kpot | 3283bdbd6a5958a87683569b8a394a881a9a3b07a8438069bfeb972ee17621c0

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
Size

2.3MB
MD5

505f8b4d27b64337c8044516ae7325e0
SHA1

cfdbea15601c0e191501b3d74ba107929653786b
SHA256

3283bdbd6a5958a87683569b8a394a881a9a3b07a8438069bfeb972ee17621c0
SHA512

1806fac5ffee201ef454220e3ed2dac981b015a5a1f17c9c59bf5f3ab7790b324f67084dc71dc801bf29f632bcb7d2541f76799a5c5fdfb9e1fe35d5bc4aaf0f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6g81p1vsrNio0m/k:BemTLkNdfE0pZrwl

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 36 IoCs

resource	yara_rule
behavioral2/files/0x0008000000022f51-5.dat	family_kpot
behavioral2/files/0x00070000000233fd-15.dat	family_kpot
behavioral2/files/0x00070000000233fe-31.dat	family_kpot
behavioral2/files/0x0007000000023401-39.dat	family_kpot
behavioral2/files/0x0007000000023402-52.dat	family_kpot
behavioral2/files/0x0007000000023400-47.dat	family_kpot
behavioral2/files/0x00070000000233ff-43.dat	family_kpot
behavioral2/files/0x00070000000233fc-17.dat	family_kpot
behavioral2/files/0x00080000000233f7-16.dat	family_kpot
behavioral2/files/0x0007000000023406-70.dat	family_kpot
behavioral2/files/0x000700000002340a-82.dat	family_kpot
behavioral2/files/0x0007000000023408-90.dat	family_kpot
behavioral2/files/0x000700000002340b-117.dat	family_kpot
behavioral2/files/0x000700000002340e-135.dat	family_kpot
behavioral2/files/0x000700000002340f-144.dat	family_kpot
behavioral2/files/0x0007000000023413-154.dat	family_kpot
behavioral2/files/0x0007000000023417-189.dat	family_kpot
behavioral2/files/0x000700000002341e-206.dat	family_kpot
behavioral2/files/0x000700000002341d-205.dat	family_kpot
behavioral2/files/0x000700000002341c-204.dat	family_kpot
behavioral2/files/0x000700000002341b-203.dat	family_kpot
behavioral2/files/0x000700000002341a-202.dat	family_kpot
behavioral2/files/0x0007000000023419-201.dat	family_kpot
behavioral2/files/0x0007000000023416-177.dat	family_kpot
behavioral2/files/0x0007000000023415-158.dat	family_kpot
behavioral2/files/0x0007000000023414-156.dat	family_kpot
behavioral2/files/0x0007000000023412-151.dat	family_kpot
behavioral2/files/0x0007000000023411-149.dat	family_kpot
behavioral2/files/0x0007000000023410-147.dat	family_kpot
behavioral2/files/0x000700000002340d-129.dat	family_kpot
behavioral2/files/0x000700000002340c-126.dat	family_kpot
behavioral2/files/0x0007000000023409-122.dat	family_kpot
behavioral2/files/0x0007000000023407-109.dat	family_kpot
behavioral2/files/0x0007000000023405-94.dat	family_kpot
behavioral2/files/0x00090000000233ef-88.dat	family_kpot
behavioral2/files/0x0007000000023403-71.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4632-0-0x00007FF7C2520000-0x00007FF7C2874000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig
behavioral2/files/0x00070000000233fd-15.dat	xmrig
behavioral2/files/0x00070000000233fe-31.dat	xmrig
behavioral2/memory/2940-36-0x00007FF7D7C50000-0x00007FF7D7FA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023401-39.dat	xmrig
behavioral2/memory/3800-46-0x00007FF76A000000-0x00007FF76A354000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-52.dat	xmrig
behavioral2/memory/2268-55-0x00007FF642850000-0x00007FF642BA4000-memory.dmp	xmrig
behavioral2/memory/2536-56-0x00007FF7B70F0000-0x00007FF7B7444000-memory.dmp	xmrig
behavioral2/memory/3404-54-0x00007FF6DFA20000-0x00007FF6DFD74000-memory.dmp	xmrig
behavioral2/memory/2284-51-0x00007FF7773B0000-0x00007FF777704000-memory.dmp	xmrig
behavioral2/files/0x0007000000023400-47.dat	xmrig
behavioral2/files/0x00070000000233ff-43.dat	xmrig
behavioral2/memory/1644-41-0x00007FF6904E0000-0x00007FF690834000-memory.dmp	xmrig
behavioral2/memory/2136-28-0x00007FF756310000-0x00007FF756664000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fc-17.dat	xmrig
behavioral2/files/0x00080000000233f7-16.dat	xmrig
behavioral2/memory/4484-13-0x00007FF62E9C0000-0x00007FF62ED14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023406-70.dat	xmrig
behavioral2/memory/5000-78-0x00007FF751810000-0x00007FF751B64000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-82.dat	xmrig
behavioral2/files/0x0007000000023408-90.dat	xmrig
behavioral2/files/0x000700000002340b-117.dat	xmrig
behavioral2/memory/4152-108-0x00007FF787D90000-0x00007FF7880E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-135.dat	xmrig
behavioral2/files/0x000700000002340f-144.dat	xmrig
behavioral2/files/0x0007000000023413-154.dat	xmrig
behavioral2/memory/1864-161-0x00007FF726CF0000-0x00007FF727044000-memory.dmp	xmrig
behavioral2/memory/2952-165-0x00007FF7F97D0000-0x00007FF7F9B24000-memory.dmp	xmrig
behavioral2/memory/2356-169-0x00007FF74B660000-0x00007FF74B9B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-189.dat	xmrig
behavioral2/files/0x000700000002341e-206.dat	xmrig
behavioral2/memory/2324-209-0x00007FF768C70000-0x00007FF768FC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-205.dat	xmrig
behavioral2/files/0x000700000002341c-204.dat	xmrig
behavioral2/files/0x000700000002341b-203.dat	xmrig
behavioral2/files/0x000700000002341a-202.dat	xmrig
behavioral2/files/0x0007000000023419-201.dat	xmrig
behavioral2/files/0x0007000000023416-177.dat	xmrig
behavioral2/memory/4148-170-0x00007FF7EF540000-0x00007FF7EF894000-memory.dmp	xmrig
behavioral2/memory/3504-168-0x00007FF76DCE0000-0x00007FF76E034000-memory.dmp	xmrig
behavioral2/memory/212-167-0x00007FF7EA180000-0x00007FF7EA4D4000-memory.dmp	xmrig
behavioral2/memory/1692-166-0x00007FF6243D0000-0x00007FF624724000-memory.dmp	xmrig
behavioral2/memory/3252-164-0x00007FF797630000-0x00007FF797984000-memory.dmp	xmrig
behavioral2/memory/1124-163-0x00007FF738370000-0x00007FF7386C4000-memory.dmp	xmrig
behavioral2/memory/4844-162-0x00007FF7DB790000-0x00007FF7DBAE4000-memory.dmp	xmrig
behavioral2/memory/3152-160-0x00007FF6CFAA0000-0x00007FF6CFDF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-158.dat	xmrig
behavioral2/files/0x0007000000023414-156.dat	xmrig
behavioral2/memory/1384-153-0x00007FF7D63C0000-0x00007FF7D6714000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-151.dat	xmrig
behavioral2/files/0x0007000000023411-149.dat	xmrig
behavioral2/files/0x0007000000023410-147.dat	xmrig
behavioral2/memory/4032-146-0x00007FF71F0E0000-0x00007FF71F434000-memory.dmp	xmrig
behavioral2/memory/4156-139-0x00007FF628770000-0x00007FF628AC4000-memory.dmp	xmrig
behavioral2/memory/2776-138-0x00007FF6DA340000-0x00007FF6DA694000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-129.dat	xmrig
behavioral2/files/0x000700000002340c-126.dat	xmrig
behavioral2/files/0x0007000000023409-122.dat	xmrig
behavioral2/memory/1300-105-0x00007FF6F4CB0000-0x00007FF6F5004000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-109.dat	xmrig
behavioral2/files/0x0007000000023405-94.dat	xmrig
behavioral2/files/0x00090000000233ef-88.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4484	rFOLDTT.exe
2284	RkInsyV.exe
2136	mNHmhWR.exe
2940	bzyNcQF.exe
3404	RiVFvaX.exe
1644	bfPhIOp.exe
3800	EmKWVaR.exe
2268	hKYazlz.exe
2536	FfnNCdK.exe
5000	CoRyfLr.exe
2952	qElRWfP.exe
1688	JwOhitW.exe
1300	uSlAWwc.exe
4152	NHPQFaE.exe
1692	LrSSKvY.exe
2776	xWTXuli.exe
4156	fBJVkfr.exe
4032	vkNnjdH.exe
212	xJfpCjq.exe
1384	KoEhGWe.exe
3152	CiiEPDh.exe
3504	dCpTmag.exe
2356	fWsNsYe.exe
1864	HJixDQo.exe
4844	rFWPVZz.exe
4148	JWPhpNA.exe
1124	xeAwTEV.exe
3252	MyyuPLP.exe
2324	IFOkPGv.exe
2684	PuLqksJ.exe
8	RjdhEsa.exe
4476	XaUFUgY.exe
2844	xmcwIGo.exe
3044	XKdzoal.exe
4528	ZMqBXhl.exe
3432	NrTefee.exe
1784	dgThWkU.exe
4976	OobyHLN.exe
1592	uKnpPdB.exe
1332	ZIMSGqi.exe
1576	IDKTCpD.exe
4312	bTKTAoL.exe
4608	sETrKrX.exe
4932	lJzZhbD.exe
2280	OhBMfHx.exe
4580	cWNpuXU.exe
4968	WarFdUp.exe
1516	euxrqew.exe
2616	YNnqjol.exe
1768	awpksfg.exe
3480	jFPuWSY.exe
1616	uEcTGzc.exe
1120	BeKaTHo.exe
1984	cZTkfPE.exe
4020	rsLsOOj.exe
884	PLeUTCY.exe
4444	sZzGXBb.exe
1696	oAgfneT.exe
4732	lKdTbZQ.exe
912	NxWNJgW.exe
3896	XhTPoPi.exe
208	LZMqHVo.exe
4568	VxeZeWd.exe
4432	TheNbfC.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4632-0-0x00007FF7C2520000-0x00007FF7C2874000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/files/0x00070000000233fd-15.dat	upx
behavioral2/files/0x00070000000233fe-31.dat	upx
behavioral2/memory/2940-36-0x00007FF7D7C50000-0x00007FF7D7FA4000-memory.dmp	upx
behavioral2/files/0x0007000000023401-39.dat	upx
behavioral2/memory/3800-46-0x00007FF76A000000-0x00007FF76A354000-memory.dmp	upx
behavioral2/files/0x0007000000023402-52.dat	upx
behavioral2/memory/2268-55-0x00007FF642850000-0x00007FF642BA4000-memory.dmp	upx
behavioral2/memory/2536-56-0x00007FF7B70F0000-0x00007FF7B7444000-memory.dmp	upx
behavioral2/memory/3404-54-0x00007FF6DFA20000-0x00007FF6DFD74000-memory.dmp	upx
behavioral2/memory/2284-51-0x00007FF7773B0000-0x00007FF777704000-memory.dmp	upx
behavioral2/files/0x0007000000023400-47.dat	upx
behavioral2/files/0x00070000000233ff-43.dat	upx
behavioral2/memory/1644-41-0x00007FF6904E0000-0x00007FF690834000-memory.dmp	upx
behavioral2/memory/2136-28-0x00007FF756310000-0x00007FF756664000-memory.dmp	upx
behavioral2/files/0x00070000000233fc-17.dat	upx
behavioral2/files/0x00080000000233f7-16.dat	upx
behavioral2/memory/4484-13-0x00007FF62E9C0000-0x00007FF62ED14000-memory.dmp	upx
behavioral2/files/0x0007000000023406-70.dat	upx
behavioral2/memory/5000-78-0x00007FF751810000-0x00007FF751B64000-memory.dmp	upx
behavioral2/files/0x000700000002340a-82.dat	upx
behavioral2/files/0x0007000000023408-90.dat	upx
behavioral2/files/0x000700000002340b-117.dat	upx
behavioral2/memory/4152-108-0x00007FF787D90000-0x00007FF7880E4000-memory.dmp	upx
behavioral2/files/0x000700000002340e-135.dat	upx
behavioral2/files/0x000700000002340f-144.dat	upx
behavioral2/files/0x0007000000023413-154.dat	upx
behavioral2/memory/1864-161-0x00007FF726CF0000-0x00007FF727044000-memory.dmp	upx
behavioral2/memory/2952-165-0x00007FF7F97D0000-0x00007FF7F9B24000-memory.dmp	upx
behavioral2/memory/2356-169-0x00007FF74B660000-0x00007FF74B9B4000-memory.dmp	upx
behavioral2/files/0x0007000000023417-189.dat	upx
behavioral2/files/0x000700000002341e-206.dat	upx
behavioral2/memory/2324-209-0x00007FF768C70000-0x00007FF768FC4000-memory.dmp	upx
behavioral2/files/0x000700000002341d-205.dat	upx
behavioral2/files/0x000700000002341c-204.dat	upx
behavioral2/files/0x000700000002341b-203.dat	upx
behavioral2/files/0x000700000002341a-202.dat	upx
behavioral2/files/0x0007000000023419-201.dat	upx
behavioral2/files/0x0007000000023416-177.dat	upx
behavioral2/memory/4148-170-0x00007FF7EF540000-0x00007FF7EF894000-memory.dmp	upx
behavioral2/memory/3504-168-0x00007FF76DCE0000-0x00007FF76E034000-memory.dmp	upx
behavioral2/memory/212-167-0x00007FF7EA180000-0x00007FF7EA4D4000-memory.dmp	upx
behavioral2/memory/1692-166-0x00007FF6243D0000-0x00007FF624724000-memory.dmp	upx
behavioral2/memory/3252-164-0x00007FF797630000-0x00007FF797984000-memory.dmp	upx
behavioral2/memory/1124-163-0x00007FF738370000-0x00007FF7386C4000-memory.dmp	upx
behavioral2/memory/4844-162-0x00007FF7DB790000-0x00007FF7DBAE4000-memory.dmp	upx
behavioral2/memory/3152-160-0x00007FF6CFAA0000-0x00007FF6CFDF4000-memory.dmp	upx
behavioral2/files/0x0007000000023415-158.dat	upx
behavioral2/files/0x0007000000023414-156.dat	upx
behavioral2/memory/1384-153-0x00007FF7D63C0000-0x00007FF7D6714000-memory.dmp	upx
behavioral2/files/0x0007000000023412-151.dat	upx
behavioral2/files/0x0007000000023411-149.dat	upx
behavioral2/files/0x0007000000023410-147.dat	upx
behavioral2/memory/4032-146-0x00007FF71F0E0000-0x00007FF71F434000-memory.dmp	upx
behavioral2/memory/4156-139-0x00007FF628770000-0x00007FF628AC4000-memory.dmp	upx
behavioral2/memory/2776-138-0x00007FF6DA340000-0x00007FF6DA694000-memory.dmp	upx
behavioral2/files/0x000700000002340d-129.dat	upx
behavioral2/files/0x000700000002340c-126.dat	upx
behavioral2/files/0x0007000000023409-122.dat	upx
behavioral2/memory/1300-105-0x00007FF6F4CB0000-0x00007FF6F5004000-memory.dmp	upx
behavioral2/files/0x0007000000023407-109.dat	upx
behavioral2/files/0x0007000000023405-94.dat	upx
behavioral2/files/0x00090000000233ef-88.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YPVddiq.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\UdOzLzo.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\MyyuPLP.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\MVDtAUN.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\leohcBV.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\wSWMdtn.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\edIanIQ.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\FLPvNAB.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\zkJKZee.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\GzEwVjy.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\dKWjMlS.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\WoftHyP.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\wkPDSSP.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\YpNGdgK.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\NldbsAS.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\FfnNCdK.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\dmJrhVK.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\jifFqwP.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\mvNYLnB.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\pKdlXeL.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\ULAwASP.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\EPKQUEG.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\UfnohYY.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\tOtBcHq.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\yLqbxkv.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\TmbiJvU.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\QJDRgIF.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\lJzZhbD.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\kzdQTGx.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\bEZKvBo.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\BiTRjHY.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\yLoQWCL.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\jzdscTu.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\ApstVgg.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\seXmjEm.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\mNHmhWR.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\hWkeTNI.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\gRweVyy.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\XwvEGpP.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\iIamrAH.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\pkgVfRd.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\xaZmpcW.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\jTYquFV.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\PwoWWpx.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\xWTXuli.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\OobyHLN.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\VCKCKDf.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\zcttipZ.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\Lweybnc.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\NbqEauB.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\tnCSSJs.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\KIVtsTV.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\jFPuWSY.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\BeKaTHo.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\jVDgGXw.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\hSdvsYb.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\UkHzwfO.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\fYmqRjx.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\dTACavN.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZNBAuqQ.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\CSdpKvY.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\aoXJxVx.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\KPBAKFZ.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
File created	C:\Windows\System\awpksfg.exe	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14408	dwm.exe
Token: SeChangeNotifyPrivilege	14408	dwm.exe
Token: 33	14408	dwm.exe
Token: SeIncBasePriorityPrivilege	14408	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 4484	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	83
PID 4632 wrote to memory of 4484	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	83
PID 4632 wrote to memory of 2284	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	84
PID 4632 wrote to memory of 2284	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	84
PID 4632 wrote to memory of 2136	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	85
PID 4632 wrote to memory of 2136	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	85
PID 4632 wrote to memory of 2940	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	86
PID 4632 wrote to memory of 2940	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	86
PID 4632 wrote to memory of 3404	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	87
PID 4632 wrote to memory of 3404	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	87
PID 4632 wrote to memory of 1644	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	88
PID 4632 wrote to memory of 1644	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	88
PID 4632 wrote to memory of 3800	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	89
PID 4632 wrote to memory of 3800	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	89
PID 4632 wrote to memory of 2268	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	90
PID 4632 wrote to memory of 2268	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	90
PID 4632 wrote to memory of 2536	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	91
PID 4632 wrote to memory of 2536	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	91
PID 4632 wrote to memory of 5000	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	92
PID 4632 wrote to memory of 5000	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	92
PID 4632 wrote to memory of 1688	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	93
PID 4632 wrote to memory of 1688	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	93
PID 4632 wrote to memory of 4152	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	94
PID 4632 wrote to memory of 4152	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	94
PID 4632 wrote to memory of 2952	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	95
PID 4632 wrote to memory of 2952	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	95
PID 4632 wrote to memory of 1692	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	96
PID 4632 wrote to memory of 1692	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	96
PID 4632 wrote to memory of 1300	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	97
PID 4632 wrote to memory of 1300	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	97
PID 4632 wrote to memory of 4156	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	98
PID 4632 wrote to memory of 4156	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	98
PID 4632 wrote to memory of 2776	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	99
PID 4632 wrote to memory of 2776	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	99
PID 4632 wrote to memory of 4032	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	100
PID 4632 wrote to memory of 4032	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	100
PID 4632 wrote to memory of 212	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	101
PID 4632 wrote to memory of 212	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	101
PID 4632 wrote to memory of 1384	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	102
PID 4632 wrote to memory of 1384	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	102
PID 4632 wrote to memory of 3152	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	103
PID 4632 wrote to memory of 3152	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	103
PID 4632 wrote to memory of 3504	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	104
PID 4632 wrote to memory of 3504	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	104
PID 4632 wrote to memory of 2356	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	105
PID 4632 wrote to memory of 2356	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	105
PID 4632 wrote to memory of 1864	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	106
PID 4632 wrote to memory of 1864	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	106
PID 4632 wrote to memory of 4844	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	108
PID 4632 wrote to memory of 4844	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	108
PID 4632 wrote to memory of 4148	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	109
PID 4632 wrote to memory of 4148	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	109
PID 4632 wrote to memory of 1124	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	110
PID 4632 wrote to memory of 1124	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	110
PID 4632 wrote to memory of 3252	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	111
PID 4632 wrote to memory of 3252	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	111
PID 4632 wrote to memory of 2324	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	112
PID 4632 wrote to memory of 2324	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	112
PID 4632 wrote to memory of 2684	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	113
PID 4632 wrote to memory of 2684	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	113
PID 4632 wrote to memory of 4312	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	114
PID 4632 wrote to memory of 4312	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	114
PID 4632 wrote to memory of 8	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	115
PID 4632 wrote to memory of 8	4632	505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\505f8b4d27b64337c8044516ae7325e0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Windows\System\rFOLDTT.exe
  C:\Windows\System\rFOLDTT.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\RkInsyV.exe
  C:\Windows\System\RkInsyV.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\mNHmhWR.exe
  C:\Windows\System\mNHmhWR.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\bzyNcQF.exe
  C:\Windows\System\bzyNcQF.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\RiVFvaX.exe
  C:\Windows\System\RiVFvaX.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\bfPhIOp.exe
  C:\Windows\System\bfPhIOp.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\EmKWVaR.exe
  C:\Windows\System\EmKWVaR.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\hKYazlz.exe
  C:\Windows\System\hKYazlz.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\FfnNCdK.exe
  C:\Windows\System\FfnNCdK.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\CoRyfLr.exe
  C:\Windows\System\CoRyfLr.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\JwOhitW.exe
  C:\Windows\System\JwOhitW.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\NHPQFaE.exe
  C:\Windows\System\NHPQFaE.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\qElRWfP.exe
  C:\Windows\System\qElRWfP.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\LrSSKvY.exe
  C:\Windows\System\LrSSKvY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\uSlAWwc.exe
  C:\Windows\System\uSlAWwc.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\fBJVkfr.exe
  C:\Windows\System\fBJVkfr.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\xWTXuli.exe
  C:\Windows\System\xWTXuli.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\vkNnjdH.exe
  C:\Windows\System\vkNnjdH.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\xJfpCjq.exe
  C:\Windows\System\xJfpCjq.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\KoEhGWe.exe
  C:\Windows\System\KoEhGWe.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\CiiEPDh.exe
  C:\Windows\System\CiiEPDh.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\dCpTmag.exe
  C:\Windows\System\dCpTmag.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\fWsNsYe.exe
  C:\Windows\System\fWsNsYe.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\HJixDQo.exe
  C:\Windows\System\HJixDQo.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\rFWPVZz.exe
  C:\Windows\System\rFWPVZz.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\JWPhpNA.exe
  C:\Windows\System\JWPhpNA.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\xeAwTEV.exe
  C:\Windows\System\xeAwTEV.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\MyyuPLP.exe
  C:\Windows\System\MyyuPLP.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\IFOkPGv.exe
  C:\Windows\System\IFOkPGv.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\PuLqksJ.exe
  C:\Windows\System\PuLqksJ.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\bTKTAoL.exe
  C:\Windows\System\bTKTAoL.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\RjdhEsa.exe
  C:\Windows\System\RjdhEsa.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\XaUFUgY.exe
  C:\Windows\System\XaUFUgY.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\xmcwIGo.exe
  C:\Windows\System\xmcwIGo.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\XKdzoal.exe
  C:\Windows\System\XKdzoal.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\ZMqBXhl.exe
  C:\Windows\System\ZMqBXhl.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\NrTefee.exe
  C:\Windows\System\NrTefee.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\dgThWkU.exe
  C:\Windows\System\dgThWkU.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\OobyHLN.exe
  C:\Windows\System\OobyHLN.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\uKnpPdB.exe
  C:\Windows\System\uKnpPdB.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\ZIMSGqi.exe
  C:\Windows\System\ZIMSGqi.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\IDKTCpD.exe
  C:\Windows\System\IDKTCpD.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\sETrKrX.exe
  C:\Windows\System\sETrKrX.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\lJzZhbD.exe
  C:\Windows\System\lJzZhbD.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\OhBMfHx.exe
  C:\Windows\System\OhBMfHx.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\cWNpuXU.exe
  C:\Windows\System\cWNpuXU.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\WarFdUp.exe
  C:\Windows\System\WarFdUp.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\euxrqew.exe
  C:\Windows\System\euxrqew.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\YNnqjol.exe
  C:\Windows\System\YNnqjol.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\awpksfg.exe
  C:\Windows\System\awpksfg.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\jFPuWSY.exe
  C:\Windows\System\jFPuWSY.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\uEcTGzc.exe
  C:\Windows\System\uEcTGzc.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\BeKaTHo.exe
  C:\Windows\System\BeKaTHo.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\cZTkfPE.exe
  C:\Windows\System\cZTkfPE.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\rsLsOOj.exe
  C:\Windows\System\rsLsOOj.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\PLeUTCY.exe
  C:\Windows\System\PLeUTCY.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\sZzGXBb.exe
  C:\Windows\System\sZzGXBb.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\oAgfneT.exe
  C:\Windows\System\oAgfneT.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\lKdTbZQ.exe
  C:\Windows\System\lKdTbZQ.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\NxWNJgW.exe
  C:\Windows\System\NxWNJgW.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\XhTPoPi.exe
  C:\Windows\System\XhTPoPi.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\LZMqHVo.exe
  C:\Windows\System\LZMqHVo.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\VxeZeWd.exe
  C:\Windows\System\VxeZeWd.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\TheNbfC.exe
  C:\Windows\System\TheNbfC.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\wgEGZyV.exe
  C:\Windows\System\wgEGZyV.exe
  2⤵
  PID:4556
- C:\Windows\System\keThrLW.exe
  C:\Windows\System\keThrLW.exe
  2⤵
  PID:2052
- C:\Windows\System\gXWwojD.exe
  C:\Windows\System\gXWwojD.exe
  2⤵
  PID:2288
- C:\Windows\System\AmcpCMU.exe
  C:\Windows\System\AmcpCMU.exe
  2⤵
  PID:2368
- C:\Windows\System\HkMetDm.exe
  C:\Windows\System\HkMetDm.exe
  2⤵
  PID:3392
- C:\Windows\System\zhUAEwa.exe
  C:\Windows\System\zhUAEwa.exe
  2⤵
  PID:2812
- C:\Windows\System\kSgYAMH.exe
  C:\Windows\System\kSgYAMH.exe
  2⤵
  PID:4940
- C:\Windows\System\sZgLewM.exe
  C:\Windows\System\sZgLewM.exe
  2⤵
  PID:4108
- C:\Windows\System\vPboiGT.exe
  C:\Windows\System\vPboiGT.exe
  2⤵
  PID:2188
- C:\Windows\System\zkJKZee.exe
  C:\Windows\System\zkJKZee.exe
  2⤵
  PID:1092
- C:\Windows\System\AlauYtF.exe
  C:\Windows\System\AlauYtF.exe
  2⤵
  PID:1740
- C:\Windows\System\Cejkwtw.exe
  C:\Windows\System\Cejkwtw.exe
  2⤵
  PID:4856
- C:\Windows\System\mARsiQS.exe
  C:\Windows\System\mARsiQS.exe
  2⤵
  PID:3640
- C:\Windows\System\mKBGvWS.exe
  C:\Windows\System\mKBGvWS.exe
  2⤵
  PID:1156
- C:\Windows\System\ZpkjJmT.exe
  C:\Windows\System\ZpkjJmT.exe
  2⤵
  PID:3128
- C:\Windows\System\CGBbMDb.exe
  C:\Windows\System\CGBbMDb.exe
  2⤵
  PID:2148
- C:\Windows\System\xmmERaO.exe
  C:\Windows\System\xmmERaO.exe
  2⤵
  PID:3084
- C:\Windows\System\nQcThYY.exe
  C:\Windows\System\nQcThYY.exe
  2⤵
  PID:2440
- C:\Windows\System\STFiWBV.exe
  C:\Windows\System\STFiWBV.exe
  2⤵
  PID:5116
- C:\Windows\System\SfmvjrM.exe
  C:\Windows\System\SfmvjrM.exe
  2⤵
  PID:3012
- C:\Windows\System\ohBGOCj.exe
  C:\Windows\System\ohBGOCj.exe
  2⤵
  PID:5140
- C:\Windows\System\ridnKfO.exe
  C:\Windows\System\ridnKfO.exe
  2⤵
  PID:5164
- C:\Windows\System\qEtNUtS.exe
  C:\Windows\System\qEtNUtS.exe
  2⤵
  PID:5188
- C:\Windows\System\qrmQelZ.exe
  C:\Windows\System\qrmQelZ.exe
  2⤵
  PID:5220
- C:\Windows\System\RwBEXBK.exe
  C:\Windows\System\RwBEXBK.exe
  2⤵
  PID:5256
- C:\Windows\System\LyBEXvj.exe
  C:\Windows\System\LyBEXvj.exe
  2⤵
  PID:5304
- C:\Windows\System\KbeYRZH.exe
  C:\Windows\System\KbeYRZH.exe
  2⤵
  PID:5332
- C:\Windows\System\MnplQOB.exe
  C:\Windows\System\MnplQOB.exe
  2⤵
  PID:5364
- C:\Windows\System\MkiwJZR.exe
  C:\Windows\System\MkiwJZR.exe
  2⤵
  PID:5396
- C:\Windows\System\SIdVKOh.exe
  C:\Windows\System\SIdVKOh.exe
  2⤵
  PID:5432
- C:\Windows\System\Lcnvsln.exe
  C:\Windows\System\Lcnvsln.exe
  2⤵
  PID:5464
- C:\Windows\System\PmpkvSI.exe
  C:\Windows\System\PmpkvSI.exe
  2⤵
  PID:5500
- C:\Windows\System\mLYUyya.exe
  C:\Windows\System\mLYUyya.exe
  2⤵
  PID:5528
- C:\Windows\System\TnNUzmq.exe
  C:\Windows\System\TnNUzmq.exe
  2⤵
  PID:5564
- C:\Windows\System\omTOrOn.exe
  C:\Windows\System\omTOrOn.exe
  2⤵
  PID:5604
- C:\Windows\System\cdvYYAD.exe
  C:\Windows\System\cdvYYAD.exe
  2⤵
  PID:5632
- C:\Windows\System\hWkeTNI.exe
  C:\Windows\System\hWkeTNI.exe
  2⤵
  PID:5660
- C:\Windows\System\SAvUlRA.exe
  C:\Windows\System\SAvUlRA.exe
  2⤵
  PID:5692
- C:\Windows\System\qIRejlF.exe
  C:\Windows\System\qIRejlF.exe
  2⤵
  PID:5724
- C:\Windows\System\wkPDSSP.exe
  C:\Windows\System\wkPDSSP.exe
  2⤵
  PID:5740
- C:\Windows\System\YcAfHER.exe
  C:\Windows\System\YcAfHER.exe
  2⤵
  PID:5768
- C:\Windows\System\ibIzGWk.exe
  C:\Windows\System\ibIzGWk.exe
  2⤵
  PID:5788
- C:\Windows\System\celAOlU.exe
  C:\Windows\System\celAOlU.exe
  2⤵
  PID:5812
- C:\Windows\System\LPEfZkQ.exe
  C:\Windows\System\LPEfZkQ.exe
  2⤵
  PID:5844
- C:\Windows\System\tEhYCHh.exe
  C:\Windows\System\tEhYCHh.exe
  2⤵
  PID:5880
- C:\Windows\System\DAgVwDo.exe
  C:\Windows\System\DAgVwDo.exe
  2⤵
  PID:5912
- C:\Windows\System\qXEILgn.exe
  C:\Windows\System\qXEILgn.exe
  2⤵
  PID:5940
- C:\Windows\System\uYiZFvC.exe
  C:\Windows\System\uYiZFvC.exe
  2⤵
  PID:5968
- C:\Windows\System\hrVPJwI.exe
  C:\Windows\System\hrVPJwI.exe
  2⤵
  PID:5996
- C:\Windows\System\wHsxeOJ.exe
  C:\Windows\System\wHsxeOJ.exe
  2⤵
  PID:6032
- C:\Windows\System\SixFSQL.exe
  C:\Windows\System\SixFSQL.exe
  2⤵
  PID:6068
- C:\Windows\System\xhUCFeh.exe
  C:\Windows\System\xhUCFeh.exe
  2⤵
  PID:6096
- C:\Windows\System\kOKnVFA.exe
  C:\Windows\System\kOKnVFA.exe
  2⤵
  PID:6132
- C:\Windows\System\kzdQTGx.exe
  C:\Windows\System\kzdQTGx.exe
  2⤵
  PID:5184
- C:\Windows\System\KfNLTYm.exe
  C:\Windows\System\KfNLTYm.exe
  2⤵
  PID:5324
- C:\Windows\System\KgTUKzE.exe
  C:\Windows\System\KgTUKzE.exe
  2⤵
  PID:5356
- C:\Windows\System\lAHhmiv.exe
  C:\Windows\System\lAHhmiv.exe
  2⤵
  PID:5480
- C:\Windows\System\ggsJUiJ.exe
  C:\Windows\System\ggsJUiJ.exe
  2⤵
  PID:5520
- C:\Windows\System\XfZubgG.exe
  C:\Windows\System\XfZubgG.exe
  2⤵
  PID:5592
- C:\Windows\System\JaLZzcB.exe
  C:\Windows\System\JaLZzcB.exe
  2⤵
  PID:5652
- C:\Windows\System\SirdXil.exe
  C:\Windows\System\SirdXil.exe
  2⤵
  PID:5752
- C:\Windows\System\FXjDrEl.exe
  C:\Windows\System\FXjDrEl.exe
  2⤵
  PID:5760
- C:\Windows\System\HUpmdld.exe
  C:\Windows\System\HUpmdld.exe
  2⤵
  PID:5860
- C:\Windows\System\GUbHkun.exe
  C:\Windows\System\GUbHkun.exe
  2⤵
  PID:5936
- C:\Windows\System\VCKCKDf.exe
  C:\Windows\System\VCKCKDf.exe
  2⤵
  PID:5992
- C:\Windows\System\BNIPaHh.exe
  C:\Windows\System\BNIPaHh.exe
  2⤵
  PID:6060
- C:\Windows\System\vDIYEwV.exe
  C:\Windows\System\vDIYEwV.exe
  2⤵
  PID:6128
- C:\Windows\System\hFvgiGx.exe
  C:\Windows\System\hFvgiGx.exe
  2⤵
  PID:5204
- C:\Windows\System\oHamGZH.exe
  C:\Windows\System\oHamGZH.exe
  2⤵
  PID:5484
- C:\Windows\System\HvqPKMS.exe
  C:\Windows\System\HvqPKMS.exe
  2⤵
  PID:5704
- C:\Windows\System\MByrxLt.exe
  C:\Windows\System\MByrxLt.exe
  2⤵
  PID:5868
- C:\Windows\System\VHPnKtq.exe
  C:\Windows\System\VHPnKtq.exe
  2⤵
  PID:5980
- C:\Windows\System\ufInpVH.exe
  C:\Windows\System\ufInpVH.exe
  2⤵
  PID:6092
- C:\Windows\System\tFIpHMW.exe
  C:\Windows\System\tFIpHMW.exe
  2⤵
  PID:5628
- C:\Windows\System\CEKxGGI.exe
  C:\Windows\System\CEKxGGI.exe
  2⤵
  PID:6028
- C:\Windows\System\fkJFBnj.exe
  C:\Windows\System\fkJFBnj.exe
  2⤵
  PID:5424
- C:\Windows\System\buYxxYL.exe
  C:\Windows\System\buYxxYL.exe
  2⤵
  PID:5736
- C:\Windows\System\CthYJOz.exe
  C:\Windows\System\CthYJOz.exe
  2⤵
  PID:6168
- C:\Windows\System\novrCWN.exe
  C:\Windows\System\novrCWN.exe
  2⤵
  PID:6196
- C:\Windows\System\WdcMxHY.exe
  C:\Windows\System\WdcMxHY.exe
  2⤵
  PID:6224
- C:\Windows\System\AWzhuyY.exe
  C:\Windows\System\AWzhuyY.exe
  2⤵
  PID:6248
- C:\Windows\System\YOqGzUO.exe
  C:\Windows\System\YOqGzUO.exe
  2⤵
  PID:6280
- C:\Windows\System\InyOqXp.exe
  C:\Windows\System\InyOqXp.exe
  2⤵
  PID:6304
- C:\Windows\System\TyKedNE.exe
  C:\Windows\System\TyKedNE.exe
  2⤵
  PID:6336
- C:\Windows\System\FKvGeGB.exe
  C:\Windows\System\FKvGeGB.exe
  2⤵
  PID:6360
- C:\Windows\System\dmJrhVK.exe
  C:\Windows\System\dmJrhVK.exe
  2⤵
  PID:6388
- C:\Windows\System\YLfmjcC.exe
  C:\Windows\System\YLfmjcC.exe
  2⤵
  PID:6416
- C:\Windows\System\oLqGBWq.exe
  C:\Windows\System\oLqGBWq.exe
  2⤵
  PID:6432
- C:\Windows\System\OTVGTAI.exe
  C:\Windows\System\OTVGTAI.exe
  2⤵
  PID:6456
- C:\Windows\System\vSKOhyU.exe
  C:\Windows\System\vSKOhyU.exe
  2⤵
  PID:6488
- C:\Windows\System\wdQKzhj.exe
  C:\Windows\System\wdQKzhj.exe
  2⤵
  PID:6524
- C:\Windows\System\IAKXHje.exe
  C:\Windows\System\IAKXHje.exe
  2⤵
  PID:6540
- C:\Windows\System\CwWUAEN.exe
  C:\Windows\System\CwWUAEN.exe
  2⤵
  PID:6560
- C:\Windows\System\VuxIeGA.exe
  C:\Windows\System\VuxIeGA.exe
  2⤵
  PID:6584
- C:\Windows\System\QRVsVOK.exe
  C:\Windows\System\QRVsVOK.exe
  2⤵
  PID:6616
- C:\Windows\System\kWDSyQH.exe
  C:\Windows\System\kWDSyQH.exe
  2⤵
  PID:6636
- C:\Windows\System\CupltSA.exe
  C:\Windows\System\CupltSA.exe
  2⤵
  PID:6680
- C:\Windows\System\ahmvyOO.exe
  C:\Windows\System\ahmvyOO.exe
  2⤵
  PID:6720
- C:\Windows\System\OhdLSDO.exe
  C:\Windows\System\OhdLSDO.exe
  2⤵
  PID:6752
- C:\Windows\System\XqphDtU.exe
  C:\Windows\System\XqphDtU.exe
  2⤵
  PID:6784
- C:\Windows\System\PGAtbFP.exe
  C:\Windows\System\PGAtbFP.exe
  2⤵
  PID:6808
- C:\Windows\System\wQHrKMk.exe
  C:\Windows\System\wQHrKMk.exe
  2⤵
  PID:6836
- C:\Windows\System\CnknpmN.exe
  C:\Windows\System\CnknpmN.exe
  2⤵
  PID:6864
- C:\Windows\System\wJGZWsi.exe
  C:\Windows\System\wJGZWsi.exe
  2⤵
  PID:6896
- C:\Windows\System\yjicTUe.exe
  C:\Windows\System\yjicTUe.exe
  2⤵
  PID:6924
- C:\Windows\System\pKdlXeL.exe
  C:\Windows\System\pKdlXeL.exe
  2⤵
  PID:6952
- C:\Windows\System\GCuGiHe.exe
  C:\Windows\System\GCuGiHe.exe
  2⤵
  PID:6980
- C:\Windows\System\AFKmgWd.exe
  C:\Windows\System\AFKmgWd.exe
  2⤵
  PID:7004
- C:\Windows\System\FdrHGDa.exe
  C:\Windows\System\FdrHGDa.exe
  2⤵
  PID:7040
- C:\Windows\System\DTtsAsz.exe
  C:\Windows\System\DTtsAsz.exe
  2⤵
  PID:7080
- C:\Windows\System\fMusrWx.exe
  C:\Windows\System\fMusrWx.exe
  2⤵
  PID:7096
- C:\Windows\System\gYKlIlG.exe
  C:\Windows\System\gYKlIlG.exe
  2⤵
  PID:7136
- C:\Windows\System\nJQwlyu.exe
  C:\Windows\System\nJQwlyu.exe
  2⤵
  PID:6180
- C:\Windows\System\dwKuAlX.exe
  C:\Windows\System\dwKuAlX.exe
  2⤵
  PID:6240
- C:\Windows\System\bEZKvBo.exe
  C:\Windows\System\bEZKvBo.exe
  2⤵
  PID:6272
- C:\Windows\System\QefVHzV.exe
  C:\Windows\System\QefVHzV.exe
  2⤵
  PID:6380
- C:\Windows\System\qIazPCS.exe
  C:\Windows\System\qIazPCS.exe
  2⤵
  PID:6428
- C:\Windows\System\cckIMrd.exe
  C:\Windows\System\cckIMrd.exe
  2⤵
  PID:6500
- C:\Windows\System\htTSHzz.exe
  C:\Windows\System\htTSHzz.exe
  2⤵
  PID:6576
- C:\Windows\System\vrSvJHa.exe
  C:\Windows\System\vrSvJHa.exe
  2⤵
  PID:4828
- C:\Windows\System\uGItLdf.exe
  C:\Windows\System\uGItLdf.exe
  2⤵
  PID:6656
- C:\Windows\System\lVvWECs.exe
  C:\Windows\System\lVvWECs.exe
  2⤵
  PID:6736
- C:\Windows\System\emQwHSE.exe
  C:\Windows\System\emQwHSE.exe
  2⤵
  PID:6792
- C:\Windows\System\BLMDLdc.exe
  C:\Windows\System\BLMDLdc.exe
  2⤵
  PID:6860
- C:\Windows\System\LRDxZBd.exe
  C:\Windows\System\LRDxZBd.exe
  2⤵
  PID:6932
- C:\Windows\System\UMHVMte.exe
  C:\Windows\System\UMHVMte.exe
  2⤵
  PID:7000
- C:\Windows\System\OTVbFtX.exe
  C:\Windows\System\OTVbFtX.exe
  2⤵
  PID:7092
- C:\Windows\System\wZjktOh.exe
  C:\Windows\System\wZjktOh.exe
  2⤵
  PID:7160
- C:\Windows\System\bMZHASE.exe
  C:\Windows\System\bMZHASE.exe
  2⤵
  PID:6268
- C:\Windows\System\zOxbZnh.exe
  C:\Windows\System\zOxbZnh.exe
  2⤵
  PID:3916
- C:\Windows\System\ZYFLHUN.exe
  C:\Windows\System\ZYFLHUN.exe
  2⤵
  PID:6628
- C:\Windows\System\iLnlsVu.exe
  C:\Windows\System\iLnlsVu.exe
  2⤵
  PID:6716
- C:\Windows\System\MgggIxc.exe
  C:\Windows\System\MgggIxc.exe
  2⤵
  PID:6912
- C:\Windows\System\TxKDWFd.exe
  C:\Windows\System\TxKDWFd.exe
  2⤵
  PID:7116
- C:\Windows\System\IQCCAlL.exe
  C:\Windows\System\IQCCAlL.exe
  2⤵
  PID:6424
- C:\Windows\System\NSORmLK.exe
  C:\Windows\System\NSORmLK.exe
  2⤵
  PID:6764
- C:\Windows\System\omKLBaG.exe
  C:\Windows\System\omKLBaG.exe
  2⤵
  PID:6212
- C:\Windows\System\CkHPiyj.exe
  C:\Windows\System\CkHPiyj.exe
  2⤵
  PID:7032
- C:\Windows\System\hYtLQih.exe
  C:\Windows\System\hYtLQih.exe
  2⤵
  PID:6328
- C:\Windows\System\gRweVyy.exe
  C:\Windows\System\gRweVyy.exe
  2⤵
  PID:7192
- C:\Windows\System\DxmmNYQ.exe
  C:\Windows\System\DxmmNYQ.exe
  2⤵
  PID:7216
- C:\Windows\System\ubiybRr.exe
  C:\Windows\System\ubiybRr.exe
  2⤵
  PID:7244
- C:\Windows\System\GzEwVjy.exe
  C:\Windows\System\GzEwVjy.exe
  2⤵
  PID:7276
- C:\Windows\System\lRuoOCr.exe
  C:\Windows\System\lRuoOCr.exe
  2⤵
  PID:7300
- C:\Windows\System\MeYShLy.exe
  C:\Windows\System\MeYShLy.exe
  2⤵
  PID:7324
- C:\Windows\System\vFjkhGF.exe
  C:\Windows\System\vFjkhGF.exe
  2⤵
  PID:7352
- C:\Windows\System\oZOlvYS.exe
  C:\Windows\System\oZOlvYS.exe
  2⤵
  PID:7392
- C:\Windows\System\csOSOVT.exe
  C:\Windows\System\csOSOVT.exe
  2⤵
  PID:7420
- C:\Windows\System\zcttipZ.exe
  C:\Windows\System\zcttipZ.exe
  2⤵
  PID:7452
- C:\Windows\System\zdDYRtq.exe
  C:\Windows\System\zdDYRtq.exe
  2⤵
  PID:7476
- C:\Windows\System\rEuHXRV.exe
  C:\Windows\System\rEuHXRV.exe
  2⤵
  PID:7500
- C:\Windows\System\MNqCAWp.exe
  C:\Windows\System\MNqCAWp.exe
  2⤵
  PID:7540
- C:\Windows\System\jVDgGXw.exe
  C:\Windows\System\jVDgGXw.exe
  2⤵
  PID:7568
- C:\Windows\System\RZuaMAh.exe
  C:\Windows\System\RZuaMAh.exe
  2⤵
  PID:7588
- C:\Windows\System\ZFNXRxk.exe
  C:\Windows\System\ZFNXRxk.exe
  2⤵
  PID:7624
- C:\Windows\System\lsUXUyu.exe
  C:\Windows\System\lsUXUyu.exe
  2⤵
  PID:7648
- C:\Windows\System\OSVBniS.exe
  C:\Windows\System\OSVBniS.exe
  2⤵
  PID:7672
- C:\Windows\System\bjtRtka.exe
  C:\Windows\System\bjtRtka.exe
  2⤵
  PID:7700
- C:\Windows\System\ZeoSZKg.exe
  C:\Windows\System\ZeoSZKg.exe
  2⤵
  PID:7728
- C:\Windows\System\SUBmUNY.exe
  C:\Windows\System\SUBmUNY.exe
  2⤵
  PID:7748
- C:\Windows\System\BiTRjHY.exe
  C:\Windows\System\BiTRjHY.exe
  2⤵
  PID:7764
- C:\Windows\System\wJSwGSC.exe
  C:\Windows\System\wJSwGSC.exe
  2⤵
  PID:7788
- C:\Windows\System\zRWQKLf.exe
  C:\Windows\System\zRWQKLf.exe
  2⤵
  PID:7824
- C:\Windows\System\eujlwbs.exe
  C:\Windows\System\eujlwbs.exe
  2⤵
  PID:7864
- C:\Windows\System\DIDTHLD.exe
  C:\Windows\System\DIDTHLD.exe
  2⤵
  PID:7908
- C:\Windows\System\OTtLhcX.exe
  C:\Windows\System\OTtLhcX.exe
  2⤵
  PID:7940
- C:\Windows\System\WJYYKQr.exe
  C:\Windows\System\WJYYKQr.exe
  2⤵
  PID:7956
- C:\Windows\System\LufsWhG.exe
  C:\Windows\System\LufsWhG.exe
  2⤵
  PID:7984
- C:\Windows\System\YzhXclf.exe
  C:\Windows\System\YzhXclf.exe
  2⤵
  PID:8012
- C:\Windows\System\PtWGLmP.exe
  C:\Windows\System\PtWGLmP.exe
  2⤵
  PID:8040
- C:\Windows\System\CzSgDlZ.exe
  C:\Windows\System\CzSgDlZ.exe
  2⤵
  PID:8072
- C:\Windows\System\ROVqQid.exe
  C:\Windows\System\ROVqQid.exe
  2⤵
  PID:8108
- C:\Windows\System\Ybdxeed.exe
  C:\Windows\System\Ybdxeed.exe
  2⤵
  PID:8144
- C:\Windows\System\jdqFCsx.exe
  C:\Windows\System\jdqFCsx.exe
  2⤵
  PID:8160
- C:\Windows\System\oMdVhOi.exe
  C:\Windows\System\oMdVhOi.exe
  2⤵
  PID:8180
- C:\Windows\System\QtWgDWf.exe
  C:\Windows\System\QtWgDWf.exe
  2⤵
  PID:7212
- C:\Windows\System\IqkHTeE.exe
  C:\Windows\System\IqkHTeE.exe
  2⤵
  PID:7268
- C:\Windows\System\jifFqwP.exe
  C:\Windows\System\jifFqwP.exe
  2⤵
  PID:7340
- C:\Windows\System\eFAKjKV.exe
  C:\Windows\System\eFAKjKV.exe
  2⤵
  PID:7432
- C:\Windows\System\fayRius.exe
  C:\Windows\System\fayRius.exe
  2⤵
  PID:7548
- C:\Windows\System\hngZVWs.exe
  C:\Windows\System\hngZVWs.exe
  2⤵
  PID:6408
- C:\Windows\System\MRQiUWV.exe
  C:\Windows\System\MRQiUWV.exe
  2⤵
  PID:7636
- C:\Windows\System\ECzloNb.exe
  C:\Windows\System\ECzloNb.exe
  2⤵
  PID:7684
- C:\Windows\System\GXxlwrq.exe
  C:\Windows\System\GXxlwrq.exe
  2⤵
  PID:7760
- C:\Windows\System\ocOifWZ.exe
  C:\Windows\System\ocOifWZ.exe
  2⤵
  PID:7844
- C:\Windows\System\cBpuVug.exe
  C:\Windows\System\cBpuVug.exe
  2⤵
  PID:7932
- C:\Windows\System\UfSAjnY.exe
  C:\Windows\System\UfSAjnY.exe
  2⤵
  PID:7980
- C:\Windows\System\WvzYNtu.exe
  C:\Windows\System\WvzYNtu.exe
  2⤵
  PID:8000
- C:\Windows\System\jGZoUPf.exe
  C:\Windows\System\jGZoUPf.exe
  2⤵
  PID:8104
- C:\Windows\System\TtUcsEl.exe
  C:\Windows\System\TtUcsEl.exe
  2⤵
  PID:8176
- C:\Windows\System\MVDtAUN.exe
  C:\Windows\System\MVDtAUN.exe
  2⤵
  PID:7256
- C:\Windows\System\PkeUVkQ.exe
  C:\Windows\System\PkeUVkQ.exe
  2⤵
  PID:7364
- C:\Windows\System\tdxkJCY.exe
  C:\Windows\System\tdxkJCY.exe
  2⤵
  PID:7516
- C:\Windows\System\QxguAjF.exe
  C:\Windows\System\QxguAjF.exe
  2⤵
  PID:7604
- C:\Windows\System\BbOlXQq.exe
  C:\Windows\System\BbOlXQq.exe
  2⤵
  PID:7712
- C:\Windows\System\TZZmAbG.exe
  C:\Windows\System\TZZmAbG.exe
  2⤵
  PID:7936
- C:\Windows\System\tbYByej.exe
  C:\Windows\System\tbYByej.exe
  2⤵
  PID:8156
- C:\Windows\System\PeCwMQc.exe
  C:\Windows\System\PeCwMQc.exe
  2⤵
  PID:7460
- C:\Windows\System\oLvehnD.exe
  C:\Windows\System\oLvehnD.exe
  2⤵
  PID:7740
- C:\Windows\System\WLjyPse.exe
  C:\Windows\System\WLjyPse.exe
  2⤵
  PID:3348
- C:\Windows\System\XxuXQIg.exe
  C:\Windows\System\XxuXQIg.exe
  2⤵
  PID:8200
- C:\Windows\System\FhlTkAt.exe
  C:\Windows\System\FhlTkAt.exe
  2⤵
  PID:8228
- C:\Windows\System\unPECpT.exe
  C:\Windows\System\unPECpT.exe
  2⤵
  PID:8256
- C:\Windows\System\KuDAynv.exe
  C:\Windows\System\KuDAynv.exe
  2⤵
  PID:8284
- C:\Windows\System\lWDhQjL.exe
  C:\Windows\System\lWDhQjL.exe
  2⤵
  PID:8320
- C:\Windows\System\WsIJyNr.exe
  C:\Windows\System\WsIJyNr.exe
  2⤵
  PID:8352
- C:\Windows\System\gRytTtT.exe
  C:\Windows\System\gRytTtT.exe
  2⤵
  PID:8388
- C:\Windows\System\foHWTQO.exe
  C:\Windows\System\foHWTQO.exe
  2⤵
  PID:8404
- C:\Windows\System\YJnVepj.exe
  C:\Windows\System\YJnVepj.exe
  2⤵
  PID:8436
- C:\Windows\System\leohcBV.exe
  C:\Windows\System\leohcBV.exe
  2⤵
  PID:8472
- C:\Windows\System\egZWUVJ.exe
  C:\Windows\System\egZWUVJ.exe
  2⤵
  PID:8500
- C:\Windows\System\aaISYTK.exe
  C:\Windows\System\aaISYTK.exe
  2⤵
  PID:8536
- C:\Windows\System\gcpTiPO.exe
  C:\Windows\System\gcpTiPO.exe
  2⤵
  PID:8556
- C:\Windows\System\dIleAnp.exe
  C:\Windows\System\dIleAnp.exe
  2⤵
  PID:8592
- C:\Windows\System\Kqutuvj.exe
  C:\Windows\System\Kqutuvj.exe
  2⤵
  PID:8632
- C:\Windows\System\ygEIzKd.exe
  C:\Windows\System\ygEIzKd.exe
  2⤵
  PID:8668
- C:\Windows\System\pPFrqtY.exe
  C:\Windows\System\pPFrqtY.exe
  2⤵
  PID:8692
- C:\Windows\System\KlChSuU.exe
  C:\Windows\System\KlChSuU.exe
  2⤵
  PID:8728
- C:\Windows\System\IfQmAAy.exe
  C:\Windows\System\IfQmAAy.exe
  2⤵
  PID:8748
- C:\Windows\System\lsPXDSK.exe
  C:\Windows\System\lsPXDSK.exe
  2⤵
  PID:8772
- C:\Windows\System\YZryBRw.exe
  C:\Windows\System\YZryBRw.exe
  2⤵
  PID:8824
- C:\Windows\System\KPTCOIb.exe
  C:\Windows\System\KPTCOIb.exe
  2⤵
  PID:8852
- C:\Windows\System\JqowTHl.exe
  C:\Windows\System\JqowTHl.exe
  2⤵
  PID:8892
- C:\Windows\System\zUCJTVC.exe
  C:\Windows\System\zUCJTVC.exe
  2⤵
  PID:8920
- C:\Windows\System\ZJuvjOA.exe
  C:\Windows\System\ZJuvjOA.exe
  2⤵
  PID:8948
- C:\Windows\System\wSWMdtn.exe
  C:\Windows\System\wSWMdtn.exe
  2⤵
  PID:8984
- C:\Windows\System\uCyXJec.exe
  C:\Windows\System\uCyXJec.exe
  2⤵
  PID:9008
- C:\Windows\System\lyXnPLX.exe
  C:\Windows\System\lyXnPLX.exe
  2⤵
  PID:9036
- C:\Windows\System\RXBTfGE.exe
  C:\Windows\System\RXBTfGE.exe
  2⤵
  PID:9064
- C:\Windows\System\xmocuyJ.exe
  C:\Windows\System\xmocuyJ.exe
  2⤵
  PID:9092
- C:\Windows\System\qwGiobp.exe
  C:\Windows\System\qwGiobp.exe
  2⤵
  PID:9120
- C:\Windows\System\HaMzXqP.exe
  C:\Windows\System\HaMzXqP.exe
  2⤵
  PID:9140
- C:\Windows\System\vuxZMQy.exe
  C:\Windows\System\vuxZMQy.exe
  2⤵
  PID:9168
- C:\Windows\System\jjVmYhX.exe
  C:\Windows\System\jjVmYhX.exe
  2⤵
  PID:9204
- C:\Windows\System\xeasXqC.exe
  C:\Windows\System\xeasXqC.exe
  2⤵
  PID:7632
- C:\Windows\System\jfiWzwQ.exe
  C:\Windows\System\jfiWzwQ.exe
  2⤵
  PID:8272
- C:\Windows\System\VvSFRVU.exe
  C:\Windows\System\VvSFRVU.exe
  2⤵
  PID:8292
- C:\Windows\System\nuJGCdm.exe
  C:\Windows\System\nuJGCdm.exe
  2⤵
  PID:8372
- C:\Windows\System\AcWWGYS.exe
  C:\Windows\System\AcWWGYS.exe
  2⤵
  PID:8468
- C:\Windows\System\mIphCih.exe
  C:\Windows\System\mIphCih.exe
  2⤵
  PID:8528
- C:\Windows\System\abpRTHA.exe
  C:\Windows\System\abpRTHA.exe
  2⤵
  PID:8604
- C:\Windows\System\EamTZyo.exe
  C:\Windows\System\EamTZyo.exe
  2⤵
  PID:8676
- C:\Windows\System\UPTZgvk.exe
  C:\Windows\System\UPTZgvk.exe
  2⤵
  PID:8740
- C:\Windows\System\DWaOgny.exe
  C:\Windows\System\DWaOgny.exe
  2⤵
  PID:8836
- C:\Windows\System\Lweybnc.exe
  C:\Windows\System\Lweybnc.exe
  2⤵
  PID:8912
- C:\Windows\System\JSVECeE.exe
  C:\Windows\System\JSVECeE.exe
  2⤵
  PID:8960
- C:\Windows\System\brQaMEf.exe
  C:\Windows\System\brQaMEf.exe
  2⤵
  PID:9028
- C:\Windows\System\jpzRwjq.exe
  C:\Windows\System\jpzRwjq.exe
  2⤵
  PID:9060
- C:\Windows\System\hSdvsYb.exe
  C:\Windows\System\hSdvsYb.exe
  2⤵
  PID:9128
- C:\Windows\System\CFmsxeF.exe
  C:\Windows\System\CFmsxeF.exe
  2⤵
  PID:8064
- C:\Windows\System\cpjGwdI.exe
  C:\Windows\System\cpjGwdI.exe
  2⤵
  PID:8308
- C:\Windows\System\CrGnNFi.exe
  C:\Windows\System\CrGnNFi.exe
  2⤵
  PID:8484
- C:\Windows\System\swSSPtZ.exe
  C:\Windows\System\swSSPtZ.exe
  2⤵
  PID:8640
- C:\Windows\System\SBSTqkA.exe
  C:\Windows\System\SBSTqkA.exe
  2⤵
  PID:8808
- C:\Windows\System\HTqTxcu.exe
  C:\Windows\System\HTqTxcu.exe
  2⤵
  PID:8936
- C:\Windows\System\xEReGXI.exe
  C:\Windows\System\xEReGXI.exe
  2⤵
  PID:9048
- C:\Windows\System\DyPiEov.exe
  C:\Windows\System\DyPiEov.exe
  2⤵
  PID:9188
- C:\Windows\System\QpLvgeP.exe
  C:\Windows\System\QpLvgeP.exe
  2⤵
  PID:8568
- C:\Windows\System\HzJpaXU.exe
  C:\Windows\System\HzJpaXU.exe
  2⤵
  PID:9020
- C:\Windows\System\lzfceal.exe
  C:\Windows\System\lzfceal.exe
  2⤵
  PID:9156
- C:\Windows\System\ULAwASP.exe
  C:\Windows\System\ULAwASP.exe
  2⤵
  PID:8420
- C:\Windows\System\TKXFIxF.exe
  C:\Windows\System\TKXFIxF.exe
  2⤵
  PID:8452
- C:\Windows\System\YpNGdgK.exe
  C:\Windows\System\YpNGdgK.exe
  2⤵
  PID:3824
- C:\Windows\System\edIanIQ.exe
  C:\Windows\System\edIanIQ.exe
  2⤵
  PID:9252
- C:\Windows\System\JUGNhvO.exe
  C:\Windows\System\JUGNhvO.exe
  2⤵
  PID:9284
- C:\Windows\System\iHCGrxx.exe
  C:\Windows\System\iHCGrxx.exe
  2⤵
  PID:9320
- C:\Windows\System\iagnhQO.exe
  C:\Windows\System\iagnhQO.exe
  2⤵
  PID:9340
- C:\Windows\System\zzgbedA.exe
  C:\Windows\System\zzgbedA.exe
  2⤵
  PID:9368
- C:\Windows\System\khoSEGn.exe
  C:\Windows\System\khoSEGn.exe
  2⤵
  PID:9396
- C:\Windows\System\KewcfnZ.exe
  C:\Windows\System\KewcfnZ.exe
  2⤵
  PID:9424
- C:\Windows\System\fDtqCeG.exe
  C:\Windows\System\fDtqCeG.exe
  2⤵
  PID:9456
- C:\Windows\System\qXfjMHi.exe
  C:\Windows\System\qXfjMHi.exe
  2⤵
  PID:9492
- C:\Windows\System\XwvEGpP.exe
  C:\Windows\System\XwvEGpP.exe
  2⤵
  PID:9508
- C:\Windows\System\gFzQSPL.exe
  C:\Windows\System\gFzQSPL.exe
  2⤵
  PID:9536
- C:\Windows\System\nhfCchc.exe
  C:\Windows\System\nhfCchc.exe
  2⤵
  PID:9576
- C:\Windows\System\LsbDxOQ.exe
  C:\Windows\System\LsbDxOQ.exe
  2⤵
  PID:9604
- C:\Windows\System\rSNjeZJ.exe
  C:\Windows\System\rSNjeZJ.exe
  2⤵
  PID:9620
- C:\Windows\System\fbhstqs.exe
  C:\Windows\System\fbhstqs.exe
  2⤵
  PID:9660
- C:\Windows\System\WTMDjbM.exe
  C:\Windows\System\WTMDjbM.exe
  2⤵
  PID:9688
- C:\Windows\System\fAVWOiy.exe
  C:\Windows\System\fAVWOiy.exe
  2⤵
  PID:9716
- C:\Windows\System\GhlWwwk.exe
  C:\Windows\System\GhlWwwk.exe
  2⤵
  PID:9732
- C:\Windows\System\RuZjJDv.exe
  C:\Windows\System\RuZjJDv.exe
  2⤵
  PID:9752
- C:\Windows\System\JObwCwG.exe
  C:\Windows\System\JObwCwG.exe
  2⤵
  PID:9796
- C:\Windows\System\OMAsQPo.exe
  C:\Windows\System\OMAsQPo.exe
  2⤵
  PID:9828
- C:\Windows\System\BaExsej.exe
  C:\Windows\System\BaExsej.exe
  2⤵
  PID:9872
- C:\Windows\System\FUdbUhE.exe
  C:\Windows\System\FUdbUhE.exe
  2⤵
  PID:9900
- C:\Windows\System\mehfXCa.exe
  C:\Windows\System\mehfXCa.exe
  2⤵
  PID:9928
- C:\Windows\System\WpGnvNs.exe
  C:\Windows\System\WpGnvNs.exe
  2⤵
  PID:9956
- C:\Windows\System\pICJNvz.exe
  C:\Windows\System\pICJNvz.exe
  2⤵
  PID:9984
- C:\Windows\System\qhoPNAG.exe
  C:\Windows\System\qhoPNAG.exe
  2⤵
  PID:10012
- C:\Windows\System\fVEEpGT.exe
  C:\Windows\System\fVEEpGT.exe
  2⤵
  PID:10040
- C:\Windows\System\dlBlcdu.exe
  C:\Windows\System\dlBlcdu.exe
  2⤵
  PID:10060
- C:\Windows\System\iIamrAH.exe
  C:\Windows\System\iIamrAH.exe
  2⤵
  PID:10080
- C:\Windows\System\bgElity.exe
  C:\Windows\System\bgElity.exe
  2⤵
  PID:10116
- C:\Windows\System\WeNRsQK.exe
  C:\Windows\System\WeNRsQK.exe
  2⤵
  PID:10152
- C:\Windows\System\mvNYLnB.exe
  C:\Windows\System\mvNYLnB.exe
  2⤵
  PID:10184
- C:\Windows\System\VcmtmZJ.exe
  C:\Windows\System\VcmtmZJ.exe
  2⤵
  PID:10212
- C:\Windows\System\GyPwtIJ.exe
  C:\Windows\System\GyPwtIJ.exe
  2⤵
  PID:9164
- C:\Windows\System\efNvgDP.exe
  C:\Windows\System\efNvgDP.exe
  2⤵
  PID:9244
- C:\Windows\System\UkHzwfO.exe
  C:\Windows\System\UkHzwfO.exe
  2⤵
  PID:9336
- C:\Windows\System\EpqwtUk.exe
  C:\Windows\System\EpqwtUk.exe
  2⤵
  PID:9408
- C:\Windows\System\jzdscTu.exe
  C:\Windows\System\jzdscTu.exe
  2⤵
  PID:9476
- C:\Windows\System\NMTYEfV.exe
  C:\Windows\System\NMTYEfV.exe
  2⤵
  PID:9524
- C:\Windows\System\ONiBtqc.exe
  C:\Windows\System\ONiBtqc.exe
  2⤵
  PID:9596
- C:\Windows\System\AoABSOz.exe
  C:\Windows\System\AoABSOz.exe
  2⤵
  PID:9672
- C:\Windows\System\aDurncq.exe
  C:\Windows\System\aDurncq.exe
  2⤵
  PID:9724
- C:\Windows\System\MSFuVjk.exe
  C:\Windows\System\MSFuVjk.exe
  2⤵
  PID:9784
- C:\Windows\System\ylnjIdX.exe
  C:\Windows\System\ylnjIdX.exe
  2⤵
  PID:9868
- C:\Windows\System\TOPJtKB.exe
  C:\Windows\System\TOPJtKB.exe
  2⤵
  PID:9920
- C:\Windows\System\pfQSNsx.exe
  C:\Windows\System\pfQSNsx.exe
  2⤵
  PID:9952
- C:\Windows\System\qgKyiku.exe
  C:\Windows\System\qgKyiku.exe
  2⤵
  PID:10008
- C:\Windows\System\OFbQXuf.exe
  C:\Windows\System\OFbQXuf.exe
  2⤵
  PID:10072
- C:\Windows\System\nkNMTAf.exe
  C:\Windows\System\nkNMTAf.exe
  2⤵
  PID:10132
- C:\Windows\System\WsqBKxH.exe
  C:\Windows\System\WsqBKxH.exe
  2⤵
  PID:10196
- C:\Windows\System\LKUAMRu.exe
  C:\Windows\System\LKUAMRu.exe
  2⤵
  PID:9240
- C:\Windows\System\LnrKAky.exe
  C:\Windows\System\LnrKAky.exe
  2⤵
  PID:9364
- C:\Windows\System\DAHfKfR.exe
  C:\Windows\System\DAHfKfR.exe
  2⤵
  PID:9528
- C:\Windows\System\lydHSmO.exe
  C:\Windows\System\lydHSmO.exe
  2⤵
  PID:9772
- C:\Windows\System\ChRnIxV.exe
  C:\Windows\System\ChRnIxV.exe
  2⤵
  PID:9892
- C:\Windows\System\dKWjMlS.exe
  C:\Windows\System\dKWjMlS.exe
  2⤵
  PID:10028
- C:\Windows\System\NXCppbe.exe
  C:\Windows\System\NXCppbe.exe
  2⤵
  PID:10224
- C:\Windows\System\drVHrwb.exe
  C:\Windows\System\drVHrwb.exe
  2⤵
  PID:9452
- C:\Windows\System\XlgsWKA.exe
  C:\Windows\System\XlgsWKA.exe
  2⤵
  PID:9840
- C:\Windows\System\iATOiyP.exe
  C:\Windows\System\iATOiyP.exe
  2⤵
  PID:10112
- C:\Windows\System\ClberWw.exe
  C:\Windows\System\ClberWw.exe
  2⤵
  PID:9656
- C:\Windows\System\ILeKfHe.exe
  C:\Windows\System\ILeKfHe.exe
  2⤵
  PID:10256
- C:\Windows\System\QnozaCB.exe
  C:\Windows\System\QnozaCB.exe
  2⤵
  PID:10276
- C:\Windows\System\QdTAvdW.exe
  C:\Windows\System\QdTAvdW.exe
  2⤵
  PID:10304
- C:\Windows\System\cuISERC.exe
  C:\Windows\System\cuISERC.exe
  2⤵
  PID:10332
- C:\Windows\System\NbqEauB.exe
  C:\Windows\System\NbqEauB.exe
  2⤵
  PID:10360
- C:\Windows\System\UAkRrLy.exe
  C:\Windows\System\UAkRrLy.exe
  2⤵
  PID:10388
- C:\Windows\System\hgPOsdD.exe
  C:\Windows\System\hgPOsdD.exe
  2⤵
  PID:10416
- C:\Windows\System\XmfysMI.exe
  C:\Windows\System\XmfysMI.exe
  2⤵
  PID:10444
- C:\Windows\System\yLoQWCL.exe
  C:\Windows\System\yLoQWCL.exe
  2⤵
  PID:10476
- C:\Windows\System\eMBNAsV.exe
  C:\Windows\System\eMBNAsV.exe
  2⤵
  PID:10500
- C:\Windows\System\XZnedhE.exe
  C:\Windows\System\XZnedhE.exe
  2⤵
  PID:10516
- C:\Windows\System\DnAAnTW.exe
  C:\Windows\System\DnAAnTW.exe
  2⤵
  PID:10532
- C:\Windows\System\uFmNNVl.exe
  C:\Windows\System\uFmNNVl.exe
  2⤵
  PID:10552
- C:\Windows\System\WzUIJtJ.exe
  C:\Windows\System\WzUIJtJ.exe
  2⤵
  PID:10580
- C:\Windows\System\QlDNwPZ.exe
  C:\Windows\System\QlDNwPZ.exe
  2⤵
  PID:10620
- C:\Windows\System\YdbmWrE.exe
  C:\Windows\System\YdbmWrE.exe
  2⤵
  PID:10652
- C:\Windows\System\KRyXMid.exe
  C:\Windows\System\KRyXMid.exe
  2⤵
  PID:10696
- C:\Windows\System\tUyjWkw.exe
  C:\Windows\System\tUyjWkw.exe
  2⤵
  PID:10720
- C:\Windows\System\tnCSSJs.exe
  C:\Windows\System\tnCSSJs.exe
  2⤵
  PID:10752
- C:\Windows\System\QeumJdC.exe
  C:\Windows\System\QeumJdC.exe
  2⤵
  PID:10780
- C:\Windows\System\RymHwEg.exe
  C:\Windows\System\RymHwEg.exe
  2⤵
  PID:10812
- C:\Windows\System\YPVddiq.exe
  C:\Windows\System\YPVddiq.exe
  2⤵
  PID:10852
- C:\Windows\System\KIVtsTV.exe
  C:\Windows\System\KIVtsTV.exe
  2⤵
  PID:10880
- C:\Windows\System\stMzLYf.exe
  C:\Windows\System\stMzLYf.exe
  2⤵
  PID:10896
- C:\Windows\System\hLFhNzX.exe
  C:\Windows\System\hLFhNzX.exe
  2⤵
  PID:10936
- C:\Windows\System\jdvehWF.exe
  C:\Windows\System\jdvehWF.exe
  2⤵
  PID:10952
- C:\Windows\System\nQhbqxc.exe
  C:\Windows\System\nQhbqxc.exe
  2⤵
  PID:10980
- C:\Windows\System\VSTUNlZ.exe
  C:\Windows\System\VSTUNlZ.exe
  2⤵
  PID:11008
- C:\Windows\System\buhMEjS.exe
  C:\Windows\System\buhMEjS.exe
  2⤵
  PID:11036
- C:\Windows\System\DSfdZhj.exe
  C:\Windows\System\DSfdZhj.exe
  2⤵
  PID:11052
- C:\Windows\System\EwvwgkI.exe
  C:\Windows\System\EwvwgkI.exe
  2⤵
  PID:11080
- C:\Windows\System\MPKLfFT.exe
  C:\Windows\System\MPKLfFT.exe
  2⤵
  PID:11120
- C:\Windows\System\hmVPbOC.exe
  C:\Windows\System\hmVPbOC.exe
  2⤵
  PID:11136
- C:\Windows\System\mPwMPnW.exe
  C:\Windows\System\mPwMPnW.exe
  2⤵
  PID:11164
- C:\Windows\System\bSgskXg.exe
  C:\Windows\System\bSgskXg.exe
  2⤵
  PID:11188
- C:\Windows\System\wSsVmbv.exe
  C:\Windows\System\wSsVmbv.exe
  2⤵
  PID:11224
- C:\Windows\System\CSdpKvY.exe
  C:\Windows\System\CSdpKvY.exe
  2⤵
  PID:11248
- C:\Windows\System\gJCAYkG.exe
  C:\Windows\System\gJCAYkG.exe
  2⤵
  PID:9352
- C:\Windows\System\SESATPX.exe
  C:\Windows\System\SESATPX.exe
  2⤵
  PID:10316
- C:\Windows\System\pcRNpOy.exe
  C:\Windows\System\pcRNpOy.exe
  2⤵
  PID:10412
- C:\Windows\System\fYmqRjx.exe
  C:\Windows\System\fYmqRjx.exe
  2⤵
  PID:10436
- C:\Windows\System\yLqbxkv.exe
  C:\Windows\System\yLqbxkv.exe
  2⤵
  PID:10524
- C:\Windows\System\lTTQgGk.exe
  C:\Windows\System\lTTQgGk.exe
  2⤵
  PID:10604
- C:\Windows\System\awDprzu.exe
  C:\Windows\System\awDprzu.exe
  2⤵
  PID:10632
- C:\Windows\System\jTYquFV.exe
  C:\Windows\System\jTYquFV.exe
  2⤵
  PID:10680
- C:\Windows\System\VXyauHt.exe
  C:\Windows\System\VXyauHt.exe
  2⤵
  PID:10704
- C:\Windows\System\OQmpuAI.exe
  C:\Windows\System\OQmpuAI.exe
  2⤵
  PID:10804
- C:\Windows\System\pPonTKP.exe
  C:\Windows\System\pPonTKP.exe
  2⤵
  PID:10868
- C:\Windows\System\NnnZDwW.exe
  C:\Windows\System\NnnZDwW.exe
  2⤵
  PID:10944
- C:\Windows\System\Whpseac.exe
  C:\Windows\System\Whpseac.exe
  2⤵
  PID:11020
- C:\Windows\System\geYxilm.exe
  C:\Windows\System\geYxilm.exe
  2⤵
  PID:11108
- C:\Windows\System\NNzLRmL.exe
  C:\Windows\System\NNzLRmL.exe
  2⤵
  PID:11148
- C:\Windows\System\DolFToH.exe
  C:\Windows\System\DolFToH.exe
  2⤵
  PID:11216
- C:\Windows\System\zTXAlaZ.exe
  C:\Windows\System\zTXAlaZ.exe
  2⤵
  PID:10264
- C:\Windows\System\QqpeYwx.exe
  C:\Windows\System\QqpeYwx.exe
  2⤵
  PID:10440
- C:\Windows\System\ZCfWNYa.exe
  C:\Windows\System\ZCfWNYa.exe
  2⤵
  PID:10744
- C:\Windows\System\cJBfMBz.exe
  C:\Windows\System\cJBfMBz.exe
  2⤵
  PID:10840
- C:\Windows\System\xmSWVYc.exe
  C:\Windows\System\xmSWVYc.exe
  2⤵
  PID:10892
- C:\Windows\System\TmbiJvU.exe
  C:\Windows\System\TmbiJvU.exe
  2⤵
  PID:10964
- C:\Windows\System\TblokkH.exe
  C:\Windows\System\TblokkH.exe
  2⤵
  PID:11260
- C:\Windows\System\IGGiHHn.exe
  C:\Windows\System\IGGiHHn.exe
  2⤵
  PID:10660
- C:\Windows\System\KBlOadk.exe
  C:\Windows\System\KBlOadk.exe
  2⤵
  PID:10920
- C:\Windows\System\ApstVgg.exe
  C:\Windows\System\ApstVgg.exe
  2⤵
  PID:11240
- C:\Windows\System\CJNndFK.exe
  C:\Windows\System\CJNndFK.exe
  2⤵
  PID:11028
- C:\Windows\System\MrmJzbV.exe
  C:\Windows\System\MrmJzbV.exe
  2⤵
  PID:11280
- C:\Windows\System\QApNOpu.exe
  C:\Windows\System\QApNOpu.exe
  2⤵
  PID:11296
- C:\Windows\System\MiqxUQi.exe
  C:\Windows\System\MiqxUQi.exe
  2⤵
  PID:11324
- C:\Windows\System\rMmZRAO.exe
  C:\Windows\System\rMmZRAO.exe
  2⤵
  PID:11344
- C:\Windows\System\XkFQRzz.exe
  C:\Windows\System\XkFQRzz.exe
  2⤵
  PID:11372
- C:\Windows\System\LzXmmOH.exe
  C:\Windows\System\LzXmmOH.exe
  2⤵
  PID:11400
- C:\Windows\System\rQuSYqW.exe
  C:\Windows\System\rQuSYqW.exe
  2⤵
  PID:11428
- C:\Windows\System\rgeNEaW.exe
  C:\Windows\System\rgeNEaW.exe
  2⤵
  PID:11452
- C:\Windows\System\CrmhIjI.exe
  C:\Windows\System\CrmhIjI.exe
  2⤵
  PID:11468
- C:\Windows\System\qZiAHDz.exe
  C:\Windows\System\qZiAHDz.exe
  2⤵
  PID:11500
- C:\Windows\System\fMlwSej.exe
  C:\Windows\System\fMlwSej.exe
  2⤵
  PID:11528
- C:\Windows\System\gxyUfTQ.exe
  C:\Windows\System\gxyUfTQ.exe
  2⤵
  PID:11568
- C:\Windows\System\CjzlDOt.exe
  C:\Windows\System\CjzlDOt.exe
  2⤵
  PID:11596
- C:\Windows\System\brpyCZG.exe
  C:\Windows\System\brpyCZG.exe
  2⤵
  PID:11616
- C:\Windows\System\CqYPlBJ.exe
  C:\Windows\System\CqYPlBJ.exe
  2⤵
  PID:11660
- C:\Windows\System\LyJbvoY.exe
  C:\Windows\System\LyJbvoY.exe
  2⤵
  PID:11680
- C:\Windows\System\MXwCFZd.exe
  C:\Windows\System\MXwCFZd.exe
  2⤵
  PID:11704
- C:\Windows\System\IASaXjM.exe
  C:\Windows\System\IASaXjM.exe
  2⤵
  PID:11744
- C:\Windows\System\GPFYBIf.exe
  C:\Windows\System\GPFYBIf.exe
  2⤵
  PID:11764
- C:\Windows\System\CTQCITH.exe
  C:\Windows\System\CTQCITH.exe
  2⤵
  PID:11784
- C:\Windows\System\seXmjEm.exe
  C:\Windows\System\seXmjEm.exe
  2⤵
  PID:11808
- C:\Windows\System\umuAURI.exe
  C:\Windows\System\umuAURI.exe
  2⤵
  PID:11852
- C:\Windows\System\PXzbpwe.exe
  C:\Windows\System\PXzbpwe.exe
  2⤵
  PID:11876
- C:\Windows\System\AScQGFF.exe
  C:\Windows\System\AScQGFF.exe
  2⤵
  PID:11892
- C:\Windows\System\EPKQUEG.exe
  C:\Windows\System\EPKQUEG.exe
  2⤵
  PID:11932
- C:\Windows\System\osvWVUQ.exe
  C:\Windows\System\osvWVUQ.exe
  2⤵
  PID:11960
- C:\Windows\System\aoXJxVx.exe
  C:\Windows\System\aoXJxVx.exe
  2⤵
  PID:11996
- C:\Windows\System\dodTvxG.exe
  C:\Windows\System\dodTvxG.exe
  2⤵
  PID:12028
- C:\Windows\System\xUqUQlC.exe
  C:\Windows\System\xUqUQlC.exe
  2⤵
  PID:12044
- C:\Windows\System\gtIXhvQ.exe
  C:\Windows\System\gtIXhvQ.exe
  2⤵
  PID:12068
- C:\Windows\System\kvuPtJY.exe
  C:\Windows\System\kvuPtJY.exe
  2⤵
  PID:12104
- C:\Windows\System\JPePszb.exe
  C:\Windows\System\JPePszb.exe
  2⤵
  PID:12140
- C:\Windows\System\ksouzFV.exe
  C:\Windows\System\ksouzFV.exe
  2⤵
  PID:12156
- C:\Windows\System\nMlEsQZ.exe
  C:\Windows\System\nMlEsQZ.exe
  2⤵
  PID:12188
- C:\Windows\System\uiOaICZ.exe
  C:\Windows\System\uiOaICZ.exe
  2⤵
  PID:12212
- C:\Windows\System\HoPCNbg.exe
  C:\Windows\System\HoPCNbg.exe
  2⤵
  PID:12244
- C:\Windows\System\UddNDOd.exe
  C:\Windows\System\UddNDOd.exe
  2⤵
  PID:12268
- C:\Windows\System\ZxfwxkC.exe
  C:\Windows\System\ZxfwxkC.exe
  2⤵
  PID:11272
- C:\Windows\System\YACjACk.exe
  C:\Windows\System\YACjACk.exe
  2⤵
  PID:11356
- C:\Windows\System\cZLaVAc.exe
  C:\Windows\System\cZLaVAc.exe
  2⤵
  PID:11424
- C:\Windows\System\sZgprBb.exe
  C:\Windows\System\sZgprBb.exe
  2⤵
  PID:11480
- C:\Windows\System\AOGyHus.exe
  C:\Windows\System\AOGyHus.exe
  2⤵
  PID:11544
- C:\Windows\System\pDPaflt.exe
  C:\Windows\System\pDPaflt.exe
  2⤵
  PID:11588
- C:\Windows\System\MUEJhhk.exe
  C:\Windows\System\MUEJhhk.exe
  2⤵
  PID:11604
- C:\Windows\System\GHZoFax.exe
  C:\Windows\System\GHZoFax.exe
  2⤵
  PID:11712
- C:\Windows\System\tqekviD.exe
  C:\Windows\System\tqekviD.exe
  2⤵
  PID:11816
- C:\Windows\System\xSqrimX.exe
  C:\Windows\System\xSqrimX.exe
  2⤵
  PID:11840
- C:\Windows\System\KAnMadq.exe
  C:\Windows\System\KAnMadq.exe
  2⤵
  PID:11916
- C:\Windows\System\GakVzta.exe
  C:\Windows\System\GakVzta.exe
  2⤵
  PID:12008
- C:\Windows\System\xFlWxet.exe
  C:\Windows\System\xFlWxet.exe
  2⤵
  PID:12064
- C:\Windows\System\nFTNeIq.exe
  C:\Windows\System\nFTNeIq.exe
  2⤵
  PID:12124
- C:\Windows\System\DFhRZtq.exe
  C:\Windows\System\DFhRZtq.exe
  2⤵
  PID:12236
- C:\Windows\System\zBIXsKr.exe
  C:\Windows\System\zBIXsKr.exe
  2⤵
  PID:11380
- C:\Windows\System\Rueaaid.exe
  C:\Windows\System\Rueaaid.exe
  2⤵
  PID:11420
- C:\Windows\System\ZVUyXqL.exe
  C:\Windows\System\ZVUyXqL.exe
  2⤵
  PID:11536
- C:\Windows\System\xBCkIxw.exe
  C:\Windows\System\xBCkIxw.exe
  2⤵
  PID:11516
- C:\Windows\System\ApvsYWL.exe
  C:\Windows\System\ApvsYWL.exe
  2⤵
  PID:11804
- C:\Windows\System\dnAjUNq.exe
  C:\Windows\System\dnAjUNq.exe
  2⤵
  PID:11872
- C:\Windows\System\fzzcuAA.exe
  C:\Windows\System\fzzcuAA.exe
  2⤵
  PID:12152
- C:\Windows\System\xzmXOno.exe
  C:\Windows\System\xzmXOno.exe
  2⤵
  PID:12176
- C:\Windows\System\JbSjzZM.exe
  C:\Windows\System\JbSjzZM.exe
  2⤵
  PID:11352
- C:\Windows\System\mmSOCvN.exe
  C:\Windows\System\mmSOCvN.exe
  2⤵
  PID:11776
- C:\Windows\System\NmyFdUI.exe
  C:\Windows\System\NmyFdUI.exe
  2⤵
  PID:12116
- C:\Windows\System\faCefhK.exe
  C:\Windows\System\faCefhK.exe
  2⤵
  PID:12232
- C:\Windows\System\NGbICdA.exe
  C:\Windows\System\NGbICdA.exe
  2⤵
  PID:12320
- C:\Windows\System\RFCDMjP.exe
  C:\Windows\System\RFCDMjP.exe
  2⤵
  PID:12360
- C:\Windows\System\aiABogD.exe
  C:\Windows\System\aiABogD.exe
  2⤵
  PID:12376
- C:\Windows\System\OCaIJoY.exe
  C:\Windows\System\OCaIJoY.exe
  2⤵
  PID:12412
- C:\Windows\System\SjDfUHm.exe
  C:\Windows\System\SjDfUHm.exe
  2⤵
  PID:12436
- C:\Windows\System\dMKtlAu.exe
  C:\Windows\System\dMKtlAu.exe
  2⤵
  PID:12460
- C:\Windows\System\tsGquOw.exe
  C:\Windows\System\tsGquOw.exe
  2⤵
  PID:12500
- C:\Windows\System\FLPvNAB.exe
  C:\Windows\System\FLPvNAB.exe
  2⤵
  PID:12524
- C:\Windows\System\rAxWcdo.exe
  C:\Windows\System\rAxWcdo.exe
  2⤵
  PID:12544
- C:\Windows\System\dmwjpBg.exe
  C:\Windows\System\dmwjpBg.exe
  2⤵
  PID:12560
- C:\Windows\System\kcrtQEv.exe
  C:\Windows\System\kcrtQEv.exe
  2⤵
  PID:12592
- C:\Windows\System\gTthBcd.exe
  C:\Windows\System\gTthBcd.exe
  2⤵
  PID:12620
- C:\Windows\System\EHQouDh.exe
  C:\Windows\System\EHQouDh.exe
  2⤵
  PID:12656
- C:\Windows\System\GpgdrIt.exe
  C:\Windows\System\GpgdrIt.exe
  2⤵
  PID:12676
- C:\Windows\System\IuOeUVI.exe
  C:\Windows\System\IuOeUVI.exe
  2⤵
  PID:12700
- C:\Windows\System\ppKPbNO.exe
  C:\Windows\System\ppKPbNO.exe
  2⤵
  PID:12740
- C:\Windows\System\vUXqclx.exe
  C:\Windows\System\vUXqclx.exe
  2⤵
  PID:12764
- C:\Windows\System\AUSjOcm.exe
  C:\Windows\System\AUSjOcm.exe
  2⤵
  PID:12792
- C:\Windows\System\oksOZmD.exe
  C:\Windows\System\oksOZmD.exe
  2⤵
  PID:12824
- C:\Windows\System\gnjQNTY.exe
  C:\Windows\System\gnjQNTY.exe
  2⤵
  PID:12848
- C:\Windows\System\FVDrygl.exe
  C:\Windows\System\FVDrygl.exe
  2⤵
  PID:12880
- C:\Windows\System\VmyiSeu.exe
  C:\Windows\System\VmyiSeu.exe
  2⤵
  PID:12896
- C:\Windows\System\ERTONem.exe
  C:\Windows\System\ERTONem.exe
  2⤵
  PID:12928
- C:\Windows\System\fAerOVr.exe
  C:\Windows\System\fAerOVr.exe
  2⤵
  PID:12956
- C:\Windows\System\fmMUWWP.exe
  C:\Windows\System\fmMUWWP.exe
  2⤵
  PID:12988
- C:\Windows\System\ajnLPsB.exe
  C:\Windows\System\ajnLPsB.exe
  2⤵
  PID:13016
- C:\Windows\System\viRPlkb.exe
  C:\Windows\System\viRPlkb.exe
  2⤵
  PID:13036
- C:\Windows\System\eGlHwmq.exe
  C:\Windows\System\eGlHwmq.exe
  2⤵
  PID:13072
- C:\Windows\System\qcxmonM.exe
  C:\Windows\System\qcxmonM.exe
  2⤵
  PID:13104
- C:\Windows\System\HBIhpZi.exe
  C:\Windows\System\HBIhpZi.exe
  2⤵
  PID:13120
- C:\Windows\System\chDDpoc.exe
  C:\Windows\System\chDDpoc.exe
  2⤵
  PID:13152
- C:\Windows\System\kxRqAvh.exe
  C:\Windows\System\kxRqAvh.exe
  2⤵
  PID:13188
- C:\Windows\System\nRTBUCD.exe
  C:\Windows\System\nRTBUCD.exe
  2⤵
  PID:13220
- C:\Windows\System\jlXRWmc.exe
  C:\Windows\System\jlXRWmc.exe
  2⤵
  PID:13244
- C:\Windows\System\DkEfNKu.exe
  C:\Windows\System\DkEfNKu.exe
  2⤵
  PID:13276
- C:\Windows\System\iFXbZMt.exe
  C:\Windows\System\iFXbZMt.exe
  2⤵
  PID:13300
- C:\Windows\System\NldbsAS.exe
  C:\Windows\System\NldbsAS.exe
  2⤵
  PID:12308
- C:\Windows\System\gWrOCYz.exe
  C:\Windows\System\gWrOCYz.exe
  2⤵
  PID:12368
- C:\Windows\System\uvjFDSz.exe
  C:\Windows\System\uvjFDSz.exe
  2⤵
  PID:12444
- C:\Windows\System\JXUEuig.exe
  C:\Windows\System\JXUEuig.exe
  2⤵
  PID:12472
- C:\Windows\System\QJDRgIF.exe
  C:\Windows\System\QJDRgIF.exe
  2⤵
  PID:12540
- C:\Windows\System\FJeasKN.exe
  C:\Windows\System\FJeasKN.exe
  2⤵
  PID:12600
- C:\Windows\System\IQXmvgr.exe
  C:\Windows\System\IQXmvgr.exe
  2⤵
  PID:12608
- C:\Windows\System\uQquCBx.exe
  C:\Windows\System\uQquCBx.exe
  2⤵
  PID:12632
- C:\Windows\System\HiRUUvK.exe
  C:\Windows\System\HiRUUvK.exe
  2⤵
  PID:12684
- C:\Windows\System\HvJlUVL.exe
  C:\Windows\System\HvJlUVL.exe
  2⤵
  PID:12780
- C:\Windows\System\xNSqEtu.exe
  C:\Windows\System\xNSqEtu.exe
  2⤵
  PID:12836
- C:\Windows\System\wIpzAYG.exe
  C:\Windows\System\wIpzAYG.exe
  2⤵
  PID:12908
- C:\Windows\System\HVZZyMR.exe
  C:\Windows\System\HVZZyMR.exe
  2⤵
  PID:13008
- C:\Windows\System\pFupBQx.exe
  C:\Windows\System\pFupBQx.exe
  2⤵
  PID:13060
- C:\Windows\System\FxhnSKS.exe
  C:\Windows\System\FxhnSKS.exe
  2⤵
  PID:13052
- C:\Windows\System\JuBpjKk.exe
  C:\Windows\System\JuBpjKk.exe
  2⤵
  PID:13168
- C:\Windows\System\ZdBYJUN.exe
  C:\Windows\System\ZdBYJUN.exe
  2⤵
  PID:13232
- C:\Windows\System\qDcnmCX.exe
  C:\Windows\System\qDcnmCX.exe
  2⤵
  PID:13256
- C:\Windows\System\yXYnPVx.exe
  C:\Windows\System\yXYnPVx.exe
  2⤵
  PID:11460
- C:\Windows\System\fOMEnyj.exe
  C:\Windows\System\fOMEnyj.exe
  2⤵
  PID:12512
- C:\Windows\System\fQhKeRu.exe
  C:\Windows\System\fQhKeRu.exe
  2⤵
  PID:12672
- C:\Windows\System\wDDgiIk.exe
  C:\Windows\System\wDDgiIk.exe
  2⤵
  PID:12788
- C:\Windows\System\heydshU.exe
  C:\Windows\System\heydshU.exe
  2⤵
  PID:13084
- C:\Windows\System\nOYIlzH.exe
  C:\Windows\System\nOYIlzH.exe
  2⤵
  PID:13180
- C:\Windows\System\hqFHXvX.exe
  C:\Windows\System\hqFHXvX.exe
  2⤵
  PID:13204
- C:\Windows\System\NBOpSFc.exe
  C:\Windows\System\NBOpSFc.exe
  2⤵
  PID:12580
- C:\Windows\System\DGZZIJU.exe
  C:\Windows\System\DGZZIJU.exe
  2⤵
  PID:12724
- C:\Windows\System\bhqQqvK.exe
  C:\Windows\System\bhqQqvK.exe
  2⤵
  PID:13160
- C:\Windows\System\eJtvOMO.exe
  C:\Windows\System\eJtvOMO.exe
  2⤵
  PID:13332
- C:\Windows\System\FiZKwxT.exe
  C:\Windows\System\FiZKwxT.exe
  2⤵
  PID:13360
- C:\Windows\System\eCxfdbB.exe
  C:\Windows\System\eCxfdbB.exe
  2⤵
  PID:13380
- C:\Windows\System\tzTcyLy.exe
  C:\Windows\System\tzTcyLy.exe
  2⤵
  PID:13416
- C:\Windows\System\QEUIvTu.exe
  C:\Windows\System\QEUIvTu.exe
  2⤵
  PID:13436
- C:\Windows\System\RCnbgtp.exe
  C:\Windows\System\RCnbgtp.exe
  2⤵
  PID:13464
- C:\Windows\System\zTMMKuF.exe
  C:\Windows\System\zTMMKuF.exe
  2⤵
  PID:13496
- C:\Windows\System\tEIHZVx.exe
  C:\Windows\System\tEIHZVx.exe
  2⤵
  PID:13536
- C:\Windows\System\TYJkJFj.exe
  C:\Windows\System\TYJkJFj.exe
  2⤵
  PID:13552
- C:\Windows\System\cWsbhfk.exe
  C:\Windows\System\cWsbhfk.exe
  2⤵
  PID:13584
- C:\Windows\System\UfnohYY.exe
  C:\Windows\System\UfnohYY.exe
  2⤵
  PID:13604
- C:\Windows\System\cwRWhiy.exe
  C:\Windows\System\cwRWhiy.exe
  2⤵
  PID:13628
- C:\Windows\System\QMEShLf.exe
  C:\Windows\System\QMEShLf.exe
  2⤵
  PID:13668
- C:\Windows\System\nMHQEbV.exe
  C:\Windows\System\nMHQEbV.exe
  2⤵
  PID:13696
- C:\Windows\System\dGeVFHe.exe
  C:\Windows\System\dGeVFHe.exe
  2⤵
  PID:13720
- C:\Windows\System\kliNIqR.exe
  C:\Windows\System\kliNIqR.exe
  2⤵
  PID:13764
- C:\Windows\System\elTrRaE.exe
  C:\Windows\System\elTrRaE.exe
  2⤵
  PID:13784
- C:\Windows\System\DLkkQSU.exe
  C:\Windows\System\DLkkQSU.exe
  2⤵
  PID:13812
- C:\Windows\System\BLOudMQ.exe
  C:\Windows\System\BLOudMQ.exe
  2⤵
  PID:13848
- C:\Windows\System\WEjmfZX.exe
  C:\Windows\System\WEjmfZX.exe
  2⤵
  PID:13884
- C:\Windows\System\YxGzpUN.exe
  C:\Windows\System\YxGzpUN.exe
  2⤵
  PID:13912
- C:\Windows\System\bnafNMe.exe
  C:\Windows\System\bnafNMe.exe
  2⤵
  PID:13936
- C:\Windows\System\JHIVLDt.exe
  C:\Windows\System\JHIVLDt.exe
  2⤵
  PID:13972
- C:\Windows\System\cjgURKD.exe
  C:\Windows\System\cjgURKD.exe
  2⤵
  PID:14008
- C:\Windows\System\PlvYhdM.exe
  C:\Windows\System\PlvYhdM.exe
  2⤵
  PID:14040
- C:\Windows\System\LNVZcdy.exe
  C:\Windows\System\LNVZcdy.exe
  2⤵
  PID:14064
- C:\Windows\System\CmxvgTT.exe
  C:\Windows\System\CmxvgTT.exe
  2⤵
  PID:14092
- C:\Windows\System\KPBAKFZ.exe
  C:\Windows\System\KPBAKFZ.exe
  2⤵
  PID:14120
- C:\Windows\System\EigQoQz.exe
  C:\Windows\System\EigQoQz.exe
  2⤵
  PID:14148
- C:\Windows\System\RaUNZrJ.exe
  C:\Windows\System\RaUNZrJ.exe
  2⤵
  PID:14176
- C:\Windows\System\bnIffof.exe
  C:\Windows\System\bnIffof.exe
  2⤵
  PID:14196
- C:\Windows\System\dZOzlUA.exe
  C:\Windows\System\dZOzlUA.exe
  2⤵
  PID:14216
- C:\Windows\System\GqIJksh.exe
  C:\Windows\System\GqIJksh.exe
  2⤵
  PID:14248
- C:\Windows\System\QWOKXRB.exe
  C:\Windows\System\QWOKXRB.exe
  2⤵
  PID:14284
- C:\Windows\System\PwoWWpx.exe
  C:\Windows\System\PwoWWpx.exe
  2⤵
  PID:14320
- C:\Windows\System\BmJVQjg.exe
  C:\Windows\System\BmJVQjg.exe
  2⤵
  PID:3452
- C:\Windows\System\PCsLpJt.exe
  C:\Windows\System\PCsLpJt.exe
  2⤵
  PID:12868
- C:\Windows\System\JeSznkN.exe
  C:\Windows\System\JeSznkN.exe
  2⤵
  PID:3464
- C:\Windows\System\EiBNwru.exe
  C:\Windows\System\EiBNwru.exe
  2⤵
  PID:13400
- C:\Windows\System\dTACavN.exe
  C:\Windows\System\dTACavN.exe
  2⤵
  PID:13432
- C:\Windows\System\pkgVfRd.exe
  C:\Windows\System\pkgVfRd.exe
  2⤵
  PID:13448
- C:\Windows\System\CLMLXQs.exe
  C:\Windows\System\CLMLXQs.exe
  2⤵
  PID:13596
- C:\Windows\System\lXdEafD.exe
  C:\Windows\System\lXdEafD.exe
  2⤵
  PID:13640
- C:\Windows\System\VbtoBHZ.exe
  C:\Windows\System\VbtoBHZ.exe
  2⤵
  PID:13712
- C:\Windows\System\KqZrDsQ.exe
  C:\Windows\System\KqZrDsQ.exe
  2⤵
  PID:13824
- C:\Windows\System\nRzZNgv.exe
  C:\Windows\System\nRzZNgv.exe
  2⤵
  PID:13868
- C:\Windows\System\pDYmkFk.exe
  C:\Windows\System\pDYmkFk.exe
  2⤵
  PID:2376
- C:\Windows\System\lNTRTKT.exe
  C:\Windows\System\lNTRTKT.exe
  2⤵
  PID:13988
- C:\Windows\System\gkIjWwc.exe
  C:\Windows\System\gkIjWwc.exe
  2⤵
  PID:14028
- C:\Windows\System\QMcMbHk.exe
  C:\Windows\System\QMcMbHk.exe
  2⤵
  PID:14052
- C:\Windows\System\BXCNagc.exe
  C:\Windows\System\BXCNagc.exe
  2⤵
  PID:14132
- C:\Windows\System\DNVBjMR.exe
  C:\Windows\System\DNVBjMR.exe
  2⤵
  PID:14240
- C:\Windows\System\aaajrJv.exe
  C:\Windows\System\aaajrJv.exe
  2⤵
  PID:14208
- C:\Windows\System\wOYzDhh.exe
  C:\Windows\System\wOYzDhh.exe
  2⤵
  PID:3056
- C:\Windows\System\PFOwaSV.exe
  C:\Windows\System\PFOwaSV.exe
  2⤵
  PID:13208
- C:\Windows\System\HctDXeT.exe
  C:\Windows\System\HctDXeT.exe
  2⤵
  PID:13408
- C:\Windows\System\XSZcaWl.exe
  C:\Windows\System\XSZcaWl.exe
  2⤵
  PID:13676
- C:\Windows\System\LQYZxIo.exe
  C:\Windows\System\LQYZxIo.exe
  2⤵
  PID:13660
- C:\Windows\System\OOsAZNO.exe
  C:\Windows\System\OOsAZNO.exe
  2⤵
  PID:13932
- C:\Windows\System\CpAJTxq.exe
  C:\Windows\System\CpAJTxq.exe
  2⤵
  PID:13928
- C:\Windows\System\biHFnci.exe
  C:\Windows\System\biHFnci.exe
  2⤵
  PID:13964
- C:\Windows\System\lNpKrDM.exe
  C:\Windows\System\lNpKrDM.exe
  2⤵
  PID:4192
- C:\Windows\System\xaZmpcW.exe
  C:\Windows\System\xaZmpcW.exe
  2⤵
  PID:14300
- C:\Windows\System\txNJdqQ.exe
  C:\Windows\System\txNJdqQ.exe
  2⤵
  PID:13316
- C:\Windows\System\fgQPJtL.exe
  C:\Windows\System\fgQPJtL.exe
  2⤵
  PID:13544
- C:\Windows\System\WmYhaOC.exe
  C:\Windows\System\WmYhaOC.exe
  2⤵
  PID:14136
- C:\Windows\System\ZNBAuqQ.exe
  C:\Windows\System\ZNBAuqQ.exe
  2⤵
  PID:14356
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14356 -s 248
    3⤵
    PID:15072
- C:\Windows\System\kQZUKuH.exe
  C:\Windows\System\kQZUKuH.exe
  2⤵
  PID:14384
- C:\Windows\System\MeRYmPz.exe
  C:\Windows\System\MeRYmPz.exe
  2⤵
  PID:14432
- C:\Windows\System\MSUPnXu.exe
  C:\Windows\System\MSUPnXu.exe
  2⤵
  PID:14456
- C:\Windows\System\RWmdlFq.exe
  C:\Windows\System\RWmdlFq.exe
  2⤵
  PID:14484
- C:\Windows\System\wLwlpOj.exe
  C:\Windows\System\wLwlpOj.exe
  2⤵
  PID:14500

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CiiEPDh.exe

Filesize
2.3MB

MD5
b542aba65e4e865ee466e1b60f4411ce

SHA1
5dbfc57314e08e8130932200293c89f92f1cd720

SHA256
e88a99d4dd85712c278715f6140fd89122f215e3101e0ccf03e836a42ba9885a

SHA512
d0a63e07c7fab178190c25a3453fdb5fde140749f3d22da5f08191a5a7e0ad13d6fdd5b18e29eb12e39e750434e798661f188a762e4dada156413afc4c95fb35

Download Submit
C:\Windows\System\CoRyfLr.exe

Filesize
2.3MB

MD5
419005f631640d07b5ec3826fd1d32e7

SHA1
67334aa3bc5fb18c92ae8c2111fae7009d3dbe9a

SHA256
d736148096fc5f032cf96c02b7c827b1bf7fdab0a0457a884ba9ab17565ead69

SHA512
843ef7ebd09a541fd74a017353bda345824b6c44564d07beee997a7ab32a16ec0caedbcdd341c105b67f87de4dd16708f2f192061e28572d675d8d48929499ed

Download Submit
C:\Windows\System\EmKWVaR.exe

Filesize
2.3MB

MD5
34917e77e8dde5c8dcf3dc46c36116ce

SHA1
354c10356ef7f5cd5572af592d49ee336ed8093d

SHA256
d44c9d53d750d3317b5d051c8b0d922ddf0920ee22317f1de69b5bd3e1083b07

SHA512
a913309ece2cdc1c74c16234e5ad5548c175495aa33478fc707d778d5a00b873ca99f516abb1f565ff2d8804d3253829144ccbefae02880f27fb6a11567250b7

Download Submit
C:\Windows\System\FfnNCdK.exe

Filesize
2.3MB

MD5
2e509b5f6a17db5c9360f4d5b67f1b58

SHA1
82c3656c56355db395eaee5af07ffa4be702f2ed

SHA256
29baa512c32b536b6b395380544a65e75192e4e26f1c45a982b554d726e97286

SHA512
8994be3f3db8a708d7e59e998904fce7660a14fc6d21d0d457a158c9adafd795a37f282499c88a9d45e17ddceebce4dfcbdff1f6076f5b797b73277cff81898a

Download Submit
C:\Windows\System\HJixDQo.exe

Filesize
2.3MB

MD5
22de4252e5d540cd8b65a479a403b84a

SHA1
d91f11be98a7321d6ed6af1f32811833946ebc74

SHA256
4b53471daa0a33445f3ad8f192cb8915d7d6bed5761732d24dc08a740741e245

SHA512
ce579094365b17e42a07e4bac4819a1c2c56ceb2ac62b715adbf1ac09dd3009ff0f31a39f8acd219e48b06dec40b08e61ff8409475a02bf6a092f75cb09b3e75

Download Submit
C:\Windows\System\IFOkPGv.exe

Filesize
2.3MB

MD5
a1dd12f01d806262c23ff80afeea2d16

SHA1
a36f7c577a5e0a939fb19533db78ec38928475e4

SHA256
03e5faf3458b618ebfa228459848efe837226212c792c104a51f1e647b7e4317

SHA512
cbb3373e6dee9dc56218c7929c5452281c52340be47ebb9e76e0e5ca49d4d8f78eb6f89ba4c2c6e48d80ed6e5b0dae24410df51211f96c4eb24390955e5aef5b

Download Submit
C:\Windows\System\JWPhpNA.exe

Filesize
2.3MB

MD5
4375b5e59eb8cd220c0ea3b45cba6570

SHA1
40bb9b49ab8e8171ff4f6fe18851f6c54e1c1167

SHA256
4b15e910c9c54aa07788ffea769208f0dead00a918635c0eb3b5f805d20baee8

SHA512
9940f55fe449f92047025dac37dcebc4e2dcae98a2f40baf38558e5c34f687613c12debf4fbc44dbeaa0c5d90dd7c0c2051e94978d4e3655482ee97bcb56b988

Download Submit
C:\Windows\System\JwOhitW.exe

Filesize
2.3MB

MD5
2ed1527defd109c50b89bb935092d543

SHA1
cc0fce91f221307c68de5d4705bb9a03f4beda65

SHA256
b1d6d00dbbcb6d52e955b815d9dee66615b89a6fb12c93cf5efef19b6fbc23c8

SHA512
ec98dabf103e3bafda6713f1b73340f8fe0470af2cc9282d4e06d5b97896b0267c7045e5ba31a3d92c94b88608ee43dcd6fc58c49f255443c0fb412dd7922c27

Download Submit
C:\Windows\System\KoEhGWe.exe

Filesize
2.3MB

MD5
fcba720672408e5ef886ae079c082a54

SHA1
f5f573e6c79d26e58a946633d8595f6eea605e9c

SHA256
ea8167507f42be4535df056164562d3e1621ecd0d86cb257526652a4a1e1e4b1

SHA512
da587f1f5a20c29475c499aea23c69e82b400e9f1d0459228b0b9f227c32b1571ac2406ae0445b77b68a6129e3232b1d300afff703d9bd13c51671b836bdf965

Download Submit
C:\Windows\System\LrSSKvY.exe

Filesize
2.3MB

MD5
4f6d6937b9f9bf77c9fbd9b4ba5e750a

SHA1
379ea5ca6b3034a4dbe440c573697cdb8684d976

SHA256
92298a36875fcb594c359ad81e9d59bc15b1a2b39674d6739f1f1dfb5b78e2fe

SHA512
9d9b148ecf3417a738a41f39e477cc9e60dfd43c5a8bb42152f8aadfe8a7f52dcf2d027e2a73ad4ba67bcd4c005fa8c921d8a8b68f901cada5df94178df4a777

Download Submit
C:\Windows\System\MyyuPLP.exe

Filesize
2.3MB

MD5
84751dc8c3bd0249bf3b7cb983df0770

SHA1
e06ea8cba2224c166af9b3b96dcd1ea09352c252

SHA256
9fbd52134c13b87e1910e72b139fe91b4b2f0ab49a7c1b6561a264c6f47221b5

SHA512
ea5a4eaae2c641137012897dbe9125f63a54e496220de55795be87816eb15981adbe8cd1d1f865f31ed586fbc31bfebbce260f015c0f73a64b15d2c58d75932f

Download Submit
C:\Windows\System\NHPQFaE.exe

Filesize
2.3MB

MD5
8c6fa963b21523af7da6bd65a27bf9a1

SHA1
fa4a6b3a16a961910c6b2214458ca76c78a57605

SHA256
4610a8f491e3bcf3172481797740d7c7b769e0c0ccd49feae447f8b08931fbf5

SHA512
bb6c8a60506c52cf7d27358fbf49d0e2de5a919a8ec60c7c7c0e5a1441bec68322dc8505622435ee3e2555fd6b6a4c174aa979fc00860fa1957d8e1480ea8197

Download Submit
C:\Windows\System\NrTefee.exe

Filesize
2.3MB

MD5
e780d3bbf8d15b57b4887d1bdab22d76

SHA1
6d7b971a9a19a87607bb9e8d9b8b6a7d147f9fe2

SHA256
8ba7b91a95f04f4700051ee8f2347b73dc3fb53f23554a0fbf6fc4b64dc8be02

SHA512
c570986492efe068da4cac82fdfbfc4400bd6431a1dde140965426ac045ac12b2ec428499913058a14671e6587c4f98e3de985aebee4965088e049f41bb02a64

Download Submit
C:\Windows\System\PuLqksJ.exe

Filesize
2.3MB

MD5
9cbef45bbc2b8956f1de6480919e9c4f

SHA1
ce5149ca1c84016534f5a65d56ee6b82f25cb957

SHA256
3e3e3c266bb0e80c49398835afdc304a3f0f7d685e5b146520573af98c4c3b98

SHA512
04ebbb115f09512dc8d054ff7b047ec79d2418797fb14f32bb44cfa315c8db1e5d921eb823af958caea3ce259efb1beefc81cf25fbf55df0d3bd1e0574adbad5

Download Submit
C:\Windows\System\RiVFvaX.exe

Filesize
2.3MB

MD5
d971785e9313f9109f0a94d0425b8f98

SHA1
d5aef64d8d30cf5424063b6300bf39382dfb18d9

SHA256
a171c6d96df1b58e565a29db0bda87789324598afcb838bbf153247b3b944359

SHA512
2abf03934c94f11775ca2fbc134b2f2d1a1bf37a9dafd3e51f121d0dba8394102fecbaa49f6d4decd37e90f171e88b662282e69f5e504154666f01d86c24eb6f

Download Submit
C:\Windows\System\RjdhEsa.exe

Filesize
2.3MB

MD5
1f11b7a04609993c2f21cb55126a5aea

SHA1
cd1c5d65c1584a4dd0a5933aac93b57d00ee7ef5

SHA256
78adbc636cfa720e7e96b72ea2deb8bb0d804d11f2d9c5cc40b5a9c92fe6c881

SHA512
45f513e5b1cc151e0a9442b29bc3e0890b7e37e980422c7998a1e9e418ede8fcaddee5f4ccbad87bb2944462483d26f16473fbcbe19d0f655a45c7f3ee9c20b3

Download Submit
C:\Windows\System\RkInsyV.exe

Filesize
2.3MB

MD5
2d67226d1d3ab2abb2180596b154ca6b

SHA1
2e6963485913081ebd092f63a99030f56d4427a2

SHA256
a9df20ea1f21bf02811a0477004e11304f4b26769a2e03fdeda20ebd7134de15

SHA512
5f6fc691bf743a2e54e4eea27e1396168e975f1c25b9dc4e040d4f63d32eb040869e1a89bc914a0177e567e2316f4e005a2265cde1f7cdc3df1e49b7df6defc5

Download Submit
C:\Windows\System\XKdzoal.exe

Filesize
2.3MB

MD5
7c8936529de2d412cff3642b6ce1ed03

SHA1
23529409a42225336ed2e4f7a3080bd2e0378caf

SHA256
995d3813ef00434ae8695390ba0e1d233925805b492d2ec6db1f70b5719bd28f

SHA512
2dee9267ad433263a3a2f957915e98235d442c97662b9b23cbf676950409e1a3c314f2a1f0a9832a7b6a321728e6d62d13c9255008e0f0655a0e60efdec11707

Download Submit
C:\Windows\System\XaUFUgY.exe

Filesize
2.3MB

MD5
68d208f3cca4b84358180c7950aeeb55

SHA1
7d9c8394740d4a9d3a79d2278951b1cfc09df401

SHA256
47024e2c9597cc0c20a5b58760e41c654ec337109984f65d38ecd7988cc52e1c

SHA512
3eac7631c929d5503811e680fe4977b8a747dad38ab63241d545628e66e340b14988430318ddde63fc51a1a0ace7f798930f65aa6e03d91ebca65105e06f7332

Download Submit
C:\Windows\System\ZMqBXhl.exe

Filesize
2.3MB

MD5
0a300f76a3b69fb4acd92022b3c527fa

SHA1
6f513cac98432d516f951e509b23ad5b7b75a8e5

SHA256
e7d4c3c1528fe83a54e6d0f6cf9d9be18ed24263b3ec9da3ffb8acc5f1ecc0ac

SHA512
0054a99879e406b095c4c92ae8e5bd7cfd62520db64395317bd4c0a784d312525a6ac34f80826b8be43b7493bdf92930c44e93638d12d5cc621ba9adddb97c87

Download Submit
C:\Windows\System\bfPhIOp.exe

Filesize
2.3MB

MD5
0a6811f68c8abdea167d834abcd7c500

SHA1
9aa50ec092ed4d91c105caf7723c8e795785535c

SHA256
76bd882e394aebe2c1290cfac5e9cc5453a30e705c5ac213bb307d87a7534070

SHA512
63a304f224d68a25083e9f14e40bcd9eb56e6ea234b8fd816c025ae4904e5f8dbf7c7d94a9e11deab73694e07954407493381e180da102c0f308a64065e8dd3a

Download Submit
C:\Windows\System\bzyNcQF.exe

Filesize
2.3MB

MD5
dff4822e432d113c3204679936476090

SHA1
aa0b0380f4dbf3c560e1038c005592607adf8da8

SHA256
8eb32ade0551afbae0f270603d9b0ef9612160cde53ac25458185a29474cb1eb

SHA512
abdfc968820a6e332465e74d448717baaa63209893be86af0c5da1d2857401e5965302dc8e5729581d7b9c09897abb5afad3d2b721593c822bb347e558425b64

Download Submit
C:\Windows\System\dCpTmag.exe

Filesize
2.3MB

MD5
dc7bbb5bdd759bfdf82d4b187ebdd781

SHA1
089ed24fd4518d5196fdb871050c9e2b69107785

SHA256
d65be75716e33cc48feee83ef088a35f865654aa256b2404421c838af0a89995

SHA512
dd8e40bfbbdb8f15169c9307601f1df716e3981b9eccfe86a000ac26e5a0bba646bc7c08fa1101721204b238b1848e9d9933b0fad2234ddfbf6e6ce9246ab082

Download Submit
C:\Windows\System\fBJVkfr.exe

Filesize
2.3MB

MD5
6c556814ad839faf8f8bb6974fcaab0c

SHA1
66043bcb4ceba723ac40007363b7ab4e145147b7

SHA256
33d99de5d92c164e12458415a9c26dda21251a2827b40a117c533ab1f0f72007

SHA512
1eccc5b15294d1c168af9d9246523046c854c02c9334520b0fe92139c1588029d2419b9b0f55a4be92dc1e0a8b4c59f7bf03c7c7a16a0d8ccc2a266207c0187c

Download Submit
C:\Windows\System\fWsNsYe.exe

Filesize
2.3MB

MD5
9750f283a5be3d9398a0be53b9aa49f0

SHA1
54b019e3f762e3829907cce3fce0215c83675f73

SHA256
9608d99c49c89533dc66a1fc343218dcfa1077e6a9c19139ceb423e65603b0fd

SHA512
3fd1d43d87ebb468cdd6dfe459d3922c40c297621f840aeab4710ae67ecd2b1287cc54b12bb397d4319f69211614709b46b3cf3ddadebb7ff68d852cfb2696fb

Download Submit
C:\Windows\System\hKYazlz.exe

Filesize
2.3MB

MD5
bfd07c406dfaf0ad1eaedd5e279f3426

SHA1
acda9d4e4478243cd3b01d884fb46c16d95fa515

SHA256
8e9b5c72f4940a5742a6b05cc087046f710b198e67ce871a9a2831d216d25f3d

SHA512
a7a458b6631989daf89b61243efcf6e6fc06b54953626a892ad10b27b51f015524b418925b08fff686791e6ad54994396c028f70bac3e8682e99b9ac474ccf56

Download Submit
C:\Windows\System\mNHmhWR.exe

Filesize
2.3MB

MD5
b797748392cc108bbfdab6f631093675

SHA1
8f080cb1bea60a01e2e71c20a011277066650ff8

SHA256
ec174be94df26a644c65eabeda3d878fb8d5a8565fa0d945672a9d4f75ef3762

SHA512
c8d8b1cb2f1f8a9aa366b6a484df60e7a2b429a6453ae55cc900841fdfd188aa63f6ab7dc1a820eeb2bf66d9ee2a48fcc6681f24970f8f9fb38b1fbce61b20c2

Download Submit
C:\Windows\System\qElRWfP.exe

Filesize
2.3MB

MD5
cdcbad3280a43bd559656c1383f9c099

SHA1
786827a73119bd0b62d2a9eb3bba92e1b4a59b06

SHA256
501ec4512126c0ce99e3f1cf1d5781c8c249bc40ede4b409c8a6f480383dd0e7

SHA512
146e68a46f8222aa2a84e1ec91791c887f6c5c042d64e086711571ca09548c771c558973f47a1d690c3952734f001b5781218f0007143f5c57e3409e54d63e82

Download Submit
C:\Windows\System\rFOLDTT.exe

Filesize
2.3MB

MD5
e9be915cc7fd21f6329663d04c85c379

SHA1
81463eb957b3989449c9ec08b7ebc6c7e5306318

SHA256
1ad77c7b27daa961875c8965b52cf204ccb315cdedef26698626232e7e01f3f1

SHA512
391689b414ad8100885d4914bb9409bd4e0f820b46cb909af59266eb5e0b41124a364ab0451dc88c7710cf4a94171f13b187b7e9225f3e99689bcb1511ca6fca

Download Submit
C:\Windows\System\rFWPVZz.exe

Filesize
2.3MB

MD5
2ff6bcb4df1344bb868ebe4f4f71e2ba

SHA1
65e60ff15f772043ae256a296e930ad71ba45a16

SHA256
bc7604dc2bb102229e7a6ddcf97003e213b772cdf20071742b2350e07928054a

SHA512
457389e502f34719c30f2ee4249a54979fbe2f5d04b3ab306b9f7bd6b7ff17f64350b4b866d6e231ca6e32eacfe0125018c4eceabae22c6d82ba20884383838f

Download Submit
C:\Windows\System\uSlAWwc.exe

Filesize
2.3MB

MD5
d2d77e561f5a4f59b7b48de5512e0a44

SHA1
a627e4e77fca9b2c3bf138c13a5e923e097b1b3a

SHA256
ee130c28595f3355743bda8dce4cb016a0419ff3e594690d389e89b8fd1c0a05

SHA512
813f9416eae8e803f5f7a1bf1ef0325b6aee41f7fba89ca1586074ba83dd4861e89b5ea9d0d7dd668da841e2ab39859a6b12607aca2bd86a08c623e72f3f40c4

Download Submit
C:\Windows\System\vkNnjdH.exe

Filesize
2.3MB

MD5
f42d268ad6dba6b1045ef2bbc5d58515

SHA1
c7d7ce2a74a63d7687d2f19f39ff7bad2289a91c

SHA256
f2e981cc5f2bc27e35af61fd91b6776fb252bdbd76d9617634ff5fcca76adf82

SHA512
f71cc9bde6106fa77c14c9a7c4cf7884664aa9f0e6326dd2372b6b397bab16c9df9a9449c26793aa0e1e22ff98a75c981814bad0fe5801cf1c50ba859571800e

Download Submit
C:\Windows\System\xJfpCjq.exe

Filesize
2.3MB

MD5
cb8161bd3d10cc85208ecdaa20cd8e70

SHA1
f54891c2dcb13fdc5cdcf7d6dc43d79a7a89075e

SHA256
e7d1b75c499a9a29166de3e62d2388bf0d086e06ae652b2a0cd5fc83f697cc98

SHA512
a5960839e1c5bded3f35c5db143599effa5d0ab153187ec371a4444baa833c4f28c657393199287d9b7113d6953c9306f28e968163cef3c216a65f62b79a9419

Download Submit
C:\Windows\System\xWTXuli.exe

Filesize
2.3MB

MD5
b860caa1f55e3f7cd66bc6dbbc26ec09

SHA1
884125de98501aa0b3b88ea6b325322c51491798

SHA256
e49a8d3539737c2acb1f36344541775a6a2c3205c824be876ba0a8eaae991aa8

SHA512
06500a5c3e4168347eb4af17815b8cd2b5123fdda67a787044cefc5eb34253349a91e1f67bed2469f8e7560a535bab53ed1480b29a1f9734983ca3f030bef62b

Download Submit
C:\Windows\System\xeAwTEV.exe

Filesize
2.3MB

MD5
7403a3d58f9bee1a5c0d067456bb725a

SHA1
923b621485b630a5da2438179acb297681499ca2

SHA256
bd3dc3d7689ac5466bb37072586f97a996309f52972bd04204ff536cfd8a7754

SHA512
6db164a0ed59bab4b458de1fdb95d7d9ce9bd56608a93466b10907c503a93614779f40b25bc25515e6cb9c7cecdf9d3d2b299b13dc99658e8cfbaad3edb5dcfd

Download Submit
C:\Windows\System\xmcwIGo.exe

Filesize
2.3MB

MD5
45d82a1599bae56e18b4a18f0ff945e8

SHA1
601c6912bd590cb1545d8708b4b58d68d5590e45

SHA256
105447db4f38425ce325330c7944de34b0264244d40435bdd87f4566915a3d69

SHA512
47471d6e4937977906e609b06044a712ee3e6a17cf090a2f2225cf046361e0b8271831f6cebf0e0ae5aedf6c1fe0f0990820aee0dc3e3039f960b0540fa6515f

Download Submit
memory/212-2150-0x00007FF7EA180000-0x00007FF7EA4D4000-memory.dmp

Filesize
3.3MB

Download
memory/212-167-0x00007FF7EA180000-0x00007FF7EA4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1124-2155-0x00007FF738370000-0x00007FF7386C4000-memory.dmp

Filesize
3.3MB

Download
memory/1124-163-0x00007FF738370000-0x00007FF7386C4000-memory.dmp

Filesize
3.3MB

Download
memory/1300-105-0x00007FF6F4CB0000-0x00007FF6F5004000-memory.dmp

Filesize
3.3MB

Download
memory/1300-2140-0x00007FF6F4CB0000-0x00007FF6F5004000-memory.dmp

Filesize
3.3MB

Download
memory/1384-2147-0x00007FF7D63C0000-0x00007FF7D6714000-memory.dmp

Filesize
3.3MB

Download
memory/1384-153-0x00007FF7D63C0000-0x00007FF7D6714000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2123-0x00007FF6904E0000-0x00007FF690834000-memory.dmp

Filesize
3.3MB

Download
memory/1644-41-0x00007FF6904E0000-0x00007FF690834000-memory.dmp

Filesize
3.3MB

Download
memory/1644-2131-0x00007FF6904E0000-0x00007FF690834000-memory.dmp

Filesize
3.3MB

Download
memory/1688-2126-0x00007FF654020000-0x00007FF654374000-memory.dmp

Filesize
3.3MB

Download
memory/1688-2138-0x00007FF654020000-0x00007FF654374000-memory.dmp

Filesize
3.3MB

Download
memory/1688-84-0x00007FF654020000-0x00007FF654374000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2143-0x00007FF6243D0000-0x00007FF624724000-memory.dmp

Filesize
3.3MB

Download
memory/1692-166-0x00007FF6243D0000-0x00007FF624724000-memory.dmp

Filesize
3.3MB

Download
memory/1864-161-0x00007FF726CF0000-0x00007FF727044000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2145-0x00007FF726CF0000-0x00007FF727044000-memory.dmp

Filesize
3.3MB

Download
memory/2136-28-0x00007FF756310000-0x00007FF756664000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2127-0x00007FF756310000-0x00007FF756664000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2133-0x00007FF642850000-0x00007FF642BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-55-0x00007FF642850000-0x00007FF642BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-2129-0x00007FF7773B0000-0x00007FF777704000-memory.dmp

Filesize
3.3MB

Download
memory/2284-51-0x00007FF7773B0000-0x00007FF777704000-memory.dmp

Filesize
3.3MB

Download
memory/2324-209-0x00007FF768C70000-0x00007FF768FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2156-0x00007FF768C70000-0x00007FF768FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2136-0x00007FF768C70000-0x00007FF768FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-2149-0x00007FF74B660000-0x00007FF74B9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-169-0x00007FF74B660000-0x00007FF74B9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2134-0x00007FF7B70F0000-0x00007FF7B7444000-memory.dmp

Filesize
3.3MB

Download
memory/2536-56-0x00007FF7B70F0000-0x00007FF7B7444000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2154-0x00007FF6DA340000-0x00007FF6DA694000-memory.dmp

Filesize
3.3MB

Download
memory/2776-138-0x00007FF6DA340000-0x00007FF6DA694000-memory.dmp

Filesize
3.3MB

Download
memory/2940-2130-0x00007FF7D7C50000-0x00007FF7D7FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-36-0x00007FF7D7C50000-0x00007FF7D7FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-165-0x00007FF7F97D0000-0x00007FF7F9B24000-memory.dmp

Filesize
3.3MB

Download
memory/2952-2141-0x00007FF7F97D0000-0x00007FF7F9B24000-memory.dmp

Filesize
3.3MB

Download
memory/3152-160-0x00007FF6CFAA0000-0x00007FF6CFDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3152-2148-0x00007FF6CFAA0000-0x00007FF6CFDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3252-2151-0x00007FF797630000-0x00007FF797984000-memory.dmp

Filesize
3.3MB

Download
memory/3252-164-0x00007FF797630000-0x00007FF797984000-memory.dmp

Filesize
3.3MB

Download
memory/3404-2132-0x00007FF6DFA20000-0x00007FF6DFD74000-memory.dmp

Filesize
3.3MB

Download
memory/3404-54-0x00007FF6DFA20000-0x00007FF6DFD74000-memory.dmp

Filesize
3.3MB

Download
memory/3504-168-0x00007FF76DCE0000-0x00007FF76E034000-memory.dmp

Filesize
3.3MB

Download
memory/3504-2142-0x00007FF76DCE0000-0x00007FF76E034000-memory.dmp

Filesize
3.3MB

Download
memory/3800-2124-0x00007FF76A000000-0x00007FF76A354000-memory.dmp

Filesize
3.3MB

Download
memory/3800-2135-0x00007FF76A000000-0x00007FF76A354000-memory.dmp

Filesize
3.3MB

Download
memory/3800-46-0x00007FF76A000000-0x00007FF76A354000-memory.dmp

Filesize
3.3MB

Download
memory/4032-146-0x00007FF71F0E0000-0x00007FF71F434000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2152-0x00007FF71F0E0000-0x00007FF71F434000-memory.dmp

Filesize
3.3MB

Download
memory/4148-2144-0x00007FF7EF540000-0x00007FF7EF894000-memory.dmp

Filesize
3.3MB

Download
memory/4148-170-0x00007FF7EF540000-0x00007FF7EF894000-memory.dmp

Filesize
3.3MB

Download
memory/4152-2139-0x00007FF787D90000-0x00007FF7880E4000-memory.dmp

Filesize
3.3MB

Download
memory/4152-108-0x00007FF787D90000-0x00007FF7880E4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-2153-0x00007FF628770000-0x00007FF628AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4156-139-0x00007FF628770000-0x00007FF628AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-13-0x00007FF62E9C0000-0x00007FF62ED14000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2128-0x00007FF62E9C0000-0x00007FF62ED14000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2122-0x00007FF7C2520000-0x00007FF7C2874000-memory.dmp

Filesize
3.3MB

Download
memory/4632-1-0x000002914B630000-0x000002914B640000-memory.dmp

Filesize
64KB

Download
memory/4632-0-0x00007FF7C2520000-0x00007FF7C2874000-memory.dmp

Filesize
3.3MB

Download
memory/4844-2146-0x00007FF7DB790000-0x00007FF7DBAE4000-memory.dmp

Filesize
3.3MB

Download
memory/4844-162-0x00007FF7DB790000-0x00007FF7DBAE4000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2137-0x00007FF751810000-0x00007FF751B64000-memory.dmp

Filesize
3.3MB

Download
memory/5000-2125-0x00007FF751810000-0x00007FF751B64000-memory.dmp

Filesize
3.3MB

Download
memory/5000-78-0x00007FF751810000-0x00007FF751B64000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads