4e4a615

SHA256
aa82b61693900d81675b12efc4e99df3df6d632b28a24ddd4af141b3c053cac9

SHA512
43639da88f33fb6b2c7c97b3f0ace75c5841fe42db74762c20b9504bb6e2c3ef2c68ee6f8078c5d9a5722750d3ad6301f8942ebbd2d78cf88fab204aca0f42f3

Download Submit
C:\Windows\System32\XuHpFCx.exe

Filesize
1.7MB

MD5
fcf2d34ad5aece34e02442765cd3d3af

SHA1
9ad8e87aa541cc4291984361bd770b8b44d59c7a

SHA256
8cea77ea23a7f243f025a7bcd6441a9bdb22111abfbc81fd5023babb9347bc46

SHA512
1e8aebea3b9e41fe88e79e291318fdbc8b8e65a9f831d218d1fdbbcf629e8fdd5455e6b689a9dc7c19a41d2057445d50b9eac092db753928086f29e18dee0b2d

Download Submit
C:\Windows\System32\YBlpiHT.exe

Filesize
1.7MB

MD5
f91dd0ee4b602095f0ddcd6287ddf23a

SHA1
0a1c8a6a528012fc041ed8f65a30fc34e47effd7

SHA256
7e9dda66d4a118b89333e094290a10ca4082e4e471d481e1973dc83c76d27822

SHA512
16370eec93e4e3f768189b6399aea054c3f915441c361246476c15165688a6ce40b5ede90adee67cf755f722006a47d9e88f7e9a46b0bae58d9b395e295bb112

Download Submit
C:\Windows\System32\bkUFgLS.exe

Filesize
1.7MB

MD5
a6712c4dad52da8bc0f203c9539977f7

SHA1
70b0dd858b8b4d433af426dfc4468fcb932699fe

SHA256
f08937a4071090364c2d16ce6ccd22a03c6b6937f9286832d257a358fb95de53

SHA512
9c05a4d5cc97bc8a140174e4c17bbcaeea3a1cab60533873cff67249c2b74ba608b6ff8cd83bc940881956c3b363b52869902146a3b1c02f344cd5c17006ce26

Download Submit
C:\Windows\System32\cHtiVxX.exe

Filesize
1.7MB

MD5
4399e5767cb79730caf59a50071d7b9f

SHA1
51841abe92a89f05d11830e7487b64b0196e366b

SHA256
e9d7a776c683d41ea5b437b4d7382ec4cb658036b1b9968da0daca9ab7153b46

SHA512
a6e1aa68fb2ddd3d44ab16de8a5ba626a6cc16cb591ee73ed75f22675955815339241a39f401ab3aea45ef175149fb66ba124ca30f722a5da5b162cffdba2c79

Download Submit
C:\Windows\System32\fHHAzHn.exe

Filesize
1.7MB

MD5
4891efee90ae710f4808c06f5748a7cd

SHA1
315ba7e5612176d3713a12a351d84151a06c5dca

SHA256
9ccf0fed587284cf34b610e8adb853642d6a0eb9f37ae32425e7b1a6de1f5443

SHA512
bed31c8dcf84616d31c5fa83f34f247ea5efaf88c0d6088515e6fbf3b90c2402bd82b1830922223b69315bd1877b879fb139b721e2418f9c459b5cbe88950ac5

Download Submit
C:\Windows\System32\heJbROA.exe

Filesize
1.7MB

MD5
2a7c4cf9d591e470ef53d14928d7db90

SHA1
1b800b88aa03e23eb08ff82848bc0dabf6c4cb87

SHA256
c0c3e4e80a12856b2d7a30eabd3a08f09ecbde0d0f48217eeb38d8e5fe4cee71

SHA512
05cf1a20f2445f2dc3297c84b14a8dbfb20304096616b5b28d1b19daf3475473ceb43c5db00d30f1b34de79280c24eeaeeb1d7037b6e124b01e0be14d0189d15

Download Submit
C:\Windows\System32\jbXeaLk.exe

Filesize
1.7MB

MD5
4c9b1cab62f042730bda3af653ff4c40

SHA1
63255c4506362875f37eb09a5bbc6296f0aa4047

SHA256
7aee5765a494fa2aeb0625f88641470ef13c96cd0a1b18964a1846c70ad60903

SHA512
35a693cff452b8b44fe91ec3e784c9f8fb5927081ba5d02968ba5fd483bb36c1741107cef6f3b8b682ed5833a3ff49bd30df948320c7faf0b9db7639282e81f5

Download Submit
C:\Windows\System32\kHzywhp.exe

Filesize
1.7MB

MD5
d3b740c004d83062736f6c30e26f3b3e

SHA1
81dc3c6c5ac929636d6084fa5752406550068f8e

SHA256
3e207df1091b3fcb02fad9485cc40ec0da76fcaa39efb33fce275eaf47d72e33

SHA512
01a433fdafe181d2e5dd2da72e7c75ebb568771cbfe8119033a823c6d04796e9c7b0212a50f483eefd6b9f98c13f6d9a5c543efc56110d9a86c10d2a61ffff10

Download Submit
C:\Windows\System32\lOURwRN.exe

Filesize
1.7MB

MD5
df5a262f35c1a28d231e9ee006df5292

SHA1
05a997d2c4f01a0005cb68e952e855b7c8d573c4

SHA256
dd80a77279c5509572c99b8cba0df2ed4277fc5556bc1113afa5fab0259c7ef9

SHA512
4d10829e75e184baa094e4f1a94dd27996d5b31a44b0d656ef84d1a6e4767ceab07995f2c856c0bdf782a70adb5d08705601a1a15f2d01bebcb28d9957a64105

Download Submit
C:\Windows\System32\nezMDpp.exe

Filesize
1.7MB

MD5
dfb5415901d12d99659655ac7a6139f9

SHA1
9dc554bcd5b2cee9400f36e2b808e32c45f35d74

SHA256
5527375d9bc57c15ec50546e3d40a283a753b8070bb35a37ff995b548e5f5170

SHA512
d27903dede86ac367518a0384d9f8c64d1fdb8bbc938937422bc8e676ef360b03a760bb6fbc411421931924286f0a3ada3b303a42d23d333911af28e9b24ba4d

Download Submit
C:\Windows\System32\oWlqelL.exe

Filesize
1.7MB

MD5
38158464f238ac4e9002571baec3eb12

SHA1
df1374966ddcb0a18430e33cd1b1bf599ed09b11

SHA256
4af6d0ecdb24e8d4d531b338893aa6dea271ee4de5ced56db8390b16fdd2d34e

SHA512
d0a691db4a36a0a0e2121d66b57f5783eb8d1cbcc80a2033009e0ead2ddd3047a6e261dc1024339ff7ae0523a5a54135aae63195c43907ff349dd54c5ae3ff0d

Download Submit
C:\Windows\System32\tMAcFrd.exe

Filesize
1.7MB

MD5
59fb7c4764e1ee27c7dc6026e8f28541

SHA1
ea457e60880eabaee62244b1eed262717bcf0945

SHA256
e8ab85a2be02bf947937a1cd9c332a8c3aceb5e04375a64f7282876c2ec0738b

SHA512
8418de15260baa162b8ff36927c1bc4d1e8b2690eaa9612d6481f0297d51917898a5bc78659def2d8b2e3b34075e7192cd3324b2a3d86f50b0f9585a2c931a1d

Download Submit
C:\Windows\System32\xNZXHcq.exe

Filesize
1.7MB

MD5
ddb8730fe612858140ab0cf0e76c0999

SHA1
6350bab3edd05d90f728b792e2efd3300010d4d8

SHA256
c09e13de529b200a6b1d37c1c0b27cfb7d456dbf23a3d07020a2f4147af086af

SHA512
48290b21d55c1e6f29711939dbbbf8e0e43cce8897170ce91a19d4d5f3f415079bff20bacb9d6d65afb7a56ead93b74c337947df499648f617f09d08ce980057

Download Submit
C:\Windows\System32\xpsyEkB.exe

Filesize
1.7MB

MD5
53dd44441001fffde5cb66ec6bd138d1

SHA1
75d7a4d2f0d8be19676238f320f565ec45b89b89

SHA256
c58d61a1cfa698de0cf9e2f44d3b3ed24dc7854c9e0b567a12770e94094ab358

SHA512
efc48b6820ee67a6e3e8d7f1c7124c46bea1813c5b4696dfde4340ec2717e31f49a3dd6d59fcabbde393497397d60410a6a5c96be42d3cf3cee4c6795c7e4b0b

Download Submit
C:\Windows\System32\yPWDDXM.exe

Filesize
1.7MB

MD5
5948dcee30a496c6fe624366dc3d18f2

SHA1
5e19f12a8ced9f586e7cb0c4e82ae6017ba357ee

SHA256
787b485b93e2644cdf20a3eb2fcdef7c244fb54f5c60459a7d29d48efd819d4f

SHA512
ccad295077a268cb3bff4e524985a198aa49a43ef91567af0e7813d53b0f9fb1a87edfbdb9fdbd9e2ad02f6ee1c215d78bfbe783aa7d0a6fd5491d84e1c41af8

Download Submit
C:\Windows\System32\ymlgDBB.exe

Filesize
1.7MB

MD5
b34f40aec1a9c131eae6b89a25f7b817

SHA1
aa75b9c3de83d8823938f0dd3c679fdde77695e0

SHA256
3ce7454a541d3187e8e12cc00496f26be0233a6a60e51d3c5b739a34e41339ec

SHA512
c3b1464beb91273964ff63f6603731428ae5fe7d6549fa49845154fa2ce982a4d5b93e5282fe966615cafba02c71ce4a8a65ebd908f924d81e86358f4b28639f

Download Submit
memory/868-174-0x00007FF7CF7A0000-0x00007FF7CFB91000-memory.dmp

Filesize
3.9MB

Download
memory/868-2075-0x00007FF7CF7A0000-0x00007FF7CFB91000-memory.dmp

Filesize
3.9MB

Download
memory/1632-2050-0x00007FF750550000-0x00007FF750941000-memory.dmp

Filesize
3.9MB

Download
memory/1632-134-0x00007FF750550000-0x00007FF750941000-memory.dmp

Filesize
3.9MB

Download
memory/1920-2026-0x00007FF6F0830000-0x00007FF6F0C21000-memory.dmp

Filesize
3.9MB

Download
memory/1920-1974-0x00007FF6F0830000-0x00007FF6F0C21000-memory.dmp

Filesize
3.9MB

Download
memory/1920-18-0x00007FF6F0830000-0x00007FF6F0C21000-memory.dmp

Filesize
3.9MB

Download
memory/2484-2044-0x00007FF63EE70000-0x00007FF63F261000-memory.dmp

Filesize
3.9MB

Download
memory/2484-66-0x00007FF63EE70000-0x00007FF63F261000-memory.dmp

Filesize
3.9MB

Download
memory/2908-103-0x00007FF77EBE0000-0x00007FF77EFD1000-memory.dmp

Filesize
3.9MB

Download
memory/2908-2034-0x00007FF77EBE0000-0x00007FF77EFD1000-memory.dmp

Filesize
3.9MB

Download
memory/2920-2052-0x00007FF766290000-0x00007FF766681000-memory.dmp

Filesize
3.9MB

Download
memory/2920-149-0x00007FF766290000-0x00007FF766681000-memory.dmp

Filesize
3.9MB

Download
memory/3712-2054-0x00007FF6DDE00000-0x00007FF6DE1F1000-memory.dmp

Filesize
3.9MB

Download
memory/3712-102-0x00007FF6DDE00000-0x00007FF6DE1F1000-memory.dmp

Filesize
3.9MB

Download
memory/3712-2014-0x00007FF6DDE00000-0x00007FF6DE1F1000-memory.dmp

Filesize
3.9MB

Download
memory/3784-58-0x00007FF6A6E90000-0x00007FF6A7281000-memory.dmp

Filesize
3.9MB

Download
memory/3784-2038-0x00007FF6A6E90000-0x00007FF6A7281000-memory.dmp

Filesize
3.9MB

Download
memory/3784-1977-0x00007FF6A6E90000-0x00007FF6A7281000-memory.dmp

Filesize
3.9MB

Download
memory/4044-2056-0x00007FF6B0460000-0x00007FF6B0851000-memory.dmp

Filesize
3.9MB

Download
memory/4044-137-0x00007FF6B0460000-0x00007FF6B0851000-memory.dmp

Filesize
3.9MB

Download
memory/4056-152-0x00007FF6EA420000-0x00007FF6EA811000-memory.dmp

Filesize
3.9MB

Download
memory/4056-2077-0x00007FF6EA420000-0x00007FF6EA811000-memory.dmp

Filesize
3.9MB

Download
memory/4056-2016-0x00007FF6EA420000-0x00007FF6EA811000-memory.dmp

Filesize
3.9MB

Download
memory/4148-106-0x00007FF6CE3B0000-0x00007FF6CE7A1000-memory.dmp

Filesize
3.9MB

Download
memory/4148-2036-0x00007FF6CE3B0000-0x00007FF6CE7A1000-memory.dmp

Filesize
3.9MB

Download
memory/4224-2042-0x00007FF687F10000-0x00007FF688301000-memory.dmp

Filesize
3.9MB

Download
memory/4224-72-0x00007FF687F10000-0x00007FF688301000-memory.dmp

Filesize
3.9MB

Download
memory/4236-2040-0x00007FF6DAF60000-0x00007FF6DB351000-memory.dmp

Filesize
3.9MB

Download
memory/4236-83-0x00007FF6DAF60000-0x00007FF6DB351000-memory.dmp

Filesize
3.9MB

Download
memory/4340-12-0x00007FF6B5430000-0x00007FF6B5821000-memory.dmp

Filesize
3.9MB

Download
memory/4340-2028-0x00007FF6B5430000-0x00007FF6B5821000-memory.dmp

Filesize
3.9MB

Download
memory/4352-151-0x00007FF7CEF80000-0x00007FF7CF371000-memory.dmp

Filesize
3.9MB

Download
memory/4352-2073-0x00007FF7CEF80000-0x00007FF7CF371000-memory.dmp

Filesize
3.9MB

Download
memory/4352-2015-0x00007FF7CEF80000-0x00007FF7CF371000-memory.dmp

Filesize
3.9MB

Download
memory/4420-26-0x00007FF614260000-0x00007FF614651000-memory.dmp

Filesize
3.9MB

Download
memory/4420-1975-0x00007FF614260000-0x00007FF614651000-memory.dmp

Filesize
3.9MB

Download
memory/4420-2030-0x00007FF614260000-0x00007FF614651000-memory.dmp

Filesize
3.9MB

Download
memory/4456-89-0x00007FF756C60000-0x00007FF757051000-memory.dmp

Filesize
3.9MB

Download
memory/4456-2048-0x00007FF756C60000-0x00007FF757051000-memory.dmp

Filesize
3.9MB

Download
memory/4532-0-0x00007FF7007A0000-0x00007FF700B91000-memory.dmp

Filesize
3.9MB

Download
memory/4532-1-0x000001FB10E90000-0x000001FB10EA0000-memory.dmp

Filesize
64KB

Download
memory/4532-1973-0x00007FF7007A0000-0x00007FF700B91000-memory.dmp

Filesize
3.9MB

Download
memory/4628-99-0x00007FF7EC110000-0x00007FF7EC501000-memory.dmp

Filesize
3.9MB

Download
memory/4628-2011-0x00007FF7EC110000-0x00007FF7EC501000-memory.dmp

Filesize
3.9MB

Download
memory/4628-2060-0x00007FF7EC110000-0x00007FF7EC501000-memory.dmp

Filesize
3.9MB

Download
memory/4676-2063-0x00007FF71B530000-0x00007FF71B921000-memory.dmp

Filesize
3.9MB

Download
memory/4676-98-0x00007FF71B530000-0x00007FF71B921000-memory.dmp

Filesize
3.9MB

Download
memory/4676-2010-0x00007FF71B530000-0x00007FF71B921000-memory.dmp

Filesize
3.9MB

Download
memory/4948-97-0x00007FF61AF00000-0x00007FF61B2F1000-memory.dmp

Filesize
3.9MB

Download
memory/4948-2046-0x00007FF61AF00000-0x00007FF61B2F1000-memory.dmp

Filesize
3.9MB

Download
memory/4960-2017-0x00007FF6E8300000-0x00007FF6E86F1000-memory.dmp

Filesize
3.9MB

Download
memory/4960-2071-0x00007FF6E8300000-0x00007FF6E86F1000-memory.dmp

Filesize
3.9MB

Download
memory/4960-172-0x00007FF6E8300000-0x00007FF6E86F1000-memory.dmp

Filesize
3.9MB

Download
memory/5028-2013-0x00007FF6E4A00000-0x00007FF6E4DF1000-memory.dmp

Filesize
3.9MB

Download
memory/5028-101-0x00007FF6E4A00000-0x00007FF6E4DF1000-memory.dmp

Filesize
3.9MB

Download
memory/5028-2058-0x00007FF6E4A00000-0x00007FF6E4DF1000-memory.dmp

Filesize
3.9MB

Download
memory/5100-1976-0x00007FF707CC0000-0x00007FF7080B1000-memory.dmp

Filesize
3.9MB

Download
memory/5100-50-0x00007FF707CC0000-0x00007FF7080B1000-memory.dmp

Filesize
3.9MB

Download
memory/5100-2032-0x00007FF707CC0000-0x00007FF7080B1000-memory.dmp

Filesize
3.9MB

Download
memory/5116-2064-0x00007FF7F4BD0000-0x00007FF7F4FC1000-memory.dmp

Filesize
3.9MB

Download
memory/5116-100-0x00007FF7F4BD0000-0x00007FF7F4FC1000-memory.dmp

Filesize
3.9MB

Download
memory/5116-2012-0x00007FF7F4BD0000-0x00007FF7F4FC1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads