xmrig | 4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
Size

1.8MB
MD5

c421f9a4780a4052cf7cac7af56cb110
SHA1

b55362721c490960ac731ee7bb1c5ea31817ed7c
SHA256

4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4
SHA512

8630e38862b91ad5df9d4d3504160a14277b589b19e67c0d6db534ac5785fe4944fe6cf7939910eb1de1773c5a3223c55cffda95ea264c3e01e4ed4ce34da62b
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5Pbcq92zjP+sjI1XPl9fNZA6opD7U138HRFY+:knw9oUUEEDl37jcq4nPUjfNiFWGM+x

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/3624-422-0x00007FF720BE0000-0x00007FF720FD1000-memory.dmp	xmrig
behavioral2/memory/1944-434-0x00007FF76B6F0000-0x00007FF76BAE1000-memory.dmp	xmrig
behavioral2/memory/3084-441-0x00007FF749FF0000-0x00007FF74A3E1000-memory.dmp	xmrig
behavioral2/memory/2904-459-0x00007FF7946B0000-0x00007FF794AA1000-memory.dmp	xmrig
behavioral2/memory/4544-426-0x00007FF75B1E0000-0x00007FF75B5D1000-memory.dmp	xmrig
behavioral2/memory/1076-472-0x00007FF7A9F50000-0x00007FF7AA341000-memory.dmp	xmrig
behavioral2/memory/716-473-0x00007FF70F750000-0x00007FF70FB41000-memory.dmp	xmrig
behavioral2/memory/2600-492-0x00007FF625B00000-0x00007FF625EF1000-memory.dmp	xmrig
behavioral2/memory/1740-497-0x00007FF6CF680000-0x00007FF6CFA71000-memory.dmp	xmrig
behavioral2/memory/4564-504-0x00007FF71B8B0000-0x00007FF71BCA1000-memory.dmp	xmrig
behavioral2/memory/2300-502-0x00007FF63F9D0000-0x00007FF63FDC1000-memory.dmp	xmrig
behavioral2/memory/3980-489-0x00007FF6DD120000-0x00007FF6DD511000-memory.dmp	xmrig
behavioral2/memory/3092-484-0x00007FF7FB240000-0x00007FF7FB631000-memory.dmp	xmrig
behavioral2/memory/1080-481-0x00007FF761650000-0x00007FF761A41000-memory.dmp	xmrig
behavioral2/memory/4452-478-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp	xmrig
behavioral2/memory/3324-462-0x00007FF687920000-0x00007FF687D11000-memory.dmp	xmrig
behavioral2/memory/1516-25-0x00007FF6EDCD0000-0x00007FF6EE0C1000-memory.dmp	xmrig
behavioral2/memory/860-1992-0x00007FF6C3EE0000-0x00007FF6C42D1000-memory.dmp	xmrig
behavioral2/memory/64-1998-0x00007FF703C30000-0x00007FF704021000-memory.dmp	xmrig
behavioral2/memory/468-1999-0x00007FF604420000-0x00007FF604811000-memory.dmp	xmrig
behavioral2/memory/2524-2000-0x00007FF62D510000-0x00007FF62D901000-memory.dmp	xmrig
behavioral2/memory/2948-2001-0x00007FF65B6D0000-0x00007FF65BAC1000-memory.dmp	xmrig
behavioral2/memory/3384-2006-0x00007FF7CA440000-0x00007FF7CA831000-memory.dmp	xmrig
behavioral2/memory/1516-2008-0x00007FF6EDCD0000-0x00007FF6EE0C1000-memory.dmp	xmrig
behavioral2/memory/2360-2010-0x00007FF780CB0000-0x00007FF7810A1000-memory.dmp	xmrig
behavioral2/memory/468-2014-0x00007FF604420000-0x00007FF604811000-memory.dmp	xmrig
behavioral2/memory/860-2012-0x00007FF6C3EE0000-0x00007FF6C42D1000-memory.dmp	xmrig
behavioral2/memory/64-2016-0x00007FF703C30000-0x00007FF704021000-memory.dmp	xmrig
behavioral2/memory/2948-2020-0x00007FF65B6D0000-0x00007FF65BAC1000-memory.dmp	xmrig
behavioral2/memory/2524-2018-0x00007FF62D510000-0x00007FF62D901000-memory.dmp	xmrig
behavioral2/memory/3624-2030-0x00007FF720BE0000-0x00007FF720FD1000-memory.dmp	xmrig
behavioral2/memory/2300-2028-0x00007FF63F9D0000-0x00007FF63FDC1000-memory.dmp	xmrig
behavioral2/memory/4564-2026-0x00007FF71B8B0000-0x00007FF71BCA1000-memory.dmp	xmrig
behavioral2/memory/1740-2024-0x00007FF6CF680000-0x00007FF6CFA71000-memory.dmp	xmrig
behavioral2/memory/3384-2022-0x00007FF7CA440000-0x00007FF7CA831000-memory.dmp	xmrig
behavioral2/memory/1944-2034-0x00007FF76B6F0000-0x00007FF76BAE1000-memory.dmp	xmrig
behavioral2/memory/4452-2048-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp	xmrig
behavioral2/memory/716-2050-0x00007FF70F750000-0x00007FF70FB41000-memory.dmp	xmrig
behavioral2/memory/1080-2046-0x00007FF761650000-0x00007FF761A41000-memory.dmp	xmrig
behavioral2/memory/3092-2044-0x00007FF7FB240000-0x00007FF7FB631000-memory.dmp	xmrig
behavioral2/memory/2904-2042-0x00007FF7946B0000-0x00007FF794AA1000-memory.dmp	xmrig
behavioral2/memory/2600-2040-0x00007FF625B00000-0x00007FF625EF1000-memory.dmp	xmrig
behavioral2/memory/1076-2055-0x00007FF7A9F50000-0x00007FF7AA341000-memory.dmp	xmrig
behavioral2/memory/3084-2052-0x00007FF749FF0000-0x00007FF74A3E1000-memory.dmp	xmrig
behavioral2/memory/3324-2038-0x00007FF687920000-0x00007FF687D11000-memory.dmp	xmrig
behavioral2/memory/4544-2032-0x00007FF75B1E0000-0x00007FF75B5D1000-memory.dmp	xmrig
behavioral2/memory/3980-2036-0x00007FF6DD120000-0x00007FF6DD511000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2360	mXGpxls.exe
468	HjGbmcN.exe
1516	jslDpEM.exe
860	FvmQGuJ.exe
2524	mkrGWkV.exe
64	WnaPJZj.exe
3384	TFDgWHf.exe
1740	QcJYvLI.exe
2300	WvKftZQ.exe
2948	AOSjMjT.exe
4564	iqnCpwX.exe
3624	DwQjWUi.exe
4544	hOJWLMw.exe
1944	KiskWjD.exe
3084	AleTrrU.exe
2904	bRvUcPh.exe
3324	RshqDAp.exe
1076	WVKJToQ.exe
716	BXBZbel.exe
4452	VcVrfTb.exe
1080	KVynJOx.exe
3092	qZHPbbV.exe
3980	jCfEXpg.exe
2600	QUcjnvg.exe
2272	PNKtzIz.exe
1828	nnXLgtx.exe
4624	zIaffJk.exe
1464	Fcdxxkg.exe
2244	XQMhqTd.exe
3228	DJLeQiI.exe
1564	oYziTDs.exe
1560	gYGeElt.exe
4272	TWKcJie.exe
2700	ToxJoWF.exe
3124	wYYtSkf.exe
2596	aplFDyp.exe
4892	JseVkbE.exe
3716	nFxQVeX.exe
3136	TUvOira.exe
2276	OmgXmrd.exe
3708	DKTDPRV.exe
2836	RSMdmMZ.exe
1328	vJICGjV.exe
556	wXJSQzM.exe
2944	jeinjnJ.exe
344	fvHDTAV.exe
4412	bXxknLI.exe
2264	eLviMPq.exe
996	quMqZUw.exe
976	YxqeoGd.exe
4880	prOkQnS.exe
3776	AZYtSwt.exe
3248	qeSqpGl.exe
3132	YCtJtTm.exe
2736	YvGFleu.exe
4904	rZkVymq.exe
3536	Ypwvhks.exe
2616	JXFNcmX.exe
3872	wrMjkQO.exe
4136	NejxSzH.exe
2044	iUrdMhe.exe
2544	tUiJDhA.exe
1620	gOZXEPm.exe
4308	wyrMaSb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5092-0-0x00007FF6E5B80000-0x00007FF6E5F71000-memory.dmp	upx
behavioral2/files/0x0008000000023429-5.dat	upx
behavioral2/files/0x000700000002342e-7.dat	upx
behavioral2/memory/2360-13-0x00007FF780CB0000-0x00007FF7810A1000-memory.dmp	upx
behavioral2/files/0x0007000000023433-35.dat	upx
behavioral2/memory/468-42-0x00007FF604420000-0x00007FF604811000-memory.dmp	upx
behavioral2/memory/3384-49-0x00007FF7CA440000-0x00007FF7CA831000-memory.dmp	upx
behavioral2/files/0x0007000000023437-66.dat	upx
behavioral2/files/0x0007000000023439-76.dat	upx
behavioral2/files/0x0007000000023438-81.dat	upx
behavioral2/files/0x000700000002343b-85.dat	upx
behavioral2/files/0x000700000002343f-105.dat	upx
behavioral2/files/0x0007000000023440-116.dat	upx
behavioral2/files/0x0007000000023442-126.dat	upx
behavioral2/files/0x0007000000023445-135.dat	upx
behavioral2/memory/2948-417-0x00007FF65B6D0000-0x00007FF65BAC1000-memory.dmp	upx
behavioral2/files/0x000700000002344b-168.dat	upx
behavioral2/files/0x000700000002344a-163.dat	upx
behavioral2/files/0x0007000000023449-161.dat	upx
behavioral2/memory/3624-422-0x00007FF720BE0000-0x00007FF720FD1000-memory.dmp	upx
behavioral2/files/0x0007000000023448-156.dat	upx
behavioral2/memory/1944-434-0x00007FF76B6F0000-0x00007FF76BAE1000-memory.dmp	upx
behavioral2/memory/3084-441-0x00007FF749FF0000-0x00007FF74A3E1000-memory.dmp	upx
behavioral2/memory/2904-459-0x00007FF7946B0000-0x00007FF794AA1000-memory.dmp	upx
behavioral2/memory/4544-426-0x00007FF75B1E0000-0x00007FF75B5D1000-memory.dmp	upx
behavioral2/files/0x0007000000023447-151.dat	upx
behavioral2/files/0x0007000000023446-146.dat	upx
behavioral2/files/0x0007000000023444-133.dat	upx
behavioral2/files/0x0007000000023443-128.dat	upx
behavioral2/memory/1076-472-0x00007FF7A9F50000-0x00007FF7AA341000-memory.dmp	upx
behavioral2/memory/716-473-0x00007FF70F750000-0x00007FF70FB41000-memory.dmp	upx
behavioral2/memory/2600-492-0x00007FF625B00000-0x00007FF625EF1000-memory.dmp	upx
behavioral2/memory/1740-497-0x00007FF6CF680000-0x00007FF6CFA71000-memory.dmp	upx
behavioral2/memory/4564-504-0x00007FF71B8B0000-0x00007FF71BCA1000-memory.dmp	upx
behavioral2/memory/2300-502-0x00007FF63F9D0000-0x00007FF63FDC1000-memory.dmp	upx
behavioral2/memory/3980-489-0x00007FF6DD120000-0x00007FF6DD511000-memory.dmp	upx
behavioral2/memory/3092-484-0x00007FF7FB240000-0x00007FF7FB631000-memory.dmp	upx
behavioral2/memory/1080-481-0x00007FF761650000-0x00007FF761A41000-memory.dmp	upx
behavioral2/memory/4452-478-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp	upx
behavioral2/memory/3324-462-0x00007FF687920000-0x00007FF687D11000-memory.dmp	upx
behavioral2/files/0x0007000000023441-121.dat	upx
behavioral2/files/0x000700000002343e-103.dat	upx
behavioral2/files/0x000700000002343d-101.dat	upx
behavioral2/files/0x000700000002343c-93.dat	upx
behavioral2/files/0x000700000002343a-84.dat	upx
behavioral2/files/0x0007000000023436-71.dat	upx
behavioral2/files/0x0007000000023434-64.dat	upx
behavioral2/files/0x0007000000023432-52.dat	upx
behavioral2/files/0x0007000000023435-51.dat	upx
behavioral2/files/0x0007000000023430-50.dat	upx
behavioral2/memory/2524-48-0x00007FF62D510000-0x00007FF62D901000-memory.dmp	upx
behavioral2/files/0x0007000000023431-40.dat	upx
behavioral2/files/0x000700000002342d-33.dat	upx
behavioral2/files/0x000700000002342f-36.dat	upx
behavioral2/memory/64-29-0x00007FF703C30000-0x00007FF704021000-memory.dmp	upx
behavioral2/memory/860-27-0x00007FF6C3EE0000-0x00007FF6C42D1000-memory.dmp	upx
behavioral2/memory/1516-25-0x00007FF6EDCD0000-0x00007FF6EE0C1000-memory.dmp	upx
behavioral2/memory/860-1992-0x00007FF6C3EE0000-0x00007FF6C42D1000-memory.dmp	upx
behavioral2/memory/64-1998-0x00007FF703C30000-0x00007FF704021000-memory.dmp	upx
behavioral2/memory/468-1999-0x00007FF604420000-0x00007FF604811000-memory.dmp	upx
behavioral2/memory/2524-2000-0x00007FF62D510000-0x00007FF62D901000-memory.dmp	upx
behavioral2/memory/2948-2001-0x00007FF65B6D0000-0x00007FF65BAC1000-memory.dmp	upx
behavioral2/memory/3384-2006-0x00007FF7CA440000-0x00007FF7CA831000-memory.dmp	upx
behavioral2/memory/1516-2008-0x00007FF6EDCD0000-0x00007FF6EE0C1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\jiTrTjw.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\bvFrLeU.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\utIngcM.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\HIjtMlb.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\VWBZQsa.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\ojbqMwe.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\qjMMrpC.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\FTNchFe.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\DgGmUqe.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\LLZZOpW.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\rvtTvjk.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\tyJtdle.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\DthgeuZ.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\wXELbtq.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\ELTHOPf.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\zaPePVU.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\FZVPUpP.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\HEiuAYx.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\yyJikDv.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\ssAIMFl.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\tRtvoFC.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\MJMgPjC.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\WvKftZQ.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\TvWcvox.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\sQyTacg.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\medWIrP.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\DrtKVtR.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\jzfCqEO.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\rNHWrwo.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\mkrGWkV.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\bXxknLI.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\ITJwztG.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\IwItQRM.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\KfDnuYp.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\NBJhYan.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\VsqcPJL.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\WXQfZki.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\PNKtzIz.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\ByxMwCE.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\QorwHmt.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\oHWCanB.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\AMvJibA.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\RHqHurX.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\bfkybKp.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\nnXLgtx.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\dIWGmkR.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\efRTbbA.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\IEfVGZC.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\LfnQbBa.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\OvPCBBg.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\uGYkMYD.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\labfuls.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\WVKJToQ.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\lxidYxq.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\iewIDxK.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\kSCJRkq.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\UQunzKJ.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\jmVWxMv.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\OknrkAW.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\wDuXiNQ.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\ioATebB.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\ORqhwPE.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\vTssuaO.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
File created	C:\Windows\System32\AleTrrU.exe	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	232	dwm.exe
Token: SeChangeNotifyPrivilege	232	dwm.exe
Token: 33	232	dwm.exe
Token: SeIncBasePriorityPrivilege	232	dwm.exe
Token: SeShutdownPrivilege	232	dwm.exe
Token: SeCreatePagefilePrivilege	232	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 2360	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	83
PID 5092 wrote to memory of 2360	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	83
PID 5092 wrote to memory of 468	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	84
PID 5092 wrote to memory of 468	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	84
PID 5092 wrote to memory of 1516	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	85
PID 5092 wrote to memory of 1516	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	85
PID 5092 wrote to memory of 860	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	86
PID 5092 wrote to memory of 860	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	86
PID 5092 wrote to memory of 2524	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	87
PID 5092 wrote to memory of 2524	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	87
PID 5092 wrote to memory of 64	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	88
PID 5092 wrote to memory of 64	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	88
PID 5092 wrote to memory of 3384	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	89
PID 5092 wrote to memory of 3384	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	89
PID 5092 wrote to memory of 1740	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	90
PID 5092 wrote to memory of 1740	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	90
PID 5092 wrote to memory of 2300	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	91
PID 5092 wrote to memory of 2300	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	91
PID 5092 wrote to memory of 2948	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	92
PID 5092 wrote to memory of 2948	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	92
PID 5092 wrote to memory of 4564	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	93
PID 5092 wrote to memory of 4564	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	93
PID 5092 wrote to memory of 3624	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	94
PID 5092 wrote to memory of 3624	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	94
PID 5092 wrote to memory of 4544	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	95
PID 5092 wrote to memory of 4544	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	95
PID 5092 wrote to memory of 1944	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	96
PID 5092 wrote to memory of 1944	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	96
PID 5092 wrote to memory of 3084	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	97
PID 5092 wrote to memory of 3084	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	97
PID 5092 wrote to memory of 2904	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	98
PID 5092 wrote to memory of 2904	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	98
PID 5092 wrote to memory of 3324	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	99
PID 5092 wrote to memory of 3324	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	99
PID 5092 wrote to memory of 1076	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	100
PID 5092 wrote to memory of 1076	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	100
PID 5092 wrote to memory of 716	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	101
PID 5092 wrote to memory of 716	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	101
PID 5092 wrote to memory of 4452	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	102
PID 5092 wrote to memory of 4452	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	102
PID 5092 wrote to memory of 1080	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	103
PID 5092 wrote to memory of 1080	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	103
PID 5092 wrote to memory of 3092	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	104
PID 5092 wrote to memory of 3092	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	104
PID 5092 wrote to memory of 3980	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	105
PID 5092 wrote to memory of 3980	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	105
PID 5092 wrote to memory of 2600	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	106
PID 5092 wrote to memory of 2600	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	106
PID 5092 wrote to memory of 2272	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	107
PID 5092 wrote to memory of 2272	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	107
PID 5092 wrote to memory of 1828	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	108
PID 5092 wrote to memory of 1828	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	108
PID 5092 wrote to memory of 4624	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	109
PID 5092 wrote to memory of 4624	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	109
PID 5092 wrote to memory of 1464	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	110
PID 5092 wrote to memory of 1464	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	110
PID 5092 wrote to memory of 2244	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	111
PID 5092 wrote to memory of 2244	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	111
PID 5092 wrote to memory of 3228	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	112
PID 5092 wrote to memory of 3228	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	112
PID 5092 wrote to memory of 1564	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	113
PID 5092 wrote to memory of 1564	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	113
PID 5092 wrote to memory of 1560	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	114
PID 5092 wrote to memory of 1560	5092	4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4e8e6b737f455f4e0e4e4f8c1178c902a568aa77361b8b33f5b32601150003c4_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\System32\mXGpxls.exe
  C:\Windows\System32\mXGpxls.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System32\HjGbmcN.exe
  C:\Windows\System32\HjGbmcN.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System32\jslDpEM.exe
  C:\Windows\System32\jslDpEM.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System32\FvmQGuJ.exe
  C:\Windows\System32\FvmQGuJ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System32\mkrGWkV.exe
  C:\Windows\System32\mkrGWkV.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System32\WnaPJZj.exe
  C:\Windows\System32\WnaPJZj.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System32\TFDgWHf.exe
  C:\Windows\System32\TFDgWHf.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System32\QcJYvLI.exe
  C:\Windows\System32\QcJYvLI.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System32\WvKftZQ.exe
  C:\Windows\System32\WvKftZQ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System32\AOSjMjT.exe
  C:\Windows\System32\AOSjMjT.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System32\iqnCpwX.exe
  C:\Windows\System32\iqnCpwX.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System32\DwQjWUi.exe
  C:\Windows\System32\DwQjWUi.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System32\hOJWLMw.exe
  C:\Windows\System32\hOJWLMw.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System32\KiskWjD.exe
  C:\Windows\System32\KiskWjD.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System32\AleTrrU.exe
  C:\Windows\System32\AleTrrU.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System32\bRvUcPh.exe
  C:\Windows\System32\bRvUcPh.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System32\RshqDAp.exe
  C:\Windows\System32\RshqDAp.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System32\WVKJToQ.exe
  C:\Windows\System32\WVKJToQ.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System32\BXBZbel.exe
  C:\Windows\System32\BXBZbel.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System32\VcVrfTb.exe
  C:\Windows\System32\VcVrfTb.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System32\KVynJOx.exe
  C:\Windows\System32\KVynJOx.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System32\qZHPbbV.exe
  C:\Windows\System32\qZHPbbV.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System32\jCfEXpg.exe
  C:\Windows\System32\jCfEXpg.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System32\QUcjnvg.exe
  C:\Windows\System32\QUcjnvg.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System32\PNKtzIz.exe
  C:\Windows\System32\PNKtzIz.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System32\nnXLgtx.exe
  C:\Windows\System32\nnXLgtx.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System32\zIaffJk.exe
  C:\Windows\System32\zIaffJk.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System32\Fcdxxkg.exe
  C:\Windows\System32\Fcdxxkg.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System32\XQMhqTd.exe
  C:\Windows\System32\XQMhqTd.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System32\DJLeQiI.exe
  C:\Windows\System32\DJLeQiI.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System32\oYziTDs.exe
  C:\Windows\System32\oYziTDs.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System32\gYGeElt.exe
  C:\Windows\System32\gYGeElt.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System32\TWKcJie.exe
  C:\Windows\System32\TWKcJie.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System32\ToxJoWF.exe
  C:\Windows\System32\ToxJoWF.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System32\wYYtSkf.exe
  C:\Windows\System32\wYYtSkf.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System32\aplFDyp.exe
  C:\Windows\System32\aplFDyp.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System32\JseVkbE.exe
  C:\Windows\System32\JseVkbE.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System32\nFxQVeX.exe
  C:\Windows\System32\nFxQVeX.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System32\TUvOira.exe
  C:\Windows\System32\TUvOira.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System32\OmgXmrd.exe
  C:\Windows\System32\OmgXmrd.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System32\DKTDPRV.exe
  C:\Windows\System32\DKTDPRV.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System32\RSMdmMZ.exe
  C:\Windows\System32\RSMdmMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System32\vJICGjV.exe
  C:\Windows\System32\vJICGjV.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System32\wXJSQzM.exe
  C:\Windows\System32\wXJSQzM.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System32\jeinjnJ.exe
  C:\Windows\System32\jeinjnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System32\fvHDTAV.exe
  C:\Windows\System32\fvHDTAV.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System32\bXxknLI.exe
  C:\Windows\System32\bXxknLI.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System32\eLviMPq.exe
  C:\Windows\System32\eLviMPq.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System32\quMqZUw.exe
  C:\Windows\System32\quMqZUw.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System32\YxqeoGd.exe
  C:\Windows\System32\YxqeoGd.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System32\prOkQnS.exe
  C:\Windows\System32\prOkQnS.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System32\AZYtSwt.exe
  C:\Windows\System32\AZYtSwt.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System32\qeSqpGl.exe
  C:\Windows\System32\qeSqpGl.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System32\YCtJtTm.exe
  C:\Windows\System32\YCtJtTm.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System32\YvGFleu.exe
  C:\Windows\System32\YvGFleu.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System32\rZkVymq.exe
  C:\Windows\System32\rZkVymq.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System32\Ypwvhks.exe
  C:\Windows\System32\Ypwvhks.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System32\JXFNcmX.exe
  C:\Windows\System32\JXFNcmX.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System32\wrMjkQO.exe
  C:\Windows\System32\wrMjkQO.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System32\NejxSzH.exe
  C:\Windows\System32\NejxSzH.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System32\iUrdMhe.exe
  C:\Windows\System32\iUrdMhe.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System32\tUiJDhA.exe
  C:\Windows\System32\tUiJDhA.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System32\gOZXEPm.exe
  C:\Windows\System32\gOZXEPm.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\wyrMaSb.exe
  C:\Windows\System32\wyrMaSb.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System32\xkweqGc.exe
  C:\Windows\System32\xkweqGc.exe
  2⤵
  PID:3832
- C:\Windows\System32\zFVqVUp.exe
  C:\Windows\System32\zFVqVUp.exe
  2⤵
  PID:2800
- C:\Windows\System32\dIWGmkR.exe
  C:\Windows\System32\dIWGmkR.exe
  2⤵
  PID:516
- C:\Windows\System32\ByxMwCE.exe
  C:\Windows\System32\ByxMwCE.exe
  2⤵
  PID:228
- C:\Windows\System32\znshryl.exe
  C:\Windows\System32\znshryl.exe
  2⤵
  PID:448
- C:\Windows\System32\CqGYRTn.exe
  C:\Windows\System32\CqGYRTn.exe
  2⤵
  PID:1956
- C:\Windows\System32\LCAVBZh.exe
  C:\Windows\System32\LCAVBZh.exe
  2⤵
  PID:1044
- C:\Windows\System32\itKUjta.exe
  C:\Windows\System32\itKUjta.exe
  2⤵
  PID:5068
- C:\Windows\System32\ACiDRyP.exe
  C:\Windows\System32\ACiDRyP.exe
  2⤵
  PID:1508
- C:\Windows\System32\EfXaczc.exe
  C:\Windows\System32\EfXaczc.exe
  2⤵
  PID:372
- C:\Windows\System32\ITJwztG.exe
  C:\Windows\System32\ITJwztG.exe
  2⤵
  PID:3376
- C:\Windows\System32\eXmrAVG.exe
  C:\Windows\System32\eXmrAVG.exe
  2⤵
  PID:2712
- C:\Windows\System32\lODXRCI.exe
  C:\Windows\System32\lODXRCI.exe
  2⤵
  PID:3644
- C:\Windows\System32\ToqDSGA.exe
  C:\Windows\System32\ToqDSGA.exe
  2⤵
  PID:2216
- C:\Windows\System32\RXExIaX.exe
  C:\Windows\System32\RXExIaX.exe
  2⤵
  PID:4024
- C:\Windows\System32\upbUbom.exe
  C:\Windows\System32\upbUbom.exe
  2⤵
  PID:5052
- C:\Windows\System32\fFCfEay.exe
  C:\Windows\System32\fFCfEay.exe
  2⤵
  PID:5124
- C:\Windows\System32\TLJAJyH.exe
  C:\Windows\System32\TLJAJyH.exe
  2⤵
  PID:5156
- C:\Windows\System32\PyVbChU.exe
  C:\Windows\System32\PyVbChU.exe
  2⤵
  PID:5180
- C:\Windows\System32\SNyHsWp.exe
  C:\Windows\System32\SNyHsWp.exe
  2⤵
  PID:5208
- C:\Windows\System32\TQjeZfo.exe
  C:\Windows\System32\TQjeZfo.exe
  2⤵
  PID:5236
- C:\Windows\System32\MFmcUNm.exe
  C:\Windows\System32\MFmcUNm.exe
  2⤵
  PID:5264
- C:\Windows\System32\Llfxzxw.exe
  C:\Windows\System32\Llfxzxw.exe
  2⤵
  PID:5292
- C:\Windows\System32\XSBPnGH.exe
  C:\Windows\System32\XSBPnGH.exe
  2⤵
  PID:5320
- C:\Windows\System32\RaHGpys.exe
  C:\Windows\System32\RaHGpys.exe
  2⤵
  PID:5348
- C:\Windows\System32\CuyIxHf.exe
  C:\Windows\System32\CuyIxHf.exe
  2⤵
  PID:5376
- C:\Windows\System32\HbrDBEo.exe
  C:\Windows\System32\HbrDBEo.exe
  2⤵
  PID:5404
- C:\Windows\System32\MxLVcjT.exe
  C:\Windows\System32\MxLVcjT.exe
  2⤵
  PID:5428
- C:\Windows\System32\Qtsefex.exe
  C:\Windows\System32\Qtsefex.exe
  2⤵
  PID:5460
- C:\Windows\System32\QRiFdTI.exe
  C:\Windows\System32\QRiFdTI.exe
  2⤵
  PID:5484
- C:\Windows\System32\YXUnBLs.exe
  C:\Windows\System32\YXUnBLs.exe
  2⤵
  PID:5516
- C:\Windows\System32\IjbFpjK.exe
  C:\Windows\System32\IjbFpjK.exe
  2⤵
  PID:5544
- C:\Windows\System32\tKHvqDv.exe
  C:\Windows\System32\tKHvqDv.exe
  2⤵
  PID:5572
- C:\Windows\System32\HSsedaK.exe
  C:\Windows\System32\HSsedaK.exe
  2⤵
  PID:5600
- C:\Windows\System32\SrlzQYe.exe
  C:\Windows\System32\SrlzQYe.exe
  2⤵
  PID:5628
- C:\Windows\System32\avQldmY.exe
  C:\Windows\System32\avQldmY.exe
  2⤵
  PID:5656
- C:\Windows\System32\sStcdkE.exe
  C:\Windows\System32\sStcdkE.exe
  2⤵
  PID:5684
- C:\Windows\System32\SrQSdjL.exe
  C:\Windows\System32\SrQSdjL.exe
  2⤵
  PID:5708
- C:\Windows\System32\YKddLjj.exe
  C:\Windows\System32\YKddLjj.exe
  2⤵
  PID:5740
- C:\Windows\System32\bedhXdV.exe
  C:\Windows\System32\bedhXdV.exe
  2⤵
  PID:5768
- C:\Windows\System32\HPFqxwm.exe
  C:\Windows\System32\HPFqxwm.exe
  2⤵
  PID:5796
- C:\Windows\System32\DxboiSS.exe
  C:\Windows\System32\DxboiSS.exe
  2⤵
  PID:5816
- C:\Windows\System32\QEukniQ.exe
  C:\Windows\System32\QEukniQ.exe
  2⤵
  PID:5852
- C:\Windows\System32\FnQpfiH.exe
  C:\Windows\System32\FnQpfiH.exe
  2⤵
  PID:5880
- C:\Windows\System32\LBgmCVb.exe
  C:\Windows\System32\LBgmCVb.exe
  2⤵
  PID:5904
- C:\Windows\System32\iCHudld.exe
  C:\Windows\System32\iCHudld.exe
  2⤵
  PID:5932
- C:\Windows\System32\TwXGYLj.exe
  C:\Windows\System32\TwXGYLj.exe
  2⤵
  PID:5960
- C:\Windows\System32\HoyDqmr.exe
  C:\Windows\System32\HoyDqmr.exe
  2⤵
  PID:5988
- C:\Windows\System32\TmkkiqT.exe
  C:\Windows\System32\TmkkiqT.exe
  2⤵
  PID:6020
- C:\Windows\System32\NfinsAG.exe
  C:\Windows\System32\NfinsAG.exe
  2⤵
  PID:6048
- C:\Windows\System32\yOKccOP.exe
  C:\Windows\System32\yOKccOP.exe
  2⤵
  PID:6076
- C:\Windows\System32\oBnDPPj.exe
  C:\Windows\System32\oBnDPPj.exe
  2⤵
  PID:6132
- C:\Windows\System32\lUeiRuM.exe
  C:\Windows\System32\lUeiRuM.exe
  2⤵
  PID:3712
- C:\Windows\System32\AdHTeRs.exe
  C:\Windows\System32\AdHTeRs.exe
  2⤵
  PID:2892
- C:\Windows\System32\pjcFXEB.exe
  C:\Windows\System32\pjcFXEB.exe
  2⤵
  PID:3000
- C:\Windows\System32\CDLDqee.exe
  C:\Windows\System32\CDLDqee.exe
  2⤵
  PID:4896
- C:\Windows\System32\OjSPxsT.exe
  C:\Windows\System32\OjSPxsT.exe
  2⤵
  PID:4968
- C:\Windows\System32\xcmWwLJ.exe
  C:\Windows\System32\xcmWwLJ.exe
  2⤵
  PID:5176
- C:\Windows\System32\izouuNt.exe
  C:\Windows\System32\izouuNt.exe
  2⤵
  PID:5216
- C:\Windows\System32\JrGUEks.exe
  C:\Windows\System32\JrGUEks.exe
  2⤵
  PID:5256
- C:\Windows\System32\DIToHJo.exe
  C:\Windows\System32\DIToHJo.exe
  2⤵
  PID:3308
- C:\Windows\System32\voicTYX.exe
  C:\Windows\System32\voicTYX.exe
  2⤵
  PID:5368
- C:\Windows\System32\rXltqHe.exe
  C:\Windows\System32\rXltqHe.exe
  2⤵
  PID:5388
- C:\Windows\System32\ugagOCj.exe
  C:\Windows\System32\ugagOCj.exe
  2⤵
  PID:5436
- C:\Windows\System32\yPEqGXm.exe
  C:\Windows\System32\yPEqGXm.exe
  2⤵
  PID:5452
- C:\Windows\System32\TaYyzCT.exe
  C:\Windows\System32\TaYyzCT.exe
  2⤵
  PID:2316
- C:\Windows\System32\fPkDllS.exe
  C:\Windows\System32\fPkDllS.exe
  2⤵
  PID:5064
- C:\Windows\System32\xSAKKic.exe
  C:\Windows\System32\xSAKKic.exe
  2⤵
  PID:5668
- C:\Windows\System32\kDSOzdt.exe
  C:\Windows\System32\kDSOzdt.exe
  2⤵
  PID:5732
- C:\Windows\System32\TgRsFDY.exe
  C:\Windows\System32\TgRsFDY.exe
  2⤵
  PID:5808
- C:\Windows\System32\mZskQjA.exe
  C:\Windows\System32\mZskQjA.exe
  2⤵
  PID:5844
- C:\Windows\System32\PWXQBUU.exe
  C:\Windows\System32\PWXQBUU.exe
  2⤵
  PID:5872
- C:\Windows\System32\EcGRCmf.exe
  C:\Windows\System32\EcGRCmf.exe
  2⤵
  PID:4368
- C:\Windows\System32\UMYDXQA.exe
  C:\Windows\System32\UMYDXQA.exe
  2⤵
  PID:5996
- C:\Windows\System32\efRTbbA.exe
  C:\Windows\System32\efRTbbA.exe
  2⤵
  PID:6084
- C:\Windows\System32\AIrZdmk.exe
  C:\Windows\System32\AIrZdmk.exe
  2⤵
  PID:864
- C:\Windows\System32\IhOhFdk.exe
  C:\Windows\System32\IhOhFdk.exe
  2⤵
  PID:4516
- C:\Windows\System32\LrTkhxT.exe
  C:\Windows\System32\LrTkhxT.exe
  2⤵
  PID:4508
- C:\Windows\System32\FTNchFe.exe
  C:\Windows\System32\FTNchFe.exe
  2⤵
  PID:3456
- C:\Windows\System32\ZopBoWf.exe
  C:\Windows\System32\ZopBoWf.exe
  2⤵
  PID:5144
- C:\Windows\System32\bQGzSIt.exe
  C:\Windows\System32\bQGzSIt.exe
  2⤵
  PID:5396
- C:\Windows\System32\pSiYONS.exe
  C:\Windows\System32\pSiYONS.exe
  2⤵
  PID:2320
- C:\Windows\System32\sEaWiqb.exe
  C:\Windows\System32\sEaWiqb.exe
  2⤵
  PID:5332
- C:\Windows\System32\ufxDpRE.exe
  C:\Windows\System32\ufxDpRE.exe
  2⤵
  PID:5416
- C:\Windows\System32\kYdZbPz.exe
  C:\Windows\System32\kYdZbPz.exe
  2⤵
  PID:5468
- C:\Windows\System32\Azsvyzw.exe
  C:\Windows\System32\Azsvyzw.exe
  2⤵
  PID:2728
- C:\Windows\System32\tlPRQku.exe
  C:\Windows\System32\tlPRQku.exe
  2⤵
  PID:4488
- C:\Windows\System32\NTovYTs.exe
  C:\Windows\System32\NTovYTs.exe
  2⤵
  PID:5048
- C:\Windows\System32\lxidYxq.exe
  C:\Windows\System32\lxidYxq.exe
  2⤵
  PID:5976
- C:\Windows\System32\kUGyMrw.exe
  C:\Windows\System32\kUGyMrw.exe
  2⤵
  PID:2356
- C:\Windows\System32\ntGCmcq.exe
  C:\Windows\System32\ntGCmcq.exe
  2⤵
  PID:2192
- C:\Windows\System32\NfwTMpX.exe
  C:\Windows\System32\NfwTMpX.exe
  2⤵
  PID:5424
- C:\Windows\System32\tVkQXSk.exe
  C:\Windows\System32\tVkQXSk.exe
  2⤵
  PID:4484
- C:\Windows\System32\DlPfjcl.exe
  C:\Windows\System32\DlPfjcl.exe
  2⤵
  PID:2092
- C:\Windows\System32\WzgOzvB.exe
  C:\Windows\System32\WzgOzvB.exe
  2⤵
  PID:2868
- C:\Windows\System32\vfwlhlp.exe
  C:\Windows\System32\vfwlhlp.exe
  2⤵
  PID:1204
- C:\Windows\System32\FjkQyTR.exe
  C:\Windows\System32\FjkQyTR.exe
  2⤵
  PID:4360
- C:\Windows\System32\LvYAzhf.exe
  C:\Windows\System32\LvYAzhf.exe
  2⤵
  PID:5608
- C:\Windows\System32\EzEqIKd.exe
  C:\Windows\System32\EzEqIKd.exe
  2⤵
  PID:1460
- C:\Windows\System32\caSlrWw.exe
  C:\Windows\System32\caSlrWw.exe
  2⤵
  PID:4568
- C:\Windows\System32\zrWpcpb.exe
  C:\Windows\System32\zrWpcpb.exe
  2⤵
  PID:5864
- C:\Windows\System32\uUjbNQR.exe
  C:\Windows\System32\uUjbNQR.exe
  2⤵
  PID:6164
- C:\Windows\System32\oiPcUDw.exe
  C:\Windows\System32\oiPcUDw.exe
  2⤵
  PID:6188
- C:\Windows\System32\NLPsrJk.exe
  C:\Windows\System32\NLPsrJk.exe
  2⤵
  PID:6208
- C:\Windows\System32\sNOcsWN.exe
  C:\Windows\System32\sNOcsWN.exe
  2⤵
  PID:6248
- C:\Windows\System32\abfZMay.exe
  C:\Windows\System32\abfZMay.exe
  2⤵
  PID:6292
- C:\Windows\System32\AWAXuHJ.exe
  C:\Windows\System32\AWAXuHJ.exe
  2⤵
  PID:6328
- C:\Windows\System32\zQrGTQo.exe
  C:\Windows\System32\zQrGTQo.exe
  2⤵
  PID:6372
- C:\Windows\System32\WIYKCZo.exe
  C:\Windows\System32\WIYKCZo.exe
  2⤵
  PID:6396
- C:\Windows\System32\WGGmume.exe
  C:\Windows\System32\WGGmume.exe
  2⤵
  PID:6416
- C:\Windows\System32\SnLjVFH.exe
  C:\Windows\System32\SnLjVFH.exe
  2⤵
  PID:6448
- C:\Windows\System32\xtigmnD.exe
  C:\Windows\System32\xtigmnD.exe
  2⤵
  PID:6468
- C:\Windows\System32\WUTpkAK.exe
  C:\Windows\System32\WUTpkAK.exe
  2⤵
  PID:6488
- C:\Windows\System32\CebxFYu.exe
  C:\Windows\System32\CebxFYu.exe
  2⤵
  PID:6516
- C:\Windows\System32\EQwpZIb.exe
  C:\Windows\System32\EQwpZIb.exe
  2⤵
  PID:6540
- C:\Windows\System32\rjGsQFn.exe
  C:\Windows\System32\rjGsQFn.exe
  2⤵
  PID:6560
- C:\Windows\System32\YdWNGBB.exe
  C:\Windows\System32\YdWNGBB.exe
  2⤵
  PID:6608
- C:\Windows\System32\LCxozDj.exe
  C:\Windows\System32\LCxozDj.exe
  2⤵
  PID:6628
- C:\Windows\System32\ccxMaVh.exe
  C:\Windows\System32\ccxMaVh.exe
  2⤵
  PID:6648
- C:\Windows\System32\lwqWdUF.exe
  C:\Windows\System32\lwqWdUF.exe
  2⤵
  PID:6668
- C:\Windows\System32\XmPtCoc.exe
  C:\Windows\System32\XmPtCoc.exe
  2⤵
  PID:6696
- C:\Windows\System32\OQJguiJ.exe
  C:\Windows\System32\OQJguiJ.exe
  2⤵
  PID:6724
- C:\Windows\System32\wbVnKFw.exe
  C:\Windows\System32\wbVnKFw.exe
  2⤵
  PID:6764
- C:\Windows\System32\jmVWxMv.exe
  C:\Windows\System32\jmVWxMv.exe
  2⤵
  PID:6800
- C:\Windows\System32\QorwHmt.exe
  C:\Windows\System32\QorwHmt.exe
  2⤵
  PID:6816
- C:\Windows\System32\zBwVGDe.exe
  C:\Windows\System32\zBwVGDe.exe
  2⤵
  PID:6840
- C:\Windows\System32\wqAWkng.exe
  C:\Windows\System32\wqAWkng.exe
  2⤵
  PID:6876
- C:\Windows\System32\npmIdoe.exe
  C:\Windows\System32\npmIdoe.exe
  2⤵
  PID:6892
- C:\Windows\System32\CfgNHAl.exe
  C:\Windows\System32\CfgNHAl.exe
  2⤵
  PID:6952
- C:\Windows\System32\jPYKKdZ.exe
  C:\Windows\System32\jPYKKdZ.exe
  2⤵
  PID:6984
- C:\Windows\System32\SqDgScG.exe
  C:\Windows\System32\SqDgScG.exe
  2⤵
  PID:7000
- C:\Windows\System32\iAGKgVx.exe
  C:\Windows\System32\iAGKgVx.exe
  2⤵
  PID:7032
- C:\Windows\System32\ZeZKpBD.exe
  C:\Windows\System32\ZeZKpBD.exe
  2⤵
  PID:7056
- C:\Windows\System32\jzfCqEO.exe
  C:\Windows\System32\jzfCqEO.exe
  2⤵
  PID:7076
- C:\Windows\System32\zaPePVU.exe
  C:\Windows\System32\zaPePVU.exe
  2⤵
  PID:7100
- C:\Windows\System32\xqyxVNw.exe
  C:\Windows\System32\xqyxVNw.exe
  2⤵
  PID:7116
- C:\Windows\System32\bvFrLeU.exe
  C:\Windows\System32\bvFrLeU.exe
  2⤵
  PID:7148
- C:\Windows\System32\AMDEYKz.exe
  C:\Windows\System32\AMDEYKz.exe
  2⤵
  PID:6012
- C:\Windows\System32\oHWCanB.exe
  C:\Windows\System32\oHWCanB.exe
  2⤵
  PID:6232
- C:\Windows\System32\gPIlvKr.exe
  C:\Windows\System32\gPIlvKr.exe
  2⤵
  PID:6272
- C:\Windows\System32\IIebftH.exe
  C:\Windows\System32\IIebftH.exe
  2⤵
  PID:6392
- C:\Windows\System32\McQkxUm.exe
  C:\Windows\System32\McQkxUm.exe
  2⤵
  PID:6388
- C:\Windows\System32\iUhrzYL.exe
  C:\Windows\System32\iUhrzYL.exe
  2⤵
  PID:6460
- C:\Windows\System32\JXwabOn.exe
  C:\Windows\System32\JXwabOn.exe
  2⤵
  PID:6496
- C:\Windows\System32\NtMxkWV.exe
  C:\Windows\System32\NtMxkWV.exe
  2⤵
  PID:6528
- C:\Windows\System32\iTLYRGr.exe
  C:\Windows\System32\iTLYRGr.exe
  2⤵
  PID:6688
- C:\Windows\System32\CykxRot.exe
  C:\Windows\System32\CykxRot.exe
  2⤵
  PID:6756
- C:\Windows\System32\AMvJibA.exe
  C:\Windows\System32\AMvJibA.exe
  2⤵
  PID:6812
- C:\Windows\System32\FjpRQcA.exe
  C:\Windows\System32\FjpRQcA.exe
  2⤵
  PID:6808
- C:\Windows\System32\mqxmXkc.exe
  C:\Windows\System32\mqxmXkc.exe
  2⤵
  PID:6912
- C:\Windows\System32\RnFzxot.exe
  C:\Windows\System32\RnFzxot.exe
  2⤵
  PID:7012
- C:\Windows\System32\IwItQRM.exe
  C:\Windows\System32\IwItQRM.exe
  2⤵
  PID:5228
- C:\Windows\System32\DipjLuB.exe
  C:\Windows\System32\DipjLuB.exe
  2⤵
  PID:7144
- C:\Windows\System32\WqDESAU.exe
  C:\Windows\System32\WqDESAU.exe
  2⤵
  PID:7160
- C:\Windows\System32\HHVHpWE.exe
  C:\Windows\System32\HHVHpWE.exe
  2⤵
  PID:6264
- C:\Windows\System32\oXAVoQY.exe
  C:\Windows\System32\oXAVoQY.exe
  2⤵
  PID:6464
- C:\Windows\System32\ilxqYwT.exe
  C:\Windows\System32\ilxqYwT.exe
  2⤵
  PID:6704
- C:\Windows\System32\ccTYsdW.exe
  C:\Windows\System32\ccTYsdW.exe
  2⤵
  PID:6872
- C:\Windows\System32\HtbsVLP.exe
  C:\Windows\System32\HtbsVLP.exe
  2⤵
  PID:6936
- C:\Windows\System32\vpHGSmY.exe
  C:\Windows\System32\vpHGSmY.exe
  2⤵
  PID:4364
- C:\Windows\System32\MqLwDAI.exe
  C:\Windows\System32\MqLwDAI.exe
  2⤵
  PID:5968
- C:\Windows\System32\bIdirNu.exe
  C:\Windows\System32\bIdirNu.exe
  2⤵
  PID:6364
- C:\Windows\System32\fCzhqqW.exe
  C:\Windows\System32\fCzhqqW.exe
  2⤵
  PID:6888
- C:\Windows\System32\lCPOlhG.exe
  C:\Windows\System32\lCPOlhG.exe
  2⤵
  PID:668
- C:\Windows\System32\OMIiVtJ.exe
  C:\Windows\System32\OMIiVtJ.exe
  2⤵
  PID:6660
- C:\Windows\System32\ZZtfmED.exe
  C:\Windows\System32\ZZtfmED.exe
  2⤵
  PID:7184
- C:\Windows\System32\OzTRJGv.exe
  C:\Windows\System32\OzTRJGv.exe
  2⤵
  PID:7224
- C:\Windows\System32\XjbgMTu.exe
  C:\Windows\System32\XjbgMTu.exe
  2⤵
  PID:7252
- C:\Windows\System32\AdHFnzB.exe
  C:\Windows\System32\AdHFnzB.exe
  2⤵
  PID:7272
- C:\Windows\System32\sdNKwsI.exe
  C:\Windows\System32\sdNKwsI.exe
  2⤵
  PID:7300
- C:\Windows\System32\ArgLbWe.exe
  C:\Windows\System32\ArgLbWe.exe
  2⤵
  PID:7324
- C:\Windows\System32\cHdCDSR.exe
  C:\Windows\System32\cHdCDSR.exe
  2⤵
  PID:7340
- C:\Windows\System32\SLYbuqs.exe
  C:\Windows\System32\SLYbuqs.exe
  2⤵
  PID:7388
- C:\Windows\System32\NkQVkDI.exe
  C:\Windows\System32\NkQVkDI.exe
  2⤵
  PID:7428
- C:\Windows\System32\KfDnuYp.exe
  C:\Windows\System32\KfDnuYp.exe
  2⤵
  PID:7496
- C:\Windows\System32\KSTlUqm.exe
  C:\Windows\System32\KSTlUqm.exe
  2⤵
  PID:7512
- C:\Windows\System32\TvVZKBv.exe
  C:\Windows\System32\TvVZKBv.exe
  2⤵
  PID:7540
- C:\Windows\System32\DTWEVKx.exe
  C:\Windows\System32\DTWEVKx.exe
  2⤵
  PID:7568
- C:\Windows\System32\NenKVPj.exe
  C:\Windows\System32\NenKVPj.exe
  2⤵
  PID:7592
- C:\Windows\System32\kOkfFYs.exe
  C:\Windows\System32\kOkfFYs.exe
  2⤵
  PID:7612
- C:\Windows\System32\nKVWStq.exe
  C:\Windows\System32\nKVWStq.exe
  2⤵
  PID:7652
- C:\Windows\System32\kwyAxsD.exe
  C:\Windows\System32\kwyAxsD.exe
  2⤵
  PID:7680
- C:\Windows\System32\lTpiqnq.exe
  C:\Windows\System32\lTpiqnq.exe
  2⤵
  PID:7708
- C:\Windows\System32\ndPaKbX.exe
  C:\Windows\System32\ndPaKbX.exe
  2⤵
  PID:7724
- C:\Windows\System32\ikwWbzG.exe
  C:\Windows\System32\ikwWbzG.exe
  2⤵
  PID:7752
- C:\Windows\System32\ycVSDVF.exe
  C:\Windows\System32\ycVSDVF.exe
  2⤵
  PID:7772
- C:\Windows\System32\LLWkYid.exe
  C:\Windows\System32\LLWkYid.exe
  2⤵
  PID:7796
- C:\Windows\System32\zHaLXca.exe
  C:\Windows\System32\zHaLXca.exe
  2⤵
  PID:7824
- C:\Windows\System32\VHhVCxl.exe
  C:\Windows\System32\VHhVCxl.exe
  2⤵
  PID:7864
- C:\Windows\System32\pJKVuly.exe
  C:\Windows\System32\pJKVuly.exe
  2⤵
  PID:7892
- C:\Windows\System32\TvXBzue.exe
  C:\Windows\System32\TvXBzue.exe
  2⤵
  PID:7924
- C:\Windows\System32\RJQRGLk.exe
  C:\Windows\System32\RJQRGLk.exe
  2⤵
  PID:7964
- C:\Windows\System32\rNHWrwo.exe
  C:\Windows\System32\rNHWrwo.exe
  2⤵
  PID:7992
- C:\Windows\System32\DgGmUqe.exe
  C:\Windows\System32\DgGmUqe.exe
  2⤵
  PID:8008
- C:\Windows\System32\gtwiBwF.exe
  C:\Windows\System32\gtwiBwF.exe
  2⤵
  PID:8028
- C:\Windows\System32\hEKBaFL.exe
  C:\Windows\System32\hEKBaFL.exe
  2⤵
  PID:8060
- C:\Windows\System32\yhaolUR.exe
  C:\Windows\System32\yhaolUR.exe
  2⤵
  PID:8088
- C:\Windows\System32\kXtfWsh.exe
  C:\Windows\System32\kXtfWsh.exe
  2⤵
  PID:8104
- C:\Windows\System32\RghGamy.exe
  C:\Windows\System32\RghGamy.exe
  2⤵
  PID:8136
- C:\Windows\System32\PqabPco.exe
  C:\Windows\System32\PqabPco.exe
  2⤵
  PID:8168
- C:\Windows\System32\TMsicZq.exe
  C:\Windows\System32\TMsicZq.exe
  2⤵
  PID:6980
- C:\Windows\System32\RQzJXHG.exe
  C:\Windows\System32\RQzJXHG.exe
  2⤵
  PID:7208
- C:\Windows\System32\nqMaqIB.exe
  C:\Windows\System32\nqMaqIB.exe
  2⤵
  PID:7284
- C:\Windows\System32\JnLMlKz.exe
  C:\Windows\System32\JnLMlKz.exe
  2⤵
  PID:7360
- C:\Windows\System32\IabCLYV.exe
  C:\Windows\System32\IabCLYV.exe
  2⤵
  PID:7308
- C:\Windows\System32\MXITgav.exe
  C:\Windows\System32\MXITgav.exe
  2⤵
  PID:7488
- C:\Windows\System32\SrUYoqJ.exe
  C:\Windows\System32\SrUYoqJ.exe
  2⤵
  PID:7508
- C:\Windows\System32\wWYtJvy.exe
  C:\Windows\System32\wWYtJvy.exe
  2⤵
  PID:7560
- C:\Windows\System32\tjaylzK.exe
  C:\Windows\System32\tjaylzK.exe
  2⤵
  PID:7620
- C:\Windows\System32\jRqZqgM.exe
  C:\Windows\System32\jRqZqgM.exe
  2⤵
  PID:7664
- C:\Windows\System32\vcUBKQW.exe
  C:\Windows\System32\vcUBKQW.exe
  2⤵
  PID:7736
- C:\Windows\System32\gaxGPuC.exe
  C:\Windows\System32\gaxGPuC.exe
  2⤵
  PID:7780
- C:\Windows\System32\uVFSHfE.exe
  C:\Windows\System32\uVFSHfE.exe
  2⤵
  PID:7856
- C:\Windows\System32\WQOCYFI.exe
  C:\Windows\System32\WQOCYFI.exe
  2⤵
  PID:7936
- C:\Windows\System32\UjzprKQ.exe
  C:\Windows\System32\UjzprKQ.exe
  2⤵
  PID:8024
- C:\Windows\System32\DhKbiZA.exe
  C:\Windows\System32\DhKbiZA.exe
  2⤵
  PID:8068
- C:\Windows\System32\LkTvaMa.exe
  C:\Windows\System32\LkTvaMa.exe
  2⤵
  PID:8112
- C:\Windows\System32\xIpepzL.exe
  C:\Windows\System32\xIpepzL.exe
  2⤵
  PID:8180
- C:\Windows\System32\nYdAOmp.exe
  C:\Windows\System32\nYdAOmp.exe
  2⤵
  PID:7216
- C:\Windows\System32\pcPgAhW.exe
  C:\Windows\System32\pcPgAhW.exe
  2⤵
  PID:7336
- C:\Windows\System32\jkMZkog.exe
  C:\Windows\System32\jkMZkog.exe
  2⤵
  PID:7552
- C:\Windows\System32\bwCPaJV.exe
  C:\Windows\System32\bwCPaJV.exe
  2⤵
  PID:7624
- C:\Windows\System32\VcUtIKu.exe
  C:\Windows\System32\VcUtIKu.exe
  2⤵
  PID:7136
- C:\Windows\System32\ioATebB.exe
  C:\Windows\System32\ioATebB.exe
  2⤵
  PID:7888
- C:\Windows\System32\gfyLkUd.exe
  C:\Windows\System32\gfyLkUd.exe
  2⤵
  PID:8000
- C:\Windows\System32\HAnhevg.exe
  C:\Windows\System32\HAnhevg.exe
  2⤵
  PID:8184
- C:\Windows\System32\Gggpjrr.exe
  C:\Windows\System32\Gggpjrr.exe
  2⤵
  PID:1668
- C:\Windows\System32\HVIPHoc.exe
  C:\Windows\System32\HVIPHoc.exe
  2⤵
  PID:7372
- C:\Windows\System32\WMncgmf.exe
  C:\Windows\System32\WMncgmf.exe
  2⤵
  PID:7584
- C:\Windows\System32\NxmOWIj.exe
  C:\Windows\System32\NxmOWIj.exe
  2⤵
  PID:8200
- C:\Windows\System32\iOzlqRr.exe
  C:\Windows\System32\iOzlqRr.exe
  2⤵
  PID:8220
- C:\Windows\System32\hDTcvfD.exe
  C:\Windows\System32\hDTcvfD.exe
  2⤵
  PID:8236
- C:\Windows\System32\pnDgKQN.exe
  C:\Windows\System32\pnDgKQN.exe
  2⤵
  PID:8300
- C:\Windows\System32\jPXoGPS.exe
  C:\Windows\System32\jPXoGPS.exe
  2⤵
  PID:8320
- C:\Windows\System32\QNAPGWy.exe
  C:\Windows\System32\QNAPGWy.exe
  2⤵
  PID:8372
- C:\Windows\System32\zoeoXkM.exe
  C:\Windows\System32\zoeoXkM.exe
  2⤵
  PID:8408
- C:\Windows\System32\GBeILVQ.exe
  C:\Windows\System32\GBeILVQ.exe
  2⤵
  PID:8440
- C:\Windows\System32\RHqHurX.exe
  C:\Windows\System32\RHqHurX.exe
  2⤵
  PID:8460
- C:\Windows\System32\NBJhYan.exe
  C:\Windows\System32\NBJhYan.exe
  2⤵
  PID:8488
- C:\Windows\System32\UvVYtad.exe
  C:\Windows\System32\UvVYtad.exe
  2⤵
  PID:8512
- C:\Windows\System32\ywzXDSM.exe
  C:\Windows\System32\ywzXDSM.exe
  2⤵
  PID:8528
- C:\Windows\System32\FZVPUpP.exe
  C:\Windows\System32\FZVPUpP.exe
  2⤵
  PID:8556
- C:\Windows\System32\bPbNXsV.exe
  C:\Windows\System32\bPbNXsV.exe
  2⤵
  PID:8612
- C:\Windows\System32\LLZZOpW.exe
  C:\Windows\System32\LLZZOpW.exe
  2⤵
  PID:8640
- C:\Windows\System32\HqsqzGS.exe
  C:\Windows\System32\HqsqzGS.exe
  2⤵
  PID:8672
- C:\Windows\System32\AIZdGNo.exe
  C:\Windows\System32\AIZdGNo.exe
  2⤵
  PID:8696
- C:\Windows\System32\lrIfFLw.exe
  C:\Windows\System32\lrIfFLw.exe
  2⤵
  PID:8716
- C:\Windows\System32\WlBSBEw.exe
  C:\Windows\System32\WlBSBEw.exe
  2⤵
  PID:8740
- C:\Windows\System32\nTfWEPJ.exe
  C:\Windows\System32\nTfWEPJ.exe
  2⤵
  PID:8756
- C:\Windows\System32\DnxRpXM.exe
  C:\Windows\System32\DnxRpXM.exe
  2⤵
  PID:8776
- C:\Windows\System32\VWBZQsa.exe
  C:\Windows\System32\VWBZQsa.exe
  2⤵
  PID:8800
- C:\Windows\System32\WdHmZoD.exe
  C:\Windows\System32\WdHmZoD.exe
  2⤵
  PID:8828
- C:\Windows\System32\mbEWuBY.exe
  C:\Windows\System32\mbEWuBY.exe
  2⤵
  PID:8848
- C:\Windows\System32\BRfbOPE.exe
  C:\Windows\System32\BRfbOPE.exe
  2⤵
  PID:8868
- C:\Windows\System32\cdEjpZS.exe
  C:\Windows\System32\cdEjpZS.exe
  2⤵
  PID:8884
- C:\Windows\System32\byizdsF.exe
  C:\Windows\System32\byizdsF.exe
  2⤵
  PID:8948
- C:\Windows\System32\HEiuAYx.exe
  C:\Windows\System32\HEiuAYx.exe
  2⤵
  PID:8984
- C:\Windows\System32\cURkvAl.exe
  C:\Windows\System32\cURkvAl.exe
  2⤵
  PID:9016
- C:\Windows\System32\vbtYPrn.exe
  C:\Windows\System32\vbtYPrn.exe
  2⤵
  PID:9032
- C:\Windows\System32\WVaXwHm.exe
  C:\Windows\System32\WVaXwHm.exe
  2⤵
  PID:9056
- C:\Windows\System32\ojbqMwe.exe
  C:\Windows\System32\ojbqMwe.exe
  2⤵
  PID:9096
- C:\Windows\System32\gmJjDkq.exe
  C:\Windows\System32\gmJjDkq.exe
  2⤵
  PID:9124
- C:\Windows\System32\qwaxBCI.exe
  C:\Windows\System32\qwaxBCI.exe
  2⤵
  PID:9152
- C:\Windows\System32\tFLpkwn.exe
  C:\Windows\System32\tFLpkwn.exe
  2⤵
  PID:9188
- C:\Windows\System32\ailRNsm.exe
  C:\Windows\System32\ailRNsm.exe
  2⤵
  PID:7948
- C:\Windows\System32\uTwPkJb.exe
  C:\Windows\System32\uTwPkJb.exe
  2⤵
  PID:7744
- C:\Windows\System32\xOEfIHk.exe
  C:\Windows\System32\xOEfIHk.exe
  2⤵
  PID:8232
- C:\Windows\System32\tAWeXRI.exe
  C:\Windows\System32\tAWeXRI.exe
  2⤵
  PID:8500
- C:\Windows\System32\IMBhdry.exe
  C:\Windows\System32\IMBhdry.exe
  2⤵
  PID:8564
- C:\Windows\System32\ZvOooEN.exe
  C:\Windows\System32\ZvOooEN.exe
  2⤵
  PID:8588
- C:\Windows\System32\sQyTacg.exe
  C:\Windows\System32\sQyTacg.exe
  2⤵
  PID:8636
- C:\Windows\System32\AwYvYzg.exe
  C:\Windows\System32\AwYvYzg.exe
  2⤵
  PID:8652
- C:\Windows\System32\LLzxPLt.exe
  C:\Windows\System32\LLzxPLt.exe
  2⤵
  PID:8732
- C:\Windows\System32\YyGyRwL.exe
  C:\Windows\System32\YyGyRwL.exe
  2⤵
  PID:8808
- C:\Windows\System32\thtFNqu.exe
  C:\Windows\System32\thtFNqu.exe
  2⤵
  PID:8752
- C:\Windows\System32\ORqhwPE.exe
  C:\Windows\System32\ORqhwPE.exe
  2⤵
  PID:8812
- C:\Windows\System32\sQbXrvM.exe
  C:\Windows\System32\sQbXrvM.exe
  2⤵
  PID:8864
- C:\Windows\System32\pGtlSSW.exe
  C:\Windows\System32\pGtlSSW.exe
  2⤵
  PID:8876
- C:\Windows\System32\ssAIMFl.exe
  C:\Windows\System32\ssAIMFl.exe
  2⤵
  PID:8920
- C:\Windows\System32\COEFWHX.exe
  C:\Windows\System32\COEFWHX.exe
  2⤵
  PID:8932
- C:\Windows\System32\xwESVcE.exe
  C:\Windows\System32\xwESVcE.exe
  2⤵
  PID:9044
- C:\Windows\System32\kJNqTjS.exe
  C:\Windows\System32\kJNqTjS.exe
  2⤵
  PID:9144
- C:\Windows\System32\ARXCtAF.exe
  C:\Windows\System32\ARXCtAF.exe
  2⤵
  PID:8228
- C:\Windows\System32\pfibcrZ.exe
  C:\Windows\System32\pfibcrZ.exe
  2⤵
  PID:4300
- C:\Windows\System32\AvTpFBd.exe
  C:\Windows\System32\AvTpFBd.exe
  2⤵
  PID:8364
- C:\Windows\System32\sVhJoRu.exe
  C:\Windows\System32\sVhJoRu.exe
  2⤵
  PID:8960
- C:\Windows\System32\RhegORa.exe
  C:\Windows\System32\RhegORa.exe
  2⤵
  PID:8928
- C:\Windows\System32\uuhxwnG.exe
  C:\Windows\System32\uuhxwnG.exe
  2⤵
  PID:8332
- C:\Windows\System32\PtrENci.exe
  C:\Windows\System32\PtrENci.exe
  2⤵
  PID:8548
- C:\Windows\System32\gUXtneS.exe
  C:\Windows\System32\gUXtneS.exe
  2⤵
  PID:8360
- C:\Windows\System32\AGKGVSf.exe
  C:\Windows\System32\AGKGVSf.exe
  2⤵
  PID:9088
- C:\Windows\System32\fxvmZvA.exe
  C:\Windows\System32\fxvmZvA.exe
  2⤵
  PID:9024
- C:\Windows\System32\ZdjmxRv.exe
  C:\Windows\System32\ZdjmxRv.exe
  2⤵
  PID:9224
- C:\Windows\System32\UKueTzE.exe
  C:\Windows\System32\UKueTzE.exe
  2⤵
  PID:9240
- C:\Windows\System32\rvtTvjk.exe
  C:\Windows\System32\rvtTvjk.exe
  2⤵
  PID:9264
- C:\Windows\System32\LuFUxIc.exe
  C:\Windows\System32\LuFUxIc.exe
  2⤵
  PID:9284
- C:\Windows\System32\teymJhf.exe
  C:\Windows\System32\teymJhf.exe
  2⤵
  PID:9320
- C:\Windows\System32\ysvmuUY.exe
  C:\Windows\System32\ysvmuUY.exe
  2⤵
  PID:9336
- C:\Windows\System32\tpSQQQp.exe
  C:\Windows\System32\tpSQQQp.exe
  2⤵
  PID:9368
- C:\Windows\System32\ozWiThb.exe
  C:\Windows\System32\ozWiThb.exe
  2⤵
  PID:9420
- C:\Windows\System32\nPxOCmm.exe
  C:\Windows\System32\nPxOCmm.exe
  2⤵
  PID:9436
- C:\Windows\System32\osukUmw.exe
  C:\Windows\System32\osukUmw.exe
  2⤵
  PID:9472
- C:\Windows\System32\CdHGtfT.exe
  C:\Windows\System32\CdHGtfT.exe
  2⤵
  PID:9500
- C:\Windows\System32\OrBPLom.exe
  C:\Windows\System32\OrBPLom.exe
  2⤵
  PID:9524
- C:\Windows\System32\QXvchrb.exe
  C:\Windows\System32\QXvchrb.exe
  2⤵
  PID:9556
- C:\Windows\System32\GiyTopg.exe
  C:\Windows\System32\GiyTopg.exe
  2⤵
  PID:9580
- C:\Windows\System32\RpQjvmz.exe
  C:\Windows\System32\RpQjvmz.exe
  2⤵
  PID:9604
- C:\Windows\System32\wFaSwrF.exe
  C:\Windows\System32\wFaSwrF.exe
  2⤵
  PID:9628
- C:\Windows\System32\iewIDxK.exe
  C:\Windows\System32\iewIDxK.exe
  2⤵
  PID:9664
- C:\Windows\System32\RCAqsNe.exe
  C:\Windows\System32\RCAqsNe.exe
  2⤵
  PID:9708
- C:\Windows\System32\WZXCMQk.exe
  C:\Windows\System32\WZXCMQk.exe
  2⤵
  PID:9728
- C:\Windows\System32\qifvSmA.exe
  C:\Windows\System32\qifvSmA.exe
  2⤵
  PID:9752
- C:\Windows\System32\HLSFSNZ.exe
  C:\Windows\System32\HLSFSNZ.exe
  2⤵
  PID:9792
- C:\Windows\System32\YWnEaGG.exe
  C:\Windows\System32\YWnEaGG.exe
  2⤵
  PID:9808
- C:\Windows\System32\gRyXSVp.exe
  C:\Windows\System32\gRyXSVp.exe
  2⤵
  PID:9836
- C:\Windows\System32\CZPoTXZ.exe
  C:\Windows\System32\CZPoTXZ.exe
  2⤵
  PID:9868
- C:\Windows\System32\zVVYZjj.exe
  C:\Windows\System32\zVVYZjj.exe
  2⤵
  PID:9896
- C:\Windows\System32\IEfVGZC.exe
  C:\Windows\System32\IEfVGZC.exe
  2⤵
  PID:9920
- C:\Windows\System32\MBFIAQn.exe
  C:\Windows\System32\MBFIAQn.exe
  2⤵
  PID:9940
- C:\Windows\System32\hFWJCyF.exe
  C:\Windows\System32\hFWJCyF.exe
  2⤵
  PID:9964
- C:\Windows\System32\RRzghTE.exe
  C:\Windows\System32\RRzghTE.exe
  2⤵
  PID:9984
- C:\Windows\System32\IYdhtUJ.exe
  C:\Windows\System32\IYdhtUJ.exe
  2⤵
  PID:10008
- C:\Windows\System32\qpnLqSJ.exe
  C:\Windows\System32\qpnLqSJ.exe
  2⤵
  PID:10028
- C:\Windows\System32\KoxrLGG.exe
  C:\Windows\System32\KoxrLGG.exe
  2⤵
  PID:10056
- C:\Windows\System32\txSVEVa.exe
  C:\Windows\System32\txSVEVa.exe
  2⤵
  PID:10080
- C:\Windows\System32\ySdJPnP.exe
  C:\Windows\System32\ySdJPnP.exe
  2⤵
  PID:10108
- C:\Windows\System32\FRaHAHo.exe
  C:\Windows\System32\FRaHAHo.exe
  2⤵
  PID:10128
- C:\Windows\System32\DMVguyR.exe
  C:\Windows\System32\DMVguyR.exe
  2⤵
  PID:10144
- C:\Windows\System32\zmpOvXy.exe
  C:\Windows\System32\zmpOvXy.exe
  2⤵
  PID:10180
- C:\Windows\System32\GyresoQ.exe
  C:\Windows\System32\GyresoQ.exe
  2⤵
  PID:10220
- C:\Windows\System32\QAYUNQj.exe
  C:\Windows\System32\QAYUNQj.exe
  2⤵
  PID:10236
- C:\Windows\System32\PIzTJYa.exe
  C:\Windows\System32\PIzTJYa.exe
  2⤵
  PID:8244
- C:\Windows\System32\tyJtdle.exe
  C:\Windows\System32\tyJtdle.exe
  2⤵
  PID:9828
- C:\Windows\System32\VZAYACI.exe
  C:\Windows\System32\VZAYACI.exe
  2⤵
  PID:9848
- C:\Windows\System32\kXQqbts.exe
  C:\Windows\System32\kXQqbts.exe
  2⤵
  PID:9948
- C:\Windows\System32\MKbeazt.exe
  C:\Windows\System32\MKbeazt.exe
  2⤵
  PID:10000
- C:\Windows\System32\MAnzlYs.exe
  C:\Windows\System32\MAnzlYs.exe
  2⤵
  PID:10024
- C:\Windows\System32\qjMMrpC.exe
  C:\Windows\System32\qjMMrpC.exe
  2⤵
  PID:10068
- C:\Windows\System32\fCyiGtB.exe
  C:\Windows\System32\fCyiGtB.exe
  2⤵
  PID:10104
- C:\Windows\System32\ebePFdQ.exe
  C:\Windows\System32\ebePFdQ.exe
  2⤵
  PID:9328
- C:\Windows\System32\pmSReRb.exe
  C:\Windows\System32\pmSReRb.exe
  2⤵
  PID:9492
- C:\Windows\System32\lbfjYiV.exe
  C:\Windows\System32\lbfjYiV.exe
  2⤵
  PID:9564
- C:\Windows\System32\fHkblrH.exe
  C:\Windows\System32\fHkblrH.exe
  2⤵
  PID:9616
- C:\Windows\System32\BabosKw.exe
  C:\Windows\System32\BabosKw.exe
  2⤵
  PID:9684
- C:\Windows\System32\htREhBm.exe
  C:\Windows\System32\htREhBm.exe
  2⤵
  PID:9748
- C:\Windows\System32\XuJJTFv.exe
  C:\Windows\System32\XuJJTFv.exe
  2⤵
  PID:9260
- C:\Windows\System32\FlahWLl.exe
  C:\Windows\System32\FlahWLl.exe
  2⤵
  PID:9908
- C:\Windows\System32\OInkMMq.exe
  C:\Windows\System32\OInkMMq.exe
  2⤵
  PID:9936
- C:\Windows\System32\ZKIBNQl.exe
  C:\Windows\System32\ZKIBNQl.exe
  2⤵
  PID:9996
- C:\Windows\System32\ERXOaoj.exe
  C:\Windows\System32\ERXOaoj.exe
  2⤵
  PID:9332
- C:\Windows\System32\cYWKNbY.exe
  C:\Windows\System32\cYWKNbY.exe
  2⤵
  PID:9444
- C:\Windows\System32\OknrkAW.exe
  C:\Windows\System32\OknrkAW.exe
  2⤵
  PID:9740
- C:\Windows\System32\QlwwuzB.exe
  C:\Windows\System32\QlwwuzB.exe
  2⤵
  PID:9300
- C:\Windows\System32\oEjxujK.exe
  C:\Windows\System32\oEjxujK.exe
  2⤵
  PID:10196
- C:\Windows\System32\PIJvKny.exe
  C:\Windows\System32\PIJvKny.exe
  2⤵
  PID:9592
- C:\Windows\System32\qeWEkRV.exe
  C:\Windows\System32\qeWEkRV.exe
  2⤵
  PID:9976
- C:\Windows\System32\BQIVcNT.exe
  C:\Windows\System32\BQIVcNT.exe
  2⤵
  PID:9880
- C:\Windows\System32\xlGqofO.exe
  C:\Windows\System32\xlGqofO.exe
  2⤵
  PID:10252
- C:\Windows\System32\QhHUhJD.exe
  C:\Windows\System32\QhHUhJD.exe
  2⤵
  PID:10280
- C:\Windows\System32\dJAWMWT.exe
  C:\Windows\System32\dJAWMWT.exe
  2⤵
  PID:10304
- C:\Windows\System32\PbEKNGq.exe
  C:\Windows\System32\PbEKNGq.exe
  2⤵
  PID:10340
- C:\Windows\System32\sZURNCI.exe
  C:\Windows\System32\sZURNCI.exe
  2⤵
  PID:10372
- C:\Windows\System32\medWIrP.exe
  C:\Windows\System32\medWIrP.exe
  2⤵
  PID:10396
- C:\Windows\System32\HLRxvCI.exe
  C:\Windows\System32\HLRxvCI.exe
  2⤵
  PID:10436
- C:\Windows\System32\ThJMDks.exe
  C:\Windows\System32\ThJMDks.exe
  2⤵
  PID:10468
- C:\Windows\System32\lLdHSiJ.exe
  C:\Windows\System32\lLdHSiJ.exe
  2⤵
  PID:10484
- C:\Windows\System32\JWMKflL.exe
  C:\Windows\System32\JWMKflL.exe
  2⤵
  PID:10512
- C:\Windows\System32\AuRmEIj.exe
  C:\Windows\System32\AuRmEIj.exe
  2⤵
  PID:10540
- C:\Windows\System32\bzTEbjT.exe
  C:\Windows\System32\bzTEbjT.exe
  2⤵
  PID:10560
- C:\Windows\System32\sSDHyUd.exe
  C:\Windows\System32\sSDHyUd.exe
  2⤵
  PID:10588
- C:\Windows\System32\vNnzdqz.exe
  C:\Windows\System32\vNnzdqz.exe
  2⤵
  PID:10612
- C:\Windows\System32\bxVxhEJ.exe
  C:\Windows\System32\bxVxhEJ.exe
  2⤵
  PID:10632
- C:\Windows\System32\Cqtmdyo.exe
  C:\Windows\System32\Cqtmdyo.exe
  2⤵
  PID:10648
- C:\Windows\System32\QJONmNu.exe
  C:\Windows\System32\QJONmNu.exe
  2⤵
  PID:10684
- C:\Windows\System32\utIngcM.exe
  C:\Windows\System32\utIngcM.exe
  2⤵
  PID:10720
- C:\Windows\System32\RuYstqr.exe
  C:\Windows\System32\RuYstqr.exe
  2⤵
  PID:10736
- C:\Windows\System32\YmUGjor.exe
  C:\Windows\System32\YmUGjor.exe
  2⤵
  PID:10760
- C:\Windows\System32\phzttnj.exe
  C:\Windows\System32\phzttnj.exe
  2⤵
  PID:10828
- C:\Windows\System32\izHmino.exe
  C:\Windows\System32\izHmino.exe
  2⤵
  PID:10856
- C:\Windows\System32\tLiUBys.exe
  C:\Windows\System32\tLiUBys.exe
  2⤵
  PID:10876
- C:\Windows\System32\FkmDWvQ.exe
  C:\Windows\System32\FkmDWvQ.exe
  2⤵
  PID:10896
- C:\Windows\System32\YczcGOO.exe
  C:\Windows\System32\YczcGOO.exe
  2⤵
  PID:10924
- C:\Windows\System32\ejJrriF.exe
  C:\Windows\System32\ejJrriF.exe
  2⤵
  PID:10952
- C:\Windows\System32\GlfkJyZ.exe
  C:\Windows\System32\GlfkJyZ.exe
  2⤵
  PID:10980
- C:\Windows\System32\tEHWKiz.exe
  C:\Windows\System32\tEHWKiz.exe
  2⤵
  PID:11004
- C:\Windows\System32\tgaUNun.exe
  C:\Windows\System32\tgaUNun.exe
  2⤵
  PID:11028
- C:\Windows\System32\FfPfUwl.exe
  C:\Windows\System32\FfPfUwl.exe
  2⤵
  PID:11056
- C:\Windows\System32\YoImNMQ.exe
  C:\Windows\System32\YoImNMQ.exe
  2⤵
  PID:11084
- C:\Windows\System32\njxYWwt.exe
  C:\Windows\System32\njxYWwt.exe
  2⤵
  PID:11100
- C:\Windows\System32\iTkWQCq.exe
  C:\Windows\System32\iTkWQCq.exe
  2⤵
  PID:11152
- C:\Windows\System32\OoRrQKB.exe
  C:\Windows\System32\OoRrQKB.exe
  2⤵
  PID:11196
- C:\Windows\System32\NjocfxC.exe
  C:\Windows\System32\NjocfxC.exe
  2⤵
  PID:11212
- C:\Windows\System32\CcBuEFE.exe
  C:\Windows\System32\CcBuEFE.exe
  2⤵
  PID:11244
- C:\Windows\System32\LlehhCk.exe
  C:\Windows\System32\LlehhCk.exe
  2⤵
  PID:9428
- C:\Windows\System32\CLKOMmM.exe
  C:\Windows\System32\CLKOMmM.exe
  2⤵
  PID:10300
- C:\Windows\System32\QdImbrt.exe
  C:\Windows\System32\QdImbrt.exe
  2⤵
  PID:10364
- C:\Windows\System32\NrVGkwN.exe
  C:\Windows\System32\NrVGkwN.exe
  2⤵
  PID:10404
- C:\Windows\System32\DFhaszw.exe
  C:\Windows\System32\DFhaszw.exe
  2⤵
  PID:10452
- C:\Windows\System32\KLYDFmp.exe
  C:\Windows\System32\KLYDFmp.exe
  2⤵
  PID:10620
- C:\Windows\System32\ALKKJSx.exe
  C:\Windows\System32\ALKKJSx.exe
  2⤵
  PID:10668
- C:\Windows\System32\WHWgckI.exe
  C:\Windows\System32\WHWgckI.exe
  2⤵
  PID:10768
- C:\Windows\System32\wDuXiNQ.exe
  C:\Windows\System32\wDuXiNQ.exe
  2⤵
  PID:10816
- C:\Windows\System32\VXxQlVH.exe
  C:\Windows\System32\VXxQlVH.exe
  2⤵
  PID:10868
- C:\Windows\System32\wNsonZA.exe
  C:\Windows\System32\wNsonZA.exe
  2⤵
  PID:10916
- C:\Windows\System32\TvWcvox.exe
  C:\Windows\System32\TvWcvox.exe
  2⤵
  PID:10992
- C:\Windows\System32\DthgeuZ.exe
  C:\Windows\System32\DthgeuZ.exe
  2⤵
  PID:11040
- C:\Windows\System32\LfnQbBa.exe
  C:\Windows\System32\LfnQbBa.exe
  2⤵
  PID:11096
- C:\Windows\System32\otYMsDp.exe
  C:\Windows\System32\otYMsDp.exe
  2⤵
  PID:11128
- C:\Windows\System32\gQoxMBm.exe
  C:\Windows\System32\gQoxMBm.exe
  2⤵
  PID:11252
- C:\Windows\System32\OvPCBBg.exe
  C:\Windows\System32\OvPCBBg.exe
  2⤵
  PID:10392
- C:\Windows\System32\tGRANQj.exe
  C:\Windows\System32\tGRANQj.exe
  2⤵
  PID:10448
- C:\Windows\System32\uGYkMYD.exe
  C:\Windows\System32\uGYkMYD.exe
  2⤵
  PID:10576
- C:\Windows\System32\DcyerAs.exe
  C:\Windows\System32\DcyerAs.exe
  2⤵
  PID:10696
- C:\Windows\System32\xurRoPp.exe
  C:\Windows\System32\xurRoPp.exe
  2⤵
  PID:10940
- C:\Windows\System32\tRtvoFC.exe
  C:\Windows\System32\tRtvoFC.exe
  2⤵
  PID:11076
- C:\Windows\System32\uBbGDjN.exe
  C:\Windows\System32\uBbGDjN.exe
  2⤵
  PID:10292
- C:\Windows\System32\bfkybKp.exe
  C:\Windows\System32\bfkybKp.exe
  2⤵
  PID:10524
- C:\Windows\System32\FzNqrKS.exe
  C:\Windows\System32\FzNqrKS.exe
  2⤵
  PID:10908
- C:\Windows\System32\yqtlpZU.exe
  C:\Windows\System32\yqtlpZU.exe
  2⤵
  PID:11176
- C:\Windows\System32\jKTUyvT.exe
  C:\Windows\System32\jKTUyvT.exe
  2⤵
  PID:10804
- C:\Windows\System32\wIaZuDN.exe
  C:\Windows\System32\wIaZuDN.exe
  2⤵
  PID:11280
- C:\Windows\System32\UhYcdFy.exe
  C:\Windows\System32\UhYcdFy.exe
  2⤵
  PID:11308
- C:\Windows\System32\eVYsCjq.exe
  C:\Windows\System32\eVYsCjq.exe
  2⤵
  PID:11328
- C:\Windows\System32\vTssuaO.exe
  C:\Windows\System32\vTssuaO.exe
  2⤵
  PID:11364
- C:\Windows\System32\DFRVUmi.exe
  C:\Windows\System32\DFRVUmi.exe
  2⤵
  PID:11404
- C:\Windows\System32\PmKxJiP.exe
  C:\Windows\System32\PmKxJiP.exe
  2⤵
  PID:11444
- C:\Windows\System32\yGdEBcc.exe
  C:\Windows\System32\yGdEBcc.exe
  2⤵
  PID:11468
- C:\Windows\System32\MJMgPjC.exe
  C:\Windows\System32\MJMgPjC.exe
  2⤵
  PID:11496
- C:\Windows\System32\TiWzrch.exe
  C:\Windows\System32\TiWzrch.exe
  2⤵
  PID:11516
- C:\Windows\System32\sHYpIFo.exe
  C:\Windows\System32\sHYpIFo.exe
  2⤵
  PID:11532
- C:\Windows\System32\PtogRmV.exe
  C:\Windows\System32\PtogRmV.exe
  2⤵
  PID:11568
- C:\Windows\System32\KtPvKRP.exe
  C:\Windows\System32\KtPvKRP.exe
  2⤵
  PID:11584
- C:\Windows\System32\BJuyuTo.exe
  C:\Windows\System32\BJuyuTo.exe
  2⤵
  PID:11612
- C:\Windows\System32\uKyELwU.exe
  C:\Windows\System32\uKyELwU.exe
  2⤵
  PID:11636
- C:\Windows\System32\RmqHajP.exe
  C:\Windows\System32\RmqHajP.exe
  2⤵
  PID:11660
- C:\Windows\System32\wXELbtq.exe
  C:\Windows\System32\wXELbtq.exe
  2⤵
  PID:11676
- C:\Windows\System32\tpUBtER.exe
  C:\Windows\System32\tpUBtER.exe
  2⤵
  PID:11700
- C:\Windows\System32\yWknshC.exe
  C:\Windows\System32\yWknshC.exe
  2⤵
  PID:11744
- C:\Windows\System32\vCZgzDu.exe
  C:\Windows\System32\vCZgzDu.exe
  2⤵
  PID:11816
- C:\Windows\System32\ENdveYe.exe
  C:\Windows\System32\ENdveYe.exe
  2⤵
  PID:11840
- C:\Windows\System32\sFNJMmx.exe
  C:\Windows\System32\sFNJMmx.exe
  2⤵
  PID:11864
- C:\Windows\System32\OkHJaeL.exe
  C:\Windows\System32\OkHJaeL.exe
  2⤵
  PID:11884
- C:\Windows\System32\VlNhEOy.exe
  C:\Windows\System32\VlNhEOy.exe
  2⤵
  PID:11908
- C:\Windows\System32\qGgrYQw.exe
  C:\Windows\System32\qGgrYQw.exe
  2⤵
  PID:11928
- C:\Windows\System32\myAWRsR.exe
  C:\Windows\System32\myAWRsR.exe
  2⤵
  PID:11952
- C:\Windows\System32\LypPCvj.exe
  C:\Windows\System32\LypPCvj.exe
  2⤵
  PID:11980
- C:\Windows\System32\VWDRlQA.exe
  C:\Windows\System32\VWDRlQA.exe
  2⤵
  PID:12008
- C:\Windows\System32\ZcpTGEM.exe
  C:\Windows\System32\ZcpTGEM.exe
  2⤵
  PID:12060
- C:\Windows\System32\HIjtMlb.exe
  C:\Windows\System32\HIjtMlb.exe
  2⤵
  PID:12088
- C:\Windows\System32\CbMjTuY.exe
  C:\Windows\System32\CbMjTuY.exe
  2⤵
  PID:12116
- C:\Windows\System32\ggoXQLV.exe
  C:\Windows\System32\ggoXQLV.exe
  2⤵
  PID:12148
- C:\Windows\System32\wGBQEpC.exe
  C:\Windows\System32\wGBQEpC.exe
  2⤵
  PID:12184
- C:\Windows\System32\VsqcPJL.exe
  C:\Windows\System32\VsqcPJL.exe
  2⤵
  PID:12204
- C:\Windows\System32\kSCJRkq.exe
  C:\Windows\System32\kSCJRkq.exe
  2⤵
  PID:12228
- C:\Windows\System32\qJMGsuX.exe
  C:\Windows\System32\qJMGsuX.exe
  2⤵
  PID:12256
- C:\Windows\System32\UexAiSD.exe
  C:\Windows\System32\UexAiSD.exe
  2⤵
  PID:12272
- C:\Windows\System32\fjAURju.exe
  C:\Windows\System32\fjAURju.exe
  2⤵
  PID:11092
- C:\Windows\System32\UjDZpob.exe
  C:\Windows\System32\UjDZpob.exe
  2⤵
  PID:11324
- C:\Windows\System32\lVcRBmx.exe
  C:\Windows\System32\lVcRBmx.exe
  2⤵
  PID:11340
- C:\Windows\System32\aTsvGaG.exe
  C:\Windows\System32\aTsvGaG.exe
  2⤵
  PID:11420
- C:\Windows\System32\CErjsFn.exe
  C:\Windows\System32\CErjsFn.exe
  2⤵
  PID:11556
- C:\Windows\System32\nypPdbt.exe
  C:\Windows\System32\nypPdbt.exe
  2⤵
  PID:11628
- C:\Windows\System32\SoQSTDr.exe
  C:\Windows\System32\SoQSTDr.exe
  2⤵
  PID:11624
- C:\Windows\System32\UQunzKJ.exe
  C:\Windows\System32\UQunzKJ.exe
  2⤵
  PID:11688
- C:\Windows\System32\PExkmPW.exe
  C:\Windows\System32\PExkmPW.exe
  2⤵
  PID:11760
- C:\Windows\System32\SbxuklB.exe
  C:\Windows\System32\SbxuklB.exe
  2⤵
  PID:11880
- C:\Windows\System32\nzNvHog.exe
  C:\Windows\System32\nzNvHog.exe
  2⤵
  PID:11936
- C:\Windows\System32\gOXTVaS.exe
  C:\Windows\System32\gOXTVaS.exe
  2⤵
  PID:11944
- C:\Windows\System32\NsDzaay.exe
  C:\Windows\System32\NsDzaay.exe
  2⤵
  PID:11996
- C:\Windows\System32\sUOPsNa.exe
  C:\Windows\System32\sUOPsNa.exe
  2⤵
  PID:12180
- C:\Windows\System32\CZifpWz.exe
  C:\Windows\System32\CZifpWz.exe
  2⤵
  PID:12212
- C:\Windows\System32\odWcDFp.exe
  C:\Windows\System32\odWcDFp.exe
  2⤵
  PID:11160
- C:\Windows\System32\UliMERD.exe
  C:\Windows\System32\UliMERD.exe
  2⤵
  PID:11288
- C:\Windows\System32\lvybtyb.exe
  C:\Windows\System32\lvybtyb.exe
  2⤵
  PID:11348
- C:\Windows\System32\SCaLPGR.exe
  C:\Windows\System32\SCaLPGR.exe
  2⤵
  PID:11488
- C:\Windows\System32\karuxlO.exe
  C:\Windows\System32\karuxlO.exe
  2⤵
  PID:11668
- C:\Windows\System32\EeNTbiK.exe
  C:\Windows\System32\EeNTbiK.exe
  2⤵
  PID:11824
- C:\Windows\System32\ZovSDKl.exe
  C:\Windows\System32\ZovSDKl.exe
  2⤵
  PID:11992
- C:\Windows\System32\kLgSLbK.exe
  C:\Windows\System32\kLgSLbK.exe
  2⤵
  PID:12028
- C:\Windows\System32\GKrePXs.exe
  C:\Windows\System32\GKrePXs.exe
  2⤵
  PID:12200
- C:\Windows\System32\kuMjQgS.exe
  C:\Windows\System32\kuMjQgS.exe
  2⤵
  PID:12240
- C:\Windows\System32\COjvKCt.exe
  C:\Windows\System32\COjvKCt.exe
  2⤵
  PID:11528
- C:\Windows\System32\pjjMiFB.exe
  C:\Windows\System32\pjjMiFB.exe
  2⤵
  PID:4852
- C:\Windows\System32\WXQfZki.exe
  C:\Windows\System32\WXQfZki.exe
  2⤵
  PID:11900
- C:\Windows\System32\YHyliOT.exe
  C:\Windows\System32\YHyliOT.exe
  2⤵
  PID:12176
- C:\Windows\System32\tHqBWEu.exe
  C:\Windows\System32\tHqBWEu.exe
  2⤵
  PID:11412
- C:\Windows\System32\urcaEAP.exe
  C:\Windows\System32\urcaEAP.exe
  2⤵
  PID:12020
- C:\Windows\System32\aygGiUI.exe
  C:\Windows\System32\aygGiUI.exe
  2⤵
  PID:12308
- C:\Windows\System32\VlJDUeY.exe
  C:\Windows\System32\VlJDUeY.exe
  2⤵
  PID:12344
- C:\Windows\System32\LilpYcS.exe
  C:\Windows\System32\LilpYcS.exe
  2⤵
  PID:12360
- C:\Windows\System32\fKLzhLk.exe
  C:\Windows\System32\fKLzhLk.exe
  2⤵
  PID:12384
- C:\Windows\System32\AgBdYzp.exe
  C:\Windows\System32\AgBdYzp.exe
  2⤵
  PID:12404
- C:\Windows\System32\gesityR.exe
  C:\Windows\System32\gesityR.exe
  2⤵
  PID:12428
- C:\Windows\System32\Ntidefw.exe
  C:\Windows\System32\Ntidefw.exe
  2⤵
  PID:12496
- C:\Windows\System32\mxbNzmY.exe
  C:\Windows\System32\mxbNzmY.exe
  2⤵
  PID:12544
- C:\Windows\System32\sQuTbYy.exe
  C:\Windows\System32\sQuTbYy.exe
  2⤵
  PID:12560
- C:\Windows\System32\YAIGICu.exe
  C:\Windows\System32\YAIGICu.exe
  2⤵
  PID:12616
- C:\Windows\System32\suWKpdr.exe
  C:\Windows\System32\suWKpdr.exe
  2⤵
  PID:12644
- C:\Windows\System32\XGXgMDG.exe
  C:\Windows\System32\XGXgMDG.exe
  2⤵
  PID:12664
- C:\Windows\System32\sCtcMJA.exe
  C:\Windows\System32\sCtcMJA.exe
  2⤵
  PID:12684
- C:\Windows\System32\dwkUrUC.exe
  C:\Windows\System32\dwkUrUC.exe
  2⤵
  PID:12712
- C:\Windows\System32\SMEcWEE.exe
  C:\Windows\System32\SMEcWEE.exe
  2⤵
  PID:12748
- C:\Windows\System32\PVlKTWl.exe
  C:\Windows\System32\PVlKTWl.exe
  2⤵
  PID:12792
- C:\Windows\System32\MEHZKnE.exe
  C:\Windows\System32\MEHZKnE.exe
  2⤵
  PID:12820
- C:\Windows\System32\hfJoWnt.exe
  C:\Windows\System32\hfJoWnt.exe
  2⤵
  PID:12844
- C:\Windows\System32\nSQrlmO.exe
  C:\Windows\System32\nSQrlmO.exe
  2⤵
  PID:12896
- C:\Windows\System32\QHtRJXn.exe
  C:\Windows\System32\QHtRJXn.exe
  2⤵
  PID:12912
- C:\Windows\System32\NGlxOaR.exe
  C:\Windows\System32\NGlxOaR.exe
  2⤵
  PID:12940
- C:\Windows\System32\krwKiHB.exe
  C:\Windows\System32\krwKiHB.exe
  2⤵
  PID:12960
- C:\Windows\System32\PBuAuwF.exe
  C:\Windows\System32\PBuAuwF.exe
  2⤵
  PID:12984
- C:\Windows\System32\jjlCcNU.exe
  C:\Windows\System32\jjlCcNU.exe
  2⤵
  PID:13004
- C:\Windows\System32\jXcXBzx.exe
  C:\Windows\System32\jXcXBzx.exe
  2⤵
  PID:13040
- C:\Windows\System32\PyWEJXN.exe
  C:\Windows\System32\PyWEJXN.exe
  2⤵
  PID:13084
- C:\Windows\System32\jiTrTjw.exe
  C:\Windows\System32\jiTrTjw.exe
  2⤵
  PID:13108
- C:\Windows\System32\vhqYqrw.exe
  C:\Windows\System32\vhqYqrw.exe
  2⤵
  PID:13128
- C:\Windows\System32\pKlAyjq.exe
  C:\Windows\System32\pKlAyjq.exe
  2⤵
  PID:13152
- C:\Windows\System32\jRgJqjt.exe
  C:\Windows\System32\jRgJqjt.exe
  2⤵
  PID:13176
- C:\Windows\System32\ELTHOPf.exe
  C:\Windows\System32\ELTHOPf.exe
  2⤵
  PID:13208
- C:\Windows\System32\TzhkLFC.exe
  C:\Windows\System32\TzhkLFC.exe
  2⤵
  PID:13236
- C:\Windows\System32\iAqJvNu.exe
  C:\Windows\System32\iAqJvNu.exe
  2⤵
  PID:13268
- C:\Windows\System32\CcqxPha.exe
  C:\Windows\System32\CcqxPha.exe
  2⤵
  PID:13292
- C:\Windows\System32\eJQGixR.exe
  C:\Windows\System32\eJQGixR.exe
  2⤵
  PID:11464
- C:\Windows\System32\IeUYcMl.exe
  C:\Windows\System32\IeUYcMl.exe
  2⤵
  PID:12300
- C:\Windows\System32\GXrQMYn.exe
  C:\Windows\System32\GXrQMYn.exe
  2⤵
  PID:12440
- C:\Windows\System32\mpedvrh.exe
  C:\Windows\System32\mpedvrh.exe
  2⤵
  PID:12460
- C:\Windows\System32\KBBPdAg.exe
  C:\Windows\System32\KBBPdAg.exe
  2⤵
  PID:12436
- C:\Windows\System32\lPbsJnj.exe
  C:\Windows\System32\lPbsJnj.exe
  2⤵
  PID:12568
- C:\Windows\System32\hpnQTjH.exe
  C:\Windows\System32\hpnQTjH.exe
  2⤵
  PID:12596
- C:\Windows\System32\RieiknR.exe
  C:\Windows\System32\RieiknR.exe
  2⤵
  PID:12660
- C:\Windows\System32\wLyODEO.exe
  C:\Windows\System32\wLyODEO.exe
  2⤵
  PID:12764
- C:\Windows\System32\VSLuSAl.exe
  C:\Windows\System32\VSLuSAl.exe
  2⤵
  PID:12828
- C:\Windows\System32\ncgdauR.exe
  C:\Windows\System32\ncgdauR.exe
  2⤵
  PID:12936

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AOSjMjT.exe

Filesize
1.8MB

MD5
3c6022dc9a5f53d5694b57e996e80e44

SHA1
a4c7d3ae226cef032ad404a0cc1c658706fc52fe

SHA256
cd36b3b6aa081ac7c04261bb7096dc36958e2aa2b073f76253ddba33b0cbfaf4

SHA512
1272ad038fe66dc9e9a4482be47c349a09987592985432a9baa8bcc460d2bd14fee1c1d18085a582455f7a341fae361f78901c3b2bfdfec94f002e626442ee6e

Download Submit
C:\Windows\System32\AleTrrU.exe

Filesize
1.8MB

MD5
f41946885727c23fce19f9e6b8de2b69

SHA1
3eac58f8a225f7d475cc1304b8310695f70e4efe

SHA256
8ba301392e38b4e15b6bdab656a45f347eb892c97cf78ea03e8e90c15f749571

SHA512
c5a2b896f63c0269563151458b93bcead64cb91a125b1a594165be4945655a7b9e6395136bccc5fed935f828c1d6b17e7f1113421705a8f274cf30c466e4652b

Download Submit
C:\Windows\System32\BXBZbel.exe

Filesize
1.8MB

MD5
b99fb50a2bcddd43992e40bd94d348db

SHA1
0f8e5a12e1debc59f8bca2ac2e4fb9e2117499b1

SHA256
a0e378de8331a5a413287b692fcf1be9d396653c5a203a836888235913fa45db

SHA512
1c2acf88253d7d965aa5fe8128e710edbabff5750971f8ea91b8d8940eeb871c42aca100533636d7758273a6c696bd3305a834057f4d5cec89b2d4442935a168

Download Submit
C:\Windows\System32\DJLeQiI.exe

Filesize
1.8MB

MD5
a5d9c52441b54faf1c56b785e3c91384

SHA1
0c9b5d3b1d3670890a9fc4be7912605259157d50

SHA256
037b3cf760839e59dba445f397680672a2d66f26bf519a1baa02a08f3c24c639

SHA512
4333ec800be29194b4f52c22c5524f0e28e66b9bd2b0540c8be662f8a5c03982f59ba560d38ea8d57f3ea240d0dd63ae3c3a5d5ecb868968927d2a6ed43793d7

Download Submit
C:\Windows\System32\DwQjWUi.exe

Filesize
1.8MB

MD5
8a84c51214fceb5ee3498559e76f01bc

SHA1
edecea2887e25b51a3eecc7a7675130207b50bc6

SHA256
929a5e18a1d75dc7f057e34a136fd70e0a2f831e8cf795aaf7ef7c60362058de

SHA512
32110a2fa4fe0a4b1f8d8ec7b1011f8a17669eea5c346a94fae9b34dbe969edc014799b32f7584d5ecc110074877192e0faa7e5a0a062c835bebf33f1a30271d

Download Submit
C:\Windows\System32\Fcdxxkg.exe

Filesize
1.8MB

MD5
7a04d2d77cc7df955b2427bd564cd4e0

SHA1
1909a3face947969278d7c3bcbc878a5089a2eb3

SHA256
8b0883be61435bb3a47eb7ffd17d213f6ec36ee1c55dc08a22b92f804b148def

SHA512
5647043893d6666b023a6eeec0d6bc4d5940992925072dd6d8e270dcb39bc7a0a687c673d69dc927c8e593f19810697870b2c882596b92125c214ba1cb4dadb1

Download Submit
C:\Windows\System32\FvmQGuJ.exe

Filesize
1.8MB

MD5
9e7a9e981ea73dd5c2b875384226c142

SHA1
985021d1ef11a6cd069c5ca7cecc2d343979faa8

SHA256
4a1d764197b09083d8b1b7b6ad58c90de8d12ef07c09126591989e8c2fedc394

SHA512
8b522e444a0f399be42d1789f7306bbfd27c57da86166c0a534878c144264641131662a93ab54e7ac713a4aafdfcbff875ce3a6cb1483790d48b4c27676d093f

Download Submit
C:\Windows\System32\HjGbmcN.exe

Filesize
1.8MB

MD5
d1dce761f784058d8d7dea406207f209

SHA1
ab5560ad34e52e2e0288ad4198024a0a21681a50

SHA256
b61339b904f7018d9c8281d1446b13d24d17e3e058b080a55519d663594fff04

SHA512
b644c512213740d4f0ebbc6450bffebe2c91ebe00aab1c7e0b661c879b7fb0e67a65e9cb51b63551b9a6370926296a78b4d00dba625f1da96759faf8693ab485

Download Submit
C:\Windows\System32\KVynJOx.exe

Filesize
1.8MB

MD5
2c9b852a8157a47e266dda94c8dbe467

SHA1
30d4f0cf567a66583dfcb3d64c4f357b83d7237f

SHA256
efda5313cfe2ba9e4d21d9acbfff2296384bffa62cb4f39bacf395011af1886e

SHA512
4a7677d3d88d8a8b3edc19b340b285dca4801eef5b78ed9201eec5a45665401c06a2ba55c13aa1a2a6183e5d832434203b1f008833bebafe1bd5df744209419e

Download Submit
C:\Windows\System32\KiskWjD.exe

Filesize
1.8MB

MD5
6a6c574603991b45965a0075b50c0857

SHA1
33e221f15d7c0097bf97626a12e80a52ee80a262

SHA256
dda8b89e03085c6c5a94b00726dfc1eedb297fc1c9adfab68e1fd8f35e54c8b2

SHA512
2fb8481044a833c434a7de80caee60673cc56047e7b605c77071a9765512fc46ab4d3dfa4c460e8c4a7dade9ed6e3b7afd431a279cd22b8901666c7d3cb2e00a

Download Submit
C:\Windows\System32\PNKtzIz.exe

Filesize
1.8MB

MD5
f255dcded1a6a24e14798534f02e48e9

SHA1
37267b6c731b55bc797415ada5b00d29aa6d9d29

SHA256
51729dc5791fab252db9b2ffe48d0ef8894ff2b613d6ee986c4cce26c644f390

SHA512
95535ed29b5972eb01b573a952714f7243f92d15660ac71493d9f463f505a1e7286c4010990f9523651fbb93d9d87bd2b219b664f35fdec36e90083e30fa5185

Download Submit
C:\Windows\System32\QUcjnvg.exe

Filesize
1.8MB

MD5
bd4dbf74caa8199ab119f7399edc145b

SHA1
7b1bd20b9d530332dc1773e38d974cde93d41819

SHA256
f86cb026c13df539e017c78cf57ccf22dcef67d1c97f8a8319cc88ef307208a8

SHA512
41b9848cc7fae5d6b57ab89d7725fb134c508e112fd7a6fe2793667b50321b9219f0a00f47a6cd49e72c9f1f4490539962712d2e0a78ca1d289d5871b81b71c2

Download Submit
C:\Windows\System32\QcJYvLI.exe

Filesize
1.8MB

MD5
fc20df432823a6c5b9fd72be8565ba7c

SHA1
48fa2555c366c37d15f1dcb45561d942461d31eb

SHA256
f767a6037bafa5329af65c6c9b3226e9a69a23c3c31d7fd2922917882ef38bfe

SHA512
ed30f025a121f075256a4025a0c087e97b364e44dbb1a9ebf24cb984a87d04f65a3a8bd86ffb6db9a168eca3c4b724a01e98369202716ec6dc762185e6c67e2e

Download Submit
C:\Windows\System32\RshqDAp.exe

Filesize
1.8MB

MD5
93aa08982193f24662e6e354e623412b

SHA1
962e08abd4a16af11f315ff24dcaa31fc3f02641

SHA256
d7b1a1b862662751e74a0b7151c4d0d120cc1d1eb96368f0703e7fff51e294dd

SHA512
fa1da1a5f8cca8679eff40909c2c9342bd4fad8c4bdb95e7293eeece961b1b940380c4f6792c91954da4aa6ddfa8a5e5729f25599b7a3c9dd2cc709890faa0c5

Download Submit
C:\Windows\System32\TFDgWHf.exe

Filesize
1.8MB

MD5
d562bc68fae10d00ade05ecf23f40972

SHA1
2716c050e3ca95cf2b20cb0ca5fa090ac4d0bfbd

SHA256
9440bea5ad554c40d124ebd62f8296c4b20c909a235ecafa31f5644690a436c7

SHA512
5ad2828cc7d8e3991b086d60598d0f9407b2255961f1a6f16e0945f445abf7eb2ddb62b68c072ef26927f844d62a20655b7dc09cc5366faffe6236671fb583cc

Download Submit
C:\Windows\System32\VcVrfTb.exe

Filesize
1.8MB

MD5
6b5f9adc5abcd91e3b767229f17a763d

SHA1
5072c93c665d509585363cfb0bbf6fca71d85f07

SHA256
7237adc9f3e7605478264c4f4195642cff4a46954d91a6268409c34e8093d449

SHA512
f3a0641db1f5c3138a4c948ef4d8626bf411b5d479525601c27af8bde69eceb3797c94e5edd67fd547f273a5500827ab5bf73ccb26a8d874082357d739b822a2

Download Submit
C:\Windows\System32\WVKJToQ.exe

Filesize
1.8MB

MD5
5528be887c54dc86d5bde4dd591f72aa

SHA1
236bfef7287936dca3a0fccef8bd463d17fc1c30

SHA256
2319635e7a42f5b67e38f9b4cfa32d2f83e53d1cd7b089a317b0f65ba461f126

SHA512
88c838553ebaaecb12808aa4a8f6d951c7a6c72a281d35ba7b7f8ca3c8b957310e9db263ae220a6a681c9dd273a242100f01cfaac76e099906b654d2dfe7c86f

Download Submit
C:\Windows\System32\WnaPJZj.exe

Filesize
1.8MB

MD5
e6aa739b1608ccbfd0b81060565dcaae

SHA1
26df7114aee84040921b4b2669917cc1455e2c4b

SHA256
602a0eabe0981068273ffbe5cdfc0403924dc661f2e99f84de85b9c0fb354880

SHA512
8dfc1efb332484cf42bacd1f46bc96a06ee642986332a35380dba9bc2f45aef14f7f38506dd7ca229da0b014df0016a0dd14e779e7fd8d863b2fb75ee9cb1c16

Download Submit
C:\Windows\System32\WvKftZQ.exe

Filesize
1.8MB

MD5
6788d830d7538107ee6651be0fb0b58f

SHA1
648398b8785468df32059b4a42a3875f637e50e7

SHA256
02cffbe415c763504b945e41ccff8159b6fc5b49a031a580205dee486a64e96b

SHA512
b7cd8f6b15314e5128ab434e20be87730547fbdbc298a221a9eb18bb2f33c6cc4e428b5a4f6de73de9c362d597576cb2537b7648f9dfd4e458c5b69c595baa36

Download Submit
C:\Windows\System32\XQMhqTd.exe

Filesize
1.8MB

MD5
f9a328c4b3dcb87fc9ce0f7c4fb57fb7

SHA1
0f29e97af5881700d810f4adb7fc2e9aea440170

SHA256
9775cad98f651542355aa8e28fe27165d0a052ae231970876b442feedd50ec6f

SHA512
a9073477b9166845ef958edd67e445efc1990924e900af0efc67690d9c1f5fb51b9b2ab3210f3ec90037ef4bb05953691e744379706646ba0f5bfd39d6df747d

Download Submit
C:\Windows\System32\bRvUcPh.exe

Filesize
1.8MB

MD5
b983fadf4aaea1f3b4e1bed43176f6c8

SHA1
69fa743a875a10879c8fd7b2e7568283e2b72c60

SHA256
8eca9698d00d0ea2cd8f370e5f409faf4851c014c1369657b61eaed2d7b4dca5

SHA512
3536e4ba11de5690f9313ee76af6397d839cf3fb68543cc9837f733acafd16303367e63693ce9b832786bdd4e139e9cbd45777c5d577998f32449d62fe2cb34d

Download Submit
C:\Windows\System32\gYGeElt.exe

Filesize
1.8MB

MD5
38afc898b9c825c571f2985464f9a470

SHA1
90c0d9a715fa3091a645d85dc4c057c6ee67604c

SHA256
640bcca36cf84d722833d667d9f3813e20019a760b735554c68b0a4df362763e

SHA512
22a350755543e12e3e4147e80be1fcff7986c3ce643d7a7708a4f01a448a9134780bc3b968bd8d8e29ffc4a94d5a8ba6d66e22df247cc223f3f3d2b97c612ecc

Download Submit
C:\Windows\System32\hOJWLMw.exe

Filesize
1.8MB

MD5
be18cca68d54b4a355e9da8073be6bd7

SHA1
ec723065b7954e6c701186f2a7966b18c4322490

SHA256
07f7b87759c93383a28b94e955563901a113e9afd63ffac631974832478fb5e9

SHA512
c946c366088107b9d4f4f24aed82ef41a081373809ce944f550235dec025677646bce422de072ecf158b37b231f1cbc5c93bbb217bf4ccca3e186956d0384cef

Download Submit
C:\Windows\System32\iqnCpwX.exe

Filesize
1.8MB

MD5
5141a9703f9440771eb24fcaf7ff360f

SHA1
0f3ac814ad632b55ac2879d467dfbb432b9e04d5

SHA256
f90e7422d479e1c8487edee8a558def1a8e4398d7ab4cbc4a6996549c4041650

SHA512
ab14d406db4073b730f7bee58ee4e80ba43555ef690cfd90c3b680d8f24f8efc1286b3f0af998c7015014733e3dced6ca866d6db3cc590ee1a3540569219003b

Download Submit
C:\Windows\System32\jCfEXpg.exe

Filesize
1.8MB

MD5
607b6632f3fab79246590b6eda0fb4f8

SHA1
6a656d3e4007385af9b965a6be3ee20f7993fc00

SHA256
c60db638e9b2d660220fa9a71ad9e5d0223b6ebebb4be630651b6f93ed96d056

SHA512
75944e7935c890222e8d1def21cee3763abd52635ead6c41b92f29418be67c7a8e477a966823506af72e1ca303ae2b0ed96a8649e15a919dde86e807007b2d05

Download Submit
C:\Windows\System32\jslDpEM.exe

Filesize
1.8MB

MD5
cfb607b185937dc31edae5f3f7f72b3e

SHA1
64aa243722f23816df02ebcc48586042f25fd609

SHA256
7400ae1b209407e6703efed713d07a38722b35b8f9ceb5bb5e3ac242c5d904d1

SHA512
eea5f10a41fad40111e799254842293b700369c20f4ee6b15a2464414cf1f4b353657f1e6e2eb96f7d4dbd10530fb96b4a7fa38caef0d0d0c5063e55a2118fd7

Download Submit
C:\Windows\System32\mXGpxls.exe

Filesize
1.8MB

MD5
64c00b4b90ea005ade5663134f460eda

SHA1
d6268fa10ae1b10dbdf0ec32a3b30fb108bbdd0c

SHA256
67f0cac5cba055da03986ad9d892a7e07040f61eadbd97e9a750b17801ef87a9

SHA512
a958f29c8ed8956e032963d1b6c996b742559e33faaeac4b8926010cd6cca96261865997a5a417b7e14ec6236517e44b8ddc19267226fa4d9ea10d8449b0b03c

Download Submit
C:\Windows\System32\mkrGWkV.exe

Filesize
1.8MB

MD5
ee81911631ae88635643dbc436eefa42

SHA1
41513f3273b2aaa1e738610a06735947618ddad4

SHA256
a9e6a30d27acd2dba9839b0fad768d962a760dfa0a02878462f1dafe9614d54c

SHA512
2e2b2abbf90c818918576ae0ed8da8bbd42db6e8a00278c4373ac3967bf99a17f28ec3cf4cbf78aa0a97979e90a8fd06c80f00ee265bef81299fb69877cb0bf4

Download Submit
C:\Windows\System32\nnXLgtx.exe

Filesize
1.8MB

MD5
193ec63f3c539fd8e288715b69fdfa7a

SHA1
627f10991ca1104ca67952f58b93bbd67a54c5a1

SHA256
08a903bd92f8650913b103ff01b289b1fa7435b5f30a596ada9d987b2152e0be

SHA512
b14861af51b081a2c23b807f7feb60d20b1c0c4f5f931d7d5d956e21f3bf1d5183713401bec99c4b02b4ca9b85b238a84b44433e14c907cf4f13e583089a8be5

Download Submit
C:\Windows\System32\oYziTDs.exe

Filesize
1.8MB

MD5
630fed66046e1f04765e82d187af0c97

SHA1
05a4215557de5eb15e546d7ac1525d04c7b3cb7a

SHA256
1df480ffe99e630235b67dae941468419259c7650850cdc1bc9b56d55b89a82a

SHA512
d15991456aeeedd5245a6fce4226984e32ed9e8bfa5175324f062fbeab0421e88aeca389d02fdccb0d332cdf8f2d11b3c863b6cd2fe5fbe695df6bc879c67ba6

Download Submit
C:\Windows\System32\qZHPbbV.exe

Filesize
1.8MB

MD5
e206faacfdf1a6099fa55ba1db4f12ed

SHA1
fe988d2e0b433502e0dbbeeee60f76813cfec734

SHA256
0e67dae76b4054bfdf58dd6965d1ad4cb1712f966d12a937348182d9ee51a9d4

SHA512
da1b67496cce2f13a56abd6e33cb748d4130d54cd9fd8565e70b274ed4794235eb4235fcb4cb0ed8b468ffff44c53030c983cc802112be84f141017f42996264

Download Submit
C:\Windows\System32\zIaffJk.exe

Filesize
1.8MB

MD5
8ca4a1f6d11dc3632acb743af73c2a98

SHA1
2a123f444da3385d453ca14d5c49230b87006644

SHA256
7c680ffc98e09eed40c04c73a7243459952a91139c2cace6d28a3ef2b3f1256a

SHA512
3102bc4894fe68fb9ea188530e21751557aa639d18bb65bfa37a824461aefd813219807cf347f81b035fb06384d86b20f6b253365cf18cde52ae5d016480ac98

Download Submit
memory/64-29-0x00007FF703C30000-0x00007FF704021000-memory.dmp

Filesize
3.9MB

Download
memory/64-1998-0x00007FF703C30000-0x00007FF704021000-memory.dmp

Filesize
3.9MB

Download
memory/64-2016-0x00007FF703C30000-0x00007FF704021000-memory.dmp

Filesize
3.9MB

Download
memory/468-1999-0x00007FF604420000-0x00007FF604811000-memory.dmp

Filesize
3.9MB

Download
memory/468-2014-0x00007FF604420000-0x00007FF604811000-memory.dmp

Filesize
3.9MB

Download
memory/468-42-0x00007FF604420000-0x00007FF604811000-memory.dmp

Filesize
3.9MB

Download
memory/716-473-0x00007FF70F750000-0x00007FF70FB41000-memory.dmp

Filesize
3.9MB

Download
memory/716-2050-0x00007FF70F750000-0x00007FF70FB41000-memory.dmp

Filesize
3.9MB

Download
memory/860-2012-0x00007FF6C3EE0000-0x00007FF6C42D1000-memory.dmp

Filesize
3.9MB

Download
memory/860-1992-0x00007FF6C3EE0000-0x00007FF6C42D1000-memory.dmp

Filesize
3.9MB

Download
memory/860-27-0x00007FF6C3EE0000-0x00007FF6C42D1000-memory.dmp

Filesize
3.9MB

Download
memory/1076-472-0x00007FF7A9F50000-0x00007FF7AA341000-memory.dmp

Filesize
3.9MB

Download
memory/1076-2055-0x00007FF7A9F50000-0x00007FF7AA341000-memory.dmp

Filesize
3.9MB

Download
memory/1080-2046-0x00007FF761650000-0x00007FF761A41000-memory.dmp

Filesize
3.9MB

Download
memory/1080-481-0x00007FF761650000-0x00007FF761A41000-memory.dmp

Filesize
3.9MB

Download
memory/1516-2008-0x00007FF6EDCD0000-0x00007FF6EE0C1000-memory.dmp

Filesize
3.9MB

Download
memory/1516-25-0x00007FF6EDCD0000-0x00007FF6EE0C1000-memory.dmp

Filesize
3.9MB

Download
memory/1740-497-0x00007FF6CF680000-0x00007FF6CFA71000-memory.dmp

Filesize
3.9MB

Download
memory/1740-2024-0x00007FF6CF680000-0x00007FF6CFA71000-memory.dmp

Filesize
3.9MB

Download
memory/1944-2034-0x00007FF76B6F0000-0x00007FF76BAE1000-memory.dmp

Filesize
3.9MB

Download
memory/1944-434-0x00007FF76B6F0000-0x00007FF76BAE1000-memory.dmp

Filesize
3.9MB

Download
memory/2300-502-0x00007FF63F9D0000-0x00007FF63FDC1000-memory.dmp

Filesize
3.9MB

Download
memory/2300-2028-0x00007FF63F9D0000-0x00007FF63FDC1000-memory.dmp

Filesize
3.9MB

Download
memory/2360-2010-0x00007FF780CB0000-0x00007FF7810A1000-memory.dmp

Filesize
3.9MB

Download
memory/2360-13-0x00007FF780CB0000-0x00007FF7810A1000-memory.dmp

Filesize
3.9MB

Download
memory/2524-48-0x00007FF62D510000-0x00007FF62D901000-memory.dmp

Filesize
3.9MB

Download
memory/2524-2000-0x00007FF62D510000-0x00007FF62D901000-memory.dmp

Filesize
3.9MB

Download
memory/2524-2018-0x00007FF62D510000-0x00007FF62D901000-memory.dmp

Filesize
3.9MB

Download
memory/2600-2040-0x00007FF625B00000-0x00007FF625EF1000-memory.dmp

Filesize
3.9MB

Download
memory/2600-492-0x00007FF625B00000-0x00007FF625EF1000-memory.dmp

Filesize
3.9MB

Download
memory/2904-459-0x00007FF7946B0000-0x00007FF794AA1000-memory.dmp

Filesize
3.9MB

Download
memory/2904-2042-0x00007FF7946B0000-0x00007FF794AA1000-memory.dmp

Filesize
3.9MB

Download
memory/2948-417-0x00007FF65B6D0000-0x00007FF65BAC1000-memory.dmp

Filesize
3.9MB

Download
memory/2948-2001-0x00007FF65B6D0000-0x00007FF65BAC1000-memory.dmp

Filesize
3.9MB

Download
memory/2948-2020-0x00007FF65B6D0000-0x00007FF65BAC1000-memory.dmp

Filesize
3.9MB

Download
memory/3084-2052-0x00007FF749FF0000-0x00007FF74A3E1000-memory.dmp

Filesize
3.9MB

Download
memory/3084-441-0x00007FF749FF0000-0x00007FF74A3E1000-memory.dmp

Filesize
3.9MB

Download
memory/3092-2044-0x00007FF7FB240000-0x00007FF7FB631000-memory.dmp

Filesize
3.9MB

Download
memory/3092-484-0x00007FF7FB240000-0x00007FF7FB631000-memory.dmp

Filesize
3.9MB

Download
memory/3324-462-0x00007FF687920000-0x00007FF687D11000-memory.dmp

Filesize
3.9MB

Download
memory/3324-2038-0x00007FF687920000-0x00007FF687D11000-memory.dmp

Filesize
3.9MB

Download
memory/3384-2006-0x00007FF7CA440000-0x00007FF7CA831000-memory.dmp

Filesize
3.9MB

Download
memory/3384-49-0x00007FF7CA440000-0x00007FF7CA831000-memory.dmp

Filesize
3.9MB

Download
memory/3384-2022-0x00007FF7CA440000-0x00007FF7CA831000-memory.dmp

Filesize
3.9MB

Download
memory/3624-2030-0x00007FF720BE0000-0x00007FF720FD1000-memory.dmp

Filesize
3.9MB

Download
memory/3624-422-0x00007FF720BE0000-0x00007FF720FD1000-memory.dmp

Filesize
3.9MB

Download
memory/3980-2036-0x00007FF6DD120000-0x00007FF6DD511000-memory.dmp

Filesize
3.9MB

Download
memory/3980-489-0x00007FF6DD120000-0x00007FF6DD511000-memory.dmp

Filesize
3.9MB

Download
memory/4452-2048-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp

Filesize
3.9MB

Download
memory/4452-478-0x00007FF7C2B20000-0x00007FF7C2F11000-memory.dmp

Filesize
3.9MB

Download
memory/4544-426-0x00007FF75B1E0000-0x00007FF75B5D1000-memory.dmp

Filesize
3.9MB

Download
memory/4544-2032-0x00007FF75B1E0000-0x00007FF75B5D1000-memory.dmp

Filesize
3.9MB

Download
memory/4564-504-0x00007FF71B8B0000-0x00007FF71BCA1000-memory.dmp

Filesize
3.9MB

Download
memory/4564-2026-0x00007FF71B8B0000-0x00007FF71BCA1000-memory.dmp

Filesize
3.9MB

Download
memory/5092-0-0x00007FF6E5B80000-0x00007FF6E5F71000-memory.dmp

Filesize
3.9MB

Download
memory/5092-1-0x0000025898D80000-0x0000025898D90000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads