kpot | 29530fe9bc7c162a5646d7c6476eacb2639f7eb3aa6dd2ea14ecf7e06c65b642

Analysis

max time kernel
105s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
Size

2.0MB
MD5

6a590ffc87f07e058fced83cae3f9280
SHA1

f64c75641b751ba5e670277e5c972731698bd0c2
SHA256

29530fe9bc7c162a5646d7c6476eacb2639f7eb3aa6dd2ea14ecf7e06c65b642
SHA512

83f2afc6bbcbcc27258961271514e803c365dccf7e1cedeca8cf5b8db4aab963ceab3b1e2eadc64b230957ba0b178f4589bc5847a1b9e326548a03e83b36088c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3Q:BemTLkNdfE0pZrwo

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000700000002327d-4.dat	family_kpot
behavioral2/files/0x0008000000023413-8.dat	family_kpot
behavioral2/files/0x0007000000023417-7.dat	family_kpot
behavioral2/files/0x0007000000023418-23.dat	family_kpot
behavioral2/files/0x0007000000023419-27.dat	family_kpot
behavioral2/files/0x000700000002341a-35.dat	family_kpot
behavioral2/files/0x000700000002341b-40.dat	family_kpot
behavioral2/files/0x000700000002341f-61.dat	family_kpot
behavioral2/files/0x0007000000023420-66.dat	family_kpot
behavioral2/files/0x0007000000023421-67.dat	family_kpot
behavioral2/files/0x0007000000023423-89.dat	family_kpot
behavioral2/files/0x0007000000023425-99.dat	family_kpot
behavioral2/files/0x000700000002342b-121.dat	family_kpot
behavioral2/files/0x0007000000023435-171.dat	family_kpot
behavioral2/files/0x0007000000023433-169.dat	family_kpot
behavioral2/files/0x0007000000023434-166.dat	family_kpot
behavioral2/files/0x0007000000023432-164.dat	family_kpot
behavioral2/files/0x0007000000023431-159.dat	family_kpot
behavioral2/files/0x0007000000023430-154.dat	family_kpot
behavioral2/files/0x000700000002342f-149.dat	family_kpot
behavioral2/files/0x000700000002342e-144.dat	family_kpot
behavioral2/files/0x000700000002342d-139.dat	family_kpot
behavioral2/files/0x000700000002342c-135.dat	family_kpot
behavioral2/files/0x000700000002342a-124.dat	family_kpot
behavioral2/files/0x0007000000023429-119.dat	family_kpot
behavioral2/files/0x0007000000023428-114.dat	family_kpot
behavioral2/files/0x0007000000023427-109.dat	family_kpot
behavioral2/files/0x0007000000023426-104.dat	family_kpot
behavioral2/files/0x0007000000023424-94.dat	family_kpot
behavioral2/files/0x0007000000023422-84.dat	family_kpot
behavioral2/files/0x0008000000023414-59.dat	family_kpot
behavioral2/files/0x000700000002341e-55.dat	family_kpot
behavioral2/files/0x000700000002341d-49.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4548-0-0x00007FF7F9ED0000-0x00007FF7FA224000-memory.dmp	xmrig
behavioral2/files/0x000700000002327d-4.dat	xmrig
behavioral2/files/0x0008000000023413-8.dat	xmrig
behavioral2/files/0x0007000000023417-7.dat	xmrig
behavioral2/memory/4840-15-0x00007FF7DD6C0000-0x00007FF7DDA14000-memory.dmp	xmrig
behavioral2/memory/2180-10-0x00007FF7A0330000-0x00007FF7A0684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-23.dat	xmrig
behavioral2/files/0x0007000000023419-27.dat	xmrig
behavioral2/memory/3176-30-0x00007FF791060000-0x00007FF7913B4000-memory.dmp	xmrig
behavioral2/memory/4100-33-0x00007FF7287C0000-0x00007FF728B14000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-35.dat	xmrig
behavioral2/files/0x000700000002341b-40.dat	xmrig
behavioral2/files/0x000700000002341f-61.dat	xmrig
behavioral2/files/0x0007000000023420-66.dat	xmrig
behavioral2/files/0x0007000000023421-67.dat	xmrig
behavioral2/files/0x0007000000023423-89.dat	xmrig
behavioral2/files/0x0007000000023425-99.dat	xmrig
behavioral2/files/0x000700000002342b-121.dat	xmrig
behavioral2/memory/3056-465-0x00007FF6054C0000-0x00007FF605814000-memory.dmp	xmrig
behavioral2/memory/3528-466-0x00007FF61F4A0000-0x00007FF61F7F4000-memory.dmp	xmrig
behavioral2/memory/3436-468-0x00007FF7E99A0000-0x00007FF7E9CF4000-memory.dmp	xmrig
behavioral2/memory/2512-470-0x00007FF6B3400000-0x00007FF6B3754000-memory.dmp	xmrig
behavioral2/memory/1272-469-0x00007FF691A70000-0x00007FF691DC4000-memory.dmp	xmrig
behavioral2/memory/3108-471-0x00007FF7EAE00000-0x00007FF7EB154000-memory.dmp	xmrig
behavioral2/memory/1720-472-0x00007FF7606C0000-0x00007FF760A14000-memory.dmp	xmrig
behavioral2/memory/4348-473-0x00007FF6944F0000-0x00007FF694844000-memory.dmp	xmrig
behavioral2/memory/4032-467-0x00007FF679E90000-0x00007FF67A1E4000-memory.dmp	xmrig
behavioral2/memory/3152-474-0x00007FF77D690000-0x00007FF77D9E4000-memory.dmp	xmrig
behavioral2/memory/2820-486-0x00007FF7964D0000-0x00007FF796824000-memory.dmp	xmrig
behavioral2/memory/2612-514-0x00007FF7DAC20000-0x00007FF7DAF74000-memory.dmp	xmrig
behavioral2/memory/2572-521-0x00007FF704D30000-0x00007FF705084000-memory.dmp	xmrig
behavioral2/memory/2296-515-0x00007FF6C83F0000-0x00007FF6C8744000-memory.dmp	xmrig
behavioral2/memory/2284-507-0x00007FF75AFE0000-0x00007FF75B334000-memory.dmp	xmrig
behavioral2/memory/2468-503-0x00007FF7F0D80000-0x00007FF7F10D4000-memory.dmp	xmrig
behavioral2/memory/2964-499-0x00007FF744210000-0x00007FF744564000-memory.dmp	xmrig
behavioral2/memory/3696-496-0x00007FF670B10000-0x00007FF670E64000-memory.dmp	xmrig
behavioral2/memory/3872-489-0x00007FF6BA0A0000-0x00007FF6BA3F4000-memory.dmp	xmrig
behavioral2/memory/4996-483-0x00007FF6FE6E0000-0x00007FF6FEA34000-memory.dmp	xmrig
behavioral2/memory/4832-475-0x00007FF740750000-0x00007FF740AA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-171.dat	xmrig
behavioral2/files/0x0007000000023433-169.dat	xmrig
behavioral2/files/0x0007000000023434-166.dat	xmrig
behavioral2/files/0x0007000000023432-164.dat	xmrig
behavioral2/files/0x0007000000023431-159.dat	xmrig
behavioral2/files/0x0007000000023430-154.dat	xmrig
behavioral2/files/0x000700000002342f-149.dat	xmrig
behavioral2/files/0x000700000002342e-144.dat	xmrig
behavioral2/files/0x000700000002342d-139.dat	xmrig
behavioral2/files/0x000700000002342c-135.dat	xmrig
behavioral2/files/0x000700000002342a-124.dat	xmrig
behavioral2/files/0x0007000000023429-119.dat	xmrig
behavioral2/files/0x0007000000023428-114.dat	xmrig
behavioral2/files/0x0007000000023427-109.dat	xmrig
behavioral2/files/0x0007000000023426-104.dat	xmrig
behavioral2/files/0x0007000000023424-94.dat	xmrig
behavioral2/files/0x0007000000023422-84.dat	xmrig
behavioral2/memory/1864-69-0x00007FF64DCE0000-0x00007FF64E034000-memory.dmp	xmrig
behavioral2/memory/3004-68-0x00007FF728480000-0x00007FF7287D4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023414-59.dat	xmrig
behavioral2/files/0x000700000002341e-55.dat	xmrig
behavioral2/files/0x000700000002341d-49.dat	xmrig
behavioral2/memory/4504-42-0x00007FF7475B0000-0x00007FF747904000-memory.dmp	xmrig
behavioral2/memory/408-39-0x00007FF6C1D80000-0x00007FF6C20D4000-memory.dmp	xmrig
behavioral2/memory/4840-2086-0x00007FF7DD6C0000-0x00007FF7DDA14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2180	VVFzVCG.exe
4840	xesWblA.exe
3176	XXemaKz.exe
408	PgLyQBT.exe
4100	ApQsSUV.exe
2284	hysgHNP.exe
4504	HYOwNZU.exe
2612	KTyxYEE.exe
3004	KehaeGs.exe
1864	bGhsXzZ.exe
3056	RxfNNuW.exe
2296	lWzlSEM.exe
3528	LqtEkVl.exe
2572	SIeSCoz.exe
4032	keXLpTh.exe
3436	KQXyJhx.exe
1272	lcVEQHg.exe
2512	BsAgjWb.exe
3108	VFohiLZ.exe
1720	MukqTps.exe
4348	twDzWiy.exe
3152	OlaZISi.exe
4832	DnVmkNL.exe
4996	fCbyKvC.exe
2820	YktdHQQ.exe
3872	WhLEfSI.exe
3696	VmLCXHL.exe
2964	ZqXWnev.exe
2468	sFeaZif.exe
3668	irteTcM.exe
3656	xGMUXUD.exe
4136	VbGZwkZ.exe
1308	eJVbAze.exe
1660	JpdByfR.exe
1680	TQqbBgi.exe
2752	ymTYKuT.exe
3432	ufVAORh.exe
5016	CVnAkJo.exe
852	eKUynyX.exe
4712	sJwwNRy.exe
4980	fBTNRbS.exe
3548	hKjxLZt.exe
3032	uYXKthq.exe
2776	CxoZVlY.exe
2840	aAUgRVy.exe
552	btBtplI.exe
2720	YFWDeOn.exe
116	ihyTAgs.exe
3564	KGixSmL.exe
516	ZNgaqpa.exe
2756	WZUBKvr.exe
3476	EEyqGwk.exe
4924	UPmOrrF.exe
1524	SuSXjci.exe
1644	PBaCQkQ.exe
4716	sGwsCxN.exe
3612	wAtZrtm.exe
2748	oSZfjoG.exe
2460	axbIzxd.exe
3744	mpRyaki.exe
696	PsjVJwN.exe
4336	WwPzUuv.exe
4152	sYExPFh.exe
5020	JtWBkXz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4548-0-0x00007FF7F9ED0000-0x00007FF7FA224000-memory.dmp	upx
behavioral2/files/0x000700000002327d-4.dat	upx
behavioral2/files/0x0008000000023413-8.dat	upx
behavioral2/files/0x0007000000023417-7.dat	upx
behavioral2/memory/4840-15-0x00007FF7DD6C0000-0x00007FF7DDA14000-memory.dmp	upx
behavioral2/memory/2180-10-0x00007FF7A0330000-0x00007FF7A0684000-memory.dmp	upx
behavioral2/files/0x0007000000023418-23.dat	upx
behavioral2/files/0x0007000000023419-27.dat	upx
behavioral2/memory/3176-30-0x00007FF791060000-0x00007FF7913B4000-memory.dmp	upx
behavioral2/memory/4100-33-0x00007FF7287C0000-0x00007FF728B14000-memory.dmp	upx
behavioral2/files/0x000700000002341a-35.dat	upx
behavioral2/files/0x000700000002341b-40.dat	upx
behavioral2/files/0x000700000002341f-61.dat	upx
behavioral2/files/0x0007000000023420-66.dat	upx
behavioral2/files/0x0007000000023421-67.dat	upx
behavioral2/files/0x0007000000023423-89.dat	upx
behavioral2/files/0x0007000000023425-99.dat	upx
behavioral2/files/0x000700000002342b-121.dat	upx
behavioral2/memory/3056-465-0x00007FF6054C0000-0x00007FF605814000-memory.dmp	upx
behavioral2/memory/3528-466-0x00007FF61F4A0000-0x00007FF61F7F4000-memory.dmp	upx
behavioral2/memory/3436-468-0x00007FF7E99A0000-0x00007FF7E9CF4000-memory.dmp	upx
behavioral2/memory/2512-470-0x00007FF6B3400000-0x00007FF6B3754000-memory.dmp	upx
behavioral2/memory/1272-469-0x00007FF691A70000-0x00007FF691DC4000-memory.dmp	upx
behavioral2/memory/3108-471-0x00007FF7EAE00000-0x00007FF7EB154000-memory.dmp	upx
behavioral2/memory/1720-472-0x00007FF7606C0000-0x00007FF760A14000-memory.dmp	upx
behavioral2/memory/4348-473-0x00007FF6944F0000-0x00007FF694844000-memory.dmp	upx
behavioral2/memory/4032-467-0x00007FF679E90000-0x00007FF67A1E4000-memory.dmp	upx
behavioral2/memory/3152-474-0x00007FF77D690000-0x00007FF77D9E4000-memory.dmp	upx
behavioral2/memory/2820-486-0x00007FF7964D0000-0x00007FF796824000-memory.dmp	upx
behavioral2/memory/2612-514-0x00007FF7DAC20000-0x00007FF7DAF74000-memory.dmp	upx
behavioral2/memory/2572-521-0x00007FF704D30000-0x00007FF705084000-memory.dmp	upx
behavioral2/memory/2296-515-0x00007FF6C83F0000-0x00007FF6C8744000-memory.dmp	upx
behavioral2/memory/2284-507-0x00007FF75AFE0000-0x00007FF75B334000-memory.dmp	upx
behavioral2/memory/2468-503-0x00007FF7F0D80000-0x00007FF7F10D4000-memory.dmp	upx
behavioral2/memory/2964-499-0x00007FF744210000-0x00007FF744564000-memory.dmp	upx
behavioral2/memory/3696-496-0x00007FF670B10000-0x00007FF670E64000-memory.dmp	upx
behavioral2/memory/3872-489-0x00007FF6BA0A0000-0x00007FF6BA3F4000-memory.dmp	upx
behavioral2/memory/4996-483-0x00007FF6FE6E0000-0x00007FF6FEA34000-memory.dmp	upx
behavioral2/memory/4832-475-0x00007FF740750000-0x00007FF740AA4000-memory.dmp	upx
behavioral2/files/0x0007000000023435-171.dat	upx
behavioral2/files/0x0007000000023433-169.dat	upx
behavioral2/files/0x0007000000023434-166.dat	upx
behavioral2/files/0x0007000000023432-164.dat	upx
behavioral2/files/0x0007000000023431-159.dat	upx
behavioral2/files/0x0007000000023430-154.dat	upx
behavioral2/files/0x000700000002342f-149.dat	upx
behavioral2/files/0x000700000002342e-144.dat	upx
behavioral2/files/0x000700000002342d-139.dat	upx
behavioral2/files/0x000700000002342c-135.dat	upx
behavioral2/files/0x000700000002342a-124.dat	upx
behavioral2/files/0x0007000000023429-119.dat	upx
behavioral2/files/0x0007000000023428-114.dat	upx
behavioral2/files/0x0007000000023427-109.dat	upx
behavioral2/files/0x0007000000023426-104.dat	upx
behavioral2/files/0x0007000000023424-94.dat	upx
behavioral2/files/0x0007000000023422-84.dat	upx
behavioral2/memory/1864-69-0x00007FF64DCE0000-0x00007FF64E034000-memory.dmp	upx
behavioral2/memory/3004-68-0x00007FF728480000-0x00007FF7287D4000-memory.dmp	upx
behavioral2/files/0x0008000000023414-59.dat	upx
behavioral2/files/0x000700000002341e-55.dat	upx
behavioral2/files/0x000700000002341d-49.dat	upx
behavioral2/memory/4504-42-0x00007FF7475B0000-0x00007FF747904000-memory.dmp	upx
behavioral2/memory/408-39-0x00007FF6C1D80000-0x00007FF6C20D4000-memory.dmp	upx
behavioral2/memory/4840-2086-0x00007FF7DD6C0000-0x00007FF7DDA14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aJdJtTz.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\HHoDcqr.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\qrPXwIA.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\kHsSwUL.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\skGExKl.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\lzTOTom.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\liTKnWw.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\nGpkrrT.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\fSsVPeN.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\yCYlRIV.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\hgCGWDF.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\flhpBvX.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\PAKBMsb.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\XjoWbQY.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\eSFhhEf.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\YGGiDzC.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\SsiWxaJ.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\ssIEDAI.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\rislmQS.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\KlCmIXn.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\ITcyrJE.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\bCGBYVc.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\atVUBmj.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\JudRUUn.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\jXdRCTA.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\IyjQpsQ.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\gxYnvRC.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\zhxWkkg.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\TBPaPEw.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\bJJbeci.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\YvBMOqe.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\TlCsOPq.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\plnREdu.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\PerILaH.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\qDWgxnP.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\DjFUjpt.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\GkxVgwI.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\lvfciTp.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\VtlLMnQ.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\mMihssq.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\iKSqScS.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\sjcIaeG.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\IXCfqvZ.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\TSfZAja.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\SIenQbV.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\oNhJXGB.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\KRIeiKb.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\HFoIiQR.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\RgbXJrZ.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\iEawGZF.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\KRHMjUl.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\sDaJMIY.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\xoROLjB.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\TqIqezb.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\XTBQFHX.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\NePWLsh.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\KqtNAJY.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\bYBBCnY.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\oRIbKoB.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\MbZFDXz.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\hKjxLZt.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\CtQdwop.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\iaVYKqH.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
File created	C:\Windows\System\aZcChQj.exe	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4232	dwm.exe
Token: SeChangeNotifyPrivilege	4232	dwm.exe
Token: 33	4232	dwm.exe
Token: SeIncBasePriorityPrivilege	4232	dwm.exe
Token: SeShutdownPrivilege	4232	dwm.exe
Token: SeCreatePagefilePrivilege	4232	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 2180	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	83
PID 4548 wrote to memory of 2180	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	83
PID 4548 wrote to memory of 4840	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	84
PID 4548 wrote to memory of 4840	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	84
PID 4548 wrote to memory of 3176	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	85
PID 4548 wrote to memory of 3176	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	85
PID 4548 wrote to memory of 408	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	86
PID 4548 wrote to memory of 408	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	86
PID 4548 wrote to memory of 4100	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	87
PID 4548 wrote to memory of 4100	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	87
PID 4548 wrote to memory of 2284	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	88
PID 4548 wrote to memory of 2284	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	88
PID 4548 wrote to memory of 4504	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	89
PID 4548 wrote to memory of 4504	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	89
PID 4548 wrote to memory of 2612	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	91
PID 4548 wrote to memory of 2612	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	91
PID 4548 wrote to memory of 3004	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	92
PID 4548 wrote to memory of 3004	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	92
PID 4548 wrote to memory of 1864	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	93
PID 4548 wrote to memory of 1864	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	93
PID 4548 wrote to memory of 3056	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	94
PID 4548 wrote to memory of 3056	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	94
PID 4548 wrote to memory of 2296	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	95
PID 4548 wrote to memory of 2296	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	95
PID 4548 wrote to memory of 3528	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	96
PID 4548 wrote to memory of 3528	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	96
PID 4548 wrote to memory of 2572	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	97
PID 4548 wrote to memory of 2572	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	97
PID 4548 wrote to memory of 4032	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	98
PID 4548 wrote to memory of 4032	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	98
PID 4548 wrote to memory of 3436	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	99
PID 4548 wrote to memory of 3436	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	99
PID 4548 wrote to memory of 1272	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	100
PID 4548 wrote to memory of 1272	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	100
PID 4548 wrote to memory of 2512	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	101
PID 4548 wrote to memory of 2512	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	101
PID 4548 wrote to memory of 3108	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	102
PID 4548 wrote to memory of 3108	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	102
PID 4548 wrote to memory of 1720	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	103
PID 4548 wrote to memory of 1720	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	103
PID 4548 wrote to memory of 4348	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	104
PID 4548 wrote to memory of 4348	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	104
PID 4548 wrote to memory of 3152	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	105
PID 4548 wrote to memory of 3152	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	105
PID 4548 wrote to memory of 4832	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	106
PID 4548 wrote to memory of 4832	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	106
PID 4548 wrote to memory of 4996	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	107
PID 4548 wrote to memory of 4996	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	107
PID 4548 wrote to memory of 2820	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	108
PID 4548 wrote to memory of 2820	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	108
PID 4548 wrote to memory of 3872	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	109
PID 4548 wrote to memory of 3872	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	109
PID 4548 wrote to memory of 3696	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	110
PID 4548 wrote to memory of 3696	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	110
PID 4548 wrote to memory of 2964	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	111
PID 4548 wrote to memory of 2964	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	111
PID 4548 wrote to memory of 2468	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	112
PID 4548 wrote to memory of 2468	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	112
PID 4548 wrote to memory of 3668	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	113
PID 4548 wrote to memory of 3668	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	113
PID 4548 wrote to memory of 3656	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	114
PID 4548 wrote to memory of 3656	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	114
PID 4548 wrote to memory of 4136	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	115
PID 4548 wrote to memory of 4136	4548	6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a590ffc87f07e058fced83cae3f9280_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Windows\System\VVFzVCG.exe
  C:\Windows\System\VVFzVCG.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\xesWblA.exe
  C:\Windows\System\xesWblA.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\XXemaKz.exe
  C:\Windows\System\XXemaKz.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\PgLyQBT.exe
  C:\Windows\System\PgLyQBT.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\ApQsSUV.exe
  C:\Windows\System\ApQsSUV.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\hysgHNP.exe
  C:\Windows\System\hysgHNP.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\HYOwNZU.exe
  C:\Windows\System\HYOwNZU.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\KTyxYEE.exe
  C:\Windows\System\KTyxYEE.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\KehaeGs.exe
  C:\Windows\System\KehaeGs.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\bGhsXzZ.exe
  C:\Windows\System\bGhsXzZ.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\RxfNNuW.exe
  C:\Windows\System\RxfNNuW.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\lWzlSEM.exe
  C:\Windows\System\lWzlSEM.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\LqtEkVl.exe
  C:\Windows\System\LqtEkVl.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\SIeSCoz.exe
  C:\Windows\System\SIeSCoz.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\keXLpTh.exe
  C:\Windows\System\keXLpTh.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\KQXyJhx.exe
  C:\Windows\System\KQXyJhx.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\lcVEQHg.exe
  C:\Windows\System\lcVEQHg.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\BsAgjWb.exe
  C:\Windows\System\BsAgjWb.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\VFohiLZ.exe
  C:\Windows\System\VFohiLZ.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\MukqTps.exe
  C:\Windows\System\MukqTps.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\twDzWiy.exe
  C:\Windows\System\twDzWiy.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\OlaZISi.exe
  C:\Windows\System\OlaZISi.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\DnVmkNL.exe
  C:\Windows\System\DnVmkNL.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\fCbyKvC.exe
  C:\Windows\System\fCbyKvC.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\YktdHQQ.exe
  C:\Windows\System\YktdHQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\WhLEfSI.exe
  C:\Windows\System\WhLEfSI.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\VmLCXHL.exe
  C:\Windows\System\VmLCXHL.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\ZqXWnev.exe
  C:\Windows\System\ZqXWnev.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\sFeaZif.exe
  C:\Windows\System\sFeaZif.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\irteTcM.exe
  C:\Windows\System\irteTcM.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\xGMUXUD.exe
  C:\Windows\System\xGMUXUD.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\VbGZwkZ.exe
  C:\Windows\System\VbGZwkZ.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\eJVbAze.exe
  C:\Windows\System\eJVbAze.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\JpdByfR.exe
  C:\Windows\System\JpdByfR.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\TQqbBgi.exe
  C:\Windows\System\TQqbBgi.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\ymTYKuT.exe
  C:\Windows\System\ymTYKuT.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ufVAORh.exe
  C:\Windows\System\ufVAORh.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\CVnAkJo.exe
  C:\Windows\System\CVnAkJo.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\eKUynyX.exe
  C:\Windows\System\eKUynyX.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\sJwwNRy.exe
  C:\Windows\System\sJwwNRy.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\fBTNRbS.exe
  C:\Windows\System\fBTNRbS.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\hKjxLZt.exe
  C:\Windows\System\hKjxLZt.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\uYXKthq.exe
  C:\Windows\System\uYXKthq.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\CxoZVlY.exe
  C:\Windows\System\CxoZVlY.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\aAUgRVy.exe
  C:\Windows\System\aAUgRVy.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\btBtplI.exe
  C:\Windows\System\btBtplI.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\YFWDeOn.exe
  C:\Windows\System\YFWDeOn.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\ihyTAgs.exe
  C:\Windows\System\ihyTAgs.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\KGixSmL.exe
  C:\Windows\System\KGixSmL.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\ZNgaqpa.exe
  C:\Windows\System\ZNgaqpa.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\WZUBKvr.exe
  C:\Windows\System\WZUBKvr.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\EEyqGwk.exe
  C:\Windows\System\EEyqGwk.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\UPmOrrF.exe
  C:\Windows\System\UPmOrrF.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\SuSXjci.exe
  C:\Windows\System\SuSXjci.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\PBaCQkQ.exe
  C:\Windows\System\PBaCQkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\sGwsCxN.exe
  C:\Windows\System\sGwsCxN.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\wAtZrtm.exe
  C:\Windows\System\wAtZrtm.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\oSZfjoG.exe
  C:\Windows\System\oSZfjoG.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\axbIzxd.exe
  C:\Windows\System\axbIzxd.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\mpRyaki.exe
  C:\Windows\System\mpRyaki.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\PsjVJwN.exe
  C:\Windows\System\PsjVJwN.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\WwPzUuv.exe
  C:\Windows\System\WwPzUuv.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\sYExPFh.exe
  C:\Windows\System\sYExPFh.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\JtWBkXz.exe
  C:\Windows\System\JtWBkXz.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\HnnPacV.exe
  C:\Windows\System\HnnPacV.exe
  2⤵
  PID:3948
- C:\Windows\System\WZkPxwq.exe
  C:\Windows\System\WZkPxwq.exe
  2⤵
  PID:4184
- C:\Windows\System\bWVNEtx.exe
  C:\Windows\System\bWVNEtx.exe
  2⤵
  PID:1416
- C:\Windows\System\UjOhdiW.exe
  C:\Windows\System\UjOhdiW.exe
  2⤵
  PID:1352
- C:\Windows\System\XIpGhof.exe
  C:\Windows\System\XIpGhof.exe
  2⤵
  PID:2060
- C:\Windows\System\mJAAgmd.exe
  C:\Windows\System\mJAAgmd.exe
  2⤵
  PID:4516
- C:\Windows\System\PZcinSY.exe
  C:\Windows\System\PZcinSY.exe
  2⤵
  PID:2196
- C:\Windows\System\gZzAMeS.exe
  C:\Windows\System\gZzAMeS.exe
  2⤵
  PID:3980
- C:\Windows\System\jPRpmGt.exe
  C:\Windows\System\jPRpmGt.exe
  2⤵
  PID:2368
- C:\Windows\System\IcxygnK.exe
  C:\Windows\System\IcxygnK.exe
  2⤵
  PID:2260
- C:\Windows\System\eiMUIiN.exe
  C:\Windows\System\eiMUIiN.exe
  2⤵
  PID:1324
- C:\Windows\System\qBSsHOy.exe
  C:\Windows\System\qBSsHOy.exe
  2⤵
  PID:4452
- C:\Windows\System\uCJbLxu.exe
  C:\Windows\System\uCJbLxu.exe
  2⤵
  PID:4624
- C:\Windows\System\VBQupjt.exe
  C:\Windows\System\VBQupjt.exe
  2⤵
  PID:3388
- C:\Windows\System\xZCQZYH.exe
  C:\Windows\System\xZCQZYH.exe
  2⤵
  PID:2432
- C:\Windows\System\mPBgNvR.exe
  C:\Windows\System\mPBgNvR.exe
  2⤵
  PID:5100
- C:\Windows\System\oMjIqTz.exe
  C:\Windows\System\oMjIqTz.exe
  2⤵
  PID:1996
- C:\Windows\System\nBMlOJG.exe
  C:\Windows\System\nBMlOJG.exe
  2⤵
  PID:1216
- C:\Windows\System\QgRuIcf.exe
  C:\Windows\System\QgRuIcf.exe
  2⤵
  PID:2452
- C:\Windows\System\YmEQPVJ.exe
  C:\Windows\System\YmEQPVJ.exe
  2⤵
  PID:5096
- C:\Windows\System\EbVAets.exe
  C:\Windows\System\EbVAets.exe
  2⤵
  PID:2308
- C:\Windows\System\vLezxBA.exe
  C:\Windows\System\vLezxBA.exe
  2⤵
  PID:3972
- C:\Windows\System\cxIvAUk.exe
  C:\Windows\System\cxIvAUk.exe
  2⤵
  PID:3848
- C:\Windows\System\dusVjWs.exe
  C:\Windows\System\dusVjWs.exe
  2⤵
  PID:2520
- C:\Windows\System\ntavtPF.exe
  C:\Windows\System\ntavtPF.exe
  2⤵
  PID:540
- C:\Windows\System\YFcofvv.exe
  C:\Windows\System\YFcofvv.exe
  2⤵
  PID:2236
- C:\Windows\System\QWCKJnY.exe
  C:\Windows\System\QWCKJnY.exe
  2⤵
  PID:5124
- C:\Windows\System\IXCfqvZ.exe
  C:\Windows\System\IXCfqvZ.exe
  2⤵
  PID:5148
- C:\Windows\System\kKpMZLB.exe
  C:\Windows\System\kKpMZLB.exe
  2⤵
  PID:5176
- C:\Windows\System\vRLrQYE.exe
  C:\Windows\System\vRLrQYE.exe
  2⤵
  PID:5204
- C:\Windows\System\OkaGAuO.exe
  C:\Windows\System\OkaGAuO.exe
  2⤵
  PID:5236
- C:\Windows\System\RWLqAAp.exe
  C:\Windows\System\RWLqAAp.exe
  2⤵
  PID:5264
- C:\Windows\System\HfMqgmE.exe
  C:\Windows\System\HfMqgmE.exe
  2⤵
  PID:5292
- C:\Windows\System\uRGEJTj.exe
  C:\Windows\System\uRGEJTj.exe
  2⤵
  PID:5320
- C:\Windows\System\XVbunAM.exe
  C:\Windows\System\XVbunAM.exe
  2⤵
  PID:5348
- C:\Windows\System\OSrrfXp.exe
  C:\Windows\System\OSrrfXp.exe
  2⤵
  PID:5376
- C:\Windows\System\PEgOHxI.exe
  C:\Windows\System\PEgOHxI.exe
  2⤵
  PID:5400
- C:\Windows\System\mkUwkTR.exe
  C:\Windows\System\mkUwkTR.exe
  2⤵
  PID:5432
- C:\Windows\System\CpBKHKD.exe
  C:\Windows\System\CpBKHKD.exe
  2⤵
  PID:5460
- C:\Windows\System\RMIcaVY.exe
  C:\Windows\System\RMIcaVY.exe
  2⤵
  PID:5488
- C:\Windows\System\VDbKzHv.exe
  C:\Windows\System\VDbKzHv.exe
  2⤵
  PID:5512
- C:\Windows\System\rzkPWlX.exe
  C:\Windows\System\rzkPWlX.exe
  2⤵
  PID:5540
- C:\Windows\System\ZEQRzFv.exe
  C:\Windows\System\ZEQRzFv.exe
  2⤵
  PID:5568
- C:\Windows\System\FtyqxTW.exe
  C:\Windows\System\FtyqxTW.exe
  2⤵
  PID:5600
- C:\Windows\System\JYpoBTG.exe
  C:\Windows\System\JYpoBTG.exe
  2⤵
  PID:5628
- C:\Windows\System\EoWTGGP.exe
  C:\Windows\System\EoWTGGP.exe
  2⤵
  PID:5656
- C:\Windows\System\wcSoiIc.exe
  C:\Windows\System\wcSoiIc.exe
  2⤵
  PID:5680
- C:\Windows\System\UWQISpS.exe
  C:\Windows\System\UWQISpS.exe
  2⤵
  PID:5712
- C:\Windows\System\fSsVPeN.exe
  C:\Windows\System\fSsVPeN.exe
  2⤵
  PID:5740
- C:\Windows\System\jmFAexX.exe
  C:\Windows\System\jmFAexX.exe
  2⤵
  PID:5764
- C:\Windows\System\llUbIlw.exe
  C:\Windows\System\llUbIlw.exe
  2⤵
  PID:5796
- C:\Windows\System\ecfoGkD.exe
  C:\Windows\System\ecfoGkD.exe
  2⤵
  PID:5820
- C:\Windows\System\JNnaJCU.exe
  C:\Windows\System\JNnaJCU.exe
  2⤵
  PID:5848
- C:\Windows\System\qDWgxnP.exe
  C:\Windows\System\qDWgxnP.exe
  2⤵
  PID:5880
- C:\Windows\System\dQAhyRt.exe
  C:\Windows\System\dQAhyRt.exe
  2⤵
  PID:5904
- C:\Windows\System\iiQAtdX.exe
  C:\Windows\System\iiQAtdX.exe
  2⤵
  PID:5932
- C:\Windows\System\YmZcezb.exe
  C:\Windows\System\YmZcezb.exe
  2⤵
  PID:5964
- C:\Windows\System\MAGZaYC.exe
  C:\Windows\System\MAGZaYC.exe
  2⤵
  PID:5992
- C:\Windows\System\nkiMsVz.exe
  C:\Windows\System\nkiMsVz.exe
  2⤵
  PID:6020
- C:\Windows\System\CtQdwop.exe
  C:\Windows\System\CtQdwop.exe
  2⤵
  PID:6048
- C:\Windows\System\iaVYKqH.exe
  C:\Windows\System\iaVYKqH.exe
  2⤵
  PID:6072
- C:\Windows\System\rGhfPqz.exe
  C:\Windows\System\rGhfPqz.exe
  2⤵
  PID:6104
- C:\Windows\System\sdjrcAC.exe
  C:\Windows\System\sdjrcAC.exe
  2⤵
  PID:6132
- C:\Windows\System\nergnbV.exe
  C:\Windows\System\nergnbV.exe
  2⤵
  PID:5056
- C:\Windows\System\HIneuEB.exe
  C:\Windows\System\HIneuEB.exe
  2⤵
  PID:3156
- C:\Windows\System\jRQfAaz.exe
  C:\Windows\System\jRQfAaz.exe
  2⤵
  PID:3988
- C:\Windows\System\rDFOzyf.exe
  C:\Windows\System\rDFOzyf.exe
  2⤵
  PID:5172
- C:\Windows\System\TKDUtIq.exe
  C:\Windows\System\TKDUtIq.exe
  2⤵
  PID:5220
- C:\Windows\System\WYkDtrz.exe
  C:\Windows\System\WYkDtrz.exe
  2⤵
  PID:5476
- C:\Windows\System\ZwepgYE.exe
  C:\Windows\System\ZwepgYE.exe
  2⤵
  PID:5532
- C:\Windows\System\UWwtlAE.exe
  C:\Windows\System\UWwtlAE.exe
  2⤵
  PID:5564
- C:\Windows\System\ZRZFSMT.exe
  C:\Windows\System\ZRZFSMT.exe
  2⤵
  PID:5616
- C:\Windows\System\yCYlRIV.exe
  C:\Windows\System\yCYlRIV.exe
  2⤵
  PID:5668
- C:\Windows\System\MXmDzWK.exe
  C:\Windows\System\MXmDzWK.exe
  2⤵
  PID:5756
- C:\Windows\System\zVfGdRH.exe
  C:\Windows\System\zVfGdRH.exe
  2⤵
  PID:1396
- C:\Windows\System\mGcDlKg.exe
  C:\Windows\System\mGcDlKg.exe
  2⤵
  PID:5840
- C:\Windows\System\InBsLFy.exe
  C:\Windows\System\InBsLFy.exe
  2⤵
  PID:5892
- C:\Windows\System\KKkpkOc.exe
  C:\Windows\System\KKkpkOc.exe
  2⤵
  PID:1288
- C:\Windows\System\TSfZAja.exe
  C:\Windows\System\TSfZAja.exe
  2⤵
  PID:3628
- C:\Windows\System\CvjwBIo.exe
  C:\Windows\System\CvjwBIo.exe
  2⤵
  PID:6068
- C:\Windows\System\oUvJjvz.exe
  C:\Windows\System\oUvJjvz.exe
  2⤵
  PID:3636
- C:\Windows\System\pvgYLyP.exe
  C:\Windows\System\pvgYLyP.exe
  2⤵
  PID:5144
- C:\Windows\System\zkHMrvT.exe
  C:\Windows\System\zkHMrvT.exe
  2⤵
  PID:1004
- C:\Windows\System\hePqrOf.exe
  C:\Windows\System\hePqrOf.exe
  2⤵
  PID:5500
- C:\Windows\System\rXKXqjE.exe
  C:\Windows\System\rXKXqjE.exe
  2⤵
  PID:4620
- C:\Windows\System\vswcnkz.exe
  C:\Windows\System\vswcnkz.exe
  2⤵
  PID:4248
- C:\Windows\System\fJVcZsB.exe
  C:\Windows\System\fJVcZsB.exe
  2⤵
  PID:2624
- C:\Windows\System\nzrZfPF.exe
  C:\Windows\System\nzrZfPF.exe
  2⤵
  PID:3164
- C:\Windows\System\HAGlbDU.exe
  C:\Windows\System\HAGlbDU.exe
  2⤵
  PID:2688
- C:\Windows\System\qnKtwTU.exe
  C:\Windows\System\qnKtwTU.exe
  2⤵
  PID:5728
- C:\Windows\System\DjBpwnz.exe
  C:\Windows\System\DjBpwnz.exe
  2⤵
  PID:448
- C:\Windows\System\pBgsmJM.exe
  C:\Windows\System\pBgsmJM.exe
  2⤵
  PID:6008
- C:\Windows\System\HQRxWKK.exe
  C:\Windows\System\HQRxWKK.exe
  2⤵
  PID:2912
- C:\Windows\System\OBwJdmE.exe
  C:\Windows\System\OBwJdmE.exe
  2⤵
  PID:3876
- C:\Windows\System\tsDgkCF.exe
  C:\Windows\System\tsDgkCF.exe
  2⤵
  PID:632
- C:\Windows\System\RqZIlAE.exe
  C:\Windows\System\RqZIlAE.exe
  2⤵
  PID:5592
- C:\Windows\System\OXNSwWC.exe
  C:\Windows\System\OXNSwWC.exe
  2⤵
  PID:6120
- C:\Windows\System\PCtYhba.exe
  C:\Windows\System\PCtYhba.exe
  2⤵
  PID:2008
- C:\Windows\System\nidJkfB.exe
  C:\Windows\System\nidJkfB.exe
  2⤵
  PID:4808
- C:\Windows\System\bIGGYpj.exe
  C:\Windows\System\bIGGYpj.exe
  2⤵
  PID:1228
- C:\Windows\System\YiTGCwG.exe
  C:\Windows\System\YiTGCwG.exe
  2⤵
  PID:1536
- C:\Windows\System\YGTVMeW.exe
  C:\Windows\System\YGTVMeW.exe
  2⤵
  PID:2532
- C:\Windows\System\YLRLDWI.exe
  C:\Windows\System\YLRLDWI.exe
  2⤵
  PID:6152
- C:\Windows\System\aZcChQj.exe
  C:\Windows\System\aZcChQj.exe
  2⤵
  PID:6180
- C:\Windows\System\wghEpDo.exe
  C:\Windows\System\wghEpDo.exe
  2⤵
  PID:6252
- C:\Windows\System\NkBrMoM.exe
  C:\Windows\System\NkBrMoM.exe
  2⤵
  PID:6276
- C:\Windows\System\wdTuGDe.exe
  C:\Windows\System\wdTuGDe.exe
  2⤵
  PID:6328
- C:\Windows\System\pkHrktg.exe
  C:\Windows\System\pkHrktg.exe
  2⤵
  PID:6352
- C:\Windows\System\LRbCCom.exe
  C:\Windows\System\LRbCCom.exe
  2⤵
  PID:6384
- C:\Windows\System\ZeVFiwK.exe
  C:\Windows\System\ZeVFiwK.exe
  2⤵
  PID:6408
- C:\Windows\System\VRQdFfK.exe
  C:\Windows\System\VRQdFfK.exe
  2⤵
  PID:6444
- C:\Windows\System\CQbXiCX.exe
  C:\Windows\System\CQbXiCX.exe
  2⤵
  PID:6464
- C:\Windows\System\KlCmIXn.exe
  C:\Windows\System\KlCmIXn.exe
  2⤵
  PID:6492
- C:\Windows\System\dNUMbYk.exe
  C:\Windows\System\dNUMbYk.exe
  2⤵
  PID:6520
- C:\Windows\System\LdomQGj.exe
  C:\Windows\System\LdomQGj.exe
  2⤵
  PID:6548
- C:\Windows\System\GXsyxiD.exe
  C:\Windows\System\GXsyxiD.exe
  2⤵
  PID:6576
- C:\Windows\System\yLNwxAp.exe
  C:\Windows\System\yLNwxAp.exe
  2⤵
  PID:6604
- C:\Windows\System\hgCGWDF.exe
  C:\Windows\System\hgCGWDF.exe
  2⤵
  PID:6624
- C:\Windows\System\JWZkUMe.exe
  C:\Windows\System\JWZkUMe.exe
  2⤵
  PID:6668
- C:\Windows\System\gEVWtsY.exe
  C:\Windows\System\gEVWtsY.exe
  2⤵
  PID:6688
- C:\Windows\System\JbQAyeG.exe
  C:\Windows\System\JbQAyeG.exe
  2⤵
  PID:6716
- C:\Windows\System\kgZeekx.exe
  C:\Windows\System\kgZeekx.exe
  2⤵
  PID:6752
- C:\Windows\System\HrxNRdc.exe
  C:\Windows\System\HrxNRdc.exe
  2⤵
  PID:6776
- C:\Windows\System\gHdsoQM.exe
  C:\Windows\System\gHdsoQM.exe
  2⤵
  PID:6812
- C:\Windows\System\aFvaFDj.exe
  C:\Windows\System\aFvaFDj.exe
  2⤵
  PID:6840
- C:\Windows\System\OIIeFWP.exe
  C:\Windows\System\OIIeFWP.exe
  2⤵
  PID:6872
- C:\Windows\System\dVyFkAH.exe
  C:\Windows\System\dVyFkAH.exe
  2⤵
  PID:6900
- C:\Windows\System\xoROLjB.exe
  C:\Windows\System\xoROLjB.exe
  2⤵
  PID:6932
- C:\Windows\System\EUKWqMi.exe
  C:\Windows\System\EUKWqMi.exe
  2⤵
  PID:6960
- C:\Windows\System\MLVMNyq.exe
  C:\Windows\System\MLVMNyq.exe
  2⤵
  PID:6992
- C:\Windows\System\flhpBvX.exe
  C:\Windows\System\flhpBvX.exe
  2⤵
  PID:7024
- C:\Windows\System\zwPPKPD.exe
  C:\Windows\System\zwPPKPD.exe
  2⤵
  PID:7056
- C:\Windows\System\kZjKLyr.exe
  C:\Windows\System\kZjKLyr.exe
  2⤵
  PID:7088
- C:\Windows\System\KVjlMLT.exe
  C:\Windows\System\KVjlMLT.exe
  2⤵
  PID:7116
- C:\Windows\System\baQkvsd.exe
  C:\Windows\System\baQkvsd.exe
  2⤵
  PID:7144
- C:\Windows\System\aWkcqlq.exe
  C:\Windows\System\aWkcqlq.exe
  2⤵
  PID:2816
- C:\Windows\System\Dlahhzb.exe
  C:\Windows\System\Dlahhzb.exe
  2⤵
  PID:6244
- C:\Windows\System\ITcyrJE.exe
  C:\Windows\System\ITcyrJE.exe
  2⤵
  PID:6316
- C:\Windows\System\jNJnjTP.exe
  C:\Windows\System\jNJnjTP.exe
  2⤵
  PID:6392
- C:\Windows\System\TqIqezb.exe
  C:\Windows\System\TqIqezb.exe
  2⤵
  PID:6452
- C:\Windows\System\WBlnxnZ.exe
  C:\Windows\System\WBlnxnZ.exe
  2⤵
  PID:6516
- C:\Windows\System\BlWtObM.exe
  C:\Windows\System\BlWtObM.exe
  2⤵
  PID:6572
- C:\Windows\System\zPWOPuW.exe
  C:\Windows\System\zPWOPuW.exe
  2⤵
  PID:6620
- C:\Windows\System\yfmiEQC.exe
  C:\Windows\System\yfmiEQC.exe
  2⤵
  PID:6684
- C:\Windows\System\KqtNAJY.exe
  C:\Windows\System\KqtNAJY.exe
  2⤵
  PID:6748
- C:\Windows\System\aJdJtTz.exe
  C:\Windows\System\aJdJtTz.exe
  2⤵
  PID:5336
- C:\Windows\System\iBShMKR.exe
  C:\Windows\System\iBShMKR.exe
  2⤵
  PID:6868
- C:\Windows\System\gYZEGUR.exe
  C:\Windows\System\gYZEGUR.exe
  2⤵
  PID:6916
- C:\Windows\System\BZxptIL.exe
  C:\Windows\System\BZxptIL.exe
  2⤵
  PID:6984
- C:\Windows\System\ckYlklT.exe
  C:\Windows\System\ckYlklT.exe
  2⤵
  PID:7052
- C:\Windows\System\vZpdAKD.exe
  C:\Windows\System\vZpdAKD.exe
  2⤵
  PID:7108
- C:\Windows\System\BxqIIUR.exe
  C:\Windows\System\BxqIIUR.exe
  2⤵
  PID:5648
- C:\Windows\System\RPIaUcO.exe
  C:\Windows\System\RPIaUcO.exe
  2⤵
  PID:5360
- C:\Windows\System\IhdVXTw.exe
  C:\Windows\System\IhdVXTw.exe
  2⤵
  PID:6420
- C:\Windows\System\xpNFQKm.exe
  C:\Windows\System\xpNFQKm.exe
  2⤵
  PID:6568
- C:\Windows\System\fJdhUNo.exe
  C:\Windows\System\fJdhUNo.exe
  2⤵
  PID:5396
- C:\Windows\System\GwyDqYZ.exe
  C:\Windows\System\GwyDqYZ.exe
  2⤵
  PID:5640
- C:\Windows\System\iwPvpdk.exe
  C:\Windows\System\iwPvpdk.exe
  2⤵
  PID:5312
- C:\Windows\System\JAveIzJ.exe
  C:\Windows\System\JAveIzJ.exe
  2⤵
  PID:7016
- C:\Windows\System\MjzdIzN.exe
  C:\Windows\System\MjzdIzN.exe
  2⤵
  PID:7100
- C:\Windows\System\auyxobZ.exe
  C:\Windows\System\auyxobZ.exe
  2⤵
  PID:6168
- C:\Windows\System\sggXyhp.exe
  C:\Windows\System\sggXyhp.exe
  2⤵
  PID:6564
- C:\Windows\System\aNoxeCQ.exe
  C:\Windows\System\aNoxeCQ.exe
  2⤵
  PID:6804
- C:\Windows\System\flHlQtB.exe
  C:\Windows\System\flHlQtB.exe
  2⤵
  PID:7032
- C:\Windows\System\ouyfPiO.exe
  C:\Windows\System\ouyfPiO.exe
  2⤵
  PID:6540
- C:\Windows\System\fzOFUBA.exe
  C:\Windows\System\fzOFUBA.exe
  2⤵
  PID:5392
- C:\Windows\System\oBsMiYh.exe
  C:\Windows\System\oBsMiYh.exe
  2⤵
  PID:7172
- C:\Windows\System\zqBTRCG.exe
  C:\Windows\System\zqBTRCG.exe
  2⤵
  PID:7200
- C:\Windows\System\itSGZdK.exe
  C:\Windows\System\itSGZdK.exe
  2⤵
  PID:7228
- C:\Windows\System\HPPZbGs.exe
  C:\Windows\System\HPPZbGs.exe
  2⤵
  PID:7256
- C:\Windows\System\uMuVzRU.exe
  C:\Windows\System\uMuVzRU.exe
  2⤵
  PID:7284
- C:\Windows\System\jqDwWZf.exe
  C:\Windows\System\jqDwWZf.exe
  2⤵
  PID:7312
- C:\Windows\System\BEOmcBE.exe
  C:\Windows\System\BEOmcBE.exe
  2⤵
  PID:7340
- C:\Windows\System\xjLivHV.exe
  C:\Windows\System\xjLivHV.exe
  2⤵
  PID:7368
- C:\Windows\System\zhxWkkg.exe
  C:\Windows\System\zhxWkkg.exe
  2⤵
  PID:7396
- C:\Windows\System\bUyJvpG.exe
  C:\Windows\System\bUyJvpG.exe
  2⤵
  PID:7424
- C:\Windows\System\zzKjxeL.exe
  C:\Windows\System\zzKjxeL.exe
  2⤵
  PID:7452
- C:\Windows\System\Woryqej.exe
  C:\Windows\System\Woryqej.exe
  2⤵
  PID:7480
- C:\Windows\System\yDlYNGN.exe
  C:\Windows\System\yDlYNGN.exe
  2⤵
  PID:7508
- C:\Windows\System\wRfZkNE.exe
  C:\Windows\System\wRfZkNE.exe
  2⤵
  PID:7536
- C:\Windows\System\uPQJyIV.exe
  C:\Windows\System\uPQJyIV.exe
  2⤵
  PID:7564
- C:\Windows\System\BscLXMT.exe
  C:\Windows\System\BscLXMT.exe
  2⤵
  PID:7584
- C:\Windows\System\iborVAx.exe
  C:\Windows\System\iborVAx.exe
  2⤵
  PID:7620
- C:\Windows\System\WTuFjOn.exe
  C:\Windows\System\WTuFjOn.exe
  2⤵
  PID:7648
- C:\Windows\System\skGExKl.exe
  C:\Windows\System\skGExKl.exe
  2⤵
  PID:7676
- C:\Windows\System\vhkFnbq.exe
  C:\Windows\System\vhkFnbq.exe
  2⤵
  PID:7712
- C:\Windows\System\jENRJLI.exe
  C:\Windows\System\jENRJLI.exe
  2⤵
  PID:7740
- C:\Windows\System\HJRzdWN.exe
  C:\Windows\System\HJRzdWN.exe
  2⤵
  PID:7768
- C:\Windows\System\RRSJNjB.exe
  C:\Windows\System\RRSJNjB.exe
  2⤵
  PID:7796
- C:\Windows\System\TBPaPEw.exe
  C:\Windows\System\TBPaPEw.exe
  2⤵
  PID:7824
- C:\Windows\System\FBSTLuq.exe
  C:\Windows\System\FBSTLuq.exe
  2⤵
  PID:7852
- C:\Windows\System\qEvWBtA.exe
  C:\Windows\System\qEvWBtA.exe
  2⤵
  PID:7880
- C:\Windows\System\EDMdmiH.exe
  C:\Windows\System\EDMdmiH.exe
  2⤵
  PID:7912
- C:\Windows\System\sqiQIif.exe
  C:\Windows\System\sqiQIif.exe
  2⤵
  PID:7940
- C:\Windows\System\SIenQbV.exe
  C:\Windows\System\SIenQbV.exe
  2⤵
  PID:7968
- C:\Windows\System\qhGDFzI.exe
  C:\Windows\System\qhGDFzI.exe
  2⤵
  PID:7992
- C:\Windows\System\DDjfHvc.exe
  C:\Windows\System\DDjfHvc.exe
  2⤵
  PID:8024
- C:\Windows\System\ImzOUUg.exe
  C:\Windows\System\ImzOUUg.exe
  2⤵
  PID:8052
- C:\Windows\System\XMtnVUP.exe
  C:\Windows\System\XMtnVUP.exe
  2⤵
  PID:8084
- C:\Windows\System\eMbmLBX.exe
  C:\Windows\System\eMbmLBX.exe
  2⤵
  PID:8108
- C:\Windows\System\RXmQLDp.exe
  C:\Windows\System\RXmQLDp.exe
  2⤵
  PID:8124
- C:\Windows\System\bEWAxup.exe
  C:\Windows\System\bEWAxup.exe
  2⤵
  PID:8140
- C:\Windows\System\vaxtjQP.exe
  C:\Windows\System\vaxtjQP.exe
  2⤵
  PID:8156
- C:\Windows\System\BKHJKJO.exe
  C:\Windows\System\BKHJKJO.exe
  2⤵
  PID:8176
- C:\Windows\System\sQqoopC.exe
  C:\Windows\System\sQqoopC.exe
  2⤵
  PID:7192
- C:\Windows\System\tgHNEhg.exe
  C:\Windows\System\tgHNEhg.exe
  2⤵
  PID:7280
- C:\Windows\System\FzhcOTC.exe
  C:\Windows\System\FzhcOTC.exe
  2⤵
  PID:7380
- C:\Windows\System\Zxunkbq.exe
  C:\Windows\System\Zxunkbq.exe
  2⤵
  PID:2860
- C:\Windows\System\OULyoMK.exe
  C:\Windows\System\OULyoMK.exe
  2⤵
  PID:7444
- C:\Windows\System\MpyoZGl.exe
  C:\Windows\System\MpyoZGl.exe
  2⤵
  PID:6908
- C:\Windows\System\EoNYSLf.exe
  C:\Windows\System\EoNYSLf.exe
  2⤵
  PID:7604
- C:\Windows\System\RCajUEx.exe
  C:\Windows\System\RCajUEx.exe
  2⤵
  PID:7696
- C:\Windows\System\PrQotBs.exe
  C:\Windows\System\PrQotBs.exe
  2⤵
  PID:7764
- C:\Windows\System\HHoDcqr.exe
  C:\Windows\System\HHoDcqr.exe
  2⤵
  PID:7844
- C:\Windows\System\lzTOTom.exe
  C:\Windows\System\lzTOTom.exe
  2⤵
  PID:7904
- C:\Windows\System\bYBBCnY.exe
  C:\Windows\System\bYBBCnY.exe
  2⤵
  PID:7952
- C:\Windows\System\cJtEQCO.exe
  C:\Windows\System\cJtEQCO.exe
  2⤵
  PID:8012
- C:\Windows\System\FEcyfdS.exe
  C:\Windows\System\FEcyfdS.exe
  2⤵
  PID:8092
- C:\Windows\System\bQyojkG.exe
  C:\Windows\System\bQyojkG.exe
  2⤵
  PID:8100
- C:\Windows\System\PQNCrhd.exe
  C:\Windows\System\PQNCrhd.exe
  2⤵
  PID:7304
- C:\Windows\System\RUTEvKT.exe
  C:\Windows\System\RUTEvKT.exe
  2⤵
  PID:7416
- C:\Windows\System\TjxFNRp.exe
  C:\Windows\System\TjxFNRp.exe
  2⤵
  PID:7492
- C:\Windows\System\DjFUjpt.exe
  C:\Windows\System\DjFUjpt.exe
  2⤵
  PID:7644
- C:\Windows\System\LdaYJZR.exe
  C:\Windows\System\LdaYJZR.exe
  2⤵
  PID:7892
- C:\Windows\System\gRdBLpN.exe
  C:\Windows\System\gRdBLpN.exe
  2⤵
  PID:7976
- C:\Windows\System\gkfvaKu.exe
  C:\Windows\System\gkfvaKu.exe
  2⤵
  PID:5752
- C:\Windows\System\JckziHO.exe
  C:\Windows\System\JckziHO.exe
  2⤵
  PID:7436
- C:\Windows\System\ImHEbyl.exe
  C:\Windows\System\ImHEbyl.exe
  2⤵
  PID:7808
- C:\Windows\System\UfGrazp.exe
  C:\Windows\System\UfGrazp.exe
  2⤵
  PID:8132
- C:\Windows\System\MDDGEGu.exe
  C:\Windows\System\MDDGEGu.exe
  2⤵
  PID:7876
- C:\Windows\System\dBBtSvL.exe
  C:\Windows\System\dBBtSvL.exe
  2⤵
  PID:7760
- C:\Windows\System\LFLNzMX.exe
  C:\Windows\System\LFLNzMX.exe
  2⤵
  PID:8220
- C:\Windows\System\tJGAWXc.exe
  C:\Windows\System\tJGAWXc.exe
  2⤵
  PID:8248
- C:\Windows\System\ATZpUXm.exe
  C:\Windows\System\ATZpUXm.exe
  2⤵
  PID:8276
- C:\Windows\System\PDCmSJc.exe
  C:\Windows\System\PDCmSJc.exe
  2⤵
  PID:8304
- C:\Windows\System\yzNlpZD.exe
  C:\Windows\System\yzNlpZD.exe
  2⤵
  PID:8336
- C:\Windows\System\LUWYJME.exe
  C:\Windows\System\LUWYJME.exe
  2⤵
  PID:8364
- C:\Windows\System\WEAwWUy.exe
  C:\Windows\System\WEAwWUy.exe
  2⤵
  PID:8384
- C:\Windows\System\wdFzapS.exe
  C:\Windows\System\wdFzapS.exe
  2⤵
  PID:8420
- C:\Windows\System\Egywyov.exe
  C:\Windows\System\Egywyov.exe
  2⤵
  PID:8448
- C:\Windows\System\upADVBK.exe
  C:\Windows\System\upADVBK.exe
  2⤵
  PID:8476
- C:\Windows\System\nJLGjvN.exe
  C:\Windows\System\nJLGjvN.exe
  2⤵
  PID:8504
- C:\Windows\System\AWTUUqG.exe
  C:\Windows\System\AWTUUqG.exe
  2⤵
  PID:8532
- C:\Windows\System\DnNXvRG.exe
  C:\Windows\System\DnNXvRG.exe
  2⤵
  PID:8560
- C:\Windows\System\iQbrlgs.exe
  C:\Windows\System\iQbrlgs.exe
  2⤵
  PID:8588
- C:\Windows\System\uTwFPDl.exe
  C:\Windows\System\uTwFPDl.exe
  2⤵
  PID:8616
- C:\Windows\System\ELSSvOQ.exe
  C:\Windows\System\ELSSvOQ.exe
  2⤵
  PID:8644
- C:\Windows\System\jeMfuTs.exe
  C:\Windows\System\jeMfuTs.exe
  2⤵
  PID:8672
- C:\Windows\System\IjOELTA.exe
  C:\Windows\System\IjOELTA.exe
  2⤵
  PID:8700
- C:\Windows\System\CDvdWla.exe
  C:\Windows\System\CDvdWla.exe
  2⤵
  PID:8728
- C:\Windows\System\XqmfSge.exe
  C:\Windows\System\XqmfSge.exe
  2⤵
  PID:8760
- C:\Windows\System\UaQmpVp.exe
  C:\Windows\System\UaQmpVp.exe
  2⤵
  PID:8784
- C:\Windows\System\rWOfTOH.exe
  C:\Windows\System\rWOfTOH.exe
  2⤵
  PID:8812
- C:\Windows\System\eZIeRSB.exe
  C:\Windows\System\eZIeRSB.exe
  2⤵
  PID:8840
- C:\Windows\System\ZfWafkE.exe
  C:\Windows\System\ZfWafkE.exe
  2⤵
  PID:8872
- C:\Windows\System\vBjoQWR.exe
  C:\Windows\System\vBjoQWR.exe
  2⤵
  PID:8900
- C:\Windows\System\cFsFJNh.exe
  C:\Windows\System\cFsFJNh.exe
  2⤵
  PID:8916
- C:\Windows\System\wGYaElc.exe
  C:\Windows\System\wGYaElc.exe
  2⤵
  PID:8956
- C:\Windows\System\sloCYqv.exe
  C:\Windows\System\sloCYqv.exe
  2⤵
  PID:8972
- C:\Windows\System\BhrWZdV.exe
  C:\Windows\System\BhrWZdV.exe
  2⤵
  PID:9020
- C:\Windows\System\MasKcEt.exe
  C:\Windows\System\MasKcEt.exe
  2⤵
  PID:9036
- C:\Windows\System\cmVGzZI.exe
  C:\Windows\System\cmVGzZI.exe
  2⤵
  PID:9076
- C:\Windows\System\iqSyihF.exe
  C:\Windows\System\iqSyihF.exe
  2⤵
  PID:9104
- C:\Windows\System\irrZSkw.exe
  C:\Windows\System\irrZSkw.exe
  2⤵
  PID:9132
- C:\Windows\System\VpxAilc.exe
  C:\Windows\System\VpxAilc.exe
  2⤵
  PID:9160
- C:\Windows\System\OuhDQDQ.exe
  C:\Windows\System\OuhDQDQ.exe
  2⤵
  PID:9188
- C:\Windows\System\GkxVgwI.exe
  C:\Windows\System\GkxVgwI.exe
  2⤵
  PID:9208
- C:\Windows\System\eJsAuYq.exe
  C:\Windows\System\eJsAuYq.exe
  2⤵
  PID:8268
- C:\Windows\System\ecwHWiq.exe
  C:\Windows\System\ecwHWiq.exe
  2⤵
  PID:8328
- C:\Windows\System\fubRhgY.exe
  C:\Windows\System\fubRhgY.exe
  2⤵
  PID:8392
- C:\Windows\System\kXaVspX.exe
  C:\Windows\System\kXaVspX.exe
  2⤵
  PID:8460
- C:\Windows\System\cwShulR.exe
  C:\Windows\System\cwShulR.exe
  2⤵
  PID:8516
- C:\Windows\System\vZfzkAw.exe
  C:\Windows\System\vZfzkAw.exe
  2⤵
  PID:7928
- C:\Windows\System\QDoZrlW.exe
  C:\Windows\System\QDoZrlW.exe
  2⤵
  PID:8640
- C:\Windows\System\RLBNGEC.exe
  C:\Windows\System\RLBNGEC.exe
  2⤵
  PID:8684
- C:\Windows\System\TfxBPQU.exe
  C:\Windows\System\TfxBPQU.exe
  2⤵
  PID:8776
- C:\Windows\System\trbCHsI.exe
  C:\Windows\System\trbCHsI.exe
  2⤵
  PID:8836
- C:\Windows\System\bCGBYVc.exe
  C:\Windows\System\bCGBYVc.exe
  2⤵
  PID:8908
- C:\Windows\System\oRIbKoB.exe
  C:\Windows\System\oRIbKoB.exe
  2⤵
  PID:8936
- C:\Windows\System\cJxsOWZ.exe
  C:\Windows\System\cJxsOWZ.exe
  2⤵
  PID:9048
- C:\Windows\System\WqgOVuG.exe
  C:\Windows\System\WqgOVuG.exe
  2⤵
  PID:9096
- C:\Windows\System\ChUKxic.exe
  C:\Windows\System\ChUKxic.exe
  2⤵
  PID:9180
- C:\Windows\System\URDBWpO.exe
  C:\Windows\System\URDBWpO.exe
  2⤵
  PID:8260
- C:\Windows\System\lrrbVKq.exe
  C:\Windows\System\lrrbVKq.exe
  2⤵
  PID:8444
- C:\Windows\System\nJxehCc.exe
  C:\Windows\System\nJxehCc.exe
  2⤵
  PID:8556
- C:\Windows\System\vtlzgCb.exe
  C:\Windows\System\vtlzgCb.exe
  2⤵
  PID:8752
- C:\Windows\System\bJJbeci.exe
  C:\Windows\System\bJJbeci.exe
  2⤵
  PID:8896
- C:\Windows\System\KAtlXaz.exe
  C:\Windows\System\KAtlXaz.exe
  2⤵
  PID:9092
- C:\Windows\System\geOFmtx.exe
  C:\Windows\System\geOFmtx.exe
  2⤵
  PID:9196
- C:\Windows\System\YUTCjnm.exe
  C:\Windows\System\YUTCjnm.exe
  2⤵
  PID:8660
- C:\Windows\System\cRIjLYf.exe
  C:\Windows\System\cRIjLYf.exe
  2⤵
  PID:8888
- C:\Windows\System\ydiQWsZ.exe
  C:\Windows\System\ydiQWsZ.exe
  2⤵
  PID:8612
- C:\Windows\System\Xtfumrv.exe
  C:\Windows\System\Xtfumrv.exe
  2⤵
  PID:8376
- C:\Windows\System\XqOvvVu.exe
  C:\Windows\System\XqOvvVu.exe
  2⤵
  PID:9244
- C:\Windows\System\YVNeEjZ.exe
  C:\Windows\System\YVNeEjZ.exe
  2⤵
  PID:9272
- C:\Windows\System\XEpKvcf.exe
  C:\Windows\System\XEpKvcf.exe
  2⤵
  PID:9308
- C:\Windows\System\pbAiGrs.exe
  C:\Windows\System\pbAiGrs.exe
  2⤵
  PID:9336
- C:\Windows\System\ZLgwGPT.exe
  C:\Windows\System\ZLgwGPT.exe
  2⤵
  PID:9376
- C:\Windows\System\dgSuORz.exe
  C:\Windows\System\dgSuORz.exe
  2⤵
  PID:9392
- C:\Windows\System\jHxefjP.exe
  C:\Windows\System\jHxefjP.exe
  2⤵
  PID:9416
- C:\Windows\System\wkWkzaA.exe
  C:\Windows\System\wkWkzaA.exe
  2⤵
  PID:9444
- C:\Windows\System\hLjyWtD.exe
  C:\Windows\System\hLjyWtD.exe
  2⤵
  PID:9492
- C:\Windows\System\xsDBQnJ.exe
  C:\Windows\System\xsDBQnJ.exe
  2⤵
  PID:9528
- C:\Windows\System\liTKnWw.exe
  C:\Windows\System\liTKnWw.exe
  2⤵
  PID:9556
- C:\Windows\System\atVUBmj.exe
  C:\Windows\System\atVUBmj.exe
  2⤵
  PID:9572
- C:\Windows\System\MbfxFYV.exe
  C:\Windows\System\MbfxFYV.exe
  2⤵
  PID:9612
- C:\Windows\System\tWtKZEp.exe
  C:\Windows\System\tWtKZEp.exe
  2⤵
  PID:9640
- C:\Windows\System\ULZhNCA.exe
  C:\Windows\System\ULZhNCA.exe
  2⤵
  PID:9668
- C:\Windows\System\lvfciTp.exe
  C:\Windows\System\lvfciTp.exe
  2⤵
  PID:9688
- C:\Windows\System\ZFzrXuZ.exe
  C:\Windows\System\ZFzrXuZ.exe
  2⤵
  PID:9724
- C:\Windows\System\dOmZTMr.exe
  C:\Windows\System\dOmZTMr.exe
  2⤵
  PID:9752
- C:\Windows\System\Anuovgd.exe
  C:\Windows\System\Anuovgd.exe
  2⤵
  PID:9780
- C:\Windows\System\SSZolRt.exe
  C:\Windows\System\SSZolRt.exe
  2⤵
  PID:9808
- C:\Windows\System\JOPAXeA.exe
  C:\Windows\System\JOPAXeA.exe
  2⤵
  PID:9828
- C:\Windows\System\qxUTMFH.exe
  C:\Windows\System\qxUTMFH.exe
  2⤵
  PID:9860
- C:\Windows\System\aKhZlJT.exe
  C:\Windows\System\aKhZlJT.exe
  2⤵
  PID:9880
- C:\Windows\System\toeWOAe.exe
  C:\Windows\System\toeWOAe.exe
  2⤵
  PID:9908
- C:\Windows\System\KRIeiKb.exe
  C:\Windows\System\KRIeiKb.exe
  2⤵
  PID:9952
- C:\Windows\System\sNIsqcc.exe
  C:\Windows\System\sNIsqcc.exe
  2⤵
  PID:9980
- C:\Windows\System\wDSYxTN.exe
  C:\Windows\System\wDSYxTN.exe
  2⤵
  PID:10008
- C:\Windows\System\TirZcJE.exe
  C:\Windows\System\TirZcJE.exe
  2⤵
  PID:10040
- C:\Windows\System\vfSiSUP.exe
  C:\Windows\System\vfSiSUP.exe
  2⤵
  PID:10068
- C:\Windows\System\beeLSca.exe
  C:\Windows\System\beeLSca.exe
  2⤵
  PID:10096
- C:\Windows\System\HUTOMXf.exe
  C:\Windows\System\HUTOMXf.exe
  2⤵
  PID:10124
- C:\Windows\System\GbBLroA.exe
  C:\Windows\System\GbBLroA.exe
  2⤵
  PID:10140
- C:\Windows\System\CciTaUC.exe
  C:\Windows\System\CciTaUC.exe
  2⤵
  PID:10168
- C:\Windows\System\lcZmWoT.exe
  C:\Windows\System\lcZmWoT.exe
  2⤵
  PID:10200
- C:\Windows\System\isQbuen.exe
  C:\Windows\System\isQbuen.exe
  2⤵
  PID:10236
- C:\Windows\System\mNitYbP.exe
  C:\Windows\System\mNitYbP.exe
  2⤵
  PID:9264
- C:\Windows\System\liEEejO.exe
  C:\Windows\System\liEEejO.exe
  2⤵
  PID:9332
- C:\Windows\System\qDGwbcl.exe
  C:\Windows\System\qDGwbcl.exe
  2⤵
  PID:9360
- C:\Windows\System\wSILKdj.exe
  C:\Windows\System\wSILKdj.exe
  2⤵
  PID:9472
- C:\Windows\System\TlbUsCB.exe
  C:\Windows\System\TlbUsCB.exe
  2⤵
  PID:9544
- C:\Windows\System\LPeJDgK.exe
  C:\Windows\System\LPeJDgK.exe
  2⤵
  PID:8852
- C:\Windows\System\hxqjiIh.exe
  C:\Windows\System\hxqjiIh.exe
  2⤵
  PID:9660
- C:\Windows\System\eFnadeD.exe
  C:\Windows\System\eFnadeD.exe
  2⤵
  PID:9740
- C:\Windows\System\GpNkAmv.exe
  C:\Windows\System\GpNkAmv.exe
  2⤵
  PID:9800
- C:\Windows\System\phvlOrC.exe
  C:\Windows\System\phvlOrC.exe
  2⤵
  PID:9868
- C:\Windows\System\vYaAbwh.exe
  C:\Windows\System\vYaAbwh.exe
  2⤵
  PID:9948
- C:\Windows\System\nfmUpGB.exe
  C:\Windows\System\nfmUpGB.exe
  2⤵
  PID:9992
- C:\Windows\System\ekEumDj.exe
  C:\Windows\System\ekEumDj.exe
  2⤵
  PID:10036
- C:\Windows\System\dkCXYtC.exe
  C:\Windows\System\dkCXYtC.exe
  2⤵
  PID:10108
- C:\Windows\System\aeEdxZd.exe
  C:\Windows\System\aeEdxZd.exe
  2⤵
  PID:10208
- C:\Windows\System\AWWGQQE.exe
  C:\Windows\System\AWWGQQE.exe
  2⤵
  PID:9260
- C:\Windows\System\ESXNVjC.exe
  C:\Windows\System\ESXNVjC.exe
  2⤵
  PID:9404
- C:\Windows\System\XTBQFHX.exe
  C:\Windows\System\XTBQFHX.exe
  2⤵
  PID:9564
- C:\Windows\System\ZGRMItI.exe
  C:\Windows\System\ZGRMItI.exe
  2⤵
  PID:9712
- C:\Windows\System\owQACRw.exe
  C:\Windows\System\owQACRw.exe
  2⤵
  PID:9836
- C:\Windows\System\dEAfOuj.exe
  C:\Windows\System\dEAfOuj.exe
  2⤵
  PID:9900
- C:\Windows\System\bdMtHlO.exe
  C:\Windows\System\bdMtHlO.exe
  2⤵
  PID:10136
- C:\Windows\System\ciNxtwo.exe
  C:\Windows\System\ciNxtwo.exe
  2⤵
  PID:9512
- C:\Windows\System\oNhJXGB.exe
  C:\Windows\System\oNhJXGB.exe
  2⤵
  PID:9796
- C:\Windows\System\JvqpRBa.exe
  C:\Windows\System\JvqpRBa.exe
  2⤵
  PID:10084
- C:\Windows\System\HeQjRTM.exe
  C:\Windows\System\HeQjRTM.exe
  2⤵
  PID:10244
- C:\Windows\System\mnceKgW.exe
  C:\Windows\System\mnceKgW.exe
  2⤵
  PID:10264
- C:\Windows\System\LgjTBjF.exe
  C:\Windows\System\LgjTBjF.exe
  2⤵
  PID:10300
- C:\Windows\System\vsBiTuj.exe
  C:\Windows\System\vsBiTuj.exe
  2⤵
  PID:10328
- C:\Windows\System\HFoIiQR.exe
  C:\Windows\System\HFoIiQR.exe
  2⤵
  PID:10360
- C:\Windows\System\xDjgPos.exe
  C:\Windows\System\xDjgPos.exe
  2⤵
  PID:10412
- C:\Windows\System\DRAxcgJ.exe
  C:\Windows\System\DRAxcgJ.exe
  2⤵
  PID:10440
- C:\Windows\System\TRUwSMT.exe
  C:\Windows\System\TRUwSMT.exe
  2⤵
  PID:10456
- C:\Windows\System\OxkAGzu.exe
  C:\Windows\System\OxkAGzu.exe
  2⤵
  PID:10496
- C:\Windows\System\FaHXUsp.exe
  C:\Windows\System\FaHXUsp.exe
  2⤵
  PID:10540
- C:\Windows\System\yvBroio.exe
  C:\Windows\System\yvBroio.exe
  2⤵
  PID:10560
- C:\Windows\System\NePWLsh.exe
  C:\Windows\System\NePWLsh.exe
  2⤵
  PID:10600
- C:\Windows\System\luwUJks.exe
  C:\Windows\System\luwUJks.exe
  2⤵
  PID:10628
- C:\Windows\System\BSUCenJ.exe
  C:\Windows\System\BSUCenJ.exe
  2⤵
  PID:10664
- C:\Windows\System\dBUOtjG.exe
  C:\Windows\System\dBUOtjG.exe
  2⤵
  PID:10700
- C:\Windows\System\bNtBRoQ.exe
  C:\Windows\System\bNtBRoQ.exe
  2⤵
  PID:10728
- C:\Windows\System\gFYFtnQ.exe
  C:\Windows\System\gFYFtnQ.exe
  2⤵
  PID:10744
- C:\Windows\System\awESoqH.exe
  C:\Windows\System\awESoqH.exe
  2⤵
  PID:10776
- C:\Windows\System\nzYwLEL.exe
  C:\Windows\System\nzYwLEL.exe
  2⤵
  PID:10812
- C:\Windows\System\AeoXsaZ.exe
  C:\Windows\System\AeoXsaZ.exe
  2⤵
  PID:10848
- C:\Windows\System\WeVJnnF.exe
  C:\Windows\System\WeVJnnF.exe
  2⤵
  PID:10888
- C:\Windows\System\zpdJMnD.exe
  C:\Windows\System\zpdJMnD.exe
  2⤵
  PID:10912
- C:\Windows\System\QqFiWLI.exe
  C:\Windows\System\QqFiWLI.exe
  2⤵
  PID:10932
- C:\Windows\System\ZreIXYu.exe
  C:\Windows\System\ZreIXYu.exe
  2⤵
  PID:10956
- C:\Windows\System\suctmKB.exe
  C:\Windows\System\suctmKB.exe
  2⤵
  PID:11004
- C:\Windows\System\tJuNthW.exe
  C:\Windows\System\tJuNthW.exe
  2⤵
  PID:11044
- C:\Windows\System\TpysxuV.exe
  C:\Windows\System\TpysxuV.exe
  2⤵
  PID:11080
- C:\Windows\System\LHfYfRl.exe
  C:\Windows\System\LHfYfRl.exe
  2⤵
  PID:11096
- C:\Windows\System\bDGKPHy.exe
  C:\Windows\System\bDGKPHy.exe
  2⤵
  PID:11136
- C:\Windows\System\ohwvAdw.exe
  C:\Windows\System\ohwvAdw.exe
  2⤵
  PID:11172
- C:\Windows\System\QezSkyT.exe
  C:\Windows\System\QezSkyT.exe
  2⤵
  PID:11204
- C:\Windows\System\nKwxOmL.exe
  C:\Windows\System\nKwxOmL.exe
  2⤵
  PID:11236
- C:\Windows\System\ulVMtVA.exe
  C:\Windows\System\ulVMtVA.exe
  2⤵
  PID:10252
- C:\Windows\System\htdHOSJ.exe
  C:\Windows\System\htdHOSJ.exe
  2⤵
  PID:10320
- C:\Windows\System\GKqlGGq.exe
  C:\Windows\System\GKqlGGq.exe
  2⤵
  PID:10404
- C:\Windows\System\bEOGLDN.exe
  C:\Windows\System\bEOGLDN.exe
  2⤵
  PID:10484
- C:\Windows\System\pqBglcQ.exe
  C:\Windows\System\pqBglcQ.exe
  2⤵
  PID:10588
- C:\Windows\System\zYzVCkr.exe
  C:\Windows\System\zYzVCkr.exe
  2⤵
  PID:10688
- C:\Windows\System\VtlLMnQ.exe
  C:\Windows\System\VtlLMnQ.exe
  2⤵
  PID:10724
- C:\Windows\System\VVONFSH.exe
  C:\Windows\System\VVONFSH.exe
  2⤵
  PID:9928
- C:\Windows\System\nWcgVGr.exe
  C:\Windows\System\nWcgVGr.exe
  2⤵
  PID:10864
- C:\Windows\System\MoDEAGI.exe
  C:\Windows\System\MoDEAGI.exe
  2⤵
  PID:10948
- C:\Windows\System\bbDatiU.exe
  C:\Windows\System\bbDatiU.exe
  2⤵
  PID:11000
- C:\Windows\System\HYGXBNm.exe
  C:\Windows\System\HYGXBNm.exe
  2⤵
  PID:11072
- C:\Windows\System\MfrFbxb.exe
  C:\Windows\System\MfrFbxb.exe
  2⤵
  PID:11160
- C:\Windows\System\nGUEIob.exe
  C:\Windows\System\nGUEIob.exe
  2⤵
  PID:11252
- C:\Windows\System\QGpxqDz.exe
  C:\Windows\System\QGpxqDz.exe
  2⤵
  PID:10516
- C:\Windows\System\mMihssq.exe
  C:\Windows\System\mMihssq.exe
  2⤵
  PID:10644
- C:\Windows\System\dwGOHcQ.exe
  C:\Windows\System\dwGOHcQ.exe
  2⤵
  PID:10836
- C:\Windows\System\jWjJSnG.exe
  C:\Windows\System\jWjJSnG.exe
  2⤵
  PID:10924
- C:\Windows\System\dKHuWBW.exe
  C:\Windows\System\dKHuWBW.exe
  2⤵
  PID:11192
- C:\Windows\System\HNwfnMQ.exe
  C:\Windows\System\HNwfnMQ.exe
  2⤵
  PID:10532
- C:\Windows\System\UkdtkKY.exe
  C:\Windows\System\UkdtkKY.exe
  2⤵
  PID:11052
- C:\Windows\System\YGGiDzC.exe
  C:\Windows\System\YGGiDzC.exe
  2⤵
  PID:10452
- C:\Windows\System\JVTVopT.exe
  C:\Windows\System\JVTVopT.exe
  2⤵
  PID:11284
- C:\Windows\System\pZPbIMX.exe
  C:\Windows\System\pZPbIMX.exe
  2⤵
  PID:11332
- C:\Windows\System\TlCsOPq.exe
  C:\Windows\System\TlCsOPq.exe
  2⤵
  PID:11356
- C:\Windows\System\xdjNfMd.exe
  C:\Windows\System\xdjNfMd.exe
  2⤵
  PID:11388
- C:\Windows\System\plnREdu.exe
  C:\Windows\System\plnREdu.exe
  2⤵
  PID:11416
- C:\Windows\System\TcbWQNN.exe
  C:\Windows\System\TcbWQNN.exe
  2⤵
  PID:11432
- C:\Windows\System\WRmzmER.exe
  C:\Windows\System\WRmzmER.exe
  2⤵
  PID:11460
- C:\Windows\System\rKbwjqL.exe
  C:\Windows\System\rKbwjqL.exe
  2⤵
  PID:11480
- C:\Windows\System\qqWiwRt.exe
  C:\Windows\System\qqWiwRt.exe
  2⤵
  PID:11536
- C:\Windows\System\MbZFDXz.exe
  C:\Windows\System\MbZFDXz.exe
  2⤵
  PID:11564
- C:\Windows\System\SsiWxaJ.exe
  C:\Windows\System\SsiWxaJ.exe
  2⤵
  PID:11588
- C:\Windows\System\ciGrmeY.exe
  C:\Windows\System\ciGrmeY.exe
  2⤵
  PID:11620
- C:\Windows\System\dGjLcvr.exe
  C:\Windows\System\dGjLcvr.exe
  2⤵
  PID:11636
- C:\Windows\System\hsvwXhO.exe
  C:\Windows\System\hsvwXhO.exe
  2⤵
  PID:11664
- C:\Windows\System\xGhFgQe.exe
  C:\Windows\System\xGhFgQe.exe
  2⤵
  PID:11704
- C:\Windows\System\XhEtBeg.exe
  C:\Windows\System\XhEtBeg.exe
  2⤵
  PID:11736
- C:\Windows\System\mXXarjC.exe
  C:\Windows\System\mXXarjC.exe
  2⤵
  PID:11764
- C:\Windows\System\nqYHeWo.exe
  C:\Windows\System\nqYHeWo.exe
  2⤵
  PID:11792
- C:\Windows\System\qQcjEZg.exe
  C:\Windows\System\qQcjEZg.exe
  2⤵
  PID:11820
- C:\Windows\System\StpTvuu.exe
  C:\Windows\System\StpTvuu.exe
  2⤵
  PID:11848
- C:\Windows\System\mtvdFee.exe
  C:\Windows\System\mtvdFee.exe
  2⤵
  PID:11876
- C:\Windows\System\OtErctm.exe
  C:\Windows\System\OtErctm.exe
  2⤵
  PID:11904
- C:\Windows\System\vsVTzbP.exe
  C:\Windows\System\vsVTzbP.exe
  2⤵
  PID:11932
- C:\Windows\System\mvMYfUG.exe
  C:\Windows\System\mvMYfUG.exe
  2⤵
  PID:11960
- C:\Windows\System\xQaPtzM.exe
  C:\Windows\System\xQaPtzM.exe
  2⤵
  PID:11988
- C:\Windows\System\bbwWUXq.exe
  C:\Windows\System\bbwWUXq.exe
  2⤵
  PID:12016
- C:\Windows\System\ApmwrOS.exe
  C:\Windows\System\ApmwrOS.exe
  2⤵
  PID:12044
- C:\Windows\System\PerILaH.exe
  C:\Windows\System\PerILaH.exe
  2⤵
  PID:12064
- C:\Windows\System\vNavwIq.exe
  C:\Windows\System\vNavwIq.exe
  2⤵
  PID:12100
- C:\Windows\System\nGpkrrT.exe
  C:\Windows\System\nGpkrrT.exe
  2⤵
  PID:12120
- C:\Windows\System\gaGzKYN.exe
  C:\Windows\System\gaGzKYN.exe
  2⤵
  PID:12156
- C:\Windows\System\yencskk.exe
  C:\Windows\System\yencskk.exe
  2⤵
  PID:12184
- C:\Windows\System\JNxyGKZ.exe
  C:\Windows\System\JNxyGKZ.exe
  2⤵
  PID:12212
- C:\Windows\System\PAKBMsb.exe
  C:\Windows\System\PAKBMsb.exe
  2⤵
  PID:12228
- C:\Windows\System\iEawGZF.exe
  C:\Windows\System\iEawGZF.exe
  2⤵
  PID:12268
- C:\Windows\System\jSxJHPg.exe
  C:\Windows\System\jSxJHPg.exe
  2⤵
  PID:11300
- C:\Windows\System\cvsMIBA.exe
  C:\Windows\System\cvsMIBA.exe
  2⤵
  PID:11316
- C:\Windows\System\YvBMOqe.exe
  C:\Windows\System\YvBMOqe.exe
  2⤵
  PID:11372
- C:\Windows\System\nMzzUty.exe
  C:\Windows\System\nMzzUty.exe
  2⤵
  PID:11448
- C:\Windows\System\BpgqCno.exe
  C:\Windows\System\BpgqCno.exe
  2⤵
  PID:11504
- C:\Windows\System\kmMHQZU.exe
  C:\Windows\System\kmMHQZU.exe
  2⤵
  PID:11572
- C:\Windows\System\JudRUUn.exe
  C:\Windows\System\JudRUUn.exe
  2⤵
  PID:11652
- C:\Windows\System\RItkipF.exe
  C:\Windows\System\RItkipF.exe
  2⤵
  PID:11724
- C:\Windows\System\ekxxnma.exe
  C:\Windows\System\ekxxnma.exe
  2⤵
  PID:11832
- C:\Windows\System\TTrJJfO.exe
  C:\Windows\System\TTrJJfO.exe
  2⤵
  PID:11896
- C:\Windows\System\nnFsBxp.exe
  C:\Windows\System\nnFsBxp.exe
  2⤵
  PID:11928
- C:\Windows\System\KIwdvlr.exe
  C:\Windows\System\KIwdvlr.exe
  2⤵
  PID:12040
- C:\Windows\System\ubPgqZD.exe
  C:\Windows\System\ubPgqZD.exe
  2⤵
  PID:12092
- C:\Windows\System\EELpUDx.exe
  C:\Windows\System\EELpUDx.exe
  2⤵
  PID:12152
- C:\Windows\System\iXpBXbE.exe
  C:\Windows\System\iXpBXbE.exe
  2⤵
  PID:11232
- C:\Windows\System\NUpZxsq.exe
  C:\Windows\System\NUpZxsq.exe
  2⤵
  PID:12280
- C:\Windows\System\DpVDmYO.exe
  C:\Windows\System\DpVDmYO.exe
  2⤵
  PID:11364
- C:\Windows\System\MHASEJG.exe
  C:\Windows\System\MHASEJG.exe
  2⤵
  PID:11556
- C:\Windows\System\gfhVbbG.exe
  C:\Windows\System\gfhVbbG.exe
  2⤵
  PID:11628
- C:\Windows\System\SDPZIbe.exe
  C:\Windows\System\SDPZIbe.exe
  2⤵
  PID:11864
- C:\Windows\System\fLBSpVq.exe
  C:\Windows\System\fLBSpVq.exe
  2⤵
  PID:12008
- C:\Windows\System\WErGBiS.exe
  C:\Windows\System\WErGBiS.exe
  2⤵
  PID:12196
- C:\Windows\System\USymLIi.exe
  C:\Windows\System\USymLIi.exe
  2⤵
  PID:12244
- C:\Windows\System\YFuihQt.exe
  C:\Windows\System\YFuihQt.exe
  2⤵
  PID:11720
- C:\Windows\System\kENkHSO.exe
  C:\Windows\System\kENkHSO.exe
  2⤵
  PID:12088
- C:\Windows\System\ckpxztk.exe
  C:\Windows\System\ckpxztk.exe
  2⤵
  PID:11528
- C:\Windows\System\zgSLlZM.exe
  C:\Windows\System\zgSLlZM.exe
  2⤵
  PID:11444
- C:\Windows\System\WAvnHsv.exe
  C:\Windows\System\WAvnHsv.exe
  2⤵
  PID:12316
- C:\Windows\System\hpnAlKD.exe
  C:\Windows\System\hpnAlKD.exe
  2⤵
  PID:12344
- C:\Windows\System\sRlmBpo.exe
  C:\Windows\System\sRlmBpo.exe
  2⤵
  PID:12372
- C:\Windows\System\PUHNDnZ.exe
  C:\Windows\System\PUHNDnZ.exe
  2⤵
  PID:12400
- C:\Windows\System\rNcyZir.exe
  C:\Windows\System\rNcyZir.exe
  2⤵
  PID:12428
- C:\Windows\System\mleMsCg.exe
  C:\Windows\System\mleMsCg.exe
  2⤵
  PID:12456
- C:\Windows\System\QFxflyl.exe
  C:\Windows\System\QFxflyl.exe
  2⤵
  PID:12476
- C:\Windows\System\MBDvDrV.exe
  C:\Windows\System\MBDvDrV.exe
  2⤵
  PID:12500
- C:\Windows\System\eIilYFg.exe
  C:\Windows\System\eIilYFg.exe
  2⤵
  PID:12520
- C:\Windows\System\vuXTtgt.exe
  C:\Windows\System\vuXTtgt.exe
  2⤵
  PID:12568
- C:\Windows\System\sZUljfv.exe
  C:\Windows\System\sZUljfv.exe
  2⤵
  PID:12596
- C:\Windows\System\winJdWO.exe
  C:\Windows\System\winJdWO.exe
  2⤵
  PID:12612
- C:\Windows\System\ssIEDAI.exe
  C:\Windows\System\ssIEDAI.exe
  2⤵
  PID:12636
- C:\Windows\System\ZaLdYwE.exe
  C:\Windows\System\ZaLdYwE.exe
  2⤵
  PID:12656
- C:\Windows\System\wHWrWUY.exe
  C:\Windows\System\wHWrWUY.exe
  2⤵
  PID:12688
- C:\Windows\System\ElhBwfT.exe
  C:\Windows\System\ElhBwfT.exe
  2⤵
  PID:12736
- C:\Windows\System\hTdKOCH.exe
  C:\Windows\System\hTdKOCH.exe
  2⤵
  PID:12764
- C:\Windows\System\HqorzmI.exe
  C:\Windows\System\HqorzmI.exe
  2⤵
  PID:12792
- C:\Windows\System\FisZsJN.exe
  C:\Windows\System\FisZsJN.exe
  2⤵
  PID:12820
- C:\Windows\System\hbuxRhF.exe
  C:\Windows\System\hbuxRhF.exe
  2⤵
  PID:12848
- C:\Windows\System\ShdAvDN.exe
  C:\Windows\System\ShdAvDN.exe
  2⤵
  PID:12876
- C:\Windows\System\OFrBkPt.exe
  C:\Windows\System\OFrBkPt.exe
  2⤵
  PID:12904
- C:\Windows\System\YbUmWno.exe
  C:\Windows\System\YbUmWno.exe
  2⤵
  PID:12932
- C:\Windows\System\iGmtPcB.exe
  C:\Windows\System\iGmtPcB.exe
  2⤵
  PID:12960
- C:\Windows\System\CEoxdcu.exe
  C:\Windows\System\CEoxdcu.exe
  2⤵
  PID:12988
- C:\Windows\System\ljqeIdn.exe
  C:\Windows\System\ljqeIdn.exe
  2⤵
  PID:13016
- C:\Windows\System\opsgGGQ.exe
  C:\Windows\System\opsgGGQ.exe
  2⤵
  PID:13032
- C:\Windows\System\ndxbzrQ.exe
  C:\Windows\System\ndxbzrQ.exe
  2⤵
  PID:13060
- C:\Windows\System\rislmQS.exe
  C:\Windows\System\rislmQS.exe
  2⤵
  PID:13100
- C:\Windows\System\jtrsFyK.exe
  C:\Windows\System\jtrsFyK.exe
  2⤵
  PID:13116
- C:\Windows\System\RHayxwu.exe
  C:\Windows\System\RHayxwu.exe
  2⤵
  PID:13140
- C:\Windows\System\RgbXJrZ.exe
  C:\Windows\System\RgbXJrZ.exe
  2⤵
  PID:13160
- C:\Windows\System\kKZphjm.exe
  C:\Windows\System\kKZphjm.exe
  2⤵
  PID:13212
- C:\Windows\System\gTfYfSy.exe
  C:\Windows\System\gTfYfSy.exe
  2⤵
  PID:13248
- C:\Windows\System\MtVpYga.exe
  C:\Windows\System\MtVpYga.exe
  2⤵
  PID:13268
- C:\Windows\System\GcFJJOJ.exe
  C:\Windows\System\GcFJJOJ.exe
  2⤵
  PID:13292
- C:\Windows\System\PKkOvgn.exe
  C:\Windows\System\PKkOvgn.exe
  2⤵
  PID:12312
- C:\Windows\System\BxwbmlJ.exe
  C:\Windows\System\BxwbmlJ.exe
  2⤵
  PID:12384
- C:\Windows\System\shBnmsb.exe
  C:\Windows\System\shBnmsb.exe
  2⤵
  PID:12424
- C:\Windows\System\BVfSSty.exe
  C:\Windows\System\BVfSSty.exe
  2⤵
  PID:12484
- C:\Windows\System\kBfbwsK.exe
  C:\Windows\System\kBfbwsK.exe
  2⤵
  PID:12528
- C:\Windows\System\EIFwEme.exe
  C:\Windows\System\EIFwEme.exe
  2⤵
  PID:12652
- C:\Windows\System\jXdRCTA.exe
  C:\Windows\System\jXdRCTA.exe
  2⤵
  PID:12668
- C:\Windows\System\oATdGrT.exe
  C:\Windows\System\oATdGrT.exe
  2⤵
  PID:12784
- C:\Windows\System\zkaGhNU.exe
  C:\Windows\System\zkaGhNU.exe
  2⤵
  PID:12836
- C:\Windows\System\chhFGGO.exe
  C:\Windows\System\chhFGGO.exe
  2⤵
  PID:12928
- C:\Windows\System\JgHFXBG.exe
  C:\Windows\System\JgHFXBG.exe
  2⤵
  PID:12972
- C:\Windows\System\PTArdSs.exe
  C:\Windows\System\PTArdSs.exe
  2⤵
  PID:13096
- C:\Windows\System\EwoXVrK.exe
  C:\Windows\System\EwoXVrK.exe
  2⤵
  PID:13152
- C:\Windows\System\XOiMuSD.exe
  C:\Windows\System\XOiMuSD.exe
  2⤵
  PID:13224
- C:\Windows\System\rLZRFHg.exe
  C:\Windows\System\rLZRFHg.exe
  2⤵
  PID:13284
- C:\Windows\System\gpiGItN.exe
  C:\Windows\System\gpiGItN.exe
  2⤵
  PID:12360
- C:\Windows\System\zbWtvBU.exe
  C:\Windows\System\zbWtvBU.exe
  2⤵
  PID:12468
- C:\Windows\System\gMvIKIa.exe
  C:\Windows\System\gMvIKIa.exe
  2⤵
  PID:12648
- C:\Windows\System\XjoWbQY.exe
  C:\Windows\System\XjoWbQY.exe
  2⤵
  PID:12872
- C:\Windows\System\QgeQfAk.exe
  C:\Windows\System\QgeQfAk.exe
  2⤵
  PID:13108
- C:\Windows\System\zZtmsnp.exe
  C:\Windows\System\zZtmsnp.exe
  2⤵
  PID:13176
- C:\Windows\System\cmUkBIF.exe
  C:\Windows\System\cmUkBIF.exe
  2⤵
  PID:12464
- C:\Windows\System\nsatJlv.exe
  C:\Windows\System\nsatJlv.exe
  2⤵
  PID:12924
- C:\Windows\System\kEEjBMn.exe
  C:\Windows\System\kEEjBMn.exe
  2⤵
  PID:13172
- C:\Windows\System\IyjQpsQ.exe
  C:\Windows\System\IyjQpsQ.exe
  2⤵
  PID:13260
- C:\Windows\System\AtvhRXU.exe
  C:\Windows\System\AtvhRXU.exe
  2⤵
  PID:13332
- C:\Windows\System\cxnEYKK.exe
  C:\Windows\System\cxnEYKK.exe
  2⤵
  PID:13360
- C:\Windows\System\whwBhxO.exe
  C:\Windows\System\whwBhxO.exe
  2⤵
  PID:13388
- C:\Windows\System\QrLNSIT.exe
  C:\Windows\System\QrLNSIT.exe
  2⤵
  PID:13416
- C:\Windows\System\XgrpSid.exe
  C:\Windows\System\XgrpSid.exe
  2⤵
  PID:13444
- C:\Windows\System\oKQeYVj.exe
  C:\Windows\System\oKQeYVj.exe
  2⤵
  PID:13472
- C:\Windows\System\fNdkmDY.exe
  C:\Windows\System\fNdkmDY.exe
  2⤵
  PID:13500
- C:\Windows\System\vairFsC.exe
  C:\Windows\System\vairFsC.exe
  2⤵
  PID:13540
- C:\Windows\System\iKSqScS.exe
  C:\Windows\System\iKSqScS.exe
  2⤵
  PID:13556
- C:\Windows\System\UIeJRwR.exe
  C:\Windows\System\UIeJRwR.exe
  2⤵
  PID:13584
- C:\Windows\System\dbLCccU.exe
  C:\Windows\System\dbLCccU.exe
  2⤵
  PID:13612
- C:\Windows\System\ALNMWHB.exe
  C:\Windows\System\ALNMWHB.exe
  2⤵
  PID:13640
- C:\Windows\System\RMeGHAh.exe
  C:\Windows\System\RMeGHAh.exe
  2⤵
  PID:13656
- C:\Windows\System\JhBLUxU.exe
  C:\Windows\System\JhBLUxU.exe
  2⤵
  PID:13684
- C:\Windows\System\zUbNzqA.exe
  C:\Windows\System\zUbNzqA.exe
  2⤵
  PID:13724
- C:\Windows\System\vxvzjxq.exe
  C:\Windows\System\vxvzjxq.exe
  2⤵
  PID:13752
- C:\Windows\System\SEqmUeH.exe
  C:\Windows\System\SEqmUeH.exe
  2⤵
  PID:13780
- C:\Windows\System\hXrbzWn.exe
  C:\Windows\System\hXrbzWn.exe
  2⤵
  PID:13808
- C:\Windows\System\SEcjWLo.exe
  C:\Windows\System\SEcjWLo.exe
  2⤵
  PID:13824
- C:\Windows\System\qrPXwIA.exe
  C:\Windows\System\qrPXwIA.exe
  2⤵
  PID:13852
- C:\Windows\System\syKlwiR.exe
  C:\Windows\System\syKlwiR.exe
  2⤵
  PID:13880
- C:\Windows\System\PPcuWCY.exe
  C:\Windows\System\PPcuWCY.exe
  2⤵
  PID:13896
- C:\Windows\System\waecsqm.exe
  C:\Windows\System\waecsqm.exe
  2⤵
  PID:13932
- C:\Windows\System\BGfagnw.exe
  C:\Windows\System\BGfagnw.exe
  2⤵
  PID:13976
- C:\Windows\System\yGyFzXS.exe
  C:\Windows\System\yGyFzXS.exe
  2⤵
  PID:13996
- C:\Windows\System\QzDYGJL.exe
  C:\Windows\System\QzDYGJL.exe
  2⤵
  PID:14028
- C:\Windows\System\dHFWnTr.exe
  C:\Windows\System\dHFWnTr.exe
  2⤵
  PID:14052
- C:\Windows\System\MAREnKd.exe
  C:\Windows\System\MAREnKd.exe
  2⤵
  PID:14092
- C:\Windows\System\VWPcNkV.exe
  C:\Windows\System\VWPcNkV.exe
  2⤵
  PID:14120
- C:\Windows\System\XgkKpEj.exe
  C:\Windows\System\XgkKpEj.exe
  2⤵
  PID:14148
- C:\Windows\System\eSFhhEf.exe
  C:\Windows\System\eSFhhEf.exe
  2⤵
  PID:14176
- C:\Windows\System\KRHMjUl.exe
  C:\Windows\System\KRHMjUl.exe
  2⤵
  PID:14204
- C:\Windows\System\nGgjMZs.exe
  C:\Windows\System\nGgjMZs.exe
  2⤵
  PID:14232
- C:\Windows\System\dclkKqz.exe
  C:\Windows\System\dclkKqz.exe
  2⤵
  PID:14260
- C:\Windows\System\nTRkALI.exe
  C:\Windows\System\nTRkALI.exe
  2⤵
  PID:14288
- C:\Windows\System\ywzLoPY.exe
  C:\Windows\System\ywzLoPY.exe
  2⤵
  PID:14316
- C:\Windows\System\DfCcOgU.exe
  C:\Windows\System\DfCcOgU.exe
  2⤵
  PID:13316
- C:\Windows\System\sDaJMIY.exe
  C:\Windows\System\sDaJMIY.exe
  2⤵
  PID:13352
- C:\Windows\System\CzSGWgM.exe
  C:\Windows\System\CzSGWgM.exe
  2⤵
  PID:13412
- C:\Windows\System\FKqdrNU.exe
  C:\Windows\System\FKqdrNU.exe
  2⤵
  PID:13488
- C:\Windows\System\HUcQfCw.exe
  C:\Windows\System\HUcQfCw.exe
  2⤵
  PID:13548
- C:\Windows\System\htlrZMz.exe
  C:\Windows\System\htlrZMz.exe
  2⤵
  PID:13600
- C:\Windows\System\erFeUoI.exe
  C:\Windows\System\erFeUoI.exe
  2⤵
  PID:13668
- C:\Windows\System\KldkfMy.exe
  C:\Windows\System\KldkfMy.exe
  2⤵
  PID:13744
- C:\Windows\System\VSyvSGU.exe
  C:\Windows\System\VSyvSGU.exe
  2⤵
  PID:13800
- C:\Windows\System\GuQaVcj.exe
  C:\Windows\System\GuQaVcj.exe
  2⤵
  PID:13848
- C:\Windows\System\pOdaLUF.exe
  C:\Windows\System\pOdaLUF.exe
  2⤵
  PID:13920
- C:\Windows\System\lyTCZbF.exe
  C:\Windows\System\lyTCZbF.exe
  2⤵
  PID:13988
- C:\Windows\System\VnCqXog.exe
  C:\Windows\System\VnCqXog.exe
  2⤵
  PID:14012
- C:\Windows\System\BEKVsMT.exe
  C:\Windows\System\BEKVsMT.exe
  2⤵
  PID:14160
- C:\Windows\System\TsbdfGC.exe
  C:\Windows\System\TsbdfGC.exe
  2⤵
  PID:14228
- C:\Windows\System\sjcIaeG.exe
  C:\Windows\System\sjcIaeG.exe
  2⤵
  PID:14284
- C:\Windows\System\pjTgNSB.exe
  C:\Windows\System\pjTgNSB.exe
  2⤵
  PID:13344
- C:\Windows\System\dsZLsiV.exe
  C:\Windows\System\dsZLsiV.exe
  2⤵
  PID:13464
- C:\Windows\System\ASiKkEX.exe
  C:\Windows\System\ASiKkEX.exe
  2⤵
  PID:13636
- C:\Windows\System\guwbPtN.exe
  C:\Windows\System\guwbPtN.exe
  2⤵
  PID:13776
- C:\Windows\System\mkfPwwh.exe
  C:\Windows\System\mkfPwwh.exe
  2⤵
  PID:13956

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ApQsSUV.exe

Filesize
2.0MB

MD5
026d5924c730c2d26dc388dd2c5fb261

SHA1
99f4ee1152a483ea0c55c8931d9a93d4c1057da8

SHA256
6590ec24d36a7b004f2c31c7275196aa6dd0a30030a497ffc827f55a7414d5df

SHA512
a7c3837e3f8054f02008bb5933a0275519f0aa4e9ad6199361750449c013004b2588553c13e6e4204ffc873aebefaaf6bb167f772bfa94c77652ffa33ed306fb

Download Submit
C:\Windows\System\BsAgjWb.exe

Filesize
2.0MB

MD5
84c11945e9bbbc009d6920607e09835e

SHA1
ad73e028fa07fd4d7f289ffc1538e52283969576

SHA256
152de7637aa69e9b6475d7f2ad987895406b04ad309d2c10ff288af2a75f48da

SHA512
a67884f34d38a88bd8776e086f5611627824c1de42028274bbdc6ccc1baa206454998d61110173047bc619ce5dfbb8f765b3844d49d627eea04a196bd5b055ca

Download Submit
C:\Windows\System\DnVmkNL.exe

Filesize
2.0MB

MD5
f990e3f80babe59bf648dd3f67d5d1ba

SHA1
53afac1ab0a8c7bf559b2c5bba03057b06a5d998

SHA256
97cddb734c6ebbe2a422baf4ea7696712e29a1365a1687c7b0c2ac9d1876f611

SHA512
dbfcef6fd546c25939c57cd7666b11c04af317952164c5963ddf44c1d7e060f976d3a33aa80ae2f3adf8cb2a124c8cdf759bb6a33fa83fe86fb3772fe271d35a

Download Submit
C:\Windows\System\HYOwNZU.exe

Filesize
2.0MB

MD5
26ad7b2d059b37a1696642a2dff74538

SHA1
5a8f918e76b6134702438ea9cdad69f9c7ed9e0b

SHA256
281b917fe6c43dc4983e4a9c9057986c3882a8e5aac1351552ce3b59ba2b58fe

SHA512
70b93d4620d2810284f160542a627ecfc49498f6a6aab8e6a51ee45aa24cad90cc88edd58a69c327640811191fe05cf2755d10640aca5e5769f85ef1fd9869d6

Download Submit
C:\Windows\System\KQXyJhx.exe

Filesize
2.0MB

MD5
26a32b0ab9c3f74aa0f946775edc3de5

SHA1
2506c3380de4a8fa9ea12fb92f43c05ddaef32d9

SHA256
c467c0f4839fffeb5c841887e66ec188ae35887ebb818a2f51b0784eaec2bbaf

SHA512
557e5997cb217e7b52ddd53d424d785cc62c0a294abd554f3761a5420396a06f174fdf5737afb1e18b897e67e388672de1d360ffbb48a9c4e6f0e0e0d34e4b82

Download Submit
C:\Windows\System\KTyxYEE.exe

Filesize
2.0MB

MD5
87074f53e4ecddf6f0081c42d5e6f69b

SHA1
5eead70f016e03313a69c6e943380fdc6c12cf8e

SHA256
221c54a3e04e793fd305189851dea6a739e3c4f0bce0ac30e65cc008320ba716

SHA512
816415c0e7ca68d7ec09216bc8055d160bc550ba1c4e0f7a057833240ce1ba4ce89c2f82cbaab0505d97c33a5f5a92cebe815e721e39e7bafb6e2d5374dfc13e

Download Submit
C:\Windows\System\KehaeGs.exe

Filesize
2.0MB

MD5
9369b064f591c89b56f2fcfed790fb0e

SHA1
bd7effdae2d0f9be0f62ab4e2aa661e724cf22a2

SHA256
7429d25958a8f1875761f2deec02fcaddcd7d73be1685ca143ed383ca8452c28

SHA512
8e3017c9da662f146b6eabb7346184681b53a24a820c8606dcf57a8f19d8cc6fdcffcc9cbb439fd11b3ce505d128283c3ff0e304679a30bdbbf8d73d0b85bf24

Download Submit
C:\Windows\System\LqtEkVl.exe

Filesize
2.0MB

MD5
16aa89409f6ae06c31fead3edbec5653

SHA1
f81bfe1cc47ed5959fda836d15f3799d69e55712

SHA256
17d1e9f3c5c33e8180248b2219f3eaa4e757aa301085d33c16bc7e2857acb6c3

SHA512
8d303a03675017773e99c47f4969de019d4b2079d857d36b5a3c3c28a5658e8ac894b9f0054afd48be9be39d2f971284d4978a60054ca9de77745f7d1e794079

Download Submit
C:\Windows\System\MukqTps.exe

Filesize
2.0MB

MD5
581bab33a3e85f678302426e4ba55558

SHA1
36fa0745681525d01ffbcb225c24a17d17c82396

SHA256
8863782b78e6f0d79a44815a6e22f893ea91e6b9403bf067aeced174937aa27d

SHA512
9b292b614bb61e5aea9f93f16d5e4bea20044b0b21fe7f36cc2bbfd51ddd2ff90b25e2653c0157a59a927a5f423ddaf274af389d6b07df5177adc4f8a1946cd8

Download Submit
C:\Windows\System\OlaZISi.exe

Filesize
2.0MB

MD5
51e16324f9897173782511be5443356f

SHA1
b620d74f45576bca5c2038bbc7ef58e2f54f5c23

SHA256
167727ee008455e3e2f3865f730f7cfa6fdb236dd60cbb5199d2f5f416d28b2f

SHA512
6754c2794d5f2fbc0fd5c86d9ed6592f70a0b66bfa26464ac61ba2cbb7b2cd1089a09cd495dfa304640f13d5392b888c5cfe851dce73b760bc48e26c4c980795

Download Submit
C:\Windows\System\PgLyQBT.exe

Filesize
2.0MB

MD5
eb616cf3f6ec821b107622ee14b31c4e

SHA1
a386db49ce22a37cb387bc7515bfe19c1ff6bed8

SHA256
df4a9a34759e85595f265f48dad79fe0669555a35b584c6e8846d238dd3533fc

SHA512
7a29a3e054451a532283a87d0ca4420f2e6d1d97beb665214655fe359fa2f476434a844cd8b10cfa44142632c2bd7e67920970b010fe041ec505724fb6a6d1b6

Download Submit
C:\Windows\System\RxfNNuW.exe

Filesize
2.0MB

MD5
5be2bd5a2de7ab9fe0e2842a2059c0d3

SHA1
4a961419856e97482a9090f431229f2cdf391587

SHA256
6583655361cae6614b7a664e5492a3061b120a9367ff4880da97fa03c8219c21

SHA512
dba8abaf86c11dac942dec30bce49bc47a2aaafa60b3fc2ed30495685d2ca548708f9f86aabe4c6df7cd762783725f5d1c1147d0344ddd142e3d8d1cb68443c8

Download Submit
C:\Windows\System\SIeSCoz.exe

Filesize
2.0MB

MD5
0fdec0ac004599797835cd5b3f296470

SHA1
b87c21be2adb7dcd0f1802a518284e54a6f1983e

SHA256
d06cff6b5f90c773d477ac0a84099b9e2ff064a4bdb2fe5e3d0936027cda338c

SHA512
b7494e3c3a0bc096f9ad8a1e2c3198b3c13ee2f30de823a090e9476a22ac48c9fc81aae625f9a703b65c2cc7889c1a8517a4e15e997a639bcf5453a1c5ab858c

Download Submit
C:\Windows\System\VFohiLZ.exe

Filesize
2.0MB

MD5
f3ed262bb41bb1b65e16376e9cdb93a5

SHA1
1c5c4815f368c31ad86413245248e32c0c3f16e1

SHA256
093fcd634a2eaeb317c8de2b9d4b5c88a7941ed5442e1565a79b6652624a31d8

SHA512
ea92b53b21a6ea122918f917c99581bc67bd26b38a1a92fa3a66815730ea3c74d3f70631946aef0f73ad6eb459b141fe7de0e2189cbf79e6bfdc1a8ff79a1773

Download Submit
C:\Windows\System\VVFzVCG.exe

Filesize
2.0MB

MD5
b2bf9dae937e8d6008832f283870d486

SHA1
935b8e9e47fb6bb4c553b02de8f51180aa1027fa

SHA256
ca3e4d4b44c48f9272123a04af9e176846d9c06d973e6e276d5e20bb05092c16

SHA512
cf0a5ba59644773057eadcf7ab7baf9306f2aebc76dbb699d54e7b6e68440dd083a3886acef30d18bb2e71ca0ad7e36dd99f15c29ab388ad68af7ad7542582f8

Download Submit
C:\Windows\System\VbGZwkZ.exe

Filesize
2.0MB

MD5
9accbd111d83fb342598166cc3a39884

SHA1
147c24a411a8c37ec911c91d3b20f3ed78aa6d17

SHA256
4d5aabda266c361624c5e91aee32c72a22566831210af8875baba0aef2f6b467

SHA512
e6700b4b676ddf877ffc64510d3048866af978652454dbf3fac8772b4a72852c09c3d6c40aa25f4859643b6be8478015969bf4fb789c8521e16ac0fcf93f1051

Download Submit
C:\Windows\System\VmLCXHL.exe

Filesize
2.0MB

MD5
1b500741b1061202c511ba335d53c6de

SHA1
f2b72d58dda7d2e19199d5b33074cc529285c42c

SHA256
8cf19d661abea34cdf139afdbc447034383256d8f0f11a408e92c15ced8a12c3

SHA512
1455a2891061d3187503f191b7074ce78416da3af966741f041d0defe80cf5239f82fb5253b59891d23e87198590ed9ba7bfe4759a07e07a1035583bdbfb8d39

Download Submit
C:\Windows\System\WhLEfSI.exe

Filesize
2.0MB

MD5
be755bb750dc1803fb7de87b75281d39

SHA1
1869e84345f982a31efc707cc4db0cde849d580f

SHA256
87d08d5cb0b02bdeefc2984629b96737349b7713c0c1136a01e005734a04f525

SHA512
95025d75f013a3a405d6626f329543e44dc82b38bf913226b330f9302e8c3c8b4d0193e09944acbe207a3cdf6600868ba1b9263511f6210379a211d03e49d4d6

Download Submit
C:\Windows\System\XXemaKz.exe

Filesize
2.0MB

MD5
1c3835659637e627ed2008dd3761ab73

SHA1
684cfb28f51e6433ef0adfe399fe3d805b1a5360

SHA256
306cfbf2919089b3b163df89b889ffae2bf706aaac2198fb4593bef933bfbc77

SHA512
ba74be5089a967a6acfbdcb173e95a2120d314060337d4d6564a26db8b2473978a7fea361b969e60c0485703ca601b09d8c32e0bd893659a6118f8ff071848e8

Download Submit
C:\Windows\System\YktdHQQ.exe

Filesize
2.0MB

MD5
535187c46d612056c7fd2fcdb21a24d0

SHA1
27d41eeb834591dd70c4f283e7bce2ae39a5aece

SHA256
6bb1b6574c19e8d8828f732edada111792ba53cb5e37b4d909abe99ec325a592

SHA512
e28e01c8081053f41ece68e983b46efbc3525fd13462e908415119a48a78ff33a3b2034080b9ecad6c20078ea1c32fd0895b84be80096cf6c6aa0c8739950cc4

Download Submit
C:\Windows\System\ZqXWnev.exe

Filesize
2.0MB

MD5
bec01457f30c6e2e6e06da8fbecbe318

SHA1
4b38999e4eb862268c6500512a6eae6a55b06e49

SHA256
bedd5af80c6d762602073f6912f06de81b30285f4d623793279498b347c4ad30

SHA512
9c0e13b5d4998bd4625c378774dd49ea294bfeea1e44454ab320030aa60a899643971a4557c4901302dc5f3f945f96744231c56f19a3eaf4d8d1af7c7a242a0a

Download Submit
C:\Windows\System\bGhsXzZ.exe

Filesize
2.0MB

MD5
1b50614feca3a1098e6345b8e01b1a00

SHA1
321b01c5803cdda9d5ae0fc4f44d4def5c59077c

SHA256
4623623a057ae92fae1570407250fff36087403d5fdd0149e5334549f1205352

SHA512
318cab6cf5ef305e73c6d5c7f66a4b9c564ebde93518d5ed6014cbb38ed3ce0b555955a74fabd62fc4ae6e9daee595f24bbd79f0f9daca3b5f835795b5231df5

Download Submit
C:\Windows\System\eJVbAze.exe

Filesize
2.0MB

MD5
c2e1508c37255ecd244901583d5d1ebf

SHA1
08e9e4b6c570149a5a696d7b97efe3ed2e8b5486

SHA256
47cccfb254f76c05bb8da82e8df88a48464757003e0c3e45d43f82ee1e1be86e

SHA512
eb8bc81d73a93534f8865947a317df1e72555b0ccf8377e51164f19b2d94a27f168c2cd75aad4a1144d7a2f7b1a6325cf28ffcf010071368bd2c69e5e45f34d6

Download Submit
C:\Windows\System\fCbyKvC.exe

Filesize
2.0MB

MD5
2b5ddc32432761f22df3aeae85628e9a

SHA1
950a1d4a64fc41c52e1ccf79718db3846cbc3511

SHA256
8dd2787238e5aa52eed75032e27f349956338b07b5901f66dd1eb6dbb790a07b

SHA512
9bcb60de675aef04b72468171addefa77a33c20a313fde1f4ddd440d9899712d8b22cdee561929c14a96d9d648f32e8658cf8a941d5fe7308acea42fba03fd5c

Download Submit
C:\Windows\System\hysgHNP.exe

Filesize
2.0MB

MD5
c83428e94d083fe292e328177b2046ed

SHA1
71088d3dacb74be7bde1aeba6b0362441d55b1a1

SHA256
047ba1d365ea54e5e273902ae5fcb82bae74c450ea2f69b37d9bc9608ef8eb07

SHA512
9c2887c2dab94757205eef059b370fc52207ec18b5013681610985eb2f6d6d9ab1d11afa6ff563e41c776df53bbe81d859acdfee1ea413b8229baf8ad3169a81

Download Submit
C:\Windows\System\irteTcM.exe

Filesize
2.0MB

MD5
5543a188d95c8a6934831cb777871c8e

SHA1
c36d9f74ef46212dd412495f09ccb2be0fd7d8cb

SHA256
e370c6d86dfe0d2d8455ebdb0e61403a8a8f76bc497702977fbdce53b13a107a

SHA512
183775eb7cbe3ee0b2d0b321e5a8d08e377ff11be64a21a7248f4626e9c540cc01221d495d637bae88716e51daa2368c45db23d07472a8bc317cc28a7a850c72

Download Submit
C:\Windows\System\keXLpTh.exe

Filesize
2.0MB

MD5
e9e97d0f85d13b049245ddca5caa20bb

SHA1
05711b1e0a49ea06934ae722ad9e89a998922d9a

SHA256
ecf1f972ef1880090128c3956e05f0e47a2b4cc1b56e4be5bc8b9a956d224c7f

SHA512
12f2ca2075981ed32ac55f5db58ddfc971c8d4df08a1964a0e6941ad8d60dfd34e19f77492c67cbed3da69c3b1c4c9c7c1a1472c24ab13260920f27b611d3028

Download Submit
C:\Windows\System\lWzlSEM.exe

Filesize
2.0MB

MD5
8052e24936c79ab9364a80d8f9e4e218

SHA1
19e54ff392470992c905b6e7d085d87b131990ce

SHA256
080d3383a128f4a12d1818fcf5afc82d814e84bf77a458c9a922560e3686b064

SHA512
27fa2ed8a58d5ead6d291cc393d7d1f5bcc20fc21558459628748934336c7b0dc9858c4c4bcb280184084e7e117e1114abd249cb8ac8cc5a80423611c4d3501e

Download Submit
C:\Windows\System\lcVEQHg.exe

Filesize
2.0MB

MD5
196e7f7d57967bbfa7db96e061ef2ab9

SHA1
3eda4b4590a14e4d6e1d710edf17f864f0a2cb2a

SHA256
d88e00804b8b3497a49264ad3be74780c98fe7e94bb34829f99fe9a79765de09

SHA512
1d362f81e57b0de7530de651a77f6fe2adec09d997c739139e6e3c3d27b4743beb5346e46d241d9bca08f4501369a74f7b2f0e1e184203db0e4d2ac6276f63be

Download Submit
C:\Windows\System\sFeaZif.exe

Filesize
2.0MB

MD5
8769e44b70acdc30bfb77449dca2cfc7

SHA1
a1277ad64fb0c7fa68f924c1941f492bad18074e

SHA256
a7c4e37523569393dbc95ddca6c0fc01f6f18be9c7ad7b7def0cef4c3a7dea91

SHA512
820e2bc8c28ee1ac420625cc8dac7e900736cf0f56d759c757a2c47818e0f26f65e0fdb0acda04b4586bd0957407751570205a5ec7b1e662805385575d6259ea

Download Submit
C:\Windows\System\twDzWiy.exe

Filesize
2.0MB

MD5
cca1ec9831659b4554b622c50c7f3fc6

SHA1
728bb01f26653384ae3dc23e7b191c1cc998c7a4

SHA256
494b779e8eda56d455af0a8831e9a08e0b6f7bbc47b630e17e122b5b0e468111

SHA512
9c3d3b50aef112aebc1ffa3e4213f4bb71f04190f0f6e2f22c01aa8a89598cbf000c31ad849038e5899d71eda481d2ad8bdce6a815e645585c4a6db11a007bd8

Download Submit
C:\Windows\System\xGMUXUD.exe

Filesize
2.0MB

MD5
818c610288e7cf906796150c9a851105

SHA1
6c8fee3b6a4dccd98ae0008b61dd2df3ea2495c3

SHA256
8d8ecad1c6ad611d1b9fb582022264d85c8f357f599b2e116bdcfec91840b1af

SHA512
2d9b7bf9f5621a40d5f80ea8cdf3b9e54bf4a352ad576db604026db4047bdf5dca2badf1202d9bcf1f0a7bb361114d5dca457b6f7dd5beedeb52745412a39702

Download Submit
C:\Windows\System\xesWblA.exe

Filesize
2.0MB

MD5
924f3a8b7d6e672709cf3bc9d0be9cb5

SHA1
db0d4b0fa4a0eb69930512f98ee9f33653c4a8d2

SHA256
b9c31da61554a59eaa4d473da4201788e61cef494323697c11fbac8d0927eb96

SHA512
650da086244697098870305acc138990c275333c8f33480c2ef673a65a3945e407b22966fd1e8d15230e6f791cfc623e3ffdb9f78678921292a42d5e575ca896

Download Submit
memory/408-2092-0x00007FF6C1D80000-0x00007FF6C20D4000-memory.dmp

Filesize
3.3MB

Download
memory/408-39-0x00007FF6C1D80000-0x00007FF6C20D4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-469-0x00007FF691A70000-0x00007FF691DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2104-0x00007FF691A70000-0x00007FF691DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-472-0x00007FF7606C0000-0x00007FF760A14000-memory.dmp

Filesize
3.3MB

Download
memory/1720-2110-0x00007FF7606C0000-0x00007FF760A14000-memory.dmp

Filesize
3.3MB

Download
memory/1864-2098-0x00007FF64DCE0000-0x00007FF64E034000-memory.dmp

Filesize
3.3MB

Download
memory/1864-69-0x00007FF64DCE0000-0x00007FF64E034000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2089-0x00007FF7A0330000-0x00007FF7A0684000-memory.dmp

Filesize
3.3MB

Download
memory/2180-10-0x00007FF7A0330000-0x00007FF7A0684000-memory.dmp

Filesize
3.3MB

Download
memory/2284-2094-0x00007FF75AFE0000-0x00007FF75B334000-memory.dmp

Filesize
3.3MB

Download
memory/2284-507-0x00007FF75AFE0000-0x00007FF75B334000-memory.dmp

Filesize
3.3MB

Download
memory/2296-515-0x00007FF6C83F0000-0x00007FF6C8744000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2100-0x00007FF6C83F0000-0x00007FF6C8744000-memory.dmp

Filesize
3.3MB

Download
memory/2468-2117-0x00007FF7F0D80000-0x00007FF7F10D4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-503-0x00007FF7F0D80000-0x00007FF7F10D4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-470-0x00007FF6B3400000-0x00007FF6B3754000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2106-0x00007FF6B3400000-0x00007FF6B3754000-memory.dmp

Filesize
3.3MB

Download
memory/2572-521-0x00007FF704D30000-0x00007FF705084000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2102-0x00007FF704D30000-0x00007FF705084000-memory.dmp

Filesize
3.3MB

Download
memory/2612-2096-0x00007FF7DAC20000-0x00007FF7DAF74000-memory.dmp

Filesize
3.3MB

Download
memory/2612-514-0x00007FF7DAC20000-0x00007FF7DAF74000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2114-0x00007FF7964D0000-0x00007FF796824000-memory.dmp

Filesize
3.3MB

Download
memory/2820-486-0x00007FF7964D0000-0x00007FF796824000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2115-0x00007FF744210000-0x00007FF744564000-memory.dmp

Filesize
3.3MB

Download
memory/2964-499-0x00007FF744210000-0x00007FF744564000-memory.dmp

Filesize
3.3MB

Download
memory/3004-2097-0x00007FF728480000-0x00007FF7287D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-68-0x00007FF728480000-0x00007FF7287D4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2099-0x00007FF6054C0000-0x00007FF605814000-memory.dmp

Filesize
3.3MB

Download
memory/3056-465-0x00007FF6054C0000-0x00007FF605814000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2088-0x00007FF6054C0000-0x00007FF605814000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2107-0x00007FF7EAE00000-0x00007FF7EB154000-memory.dmp

Filesize
3.3MB

Download
memory/3108-471-0x00007FF7EAE00000-0x00007FF7EB154000-memory.dmp

Filesize
3.3MB

Download
memory/3152-2113-0x00007FF77D690000-0x00007FF77D9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3152-474-0x00007FF77D690000-0x00007FF77D9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-30-0x00007FF791060000-0x00007FF7913B4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2090-0x00007FF791060000-0x00007FF7913B4000-memory.dmp

Filesize
3.3MB

Download
memory/3436-2105-0x00007FF7E99A0000-0x00007FF7E9CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3436-468-0x00007FF7E99A0000-0x00007FF7E9CF4000-memory.dmp

Filesize
3.3MB

Download
memory/3528-2101-0x00007FF61F4A0000-0x00007FF61F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3528-466-0x00007FF61F4A0000-0x00007FF61F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3696-496-0x00007FF670B10000-0x00007FF670E64000-memory.dmp

Filesize
3.3MB

Download
memory/3696-2116-0x00007FF670B10000-0x00007FF670E64000-memory.dmp

Filesize
3.3MB

Download
memory/3872-489-0x00007FF6BA0A0000-0x00007FF6BA3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3872-2111-0x00007FF6BA0A0000-0x00007FF6BA3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2103-0x00007FF679E90000-0x00007FF67A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4032-467-0x00007FF679E90000-0x00007FF67A1E4000-memory.dmp

Filesize
3.3MB

Download
memory/4100-2093-0x00007FF7287C0000-0x00007FF728B14000-memory.dmp

Filesize
3.3MB

Download
memory/4100-33-0x00007FF7287C0000-0x00007FF728B14000-memory.dmp

Filesize
3.3MB

Download
memory/4348-473-0x00007FF6944F0000-0x00007FF694844000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2109-0x00007FF6944F0000-0x00007FF694844000-memory.dmp

Filesize
3.3MB

Download
memory/4504-2087-0x00007FF7475B0000-0x00007FF747904000-memory.dmp

Filesize
3.3MB

Download
memory/4504-42-0x00007FF7475B0000-0x00007FF747904000-memory.dmp

Filesize
3.3MB

Download
memory/4504-2095-0x00007FF7475B0000-0x00007FF747904000-memory.dmp

Filesize
3.3MB

Download
memory/4548-0-0x00007FF7F9ED0000-0x00007FF7FA224000-memory.dmp

Filesize
3.3MB

Download
memory/4548-1-0x000001E3B8C20000-0x000001E3B8C30000-memory.dmp

Filesize
64KB

Download
memory/4832-2108-0x00007FF740750000-0x00007FF740AA4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-475-0x00007FF740750000-0x00007FF740AA4000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2086-0x00007FF7DD6C0000-0x00007FF7DDA14000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2091-0x00007FF7DD6C0000-0x00007FF7DDA14000-memory.dmp

Filesize
3.3MB

Download
memory/4840-15-0x00007FF7DD6C0000-0x00007FF7DDA14000-memory.dmp

Filesize
3.3MB

Download
memory/4996-483-0x00007FF6FE6E0000-0x00007FF6FEA34000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2112-0x00007FF6FE6E0000-0x00007FF6FEA34000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads