kpot | 88839aa2702bba4f8d87ce40fb0b0b25be7dd4d32ef8681b95451973ba170694

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 02:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
Size

2.2MB
MD5

4dacbb0ce324bc88943a953b8e452ab0
SHA1

e450e6e95802d93aab502d3c5d2deee61b8a0125
SHA256

88839aa2702bba4f8d87ce40fb0b0b25be7dd4d32ef8681b95451973ba170694
SHA512

7e392cbf73b9cbefa74ca7e3fe1b12f24ef8bac2831fd2be00f843ec9da45058c625ecf8ba2707b53b66d45fce0ccc47c0ac2cb47db344fa5738012c20310c50
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6twjVDB:BemTLkNdfE0pZrwg

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x0008000000022f51-5.dat	family_kpot
behavioral2/files/0x000800000002340d-16.dat	family_kpot
behavioral2/files/0x0007000000023410-20.dat	family_kpot
behavioral2/files/0x0007000000023417-61.dat	family_kpot
behavioral2/files/0x0007000000023411-79.dat	family_kpot
behavioral2/files/0x000700000002341d-99.dat	family_kpot
behavioral2/files/0x000700000002341c-130.dat	family_kpot
behavioral2/files/0x0007000000023426-149.dat	family_kpot
behavioral2/files/0x0007000000023427-151.dat	family_kpot
behavioral2/files/0x0007000000023425-147.dat	family_kpot
behavioral2/files/0x0007000000023424-145.dat	family_kpot
behavioral2/files/0x0007000000023423-143.dat	family_kpot
behavioral2/files/0x0007000000023419-141.dat	family_kpot
behavioral2/files/0x0007000000023422-139.dat	family_kpot
behavioral2/files/0x000700000002341b-136.dat	family_kpot
behavioral2/files/0x000700000002341f-134.dat	family_kpot
behavioral2/files/0x000700000002341e-132.dat	family_kpot
behavioral2/files/0x0007000000023421-128.dat	family_kpot
behavioral2/files/0x0007000000023420-126.dat	family_kpot
behavioral2/files/0x000700000002341a-118.dat	family_kpot
behavioral2/files/0x0007000000023418-111.dat	family_kpot
behavioral2/files/0x0007000000023413-83.dat	family_kpot
behavioral2/files/0x0007000000023416-80.dat	family_kpot
behavioral2/files/0x0007000000023415-68.dat	family_kpot
behavioral2/files/0x0007000000023412-65.dat	family_kpot
behavioral2/files/0x0007000000023414-52.dat	family_kpot
behavioral2/files/0x000700000002340f-41.dat	family_kpot
behavioral2/files/0x000700000002340e-29.dat	family_kpot
behavioral2/files/0x0007000000023429-182.dat	family_kpot
behavioral2/files/0x000700000002342a-189.dat	family_kpot
behavioral2/files/0x000800000002340b-187.dat	family_kpot
behavioral2/files/0x0007000000023428-180.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1332-0-0x00007FF732C20000-0x00007FF732F74000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig
behavioral2/files/0x000800000002340d-16.dat	xmrig
behavioral2/memory/2896-14-0x00007FF654B90000-0x00007FF654EE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-20.dat	xmrig
behavioral2/files/0x0007000000023417-61.dat	xmrig
behavioral2/files/0x0007000000023411-79.dat	xmrig
behavioral2/files/0x000700000002341d-99.dat	xmrig
behavioral2/files/0x000700000002341c-130.dat	xmrig
behavioral2/files/0x0007000000023426-149.dat	xmrig
behavioral2/memory/1432-157-0x00007FF65BA90000-0x00007FF65BDE4000-memory.dmp	xmrig
behavioral2/memory/2192-162-0x00007FF761D70000-0x00007FF7620C4000-memory.dmp	xmrig
behavioral2/memory/2088-167-0x00007FF705F90000-0x00007FF7062E4000-memory.dmp	xmrig
behavioral2/memory/4468-170-0x00007FF6E2060000-0x00007FF6E23B4000-memory.dmp	xmrig
behavioral2/memory/2576-169-0x00007FF6D63D0000-0x00007FF6D6724000-memory.dmp	xmrig
behavioral2/memory/456-168-0x00007FF6F91D0000-0x00007FF6F9524000-memory.dmp	xmrig
behavioral2/memory/1496-166-0x00007FF7FF630000-0x00007FF7FF984000-memory.dmp	xmrig
behavioral2/memory/1596-165-0x00007FF7FD090000-0x00007FF7FD3E4000-memory.dmp	xmrig
behavioral2/memory/4608-164-0x00007FF707820000-0x00007FF707B74000-memory.dmp	xmrig
behavioral2/memory/4876-163-0x00007FF6D4E60000-0x00007FF6D51B4000-memory.dmp	xmrig
behavioral2/memory/2236-161-0x00007FF63B2E0000-0x00007FF63B634000-memory.dmp	xmrig
behavioral2/memory/1716-160-0x00007FF7FCC80000-0x00007FF7FCFD4000-memory.dmp	xmrig
behavioral2/memory/1776-159-0x00007FF636160000-0x00007FF6364B4000-memory.dmp	xmrig
behavioral2/memory/3520-158-0x00007FF609290000-0x00007FF6095E4000-memory.dmp	xmrig
behavioral2/memory/1584-156-0x00007FF75C4A0000-0x00007FF75C7F4000-memory.dmp	xmrig
behavioral2/memory/5000-155-0x00007FF6CE4C0000-0x00007FF6CE814000-memory.dmp	xmrig
behavioral2/memory/4944-154-0x00007FF612D60000-0x00007FF6130B4000-memory.dmp	xmrig
behavioral2/memory/4852-153-0x00007FF651DF0000-0x00007FF652144000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-151.dat	xmrig
behavioral2/files/0x0007000000023425-147.dat	xmrig
behavioral2/files/0x0007000000023424-145.dat	xmrig
behavioral2/files/0x0007000000023423-143.dat	xmrig
behavioral2/files/0x0007000000023419-141.dat	xmrig
behavioral2/files/0x0007000000023422-139.dat	xmrig
behavioral2/memory/1340-138-0x00007FF656030000-0x00007FF656384000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-136.dat	xmrig
behavioral2/files/0x000700000002341f-134.dat	xmrig
behavioral2/files/0x000700000002341e-132.dat	xmrig
behavioral2/files/0x0007000000023421-128.dat	xmrig
behavioral2/files/0x0007000000023420-126.dat	xmrig
behavioral2/memory/1524-125-0x00007FF76ABA0000-0x00007FF76AEF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-118.dat	xmrig
behavioral2/files/0x0007000000023418-111.dat	xmrig
behavioral2/memory/3612-107-0x00007FF6D67D0000-0x00007FF6D6B24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-83.dat	xmrig
behavioral2/files/0x0007000000023416-80.dat	xmrig
behavioral2/memory/4260-76-0x00007FF7A3E80000-0x00007FF7A41D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-68.dat	xmrig
behavioral2/files/0x0007000000023412-65.dat	xmrig
behavioral2/files/0x0007000000023414-52.dat	xmrig
behavioral2/files/0x000700000002340f-41.dat	xmrig
behavioral2/memory/2560-56-0x00007FF64C1C0000-0x00007FF64C514000-memory.dmp	xmrig
behavioral2/memory/1644-38-0x00007FF7760D0000-0x00007FF776424000-memory.dmp	xmrig
behavioral2/memory/3692-36-0x00007FF7E5160000-0x00007FF7E54B4000-memory.dmp	xmrig
behavioral2/memory/756-34-0x00007FF69EFC0000-0x00007FF69F314000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-29.dat	xmrig
behavioral2/memory/5040-23-0x00007FF7C7960000-0x00007FF7C7CB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-182.dat	xmrig
behavioral2/files/0x000700000002342a-189.dat	xmrig
behavioral2/files/0x000800000002340b-187.dat	xmrig
behavioral2/memory/1472-185-0x00007FF77E950000-0x00007FF77ECA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-180.dat	xmrig
behavioral2/memory/2896-2123-0x00007FF654B90000-0x00007FF654EE4000-memory.dmp	xmrig
behavioral2/memory/2560-2125-0x00007FF64C1C0000-0x00007FF64C514000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2896	NsfkVBp.exe
5040	IOLwWQo.exe
756	cAWWssi.exe
3692	XaAzKbT.exe
1644	ZmLZMAS.exe
1496	KiUrNJB.exe
2560	uDBbnez.exe
2088	dPOYDPb.exe
4260	tYQToqM.exe
3612	eAzKGZU.exe
456	nheReWn.exe
1524	TBuWhlp.exe
1340	HnXraKD.exe
4852	fVPoprn.exe
2576	SnfyUSh.exe
4944	aHjtqTo.exe
5000	zpNfWdq.exe
1584	icnwSCv.exe
1432	NkjcTFq.exe
3520	qHXOiuF.exe
4468	YeMbeqV.exe
1776	qAstfvv.exe
1716	cpEXsyd.exe
2236	hMZOoAm.exe
2192	pmeRidc.exe
4876	OvaqBtv.exe
4608	zPyiTME.exe
1596	vxtsccP.exe
1472	zNFEaAY.exe
688	LqKAytM.exe
2988	HHisHNb.exe
2704	BCtyOiI.exe
3064	wGDGHun.exe
2544	PwLYpeO.exe
3628	iRDvLAN.exe
2256	YlbtGzV.exe
4968	WroXQiz.exe
4212	rhxBgwQ.exe
4364	ZyhSfAM.exe
3860	xtYLnYN.exe
632	DsQUEsv.exe
4028	LDPfdhi.exe
908	PgNFxPe.exe
4700	SXfnrvl.exe
2456	nVlhTbM.exe
1492	yowvUNa.exe
3008	NYdLSMl.exe
3788	igMgrYd.exe
392	mlYzdSN.exe
1592	UiYNXQv.exe
2984	bFUIACk.exe
760	NUpslYV.exe
1084	IpGGTCV.exe
2384	BraDlIB.exe
4032	isQPEHT.exe
4024	gNPatbt.exe
4156	ddDNkwG.exe
1444	iUxCFRS.exe
4644	RhPMMXv.exe
3216	RABcfaT.exe
3684	QavtVWI.exe
2528	YbSJSgO.exe
3700	HZFohBd.exe
1244	MqbVKpn.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1332-0-0x00007FF732C20000-0x00007FF732F74000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/files/0x000800000002340d-16.dat	upx
behavioral2/memory/2896-14-0x00007FF654B90000-0x00007FF654EE4000-memory.dmp	upx
behavioral2/files/0x0007000000023410-20.dat	upx
behavioral2/files/0x0007000000023417-61.dat	upx
behavioral2/files/0x0007000000023411-79.dat	upx
behavioral2/files/0x000700000002341d-99.dat	upx
behavioral2/files/0x000700000002341c-130.dat	upx
behavioral2/files/0x0007000000023426-149.dat	upx
behavioral2/memory/1432-157-0x00007FF65BA90000-0x00007FF65BDE4000-memory.dmp	upx
behavioral2/memory/2192-162-0x00007FF761D70000-0x00007FF7620C4000-memory.dmp	upx
behavioral2/memory/2088-167-0x00007FF705F90000-0x00007FF7062E4000-memory.dmp	upx
behavioral2/memory/4468-170-0x00007FF6E2060000-0x00007FF6E23B4000-memory.dmp	upx
behavioral2/memory/2576-169-0x00007FF6D63D0000-0x00007FF6D6724000-memory.dmp	upx
behavioral2/memory/456-168-0x00007FF6F91D0000-0x00007FF6F9524000-memory.dmp	upx
behavioral2/memory/1496-166-0x00007FF7FF630000-0x00007FF7FF984000-memory.dmp	upx
behavioral2/memory/1596-165-0x00007FF7FD090000-0x00007FF7FD3E4000-memory.dmp	upx
behavioral2/memory/4608-164-0x00007FF707820000-0x00007FF707B74000-memory.dmp	upx
behavioral2/memory/4876-163-0x00007FF6D4E60000-0x00007FF6D51B4000-memory.dmp	upx
behavioral2/memory/2236-161-0x00007FF63B2E0000-0x00007FF63B634000-memory.dmp	upx
behavioral2/memory/1716-160-0x00007FF7FCC80000-0x00007FF7FCFD4000-memory.dmp	upx
behavioral2/memory/1776-159-0x00007FF636160000-0x00007FF6364B4000-memory.dmp	upx
behavioral2/memory/3520-158-0x00007FF609290000-0x00007FF6095E4000-memory.dmp	upx
behavioral2/memory/1584-156-0x00007FF75C4A0000-0x00007FF75C7F4000-memory.dmp	upx
behavioral2/memory/5000-155-0x00007FF6CE4C0000-0x00007FF6CE814000-memory.dmp	upx
behavioral2/memory/4944-154-0x00007FF612D60000-0x00007FF6130B4000-memory.dmp	upx
behavioral2/memory/4852-153-0x00007FF651DF0000-0x00007FF652144000-memory.dmp	upx
behavioral2/files/0x0007000000023427-151.dat	upx
behavioral2/files/0x0007000000023425-147.dat	upx
behavioral2/files/0x0007000000023424-145.dat	upx
behavioral2/files/0x0007000000023423-143.dat	upx
behavioral2/files/0x0007000000023419-141.dat	upx
behavioral2/files/0x0007000000023422-139.dat	upx
behavioral2/memory/1340-138-0x00007FF656030000-0x00007FF656384000-memory.dmp	upx
behavioral2/files/0x000700000002341b-136.dat	upx
behavioral2/files/0x000700000002341f-134.dat	upx
behavioral2/files/0x000700000002341e-132.dat	upx
behavioral2/files/0x0007000000023421-128.dat	upx
behavioral2/files/0x0007000000023420-126.dat	upx
behavioral2/memory/1524-125-0x00007FF76ABA0000-0x00007FF76AEF4000-memory.dmp	upx
behavioral2/files/0x000700000002341a-118.dat	upx
behavioral2/files/0x0007000000023418-111.dat	upx
behavioral2/memory/3612-107-0x00007FF6D67D0000-0x00007FF6D6B24000-memory.dmp	upx
behavioral2/files/0x0007000000023413-83.dat	upx
behavioral2/files/0x0007000000023416-80.dat	upx
behavioral2/memory/4260-76-0x00007FF7A3E80000-0x00007FF7A41D4000-memory.dmp	upx
behavioral2/files/0x0007000000023415-68.dat	upx
behavioral2/files/0x0007000000023412-65.dat	upx
behavioral2/files/0x0007000000023414-52.dat	upx
behavioral2/files/0x000700000002340f-41.dat	upx
behavioral2/memory/2560-56-0x00007FF64C1C0000-0x00007FF64C514000-memory.dmp	upx
behavioral2/memory/1644-38-0x00007FF7760D0000-0x00007FF776424000-memory.dmp	upx
behavioral2/memory/3692-36-0x00007FF7E5160000-0x00007FF7E54B4000-memory.dmp	upx
behavioral2/memory/756-34-0x00007FF69EFC0000-0x00007FF69F314000-memory.dmp	upx
behavioral2/files/0x000700000002340e-29.dat	upx
behavioral2/memory/5040-23-0x00007FF7C7960000-0x00007FF7C7CB4000-memory.dmp	upx
behavioral2/files/0x0007000000023429-182.dat	upx
behavioral2/files/0x000700000002342a-189.dat	upx
behavioral2/files/0x000800000002340b-187.dat	upx
behavioral2/memory/1472-185-0x00007FF77E950000-0x00007FF77ECA4000-memory.dmp	upx
behavioral2/files/0x0007000000023428-180.dat	upx
behavioral2/memory/2896-2123-0x00007FF654B90000-0x00007FF654EE4000-memory.dmp	upx
behavioral2/memory/2560-2125-0x00007FF64C1C0000-0x00007FF64C514000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iUKTOdS.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\EMqROFe.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\owYsUDw.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\vbPXkLO.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\DzoBGOo.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\FGroKBb.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\uAjrIap.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\rOvGoQU.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\TRKfjNS.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\riqtaWD.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\SJiMMtW.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\ceWaPyB.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\aKYAFvw.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\nSyDgad.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\YMMnVvL.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\gimxwBk.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\bJTZfWT.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\FWPzaNr.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\sSNOjOy.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\TvnVzOS.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\MYUtitv.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\fVPoprn.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\IBgQtap.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\johBbBJ.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\svbJGsl.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\VkrcTTv.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\FSxCyOB.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\ZyFzMWL.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\GPzNMiM.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\XtLzDrE.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\ZyhSfAM.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\TPTwlVU.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\FTKxTJI.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\quUwpwX.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\pUITPGl.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\dPOYDPb.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\YbSJSgO.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\WPvqqFD.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\XMYPFqW.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\nheReWn.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\YJlPAVx.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\FOlyDYk.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\FkIgucr.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\jzfQbqy.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\fKSqnNM.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\sxSihPx.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\rhxBgwQ.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\HZFohBd.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\QowQuox.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\TdVhcIf.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\jAAyyyN.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\HgfHzhn.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\EFJDXCX.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\aKxAmfo.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\kMsMplQ.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\GvoahvS.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\SnfyUSh.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\zRliQgB.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\WUPTiNN.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\MopwFDO.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\isQPEHT.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\OpyUmJB.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\gdJGdIS.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
File created	C:\Windows\System\WHCpvwL.exe	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14216	dwm.exe
Token: SeChangeNotifyPrivilege	14216	dwm.exe
Token: 33	14216	dwm.exe
Token: SeIncBasePriorityPrivilege	14216	dwm.exe
Token: SeShutdownPrivilege	14216	dwm.exe
Token: SeCreatePagefilePrivilege	14216	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 2896	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	83
PID 1332 wrote to memory of 2896	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	83
PID 1332 wrote to memory of 5040	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	84
PID 1332 wrote to memory of 5040	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	84
PID 1332 wrote to memory of 756	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	85
PID 1332 wrote to memory of 756	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	85
PID 1332 wrote to memory of 3692	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	86
PID 1332 wrote to memory of 3692	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	86
PID 1332 wrote to memory of 1644	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	87
PID 1332 wrote to memory of 1644	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	87
PID 1332 wrote to memory of 1496	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	88
PID 1332 wrote to memory of 1496	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	88
PID 1332 wrote to memory of 2560	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	89
PID 1332 wrote to memory of 2560	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	89
PID 1332 wrote to memory of 2088	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	90
PID 1332 wrote to memory of 2088	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	90
PID 1332 wrote to memory of 4260	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	91
PID 1332 wrote to memory of 4260	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	91
PID 1332 wrote to memory of 3612	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	92
PID 1332 wrote to memory of 3612	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	92
PID 1332 wrote to memory of 456	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	93
PID 1332 wrote to memory of 456	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	93
PID 1332 wrote to memory of 1524	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	94
PID 1332 wrote to memory of 1524	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	94
PID 1332 wrote to memory of 1340	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	95
PID 1332 wrote to memory of 1340	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	95
PID 1332 wrote to memory of 2576	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	96
PID 1332 wrote to memory of 2576	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	96
PID 1332 wrote to memory of 4852	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	97
PID 1332 wrote to memory of 4852	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	97
PID 1332 wrote to memory of 3520	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	98
PID 1332 wrote to memory of 3520	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	98
PID 1332 wrote to memory of 4944	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	99
PID 1332 wrote to memory of 4944	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	99
PID 1332 wrote to memory of 5000	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	100
PID 1332 wrote to memory of 5000	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	100
PID 1332 wrote to memory of 1584	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	101
PID 1332 wrote to memory of 1584	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	101
PID 1332 wrote to memory of 1432	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	102
PID 1332 wrote to memory of 1432	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	102
PID 1332 wrote to memory of 4468	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	103
PID 1332 wrote to memory of 4468	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	103
PID 1332 wrote to memory of 1776	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	104
PID 1332 wrote to memory of 1776	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	104
PID 1332 wrote to memory of 1716	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	105
PID 1332 wrote to memory of 1716	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	105
PID 1332 wrote to memory of 2236	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	106
PID 1332 wrote to memory of 2236	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	106
PID 1332 wrote to memory of 2192	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	107
PID 1332 wrote to memory of 2192	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	107
PID 1332 wrote to memory of 4876	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	108
PID 1332 wrote to memory of 4876	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	108
PID 1332 wrote to memory of 4608	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	109
PID 1332 wrote to memory of 4608	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	109
PID 1332 wrote to memory of 1596	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	110
PID 1332 wrote to memory of 1596	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	110
PID 1332 wrote to memory of 1472	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	111
PID 1332 wrote to memory of 1472	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	111
PID 1332 wrote to memory of 688	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	115
PID 1332 wrote to memory of 688	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	115
PID 1332 wrote to memory of 2988	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	116
PID 1332 wrote to memory of 2988	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	116
PID 1332 wrote to memory of 2704	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	117
PID 1332 wrote to memory of 2704	1332	4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4dacbb0ce324bc88943a953b8e452ab0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\System\NsfkVBp.exe
  C:\Windows\System\NsfkVBp.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\IOLwWQo.exe
  C:\Windows\System\IOLwWQo.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\cAWWssi.exe
  C:\Windows\System\cAWWssi.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\XaAzKbT.exe
  C:\Windows\System\XaAzKbT.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\ZmLZMAS.exe
  C:\Windows\System\ZmLZMAS.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\KiUrNJB.exe
  C:\Windows\System\KiUrNJB.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\uDBbnez.exe
  C:\Windows\System\uDBbnez.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\dPOYDPb.exe
  C:\Windows\System\dPOYDPb.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\tYQToqM.exe
  C:\Windows\System\tYQToqM.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\eAzKGZU.exe
  C:\Windows\System\eAzKGZU.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\nheReWn.exe
  C:\Windows\System\nheReWn.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\TBuWhlp.exe
  C:\Windows\System\TBuWhlp.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\HnXraKD.exe
  C:\Windows\System\HnXraKD.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\SnfyUSh.exe
  C:\Windows\System\SnfyUSh.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\fVPoprn.exe
  C:\Windows\System\fVPoprn.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\qHXOiuF.exe
  C:\Windows\System\qHXOiuF.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\aHjtqTo.exe
  C:\Windows\System\aHjtqTo.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\zpNfWdq.exe
  C:\Windows\System\zpNfWdq.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\icnwSCv.exe
  C:\Windows\System\icnwSCv.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\NkjcTFq.exe
  C:\Windows\System\NkjcTFq.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\YeMbeqV.exe
  C:\Windows\System\YeMbeqV.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\qAstfvv.exe
  C:\Windows\System\qAstfvv.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\cpEXsyd.exe
  C:\Windows\System\cpEXsyd.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\hMZOoAm.exe
  C:\Windows\System\hMZOoAm.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\pmeRidc.exe
  C:\Windows\System\pmeRidc.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\OvaqBtv.exe
  C:\Windows\System\OvaqBtv.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\zPyiTME.exe
  C:\Windows\System\zPyiTME.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\vxtsccP.exe
  C:\Windows\System\vxtsccP.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\zNFEaAY.exe
  C:\Windows\System\zNFEaAY.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\LqKAytM.exe
  C:\Windows\System\LqKAytM.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\HHisHNb.exe
  C:\Windows\System\HHisHNb.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\BCtyOiI.exe
  C:\Windows\System\BCtyOiI.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\wGDGHun.exe
  C:\Windows\System\wGDGHun.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\PwLYpeO.exe
  C:\Windows\System\PwLYpeO.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\iRDvLAN.exe
  C:\Windows\System\iRDvLAN.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\YlbtGzV.exe
  C:\Windows\System\YlbtGzV.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\WroXQiz.exe
  C:\Windows\System\WroXQiz.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\rhxBgwQ.exe
  C:\Windows\System\rhxBgwQ.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\ZyhSfAM.exe
  C:\Windows\System\ZyhSfAM.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\xtYLnYN.exe
  C:\Windows\System\xtYLnYN.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\DsQUEsv.exe
  C:\Windows\System\DsQUEsv.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\LDPfdhi.exe
  C:\Windows\System\LDPfdhi.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\PgNFxPe.exe
  C:\Windows\System\PgNFxPe.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\SXfnrvl.exe
  C:\Windows\System\SXfnrvl.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\nVlhTbM.exe
  C:\Windows\System\nVlhTbM.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\yowvUNa.exe
  C:\Windows\System\yowvUNa.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\NYdLSMl.exe
  C:\Windows\System\NYdLSMl.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\igMgrYd.exe
  C:\Windows\System\igMgrYd.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\mlYzdSN.exe
  C:\Windows\System\mlYzdSN.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\UiYNXQv.exe
  C:\Windows\System\UiYNXQv.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\bFUIACk.exe
  C:\Windows\System\bFUIACk.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\NUpslYV.exe
  C:\Windows\System\NUpslYV.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\IpGGTCV.exe
  C:\Windows\System\IpGGTCV.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\BraDlIB.exe
  C:\Windows\System\BraDlIB.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\isQPEHT.exe
  C:\Windows\System\isQPEHT.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\gNPatbt.exe
  C:\Windows\System\gNPatbt.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\ddDNkwG.exe
  C:\Windows\System\ddDNkwG.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\RABcfaT.exe
  C:\Windows\System\RABcfaT.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\iUxCFRS.exe
  C:\Windows\System\iUxCFRS.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\RhPMMXv.exe
  C:\Windows\System\RhPMMXv.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\QavtVWI.exe
  C:\Windows\System\QavtVWI.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\YbSJSgO.exe
  C:\Windows\System\YbSJSgO.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\HZFohBd.exe
  C:\Windows\System\HZFohBd.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\MqbVKpn.exe
  C:\Windows\System\MqbVKpn.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\LwvxYtd.exe
  C:\Windows\System\LwvxYtd.exe
  2⤵
  PID:116
- C:\Windows\System\VBmSlsd.exe
  C:\Windows\System\VBmSlsd.exe
  2⤵
  PID:928
- C:\Windows\System\KFIKPjA.exe
  C:\Windows\System\KFIKPjA.exe
  2⤵
  PID:4988
- C:\Windows\System\eYSWyxv.exe
  C:\Windows\System\eYSWyxv.exe
  2⤵
  PID:3672
- C:\Windows\System\fefNFZj.exe
  C:\Windows\System\fefNFZj.exe
  2⤵
  PID:2724
- C:\Windows\System\khcNMKC.exe
  C:\Windows\System\khcNMKC.exe
  2⤵
  PID:3484
- C:\Windows\System\qkctiXa.exe
  C:\Windows\System\qkctiXa.exe
  2⤵
  PID:4676
- C:\Windows\System\QowQuox.exe
  C:\Windows\System\QowQuox.exe
  2⤵
  PID:4772
- C:\Windows\System\dxXIlRG.exe
  C:\Windows\System\dxXIlRG.exe
  2⤵
  PID:4508
- C:\Windows\System\BnflqcF.exe
  C:\Windows\System\BnflqcF.exe
  2⤵
  PID:3616
- C:\Windows\System\EOmFoAh.exe
  C:\Windows\System\EOmFoAh.exe
  2⤵
  PID:1700
- C:\Windows\System\JLlYwag.exe
  C:\Windows\System\JLlYwag.exe
  2⤵
  PID:4048
- C:\Windows\System\fBENJVn.exe
  C:\Windows\System\fBENJVn.exe
  2⤵
  PID:600
- C:\Windows\System\slNTRdC.exe
  C:\Windows\System\slNTRdC.exe
  2⤵
  PID:3112
- C:\Windows\System\uAjrIap.exe
  C:\Windows\System\uAjrIap.exe
  2⤵
  PID:2652
- C:\Windows\System\PFyoyoK.exe
  C:\Windows\System\PFyoyoK.exe
  2⤵
  PID:1908
- C:\Windows\System\JxvuLyR.exe
  C:\Windows\System\JxvuLyR.exe
  2⤵
  PID:2224
- C:\Windows\System\ygorKfV.exe
  C:\Windows\System\ygorKfV.exe
  2⤵
  PID:1608
- C:\Windows\System\zEvnNNs.exe
  C:\Windows\System\zEvnNNs.exe
  2⤵
  PID:3164
- C:\Windows\System\PyUBfld.exe
  C:\Windows\System\PyUBfld.exe
  2⤵
  PID:2296
- C:\Windows\System\uAbsBAN.exe
  C:\Windows\System\uAbsBAN.exe
  2⤵
  PID:5072
- C:\Windows\System\RtdyMHU.exe
  C:\Windows\System\RtdyMHU.exe
  2⤵
  PID:4228
- C:\Windows\System\ZwIGOMe.exe
  C:\Windows\System\ZwIGOMe.exe
  2⤵
  PID:3512
- C:\Windows\System\OtczsEt.exe
  C:\Windows\System\OtczsEt.exe
  2⤵
  PID:4996
- C:\Windows\System\DuyCdhf.exe
  C:\Windows\System\DuyCdhf.exe
  2⤵
  PID:3680
- C:\Windows\System\MLXhQPa.exe
  C:\Windows\System\MLXhQPa.exe
  2⤵
  PID:860
- C:\Windows\System\zZkhUMJ.exe
  C:\Windows\System\zZkhUMJ.exe
  2⤵
  PID:4400
- C:\Windows\System\TCVLuOA.exe
  C:\Windows\System\TCVLuOA.exe
  2⤵
  PID:1880
- C:\Windows\System\THbUrwN.exe
  C:\Windows\System\THbUrwN.exe
  2⤵
  PID:1748
- C:\Windows\System\TnVVNxH.exe
  C:\Windows\System\TnVVNxH.exe
  2⤵
  PID:4536
- C:\Windows\System\nTDTwkS.exe
  C:\Windows\System\nTDTwkS.exe
  2⤵
  PID:2884
- C:\Windows\System\CLMdKBN.exe
  C:\Windows\System\CLMdKBN.exe
  2⤵
  PID:2924
- C:\Windows\System\izCoWCL.exe
  C:\Windows\System\izCoWCL.exe
  2⤵
  PID:5144
- C:\Windows\System\xNFNhcI.exe
  C:\Windows\System\xNFNhcI.exe
  2⤵
  PID:5184
- C:\Windows\System\OwEhMiC.exe
  C:\Windows\System\OwEhMiC.exe
  2⤵
  PID:5200
- C:\Windows\System\bAhdbGI.exe
  C:\Windows\System\bAhdbGI.exe
  2⤵
  PID:5240
- C:\Windows\System\nzYuyHJ.exe
  C:\Windows\System\nzYuyHJ.exe
  2⤵
  PID:5276
- C:\Windows\System\ElPMtCI.exe
  C:\Windows\System\ElPMtCI.exe
  2⤵
  PID:5304
- C:\Windows\System\XdhnVUM.exe
  C:\Windows\System\XdhnVUM.exe
  2⤵
  PID:5332
- C:\Windows\System\WHCpvwL.exe
  C:\Windows\System\WHCpvwL.exe
  2⤵
  PID:5360
- C:\Windows\System\QcGgnfC.exe
  C:\Windows\System\QcGgnfC.exe
  2⤵
  PID:5380
- C:\Windows\System\AKIGZot.exe
  C:\Windows\System\AKIGZot.exe
  2⤵
  PID:5420
- C:\Windows\System\ExWNXtf.exe
  C:\Windows\System\ExWNXtf.exe
  2⤵
  PID:5456
- C:\Windows\System\WfmodLh.exe
  C:\Windows\System\WfmodLh.exe
  2⤵
  PID:5472
- C:\Windows\System\zRliQgB.exe
  C:\Windows\System\zRliQgB.exe
  2⤵
  PID:5500
- C:\Windows\System\aNTKbIg.exe
  C:\Windows\System\aNTKbIg.exe
  2⤵
  PID:5528
- C:\Windows\System\MYLMakv.exe
  C:\Windows\System\MYLMakv.exe
  2⤵
  PID:5556
- C:\Windows\System\NphGqCQ.exe
  C:\Windows\System\NphGqCQ.exe
  2⤵
  PID:5572
- C:\Windows\System\Ssqdqrm.exe
  C:\Windows\System\Ssqdqrm.exe
  2⤵
  PID:5612
- C:\Windows\System\DPfsVhx.exe
  C:\Windows\System\DPfsVhx.exe
  2⤵
  PID:5640
- C:\Windows\System\GqAiZEJ.exe
  C:\Windows\System\GqAiZEJ.exe
  2⤵
  PID:5676
- C:\Windows\System\TiVeOlb.exe
  C:\Windows\System\TiVeOlb.exe
  2⤵
  PID:5700
- C:\Windows\System\ZPOnIJT.exe
  C:\Windows\System\ZPOnIJT.exe
  2⤵
  PID:5732
- C:\Windows\System\zgBKvmC.exe
  C:\Windows\System\zgBKvmC.exe
  2⤵
  PID:5776
- C:\Windows\System\etRJVRB.exe
  C:\Windows\System\etRJVRB.exe
  2⤵
  PID:5816
- C:\Windows\System\ZYOaHxl.exe
  C:\Windows\System\ZYOaHxl.exe
  2⤵
  PID:5844
- C:\Windows\System\kvfRSDr.exe
  C:\Windows\System\kvfRSDr.exe
  2⤵
  PID:5860
- C:\Windows\System\xQsSSIQ.exe
  C:\Windows\System\xQsSSIQ.exe
  2⤵
  PID:5904
- C:\Windows\System\IRYlOyQ.exe
  C:\Windows\System\IRYlOyQ.exe
  2⤵
  PID:5920
- C:\Windows\System\eMnKlNZ.exe
  C:\Windows\System\eMnKlNZ.exe
  2⤵
  PID:5960
- C:\Windows\System\ytQbMtl.exe
  C:\Windows\System\ytQbMtl.exe
  2⤵
  PID:5992
- C:\Windows\System\dOWBDXi.exe
  C:\Windows\System\dOWBDXi.exe
  2⤵
  PID:6016
- C:\Windows\System\GuMMadH.exe
  C:\Windows\System\GuMMadH.exe
  2⤵
  PID:6044
- C:\Windows\System\QSfQCdm.exe
  C:\Windows\System\QSfQCdm.exe
  2⤵
  PID:6076
- C:\Windows\System\VrPNtno.exe
  C:\Windows\System\VrPNtno.exe
  2⤵
  PID:6104
- C:\Windows\System\YYokHaD.exe
  C:\Windows\System\YYokHaD.exe
  2⤵
  PID:6132
- C:\Windows\System\yuANmvV.exe
  C:\Windows\System\yuANmvV.exe
  2⤵
  PID:4716
- C:\Windows\System\scWTNWe.exe
  C:\Windows\System\scWTNWe.exe
  2⤵
  PID:5168
- C:\Windows\System\GZoweyv.exe
  C:\Windows\System\GZoweyv.exe
  2⤵
  PID:5288
- C:\Windows\System\NBWRSRm.exe
  C:\Windows\System\NBWRSRm.exe
  2⤵
  PID:5320
- C:\Windows\System\GysegHk.exe
  C:\Windows\System\GysegHk.exe
  2⤵
  PID:5376
- C:\Windows\System\hIGgPus.exe
  C:\Windows\System\hIGgPus.exe
  2⤵
  PID:5468
- C:\Windows\System\kPafjva.exe
  C:\Windows\System\kPafjva.exe
  2⤵
  PID:5492
- C:\Windows\System\BxGBiUi.exe
  C:\Windows\System\BxGBiUi.exe
  2⤵
  PID:5564
- C:\Windows\System\bKdlaPc.exe
  C:\Windows\System\bKdlaPc.exe
  2⤵
  PID:5636
- C:\Windows\System\uLpIGyN.exe
  C:\Windows\System\uLpIGyN.exe
  2⤵
  PID:5708
- C:\Windows\System\UOTvswb.exe
  C:\Windows\System\UOTvswb.exe
  2⤵
  PID:5812
- C:\Windows\System\lBoRSHe.exe
  C:\Windows\System\lBoRSHe.exe
  2⤵
  PID:5888
- C:\Windows\System\hhUpNnm.exe
  C:\Windows\System\hhUpNnm.exe
  2⤵
  PID:5948
- C:\Windows\System\BKsSQLv.exe
  C:\Windows\System\BKsSQLv.exe
  2⤵
  PID:5984
- C:\Windows\System\coPYdAh.exe
  C:\Windows\System\coPYdAh.exe
  2⤵
  PID:1972
- C:\Windows\System\biDryWg.exe
  C:\Windows\System\biDryWg.exe
  2⤵
  PID:6120
- C:\Windows\System\nSyDgad.exe
  C:\Windows\System\nSyDgad.exe
  2⤵
  PID:5256
- C:\Windows\System\tcOfMfu.exe
  C:\Windows\System\tcOfMfu.exe
  2⤵
  PID:5404
- C:\Windows\System\aSpoOba.exe
  C:\Windows\System\aSpoOba.exe
  2⤵
  PID:5512
- C:\Windows\System\riSGjqd.exe
  C:\Windows\System\riSGjqd.exe
  2⤵
  PID:5600
- C:\Windows\System\bMiXqFB.exe
  C:\Windows\System\bMiXqFB.exe
  2⤵
  PID:5852
- C:\Windows\System\tBWtbEA.exe
  C:\Windows\System\tBWtbEA.exe
  2⤵
  PID:6032
- C:\Windows\System\sPGBmgJ.exe
  C:\Windows\System\sPGBmgJ.exe
  2⤵
  PID:6140
- C:\Windows\System\mKgXvmh.exe
  C:\Windows\System\mKgXvmh.exe
  2⤵
  PID:5484
- C:\Windows\System\IBgQtap.exe
  C:\Windows\System\IBgQtap.exe
  2⤵
  PID:5932
- C:\Windows\System\ebqsJbW.exe
  C:\Windows\System\ebqsJbW.exe
  2⤵
  PID:6124
- C:\Windows\System\uIrhYSX.exe
  C:\Windows\System\uIrhYSX.exe
  2⤵
  PID:5796
- C:\Windows\System\KENEFsg.exe
  C:\Windows\System\KENEFsg.exe
  2⤵
  PID:6152
- C:\Windows\System\qVUUKtY.exe
  C:\Windows\System\qVUUKtY.exe
  2⤵
  PID:6176
- C:\Windows\System\ontwiVD.exe
  C:\Windows\System\ontwiVD.exe
  2⤵
  PID:6228
- C:\Windows\System\Qaggciy.exe
  C:\Windows\System\Qaggciy.exe
  2⤵
  PID:6260
- C:\Windows\System\IumJBIf.exe
  C:\Windows\System\IumJBIf.exe
  2⤵
  PID:6280
- C:\Windows\System\qmUXVVR.exe
  C:\Windows\System\qmUXVVR.exe
  2⤵
  PID:6300
- C:\Windows\System\iUKTOdS.exe
  C:\Windows\System\iUKTOdS.exe
  2⤵
  PID:6340
- C:\Windows\System\dZHZCaI.exe
  C:\Windows\System\dZHZCaI.exe
  2⤵
  PID:6368
- C:\Windows\System\dVfZPTD.exe
  C:\Windows\System\dVfZPTD.exe
  2⤵
  PID:6396
- C:\Windows\System\EGZuCwn.exe
  C:\Windows\System\EGZuCwn.exe
  2⤵
  PID:6428
- C:\Windows\System\ThXPGla.exe
  C:\Windows\System\ThXPGla.exe
  2⤵
  PID:6456
- C:\Windows\System\xxyRssT.exe
  C:\Windows\System\xxyRssT.exe
  2⤵
  PID:6480
- C:\Windows\System\HMIppVw.exe
  C:\Windows\System\HMIppVw.exe
  2⤵
  PID:6508
- C:\Windows\System\xYbRhoM.exe
  C:\Windows\System\xYbRhoM.exe
  2⤵
  PID:6536
- C:\Windows\System\Jlyztbb.exe
  C:\Windows\System\Jlyztbb.exe
  2⤵
  PID:6552
- C:\Windows\System\RngGNty.exe
  C:\Windows\System\RngGNty.exe
  2⤵
  PID:6576
- C:\Windows\System\VzawXdV.exe
  C:\Windows\System\VzawXdV.exe
  2⤵
  PID:6616
- C:\Windows\System\LhyPzAD.exe
  C:\Windows\System\LhyPzAD.exe
  2⤵
  PID:6652
- C:\Windows\System\amAUdJU.exe
  C:\Windows\System\amAUdJU.exe
  2⤵
  PID:6676
- C:\Windows\System\pYtRhGR.exe
  C:\Windows\System\pYtRhGR.exe
  2⤵
  PID:6708
- C:\Windows\System\ITkennx.exe
  C:\Windows\System\ITkennx.exe
  2⤵
  PID:6736
- C:\Windows\System\SDGsCDu.exe
  C:\Windows\System\SDGsCDu.exe
  2⤵
  PID:6764
- C:\Windows\System\olRupeX.exe
  C:\Windows\System\olRupeX.exe
  2⤵
  PID:6792
- C:\Windows\System\zBEjeMy.exe
  C:\Windows\System\zBEjeMy.exe
  2⤵
  PID:6812
- C:\Windows\System\JmEKOyN.exe
  C:\Windows\System\JmEKOyN.exe
  2⤵
  PID:6852
- C:\Windows\System\VQCxwZO.exe
  C:\Windows\System\VQCxwZO.exe
  2⤵
  PID:6880
- C:\Windows\System\RVfaMdZ.exe
  C:\Windows\System\RVfaMdZ.exe
  2⤵
  PID:6908
- C:\Windows\System\nCMvheW.exe
  C:\Windows\System\nCMvheW.exe
  2⤵
  PID:6936
- C:\Windows\System\PnOogcm.exe
  C:\Windows\System\PnOogcm.exe
  2⤵
  PID:6952
- C:\Windows\System\VOelCZs.exe
  C:\Windows\System\VOelCZs.exe
  2⤵
  PID:6988
- C:\Windows\System\johBbBJ.exe
  C:\Windows\System\johBbBJ.exe
  2⤵
  PID:7008
- C:\Windows\System\NbTCXRP.exe
  C:\Windows\System\NbTCXRP.exe
  2⤵
  PID:7048
- C:\Windows\System\mmTAKSB.exe
  C:\Windows\System\mmTAKSB.exe
  2⤵
  PID:7080
- C:\Windows\System\KNzHSUE.exe
  C:\Windows\System\KNzHSUE.exe
  2⤵
  PID:7104
- C:\Windows\System\tCyoJxi.exe
  C:\Windows\System\tCyoJxi.exe
  2⤵
  PID:7124
- C:\Windows\System\TqEabVW.exe
  C:\Windows\System\TqEabVW.exe
  2⤵
  PID:7152
- C:\Windows\System\hqMvxAq.exe
  C:\Windows\System\hqMvxAq.exe
  2⤵
  PID:6160
- C:\Windows\System\rOvGoQU.exe
  C:\Windows\System\rOvGoQU.exe
  2⤵
  PID:6248
- C:\Windows\System\vwaaUSn.exe
  C:\Windows\System\vwaaUSn.exe
  2⤵
  PID:6296
- C:\Windows\System\vvdLuGx.exe
  C:\Windows\System\vvdLuGx.exe
  2⤵
  PID:6364
- C:\Windows\System\ySLThjA.exe
  C:\Windows\System\ySLThjA.exe
  2⤵
  PID:6416
- C:\Windows\System\BpVQHfx.exe
  C:\Windows\System\BpVQHfx.exe
  2⤵
  PID:6472
- C:\Windows\System\ALZINmj.exe
  C:\Windows\System\ALZINmj.exe
  2⤵
  PID:6548
- C:\Windows\System\rzWcHJV.exe
  C:\Windows\System\rzWcHJV.exe
  2⤵
  PID:6604
- C:\Windows\System\TPTwlVU.exe
  C:\Windows\System\TPTwlVU.exe
  2⤵
  PID:6672
- C:\Windows\System\bJTZfWT.exe
  C:\Windows\System\bJTZfWT.exe
  2⤵
  PID:6720
- C:\Windows\System\HHSTspN.exe
  C:\Windows\System\HHSTspN.exe
  2⤵
  PID:6788
- C:\Windows\System\PTNuDUE.exe
  C:\Windows\System\PTNuDUE.exe
  2⤵
  PID:6820
- C:\Windows\System\iSEmyIw.exe
  C:\Windows\System\iSEmyIw.exe
  2⤵
  PID:6860
- C:\Windows\System\DfiBsoi.exe
  C:\Windows\System\DfiBsoi.exe
  2⤵
  PID:6928
- C:\Windows\System\BussfCB.exe
  C:\Windows\System\BussfCB.exe
  2⤵
  PID:7020
- C:\Windows\System\XlwBIZr.exe
  C:\Windows\System\XlwBIZr.exe
  2⤵
  PID:7096
- C:\Windows\System\JQwgubs.exe
  C:\Windows\System\JQwgubs.exe
  2⤵
  PID:7164
- C:\Windows\System\UAsHuEC.exe
  C:\Windows\System\UAsHuEC.exe
  2⤵
  PID:6336
- C:\Windows\System\mMgwHVO.exe
  C:\Windows\System\mMgwHVO.exe
  2⤵
  PID:6464
- C:\Windows\System\jHFYMwk.exe
  C:\Windows\System\jHFYMwk.exe
  2⤵
  PID:6704
- C:\Windows\System\ZIsvoEj.exe
  C:\Windows\System\ZIsvoEj.exe
  2⤵
  PID:6760
- C:\Windows\System\AKrSrdj.exe
  C:\Windows\System\AKrSrdj.exe
  2⤵
  PID:6932
- C:\Windows\System\hcjbSWR.exe
  C:\Windows\System\hcjbSWR.exe
  2⤵
  PID:7068
- C:\Windows\System\dMbzciy.exe
  C:\Windows\System\dMbzciy.exe
  2⤵
  PID:7132
- C:\Windows\System\XBvZyvl.exe
  C:\Windows\System\XBvZyvl.exe
  2⤵
  PID:6700
- C:\Windows\System\rhnbtxH.exe
  C:\Windows\System\rhnbtxH.exe
  2⤵
  PID:6976
- C:\Windows\System\lOXGmTk.exe
  C:\Windows\System\lOXGmTk.exe
  2⤵
  PID:6800
- C:\Windows\System\CwxSdId.exe
  C:\Windows\System\CwxSdId.exe
  2⤵
  PID:7192
- C:\Windows\System\FTKxTJI.exe
  C:\Windows\System\FTKxTJI.exe
  2⤵
  PID:7208
- C:\Windows\System\FwOgaKs.exe
  C:\Windows\System\FwOgaKs.exe
  2⤵
  PID:7236
- C:\Windows\System\pKuHBOR.exe
  C:\Windows\System\pKuHBOR.exe
  2⤵
  PID:7268
- C:\Windows\System\SyQHDyn.exe
  C:\Windows\System\SyQHDyn.exe
  2⤵
  PID:7292
- C:\Windows\System\ydGONVZ.exe
  C:\Windows\System\ydGONVZ.exe
  2⤵
  PID:7312
- C:\Windows\System\lkaJNFT.exe
  C:\Windows\System\lkaJNFT.exe
  2⤵
  PID:7348
- C:\Windows\System\EFJDXCX.exe
  C:\Windows\System\EFJDXCX.exe
  2⤵
  PID:7380
- C:\Windows\System\sTxdepE.exe
  C:\Windows\System\sTxdepE.exe
  2⤵
  PID:7404
- C:\Windows\System\uffoLDc.exe
  C:\Windows\System\uffoLDc.exe
  2⤵
  PID:7444
- C:\Windows\System\lAWMIjl.exe
  C:\Windows\System\lAWMIjl.exe
  2⤵
  PID:7468
- C:\Windows\System\jeyBSPO.exe
  C:\Windows\System\jeyBSPO.exe
  2⤵
  PID:7492
- C:\Windows\System\SnqtnFk.exe
  C:\Windows\System\SnqtnFk.exe
  2⤵
  PID:7516
- C:\Windows\System\spzhonx.exe
  C:\Windows\System\spzhonx.exe
  2⤵
  PID:7532
- C:\Windows\System\BPFaeBx.exe
  C:\Windows\System\BPFaeBx.exe
  2⤵
  PID:7548
- C:\Windows\System\wADwvSU.exe
  C:\Windows\System\wADwvSU.exe
  2⤵
  PID:7580
- C:\Windows\System\hVVTagP.exe
  C:\Windows\System\hVVTagP.exe
  2⤵
  PID:7600
- C:\Windows\System\ICmbiOZ.exe
  C:\Windows\System\ICmbiOZ.exe
  2⤵
  PID:7632
- C:\Windows\System\lPmYTam.exe
  C:\Windows\System\lPmYTam.exe
  2⤵
  PID:7668
- C:\Windows\System\ceRTXeo.exe
  C:\Windows\System\ceRTXeo.exe
  2⤵
  PID:7704
- C:\Windows\System\jplTuJz.exe
  C:\Windows\System\jplTuJz.exe
  2⤵
  PID:7740
- C:\Windows\System\fydNUKN.exe
  C:\Windows\System\fydNUKN.exe
  2⤵
  PID:7768
- C:\Windows\System\UGXmmns.exe
  C:\Windows\System\UGXmmns.exe
  2⤵
  PID:7804
- C:\Windows\System\RtJvptD.exe
  C:\Windows\System\RtJvptD.exe
  2⤵
  PID:7824
- C:\Windows\System\TRKfjNS.exe
  C:\Windows\System\TRKfjNS.exe
  2⤵
  PID:7840
- C:\Windows\System\edddfGz.exe
  C:\Windows\System\edddfGz.exe
  2⤵
  PID:7880
- C:\Windows\System\YJlPAVx.exe
  C:\Windows\System\YJlPAVx.exe
  2⤵
  PID:7908
- C:\Windows\System\eyuWBNR.exe
  C:\Windows\System\eyuWBNR.exe
  2⤵
  PID:7936
- C:\Windows\System\aKxAmfo.exe
  C:\Windows\System\aKxAmfo.exe
  2⤵
  PID:7964
- C:\Windows\System\eMKLrdo.exe
  C:\Windows\System\eMKLrdo.exe
  2⤵
  PID:7980
- C:\Windows\System\yJWUDsr.exe
  C:\Windows\System\yJWUDsr.exe
  2⤵
  PID:8012
- C:\Windows\System\IhaXntk.exe
  C:\Windows\System\IhaXntk.exe
  2⤵
  PID:8036
- C:\Windows\System\GFpQZPS.exe
  C:\Windows\System\GFpQZPS.exe
  2⤵
  PID:8076
- C:\Windows\System\PIwYnDS.exe
  C:\Windows\System\PIwYnDS.exe
  2⤵
  PID:8104
- C:\Windows\System\VczbmGU.exe
  C:\Windows\System\VczbmGU.exe
  2⤵
  PID:8152
- C:\Windows\System\YMMnVvL.exe
  C:\Windows\System\YMMnVvL.exe
  2⤵
  PID:8172
- C:\Windows\System\ZamuXpj.exe
  C:\Windows\System\ZamuXpj.exe
  2⤵
  PID:6504
- C:\Windows\System\PLLKCrV.exe
  C:\Windows\System\PLLKCrV.exe
  2⤵
  PID:7200
- C:\Windows\System\KtsaWrD.exe
  C:\Windows\System\KtsaWrD.exe
  2⤵
  PID:7304
- C:\Windows\System\FWPzaNr.exe
  C:\Windows\System\FWPzaNr.exe
  2⤵
  PID:7376
- C:\Windows\System\VEMTWuj.exe
  C:\Windows\System\VEMTWuj.exe
  2⤵
  PID:7416
- C:\Windows\System\OpyUmJB.exe
  C:\Windows\System\OpyUmJB.exe
  2⤵
  PID:7500
- C:\Windows\System\gimxwBk.exe
  C:\Windows\System\gimxwBk.exe
  2⤵
  PID:7540
- C:\Windows\System\IpQoyOf.exe
  C:\Windows\System\IpQoyOf.exe
  2⤵
  PID:7624
- C:\Windows\System\SQznolP.exe
  C:\Windows\System\SQznolP.exe
  2⤵
  PID:7656
- C:\Windows\System\vbPXkLO.exe
  C:\Windows\System\vbPXkLO.exe
  2⤵
  PID:7660
- C:\Windows\System\RDDetPj.exe
  C:\Windows\System\RDDetPj.exe
  2⤵
  PID:7792
- C:\Windows\System\gATDxEn.exe
  C:\Windows\System\gATDxEn.exe
  2⤵
  PID:7872
- C:\Windows\System\jmShxSi.exe
  C:\Windows\System\jmShxSi.exe
  2⤵
  PID:7976
- C:\Windows\System\frspfkF.exe
  C:\Windows\System\frspfkF.exe
  2⤵
  PID:8020
- C:\Windows\System\VRUjEJs.exe
  C:\Windows\System\VRUjEJs.exe
  2⤵
  PID:8096
- C:\Windows\System\WOrHdfg.exe
  C:\Windows\System\WOrHdfg.exe
  2⤵
  PID:8160
- C:\Windows\System\xqKcGeF.exe
  C:\Windows\System\xqKcGeF.exe
  2⤵
  PID:7204
- C:\Windows\System\MITRZBw.exe
  C:\Windows\System\MITRZBw.exe
  2⤵
  PID:7328
- C:\Windows\System\GlkwgKB.exe
  C:\Windows\System\GlkwgKB.exe
  2⤵
  PID:7368
- C:\Windows\System\rRTjkOJ.exe
  C:\Windows\System\rRTjkOJ.exe
  2⤵
  PID:7664
- C:\Windows\System\GzvlpZu.exe
  C:\Windows\System\GzvlpZu.exe
  2⤵
  PID:7816
- C:\Windows\System\WUPTiNN.exe
  C:\Windows\System\WUPTiNN.exe
  2⤵
  PID:7944
- C:\Windows\System\skyzWtw.exe
  C:\Windows\System\skyzWtw.exe
  2⤵
  PID:8064
- C:\Windows\System\vWaCJFC.exe
  C:\Windows\System\vWaCJFC.exe
  2⤵
  PID:7248
- C:\Windows\System\qDdSgXF.exe
  C:\Windows\System\qDdSgXF.exe
  2⤵
  PID:7528
- C:\Windows\System\tqxgLki.exe
  C:\Windows\System\tqxgLki.exe
  2⤵
  PID:4368
- C:\Windows\System\vYFHWFZ.exe
  C:\Windows\System\vYFHWFZ.exe
  2⤵
  PID:8140
- C:\Windows\System\kmaDFeY.exe
  C:\Windows\System\kmaDFeY.exe
  2⤵
  PID:7972
- C:\Windows\System\ILLWBUE.exe
  C:\Windows\System\ILLWBUE.exe
  2⤵
  PID:7728
- C:\Windows\System\QDXkmmP.exe
  C:\Windows\System\QDXkmmP.exe
  2⤵
  PID:8196
- C:\Windows\System\MwUiLiP.exe
  C:\Windows\System\MwUiLiP.exe
  2⤵
  PID:8232
- C:\Windows\System\mQUzssr.exe
  C:\Windows\System\mQUzssr.exe
  2⤵
  PID:8268
- C:\Windows\System\XjAjUkP.exe
  C:\Windows\System\XjAjUkP.exe
  2⤵
  PID:8288
- C:\Windows\System\pXEjMvx.exe
  C:\Windows\System\pXEjMvx.exe
  2⤵
  PID:8304
- C:\Windows\System\lprjpGL.exe
  C:\Windows\System\lprjpGL.exe
  2⤵
  PID:8336
- C:\Windows\System\GvoahvS.exe
  C:\Windows\System\GvoahvS.exe
  2⤵
  PID:8372
- C:\Windows\System\FMBciKw.exe
  C:\Windows\System\FMBciKw.exe
  2⤵
  PID:8404
- C:\Windows\System\iesKIeF.exe
  C:\Windows\System\iesKIeF.exe
  2⤵
  PID:8428
- C:\Windows\System\RTIEHJp.exe
  C:\Windows\System\RTIEHJp.exe
  2⤵
  PID:8456
- C:\Windows\System\AygzMSS.exe
  C:\Windows\System\AygzMSS.exe
  2⤵
  PID:8492
- C:\Windows\System\XCzYvpH.exe
  C:\Windows\System\XCzYvpH.exe
  2⤵
  PID:8512
- C:\Windows\System\XFkobqx.exe
  C:\Windows\System\XFkobqx.exe
  2⤵
  PID:8540
- C:\Windows\System\Fljanqn.exe
  C:\Windows\System\Fljanqn.exe
  2⤵
  PID:8568
- C:\Windows\System\ScwcKnU.exe
  C:\Windows\System\ScwcKnU.exe
  2⤵
  PID:8600
- C:\Windows\System\KSBQCpF.exe
  C:\Windows\System\KSBQCpF.exe
  2⤵
  PID:8624
- C:\Windows\System\CqmBOqr.exe
  C:\Windows\System\CqmBOqr.exe
  2⤵
  PID:8640
- C:\Windows\System\bCrfAMU.exe
  C:\Windows\System\bCrfAMU.exe
  2⤵
  PID:8664
- C:\Windows\System\lFihtPd.exe
  C:\Windows\System\lFihtPd.exe
  2⤵
  PID:8696
- C:\Windows\System\dXtDgvU.exe
  C:\Windows\System\dXtDgvU.exe
  2⤵
  PID:8720
- C:\Windows\System\cUUcJee.exe
  C:\Windows\System\cUUcJee.exe
  2⤵
  PID:8740
- C:\Windows\System\rcKAdJf.exe
  C:\Windows\System\rcKAdJf.exe
  2⤵
  PID:8756
- C:\Windows\System\GfunSsA.exe
  C:\Windows\System\GfunSsA.exe
  2⤵
  PID:8792
- C:\Windows\System\pxuEYzL.exe
  C:\Windows\System\pxuEYzL.exe
  2⤵
  PID:8820
- C:\Windows\System\TpCqitg.exe
  C:\Windows\System\TpCqitg.exe
  2⤵
  PID:8856
- C:\Windows\System\eejzWAH.exe
  C:\Windows\System\eejzWAH.exe
  2⤵
  PID:8880
- C:\Windows\System\YJluaWu.exe
  C:\Windows\System\YJluaWu.exe
  2⤵
  PID:8908
- C:\Windows\System\UgTitIB.exe
  C:\Windows\System\UgTitIB.exe
  2⤵
  PID:8952
- C:\Windows\System\TdVhcIf.exe
  C:\Windows\System\TdVhcIf.exe
  2⤵
  PID:8996
- C:\Windows\System\WXBLjxc.exe
  C:\Windows\System\WXBLjxc.exe
  2⤵
  PID:9016
- C:\Windows\System\Nnhvtbd.exe
  C:\Windows\System\Nnhvtbd.exe
  2⤵
  PID:9032
- C:\Windows\System\FdafXFR.exe
  C:\Windows\System\FdafXFR.exe
  2⤵
  PID:9048
- C:\Windows\System\jupuFUm.exe
  C:\Windows\System\jupuFUm.exe
  2⤵
  PID:9084
- C:\Windows\System\LNQCBce.exe
  C:\Windows\System\LNQCBce.exe
  2⤵
  PID:9120
- C:\Windows\System\MikrIqo.exe
  C:\Windows\System\MikrIqo.exe
  2⤵
  PID:9156
- C:\Windows\System\KDQzthy.exe
  C:\Windows\System\KDQzthy.exe
  2⤵
  PID:9196
- C:\Windows\System\XbZxjcN.exe
  C:\Windows\System\XbZxjcN.exe
  2⤵
  PID:7252
- C:\Windows\System\vjYSYOv.exe
  C:\Windows\System\vjYSYOv.exe
  2⤵
  PID:8212
- C:\Windows\System\iwALdUx.exe
  C:\Windows\System\iwALdUx.exe
  2⤵
  PID:8284
- C:\Windows\System\NJRCuXl.exe
  C:\Windows\System\NJRCuXl.exe
  2⤵
  PID:8388
- C:\Windows\System\qYtykps.exe
  C:\Windows\System\qYtykps.exe
  2⤵
  PID:8468
- C:\Windows\System\qvQMSru.exe
  C:\Windows\System\qvQMSru.exe
  2⤵
  PID:8524
- C:\Windows\System\avZpOYz.exe
  C:\Windows\System\avZpOYz.exe
  2⤵
  PID:8560
- C:\Windows\System\seAozsD.exe
  C:\Windows\System\seAozsD.exe
  2⤵
  PID:8608
- C:\Windows\System\wHODDqS.exe
  C:\Windows\System\wHODDqS.exe
  2⤵
  PID:8716
- C:\Windows\System\dwpmphT.exe
  C:\Windows\System\dwpmphT.exe
  2⤵
  PID:8780
- C:\Windows\System\AjIqbJE.exe
  C:\Windows\System\AjIqbJE.exe
  2⤵
  PID:8840
- C:\Windows\System\FgZgzVt.exe
  C:\Windows\System\FgZgzVt.exe
  2⤵
  PID:8932
- C:\Windows\System\DyNGGXZ.exe
  C:\Windows\System\DyNGGXZ.exe
  2⤵
  PID:8984
- C:\Windows\System\mhjEeAF.exe
  C:\Windows\System\mhjEeAF.exe
  2⤵
  PID:8964
- C:\Windows\System\twZtrOL.exe
  C:\Windows\System\twZtrOL.exe
  2⤵
  PID:9044
- C:\Windows\System\LdRWRpQ.exe
  C:\Windows\System\LdRWRpQ.exe
  2⤵
  PID:9140
- C:\Windows\System\NUNmonF.exe
  C:\Windows\System\NUNmonF.exe
  2⤵
  PID:9176
- C:\Windows\System\WlyYWiH.exe
  C:\Windows\System\WlyYWiH.exe
  2⤵
  PID:8260
- C:\Windows\System\jzfQbqy.exe
  C:\Windows\System\jzfQbqy.exe
  2⤵
  PID:8444
- C:\Windows\System\GOFpdYN.exe
  C:\Windows\System\GOFpdYN.exe
  2⤵
  PID:2556
- C:\Windows\System\jBiBtOF.exe
  C:\Windows\System\jBiBtOF.exe
  2⤵
  PID:8636
- C:\Windows\System\sIJLTDT.exe
  C:\Windows\System\sIJLTDT.exe
  2⤵
  PID:8768
- C:\Windows\System\inMkgJv.exe
  C:\Windows\System\inMkgJv.exe
