kpot | 583cb7ad9a4d50cb18d2e8ce0cf9ffe16bab5e9a5e4ebb44ab035a14ac1d4acc

Analysis

max time kernel
125s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
Size

2.4MB
MD5

5c179a1a8faf08f5ca0ce812c57fd370
SHA1

3227af929387632ddb9dbf29920aa5651a47cbc0
SHA256

583cb7ad9a4d50cb18d2e8ce0cf9ffe16bab5e9a5e4ebb44ab035a14ac1d4acc
SHA512

f7c45a58e787ac3c2f3bdfb6a9209a0ff62dcd6d4fa4823d548fb5429506e17d7ef7dd59609d01e6bb8b30510fdb4e9c2702d2d8f9a9b2c77793b906e0fc5226
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eoY3:BemTLkNdfE0pZrwE

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023412-5.dat	family_kpot
behavioral2/files/0x0007000000023419-15.dat	family_kpot
behavioral2/files/0x000700000002341a-26.dat	family_kpot
behavioral2/files/0x000700000002341e-39.dat	family_kpot
behavioral2/files/0x000700000002341f-49.dat	family_kpot
behavioral2/files/0x0007000000023421-60.dat	family_kpot
behavioral2/files/0x0007000000023425-67.dat	family_kpot
behavioral2/files/0x0007000000023427-94.dat	family_kpot
behavioral2/files/0x0007000000023429-100.dat	family_kpot
behavioral2/files/0x0007000000023426-113.dat	family_kpot
behavioral2/files/0x0007000000023432-139.dat	family_kpot
behavioral2/files/0x0007000000023434-165.dat	family_kpot
behavioral2/files/0x0007000000023437-198.dat	family_kpot
behavioral2/files/0x0007000000023435-190.dat	family_kpot
behavioral2/files/0x0007000000023436-189.dat	family_kpot
behavioral2/files/0x0007000000023433-161.dat	family_kpot
behavioral2/files/0x0007000000023431-157.dat	family_kpot
behavioral2/files/0x0007000000023430-155.dat	family_kpot
behavioral2/files/0x0009000000023416-153.dat	family_kpot
behavioral2/files/0x000700000002342f-150.dat	family_kpot
behavioral2/files/0x000700000002342e-148.dat	family_kpot
behavioral2/files/0x000700000002342d-145.dat	family_kpot
behavioral2/files/0x000700000002342c-143.dat	family_kpot
behavioral2/files/0x000700000002342b-137.dat	family_kpot
behavioral2/files/0x000700000002342a-133.dat	family_kpot
behavioral2/files/0x0007000000023428-125.dat	family_kpot
behavioral2/files/0x0007000000023423-78.dat	family_kpot
behavioral2/files/0x0007000000023424-73.dat	family_kpot
behavioral2/files/0x0007000000023422-71.dat	family_kpot
behavioral2/files/0x0007000000023420-53.dat	family_kpot
behavioral2/files/0x000700000002341d-34.dat	family_kpot
behavioral2/files/0x000700000002341c-32.dat	family_kpot
behavioral2/files/0x000700000002341b-20.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1804-0-0x00007FF6FD1D0000-0x00007FF6FD524000-memory.dmp	xmrig
behavioral2/files/0x0009000000023412-5.dat	xmrig
behavioral2/files/0x0007000000023419-15.dat	xmrig
behavioral2/files/0x000700000002341a-26.dat	xmrig
behavioral2/files/0x000700000002341e-39.dat	xmrig
behavioral2/files/0x000700000002341f-49.dat	xmrig
behavioral2/files/0x0007000000023421-60.dat	xmrig
behavioral2/files/0x0007000000023425-67.dat	xmrig
behavioral2/memory/2804-77-0x00007FF63B030000-0x00007FF63B384000-memory.dmp	xmrig
behavioral2/files/0x0007000000023427-94.dat	xmrig
behavioral2/files/0x0007000000023429-100.dat	xmrig
behavioral2/files/0x0007000000023426-113.dat	xmrig
behavioral2/files/0x0007000000023432-139.dat	xmrig
behavioral2/memory/1460-152-0x00007FF631880000-0x00007FF631BD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-165.dat	xmrig
behavioral2/memory/4436-168-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp	xmrig
behavioral2/memory/1348-172-0x00007FF6E8600000-0x00007FF6E8954000-memory.dmp	xmrig
behavioral2/memory/3080-176-0x00007FF74C230000-0x00007FF74C584000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-198.dat	xmrig
behavioral2/files/0x0007000000023435-190.dat	xmrig
behavioral2/files/0x0007000000023436-189.dat	xmrig
behavioral2/memory/800-181-0x00007FF665710000-0x00007FF665A64000-memory.dmp	xmrig
behavioral2/memory/4732-180-0x00007FF617630000-0x00007FF617984000-memory.dmp	xmrig
behavioral2/memory/1916-179-0x00007FF6B6B40000-0x00007FF6B6E94000-memory.dmp	xmrig
behavioral2/memory/1212-178-0x00007FF7562F0000-0x00007FF756644000-memory.dmp	xmrig
behavioral2/memory/2300-177-0x00007FF7B8FE0000-0x00007FF7B9334000-memory.dmp	xmrig
behavioral2/memory/4696-175-0x00007FF7FA480000-0x00007FF7FA7D4000-memory.dmp	xmrig
behavioral2/memory/4716-174-0x00007FF7AB030000-0x00007FF7AB384000-memory.dmp	xmrig
behavioral2/memory/2420-173-0x00007FF6A0F10000-0x00007FF6A1264000-memory.dmp	xmrig
behavioral2/memory/4060-171-0x00007FF6A17D0000-0x00007FF6A1B24000-memory.dmp	xmrig
behavioral2/memory/3148-170-0x00007FF6F2910000-0x00007FF6F2C64000-memory.dmp	xmrig
behavioral2/memory/2876-169-0x00007FF724390000-0x00007FF7246E4000-memory.dmp	xmrig
behavioral2/memory/2524-167-0x00007FF6E4810000-0x00007FF6E4B64000-memory.dmp	xmrig
behavioral2/memory/2324-164-0x00007FF61FFE0000-0x00007FF620334000-memory.dmp	xmrig
behavioral2/memory/4224-163-0x00007FF6E1270000-0x00007FF6E15C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-161.dat	xmrig
behavioral2/files/0x0007000000023431-157.dat	xmrig
behavioral2/files/0x0007000000023430-155.dat	xmrig
behavioral2/files/0x0009000000023416-153.dat	xmrig
behavioral2/files/0x000700000002342f-150.dat	xmrig
behavioral2/files/0x000700000002342e-148.dat	xmrig
behavioral2/files/0x000700000002342d-145.dat	xmrig
behavioral2/files/0x000700000002342c-143.dat	xmrig
behavioral2/memory/4620-142-0x00007FF7F4F50000-0x00007FF7F52A4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-137.dat	xmrig
behavioral2/files/0x000700000002342a-133.dat	xmrig
behavioral2/files/0x0007000000023428-125.dat	xmrig
behavioral2/memory/5028-121-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp	xmrig
behavioral2/memory/400-104-0x00007FF768470000-0x00007FF7687C4000-memory.dmp	xmrig
behavioral2/memory/4840-88-0x00007FF60C310000-0x00007FF60C664000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-78.dat	xmrig
behavioral2/files/0x0007000000023424-73.dat	xmrig
behavioral2/files/0x0007000000023422-71.dat	xmrig
behavioral2/memory/4780-68-0x00007FF786A00000-0x00007FF786D54000-memory.dmp	xmrig
behavioral2/memory/2388-65-0x00007FF63BFE0000-0x00007FF63C334000-memory.dmp	xmrig
behavioral2/memory/1184-56-0x00007FF7DFB60000-0x00007FF7DFEB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-53.dat	xmrig
behavioral2/files/0x000700000002341d-34.dat	xmrig
behavioral2/files/0x000700000002341c-32.dat	xmrig
behavioral2/memory/1912-25-0x00007FF7158C0000-0x00007FF715C14000-memory.dmp	xmrig
behavioral2/memory/2372-23-0x00007FF7DA690000-0x00007FF7DA9E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-20.dat	xmrig
behavioral2/memory/4468-13-0x00007FF6D5540000-0x00007FF6D5894000-memory.dmp	xmrig
behavioral2/memory/2372-2089-0x00007FF7DA690000-0x00007FF7DA9E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4468	UbExECY.exe
2372	yAMBAyv.exe
1184	EpMUxmk.exe
1912	dCegjrD.exe
3080	CaomGXO.exe
2388	MVaLPpk.exe
4780	xHqBrsM.exe
2804	SoVdjzj.exe
4840	ypIsNDj.exe
2300	gUnjDeQ.exe
400	kuemchO.exe
5028	cdkQyqf.exe
1212	LLeilSo.exe
4620	rgOTmpi.exe
1916	jRAIjhD.exe
1460	FbsYpPD.exe
4224	guCYnZw.exe
2324	GZeGfzV.exe
2524	aQXxJVM.exe
4436	XQMXxAk.exe
4732	vDisxej.exe
2876	KZhbRwY.exe
3148	xddDTQj.exe
4060	zjVXQZB.exe
800	UTutgBd.exe
1348	IMgJScK.exe
2420	wRPjIoT.exe
4716	gpAKGfj.exe
4696	hJwdjtg.exe
668	LSkidKY.exe
3096	HtHSNXd.exe
4496	dWrCWpC.exe
4980	YQWPuSe.exe
5012	xcXqinZ.exe
3272	OoriACE.exe
4440	RxJKiNU.exe
1216	ugRDOHF.exe
2708	zbKyFjq.exe
2328	axqtbgY.exe
4936	INrCIrk.exe
4480	AhjieNT.exe
1264	CipxANu.exe
3712	KOMrrtF.exe
4140	rUsTNqv.exe
4972	MWOAtka.exe
4368	JEYFxqg.exe
4360	UrnbMac.exe
1840	JWCRcVd.exe
2228	nBMavdt.exe
3652	ykxSpeg.exe
4340	uAvFozG.exe
2652	DqULiHS.exe
4624	adEpNLj.exe
3000	QigrYye.exe
3548	AWvlLlt.exe
4616	CbrkhbD.exe
2312	OvafzOi.exe
2824	YxXCmeQ.exe
4708	ssmbbcb.exe
2376	jmZhXFb.exe
4772	vAZfGZT.exe
3896	HEMiHvB.exe
4032	bBJtIAS.exe
2688	IYvWWkZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1804-0-0x00007FF6FD1D0000-0x00007FF6FD524000-memory.dmp	upx
behavioral2/files/0x0009000000023412-5.dat	upx
behavioral2/files/0x0007000000023419-15.dat	upx
behavioral2/files/0x000700000002341a-26.dat	upx
behavioral2/files/0x000700000002341e-39.dat	upx
behavioral2/files/0x000700000002341f-49.dat	upx
behavioral2/files/0x0007000000023421-60.dat	upx
behavioral2/files/0x0007000000023425-67.dat	upx
behavioral2/memory/2804-77-0x00007FF63B030000-0x00007FF63B384000-memory.dmp	upx
behavioral2/files/0x0007000000023427-94.dat	upx
behavioral2/files/0x0007000000023429-100.dat	upx
behavioral2/files/0x0007000000023426-113.dat	upx
behavioral2/files/0x0007000000023432-139.dat	upx
behavioral2/memory/1460-152-0x00007FF631880000-0x00007FF631BD4000-memory.dmp	upx
behavioral2/files/0x0007000000023434-165.dat	upx
behavioral2/memory/4436-168-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp	upx
behavioral2/memory/1348-172-0x00007FF6E8600000-0x00007FF6E8954000-memory.dmp	upx
behavioral2/memory/3080-176-0x00007FF74C230000-0x00007FF74C584000-memory.dmp	upx
behavioral2/files/0x0007000000023437-198.dat	upx
behavioral2/files/0x0007000000023435-190.dat	upx
behavioral2/files/0x0007000000023436-189.dat	upx
behavioral2/memory/800-181-0x00007FF665710000-0x00007FF665A64000-memory.dmp	upx
behavioral2/memory/4732-180-0x00007FF617630000-0x00007FF617984000-memory.dmp	upx
behavioral2/memory/1916-179-0x00007FF6B6B40000-0x00007FF6B6E94000-memory.dmp	upx
behavioral2/memory/1212-178-0x00007FF7562F0000-0x00007FF756644000-memory.dmp	upx
behavioral2/memory/2300-177-0x00007FF7B8FE0000-0x00007FF7B9334000-memory.dmp	upx
behavioral2/memory/4696-175-0x00007FF7FA480000-0x00007FF7FA7D4000-memory.dmp	upx
behavioral2/memory/4716-174-0x00007FF7AB030000-0x00007FF7AB384000-memory.dmp	upx
behavioral2/memory/2420-173-0x00007FF6A0F10000-0x00007FF6A1264000-memory.dmp	upx
behavioral2/memory/4060-171-0x00007FF6A17D0000-0x00007FF6A1B24000-memory.dmp	upx
behavioral2/memory/3148-170-0x00007FF6F2910000-0x00007FF6F2C64000-memory.dmp	upx
behavioral2/memory/2876-169-0x00007FF724390000-0x00007FF7246E4000-memory.dmp	upx
behavioral2/memory/2524-167-0x00007FF6E4810000-0x00007FF6E4B64000-memory.dmp	upx
behavioral2/memory/2324-164-0x00007FF61FFE0000-0x00007FF620334000-memory.dmp	upx
behavioral2/memory/4224-163-0x00007FF6E1270000-0x00007FF6E15C4000-memory.dmp	upx
behavioral2/files/0x0007000000023433-161.dat	upx
behavioral2/files/0x0007000000023431-157.dat	upx
behavioral2/files/0x0007000000023430-155.dat	upx
behavioral2/files/0x0009000000023416-153.dat	upx
behavioral2/files/0x000700000002342f-150.dat	upx
behavioral2/files/0x000700000002342e-148.dat	upx
behavioral2/files/0x000700000002342d-145.dat	upx
behavioral2/files/0x000700000002342c-143.dat	upx
behavioral2/memory/4620-142-0x00007FF7F4F50000-0x00007FF7F52A4000-memory.dmp	upx
behavioral2/files/0x000700000002342b-137.dat	upx
behavioral2/files/0x000700000002342a-133.dat	upx
behavioral2/files/0x0007000000023428-125.dat	upx
behavioral2/memory/5028-121-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp	upx
behavioral2/memory/400-104-0x00007FF768470000-0x00007FF7687C4000-memory.dmp	upx
behavioral2/memory/4840-88-0x00007FF60C310000-0x00007FF60C664000-memory.dmp	upx
behavioral2/files/0x0007000000023423-78.dat	upx
behavioral2/files/0x0007000000023424-73.dat	upx
behavioral2/files/0x0007000000023422-71.dat	upx
behavioral2/memory/4780-68-0x00007FF786A00000-0x00007FF786D54000-memory.dmp	upx
behavioral2/memory/2388-65-0x00007FF63BFE0000-0x00007FF63C334000-memory.dmp	upx
behavioral2/memory/1184-56-0x00007FF7DFB60000-0x00007FF7DFEB4000-memory.dmp	upx
behavioral2/files/0x0007000000023420-53.dat	upx
behavioral2/files/0x000700000002341d-34.dat	upx
behavioral2/files/0x000700000002341c-32.dat	upx
behavioral2/memory/1912-25-0x00007FF7158C0000-0x00007FF715C14000-memory.dmp	upx
behavioral2/memory/2372-23-0x00007FF7DA690000-0x00007FF7DA9E4000-memory.dmp	upx
behavioral2/files/0x000700000002341b-20.dat	upx
behavioral2/memory/4468-13-0x00007FF6D5540000-0x00007FF6D5894000-memory.dmp	upx
behavioral2/memory/2372-2089-0x00007FF7DA690000-0x00007FF7DA9E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CWVXzrN.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\GxehfyL.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\XDViTmE.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\gKUnkkJ.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\LnwwcsI.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\qCuCSPM.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\nXMnbsT.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\pfuQvvh.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\jwNnrBp.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\QBExfmr.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\DLGviCy.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\bYZwsNC.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\LwYxwVn.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\nSSXxmx.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\yzPwbLA.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\AkgcIyn.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\zDXqleH.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\JooOERP.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\xDGLPkL.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\ugRDOHF.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\GRfFALm.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\wTpDvYG.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\rIRuHuW.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\rEgRihB.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\SUMkhaa.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\dWrCWpC.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\ZzAHzXM.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\dtXwQZA.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\NSbtsrM.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\jDIZpoY.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\PenxANO.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\FVeXXkb.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\PeteLYc.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\HOFmmTR.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\GqZOlUi.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\xPIOPID.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\svRGQif.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\ZLTXEvH.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\ZWhaYCN.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\eXWgUqs.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\tWguuhm.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\VXeNNvp.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\HxJrBPN.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\ZbVSoqD.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\ZdWWqOq.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\APGfCFX.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\PqfKbLa.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\GZeGfzV.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\vDisxej.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\ggSDpuc.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\yRoPCmu.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\zkASpLZ.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\CaomGXO.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\EjLqezc.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\bSVWkJT.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\RvPRfZu.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\ZBRTiOA.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\FPmQODq.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\yPUDdMS.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\VLayREZ.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\LkEwLLa.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\bKJNuGn.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\LrroaMj.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
File created	C:\Windows\System\EpMUxmk.exe	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7264	dwm.exe
Token: SeChangeNotifyPrivilege	7264	dwm.exe
Token: 33	7264	dwm.exe
Token: SeIncBasePriorityPrivilege	7264	dwm.exe
Token: SeShutdownPrivilege	7264	dwm.exe
Token: SeCreatePagefilePrivilege	7264	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 4468	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	83
PID 1804 wrote to memory of 4468	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	83
PID 1804 wrote to memory of 2372	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	84
PID 1804 wrote to memory of 2372	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	84
PID 1804 wrote to memory of 1184	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	85
PID 1804 wrote to memory of 1184	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	85
PID 1804 wrote to memory of 1912	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	86
PID 1804 wrote to memory of 1912	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	86
PID 1804 wrote to memory of 3080	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	87
PID 1804 wrote to memory of 3080	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	87
PID 1804 wrote to memory of 2388	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	88
PID 1804 wrote to memory of 2388	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	88
PID 1804 wrote to memory of 4780	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	89
PID 1804 wrote to memory of 4780	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	89
PID 1804 wrote to memory of 2804	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	90
PID 1804 wrote to memory of 2804	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	90
PID 1804 wrote to memory of 4840	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	91
PID 1804 wrote to memory of 4840	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	91
PID 1804 wrote to memory of 2300	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	92
PID 1804 wrote to memory of 2300	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	92
PID 1804 wrote to memory of 400	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	93
PID 1804 wrote to memory of 400	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	93
PID 1804 wrote to memory of 5028	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	94
PID 1804 wrote to memory of 5028	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	94
PID 1804 wrote to memory of 1212	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	95
PID 1804 wrote to memory of 1212	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	95
PID 1804 wrote to memory of 4620	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	96
PID 1804 wrote to memory of 4620	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	96
PID 1804 wrote to memory of 1916	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	97
PID 1804 wrote to memory of 1916	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	97
PID 1804 wrote to memory of 1460	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	98
PID 1804 wrote to memory of 1460	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	98
PID 1804 wrote to memory of 4224	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	99
PID 1804 wrote to memory of 4224	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	99
PID 1804 wrote to memory of 2324	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	100
PID 1804 wrote to memory of 2324	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	100
PID 1804 wrote to memory of 2524	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	101
PID 1804 wrote to memory of 2524	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	101
PID 1804 wrote to memory of 4436	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	102
PID 1804 wrote to memory of 4436	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	102
PID 1804 wrote to memory of 4732	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	103
PID 1804 wrote to memory of 4732	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	103
PID 1804 wrote to memory of 2876	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	104
PID 1804 wrote to memory of 2876	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	104
PID 1804 wrote to memory of 3148	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	105
PID 1804 wrote to memory of 3148	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	105
PID 1804 wrote to memory of 4060	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	106
PID 1804 wrote to memory of 4060	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	106
PID 1804 wrote to memory of 800	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	107
PID 1804 wrote to memory of 800	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	107
PID 1804 wrote to memory of 1348	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	108
PID 1804 wrote to memory of 1348	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	108
PID 1804 wrote to memory of 2420	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	109
PID 1804 wrote to memory of 2420	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	109
PID 1804 wrote to memory of 4716	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	110
PID 1804 wrote to memory of 4716	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	110
PID 1804 wrote to memory of 4696	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	111
PID 1804 wrote to memory of 4696	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	111
PID 1804 wrote to memory of 668	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	112
PID 1804 wrote to memory of 668	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	112
PID 1804 wrote to memory of 3096	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	113
PID 1804 wrote to memory of 3096	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	113
PID 1804 wrote to memory of 4496	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	114
PID 1804 wrote to memory of 4496	1804	5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5c179a1a8faf08f5ca0ce812c57fd370_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\System\UbExECY.exe
  C:\Windows\System\UbExECY.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\yAMBAyv.exe
  C:\Windows\System\yAMBAyv.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\EpMUxmk.exe
  C:\Windows\System\EpMUxmk.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\dCegjrD.exe
  C:\Windows\System\dCegjrD.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\CaomGXO.exe
  C:\Windows\System\CaomGXO.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\MVaLPpk.exe
  C:\Windows\System\MVaLPpk.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\xHqBrsM.exe
  C:\Windows\System\xHqBrsM.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\SoVdjzj.exe
  C:\Windows\System\SoVdjzj.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ypIsNDj.exe
  C:\Windows\System\ypIsNDj.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\gUnjDeQ.exe
  C:\Windows\System\gUnjDeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\kuemchO.exe
  C:\Windows\System\kuemchO.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\cdkQyqf.exe
  C:\Windows\System\cdkQyqf.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\LLeilSo.exe
  C:\Windows\System\LLeilSo.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\rgOTmpi.exe
  C:\Windows\System\rgOTmpi.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\jRAIjhD.exe
  C:\Windows\System\jRAIjhD.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\FbsYpPD.exe
  C:\Windows\System\FbsYpPD.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\guCYnZw.exe
  C:\Windows\System\guCYnZw.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\GZeGfzV.exe
  C:\Windows\System\GZeGfzV.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\aQXxJVM.exe
  C:\Windows\System\aQXxJVM.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\XQMXxAk.exe
  C:\Windows\System\XQMXxAk.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\vDisxej.exe
  C:\Windows\System\vDisxej.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\KZhbRwY.exe
  C:\Windows\System\KZhbRwY.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\xddDTQj.exe
  C:\Windows\System\xddDTQj.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\zjVXQZB.exe
  C:\Windows\System\zjVXQZB.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\UTutgBd.exe
  C:\Windows\System\UTutgBd.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\IMgJScK.exe
  C:\Windows\System\IMgJScK.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\wRPjIoT.exe
  C:\Windows\System\wRPjIoT.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\gpAKGfj.exe
  C:\Windows\System\gpAKGfj.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\hJwdjtg.exe
  C:\Windows\System\hJwdjtg.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\LSkidKY.exe
  C:\Windows\System\LSkidKY.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\HtHSNXd.exe
  C:\Windows\System\HtHSNXd.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\dWrCWpC.exe
  C:\Windows\System\dWrCWpC.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\YQWPuSe.exe
  C:\Windows\System\YQWPuSe.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\xcXqinZ.exe
  C:\Windows\System\xcXqinZ.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\OoriACE.exe
  C:\Windows\System\OoriACE.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\RxJKiNU.exe
  C:\Windows\System\RxJKiNU.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\ugRDOHF.exe
  C:\Windows\System\ugRDOHF.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\zbKyFjq.exe
  C:\Windows\System\zbKyFjq.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\axqtbgY.exe
  C:\Windows\System\axqtbgY.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\INrCIrk.exe
  C:\Windows\System\INrCIrk.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\AhjieNT.exe
  C:\Windows\System\AhjieNT.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\CipxANu.exe
  C:\Windows\System\CipxANu.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\KOMrrtF.exe
  C:\Windows\System\KOMrrtF.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\rUsTNqv.exe
  C:\Windows\System\rUsTNqv.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\MWOAtka.exe
  C:\Windows\System\MWOAtka.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\JEYFxqg.exe
  C:\Windows\System\JEYFxqg.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\UrnbMac.exe
  C:\Windows\System\UrnbMac.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\JWCRcVd.exe
  C:\Windows\System\JWCRcVd.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\nBMavdt.exe
  C:\Windows\System\nBMavdt.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ykxSpeg.exe
  C:\Windows\System\ykxSpeg.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\uAvFozG.exe
  C:\Windows\System\uAvFozG.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\DqULiHS.exe
  C:\Windows\System\DqULiHS.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\adEpNLj.exe
  C:\Windows\System\adEpNLj.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\QigrYye.exe
  C:\Windows\System\QigrYye.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\AWvlLlt.exe
  C:\Windows\System\AWvlLlt.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\CbrkhbD.exe
  C:\Windows\System\CbrkhbD.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\OvafzOi.exe
  C:\Windows\System\OvafzOi.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\YxXCmeQ.exe
  C:\Windows\System\YxXCmeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ssmbbcb.exe
  C:\Windows\System\ssmbbcb.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\jmZhXFb.exe
  C:\Windows\System\jmZhXFb.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\vAZfGZT.exe
  C:\Windows\System\vAZfGZT.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\HEMiHvB.exe
  C:\Windows\System\HEMiHvB.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\bBJtIAS.exe
  C:\Windows\System\bBJtIAS.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\IYvWWkZ.exe
  C:\Windows\System\IYvWWkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\cDRLgPo.exe
  C:\Windows\System\cDRLgPo.exe
  2⤵
  PID:2144
- C:\Windows\System\TsnTxIg.exe
  C:\Windows\System\TsnTxIg.exe
  2⤵
  PID:3948
- C:\Windows\System\HwLFfFS.exe
  C:\Windows\System\HwLFfFS.exe
  2⤵
  PID:1860
- C:\Windows\System\UqMfYYB.exe
  C:\Windows\System\UqMfYYB.exe
  2⤵
  PID:4316
- C:\Windows\System\gHqYYhE.exe
  C:\Windows\System\gHqYYhE.exe
  2⤵
  PID:912
- C:\Windows\System\azRYOqA.exe
  C:\Windows\System\azRYOqA.exe
  2⤵
  PID:2556
- C:\Windows\System\dTojaAf.exe
  C:\Windows\System\dTojaAf.exe
  2⤵
  PID:1364
- C:\Windows\System\LoxOYpV.exe
  C:\Windows\System\LoxOYpV.exe
  2⤵
  PID:560
- C:\Windows\System\TrQAzCi.exe
  C:\Windows\System\TrQAzCi.exe
  2⤵
  PID:2796
- C:\Windows\System\VLayREZ.exe
  C:\Windows\System\VLayREZ.exe
  2⤵
  PID:3276
- C:\Windows\System\UnaMZnt.exe
  C:\Windows\System\UnaMZnt.exe
  2⤵
  PID:2568
- C:\Windows\System\RRAYrmy.exe
  C:\Windows\System\RRAYrmy.exe
  2⤵
  PID:4168
- C:\Windows\System\oKMoFqy.exe
  C:\Windows\System\oKMoFqy.exe
  2⤵
  PID:2004
- C:\Windows\System\crgsAxZ.exe
  C:\Windows\System\crgsAxZ.exe
  2⤵
  PID:5124
- C:\Windows\System\qtfyrKY.exe
  C:\Windows\System\qtfyrKY.exe
  2⤵
  PID:5324
- C:\Windows\System\FvLsHzk.exe
  C:\Windows\System\FvLsHzk.exe
  2⤵
  PID:5340
- C:\Windows\System\YqgGgwx.exe
  C:\Windows\System\YqgGgwx.exe
  2⤵
  PID:5356
- C:\Windows\System\seDadpx.exe
  C:\Windows\System\seDadpx.exe
  2⤵
  PID:5372
- C:\Windows\System\sjlfyKL.exe
  C:\Windows\System\sjlfyKL.exe
  2⤵
  PID:5388
- C:\Windows\System\YJfAZpr.exe
  C:\Windows\System\YJfAZpr.exe
  2⤵
  PID:5404
- C:\Windows\System\JxowPnC.exe
  C:\Windows\System\JxowPnC.exe
  2⤵
  PID:5420
- C:\Windows\System\UzSktzK.exe
  C:\Windows\System\UzSktzK.exe
  2⤵
  PID:5436
- C:\Windows\System\qWeubjR.exe
  C:\Windows\System\qWeubjR.exe
  2⤵
  PID:5452
- C:\Windows\System\toriuAR.exe
  C:\Windows\System\toriuAR.exe
  2⤵
  PID:5468
- C:\Windows\System\WtFuxrP.exe
  C:\Windows\System\WtFuxrP.exe
  2⤵
  PID:5484
- C:\Windows\System\exKbWPL.exe
  C:\Windows\System\exKbWPL.exe
  2⤵
  PID:5500
- C:\Windows\System\OVKVfIS.exe
  C:\Windows\System\OVKVfIS.exe
  2⤵
  PID:5516
- C:\Windows\System\mmGzNSZ.exe
  C:\Windows\System\mmGzNSZ.exe
  2⤵
  PID:5532
- C:\Windows\System\TWMJMCZ.exe
  C:\Windows\System\TWMJMCZ.exe
  2⤵
  PID:5548
- C:\Windows\System\uFEscIG.exe
  C:\Windows\System\uFEscIG.exe
  2⤵
  PID:5776
- C:\Windows\System\yYgIChY.exe
  C:\Windows\System\yYgIChY.exe
  2⤵
  PID:5792
- C:\Windows\System\JqmTtNB.exe
  C:\Windows\System\JqmTtNB.exe
  2⤵
  PID:5808
- C:\Windows\System\mZUaNtf.exe
  C:\Windows\System\mZUaNtf.exe
  2⤵
  PID:5824
- C:\Windows\System\hdYavoZ.exe
  C:\Windows\System\hdYavoZ.exe
  2⤵
  PID:5840
- C:\Windows\System\FpXyGfx.exe
  C:\Windows\System\FpXyGfx.exe
  2⤵
  PID:5856
- C:\Windows\System\qpIOSZE.exe
  C:\Windows\System\qpIOSZE.exe
  2⤵
  PID:5872
- C:\Windows\System\JKLuqZr.exe
  C:\Windows\System\JKLuqZr.exe
  2⤵
  PID:5896
- C:\Windows\System\neGozbk.exe
  C:\Windows\System\neGozbk.exe
  2⤵
  PID:5924
- C:\Windows\System\WsGrLIz.exe
  C:\Windows\System\WsGrLIz.exe
  2⤵
  PID:5960
- C:\Windows\System\sidKOFN.exe
  C:\Windows\System\sidKOFN.exe
  2⤵
  PID:6004
- C:\Windows\System\WGCOihS.exe
  C:\Windows\System\WGCOihS.exe
  2⤵
  PID:6040
- C:\Windows\System\cFskMbc.exe
  C:\Windows\System\cFskMbc.exe
  2⤵
  PID:6084
- C:\Windows\System\kbvVqUG.exe
  C:\Windows\System\kbvVqUG.exe
  2⤵
  PID:6120
- C:\Windows\System\tQDfUdi.exe
  C:\Windows\System\tQDfUdi.exe
  2⤵
  PID:1296
- C:\Windows\System\xfWBavH.exe
  C:\Windows\System\xfWBavH.exe
  2⤵
  PID:1484
- C:\Windows\System\PhpGgFY.exe
  C:\Windows\System\PhpGgFY.exe
  2⤵
  PID:3824
- C:\Windows\System\FsPiTkq.exe
  C:\Windows\System\FsPiTkq.exe
  2⤵
  PID:412
- C:\Windows\System\OlhdIiT.exe
  C:\Windows\System\OlhdIiT.exe
  2⤵
  PID:2360
- C:\Windows\System\ujKSyqI.exe
  C:\Windows\System\ujKSyqI.exe
  2⤵
  PID:4892
- C:\Windows\System\LkEwLLa.exe
  C:\Windows\System\LkEwLLa.exe
  2⤵
  PID:2464
- C:\Windows\System\bFrBuvD.exe
  C:\Windows\System\bFrBuvD.exe
  2⤵
  PID:1984
- C:\Windows\System\mFLFZiu.exe
  C:\Windows\System\mFLFZiu.exe
  2⤵
  PID:5168
- C:\Windows\System\BoPCqJb.exe
  C:\Windows\System\BoPCqJb.exe
  2⤵
  PID:5248
- C:\Windows\System\EgSNToy.exe
  C:\Windows\System\EgSNToy.exe
  2⤵
  PID:5380
- C:\Windows\System\FmOgdwP.exe
  C:\Windows\System\FmOgdwP.exe
  2⤵
  PID:5444
- C:\Windows\System\QyjKoRG.exe
  C:\Windows\System\QyjKoRG.exe
  2⤵
  PID:5512
- C:\Windows\System\QNHLpRE.exe
  C:\Windows\System\QNHLpRE.exe
  2⤵
  PID:5580
- C:\Windows\System\nqBIRmW.exe
  C:\Windows\System\nqBIRmW.exe
  2⤵
  PID:5648
- C:\Windows\System\LwYxwVn.exe
  C:\Windows\System\LwYxwVn.exe
  2⤵
  PID:4088
- C:\Windows\System\iGqNIwN.exe
  C:\Windows\System\iGqNIwN.exe
  2⤵
  PID:4540
- C:\Windows\System\tjWeAdi.exe
  C:\Windows\System\tjWeAdi.exe
  2⤵
  PID:1980
- C:\Windows\System\yGroPaz.exe
  C:\Windows\System\yGroPaz.exe
  2⤵
  PID:3044
- C:\Windows\System\wtXRoUT.exe
  C:\Windows\System\wtXRoUT.exe
  2⤵
  PID:2840
- C:\Windows\System\MBqknEJ.exe
  C:\Windows\System\MBqknEJ.exe
  2⤵
  PID:2552
- C:\Windows\System\UmPsqMH.exe
  C:\Windows\System\UmPsqMH.exe
  2⤵
  PID:5072
- C:\Windows\System\vriyuTX.exe
  C:\Windows\System\vriyuTX.exe
  2⤵
  PID:3608
- C:\Windows\System\hHxoKKO.exe
  C:\Windows\System\hHxoKKO.exe
  2⤵
  PID:1504
- C:\Windows\System\fzZZryP.exe
  C:\Windows\System\fzZZryP.exe
  2⤵
  PID:1396
- C:\Windows\System\dpYILMP.exe
  C:\Windows\System\dpYILMP.exe
  2⤵
  PID:4504
- C:\Windows\System\IDrIwAV.exe
  C:\Windows\System\IDrIwAV.exe
  2⤵
  PID:4356
- C:\Windows\System\KugVLou.exe
  C:\Windows\System\KugVLou.exe
  2⤵
  PID:5784
- C:\Windows\System\rzApvOw.exe
  C:\Windows\System\rzApvOw.exe
  2⤵
  PID:5884
- C:\Windows\System\ggSDpuc.exe
  C:\Windows\System\ggSDpuc.exe
  2⤵
  PID:6028
- C:\Windows\System\sBUVMjo.exe
  C:\Windows\System\sBUVMjo.exe
  2⤵
  PID:6036
- C:\Windows\System\qcxTuUv.exe
  C:\Windows\System\qcxTuUv.exe
  2⤵
  PID:6072
- C:\Windows\System\jwNnrBp.exe
  C:\Windows\System\jwNnrBp.exe
  2⤵
  PID:224
- C:\Windows\System\xlZLKYG.exe
  C:\Windows\System\xlZLKYG.exe
  2⤵
  PID:2896
- C:\Windows\System\LnwwcsI.exe
  C:\Windows\System\LnwwcsI.exe
  2⤵
  PID:1716
- C:\Windows\System\ubxIKSA.exe
  C:\Windows\System\ubxIKSA.exe
  2⤵
  PID:5428
- C:\Windows\System\oaFZXNP.exe
  C:\Windows\System\oaFZXNP.exe
  2⤵
  PID:5544
- C:\Windows\System\cggbjTS.exe
  C:\Windows\System\cggbjTS.exe
  2⤵
  PID:1664
- C:\Windows\System\AsoXnxe.exe
  C:\Windows\System\AsoXnxe.exe
  2⤵
  PID:5676
- C:\Windows\System\wCfWIyb.exe
  C:\Windows\System\wCfWIyb.exe
  2⤵
  PID:216
- C:\Windows\System\Wwfcvms.exe
  C:\Windows\System\Wwfcvms.exe
  2⤵
  PID:2540
- C:\Windows\System\KYfFGrj.exe
  C:\Windows\System\KYfFGrj.exe
  2⤵
  PID:452
- C:\Windows\System\CWVXzrN.exe
  C:\Windows\System\CWVXzrN.exe
  2⤵
  PID:5868
- C:\Windows\System\QBExfmr.exe
  C:\Windows\System\QBExfmr.exe
  2⤵
  PID:5996
- C:\Windows\System\qyPrupb.exe
  C:\Windows\System\qyPrupb.exe
  2⤵
  PID:1528
- C:\Windows\System\ZWhaYCN.exe
  C:\Windows\System\ZWhaYCN.exe
  2⤵
  PID:5352
- C:\Windows\System\bKManAh.exe
  C:\Windows\System\bKManAh.exe
  2⤵
  PID:5240
- C:\Windows\System\KhMLOKK.exe
  C:\Windows\System\KhMLOKK.exe
  2⤵
  PID:5508
- C:\Windows\System\FVeXXkb.exe
  C:\Windows\System\FVeXXkb.exe
  2⤵
  PID:1188
- C:\Windows\System\xnMvSBn.exe
  C:\Windows\System\xnMvSBn.exe
  2⤵
  PID:3604
- C:\Windows\System\FGiGCXM.exe
  C:\Windows\System\FGiGCXM.exe
  2⤵
  PID:6100
- C:\Windows\System\ZNXFxIe.exe
  C:\Windows\System\ZNXFxIe.exe
  2⤵
  PID:4628
- C:\Windows\System\jDhVsnd.exe
  C:\Windows\System\jDhVsnd.exe
  2⤵
  PID:5104
- C:\Windows\System\pJXFbQE.exe
  C:\Windows\System\pJXFbQE.exe
  2⤵
  PID:5864
- C:\Windows\System\NDRXlur.exe
  C:\Windows\System\NDRXlur.exe
  2⤵
  PID:2600
- C:\Windows\System\qmjvtLs.exe
  C:\Windows\System\qmjvtLs.exe
  2⤵
  PID:6172
- C:\Windows\System\DIqiVgj.exe
  C:\Windows\System\DIqiVgj.exe
  2⤵
  PID:6204
- C:\Windows\System\kMorfaH.exe
  C:\Windows\System\kMorfaH.exe
  2⤵
  PID:6244
- C:\Windows\System\YvImFbG.exe
  C:\Windows\System\YvImFbG.exe
  2⤵
  PID:6268
- C:\Windows\System\cpFoewt.exe
  C:\Windows\System\cpFoewt.exe
  2⤵
  PID:6304
- C:\Windows\System\crGPphb.exe
  C:\Windows\System\crGPphb.exe
  2⤵
  PID:6324
- C:\Windows\System\DRTIVxx.exe
  C:\Windows\System\DRTIVxx.exe
  2⤵
  PID:6344
- C:\Windows\System\kDqldQv.exe
  C:\Windows\System\kDqldQv.exe
  2⤵
  PID:6380
- C:\Windows\System\rYWJeWA.exe
  C:\Windows\System\rYWJeWA.exe
  2⤵
  PID:6416
- C:\Windows\System\jFLtZlp.exe
  C:\Windows\System\jFLtZlp.exe
  2⤵
  PID:6436
- C:\Windows\System\lkiDzNq.exe
  C:\Windows\System\lkiDzNq.exe
  2⤵
  PID:6464
- C:\Windows\System\WdMytdX.exe
  C:\Windows\System\WdMytdX.exe
  2⤵
  PID:6500
- C:\Windows\System\TOFFZrx.exe
  C:\Windows\System\TOFFZrx.exe
  2⤵
  PID:6528
- C:\Windows\System\SVLzeBO.exe
  C:\Windows\System\SVLzeBO.exe
  2⤵
  PID:6548
- C:\Windows\System\JKrIJrL.exe
  C:\Windows\System\JKrIJrL.exe
  2⤵
  PID:6572
- C:\Windows\System\HzfEmOC.exe
  C:\Windows\System\HzfEmOC.exe
  2⤵
  PID:6608
- C:\Windows\System\raiCIWC.exe
  C:\Windows\System\raiCIWC.exe
  2⤵
  PID:6636
- C:\Windows\System\yRoPCmu.exe
  C:\Windows\System\yRoPCmu.exe
  2⤵
  PID:6664
- C:\Windows\System\PWJXENt.exe
  C:\Windows\System\PWJXENt.exe
  2⤵
  PID:6684
- C:\Windows\System\hNBydxm.exe
  C:\Windows\System\hNBydxm.exe
  2⤵
  PID:6724
- C:\Windows\System\LUTCdXx.exe
  C:\Windows\System\LUTCdXx.exe
  2⤵
  PID:6752
- C:\Windows\System\MuhJIRe.exe
  C:\Windows\System\MuhJIRe.exe
  2⤵
  PID:6768
- C:\Windows\System\ftCOSsq.exe
  C:\Windows\System\ftCOSsq.exe
  2⤵
  PID:6784
- C:\Windows\System\uzzbsQR.exe
  C:\Windows\System\uzzbsQR.exe
  2⤵
  PID:6816
- C:\Windows\System\NZysyAU.exe
  C:\Windows\System\NZysyAU.exe
  2⤵
  PID:6852
- C:\Windows\System\hkgNHbr.exe
  C:\Windows\System\hkgNHbr.exe
  2⤵
  PID:6892
- C:\Windows\System\iaQmaan.exe
  C:\Windows\System\iaQmaan.exe
  2⤵
  PID:6920
- C:\Windows\System\aDgBWYh.exe
  C:\Windows\System\aDgBWYh.exe
  2⤵
  PID:6948
- C:\Windows\System\KIebyBv.exe
  C:\Windows\System\KIebyBv.exe
  2⤵
  PID:6976
- C:\Windows\System\MaNjsva.exe
  C:\Windows\System\MaNjsva.exe
  2⤵
  PID:7004
- C:\Windows\System\RvPRfZu.exe
  C:\Windows\System\RvPRfZu.exe
  2⤵
  PID:7020
- C:\Windows\System\uvJugFM.exe
  C:\Windows\System\uvJugFM.exe
  2⤵
  PID:7036
- C:\Windows\System\qWWIxhb.exe
  C:\Windows\System\qWWIxhb.exe
  2⤵
  PID:7052
- C:\Windows\System\DbPqNXs.exe
  C:\Windows\System\DbPqNXs.exe
  2⤵
  PID:7076
- C:\Windows\System\pDFpbGg.exe
  C:\Windows\System\pDFpbGg.exe
  2⤵
  PID:7112
- C:\Windows\System\nSSXxmx.exe
  C:\Windows\System\nSSXxmx.exe
  2⤵
  PID:7148
- C:\Windows\System\PeteLYc.exe
  C:\Windows\System\PeteLYc.exe
  2⤵
  PID:4996
- C:\Windows\System\urCENBx.exe
  C:\Windows\System\urCENBx.exe
  2⤵
  PID:6188
- C:\Windows\System\OGhpJOT.exe
  C:\Windows\System\OGhpJOT.exe
  2⤵
  PID:6292
- C:\Windows\System\ljfmXFl.exe
  C:\Windows\System\ljfmXFl.exe
  2⤵
  PID:6352
- C:\Windows\System\jxUrwai.exe
  C:\Windows\System\jxUrwai.exe
  2⤵
  PID:6428
- C:\Windows\System\ldoNOZo.exe
  C:\Windows\System\ldoNOZo.exe
  2⤵
  PID:6516
- C:\Windows\System\EgjAIRz.exe
  C:\Windows\System\EgjAIRz.exe
  2⤵
  PID:6604
- C:\Windows\System\mqNgmQn.exe
  C:\Windows\System\mqNgmQn.exe
  2⤵
  PID:6660
- C:\Windows\System\yzPwbLA.exe
  C:\Windows\System\yzPwbLA.exe
  2⤵
  PID:6704
- C:\Windows\System\dqLjeCo.exe
  C:\Windows\System\dqLjeCo.exe
  2⤵
  PID:6744
- C:\Windows\System\CkFzQGD.exe
  C:\Windows\System\CkFzQGD.exe
  2⤵
  PID:6824
- C:\Windows\System\QOVlGAJ.exe
  C:\Windows\System\QOVlGAJ.exe
  2⤵
  PID:6876
- C:\Windows\System\QdYWSrR.exe
  C:\Windows\System\QdYWSrR.exe
  2⤵
  PID:6960
- C:\Windows\System\cesDPQK.exe
  C:\Windows\System\cesDPQK.exe
  2⤵
  PID:7028
- C:\Windows\System\ZftzWMJ.exe
  C:\Windows\System\ZftzWMJ.exe
  2⤵
  PID:7064
- C:\Windows\System\yAFKsHr.exe
  C:\Windows\System\yAFKsHr.exe
  2⤵
  PID:7072
- C:\Windows\System\XKHesVk.exe
  C:\Windows\System\XKHesVk.exe
  2⤵
  PID:6264
- C:\Windows\System\RfwxqJP.exe
  C:\Windows\System\RfwxqJP.exe
  2⤵
  PID:6332
- C:\Windows\System\ctHRqte.exe
  C:\Windows\System\ctHRqte.exe
  2⤵
  PID:6580
- C:\Windows\System\XcFqEHh.exe
  C:\Windows\System\XcFqEHh.exe
  2⤵
  PID:6696
- C:\Windows\System\gWOOHiJ.exe
  C:\Windows\System\gWOOHiJ.exe
  2⤵
  PID:6840
- C:\Windows\System\BCoirbh.exe
  C:\Windows\System\BCoirbh.exe
  2⤵
  PID:6940
- C:\Windows\System\kQblMSv.exe
  C:\Windows\System\kQblMSv.exe
  2⤵
  PID:7108
- C:\Windows\System\ZdWWqOq.exe
  C:\Windows\System\ZdWWqOq.exe
  2⤵
  PID:6192
- C:\Windows\System\ilHBTDc.exe
  C:\Windows\System\ilHBTDc.exe
  2⤵
  PID:6648
- C:\Windows\System\AkgcIyn.exe
  C:\Windows\System\AkgcIyn.exe
  2⤵
  PID:2836
- C:\Windows\System\ZzAHzXM.exe
  C:\Windows\System\ZzAHzXM.exe
  2⤵
  PID:6252
- C:\Windows\System\PAdKLTe.exe
  C:\Windows\System\PAdKLTe.exe
  2⤵
  PID:3252
- C:\Windows\System\mriJJRE.exe
  C:\Windows\System\mriJJRE.exe
  2⤵
  PID:7208
- C:\Windows\System\ypxwKzT.exe
  C:\Windows\System\ypxwKzT.exe
  2⤵
  PID:7232
- C:\Windows\System\QmRQdZZ.exe
  C:\Windows\System\QmRQdZZ.exe
  2⤵
  PID:7280
- C:\Windows\System\tvgKlGI.exe
  C:\Windows\System\tvgKlGI.exe
  2⤵
  PID:7312
- C:\Windows\System\dRFNTMb.exe
  C:\Windows\System\dRFNTMb.exe
  2⤵
  PID:7332
- C:\Windows\System\iJOlkyf.exe
  C:\Windows\System\iJOlkyf.exe
  2⤵
  PID:7364
- C:\Windows\System\KnpOSdT.exe
  C:\Windows\System\KnpOSdT.exe
  2⤵
  PID:7396
- C:\Windows\System\HOFmmTR.exe
  C:\Windows\System\HOFmmTR.exe
  2⤵
  PID:7420
- C:\Windows\System\uOFhuRs.exe
  C:\Windows\System\uOFhuRs.exe
  2⤵
  PID:7468
- C:\Windows\System\pRFflVr.exe
  C:\Windows\System\pRFflVr.exe
  2⤵
  PID:7488
- C:\Windows\System\jddaBQK.exe
  C:\Windows\System\jddaBQK.exe
  2⤵
  PID:7504
- C:\Windows\System\hjMOxwl.exe
  C:\Windows\System\hjMOxwl.exe
  2⤵
  PID:7540
- C:\Windows\System\OrcjquD.exe
  C:\Windows\System\OrcjquD.exe
  2⤵
  PID:7572
- C:\Windows\System\UBJZQXc.exe
  C:\Windows\System\UBJZQXc.exe
  2⤵
  PID:7600
- C:\Windows\System\ETtSqEl.exe
  C:\Windows\System\ETtSqEl.exe
  2⤵
  PID:7616
- C:\Windows\System\mrppVXw.exe
  C:\Windows\System\mrppVXw.exe
  2⤵
  PID:7656
- C:\Windows\System\OfyZLSf.exe
  C:\Windows\System\OfyZLSf.exe
  2⤵
  PID:7684
- C:\Windows\System\GjCzatp.exe
  C:\Windows\System\GjCzatp.exe
  2⤵
  PID:7700
- C:\Windows\System\EJfOqoY.exe
  C:\Windows\System\EJfOqoY.exe
  2⤵
  PID:7740
- C:\Windows\System\PMefSjW.exe
  C:\Windows\System\PMefSjW.exe
  2⤵
  PID:7776
- C:\Windows\System\yAxDEWW.exe
  C:\Windows\System\yAxDEWW.exe
  2⤵
  PID:7796
- C:\Windows\System\qaISAEV.exe
  C:\Windows\System\qaISAEV.exe
  2⤵
  PID:7812
- C:\Windows\System\bDfFBnj.exe
  C:\Windows\System\bDfFBnj.exe
  2⤵
  PID:7828
- C:\Windows\System\iREUkAG.exe
  C:\Windows\System\iREUkAG.exe
  2⤵
  PID:7868
- C:\Windows\System\dtXwQZA.exe
  C:\Windows\System\dtXwQZA.exe
  2⤵
  PID:7916
- C:\Windows\System\YARwUFh.exe
  C:\Windows\System\YARwUFh.exe
  2⤵
  PID:7936
- C:\Windows\System\NpJotGS.exe
  C:\Windows\System\NpJotGS.exe
  2⤵
  PID:7968
- C:\Windows\System\GRfFALm.exe
  C:\Windows\System\GRfFALm.exe
  2⤵
  PID:7992
- C:\Windows\System\Jkvdven.exe
  C:\Windows\System\Jkvdven.exe
  2⤵
  PID:8020
- C:\Windows\System\eTrCOst.exe
  C:\Windows\System\eTrCOst.exe
  2⤵
  PID:8048
- C:\Windows\System\bedobOc.exe
  C:\Windows\System\bedobOc.exe
  2⤵
  PID:8076
- C:\Windows\System\PnrnWke.exe
  C:\Windows\System\PnrnWke.exe
  2⤵
  PID:8104
- C:\Windows\System\BNHtFCj.exe
  C:\Windows\System\BNHtFCj.exe
  2⤵
  PID:8120
- C:\Windows\System\ftTiesy.exe
  C:\Windows\System\ftTiesy.exe
  2⤵
  PID:8148
- C:\Windows\System\fteznGr.exe
  C:\Windows\System\fteznGr.exe
  2⤵
  PID:8184
- C:\Windows\System\neqpQMM.exe
  C:\Windows\System\neqpQMM.exe
  2⤵
  PID:2940
- C:\Windows\System\xRoiSwC.exe
  C:\Windows\System\xRoiSwC.exe
  2⤵
  PID:7272
- C:\Windows\System\XLRxNio.exe
  C:\Windows\System\XLRxNio.exe
  2⤵
  PID:7328
- C:\Windows\System\FXeycWt.exe
  C:\Windows\System\FXeycWt.exe
  2⤵
  PID:7392
- C:\Windows\System\aiAkTtD.exe
  C:\Windows\System\aiAkTtD.exe
  2⤵
  PID:7484
- C:\Windows\System\DOiQPPq.exe
  C:\Windows\System\DOiQPPq.exe
  2⤵
  PID:7596
- C:\Windows\System\wTpDvYG.exe
  C:\Windows\System\wTpDvYG.exe
  2⤵
  PID:7612
- C:\Windows\System\ynEtavC.exe
  C:\Windows\System\ynEtavC.exe
  2⤵
  PID:7692
- C:\Windows\System\xXoTMnR.exe
  C:\Windows\System\xXoTMnR.exe
  2⤵
  PID:7768
- C:\Windows\System\jZIUjcY.exe
  C:\Windows\System\jZIUjcY.exe
  2⤵
  PID:7852
- C:\Windows\System\BesiDku.exe
  C:\Windows\System\BesiDku.exe
  2⤵
  PID:7932
- C:\Windows\System\UjASxej.exe
  C:\Windows\System\UjASxej.exe
  2⤵
  PID:8040
- C:\Windows\System\aQdgOgy.exe
  C:\Windows\System\aQdgOgy.exe
  2⤵
  PID:3644
- C:\Windows\System\BsibJzU.exe
  C:\Windows\System\BsibJzU.exe
  2⤵
  PID:8112
- C:\Windows\System\KxLtTJL.exe
  C:\Windows\System\KxLtTJL.exe
  2⤵
  PID:6460
- C:\Windows\System\juDHOIZ.exe
  C:\Windows\System\juDHOIZ.exe
  2⤵
  PID:7456
- C:\Windows\System\ZofQkbY.exe
  C:\Windows\System\ZofQkbY.exe
  2⤵
  PID:7788
- C:\Windows\System\WtlLVlJ.exe
  C:\Windows\System\WtlLVlJ.exe
  2⤵
  PID:7892
- C:\Windows\System\TVUwnCw.exe
  C:\Windows\System\TVUwnCw.exe
  2⤵
  PID:8072
- C:\Windows\System\UyOTShj.exe
  C:\Windows\System\UyOTShj.exe
  2⤵
  PID:7564
- C:\Windows\System\AxGjWgv.exe
  C:\Windows\System\AxGjWgv.exe
  2⤵
  PID:4172
- C:\Windows\System\SmDfTwd.exe
  C:\Windows\System\SmDfTwd.exe
  2⤵
  PID:7820
- C:\Windows\System\VKrpmuS.exe
  C:\Windows\System\VKrpmuS.exe
  2⤵
  PID:8228
- C:\Windows\System\HlKlzBs.exe
  C:\Windows\System\HlKlzBs.exe
  2⤵
  PID:8244
- C:\Windows\System\uqbidcj.exe
  C:\Windows\System\uqbidcj.exe
  2⤵
  PID:8280
- C:\Windows\System\jKocvyy.exe
  C:\Windows\System\jKocvyy.exe
  2⤵
  PID:8308
- C:\Windows\System\HNDREgf.exe
  C:\Windows\System\HNDREgf.exe
  2⤵
  PID:8336
- C:\Windows\System\pnGAOXE.exe
  C:\Windows\System\pnGAOXE.exe
  2⤵
  PID:8376
- C:\Windows\System\bKJNuGn.exe
  C:\Windows\System\bKJNuGn.exe
  2⤵
  PID:8408
- C:\Windows\System\kghtVBm.exe
  C:\Windows\System\kghtVBm.exe
  2⤵
  PID:8452
- C:\Windows\System\YMxyOzN.exe
  C:\Windows\System\YMxyOzN.exe
  2⤵
  PID:8492
- C:\Windows\System\EUyvcqR.exe
  C:\Windows\System\EUyvcqR.exe
  2⤵
  PID:8508
- C:\Windows\System\rIRuHuW.exe
  C:\Windows\System\rIRuHuW.exe
  2⤵
  PID:8524
- C:\Windows\System\LKTcsgZ.exe
  C:\Windows\System\LKTcsgZ.exe
  2⤵
  PID:8552
- C:\Windows\System\eXWgUqs.exe
  C:\Windows\System\eXWgUqs.exe
  2⤵
  PID:8584
- C:\Windows\System\ZmZDaqd.exe
  C:\Windows\System\ZmZDaqd.exe
  2⤵
  PID:8620
- C:\Windows\System\JgWkxgs.exe
  C:\Windows\System\JgWkxgs.exe
  2⤵
  PID:8660
- C:\Windows\System\DDjvzTZ.exe
  C:\Windows\System\DDjvzTZ.exe
  2⤵
  PID:8692
- C:\Windows\System\wnAUYkN.exe
  C:\Windows\System\wnAUYkN.exe
  2⤵
  PID:8708
- C:\Windows\System\MKQirmQ.exe
  C:\Windows\System\MKQirmQ.exe
  2⤵
  PID:8724
- C:\Windows\System\NvNYjEz.exe
  C:\Windows\System\NvNYjEz.exe
  2⤵
  PID:8740
- C:\Windows\System\JXVQhFs.exe
  C:\Windows\System\JXVQhFs.exe
  2⤵
  PID:8768
- C:\Windows\System\GxehfyL.exe
  C:\Windows\System\GxehfyL.exe
  2⤵
  PID:8804
- C:\Windows\System\VLhzpWn.exe
  C:\Windows\System\VLhzpWn.exe
  2⤵
  PID:8824
- C:\Windows\System\zDXqleH.exe
  C:\Windows\System\zDXqleH.exe
  2⤵
  PID:8840
- C:\Windows\System\rEgRihB.exe
  C:\Windows\System\rEgRihB.exe
  2⤵
  PID:8856
- C:\Windows\System\foePhxH.exe
  C:\Windows\System\foePhxH.exe
  2⤵
  PID:8888
- C:\Windows\System\zoMiksl.exe
  C:\Windows\System\zoMiksl.exe
  2⤵
  PID:8904
- C:\Windows\System\FRNCVZF.exe
  C:\Windows\System\FRNCVZF.exe
  2⤵
  PID:8936
- C:\Windows\System\mGpbmJu.exe
  C:\Windows\System\mGpbmJu.exe
  2⤵
  PID:8968
- C:\Windows\System\waCrVMF.exe
  C:\Windows\System\waCrVMF.exe
  2⤵
  PID:9004
- C:\Windows\System\XDViTmE.exe
  C:\Windows\System\XDViTmE.exe
  2⤵
  PID:9028
- C:\Windows\System\VqAqEzg.exe
  C:\Windows\System\VqAqEzg.exe
  2⤵
  PID:9072
- C:\Windows\System\DFMtIQZ.exe
  C:\Windows\System\DFMtIQZ.exe
  2⤵
  PID:9120
- C:\Windows\System\tDXtVIC.exe
  C:\Windows\System\tDXtVIC.exe
  2⤵
  PID:9156
- C:\Windows\System\nAqGcAm.exe
  C:\Windows\System\nAqGcAm.exe
  2⤵
  PID:9180
- C:\Windows\System\bxnYwmb.exe
  C:\Windows\System\bxnYwmb.exe
  2⤵
  PID:9208
- C:\Windows\System\EDWejXC.exe
  C:\Windows\System\EDWejXC.exe
  2⤵
  PID:8256
- C:\Windows\System\HMmrpHN.exe
  C:\Windows\System\HMmrpHN.exe
  2⤵
  PID:8400
- C:\Windows\System\yPUDdMS.exe
  C:\Windows\System\yPUDdMS.exe
  2⤵
  PID:8440
- C:\Windows\System\XvVVKeK.exe
  C:\Windows\System\XvVVKeK.exe
  2⤵
  PID:8520
- C:\Windows\System\DkYXNhX.exe
  C:\Windows\System\DkYXNhX.exe
  2⤵
  PID:8612
- C:\Windows\System\dpgNtmK.exe
  C:\Windows\System\dpgNtmK.exe
  2⤵
  PID:8688
- C:\Windows\System\szCfkwb.exe
  C:\Windows\System\szCfkwb.exe
  2⤵
  PID:8732
- C:\Windows\System\DFYOeyU.exe
  C:\Windows\System\DFYOeyU.exe
  2⤵
  PID:8780
- C:\Windows\System\YxUhklU.exe
  C:\Windows\System\YxUhklU.exe
  2⤵
  PID:8820
- C:\Windows\System\rmavVhk.exe
  C:\Windows\System\rmavVhk.exe
  2⤵
  PID:8952
- C:\Windows\System\UdZbJvy.exe
  C:\Windows\System\UdZbJvy.exe
  2⤵
  PID:8948
- C:\Windows\System\hVaXMHb.exe
  C:\Windows\System\hVaXMHb.exe
  2⤵
  PID:9052
- C:\Windows\System\BAEPqKd.exe
  C:\Windows\System\BAEPqKd.exe
  2⤵
  PID:9136
- C:\Windows\System\jZrvHgI.exe
  C:\Windows\System\jZrvHgI.exe
  2⤵
  PID:8216
- C:\Windows\System\eyQkkEr.exe
  C:\Windows\System\eyQkkEr.exe
  2⤵
  PID:8420
- C:\Windows\System\ZSEFkvj.exe
  C:\Windows\System\ZSEFkvj.exe
  2⤵
  PID:8608
- C:\Windows\System\opRiNJv.exe
  C:\Windows\System\opRiNJv.exe
  2⤵
  PID:8992
- C:\Windows\System\jOpWclK.exe
  C:\Windows\System\jOpWclK.exe
  2⤵
  PID:9040
- C:\Windows\System\avJFkdD.exe
  C:\Windows\System\avJFkdD.exe
  2⤵
  PID:9192
- C:\Windows\System\iBgQGiQ.exe
  C:\Windows\System\iBgQGiQ.exe
  2⤵
  PID:8700
- C:\Windows\System\KsaaFRm.exe
  C:\Windows\System\KsaaFRm.exe
  2⤵
  PID:8796
- C:\Windows\System\evEyhrL.exe
  C:\Windows\System\evEyhrL.exe
  2⤵
  PID:8876
- C:\Windows\System\vJcHPtP.exe
  C:\Windows\System\vJcHPtP.exe
  2⤵
  PID:3500
- C:\Windows\System\GauxTPV.exe
  C:\Windows\System\GauxTPV.exe
  2⤵
  PID:9256
- C:\Windows\System\qaDrkYZ.exe
  C:\Windows\System\qaDrkYZ.exe
  2⤵
  PID:9292
- C:\Windows\System\EXAgQmv.exe
  C:\Windows\System\EXAgQmv.exe
  2⤵
  PID:9320
- C:\Windows\System\QFXoxMg.exe
  C:\Windows\System\QFXoxMg.exe
  2⤵
  PID:9336
- C:\Windows\System\VnStNsW.exe
  C:\Windows\System\VnStNsW.exe
  2⤵
  PID:9376
- C:\Windows\System\yPQxZkH.exe
  C:\Windows\System\yPQxZkH.exe
  2⤵
  PID:9404
- C:\Windows\System\JooOERP.exe
  C:\Windows\System\JooOERP.exe
  2⤵
  PID:9432
- C:\Windows\System\MHguPWz.exe
  C:\Windows\System\MHguPWz.exe
  2⤵
  PID:9460
- C:\Windows\System\PiaUKHk.exe
  C:\Windows\System\PiaUKHk.exe
  2⤵
  PID:9488
- C:\Windows\System\AiYfydz.exe
  C:\Windows\System\AiYfydz.exe
  2⤵
  PID:9516
- C:\Windows\System\hOZqJoo.exe
  C:\Windows\System\hOZqJoo.exe
  2⤵
  PID:9532
- C:\Windows\System\SxGZYuY.exe
  C:\Windows\System\SxGZYuY.exe
  2⤵
  PID:9568
- C:\Windows\System\KkVOePe.exe
  C:\Windows\System\KkVOePe.exe
  2⤵
  PID:9600
- C:\Windows\System\lFIWCcq.exe
  C:\Windows\System\lFIWCcq.exe
  2⤵
  PID:9628
- C:\Windows\System\MpXDRmg.exe
  C:\Windows\System\MpXDRmg.exe
  2⤵
  PID:9648
- C:\Windows\System\aeufLRu.exe
  C:\Windows\System\aeufLRu.exe
  2⤵
  PID:9684
- C:\Windows\System\ysQFMDj.exe
  C:\Windows\System\ysQFMDj.exe
  2⤵
  PID:9712
- C:\Windows\System\yeGHeBj.exe
  C:\Windows\System\yeGHeBj.exe
  2⤵
  PID:9740
- C:\Windows\System\dNGwEVA.exe
  C:\Windows\System\dNGwEVA.exe
  2⤵
  PID:9768
- C:\Windows\System\goTXBCi.exe
  C:\Windows\System\goTXBCi.exe
  2⤵
  PID:9796
- C:\Windows\System\VnoYYXY.exe
  C:\Windows\System\VnoYYXY.exe
  2⤵
  PID:9824
- C:\Windows\System\WhRWRLs.exe
  C:\Windows\System\WhRWRLs.exe
  2⤵
  PID:9852
- C:\Windows\System\MnpYhYb.exe
  C:\Windows\System\MnpYhYb.exe
  2⤵
  PID:9868
- C:\Windows\System\APGfCFX.exe
  C:\Windows\System\APGfCFX.exe
  2⤵
  PID:9908
- C:\Windows\System\aJhhBkN.exe
  C:\Windows\System\aJhhBkN.exe
  2⤵
  PID:9924
- C:\Windows\System\sMExDUR.exe
  C:\Windows\System\sMExDUR.exe
  2⤵
  PID:9960
- C:\Windows\System\FdXBmUz.exe
  C:\Windows\System\FdXBmUz.exe
  2⤵
  PID:9980
- C:\Windows\System\uQHrMHx.exe
  C:\Windows\System\uQHrMHx.exe
  2⤵
  PID:10012
- C:\Windows\System\LrlxOAF.exe
  C:\Windows\System\LrlxOAF.exe
  2⤵
  PID:10048
- C:\Windows\System\aGLaqCd.exe
  C:\Windows\System\aGLaqCd.exe
  2⤵
  PID:10076
- C:\Windows\System\tGoGSsa.exe
  C:\Windows\System\tGoGSsa.exe
  2⤵
  PID:10108
- C:\Windows\System\ljdTHzH.exe
  C:\Windows\System\ljdTHzH.exe
  2⤵
  PID:10136
- C:\Windows\System\oAxVCgA.exe
  C:\Windows\System\oAxVCgA.exe
  2⤵
  PID:10168
- C:\Windows\System\qyTmCpj.exe
  C:\Windows\System\qyTmCpj.exe
  2⤵
  PID:10196
- C:\Windows\System\PqfKbLa.exe
  C:\Windows\System\PqfKbLa.exe
  2⤵
  PID:10224
- C:\Windows\System\klZPvOQ.exe
  C:\Windows\System\klZPvOQ.exe
  2⤵
  PID:9248
- C:\Windows\System\joUpFbI.exe
  C:\Windows\System\joUpFbI.exe
  2⤵
  PID:9312
- C:\Windows\System\FaNHHND.exe
  C:\Windows\System\FaNHHND.exe
  2⤵
  PID:9348
- C:\Windows\System\GMWOTvS.exe
  C:\Windows\System\GMWOTvS.exe
  2⤵
  PID:9416
- C:\Windows\System\vQCBUZM.exe
  C:\Windows\System\vQCBUZM.exe
  2⤵
  PID:9480
- C:\Windows\System\hYxejBY.exe
  C:\Windows\System\hYxejBY.exe
  2⤵
  PID:9544
- C:\Windows\System\YkGOywF.exe
  C:\Windows\System\YkGOywF.exe
  2⤵
  PID:9640
- C:\Windows\System\yVzdtIj.exe
  C:\Windows\System\yVzdtIj.exe
  2⤵
  PID:9696
- C:\Windows\System\VeNJCWX.exe
  C:\Windows\System\VeNJCWX.exe
  2⤵
  PID:9764
- C:\Windows\System\KbeMKeT.exe
  C:\Windows\System\KbeMKeT.exe
  2⤵
  PID:9820
- C:\Windows\System\zslyaqW.exe
  C:\Windows\System\zslyaqW.exe
  2⤵
  PID:9864
- C:\Windows\System\iHbcLAf.exe
  C:\Windows\System\iHbcLAf.exe
  2⤵
  PID:9900
- C:\Windows\System\ndiTZVx.exe
  C:\Windows\System\ndiTZVx.exe
  2⤵
  PID:9968
- C:\Windows\System\ItEGeYi.exe
  C:\Windows\System\ItEGeYi.exe
  2⤵
  PID:10032
- C:\Windows\System\fcHPwFB.exe
  C:\Windows\System\fcHPwFB.exe
  2⤵
  PID:10100
- C:\Windows\System\tKAWmei.exe
  C:\Windows\System\tKAWmei.exe
  2⤵
  PID:10160
- C:\Windows\System\cyRedfU.exe
  C:\Windows\System\cyRedfU.exe
  2⤵
  PID:9304
- C:\Windows\System\ezHjNjE.exe
  C:\Windows\System\ezHjNjE.exe
  2⤵
  PID:9508
- C:\Windows\System\qCuCSPM.exe
  C:\Windows\System\qCuCSPM.exe
  2⤵
  PID:9668
- C:\Windows\System\vkvDJge.exe
  C:\Windows\System\vkvDJge.exe
  2⤵
  PID:9848
- C:\Windows\System\RyhETKt.exe
  C:\Windows\System\RyhETKt.exe
  2⤵
  PID:10072
- C:\Windows\System\KDTuGrV.exe
  C:\Windows\System\KDTuGrV.exe
  2⤵
  PID:9372
- C:\Windows\System\eDtgqqa.exe
  C:\Windows\System\eDtgqqa.exe
  2⤵
  PID:9596
- C:\Windows\System\ALqDxzb.exe
  C:\Windows\System\ALqDxzb.exe
  2⤵
  PID:10008
- C:\Windows\System\iOrelJW.exe
  C:\Windows\System\iOrelJW.exe
  2⤵
  PID:10208
- C:\Windows\System\BbwezvI.exe
  C:\Windows\System\BbwezvI.exe
  2⤵
  PID:10264
- C:\Windows\System\dnnBNow.exe
  C:\Windows\System\dnnBNow.exe
  2⤵
  PID:10292
- C:\Windows\System\irKaVpD.exe
  C:\Windows\System\irKaVpD.exe
  2⤵
  PID:10320
- C:\Windows\System\mklFZdG.exe
  C:\Windows\System\mklFZdG.exe
  2⤵
  PID:10348
- C:\Windows\System\TSrdgPW.exe
  C:\Windows\System\TSrdgPW.exe
  2⤵
  PID:10376
- C:\Windows\System\iyIuaPm.exe
  C:\Windows\System\iyIuaPm.exe
  2⤵
  PID:10404
- C:\Windows\System\rFDpSbP.exe
  C:\Windows\System\rFDpSbP.exe
  2⤵
  PID:10432
- C:\Windows\System\tuWkXbU.exe
  C:\Windows\System\tuWkXbU.exe
  2⤵
  PID:10460
- C:\Windows\System\QdqEkRP.exe
  C:\Windows\System\QdqEkRP.exe
  2⤵
  PID:10488
- C:\Windows\System\wzYETzK.exe
  C:\Windows\System\wzYETzK.exe
  2⤵
  PID:10516
- C:\Windows\System\mPyeoYn.exe
  C:\Windows\System\mPyeoYn.exe
  2⤵
  PID:10556
- C:\Windows\System\McTAIFs.exe
  C:\Windows\System\McTAIFs.exe
  2⤵
  PID:10576
- C:\Windows\System\VwLeyec.exe
  C:\Windows\System\VwLeyec.exe
  2⤵
  PID:10604
- C:\Windows\System\vkxUkMw.exe
  C:\Windows\System\vkxUkMw.exe
  2⤵
  PID:10632
- C:\Windows\System\WAKdLjv.exe
  C:\Windows\System\WAKdLjv.exe
  2⤵
  PID:10648
- C:\Windows\System\nxsYEaX.exe
  C:\Windows\System\nxsYEaX.exe
  2⤵
  PID:10672
- C:\Windows\System\EeUEeWe.exe
  C:\Windows\System\EeUEeWe.exe
  2⤵
  PID:10704
- C:\Windows\System\xDGLPkL.exe
  C:\Windows\System\xDGLPkL.exe
  2⤵
  PID:10744
- C:\Windows\System\IAXvyaK.exe
  C:\Windows\System\IAXvyaK.exe
  2⤵
  PID:10776
- C:\Windows\System\TAiYLmU.exe
  C:\Windows\System\TAiYLmU.exe
  2⤵
  PID:10800
- C:\Windows\System\xBUPgDT.exe
  C:\Windows\System\xBUPgDT.exe
  2⤵
  PID:10828
- C:\Windows\System\SYPwslQ.exe
  C:\Windows\System\SYPwslQ.exe
  2⤵
  PID:10860
- C:\Windows\System\DTZqiNA.exe
  C:\Windows\System\DTZqiNA.exe
  2⤵
  PID:10876
- C:\Windows\System\xoCeaWT.exe
  C:\Windows\System\xoCeaWT.exe
  2⤵
  PID:10904
- C:\Windows\System\sClNXcq.exe
  C:\Windows\System\sClNXcq.exe
  2⤵
  PID:10920
- C:\Windows\System\FKiCjJh.exe
  C:\Windows\System\FKiCjJh.exe
  2⤵
  PID:10948
- C:\Windows\System\JicYVok.exe
  C:\Windows\System\JicYVok.exe
  2⤵
  PID:10972
- C:\Windows\System\ONMRJvV.exe
  C:\Windows\System\ONMRJvV.exe
  2⤵
  PID:11012
- C:\Windows\System\bJaSgUC.exe
  C:\Windows\System\bJaSgUC.exe
  2⤵
  PID:11036
- C:\Windows\System\dLQoLnC.exe
  C:\Windows\System\dLQoLnC.exe
  2⤵
  PID:11060
- C:\Windows\System\sWvDWYe.exe
  C:\Windows\System\sWvDWYe.exe
  2⤵
  PID:11100
- C:\Windows\System\LkGqZpO.exe
  C:\Windows\System\LkGqZpO.exe
  2⤵
  PID:11132
- C:\Windows\System\FPCBjPv.exe
  C:\Windows\System\FPCBjPv.exe
  2⤵
  PID:11168
- C:\Windows\System\BHJwqpb.exe
  C:\Windows\System\BHJwqpb.exe
  2⤵
  PID:11196
- C:\Windows\System\TjfTCgA.exe
  C:\Windows\System\TjfTCgA.exe
  2⤵
  PID:11224
- C:\Windows\System\ZbaFnsf.exe
  C:\Windows\System\ZbaFnsf.exe
  2⤵
  PID:11252
- C:\Windows\System\LFXKTCT.exe
  C:\Windows\System\LFXKTCT.exe
  2⤵
  PID:10260
- C:\Windows\System\WIOBZAW.exe
  C:\Windows\System\WIOBZAW.exe
  2⤵
  PID:10344
- C:\Windows\System\GqZOlUi.exe
  C:\Windows\System\GqZOlUi.exe
  2⤵
  PID:10400
- C:\Windows\System\NFDjGVU.exe
  C:\Windows\System\NFDjGVU.exe
  2⤵
  PID:10472
- C:\Windows\System\QWgQHem.exe
  C:\Windows\System\QWgQHem.exe
  2⤵
  PID:10536
- C:\Windows\System\NrqKklT.exe
  C:\Windows\System\NrqKklT.exe
  2⤵
  PID:10596
- C:\Windows\System\zaHmVSe.exe
  C:\Windows\System\zaHmVSe.exe
  2⤵
  PID:10664
- C:\Windows\System\ejmyZPw.exe
  C:\Windows\System\ejmyZPw.exe
  2⤵
  PID:10732
- C:\Windows\System\XhccsIY.exe
  C:\Windows\System\XhccsIY.exe
  2⤵
  PID:10788
- C:\Windows\System\wnsNTRE.exe
  C:\Windows\System\wnsNTRE.exe
  2⤵
  PID:10856
- C:\Windows\System\AKBUtIn.exe
  C:\Windows\System\AKBUtIn.exe
  2⤵
  PID:10916
- C:\Windows\System\EjLqezc.exe
  C:\Windows\System\EjLqezc.exe
  2⤵
  PID:10964
- C:\Windows\System\TTjIOtS.exe
  C:\Windows\System\TTjIOtS.exe
  2⤵
  PID:11052
- C:\Windows\System\eLFmQee.exe
  C:\Windows\System\eLFmQee.exe
  2⤵
  PID:11120
- C:\Windows\System\tzoGICj.exe
  C:\Windows\System\tzoGICj.exe
  2⤵
  PID:11184
- C:\Windows\System\xTSlbng.exe
  C:\Windows\System\xTSlbng.exe
  2⤵
  PID:11220
- C:\Windows\System\qkVuNHl.exe
  C:\Windows\System\qkVuNHl.exe
  2⤵
  PID:10332
- C:\Windows\System\bNmsqOi.exe
  C:\Windows\System\bNmsqOi.exe
  2⤵
  PID:10512
- C:\Windows\System\jTVujZC.exe
  C:\Windows\System\jTVujZC.exe
  2⤵
  PID:10644
- C:\Windows\System\xRDhIEZ.exe
  C:\Windows\System\xRDhIEZ.exe
  2⤵
  PID:10760
- C:\Windows\System\SGYQSNX.exe
  C:\Windows\System\SGYQSNX.exe
  2⤵
  PID:10940
- C:\Windows\System\SnLzXqm.exe
  C:\Windows\System\SnLzXqm.exe
  2⤵
  PID:11048
- C:\Windows\System\opBqKQn.exe
  C:\Windows\System\opBqKQn.exe
  2⤵
  PID:11208
- C:\Windows\System\PxlUnbB.exe
  C:\Windows\System\PxlUnbB.exe
  2⤵
  PID:10312
- C:\Windows\System\UCmevzW.exe
  C:\Windows\System\UCmevzW.exe
  2⤵
  PID:10500
- C:\Windows\System\lMeBqEZ.exe
  C:\Windows\System\lMeBqEZ.exe
  2⤵
  PID:10896
- C:\Windows\System\sbeOvIu.exe
  C:\Windows\System\sbeOvIu.exe
  2⤵
  PID:10444
- C:\Windows\System\SPvzGFN.exe
  C:\Windows\System\SPvzGFN.exe
  2⤵
  PID:11152
- C:\Windows\System\DaTQJyu.exe
  C:\Windows\System\DaTQJyu.exe
  2⤵
  PID:11268
- C:\Windows\System\uWXayDd.exe
  C:\Windows\System\uWXayDd.exe
  2⤵
  PID:11300
- C:\Windows\System\SUeBRSz.exe
  C:\Windows\System\SUeBRSz.exe
  2⤵
  PID:11336
- C:\Windows\System\EzlYTvH.exe
  C:\Windows\System\EzlYTvH.exe
  2⤵
  PID:11372
- C:\Windows\System\FcGwAYm.exe
  C:\Windows\System\FcGwAYm.exe
  2⤵
  PID:11412
- C:\Windows\System\TXOAqzx.exe
  C:\Windows\System\TXOAqzx.exe
  2⤵
  PID:11440
- C:\Windows\System\BXTrMvZ.exe
  C:\Windows\System\BXTrMvZ.exe
  2⤵
  PID:11464
- C:\Windows\System\fWKsHXA.exe
  C:\Windows\System\fWKsHXA.exe
  2⤵
  PID:11496
- C:\Windows\System\Wfetgxh.exe
  C:\Windows\System\Wfetgxh.exe
  2⤵
  PID:11524
- C:\Windows\System\eYFbSDL.exe
  C:\Windows\System\eYFbSDL.exe
  2⤵
  PID:11548
- C:\Windows\System\MNmuLHH.exe
  C:\Windows\System\MNmuLHH.exe
  2⤵
  PID:11572
- C:\Windows\System\myknJOm.exe
  C:\Windows\System\myknJOm.exe
  2⤵
  PID:11600
- C:\Windows\System\MPZHRpw.exe
  C:\Windows\System\MPZHRpw.exe
  2⤵
  PID:11636
- C:\Windows\System\RszZRog.exe
  C:\Windows\System\RszZRog.exe
  2⤵
  PID:11668
- C:\Windows\System\pZcQibY.exe
  C:\Windows\System\pZcQibY.exe
  2⤵
  PID:11696
- C:\Windows\System\dELnrma.exe
  C:\Windows\System\dELnrma.exe
  2⤵
  PID:11712
- C:\Windows\System\FcnCePk.exe
  C:\Windows\System\FcnCePk.exe
  2⤵
  PID:11736
- C:\Windows\System\voEiRTq.exe
  C:\Windows\System\voEiRTq.exe
  2⤵
  PID:11768
- C:\Windows\System\ZBRTiOA.exe
  C:\Windows\System\ZBRTiOA.exe
  2⤵
  PID:11796
- C:\Windows\System\quWarOd.exe
  C:\Windows\System\quWarOd.exe
  2⤵
  PID:11836
- C:\Windows\System\xpWMSvI.exe
  C:\Windows\System\xpWMSvI.exe
  2⤵
  PID:11852
- C:\Windows\System\qopRgWQ.exe
  C:\Windows\System\qopRgWQ.exe
  2⤵
  PID:11892
- C:\Windows\System\wVksnfT.exe
  C:\Windows\System\wVksnfT.exe
  2⤵
  PID:11908
- C:\Windows\System\BtSECno.exe
  C:\Windows\System\BtSECno.exe
  2⤵
  PID:11936
- C:\Windows\System\iJRifDm.exe
  C:\Windows\System\iJRifDm.exe
  2⤵
  PID:11964
- C:\Windows\System\qIMkaVz.exe
  C:\Windows\System\qIMkaVz.exe
  2⤵
  PID:11988
- C:\Windows\System\yadyfAB.exe
  C:\Windows\System\yadyfAB.exe
  2⤵
  PID:12016
- C:\Windows\System\XXKxqPb.exe
  C:\Windows\System\XXKxqPb.exe
  2⤵
  PID:12072
- C:\Windows\System\xPIOPID.exe
  C:\Windows\System\xPIOPID.exe
  2⤵
  PID:12088
- C:\Windows\System\mRmjena.exe
  C:\Windows\System\mRmjena.exe
  2⤵
  PID:12112
- C:\Windows\System\tWguuhm.exe
  C:\Windows\System\tWguuhm.exe
  2⤵
  PID:12144
- C:\Windows\System\FaClkbr.exe
  C:\Windows\System\FaClkbr.exe
  2⤵
  PID:12172
- C:\Windows\System\KTyzFdT.exe
  C:\Windows\System\KTyzFdT.exe
  2⤵
  PID:12196
- C:\Windows\System\KNvXrei.exe
  C:\Windows\System\KNvXrei.exe
  2⤵
  PID:12216
- C:\Windows\System\maEslsq.exe
  C:\Windows\System\maEslsq.exe
  2⤵
  PID:12244
- C:\Windows\System\EOrhkfd.exe
  C:\Windows\System\EOrhkfd.exe
  2⤵
  PID:12272
- C:\Windows\System\rcLfqgh.exe
  C:\Windows\System\rcLfqgh.exe
  2⤵
  PID:11296
- C:\Windows\System\gNrWXkS.exe
  C:\Windows\System\gNrWXkS.exe
  2⤵
  PID:11360
- C:\Windows\System\TOlOEiy.exe
  C:\Windows\System\TOlOEiy.exe
  2⤵
  PID:11432
- C:\Windows\System\LoCqXhr.exe
  C:\Windows\System\LoCqXhr.exe
  2⤵
  PID:11480
- C:\Windows\System\zkASpLZ.exe
  C:\Windows\System\zkASpLZ.exe
  2⤵
  PID:11536
- C:\Windows\System\rzKPZuR.exe
  C:\Windows\System\rzKPZuR.exe
  2⤵
  PID:11644
- C:\Windows\System\VjyFJVi.exe
  C:\Windows\System\VjyFJVi.exe
  2⤵
  PID:11692
- C:\Windows\System\QrCAePt.exe
  C:\Windows\System\QrCAePt.exe
  2⤵
  PID:11744
- C:\Windows\System\OgNshXk.exe
  C:\Windows\System\OgNshXk.exe
  2⤵
  PID:11808
- C:\Windows\System\KgPHWfq.exe
  C:\Windows\System\KgPHWfq.exe
  2⤵
  PID:11864
- C:\Windows\System\pgKFttc.exe
  C:\Windows\System\pgKFttc.exe
  2⤵
  PID:11952
- C:\Windows\System\FzTywlB.exe
  C:\Windows\System\FzTywlB.exe
  2⤵
  PID:12000
- C:\Windows\System\aDEuPJP.exe
  C:\Windows\System\aDEuPJP.exe
  2⤵
  PID:12036
- C:\Windows\System\YzhnevX.exe
  C:\Windows\System\YzhnevX.exe
  2⤵
  PID:12128
- C:\Windows\System\smWCLYu.exe
  C:\Windows\System\smWCLYu.exe
  2⤵
  PID:12184
- C:\Windows\System\yVZvubd.exe
  C:\Windows\System\yVZvubd.exe
  2⤵
  PID:10640
- C:\Windows\System\sBMBXdr.exe
  C:\Windows\System\sBMBXdr.exe
  2⤵
  PID:11400
- C:\Windows\System\roIkwWO.exe
  C:\Windows\System\roIkwWO.exe
  2⤵
  PID:11592
- C:\Windows\System\ajKfJbL.exe
  C:\Windows\System\ajKfJbL.exe
  2⤵
  PID:11784
- C:\Windows\System\WGXHZgt.exe
  C:\Windows\System\WGXHZgt.exe
  2⤵
  PID:11972
- C:\Windows\System\FRwrZFY.exe
  C:\Windows\System\FRwrZFY.exe
  2⤵
  PID:12164
- C:\Windows\System\MdQtYXN.exe
  C:\Windows\System\MdQtYXN.exe
  2⤵
  PID:11540
- C:\Windows\System\FQMwaFA.exe
  C:\Windows\System\FQMwaFA.exe
  2⤵
  PID:11504
- C:\Windows\System\PhEywOn.exe
  C:\Windows\System\PhEywOn.exe
  2⤵
  PID:12296
- C:\Windows\System\OIUBDMv.exe
  C:\Windows\System\OIUBDMv.exe
  2⤵
  PID:12316
- C:\Windows\System\AaJhYNb.exe
  C:\Windows\System\AaJhYNb.exe
  2⤵
  PID:12352
- C:\Windows\System\eLixOjD.exe
  C:\Windows\System\eLixOjD.exe
  2⤵
  PID:12372
- C:\Windows\System\uacrgFc.exe
  C:\Windows\System\uacrgFc.exe
  2⤵
  PID:12408
- C:\Windows\System\joNEHCp.exe
  C:\Windows\System\joNEHCp.exe
  2⤵
  PID:12436
- C:\Windows\System\zuWbLjD.exe
  C:\Windows\System\zuWbLjD.exe
  2⤵
  PID:12480
- C:\Windows\System\fkgUORn.exe
  C:\Windows\System\fkgUORn.exe
  2⤵
  PID:12504
- C:\Windows\System\FPmQODq.exe
  C:\Windows\System\FPmQODq.exe
  2⤵
  PID:12528
- C:\Windows\System\jBWPGEG.exe
  C:\Windows\System\jBWPGEG.exe
  2⤵
  PID:12556
- C:\Windows\System\VXeNNvp.exe
  C:\Windows\System\VXeNNvp.exe
  2⤵
  PID:12588
- C:\Windows\System\hNFbXlB.exe
  C:\Windows\System\hNFbXlB.exe
  2⤵
  PID:12632
- C:\Windows\System\RHICGjD.exe
  C:\Windows\System\RHICGjD.exe
  2⤵
  PID:12664
- C:\Windows\System\HxJrBPN.exe
  C:\Windows\System\HxJrBPN.exe
  2⤵
  PID:12692
- C:\Windows\System\JxQlBuB.exe
  C:\Windows\System\JxQlBuB.exe
  2⤵
  PID:12720
- C:\Windows\System\jBUBkST.exe
  C:\Windows\System\jBUBkST.exe
  2⤵
  PID:12760
- C:\Windows\System\DLGviCy.exe
  C:\Windows\System\DLGviCy.exe
  2⤵
  PID:12800
- C:\Windows\System\jVVnjhE.exe
  C:\Windows\System\jVVnjhE.exe
  2⤵
  PID:12828
- C:\Windows\System\NSbtsrM.exe
  C:\Windows\System\NSbtsrM.exe
  2⤵
  PID:12860
- C:\Windows\System\PzcRBGy.exe
  C:\Windows\System\PzcRBGy.exe
  2⤵
  PID:12896
- C:\Windows\System\QkkoIOR.exe
  C:\Windows\System\QkkoIOR.exe
  2⤵
  PID:12928
- C:\Windows\System\svRGQif.exe
  C:\Windows\System\svRGQif.exe
  2⤵
  PID:12944
- C:\Windows\System\IqiKEzK.exe
  C:\Windows\System\IqiKEzK.exe
  2⤵
  PID:12976
- C:\Windows\System\mxAxgqd.exe
  C:\Windows\System\mxAxgqd.exe
  2⤵
  PID:13004
- C:\Windows\System\kZhZYHi.exe
  C:\Windows\System\kZhZYHi.exe
  2⤵
  PID:13044
- C:\Windows\System\aHyIDcz.exe
  C:\Windows\System\aHyIDcz.exe
  2⤵
  PID:13064
- C:\Windows\System\HiVtiDQ.exe
  C:\Windows\System\HiVtiDQ.exe
  2⤵
  PID:13080
- C:\Windows\System\LrroaMj.exe
  C:\Windows\System\LrroaMj.exe
  2⤵
  PID:13100
- C:\Windows\System\HBdptIA.exe
  C:\Windows\System\HBdptIA.exe
  2⤵
  PID:13116
- C:\Windows\System\yARtEYs.exe
  C:\Windows\System\yARtEYs.exe
  2⤵
  PID:13140
- C:\Windows\System\RKYGFzn.exe
  C:\Windows\System\RKYGFzn.exe
  2⤵
  PID:13160
- C:\Windows\System\rhrXkFi.exe
  C:\Windows\System\rhrXkFi.exe
  2⤵
  PID:13184
- C:\Windows\System\fcPNKdM.exe
  C:\Windows\System\fcPNKdM.exe
  2⤵
  PID:13204
- C:\Windows\System\fPRkUtU.exe
  C:\Windows\System\fPRkUtU.exe
  2⤵
  PID:13232
- C:\Windows\System\fAGgIOO.exe
  C:\Windows\System\fAGgIOO.exe
  2⤵
  PID:13256
- C:\Windows\System\MrXunNn.exe
  C:\Windows\System\MrXunNn.exe
  2⤵
  PID:13284
- C:\Windows\System\AOxyKVU.exe
  C:\Windows\System\AOxyKVU.exe
  2⤵
  PID:11248
- C:\Windows\System\aQPlsJJ.exe
  C:\Windows\System\aQPlsJJ.exe
  2⤵
  PID:12336
- C:\Windows\System\VacPBdz.exe
  C:\Windows\System\VacPBdz.exe
  2⤵
  PID:12384
- C:\Windows\System\aDOJCEH.exe
  C:\Windows\System\aDOJCEH.exe
  2⤵
  PID:12460
- C:\Windows\System\KWTRJog.exe
  C:\Windows\System\KWTRJog.exe
  2⤵
  PID:11516
- C:\Windows\System\cqIvrXD.exe
  C:\Windows\System\cqIvrXD.exe
  2⤵
  PID:12584
- C:\Windows\System\GoSLLUN.exe
  C:\Windows\System\GoSLLUN.exe
  2⤵
  PID:12732
- C:\Windows\System\jWeEvHd.exe
  C:\Windows\System\jWeEvHd.exe
  2⤵
  PID:12824
- C:\Windows\System\aYXMsIH.exe
  C:\Windows\System\aYXMsIH.exe
  2⤵
  PID:12876
- C:\Windows\System\xOnAAGi.exe
  C:\Windows\System\xOnAAGi.exe
  2⤵
  PID:12988
- C:\Windows\System\scdQmOU.exe
  C:\Windows\System\scdQmOU.exe
  2⤵
  PID:13072
- C:\Windows\System\geSMApS.exe
  C:\Windows\System\geSMApS.exe
  2⤵
  PID:13088
- C:\Windows\System\kvtPkyn.exe
  C:\Windows\System\kvtPkyn.exe
  2⤵
  PID:13224
- C:\Windows\System\qxgEPCo.exe
  C:\Windows\System\qxgEPCo.exe
  2⤵
  PID:13180
- C:\Windows\System\jDIZpoY.exe
  C:\Windows\System\jDIZpoY.exe
  2⤵
  PID:13280
- C:\Windows\System\AhziLVP.exe
  C:\Windows\System\AhziLVP.exe
  2⤵
  PID:12464
- C:\Windows\System\ecdtpfS.exe
  C:\Windows\System\ecdtpfS.exe
  2⤵
  PID:12500
- C:\Windows\System\ZrwExfN.exe
  C:\Windows\System\ZrwExfN.exe
  2⤵
  PID:12708
- C:\Windows\System\UWMGhvD.exe
  C:\Windows\System\UWMGhvD.exe
  2⤵
  PID:12996
- C:\Windows\System\PqqiBSd.exe
  C:\Windows\System\PqqiBSd.exe
  2⤵
  PID:13076
- C:\Windows\System\hAgTdiE.exe
  C:\Windows\System\hAgTdiE.exe
  2⤵
  PID:13252
- C:\Windows\System\LsBavYZ.exe
  C:\Windows\System\LsBavYZ.exe
  2⤵
  PID:4516
- C:\Windows\System\NZzkTbm.exe
  C:\Windows\System\NZzkTbm.exe
  2⤵
  PID:1000
- C:\Windows\System\lXGhAqS.exe
  C:\Windows\System\lXGhAqS.exe
  2⤵
  PID:12868
- C:\Windows\System\ItQDFpl.exe
  C:\Windows\System\ItQDFpl.exe
  2⤵
  PID:13052
- C:\Windows\System\jwEuUwK.exe
  C:\Windows\System\jwEuUwK.exe
  2⤵
  PID:3764
- C:\Windows\System\NfAAiKa.exe
  C:\Windows\System\NfAAiKa.exe
  2⤵
  PID:13336
- C:\Windows\System\bmBtVxY.exe
  C:\Windows\System\bmBtVxY.exe
  2⤵
  PID:13352
- C:\Windows\System\SxLKBji.exe
  C:\Windows\System\SxLKBji.exe
  2⤵
  PID:13384
- C:\Windows\System\IDrjRoP.exe
  C:\Windows\System\IDrjRoP.exe
  2⤵
  PID:13404
- C:\Windows\System\EvJkpnB.exe
  C:\Windows\System\EvJkpnB.exe
  2⤵
  PID:13420
- C:\Windows\System\jYSaOsp.exe
  C:\Windows\System\jYSaOsp.exe
  2⤵
  PID:13448
- C:\Windows\System\PHISyli.exe
  C:\Windows\System\PHISyli.exe
  2⤵
  PID:13464
- C:\Windows\System\KqbVClF.exe
  C:\Windows\System\KqbVClF.exe
  2⤵
  PID:13488
- C:\Windows\System\OeJOtNj.exe
  C:\Windows\System\OeJOtNj.exe
  2⤵
  PID:13516
- C:\Windows\System\pWLGjHK.exe
  C:\Windows\System\pWLGjHK.exe
  2⤵
  PID:13532
- C:\Windows\System\PaaZhVS.exe
  C:\Windows\System\PaaZhVS.exe
  2⤵
  PID:13580
- C:\Windows\System\qvQsbBS.exe
  C:\Windows\System\qvQsbBS.exe
  2⤵
  PID:13624
- C:\Windows\System\HwbBiWI.exe
  C:\Windows\System\HwbBiWI.exe
  2⤵
  PID:13656
- C:\Windows\System\kYkvHxK.exe
  C:\Windows\System\kYkvHxK.exe
  2⤵
  PID:13684
- C:\Windows\System\UzEkQaS.exe
  C:\Windows\System\UzEkQaS.exe
  2⤵
  PID:13716
- C:\Windows\System\GXUxezz.exe
  C:\Windows\System\GXUxezz.exe
  2⤵
  PID:13756
- C:\Windows\System\EGMDVTF.exe
  C:\Windows\System\EGMDVTF.exe
  2⤵
  PID:13780
- C:\Windows\System\ifzyERm.exe
  C:\Windows\System\ifzyERm.exe
  2⤵
  PID:13808
- C:\Windows\System\OJLlJgY.exe
  C:\Windows\System\OJLlJgY.exe
  2⤵
  PID:13828
- C:\Windows\System\DliWHwT.exe
  C:\Windows\System\DliWHwT.exe
  2⤵
  PID:13864
- C:\Windows\System\hatIJHg.exe
  C:\Windows\System\hatIJHg.exe
  2⤵
  PID:13896
- C:\Windows\System\AURvkah.exe
  C:\Windows\System\AURvkah.exe
  2⤵
  PID:13924
- C:\Windows\System\jjPBNyH.exe
  C:\Windows\System\jjPBNyH.exe
  2⤵
  PID:13948
- C:\Windows\System\hxwQWgZ.exe
  C:\Windows\System\hxwQWgZ.exe
  2⤵
  PID:13968
- C:\Windows\System\UcLjjix.exe
  C:\Windows\System\UcLjjix.exe
  2⤵
  PID:13992
- C:\Windows\System\MWYSFyi.exe
  C:\Windows\System\MWYSFyi.exe
  2⤵
  PID:14016
- C:\Windows\System\prnFSnu.exe
  C:\Windows\System\prnFSnu.exe
  2⤵
  PID:14048
- C:\Windows\System\nXMnbsT.exe
  C:\Windows\System\nXMnbsT.exe
  2⤵
  PID:14068
- C:\Windows\System\wOvkPTE.exe
  C:\Windows\System\wOvkPTE.exe
  2⤵
  PID:14092
- C:\Windows\System\cipJJSZ.exe
  C:\Windows\System\cipJJSZ.exe
  2⤵
  PID:14120
- C:\Windows\System\ZwNKqNw.exe
  C:\Windows\System\ZwNKqNw.exe
  2⤵
  PID:14144
- C:\Windows\System\grxVVcT.exe
  C:\Windows\System\grxVVcT.exe
  2⤵
  PID:14176
- C:\Windows\System\HgxJxPp.exe
  C:\Windows\System\HgxJxPp.exe
  2⤵
  PID:14212
- C:\Windows\System\ShWcgNy.exe
  C:\Windows\System\ShWcgNy.exe
  2⤵
  PID:14252
- C:\Windows\System\tSAnkdS.exe
  C:\Windows\System\tSAnkdS.exe
  2⤵
  PID:14288
- C:\Windows\System\OCqyENk.exe
  C:\Windows\System\OCqyENk.exe
  2⤵
  PID:14316
- C:\Windows\System\CGvFUSW.exe
  C:\Windows\System\CGvFUSW.exe
  2⤵
  PID:12524
- C:\Windows\System\HLjElwK.exe
  C:\Windows\System\HLjElwK.exe
  2⤵
  PID:13396
- C:\Windows\System\MQlDfXE.exe
  C:\Windows\System\MQlDfXE.exe
  2⤵
  PID:13416
- C:\Windows\System\MYDwDrN.exe
  C:\Windows\System\MYDwDrN.exe
  2⤵
  PID:13608
- C:\Windows\System\cgJUwuO.exe
  C:\Windows\System\cgJUwuO.exe
  2⤵
  PID:13560
- C:\Windows\System\CWbwyog.exe
  C:\Windows\System\CWbwyog.exe
  2⤵
  PID:13700
- C:\Windows\System\KpqzzDB.exe
  C:\Windows\System\KpqzzDB.exe
  2⤵
  PID:13676
- C:\Windows\System\NtXeoyw.exe
  C:\Windows\System\NtXeoyw.exe
  2⤵
  PID:13804
- C:\Windows\System\wQqnezc.exe
  C:\Windows\System\wQqnezc.exe
  2⤵
  PID:13856
- C:\Windows\System\pfuQvvh.exe
  C:\Windows\System\pfuQvvh.exe
  2⤵
  PID:13944
- C:\Windows\System\pnhZrcW.exe
  C:\Windows\System\pnhZrcW.exe
  2⤵
  PID:14008
- C:\Windows\System\lQBXbPc.exe
  C:\Windows\System\lQBXbPc.exe
  2⤵
  PID:14056
- C:\Windows\System\gKUnkkJ.exe
  C:\Windows\System\gKUnkkJ.exe
  2⤵
  PID:14188
- C:\Windows\System\ozgNBUh.exe
  C:\Windows\System\ozgNBUh.exe
  2⤵
  PID:14164
- C:\Windows\System\vPAXvzo.exe
  C:\Windows\System\vPAXvzo.exe
  2⤵
  PID:14236
- C:\Windows\System\KUsatCz.exe
  C:\Windows\System\KUsatCz.exe
  2⤵
  PID:14304
- C:\Windows\System\SMzZiml.exe
  C:\Windows\System\SMzZiml.exe
  2⤵
  PID:12872
- C:\Windows\System\OPTBlSk.exe
  C:\Windows\System\OPTBlSk.exe
  2⤵
  PID:13480
- C:\Windows\System\bYZwsNC.exe
  C:\Windows\System\bYZwsNC.exe
  2⤵
  PID:13552
- C:\Windows\System\ikIUfMN.exe
  C:\Windows\System\ikIUfMN.exe
  2⤵
  PID:13696
- C:\Windows\System\TKvOhJQ.exe
  C:\Windows\System\TKvOhJQ.exe
  2⤵
  PID:13872
- C:\Windows\System\UpDdtAM.exe
  C:\Windows\System\UpDdtAM.exe
  2⤵
  PID:14088
- C:\Windows\System\HzfEVjo.exe
  C:\Windows\System\HzfEVjo.exe
  2⤵
  PID:14152
- C:\Windows\System\OVDXSSa.exe
  C:\Windows\System\OVDXSSa.exe
  2⤵
  PID:14272
- C:\Windows\System\KdrPukW.exe
  C:\Windows\System\KdrPukW.exe
  2⤵
  PID:13508

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CaomGXO.exe

Filesize
2.4MB

MD5
a06631cb7b1190754a5f0eb72b0ba296

SHA1
23d11ffc5f3dc54e86ab2fc7b5bf5d96d2ce9b62

SHA256
063a957943cc03007819874250941e066ef72e1dfb4f3b8d96947908968b0d90

SHA512
06a51f88e53981cbf59d4da55b60f626cfa05d5a2d95d5862b292fba07d5c642c732516beb8fa9cbd279b3f26e345b5d2a8c21647f5946bb7ac0883ebcfdbf33

Download Submit
C:\Windows\System\EpMUxmk.exe

Filesize
2.4MB

MD5
46d4dca08d86d29c818cd7ae0fc66afc

SHA1
66ba2bf0ae699ace31d2b72665260e08bb61e989

SHA256
fbcad27a9460f678c956418a0766cbbe8c3619c11956f07bd702d09479c98411

SHA512
9d8ce87d1d4daa8709582a25af094b4e4b5adfa6db090ae9e89c64c86b0c8625fd633d9065fc5d2dde88a3bcddad7f869e774250c8a98a5d449d3afe1da01c3c

Download Submit
C:\Windows\System\FbsYpPD.exe

Filesize
2.4MB

MD5
98ff0a59d03b6181e93f1f712bcdc5d6

SHA1
5a61435080a1fc743263feaf1d2e7f334b954dc7

SHA256
b5340f76cd38912e8ff2b18fea28dfefef9236211a0cc50425dee18f791d98b5

SHA512
e737cc45ea1d0acb7b462fddc9ed7827bda382d281adc8fcd27c681f54a82700939203b6f5d0f5712e8862a531e7de6ce46edadc22e0f611610a5367dfc66b70

Download Submit
C:\Windows\System\GZeGfzV.exe

Filesize
2.4MB

MD5
1d365c8c1ae9eb75f8a1709aad389740

SHA1
e1068c88b8dad552fb6b1d52409a2f81df3489ce

SHA256
31f9bb57d059abac0723dcd9b03da0ec5df4e83076e275ef2436f17825588d74

SHA512
9e02d093fbb1112d533a2adf5a4576e4d0e8639610c6f65ec7a17df4e6cbd0a3e6fe09852c78fc2c24bd4fee56356a5738ab6103c8066894a7886e6aa6287a4f

Download Submit
C:\Windows\System\HtHSNXd.exe

Filesize
2.4MB

MD5
ca0d7e42b18ebcba49f280d477ace682

SHA1
4f506c77af8d333e7d7df1397c835a15d7ee23da

SHA256
1a101c493b460c9f58d57864101bdb27e66b6af7bd15396d01d83060c454ad09

SHA512
00252cf94d230f2098842090edae060e494175fb196a6a21f6da1207cebd9a6ab77dedcf04d6b48e20572ce3deabe338c55a07661209336b4a12c89698578b8f

Download Submit
C:\Windows\System\IMgJScK.exe

Filesize
2.4MB

MD5
70d1b366054527d648b913bebcfb8818

SHA1
65295ca4c101678274093cd557c2b62f9342f27c

SHA256
0ce4d862970dda409e5f499e9f25b8997b97736eab007095571620a2a8468106

SHA512
a77d67f447dc808d9796f01598e79276a92381e65715221ff81cd86d3c44a130227c07f432ee9f9b4fab1c3edcf5398fd7266625334357614ad6a8749346c4cd

Download Submit
C:\Windows\System\KZhbRwY.exe

Filesize
2.4MB

MD5
a2bf2cf2848ede3b803031d92a4e85f2

SHA1
2ad17e9ffb0b48f1aa8e226476d27d3a18411155

SHA256
2ad971da7560376187a0556e29b1a6916120e4d5ef3fe2436c78d166b3a489de

SHA512
0c145c4652cbabbd586a40ab6ac900e2310638f6e3cd6fffbaa827de6dc65a34a5a68e1af458ba75003fa03fc109b6aa581fe2471ed9e3f02f49a9406706f96d

Download Submit
C:\Windows\System\LLeilSo.exe

Filesize
2.4MB

MD5
03f13d9609d0bc9286bb10aad266c9a3

SHA1
4aa525499c9e66ff001efafa88afc9b6815fc594

SHA256
a7a946227cf6ad377233d16fd653538e993f18935e5b8ab1bfa16b900836629f

SHA512
51e5a0fa0f4aaf2585942566ff335d4cea42532c7c5dfd634a2533dd2c1cfc0adf86b71e3c33a13ef839ca76517f5b1b5d13125bf7e3639e75ea2be0e98771b3

Download Submit
C:\Windows\System\LSkidKY.exe

Filesize
2.4MB

MD5
7e22a4dc3eb25cf92ae831496beaccaf

SHA1
65fa6a1fdac1eb0129a78975fd29c64f76c066e0

SHA256
52e15ddf05b193c0f256c176cea9067737f370fbac0caf14952a6d5a7430ecae

SHA512
6db2faad4124d973073c6d910cad5ff4615430b3554e8f7a7e8d59fa0e3eb262014ce8e163ef90c60ebd13d1aa1144218c8de9b5e756608551e9c7899b69ab88

Download Submit
C:\Windows\System\MVaLPpk.exe

Filesize
2.4MB

MD5
c03728e6d32433d8bef15f7df26ec140

SHA1
5b8b31dbb2adf1ea1f9df1375653c94b31f3785b

SHA256
0e73e507c22bf9d511578ee43284993436fef739f600c1e94a0dd11c415d41a9

SHA512
55a04ee75e227919fd4162c63f6a89171a4970181cd5ceb5fb7fea3bef5a010b1273dc422fce66a84ab4e05df7eea04ab62c6e1f4be681d224f00c9805162377

Download Submit
C:\Windows\System\SoVdjzj.exe

Filesize
2.4MB

MD5
cdfa118b4c6fcb2c6674040fe9df66e7

SHA1
c371f0487b6156f4cbf0aadaeb15af12b2cac53c

SHA256
fc2f3ff9b169692fd4abd75c27bbf06de4c90122e2e8ca842cdc26c27bc27cbd

SHA512
6e8f939f8609e3b4712e00e093ec2cedf1e4ffab433ba0cfae34f8b4cd944dfeeca358af9dc9d1c5ed205a86732cc5b1d18129339268da6e19011874c2eb12c7

Download Submit
C:\Windows\System\UTutgBd.exe

Filesize
2.4MB

MD5
da3199936dc7359df6e2b10c45618c3d

SHA1
4c11e07b586055d9d857cdd076eb28483cd3923e

SHA256
f19159e4dc636ed5e1936f891aa8edc2f4321cb41862c5892ad9505e83469044

SHA512
7c1ac696a8b2667ca23364ec0bfea16937042fc620c7e4a6489cf52f97f288ea97f8260deb129f773a60770cd96cd633b604f3d015250506f0c559197dbedf8f

Download Submit
C:\Windows\System\UbExECY.exe

Filesize
2.4MB

MD5
5c74f8c3023d7fc90a098dfe8d838cdd

SHA1
3da3d208b778ea709bd754921eda0ddaa4dece43

SHA256
af26637e1313d8f113fecdbdf1beaeb2713ec8017239934d8990752705de3fc6

SHA512
68ebb327388bdf0e2a3545182cd8101634d1abea9928a11e246eb1f663e5fae32e92c769375206c2be05701ec8e340acd57556f77a08c618f524bd7bfcad69e5

Download Submit
C:\Windows\System\XQMXxAk.exe

Filesize
2.4MB

MD5
35cdc8a7ee706f9f8d0d2dc2ee316fd6

SHA1
b054be27018e459ceb2c93f8d99b438d9badfba3

SHA256
ff9dcea912289d83511266deeea0c46e2e713a6e63a2f4dcc89a507e583d26f0

SHA512
7fdb3fcddf1c5b2ce6a1216db1472fc9a9f1ba684620c83fb8907c0c717168513bc691bafbb2ec2bd1202a51c29d400881f23f635acbf82b09fd1699e91f68e8

Download Submit
C:\Windows\System\YQWPuSe.exe

Filesize
2.4MB

MD5
25d89189c7d563f8848a784ec9323e69

SHA1
07141c6bb2acc1583d9c67c54bd8a0ca184e6e57

SHA256
4e7ba09fcd08f5f14fb2daa55940c4ce22f7380f2d0f6dc124a0ca8fce8a7575

SHA512
8c8c147c800bb01a0c618b2da29e36b5612af1cad7383024632c08c7f10fb4d007b7f3ea5478a107eaa5e44048b3d10343ec9ef384469d424d8fa9ef8b75befa

Download Submit
C:\Windows\System\aQXxJVM.exe

Filesize
2.4MB

MD5
a2fc0900da07e06c587b4522067933f2

SHA1
85b1c9433d6ddd2aafdf66545e4a9fdc2d44391b

SHA256
d92763d1ee922610b2262e419f00661f4818171814e9028c72f40f2a598d8628

SHA512
3abe10c1f572d82f3844d91c295a31deacffeaceb688c7bd2c649e9c69896cedfe3ffcc171e1cdf1c2318d46c0aaad13c6f844702d1b1e13c480242d5a442fc2

Download Submit
C:\Windows\System\cdkQyqf.exe

Filesize
2.4MB

MD5
4f0474c6a619edef228590241240ead4

SHA1
769b2395dd6bc5bce2c6fd2141c12870647d3b7a

SHA256
dd720e917d9a0664a5a7ce335cc16bcacffdc4f9b0fb8cd34d94c4a5c188c78d

SHA512
ea45eb223ddcde8a56b887df640b1db2aa972a624ced9cef39bb5ca7ea7c1af68e5d6742825c3bbc1278efe1d3eb8a8dd33700cda700d6af2be6d2a363bae825

Download Submit
C:\Windows\System\dCegjrD.exe

Filesize
2.4MB

MD5
cdfdc9763d2dc67e860159661d1fadd2

SHA1
6db03c2f7cc08f58791a4856a7bd02c3b8ee3ab0

SHA256
0866e8d3bb55a156dfea6945c045b6c462a8089fe4dd6894c3c0c32a1beabe80

SHA512
3eeb1782feaf630b6654042c5904bd88cdc6cbae3d170bb4830da0bbf2b54e0feebac0b382bfd08e56b8de893a6770d10691ac1fdcfc950e34f7b449e4b2ba94

Download Submit
C:\Windows\System\dWrCWpC.exe

Filesize
2.4MB

MD5
e59782e4c816e82c6bd890742d337d61

SHA1
e5ba4d976d792dc7a905156ae7456308e2ae567c

SHA256
49face5136fec665ef90a2803eeebb844c77f42612aa2217126776d9686504b5

SHA512
db8931d090e417044f7defde6aee0fbbb0c8567c85b238e53453dabe14541f83f7d19940057ce97704539b675a2ea484e1fb2448ce7acbd64a4c7aefdf291b0f

Download Submit
C:\Windows\System\gUnjDeQ.exe

Filesize
2.4MB

MD5
864148831606843f29602a2904242cd5

SHA1
24beb830840703cdf16842c577a55aea9d8654c0

SHA256
c797a5d59efdda1539087058d379ea1a89fe394594d8d6e1275a20ea94b8eb4a

SHA512
a25d94f6edefd41122fe21d1a7da9060d9df484d3f577936ab4082a250e2b3a22549e9d4cfe4b513c2278f2bf5c40e279b53f2b5df1c0d032b0a0ed61f82a798

Download Submit
C:\Windows\System\gpAKGfj.exe

Filesize
2.4MB

MD5
29434ed217892226551a6c053aef5305

SHA1
470999cf9ff9fd0539ebfc642094cfc9e938f93d

SHA256
65618860f73b642cbeaf4e1de84e251c71a7a5c579557445f6baa8407f2ae701

SHA512
ec142c52fe591e1d111a6c16869bfb1b16a657b0e050a57158cce93a3089e708029972b674c0d4ecee6471d4867b8127e742e463f3c074f76b2d67f49a50560d

Download Submit
C:\Windows\System\guCYnZw.exe

Filesize
2.4MB

MD5
3e715236aaac2ef100be1fcd5714d903

SHA1
d339f6502062dc0f5ae5ede4b9454bc69b3a3111

SHA256
29c41b816c40add1a1c365b8ef4dad42977bb14e5d2b8c5a6cb17e57ec0ab834

SHA512
15e25b4d81de9019880d268cac1c5c65aec4637c8421ca7d51b902c31e7e9598f747df4ed12e7223f725dbc0a2b6c373d2a3f237d485a2281b195e9c47aeaedd

Download Submit
C:\Windows\System\hJwdjtg.exe

Filesize
2.4MB

MD5
3ca31382a3129f70d1d51bf5ebbf141a

SHA1
ff0c4c704c43dc01505ca438f071df56693c901f

SHA256
234978a4b8052b6e7f26fce8d4cd873f84242ea774c490e463212b35f9e09e37

SHA512
fa403f32033275f2402fdddbf479908872a0e613391a405553c58e60f57e28e586cfc7b16dc3dd38d92d59677e89d9b90c8715c450654f26a6c1103f13bf9862

Download Submit
C:\Windows\System\jRAIjhD.exe

Filesize
2.4MB

MD5
1020296d259cc5c66321ce543203a112

SHA1
301836ca7135ee5a1d1be0bca706b5d838d06cef

SHA256
1f6f5c6fac1d1927e2ab19decdadc4608e41d4982f76db26c85c8ca1d7c3e1f1

SHA512
8b7acaf42b5a8ab2533f860a40459defcf6d664eabee0e23c15ecd8258e4de9bbc55c8f8eb41ae06ba01b207d2a4f0157569bfee6e2f18268821703fb629ee85

Download Submit
C:\Windows\System\kuemchO.exe

Filesize
2.4MB

MD5
af57030c38fc055b077e2ba006c73b29

SHA1
19be81196c2f5cff6d498b310a69e9b3b6e3db32

SHA256
20ec486a3e3e0de719be4820e3760b55f70fc97b8449b39fc9f64ff276f8ba44

SHA512
e738772a9468707c89beaeb8278ef065bdbc9cd04717ea460a3a84a77b4821f2e7beb11456adb8e001ba27dcf7ddf56acb3e9fb2d6d46baa7cd0e222438947ce

Download Submit
C:\Windows\System\rgOTmpi.exe

Filesize
2.4MB

MD5
6766f4a05c54abc6a5e489e91d72ae1b

SHA1
629bb881c3699c243cc6637972b125863ba7e34d

SHA256
19cb721e83e8aa0c23df901acd0d4cee081d005ce831b63ebc7da05199c2a14b

SHA512
33e3b96404364d55313221c0536c7746207f18227348f6eba20e18a8f0cc05cfa10f58056301c50f3574dddad62d21815b048e5017808ba2cc21b90b009392a3

Download Submit
C:\Windows\System\vDisxej.exe

Filesize
2.4MB

MD5
e1c6b570a068378a0d4b8d632827423e

SHA1
7e5d531bae67873abbbbddefe0f93a53bcb6245c

SHA256
56094bd28902cada2925b5242fc3e3ee1d5f213e6df4b739e6a2bd7f99f07fe0

SHA512
32b09c104cff5d4123d3dbea8fdfbf8049b2c1e41a5ea86d45acfc239e5ceb9b0ee5225eeadf22e624c7ce897a9a59b557f26dfb8f9b120425dfb1094684add7

Download Submit
C:\Windows\System\wRPjIoT.exe

Filesize
2.4MB

MD5
00e1d2574b46a0cfac9bd71972147acc

SHA1
5b33409dedb7e0e22af5a2fce2074bee791574ec

SHA256
be8df61bccc2e2d506f31a03910549a4d86151c7733fa78f7f8af0529dbe1514

SHA512
18e41f0140f67dcef4c64e18544934a83767ea86ac2548fca812b99afa19cdba5c797ab62027c9d2e398575977558d20a8694b3add3aad35cdfb1c4fb723098d

Download Submit
C:\Windows\System\xHqBrsM.exe

Filesize
2.4MB

MD5
c6366c00c50e4e7114f135bc8846f687

SHA1
e05afd42abc2af7cda4d852a19e43bdb6b352172

SHA256
6453dfa46e9ed72458df053dc76be02622e026c8494f868eae79d126f54a39a4

SHA512
1e7bd98f851c3c0c65472789d90f193f8c678c61d3ea131e21a211ff99a722d9982ee9dedb3183c4c8bee1d4075fb59b3390f3f5809e1ee821a79507ea97c2ff

Download Submit
C:\Windows\System\xddDTQj.exe

Filesize
2.4MB

MD5
2c8cbdee96d5e77d4f2a41a7061f2fef

SHA1
ca06e13d4ce8455c4d6a79b32c2a8e4ee983453a

SHA256
a88a6776234f1ec14c3ee7f0a934546252ece1ac82ed3d851a8fa2a06a82eb97

SHA512
7bfe539d77f298abd1d4b7bc059b5e016041c8fca834eafd6c86376e07ffee72122543085accbd4a1f9efd565347b0959772ecf901358c6633725c7c3475f0a0

Download Submit
C:\Windows\System\yAMBAyv.exe

Filesize
2.4MB

MD5
408763e7affecbd2274740b65191eefd

SHA1
569a25bccb7285a50f69bccfd39cea1d72d4506f

SHA256
575530c716727442ff5d84d70906f11b5c79c48eeb6205f2392a18dedc0158a4

SHA512
0cf91c5c6fd3b3fd29593853c540f548e6cf133512aab3b08f43c47d1d1e7654140d149757bfd82e46b87a40eb5e2a070e4da5343e14dceca9a645a9e29605ca

Download Submit
C:\Windows\System\ypIsNDj.exe

Filesize
2.4MB

MD5
e5a0d45091a910f99ccf8c664d872c4b

SHA1
654b08af34f1484e4660be5739fa72df04611dae

SHA256
947f95ac8b327da18c43008b5f8e66bc490e9a58e7a5026efafe08347f720488

SHA512
a0dacdb6519435aa57614229550be07f54ee5f129f69f9ca1949ad57aacad5405ea045cfd9ef18d601b6495f58215913c1fd0aa906a3acfa51f8893d9a18abf4

Download Submit
C:\Windows\System\zjVXQZB.exe

Filesize
2.4MB

MD5
73f245c36117485412b1f8a05538efc9

SHA1
1c3217ca5ccb7896f84d0a821b8d9531677fa9b6

SHA256
e4a94a05c0b39241eb184074eb9787e172f5d0372c8f5181d92ca3fb4e8ac6dc

SHA512
b0e699570096abdca054add2debafd46c372c66edb43dd9032aa7e64d9ae2b82e2d1463fb83137164604848c35bd6fe37921f2ce6a4c72904b0e69fdf11335f5

Download Submit
memory/400-2101-0x00007FF768470000-0x00007FF7687C4000-memory.dmp

Filesize
3.3MB

Download
memory/400-104-0x00007FF768470000-0x00007FF7687C4000-memory.dmp

Filesize
3.3MB

Download
memory/800-181-0x00007FF665710000-0x00007FF665A64000-memory.dmp

Filesize
3.3MB

Download
memory/800-2108-0x00007FF665710000-0x00007FF665A64000-memory.dmp

Filesize
3.3MB

Download
memory/1184-56-0x00007FF7DFB60000-0x00007FF7DFEB4000-memory.dmp

Filesize
3.3MB

Download
memory/1184-2093-0x00007FF7DFB60000-0x00007FF7DFEB4000-memory.dmp

Filesize
3.3MB

Download
memory/1212-2100-0x00007FF7562F0000-0x00007FF756644000-memory.dmp

Filesize
3.3MB

Download
memory/1212-178-0x00007FF7562F0000-0x00007FF756644000-memory.dmp

Filesize
3.3MB

Download
memory/1348-172-0x00007FF6E8600000-0x00007FF6E8954000-memory.dmp

Filesize
3.3MB

Download
memory/1348-2110-0x00007FF6E8600000-0x00007FF6E8954000-memory.dmp

Filesize
3.3MB

Download
memory/1460-152-0x00007FF631880000-0x00007FF631BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2118-0x00007FF631880000-0x00007FF631BD4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-0-0x00007FF6FD1D0000-0x00007FF6FD524000-memory.dmp

Filesize
3.3MB

Download
memory/1804-1-0x0000028712F90000-0x0000028712FA0000-memory.dmp

Filesize
64KB

Download
memory/1912-25-0x00007FF7158C0000-0x00007FF715C14000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2092-0x00007FF7158C0000-0x00007FF715C14000-memory.dmp

Filesize
3.3MB

Download
memory/1916-179-0x00007FF6B6B40000-0x00007FF6B6E94000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2113-0x00007FF6B6B40000-0x00007FF6B6E94000-memory.dmp

Filesize
3.3MB

Download
memory/2300-177-0x00007FF7B8FE0000-0x00007FF7B9334000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2103-0x00007FF7B8FE0000-0x00007FF7B9334000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2117-0x00007FF61FFE0000-0x00007FF620334000-memory.dmp

Filesize
3.3MB

Download
memory/2324-164-0x00007FF61FFE0000-0x00007FF620334000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2089-0x00007FF7DA690000-0x00007FF7DA9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2091-0x00007FF7DA690000-0x00007FF7DA9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-23-0x00007FF7DA690000-0x00007FF7DA9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2095-0x00007FF63BFE0000-0x00007FF63C334000-memory.dmp

Filesize
3.3MB

Download
memory/2388-65-0x00007FF63BFE0000-0x00007FF63C334000-memory.dmp

Filesize
3.3MB

Download
memory/2420-173-0x00007FF6A0F10000-0x00007FF6A1264000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2115-0x00007FF6A0F10000-0x00007FF6A1264000-memory.dmp

Filesize
3.3MB

Download
memory/2524-167-0x00007FF6E4810000-0x00007FF6E4B64000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2109-0x00007FF6E4810000-0x00007FF6E4B64000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2096-0x00007FF63B030000-0x00007FF63B384000-memory.dmp

Filesize
3.3MB

Download
memory/2804-77-0x00007FF63B030000-0x00007FF63B384000-memory.dmp

Filesize
3.3MB

Download
memory/2876-169-0x00007FF724390000-0x00007FF7246E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-2107-0x00007FF724390000-0x00007FF7246E4000-memory.dmp

Filesize
3.3MB

Download
memory/3080-2094-0x00007FF74C230000-0x00007FF74C584000-memory.dmp

Filesize
3.3MB

Download
memory/3080-176-0x00007FF74C230000-0x00007FF74C584000-memory.dmp

Filesize
3.3MB

Download
memory/3148-170-0x00007FF6F2910000-0x00007FF6F2C64000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2106-0x00007FF6F2910000-0x00007FF6F2C64000-memory.dmp

Filesize
3.3MB

Download
memory/4060-171-0x00007FF6A17D0000-0x00007FF6A1B24000-memory.dmp

Filesize
3.3MB

Download
memory/4060-2116-0x00007FF6A17D0000-0x00007FF6A1B24000-memory.dmp

Filesize
3.3MB

Download
memory/4224-163-0x00007FF6E1270000-0x00007FF6E15C4000-memory.dmp

Filesize
3.3MB

Download
memory/4224-2114-0x00007FF6E1270000-0x00007FF6E15C4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-2105-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-168-0x00007FF6EAB90000-0x00007FF6EAEE4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-13-0x00007FF6D5540000-0x00007FF6D5894000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2090-0x00007FF6D5540000-0x00007FF6D5894000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2099-0x00007FF7F4F50000-0x00007FF7F52A4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-142-0x00007FF7F4F50000-0x00007FF7F52A4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-175-0x00007FF7FA480000-0x00007FF7FA7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2112-0x00007FF7FA480000-0x00007FF7FA7D4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2111-0x00007FF7AB030000-0x00007FF7AB384000-memory.dmp

Filesize
3.3MB

Download
memory/4716-174-0x00007FF7AB030000-0x00007FF7AB384000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2104-0x00007FF617630000-0x00007FF617984000-memory.dmp

Filesize
3.3MB

Download
memory/4732-180-0x00007FF617630000-0x00007FF617984000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2097-0x00007FF786A00000-0x00007FF786D54000-memory.dmp

Filesize
3.3MB

Download
memory/4780-68-0x00007FF786A00000-0x00007FF786D54000-memory.dmp

Filesize
3.3MB

Download
memory/4840-2098-0x00007FF60C310000-0x00007FF60C664000-memory.dmp

Filesize
3.3MB

Download
memory/4840-88-0x00007FF60C310000-0x00007FF60C664000-memory.dmp

Filesize
3.3MB

Download
memory/5028-2102-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp

Filesize
3.3MB

Download
memory/5028-121-0x00007FF6D34D0000-0x00007FF6D3824000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads