xmrig | 3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8

Analysis

max time kernel
131s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
Size

1.8MB
MD5

389298683ab7b60babe7bd0bf69b76d0
SHA1

bda2796b1585ccd0dd9ec89dda6bff4595c1f076
SHA256

3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8
SHA512

d711c56458395a580238ee901d10ebb00c610e01e64a1178441e00536dabea920d27203c96967540fbcb621dae00f52fcb0dc93bde28cae48fe2fbc373ebef8e
SSDEEP

49152:knw9oUUEEDlnd+XRqJZwTKe5lpFVcOtcem+gq:kQUEEY

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2856-46-0x00007FF63CCE0000-0x00007FF63D0D1000-memory.dmp	xmrig
behavioral2/memory/4008-103-0x00007FF71E290000-0x00007FF71E681000-memory.dmp	xmrig
behavioral2/memory/4180-106-0x00007FF658700000-0x00007FF658AF1000-memory.dmp	xmrig
behavioral2/memory/2008-367-0x00007FF791BA0000-0x00007FF791F91000-memory.dmp	xmrig
behavioral2/memory/1872-369-0x00007FF7C4D80000-0x00007FF7C5171000-memory.dmp	xmrig
behavioral2/memory/2404-371-0x00007FF7F9800000-0x00007FF7F9BF1000-memory.dmp	xmrig
behavioral2/memory/2644-372-0x00007FF63AB60000-0x00007FF63AF51000-memory.dmp	xmrig
behavioral2/memory/512-374-0x00007FF6923F0000-0x00007FF6927E1000-memory.dmp	xmrig
behavioral2/memory/380-370-0x00007FF768E30000-0x00007FF769221000-memory.dmp	xmrig
behavioral2/memory/2088-108-0x00007FF7BBE00000-0x00007FF7BC1F1000-memory.dmp	xmrig
behavioral2/memory/2952-100-0x00007FF688B90000-0x00007FF688F81000-memory.dmp	xmrig
behavioral2/memory/4152-90-0x00007FF64F240000-0x00007FF64F631000-memory.dmp	xmrig
behavioral2/memory/2544-69-0x00007FF777760000-0x00007FF777B51000-memory.dmp	xmrig
behavioral2/memory/4708-823-0x00007FF7A7970000-0x00007FF7A7D61000-memory.dmp	xmrig
behavioral2/memory/1924-1351-0x00007FF670490000-0x00007FF670881000-memory.dmp	xmrig
behavioral2/memory/3820-1770-0x00007FF615A50000-0x00007FF615E41000-memory.dmp	xmrig
behavioral2/memory/2960-1768-0x00007FF791D70000-0x00007FF792161000-memory.dmp	xmrig
behavioral2/memory/2500-1933-0x00007FF79BBB0000-0x00007FF79BFA1000-memory.dmp	xmrig
behavioral2/memory/4676-1934-0x00007FF78CAB0000-0x00007FF78CEA1000-memory.dmp	xmrig
behavioral2/memory/4932-1935-0x00007FF639290000-0x00007FF639681000-memory.dmp	xmrig
behavioral2/memory/4872-1946-0x00007FF741DA0000-0x00007FF742191000-memory.dmp	xmrig
behavioral2/memory/4624-1948-0x00007FF687560000-0x00007FF687951000-memory.dmp	xmrig
behavioral2/memory/3576-1947-0x00007FF739020000-0x00007FF739411000-memory.dmp	xmrig
behavioral2/memory/4728-1971-0x00007FF6EFBD0000-0x00007FF6EFFC1000-memory.dmp	xmrig
behavioral2/memory/2008-1973-0x00007FF791BA0000-0x00007FF791F91000-memory.dmp	xmrig
behavioral2/memory/4708-1987-0x00007FF7A7970000-0x00007FF7A7D61000-memory.dmp	xmrig
behavioral2/memory/1924-1989-0x00007FF670490000-0x00007FF670881000-memory.dmp	xmrig
behavioral2/memory/2960-1991-0x00007FF791D70000-0x00007FF792161000-memory.dmp	xmrig
behavioral2/memory/3820-1993-0x00007FF615A50000-0x00007FF615E41000-memory.dmp	xmrig
behavioral2/memory/2500-1997-0x00007FF79BBB0000-0x00007FF79BFA1000-memory.dmp	xmrig
behavioral2/memory/2892-1996-0x00007FF78BA20000-0x00007FF78BE11000-memory.dmp	xmrig
behavioral2/memory/2856-1999-0x00007FF63CCE0000-0x00007FF63D0D1000-memory.dmp	xmrig
behavioral2/memory/4152-2001-0x00007FF64F240000-0x00007FF64F631000-memory.dmp	xmrig
behavioral2/memory/2544-2003-0x00007FF777760000-0x00007FF777B51000-memory.dmp	xmrig
behavioral2/memory/4676-2005-0x00007FF78CAB0000-0x00007FF78CEA1000-memory.dmp	xmrig
behavioral2/memory/4872-2007-0x00007FF741DA0000-0x00007FF742191000-memory.dmp	xmrig
behavioral2/memory/4180-2009-0x00007FF658700000-0x00007FF658AF1000-memory.dmp	xmrig
behavioral2/memory/2952-2011-0x00007FF688B90000-0x00007FF688F81000-memory.dmp	xmrig
behavioral2/memory/2088-2013-0x00007FF7BBE00000-0x00007FF7BC1F1000-memory.dmp	xmrig
behavioral2/memory/4008-2023-0x00007FF71E290000-0x00007FF71E681000-memory.dmp	xmrig
behavioral2/memory/4932-2027-0x00007FF639290000-0x00007FF639681000-memory.dmp	xmrig
behavioral2/memory/512-2033-0x00007FF6923F0000-0x00007FF6927E1000-memory.dmp	xmrig
behavioral2/memory/2404-2031-0x00007FF7F9800000-0x00007FF7F9BF1000-memory.dmp	xmrig
behavioral2/memory/2644-2029-0x00007FF63AB60000-0x00007FF63AF51000-memory.dmp	xmrig
behavioral2/memory/3576-2026-0x00007FF739020000-0x00007FF739411000-memory.dmp	xmrig
behavioral2/memory/380-2022-0x00007FF768E30000-0x00007FF769221000-memory.dmp	xmrig
behavioral2/memory/4624-2020-0x00007FF687560000-0x00007FF687951000-memory.dmp	xmrig
behavioral2/memory/1872-2015-0x00007FF7C4D80000-0x00007FF7C5171000-memory.dmp	xmrig
behavioral2/memory/4728-2018-0x00007FF6EFBD0000-0x00007FF6EFFC1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4708	SKsqTgn.exe
1924	nbaSiHC.exe
2960	nexEpah.exe
3820	kHkMUSc.exe
2892	XFtyMPJ.exe
2500	FcxHLwb.exe
2856	zuUWBrY.exe
2544	BDjZRIU.exe
4676	budYoxO.exe
4872	VaAKOWn.exe
4152	YfkeoCX.exe
4180	mgroyfn.exe
4932	NLLOZSi.exe
3576	hXGuXxc.exe
2952	yEhPWoi.exe
4008	ePtIhao.exe
2088	topMvXY.exe
4624	YsqYpMO.exe
4728	hIosKFi.exe
1872	OMrXUCe.exe
380	gWsKIUj.exe
2404	XClwqsu.exe
2644	EICzgte.exe
512	iPiivkE.exe
1444	JYDPCtI.exe
4016	kYqazzP.exe
3404	KtAVmJw.exe
5052	UNfzSzG.exe
4844	XCvjstc.exe
1848	SLUIDMB.exe
4568	OxJyCGH.exe
4120	DvtDcew.exe
1576	uQbSPXS.exe
5036	iyksylp.exe
4456	fafxXbE.exe
4824	ZoCCMyV.exe
1176	VcdqxbE.exe
2780	mvyRhYw.exe
5028	KdtUifd.exe
3100	SHkDcyh.exe
5004	UjxzqWo.exe
4228	GnVGvKt.exe
4160	RsqDyFu.exe
3436	vILXbUr.exe
4396	KvxPdJq.exe
5008	iHPRaZv.exe
4760	ogWGnsA.exe
744	JFzgAPF.exe
3000	iKTKlHe.exe
588	uzzGwfz.exe
3600	YOlSBsU.exe
2740	NZhwXYK.exe
1620	sTCMliz.exe
4652	wxNEOBl.exe
1192	ZSvscxy.exe
4712	BHpMenm.exe
536	KedAMHY.exe
3824	nxlLqct.exe
1776	oPeCmdr.exe
4924	ppawAJP.exe
4344	vvUcHlP.exe
2908	FuZvuTU.exe
3352	VqtuiPT.exe
2408	YfFBiNy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2008-0-0x00007FF791BA0000-0x00007FF791F91000-memory.dmp	upx
behavioral2/files/0x000900000002353a-4.dat	upx
behavioral2/files/0x0007000000023542-8.dat	upx
behavioral2/memory/1924-14-0x00007FF670490000-0x00007FF670881000-memory.dmp	upx
behavioral2/files/0x0007000000023543-18.dat	upx
behavioral2/memory/3820-24-0x00007FF615A50000-0x00007FF615E41000-memory.dmp	upx
behavioral2/memory/2960-21-0x00007FF791D70000-0x00007FF792161000-memory.dmp	upx
behavioral2/files/0x0007000000023541-16.dat	upx
behavioral2/files/0x0007000000023544-29.dat	upx
behavioral2/files/0x0007000000023546-33.dat	upx
behavioral2/files/0x0007000000023547-39.dat	upx
behavioral2/files/0x0007000000023549-50.dat	upx
behavioral2/files/0x0007000000023548-48.dat	upx
behavioral2/memory/2856-46-0x00007FF63CCE0000-0x00007FF63D0D1000-memory.dmp	upx
behavioral2/memory/2500-36-0x00007FF79BBB0000-0x00007FF79BFA1000-memory.dmp	upx
behavioral2/memory/2892-30-0x00007FF78BA20000-0x00007FF78BE11000-memory.dmp	upx
behavioral2/memory/4708-9-0x00007FF7A7970000-0x00007FF7A7D61000-memory.dmp	upx
behavioral2/files/0x000700000002354b-56.dat	upx
behavioral2/files/0x000700000002354c-71.dat	upx
behavioral2/files/0x0007000000023550-86.dat	upx
behavioral2/files/0x000700000002354f-84.dat	upx
behavioral2/memory/4932-94-0x00007FF639290000-0x00007FF639681000-memory.dmp	upx
behavioral2/memory/3576-96-0x00007FF739020000-0x00007FF739411000-memory.dmp	upx
behavioral2/memory/4008-103-0x00007FF71E290000-0x00007FF71E681000-memory.dmp	upx
behavioral2/memory/4180-106-0x00007FF658700000-0x00007FF658AF1000-memory.dmp	upx
behavioral2/files/0x0007000000023552-109.dat	upx
behavioral2/files/0x0007000000023551-113.dat	upx
behavioral2/files/0x0007000000023555-130.dat	upx
behavioral2/files/0x0007000000023557-140.dat	upx
behavioral2/files/0x0007000000023559-148.dat	upx
behavioral2/files/0x000700000002355b-160.dat	upx
behavioral2/memory/2008-367-0x00007FF791BA0000-0x00007FF791F91000-memory.dmp	upx
behavioral2/memory/1872-369-0x00007FF7C4D80000-0x00007FF7C5171000-memory.dmp	upx
behavioral2/memory/2404-371-0x00007FF7F9800000-0x00007FF7F9BF1000-memory.dmp	upx
behavioral2/memory/2644-372-0x00007FF63AB60000-0x00007FF63AF51000-memory.dmp	upx
behavioral2/memory/512-374-0x00007FF6923F0000-0x00007FF6927E1000-memory.dmp	upx
behavioral2/memory/380-370-0x00007FF768E30000-0x00007FF769221000-memory.dmp	upx
behavioral2/files/0x000700000002355f-180.dat	upx
behavioral2/files/0x000700000002355e-175.dat	upx
behavioral2/files/0x000700000002355d-170.dat	upx
behavioral2/files/0x000700000002355c-165.dat	upx
behavioral2/files/0x000700000002355a-155.dat	upx
behavioral2/files/0x0007000000023558-145.dat	upx
behavioral2/files/0x0007000000023556-135.dat	upx
behavioral2/files/0x0007000000023554-125.dat	upx
behavioral2/files/0x0007000000023553-120.dat	upx
behavioral2/memory/4728-111-0x00007FF6EFBD0000-0x00007FF6EFFC1000-memory.dmp	upx
behavioral2/memory/4624-110-0x00007FF687560000-0x00007FF687951000-memory.dmp	upx
behavioral2/memory/2088-108-0x00007FF7BBE00000-0x00007FF7BC1F1000-memory.dmp	upx
behavioral2/memory/2952-100-0x00007FF688B90000-0x00007FF688F81000-memory.dmp	upx
behavioral2/files/0x000800000002353e-104.dat	upx
behavioral2/files/0x000700000002354e-92.dat	upx
behavioral2/files/0x000700000002354d-91.dat	upx
behavioral2/memory/4152-90-0x00007FF64F240000-0x00007FF64F631000-memory.dmp	upx
behavioral2/memory/4872-81-0x00007FF741DA0000-0x00007FF742191000-memory.dmp	upx
behavioral2/files/0x000700000002354a-78.dat	upx
behavioral2/memory/4676-76-0x00007FF78CAB0000-0x00007FF78CEA1000-memory.dmp	upx
behavioral2/memory/2544-69-0x00007FF777760000-0x00007FF777B51000-memory.dmp	upx
behavioral2/memory/4708-823-0x00007FF7A7970000-0x00007FF7A7D61000-memory.dmp	upx
behavioral2/memory/1924-1351-0x00007FF670490000-0x00007FF670881000-memory.dmp	upx
behavioral2/memory/3820-1770-0x00007FF615A50000-0x00007FF615E41000-memory.dmp	upx
behavioral2/memory/2960-1768-0x00007FF791D70000-0x00007FF792161000-memory.dmp	upx
behavioral2/memory/2500-1933-0x00007FF79BBB0000-0x00007FF79BFA1000-memory.dmp	upx
behavioral2/memory/4676-1934-0x00007FF78CAB0000-0x00007FF78CEA1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\PPkbtlT.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\QfsQRsS.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\BUvjeTT.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\UZdTXPY.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\OMrXUCe.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\fafxXbE.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\PPxpdtM.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\rvsTtQk.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\SpReKaQ.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\MniHrTz.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\iuKzYNJ.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\JSDXjEg.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\TARzCjt.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\NZhwXYK.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\shYEvED.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\fuvZYwG.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\NPexJzG.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\iFOpcie.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\NVOgLpo.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\SMRgSiB.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\LzDSgpn.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\RuZrhXf.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\MCcMOYy.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\wSbfyHH.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\CNyiagD.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\ZheIGbz.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\nYfxJDw.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\kAXFVga.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\ftBQjXA.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\vbgywgU.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\clNOXSS.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\BqIKjyL.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\jznSyfq.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\SEhLYyU.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\uSFhlYB.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\hoCPwVg.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\VGLrtcR.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\TsAVVou.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\iKTKlHe.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\LRfIdJV.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\tnLtBED.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\NTdABsU.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\hmQPUmT.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\EcIgxqT.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\EIyqqJC.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\vsMKcVv.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\oyckwEi.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\UXAyTXs.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\ERAPbCK.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\pBZGIXm.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\kJuHiCA.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\tXllFrD.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\nIHogxv.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\uDYxpCw.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\WAqsaGc.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\KFWEoBt.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\KvFzMlU.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\jJgUtMw.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\SCWyRzc.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\nexEpah.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\UNfzSzG.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\iHPRaZv.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\sTCMliz.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
File created	C:\Windows\System32\FpEEAZT.exe	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 4708	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	89
PID 2008 wrote to memory of 4708	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	89
PID 2008 wrote to memory of 1924	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	90
PID 2008 wrote to memory of 1924	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	90
PID 2008 wrote to memory of 2960	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	91
PID 2008 wrote to memory of 2960	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	91
PID 2008 wrote to memory of 3820	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	92
PID 2008 wrote to memory of 3820	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	92
PID 2008 wrote to memory of 2892	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	93
PID 2008 wrote to memory of 2892	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	93
PID 2008 wrote to memory of 2500	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	94
PID 2008 wrote to memory of 2500	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	94
PID 2008 wrote to memory of 2856	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	95
PID 2008 wrote to memory of 2856	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	95
PID 2008 wrote to memory of 2544	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	96
PID 2008 wrote to memory of 2544	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	96
PID 2008 wrote to memory of 4676	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	97
PID 2008 wrote to memory of 4676	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	97
PID 2008 wrote to memory of 4872	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	98
PID 2008 wrote to memory of 4872	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	98
PID 2008 wrote to memory of 4152	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	99
PID 2008 wrote to memory of 4152	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	99
PID 2008 wrote to memory of 4180	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	100
PID 2008 wrote to memory of 4180	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	100
PID 2008 wrote to memory of 4932	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	101
PID 2008 wrote to memory of 4932	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	101
PID 2008 wrote to memory of 3576	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	102
PID 2008 wrote to memory of 3576	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	102
PID 2008 wrote to memory of 2952	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	103
PID 2008 wrote to memory of 2952	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	103
PID 2008 wrote to memory of 4008	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	104
PID 2008 wrote to memory of 4008	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	104
PID 2008 wrote to memory of 2088	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	105
PID 2008 wrote to memory of 2088	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	105
PID 2008 wrote to memory of 4624	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	106
PID 2008 wrote to memory of 4624	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	106
PID 2008 wrote to memory of 4728	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	107
PID 2008 wrote to memory of 4728	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	107
PID 2008 wrote to memory of 1872	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	108
PID 2008 wrote to memory of 1872	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	108
PID 2008 wrote to memory of 380	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	109
PID 2008 wrote to memory of 380	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	109
PID 2008 wrote to memory of 2404	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	110
PID 2008 wrote to memory of 2404	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	110
PID 2008 wrote to memory of 2644	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	111
PID 2008 wrote to memory of 2644	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	111
PID 2008 wrote to memory of 512	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	112
PID 2008 wrote to memory of 512	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	112
PID 2008 wrote to memory of 1444	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	113
PID 2008 wrote to memory of 1444	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	113
PID 2008 wrote to memory of 4016	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	114
PID 2008 wrote to memory of 4016	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	114
PID 2008 wrote to memory of 3404	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	115
PID 2008 wrote to memory of 3404	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	115
PID 2008 wrote to memory of 5052	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	116
PID 2008 wrote to memory of 5052	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	116
PID 2008 wrote to memory of 4844	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	117
PID 2008 wrote to memory of 4844	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	117
PID 2008 wrote to memory of 1848	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	118
PID 2008 wrote to memory of 1848	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	118
PID 2008 wrote to memory of 4568	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	119
PID 2008 wrote to memory of 4568	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	119
PID 2008 wrote to memory of 4120	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	120
PID 2008 wrote to memory of 4120	2008	3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe	120

C:\Users\Admin\AppData\Local\Temp\3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3ebf2aed3f5b83bbb54e9544c748e2d7b149c3d38603ab372b17ba54b31389d8_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\System32\SKsqTgn.exe
  C:\Windows\System32\SKsqTgn.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System32\nbaSiHC.exe
  C:\Windows\System32\nbaSiHC.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System32\nexEpah.exe
  C:\Windows\System32\nexEpah.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System32\kHkMUSc.exe
  C:\Windows\System32\kHkMUSc.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System32\XFtyMPJ.exe
  C:\Windows\System32\XFtyMPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System32\FcxHLwb.exe
  C:\Windows\System32\FcxHLwb.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System32\zuUWBrY.exe
  C:\Windows\System32\zuUWBrY.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System32\BDjZRIU.exe
  C:\Windows\System32\BDjZRIU.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System32\budYoxO.exe
  C:\Windows\System32\budYoxO.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System32\VaAKOWn.exe
  C:\Windows\System32\VaAKOWn.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System32\YfkeoCX.exe
  C:\Windows\System32\YfkeoCX.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System32\mgroyfn.exe
  C:\Windows\System32\mgroyfn.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System32\NLLOZSi.exe
  C:\Windows\System32\NLLOZSi.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System32\hXGuXxc.exe
  C:\Windows\System32\hXGuXxc.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System32\yEhPWoi.exe
  C:\Windows\System32\yEhPWoi.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System32\ePtIhao.exe
  C:\Windows\System32\ePtIhao.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System32\topMvXY.exe
  C:\Windows\System32\topMvXY.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System32\YsqYpMO.exe
  C:\Windows\System32\YsqYpMO.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System32\hIosKFi.exe
  C:\Windows\System32\hIosKFi.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System32\OMrXUCe.exe
  C:\Windows\System32\OMrXUCe.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System32\gWsKIUj.exe
  C:\Windows\System32\gWsKIUj.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System32\XClwqsu.exe
  C:\Windows\System32\XClwqsu.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System32\EICzgte.exe
  C:\Windows\System32\EICzgte.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System32\iPiivkE.exe
  C:\Windows\System32\iPiivkE.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System32\JYDPCtI.exe
  C:\Windows\System32\JYDPCtI.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System32\kYqazzP.exe
  C:\Windows\System32\kYqazzP.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System32\KtAVmJw.exe
  C:\Windows\System32\KtAVmJw.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System32\UNfzSzG.exe
  C:\Windows\System32\UNfzSzG.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System32\XCvjstc.exe
  C:\Windows\System32\XCvjstc.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System32\SLUIDMB.exe
  C:\Windows\System32\SLUIDMB.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System32\OxJyCGH.exe
  C:\Windows\System32\OxJyCGH.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System32\DvtDcew.exe
  C:\Windows\System32\DvtDcew.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System32\uQbSPXS.exe
  C:\Windows\System32\uQbSPXS.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System32\iyksylp.exe
  C:\Windows\System32\iyksylp.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System32\fafxXbE.exe
  C:\Windows\System32\fafxXbE.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System32\ZoCCMyV.exe
  C:\Windows\System32\ZoCCMyV.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System32\VcdqxbE.exe
  C:\Windows\System32\VcdqxbE.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System32\mvyRhYw.exe
  C:\Windows\System32\mvyRhYw.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System32\KdtUifd.exe
  C:\Windows\System32\KdtUifd.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\SHkDcyh.exe
  C:\Windows\System32\SHkDcyh.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System32\UjxzqWo.exe
  C:\Windows\System32\UjxzqWo.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System32\GnVGvKt.exe
  C:\Windows\System32\GnVGvKt.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System32\RsqDyFu.exe
  C:\Windows\System32\RsqDyFu.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System32\vILXbUr.exe
  C:\Windows\System32\vILXbUr.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System32\KvxPdJq.exe
  C:\Windows\System32\KvxPdJq.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System32\iHPRaZv.exe
  C:\Windows\System32\iHPRaZv.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System32\ogWGnsA.exe
  C:\Windows\System32\ogWGnsA.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System32\JFzgAPF.exe
  C:\Windows\System32\JFzgAPF.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System32\iKTKlHe.exe
  C:\Windows\System32\iKTKlHe.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System32\uzzGwfz.exe
  C:\Windows\System32\uzzGwfz.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System32\YOlSBsU.exe
  C:\Windows\System32\YOlSBsU.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System32\NZhwXYK.exe
  C:\Windows\System32\NZhwXYK.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System32\sTCMliz.exe
  C:\Windows\System32\sTCMliz.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\wxNEOBl.exe
  C:\Windows\System32\wxNEOBl.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System32\ZSvscxy.exe
  C:\Windows\System32\ZSvscxy.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System32\BHpMenm.exe
  C:\Windows\System32\BHpMenm.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System32\KedAMHY.exe
  C:\Windows\System32\KedAMHY.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System32\nxlLqct.exe
  C:\Windows\System32\nxlLqct.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System32\oPeCmdr.exe
  C:\Windows\System32\oPeCmdr.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System32\ppawAJP.exe
  C:\Windows\System32\ppawAJP.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System32\vvUcHlP.exe
  C:\Windows\System32\vvUcHlP.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System32\FuZvuTU.exe
  C:\Windows\System32\FuZvuTU.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System32\VqtuiPT.exe
  C:\Windows\System32\VqtuiPT.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System32\YfFBiNy.exe
  C:\Windows\System32\YfFBiNy.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System32\NbNmsYP.exe
  C:\Windows\System32\NbNmsYP.exe
  2⤵
  PID:5136
- C:\Windows\System32\LyEiSaV.exe
  C:\Windows\System32\LyEiSaV.exe
  2⤵
  PID:5156
- C:\Windows\System32\EAPKmqY.exe
  C:\Windows\System32\EAPKmqY.exe
  2⤵
  PID:5184
- C:\Windows\System32\tGYkJID.exe
  C:\Windows\System32\tGYkJID.exe
  2⤵
  PID:5212
- C:\Windows\System32\EIyqqJC.exe
  C:\Windows\System32\EIyqqJC.exe
  2⤵
  PID:5240
- C:\Windows\System32\usmgMrX.exe
  C:\Windows\System32\usmgMrX.exe
  2⤵
  PID:5280
- C:\Windows\System32\jVdkQBj.exe
  C:\Windows\System32\jVdkQBj.exe
  2⤵
  PID:5300
- C:\Windows\System32\PPxpdtM.exe
  C:\Windows\System32\PPxpdtM.exe
  2⤵
  PID:5324
- C:\Windows\System32\mPGoeCx.exe
  C:\Windows\System32\mPGoeCx.exe
  2⤵
  PID:5364
- C:\Windows\System32\jKFMAeU.exe
  C:\Windows\System32\jKFMAeU.exe
  2⤵
  PID:5384
- C:\Windows\System32\eLYojlU.exe
  C:\Windows\System32\eLYojlU.exe
  2⤵
  PID:5424
- C:\Windows\System32\bUiKUOt.exe
  C:\Windows\System32\bUiKUOt.exe
  2⤵
  PID:5440
- C:\Windows\System32\qSZhFmP.exe
  C:\Windows\System32\qSZhFmP.exe
  2⤵
  PID:5476
- C:\Windows\System32\QyBFMjq.exe
  C:\Windows\System32\QyBFMjq.exe
  2⤵
  PID:5496
- C:\Windows\System32\gkcfcjn.exe
  C:\Windows\System32\gkcfcjn.exe
  2⤵
  PID:5524
- C:\Windows\System32\fCwVhnr.exe
  C:\Windows\System32\fCwVhnr.exe
  2⤵
  PID:5564
- C:\Windows\System32\sgiezug.exe
  C:\Windows\System32\sgiezug.exe
  2⤵
  PID:5580
- C:\Windows\System32\wSbfyHH.exe
  C:\Windows\System32\wSbfyHH.exe
  2⤵
  PID:5620
- C:\Windows\System32\PrzvGvs.exe
  C:\Windows\System32\PrzvGvs.exe
  2⤵
  PID:5648
- C:\Windows\System32\RSesalL.exe
  C:\Windows\System32\RSesalL.exe
  2⤵
  PID:5664
- C:\Windows\System32\jHHwwBk.exe
  C:\Windows\System32\jHHwwBk.exe
  2⤵
  PID:5692
- C:\Windows\System32\kwyjOiI.exe
  C:\Windows\System32\kwyjOiI.exe
  2⤵
  PID:5716
- C:\Windows\System32\KKpTDPm.exe
  C:\Windows\System32\KKpTDPm.exe
  2⤵
  PID:5744
- C:\Windows\System32\LRfIdJV.exe
  C:\Windows\System32\LRfIdJV.exe
  2⤵
  PID:5776
- C:\Windows\System32\yNqdoJY.exe
  C:\Windows\System32\yNqdoJY.exe
  2⤵
  PID:5804
- C:\Windows\System32\SrYLQPL.exe
  C:\Windows\System32\SrYLQPL.exe
  2⤵
  PID:5832
- C:\Windows\System32\wRQWskU.exe
  C:\Windows\System32\wRQWskU.exe
  2⤵
  PID:5860
- C:\Windows\System32\SEhLYyU.exe
  C:\Windows\System32\SEhLYyU.exe
  2⤵
  PID:5888
- C:\Windows\System32\XkRZBIM.exe
  C:\Windows\System32\XkRZBIM.exe
  2⤵
  PID:5916
- C:\Windows\System32\HxFCJWA.exe
  C:\Windows\System32\HxFCJWA.exe
  2⤵
  PID:5944
- C:\Windows\System32\wAdPnZj.exe
  C:\Windows\System32\wAdPnZj.exe
  2⤵
  PID:5972
- C:\Windows\System32\eTWmMJo.exe
  C:\Windows\System32\eTWmMJo.exe
  2⤵
  PID:6048
- C:\Windows\System32\YULrMXL.exe
  C:\Windows\System32\YULrMXL.exe
  2⤵
  PID:6080
- C:\Windows\System32\LtGSKZV.exe
  C:\Windows\System32\LtGSKZV.exe
  2⤵
  PID:6112
- C:\Windows\System32\IYZVRAF.exe
  C:\Windows\System32\IYZVRAF.exe
  2⤵
  PID:6132
- C:\Windows\System32\lliAlgM.exe
  C:\Windows\System32\lliAlgM.exe
  2⤵
  PID:1956
- C:\Windows\System32\ENUDLNc.exe
  C:\Windows\System32\ENUDLNc.exe
  2⤵
  PID:3956
- C:\Windows\System32\lqxvqDk.exe
  C:\Windows\System32\lqxvqDk.exe
  2⤵
  PID:1616
- C:\Windows\System32\HsUpLzP.exe
  C:\Windows\System32\HsUpLzP.exe
  2⤵
  PID:5172
- C:\Windows\System32\QGeJNNV.exe
  C:\Windows\System32\QGeJNNV.exe
  2⤵
  PID:5228
- C:\Windows\System32\kRsCOkO.exe
  C:\Windows\System32\kRsCOkO.exe
  2⤵
  PID:5316
- C:\Windows\System32\qIRIcBu.exe
  C:\Windows\System32\qIRIcBu.exe
  2⤵
  PID:5400
- C:\Windows\System32\xOspQmy.exe
  C:\Windows\System32\xOspQmy.exe
  2⤵
  PID:5572
- C:\Windows\System32\lAlZnds.exe
  C:\Windows\System32\lAlZnds.exe
  2⤵
  PID:5596
- C:\Windows\System32\gWMISlh.exe
  C:\Windows\System32\gWMISlh.exe
  2⤵
  PID:5660
- C:\Windows\System32\rvsTtQk.exe
  C:\Windows\System32\rvsTtQk.exe
  2⤵
  PID:5700
- C:\Windows\System32\FIlCFfl.exe
  C:\Windows\System32\FIlCFfl.exe
  2⤵
  PID:5760
- C:\Windows\System32\wyslbLc.exe
  C:\Windows\System32\wyslbLc.exe
  2⤵
  PID:2844
- C:\Windows\System32\YFQBIqC.exe
  C:\Windows\System32\YFQBIqC.exe
  2⤵
  PID:5844
- C:\Windows\System32\KZsqKPJ.exe
  C:\Windows\System32\KZsqKPJ.exe
  2⤵
  PID:5884
- C:\Windows\System32\bhYjObI.exe
  C:\Windows\System32\bhYjObI.exe
  2⤵
  PID:5984
- C:\Windows\System32\HLkyNur.exe
  C:\Windows\System32\HLkyNur.exe
  2⤵
  PID:5072
- C:\Windows\System32\ORLebyA.exe
  C:\Windows\System32\ORLebyA.exe
  2⤵
  PID:4248
- C:\Windows\System32\VOVkKag.exe
  C:\Windows\System32\VOVkKag.exe
  2⤵
  PID:6060
- C:\Windows\System32\HwgEhMJ.exe
  C:\Windows\System32\HwgEhMJ.exe
  2⤵
  PID:6096
- C:\Windows\System32\LVDFAdZ.exe
  C:\Windows\System32\LVDFAdZ.exe
  2⤵
  PID:6128
- C:\Windows\System32\YvFNsdG.exe
  C:\Windows\System32\YvFNsdG.exe
  2⤵
  PID:1144
- C:\Windows\System32\ritgZvB.exe
  C:\Windows\System32\ritgZvB.exe
  2⤵
  PID:4092
- C:\Windows\System32\UpZYfTG.exe
  C:\Windows\System32\UpZYfTG.exe
  2⤵
  PID:992
- C:\Windows\System32\smtYUKg.exe
  C:\Windows\System32\smtYUKg.exe
  2⤵
  PID:2428
- C:\Windows\System32\LhSUxFI.exe
  C:\Windows\System32\LhSUxFI.exe
  2⤵
  PID:4544
- C:\Windows\System32\jMQZJap.exe
  C:\Windows\System32\jMQZJap.exe
  2⤵
  PID:5256
- C:\Windows\System32\vntQbdM.exe
  C:\Windows\System32\vntQbdM.exe
  2⤵
  PID:1384
- C:\Windows\System32\NJszmHW.exe
  C:\Windows\System32\NJszmHW.exe
  2⤵
  PID:5548
- C:\Windows\System32\uSFhlYB.exe
  C:\Windows\System32\uSFhlYB.exe
  2⤵
  PID:4196
- C:\Windows\System32\IJPHrSH.exe
  C:\Windows\System32\IJPHrSH.exe
  2⤵
  PID:4780
- C:\Windows\System32\CKxqVdC.exe
  C:\Windows\System32\CKxqVdC.exe
  2⤵
  PID:5848
- C:\Windows\System32\seTEfxv.exe
  C:\Windows\System32\seTEfxv.exe
  2⤵
  PID:3284
- C:\Windows\System32\yOAnjSK.exe
  C:\Windows\System32\yOAnjSK.exe
  2⤵
  PID:3520
- C:\Windows\System32\AZRHJhQ.exe
  C:\Windows\System32\AZRHJhQ.exe
  2⤵
  PID:6124
- C:\Windows\System32\tIiBrqw.exe
  C:\Windows\System32\tIiBrqw.exe
  2⤵
  PID:5224
- C:\Windows\System32\JdQJDwm.exe
  C:\Windows\System32\JdQJDwm.exe
  2⤵
  PID:5200
- C:\Windows\System32\rOyqMeC.exe
  C:\Windows\System32\rOyqMeC.exe
  2⤵
  PID:5688
- C:\Windows\System32\FxUmlPN.exe
  C:\Windows\System32\FxUmlPN.exe
  2⤵
  PID:2328
- C:\Windows\System32\RySfsFE.exe
  C:\Windows\System32\RySfsFE.exe
  2⤵
  PID:6100
- C:\Windows\System32\qthryZM.exe
  C:\Windows\System32\qthryZM.exe
  2⤵
  PID:1524
- C:\Windows\System32\ftBQjXA.exe
  C:\Windows\System32\ftBQjXA.exe
  2⤵
  PID:5456
- C:\Windows\System32\GuTHyRd.exe
  C:\Windows\System32\GuTHyRd.exe
  2⤵
  PID:3556
- C:\Windows\System32\MezZCjx.exe
  C:\Windows\System32\MezZCjx.exe
  2⤵
  PID:6148
- C:\Windows\System32\ERAPbCK.exe
  C:\Windows\System32\ERAPbCK.exe
  2⤵
  PID:6176
- C:\Windows\System32\GlDSGtI.exe
  C:\Windows\System32\GlDSGtI.exe
  2⤵
  PID:6216
- C:\Windows\System32\QgWRhbK.exe
  C:\Windows\System32\QgWRhbK.exe
  2⤵
  PID:6236
- C:\Windows\System32\WmCyYzu.exe
  C:\Windows\System32\WmCyYzu.exe
  2⤵
  PID:6260
- C:\Windows\System32\bbYLZPA.exe
  C:\Windows\System32\bbYLZPA.exe
  2⤵
  PID:6288
- C:\Windows\System32\vDHrVvl.exe
  C:\Windows\System32\vDHrVvl.exe
  2⤵
  PID:6336
- C:\Windows\System32\PIuYKDE.exe
  C:\Windows\System32\PIuYKDE.exe
  2⤵
  PID:6352
- C:\Windows\System32\iNXiSgf.exe
  C:\Windows\System32\iNXiSgf.exe
  2⤵
  PID:6380
- C:\Windows\System32\MHFGMfm.exe
  C:\Windows\System32\MHFGMfm.exe
  2⤵
  PID:6436
- C:\Windows\System32\tLwBuVh.exe
  C:\Windows\System32\tLwBuVh.exe
  2⤵
  PID:6460
- C:\Windows\System32\QCDpaYK.exe
  C:\Windows\System32\QCDpaYK.exe
  2⤵
  PID:6480
- C:\Windows\System32\XgWQLhi.exe
  C:\Windows\System32\XgWQLhi.exe
  2⤵
  PID:6504
- C:\Windows\System32\CNyiagD.exe
  C:\Windows\System32\CNyiagD.exe
  2⤵
  PID:6532
- C:\Windows\System32\fesKIpK.exe
  C:\Windows\System32\fesKIpK.exe
  2⤵
  PID:6560
- C:\Windows\System32\uVdDeIj.exe
  C:\Windows\System32\uVdDeIj.exe
  2⤵
  PID:6584
- C:\Windows\System32\NgxPJgU.exe
  C:\Windows\System32\NgxPJgU.exe
  2⤵
  PID:6608
- C:\Windows\System32\VQcBrrw.exe
  C:\Windows\System32\VQcBrrw.exe
  2⤵
  PID:6628
- C:\Windows\System32\YhbvZzN.exe
  C:\Windows\System32\YhbvZzN.exe
  2⤵
  PID:6648
- C:\Windows\System32\IniNxOV.exe
  C:\Windows\System32\IniNxOV.exe
  2⤵
  PID:6672
- C:\Windows\System32\mmsHdrA.exe
  C:\Windows\System32\mmsHdrA.exe
  2⤵
  PID:6688
- C:\Windows\System32\fAlAbYp.exe
  C:\Windows\System32\fAlAbYp.exe
  2⤵
  PID:6784
- C:\Windows\System32\shYEvED.exe
  C:\Windows\System32\shYEvED.exe
  2⤵
  PID:6800
- C:\Windows\System32\PesAnZl.exe
  C:\Windows\System32\PesAnZl.exe
  2⤵
  PID:6824
- C:\Windows\System32\iFOpcie.exe
  C:\Windows\System32\iFOpcie.exe
  2⤵
  PID:6852
- C:\Windows\System32\KFWEoBt.exe
  C:\Windows\System32\KFWEoBt.exe
  2⤵
  PID:6872
- C:\Windows\System32\yFSTOyV.exe
  C:\Windows\System32\yFSTOyV.exe
  2⤵
  PID:6912
- C:\Windows\System32\yFifrdm.exe
  C:\Windows\System32\yFifrdm.exe
  2⤵
  PID:6932
- C:\Windows\System32\xwcIDFB.exe
  C:\Windows\System32\xwcIDFB.exe
  2⤵
  PID:6968
- C:\Windows\System32\ZvporyN.exe
  C:\Windows\System32\ZvporyN.exe
  2⤵
  PID:6988
- C:\Windows\System32\pZUucnA.exe
  C:\Windows\System32\pZUucnA.exe
  2⤵
  PID:7036
- C:\Windows\System32\egQxVoN.exe
  C:\Windows\System32\egQxVoN.exe
  2⤵
  PID:7056
- C:\Windows\System32\IsruEzc.exe
  C:\Windows\System32\IsruEzc.exe
  2⤵
  PID:7080
- C:\Windows\System32\LWPvIlS.exe
  C:\Windows\System32\LWPvIlS.exe
  2⤵
  PID:7108
- C:\Windows\System32\NhsqAED.exe
  C:\Windows\System32\NhsqAED.exe
  2⤵
  PID:7128
- C:\Windows\System32\KibkLPW.exe
  C:\Windows\System32\KibkLPW.exe
  2⤵
  PID:7156
- C:\Windows\System32\tXllFrD.exe
  C:\Windows\System32\tXllFrD.exe
  2⤵
  PID:5180
- C:\Windows\System32\kCieMUN.exe
  C:\Windows\System32\kCieMUN.exe
  2⤵
  PID:2396
- C:\Windows\System32\PvudgkX.exe
  C:\Windows\System32\PvudgkX.exe
  2⤵
  PID:6252
- C:\Windows\System32\XllLezV.exe
  C:\Windows\System32\XllLezV.exe
  2⤵
  PID:6276
- C:\Windows\System32\oEominU.exe
  C:\Windows\System32\oEominU.exe
  2⤵
  PID:6368
- C:\Windows\System32\oqiuBwv.exe
  C:\Windows\System32\oqiuBwv.exe
  2⤵
  PID:6456
- C:\Windows\System32\sqtRVKS.exe
  C:\Windows\System32\sqtRVKS.exe
  2⤵
  PID:6500
- C:\Windows\System32\PbOeTfn.exe
  C:\Windows\System32\PbOeTfn.exe
  2⤵
  PID:6580
- C:\Windows\System32\YuFShmc.exe
  C:\Windows\System32\YuFShmc.exe
  2⤵
  PID:6620
- C:\Windows\System32\lrzKMaG.exe
  C:\Windows\System32\lrzKMaG.exe
  2⤵
  PID:6012
- C:\Windows\System32\nLGQCyw.exe
  C:\Windows\System32\nLGQCyw.exe
  2⤵
  PID:6752
- C:\Windows\System32\wlGtMSy.exe
  C:\Windows\System32\wlGtMSy.exe
  2⤵
  PID:6756
- C:\Windows\System32\recVQQq.exe
  C:\Windows\System32\recVQQq.exe
  2⤵
  PID:6832
- C:\Windows\System32\untyQoZ.exe
  C:\Windows\System32\untyQoZ.exe
  2⤵
  PID:6840
- C:\Windows\System32\JiUGKHP.exe
  C:\Windows\System32\JiUGKHP.exe
  2⤵
  PID:6952
- C:\Windows\System32\NHTsnlD.exe
  C:\Windows\System32\NHTsnlD.exe
  2⤵
  PID:7044
- C:\Windows\System32\UgViNRT.exe
  C:\Windows\System32\UgViNRT.exe
  2⤵
  PID:7100
- C:\Windows\System32\Bjeakax.exe
  C:\Windows\System32\Bjeakax.exe
  2⤵
  PID:7140
- C:\Windows\System32\TgCNOnY.exe
  C:\Windows\System32\TgCNOnY.exe
  2⤵
  PID:6024
- C:\Windows\System32\BoHlCHZ.exe
  C:\Windows\System32\BoHlCHZ.exe
  2⤵
  PID:6284
- C:\Windows\System32\SaikiTm.exe
  C:\Windows\System32\SaikiTm.exe
  2⤵
  PID:6516
- C:\Windows\System32\vsMKcVv.exe
  C:\Windows\System32\vsMKcVv.exe
  2⤵
  PID:6708
- C:\Windows\System32\CCyCvRA.exe
  C:\Windows\System32\CCyCvRA.exe
  2⤵
  PID:6684
- C:\Windows\System32\PbTNPys.exe
  C:\Windows\System32\PbTNPys.exe
  2⤵
  PID:6864
- C:\Windows\System32\zyUqLLj.exe
  C:\Windows\System32\zyUqLLj.exe
  2⤵
  PID:6900
- C:\Windows\System32\aoIOxDs.exe
  C:\Windows\System32\aoIOxDs.exe
  2⤵
  PID:3536
- C:\Windows\System32\kLeZTSw.exe
  C:\Windows\System32\kLeZTSw.exe
  2⤵
  PID:6344
- C:\Windows\System32\SQNUjaF.exe
  C:\Windows\System32\SQNUjaF.exe
  2⤵
  PID:6636
- C:\Windows\System32\CKtBhyM.exe
  C:\Windows\System32\CKtBhyM.exe
  2⤵
  PID:7000
- C:\Windows\System32\tzFCbTf.exe
  C:\Windows\System32\tzFCbTf.exe
  2⤵
  PID:6792
- C:\Windows\System32\qcvVzfW.exe
  C:\Windows\System32\qcvVzfW.exe
  2⤵
  PID:7204
- C:\Windows\System32\YRpZPRx.exe
  C:\Windows\System32\YRpZPRx.exe
  2⤵
  PID:7232
- C:\Windows\System32\QpXOJwP.exe
  C:\Windows\System32\QpXOJwP.exe
  2⤵
  PID:7248
- C:\Windows\System32\TNJADYL.exe
  C:\Windows\System32\TNJADYL.exe
  2⤵
  PID:7276
- C:\Windows\System32\vbgywgU.exe
  C:\Windows\System32\vbgywgU.exe
  2⤵
  PID:7316
- C:\Windows\System32\stCsisN.exe
  C:\Windows\System32\stCsisN.exe
  2⤵
  PID:7344
- C:\Windows\System32\LOxQVlB.exe
  C:\Windows\System32\LOxQVlB.exe
  2⤵
  PID:7368
- C:\Windows\System32\uotWOPp.exe
  C:\Windows\System32\uotWOPp.exe
  2⤵
  PID:7388
- C:\Windows\System32\SDVpINX.exe
  C:\Windows\System32\SDVpINX.exe
  2⤵
  PID:7428
- C:\Windows\System32\rZSvjvk.exe
  C:\Windows\System32\rZSvjvk.exe
  2⤵
  PID:7448
- C:\Windows\System32\pzgGUzA.exe
  C:\Windows\System32\pzgGUzA.exe
  2⤵
  PID:7476
- C:\Windows\System32\sYWEJLP.exe
  C:\Windows\System32\sYWEJLP.exe
  2⤵
  PID:7508
- C:\Windows\System32\rAQRSjk.exe
  C:\Windows\System32\rAQRSjk.exe
  2⤵
  PID:7536
- C:\Windows\System32\fWRSEJb.exe
  C:\Windows\System32\fWRSEJb.exe
  2⤵
  PID:7596
- C:\Windows\System32\cqDJeGe.exe
  C:\Windows\System32\cqDJeGe.exe
  2⤵
  PID:7632
- C:\Windows\System32\dkvMEKS.exe
  C:\Windows\System32\dkvMEKS.exe
  2⤵
  PID:7652
- C:\Windows\System32\SpReKaQ.exe
  C:\Windows\System32\SpReKaQ.exe
  2⤵
  PID:7668
- C:\Windows\System32\tOWYyhX.exe
  C:\Windows\System32\tOWYyhX.exe
  2⤵
  PID:7692
- C:\Windows\System32\vMglvIS.exe
  C:\Windows\System32\vMglvIS.exe
  2⤵
  PID:7736
- C:\Windows\System32\nIHogxv.exe
  C:\Windows\System32\nIHogxv.exe
  2⤵
  PID:7768
- C:\Windows\System32\MMiyxZh.exe
  C:\Windows\System32\MMiyxZh.exe
  2⤵
  PID:7804
- C:\Windows\System32\bIqvMbM.exe
  C:\Windows\System32\bIqvMbM.exe
  2⤵
  PID:7836
- C:\Windows\System32\PPkbtlT.exe
  C:\Windows\System32\PPkbtlT.exe
  2⤵
  PID:7864
- C:\Windows\System32\gXuPmCY.exe
  C:\Windows\System32\gXuPmCY.exe
  2⤵
  PID:7884
- C:\Windows\System32\DyOvqTN.exe
  C:\Windows\System32\DyOvqTN.exe
  2⤵
  PID:7920
- C:\Windows\System32\vBoSoal.exe
  C:\Windows\System32\vBoSoal.exe
  2⤵
  PID:7952
- C:\Windows\System32\qVhItaQ.exe
  C:\Windows\System32\qVhItaQ.exe
  2⤵
  PID:7976
- C:\Windows\System32\HjJzkyI.exe
  C:\Windows\System32\HjJzkyI.exe
  2⤵
  PID:8008
- C:\Windows\System32\qkWYFTZ.exe
  C:\Windows\System32\qkWYFTZ.exe
  2⤵
  PID:8028
- C:\Windows\System32\zTfFkDI.exe
  C:\Windows\System32\zTfFkDI.exe
  2⤵
  PID:8060
- C:\Windows\System32\mHhgqCE.exe
  C:\Windows\System32\mHhgqCE.exe
  2⤵
  PID:8160
- C:\Windows\System32\OeeSHYj.exe
  C:\Windows\System32\OeeSHYj.exe
  2⤵
  PID:7184
- C:\Windows\System32\Azkytih.exe
  C:\Windows\System32\Azkytih.exe
  2⤵
  PID:7228
- C:\Windows\System32\GUvBVyu.exe
  C:\Windows\System32\GUvBVyu.exe
  2⤵
  PID:4620
- C:\Windows\System32\EWSLLGR.exe
  C:\Windows\System32\EWSLLGR.exe
  2⤵
  PID:7292
- C:\Windows\System32\jnGpfNk.exe
  C:\Windows\System32\jnGpfNk.exe
  2⤵
  PID:7356
- C:\Windows\System32\ZheIGbz.exe
  C:\Windows\System32\ZheIGbz.exe
  2⤵
  PID:7460
- C:\Windows\System32\jZoYOoG.exe
  C:\Windows\System32\jZoYOoG.exe
  2⤵
  PID:7524
- C:\Windows\System32\vGzkwOd.exe
  C:\Windows\System32\vGzkwOd.exe
  2⤵
  PID:7612
- C:\Windows\System32\RoiHAFM.exe
  C:\Windows\System32\RoiHAFM.exe
  2⤵
  PID:7664
- C:\Windows\System32\WrXgBwi.exe
  C:\Windows\System32\WrXgBwi.exe
  2⤵
  PID:7744
- C:\Windows\System32\LzklXZR.exe
  C:\Windows\System32\LzklXZR.exe
  2⤵
  PID:7764
- C:\Windows\System32\pLPkhIG.exe
  C:\Windows\System32\pLPkhIG.exe
  2⤵
  PID:7880
- C:\Windows\System32\czdDhCt.exe
  C:\Windows\System32\czdDhCt.exe
  2⤵
  PID:7964
- C:\Windows\System32\IomhMhr.exe
  C:\Windows\System32\IomhMhr.exe
  2⤵
  PID:7988
- C:\Windows\System32\mjeQUMh.exe
  C:\Windows\System32\mjeQUMh.exe
  2⤵
  PID:8056
- C:\Windows\System32\RbvBqVV.exe
  C:\Windows\System32\RbvBqVV.exe
  2⤵
  PID:8124
- C:\Windows\System32\YtXCsxT.exe
  C:\Windows\System32\YtXCsxT.exe
  2⤵
  PID:8048
- C:\Windows\System32\XIamvGr.exe
  C:\Windows\System32\XIamvGr.exe
  2⤵
  PID:8136
- C:\Windows\System32\GykCJZv.exe
  C:\Windows\System32\GykCJZv.exe
  2⤵
  PID:6160
- C:\Windows\System32\pZhuEar.exe
  C:\Windows\System32\pZhuEar.exe
  2⤵
  PID:7376
- C:\Windows\System32\VzomSyz.exe
  C:\Windows\System32\VzomSyz.exe
  2⤵
  PID:7716
- C:\Windows\System32\pxGQTvy.exe
  C:\Windows\System32\pxGQTvy.exe
  2⤵
  PID:7640
- C:\Windows\System32\UtBykEc.exe
  C:\Windows\System32\UtBykEc.exe
  2⤵
  PID:7852
- C:\Windows\System32\ENkimbd.exe
  C:\Windows\System32\ENkimbd.exe
  2⤵
  PID:7944
- C:\Windows\System32\yGhwSHA.exe
  C:\Windows\System32\yGhwSHA.exe
  2⤵
  PID:8024
- C:\Windows\System32\skYONse.exe
  C:\Windows\System32\skYONse.exe
  2⤵
  PID:8088
- C:\Windows\System32\diAZzmP.exe
  C:\Windows\System32\diAZzmP.exe
  2⤵
  PID:7436
- C:\Windows\System32\SBwKoqt.exe
  C:\Windows\System32\SBwKoqt.exe
  2⤵
  PID:7832
- C:\Windows\System32\BtNjnld.exe
  C:\Windows\System32\BtNjnld.exe
  2⤵
  PID:8108
- C:\Windows\System32\KSkRJmH.exe
  C:\Windows\System32\KSkRJmH.exe
  2⤵
  PID:7616
- C:\Windows\System32\kQmPBjK.exe
  C:\Windows\System32\kQmPBjK.exe
  2⤵
  PID:8044
- C:\Windows\System32\jrOtLRA.exe
  C:\Windows\System32\jrOtLRA.exe
  2⤵
  PID:8208
- C:\Windows\System32\yRPlBVw.exe
  C:\Windows\System32\yRPlBVw.exe
  2⤵
  PID:8228
- C:\Windows\System32\YxaCXlN.exe
  C:\Windows\System32\YxaCXlN.exe
  2⤵
  PID:8268
- C:\Windows\System32\IGhZasC.exe
  C:\Windows\System32\IGhZasC.exe
  2⤵
  PID:8288
- C:\Windows\System32\XPlfffi.exe
  C:\Windows\System32\XPlfffi.exe
  2⤵
  PID:8304
- C:\Windows\System32\JZmlyKu.exe
  C:\Windows\System32\JZmlyKu.exe
  2⤵
  PID:8332
- C:\Windows\System32\yGmVKyX.exe
  C:\Windows\System32\yGmVKyX.exe
  2⤵
  PID:8368
- C:\Windows\System32\UEMOeIE.exe
  C:\Windows\System32\UEMOeIE.exe
  2⤵
  PID:8408
- C:\Windows\System32\XNutxdY.exe
  C:\Windows\System32\XNutxdY.exe
  2⤵
  PID:8424
- C:\Windows\System32\PZlGGJX.exe
  C:\Windows\System32\PZlGGJX.exe
  2⤵
  PID:8452
- C:\Windows\System32\ZwdbHMK.exe
  C:\Windows\System32\ZwdbHMK.exe
  2⤵
  PID:8480
- C:\Windows\System32\xjjOKYm.exe
  C:\Windows\System32\xjjOKYm.exe
  2⤵
  PID:8500
- C:\Windows\System32\UWoRMvt.exe
  C:\Windows\System32\UWoRMvt.exe
  2⤵
  PID:8548
- C:\Windows\System32\dQlsnRx.exe
  C:\Windows\System32\dQlsnRx.exe
  2⤵
  PID:8564
- C:\Windows\System32\gFZURTV.exe
  C:\Windows\System32\gFZURTV.exe
  2⤵
  PID:8584
- C:\Windows\System32\rFLMZhZ.exe
  C:\Windows\System32\rFLMZhZ.exe
  2⤵
  PID:8612
- C:\Windows\System32\pBZGIXm.exe
  C:\Windows\System32\pBZGIXm.exe
  2⤵
  PID:8640
- C:\Windows\System32\cIIEDqI.exe
  C:\Windows\System32\cIIEDqI.exe
  2⤵
  PID:8684
- C:\Windows\System32\zCrPzVw.exe
  C:\Windows\System32\zCrPzVw.exe
  2⤵
  PID:8716
- C:\Windows\System32\uDYxpCw.exe
  C:\Windows\System32\uDYxpCw.exe
  2⤵
  PID:8736
- C:\Windows\System32\RxlYXuM.exe
  C:\Windows\System32\RxlYXuM.exe
  2⤵
  PID:8776
- C:\Windows\System32\uOcyCxW.exe
  C:\Windows\System32\uOcyCxW.exe
  2⤵
  PID:8804
- C:\Windows\System32\fEUJZvH.exe
  C:\Windows\System32\fEUJZvH.exe
  2⤵
  PID:8820
- C:\Windows\System32\tnLtBED.exe
  C:\Windows\System32\tnLtBED.exe
  2⤵
  PID:8836
- C:\Windows\System32\rPwIbDA.exe
  C:\Windows\System32\rPwIbDA.exe
  2⤵
  PID:8876
- C:\Windows\System32\bJYIVpf.exe
  C:\Windows\System32\bJYIVpf.exe
  2⤵
  PID:8904
- C:\Windows\System32\tZKejQj.exe
  C:\Windows\System32\tZKejQj.exe
  2⤵
  PID:8920
- C:\Windows\System32\rtHmspb.exe
  C:\Windows\System32\rtHmspb.exe
  2⤵
  PID:8940
- C:\Windows\System32\OyPYiAy.exe
  C:\Windows\System32\OyPYiAy.exe
  2⤵
  PID:8968
- C:\Windows\System32\zYYkAyY.exe
  C:\Windows\System32\zYYkAyY.exe
  2⤵
  PID:9000
- C:\Windows\System32\oyckwEi.exe
  C:\Windows\System32\oyckwEi.exe
  2⤵
  PID:9024
- C:\Windows\System32\KvFzMlU.exe
  C:\Windows\System32\KvFzMlU.exe
  2⤵
  PID:9060
- C:\Windows\System32\NTdABsU.exe
  C:\Windows\System32\NTdABsU.exe
  2⤵
  PID:9080
- C:\Windows\System32\lyXdtpn.exe
  C:\Windows\System32\lyXdtpn.exe
  2⤵
  PID:9112
- C:\Windows\System32\ZiSlFMw.exe
  C:\Windows\System32\ZiSlFMw.exe
  2⤵
  PID:9172
- C:\Windows\System32\aAgYWqp.exe
  C:\Windows\System32\aAgYWqp.exe
  2⤵
  PID:9192
- C:\Windows\System32\jQAOqlG.exe
  C:\Windows\System32\jQAOqlG.exe
  2⤵
  PID:8200
- C:\Windows\System32\wymPRuV.exe
  C:\Windows\System32\wymPRuV.exe
  2⤵
  PID:8256
- C:\Windows\System32\LSOYDgF.exe
  C:\Windows\System32\LSOYDgF.exe
  2⤵
  PID:8296
- C:\Windows\System32\ibqLjQJ.exe
  C:\Windows\System32\ibqLjQJ.exe
  2⤵
  PID:8396
- C:\Windows\System32\kZRbxkK.exe
  C:\Windows\System32\kZRbxkK.exe
  2⤵
  PID:8436
- C:\Windows\System32\nYfxJDw.exe
  C:\Windows\System32\nYfxJDw.exe
  2⤵
  PID:8508
- C:\Windows\System32\WRdZiRQ.exe
  C:\Windows\System32\WRdZiRQ.exe
  2⤵
  PID:8528
- C:\Windows\System32\QfsQRsS.exe
  C:\Windows\System32\QfsQRsS.exe
  2⤵
  PID:8576
- C:\Windows\System32\JIVMcSC.exe
  C:\Windows\System32\JIVMcSC.exe
  2⤵
  PID:8660
- C:\Windows\System32\ysFPFWh.exe
  C:\Windows\System32\ysFPFWh.exe
  2⤵
  PID:8728
- C:\Windows\System32\kxUeVWR.exe
  C:\Windows\System32\kxUeVWR.exe
  2⤵
  PID:8760
- C:\Windows\System32\HjXxAni.exe
  C:\Windows\System32\HjXxAni.exe
  2⤵
  PID:8852
- C:\Windows\System32\xpcXwvp.exe
  C:\Windows\System32\xpcXwvp.exe
  2⤵
  PID:8932
- C:\Windows\System32\lvqrWNk.exe
  C:\Windows\System32\lvqrWNk.exe
  2⤵
  PID:9036
- C:\Windows\System32\nYssxlz.exe
  C:\Windows\System32\nYssxlz.exe
  2⤵
  PID:9076
- C:\Windows\System32\UXOQRSO.exe
  C:\Windows\System32\UXOQRSO.exe
  2⤵
  PID:9200
- C:\Windows\System32\HWfrOtC.exe
  C:\Windows\System32\HWfrOtC.exe
  2⤵
  PID:8216
- C:\Windows\System32\CwYloen.exe
  C:\Windows\System32\CwYloen.exe
  2⤵
  PID:8388
- C:\Windows\System32\jDQzOcL.exe
  C:\Windows\System32\jDQzOcL.exe
  2⤵
  PID:8464
- C:\Windows\System32\NfylJWY.exe
  C:\Windows\System32\NfylJWY.exe
  2⤵
  PID:8708
- C:\Windows\System32\hOnCBIl.exe
  C:\Windows\System32\hOnCBIl.exe
  2⤵
  PID:8692
- C:\Windows\System32\UMbSvHk.exe
  C:\Windows\System32\UMbSvHk.exe
  2⤵
  PID:9052
- C:\Windows\System32\nEZAQjq.exe
  C:\Windows\System32\nEZAQjq.exe
  2⤵
  PID:9184
- C:\Windows\System32\YENxSIA.exe
  C:\Windows\System32\YENxSIA.exe
  2⤵
  PID:8356
- C:\Windows\System32\Yvoajfu.exe
  C:\Windows\System32\Yvoajfu.exe
  2⤵
  PID:8772
- C:\Windows\System32\GglQanL.exe
  C:\Windows\System32\GglQanL.exe
  2⤵
  PID:8420
- C:\Windows\System32\zIrrxVh.exe
  C:\Windows\System32\zIrrxVh.exe
  2⤵
  PID:8900
- C:\Windows\System32\ERKVqrx.exe
  C:\Windows\System32\ERKVqrx.exe
  2⤵
  PID:9228
- C:\Windows\System32\NiCDOzB.exe
  C:\Windows\System32\NiCDOzB.exe
  2⤵
  PID:9268
- C:\Windows\System32\EGeYOxY.exe
  C:\Windows\System32\EGeYOxY.exe
  2⤵
  PID:9292
- C:\Windows\System32\MHQCTbY.exe
  C:\Windows\System32\MHQCTbY.exe
  2⤵
  PID:9316
- C:\Windows\System32\ArDhMBv.exe
  C:\Windows\System32\ArDhMBv.exe
  2⤵
  PID:9344
- C:\Windows\System32\utMkooB.exe
  C:\Windows\System32\utMkooB.exe
  2⤵
  PID:9368
- C:\Windows\System32\RuZrhXf.exe
  C:\Windows\System32\RuZrhXf.exe
  2⤵
  PID:9400
- C:\Windows\System32\WNiuRNF.exe
  C:\Windows\System32\WNiuRNF.exe
  2⤵
  PID:9428
- C:\Windows\System32\NpZPjsD.exe
  C:\Windows\System32\NpZPjsD.exe
  2⤵
  PID:9444
- C:\Windows\System32\BhqIYBc.exe
  C:\Windows\System32\BhqIYBc.exe
  2⤵
  PID:9464
- C:\Windows\System32\xyLGEQB.exe
  C:\Windows\System32\xyLGEQB.exe
  2⤵
  PID:9524
- C:\Windows\System32\OHcwObL.exe
  C:\Windows\System32\OHcwObL.exe
  2⤵
  PID:9548
- C:\Windows\System32\clNOXSS.exe
  C:\Windows\System32\clNOXSS.exe
  2⤵
  PID:9576
- C:\Windows\System32\utFlmxN.exe
  C:\Windows\System32\utFlmxN.exe
  2⤵
  PID:9612
- C:\Windows\System32\DyDbqGs.exe
  C:\Windows\System32\DyDbqGs.exe
  2⤵
  PID:9644
- C:\Windows\System32\UpnnvVN.exe
  C:\Windows\System32\UpnnvVN.exe
  2⤵
  PID:9672
- C:\Windows\System32\RyNlvCo.exe
  C:\Windows\System32\RyNlvCo.exe
  2⤵
  PID:9688
- C:\Windows\System32\UXuCyFX.exe
  C:\Windows\System32\UXuCyFX.exe
  2⤵
  PID:9720
- C:\Windows\System32\bHNpMlA.exe
  C:\Windows\System32\bHNpMlA.exe
  2⤵
  PID:9736
- C:\Windows\System32\isoacXR.exe
  C:\Windows\System32\isoacXR.exe
  2⤵
  PID:9792
- C:\Windows\System32\vRbdiMJ.exe
  C:\Windows\System32\vRbdiMJ.exe
  2⤵
  PID:9812
- C:\Windows\System32\DZrbVmM.exe
  C:\Windows\System32\DZrbVmM.exe
  2⤵
  PID:9836
- C:\Windows\System32\WykuQRC.exe
  C:\Windows\System32\WykuQRC.exe
  2⤵
  PID:9856
- C:\Windows\System32\THodHHL.exe
  C:\Windows\System32\THodHHL.exe
  2⤵
  PID:9884
- C:\Windows\System32\lQAmjZU.exe
  C:\Windows\System32\lQAmjZU.exe
  2⤵
  PID:9908
- C:\Windows\System32\FpEEAZT.exe
  C:\Windows\System32\FpEEAZT.exe
  2⤵
  PID:9940
- C:\Windows\System32\KWboPqk.exe
  C:\Windows\System32\KWboPqk.exe
  2⤵
  PID:9980
- C:\Windows\System32\GVpvctd.exe
  C:\Windows\System32\GVpvctd.exe
  2⤵
  PID:10004
- C:\Windows\System32\spXThyM.exe
  C:\Windows\System32\spXThyM.exe
  2⤵
  PID:10028
- C:\Windows\System32\fuvZYwG.exe
  C:\Windows\System32\fuvZYwG.exe
  2⤵
  PID:10060
- C:\Windows\System32\xnmPNxp.exe
  C:\Windows\System32\xnmPNxp.exe
  2⤵
  PID:10088
- C:\Windows\System32\VzQHifG.exe
  C:\Windows\System32\VzQHifG.exe
  2⤵
  PID:10112
- C:\Windows\System32\LBrNUrN.exe
  C:\Windows\System32\LBrNUrN.exe
  2⤵
  PID:10140
- C:\Windows\System32\PYVovSu.exe
  C:\Windows\System32\PYVovSu.exe
  2⤵
  PID:10160
- C:\Windows\System32\JdBhFYX.exe
  C:\Windows\System32\JdBhFYX.exe
  2⤵
  PID:10192
- C:\Windows\System32\UXMvRNh.exe
  C:\Windows\System32\UXMvRNh.exe
  2⤵
  PID:10212
- C:\Windows\System32\SdiHoQU.exe
  C:\Windows\System32\SdiHoQU.exe
  2⤵
  PID:10236
- C:\Windows\System32\GJESMjP.exe
  C:\Windows\System32\GJESMjP.exe
  2⤵
  PID:9224
- C:\Windows\System32\TaOTkbW.exe
  C:\Windows\System32\TaOTkbW.exe
  2⤵
  PID:9308
- C:\Windows\System32\kbMlFeW.exe
  C:\Windows\System32\kbMlFeW.exe
  2⤵
  PID:9356
- C:\Windows\System32\XevaDQN.exe
  C:\Windows\System32\XevaDQN.exe
  2⤵
  PID:9416
- C:\Windows\System32\PKTyzqB.exe
  C:\Windows\System32\PKTyzqB.exe
  2⤵
  PID:9520
- C:\Windows\System32\RpNIwYn.exe
  C:\Windows\System32\RpNIwYn.exe
  2⤵
  PID:9540
- C:\Windows\System32\YNaNWtT.exe
  C:\Windows\System32\YNaNWtT.exe
  2⤵
  PID:9596
- C:\Windows\System32\NTwAxNa.exe
  C:\Windows\System32\NTwAxNa.exe
  2⤵
  PID:9664
- C:\Windows\System32\aQdYlDq.exe
  C:\Windows\System32\aQdYlDq.exe
  2⤵
  PID:9768
- C:\Windows\System32\xKtBmSK.exe
  C:\Windows\System32\xKtBmSK.exe
  2⤵
  PID:9824
- C:\Windows\System32\liPELcT.exe
  C:\Windows\System32\liPELcT.exe
  2⤵
  PID:9868
- C:\Windows\System32\FoWBHhX.exe
  C:\Windows\System32\FoWBHhX.exe
  2⤵
  PID:9976
- C:\Windows\System32\vZUEJUC.exe
  C:\Windows\System32\vZUEJUC.exe
  2⤵
  PID:10020
- C:\Windows\System32\WAqsaGc.exe
  C:\Windows\System32\WAqsaGc.exe
  2⤵
  PID:10080
- C:\Windows\System32\wBEZefJ.exe
  C:\Windows\System32\wBEZefJ.exe
  2⤵
  PID:10132
- C:\Windows\System32\NVOgLpo.exe
  C:\Windows\System32\NVOgLpo.exe
  2⤵
  PID:10176
- C:\Windows\System32\tLShJaY.exe
  C:\Windows\System32\tLShJaY.exe
  2⤵
  PID:10228
- C:\Windows\System32\OyMHKWf.exe
  C:\Windows\System32\OyMHKWf.exe
  2⤵
  PID:9504
- C:\Windows\System32\JXWnXfH.exe
  C:\Windows\System32\JXWnXfH.exe
  2⤵
  PID:9624
- C:\Windows\System32\srVPzWd.exe
  C:\Windows\System32\srVPzWd.exe
  2⤵
  PID:9712
- C:\Windows\System32\XwcZxnW.exe
  C:\Windows\System32\XwcZxnW.exe
  2⤵
  PID:9880
- C:\Windows\System32\TZjBFtf.exe
  C:\Windows\System32\TZjBFtf.exe
  2⤵
  PID:10120
- C:\Windows\System32\ptOgOOs.exe
  C:\Windows\System32\ptOgOOs.exe
  2⤵
  PID:10156
- C:\Windows\System32\TBkuKvl.exe
  C:\Windows\System32\TBkuKvl.exe
  2⤵
  PID:8220
- C:\Windows\System32\nKCvUCv.exe
  C:\Windows\System32\nKCvUCv.exe
  2⤵
  PID:9920
- C:\Windows\System32\Jkpbthb.exe
  C:\Windows\System32\Jkpbthb.exe
  2⤵
  PID:9544
- C:\Windows\System32\BRLpDEb.exe
  C:\Windows\System32\BRLpDEb.exe
  2⤵
  PID:9848
- C:\Windows\System32\GYhuQXs.exe
  C:\Windows\System32\GYhuQXs.exe
  2⤵
  PID:10044
- C:\Windows\System32\maKnRlQ.exe
  C:\Windows\System32\maKnRlQ.exe
  2⤵
  PID:10264
- C:\Windows\System32\BPfJJun.exe
  C:\Windows\System32\BPfJJun.exe
  2⤵
  PID:10288
- C:\Windows\System32\ampZzEG.exe
  C:\Windows\System32\ampZzEG.exe
  2⤵
  PID:10324
- C:\Windows\System32\MniHrTz.exe
  C:\Windows\System32\MniHrTz.exe
  2⤵
  PID:10372
- C:\Windows\System32\BqIKjyL.exe
  C:\Windows\System32\BqIKjyL.exe
  2⤵
  PID:10420
- C:\Windows\System32\HZIZoLF.exe
  C:\Windows\System32\HZIZoLF.exe
  2⤵
  PID:10444
- C:\Windows\System32\WQSuDWK.exe
  C:\Windows\System32\WQSuDWK.exe
  2⤵
  PID:10464
- C:\Windows\System32\FrmnYUL.exe
  C:\Windows\System32\FrmnYUL.exe
  2⤵
  PID:10484
- C:\Windows\System32\OXEdwpK.exe
  C:\Windows\System32\OXEdwpK.exe
  2⤵
  PID:10536
- C:\Windows\System32\iuKzYNJ.exe
  C:\Windows\System32\iuKzYNJ.exe
  2⤵
  PID:10568
- C:\Windows\System32\hoCPwVg.exe
  C:\Windows\System32\hoCPwVg.exe
  2⤵
  PID:10620
- C:\Windows\System32\eOIyuyK.exe
  C:\Windows\System32\eOIyuyK.exe
  2⤵
  PID:10636
- C:\Windows\System32\JPnlpMM.exe
  C:\Windows\System32\JPnlpMM.exe
  2⤵
  PID:10696
- C:\Windows\System32\kNApJAj.exe
  C:\Windows\System32\kNApJAj.exe
  2⤵
  PID:10720
- C:\Windows\System32\JSDXjEg.exe
  C:\Windows\System32\JSDXjEg.exe
  2⤵
  PID:10744
- C:\Windows\System32\cwuExJD.exe
  C:\Windows\System32\cwuExJD.exe
  2⤵
  PID:10780
- C:\Windows\System32\xlGoXJM.exe
  C:\Windows\System32\xlGoXJM.exe
  2⤵
  PID:10800
- C:\Windows\System32\nCUzDZc.exe
  C:\Windows\System32\nCUzDZc.exe
  2⤵
  PID:10828
- C:\Windows\System32\uMQpixv.exe
  C:\Windows\System32\uMQpixv.exe
  2⤵
  PID:10852
- C:\Windows\System32\VGLrtcR.exe
  C:\Windows\System32\VGLrtcR.exe
  2⤵
  PID:10888
- C:\Windows\System32\hWLwhoE.exe
  C:\Windows\System32\hWLwhoE.exe
  2⤵
  PID:10912
- C:\Windows\System32\xDwReoz.exe
  C:\Windows\System32\xDwReoz.exe
  2⤵
  PID:10932
- C:\Windows\System32\PBVZvkf.exe
  C:\Windows\System32\PBVZvkf.exe
  2⤵
  PID:10972
- C:\Windows\System32\fXHdUah.exe
  C:\Windows\System32\fXHdUah.exe
  2⤵
  PID:11000
- C:\Windows\System32\oYSumfW.exe
  C:\Windows\System32\oYSumfW.exe
  2⤵
  PID:11024
- C:\Windows\System32\UrLNCgc.exe
  C:\Windows\System32\UrLNCgc.exe
  2⤵
  PID:11072
- C:\Windows\System32\VDYfsJJ.exe
  C:\Windows\System32\VDYfsJJ.exe
  2⤵
  PID:11092
- C:\Windows\System32\gkFMdgQ.exe
  C:\Windows\System32\gkFMdgQ.exe
  2⤵
  PID:11116
- C:\Windows\System32\gyTmQtW.exe
  C:\Windows\System32\gyTmQtW.exe
  2⤵
  PID:11152
- C:\Windows\System32\tYDKpNn.exe
  C:\Windows\System32\tYDKpNn.exe
  2⤵
  PID:11180
- C:\Windows\System32\jJgUtMw.exe
  C:\Windows\System32\jJgUtMw.exe
  2⤵
  PID:11208
- C:\Windows\System32\yZXUEhb.exe
  C:\Windows\System32\yZXUEhb.exe
  2⤵
  PID:11236
- C:\Windows\System32\nTURqAd.exe
  C:\Windows\System32\nTURqAd.exe
  2⤵
  PID:9284
- C:\Windows\System32\cckuKcp.exe
  C:\Windows\System32\cckuKcp.exe
  2⤵
  PID:10260
- C:\Windows\System32\KZdzqmW.exe
  C:\Windows\System32\KZdzqmW.exe
  2⤵
  PID:10296
- C:\Windows\System32\zxOKtjh.exe
  C:\Windows\System32\zxOKtjh.exe
  2⤵
  PID:10388
- C:\Windows\System32\lTFKYmK.exe
  C:\Windows\System32\lTFKYmK.exe
  2⤵
  PID:10476
- C:\Windows\System32\UXAyTXs.exe
  C:\Windows\System32\UXAyTXs.exe
  2⤵
  PID:10532
- C:\Windows\System32\DgYeGSL.exe
  C:\Windows\System32\DgYeGSL.exe
  2⤵
  PID:10592
- C:\Windows\System32\RfLvwwi.exe
  C:\Windows\System32\RfLvwwi.exe
  2⤵
  PID:10608
- C:\Windows\System32\xVfXYLh.exe
  C:\Windows\System32\xVfXYLh.exe
  2⤵
  PID:10628
- C:\Windows\System32\mtBvJlV.exe
  C:\Windows\System32\mtBvJlV.exe
  2⤵
  PID:10732
- C:\Windows\System32\xPyErFL.exe
  C:\Windows\System32\xPyErFL.exe
  2⤵
  PID:10776
- C:\Windows\System32\RaWETkR.exe
  C:\Windows\System32\RaWETkR.exe
  2⤵
  PID:10840
- C:\Windows\System32\nwlgssd.exe
  C:\Windows\System32\nwlgssd.exe
  2⤵
  PID:10876
- C:\Windows\System32\rKUyDtI.exe
  C:\Windows\System32\rKUyDtI.exe
  2⤵
  PID:10964
- C:\Windows\System32\iWXyUET.exe
  C:\Windows\System32\iWXyUET.exe
  2⤵
  PID:11008
- C:\Windows\System32\OMsLzXx.exe
  C:\Windows\System32\OMsLzXx.exe
  2⤵
  PID:10668
- C:\Windows\System32\TLcMHBd.exe
  C:\Windows\System32\TLcMHBd.exe
  2⤵
  PID:11124
- C:\Windows\System32\wZjicRw.exe
  C:\Windows\System32\wZjicRw.exe
  2⤵
  PID:11232
- C:\Windows\System32\oMQpwVg.exe
  C:\Windows\System32\oMQpwVg.exe
  2⤵
  PID:10252
- C:\Windows\System32\raWTzai.exe
  C:\Windows\System32\raWTzai.exe
  2⤵
  PID:10452
- C:\Windows\System32\fzWXyUR.exe
  C:\Windows\System32\fzWXyUR.exe
  2⤵
  PID:10548
- C:\Windows\System32\UafccZN.exe
  C:\Windows\System32\UafccZN.exe
  2⤵
  PID:10564
- C:\Windows\System32\PsFfvnH.exe
  C:\Windows\System32\PsFfvnH.exe
  2⤵
  PID:10712
- C:\Windows\System32\GNQMEfY.exe
  C:\Windows\System32\GNQMEfY.exe
  2⤵
  PID:10924
- C:\Windows\System32\AFoHMDo.exe
  C:\Windows\System32\AFoHMDo.exe
  2⤵
  PID:10952
- C:\Windows\System32\aqgJSEN.exe
  C:\Windows\System32\aqgJSEN.exe
  2⤵
  PID:11164
- C:\Windows\System32\tsSIJgy.exe
  C:\Windows\System32\tsSIJgy.exe
  2⤵
  PID:11248
- C:\Windows\System32\FyUkJNZ.exe
  C:\Windows\System32\FyUkJNZ.exe
  2⤵
  PID:10868
- C:\Windows\System32\KPZJjSC.exe
  C:\Windows\System32\KPZJjSC.exe
  2⤵
  PID:10312
- C:\Windows\System32\bBLsvdA.exe
  C:\Windows\System32\bBLsvdA.exe
  2⤵
  PID:10604
- C:\Windows\System32\nuAETaP.exe
  C:\Windows\System32\nuAETaP.exe
  2⤵
  PID:11220
- C:\Windows\System32\jIbpGax.exe
  C:\Windows\System32\jIbpGax.exe
  2⤵
  PID:11284
- C:\Windows\System32\JUkugrb.exe
  C:\Windows\System32\JUkugrb.exe
  2⤵
  PID:11308
- C:\Windows\System32\DcIlpJN.exe
  C:\Windows\System32\DcIlpJN.exe
  2⤵
  PID:11348
- C:\Windows\System32\HgGekQs.exe
  C:\Windows\System32\HgGekQs.exe
  2⤵
  PID:11384
- C:\Windows\System32\NPexJzG.exe
  C:\Windows\System32\NPexJzG.exe
  2⤵
  PID:11412
- C:\Windows\System32\kXadoSk.exe
  C:\Windows\System32\kXadoSk.exe
  2⤵
  PID:11440
- C:\Windows\System32\TlqxTPQ.exe
  C:\Windows\System32\TlqxTPQ.exe
  2⤵
  PID:11472
- C:\Windows\System32\yGAMDVS.exe
  C:\Windows\System32\yGAMDVS.exe
  2⤵
  PID:11488
- C:\Windows\System32\TnmJUXd.exe
  C:\Windows\System32\TnmJUXd.exe
  2⤵
  PID:11528
- C:\Windows\System32\QinxQEw.exe
  C:\Windows\System32\QinxQEw.exe
  2⤵
  PID:11552
- C:\Windows\System32\QCeNHsx.exe
  C:\Windows\System32\QCeNHsx.exe
  2⤵
  PID:11576
- C:\Windows\System32\PuEFXzP.exe
  C:\Windows\System32\PuEFXzP.exe
  2⤵
  PID:11596
- C:\Windows\System32\lrdukUU.exe
  C:\Windows\System32\lrdukUU.exe
  2⤵
  PID:11624
- C:\Windows\System32\sRCiDtn.exe
  C:\Windows\System32\sRCiDtn.exe
  2⤵
  PID:11660
- C:\Windows\System32\bqhNMtk.exe
  C:\Windows\System32\bqhNMtk.exe
  2⤵
  PID:11688
- C:\Windows\System32\WyXoFty.exe
  C:\Windows\System32\WyXoFty.exe
  2⤵
  PID:11704
- C:\Windows\System32\CMBWvVU.exe
  C:\Windows\System32\CMBWvVU.exe
  2⤵
  PID:11732
- C:\Windows\System32\ZCqxhCb.exe
  C:\Windows\System32\ZCqxhCb.exe
  2⤵
  PID:11772
- C:\Windows\System32\CUEJAuP.exe
  C:\Windows\System32\CUEJAuP.exe
  2⤵
  PID:11792
- C:\Windows\System32\lWfSrXn.exe
  C:\Windows\System32\lWfSrXn.exe
  2⤵
  PID:11844
- C:\Windows\System32\yfMZemX.exe
  C:\Windows\System32\yfMZemX.exe
  2⤵
  PID:11868
- C:\Windows\System32\vCngITH.exe
  C:\Windows\System32\vCngITH.exe
  2⤵
  PID:11884
- C:\Windows\System32\eiaDoEp.exe
  C:\Windows\System32\eiaDoEp.exe
  2⤵
  PID:11928
- C:\Windows\System32\vrLWGIS.exe
  C:\Windows\System32\vrLWGIS.exe
  2⤵
  PID:11952
- C:\Windows\System32\cnaTqOo.exe
  C:\Windows\System32\cnaTqOo.exe
  2⤵
  PID:11968
- C:\Windows\System32\qdIbIkr.exe
  C:\Windows\System32\qdIbIkr.exe
  2⤵
  PID:12000
- C:\Windows\System32\PQoTIUY.exe
  C:\Windows\System32\PQoTIUY.exe
  2⤵
  PID:12024
- C:\Windows\System32\GrNqRFW.exe
  C:\Windows\System32\GrNqRFW.exe
  2⤵
  PID:12040
- C:\Windows\System32\ZPjizAg.exe
  C:\Windows\System32\ZPjizAg.exe
  2⤵
  PID:12092
- C:\Windows\System32\JStgKBq.exe
  C:\Windows\System32\JStgKBq.exe
  2⤵
  PID:12120
- C:\Windows\System32\jznSyfq.exe
  C:\Windows\System32\jznSyfq.exe
  2⤵
  PID:12136
- C:\Windows\System32\txCxKee.exe
  C:\Windows\System32\txCxKee.exe
  2⤵
  PID:12164
- C:\Windows\System32\MevLwDG.exe
  C:\Windows\System32\MevLwDG.exe
  2⤵
  PID:12184
- C:\Windows\System32\MsCGdmW.exe
  C:\Windows\System32\MsCGdmW.exe
  2⤵
  PID:12212
- C:\Windows\System32\AiYzqOb.exe
  C:\Windows\System32\AiYzqOb.exe
  2⤵
  PID:12244
- C:\Windows\System32\diVVibB.exe
  C:\Windows\System32\diVVibB.exe
  2⤵
  PID:12268
- C:\Windows\System32\PBCaswW.exe
  C:\Windows\System32\PBCaswW.exe
  2⤵
  PID:11300
- C:\Windows\System32\kMTzeuR.exe
  C:\Windows\System32\kMTzeuR.exe
  2⤵
  PID:11392
- C:\Windows\System32\gXVzHLY.exe
  C:\Windows\System32\gXVzHLY.exe
  2⤵
  PID:11132
- C:\Windows\System32\JscghIW.exe
  C:\Windows\System32\JscghIW.exe
  2⤵
  PID:11516
- C:\Windows\System32\SCWyRzc.exe
  C:\Windows\System32\SCWyRzc.exe
  2⤵
  PID:11540
- C:\Windows\System32\MxjaONS.exe
  C:\Windows\System32\MxjaONS.exe
  2⤵
  PID:11636
- C:\Windows\System32\IRJjtxy.exe
  C:\Windows\System32\IRJjtxy.exe
  2⤵
  PID:11652
- C:\Windows\System32\rGptsFg.exe
  C:\Windows\System32\rGptsFg.exe
  2⤵
  PID:11700
- C:\Windows\System32\SBZVYdX.exe
  C:\Windows\System32\SBZVYdX.exe
  2⤵
  PID:11788
- C:\Windows\System32\kAXFVga.exe
  C:\Windows\System32\kAXFVga.exe
  2⤵
  PID:11860
- C:\Windows\System32\HcuuUXA.exe
  C:\Windows\System32\HcuuUXA.exe
  2⤵
  PID:11948
- C:\Windows\System32\aqYyzCr.exe
  C:\Windows\System32\aqYyzCr.exe
  2⤵
  PID:12016
- C:\Windows\System32\FwqQboN.exe
  C:\Windows\System32\FwqQboN.exe
  2⤵
  PID:12052
- C:\Windows\System32\KKjyNhs.exe
  C:\Windows\System32\KKjyNhs.exe
  2⤵
  PID:12156
- C:\Windows\System32\yxycsZC.exe
  C:\Windows\System32\yxycsZC.exe
  2⤵
  PID:12200
- C:\Windows\System32\OJXrZnU.exe
  C:\Windows\System32\OJXrZnU.exe
  2⤵
  PID:12264
- C:\Windows\System32\MCcMOYy.exe
  C:\Windows\System32\MCcMOYy.exe
  2⤵
  PID:10596
- C:\Windows\System32\Nibqqwu.exe
  C:\Windows\System32\Nibqqwu.exe
  2⤵
  PID:11424
- C:\Windows\System32\cgpDSQo.exe
  C:\Windows\System32\cgpDSQo.exe
  2⤵
  PID:11548
- C:\Windows\System32\BcuwglZ.exe
  C:\Windows\System32\BcuwglZ.exe
  2⤵
  PID:11752
- C:\Windows\System32\BUvjeTT.exe
  C:\Windows\System32\BUvjeTT.exe
  2⤵
  PID:11876
- C:\Windows\System32\jyHHUWn.exe
  C:\Windows\System32\jyHHUWn.exe
  2⤵
  PID:11996
- C:\Windows\System32\xWxxVBW.exe
  C:\Windows\System32\xWxxVBW.exe
  2⤵
  PID:12176
- C:\Windows\System32\HRhBEFt.exe
  C:\Windows\System32\HRhBEFt.exe
  2⤵
  PID:11344
- C:\Windows\System32\sPhGuzw.exe
  C:\Windows\System32\sPhGuzw.exe
  2⤵
  PID:11408
- C:\Windows\System32\pppPpIV.exe
  C:\Windows\System32\pppPpIV.exe
  2⤵
  PID:11892
- C:\Windows\System32\SMRgSiB.exe
  C:\Windows\System32\SMRgSiB.exe
  2⤵
  PID:11980
- C:\Windows\System32\xHXPyRn.exe
  C:\Windows\System32\xHXPyRn.exe
  2⤵
  PID:11500
- C:\Windows\System32\hmQPUmT.exe
  C:\Windows\System32\hmQPUmT.exe
  2⤵
  PID:12312
- C:\Windows\System32\WAiInMY.exe
  C:\Windows\System32\WAiInMY.exe
  2⤵
  PID:12368
- C:\Windows\System32\tUnXoiD.exe
  C:\Windows\System32\tUnXoiD.exe
  2⤵
  PID:12388
- C:\Windows\System32\JHFSNNv.exe
  C:\Windows\System32\JHFSNNv.exe
  2⤵
  PID:12420
- C:\Windows\System32\KmDDNFs.exe
  C:\Windows\System32\KmDDNFs.exe
  2⤵
  PID:12444
- C:\Windows\System32\EoYMHPF.exe
  C:\Windows\System32\EoYMHPF.exe
  2⤵
  PID:12472
- C:\Windows\System32\CEyMyPI.exe
  C:\Windows\System32\CEyMyPI.exe
  2⤵
  PID:12496
- C:\Windows\System32\KsrCleV.exe
  C:\Windows\System32\KsrCleV.exe
  2⤵
  PID:12524
- C:\Windows\System32\HFtGhmA.exe
  C:\Windows\System32\HFtGhmA.exe
  2⤵
  PID:12552
- C:\Windows\System32\VPUwzfg.exe
  C:\Windows\System32\VPUwzfg.exe
  2⤵
  PID:12604
- C:\Windows\System32\etDjDUs.exe
  C:\Windows\System32\etDjDUs.exe
  2⤵
  PID:12628
- C:\Windows\System32\ySRVmIS.exe
  C:\Windows\System32\ySRVmIS.exe
  2⤵
  PID:12652
- C:\Windows\System32\kwOAnzK.exe
  C:\Windows\System32\kwOAnzK.exe
  2⤵
  PID:12684
- C:\Windows\System32\javjDzo.exe
  C:\Windows\System32\javjDzo.exe
  2⤵
  PID:12720
- C:\Windows\System32\MxQcjBW.exe
  C:\Windows\System32\MxQcjBW.exe
  2⤵
  PID:12736
- C:\Windows\System32\HpNahbr.exe
  C:\Windows\System32\HpNahbr.exe
  2⤵
  PID:12760
- C:\Windows\System32\uhEStUu.exe
  C:\Windows\System32\uhEStUu.exe
  2⤵
  PID:12804
- C:\Windows\System32\awkEvaP.exe
  C:\Windows\System32\awkEvaP.exe
  2⤵
  PID:12828
- C:\Windows\System32\aDZnUJt.exe
  C:\Windows\System32\aDZnUJt.exe
  2⤵
  PID:12848
- C:\Windows\System32\atiJFIn.exe
  C:\Windows\System32\atiJFIn.exe
  2⤵
  PID:12868
- C:\Windows\System32\cjykmpR.exe
  C:\Windows\System32\cjykmpR.exe
  2⤵
  PID:12892
- C:\Windows\System32\CtRicAl.exe
  C:\Windows\System32\CtRicAl.exe
  2⤵
  PID:12924
- C:\Windows\System32\dToXmal.exe
  C:\Windows\System32\dToXmal.exe
  2⤵
  PID:12964
- C:\Windows\System32\jpKbmZY.exe
  C:\Windows\System32\jpKbmZY.exe
  2⤵
  PID:12996
- C:\Windows\System32\aBbYwOI.exe
  C:\Windows\System32\aBbYwOI.exe
  2⤵
  PID:13024
- C:\Windows\System32\KopGGVZ.exe
  C:\Windows\System32\KopGGVZ.exe
  2⤵
  PID:13052
- C:\Windows\System32\KFLyIGT.exe
  C:\Windows\System32\KFLyIGT.exe
  2⤵
  PID:13108
- C:\Windows\System32\lgdPGdM.exe
  C:\Windows\System32\lgdPGdM.exe
  2⤵
  PID:13132
- C:\Windows\System32\maLovWa.exe
  C:\Windows\System32\maLovWa.exe
  2⤵
  PID:13176
- C:\Windows\System32\mhDLXxE.exe
  C:\Windows\System32\mhDLXxE.exe
  2⤵
  PID:13204
- C:\Windows\System32\obmyziW.exe
  C:\Windows\System32\obmyziW.exe
  2⤵
  PID:13232
- C:\Windows\System32\viJGqeH.exe
  C:\Windows\System32\viJGqeH.exe
  2⤵
  PID:13260
- C:\Windows\System32\bxiEQAm.exe
  C:\Windows\System32\bxiEQAm.exe
  2⤵
  PID:13276
- C:\Windows\System32\ZrDdNjD.exe
  C:\Windows\System32\ZrDdNjD.exe
  2⤵
  PID:13304
- C:\Windows\System32\AkVJkiE.exe
  C:\Windows\System32\AkVJkiE.exe
  2⤵
  PID:12328
- C:\Windows\System32\rrAOHDp.exe
  C:\Windows\System32\rrAOHDp.exe
  2⤵
  PID:12304
- C:\Windows\System32\MMzLlPa.exe
  C:\Windows\System32\MMzLlPa.exe
  2⤵
  PID:12416
- C:\Windows\System32\PguISwb.exe
  C:\Windows\System32\PguISwb.exe
  2⤵
  PID:12512
- C:\Windows\System32\NQaziDt.exe
  C:\Windows\System32\NQaziDt.exe
  2⤵
  PID:12540
- C:\Windows\System32\zfZmCbZ.exe
  C:\Windows\System32\zfZmCbZ.exe
  2⤵
  PID:12648
- C:\Windows\System32\VahACKz.exe
  C:\Windows\System32\VahACKz.exe
  2⤵
  PID:12712
- C:\Windows\System32\aruQgJM.exe
  C:\Windows\System32\aruQgJM.exe
  2⤵
  PID:12752
- C:\Windows\System32\yEzUKqr.exe
  C:\Windows\System32\yEzUKqr.exe
  2⤵
  PID:12820
- C:\Windows\System32\MLTtpBS.exe
  C:\Windows\System32\MLTtpBS.exe
  2⤵
  PID:12900
- C:\Windows\System32\TARzCjt.exe
  C:\Windows\System32\TARzCjt.exe
  2⤵
  PID:12912
- C:\Windows\System32\VfyzcZf.exe
  C:\Windows\System32\VfyzcZf.exe
  2⤵
  PID:12988
- C:\Windows\System32\RQHUVGs.exe
  C:\Windows\System32\RQHUVGs.exe
  2⤵
  PID:13048
- C:\Windows\System32\HxKFkFu.exe
  C:\Windows\System32\HxKFkFu.exe
  2⤵
  PID:13116
- C:\Windows\System32\OaGAUdt.exe
  C:\Windows\System32\OaGAUdt.exe
  2⤵
  PID:13192
- C:\Windows\System32\OnpPkdV.exe
  C:\Windows\System32\OnpPkdV.exe
  2⤵
  PID:11456
- C:\Windows\System32\UZdTXPY.exe
  C:\Windows\System32\UZdTXPY.exe
  2⤵
  PID:13268
- C:\Windows\System32\eHcUbAN.exe
  C:\Windows\System32\eHcUbAN.exe
  2⤵
  PID:12232
- C:\Windows\System32\iWPRqMB.exe
  C:\Windows\System32\iWPRqMB.exe
  2⤵
  PID:12380
- C:\Windows\System32\MyVuPqx.exe
  C:\Windows\System32\MyVuPqx.exe
  2⤵
  PID:12600
- C:\Windows\System32\CPvhpyc.exe
  C:\Windows\System32\CPvhpyc.exe
  2⤵
  PID:12728
- C:\Windows\System32\LzDSgpn.exe
  C:\Windows\System32\LzDSgpn.exe
  2⤵
  PID:12884
- C:\Windows\System32\HwslMms.exe
  C:\Windows\System32\HwslMms.exe
  2⤵
  PID:12908
- C:\Windows\System32\UqiKgNE.exe
  C:\Windows\System32\UqiKgNE.exe
  2⤵
  PID:12956
- C:\Windows\System32\AnMKCLC.exe
  C:\Windows\System32\AnMKCLC.exe
  2⤵
  PID:13288
- C:\Windows\System32\LzTCTTe.exe
  C:\Windows\System32\LzTCTTe.exe
  2⤵
  PID:12488
- C:\Windows\System32\TsAVVou.exe
  C:\Windows\System32\TsAVVou.exe
  2⤵
  PID:13008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3468,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
1⤵
PID:7464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BDjZRIU.exe

Filesize
1.8MB

MD5
0bdcd7470d1fc2914a2e55b20c0d5577

SHA1
06dca7b5eaf55b9b2d97584c482ba9762247c9aa

SHA256
7adf06fa6ec37a8d698a7621d9d6c34f135c7b6add94f6326ebe44b72f5f7ac4

SHA512
6dbaf9c1a3f455726bf329d2dbf6035e2a52d29bfcc1535defc3920709dd45a206dc22176a79af84d61e254701853f5ef54ae98b16638fbd6649e831d311eb72

Download Submit
C:\Windows\System32\DvtDcew.exe

Filesize
1.8MB

MD5
60056af1cbeb9690c65c591d3335ffdc

SHA1
debf6c976cd1cfbcfce7480436707e86c2d91734

SHA256
569a043d628c7411cfcb464e69745ae25f958d505a09504a52895d69fc182908

SHA512
50d39a2fa72027f35b000029982783a2aae169bb1357ac8ab68d20d808ffd995d151d46d22d7b7685793ba5b20e7ba071e61cfe74bf14f6468b3ba4e87fdc8c3

Download Submit
C:\Windows\System32\EICzgte.exe

Filesize
1.8MB

MD5
a82652f5f6cd12da5404d2eb9d189664

SHA1
ec3e41a0d08b90d7fd47f6aeb160cbc2776ccf2f

SHA256
4f46ddf8592d2af42d2af735afb98bdf98e22e1aa677f536e80f0d87e87118b2

SHA512
a2e4ccb6b919b1d902196aa4d0e134515406787c71552c42189bf6a9408ce6ae43ad8f65b4539ecf9bb00acf22d821acc92539d377649ca4a0cc3efca850f525

Download Submit
C:\Windows\System32\FcxHLwb.exe

Filesize
1.8MB

MD5
ea71cb2ed7fc58f647356e7ca21e211c

SHA1
e368b5728e6b00f3e5b0f268b0e3ed5d098919e1

SHA256
3307c08ce72acdaee3f9f06cafa92104634c750a098eeeb0b693a2f499007d32

SHA512
8eb87daa1860a146ba74635d3fccc70512f8cb6f1f8535233776bf3f18769e3ebff099a0f81c70f89fd487f1a0b8e914273da4f9053383027ba5b8033fc5e36c

Download Submit
C:\Windows\System32\JYDPCtI.exe

Filesize
1.8MB

MD5
a3d6d6752f452eb6f388a80112e12809

SHA1
29ab03d29b706f17a48d8a7466120cccdee05af8

SHA256
d2b2e119d23814f72a0f9e3fa94bb1ead8f718b05938f944fecf1f31d8c33987

SHA512
97d07e496706f01c95bc7372ea7352725e24927c08db594bc77f74060939ebbdfc06b9da7f08f80dbfb4a646780b4285f797bff58ca21cff860975f1dd568467

Download Submit
C:\Windows\System32\KtAVmJw.exe

Filesize
1.8MB

MD5
6e4dc06bdb0f4e27579a70af08908244

SHA1
875769caa2ea79066af3ab2b81643a50bc882092

SHA256
aa96f2baa0e71ac88f12ab8b21c60297df05424cfed387846fdb0af85600c312

SHA512
6421616dfa016daae77879a9bb91a3c59e1571fa44353243fe3406d47f64dbc0d9cf82c59e2bbc3226ada30d41aef5cce5836ece0636d5e84b10ccf1c312d38a

Download Submit
C:\Windows\System32\NLLOZSi.exe

Filesize
1.8MB

MD5
6c3a7bfd812d4b679289d5b6bb6a34ae

SHA1
38f758a12c0197f3b1614da275df4c17cb1ae11d

SHA256
89a0c885dc55d478d5dadfe5d22de428cd7a815e7353354cd2c3e60ebe02dbb6

SHA512
0c2969af9eb23f9a753b6ea5e881d8e4f092dbecb00e6571866c41b566ebad6f64465f8e9307b49148b4513f933d9d2c606614d2af9235a70ce99830ae93cfef

Download Submit
C:\Windows\System32\OMrXUCe.exe

Filesize
1.8MB

MD5
4d0aaf5fc6cef183ff941531334533ef

SHA1
bbe1c9cb90048b310655b44f2baba8c39f54a24d

SHA256
96077e866a55359e93428b28ffc194c348c12285ebca9cfc351c252774112fdf

SHA512
81ad64dbda5e1ef68ecb62e8a974382707221f8e0e5b1207d9cbfd801e50858feaab5ae60495ba25548939e202de83ffc538f3a3d08278dce75bb430f0611ba2

Download Submit
C:\Windows\System32\OxJyCGH.exe

Filesize
1.8MB

MD5
d7cabe3d3347e00d83bfed0fa0d3c74b

SHA1
7f463707dfcea3d07858a5b4eece2c29cf7e2b81

SHA256
104d928631557e6dea5f20406b64f5cbed3bb8614086cba1fd577c63ad7a979a

SHA512
71f5b72dd5ea77624002a4df28b86c2feb4fef92ac55acfaf61d462a5b994af2a6982efb83d46e80d91f6874fc5cfc3d6598ab6f51f642ed6e9e9ae8d0be1db1

Download Submit
C:\Windows\System32\SKsqTgn.exe

Filesize
1.8MB

MD5
21355bbc1b38b82749befb5ef93ba002

SHA1
0fb5f1213113d7815514432a2863320b38557080

SHA256
9b10d29cc6db2eee69dd95c2d9057e13b34718d46da9af47e01d4855b08fc60e

SHA512
ce1914020dfb97cbc071b00e26f5e89ea8886ca9cb1f7e14c45eced5c216e5de847aac08ab0ea1ace4fb5b897ab3594462cf7e8d66545f62e09b6f2a7eee8514

Download Submit
C:\Windows\System32\SLUIDMB.exe

Filesize
1.8MB

MD5
3b479a692280ebeb2ee8dec24e69b57d

SHA1
9b917e5d2f7c5cd80211d585b4ea422aa11e9edf

SHA256
c398cd371a4a1e7d9d7fe5e71f11cb546f24404a2af281c53cd6c020f7a44f70

SHA512
1725dee9e43445e9b997ae28fde7f8f5faf57deb154d6193f1805942a4550231f1d30bb35e559dfe7b86cb372f38433f162d4de5eb1172d510baef42a3934a5f

Download Submit
C:\Windows\System32\UNfzSzG.exe

Filesize
1.8MB

MD5
32fc69672a5a0c9ab57812b9eace3d00

SHA1
53d952b6ff8563339f8bda4330fa2f781859d2e8

SHA256
a007de9f1f3fe3c5c8f8759e511bb95531cec03a46dd3f781ab12a22f9f4b2c3

SHA512
d9d2dca48f2929e3564628c715c36b758f4096487f892f9cadf562233322de6e8051d4cbb9b1ec05f10557594fd31d2cbd55c6b87a0f1db8a577f303d36b5708

Download Submit
C:\Windows\System32\VaAKOWn.exe

Filesize
1.8MB

MD5
5f7e82fceecd09d8e30b147c648da79a

SHA1
650fc0ef6f084bf785b92b4a8f296d7355677a08

SHA256
02764e570a445b2255d907b41ecd180e5b252d5f7f7595edb80b838d474783f6

SHA512
ad356f21f59564078fdc5a5832024e14307f0dfaab1fe74741112db58b082b6a2b5d9128cb50ac83dcd661f33ea16a6c4b9b374c6646a75d37e525442cdfed8e

Download Submit
C:\Windows\System32\XClwqsu.exe

Filesize
1.8MB

MD5
f27be70235420d07b4e5580c2709f1cc

SHA1
009c2b9404a4d3ffef18431d4934f3d99e932d55

SHA256
cac47e7ddb10e36a253a8051076a31905d53d07107341abff41635bf480758a0

SHA512
d0051c8eadc7704e3db3c0a3e2ae89ba2be98548b4a492780b833b472a764faea76a1317a5317251b3c00a678a11a54bea652b5eec87d6a3208f1d67c3d50892

Download Submit
C:\Windows\System32\XCvjstc.exe

Filesize
1.8MB

MD5
1d6bd41b9baf5b846a0c1dffeb6d33b8

SHA1
9f2f6af942b75fb92c2aba8b29b736159b4fb219

SHA256
c82fc99edb2525fad382be95db42bd71a5355642c694ad338d6c0d53411a6368

SHA512
e09bb71d7136f5ec9b6eaa14068ccdca04a970641cdcc44a98922133c61e7f7e82f3587408df44c24e3609598670a692b79906f47111a67c21361d51ac02364a

Download Submit
C:\Windows\System32\XFtyMPJ.exe

Filesize
1.8MB

MD5
fdb2b84e0efe2762c5345b604e45a1f4

SHA1
3dd731792f6b017995b032177e5ea2a6f6e08262

SHA256
6ed7caf51ff47dc9a340dfea36359a44df0fe99f27769235775fb907f19961bf

SHA512
cdcfcae1d2ca69e23b6e4eb86411061206824c02f62ad7324d739db152322651a5a74bf920581a4cb6de7315e6f6fa915d382ab78c5cfe303b287cb94dee5075

Download Submit
C:\Windows\System32\YfkeoCX.exe

Filesize
1.8MB

MD5
6714b6bcd4fa0543070997d77f0cc3ad

SHA1
75e5bbd75063a7d67f801279fd011e33dda7c3c1

SHA256
7b778f12dcfbd98d103ab2049082e6fed01b70da19463a825a5f703f8fa97c80

SHA512
6acaada6c3d10e13d6561b36b36d7a9979b13e0e1b85dd7e0f16cb220fb4882caf55dbaaf77f475de7a5a8f2eba54c2dc9a2d1de012f50e846337d73aa729579

Download Submit
C:\Windows\System32\YsqYpMO.exe

Filesize
1.8MB

MD5
1f6d9aed19c4ba5795506aabd60fb049

SHA1
fcd221c00b6492da36be03b71f2051787c337aed

SHA256
25aecc3dcaf3ecf4dddf0cb715c08b8d0ac5096679e83894a2a3eb4b303388eb

SHA512
c4a19f1efc6120600bf9d8fb37be3333a713aab9fe7181ebca9ccc129e247e56a186b519c94ccd87dacae1b36036c9141a6f660f7172b507e31dca7d84bf6581

Download Submit
C:\Windows\System32\budYoxO.exe

Filesize
1.8MB

MD5
da50d1cead8c2abd9bafa42b8a32a6e4

SHA1
250341042931a1e0a19c8cbbc8c2721478235755

SHA256
8f133622289de54fa9549df1bd25e9dbe522b8db497037e6fa8ae95d7f83f404

SHA512
1480db12b91689ead8acc34c69ff8e4303aecd267e0843499a681b74b186d9ef8ee744372021cb16b2346cd97a1e12e265d216d571db41c09136ff4ab51f4b11

Download Submit
C:\Windows\System32\ePtIhao.exe

Filesize
1.8MB

MD5
08b9e34544f66c26129b65bea664d22a

SHA1
a5fe34394ff6d82e0a95390a69a3710e08f67f7f

SHA256
c677a50320f999eabe95b5b1530fac4fd65f34e4cedb631767c983140d0cc147

SHA512
5f9617788a9270c22c20275ebc51ea15ddbf4ec39f38799ce32151bae23a15a1e0de0e35d02a96d1b0f050cab6cafbde6a36e8df3f58e897297715b294465d0f

Download Submit
C:\Windows\System32\gWsKIUj.exe

Filesize
1.8MB

MD5
8f140da8167c833ca58e5f0929801c23

SHA1
5c4224aa1f52bcc7ab31f79e817fa43989222444

SHA256
5d613155433f7839f7db4742c1980c2b603567222f70a4540b77316dce40a642

SHA512
056b2b238902e48116b2f85bc0b3f5d3ed741f42faeb71c9d967af138368f01e3548bf4e95f306c1239bf31933f429a078f167a75cafb7faa50be742f51c5a2b

Download Submit
C:\Windows\System32\hIosKFi.exe

Filesize
1.8MB

MD5
d71629948518afe02cc1b96e9e116165

SHA1
837e07264ae8f485f0ed027f7505b64788335793

SHA256
25e6efbfd39a4df094a635b14f9f4bdd9dc2002133dc5c8aec5cc67682069fae

SHA512
18c727cb23d01ef0db202e03f224a6ac9a5b627cfdd134b171b8682643bb53aba01ff09620748b8f33984d2e21eaeb5d8f64eab888faa3081b708e8144e7c7ae

Download Submit
C:\Windows\System32\hXGuXxc.exe

Filesize
1.8MB

MD5
07c0e1c0d61877ed7a60bb6750426f4b

SHA1
1af7c3b53359a57f898bc96a5cea5501d7e1a275

SHA256
35d25587da677a82fe08db6f141d3fe1841900fdd90fd8cbef74ff12d1c3b2e3

SHA512
e64580ce8e8c11eb539958e47d5bf9dcd8c9855be47a6fde13a8cbe6d6d19dc29f78958dd76880e9556fd41f0044be17d6537af87fb87b78c7f0f237d120b5d7

Download Submit
C:\Windows\System32\iPiivkE.exe

Filesize
1.8MB

MD5
cc6d8ff815394b3420f4dbfe3562e0f2

SHA1
369f35b434aa56f02ea1622a3dfb16f878bd471f

SHA256
9fbd111ce6440ed9796c33f1c63235afa7eab4dc34b3330876f5ac3a18bd7a9c

SHA512
24cd20ddb4d1698810126b915d0ebfb69f564df125d7e6183c90b10797abf6ce1c1824d701ed80fad56e3f9ba1ef9d0ac13b9919c5ba7c7c42749cc9c445e307

Download Submit
C:\Windows\System32\kHkMUSc.exe

Filesize
1.8MB

MD5
07136f12adb463c4b8f68c1a13ec44fb

SHA1
a88f24027988f9c9ea3b40ecf1403fb1116d8da7

SHA256
db6d1da649762dc3d91de9b30753a54e89b3d15597a22abf993cfeafa37cc266

SHA512
f91d986c715c16eaf4f8bd354d7f1e49250c84ccdc1fba30a4b24fa4143616a3be6a76fa64a93e0f2f5b26df4c4cae2819b8bbd90fcdfe5c89f3e175ba39234f

Download Submit
C:\Windows\System32\kYqazzP.exe

Filesize
1.8MB

MD5
4344102efe18fdb519c9164d61f2c0c8

SHA1
64b6fc5aab4c397cd563f545b19bdb02b11bce16

SHA256
8e798eb7beeec496423733e599b5fe8274d819bf495040535ded1b15dd8293c8

SHA512
ca936e7c4784235f92a2740362569103d24ede8ccf49b4ab918b61765b3c0ae3e32562239280dd1accb9645ce2627af387d503e47874411e637e20d4593c4b89

Download Submit
C:\Windows\System32\mgroyfn.exe

Filesize
1.8MB

MD5
c69551346f2f157bc41c9c3ddb3fcf25

SHA1
8c67c009739d3bb525ea0dfb935438024bbde209

SHA256
3f6ca836bcf3a047f9538bbebbde2fdab6e116de59e1d12b2ce852fb220bd341

SHA512
2ceffc13f24387ca9486abc431ba6986dded9231b22c4deba1fb003248a5413d48d6f452f7e8f77c4080b8fc9e1fe34fefea2a6cec02bcc8dc98d698af72d931

Download Submit
C:\Windows\System32\nbaSiHC.exe

Filesize
1.8MB

MD5
b13bd882b7acb3e94c96fa91c41793f7

SHA1
6a091d76c82ad983058fc8b7d4c8765a880b440b

SHA256
4c2ea9a726dc5f46d3190bbb5d429bf6937615ff0d423db68530330b27af21cc

SHA512
88b6453ae326f60801df120678913e35ecacf6d9160bea85f2a9929582a490a64331e6925ee2d565e3f6bc61968672f92d4853eba0f7d1df6be9e87100959b32

Download Submit
C:\Windows\System32\nexEpah.exe

Filesize
1.8MB

MD5
4b445d05b544e752ea74f55914011afa

SHA1
8bae6113c94ff0476c8e21cfd51014f872ea45f9

SHA256
aa78b3d8f3cd37582f735827e84c21d62ab0821e8fa4255a084597939be39bd9

SHA512
15fbbb1a7e2cb99a327f6770825f9631d48fc1af7c6ba0d290807737dce1174aa630a094841a92b152bf7f3b44bb66cb350b25d83a02362e10273a3444582462

Download Submit
C:\Windows\System32\topMvXY.exe

Filesize
1.8MB

MD5
579ec5df41e5218445df5fbbf177bf03

SHA1
3138afcda8bfe86a2e9fe7453ffe3177a261258e

SHA256
e0e2b6368a213175c16a212d59c800317e863c921ee782cd7299680e4ae4dcd7

SHA512
a6927e0312f5b9d142c3e3576a02dcbe08c52e2fef305ef8f1720c4ffe8c8e751cca5970264c62e9ea097f5b6ee64aebee6bae08b3e15d3c6d9dd43803b26679

Download Submit
C:\Windows\System32\yEhPWoi.exe

Filesize
1.8MB

MD5
96b96839d7d4b978e13fde948ab27bd7

SHA1
9b5cc2345b374d929beded58a5212a80d9c2f27d

SHA256
18a58ed37a497888cb57cf30c78364672163cbbce7ae9362ee09641038a014c1

SHA512
5158d519d9bc2ce3208f28059272a55cc54125f3d30d563cacf2b29e10d7d01f1b9204758ad3a70728fd26de61fad3780cac3cf1918ccede229cbfa081011643

Download Submit
C:\Windows\System32\zuUWBrY.exe

Filesize
1.8MB

MD5
4d3a267b0a9226266ccf2d59e4fd3799

SHA1
83805f3c868f494722e683c3b8a64d161af04dad

SHA256
f4e227a0baa0f481792b4779be94a71c8bf51ac17823d3dc004a8c53cca3841f

SHA512
cd4be5573285c9ff9bf1e380fc3b2247ea04b5f9fe17be664b8cba7d360f0a5ee1d9b0207d9295f96bf69eced00c70bf2daaca3f3f08f0dc3d8b0b799b1de51c

Download Submit
memory/380-2022-0x00007FF768E30000-0x00007FF769221000-memory.dmp

Filesize
3.9MB

Download
memory/380-370-0x00007FF768E30000-0x00007FF769221000-memory.dmp

Filesize
3.9MB

Download
memory/512-2033-0x00007FF6923F0000-0x00007FF6927E1000-memory.dmp

Filesize
3.9MB

Download
memory/512-374-0x00007FF6923F0000-0x00007FF6927E1000-memory.dmp

Filesize
3.9MB

Download
memory/1872-369-0x00007FF7C4D80000-0x00007FF7C5171000-memory.dmp

Filesize
3.9MB

Download
memory/1872-2015-0x00007FF7C4D80000-0x00007FF7C5171000-memory.dmp

Filesize
3.9MB

Download
memory/1924-1351-0x00007FF670490000-0x00007FF670881000-memory.dmp

Filesize
3.9MB

Download
memory/1924-14-0x00007FF670490000-0x00007FF670881000-memory.dmp

Filesize
3.9MB

Download
memory/1924-1989-0x00007FF670490000-0x00007FF670881000-memory.dmp

Filesize
3.9MB

Download
memory/2008-367-0x00007FF791BA0000-0x00007FF791F91000-memory.dmp

Filesize
3.9MB

Download
memory/2008-0-0x00007FF791BA0000-0x00007FF791F91000-memory.dmp

Filesize
3.9MB

Download
memory/2008-1973-0x00007FF791BA0000-0x00007FF791F91000-memory.dmp

Filesize
3.9MB

Download
memory/2008-1-0x00000244088F0000-0x0000024408900000-memory.dmp

Filesize
64KB

Download
memory/2088-108-0x00007FF7BBE00000-0x00007FF7BC1F1000-memory.dmp

Filesize
3.9MB

Download
memory/2088-2013-0x00007FF7BBE00000-0x00007FF7BC1F1000-memory.dmp

Filesize
3.9MB

Download
memory/2404-2031-0x00007FF7F9800000-0x00007FF7F9BF1000-memory.dmp

Filesize
3.9MB

Download
memory/2404-371-0x00007FF7F9800000-0x00007FF7F9BF1000-memory.dmp

Filesize
3.9MB

Download
memory/2500-36-0x00007FF79BBB0000-0x00007FF79BFA1000-memory.dmp

Filesize
3.9MB

Download
memory/2500-1997-0x00007FF79BBB0000-0x00007FF79BFA1000-memory.dmp

Filesize
3.9MB

Download
memory/2500-1933-0x00007FF79BBB0000-0x00007FF79BFA1000-memory.dmp

Filesize
3.9MB

Download
memory/2544-2003-0x00007FF777760000-0x00007FF777B51000-memory.dmp

Filesize
3.9MB

Download
memory/2544-69-0x00007FF777760000-0x00007FF777B51000-memory.dmp

Filesize
3.9MB

Download
memory/2644-2029-0x00007FF63AB60000-0x00007FF63AF51000-memory.dmp

Filesize
3.9MB

Download
memory/2644-372-0x00007FF63AB60000-0x00007FF63AF51000-memory.dmp

Filesize
3.9MB

Download
memory/2856-1999-0x00007FF63CCE0000-0x00007FF63D0D1000-memory.dmp

Filesize
3.9MB

Download
memory/2856-46-0x00007FF63CCE0000-0x00007FF63D0D1000-memory.dmp

Filesize
3.9MB

Download
memory/2892-1996-0x00007FF78BA20000-0x00007FF78BE11000-memory.dmp

Filesize
3.9MB

Download
memory/2892-30-0x00007FF78BA20000-0x00007FF78BE11000-memory.dmp

Filesize
3.9MB

Download
memory/2952-100-0x00007FF688B90000-0x00007FF688F81000-memory.dmp

Filesize
3.9MB

Download
memory/2952-2011-0x00007FF688B90000-0x00007FF688F81000-memory.dmp

Filesize
3.9MB

Download
memory/2960-1991-0x00007FF791D70000-0x00007FF792161000-memory.dmp

Filesize
3.9MB

Download
memory/2960-1768-0x00007FF791D70000-0x00007FF792161000-memory.dmp

Filesize
3.9MB

Download
memory/2960-21-0x00007FF791D70000-0x00007FF792161000-memory.dmp

Filesize
3.9MB

Download
memory/3576-1947-0x00007FF739020000-0x00007FF739411000-memory.dmp

Filesize
3.9MB

Download
memory/3576-96-0x00007FF739020000-0x00007FF739411000-memory.dmp

Filesize
3.9MB

Download
memory/3576-2026-0x00007FF739020000-0x00007FF739411000-memory.dmp

Filesize
3.9MB

Download
memory/3820-1993-0x00007FF615A50000-0x00007FF615E41000-memory.dmp

Filesize
3.9MB

Download
memory/3820-24-0x00007FF615A50000-0x00007FF615E41000-memory.dmp

Filesize
3.9MB

Download
memory/3820-1770-0x00007FF615A50000-0x00007FF615E41000-memory.dmp

Filesize
3.9MB

Download
memory/4008-2023-0x00007FF71E290000-0x00007FF71E681000-memory.dmp

Filesize
3.9MB

Download
memory/4008-103-0x00007FF71E290000-0x00007FF71E681000-memory.dmp

Filesize
3.9MB

Download
memory/4152-90-0x00007FF64F240000-0x00007FF64F631000-memory.dmp

Filesize
3.9MB

Download
memory/4152-2001-0x00007FF64F240000-0x00007FF64F631000-memory.dmp

Filesize
3.9MB

Download
memory/4180-2009-0x00007FF658700000-0x00007FF658AF1000-memory.dmp

Filesize
3.9MB

Download
memory/4180-106-0x00007FF658700000-0x00007FF658AF1000-memory.dmp

Filesize
3.9MB

Download
memory/4624-2020-0x00007FF687560000-0x00007FF687951000-memory.dmp

Filesize
3.9MB

Download
memory/4624-1948-0x00007FF687560000-0x00007FF687951000-memory.dmp

Filesize
3.9MB

Download
memory/4624-110-0x00007FF687560000-0x00007FF687951000-memory.dmp

Filesize
3.9MB

Download
memory/4676-2005-0x00007FF78CAB0000-0x00007FF78CEA1000-memory.dmp

Filesize
3.9MB

Download
memory/4676-76-0x00007FF78CAB0000-0x00007FF78CEA1000-memory.dmp

Filesize
3.9MB

Download
memory/4676-1934-0x00007FF78CAB0000-0x00007FF78CEA1000-memory.dmp

Filesize
3.9MB

Download
memory/4708-823-0x00007FF7A7970000-0x00007FF7A7D61000-memory.dmp

Filesize
3.9MB

Download
memory/4708-1987-0x00007FF7A7970000-0x00007FF7A7D61000-memory.dmp

Filesize
3.9MB

Download
memory/4708-9-0x00007FF7A7970000-0x00007FF7A7D61000-memory.dmp

Filesize
3.9MB

Download
memory/4728-111-0x00007FF6EFBD0000-0x00007FF6EFFC1000-memory.dmp

Filesize
3.9MB

Download
memory/4728-1971-0x00007FF6EFBD0000-0x00007FF6EFFC1000-memory.dmp

Filesize
3.9MB

Download
memory/4728-2018-0x00007FF6EFBD0000-0x00007FF6EFFC1000-memory.dmp

Filesize
3.9MB

Download
memory/4872-81-0x00007FF741DA0000-0x00007FF742191000-memory.dmp

Filesize
3.9MB

Download
memory/4872-2007-0x00007FF741DA0000-0x00007FF742191000-memory.dmp

Filesize
3.9MB

Download
memory/4872-1946-0x00007FF741DA0000-0x00007FF742191000-memory.dmp

Filesize
3.9MB

Download
memory/4932-2027-0x00007FF639290000-0x00007FF639681000-memory.dmp

Filesize
3.9MB

Download
memory/4932-94-0x00007FF639290000-0x00007FF639681000-memory.dmp

Filesize
3.9MB

Download
memory/4932-1935-0x00007FF639290000-0x00007FF639681000-memory.dmp

Filesize
3.9MB

Download