  2⤵
  PID:8812
- C:\Windows\System\WEnUpHv.exe
  C:\Windows\System\WEnUpHv.exe
  2⤵
  PID:9004
- C:\Windows\System\BShiBfb.exe
  C:\Windows\System\BShiBfb.exe
  2⤵
  PID:9184
- C:\Windows\System\lyheVTk.exe
  C:\Windows\System\lyheVTk.exe
  2⤵
  PID:4776
- C:\Windows\System\mXMeawv.exe
  C:\Windows\System\mXMeawv.exe
  2⤵
  PID:8616
- C:\Windows\System\zZPrxhk.exe
  C:\Windows\System\zZPrxhk.exe
  2⤵
  PID:8244
- C:\Windows\System\uZRKofY.exe
  C:\Windows\System\uZRKofY.exe
  2⤵
  PID:9132
- C:\Windows\System\bBbpuFQ.exe
  C:\Windows\System\bBbpuFQ.exe
  2⤵
  PID:9248
- C:\Windows\System\GKOKHIH.exe
  C:\Windows\System\GKOKHIH.exe
  2⤵
  PID:9264
- C:\Windows\System\AEomuhF.exe
  C:\Windows\System\AEomuhF.exe
  2⤵
  PID:9288
- C:\Windows\System\KpRQzOt.exe
  C:\Windows\System\KpRQzOt.exe
  2⤵
  PID:9320
- C:\Windows\System\KkeOMwH.exe
  C:\Windows\System\KkeOMwH.exe
  2⤵
  PID:9348
- C:\Windows\System\fesWlXI.exe
  C:\Windows\System\fesWlXI.exe
  2⤵
  PID:9384
- C:\Windows\System\wfgwuYx.exe
  C:\Windows\System\wfgwuYx.exe
  2⤵
  PID:9416
- C:\Windows\System\SahxAAT.exe
  C:\Windows\System\SahxAAT.exe
  2⤵
  PID:9452
- C:\Windows\System\hjexkGY.exe
  C:\Windows\System\hjexkGY.exe
  2⤵
  PID:9472
- C:\Windows\System\rdoRruy.exe
  C:\Windows\System\rdoRruy.exe
  2⤵
  PID:9512
- C:\Windows\System\buwoBME.exe
  C:\Windows\System\buwoBME.exe
  2⤵
  PID:9540
- C:\Windows\System\jUUsRWD.exe
  C:\Windows\System\jUUsRWD.exe
  2⤵
  PID:9564
- C:\Windows\System\klTHEFq.exe
  C:\Windows\System\klTHEFq.exe
  2⤵
  PID:9596
- C:\Windows\System\dFGhrAz.exe
  C:\Windows\System\dFGhrAz.exe
  2⤵
  PID:9624
- C:\Windows\System\xeMNhSU.exe
  C:\Windows\System\xeMNhSU.exe
  2⤵
  PID:9660
- C:\Windows\System\EsohXAE.exe
  C:\Windows\System\EsohXAE.exe
  2⤵
  PID:9692
- C:\Windows\System\szkdGRM.exe
  C:\Windows\System\szkdGRM.exe
  2⤵
  PID:9720
- C:\Windows\System\ujBsPKa.exe
  C:\Windows\System\ujBsPKa.exe
  2⤵
  PID:9748
- C:\Windows\System\bSuBIoT.exe
  C:\Windows\System\bSuBIoT.exe
  2⤵
  PID:9776
- C:\Windows\System\WZZzecH.exe
  C:\Windows\System\WZZzecH.exe
  2⤵
  PID:9792
- C:\Windows\System\cGgHRzq.exe
  C:\Windows\System\cGgHRzq.exe
  2⤵
  PID:9820
- C:\Windows\System\mBkNSlh.exe
  C:\Windows\System\mBkNSlh.exe
  2⤵
  PID:9848
- C:\Windows\System\UnkJxyY.exe
  C:\Windows\System\UnkJxyY.exe
  2⤵
  PID:9876
- C:\Windows\System\UfbJDDA.exe
  C:\Windows\System\UfbJDDA.exe
  2⤵
  PID:9892
- C:\Windows\System\gsfhNqk.exe
  C:\Windows\System\gsfhNqk.exe
  2⤵
  PID:9928
- C:\Windows\System\dQOLGtw.exe
  C:\Windows\System\dQOLGtw.exe
  2⤵
  PID:9960
- C:\Windows\System\qSGfpoo.exe
  C:\Windows\System\qSGfpoo.exe
  2⤵
  PID:9980
- C:\Windows\System\eNLMKHL.exe
  C:\Windows\System\eNLMKHL.exe
  2⤵
  PID:10008
- C:\Windows\System\TlCjKbB.exe
  C:\Windows\System\TlCjKbB.exe
  2⤵
  PID:10032
- C:\Windows\System\NvUpcZF.exe
  C:\Windows\System\NvUpcZF.exe
  2⤵
  PID:10064
- C:\Windows\System\tFxqVxp.exe
  C:\Windows\System\tFxqVxp.exe
  2⤵
  PID:10096
- C:\Windows\System\fqgnFrl.exe
  C:\Windows\System\fqgnFrl.exe
  2⤵
  PID:10132
- C:\Windows\System\GjxbRtS.exe
  C:\Windows\System\GjxbRtS.exe
  2⤵
  PID:10148
- C:\Windows\System\STmyiWZ.exe
  C:\Windows\System\STmyiWZ.exe
  2⤵
  PID:10188
- C:\Windows\System\iybrkwk.exe
  C:\Windows\System\iybrkwk.exe
  2⤵
  PID:10204
- C:\Windows\System\IqhAQJi.exe
  C:\Windows\System\IqhAQJi.exe
  2⤵
  PID:10232
- C:\Windows\System\CovaNvv.exe
  C:\Windows\System\CovaNvv.exe
  2⤵
  PID:8800
- C:\Windows\System\EMqROFe.exe
  C:\Windows\System\EMqROFe.exe
  2⤵
  PID:9012
- C:\Windows\System\LMiaeJx.exe
  C:\Windows\System\LMiaeJx.exe
  2⤵
  PID:9300
- C:\Windows\System\CJovIdK.exe
  C:\Windows\System\CJovIdK.exe
  2⤵
  PID:9336
- C:\Windows\System\cySJqHq.exe
  C:\Windows\System\cySJqHq.exe
  2⤵
  PID:9444
- C:\Windows\System\OLdJKzg.exe
  C:\Windows\System\OLdJKzg.exe
  2⤵
  PID:9496
- C:\Windows\System\SgBDMvi.exe
  C:\Windows\System\SgBDMvi.exe
  2⤵
  PID:9584
- C:\Windows\System\zZLbpXl.exe
  C:\Windows\System\zZLbpXl.exe
  2⤵
  PID:9668
- C:\Windows\System\yNvTSwV.exe
  C:\Windows\System\yNvTSwV.exe
  2⤵
  PID:1312
- C:\Windows\System\wzTmWCA.exe
  C:\Windows\System\wzTmWCA.exe
  2⤵
  PID:3208
- C:\Windows\System\FanHNwc.exe
  C:\Windows\System\FanHNwc.exe
  2⤵
  PID:9788
- C:\Windows\System\riqtaWD.exe
  C:\Windows\System\riqtaWD.exe
  2⤵
  PID:9860
- C:\Windows\System\zmqGZiw.exe
  C:\Windows\System\zmqGZiw.exe
  2⤵
  PID:9944
- C:\Windows\System\NaVgwRT.exe
  C:\Windows\System\NaVgwRT.exe
  2⤵
  PID:9952
- C:\Windows\System\FtgJxkX.exe
  C:\Windows\System\FtgJxkX.exe
  2⤵
  PID:10052
- C:\Windows\System\UTOnrTf.exe
  C:\Windows\System\UTOnrTf.exe
  2⤵
  PID:10084
- C:\Windows\System\cocgbfH.exe
  C:\Windows\System\cocgbfH.exe
  2⤵
  PID:10112
- C:\Windows\System\AazDHBC.exe
  C:\Windows\System\AazDHBC.exe
  2⤵
  PID:10176
- C:\Windows\System\QQtuGzo.exe
  C:\Windows\System\QQtuGzo.exe
  2⤵
  PID:8892
- C:\Windows\System\LbSZzBk.exe
  C:\Windows\System\LbSZzBk.exe
  2⤵
  PID:9272
- C:\Windows\System\ENVwddx.exe
  C:\Windows\System\ENVwddx.exe
  2⤵
  PID:9484
- C:\Windows\System\jAAyyyN.exe
  C:\Windows\System\jAAyyyN.exe
  2⤵
  PID:9652
- C:\Windows\System\hxyUoWI.exe
  C:\Windows\System\hxyUoWI.exe
  2⤵
  PID:9864
- C:\Windows\System\WOINqPV.exe
  C:\Windows\System\WOINqPV.exe
  2⤵
  PID:10016
- C:\Windows\System\lUoadhn.exe
  C:\Windows\System\lUoadhn.exe
  2⤵
  PID:10120
- C:\Windows\System\UNYkUuA.exe
  C:\Windows\System\UNYkUuA.exe
  2⤵
  PID:10200
- C:\Windows\System\gaFgkXw.exe
  C:\Windows\System\gaFgkXw.exe
  2⤵
  PID:9616
- C:\Windows\System\DzoBGOo.exe
  C:\Windows\System\DzoBGOo.exe
  2⤵
  PID:9992
- C:\Windows\System\lACnPHc.exe
  C:\Windows\System\lACnPHc.exe
  2⤵
  PID:10224
- C:\Windows\System\DOtGJEf.exe
  C:\Windows\System\DOtGJEf.exe
  2⤵
  PID:9372
- C:\Windows\System\oMZLuOa.exe
  C:\Windows\System\oMZLuOa.exe
  2⤵
  PID:10076
- C:\Windows\System\oRkNxKu.exe
  C:\Windows\System\oRkNxKu.exe
  2⤵
  PID:10288
- C:\Windows\System\ZTscnrP.exe
  C:\Windows\System\ZTscnrP.exe
  2⤵
  PID:10312
- C:\Windows\System\gnkNDqU.exe
  C:\Windows\System\gnkNDqU.exe
  2⤵
  PID:10340
- C:\Windows\System\dyCsxff.exe
  C:\Windows\System\dyCsxff.exe
  2⤵
  PID:10356
- C:\Windows\System\NXTvUdN.exe
  C:\Windows\System\NXTvUdN.exe
  2⤵
  PID:10372
- C:\Windows\System\ZcVhnrW.exe
  C:\Windows\System\ZcVhnrW.exe
  2⤵
  PID:10408
- C:\Windows\System\vLDoFPY.exe
  C:\Windows\System\vLDoFPY.exe
  2⤵
  PID:10432
- C:\Windows\System\WUuCgeg.exe
  C:\Windows\System\WUuCgeg.exe
  2⤵
  PID:10448
- C:\Windows\System\dyHoHbt.exe
  C:\Windows\System\dyHoHbt.exe
  2⤵
  PID:10496
- C:\Windows\System\olpncci.exe
  C:\Windows\System\olpncci.exe
  2⤵
  PID:10516
- C:\Windows\System\yQRlxJM.exe
  C:\Windows\System\yQRlxJM.exe
  2⤵
  PID:10556
- C:\Windows\System\pddadEz.exe
  C:\Windows\System\pddadEz.exe
  2⤵
  PID:10584
- C:\Windows\System\GOJHCuX.exe
  C:\Windows\System\GOJHCuX.exe
  2⤵
  PID:10612
- C:\Windows\System\RYJMyVm.exe
  C:\Windows\System\RYJMyVm.exe
  2⤵
  PID:10636
- C:\Windows\System\KFumsuo.exe
  C:\Windows\System\KFumsuo.exe
  2⤵
  PID:10672
- C:\Windows\System\AyLhRVM.exe
  C:\Windows\System\AyLhRVM.exe
  2⤵
  PID:10696
- C:\Windows\System\FSxCyOB.exe
  C:\Windows\System\FSxCyOB.exe
  2⤵
  PID:10724
- C:\Windows\System\zOptsrC.exe
  C:\Windows\System\zOptsrC.exe
  2⤵
  PID:10740
- C:\Windows\System\SRnKmek.exe
  C:\Windows\System\SRnKmek.exe
  2⤵
  PID:10780
- C:\Windows\System\FReFdzd.exe
  C:\Windows\System\FReFdzd.exe
  2⤵
  PID:10796
- C:\Windows\System\gdJGdIS.exe
  C:\Windows\System\gdJGdIS.exe
  2⤵
  PID:10836
- C:\Windows\System\OwrqOTT.exe
  C:\Windows\System\OwrqOTT.exe
  2⤵
  PID:10852
- C:\Windows\System\ayKrqpH.exe
  C:\Windows\System\ayKrqpH.exe
  2⤵
  PID:10884
- C:\Windows\System\sSNOjOy.exe
  C:\Windows\System\sSNOjOy.exe
  2⤵
  PID:10908
- C:\Windows\System\ukbfvvH.exe
  C:\Windows\System\ukbfvvH.exe
  2⤵
  PID:10936
- C:\Windows\System\tGLjtKu.exe
  C:\Windows\System\tGLjtKu.exe
  2⤵
  PID:10972
- C:\Windows\System\sjwVtKw.exe
  C:\Windows\System\sjwVtKw.exe
  2⤵
  PID:11008
- C:\Windows\System\nUjdCdi.exe
  C:\Windows\System\nUjdCdi.exe
  2⤵
  PID:11032
- C:\Windows\System\TvnVzOS.exe
  C:\Windows\System\TvnVzOS.exe
  2⤵
  PID:11060
- C:\Windows\System\MJjayEy.exe
  C:\Windows\System\MJjayEy.exe
  2⤵
  PID:11080
- C:\Windows\System\uvHOgrT.exe
  C:\Windows\System\uvHOgrT.exe
  2⤵
  PID:11100
- C:\Windows\System\zKvtFuw.exe
  C:\Windows\System\zKvtFuw.exe
  2⤵
  PID:11132
- C:\Windows\System\AcQjAMj.exe
  C:\Windows\System\AcQjAMj.exe
  2⤵
  PID:11160
- C:\Windows\System\GxATWZw.exe
  C:\Windows\System\GxATWZw.exe
  2⤵
  PID:11188
- C:\Windows\System\AhtUcSK.exe
  C:\Windows\System\AhtUcSK.exe
  2⤵
  PID:11216
- C:\Windows\System\iGhiNdk.exe
  C:\Windows\System\iGhiNdk.exe
  2⤵
  PID:11236
- C:\Windows\System\FyJBVwr.exe
  C:\Windows\System\FyJBVwr.exe
  2⤵
  PID:9940
- C:\Windows\System\NGCgbXF.exe
  C:\Windows\System\NGCgbXF.exe
  2⤵
  PID:10332
- C:\Windows\System\nnTiSXp.exe
  C:\Windows\System\nnTiSXp.exe
  2⤵
  PID:10400
- C:\Windows\System\MYUtitv.exe
  C:\Windows\System\MYUtitv.exe
  2⤵
  PID:10468
- C:\Windows\System\cjLLvBG.exe
  C:\Windows\System\cjLLvBG.exe
  2⤵
  PID:10536
- C:\Windows\System\lQisWsa.exe
  C:\Windows\System\lQisWsa.exe
  2⤵
  PID:10608
- C:\Windows\System\cYuhgtm.exe
  C:\Windows\System\cYuhgtm.exe
  2⤵
  PID:10688
- C:\Windows\System\WPvqqFD.exe
  C:\Windows\System\WPvqqFD.exe
  2⤵
  PID:10732
- C:\Windows\System\yHlWwno.exe
  C:\Windows\System\yHlWwno.exe
  2⤵
  PID:10820
- C:\Windows\System\wZuniAW.exe
  C:\Windows\System\wZuniAW.exe
  2⤵
  PID:10872
- C:\Windows\System\AHonVtj.exe
  C:\Windows\System\AHonVtj.exe
  2⤵
  PID:10896
- C:\Windows\System\yKbCTyI.exe
  C:\Windows\System\yKbCTyI.exe
  2⤵
  PID:11024
- C:\Windows\System\VBqohQZ.exe
  C:\Windows\System\VBqohQZ.exe
  2⤵
  PID:11052
- C:\Windows\System\ImkFwdL.exe
  C:\Windows\System\ImkFwdL.exe
  2⤵
  PID:11092
- C:\Windows\System\DuMVMwE.exe
  C:\Windows\System\DuMVMwE.exe
  2⤵
  PID:11180
- C:\Windows\System\gBHPxsM.exe
  C:\Windows\System\gBHPxsM.exe
  2⤵
  PID:11204
- C:\Windows\System\nSKDqUV.exe
  C:\Windows\System\nSKDqUV.exe
  2⤵
  PID:10364
- C:\Windows\System\AzZnhZG.exe
  C:\Windows\System\AzZnhZG.exe
  2⤵
  PID:10404
- C:\Windows\System\unnRgwY.exe
  C:\Windows\System\unnRgwY.exe
  2⤵
  PID:10548
- C:\Windows\System\VziWJtv.exe
  C:\Windows\System\VziWJtv.exe
  2⤵
  PID:10752
- C:\Windows\System\xUNsXkg.exe
  C:\Windows\System\xUNsXkg.exe
  2⤵
  PID:10916
- C:\Windows\System\DYaGgwT.exe
  C:\Windows\System\DYaGgwT.exe
  2⤵
  PID:11128
- C:\Windows\System\ZsErfms.exe
  C:\Windows\System\ZsErfms.exe
  2⤵
  PID:11252
- C:\Windows\System\HXONHPN.exe
  C:\Windows\System\HXONHPN.exe
  2⤵
  PID:10656
- C:\Windows\System\ZifbDEi.exe
  C:\Windows\System\ZifbDEi.exe
  2⤵
  PID:11112
- C:\Windows\System\iDOXicL.exe
  C:\Windows\System\iDOXicL.exe
  2⤵
  PID:10440
- C:\Windows\System\xicafab.exe
  C:\Windows\System\xicafab.exe
  2⤵
  PID:10708
- C:\Windows\System\hErOMBO.exe
  C:\Windows\System\hErOMBO.exe
  2⤵
  PID:11288
- C:\Windows\System\YdmmHoo.exe
  C:\Windows\System\YdmmHoo.exe
  2⤵
  PID:11320
- C:\Windows\System\yNdfGoV.exe
  C:\Windows\System\yNdfGoV.exe
  2⤵
  PID:11352
- C:\Windows\System\ZsheGAv.exe
  C:\Windows\System\ZsheGAv.exe
  2⤵
  PID:11380
- C:\Windows\System\jseYcLt.exe
  C:\Windows\System\jseYcLt.exe
  2⤵
  PID:11412
- C:\Windows\System\sqKeXiF.exe
  C:\Windows\System\sqKeXiF.exe
  2⤵
  PID:11428
- C:\Windows\System\dCUnjeq.exe
  C:\Windows\System\dCUnjeq.exe
  2⤵
  PID:11452
- C:\Windows\System\akhXqWp.exe
  C:\Windows\System\akhXqWp.exe
  2⤵
  PID:11480
- C:\Windows\System\GWNzSzn.exe
  C:\Windows\System\GWNzSzn.exe
  2⤵
  PID:11508
- C:\Windows\System\kMsMplQ.exe
  C:\Windows\System\kMsMplQ.exe
  2⤵
  PID:11548
- C:\Windows\System\SJiMMtW.exe
  C:\Windows\System\SJiMMtW.exe
  2⤵
  PID:11576
- C:\Windows\System\QvsHVsj.exe
  C:\Windows\System\QvsHVsj.exe
  2⤵
  PID:11612
- C:\Windows\System\PzlDAkj.exe
  C:\Windows\System\PzlDAkj.exe
  2⤵
  PID:11632
- C:\Windows\System\PWEcnMd.exe
  C:\Windows\System\PWEcnMd.exe
  2⤵
  PID:11672
- C:\Windows\System\tboyQUk.exe
  C:\Windows\System\tboyQUk.exe
  2⤵
  PID:11700
- C:\Windows\System\HdzZRvf.exe
  C:\Windows\System\HdzZRvf.exe
  2⤵
  PID:11728
- C:\Windows\System\toZMcUp.exe
  C:\Windows\System\toZMcUp.exe
  2⤵
  PID:11756
- C:\Windows\System\vVoJyCY.exe
  C:\Windows\System\vVoJyCY.exe
  2⤵
  PID:11780
- C:\Windows\System\jmgYmri.exe
  C:\Windows\System\jmgYmri.exe
  2⤵
  PID:11796
- C:\Windows\System\KamMZSG.exe
  C:\Windows\System\KamMZSG.exe
  2⤵
  PID:11816
- C:\Windows\System\AWpyUEU.exe
  C:\Windows\System\AWpyUEU.exe
  2⤵
  PID:11844
- C:\Windows\System\gZcZhoS.exe
  C:\Windows\System\gZcZhoS.exe
  2⤵
  PID:11884
- C:\Windows\System\LIrtpzV.exe
  C:\Windows\System\LIrtpzV.exe
  2⤵
  PID:11904
- C:\Windows\System\ibQEqZu.exe
  C:\Windows\System\ibQEqZu.exe
  2⤵
  PID:11940
- C:\Windows\System\xTRTCNG.exe
  C:\Windows\System\xTRTCNG.exe
  2⤵
  PID:11968
- C:\Windows\System\fKSqnNM.exe
  C:\Windows\System\fKSqnNM.exe
  2⤵
  PID:11984
- C:\Windows\System\FKCfsaF.exe
  C:\Windows\System\FKCfsaF.exe
  2⤵
  PID:12020
- C:\Windows\System\YlMAfyx.exe
  C:\Windows\System\YlMAfyx.exe
  2⤵
  PID:12040
- C:\Windows\System\KmDYjHL.exe
  C:\Windows\System\KmDYjHL.exe
  2⤵
  PID:12064
- C:\Windows\System\axqqyku.exe
  C:\Windows\System\axqqyku.exe
  2⤵
  PID:12096
- C:\Windows\System\BBZPhvE.exe
  C:\Windows\System\BBZPhvE.exe
  2⤵
  PID:12124
- C:\Windows\System\guLWmhi.exe
  C:\Windows\System\guLWmhi.exe
  2⤵
  PID:12152
- C:\Windows\System\mefZfvb.exe
  C:\Windows\System\mefZfvb.exe
  2⤵
  PID:12172
- C:\Windows\System\Alxmwkh.exe
  C:\Windows\System\Alxmwkh.exe
  2⤵
  PID:12208
- C:\Windows\System\DAwcDAq.exe
  C:\Windows\System\DAwcDAq.exe
  2⤵
  PID:12236
- C:\Windows\System\lfEGkJA.exe
  C:\Windows\System\lfEGkJA.exe
  2⤵
  PID:12260
- C:\Windows\System\fgimbah.exe
  C:\Windows\System\fgimbah.exe
  2⤵
  PID:12284
- C:\Windows\System\YVmOEiG.exe
  C:\Windows\System\YVmOEiG.exe
  2⤵
  PID:11176
- C:\Windows\System\nSNZfSu.exe
  C:\Windows\System\nSNZfSu.exe
  2⤵
  PID:11312
- C:\Windows\System\yeUCSMo.exe
  C:\Windows\System\yeUCSMo.exe
  2⤵
  PID:11364
- C:\Windows\System\FGroKBb.exe
  C:\Windows\System\FGroKBb.exe
  2⤵
  PID:11440
- C:\Windows\System\qICTxUD.exe
  C:\Windows\System\qICTxUD.exe
  2⤵
  PID:11464
- C:\Windows\System\mDxBqSZ.exe
  C:\Windows\System\mDxBqSZ.exe
  2⤵
  PID:11528
- C:\Windows\System\LyFSTIr.exe
  C:\Windows\System\LyFSTIr.exe
  2⤵
  PID:11588
- C:\Windows\System\VGqRTHw.exe
  C:\Windows\System\VGqRTHw.exe
  2⤵
  PID:11684
- C:\Windows\System\NGHNwUP.exe
  C:\Windows\System\NGHNwUP.exe
  2⤵
  PID:2912
- C:\Windows\System\BkDhNQj.exe
  C:\Windows\System\BkDhNQj.exe
  2⤵
  PID:11808
- C:\Windows\System\vnWqOfY.exe
  C:\Windows\System\vnWqOfY.exe
  2⤵
  PID:11836
- C:\Windows\System\HAcWbzz.exe
  C:\Windows\System\HAcWbzz.exe
  2⤵
  PID:11952
- C:\Windows\System\fSURrHA.exe
  C:\Windows\System\fSURrHA.exe
  2⤵
  PID:12060
- C:\Windows\System\JHGKsZw.exe
  C:\Windows\System\JHGKsZw.exe
  2⤵
  PID:12248
- C:\Windows\System\vApEQhN.exe
  C:\Windows\System\vApEQhN.exe
  2⤵
  PID:11296
- C:\Windows\System\VegkFKV.exe
  C:\Windows\System\VegkFKV.exe
  2⤵
  PID:10264
- C:\Windows\System\rmrQOud.exe
  C:\Windows\System\rmrQOud.exe
  2⤵
  PID:10380
- C:\Windows\System\DiKVLJh.exe
  C:\Windows\System\DiKVLJh.exe
  2⤵
  PID:11724
- C:\Windows\System\quUwpwX.exe
  C:\Windows\System\quUwpwX.exe
  2⤵
  PID:11788
- C:\Windows\System\ceWaPyB.exe
  C:\Windows\System\ceWaPyB.exe
  2⤵
  PID:11936
- C:\Windows\System\ZyFzMWL.exe
  C:\Windows\System\ZyFzMWL.exe
  2⤵
  PID:12052
- C:\Windows\System\CbKyyZU.exe
  C:\Windows\System\CbKyyZU.exe
  2⤵
  PID:12192
- C:\Windows\System\rohsdyb.exe
  C:\Windows\System\rohsdyb.exe
  2⤵
  PID:5788
- C:\Windows\System\beibebr.exe
  C:\Windows\System\beibebr.exe
  2⤵
  PID:6696
- C:\Windows\System\uTvLpCv.exe
  C:\Windows\System\uTvLpCv.exe
  2⤵
  PID:11448
- C:\Windows\System\swXRCtY.exe
  C:\Windows\System\swXRCtY.exe
  2⤵
  PID:11772
- C:\Windows\System\uZFSpBF.exe
  C:\Windows\System\uZFSpBF.exe
  2⤵
  PID:12004
- C:\Windows\System\ohOzPcI.exe
  C:\Windows\System\ohOzPcI.exe
  2⤵
  PID:11424
- C:\Windows\System\lcbvlWq.exe
  C:\Windows\System\lcbvlWq.exe
  2⤵
  PID:5880
- C:\Windows\System\ZuopApP.exe
  C:\Windows\System\ZuopApP.exe
  2⤵
  PID:12308
- C:\Windows\System\ZLehCtR.exe
  C:\Windows\System\ZLehCtR.exe
  2⤵
  PID:12324
- C:\Windows\System\HORYqsA.exe
  C:\Windows\System\HORYqsA.exe
  2⤵
  PID:12352
- C:\Windows\System\HFBwzVw.exe
  C:\Windows\System\HFBwzVw.exe
  2⤵
  PID:12388
- C:\Windows\System\UChbVgJ.exe
  C:\Windows\System\UChbVgJ.exe
  2⤵
  PID:12404
- C:\Windows\System\pVBlESE.exe
  C:\Windows\System\pVBlESE.exe
  2⤵
  PID:12432
- C:\Windows\System\ticJAXQ.exe
  C:\Windows\System\ticJAXQ.exe
  2⤵
  PID:12456
- C:\Windows\System\FkIgucr.exe
  C:\Windows\System\FkIgucr.exe
  2⤵
  PID:12480
- C:\Windows\System\xLGVjjb.exe
  C:\Windows\System\xLGVjjb.exe
  2⤵
  PID:12496
- C:\Windows\System\pUITPGl.exe
  C:\Windows\System\pUITPGl.exe
  2⤵
  PID:12520
- C:\Windows\System\PQzUyoE.exe
  C:\Windows\System\PQzUyoE.exe
  2⤵
  PID:12548
- C:\Windows\System\ATjKeoi.exe
  C:\Windows\System\ATjKeoi.exe
  2⤵
  PID:12568
- C:\Windows\System\GPzNMiM.exe
  C:\Windows\System\GPzNMiM.exe
  2⤵
  PID:12592
- C:\Windows\System\lNpUNdn.exe
  C:\Windows\System\lNpUNdn.exe
  2⤵
  PID:12620
- C:\Windows\System\aKYAFvw.exe
  C:\Windows\System\aKYAFvw.exe
  2⤵
  PID:12656
- C:\Windows\System\SkdIazT.exe
  C:\Windows\System\SkdIazT.exe
  2⤵
  PID:12692
- C:\Windows\System\xVuPVto.exe
  C:\Windows\System\xVuPVto.exe
  2⤵
  PID:12732
- C:\Windows\System\tUNAtFG.exe
  C:\Windows\System\tUNAtFG.exe
  2⤵
  PID:12752
- C:\Windows\System\oWEjUvH.exe
  C:\Windows\System\oWEjUvH.exe
  2⤵
  PID:12780
- C:\Windows\System\EVnbOAq.exe
  C:\Windows\System\EVnbOAq.exe
  2⤵
  PID:12824
- C:\Windows\System\sydFmGm.exe
  C:\Windows\System\sydFmGm.exe
  2⤵
  PID:12844
- C:\Windows\System\XHBFpDR.exe
  C:\Windows\System\XHBFpDR.exe
  2⤵
  PID:12868
- C:\Windows\System\yRRKcKh.exe
  C:\Windows\System\yRRKcKh.exe
  2⤵
  PID:12900
- C:\Windows\System\HoAxgfC.exe
  C:\Windows\System\HoAxgfC.exe
  2⤵
  PID:12936
- C:\Windows\System\XtLzDrE.exe
  C:\Windows\System\XtLzDrE.exe
  2⤵
  PID:12956
- C:\Windows\System\KYNUfNN.exe
  C:\Windows\System\KYNUfNN.exe
  2⤵
  PID:12980
- C:\Windows\System\PDOQYOJ.exe
  C:\Windows\System\PDOQYOJ.exe
  2⤵
  PID:13020
- C:\Windows\System\lcCNXdE.exe
  C:\Windows\System\lcCNXdE.exe
  2⤵
  PID:13052
- C:\Windows\System\SvsKaFQ.exe
  C:\Windows\System\SvsKaFQ.exe
  2⤵
  PID:13080
- C:\Windows\System\TBSSXgG.exe
  C:\Windows\System\TBSSXgG.exe
  2⤵
  PID:13116
- C:\Windows\System\OsUPzbh.exe
  C:\Windows\System\OsUPzbh.exe
  2⤵
  PID:13148
- C:\Windows\System\XOBFrZH.exe
  C:\Windows\System\XOBFrZH.exe
  2⤵
  PID:13168
- C:\Windows\System\PrLYfsU.exe
  C:\Windows\System\PrLYfsU.exe
  2⤵
  PID:13184
- C:\Windows\System\pnUWdUd.exe
  C:\Windows\System\pnUWdUd.exe
  2⤵
  PID:13220
- C:\Windows\System\udGaxHe.exe
  C:\Windows\System\udGaxHe.exe
  2⤵
  PID:13240
- C:\Windows\System\qRDVRrs.exe
  C:\Windows\System\qRDVRrs.exe
  2⤵
  PID:13268
- C:\Windows\System\PguwDwb.exe
  C:\Windows\System\PguwDwb.exe
  2⤵
  PID:13292
- C:\Windows\System\jswvVyn.exe
  C:\Windows\System\jswvVyn.exe
  2⤵
  PID:11804
- C:\Windows\System\xoGWwFy.exe
  C:\Windows\System\xoGWwFy.exe
  2⤵
  PID:12340
- C:\Windows\System\ioPPuTF.exe
  C:\Windows\System\ioPPuTF.exe
  2⤵
  PID:12428
- C:\Windows\System\sVuKNIo.exe
  C:\Windows\System\sVuKNIo.exe
  2⤵
  PID:12420
- C:\Windows\System\tlBxjqH.exe
  C:\Windows\System\tlBxjqH.exe
  2⤵
  PID:12556
- C:\Windows\System\NxsADnV.exe
  C:\Windows\System\NxsADnV.exe
  2⤵
  PID:12532
- C:\Windows\System\IdriJUd.exe
  C:\Windows\System\IdriJUd.exe
  2⤵
  PID:12632
- C:\Windows\System\JkEaxoW.exe
  C:\Windows\System\JkEaxoW.exe
  2⤵
  PID:12676
- C:\Windows\System\BmyBqly.exe
  C:\Windows\System\BmyBqly.exe
  2⤵
  PID:12768
- C:\Windows\System\fXBLlre.exe
  C:\Windows\System\fXBLlre.exe
  2⤵
  PID:12896
- C:\Windows\System\fKVuEuo.exe
  C:\Windows\System\fKVuEuo.exe
  2⤵
  PID:12992
- C:\Windows\System\ffsqAhJ.exe
  C:\Windows\System\ffsqAhJ.exe
  2⤵
  PID:12972
- C:\Windows\System\SiXVhuZ.exe
  C:\Windows\System\SiXVhuZ.exe
  2⤵
  PID:13040
- C:\Windows\System\MmkNIZG.exe
  C:\Windows\System\MmkNIZG.exe
  2⤵
  PID:11960
- C:\Windows\System\PLNywzU.exe
  C:\Windows\System\PLNywzU.exe
  2⤵
  PID:13180
- C:\Windows\System\mTMxeUb.exe
  C:\Windows\System\mTMxeUb.exe
  2⤵
  PID:11876
- C:\Windows\System\IIhfKUT.exe
  C:\Windows\System\IIhfKUT.exe
  2⤵
  PID:12296
- C:\Windows\System\mfTMbHB.exe
  C:\Windows\System\mfTMbHB.exe
  2⤵
  PID:12540
- C:\Windows\System\onsucRT.exe
  C:\Windows\System\onsucRT.exe
  2⤵
  PID:12576
- C:\Windows\System\KyNmFTR.exe
  C:\Windows\System\KyNmFTR.exe
  2⤵
  PID:12776
- C:\Windows\System\TNyMcdU.exe
  C:\Windows\System\TNyMcdU.exe
  2⤵
  PID:12880
- C:\Windows\System\xxIkgQt.exe
  C:\Windows\System\xxIkgQt.exe
  2⤵
  PID:640
- C:\Windows\System\KEEJUuj.exe
  C:\Windows\System\KEEJUuj.exe
  2⤵
  PID:4748
- C:\Windows\System\FOlyDYk.exe
  C:\Windows\System\FOlyDYk.exe
  2⤵
  PID:13136
- C:\Windows\System\bjxyyRa.exe
  C:\Windows\System\bjxyyRa.exe
  2⤵
  PID:13288
- C:\Windows\System\QYluUqV.exe
  C:\Windows\System\QYluUqV.exe
  2⤵
  PID:13252
- C:\Windows\System\YafgKKQ.exe
  C:\Windows\System\YafgKKQ.exe
  2⤵
  PID:1604
- C:\Windows\System\NaysCwh.exe
  C:\Windows\System\NaysCwh.exe
  2⤵
  PID:12816
- C:\Windows\System\VHwmNWx.exe
  C:\Windows\System\VHwmNWx.exe
  2⤵
  PID:13228
- C:\Windows\System\EWKAMzv.exe
  C:\Windows\System\EWKAMzv.exe
  2⤵
  PID:12448
- C:\Windows\System\FatMoQZ.exe
  C:\Windows\System\FatMoQZ.exe
  2⤵
  PID:13348
- C:\Windows\System\CClStuT.exe
  C:\Windows\System\CClStuT.exe
  2⤵
  PID:13376
- C:\Windows\System\zgsQNuv.exe
  C:\Windows\System\zgsQNuv.exe
  2⤵
  PID:13412
- C:\Windows\System\jjMKBrE.exe
  C:\Windows\System\jjMKBrE.exe
  2⤵
  PID:13436
- C:\Windows\System\wciMPdD.exe
  C:\Windows\System\wciMPdD.exe
  2⤵
  PID:13472
- C:\Windows\System\uMBCbGY.exe
  C:\Windows\System\uMBCbGY.exe
  2⤵
  PID:13512
- C:\Windows\System\BtJRCga.exe
  C:\Windows\System\BtJRCga.exe
  2⤵
  PID:13528
- C:\Windows\System\EpcBZel.exe
  C:\Windows\System\EpcBZel.exe
  2⤵
  PID:13556
- C:\Windows\System\FJXCuvd.exe
  C:\Windows\System\FJXCuvd.exe
  2⤵
  PID:13572
- C:\Windows\System\SMybZvO.exe
  C:\Windows\System\SMybZvO.exe
  2⤵
  PID:13600
- C:\Windows\System\GbzftMb.exe
  C:\Windows\System\GbzftMb.exe
  2⤵
  PID:13620
- C:\Windows\System\SebrzMJ.exe
  C:\Windows\System\SebrzMJ.exe
  2⤵
  PID:13656
- C:\Windows\System\eWhclxj.exe
  C:\Windows\System\eWhclxj.exe
  2⤵
  PID:13672
- C:\Windows\System\svbJGsl.exe
  C:\Windows\System\svbJGsl.exe
  2⤵
  PID:13692
- C:\Windows\System\kbWvffl.exe
  C:\Windows\System\kbWvffl.exe
  2⤵
  PID:13724
- C:\Windows\System\GZZBTSG.exe
  C:\Windows\System\GZZBTSG.exe
  2⤵
  PID:13764
- C:\Windows\System\TTDqxaM.exe
  C:\Windows\System\TTDqxaM.exe
  2⤵
  PID:13792
- C:\Windows\System\cRHcElN.exe
  C:\Windows\System\cRHcElN.exe
  2⤵
  PID:13824
- C:\Windows\System\GDoloiq.exe
  C:\Windows\System\GDoloiq.exe
  2⤵
  PID:13848
- C:\Windows\System\qcOAWKz.exe
  C:\Windows\System\qcOAWKz.exe
  2⤵
  PID:13876
- C:\Windows\System\owYsUDw.exe
  C:\Windows\System\owYsUDw.exe
  2⤵
  PID:13908
- C:\Windows\System\XHjzJhP.exe
  C:\Windows\System\XHjzJhP.exe
  2⤵
  PID:13932
- C:\Windows\System\NUvjFEs.exe
  C:\Windows\System\NUvjFEs.exe
  2⤵
  PID:13960
- C:\Windows\System\OkYLIqn.exe
  C:\Windows\System\OkYLIqn.exe
  2⤵
  PID:13992
- C:\Windows\System\rMPWJxJ.exe
  C:\Windows\System\rMPWJxJ.exe
  2⤵
  PID:14008
- C:\Windows\System\LNQgFWM.exe
  C:\Windows\System\LNQgFWM.exe
  2⤵
  PID:14044
- C:\Windows\System\jWvWUxe.exe
  C:\Windows\System\jWvWUxe.exe
  2⤵
  PID:14088
- C:\Windows\System\xztTljt.exe
  C:\Windows\System\xztTljt.exe
  2⤵
  PID:14128
- C:\Windows\System\DxkRmTK.exe
  C:\Windows\System\DxkRmTK.exe
  2⤵
  PID:14144
- C:\Windows\System\MlsFypD.exe
  C:\Windows\System\MlsFypD.exe
  2⤵
  PID:14160
- C:\Windows\System\NvQsFmt.exe
  C:\Windows\System\NvQsFmt.exe
  2⤵
  PID:14208
- C:\Windows\System\GNJuLOw.exe
  C:\Windows\System\GNJuLOw.exe
  2⤵
  PID:14228
- C:\Windows\System\YuVWQQx.exe
  C:\Windows\System\YuVWQQx.exe
  2⤵
  PID:14252
- C:\Windows\System\Msrxemh.exe
  C:\Windows\System\Msrxemh.exe
  2⤵
  PID:14272
- C:\Windows\System\FRSoLmm.exe
  C:\Windows\System\FRSoLmm.exe
  2⤵
  PID:14296
- C:\Windows\System\iXbGrwz.exe
  C:\Windows\System\iXbGrwz.exe
  2⤵
  PID:14324
- C:\Windows\System\HgfHzhn.exe
  C:\Windows\System\HgfHzhn.exe
  2⤵
  PID:13340
- C:\Windows\System\kRuHEIA.exe
  C:\Windows\System\kRuHEIA.exe
  2⤵
  PID:13392
- C:\Windows\System\sxSihPx.exe
  C:\Windows\System\sxSihPx.exe
  2⤵
  PID:13492
- C:\Windows\System\LfgcvHu.exe
  C:\Windows\System\LfgcvHu.exe
  2⤵
  PID:13540
- C:\Windows\System\WqjKMPy.exe
  C:\Windows\System\WqjKMPy.exe
  2⤵
  PID:13564
- C:\Windows\System\UWixffo.exe
  C:\Windows\System\UWixffo.exe
  2⤵
  PID:13636
- C:\Windows\System\oAlIqpw.exe
  C:\Windows\System\oAlIqpw.exe
  2⤵
  PID:13748

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BCtyOiI.exe

Filesize
2.2MB

MD5
b2f82146373a256ba6ee67c0efd650db

SHA1
e856d7cbed3102e17e3645a6830357a07d6b209c

SHA256
56e7c44d397f3a782f3a66eb7d89fce46bb582b4355eb825358d8740997a48b0

SHA512
6e2562de75ee46860050844ccfa6e78291e0b10d9e59b77c018a7e188b3fa59ad174fdd8a0abb502a855616829bb4c4ce6fa0f4376e8365b3ef661e69e653980

Download Submit
C:\Windows\System\HHisHNb.exe

Filesize
2.2MB

MD5
78b33c47b1dd78349cfc710a48621e3f

SHA1
eb4aaca45e12fedec78c234d7fd76f05f7b2ccb9

SHA256
25254f8497af0c96c1103584684adfb3ebf67918c5432794e1c635ce017ccfb6

SHA512
058baccb1e75ae466341a347ca6672d37777489b3013ced2773ccbe66cb693ed14f467280e18d9b4bb481b3a95f1099b08f6e01b61837b14fdbc01ced51a15a0

Download Submit
C:\Windows\System\HnXraKD.exe

Filesize
2.2MB

MD5
b3208aff35837edd77ec792c630b46e3

SHA1
d137c74aa043a0ab45fa59dad50529c6dd76e54b

SHA256
b70ce8d43f2d6aa047ace6ef238c35f366a69f11cf7c72d4aad07c5c4a790f77

SHA512
7365d25570de9df4849cc6a3af2387d264cacf79d3923d04ce8ae74eba646136eef03c10f0d8ca772aeeba6b8546ca93aa0d89643396b53f21207ce2eff04d87

Download Submit
C:\Windows\System\IOLwWQo.exe

Filesize
2.2MB

MD5
4fd7dff2aadaa417796e5be6649843b5

SHA1
dd13757c3d1d75a0de9ed2d32bbebeddc9688ec5

SHA256
46619f54e5c48e7dd996647a1e65ffeab28ab448c5f368993ee67c2356fa7b1c

SHA512
e1d5e51eac9d5799302dc2acb1fcb794026a7e5886ecd7b1f54312b143eebf6e00060073f509c46fe640cbf648b50843bbec7e3738198117fd27f9ef07b3101a

Download Submit
C:\Windows\System\KiUrNJB.exe

Filesize
2.2MB

MD5
88d8bfadb899d2d1eedf7bf3c83eb238

SHA1
723c499b811b3e9b2d783c9a4cf433f16acb39f8

SHA256
032884e5892c5c33b4685aaa361e67f483d50777f89ca8eab33b08da416601f9

SHA512
165baedc1074f41d3702bdfc3159947b87ec60d6aa2b83feee321bacafe580379c974faa797974d366a83c077d9260b8b3033dda3f37cc1d4adc2290face2d52

Download Submit
C:\Windows\System\LqKAytM.exe

Filesize
2.2MB

MD5
660303bc8433036fecf2e3c74236896c

SHA1
28ee3ea847eee59a219e4316c64d3cbd74f084af

SHA256
be3e578e1497fa52a0f04a4e9c3f0361242b19213ef41ecb7c0a4e73697ff19d

SHA512
f8eeaf7ae938b4ac7073148691fe28872dd5952f0fb00b9c8e1191e04f3580d771df7f62820fa883d2ad251c239833f94e4fd34cd0cbbc176a4ed9fba3793bf5

Download Submit
C:\Windows\System\NkjcTFq.exe

Filesize
2.2MB

MD5
ab19a8e875a4f1bbbc0a9c3d60033bc5

SHA1
ebb17d048c416e440eb102ab64acefc636c19647

SHA256
dea5d1d15fad2b8590a271d2393980d3bd488078e76733988e0c4407d69a353b

SHA512
2d6a0378ce15af79ed1c826dd83813be569b019daa9bccdeea66fe603c97f1a50a8a729279cdea81864ba7f8b73dccf1cdd5e3f4dbcc15ad8f677cb0147119cb

Download Submit
C:\Windows\System\NsfkVBp.exe

Filesize
2.2MB

MD5
f2e5da8b5e95f7df8bbd78508af66a0b

SHA1
0c7fe9c3bef1ad07863e2b275c54dafd85d5bd78

SHA256
cc42d701696fb48429f3c5ebb9ff0938fb05a18ec831326092edc08eee0b80cb

SHA512
c05eef8787c7b5df5b6834eae3962eb7b14707192d2fc34926c64c3234989bd88fc3002ad0b555f30c41d814141617872cb06cff8b31f5320419c449852c9dd8

Download Submit
C:\Windows\System\OvaqBtv.exe

Filesize
2.2MB

MD5
b11383db851244ee1080ab77871c000a

SHA1
0c66b6f3841073f43ff7b0d5a061855c9e4fd3ef

SHA256
517ddb7469ec00b65936783854d63d334c121d631707c21b7f672f04f82c2b64

SHA512
6c77ca7ae497943cc32a1ffa305542d84fe66fb796a7441e484fa13040370e41e49a2b4eff5d1ce8d9b52c027715a99eaed3aa773c358f6b9b288381f141357d

Download Submit
C:\Windows\System\SnfyUSh.exe

Filesize
2.2MB

MD5
8e83cdbb14140cf30ef04a12b0d0cc00

SHA1
c5af270855dbd2da2b3dc3ed67e2c98a7dd2e35b

SHA256
388fedd7d458554f7c0ec6483c7f81be06b2518f073dfc6e9da34aa68ce489a7

SHA512
9175cc488614382351685e9965fe439101499bb12689b6382c64782125564ec68f216f8bdda01131432a730f405349669eec1fd73a332e5300b0b22c87becf5e

Download Submit
C:\Windows\System\TBuWhlp.exe

Filesize
2.2MB

MD5
db68b809d7e5cabe0286d8c0287bd8b8

SHA1
fd574219106cf4714733d668fbfd2c42e9b7b123

SHA256
f6259a0eeabc58d58c17fc0a039b99f30087fb61d5dbb1d4a02fdf1800ffde67

SHA512
eea52264f965f471e45468f73feca0de020f2a3ac9cacad1f227e378a4935b0cdd533b464a7d9df1336bd94e79f09499cf62b2785a86041de446a19b5cea3c81

Download Submit
C:\Windows\System\XaAzKbT.exe

Filesize
2.2MB

MD5
55fa232ef4cbfe89a281f16f08daacfe

SHA1
402a5099cc03e168a3c03e4f5483546d33f917f4

SHA256
249acbe54896e22e870e7c4a9c72efc1ab48c7f68c27be8c3c21c3f5e2e3d558

SHA512
72e6441d8841862b548b320bff6379cec5bebca35b8f925b9b4613e3f34f49fe8a13d3e2eb19408a046a0b122904317832df1d3fd743088592ad09747f6d4da7

Download Submit
C:\Windows\System\YeMbeqV.exe

Filesize
2.2MB

MD5
85d23ff6d1223d0dbcaabfc82ce61f19

SHA1
eeffa39f007e7ef5abf9e7fbf0954a9e17df4ade

SHA256
f963b6233c34dc218047020f0f13d97cfd12aefcf082950e9a69ce44f88bf19f

SHA512
762f319fa073c52905c735066728344a8bc312d57b2a5904fa762a803ef619bdc06ecfa3850ce05e9fd2e725ad176f960df1b832162446e641aca7b1a8898cc2

Download Submit
C:\Windows\System\ZmLZMAS.exe

Filesize
2.2MB

MD5
37294295130baaa696c2a9bb971480a9

SHA1
477d4f322ad9058f78c0e18ba630cea403978376

SHA256
f9ee90d7676c2d3692b1ea843e9eb912e66408941bda219451f9fbf3427ade0a

SHA512
8bc0d854785b36ad21b7a854193f7d7989eaad1a708fba18b91bfa9da8cdfde01bf972ff1f8deb2cbbad5b0dfb9351f749cec31b90071f0777b6b3e9ce09d3e4

Download Submit
C:\Windows\System\aHjtqTo.exe

Filesize
2.2MB

MD5
cca4b3028d846f36ae65feed257de9cc

SHA1
c431de86dac7dd33397dffb425a979280cab3337

SHA256
9670573fbfcd8c62b6332bba36c67a0369690ec2ad9849e225bb30c7f68cf4ab

SHA512
45b80b192e5c35c206c90684faa5a8305429143c3a6bcfa260e6c4085f962c1fc4864546574d3bf94215058fb00a08b93dd8ca105ea6e305d12cf453e20c46af

Download Submit
C:\Windows\System\cAWWssi.exe

Filesize
2.2MB

MD5
48e3d080eab5ca654b7cc22afb67ba4a

SHA1
f8603241e8fad9499805a33fff2737fd9809aff9

SHA256
9694d99d36f03cec47db78a32696ebfe8f0493e175d380d5b72a86e775d8a3d8

SHA512
0add683a771460af15399f69c1a7cf91ee9ebcd3522026b03792579b10d8ed79e30702c6949a672c9798efe938a382113f318040243082867a65e700d4e69a05

Download Submit
C:\Windows\System\cpEXsyd.exe

Filesize
2.2MB

MD5
c0e8b855b34f3b844809ebc9f0bd5b43

SHA1
a4d4a658495162397b38047acd5bffa6db1f4c84

SHA256
0da7916bd6e3fe9b9ac9f55e129aaf69111095b79b2d53b069fb67f2a98b4805

SHA512
64066189d3a5c2bac3393d3c7d1f66479babf30398efcb4041d92d346dc3ecce715a02adad483cb494d18c5665c69757e90072d3f6aa78f70341fa601066901d

Download Submit
C:\Windows\System\dPOYDPb.exe

Filesize
2.2MB

MD5
39a1cc4aa42cbd8c20ef0f5b08ca9257

SHA1
ae7d8facdbafbfe5ee11df125a09b1d3ec8b72b0

SHA256
a1fd0b6411a36a61cd686ee0f96f6603072ffc0fb24f250a1d0057345ef65694

SHA512
2eb16d5b47eabdcb73088ad40a13a8ee75b45708f484537e06a2bb4aa1d476d2c485fab30d00280e23c4d5d95e46f96ff23eff2b1aa3deb2c83a9e49a24698a4

Download Submit
C:\Windows\System\eAzKGZU.exe

Filesize
2.2MB

MD5
3612fe6a4384e3c578626589f6756c0a

SHA1
9eb444cf6bdfe3f300972267748d8a10f7472455

SHA256
4767c564b1b74c5affbf283c6f869cee2ae29c1729c0635e39c4d08a211c9617

SHA512
45984b652fc4c97971e403b3c5f19b6789d9c9dde0b2fdc6f8c54c0c4733c142dc833465fd66fdbc559db9a693568eb217c3cef3ae0f02a4324bed9ee011daf6

Download Submit
C:\Windows\System\fVPoprn.exe

Filesize
2.2MB

MD5
8bc8e35c5b780a00339fb099939a68b0

SHA1
c92bdf71730dc06a191bddbfc171d570fff3377e

SHA256
9432038932fefc9217d31f15ae24d5dad6d304c8275f132656952e1142ff12fd

SHA512
1eb5ca99cb1a26f53292c0d2682bbd25fc7e0d62cc35f0f3282d650618160335a4c442df099c577518876e1061a9cb805f8a05d4869ad8fde56b586b8088c63c

Download Submit
C:\Windows\System\hMZOoAm.exe

Filesize
2.2MB

MD5
aeb7b791f2ff5d7edea87adb32d693d5

SHA1
9fb94a812334f5dad00a4c9ff427745882e2a9ff

SHA256
5f2d90c177569efd16aa0365f8c410615fb1e85da282ea5be65641cffdde5008

SHA512
537ad0532b4ff499fcd15a5e40d4f4540cdea67279d0c68499ffa8786d5d42e1cd8ff27996106e6540755cc88d3d9dec092b9f03b97a1a35ac67bbf9b78cffad

Download Submit
C:\Windows\System\icnwSCv.exe

Filesize
2.2MB

MD5
2c16c4f684d133b4f0ea661db219ba04

SHA1
45a13bbec4ddcbfe434d24ec7d24d91c10e0be3a

SHA256
cfbbc4197d812d386287c4860d2b8a21732d235f81f10bf13c0e43ce166f818c

SHA512
77e6964c9b1c40440366f343a1f87df1ff464b1d0cc55c4cce31823186469b8e36719cc7dee771052fe9966f0ef6f1655f7c821dcbb3d3f989700859f7da5459

Download Submit
C:\Windows\System\nheReWn.exe

Filesize
2.2MB

MD5
4573c6614f8566f77687713b41a9b8d6

SHA1
7ab0b6ddea15dbba4fede0ce3501caed1215d7f4

SHA256
abe78df8372cbd1365dd5582ce9eb949cbf26a2bff1c6cd7fa67daacad03ed7b

SHA512
6a9459e4749436a5b5f6fa30c405330f614e212c6fa53215ea8860202514987438f376245289e98fc9b54fd5c477ac5dfc15485a5585369e4c1275830e201b6b

Download Submit
C:\Windows\System\pmeRidc.exe

Filesize
2.2MB

MD5
78016dacddfff9dfb037453f7e1c81b0

SHA1
f6ef025f366343aebb3cbdf3b08e9c57cc872762

SHA256
dc26f196a66ab9fcc4da585341ac875d4153fcb26e5385fb92df6d07180c6aea

SHA512
8ab2b7919b300950a2df01e2ed32fa9f6cab585fdfc55295c3c17f5a02c90c7c0668f65c3d09103ccf2fced6dc41a5fe41b920eade2fb94ee8843623719ac2f1

Download Submit
C:\Windows\System\qAstfvv.exe

Filesize
2.2MB

MD5
fb78261d87f0943f7d854283932d424e

SHA1
9b96f763672fcdd340604c30308bf6b36b749c6f

SHA256
e7d0253e9526501c081221a243d5484f13fa33052bd37d54c7b1d68c39f8363b

SHA512
af0dc4ba934a1bc426bc284b2fe6b38e323a979296b13ff6ff98e14173f774532a629a76fd1c89fe6467ffb1dd639ecf8d17c7d197293785de156841526fb33b

Download Submit
C:\Windows\System\qHXOiuF.exe

Filesize
2.2MB

MD5
4b280a33e4074ac6492023d7e6bcafc2

SHA1
8629289907823f90bf93b33a4078783e7ff8977e

SHA256
dd6e0742782c6543b4ad4e910b07ca58182337362090ae739fab15da6de7d196

SHA512
4438edbcdf218d0cfbd2bc6bf8137c902ed271aa7091edd31660f6f32ca9b0243a838d8190f7a81c1b3d63d730a8be69de302429376b5aebca57d907605742a8

Download Submit
C:\Windows\System\tYQToqM.exe

Filesize
2.2MB

MD5
35c8022b2ddeef4b6da4f3acce451c8b

SHA1
4ba39274cf1d51d9aef7bf6dbaab516c406a4219

SHA256
9a962fef45d4dd6f25542230e21c130a2e18e2a85e3803df11d77e6adc9c0010

SHA512
fb6f5e45cf9d98e68602890d1c3e1f4b6d819a191cbf99bb7b85c4e7e2cf805d9b7c3ecd68feab870b64ccae8d7853ec909da152d1047abfdd7808f65a24a280

Download Submit
C:\Windows\System\uDBbnez.exe

Filesize
2.2MB

MD5
d7d4016895c34ef181dde989b2e95316

SHA1
2b17fe6d688029c7481b284e4baed64f31f67ed1

SHA256
8a518e2cf89a14016e2202f11dc775e749856e64397a1ed0bcb4768d0c119943

SHA512
09b23b439dc715f3432be8f2613a6ece52054c4eea297cd73295097b7a935b9dadaef9e66471c41f91688ccd897aed2a14e9ea17022e68d001fc061d1a4b5ddc

Download Submit
C:\Windows\System\vxtsccP.exe

Filesize
2.2MB

MD5
7499a852602cdf18b1a2972dd6f0c0eb

SHA1
bce476c545e2f4f7925c098c1124b37ce22d288a

SHA256
7c974a0f28aa558e521333909abd11c56cfa91bdd151dae7f72e1fc9aba53df7

SHA512
63d2e292356504d8205fb9b5c5329642c8b8e782412e4557fb845b844da0dba6b850388c059abc38697d3284b078dffc8b19c7a7c9ab37bdb3cfee6afe563a12

Download Submit
C:\Windows\System\zNFEaAY.exe

Filesize
2.2MB

MD5
33acae0be86bf6aaa9840349ce6cefbd

SHA1
eb0a7cb2b37aec94957ab38fb6d6f68789ed2160

SHA256
27cd9f19227ebdfe640f818760faa2e3936acde604a05823f52e413e0cad53de

SHA512
929f6e9bc652ffe2d7c8d82b19da333ee7ea0b440a707fdb1c70416b5f2bf4160817dd74804a9fc4e64693542a0185d8dc0ce0921a53b68a4fa5609a08b2c27c

Download Submit
C:\Windows\System\zPyiTME.exe

Filesize
2.2MB

MD5
095635502e76288c860082fa82ef56b1

SHA1
156c9d1f2d1fb66251735797fc92042f54828e5e

SHA256
3c48b52b2a5be0406dd40963a9d343d0fc3ae06a1fe19577a68caafe9016ca03

SHA512
958e3f68f2f090b393d433d2aec90ddaf93ab3753ddcf147e1378c56c16b684cbd9bdde0c4c8a1cf8ff987e6292da77104e8e08d49985768f251c79054d12073

Download Submit
C:\Windows\System\zpNfWdq.exe

Filesize
2.2MB

MD5
03725a70b0103c722c504cc9ecf34b7b

SHA1
a69b9b5877c3bad24e4464d2d8e75461aca07d48

SHA256
cc90bf6999966ea93c2511d108306f01287ec8a276395969745654953df0d8ba

SHA512
beb4deb15c86aa58c09df53a8eb953031f9c024ba717e0dad5485e4e53e719cb2a30e1e1506f48423b71268171f285932b1536a87162fdde79a3f91924099246

Download Submit
memory/456-2140-0x00007FF6F91D0000-0x00007FF6F9524000-memory.dmp

Filesize
3.3MB

Download
memory/456-168-0x00007FF6F91D0000-0x00007FF6F9524000-memory.dmp

Filesize
3.3MB

Download
memory/756-2132-0x00007FF69EFC0000-0x00007FF69F314000-memory.dmp

Filesize
3.3MB

Download
memory/756-2124-0x00007FF69EFC0000-0x00007FF69F314000-memory.dmp

Filesize
3.3MB

Download
memory/756-34-0x00007FF69EFC0000-0x00007FF69F314000-memory.dmp

Filesize
3.3MB

Download
memory/1332-1-0x000001FAC0600000-0x000001FAC0610000-memory.dmp

Filesize
64KB

Download
memory/1332-0-0x00007FF732C20000-0x00007FF732F74000-memory.dmp

Filesize
3.3MB

Download
memory/1340-2143-0x00007FF656030000-0x00007FF656384000-memory.dmp

Filesize
3.3MB

Download
memory/1340-138-0x00007FF656030000-0x00007FF656384000-memory.dmp

Filesize
3.3MB

Download
memory/1432-2154-0x00007FF65BA90000-0x00007FF65BDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-157-0x00007FF65BA90000-0x00007FF65BDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2158-0x00007FF77E950000-0x00007FF77ECA4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-185-0x00007FF77E950000-0x00007FF77ECA4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2129-0x00007FF77E950000-0x00007FF77ECA4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2142-0x00007FF7FF630000-0x00007FF7FF984000-memory.dmp

Filesize
3.3MB

Download
memory/1496-166-0x00007FF7FF630000-0x00007FF7FF984000-memory.dmp

Filesize
3.3MB

Download
memory/1524-125-0x00007FF76ABA0000-0x00007FF76AEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-2135-0x00007FF76ABA0000-0x00007FF76AEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2148-0x00007FF75C4A0000-0x00007FF75C7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-156-0x00007FF75C4A0000-0x00007FF75C7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-165-0x00007FF7FD090000-0x00007FF7FD3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1596-2151-0x00007FF7FD090000-0x00007FF7FD3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-38-0x00007FF7760D0000-0x00007FF776424000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2128-0x00007FF7760D0000-0x00007FF776424000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2141-0x00007FF7760D0000-0x00007FF776424000-memory.dmp

Filesize
3.3MB

Download
memory/1716-2153-0x00007FF7FCC80000-0x00007FF7FCFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-160-0x00007FF7FCC80000-0x00007FF7FCFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1776-159-0x00007FF636160000-0x00007FF6364B4000-memory.dmp

Filesize
3.3MB

Download
memory/1776-2145-0x00007FF636160000-0x00007FF6364B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-167-0x00007FF705F90000-0x00007FF7062E4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-2138-0x00007FF705F90000-0x00007FF7062E4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2149-0x00007FF761D70000-0x00007FF7620C4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-162-0x00007FF761D70000-0x00007FF7620C4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-2152-0x00007FF63B2E0000-0x00007FF63B634000-memory.dmp

Filesize
3.3MB

Download
memory/2236-161-0x00007FF63B2E0000-0x00007FF63B634000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2137-0x00007FF64C1C0000-0x00007FF64C514000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2125-0x00007FF64C1C0000-0x00007FF64C514000-memory.dmp

Filesize
3.3MB

Download
memory/2560-56-0x00007FF64C1C0000-0x00007FF64C514000-memory.dmp

Filesize
3.3MB

Download
memory/2576-169-0x00007FF6D63D0000-0x00007FF6D6724000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2150-0x00007FF6D63D0000-0x00007FF6D6724000-memory.dmp

Filesize
3.3MB

Download
memory/2896-2130-0x00007FF654B90000-0x00007FF654EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-14-0x00007FF654B90000-0x00007FF654EE4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-2123-0x00007FF654B90000-0x00007FF654EE4000-memory.dmp

Filesize
3.3MB

Download
memory/3520-2147-0x00007FF609290000-0x00007FF6095E4000-memory.dmp

Filesize
3.3MB

Download
memory/3520-158-0x00007FF609290000-0x00007FF6095E4000-memory.dmp

Filesize
3.3MB

Download
memory/3612-107-0x00007FF6D67D0000-0x00007FF6D6B24000-memory.dmp

Filesize
3.3MB

Download
memory/3612-2136-0x00007FF6D67D0000-0x00007FF6D6B24000-memory.dmp

Filesize
3.3MB

Download
memory/3692-2133-0x00007FF7E5160000-0x00007FF7E54B4000-memory.dmp

Filesize
3.3MB

Download
memory/3692-2127-0x00007FF7E5160000-0x00007FF7E54B4000-memory.dmp

Filesize
3.3MB

Download
memory/3692-36-0x00007FF7E5160000-0x00007FF7E54B4000-memory.dmp

Filesize
3.3MB

Download
memory/4260-2134-0x00007FF7A3E80000-0x00007FF7A41D4000-memory.dmp

Filesize
3.3MB

Download
memory/4260-76-0x00007FF7A3E80000-0x00007FF7A41D4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-170-0x00007FF6E2060000-0x00007FF6E23B4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2146-0x00007FF6E2060000-0x00007FF6E23B4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2155-0x00007FF707820000-0x00007FF707B74000-memory.dmp

Filesize
3.3MB

Download
memory/4608-164-0x00007FF707820000-0x00007FF707B74000-memory.dmp

Filesize
3.3MB

Download
memory/4852-153-0x00007FF651DF0000-0x00007FF652144000-memory.dmp

Filesize
3.3MB

Download
memory/4852-2156-0x00007FF651DF0000-0x00007FF652144000-memory.dmp

Filesize
3.3MB

Download
memory/4876-2157-0x00007FF6D4E60000-0x00007FF6D51B4000-memory.dmp

Filesize
3.3MB

Download
memory/4876-163-0x00007FF6D4E60000-0x00007FF6D51B4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-154-0x00007FF612D60000-0x00007FF6130B4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2144-0x00007FF612D60000-0x00007FF6130B4000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2139-0x00007FF6CE4C0000-0x00007FF6CE814000-memory.dmp

Filesize
3.3MB

Download
memory/5000-155-0x00007FF6CE4C0000-0x00007FF6CE814000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2131-0x00007FF7C7960000-0x00007FF7C7CB4000-memory.dmp

Filesize
3.3MB

Download
memory/5040-23-0x00007FF7C7960000-0x00007FF7C7CB4000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2126-0x00007FF7C7960000-0x00007FF7C7CB4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads