kpot | 6b2fa05fc16c736b9d360bdbb7d8a96881d5f6d6778ed294ea4dccc8c623503c

Analysis

max time kernel
117s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
Size

2.0MB
MD5

5e177c6aa883cce2f5e785f6e72a62c0
SHA1

d7c9c05b59ffe007b89525a3b538563e7420689b
SHA256

6b2fa05fc16c736b9d360bdbb7d8a96881d5f6d6778ed294ea4dccc8c623503c
SHA512

624f3f3ddc268dae76b28d27c7c330e726b4d1b159044df0c53dc39df4a1bcfb9444d93b0f179eeb733bef2ab25a830617fd14de6558aca6c9e6d405e6538a60
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI37:BemTLkNdfE0pZrwD

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000a000000023423-5.dat	family_kpot
behavioral2/files/0x0008000000023427-10.dat	family_kpot
behavioral2/files/0x000700000002342b-16.dat	family_kpot
behavioral2/files/0x000700000002342d-26.dat	family_kpot
behavioral2/files/0x000700000002342e-38.dat	family_kpot
behavioral2/files/0x000700000002342f-42.dat	family_kpot
behavioral2/files/0x0007000000023431-54.dat	family_kpot
behavioral2/files/0x0007000000023437-76.dat	family_kpot
behavioral2/files/0x0007000000023441-130.dat	family_kpot
behavioral2/files/0x0007000000023446-163.dat	family_kpot
behavioral2/files/0x0007000000023449-170.dat	family_kpot
behavioral2/files/0x0007000000023447-168.dat	family_kpot
behavioral2/files/0x0007000000023448-165.dat	family_kpot
behavioral2/files/0x0007000000023445-158.dat	family_kpot
behavioral2/files/0x0007000000023444-153.dat	family_kpot
behavioral2/files/0x0007000000023443-148.dat	family_kpot
behavioral2/files/0x0007000000023442-143.dat	family_kpot
behavioral2/files/0x0007000000023440-133.dat	family_kpot
behavioral2/files/0x000700000002343f-128.dat	family_kpot
behavioral2/files/0x000700000002343e-123.dat	family_kpot
behavioral2/files/0x000700000002343d-118.dat	family_kpot
behavioral2/files/0x000700000002343c-113.dat	family_kpot
behavioral2/files/0x000700000002343b-108.dat	family_kpot
behavioral2/files/0x000700000002343a-103.dat	family_kpot
behavioral2/files/0x0007000000023439-98.dat	family_kpot
behavioral2/files/0x0007000000023438-93.dat	family_kpot
behavioral2/files/0x0007000000023436-83.dat	family_kpot
behavioral2/files/0x0007000000023435-81.dat	family_kpot
behavioral2/files/0x0007000000023434-79.dat	family_kpot
behavioral2/files/0x0007000000023433-74.dat	family_kpot
behavioral2/files/0x0007000000023432-67.dat	family_kpot
behavioral2/files/0x0007000000023430-47.dat	family_kpot
behavioral2/files/0x000700000002342c-23.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3772-0-0x00007FF79A020000-0x00007FF79A374000-memory.dmp	xmrig
behavioral2/files/0x000a000000023423-5.dat	xmrig
behavioral2/files/0x0008000000023427-10.dat	xmrig
behavioral2/files/0x000700000002342b-16.dat	xmrig
behavioral2/files/0x000700000002342d-26.dat	xmrig
behavioral2/files/0x000700000002342e-38.dat	xmrig
behavioral2/files/0x000700000002342f-42.dat	xmrig
behavioral2/files/0x0007000000023431-54.dat	xmrig
behavioral2/memory/4076-56-0x00007FF71EC80000-0x00007FF71EFD4000-memory.dmp	xmrig
behavioral2/memory/4976-62-0x00007FF7025E0000-0x00007FF702934000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-76.dat	xmrig
behavioral2/files/0x0007000000023441-130.dat	xmrig
behavioral2/files/0x0007000000023446-163.dat	xmrig
behavioral2/memory/2752-475-0x00007FF738990000-0x00007FF738CE4000-memory.dmp	xmrig
behavioral2/memory/1528-478-0x00007FF685730000-0x00007FF685A84000-memory.dmp	xmrig
behavioral2/memory/3940-488-0x00007FF632F50000-0x00007FF6332A4000-memory.dmp	xmrig
behavioral2/memory/2792-490-0x00007FF6C36B0000-0x00007FF6C3A04000-memory.dmp	xmrig
behavioral2/memory/4068-496-0x00007FF7B8AF0000-0x00007FF7B8E44000-memory.dmp	xmrig
behavioral2/memory/976-497-0x00007FF721790000-0x00007FF721AE4000-memory.dmp	xmrig
behavioral2/memory/2128-512-0x00007FF647CB0000-0x00007FF648004000-memory.dmp	xmrig
behavioral2/memory/3372-513-0x00007FF7AF4C0000-0x00007FF7AF814000-memory.dmp	xmrig
behavioral2/memory/4672-511-0x00007FF60DBC0000-0x00007FF60DF14000-memory.dmp	xmrig
behavioral2/memory/3380-506-0x00007FF762C00000-0x00007FF762F54000-memory.dmp	xmrig
behavioral2/memory/1604-505-0x00007FF7C6A70000-0x00007FF7C6DC4000-memory.dmp	xmrig
behavioral2/memory/1800-504-0x00007FF7A6810000-0x00007FF7A6B64000-memory.dmp	xmrig
behavioral2/memory/1840-494-0x00007FF730CC0000-0x00007FF731014000-memory.dmp	xmrig
behavioral2/memory/2140-491-0x00007FF6355B0000-0x00007FF635904000-memory.dmp	xmrig
behavioral2/memory/1756-489-0x00007FF7005A0000-0x00007FF7008F4000-memory.dmp	xmrig
behavioral2/memory/1760-483-0x00007FF66AF10000-0x00007FF66B264000-memory.dmp	xmrig
behavioral2/memory/4600-473-0x00007FF624480000-0x00007FF6247D4000-memory.dmp	xmrig
behavioral2/memory/3516-468-0x00007FF780650000-0x00007FF7809A4000-memory.dmp	xmrig
behavioral2/memory/4424-464-0x00007FF631EF0000-0x00007FF632244000-memory.dmp	xmrig
behavioral2/memory/1584-460-0x00007FF621DD0000-0x00007FF622124000-memory.dmp	xmrig
behavioral2/memory/2024-457-0x00007FF6439C0000-0x00007FF643D14000-memory.dmp	xmrig
behavioral2/memory/3244-455-0x00007FF6DB7B0000-0x00007FF6DBB04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023449-170.dat	xmrig
behavioral2/files/0x0007000000023447-168.dat	xmrig
behavioral2/files/0x0007000000023448-165.dat	xmrig
behavioral2/files/0x0007000000023445-158.dat	xmrig
behavioral2/files/0x0007000000023444-153.dat	xmrig
behavioral2/files/0x0007000000023443-148.dat	xmrig
behavioral2/files/0x0007000000023442-143.dat	xmrig
behavioral2/files/0x0007000000023440-133.dat	xmrig
behavioral2/files/0x000700000002343f-128.dat	xmrig
behavioral2/files/0x000700000002343e-123.dat	xmrig
behavioral2/files/0x000700000002343d-118.dat	xmrig
behavioral2/files/0x000700000002343c-113.dat	xmrig
behavioral2/files/0x000700000002343b-108.dat	xmrig
behavioral2/files/0x000700000002343a-103.dat	xmrig
behavioral2/files/0x0007000000023439-98.dat	xmrig
behavioral2/files/0x0007000000023438-93.dat	xmrig
behavioral2/files/0x0007000000023436-83.dat	xmrig
behavioral2/files/0x0007000000023435-81.dat	xmrig
behavioral2/files/0x0007000000023434-79.dat	xmrig
behavioral2/files/0x0007000000023433-74.dat	xmrig
behavioral2/files/0x0007000000023432-67.dat	xmrig
behavioral2/memory/636-52-0x00007FF627FC0000-0x00007FF628314000-memory.dmp	xmrig
behavioral2/memory/4356-51-0x00007FF6F2260000-0x00007FF6F25B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-47.dat	xmrig
behavioral2/memory/5048-35-0x00007FF785270000-0x00007FF7855C4000-memory.dmp	xmrig
behavioral2/memory/3012-31-0x00007FF7F72A0000-0x00007FF7F75F4000-memory.dmp	xmrig
behavioral2/memory/3452-25-0x00007FF77B600000-0x00007FF77B954000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-23.dat	xmrig
behavioral2/memory/4356-2125-0x00007FF6F2260000-0x00007FF6F25B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3452	hZkmJvZ.exe
4976	axmWcyn.exe
3012	SBCIVrN.exe
5048	mKIClpw.exe
3244	YKDzIad.exe
4356	DLiBRHd.exe
2024	XAwhYJU.exe
636	jSBAgfc.exe
4076	adbywUj.exe
1584	qDJIzss.exe
2128	EjLlxEy.exe
3372	CyKBFTM.exe
4424	msirbXq.exe
3516	aRBYUcA.exe
4600	aZzcEtr.exe
2752	OJlSYse.exe
1528	LYjfaAb.exe
1760	GkkGPtO.exe
3940	nDldTcv.exe
1756	wrUXoYf.exe
2792	EBDWqIs.exe
2140	eiRVAlr.exe
1840	fWMVYRw.exe
4068	lXPXmee.exe
976	YFaFpQm.exe
1800	tMUphzV.exe
1604	QToQwzS.exe
3380	VOmCjpJ.exe
4672	QebUurU.exe
2000	dXhnXBm.exe
1032	gMiCjkf.exe
2316	vYqvtSt.exe
4100	jCrdPlN.exe
4852	EFNfsCZ.exe
4088	PLrqhQM.exe
4748	bWhbqZg.exe
1852	NCXcBWp.exe
3488	qKipBXx.exe
3924	apeoGnO.exe
4472	gUJWSgT.exe
2248	iFAPswR.exe
3296	BKWHNSW.exe
1716	neuyVnK.exe
4348	uHJWwFO.exe
2308	msUNIrv.exe
536	UqjqXiA.exe
2420	dxPYUmZ.exe
3216	TNQgvUl.exe
4736	LqbHGkB.exe
2496	UusHGNZ.exe
4632	dcVIihp.exe
624	wxrWecW.exe
3160	XfGvDzD.exe
4676	jWMipZC.exe
4200	LSMhgkS.exe
3728	qzZVADq.exe
668	yNhaOda.exe
4204	lYKnzAh.exe
3256	NPRXbkH.exe
4776	QTivPbQ.exe
4172	EEyfJPm.exe
4056	saaSlmC.exe
468	ZlCyEDS.exe
3524	dSQpMkL.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3772-0-0x00007FF79A020000-0x00007FF79A374000-memory.dmp	upx
behavioral2/files/0x000a000000023423-5.dat	upx
behavioral2/files/0x0008000000023427-10.dat	upx
behavioral2/files/0x000700000002342b-16.dat	upx
behavioral2/files/0x000700000002342d-26.dat	upx
behavioral2/files/0x000700000002342e-38.dat	upx
behavioral2/files/0x000700000002342f-42.dat	upx
behavioral2/files/0x0007000000023431-54.dat	upx
behavioral2/memory/4076-56-0x00007FF71EC80000-0x00007FF71EFD4000-memory.dmp	upx
behavioral2/memory/4976-62-0x00007FF7025E0000-0x00007FF702934000-memory.dmp	upx
behavioral2/files/0x0007000000023437-76.dat	upx
behavioral2/files/0x0007000000023441-130.dat	upx
behavioral2/files/0x0007000000023446-163.dat	upx
behavioral2/memory/2752-475-0x00007FF738990000-0x00007FF738CE4000-memory.dmp	upx
behavioral2/memory/1528-478-0x00007FF685730000-0x00007FF685A84000-memory.dmp	upx
behavioral2/memory/3940-488-0x00007FF632F50000-0x00007FF6332A4000-memory.dmp	upx
behavioral2/memory/2792-490-0x00007FF6C36B0000-0x00007FF6C3A04000-memory.dmp	upx
behavioral2/memory/4068-496-0x00007FF7B8AF0000-0x00007FF7B8E44000-memory.dmp	upx
behavioral2/memory/976-497-0x00007FF721790000-0x00007FF721AE4000-memory.dmp	upx
behavioral2/memory/2128-512-0x00007FF647CB0000-0x00007FF648004000-memory.dmp	upx
behavioral2/memory/3372-513-0x00007FF7AF4C0000-0x00007FF7AF814000-memory.dmp	upx
behavioral2/memory/4672-511-0x00007FF60DBC0000-0x00007FF60DF14000-memory.dmp	upx
behavioral2/memory/3380-506-0x00007FF762C00000-0x00007FF762F54000-memory.dmp	upx
behavioral2/memory/1604-505-0x00007FF7C6A70000-0x00007FF7C6DC4000-memory.dmp	upx
behavioral2/memory/1800-504-0x00007FF7A6810000-0x00007FF7A6B64000-memory.dmp	upx
behavioral2/memory/1840-494-0x00007FF730CC0000-0x00007FF731014000-memory.dmp	upx
behavioral2/memory/2140-491-0x00007FF6355B0000-0x00007FF635904000-memory.dmp	upx
behavioral2/memory/1756-489-0x00007FF7005A0000-0x00007FF7008F4000-memory.dmp	upx
behavioral2/memory/1760-483-0x00007FF66AF10000-0x00007FF66B264000-memory.dmp	upx
behavioral2/memory/4600-473-0x00007FF624480000-0x00007FF6247D4000-memory.dmp	upx
behavioral2/memory/3516-468-0x00007FF780650000-0x00007FF7809A4000-memory.dmp	upx
behavioral2/memory/4424-464-0x00007FF631EF0000-0x00007FF632244000-memory.dmp	upx
behavioral2/memory/1584-460-0x00007FF621DD0000-0x00007FF622124000-memory.dmp	upx
behavioral2/memory/2024-457-0x00007FF6439C0000-0x00007FF643D14000-memory.dmp	upx
behavioral2/memory/3244-455-0x00007FF6DB7B0000-0x00007FF6DBB04000-memory.dmp	upx
behavioral2/files/0x0007000000023449-170.dat	upx
behavioral2/files/0x0007000000023447-168.dat	upx
behavioral2/files/0x0007000000023448-165.dat	upx
behavioral2/files/0x0007000000023445-158.dat	upx
behavioral2/files/0x0007000000023444-153.dat	upx
behavioral2/files/0x0007000000023443-148.dat	upx
behavioral2/files/0x0007000000023442-143.dat	upx
behavioral2/files/0x0007000000023440-133.dat	upx
behavioral2/files/0x000700000002343f-128.dat	upx
behavioral2/files/0x000700000002343e-123.dat	upx
behavioral2/files/0x000700000002343d-118.dat	upx
behavioral2/files/0x000700000002343c-113.dat	upx
behavioral2/files/0x000700000002343b-108.dat	upx
behavioral2/files/0x000700000002343a-103.dat	upx
behavioral2/files/0x0007000000023439-98.dat	upx
behavioral2/files/0x0007000000023438-93.dat	upx
behavioral2/files/0x0007000000023436-83.dat	upx
behavioral2/files/0x0007000000023435-81.dat	upx
behavioral2/files/0x0007000000023434-79.dat	upx
behavioral2/files/0x0007000000023433-74.dat	upx
behavioral2/files/0x0007000000023432-67.dat	upx
behavioral2/memory/636-52-0x00007FF627FC0000-0x00007FF628314000-memory.dmp	upx
behavioral2/memory/4356-51-0x00007FF6F2260000-0x00007FF6F25B4000-memory.dmp	upx
behavioral2/files/0x0007000000023430-47.dat	upx
behavioral2/memory/5048-35-0x00007FF785270000-0x00007FF7855C4000-memory.dmp	upx
behavioral2/memory/3012-31-0x00007FF7F72A0000-0x00007FF7F75F4000-memory.dmp	upx
behavioral2/memory/3452-25-0x00007FF77B600000-0x00007FF77B954000-memory.dmp	upx
behavioral2/files/0x000700000002342c-23.dat	upx
behavioral2/memory/4356-2125-0x00007FF6F2260000-0x00007FF6F25B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hCGdoWL.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\kysEgWr.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\uJyuEsW.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\hLklQLM.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\sLaVBsN.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\kLsjLui.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\vRgTgdd.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\nquLzzq.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\qUSRIhE.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\qzZVADq.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\xQdPUwX.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\Pbdsiau.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\sQFMTRX.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\WWqiJZB.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\mRSZsTT.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\oxIFiIX.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\nZbZxRR.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\OAqfXSe.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\GsPBFnH.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\myRGhRv.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\pjXuZpf.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\JMOcPri.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\rDrdDKN.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\rKtybRn.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\qZHpKMV.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\XtETpbi.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\fWMVYRw.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\UusHGNZ.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\dyCcZPL.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\KzLIxeD.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZlCyEDS.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\SefGISj.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\jXtlyxd.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\wQQSfxm.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\TsCJRHO.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\YuQERNq.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\MmVCNGJ.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\mKIClpw.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\rSEEGaP.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\TmjBEfg.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\jCrdPlN.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\BuPyzrY.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\nbhKquT.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\KLlpyNZ.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\WJlKohO.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\yDClhmM.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\eqqBhHm.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\ukmEYwR.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\bLHHAHG.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\DkFbqyD.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\vWvmfNO.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\zvubipX.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\iCLXpeE.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\dTFXEUL.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\LYjfaAb.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\ITrjQUi.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\TDVuAaD.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\wZTyghX.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\xxlzVve.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\IbruPbw.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\NcZUEHD.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\QebUurU.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\MBfZZNS.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
File created	C:\Windows\System\xbOSNPR.exe	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14832	dwm.exe
Token: SeChangeNotifyPrivilege	14832	dwm.exe
Token: 33	14832	dwm.exe
Token: SeIncBasePriorityPrivilege	14832	dwm.exe
Token: SeShutdownPrivilege	14832	dwm.exe
Token: SeCreatePagefilePrivilege	14832	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 3452	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	83
PID 3772 wrote to memory of 3452	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	83
PID 3772 wrote to memory of 4976	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	84
PID 3772 wrote to memory of 4976	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	84
PID 3772 wrote to memory of 3012	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	85
PID 3772 wrote to memory of 3012	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	85
PID 3772 wrote to memory of 5048	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	86
PID 3772 wrote to memory of 5048	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	86
PID 3772 wrote to memory of 3244	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	87
PID 3772 wrote to memory of 3244	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	87
PID 3772 wrote to memory of 2024	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	88
PID 3772 wrote to memory of 2024	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	88
PID 3772 wrote to memory of 4356	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	89
PID 3772 wrote to memory of 4356	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	89
PID 3772 wrote to memory of 636	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	90
PID 3772 wrote to memory of 636	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	90
PID 3772 wrote to memory of 4076	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	91
PID 3772 wrote to memory of 4076	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	91
PID 3772 wrote to memory of 1584	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	92
PID 3772 wrote to memory of 1584	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	92
PID 3772 wrote to memory of 2128	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	93
PID 3772 wrote to memory of 2128	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	93
PID 3772 wrote to memory of 3372	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	94
PID 3772 wrote to memory of 3372	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	94
PID 3772 wrote to memory of 4424	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	95
PID 3772 wrote to memory of 4424	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	95
PID 3772 wrote to memory of 3516	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	96
PID 3772 wrote to memory of 3516	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	96
PID 3772 wrote to memory of 4600	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	97
PID 3772 wrote to memory of 4600	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	97
PID 3772 wrote to memory of 2752	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	98
PID 3772 wrote to memory of 2752	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	98
PID 3772 wrote to memory of 1528	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	99
PID 3772 wrote to memory of 1528	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	99
PID 3772 wrote to memory of 1760	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	100
PID 3772 wrote to memory of 1760	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	100
PID 3772 wrote to memory of 3940	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	101
PID 3772 wrote to memory of 3940	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	101
PID 3772 wrote to memory of 1756	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	102
PID 3772 wrote to memory of 1756	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	102
PID 3772 wrote to memory of 2792	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	103
PID 3772 wrote to memory of 2792	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	103
PID 3772 wrote to memory of 2140	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	104
PID 3772 wrote to memory of 2140	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	104
PID 3772 wrote to memory of 1840	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	105
PID 3772 wrote to memory of 1840	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	105
PID 3772 wrote to memory of 4068	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	106
PID 3772 wrote to memory of 4068	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	106
PID 3772 wrote to memory of 976	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	107
PID 3772 wrote to memory of 976	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	107
PID 3772 wrote to memory of 1800	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	108
PID 3772 wrote to memory of 1800	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	108
PID 3772 wrote to memory of 1604	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	109
PID 3772 wrote to memory of 1604	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	109
PID 3772 wrote to memory of 3380	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	110
PID 3772 wrote to memory of 3380	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	110
PID 3772 wrote to memory of 4672	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	111
PID 3772 wrote to memory of 4672	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	111
PID 3772 wrote to memory of 2000	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	112
PID 3772 wrote to memory of 2000	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	112
PID 3772 wrote to memory of 1032	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	113
PID 3772 wrote to memory of 1032	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	113
PID 3772 wrote to memory of 2316	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	114
PID 3772 wrote to memory of 2316	3772	5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5e177c6aa883cce2f5e785f6e72a62c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Windows\System\hZkmJvZ.exe
  C:\Windows\System\hZkmJvZ.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\axmWcyn.exe
  C:\Windows\System\axmWcyn.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\SBCIVrN.exe
  C:\Windows\System\SBCIVrN.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\mKIClpw.exe
  C:\Windows\System\mKIClpw.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\YKDzIad.exe
  C:\Windows\System\YKDzIad.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\XAwhYJU.exe
  C:\Windows\System\XAwhYJU.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\DLiBRHd.exe
  C:\Windows\System\DLiBRHd.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\jSBAgfc.exe
  C:\Windows\System\jSBAgfc.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\adbywUj.exe
  C:\Windows\System\adbywUj.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\qDJIzss.exe
  C:\Windows\System\qDJIzss.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\EjLlxEy.exe
  C:\Windows\System\EjLlxEy.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\CyKBFTM.exe
  C:\Windows\System\CyKBFTM.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\msirbXq.exe
  C:\Windows\System\msirbXq.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\aRBYUcA.exe
  C:\Windows\System\aRBYUcA.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\aZzcEtr.exe
  C:\Windows\System\aZzcEtr.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\OJlSYse.exe
  C:\Windows\System\OJlSYse.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\LYjfaAb.exe
  C:\Windows\System\LYjfaAb.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\GkkGPtO.exe
  C:\Windows\System\GkkGPtO.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\nDldTcv.exe
  C:\Windows\System\nDldTcv.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\wrUXoYf.exe
  C:\Windows\System\wrUXoYf.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\EBDWqIs.exe
  C:\Windows\System\EBDWqIs.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\eiRVAlr.exe
  C:\Windows\System\eiRVAlr.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\fWMVYRw.exe
  C:\Windows\System\fWMVYRw.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\lXPXmee.exe
  C:\Windows\System\lXPXmee.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\YFaFpQm.exe
  C:\Windows\System\YFaFpQm.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\tMUphzV.exe
  C:\Windows\System\tMUphzV.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\QToQwzS.exe
  C:\Windows\System\QToQwzS.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\VOmCjpJ.exe
  C:\Windows\System\VOmCjpJ.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\QebUurU.exe
  C:\Windows\System\QebUurU.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\dXhnXBm.exe
  C:\Windows\System\dXhnXBm.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\gMiCjkf.exe
  C:\Windows\System\gMiCjkf.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\vYqvtSt.exe
  C:\Windows\System\vYqvtSt.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\jCrdPlN.exe
  C:\Windows\System\jCrdPlN.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\EFNfsCZ.exe
  C:\Windows\System\EFNfsCZ.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\PLrqhQM.exe
  C:\Windows\System\PLrqhQM.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\bWhbqZg.exe
  C:\Windows\System\bWhbqZg.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\NCXcBWp.exe
  C:\Windows\System\NCXcBWp.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\qKipBXx.exe
  C:\Windows\System\qKipBXx.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\apeoGnO.exe
  C:\Windows\System\apeoGnO.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\gUJWSgT.exe
  C:\Windows\System\gUJWSgT.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\iFAPswR.exe
  C:\Windows\System\iFAPswR.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\BKWHNSW.exe
  C:\Windows\System\BKWHNSW.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\neuyVnK.exe
  C:\Windows\System\neuyVnK.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\uHJWwFO.exe
  C:\Windows\System\uHJWwFO.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\msUNIrv.exe
  C:\Windows\System\msUNIrv.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\UqjqXiA.exe
  C:\Windows\System\UqjqXiA.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\dxPYUmZ.exe
  C:\Windows\System\dxPYUmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\TNQgvUl.exe
  C:\Windows\System\TNQgvUl.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\LqbHGkB.exe
  C:\Windows\System\LqbHGkB.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\UusHGNZ.exe
  C:\Windows\System\UusHGNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\dcVIihp.exe
  C:\Windows\System\dcVIihp.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\wxrWecW.exe
  C:\Windows\System\wxrWecW.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\XfGvDzD.exe
  C:\Windows\System\XfGvDzD.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\jWMipZC.exe
  C:\Windows\System\jWMipZC.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\LSMhgkS.exe
  C:\Windows\System\LSMhgkS.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\qzZVADq.exe
  C:\Windows\System\qzZVADq.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\yNhaOda.exe
  C:\Windows\System\yNhaOda.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\lYKnzAh.exe
  C:\Windows\System\lYKnzAh.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\NPRXbkH.exe
  C:\Windows\System\NPRXbkH.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\QTivPbQ.exe
  C:\Windows\System\QTivPbQ.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\EEyfJPm.exe
  C:\Windows\System\EEyfJPm.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\saaSlmC.exe
  C:\Windows\System\saaSlmC.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\ZlCyEDS.exe
  C:\Windows\System\ZlCyEDS.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\dSQpMkL.exe
  C:\Windows\System\dSQpMkL.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\SCRnoAw.exe
  C:\Windows\System\SCRnoAw.exe
  2⤵
  PID:4772
- C:\Windows\System\prcOPGe.exe
  C:\Windows\System\prcOPGe.exe
  2⤵
  PID:4640
- C:\Windows\System\hKkyvqU.exe
  C:\Windows\System\hKkyvqU.exe
  2⤵
  PID:3140
- C:\Windows\System\dUQEEgo.exe
  C:\Windows\System\dUQEEgo.exe
  2⤵
  PID:1432
- C:\Windows\System\rrByfFN.exe
  C:\Windows\System\rrByfFN.exe
  2⤵
  PID:4940
- C:\Windows\System\PPrLwBq.exe
  C:\Windows\System\PPrLwBq.exe
  2⤵
  PID:4116
- C:\Windows\System\eakldsq.exe
  C:\Windows\System\eakldsq.exe
  2⤵
  PID:3800
- C:\Windows\System\quHImQn.exe
  C:\Windows\System\quHImQn.exe
  2⤵
  PID:3936
- C:\Windows\System\IVplaGz.exe
  C:\Windows\System\IVplaGz.exe
  2⤵
  PID:3008
- C:\Windows\System\HDHByWA.exe
  C:\Windows\System\HDHByWA.exe
  2⤵
  PID:4700
- C:\Windows\System\PRobZkE.exe
  C:\Windows\System\PRobZkE.exe
  2⤵
  PID:4328
- C:\Windows\System\mLRZEXa.exe
  C:\Windows\System\mLRZEXa.exe
  2⤵
  PID:4420
- C:\Windows\System\sdWhHjP.exe
  C:\Windows\System\sdWhHjP.exe
  2⤵
  PID:3032
- C:\Windows\System\pLkzdcN.exe
  C:\Windows\System\pLkzdcN.exe
  2⤵
  PID:2032
- C:\Windows\System\kysEgWr.exe
  C:\Windows\System\kysEgWr.exe
  2⤵
  PID:3184
- C:\Windows\System\GUscvsO.exe
  C:\Windows\System\GUscvsO.exe
  2⤵
  PID:2312
- C:\Windows\System\vhgYhAb.exe
  C:\Windows\System\vhgYhAb.exe
  2⤵
  PID:2304
- C:\Windows\System\wBCgRGi.exe
  C:\Windows\System\wBCgRGi.exe
  2⤵
  PID:2112
- C:\Windows\System\kluzWNB.exe
  C:\Windows\System\kluzWNB.exe
  2⤵
  PID:4104
- C:\Windows\System\ITrjQUi.exe
  C:\Windows\System\ITrjQUi.exe
  2⤵
  PID:1464
- C:\Windows\System\xQdPUwX.exe
  C:\Windows\System\xQdPUwX.exe
  2⤵
  PID:2372
- C:\Windows\System\JqccfYm.exe
  C:\Windows\System\JqccfYm.exe
  2⤵
  PID:3588
- C:\Windows\System\SefGISj.exe
  C:\Windows\System\SefGISj.exe
  2⤵
  PID:4140
- C:\Windows\System\uJyuEsW.exe
  C:\Windows\System\uJyuEsW.exe
  2⤵
  PID:208
- C:\Windows\System\littImc.exe
  C:\Windows\System\littImc.exe
  2⤵
  PID:1668
- C:\Windows\System\GsPBFnH.exe
  C:\Windows\System\GsPBFnH.exe
  2⤵
  PID:5140
- C:\Windows\System\IhzuFld.exe
  C:\Windows\System\IhzuFld.exe
  2⤵
  PID:5164
- C:\Windows\System\CouTeUZ.exe
  C:\Windows\System\CouTeUZ.exe
  2⤵
  PID:5196
- C:\Windows\System\MBfZZNS.exe
  C:\Windows\System\MBfZZNS.exe
  2⤵
  PID:5220
- C:\Windows\System\QrhDQUR.exe
  C:\Windows\System\QrhDQUR.exe
  2⤵
  PID:5248
- C:\Windows\System\UJWGjnQ.exe
  C:\Windows\System\UJWGjnQ.exe
  2⤵
  PID:5276
- C:\Windows\System\xEoEWap.exe
  C:\Windows\System\xEoEWap.exe
  2⤵
  PID:5308
- C:\Windows\System\zMSIIlb.exe
  C:\Windows\System\zMSIIlb.exe
  2⤵
  PID:5336
- C:\Windows\System\TDVuAaD.exe
  C:\Windows\System\TDVuAaD.exe
  2⤵
  PID:5360
- C:\Windows\System\fbkLEHj.exe
  C:\Windows\System\fbkLEHj.exe
  2⤵
  PID:5388
- C:\Windows\System\VFXINTj.exe
  C:\Windows\System\VFXINTj.exe
  2⤵
  PID:5420
- C:\Windows\System\qlqYzQn.exe
  C:\Windows\System\qlqYzQn.exe
  2⤵
  PID:5448
- C:\Windows\System\RMrBVmC.exe
  C:\Windows\System\RMrBVmC.exe
  2⤵
  PID:5476
- C:\Windows\System\zcIcMyw.exe
  C:\Windows\System\zcIcMyw.exe
  2⤵
  PID:5504
- C:\Windows\System\XLnpydq.exe
  C:\Windows\System\XLnpydq.exe
  2⤵
  PID:5528
- C:\Windows\System\wxtPAHi.exe
  C:\Windows\System\wxtPAHi.exe
  2⤵
  PID:5560
- C:\Windows\System\QTBBLyM.exe
  C:\Windows\System\QTBBLyM.exe
  2⤵
  PID:5584
- C:\Windows\System\hJMuwlN.exe
  C:\Windows\System\hJMuwlN.exe
  2⤵
  PID:5616
- C:\Windows\System\gwTOxNZ.exe
  C:\Windows\System\gwTOxNZ.exe
  2⤵
  PID:5644
- C:\Windows\System\zUnLpbr.exe
  C:\Windows\System\zUnLpbr.exe
  2⤵
  PID:5668
- C:\Windows\System\JQlVjLD.exe
  C:\Windows\System\JQlVjLD.exe
  2⤵
  PID:5696
- C:\Windows\System\aIFCMRY.exe
  C:\Windows\System\aIFCMRY.exe
  2⤵
  PID:5728
- C:\Windows\System\ZQYspSH.exe
  C:\Windows\System\ZQYspSH.exe
  2⤵
  PID:5752
- C:\Windows\System\uxijJrn.exe
  C:\Windows\System\uxijJrn.exe
  2⤵
  PID:5780
- C:\Windows\System\jXtlyxd.exe
  C:\Windows\System\jXtlyxd.exe
  2⤵
  PID:5812
- C:\Windows\System\DRIaHzH.exe
  C:\Windows\System\DRIaHzH.exe
  2⤵
  PID:5840
- C:\Windows\System\PTnlTTv.exe
  C:\Windows\System\PTnlTTv.exe
  2⤵
  PID:5864
- C:\Windows\System\qnQdoFM.exe
  C:\Windows\System\qnQdoFM.exe
  2⤵
  PID:5892
- C:\Windows\System\BPVHwer.exe
  C:\Windows\System\BPVHwer.exe
  2⤵
  PID:5920
- C:\Windows\System\zyObGat.exe
  C:\Windows\System\zyObGat.exe
  2⤵
  PID:5952
- C:\Windows\System\EpfYrVi.exe
  C:\Windows\System\EpfYrVi.exe
  2⤵
  PID:5980
- C:\Windows\System\BuPyzrY.exe
  C:\Windows\System\BuPyzrY.exe
  2⤵
  PID:6008
- C:\Windows\System\MgjFGKw.exe
  C:\Windows\System\MgjFGKw.exe
  2⤵
  PID:6036
- C:\Windows\System\LFAbXgd.exe
  C:\Windows\System\LFAbXgd.exe
  2⤵
  PID:6064
- C:\Windows\System\OdWYQPl.exe
  C:\Windows\System\OdWYQPl.exe
  2⤵
  PID:6092
- C:\Windows\System\xOdriVk.exe
  C:\Windows\System\xOdriVk.exe
  2⤵
  PID:6120
- C:\Windows\System\wdaTtzC.exe
  C:\Windows\System\wdaTtzC.exe
  2⤵
  PID:4768
- C:\Windows\System\cAMhvVi.exe
  C:\Windows\System\cAMhvVi.exe
  2⤵
  PID:4576
- C:\Windows\System\KHLzhXZ.exe
  C:\Windows\System\KHLzhXZ.exe
  2⤵
  PID:3212
- C:\Windows\System\eqqBhHm.exe
  C:\Windows\System\eqqBhHm.exe
  2⤵
  PID:5124
- C:\Windows\System\MQDdcyM.exe
  C:\Windows\System\MQDdcyM.exe
  2⤵
  PID:5212
- C:\Windows\System\CCUrUAS.exe
  C:\Windows\System\CCUrUAS.exe
  2⤵
  PID:5292
- C:\Windows\System\PSIvcFm.exe
  C:\Windows\System\PSIvcFm.exe
  2⤵
  PID:5352
- C:\Windows\System\yvhzIxw.exe
  C:\Windows\System\yvhzIxw.exe
  2⤵
  PID:5460
- C:\Windows\System\xbOSNPR.exe
  C:\Windows\System\xbOSNPR.exe
  2⤵
  PID:5544
- C:\Windows\System\cNJKBQh.exe
  C:\Windows\System\cNJKBQh.exe
  2⤵
  PID:5580
- C:\Windows\System\VoLWXtC.exe
  C:\Windows\System\VoLWXtC.exe
  2⤵
  PID:5656
- C:\Windows\System\shONBDt.exe
  C:\Windows\System\shONBDt.exe
  2⤵
  PID:5688
- C:\Windows\System\JFHpEfM.exe
  C:\Windows\System\JFHpEfM.exe
  2⤵
  PID:5888
- C:\Windows\System\HduZURZ.exe
  C:\Windows\System\HduZURZ.exe
  2⤵
  PID:5936
- C:\Windows\System\GIDWblH.exe
  C:\Windows\System\GIDWblH.exe
  2⤵
  PID:1888
- C:\Windows\System\pITeGYo.exe
  C:\Windows\System\pITeGYo.exe
  2⤵
  PID:4052
- C:\Windows\System\bZeLXCJ.exe
  C:\Windows\System\bZeLXCJ.exe
  2⤵
  PID:5188
- C:\Windows\System\rrYFEZR.exe
  C:\Windows\System\rrYFEZR.exe
  2⤵
  PID:5264
- C:\Windows\System\wQQSfxm.exe
  C:\Windows\System\wQQSfxm.exe
  2⤵
  PID:5520
- C:\Windows\System\CxpflVN.exe
  C:\Windows\System\CxpflVN.exe
  2⤵
  PID:5604
- C:\Windows\System\eUNCiLl.exe
  C:\Windows\System\eUNCiLl.exe
  2⤵
  PID:1972
- C:\Windows\System\FxMNEbq.exe
  C:\Windows\System\FxMNEbq.exe
  2⤵
  PID:5828
- C:\Windows\System\ufdlBpG.exe
  C:\Windows\System\ufdlBpG.exe
  2⤵
  PID:824
- C:\Windows\System\iBYOcDi.exe
  C:\Windows\System\iBYOcDi.exe
  2⤵
  PID:4244
- C:\Windows\System\qRPfqsB.exe
  C:\Windows\System\qRPfqsB.exe
  2⤵
  PID:1792
- C:\Windows\System\XCpwQtc.exe
  C:\Windows\System\XCpwQtc.exe
  2⤵
  PID:2192
- C:\Windows\System\RGDbhiS.exe
  C:\Windows\System\RGDbhiS.exe
  2⤵
  PID:920
- C:\Windows\System\BYQqDVn.exe
  C:\Windows\System\BYQqDVn.exe
  2⤵
  PID:3536
- C:\Windows\System\IxdREXd.exe
  C:\Windows\System\IxdREXd.exe
  2⤵
  PID:4952
- C:\Windows\System\AEGvtUt.exe
  C:\Windows\System\AEGvtUt.exe
  2⤵
  PID:4864
- C:\Windows\System\hWZpqxW.exe
  C:\Windows\System\hWZpqxW.exe
  2⤵
  PID:5208
- C:\Windows\System\hLklQLM.exe
  C:\Windows\System\hLklQLM.exe
  2⤵
  PID:2396
- C:\Windows\System\dmwUKqS.exe
  C:\Windows\System\dmwUKqS.exe
  2⤵
  PID:5664
- C:\Windows\System\quCfelH.exe
  C:\Windows\System\quCfelH.exe
  2⤵
  PID:3124
- C:\Windows\System\RGkHJPQ.exe
  C:\Windows\System\RGkHJPQ.exe
  2⤵
  PID:3788
- C:\Windows\System\DDxhUjX.exe
  C:\Windows\System\DDxhUjX.exe
  2⤵
  PID:5572
- C:\Windows\System\rDrdDKN.exe
  C:\Windows\System\rDrdDKN.exe
  2⤵
  PID:3632
- C:\Windows\System\nmnQeeF.exe
  C:\Windows\System\nmnQeeF.exe
  2⤵
  PID:4880
- C:\Windows\System\OBlCRUo.exe
  C:\Windows\System\OBlCRUo.exe
  2⤵
  PID:6160
- C:\Windows\System\bNafAWn.exe
  C:\Windows\System\bNafAWn.exe
  2⤵
  PID:6188
- C:\Windows\System\LNEjCbo.exe
  C:\Windows\System\LNEjCbo.exe
  2⤵
  PID:6212
- C:\Windows\System\CzNmrrw.exe
  C:\Windows\System\CzNmrrw.exe
  2⤵
  PID:6244
- C:\Windows\System\LgqMwCp.exe
  C:\Windows\System\LgqMwCp.exe
  2⤵
  PID:6288
- C:\Windows\System\WFPnxUN.exe
  C:\Windows\System\WFPnxUN.exe
  2⤵
  PID:6304
- C:\Windows\System\MmOfoCh.exe
  C:\Windows\System\MmOfoCh.exe
  2⤵
  PID:6348
- C:\Windows\System\DyzgaUA.exe
  C:\Windows\System\DyzgaUA.exe
  2⤵
  PID:6380
- C:\Windows\System\ViNfCMG.exe
  C:\Windows\System\ViNfCMG.exe
  2⤵
  PID:6448
- C:\Windows\System\RuqfdcY.exe
  C:\Windows\System\RuqfdcY.exe
  2⤵
  PID:6476
- C:\Windows\System\EKEtTHz.exe
  C:\Windows\System\EKEtTHz.exe
  2⤵
  PID:6504
- C:\Windows\System\dTLBhzg.exe
  C:\Windows\System\dTLBhzg.exe
  2⤵
  PID:6524
- C:\Windows\System\ZixPtlZ.exe
  C:\Windows\System\ZixPtlZ.exe
  2⤵
  PID:6564
- C:\Windows\System\kfsIRUA.exe
  C:\Windows\System\kfsIRUA.exe
  2⤵
  PID:6612
- C:\Windows\System\iNzCoSU.exe
  C:\Windows\System\iNzCoSU.exe
  2⤵
  PID:6648
- C:\Windows\System\gIOrTRU.exe
  C:\Windows\System\gIOrTRU.exe
  2⤵
  PID:6712
- C:\Windows\System\pUTuUwK.exe
  C:\Windows\System\pUTuUwK.exe
  2⤵
  PID:6740
- C:\Windows\System\tWYqIHZ.exe
  C:\Windows\System\tWYqIHZ.exe
  2⤵
  PID:6768
- C:\Windows\System\eJZQoit.exe
  C:\Windows\System\eJZQoit.exe
  2⤵
  PID:6808
- C:\Windows\System\auEFRDC.exe
  C:\Windows\System\auEFRDC.exe
  2⤵
  PID:6832
- C:\Windows\System\TsCJRHO.exe
  C:\Windows\System\TsCJRHO.exe
  2⤵
  PID:6872
- C:\Windows\System\enOgEEI.exe
  C:\Windows\System\enOgEEI.exe
  2⤵
  PID:6892
- C:\Windows\System\ZPxuksw.exe
  C:\Windows\System\ZPxuksw.exe
  2⤵
  PID:6936
- C:\Windows\System\FeRJOQu.exe
  C:\Windows\System\FeRJOQu.exe
  2⤵
  PID:6964
- C:\Windows\System\evQXWKY.exe
  C:\Windows\System\evQXWKY.exe
  2⤵
  PID:7016
- C:\Windows\System\irVvqWp.exe
  C:\Windows\System\irVvqWp.exe
  2⤵
  PID:7052
- C:\Windows\System\XhtkxeQ.exe
  C:\Windows\System\XhtkxeQ.exe
  2⤵
  PID:7080
- C:\Windows\System\KvicbOL.exe
  C:\Windows\System\KvicbOL.exe
  2⤵
  PID:7112
- C:\Windows\System\cpEgghv.exe
  C:\Windows\System\cpEgghv.exe
  2⤵
  PID:7140
- C:\Windows\System\NnaQCsE.exe
  C:\Windows\System\NnaQCsE.exe
  2⤵
  PID:464
- C:\Windows\System\IXDeQFi.exe
  C:\Windows\System\IXDeQFi.exe
  2⤵
  PID:5916
- C:\Windows\System\vkWuTDI.exe
  C:\Windows\System\vkWuTDI.exe
  2⤵
  PID:6236
- C:\Windows\System\UoYQQAV.exe
  C:\Windows\System\UoYQQAV.exe
  2⤵
  PID:6332
- C:\Windows\System\xMSstZS.exe
  C:\Windows\System\xMSstZS.exe
  2⤵
  PID:6428
- C:\Windows\System\bTgmuEW.exe
  C:\Windows\System\bTgmuEW.exe
  2⤵
  PID:5800
- C:\Windows\System\UASEmSi.exe
  C:\Windows\System\UASEmSi.exe
  2⤵
  PID:6576
- C:\Windows\System\hklYOWV.exe
  C:\Windows\System\hklYOWV.exe
  2⤵
  PID:6668
- C:\Windows\System\miTSVNl.exe
  C:\Windows\System\miTSVNl.exe
  2⤵
  PID:5796
- C:\Windows\System\DFVcEWH.exe
  C:\Windows\System\DFVcEWH.exe
  2⤵
  PID:6336
- C:\Windows\System\szSVxdO.exe
  C:\Windows\System\szSVxdO.exe
  2⤵
  PID:3880
- C:\Windows\System\ARNHXUo.exe
  C:\Windows\System\ARNHXUo.exe
  2⤵
  PID:6860
- C:\Windows\System\EFKWDow.exe
  C:\Windows\System\EFKWDow.exe
  2⤵
  PID:6944
- C:\Windows\System\bzZECGa.exe
  C:\Windows\System\bzZECGa.exe
  2⤵
  PID:6432
- C:\Windows\System\SgbaRWB.exe
  C:\Windows\System\SgbaRWB.exe
  2⤵
  PID:6992
- C:\Windows\System\tKXrbGp.exe
  C:\Windows\System\tKXrbGp.exe
  2⤵
  PID:6264
- C:\Windows\System\rmBGFBw.exe
  C:\Windows\System\rmBGFBw.exe
  2⤵
  PID:7104
- C:\Windows\System\uSeeqYw.exe
  C:\Windows\System\uSeeqYw.exe
  2⤵
  PID:5516
- C:\Windows\System\gXAZxtw.exe
  C:\Windows\System\gXAZxtw.exe
  2⤵
  PID:5348
- C:\Windows\System\LHagOpX.exe
  C:\Windows\System\LHagOpX.exe
  2⤵
  PID:6296
- C:\Windows\System\YgsRbLM.exe
  C:\Windows\System\YgsRbLM.exe
  2⤵
  PID:6500
- C:\Windows\System\uxVLPLD.exe
  C:\Windows\System\uxVLPLD.exe
  2⤵
  PID:5768
- C:\Windows\System\XaHrdvm.exe
  C:\Windows\System\XaHrdvm.exe
  2⤵
  PID:6800
- C:\Windows\System\UUJIUMu.exe
  C:\Windows\System\UUJIUMu.exe
  2⤵
  PID:6132
- C:\Windows\System\vFywyDo.exe
  C:\Windows\System\vFywyDo.exe
  2⤵
  PID:6436
- C:\Windows\System\LVQgRkm.exe
  C:\Windows\System\LVQgRkm.exe
  2⤵
  PID:7072
- C:\Windows\System\tyoLjan.exe
  C:\Windows\System\tyoLjan.exe
  2⤵
  PID:5824
- C:\Windows\System\HUsBmRm.exe
  C:\Windows\System\HUsBmRm.exe
  2⤵
  PID:5684
- C:\Windows\System\LfkUlUd.exe
  C:\Windows\System\LfkUlUd.exe
  2⤵
  PID:6028
- C:\Windows\System\dJDfRaU.exe
  C:\Windows\System\dJDfRaU.exe
  2⤵
  PID:5184
- C:\Windows\System\MPpBzAu.exe
  C:\Windows\System\MPpBzAu.exe
  2⤵
  PID:5552
- C:\Windows\System\ceShQzA.exe
  C:\Windows\System\ceShQzA.exe
  2⤵
  PID:6856
- C:\Windows\System\BuHGSjh.exe
  C:\Windows\System\BuHGSjh.exe
  2⤵
  PID:6792
- C:\Windows\System\wZTyghX.exe
  C:\Windows\System\wZTyghX.exe
  2⤵
  PID:7184
- C:\Windows\System\AjTvfhr.exe
  C:\Windows\System\AjTvfhr.exe
  2⤵
  PID:7212
- C:\Windows\System\KhyxVqi.exe
  C:\Windows\System\KhyxVqi.exe
  2⤵
  PID:7240
- C:\Windows\System\dcAqnAc.exe
  C:\Windows\System\dcAqnAc.exe
  2⤵
  PID:7268
- C:\Windows\System\cnElfuk.exe
  C:\Windows\System\cnElfuk.exe
  2⤵
  PID:7296
- C:\Windows\System\Pbdsiau.exe
  C:\Windows\System\Pbdsiau.exe
  2⤵
  PID:7320
- C:\Windows\System\nTmhFvP.exe
  C:\Windows\System\nTmhFvP.exe
  2⤵
  PID:7352
- C:\Windows\System\OaglbEh.exe
  C:\Windows\System\OaglbEh.exe
  2⤵
  PID:7380
- C:\Windows\System\JPIrkei.exe
  C:\Windows\System\JPIrkei.exe
  2⤵
  PID:7408
- C:\Windows\System\ChMiPqn.exe
  C:\Windows\System\ChMiPqn.exe
  2⤵
  PID:7436
- C:\Windows\System\wTTyolh.exe
  C:\Windows\System\wTTyolh.exe
  2⤵
  PID:7464
- C:\Windows\System\EusLjRw.exe
  C:\Windows\System\EusLjRw.exe
  2⤵
  PID:7492
- C:\Windows\System\ZtOvQUV.exe
  C:\Windows\System\ZtOvQUV.exe
  2⤵
  PID:7508
- C:\Windows\System\fmsRaDn.exe
  C:\Windows\System\fmsRaDn.exe
  2⤵
  PID:7524
- C:\Windows\System\hZVVgca.exe
  C:\Windows\System\hZVVgca.exe
  2⤵
  PID:7544
- C:\Windows\System\xKneOqq.exe
  C:\Windows\System\xKneOqq.exe
  2⤵
  PID:7564
- C:\Windows\System\GKbuJrS.exe
  C:\Windows\System\GKbuJrS.exe
  2⤵
  PID:7620
- C:\Windows\System\TeQPtfJ.exe
  C:\Windows\System\TeQPtfJ.exe
  2⤵
  PID:7660
- C:\Windows\System\KjCPhrW.exe
  C:\Windows\System\KjCPhrW.exe
  2⤵
  PID:7684
- C:\Windows\System\hShGGhp.exe
  C:\Windows\System\hShGGhp.exe
  2⤵
  PID:7716
- C:\Windows\System\BKSrJct.exe
  C:\Windows\System\BKSrJct.exe
  2⤵
  PID:7748
- C:\Windows\System\IaeZYpN.exe
  C:\Windows\System\IaeZYpN.exe
  2⤵
  PID:7776
- C:\Windows\System\nZbZxRR.exe
  C:\Windows\System\nZbZxRR.exe
  2⤵
  PID:7804
- C:\Windows\System\JBELyfy.exe
  C:\Windows\System\JBELyfy.exe
  2⤵
  PID:7832
- C:\Windows\System\WrpawmK.exe
  C:\Windows\System\WrpawmK.exe
  2⤵
  PID:7864
- C:\Windows\System\tRzDnRC.exe
  C:\Windows\System\tRzDnRC.exe
  2⤵
  PID:7892
- C:\Windows\System\ZlLHUGA.exe
  C:\Windows\System\ZlLHUGA.exe
  2⤵
  PID:7920
- C:\Windows\System\gGXGwoe.exe
  C:\Windows\System\gGXGwoe.exe
  2⤵
  PID:7948
- C:\Windows\System\skwzian.exe
  C:\Windows\System\skwzian.exe
  2⤵
  PID:7976
- C:\Windows\System\TOHNIUG.exe
  C:\Windows\System\TOHNIUG.exe
  2⤵
  PID:8004
- C:\Windows\System\uKqQdUM.exe
  C:\Windows\System\uKqQdUM.exe
  2⤵
  PID:8044
- C:\Windows\System\ukmEYwR.exe
  C:\Windows\System\ukmEYwR.exe
  2⤵
  PID:8080
- C:\Windows\System\lopXPJc.exe
  C:\Windows\System\lopXPJc.exe
  2⤵
  PID:8124
- C:\Windows\System\YfNdVKy.exe
  C:\Windows\System\YfNdVKy.exe
  2⤵
  PID:8148
- C:\Windows\System\ryjJoKu.exe
  C:\Windows\System\ryjJoKu.exe
  2⤵
  PID:6924
- C:\Windows\System\BUpEntR.exe
  C:\Windows\System\BUpEntR.exe
  2⤵
  PID:7236
- C:\Windows\System\TeOAnGl.exe
  C:\Windows\System\TeOAnGl.exe
  2⤵
  PID:7308
- C:\Windows\System\rrPXnCY.exe
  C:\Windows\System\rrPXnCY.exe
  2⤵
  PID:7372
- C:\Windows\System\daNGsjz.exe
  C:\Windows\System\daNGsjz.exe
  2⤵
  PID:7432
- C:\Windows\System\YuQERNq.exe
  C:\Windows\System\YuQERNq.exe
  2⤵
  PID:7516
- C:\Windows\System\WHkmfkW.exe
  C:\Windows\System\WHkmfkW.exe
  2⤵
  PID:7584
- C:\Windows\System\SUkVRqX.exe
  C:\Windows\System\SUkVRqX.exe
  2⤵
  PID:7632
- C:\Windows\System\xuGWnGU.exe
  C:\Windows\System\xuGWnGU.exe
  2⤵
  PID:7700
- C:\Windows\System\LRSGHZE.exe
  C:\Windows\System\LRSGHZE.exe
  2⤵
  PID:7760
- C:\Windows\System\CqaKVcU.exe
  C:\Windows\System\CqaKVcU.exe
  2⤵
  PID:7824
- C:\Windows\System\rFedbtK.exe
  C:\Windows\System\rFedbtK.exe
  2⤵
  PID:7888
- C:\Windows\System\UzjqRbQ.exe
  C:\Windows\System\UzjqRbQ.exe
  2⤵
  PID:7960
- C:\Windows\System\jrdDGjh.exe
  C:\Windows\System\jrdDGjh.exe
  2⤵
  PID:8024
- C:\Windows\System\WJlKohO.exe
  C:\Windows\System\WJlKohO.exe
  2⤵
  PID:8116
- C:\Windows\System\yDClhmM.exe
  C:\Windows\System\yDClhmM.exe
  2⤵
  PID:8188
- C:\Windows\System\rTzEMjj.exe
  C:\Windows\System\rTzEMjj.exe
  2⤵
  PID:7328
- C:\Windows\System\iWHGwbH.exe
  C:\Windows\System\iWHGwbH.exe
  2⤵
  PID:7488
- C:\Windows\System\sxnRbce.exe
  C:\Windows\System\sxnRbce.exe
  2⤵
  PID:7616
- C:\Windows\System\mbYrnKJ.exe
  C:\Windows\System\mbYrnKJ.exe
  2⤵
  PID:7796
- C:\Windows\System\zdpQuGt.exe
  C:\Windows\System\zdpQuGt.exe
  2⤵
  PID:7940
- C:\Windows\System\kPvMCPD.exe
  C:\Windows\System\kPvMCPD.exe
  2⤵
  PID:8068
- C:\Windows\System\aaEKNoK.exe
  C:\Windows\System\aaEKNoK.exe
  2⤵
  PID:7400
- C:\Windows\System\vWvmfNO.exe
  C:\Windows\System\vWvmfNO.exe
  2⤵
  PID:7744
- C:\Windows\System\LaadCmW.exe
  C:\Windows\System\LaadCmW.exe
  2⤵
  PID:8092
- C:\Windows\System\BFAPgKC.exe
  C:\Windows\System\BFAPgKC.exe
  2⤵
  PID:7916
- C:\Windows\System\YteaMgc.exe
  C:\Windows\System\YteaMgc.exe
  2⤵
  PID:7612
- C:\Windows\System\rIsMgyo.exe
  C:\Windows\System\rIsMgyo.exe
  2⤵
  PID:8216
- C:\Windows\System\FsNnIQz.exe
  C:\Windows\System\FsNnIQz.exe
  2⤵
  PID:8236
- C:\Windows\System\hBJNgmw.exe
  C:\Windows\System\hBJNgmw.exe
  2⤵
  PID:8272
- C:\Windows\System\ptMLgtw.exe
  C:\Windows\System\ptMLgtw.exe
  2⤵
  PID:8292
- C:\Windows\System\WNJNuwp.exe
  C:\Windows\System\WNJNuwp.exe
  2⤵
  PID:8328
- C:\Windows\System\BdPxuLi.exe
  C:\Windows\System\BdPxuLi.exe
  2⤵
  PID:8360
- C:\Windows\System\PxUXReU.exe
  C:\Windows\System\PxUXReU.exe
  2⤵
  PID:8380
- C:\Windows\System\XFwpejJ.exe
  C:\Windows\System\XFwpejJ.exe
  2⤵
  PID:8424
- C:\Windows\System\cuWUGzN.exe
  C:\Windows\System\cuWUGzN.exe
  2⤵
  PID:8452
- C:\Windows\System\IEcatsx.exe
  C:\Windows\System\IEcatsx.exe
  2⤵
  PID:8468
- C:\Windows\System\MjgjhZT.exe
  C:\Windows\System\MjgjhZT.exe
  2⤵
  PID:8508
- C:\Windows\System\DaYrWDb.exe
  C:\Windows\System\DaYrWDb.exe
  2⤵
  PID:8536
- C:\Windows\System\WuGAmlt.exe
  C:\Windows\System\WuGAmlt.exe
  2⤵
  PID:8560
- C:\Windows\System\KoYdzYt.exe
  C:\Windows\System\KoYdzYt.exe
  2⤵
  PID:8584
- C:\Windows\System\QxvupOk.exe
  C:\Windows\System\QxvupOk.exe
  2⤵
  PID:8608
- C:\Windows\System\mLbqBDg.exe
  C:\Windows\System\mLbqBDg.exe
  2⤵
  PID:8636
- C:\Windows\System\bhBjcmD.exe
  C:\Windows\System\bhBjcmD.exe
  2⤵
  PID:8676
- C:\Windows\System\ZndumvP.exe
  C:\Windows\System\ZndumvP.exe
  2⤵
  PID:8708
- C:\Windows\System\UlIxfLZ.exe
  C:\Windows\System\UlIxfLZ.exe
  2⤵
  PID:8736
- C:\Windows\System\qlsuokI.exe
  C:\Windows\System\qlsuokI.exe
  2⤵
  PID:8752
- C:\Windows\System\mltOKZR.exe
  C:\Windows\System\mltOKZR.exe
  2⤵
  PID:8792
- C:\Windows\System\pttJHYR.exe
  C:\Windows\System\pttJHYR.exe
  2⤵
  PID:8820
- C:\Windows\System\SUctzbh.exe
  C:\Windows\System\SUctzbh.exe
  2⤵
  PID:8848
- C:\Windows\System\XopvuLD.exe
  C:\Windows\System\XopvuLD.exe
  2⤵
  PID:8868
- C:\Windows\System\ULrmkWG.exe
  C:\Windows\System\ULrmkWG.exe
  2⤵
  PID:8892
- C:\Windows\System\jpCNRbA.exe
  C:\Windows\System\jpCNRbA.exe
  2⤵
  PID:8916
- C:\Windows\System\YWpTQAO.exe
  C:\Windows\System\YWpTQAO.exe
  2⤵
  PID:8948
- C:\Windows\System\baCKfgt.exe
  C:\Windows\System\baCKfgt.exe
  2⤵
  PID:8980
- C:\Windows\System\cVvkTye.exe
  C:\Windows\System\cVvkTye.exe
  2⤵
  PID:9012
- C:\Windows\System\rwZzrRl.exe
  C:\Windows\System\rwZzrRl.exe
  2⤵
  PID:9044
- C:\Windows\System\ezTAdyD.exe
  C:\Windows\System\ezTAdyD.exe
  2⤵
  PID:9060
- C:\Windows\System\sAGfAlA.exe
  C:\Windows\System\sAGfAlA.exe
  2⤵
  PID:9100
- C:\Windows\System\eZsfxJy.exe
  C:\Windows\System\eZsfxJy.exe
  2⤵
  PID:9128
- C:\Windows\System\heqnlfs.exe
  C:\Windows\System\heqnlfs.exe
  2⤵
  PID:9160
- C:\Windows\System\SUaaidz.exe
  C:\Windows\System\SUaaidz.exe
  2⤵
  PID:9188
- C:\Windows\System\DItEAOp.exe
  C:\Windows\System\DItEAOp.exe
  2⤵
  PID:9208
- C:\Windows\System\rNuvKxI.exe
  C:\Windows\System\rNuvKxI.exe
  2⤵
  PID:8228
- C:\Windows\System\AYaYiVd.exe
  C:\Windows\System\AYaYiVd.exe
  2⤵
  PID:8356
- C:\Windows\System\uKJHZVa.exe
  C:\Windows\System\uKJHZVa.exe
  2⤵
  PID:8420
- C:\Windows\System\ViIOCGZ.exe
  C:\Windows\System\ViIOCGZ.exe
  2⤵
  PID:8448
- C:\Windows\System\hDnbpsM.exe
  C:\Windows\System\hDnbpsM.exe
  2⤵
  PID:8576
- C:\Windows\System\PCKGJod.exe
  C:\Windows\System\PCKGJod.exe
  2⤵
  PID:8620
- C:\Windows\System\wfcLJsh.exe
  C:\Windows\System\wfcLJsh.exe
  2⤵
  PID:8692
- C:\Windows\System\GnULVCc.exe
  C:\Windows\System\GnULVCc.exe
  2⤵
  PID:8816
- C:\Windows\System\cyTLsvv.exe
  C:\Windows\System\cyTLsvv.exe
  2⤵
  PID:8876
- C:\Windows\System\UwQfErd.exe
  C:\Windows\System\UwQfErd.exe
  2⤵
  PID:8968
- C:\Windows\System\eyINdes.exe
  C:\Windows\System\eyINdes.exe
  2⤵
  PID:9032
- C:\Windows\System\odAxsBI.exe
  C:\Windows\System\odAxsBI.exe
  2⤵
  PID:9140
- C:\Windows\System\bWRhCyV.exe
  C:\Windows\System\bWRhCyV.exe
  2⤵
  PID:9196
- C:\Windows\System\XlMVeIf.exe
  C:\Windows\System\XlMVeIf.exe
  2⤵
  PID:8344
- C:\Windows\System\NcZUEHD.exe
  C:\Windows\System\NcZUEHD.exe
  2⤵
  PID:8656
- C:\Windows\System\yDxtxyo.exe
  C:\Windows\System\yDxtxyo.exe
  2⤵
  PID:8788
- C:\Windows\System\iOVAnpF.exe
  C:\Windows\System\iOVAnpF.exe
  2⤵
  PID:9036
- C:\Windows\System\mHcBCDA.exe
  C:\Windows\System\mHcBCDA.exe
  2⤵
  PID:8484
- C:\Windows\System\dVzXhII.exe
  C:\Windows\System\dVzXhII.exe
  2⤵
  PID:8936
- C:\Windows\System\xxlzVve.exe
  C:\Windows\System\xxlzVve.exe
  2⤵
  PID:8988
- C:\Windows\System\kbZNZEq.exe
  C:\Windows\System\kbZNZEq.exe
  2⤵
  PID:9248
- C:\Windows\System\APXPCkQ.exe
  C:\Windows\System\APXPCkQ.exe
  2⤵
  PID:9276
- C:\Windows\System\sQFMTRX.exe
  C:\Windows\System\sQFMTRX.exe
  2⤵
  PID:9320
- C:\Windows\System\Oumnnwv.exe
  C:\Windows\System\Oumnnwv.exe
  2⤵
  PID:9364
- C:\Windows\System\FoENyog.exe
  C:\Windows\System\FoENyog.exe
  2⤵
  PID:9396
- C:\Windows\System\mFUigCl.exe
  C:\Windows\System\mFUigCl.exe
  2⤵
  PID:9412
- C:\Windows\System\clPcSky.exe
  C:\Windows\System\clPcSky.exe
  2⤵
  PID:9452
- C:\Windows\System\ZlUvAIW.exe
  C:\Windows\System\ZlUvAIW.exe
  2⤵
  PID:9480
- C:\Windows\System\aZvEBiP.exe
  C:\Windows\System\aZvEBiP.exe
  2⤵
  PID:9504
- C:\Windows\System\WgqbUNl.exe
  C:\Windows\System\WgqbUNl.exe
  2⤵
  PID:9528
- C:\Windows\System\kUiROmt.exe
  C:\Windows\System\kUiROmt.exe
  2⤵
  PID:9556
- C:\Windows\System\PcGCSCx.exe
  C:\Windows\System\PcGCSCx.exe
  2⤵
  PID:9592
- C:\Windows\System\FGFjovi.exe
  C:\Windows\System\FGFjovi.exe
  2⤵
  PID:9624
- C:\Windows\System\eyIanVP.exe
  C:\Windows\System\eyIanVP.exe
  2⤵
  PID:9644
- C:\Windows\System\aQBEmwE.exe
  C:\Windows\System\aQBEmwE.exe
  2⤵
  PID:9680
- C:\Windows\System\BbTagvY.exe
  C:\Windows\System\BbTagvY.exe
  2⤵
  PID:9704
- C:\Windows\System\nFawKaR.exe
  C:\Windows\System\nFawKaR.exe
  2⤵
  PID:9736
- C:\Windows\System\BbkmzBb.exe
  C:\Windows\System\BbkmzBb.exe
  2⤵
  PID:9752
- C:\Windows\System\mbQjEdD.exe
  C:\Windows\System\mbQjEdD.exe
  2⤵
  PID:9800
- C:\Windows\System\NzJuXvD.exe
  C:\Windows\System\NzJuXvD.exe
  2⤵
  PID:9820
- C:\Windows\System\aKOAcor.exe
  C:\Windows\System\aKOAcor.exe
  2⤵
  PID:9848
- C:\Windows\System\rKtybRn.exe
  C:\Windows\System\rKtybRn.exe
  2⤵
  PID:9876
- C:\Windows\System\MdANAbL.exe
  C:\Windows\System\MdANAbL.exe
  2⤵
  PID:9892
- C:\Windows\System\ReEtzxh.exe
  C:\Windows\System\ReEtzxh.exe
  2⤵
  PID:9932
- C:\Windows\System\KAqVrys.exe
  C:\Windows\System\KAqVrys.exe
  2⤵
  PID:9960
- C:\Windows\System\PbknGWT.exe
  C:\Windows\System\PbknGWT.exe
  2⤵
  PID:9988
- C:\Windows\System\Goippmm.exe
  C:\Windows\System\Goippmm.exe
  2⤵
  PID:10016
- C:\Windows\System\vFrsKNC.exe
  C:\Windows\System\vFrsKNC.exe
  2⤵
  PID:10044
- C:\Windows\System\KSLlljS.exe
  C:\Windows\System\KSLlljS.exe
  2⤵
  PID:10084
- C:\Windows\System\GnIhSPZ.exe
  C:\Windows\System\GnIhSPZ.exe
  2⤵
  PID:10120
- C:\Windows\System\XdJEWRZ.exe
  C:\Windows\System\XdJEWRZ.exe
  2⤵
  PID:10152
- C:\Windows\System\cixxgRj.exe
  C:\Windows\System\cixxgRj.exe
  2⤵
  PID:10168
- C:\Windows\System\WzYsxtU.exe
  C:\Windows\System\WzYsxtU.exe
  2⤵
  PID:10196
- C:\Windows\System\zvubipX.exe
  C:\Windows\System\zvubipX.exe
  2⤵
  PID:10224
- C:\Windows\System\AImsHXj.exe
  C:\Windows\System\AImsHXj.exe
  2⤵
  PID:8288
- C:\Windows\System\pzJEpvL.exe
  C:\Windows\System\pzJEpvL.exe
  2⤵
  PID:9260
- C:\Windows\System\pMZgtjy.exe
  C:\Windows\System\pMZgtjy.exe
  2⤵
  PID:9384
- C:\Windows\System\nSfRzFl.exe
  C:\Windows\System\nSfRzFl.exe
  2⤵
  PID:9500
- C:\Windows\System\uaAJYEb.exe
  C:\Windows\System\uaAJYEb.exe
  2⤵
  PID:9548
- C:\Windows\System\vIgEKiq.exe
  C:\Windows\System\vIgEKiq.exe
  2⤵
  PID:9636
- C:\Windows\System\HJhBrsk.exe
  C:\Windows\System\HJhBrsk.exe
  2⤵
  PID:9720
- C:\Windows\System\kXMdUCJ.exe
  C:\Windows\System\kXMdUCJ.exe
  2⤵
  PID:9788
- C:\Windows\System\gOCAtFG.exe
  C:\Windows\System\gOCAtFG.exe
  2⤵
  PID:9872
- C:\Windows\System\BlbnHuq.exe
  C:\Windows\System\BlbnHuq.exe
  2⤵
  PID:9952
- C:\Windows\System\tBooxIJ.exe
  C:\Windows\System\tBooxIJ.exe
  2⤵
  PID:10004
- C:\Windows\System\teJovLF.exe
  C:\Windows\System\teJovLF.exe
  2⤵
  PID:10064
- C:\Windows\System\MKLNJOg.exe
  C:\Windows\System\MKLNJOg.exe
  2⤵
  PID:10112
- C:\Windows\System\myRGhRv.exe
  C:\Windows\System\myRGhRv.exe
  2⤵
  PID:10180
- C:\Windows\System\tSaQoxV.exe
  C:\Windows\System\tSaQoxV.exe
  2⤵
  PID:9244
- C:\Windows\System\wcwtxxL.exe
  C:\Windows\System\wcwtxxL.exe
  2⤵
  PID:9388
- C:\Windows\System\agoLPkG.exe
  C:\Windows\System\agoLPkG.exe
  2⤵
  PID:9520
- C:\Windows\System\PyjDZVu.exe
  C:\Windows\System\PyjDZVu.exe
  2⤵
  PID:9668
- C:\Windows\System\SGolRsT.exe
  C:\Windows\System\SGolRsT.exe
  2⤵
  PID:9912
- C:\Windows\System\GWgoqhI.exe
  C:\Windows\System\GWgoqhI.exe
  2⤵
  PID:10072
- C:\Windows\System\rarWOfz.exe
  C:\Windows\System\rarWOfz.exe
  2⤵
  PID:10212
- C:\Windows\System\QUFKBDi.exe
  C:\Windows\System\QUFKBDi.exe
  2⤵
  PID:9472
- C:\Windows\System\VHsuJNR.exe
  C:\Windows\System\VHsuJNR.exe
  2⤵
  PID:9980
- C:\Windows\System\mSbHCdN.exe
  C:\Windows\System\mSbHCdN.exe
  2⤵
  PID:10132
- C:\Windows\System\CNYbuhn.exe
  C:\Windows\System\CNYbuhn.exe
  2⤵
  PID:9580
- C:\Windows\System\bLHHAHG.exe
  C:\Windows\System\bLHHAHG.exe
  2⤵
  PID:10260
- C:\Windows\System\GqyyYvV.exe
  C:\Windows\System\GqyyYvV.exe
  2⤵
  PID:10288
- C:\Windows\System\DkFbqyD.exe
  C:\Windows\System\DkFbqyD.exe
  2⤵
  PID:10316
- C:\Windows\System\VfcrrMu.exe
  C:\Windows\System\VfcrrMu.exe
  2⤵
  PID:10340
- C:\Windows\System\RJqvXEN.exe
  C:\Windows\System\RJqvXEN.exe
  2⤵
  PID:10364
- C:\Windows\System\DACzsUV.exe
  C:\Windows\System\DACzsUV.exe
  2⤵
  PID:10384
- C:\Windows\System\NsiRJuO.exe
  C:\Windows\System\NsiRJuO.exe
  2⤵
  PID:10400
- C:\Windows\System\WWqiJZB.exe
  C:\Windows\System\WWqiJZB.exe
  2⤵
  PID:10452
- C:\Windows\System\WYSLgtS.exe
  C:\Windows\System\WYSLgtS.exe
  2⤵
  PID:10480
- C:\Windows\System\AYGOMbi.exe
  C:\Windows\System\AYGOMbi.exe
  2⤵
  PID:10520
- C:\Windows\System\sLaVBsN.exe
  C:\Windows\System\sLaVBsN.exe
  2⤵
  PID:10544
- C:\Windows\System\nLXxPOi.exe
  C:\Windows\System\nLXxPOi.exe
  2⤵
  PID:10580
- C:\Windows\System\RBeMAKZ.exe
  C:\Windows\System\RBeMAKZ.exe
  2⤵
  PID:10596
- C:\Windows\System\HjFajIA.exe
  C:\Windows\System\HjFajIA.exe
  2⤵
  PID:10640
- C:\Windows\System\EqBrGiz.exe
  C:\Windows\System\EqBrGiz.exe
  2⤵
  PID:10668
- C:\Windows\System\WHYiuVT.exe
  C:\Windows\System\WHYiuVT.exe
  2⤵
  PID:10696
- C:\Windows\System\VgqBXmi.exe
  C:\Windows\System\VgqBXmi.exe
  2⤵
  PID:10724
- C:\Windows\System\wxGQUqT.exe
  C:\Windows\System\wxGQUqT.exe
  2⤵
  PID:10752
- C:\Windows\System\SWdNaia.exe
  C:\Windows\System\SWdNaia.exe
  2⤵
  PID:10768
- C:\Windows\System\atoghXT.exe
  C:\Windows\System\atoghXT.exe
  2⤵
  PID:10800
- C:\Windows\System\FBrUEIp.exe
  C:\Windows\System\FBrUEIp.exe
  2⤵
  PID:10832
- C:\Windows\System\AlRGXcP.exe
  C:\Windows\System\AlRGXcP.exe
  2⤵
  PID:10852
- C:\Windows\System\DsqQfjF.exe
  C:\Windows\System\DsqQfjF.exe
  2⤵
  PID:10876
- C:\Windows\System\yQEEUPt.exe
  C:\Windows\System\yQEEUPt.exe
  2⤵
  PID:10892
- C:\Windows\System\jrFADMD.exe
  C:\Windows\System\jrFADMD.exe
  2⤵
  PID:10916
- C:\Windows\System\bYkPsXl.exe
  C:\Windows\System\bYkPsXl.exe
  2⤵
  PID:10976
- C:\Windows\System\eXGEHhv.exe
  C:\Windows\System\eXGEHhv.exe
  2⤵
  PID:10992
- C:\Windows\System\AsOqvYu.exe
  C:\Windows\System\AsOqvYu.exe
  2⤵
  PID:11032
- C:\Windows\System\GptCeAY.exe
  C:\Windows\System\GptCeAY.exe
  2⤵
  PID:11048
- C:\Windows\System\wAetmkw.exe
  C:\Windows\System\wAetmkw.exe
  2⤵
  PID:11076
- C:\Windows\System\RUQSNtf.exe
  C:\Windows\System\RUQSNtf.exe
  2⤵
  PID:11100
- C:\Windows\System\STzynQp.exe
  C:\Windows\System\STzynQp.exe
  2⤵
  PID:11132
- C:\Windows\System\socCnHk.exe
  C:\Windows\System\socCnHk.exe
  2⤵
  PID:11168
- C:\Windows\System\COvCrRd.exe
  C:\Windows\System\COvCrRd.exe
  2⤵
  PID:11200
- C:\Windows\System\fdOuZka.exe
  C:\Windows\System\fdOuZka.exe
  2⤵
  PID:11228
- C:\Windows\System\NskhccU.exe
  C:\Windows\System\NskhccU.exe
  2⤵
  PID:11256
- C:\Windows\System\vJgfyKo.exe
  C:\Windows\System\vJgfyKo.exe
  2⤵
  PID:10248
- C:\Windows\System\PAMbueH.exe
  C:\Windows\System\PAMbueH.exe
  2⤵
  PID:10296
- C:\Windows\System\wfAdDUl.exe
  C:\Windows\System\wfAdDUl.exe
  2⤵
  PID:10396
- C:\Windows\System\EiDODcC.exe
  C:\Windows\System\EiDODcC.exe
  2⤵
  PID:10472
- C:\Windows\System\MmVCNGJ.exe
  C:\Windows\System\MmVCNGJ.exe
  2⤵
  PID:10476
- C:\Windows\System\ipQzXMm.exe
  C:\Windows\System\ipQzXMm.exe
  2⤵
  PID:10588
- C:\Windows\System\WZdIbkO.exe
  C:\Windows\System\WZdIbkO.exe
  2⤵
  PID:10660
- C:\Windows\System\BvTVyCv.exe
  C:\Windows\System\BvTVyCv.exe
  2⤵
  PID:10712
- C:\Windows\System\UQOXMKa.exe
  C:\Windows\System\UQOXMKa.exe
  2⤵
  PID:10788
- C:\Windows\System\gYJJiBg.exe
  C:\Windows\System\gYJJiBg.exe
  2⤵
  PID:10844
- C:\Windows\System\MKoyOZR.exe
  C:\Windows\System\MKoyOZR.exe
  2⤵
  PID:10904
- C:\Windows\System\Kvooxuc.exe
  C:\Windows\System\Kvooxuc.exe
  2⤵
  PID:10968
- C:\Windows\System\PUulGmS.exe
  C:\Windows\System\PUulGmS.exe
  2⤵
  PID:11068
- C:\Windows\System\VXYBuPx.exe
  C:\Windows\System\VXYBuPx.exe
  2⤵
  PID:11112
- C:\Windows\System\wdHNSDz.exe
  C:\Windows\System\wdHNSDz.exe
  2⤵
  PID:11144
- C:\Windows\System\yZnvEOh.exe
  C:\Windows\System\yZnvEOh.exe
  2⤵
  PID:11224
- C:\Windows\System\yumWMay.exe
  C:\Windows\System\yumWMay.exe
  2⤵
  PID:10284
- C:\Windows\System\IGKrwLI.exe
  C:\Windows\System\IGKrwLI.exe
  2⤵
  PID:10444
- C:\Windows\System\DcRsfDI.exe
  C:\Windows\System\DcRsfDI.exe
  2⤵
  PID:10592
- C:\Windows\System\nBEdUzQ.exe
  C:\Windows\System\nBEdUzQ.exe
  2⤵
  PID:10760
- C:\Windows\System\oCfLQzg.exe
  C:\Windows\System\oCfLQzg.exe
  2⤵
  PID:10936
- C:\Windows\System\WtDehFW.exe
  C:\Windows\System\WtDehFW.exe
  2⤵
  PID:11092
- C:\Windows\System\vfRygZM.exe
  C:\Windows\System\vfRygZM.exe
  2⤵
  PID:10256
- C:\Windows\System\gMZHOEm.exe
  C:\Windows\System\gMZHOEm.exe
  2⤵
  PID:10652
- C:\Windows\System\TTivuIu.exe
  C:\Windows\System\TTivuIu.exe
  2⤵
  PID:10884
- C:\Windows\System\mRSZsTT.exe
  C:\Windows\System\mRSZsTT.exe
  2⤵
  PID:10464
- C:\Windows\System\iZMwkeT.exe
  C:\Windows\System\iZMwkeT.exe
  2⤵
  PID:11064
- C:\Windows\System\aGTXhyZ.exe
  C:\Windows\System\aGTXhyZ.exe
  2⤵
  PID:11268
- C:\Windows\System\lVewCkY.exe
  C:\Windows\System\lVewCkY.exe
  2⤵
  PID:11292
- C:\Windows\System\ihRfvhs.exe
  C:\Windows\System\ihRfvhs.exe
  2⤵
  PID:11332
- C:\Windows\System\ekxqVyj.exe
  C:\Windows\System\ekxqVyj.exe
  2⤵
  PID:11360
- C:\Windows\System\pjXuZpf.exe
  C:\Windows\System\pjXuZpf.exe
  2⤵
  PID:11388
- C:\Windows\System\MlXESvs.exe
  C:\Windows\System\MlXESvs.exe
  2⤵
  PID:11416
- C:\Windows\System\OAqfXSe.exe
  C:\Windows\System\OAqfXSe.exe
  2⤵
  PID:11444
- C:\Windows\System\SvOWrpU.exe
  C:\Windows\System\SvOWrpU.exe
  2⤵
  PID:11464
- C:\Windows\System\bwOBzAd.exe
  C:\Windows\System\bwOBzAd.exe
  2⤵
  PID:11500
- C:\Windows\System\nonKgNu.exe
  C:\Windows\System\nonKgNu.exe
  2⤵
  PID:11528
- C:\Windows\System\XeqLtCX.exe
  C:\Windows\System\XeqLtCX.exe
  2⤵
  PID:11556
- C:\Windows\System\ICrIwHH.exe
  C:\Windows\System\ICrIwHH.exe
  2⤵
  PID:11584
- C:\Windows\System\vXIIitC.exe
  C:\Windows\System\vXIIitC.exe
  2⤵
  PID:11612
- C:\Windows\System\oZUvmSK.exe
  C:\Windows\System\oZUvmSK.exe
  2⤵
  PID:11636
- C:\Windows\System\WgjEigX.exe
  C:\Windows\System\WgjEigX.exe
  2⤵
  PID:11656
- C:\Windows\System\qzZmnEt.exe
  C:\Windows\System\qzZmnEt.exe
  2⤵
  PID:11676
- C:\Windows\System\rSEEGaP.exe
  C:\Windows\System\rSEEGaP.exe
  2⤵
  PID:11700
- C:\Windows\System\kLsjLui.exe
  C:\Windows\System\kLsjLui.exe
  2⤵
  PID:11740
- C:\Windows\System\kHJLLBI.exe
  C:\Windows\System\kHJLLBI.exe
  2⤵
  PID:11776
- C:\Windows\System\EjNYdhn.exe
  C:\Windows\System\EjNYdhn.exe
  2⤵
  PID:11792
- C:\Windows\System\rtZuPli.exe
  C:\Windows\System\rtZuPli.exe
  2⤵
  PID:11824
- C:\Windows\System\YfljzwD.exe
  C:\Windows\System\YfljzwD.exe
  2⤵
  PID:11860
- C:\Windows\System\tZohdLX.exe
  C:\Windows\System\tZohdLX.exe
  2⤵
  PID:11880
- C:\Windows\System\acpLPQZ.exe
  C:\Windows\System\acpLPQZ.exe
  2⤵
  PID:11920
- C:\Windows\System\wZAOEeQ.exe
  C:\Windows\System\wZAOEeQ.exe
  2⤵
  PID:11948
- C:\Windows\System\HUdlVkK.exe
  C:\Windows\System\HUdlVkK.exe
  2⤵
  PID:11976
- C:\Windows\System\ZfrBTKa.exe
  C:\Windows\System\ZfrBTKa.exe
  2⤵
  PID:12012
- C:\Windows\System\kdOHfuQ.exe
  C:\Windows\System\kdOHfuQ.exe
  2⤵
  PID:12028
- C:\Windows\System\BJKvMhN.exe
  C:\Windows\System\BJKvMhN.exe
  2⤵
  PID:12080
- C:\Windows\System\Cgqcxaw.exe
  C:\Windows\System\Cgqcxaw.exe
  2⤵
  PID:12120
- C:\Windows\System\UXeiuVd.exe
  C:\Windows\System\UXeiuVd.exe
  2⤵
  PID:12140
- C:\Windows\System\XIdlGAX.exe
  C:\Windows\System\XIdlGAX.exe
  2⤵
  PID:12164
- C:\Windows\System\GyIBCnG.exe
  C:\Windows\System\GyIBCnG.exe
  2⤵
  PID:12204
- C:\Windows\System\ypiuCcd.exe
  C:\Windows\System\ypiuCcd.exe
  2⤵
  PID:12236
- C:\Windows\System\fkgbgLR.exe
  C:\Windows\System\fkgbgLR.exe
  2⤵
  PID:12264
- C:\Windows\System\uogkhUx.exe
  C:\Windows\System\uogkhUx.exe
  2⤵
  PID:11276
- C:\Windows\System\IwreZSv.exe
  C:\Windows\System\IwreZSv.exe
  2⤵
  PID:11304
- C:\Windows\System\wrvCagf.exe
  C:\Windows\System\wrvCagf.exe
  2⤵
  PID:11372
- C:\Windows\System\vRgTgdd.exe
  C:\Windows\System\vRgTgdd.exe
  2⤵
  PID:11440
- C:\Windows\System\yBYWGCv.exe
  C:\Windows\System\yBYWGCv.exe
  2⤵
  PID:11496
- C:\Windows\System\ugrybke.exe
  C:\Windows\System\ugrybke.exe
  2⤵
  PID:11604
- C:\Windows\System\cLUHgUe.exe
  C:\Windows\System\cLUHgUe.exe
  2⤵
  PID:11672
- C:\Windows\System\QNppSBB.exe
  C:\Windows\System\QNppSBB.exe
  2⤵
  PID:11696
- C:\Windows\System\wImhQVM.exe
  C:\Windows\System\wImhQVM.exe
  2⤵
  PID:11732
- C:\Windows\System\GfbQvFH.exe
  C:\Windows\System\GfbQvFH.exe
  2⤵
  PID:11836
- C:\Windows\System\gkEyMbc.exe
  C:\Windows\System\gkEyMbc.exe
  2⤵
  PID:11900
- C:\Windows\System\roJPBUR.exe
  C:\Windows\System\roJPBUR.exe
  2⤵
  PID:12004
- C:\Windows\System\FoZXeVg.exe
  C:\Windows\System\FoZXeVg.exe
  2⤵
  PID:12024
- C:\Windows\System\xkvodqm.exe
  C:\Windows\System\xkvodqm.exe
  2⤵
  PID:12100
- C:\Windows\System\nquLzzq.exe
  C:\Windows\System\nquLzzq.exe
  2⤵
  PID:12212
- C:\Windows\System\JMOcPri.exe
  C:\Windows\System\JMOcPri.exe
  2⤵
  PID:10692
- C:\Windows\System\aLFjlJL.exe
  C:\Windows\System\aLFjlJL.exe
  2⤵
  PID:11348
- C:\Windows\System\NNEHxPS.exe
  C:\Windows\System\NNEHxPS.exe
  2⤵
  PID:11544
- C:\Windows\System\InHUpYr.exe
  C:\Windows\System\InHUpYr.exe
  2⤵
  PID:11620
- C:\Windows\System\eiNaAoZ.exe
  C:\Windows\System\eiNaAoZ.exe
  2⤵
  PID:11812
- C:\Windows\System\WHbNfYN.exe
  C:\Windows\System\WHbNfYN.exe
  2⤵
  PID:11988
- C:\Windows\System\jiLkzwU.exe
  C:\Windows\System\jiLkzwU.exe
  2⤵
  PID:12200
- C:\Windows\System\dZYJCSx.exe
  C:\Windows\System\dZYJCSx.exe
  2⤵
  PID:11344
- C:\Windows\System\ZaPOXeh.exe
  C:\Windows\System\ZaPOXeh.exe
  2⤵
  PID:11692
- C:\Windows\System\WtJSjMW.exe
  C:\Windows\System\WtJSjMW.exe
  2⤵
  PID:11968
- C:\Windows\System\ZIDrMeE.exe
  C:\Windows\System\ZIDrMeE.exe
  2⤵
  PID:11580
- C:\Windows\System\MWaevXr.exe
  C:\Windows\System\MWaevXr.exe
  2⤵
  PID:12252
- C:\Windows\System\KzLIxeD.exe
  C:\Windows\System\KzLIxeD.exe
  2⤵
  PID:11480
- C:\Windows\System\TmjBEfg.exe
  C:\Windows\System\TmjBEfg.exe
  2⤵
  PID:12328
- C:\Windows\System\lEhMIIc.exe
  C:\Windows\System\lEhMIIc.exe
  2⤵
  PID:12356
- C:\Windows\System\UZTcfWl.exe
  C:\Windows\System\UZTcfWl.exe
  2⤵
  PID:12372
- C:\Windows\System\fOJHVbT.exe
  C:\Windows\System\fOJHVbT.exe
  2⤵
  PID:12400
- C:\Windows\System\dFwaOZV.exe
  C:\Windows\System\dFwaOZV.exe
  2⤵
  PID:12444
- C:\Windows\System\CZYkdRE.exe
  C:\Windows\System\CZYkdRE.exe
  2⤵
  PID:12472
- C:\Windows\System\ReryJoG.exe
  C:\Windows\System\ReryJoG.exe
  2⤵
  PID:12488
- C:\Windows\System\vpKQTOg.exe
  C:\Windows\System\vpKQTOg.exe
  2⤵
  PID:12508
- C:\Windows\System\gUprLIK.exe
  C:\Windows\System\gUprLIK.exe
  2⤵
  PID:12556
- C:\Windows\System\qmeVpkC.exe
  C:\Windows\System\qmeVpkC.exe
  2⤵
  PID:12584
- C:\Windows\System\JSeVSOB.exe
  C:\Windows\System\JSeVSOB.exe
  2⤵
  PID:12612
- C:\Windows\System\ziQbsNU.exe
  C:\Windows\System\ziQbsNU.exe
  2⤵
  PID:12628
- C:\Windows\System\vhIdbFq.exe
  C:\Windows\System\vhIdbFq.exe
  2⤵
  PID:12668
- C:\Windows\System\oWHboTi.exe
  C:\Windows\System\oWHboTi.exe
  2⤵
  PID:12688
- C:\Windows\System\ZJNPjQs.exe
  C:\Windows\System\ZJNPjQs.exe
  2⤵
  PID:12712
- C:\Windows\System\JShMGWH.exe
  C:\Windows\System\JShMGWH.exe
  2⤵
  PID:12736
- C:\Windows\System\FBroKtC.exe
  C:\Windows\System\FBroKtC.exe
  2⤵
  PID:12764
- C:\Windows\System\mVtoyNR.exe
  C:\Windows\System\mVtoyNR.exe
  2⤵
  PID:12800
- C:\Windows\System\ALkQpLG.exe
  C:\Windows\System\ALkQpLG.exe
  2⤵
  PID:12832
- C:\Windows\System\sqOCFdg.exe
  C:\Windows\System\sqOCFdg.exe
  2⤵
  PID:12852
- C:\Windows\System\JrIpIOl.exe
  C:\Windows\System\JrIpIOl.exe
  2⤵
  PID:12892
- C:\Windows\System\MinEIkZ.exe
  C:\Windows\System\MinEIkZ.exe
  2⤵
  PID:12908
- C:\Windows\System\qSsccuL.exe
  C:\Windows\System\qSsccuL.exe
  2⤵
  PID:12948
- C:\Windows\System\vdvBXhh.exe
  C:\Windows\System\vdvBXhh.exe
  2⤵
  PID:12964
- C:\Windows\System\FlKEpSe.exe
  C:\Windows\System\FlKEpSe.exe
  2⤵
  PID:12992
- C:\Windows\System\xWDhRIA.exe
  C:\Windows\System\xWDhRIA.exe
  2⤵
  PID:13020
- C:\Windows\System\LsMJitx.exe
  C:\Windows\System\LsMJitx.exe
  2⤵
  PID:13036
- C:\Windows\System\nJUfhVP.exe
  C:\Windows\System\nJUfhVP.exe
  2⤵
  PID:13064
- C:\Windows\System\kviDJGC.exe
  C:\Windows\System\kviDJGC.exe
  2⤵
  PID:13092
- C:\Windows\System\bYkuIXz.exe
  C:\Windows\System\bYkuIXz.exe
  2⤵
  PID:13136
- C:\Windows\System\VbqMRKu.exe
  C:\Windows\System\VbqMRKu.exe
  2⤵
  PID:13172
- C:\Windows\System\vHmUbLT.exe
  C:\Windows\System\vHmUbLT.exe
  2⤵
  PID:13200
- C:\Windows\System\eWgnizK.exe
  C:\Windows\System\eWgnizK.exe
  2⤵
  PID:13228
- C:\Windows\System\TyAQStc.exe
  C:\Windows\System\TyAQStc.exe
  2⤵
  PID:13256
- C:\Windows\System\FJyOoua.exe
  C:\Windows\System\FJyOoua.exe
  2⤵
  PID:13284
- C:\Windows\System\AQnSzyk.exe
  C:\Windows\System\AQnSzyk.exe
  2⤵
  PID:12228
- C:\Windows\System\ffSqalu.exe
  C:\Windows\System\ffSqalu.exe
  2⤵
  PID:12348
- C:\Windows\System\nbtiEVl.exe
  C:\Windows\System\nbtiEVl.exe
  2⤵
  PID:12392
- C:\Windows\System\FltLRcf.exe
  C:\Windows\System\FltLRcf.exe
  2⤵
  PID:12484
- C:\Windows\System\OOwIamM.exe
  C:\Windows\System\OOwIamM.exe
  2⤵
  PID:12536
- C:\Windows\System\NJxCLlV.exe
  C:\Windows\System\NJxCLlV.exe
  2⤵
  PID:12620
- C:\Windows\System\XabKEZw.exe
  C:\Windows\System\XabKEZw.exe
  2⤵
  PID:12696
- C:\Windows\System\USAzaDL.exe
  C:\Windows\System\USAzaDL.exe
  2⤵
  PID:12720
- C:\Windows\System\iCLXpeE.exe
  C:\Windows\System\iCLXpeE.exe
  2⤵
  PID:12808
- C:\Windows\System\Qbeepsk.exe
  C:\Windows\System\Qbeepsk.exe
  2⤵
  PID:12840
- C:\Windows\System\XYFaSzm.exe
  C:\Windows\System\XYFaSzm.exe
  2⤵
  PID:12928
- C:\Windows\System\SwdWAOD.exe
  C:\Windows\System\SwdWAOD.exe
  2⤵
  PID:12976
- C:\Windows\System\ArIlpJA.exe
  C:\Windows\System\ArIlpJA.exe
  2⤵
  PID:13080
- C:\Windows\System\CTzuwMr.exe
  C:\Windows\System\CTzuwMr.exe
  2⤵
  PID:13144
- C:\Windows\System\QppuSoH.exe
  C:\Windows\System\QppuSoH.exe
  2⤵
  PID:13212
- C:\Windows\System\vilTybK.exe
  C:\Windows\System\vilTybK.exe
  2⤵
  PID:13272
- C:\Windows\System\qiVjuyC.exe
  C:\Windows\System\qiVjuyC.exe
  2⤵
  PID:12308
- C:\Windows\System\mieCNtQ.exe
  C:\Windows\System\mieCNtQ.exe
  2⤵
  PID:12460
- C:\Windows\System\owrjpIS.exe
  C:\Windows\System\owrjpIS.exe
  2⤵
  PID:12596
- C:\Windows\System\RLzHZxS.exe
  C:\Windows\System\RLzHZxS.exe
  2⤵
  PID:12744
- C:\Windows\System\yqHPEOL.exe
  C:\Windows\System\yqHPEOL.exe
  2⤵
  PID:12956
- C:\Windows\System\RjOOTOZ.exe
  C:\Windows\System\RjOOTOZ.exe
  2⤵
  PID:13048
- C:\Windows\System\uPCnmzd.exe
  C:\Windows\System\uPCnmzd.exe
  2⤵
  PID:13252
- C:\Windows\System\Dawbahm.exe
  C:\Windows\System\Dawbahm.exe
  2⤵
  PID:12388
- C:\Windows\System\epZFYTI.exe
  C:\Windows\System\epZFYTI.exe
  2⤵
  PID:12704
- C:\Windows\System\UzImXgl.exe
  C:\Windows\System\UzImXgl.exe
  2⤵
  PID:13028
- C:\Windows\System\DGgLpPC.exe
  C:\Windows\System\DGgLpPC.exe
  2⤵
  PID:12428
- C:\Windows\System\RVayhQB.exe
  C:\Windows\System\RVayhQB.exe
  2⤵
  PID:12708
- C:\Windows\System\kwNBaYg.exe
  C:\Windows\System\kwNBaYg.exe
  2⤵
  PID:13332
- C:\Windows\System\ttPkIBd.exe
  C:\Windows\System\ttPkIBd.exe
  2⤵
  PID:13364
- C:\Windows\System\CFneANZ.exe
  C:\Windows\System\CFneANZ.exe
  2⤵
  PID:13392
- C:\Windows\System\rXqcegB.exe
  C:\Windows\System\rXqcegB.exe
  2⤵
  PID:13440
- C:\Windows\System\plqKqua.exe
  C:\Windows\System\plqKqua.exe
  2⤵
  PID:13468
- C:\Windows\System\SdIUTFA.exe
  C:\Windows\System\SdIUTFA.exe
  2⤵
  PID:13496
- C:\Windows\System\TdyePuM.exe
  C:\Windows\System\TdyePuM.exe
  2⤵
  PID:13512
- C:\Windows\System\UevJhgB.exe
  C:\Windows\System\UevJhgB.exe
  2⤵
  PID:13552
- C:\Windows\System\LKWOgIQ.exe
  C:\Windows\System\LKWOgIQ.exe
  2⤵
  PID:13568
- C:\Windows\System\nbhKquT.exe
  C:\Windows\System\nbhKquT.exe
  2⤵
  PID:13608
- C:\Windows\System\QsuKFjl.exe
  C:\Windows\System\QsuKFjl.exe
  2⤵
  PID:13624
- C:\Windows\System\IbruPbw.exe
  C:\Windows\System\IbruPbw.exe
  2⤵
  PID:13664
- C:\Windows\System\sVDSZQM.exe
  C:\Windows\System\sVDSZQM.exe
  2⤵
  PID:13680
- C:\Windows\System\IAxbTWz.exe
  C:\Windows\System\IAxbTWz.exe
  2⤵
  PID:13720
- C:\Windows\System\KWclJdB.exe
  C:\Windows\System\KWclJdB.exe
  2⤵
  PID:13748
- C:\Windows\System\EdOUCZY.exe
  C:\Windows\System\EdOUCZY.exe
  2⤵
  PID:13776
- C:\Windows\System\mMShOqA.exe
  C:\Windows\System\mMShOqA.exe
  2⤵
  PID:13792
- C:\Windows\System\hCGdoWL.exe
  C:\Windows\System\hCGdoWL.exe
  2⤵
  PID:13820
- C:\Windows\System\fVNUTGU.exe
  C:\Windows\System\fVNUTGU.exe
  2⤵
  PID:13848
- C:\Windows\System\calESUa.exe
  C:\Windows\System\calESUa.exe
  2⤵
  PID:13888
- C:\Windows\System\RXsEBUH.exe
  C:\Windows\System\RXsEBUH.exe
  2⤵
  PID:13916
- C:\Windows\System\sgHDsFZ.exe
  C:\Windows\System\sgHDsFZ.exe
  2⤵
  PID:13944
- C:\Windows\System\RKbtfyP.exe
  C:\Windows\System\RKbtfyP.exe
  2⤵
  PID:13960
- C:\Windows\System\WkiNpyB.exe
  C:\Windows\System\WkiNpyB.exe
  2⤵
  PID:13980
- C:\Windows\System\tZOWGtk.exe
  C:\Windows\System\tZOWGtk.exe
  2⤵
  PID:14012
- C:\Windows\System\lVkMVAi.exe
  C:\Windows\System\lVkMVAi.exe
  2⤵
  PID:14056
- C:\Windows\System\RQGOfgO.exe
  C:\Windows\System\RQGOfgO.exe
  2⤵
  PID:14084
- C:\Windows\System\jCQsaCs.exe
  C:\Windows\System\jCQsaCs.exe
  2⤵
  PID:14112
- C:\Windows\System\mJjwRAn.exe
  C:\Windows\System\mJjwRAn.exe
  2⤵
  PID:14140
- C:\Windows\System\gZxYbcv.exe
  C:\Windows\System\gZxYbcv.exe
  2⤵
  PID:14168
- C:\Windows\System\qZHpKMV.exe
  C:\Windows\System\qZHpKMV.exe
  2⤵
  PID:14196
- C:\Windows\System\bSawVUB.exe
  C:\Windows\System\bSawVUB.exe
  2⤵
  PID:14224
- C:\Windows\System\dTFXEUL.exe
  C:\Windows\System\dTFXEUL.exe
  2⤵
  PID:14252
- C:\Windows\System\abNYZXF.exe
  C:\Windows\System\abNYZXF.exe
  2⤵
  PID:14280
- C:\Windows\System\oxIFiIX.exe
  C:\Windows\System\oxIFiIX.exe
  2⤵
  PID:14296
- C:\Windows\System\UCzlVzi.exe
  C:\Windows\System\UCzlVzi.exe
  2⤵
  PID:14328
- C:\Windows\System\POzBBMr.exe
  C:\Windows\System\POzBBMr.exe
  2⤵
  PID:13356
- C:\Windows\System\EtPvLNw.exe
  C:\Windows\System\EtPvLNw.exe
  2⤵
  PID:13424
- C:\Windows\System\bJAMeYH.exe
  C:\Windows\System\bJAMeYH.exe
  2⤵
  PID:13488
- C:\Windows\System\YsfdmPt.exe
  C:\Windows\System\YsfdmPt.exe
  2⤵
  PID:13548
- C:\Windows\System\jzfHBtY.exe
  C:\Windows\System\jzfHBtY.exe
  2⤵
  PID:13600
- C:\Windows\System\sLABoAa.exe
  C:\Windows\System\sLABoAa.exe
  2⤵
  PID:13676
- C:\Windows\System\ulHAGJU.exe
  C:\Windows\System\ulHAGJU.exe
  2⤵
  PID:13732
- C:\Windows\System\ZTVOSCo.exe
  C:\Windows\System\ZTVOSCo.exe
  2⤵
  PID:13808
- C:\Windows\System\lWbbmvm.exe
  C:\Windows\System\lWbbmvm.exe
  2⤵
  PID:13884
- C:\Windows\System\HGXdoKG.exe
  C:\Windows\System\HGXdoKG.exe
  2⤵
  PID:13932
- C:\Windows\System\cQpAYSd.exe
  C:\Windows\System\cQpAYSd.exe
  2⤵
  PID:13996
- C:\Windows\System\nYlwBQE.exe
  C:\Windows\System\nYlwBQE.exe
  2⤵
  PID:14080
- C:\Windows\System\JHbQFIo.exe
  C:\Windows\System\JHbQFIo.exe
  2⤵
  PID:14136
- C:\Windows\System\cprpKIu.exe
  C:\Windows\System\cprpKIu.exe
  2⤵
  PID:14208
- C:\Windows\System\pHLhngR.exe
  C:\Windows\System\pHLhngR.exe
  2⤵
  PID:14272
- C:\Windows\System\zYwnRAl.exe
  C:\Windows\System\zYwnRAl.exe
  2⤵
  PID:14316
- C:\Windows\System\naCEnGx.exe
  C:\Windows\System\naCEnGx.exe
  2⤵
  PID:13456
- C:\Windows\System\NlDjhLC.exe
  C:\Windows\System\NlDjhLC.exe
  2⤵
  PID:13592
- C:\Windows\System\gUMdHEC.exe
  C:\Windows\System\gUMdHEC.exe
  2⤵
  PID:13716
- C:\Windows\System\dcnrrMC.exe
  C:\Windows\System\dcnrrMC.exe
  2⤵
  PID:13928
- C:\Windows\System\dyCcZPL.exe
  C:\Windows\System\dyCcZPL.exe
  2⤵
  PID:14072
- C:\Windows\System\iycyEkp.exe
  C:\Windows\System\iycyEkp.exe
  2⤵
  PID:14164
- C:\Windows\System\PIpECEw.exe
  C:\Windows\System\PIpECEw.exe
  2⤵
  PID:12884
- C:\Windows\System\qYxAlID.exe
  C:\Windows\System\qYxAlID.exe
  2⤵
  PID:13844
- C:\Windows\System\XqUfwJa.exe
  C:\Windows\System\XqUfwJa.exe
  2⤵
  PID:13316
- C:\Windows\System\ohskbvT.exe
  C:\Windows\System\ohskbvT.exe
  2⤵
  PID:14340
- C:\Windows\System\SOeJdZw.exe
  C:\Windows\System\SOeJdZw.exe
  2⤵
  PID:14368

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CyKBFTM.exe

Filesize
2.0MB

MD5
2e43eec8f4ba45eeb2d93d28a718da9a

SHA1
fa1b0642c3a6328e564517c74f2a817051778317

SHA256
c6f50cc69c8d89686400d1c3d87bf8c59e3ae07342c2450f4601f53955cfa58c

SHA512
4e8e90d0fc0fb8344257b0cd15fa0589d11c520cc889277d0e56d6d271eb35f45fc78556aa3e9cbd4a23c5b6890d3c789c47b7f202eb526e549579ae88989344

Download Submit
C:\Windows\System\DLiBRHd.exe

Filesize
2.0MB

MD5
de487a55fd49e167ec7a4a3685cd32e3

SHA1
617d837cdcf0845bb8466e4fe90a25ebacc816a8

SHA256
b2dc7015bdf18aafa071ac6d1cf727a1c505e92c0e1aea29f7c1d8e31207c6ea

SHA512
83a986229967557fab018dacdf8bedaf3831486e77a60289148b62679dbb3fa2bf6eb909e58a9680d5c1d40ae72603a45e8ba8a3875d22593e650c0acd1ad91d

Download Submit
C:\Windows\System\EBDWqIs.exe

Filesize
2.0MB

MD5
ff70f2558afd7045e657a4f2e4810f0d

SHA1
8d63675009307e829e83ba8ced2fbe7fc17ec94e

SHA256
caaf7dd33b274e41f3cd4637be9e5e06a9778e129fd325531d04d4dbb272d19d

SHA512
5a1e8fb09dc6c2315898e8229dbf9e2c3328987d2a7bd551c04f2040f4ffa4a2267a4e056c9c5d3a43210967baa28b81615c8f7438488472ee14f758dbb439b3

Download Submit
C:\Windows\System\EjLlxEy.exe

Filesize
2.0MB

MD5
dcbd5c9c7cd80f1033457471641bd4cd

SHA1
d6deeb558e91615cfc3dc0a4df7205e12bc8ea4c

SHA256
07606b0c33021d9e857aabbc832c95dbf08decfa4976cf83f4f0e260445f72df

SHA512
711254b73ea020f64f631616f084bdb3e68c09d7e1c420b0bfd7df98739b059951b33bf5196594bff8ab05362c0c1410dc60c08b2ecf962a269bf3023fe76dde

Download Submit
C:\Windows\System\GkkGPtO.exe

Filesize
2.0MB

MD5
4f3d692cb12eb05fc2f20ea561c16e53

SHA1
04bdd002a87d8561170a95c64ea13433d4f36651

SHA256
8e85e48f042fb24ac2e5fe35642b1e80181ff30dfedbd7f7692a938ea32019d5

SHA512
aad68f79b806a8e8682c99cf39a0fbeb29731dbf339a8b9e04163ba9e2840646c58816c1ba28b5168073c4a4c01318706ba55df30c2b2d11e91100b782295924

Download Submit
C:\Windows\System\LYjfaAb.exe

Filesize
2.0MB

MD5
200d475972a35e1d02116c2c77c87a85

SHA1
d80ebb42dfb318d35c0427674ec611e0659d7c7b

SHA256
bc01d812c77433890a62db7b3157740c554b87a27decdc5b383232feaf973928

SHA512
b66dbf86b0e8915de73023f7801001c52b7ab6fd56f544fc31a3e706e21382a069cd3f4639d779f6ed5d0285b6873917ff0f814766daa937323c979783280eba

Download Submit
C:\Windows\System\OJlSYse.exe

Filesize
2.0MB

MD5
42cea7c3e49305f33314b0cf209d8927

SHA1
5b604e99ef3e78fb76c22b0e47568b43d26443fb

SHA256
a696841966eff8b1d13248231bdc44d63c19eb5bd9e564792a7f81c4233a0eb7

SHA512
7a7ca997b491ea889eee499dbfb12b2a42d2d22a5c8b6d40d41e2c7c3b4221a9ae9d7b1e63e951aca8bc9a232324edd7e8ef512f44ee85e5ed8711e59583c8f2

Download Submit
C:\Windows\System\QToQwzS.exe

Filesize
2.0MB

MD5
fecce3de1d017842c36637f0dbe2eb84

SHA1
d5989739dcb51b6b1b8498ade62dbb3ace667447

SHA256
c11802dc665a0572d0c20ccc1042acac03b46d1585f3f03e763bd88930314a92

SHA512
4936a5d0d27ed7b4fced8a165b66724f814341968c1dfd80d46473ccef29ad60a7ea9910ec31d3b493f5074f51073492b6d0f125d5a7e39d93a19d67d97efa1c

Download Submit
C:\Windows\System\QebUurU.exe

Filesize
2.0MB

MD5
3cdd9a2e2e16e7aa088de80c5b957aba

SHA1
72b6f37e71099f82a80fd5b2aaf244e2845cb085

SHA256
6e46f17843436dca4a531324da8ac58222c00dc68608622b933bd63f700fb260

SHA512
1662b4ab5ca2753ae0979c6bf5a22c6c01fce036ccf1be2c0b9f93f960167a91312d20733c748559310a5b61476d2f067208f3ea9320c8f683db436ab68ca6f5

Download Submit
C:\Windows\System\SBCIVrN.exe

Filesize
2.0MB

MD5
415add2ece16e878c1b182e4562dd91f

SHA1
003d58764a39a4423277f2a618f1d9a5aec2a0cc

SHA256
29f49b3268dd1368e05efa83fdc4b66bb7c3f297c1f0f28177e4dccc5ee7ebb7

SHA512
714b318309ce10898d7c0884cddd81b1785389f42743635e3d9b685e4c7fe5355da1a386aae3ca889b3b0a8ed5899b89cffc47cf530d01acb4d5c7dbcc97f2bf

Download Submit
C:\Windows\System\VOmCjpJ.exe

Filesize
2.0MB

MD5
749062a005a1e4eef6e34eecef6666b7

SHA1
2bec8079951b24790456995bc26876684c5a247e

SHA256
9c7ee3bfafa7ed5d627caffe277a611484c50c6e82c7afe47cb7e0864e4ce797

SHA512
61e79b984d960d30e44048615588e2ed496924cd06014c034ca84f1305cf6896407255747ae89b4047ae0cf06093c80d7422e815864053bcf24da5ac19ff04a7

Download Submit
C:\Windows\System\XAwhYJU.exe

Filesize
2.0MB

MD5
7a0ae03e2544658fc2aea2ba00155b92

SHA1
2ed81dce9aa65332b82990d31399ffa482cd2cd9

SHA256
3eb6e9de60dca20f83337a76bac15f73af51ee0a9a23dfd1ff16c3ac87831e3b

SHA512
ab1beaedeb538fe86498a4da8f78db58a850966cd4305250470409e851910c54feabd6046a419f107b65302e83b8e1102f42ae5f877c05f0d592e5fa2abe40ae

Download Submit
C:\Windows\System\YFaFpQm.exe

Filesize
2.0MB

MD5
27b2e5394004e7a77d32e0da36072420

SHA1
492bb4d00f7f9b0a32507e63084c508633651a26

SHA256
be2aca713f3a4ad9d74f0c469136875a7363d29b9f5cc04d3d6786928ef0513b

SHA512
4b9f203826667f4e43b857d2f27c9d2a60775caba048fd78e4b1ce024b36b888224bde64dfad49b858324ec0aa89167f81933a03a892a6bdee1b01b9bdba14f2

Download Submit
C:\Windows\System\YKDzIad.exe

Filesize
2.0MB

MD5
7db33e02039fb10db87c5e4483e90efe

SHA1
ad327e684b8b426d8aa32a7209f783dd4d2f395e

SHA256
22dbab027846c2a9641d8b0405a55e0180271a9308e8f4b4c97bcdda5e2fbf00

SHA512
3b69287eb33969cd4def718f1878e5199454562a06dcb1a6bddf4a3b6eba936cdff812a4bf7f071ab62ab3988fc1cc9a0b1bf5a0775ea575d0f571e25d82442c

Download Submit
C:\Windows\System\aRBYUcA.exe

Filesize
2.0MB

MD5
0d2122a3abb0411ef962c5a90b4cebfa

SHA1
69c66095e6c64c929353b33af4303e62be86ba5e

SHA256
58b0ec8fc880f98c9ab5aa9c3410a4d114c6a85483ece959468a104730e38c1b

SHA512
8d944450ad46bab7841020d362cdd10fc12b41fb90965384a77d2ee50d23586054ac33c1b08db7fae14b50f03bdd6d2f6297243c56d2898f74bbae347ec7bfca

Download Submit
C:\Windows\System\aZzcEtr.exe

Filesize
2.0MB

MD5
6a3c73f25b7b4b5b221e8115cd30e182

SHA1
b8124f766e3b7d63dc6be46759c48e0a46499ce2

SHA256
764e47b78e3edcb40fb23a3a7719bd1dada8f0f7ac857c91af0febeac68b06c7

SHA512
a8f7ff07cbca4e45e50a53fc67185ace23fc08cc573aea42a1b262476156b387147dc521bcda673b105180cb8ef154938bcd53b5dfbe714cfea57ec6105c50fe

Download Submit
C:\Windows\System\adbywUj.exe

Filesize
2.0MB

MD5
5369fc0929ffa96e555fab7979ab8227

SHA1
465f24836759c4d5ae973065a5e375401029db37

SHA256
768e1397b8e8dc1cc09badca522fbe9371dea227ae95aadbabcb1b3fa3a926ca

SHA512
e9e31dc3da2a7575a2b47dbbc960312e738f5519d381767f5890ddff4746c52341284233cecbab58b8de09e45ee180736ffb82d66a70a6635e4be59258da2748

Download Submit
C:\Windows\System\axmWcyn.exe

Filesize
2.0MB

MD5
7dcf71f47587769461c9f1a9bc19e4f7

SHA1
5ea4c27efdead6394a6440391b51d453320327d1

SHA256
0d43b772b5cbb09aaaae3cf39084c1a222a59bd7ada9208ee6e077bbc1a44dc7

SHA512
66abb20e7ac37e68828b94f00afaaa46fcb43fa54cfe2a6b4629d2f49aee248a0ab9b86501bb1f7be625cc1c12b4f1fc9d3df9b7444012cc8d31ba8bca050565

Download Submit
C:\Windows\System\dXhnXBm.exe

Filesize
2.0MB

MD5
83d313386295a6b6df5b41309ebb13a4

SHA1
4d8383f9687a960ba78f0406ddc87220217436cb

SHA256
88eb94b2b63a85d48e13a7daf79e8cde18cbf18e8f6e109b2e067fff3ce536f5

SHA512
e40807ee64ecbbd09a0fe96247b2022005456bc0a432fe919e0293e5d533c6e404c3499e292f1a8a8712ed3b98679602be9af64b0c3bb93ade41a74830aecbcd

Download Submit
C:\Windows\System\eiRVAlr.exe

Filesize
2.0MB

MD5
9442d6d173ae7228f6310f9fce987387

SHA1
e6abd24f1f427b7b76bb32f4003445e7c3033224

SHA256
748292299258d7e5b67095ab56608b3d344e6dea0273031a9767409659caa8fa

SHA512
99548c2de9c44500f14afacad0feefe54550ddaa715f5296e70dbb134ce1ecc8443d23d1f03bc663e2e59debdbefce74c7f81ac95b5508a9477257e876d8c29e

Download Submit
C:\Windows\System\fWMVYRw.exe

Filesize
2.0MB

MD5
ca44a48fd99655115fa80665405d2f8a

SHA1
5070a32454b1d51086edf19a65370b3dafd5217b

SHA256
fd45df9efab5e3c13a88538a2915243f5bb5e83acee7f7b0235b9ad92521fca5

SHA512
fd5d83b3d09da40c508fb38377deab267da8ba02aaa654d5875070bb6d946903975bde2c5581694621fc00242046fa649973090992da93d091321d675d52bf8c

Download Submit
C:\Windows\System\gMiCjkf.exe

Filesize
2.0MB

MD5
93d2df90e64e818aebf3662e1dc1fdf9

SHA1
ab5454fd7ca35d316049ae5eff43ee1127e2806c

SHA256
1981af3cca9ef8ff41b0162632c982ee980208af678167f4ba768a8a61ed57d7

SHA512
6008c08bc2b651865fba3e11f09abe53970ade73985fbb81329f9ad601376b2b587acc370b507cf0ec69820effda9dc2a17bd01a7f2a007f49fdb309b41f5e09

Download Submit
C:\Windows\System\hZkmJvZ.exe

Filesize
2.0MB

MD5
cf2f88af5aa94cfdfb97d51b0247b0bd

SHA1
c0d62a4edc90ade637b4cba78dbb0e62ecf04ce2

SHA256
88878211949163228d6f80b76b3d9d91748263f249e1a0c014c73ae4dec0a452

SHA512
fc21fb92f2b93ad2bbda4e4942537e10f3586226ca3db07898b0dd833fc735f67886b6c8db33e5e1ea2440e1b6e4280ad3f4492f339b2048c48ab70a819cbc3f

Download Submit
C:\Windows\System\jCrdPlN.exe

Filesize
2.0MB

MD5
9aa84a134542a86c1b49cab7f8935d3c

SHA1
c0cdc55a5da516ffe793657d32e138f205f2181e

SHA256
a156a20561c9d54404ae504cba3cacc4cca9aaadb8aa6fc619f51a6f3dc372fe

SHA512
594bd5ded3c0ed296a6c8bcd06c0d083da19a352fe2f1bcfc55624701b58937f717a6be5a105d22d3132dad8c7fa0125089e0b3a33eb410f3d2625d0067ef2af

Download Submit
C:\Windows\System\jSBAgfc.exe

Filesize
2.0MB

MD5
f95ba427fd6b0e2c06544c9aefff6c72

SHA1
372c76fe772166f87316fa58f5e7805d6b5ecd86

SHA256
9cc0f7006a59e108edc8061cda772c5bf03ae670cca9418d80f5bf5506833517

SHA512
1fc6a6c12d6aa0ce564bf7a17f057ba5a2fc18664c2f92968e2f913a4bbc31bae6cfca06ca2e4d097cb775578b5bf5cd5c5e3785709c04e6061c04327f715cef

Download Submit
C:\Windows\System\lXPXmee.exe

Filesize
2.0MB

MD5
aad2af985e3cc254c8238912d7c2be8f

SHA1
62a600aa4bda62f21599137dd64c924c216308b3

SHA256
46c8196b06ce06bd726412aba471556b169923eb119c6de29f7af4e1c1334cbe

SHA512
ef666beff787771808590e081f78ffb8cdd66cafa08a230b77e8d8c9a76d5fe0327ab81debc67107a1151b9d319c2e803305e9876546f8ec2090f426de3a8c51

Download Submit
C:\Windows\System\mKIClpw.exe

Filesize
2.0MB

MD5
197efb0cde9b2f2c5ad1e9c933c3e11a

SHA1
f636bf290e198256499b0608996ed44181b8388e

SHA256
2370e5f03cc8301b8ca2926bf841cc25894648f09d7cff946d8e438d99d5b3bc

SHA512
921cc633cc551feecfb75964d658ca3bdd86eec2d7d10ddf96677ebad8851d075eb3fe2410f813b3c927a3fad9288ee26a738864f78c861f5efdf1ec388bf760

Download Submit
C:\Windows\System\msirbXq.exe

Filesize
2.0MB

MD5
5985dcc6076323eb7ff82612e7daaf0b

SHA1
993d1ec68c3f321252e9ffd024dcd6cef634ae92

SHA256
ce40a1dc2cfff1e190b74386b71327c5693c63c845638ef6346e0634b73f954e

SHA512
732818f0adadcea180b311f9a0b64b966049615fc2b477f761d55bf7a9e1d085c45935817017b4649edd417bfa65f23dc2ff8440b2e15a271d6ff219aa613633

Download Submit
C:\Windows\System\nDldTcv.exe

Filesize
2.0MB

MD5
43f9739511912a2d9c42d14bc9178dbf

SHA1
5fa82f3fe1d9cf925a6489a713f066e3b575c145

SHA256
7e41ed43099638af32b219c27905e5d681946d20fd1695154931513a4383a5b0

SHA512
fb4653947cd164795eca8caa8844f3c309c93b2f7d7745445aa02a4b3aab0cd094fac4749371318310e99753e5321ff44cfeb9335d5927fc03cb0256a7cad1a9

Download Submit
C:\Windows\System\qDJIzss.exe

Filesize
2.0MB

MD5
86e110d63bb1261dd38891b6712b6e4a

SHA1
3493f3d05830f5669cc9459230b2faa21aa6af07

SHA256
be7533df9bd5533030fcb3b8ef281411c9557a69d6f19a5250c354918a9cb4c9

SHA512
4ccfe6023d7bfd7d3ac6c29d64f8efd0bdf9fcdf35b8756b3785719bf8207f0eda2a750922d10c2032099ada0628c6b32efe5cef38c1fa22a7391923b6717cd3

Download Submit
C:\Windows\System\tMUphzV.exe

Filesize
2.0MB

MD5
795dbbe936012bf254137ead7a6a8c01

SHA1
5e91b244df9243e9c8306e48806292382e3f1b94

SHA256
f4baf471d953beb014da1ef65afc32050fb8af1c9ace1db67ecad4e402f1627b

SHA512
8051293869bae680b824638409476bc832c954ac0db15709d015f630d920e5ec6f019585408d6e7049ee01db60dc9dd49ddcd33862d17f864d8dc50663cbb7df

Download Submit
C:\Windows\System\vYqvtSt.exe

Filesize
2.0MB

MD5
35d982b76b145c087ac011f038c65975

SHA1
3516fc281a3e4365a8ba51ab9416847bd25d9289

SHA256
0b055c1078bfe2e9d57cd27786369f4809c8ce248b970057183724af5020d971

SHA512
ae1e1cdf451553e236b87ab6e8cbdfaf09fbbf8851241ca4c9e8f9bc0ada4a8568b0fe508e5043fde9f13ac197de63aedbb52a0430bc40e456238dfdf50a8bfd

Download Submit
C:\Windows\System\wrUXoYf.exe

Filesize
2.0MB

MD5
726d244faa20abb1fbfcf8d9e21ca95c

SHA1
95aba480b2a74bf28d6eee400e6ca76d7460627a

SHA256
dd6c4ac70d9fd15c3a1e0419d72c02758c5891d50ea08df8bad2616b4580e19e

SHA512
b3dae78a373f57d0d1960cc9980097c603b53ad7dc37efb2c6b265c3a11de4d0eea56295805f203d6964f12abcd2bca4f6e40b5ce40f7e06af98c67987ffea32

Download Submit
memory/636-52-0x00007FF627FC0000-0x00007FF628314000-memory.dmp

Filesize
3.3MB

Download
memory/636-2134-0x00007FF627FC0000-0x00007FF628314000-memory.dmp

Filesize
3.3MB

Download
memory/976-2150-0x00007FF721790000-0x00007FF721AE4000-memory.dmp

Filesize
3.3MB

Download
memory/976-497-0x00007FF721790000-0x00007FF721AE4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2146-0x00007FF685730000-0x00007FF685A84000-memory.dmp

Filesize
3.3MB

Download
memory/1528-478-0x00007FF685730000-0x00007FF685A84000-memory.dmp

Filesize
3.3MB

Download
memory/1584-460-0x00007FF621DD0000-0x00007FF622124000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2136-0x00007FF621DD0000-0x00007FF622124000-memory.dmp

Filesize
3.3MB

Download
memory/1604-505-0x00007FF7C6A70000-0x00007FF7C6DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1604-2153-0x00007FF7C6A70000-0x00007FF7C6DC4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-489-0x00007FF7005A0000-0x00007FF7008F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-2148-0x00007FF7005A0000-0x00007FF7008F4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-483-0x00007FF66AF10000-0x00007FF66B264000-memory.dmp

Filesize
3.3MB

Download
memory/1760-2144-0x00007FF66AF10000-0x00007FF66B264000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2152-0x00007FF7A6810000-0x00007FF7A6B64000-memory.dmp

Filesize
3.3MB

Download
memory/1800-504-0x00007FF7A6810000-0x00007FF7A6B64000-memory.dmp

Filesize
3.3MB

Download
memory/1840-494-0x00007FF730CC0000-0x00007FF731014000-memory.dmp

Filesize
3.3MB

Download
memory/1840-2151-0x00007FF730CC0000-0x00007FF731014000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2132-0x00007FF6439C0000-0x00007FF643D14000-memory.dmp

Filesize
3.3MB

Download
memory/2024-457-0x00007FF6439C0000-0x00007FF643D14000-memory.dmp

Filesize
3.3MB

Download
memory/2128-512-0x00007FF647CB0000-0x00007FF648004000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2138-0x00007FF647CB0000-0x00007FF648004000-memory.dmp

Filesize
3.3MB

Download
memory/2140-491-0x00007FF6355B0000-0x00007FF635904000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2145-0x00007FF6355B0000-0x00007FF635904000-memory.dmp

Filesize
3.3MB

Download
memory/2752-475-0x00007FF738990000-0x00007FF738CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-2142-0x00007FF738990000-0x00007FF738CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-490-0x00007FF6C36B0000-0x00007FF6C3A04000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2147-0x00007FF6C36B0000-0x00007FF6C3A04000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2129-0x00007FF7F72A0000-0x00007FF7F75F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-31-0x00007FF7F72A0000-0x00007FF7F75F4000-memory.dmp

Filesize
3.3MB

Download
memory/3244-455-0x00007FF6DB7B0000-0x00007FF6DBB04000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2131-0x00007FF6DB7B0000-0x00007FF6DBB04000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2137-0x00007FF7AF4C0000-0x00007FF7AF814000-memory.dmp

Filesize
3.3MB

Download
memory/3372-513-0x00007FF7AF4C0000-0x00007FF7AF814000-memory.dmp

Filesize
3.3MB

Download
memory/3380-506-0x00007FF762C00000-0x00007FF762F54000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2155-0x00007FF762C00000-0x00007FF762F54000-memory.dmp

Filesize
3.3MB

Download
memory/3452-2127-0x00007FF77B600000-0x00007FF77B954000-memory.dmp

Filesize
3.3MB

Download
memory/3452-25-0x00007FF77B600000-0x00007FF77B954000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2139-0x00007FF780650000-0x00007FF7809A4000-memory.dmp

Filesize
3.3MB

Download
memory/3516-468-0x00007FF780650000-0x00007FF7809A4000-memory.dmp

Filesize
3.3MB

Download
memory/3772-1-0x0000012CB4D70000-0x0000012CB4D80000-memory.dmp

Filesize
64KB

Download
memory/3772-0-0x00007FF79A020000-0x00007FF79A374000-memory.dmp

Filesize
3.3MB

Download
memory/3940-2143-0x00007FF632F50000-0x00007FF6332A4000-memory.dmp

Filesize
3.3MB

Download
memory/3940-488-0x00007FF632F50000-0x00007FF6332A4000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2149-0x00007FF7B8AF0000-0x00007FF7B8E44000-memory.dmp

Filesize
3.3MB

Download
memory/4068-496-0x00007FF7B8AF0000-0x00007FF7B8E44000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2126-0x00007FF71EC80000-0x00007FF71EFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-56-0x00007FF71EC80000-0x00007FF71EFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4076-2135-0x00007FF71EC80000-0x00007FF71EFD4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-51-0x00007FF6F2260000-0x00007FF6F25B4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2125-0x00007FF6F2260000-0x00007FF6F25B4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2133-0x00007FF6F2260000-0x00007FF6F25B4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-464-0x00007FF631EF0000-0x00007FF632244000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2140-0x00007FF631EF0000-0x00007FF632244000-memory.dmp

Filesize
3.3MB

Download
memory/4600-2141-0x00007FF624480000-0x00007FF6247D4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-473-0x00007FF624480000-0x00007FF6247D4000-memory.dmp

Filesize
3.3MB

Download
memory/4672-2154-0x00007FF60DBC0000-0x00007FF60DF14000-memory.dmp

Filesize
3.3MB

Download
memory/4672-511-0x00007FF60DBC0000-0x00007FF60DF14000-memory.dmp

Filesize
3.3MB

Download
memory/4976-62-0x00007FF7025E0000-0x00007FF702934000-memory.dmp

Filesize
3.3MB

Download
memory/4976-2128-0x00007FF7025E0000-0x00007FF702934000-memory.dmp

Filesize
3.3MB

Download
memory/5048-35-0x00007FF785270000-0x00007FF7855C4000-memory.dmp

Filesize
3.3MB

Download
memory/5048-2130-0x00007FF785270000-0x00007FF7855C4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads