kpot | ef5fc64b616ba6babe9f24673788ba616c1a308c341880a583fc4effb21d13a3

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
Size

2.0MB
MD5

a478220f1dfdbb9053e428ad86d84250
SHA1

dbda16c8605e2d18197f45c874434b6a45060a0f
SHA256

ef5fc64b616ba6babe9f24673788ba616c1a308c341880a583fc4effb21d13a3
SHA512

6c79f74e5c2a74d220d87d794d1bdbd652d31c0d60e3784bbb820767dbec702afea92fd17f62880bc2c2f8e70e06a0dbf8068b13163a47a4bbf19154ec3150fe
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3iy:BemTLkNdfE0pZrwp

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000800000002351d-5.dat	family_kpot
behavioral2/files/0x0007000000023521-10.dat	family_kpot
behavioral2/files/0x0007000000023522-7.dat	family_kpot
behavioral2/files/0x0007000000023523-17.dat	family_kpot
behavioral2/files/0x0007000000023525-32.dat	family_kpot
behavioral2/files/0x000700000002352a-57.dat	family_kpot
behavioral2/files/0x000700000002352c-75.dat	family_kpot
behavioral2/files/0x0007000000023530-87.dat	family_kpot
behavioral2/files/0x0007000000023531-100.dat	family_kpot
behavioral2/files/0x0007000000023534-115.dat	family_kpot
behavioral2/files/0x0007000000023540-167.dat	family_kpot
behavioral2/files/0x000700000002353e-165.dat	family_kpot
behavioral2/files/0x000700000002353f-162.dat	family_kpot
behavioral2/files/0x000700000002353d-160.dat	family_kpot
behavioral2/files/0x000700000002353c-155.dat	family_kpot
behavioral2/files/0x000700000002353b-150.dat	family_kpot
behavioral2/files/0x000700000002353a-145.dat	family_kpot
behavioral2/files/0x0007000000023539-140.dat	family_kpot
behavioral2/files/0x0007000000023538-135.dat	family_kpot
behavioral2/files/0x0007000000023537-130.dat	family_kpot
behavioral2/files/0x0007000000023536-125.dat	family_kpot
behavioral2/files/0x0007000000023535-120.dat	family_kpot
behavioral2/files/0x0007000000023533-110.dat	family_kpot
behavioral2/files/0x0007000000023532-105.dat	family_kpot
behavioral2/files/0x000700000002352f-90.dat	family_kpot
behavioral2/files/0x000700000002352e-85.dat	family_kpot
behavioral2/files/0x000700000002352d-80.dat	family_kpot
behavioral2/files/0x000700000002352b-70.dat	family_kpot
behavioral2/files/0x0007000000023529-60.dat	family_kpot
behavioral2/files/0x0007000000023528-55.dat	family_kpot
behavioral2/files/0x0007000000023527-50.dat	family_kpot
behavioral2/files/0x0007000000023526-45.dat	family_kpot
behavioral2/files/0x0007000000023524-35.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2028-0-0x00007FF608B60000-0x00007FF608EB4000-memory.dmp	xmrig
behavioral2/files/0x000800000002351d-5.dat	xmrig
behavioral2/memory/3176-9-0x00007FF7C5320000-0x00007FF7C5674000-memory.dmp	xmrig
behavioral2/files/0x0007000000023521-10.dat	xmrig
behavioral2/files/0x0007000000023522-7.dat	xmrig
behavioral2/files/0x0007000000023523-17.dat	xmrig
behavioral2/memory/3216-22-0x00007FF735380000-0x00007FF7356D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023525-32.dat	xmrig
behavioral2/files/0x000700000002352a-57.dat	xmrig
behavioral2/files/0x000700000002352c-75.dat	xmrig
behavioral2/files/0x0007000000023530-87.dat	xmrig
behavioral2/files/0x0007000000023531-100.dat	xmrig
behavioral2/files/0x0007000000023534-115.dat	xmrig
behavioral2/files/0x0007000000023540-167.dat	xmrig
behavioral2/files/0x000700000002353e-165.dat	xmrig
behavioral2/files/0x000700000002353f-162.dat	xmrig
behavioral2/files/0x000700000002353d-160.dat	xmrig
behavioral2/files/0x000700000002353c-155.dat	xmrig
behavioral2/files/0x000700000002353b-150.dat	xmrig
behavioral2/files/0x000700000002353a-145.dat	xmrig
behavioral2/files/0x0007000000023539-140.dat	xmrig
behavioral2/files/0x0007000000023538-135.dat	xmrig
behavioral2/files/0x0007000000023537-130.dat	xmrig
behavioral2/files/0x0007000000023536-125.dat	xmrig
behavioral2/files/0x0007000000023535-120.dat	xmrig
behavioral2/files/0x0007000000023533-110.dat	xmrig
behavioral2/files/0x0007000000023532-105.dat	xmrig
behavioral2/files/0x000700000002352f-90.dat	xmrig
behavioral2/files/0x000700000002352e-85.dat	xmrig
behavioral2/files/0x000700000002352d-80.dat	xmrig
behavioral2/files/0x000700000002352b-70.dat	xmrig
behavioral2/files/0x0007000000023529-60.dat	xmrig
behavioral2/files/0x0007000000023528-55.dat	xmrig
behavioral2/files/0x0007000000023527-50.dat	xmrig
behavioral2/files/0x0007000000023526-45.dat	xmrig
behavioral2/files/0x0007000000023524-35.dat	xmrig
behavioral2/memory/736-31-0x00007FF6035D0000-0x00007FF603924000-memory.dmp	xmrig
behavioral2/memory/3024-18-0x00007FF6978E0000-0x00007FF697C34000-memory.dmp	xmrig
behavioral2/memory/1280-707-0x00007FF715BE0000-0x00007FF715F34000-memory.dmp	xmrig
behavioral2/memory/4944-708-0x00007FF7EAD30000-0x00007FF7EB084000-memory.dmp	xmrig
behavioral2/memory/2920-709-0x00007FF7A04F0000-0x00007FF7A0844000-memory.dmp	xmrig
behavioral2/memory/4292-710-0x00007FF7DA530000-0x00007FF7DA884000-memory.dmp	xmrig
behavioral2/memory/2040-711-0x00007FF6F38C0000-0x00007FF6F3C14000-memory.dmp	xmrig
behavioral2/memory/2324-712-0x00007FF6DB6C0000-0x00007FF6DBA14000-memory.dmp	xmrig
behavioral2/memory/2372-713-0x00007FF6B9330000-0x00007FF6B9684000-memory.dmp	xmrig
behavioral2/memory/4556-730-0x00007FF6F1FE0000-0x00007FF6F2334000-memory.dmp	xmrig
behavioral2/memory/2172-723-0x00007FF638340000-0x00007FF638694000-memory.dmp	xmrig
behavioral2/memory/336-749-0x00007FF7CC6A0000-0x00007FF7CC9F4000-memory.dmp	xmrig
behavioral2/memory/3948-740-0x00007FF765340000-0x00007FF765694000-memory.dmp	xmrig
behavioral2/memory/4960-739-0x00007FF6C17B0000-0x00007FF6C1B04000-memory.dmp	xmrig
behavioral2/memory/4684-757-0x00007FF7DA9A0000-0x00007FF7DACF4000-memory.dmp	xmrig
behavioral2/memory/4056-771-0x00007FF632020000-0x00007FF632374000-memory.dmp	xmrig
behavioral2/memory/1964-777-0x00007FF67A0C0000-0x00007FF67A414000-memory.dmp	xmrig
behavioral2/memory/1892-767-0x00007FF7F59D0000-0x00007FF7F5D24000-memory.dmp	xmrig
behavioral2/memory/804-783-0x00007FF6008F0000-0x00007FF600C44000-memory.dmp	xmrig
behavioral2/memory/2108-803-0x00007FF6B4440000-0x00007FF6B4794000-memory.dmp	xmrig
behavioral2/memory/2332-796-0x00007FF764AC0000-0x00007FF764E14000-memory.dmp	xmrig
behavioral2/memory/1992-810-0x00007FF731310000-0x00007FF731664000-memory.dmp	xmrig
behavioral2/memory/4980-837-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	xmrig
behavioral2/memory/2900-829-0x00007FF7B8430000-0x00007FF7B8784000-memory.dmp	xmrig
behavioral2/memory/1272-834-0x00007FF7AF100000-0x00007FF7AF454000-memory.dmp	xmrig
behavioral2/memory/4476-843-0x00007FF698C00000-0x00007FF698F54000-memory.dmp	xmrig
behavioral2/memory/64-842-0x00007FF7BB7C0000-0x00007FF7BBB14000-memory.dmp	xmrig
behavioral2/memory/2028-2045-0x00007FF608B60000-0x00007FF608EB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3176	ElnsrRy.exe
3024	ZWbQfxy.exe
3216	kpvzJDW.exe
736	RJDBjGA.exe
4476	PywMPQW.exe
1280	SGwqsAd.exe
4944	HrjhguZ.exe
2920	vPIsxaQ.exe
4292	rFVXPCw.exe
2040	PVmjUFK.exe
2324	mgPjnXB.exe
2372	mbnFpEg.exe
2172	TahmsnD.exe
4556	VoaCEEx.exe
4960	mMRRuQI.exe
3948	DRcocfG.exe
336	NQqBzSq.exe
4684	PsVzniG.exe
1892	QuCxfvo.exe
4056	PgQXBPV.exe
1964	ZhuBdPB.exe
804	FVThUkB.exe
2332	pxRPekK.exe
2108	fFJlDWG.exe
1992	jiEfrfu.exe
2900	hjKvdjE.exe
1272	bUqldPu.exe
4980	PtESMFi.exe
64	TjrjoOZ.exe
2056	YnCWbux.exe
2516	RnLDXyg.exe
1416	BWeamgK.exe
4912	ffnNfUP.exe
5064	hrwZMfa.exe
4528	aKxghQw.exe
2228	tIOBBBG.exe
4536	tJBHjJI.exe
4136	FwYgHnC.exe
2380	ZysjxaG.exe
2440	VufgTHh.exe
2276	SbAlcmJ.exe
2248	cqXsotd.exe
3756	zmlpEgr.exe
4652	FRJkLEH.exe
1856	AKFsRBj.exe
1316	ReEijCJ.exe
876	tYCnODD.exe
4048	WSUXReQ.exe
3488	PezoeVm.exe
5136	PoJUiBF.exe
5164	DsJxdEV.exe
5192	XklJAgs.exe
5228	GRSCOul.exe
5268	grhMDLm.exe
5296	BKfJjbo.exe
5324	uoMMWnu.exe
5352	AwmGCYx.exe
5380	wVRwBoF.exe
5412	HzDLjqh.exe
5436	UHCDlmn.exe
5464	XjcFSlp.exe
5484	aLeuDHZ.exe
5508	LfNCmmA.exe
5540	YwfGABk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2028-0-0x00007FF608B60000-0x00007FF608EB4000-memory.dmp	upx
behavioral2/files/0x000800000002351d-5.dat	upx
behavioral2/memory/3176-9-0x00007FF7C5320000-0x00007FF7C5674000-memory.dmp	upx
behavioral2/files/0x0007000000023521-10.dat	upx
behavioral2/files/0x0007000000023522-7.dat	upx
behavioral2/files/0x0007000000023523-17.dat	upx
behavioral2/memory/3216-22-0x00007FF735380000-0x00007FF7356D4000-memory.dmp	upx
behavioral2/files/0x0007000000023525-32.dat	upx
behavioral2/files/0x000700000002352a-57.dat	upx
behavioral2/files/0x000700000002352c-75.dat	upx
behavioral2/files/0x0007000000023530-87.dat	upx
behavioral2/files/0x0007000000023531-100.dat	upx
behavioral2/files/0x0007000000023534-115.dat	upx
behavioral2/files/0x0007000000023540-167.dat	upx
behavioral2/files/0x000700000002353e-165.dat	upx
behavioral2/files/0x000700000002353f-162.dat	upx
behavioral2/files/0x000700000002353d-160.dat	upx
behavioral2/files/0x000700000002353c-155.dat	upx
behavioral2/files/0x000700000002353b-150.dat	upx
behavioral2/files/0x000700000002353a-145.dat	upx
behavioral2/files/0x0007000000023539-140.dat	upx
behavioral2/files/0x0007000000023538-135.dat	upx
behavioral2/files/0x0007000000023537-130.dat	upx
behavioral2/files/0x0007000000023536-125.dat	upx
behavioral2/files/0x0007000000023535-120.dat	upx
behavioral2/files/0x0007000000023533-110.dat	upx
behavioral2/files/0x0007000000023532-105.dat	upx
behavioral2/files/0x000700000002352f-90.dat	upx
behavioral2/files/0x000700000002352e-85.dat	upx
behavioral2/files/0x000700000002352d-80.dat	upx
behavioral2/files/0x000700000002352b-70.dat	upx
behavioral2/files/0x0007000000023529-60.dat	upx
behavioral2/files/0x0007000000023528-55.dat	upx
behavioral2/files/0x0007000000023527-50.dat	upx
behavioral2/files/0x0007000000023526-45.dat	upx
behavioral2/files/0x0007000000023524-35.dat	upx
behavioral2/memory/736-31-0x00007FF6035D0000-0x00007FF603924000-memory.dmp	upx
behavioral2/memory/3024-18-0x00007FF6978E0000-0x00007FF697C34000-memory.dmp	upx
behavioral2/memory/1280-707-0x00007FF715BE0000-0x00007FF715F34000-memory.dmp	upx
behavioral2/memory/4944-708-0x00007FF7EAD30000-0x00007FF7EB084000-memory.dmp	upx
behavioral2/memory/2920-709-0x00007FF7A04F0000-0x00007FF7A0844000-memory.dmp	upx
behavioral2/memory/4292-710-0x00007FF7DA530000-0x00007FF7DA884000-memory.dmp	upx
behavioral2/memory/2040-711-0x00007FF6F38C0000-0x00007FF6F3C14000-memory.dmp	upx
behavioral2/memory/2324-712-0x00007FF6DB6C0000-0x00007FF6DBA14000-memory.dmp	upx
behavioral2/memory/2372-713-0x00007FF6B9330000-0x00007FF6B9684000-memory.dmp	upx
behavioral2/memory/4556-730-0x00007FF6F1FE0000-0x00007FF6F2334000-memory.dmp	upx
behavioral2/memory/2172-723-0x00007FF638340000-0x00007FF638694000-memory.dmp	upx
behavioral2/memory/336-749-0x00007FF7CC6A0000-0x00007FF7CC9F4000-memory.dmp	upx
behavioral2/memory/3948-740-0x00007FF765340000-0x00007FF765694000-memory.dmp	upx
behavioral2/memory/4960-739-0x00007FF6C17B0000-0x00007FF6C1B04000-memory.dmp	upx
behavioral2/memory/4684-757-0x00007FF7DA9A0000-0x00007FF7DACF4000-memory.dmp	upx
behavioral2/memory/4056-771-0x00007FF632020000-0x00007FF632374000-memory.dmp	upx
behavioral2/memory/1964-777-0x00007FF67A0C0000-0x00007FF67A414000-memory.dmp	upx
behavioral2/memory/1892-767-0x00007FF7F59D0000-0x00007FF7F5D24000-memory.dmp	upx
behavioral2/memory/804-783-0x00007FF6008F0000-0x00007FF600C44000-memory.dmp	upx
behavioral2/memory/2108-803-0x00007FF6B4440000-0x00007FF6B4794000-memory.dmp	upx
behavioral2/memory/2332-796-0x00007FF764AC0000-0x00007FF764E14000-memory.dmp	upx
behavioral2/memory/1992-810-0x00007FF731310000-0x00007FF731664000-memory.dmp	upx
behavioral2/memory/4980-837-0x00007FF779F00000-0x00007FF77A254000-memory.dmp	upx
behavioral2/memory/2900-829-0x00007FF7B8430000-0x00007FF7B8784000-memory.dmp	upx
behavioral2/memory/1272-834-0x00007FF7AF100000-0x00007FF7AF454000-memory.dmp	upx
behavioral2/memory/4476-843-0x00007FF698C00000-0x00007FF698F54000-memory.dmp	upx
behavioral2/memory/64-842-0x00007FF7BB7C0000-0x00007FF7BBB14000-memory.dmp	upx
behavioral2/memory/2028-2045-0x00007FF608B60000-0x00007FF608EB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KenxdJw.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\iReXEbn.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\RoXfsds.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\dZIANZM.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\dnNPPtn.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\mitYmDT.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\LSygZsB.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\bUqldPu.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\eXgSKUL.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\iZSPpLl.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\YbRVfCu.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\ufiZMiT.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\YoBIrnW.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\rKRoEGl.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\ohPGUzI.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\BQpvfYN.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\gtltCcG.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\NmYaVjn.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\FCYmiBv.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\THtFpVk.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\GOVaTpP.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\nsGRurz.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\VgpGBTP.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\lselAIA.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\MtPnGbZ.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\CruXqOB.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\aZUgKRo.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\zikFFhB.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\JQZdcnv.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\KalUTqD.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\HTziiBz.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\vPIsxaQ.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\jiAArLh.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\MvbQPiz.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\YleQyOm.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\ROaSJJv.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\lAfuSeO.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\bPlEQhf.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\anNpRkW.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\QuCxfvo.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\tophJEV.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\sbtCIVv.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\xQXFbrS.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\TsPWbHD.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\kIqqbxB.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\TsbrIhT.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\KnBovdc.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\rlCPCbD.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\BRwYQtV.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\zvvxVuY.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\GUOGjSU.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\jxHjvWp.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\jzrhDPk.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\ClrHQuy.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\PywMPQW.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\SrpEpNf.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\qRUveyi.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\vpedBbV.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\XjcFSlp.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\GClthgm.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\XaBfcWS.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\RzWMklT.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\oxIJthI.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
File created	C:\Windows\System\qcVUpNY.exe	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15168	dwm.exe
Token: SeChangeNotifyPrivilege	15168	dwm.exe
Token: 33	15168	dwm.exe
Token: SeIncBasePriorityPrivilege	15168	dwm.exe
Token: SeShutdownPrivilege	15168	dwm.exe
Token: SeCreatePagefilePrivilege	15168	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 3176	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	91
PID 2028 wrote to memory of 3176	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	91
PID 2028 wrote to memory of 3024	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	92
PID 2028 wrote to memory of 3024	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	92
PID 2028 wrote to memory of 3216	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	93
PID 2028 wrote to memory of 3216	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	93
PID 2028 wrote to memory of 736	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	94
PID 2028 wrote to memory of 736	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	94
PID 2028 wrote to memory of 4476	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	95
PID 2028 wrote to memory of 4476	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	95
PID 2028 wrote to memory of 1280	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	96
PID 2028 wrote to memory of 1280	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	96
PID 2028 wrote to memory of 4944	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	97
PID 2028 wrote to memory of 4944	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	97
PID 2028 wrote to memory of 2920	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	98
PID 2028 wrote to memory of 2920	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	98
PID 2028 wrote to memory of 4292	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	99
PID 2028 wrote to memory of 4292	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	99
PID 2028 wrote to memory of 2040	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	100
PID 2028 wrote to memory of 2040	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	100
PID 2028 wrote to memory of 2324	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	101
PID 2028 wrote to memory of 2324	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	101
PID 2028 wrote to memory of 2372	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	102
PID 2028 wrote to memory of 2372	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	102
PID 2028 wrote to memory of 2172	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	103
PID 2028 wrote to memory of 2172	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	103
PID 2028 wrote to memory of 4556	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	104
PID 2028 wrote to memory of 4556	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	104
PID 2028 wrote to memory of 4960	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	105
PID 2028 wrote to memory of 4960	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	105
PID 2028 wrote to memory of 3948	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	106
PID 2028 wrote to memory of 3948	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	106
PID 2028 wrote to memory of 336	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	107
PID 2028 wrote to memory of 336	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	107
PID 2028 wrote to memory of 4684	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	108
PID 2028 wrote to memory of 4684	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	108
PID 2028 wrote to memory of 1892	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	109
PID 2028 wrote to memory of 1892	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	109
PID 2028 wrote to memory of 4056	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	110
PID 2028 wrote to memory of 4056	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	110
PID 2028 wrote to memory of 1964	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	111
PID 2028 wrote to memory of 1964	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	111
PID 2028 wrote to memory of 804	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	112
PID 2028 wrote to memory of 804	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	112
PID 2028 wrote to memory of 2332	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	113
PID 2028 wrote to memory of 2332	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	113
PID 2028 wrote to memory of 2108	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	114
PID 2028 wrote to memory of 2108	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	114
PID 2028 wrote to memory of 1992	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	115
PID 2028 wrote to memory of 1992	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	115
PID 2028 wrote to memory of 2900	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	116
PID 2028 wrote to memory of 2900	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	116
PID 2028 wrote to memory of 1272	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	117
PID 2028 wrote to memory of 1272	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	117
PID 2028 wrote to memory of 4980	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	118
PID 2028 wrote to memory of 4980	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	118
PID 2028 wrote to memory of 64	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	119
PID 2028 wrote to memory of 64	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	119
PID 2028 wrote to memory of 2056	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	120
PID 2028 wrote to memory of 2056	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	120
PID 2028 wrote to memory of 2516	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	121
PID 2028 wrote to memory of 2516	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	121
PID 2028 wrote to memory of 1416	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	122
PID 2028 wrote to memory of 1416	2028	a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe	122

C:\Users\Admin\AppData\Local\Temp\a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a478220f1dfdbb9053e428ad86d84250_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\System\ElnsrRy.exe
  C:\Windows\System\ElnsrRy.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\ZWbQfxy.exe
  C:\Windows\System\ZWbQfxy.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\kpvzJDW.exe
  C:\Windows\System\kpvzJDW.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\RJDBjGA.exe
  C:\Windows\System\RJDBjGA.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\PywMPQW.exe
  C:\Windows\System\PywMPQW.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\SGwqsAd.exe
  C:\Windows\System\SGwqsAd.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\HrjhguZ.exe
  C:\Windows\System\HrjhguZ.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\vPIsxaQ.exe
  C:\Windows\System\vPIsxaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\rFVXPCw.exe
  C:\Windows\System\rFVXPCw.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\PVmjUFK.exe
  C:\Windows\System\PVmjUFK.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\mgPjnXB.exe
  C:\Windows\System\mgPjnXB.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\mbnFpEg.exe
  C:\Windows\System\mbnFpEg.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\TahmsnD.exe
  C:\Windows\System\TahmsnD.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\VoaCEEx.exe
  C:\Windows\System\VoaCEEx.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\mMRRuQI.exe
  C:\Windows\System\mMRRuQI.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\DRcocfG.exe
  C:\Windows\System\DRcocfG.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\NQqBzSq.exe
  C:\Windows\System\NQqBzSq.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\PsVzniG.exe
  C:\Windows\System\PsVzniG.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\QuCxfvo.exe
  C:\Windows\System\QuCxfvo.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\PgQXBPV.exe
  C:\Windows\System\PgQXBPV.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\ZhuBdPB.exe
  C:\Windows\System\ZhuBdPB.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\FVThUkB.exe
  C:\Windows\System\FVThUkB.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\pxRPekK.exe
  C:\Windows\System\pxRPekK.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\fFJlDWG.exe
  C:\Windows\System\fFJlDWG.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\jiEfrfu.exe
  C:\Windows\System\jiEfrfu.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\hjKvdjE.exe
  C:\Windows\System\hjKvdjE.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\bUqldPu.exe
  C:\Windows\System\bUqldPu.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\PtESMFi.exe
  C:\Windows\System\PtESMFi.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\TjrjoOZ.exe
  C:\Windows\System\TjrjoOZ.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\YnCWbux.exe
  C:\Windows\System\YnCWbux.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\RnLDXyg.exe
  C:\Windows\System\RnLDXyg.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\BWeamgK.exe
  C:\Windows\System\BWeamgK.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\ffnNfUP.exe
  C:\Windows\System\ffnNfUP.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\hrwZMfa.exe
  C:\Windows\System\hrwZMfa.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\aKxghQw.exe
  C:\Windows\System\aKxghQw.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\tIOBBBG.exe
  C:\Windows\System\tIOBBBG.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\tJBHjJI.exe
  C:\Windows\System\tJBHjJI.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\FwYgHnC.exe
  C:\Windows\System\FwYgHnC.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\ZysjxaG.exe
  C:\Windows\System\ZysjxaG.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\VufgTHh.exe
  C:\Windows\System\VufgTHh.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\SbAlcmJ.exe
  C:\Windows\System\SbAlcmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\cqXsotd.exe
  C:\Windows\System\cqXsotd.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\zmlpEgr.exe
  C:\Windows\System\zmlpEgr.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\FRJkLEH.exe
  C:\Windows\System\FRJkLEH.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\AKFsRBj.exe
  C:\Windows\System\AKFsRBj.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\ReEijCJ.exe
  C:\Windows\System\ReEijCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\tYCnODD.exe
  C:\Windows\System\tYCnODD.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\WSUXReQ.exe
  C:\Windows\System\WSUXReQ.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\PezoeVm.exe
  C:\Windows\System\PezoeVm.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\PoJUiBF.exe
  C:\Windows\System\PoJUiBF.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\DsJxdEV.exe
  C:\Windows\System\DsJxdEV.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\XklJAgs.exe
  C:\Windows\System\XklJAgs.exe
  2⤵
  - Executes dropped EXE
  PID:5192
- C:\Windows\System\GRSCOul.exe
  C:\Windows\System\GRSCOul.exe
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Windows\System\grhMDLm.exe
  C:\Windows\System\grhMDLm.exe
  2⤵
  - Executes dropped EXE
  PID:5268
- C:\Windows\System\BKfJjbo.exe
  C:\Windows\System\BKfJjbo.exe
  2⤵
  - Executes dropped EXE
  PID:5296
- C:\Windows\System\uoMMWnu.exe
  C:\Windows\System\uoMMWnu.exe
  2⤵
  - Executes dropped EXE
  PID:5324
- C:\Windows\System\AwmGCYx.exe
  C:\Windows\System\AwmGCYx.exe
  2⤵
  - Executes dropped EXE
  PID:5352
- C:\Windows\System\wVRwBoF.exe
  C:\Windows\System\wVRwBoF.exe
  2⤵
  - Executes dropped EXE
  PID:5380
- C:\Windows\System\HzDLjqh.exe
  C:\Windows\System\HzDLjqh.exe
  2⤵
  - Executes dropped EXE
  PID:5412
- C:\Windows\System\UHCDlmn.exe
  C:\Windows\System\UHCDlmn.exe
  2⤵
  - Executes dropped EXE
  PID:5436
- C:\Windows\System\XjcFSlp.exe
  C:\Windows\System\XjcFSlp.exe
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\Windows\System\aLeuDHZ.exe
  C:\Windows\System\aLeuDHZ.exe
  2⤵
  - Executes dropped EXE
  PID:5484
- C:\Windows\System\LfNCmmA.exe
  C:\Windows\System\LfNCmmA.exe
  2⤵
  - Executes dropped EXE
  PID:5508
- C:\Windows\System\YwfGABk.exe
  C:\Windows\System\YwfGABk.exe
  2⤵
  - Executes dropped EXE
  PID:5540
- C:\Windows\System\WOLFvjB.exe
  C:\Windows\System\WOLFvjB.exe
  2⤵
  PID:5564
- C:\Windows\System\CgeWsah.exe
  C:\Windows\System\CgeWsah.exe
  2⤵
  PID:5592
- C:\Windows\System\BRwYQtV.exe
  C:\Windows\System\BRwYQtV.exe
  2⤵
  PID:5620
- C:\Windows\System\oXYwRBx.exe
  C:\Windows\System\oXYwRBx.exe
  2⤵
  PID:5648
- C:\Windows\System\LPDqKaU.exe
  C:\Windows\System\LPDqKaU.exe
  2⤵
  PID:5676
- C:\Windows\System\IqDxvnQ.exe
  C:\Windows\System\IqDxvnQ.exe
  2⤵
  PID:5704
- C:\Windows\System\kBXgmWf.exe
  C:\Windows\System\kBXgmWf.exe
  2⤵
  PID:5732
- C:\Windows\System\fkZOGQE.exe
  C:\Windows\System\fkZOGQE.exe
  2⤵
  PID:5760
- C:\Windows\System\amTISkj.exe
  C:\Windows\System\amTISkj.exe
  2⤵
  PID:5788
- C:\Windows\System\TKiudzp.exe
  C:\Windows\System\TKiudzp.exe
  2⤵
  PID:5816
- C:\Windows\System\pxgaZig.exe
  C:\Windows\System\pxgaZig.exe
  2⤵
  PID:5844
- C:\Windows\System\GClthgm.exe
  C:\Windows\System\GClthgm.exe
  2⤵
  PID:5872
- C:\Windows\System\lXXqFaD.exe
  C:\Windows\System\lXXqFaD.exe
  2⤵
  PID:5900
- C:\Windows\System\QWibxaH.exe
  C:\Windows\System\QWibxaH.exe
  2⤵
  PID:5928
- C:\Windows\System\NrEGhmZ.exe
  C:\Windows\System\NrEGhmZ.exe
  2⤵
  PID:5956
- C:\Windows\System\UBrfzkb.exe
  C:\Windows\System\UBrfzkb.exe
  2⤵
  PID:5984
- C:\Windows\System\mnCjdeu.exe
  C:\Windows\System\mnCjdeu.exe
  2⤵
  PID:6012
- C:\Windows\System\XwtGhuV.exe
  C:\Windows\System\XwtGhuV.exe
  2⤵
  PID:6040
- C:\Windows\System\tqPshhl.exe
  C:\Windows\System\tqPshhl.exe
  2⤵
  PID:6068
- C:\Windows\System\vejNTvm.exe
  C:\Windows\System\vejNTvm.exe
  2⤵
  PID:6096
- C:\Windows\System\KLGbEfu.exe
  C:\Windows\System\KLGbEfu.exe
  2⤵
  PID:6124
- C:\Windows\System\rLHIRtC.exe
  C:\Windows\System\rLHIRtC.exe
  2⤵
  PID:4188
- C:\Windows\System\xFdUfAk.exe
  C:\Windows\System\xFdUfAk.exe
  2⤵
  PID:2692
- C:\Windows\System\SrpEpNf.exe
  C:\Windows\System\SrpEpNf.exe
  2⤵
  PID:4996
- C:\Windows\System\vZOdJcs.exe
  C:\Windows\System\vZOdJcs.exe
  2⤵
  PID:3284
- C:\Windows\System\kHltYNI.exe
  C:\Windows\System\kHltYNI.exe
  2⤵
  PID:4464
- C:\Windows\System\ZcCLtia.exe
  C:\Windows\System\ZcCLtia.exe
  2⤵
  PID:5148
- C:\Windows\System\nHzUQha.exe
  C:\Windows\System\nHzUQha.exe
  2⤵
  PID:5212
- C:\Windows\System\fyowJXS.exe
  C:\Windows\System\fyowJXS.exe
  2⤵
  PID:5288
- C:\Windows\System\fELFTDq.exe
  C:\Windows\System\fELFTDq.exe
  2⤵
  PID:5364
- C:\Windows\System\ssOEbvE.exe
  C:\Windows\System\ssOEbvE.exe
  2⤵
  PID:5428
- C:\Windows\System\zvvxVuY.exe
  C:\Windows\System\zvvxVuY.exe
  2⤵
  PID:5492
- C:\Windows\System\SOBdhYc.exe
  C:\Windows\System\SOBdhYc.exe
  2⤵
  PID:5556
- C:\Windows\System\lyJXMXo.exe
  C:\Windows\System\lyJXMXo.exe
  2⤵
  PID:5612
- C:\Windows\System\NkskXQO.exe
  C:\Windows\System\NkskXQO.exe
  2⤵
  PID:5688
- C:\Windows\System\VbNzRii.exe
  C:\Windows\System\VbNzRii.exe
  2⤵
  PID:5748
- C:\Windows\System\KdZLfcX.exe
  C:\Windows\System\KdZLfcX.exe
  2⤵
  PID:5808
- C:\Windows\System\kBZuMsz.exe
  C:\Windows\System\kBZuMsz.exe
  2⤵
  PID:5884
- C:\Windows\System\gbbEnmV.exe
  C:\Windows\System\gbbEnmV.exe
  2⤵
  PID:5944
- C:\Windows\System\QNeifzY.exe
  C:\Windows\System\QNeifzY.exe
  2⤵
  PID:6004
- C:\Windows\System\pbmnnzU.exe
  C:\Windows\System\pbmnnzU.exe
  2⤵
  PID:6080
- C:\Windows\System\EYHKurt.exe
  C:\Windows\System\EYHKurt.exe
  2⤵
  PID:324
- C:\Windows\System\CXvXEAn.exe
  C:\Windows\System\CXvXEAn.exe
  2⤵
  PID:1544
- C:\Windows\System\oLndnlB.exe
  C:\Windows\System\oLndnlB.exe
  2⤵
  PID:1772
- C:\Windows\System\YRiARfb.exe
  C:\Windows\System\YRiARfb.exe
  2⤵
  PID:5260
- C:\Windows\System\ygsYUzE.exe
  C:\Windows\System\ygsYUzE.exe
  2⤵
  PID:5400
- C:\Windows\System\CkPjHoW.exe
  C:\Windows\System\CkPjHoW.exe
  2⤵
  PID:6148
- C:\Windows\System\XlgoVcf.exe
  C:\Windows\System\XlgoVcf.exe
  2⤵
  PID:6176
- C:\Windows\System\GipVvyl.exe
  C:\Windows\System\GipVvyl.exe
  2⤵
  PID:6204
- C:\Windows\System\VutrGoQ.exe
  C:\Windows\System\VutrGoQ.exe
  2⤵
  PID:6232
- C:\Windows\System\CeohGdv.exe
  C:\Windows\System\CeohGdv.exe
  2⤵
  PID:6260
- C:\Windows\System\cyVaAJT.exe
  C:\Windows\System\cyVaAJT.exe
  2⤵
  PID:6288
- C:\Windows\System\YGTiJuw.exe
  C:\Windows\System\YGTiJuw.exe
  2⤵
  PID:6316
- C:\Windows\System\GlSyfqZ.exe
  C:\Windows\System\GlSyfqZ.exe
  2⤵
  PID:6344
- C:\Windows\System\RdnrkmO.exe
  C:\Windows\System\RdnrkmO.exe
  2⤵
  PID:6372
- C:\Windows\System\qEOIfJv.exe
  C:\Windows\System\qEOIfJv.exe
  2⤵
  PID:6400
- C:\Windows\System\nCxisIQ.exe
  C:\Windows\System\nCxisIQ.exe
  2⤵
  PID:6428
- C:\Windows\System\XRwIBmz.exe
  C:\Windows\System\XRwIBmz.exe
  2⤵
  PID:6456
- C:\Windows\System\dHwfEZX.exe
  C:\Windows\System\dHwfEZX.exe
  2⤵
  PID:6484
- C:\Windows\System\vUkVMNE.exe
  C:\Windows\System\vUkVMNE.exe
  2⤵
  PID:6512
- C:\Windows\System\NwPujFN.exe
  C:\Windows\System\NwPujFN.exe
  2⤵
  PID:6540
- C:\Windows\System\UXiibbD.exe
  C:\Windows\System\UXiibbD.exe
  2⤵
  PID:6568
- C:\Windows\System\oEtWtQu.exe
  C:\Windows\System\oEtWtQu.exe
  2⤵
  PID:6596
- C:\Windows\System\qFATEsi.exe
  C:\Windows\System\qFATEsi.exe
  2⤵
  PID:6624
- C:\Windows\System\BVmhzRA.exe
  C:\Windows\System\BVmhzRA.exe
  2⤵
  PID:6652
- C:\Windows\System\ARVpEWC.exe
  C:\Windows\System\ARVpEWC.exe
  2⤵
  PID:6680
- C:\Windows\System\WsatRVH.exe
  C:\Windows\System\WsatRVH.exe
  2⤵
  PID:6708
- C:\Windows\System\cfsOLcD.exe
  C:\Windows\System\cfsOLcD.exe
  2⤵
  PID:6736
- C:\Windows\System\UXPUias.exe
  C:\Windows\System\UXPUias.exe
  2⤵
  PID:6764
- C:\Windows\System\kUyKvSz.exe
  C:\Windows\System\kUyKvSz.exe
  2⤵
  PID:6792
- C:\Windows\System\qcuiszT.exe
  C:\Windows\System\qcuiszT.exe
  2⤵
  PID:6820
- C:\Windows\System\rJPkiiD.exe
  C:\Windows\System\rJPkiiD.exe
  2⤵
  PID:6848
- C:\Windows\System\TAwXhhU.exe
  C:\Windows\System\TAwXhhU.exe
  2⤵
  PID:6876
- C:\Windows\System\zbOuAiq.exe
  C:\Windows\System\zbOuAiq.exe
  2⤵
  PID:6904
- C:\Windows\System\ImCGtjV.exe
  C:\Windows\System\ImCGtjV.exe
  2⤵
  PID:6932
- C:\Windows\System\nzGnets.exe
  C:\Windows\System\nzGnets.exe
  2⤵
  PID:6960
- C:\Windows\System\zbWCxyT.exe
  C:\Windows\System\zbWCxyT.exe
  2⤵
  PID:6988
- C:\Windows\System\wiJCarK.exe
  C:\Windows\System\wiJCarK.exe
  2⤵
  PID:7016
- C:\Windows\System\LgPdgQH.exe
  C:\Windows\System\LgPdgQH.exe
  2⤵
  PID:7044
- C:\Windows\System\AMQysaH.exe
  C:\Windows\System\AMQysaH.exe
  2⤵
  PID:7072
- C:\Windows\System\GPhcfmo.exe
  C:\Windows\System\GPhcfmo.exe
  2⤵
  PID:7100
- C:\Windows\System\qbDqhoo.exe
  C:\Windows\System\qbDqhoo.exe
  2⤵
  PID:7132
- C:\Windows\System\uxdpgtS.exe
  C:\Windows\System\uxdpgtS.exe
  2⤵
  PID:7164
- C:\Windows\System\ZRlNFys.exe
  C:\Windows\System\ZRlNFys.exe
  2⤵
  PID:5716
- C:\Windows\System\gkLCAUH.exe
  C:\Windows\System\gkLCAUH.exe
  2⤵
  PID:5860
- C:\Windows\System\GOVaTpP.exe
  C:\Windows\System\GOVaTpP.exe
  2⤵
  PID:5996
- C:\Windows\System\IXVcUXP.exe
  C:\Windows\System\IXVcUXP.exe
  2⤵
  PID:3764
- C:\Windows\System\AGZEtjO.exe
  C:\Windows\System\AGZEtjO.exe
  2⤵
  PID:5180
- C:\Windows\System\lqgWTYM.exe
  C:\Windows\System\lqgWTYM.exe
  2⤵
  PID:6160
- C:\Windows\System\nHFjVHQ.exe
  C:\Windows\System\nHFjVHQ.exe
  2⤵
  PID:6192
- C:\Windows\System\bcANLvd.exe
  C:\Windows\System\bcANLvd.exe
  2⤵
  PID:6252
- C:\Windows\System\aqZQfEA.exe
  C:\Windows\System\aqZQfEA.exe
  2⤵
  PID:6332
- C:\Windows\System\nMuepWa.exe
  C:\Windows\System\nMuepWa.exe
  2⤵
  PID:6388
- C:\Windows\System\Qinuvbw.exe
  C:\Windows\System\Qinuvbw.exe
  2⤵
  PID:6468
- C:\Windows\System\imMoQTx.exe
  C:\Windows\System\imMoQTx.exe
  2⤵
  PID:6528
- C:\Windows\System\grtptKU.exe
  C:\Windows\System\grtptKU.exe
  2⤵
  PID:6584
- C:\Windows\System\PtCBXzK.exe
  C:\Windows\System\PtCBXzK.exe
  2⤵
  PID:6640
- C:\Windows\System\IlDaPhZ.exe
  C:\Windows\System\IlDaPhZ.exe
  2⤵
  PID:6696
- C:\Windows\System\UGRiXvL.exe
  C:\Windows\System\UGRiXvL.exe
  2⤵
  PID:6776
- C:\Windows\System\qTmEFPi.exe
  C:\Windows\System\qTmEFPi.exe
  2⤵
  PID:6836
- C:\Windows\System\PVNANlV.exe
  C:\Windows\System\PVNANlV.exe
  2⤵
  PID:6896
- C:\Windows\System\VzCaSVA.exe
  C:\Windows\System\VzCaSVA.exe
  2⤵
  PID:6948
- C:\Windows\System\hhuflnN.exe
  C:\Windows\System\hhuflnN.exe
  2⤵
  PID:7004
- C:\Windows\System\aPHZChX.exe
  C:\Windows\System\aPHZChX.exe
  2⤵
  PID:7064
- C:\Windows\System\FAGoGst.exe
  C:\Windows\System\FAGoGst.exe
  2⤵
  PID:7148
- C:\Windows\System\MQAkTHw.exe
  C:\Windows\System\MQAkTHw.exe
  2⤵
  PID:5660
- C:\Windows\System\qYtlZCO.exe
  C:\Windows\System\qYtlZCO.exe
  2⤵
  PID:5976
- C:\Windows\System\EfPYcRL.exe
  C:\Windows\System\EfPYcRL.exe
  2⤵
  PID:5340
- C:\Windows\System\QDkBQae.exe
  C:\Windows\System\QDkBQae.exe
  2⤵
  PID:6244
- C:\Windows\System\WmXpGBX.exe
  C:\Windows\System\WmXpGBX.exe
  2⤵
  PID:6420
- C:\Windows\System\hqHJoor.exe
  C:\Windows\System\hqHJoor.exe
  2⤵
  PID:4984
- C:\Windows\System\QtSqjjR.exe
  C:\Windows\System\QtSqjjR.exe
  2⤵
  PID:6672
- C:\Windows\System\ajCpjYO.exe
  C:\Windows\System\ajCpjYO.exe
  2⤵
  PID:6808
- C:\Windows\System\mndnhge.exe
  C:\Windows\System\mndnhge.exe
  2⤵
  PID:6924
- C:\Windows\System\FDJScIT.exe
  C:\Windows\System\FDJScIT.exe
  2⤵
  PID:7056
- C:\Windows\System\HCVGcGk.exe
  C:\Windows\System\HCVGcGk.exe
  2⤵
  PID:7172
- C:\Windows\System\GbNLTRS.exe
  C:\Windows\System\GbNLTRS.exe
  2⤵
  PID:7200
- C:\Windows\System\LJKgmMx.exe
  C:\Windows\System\LJKgmMx.exe
  2⤵
  PID:7228
- C:\Windows\System\jampShm.exe
  C:\Windows\System\jampShm.exe
  2⤵
  PID:7256
- C:\Windows\System\zYSAmBi.exe
  C:\Windows\System\zYSAmBi.exe
  2⤵
  PID:7284
- C:\Windows\System\sRakWAY.exe
  C:\Windows\System\sRakWAY.exe
  2⤵
  PID:7312
- C:\Windows\System\XJdNLZo.exe
  C:\Windows\System\XJdNLZo.exe
  2⤵
  PID:7340
- C:\Windows\System\TzuAnyA.exe
  C:\Windows\System\TzuAnyA.exe
  2⤵
  PID:7368
- C:\Windows\System\gWZrQdm.exe
  C:\Windows\System\gWZrQdm.exe
  2⤵
  PID:7396
- C:\Windows\System\sEDgKTN.exe
  C:\Windows\System\sEDgKTN.exe
  2⤵
  PID:7428
- C:\Windows\System\MgyAkPm.exe
  C:\Windows\System\MgyAkPm.exe
  2⤵
  PID:7452
- C:\Windows\System\CDVVsCl.exe
  C:\Windows\System\CDVVsCl.exe
  2⤵
  PID:7480
- C:\Windows\System\zdzVWEc.exe
  C:\Windows\System\zdzVWEc.exe
  2⤵
  PID:7508
- C:\Windows\System\rKRoEGl.exe
  C:\Windows\System\rKRoEGl.exe
  2⤵
  PID:7536
- C:\Windows\System\FKqUFTD.exe
  C:\Windows\System\FKqUFTD.exe
  2⤵
  PID:7564
- C:\Windows\System\zkJvsCo.exe
  C:\Windows\System\zkJvsCo.exe
  2⤵
  PID:7592
- C:\Windows\System\jMvaxzG.exe
  C:\Windows\System\jMvaxzG.exe
  2⤵
  PID:7620
- C:\Windows\System\dLYjFkw.exe
  C:\Windows\System\dLYjFkw.exe
  2⤵
  PID:7648
- C:\Windows\System\eXgSKUL.exe
  C:\Windows\System\eXgSKUL.exe
  2⤵
  PID:7676
- C:\Windows\System\LNzfKnz.exe
  C:\Windows\System\LNzfKnz.exe
  2⤵
  PID:7704
- C:\Windows\System\IpCEnnJ.exe
  C:\Windows\System\IpCEnnJ.exe
  2⤵
  PID:7732
- C:\Windows\System\rJENUeR.exe
  C:\Windows\System\rJENUeR.exe
  2⤵
  PID:7760
- C:\Windows\System\TMUfqTf.exe
  C:\Windows\System\TMUfqTf.exe
  2⤵
  PID:7788
- C:\Windows\System\XaBfcWS.exe
  C:\Windows\System\XaBfcWS.exe
  2⤵
  PID:7816
- C:\Windows\System\jqysaFL.exe
  C:\Windows\System\jqysaFL.exe
  2⤵
  PID:7844
- C:\Windows\System\tPzrWAx.exe
  C:\Windows\System\tPzrWAx.exe
  2⤵
  PID:7872
- C:\Windows\System\vgEsMkH.exe
  C:\Windows\System\vgEsMkH.exe
  2⤵
  PID:7900
- C:\Windows\System\DKoDTqf.exe
  C:\Windows\System\DKoDTqf.exe
  2⤵
  PID:7928
- C:\Windows\System\JnuWjyP.exe
  C:\Windows\System\JnuWjyP.exe
  2⤵
  PID:7956
- C:\Windows\System\PtgMaNf.exe
  C:\Windows\System\PtgMaNf.exe
  2⤵
  PID:7984
- C:\Windows\System\GKmjjHt.exe
  C:\Windows\System\GKmjjHt.exe
  2⤵
  PID:8012
- C:\Windows\System\zYIyKmq.exe
  C:\Windows\System\zYIyKmq.exe
  2⤵
  PID:8040
- C:\Windows\System\FqRsXpH.exe
  C:\Windows\System\FqRsXpH.exe
  2⤵
  PID:8068
- C:\Windows\System\GxJySzG.exe
  C:\Windows\System\GxJySzG.exe
  2⤵
  PID:8096
- C:\Windows\System\MezTleK.exe
  C:\Windows\System\MezTleK.exe
  2⤵
  PID:8124
- C:\Windows\System\dSTaZuz.exe
  C:\Windows\System\dSTaZuz.exe
  2⤵
  PID:6220
- C:\Windows\System\eofAjFF.exe
  C:\Windows\System\eofAjFF.exe
  2⤵
  PID:6500
- C:\Windows\System\tophJEV.exe
  C:\Windows\System\tophJEV.exe
  2⤵
  PID:2232
- C:\Windows\System\mPdCUcq.exe
  C:\Windows\System\mPdCUcq.exe
  2⤵
  PID:7116
- C:\Windows\System\RzWMklT.exe
  C:\Windows\System\RzWMklT.exe
  2⤵
  PID:4332
- C:\Windows\System\Snimmvn.exe
  C:\Windows\System\Snimmvn.exe
  2⤵
  PID:7212
- C:\Windows\System\jiAArLh.exe
  C:\Windows\System\jiAArLh.exe
  2⤵
  PID:7268
- C:\Windows\System\PKTVErc.exe
  C:\Windows\System\PKTVErc.exe
  2⤵
  PID:7332
- C:\Windows\System\pFVGRGG.exe
  C:\Windows\System\pFVGRGG.exe
  2⤵
  PID:7496
- C:\Windows\System\yvsVAbn.exe
  C:\Windows\System\yvsVAbn.exe
  2⤵
  PID:7552
- C:\Windows\System\CruXqOB.exe
  C:\Windows\System\CruXqOB.exe
  2⤵
  PID:7584
- C:\Windows\System\kIqqbxB.exe
  C:\Windows\System\kIqqbxB.exe
  2⤵
  PID:7640
- C:\Windows\System\nLaAlzI.exe
  C:\Windows\System\nLaAlzI.exe
  2⤵
  PID:7692
- C:\Windows\System\SmbQOIM.exe
  C:\Windows\System\SmbQOIM.exe
  2⤵
  PID:2820
- C:\Windows\System\stbqJby.exe
  C:\Windows\System\stbqJby.exe
  2⤵
  PID:7776
- C:\Windows\System\sbtCIVv.exe
  C:\Windows\System\sbtCIVv.exe
  2⤵
  PID:7828
- C:\Windows\System\NkTJfaq.exe
  C:\Windows\System\NkTJfaq.exe
  2⤵
  PID:2636
- C:\Windows\System\dFVBqYE.exe
  C:\Windows\System\dFVBqYE.exe
  2⤵
  PID:2192
- C:\Windows\System\IzSzVdr.exe
  C:\Windows\System\IzSzVdr.exe
  2⤵
  PID:7940
- C:\Windows\System\cRqDSZz.exe
  C:\Windows\System\cRqDSZz.exe
  2⤵
  PID:7972
- C:\Windows\System\lcxAVNw.exe
  C:\Windows\System\lcxAVNw.exe
  2⤵
  PID:8024
- C:\Windows\System\TsbrIhT.exe
  C:\Windows\System\TsbrIhT.exe
  2⤵
  PID:1256
- C:\Windows\System\ohPGUzI.exe
  C:\Windows\System\ohPGUzI.exe
  2⤵
  PID:636
- C:\Windows\System\LHlwzZs.exe
  C:\Windows\System\LHlwzZs.exe
  2⤵
  PID:8080
- C:\Windows\System\iZSPpLl.exe
  C:\Windows\System\iZSPpLl.exe
  2⤵
  PID:5048
- C:\Windows\System\sIwsjLi.exe
  C:\Windows\System\sIwsjLi.exe
  2⤵
  PID:1172
- C:\Windows\System\xWiwMNT.exe
  C:\Windows\System\xWiwMNT.exe
  2⤵
  PID:1700
- C:\Windows\System\MvbQPiz.exe
  C:\Windows\System\MvbQPiz.exe
  2⤵
  PID:7248
- C:\Windows\System\ogmXJIq.exe
  C:\Windows\System\ogmXJIq.exe
  2⤵
  PID:5000
- C:\Windows\System\ssbgBTK.exe
  C:\Windows\System\ssbgBTK.exe
  2⤵
  PID:7328
- C:\Windows\System\wYYtyov.exe
  C:\Windows\System\wYYtyov.exe
  2⤵
  PID:7548
- C:\Windows\System\OyBgCWC.exe
  C:\Windows\System\OyBgCWC.exe
  2⤵
  PID:208
- C:\Windows\System\jEcIrYK.exe
  C:\Windows\System\jEcIrYK.exe
  2⤵
  PID:7804
- C:\Windows\System\joOprzU.exe
  C:\Windows\System\joOprzU.exe
  2⤵
  PID:1468
- C:\Windows\System\HnfBwEe.exe
  C:\Windows\System\HnfBwEe.exe
  2⤵
  PID:8028
- C:\Windows\System\GUOGjSU.exe
  C:\Windows\System\GUOGjSU.exe
  2⤵
  PID:8108
- C:\Windows\System\eadtYNs.exe
  C:\Windows\System\eadtYNs.exe
  2⤵
  PID:8112
- C:\Windows\System\TOiDDnp.exe
  C:\Windows\System\TOiDDnp.exe
  2⤵
  PID:4952
- C:\Windows\System\SYNWDCD.exe
  C:\Windows\System\SYNWDCD.exe
  2⤵
  PID:7412
- C:\Windows\System\vflpAny.exe
  C:\Windows\System\vflpAny.exe
  2⤵
  PID:7576
- C:\Windows\System\jQUfrjV.exe
  C:\Windows\System\jQUfrjV.exe
  2⤵
  PID:4968
- C:\Windows\System\NNqUJuJ.exe
  C:\Windows\System\NNqUJuJ.exe
  2⤵
  PID:800
- C:\Windows\System\TcjlMrm.exe
  C:\Windows\System\TcjlMrm.exe
  2⤵
  PID:3556
- C:\Windows\System\zfwwBBT.exe
  C:\Windows\System\zfwwBBT.exe
  2⤵
  PID:4456
- C:\Windows\System\YudNNxk.exe
  C:\Windows\System\YudNNxk.exe
  2⤵
  PID:8200
- C:\Windows\System\YbRVfCu.exe
  C:\Windows\System\YbRVfCu.exe
  2⤵
  PID:8224
- C:\Windows\System\uymfuDv.exe
  C:\Windows\System\uymfuDv.exe
  2⤵
  PID:8264
- C:\Windows\System\WotVOKx.exe
  C:\Windows\System\WotVOKx.exe
  2⤵
  PID:8300
- C:\Windows\System\RHUmxSt.exe
  C:\Windows\System\RHUmxSt.exe
  2⤵
  PID:8328
- C:\Windows\System\MEjcjJm.exe
  C:\Windows\System\MEjcjJm.exe
  2⤵
  PID:8356
- C:\Windows\System\YiIpUrM.exe
  C:\Windows\System\YiIpUrM.exe
  2⤵
  PID:8388
- C:\Windows\System\cofwCOb.exe
  C:\Windows\System\cofwCOb.exe
  2⤵
  PID:8416
- C:\Windows\System\PGOwFuV.exe
  C:\Windows\System\PGOwFuV.exe
  2⤵
  PID:8432
- C:\Windows\System\JGqUvdM.exe
  C:\Windows\System\JGqUvdM.exe
  2⤵
  PID:8472
- C:\Windows\System\YnkNywm.exe
  C:\Windows\System\YnkNywm.exe
  2⤵
  PID:8500
- C:\Windows\System\THtFpVk.exe
  C:\Windows\System\THtFpVk.exe
  2⤵
  PID:8516
- C:\Windows\System\iaNoOjP.exe
  C:\Windows\System\iaNoOjP.exe
  2⤵
  PID:8544
- C:\Windows\System\GCVDAni.exe
  C:\Windows\System\GCVDAni.exe
  2⤵
  PID:8584
- C:\Windows\System\XRJyQAj.exe
  C:\Windows\System\XRJyQAj.exe
  2⤵
  PID:8612
- C:\Windows\System\JouszAa.exe
  C:\Windows\System\JouszAa.exe
  2⤵
  PID:8628
- C:\Windows\System\MHwXFGE.exe
  C:\Windows\System\MHwXFGE.exe
  2⤵
  PID:8656
- C:\Windows\System\YZRKdvc.exe
  C:\Windows\System\YZRKdvc.exe
  2⤵
  PID:8688
- C:\Windows\System\oVVtrkZ.exe
  C:\Windows\System\oVVtrkZ.exe
  2⤵
  PID:8724
- C:\Windows\System\wswKjOO.exe
  C:\Windows\System\wswKjOO.exe
  2⤵
  PID:8756
- C:\Windows\System\dThHiYU.exe
  C:\Windows\System\dThHiYU.exe
  2⤵
  PID:8772
- C:\Windows\System\xxqlPKD.exe
  C:\Windows\System\xxqlPKD.exe
  2⤵
  PID:8804
- C:\Windows\System\HgizzgP.exe
  C:\Windows\System\HgizzgP.exe
  2⤵
  PID:8828
- C:\Windows\System\KenxdJw.exe
  C:\Windows\System\KenxdJw.exe
  2⤵
  PID:8872
- C:\Windows\System\MyarWAF.exe
  C:\Windows\System\MyarWAF.exe
  2⤵
  PID:8892
- C:\Windows\System\YleQyOm.exe
  C:\Windows\System\YleQyOm.exe
  2⤵
  PID:8916
- C:\Windows\System\McYDkVb.exe
  C:\Windows\System\McYDkVb.exe
  2⤵
  PID:8952
- C:\Windows\System\QMNwtTR.exe
  C:\Windows\System\QMNwtTR.exe
  2⤵
  PID:8972
- C:\Windows\System\PzKEael.exe
  C:\Windows\System\PzKEael.exe
  2⤵
  PID:9000
- C:\Windows\System\QjQWpCO.exe
  C:\Windows\System\QjQWpCO.exe
  2⤵
  PID:9036
- C:\Windows\System\bWuzwRR.exe
  C:\Windows\System\bWuzwRR.exe
  2⤵
  PID:9056
- C:\Windows\System\fGLuunw.exe
  C:\Windows\System\fGLuunw.exe
  2⤵
  PID:9084
- C:\Windows\System\TbxXhoP.exe
  C:\Windows\System\TbxXhoP.exe
  2⤵
  PID:9108
- C:\Windows\System\IeKaacq.exe
  C:\Windows\System\IeKaacq.exe
  2⤵
  PID:9132
- C:\Windows\System\pMCAXHb.exe
  C:\Windows\System\pMCAXHb.exe
  2⤵
  PID:9160
- C:\Windows\System\aZUgKRo.exe
  C:\Windows\System\aZUgKRo.exe
  2⤵
  PID:9200
- C:\Windows\System\HCQGWmc.exe
  C:\Windows\System\HCQGWmc.exe
  2⤵
  PID:8244
- C:\Windows\System\zikFFhB.exe
  C:\Windows\System\zikFFhB.exe
  2⤵
  PID:8260
- C:\Windows\System\IjlQgOD.exe
  C:\Windows\System\IjlQgOD.exe
  2⤵
  PID:8380
- C:\Windows\System\JZVPWYA.exe
  C:\Windows\System\JZVPWYA.exe
  2⤵
  PID:8376
- C:\Windows\System\VMajzzJ.exe
  C:\Windows\System\VMajzzJ.exe
  2⤵
  PID:8492
- C:\Windows\System\UDykJAZ.exe
  C:\Windows\System\UDykJAZ.exe
  2⤵
  PID:8640
- C:\Windows\System\MaHEvWp.exe
  C:\Windows\System\MaHEvWp.exe
  2⤵
  PID:8672
- C:\Windows\System\zhamdyy.exe
  C:\Windows\System\zhamdyy.exe
  2⤵
  PID:8712
- C:\Windows\System\ZGAeCmd.exe
  C:\Windows\System\ZGAeCmd.exe
  2⤵
  PID:8768
- C:\Windows\System\VXjHquK.exe
  C:\Windows\System\VXjHquK.exe
  2⤵
  PID:8852
- C:\Windows\System\pWxxopK.exe
  C:\Windows\System\pWxxopK.exe
  2⤵
  PID:8940
- C:\Windows\System\yAJqWmH.exe
  C:\Windows\System\yAJqWmH.exe
  2⤵
  PID:8968
- C:\Windows\System\jZhlUKQ.exe
  C:\Windows\System\jZhlUKQ.exe
  2⤵
  PID:9012
- C:\Windows\System\wMYFRLN.exe
  C:\Windows\System\wMYFRLN.exe
  2⤵
  PID:9100
- C:\Windows\System\aoszcmn.exe
  C:\Windows\System\aoszcmn.exe
  2⤵
  PID:9172
- C:\Windows\System\WlPemQh.exe
  C:\Windows\System\WlPemQh.exe
  2⤵
  PID:8216
- C:\Windows\System\hjKDQqU.exe
  C:\Windows\System\hjKDQqU.exe
  2⤵
  PID:8412
- C:\Windows\System\YPHuvme.exe
  C:\Windows\System\YPHuvme.exe
  2⤵
  PID:8536
- C:\Windows\System\EeWcfPY.exe
  C:\Windows\System\EeWcfPY.exe
  2⤵
  PID:8824
- C:\Windows\System\CDVkytz.exe
  C:\Windows\System\CDVkytz.exe
  2⤵
  PID:8888
- C:\Windows\System\YRpbAeX.exe
  C:\Windows\System\YRpbAeX.exe
  2⤵
  PID:9076
- C:\Windows\System\pnxJHeq.exe
  C:\Windows\System\pnxJHeq.exe
  2⤵
  PID:9192
- C:\Windows\System\QrjZWbh.exe
  C:\Windows\System\QrjZWbh.exe
  2⤵
  PID:8468
- C:\Windows\System\DgvpRab.exe
  C:\Windows\System\DgvpRab.exe
  2⤵
  PID:8820
- C:\Windows\System\aWOMaJD.exe
  C:\Windows\System\aWOMaJD.exe
  2⤵
  PID:8320
- C:\Windows\System\jxHjvWp.exe
  C:\Windows\System\jxHjvWp.exe
  2⤵
  PID:9072
- C:\Windows\System\egQtJMt.exe
  C:\Windows\System\egQtJMt.exe
  2⤵
  PID:9236
- C:\Windows\System\JTrNfpu.exe
  C:\Windows\System\JTrNfpu.exe
  2⤵
  PID:9256
- C:\Windows\System\GJyQNRT.exe
  C:\Windows\System\GJyQNRT.exe
  2⤵
  PID:9292
- C:\Windows\System\nIjLqwI.exe
  C:\Windows\System\nIjLqwI.exe
  2⤵
  PID:9324
- C:\Windows\System\bVaIOoB.exe
  C:\Windows\System\bVaIOoB.exe
  2⤵
  PID:9352
- C:\Windows\System\MqJyyEM.exe
  C:\Windows\System\MqJyyEM.exe
  2⤵
  PID:9368
- C:\Windows\System\KnBovdc.exe
  C:\Windows\System\KnBovdc.exe
  2⤵
  PID:9396
- C:\Windows\System\JDZoJJi.exe
  C:\Windows\System\JDZoJJi.exe
  2⤵
  PID:9432
- C:\Windows\System\sSWQrjM.exe
  C:\Windows\System\sSWQrjM.exe
  2⤵
  PID:9452
- C:\Windows\System\YcOiTWq.exe
  C:\Windows\System\YcOiTWq.exe
  2⤵
  PID:9476
- C:\Windows\System\eazeYsI.exe
  C:\Windows\System\eazeYsI.exe
  2⤵
  PID:9508
- C:\Windows\System\xzsubYO.exe
  C:\Windows\System\xzsubYO.exe
  2⤵
  PID:9536
- C:\Windows\System\OurXXhf.exe
  C:\Windows\System\OurXXhf.exe
  2⤵
  PID:9568
- C:\Windows\System\mMKkfdj.exe
  C:\Windows\System\mMKkfdj.exe
  2⤵
  PID:9592
- C:\Windows\System\KsBnpMB.exe
  C:\Windows\System\KsBnpMB.exe
  2⤵
  PID:9620
- C:\Windows\System\fZJkMnE.exe
  C:\Windows\System\fZJkMnE.exe
  2⤵
  PID:9648
- C:\Windows\System\RSCOPaA.exe
  C:\Windows\System\RSCOPaA.exe
  2⤵
  PID:9688
- C:\Windows\System\hSYSODp.exe
  C:\Windows\System\hSYSODp.exe
  2⤵
  PID:9708
- C:\Windows\System\KZiBfHy.exe
  C:\Windows\System\KZiBfHy.exe
  2⤵
  PID:9736
- C:\Windows\System\YJAeUNV.exe
  C:\Windows\System\YJAeUNV.exe
  2⤵
  PID:9772
- C:\Windows\System\qdlGOWe.exe
  C:\Windows\System\qdlGOWe.exe
  2⤵
  PID:9792
- C:\Windows\System\aIwkxJL.exe
  C:\Windows\System\aIwkxJL.exe
  2⤵
  PID:9816
- C:\Windows\System\CNqLoeO.exe
  C:\Windows\System\CNqLoeO.exe
  2⤵
  PID:9844
- C:\Windows\System\EOWziIw.exe
  C:\Windows\System\EOWziIw.exe
  2⤵
  PID:9876
- C:\Windows\System\HOtkeLa.exe
  C:\Windows\System\HOtkeLa.exe
  2⤵
  PID:9904
- C:\Windows\System\xZzFspV.exe
  C:\Windows\System\xZzFspV.exe
  2⤵
  PID:9936
- C:\Windows\System\rhvzWKx.exe
  C:\Windows\System\rhvzWKx.exe
  2⤵
  PID:9960
- C:\Windows\System\xKRcmEf.exe
  C:\Windows\System\xKRcmEf.exe
  2⤵
  PID:9984
- C:\Windows\System\MxxmWYl.exe
  C:\Windows\System\MxxmWYl.exe
  2⤵
  PID:10004
- C:\Windows\System\brXdpaW.exe
  C:\Windows\System\brXdpaW.exe
  2⤵
  PID:10036
- C:\Windows\System\bmZfQIN.exe
  C:\Windows\System\bmZfQIN.exe
  2⤵
  PID:10068
- C:\Windows\System\KWqrMLM.exe
  C:\Windows\System\KWqrMLM.exe
  2⤵
  PID:10084
- C:\Windows\System\vbgXHTv.exe
  C:\Windows\System\vbgXHTv.exe
  2⤵
  PID:10120
- C:\Windows\System\DwMXfij.exe
  C:\Windows\System\DwMXfij.exe
  2⤵
  PID:10168
- C:\Windows\System\qTcSvUq.exe
  C:\Windows\System\qTcSvUq.exe
  2⤵
  PID:10184
- C:\Windows\System\QHVHnQC.exe
  C:\Windows\System\QHVHnQC.exe
  2⤵
  PID:10220
- C:\Windows\System\KPSjXBi.exe
  C:\Windows\System\KPSjXBi.exe
  2⤵
  PID:10236
- C:\Windows\System\VEFQoQN.exe
  C:\Windows\System\VEFQoQN.exe
  2⤵
  PID:9272
- C:\Windows\System\vtvJcVc.exe
  C:\Windows\System\vtvJcVc.exe
  2⤵
  PID:9304
- C:\Windows\System\CzAGusp.exe
  C:\Windows\System\CzAGusp.exe
  2⤵
  PID:9388
- C:\Windows\System\bdLxcqX.exe
  C:\Windows\System\bdLxcqX.exe
  2⤵
  PID:9524
- C:\Windows\System\WlavVZl.exe
  C:\Windows\System\WlavVZl.exe
  2⤵
  PID:9492
- C:\Windows\System\UbQITVa.exe
  C:\Windows\System\UbQITVa.exe
  2⤵
  PID:9576
- C:\Windows\System\HLsLKvz.exe
  C:\Windows\System\HLsLKvz.exe
  2⤵
  PID:9644
- C:\Windows\System\prInkqp.exe
  C:\Windows\System\prInkqp.exe
  2⤵
  PID:9728
- C:\Windows\System\lxmLfix.exe
  C:\Windows\System\lxmLfix.exe
  2⤵
  PID:9804
- C:\Windows\System\vcahfhl.exe
  C:\Windows\System\vcahfhl.exe
  2⤵
  PID:9852
- C:\Windows\System\qRUveyi.exe
  C:\Windows\System\qRUveyi.exe
  2⤵
  PID:9924
- C:\Windows\System\UwbhJOe.exe
  C:\Windows\System\UwbhJOe.exe
  2⤵
  PID:10000
- C:\Windows\System\YMlMvPu.exe
  C:\Windows\System\YMlMvPu.exe
  2⤵
  PID:10076
- C:\Windows\System\PpdMVGy.exe
  C:\Windows\System\PpdMVGy.exe
  2⤵
  PID:10100
- C:\Windows\System\ZkpNeaZ.exe
  C:\Windows\System\ZkpNeaZ.exe
  2⤵
  PID:10212
- C:\Windows\System\cslSwVL.exe
  C:\Windows\System\cslSwVL.exe
  2⤵
  PID:9244
- C:\Windows\System\tepjORs.exe
  C:\Windows\System\tepjORs.exe
  2⤵
  PID:9344
- C:\Windows\System\GdeoiYe.exe
  C:\Windows\System\GdeoiYe.exe
  2⤵
  PID:9500
- C:\Windows\System\RyiownO.exe
  C:\Windows\System\RyiownO.exe
  2⤵
  PID:9632
- C:\Windows\System\UuBaNiA.exe
  C:\Windows\System\UuBaNiA.exe
  2⤵
  PID:9860
- C:\Windows\System\RapmKBq.exe
  C:\Windows\System\RapmKBq.exe
  2⤵
  PID:9944
- C:\Windows\System\HzrNlwx.exe
  C:\Windows\System\HzrNlwx.exe
  2⤵
  PID:10200
- C:\Windows\System\syYfbwj.exe
  C:\Windows\System\syYfbwj.exe
  2⤵
  PID:8752
- C:\Windows\System\XOXJPxO.exe
  C:\Windows\System\XOXJPxO.exe
  2⤵
  PID:9612
- C:\Windows\System\ZCcbCeq.exe
  C:\Windows\System\ZCcbCeq.exe
  2⤵
  PID:9756
- C:\Windows\System\fubfGNh.exe
  C:\Windows\System\fubfGNh.exe
  2⤵
  PID:10140
- C:\Windows\System\BQpvfYN.exe
  C:\Windows\System\BQpvfYN.exe
  2⤵
  PID:9468
- C:\Windows\System\iyXwaIF.exe
  C:\Windows\System\iyXwaIF.exe
  2⤵
  PID:10252
- C:\Windows\System\DvnmDbg.exe
  C:\Windows\System\DvnmDbg.exe
  2⤵
  PID:10296
- C:\Windows\System\vfEYqDF.exe
  C:\Windows\System\vfEYqDF.exe
  2⤵
  PID:10312
- C:\Windows\System\sefngGS.exe
  C:\Windows\System\sefngGS.exe
  2⤵
  PID:10348
- C:\Windows\System\QMmJXmy.exe
  C:\Windows\System\QMmJXmy.exe
  2⤵
  PID:10364
- C:\Windows\System\FCYmiBv.exe
  C:\Windows\System\FCYmiBv.exe
  2⤵
  PID:10400
- C:\Windows\System\hpwtKIY.exe
  C:\Windows\System\hpwtKIY.exe
  2⤵
  PID:10424
- C:\Windows\System\KCTtJqy.exe
  C:\Windows\System\KCTtJqy.exe
  2⤵
  PID:10472
- C:\Windows\System\qnwGvbs.exe
  C:\Windows\System\qnwGvbs.exe
  2⤵
  PID:10520
- C:\Windows\System\pzzVzcg.exe
  C:\Windows\System\pzzVzcg.exe
  2⤵
  PID:10536
- C:\Windows\System\mZysJHi.exe
  C:\Windows\System\mZysJHi.exe
  2⤵
  PID:10576
- C:\Windows\System\PbhjUHU.exe
  C:\Windows\System\PbhjUHU.exe
  2⤵
  PID:10604
- C:\Windows\System\NZLOHEP.exe
  C:\Windows\System\NZLOHEP.exe
  2⤵
  PID:10632
- C:\Windows\System\ffiSNRW.exe
  C:\Windows\System\ffiSNRW.exe
  2⤵
  PID:10648
- C:\Windows\System\ArsIwpI.exe
  C:\Windows\System\ArsIwpI.exe
  2⤵
  PID:10664
- C:\Windows\System\cPCKVLF.exe
  C:\Windows\System\cPCKVLF.exe
  2⤵
  PID:10704
- C:\Windows\System\gtltCcG.exe
  C:\Windows\System\gtltCcG.exe
  2⤵
  PID:10744
- C:\Windows\System\xYSYKzg.exe
  C:\Windows\System\xYSYKzg.exe
  2⤵
  PID:10760
- C:\Windows\System\bHooTtE.exe
  C:\Windows\System\bHooTtE.exe
  2⤵
  PID:10776
- C:\Windows\System\jzrhDPk.exe
  C:\Windows\System\jzrhDPk.exe
  2⤵
  PID:10820
- C:\Windows\System\JhDvDmP.exe
  C:\Windows\System\JhDvDmP.exe
  2⤵
  PID:10848
- C:\Windows\System\SSrsvMR.exe
  C:\Windows\System\SSrsvMR.exe
  2⤵
  PID:10864
- C:\Windows\System\hVaFSEB.exe
  C:\Windows\System\hVaFSEB.exe
  2⤵
  PID:10892
- C:\Windows\System\bjjNaMM.exe
  C:\Windows\System\bjjNaMM.exe
  2⤵
  PID:10948
- C:\Windows\System\ClrHQuy.exe
  C:\Windows\System\ClrHQuy.exe
  2⤵
  PID:10964
- C:\Windows\System\BjfSSyd.exe
  C:\Windows\System\BjfSSyd.exe
  2⤵
  PID:10992
- C:\Windows\System\BLdEJdl.exe
  C:\Windows\System\BLdEJdl.exe
  2⤵
  PID:11020
- C:\Windows\System\LzbyyOJ.exe
  C:\Windows\System\LzbyyOJ.exe
  2⤵
  PID:11040
- C:\Windows\System\NynqqGh.exe
  C:\Windows\System\NynqqGh.exe
  2⤵
  PID:11076
- C:\Windows\System\hcTMyRB.exe
  C:\Windows\System\hcTMyRB.exe
  2⤵
  PID:11112
- C:\Windows\System\NmYaVjn.exe
  C:\Windows\System\NmYaVjn.exe
  2⤵
  PID:11144
- C:\Windows\System\oxIJthI.exe
  C:\Windows\System\oxIJthI.exe
  2⤵
  PID:11168
- C:\Windows\System\EZWUalt.exe
  C:\Windows\System\EZWUalt.exe
  2⤵
  PID:11188
- C:\Windows\System\HOnBKCU.exe
  C:\Windows\System\HOnBKCU.exe
  2⤵
  PID:11228
- C:\Windows\System\Czhqskk.exe
  C:\Windows\System\Czhqskk.exe
  2⤵
  PID:11256
- C:\Windows\System\SuXHTcT.exe
  C:\Windows\System\SuXHTcT.exe
  2⤵
  PID:9896
- C:\Windows\System\HFDyFEx.exe
  C:\Windows\System\HFDyFEx.exe
  2⤵
  PID:10288
- C:\Windows\System\rlCPCbD.exe
  C:\Windows\System\rlCPCbD.exe
  2⤵
  PID:10384
- C:\Windows\System\llmvvnI.exe
  C:\Windows\System\llmvvnI.exe
  2⤵
  PID:10392
- C:\Windows\System\pcSjlAk.exe
  C:\Windows\System\pcSjlAk.exe
  2⤵
  PID:10484
- C:\Windows\System\IxskjNY.exe
  C:\Windows\System\IxskjNY.exe
  2⤵
  PID:10552
- C:\Windows\System\ukjoasQ.exe
  C:\Windows\System\ukjoasQ.exe
  2⤵
  PID:10624
- C:\Windows\System\EGIYBuV.exe
  C:\Windows\System\EGIYBuV.exe
  2⤵
  PID:10684
- C:\Windows\System\kBdVPSm.exe
  C:\Windows\System\kBdVPSm.exe
  2⤵
  PID:10740
- C:\Windows\System\hkfifXM.exe
  C:\Windows\System\hkfifXM.exe
  2⤵
  PID:10796
- C:\Windows\System\xCCuViO.exe
  C:\Windows\System\xCCuViO.exe
  2⤵
  PID:10856
- C:\Windows\System\SAiCNvm.exe
  C:\Windows\System\SAiCNvm.exe
  2⤵
  PID:10916
- C:\Windows\System\oXCHpnp.exe
  C:\Windows\System\oXCHpnp.exe
  2⤵
  PID:10976
- C:\Windows\System\pclDSBK.exe
  C:\Windows\System\pclDSBK.exe
  2⤵
  PID:11036
- C:\Windows\System\enKenLg.exe
  C:\Windows\System\enKenLg.exe
  2⤵
  PID:11120
- C:\Windows\System\iReXEbn.exe
  C:\Windows\System\iReXEbn.exe
  2⤵
  PID:11180
- C:\Windows\System\hTdnSCG.exe
  C:\Windows\System\hTdnSCG.exe
  2⤵
  PID:11244
- C:\Windows\System\LPIGSKN.exe
  C:\Windows\System\LPIGSKN.exe
  2⤵
  PID:10376
- C:\Windows\System\qsVbSOt.exe
  C:\Windows\System\qsVbSOt.exe
  2⤵
  PID:10512
- C:\Windows\System\QgiLDuy.exe
  C:\Windows\System\QgiLDuy.exe
  2⤵
  PID:10656
- C:\Windows\System\ylNngia.exe
  C:\Windows\System\ylNngia.exe
  2⤵
  PID:10728
- C:\Windows\System\RoXfsds.exe
  C:\Windows\System\RoXfsds.exe
  2⤵
  PID:10988
- C:\Windows\System\JQZdcnv.exe
  C:\Windows\System\JQZdcnv.exe
  2⤵
  PID:11104
- C:\Windows\System\ixNMZEu.exe
  C:\Windows\System\ixNMZEu.exe
  2⤵
  PID:9996
- C:\Windows\System\mKiGTFi.exe
  C:\Windows\System\mKiGTFi.exe
  2⤵
  PID:10440
- C:\Windows\System\NJLGjpe.exe
  C:\Windows\System\NJLGjpe.exe
  2⤵
  PID:10720
- C:\Windows\System\iGMYfMR.exe
  C:\Windows\System\iGMYfMR.exe
  2⤵
  PID:10944
- C:\Windows\System\ezEEpdJ.exe
  C:\Windows\System\ezEEpdJ.exe
  2⤵
  PID:1480
- C:\Windows\System\vvcTpDX.exe
  C:\Windows\System\vvcTpDX.exe
  2⤵
  PID:10336
- C:\Windows\System\ERjBLkC.exe
  C:\Windows\System\ERjBLkC.exe
  2⤵
  PID:11304
- C:\Windows\System\pukwVrl.exe
  C:\Windows\System\pukwVrl.exe
  2⤵
  PID:11332
- C:\Windows\System\llkwOvH.exe
  C:\Windows\System\llkwOvH.exe
  2⤵
  PID:11360
- C:\Windows\System\rOKmDXh.exe
  C:\Windows\System\rOKmDXh.exe
  2⤵
  PID:11376
- C:\Windows\System\OmceKuq.exe
  C:\Windows\System\OmceKuq.exe
  2⤵
  PID:11416
- C:\Windows\System\XgzAHCI.exe
  C:\Windows\System\XgzAHCI.exe
  2⤵
  PID:11440
- C:\Windows\System\GpqMUXx.exe
  C:\Windows\System\GpqMUXx.exe
  2⤵
  PID:11464
- C:\Windows\System\jpTPfxc.exe
  C:\Windows\System\jpTPfxc.exe
  2⤵
  PID:11488
- C:\Windows\System\mZYSiyq.exe
  C:\Windows\System\mZYSiyq.exe
  2⤵
  PID:11508
- C:\Windows\System\eCuoJjh.exe
  C:\Windows\System\eCuoJjh.exe
  2⤵
  PID:11532
- C:\Windows\System\msCoEMD.exe
  C:\Windows\System\msCoEMD.exe
  2⤵
  PID:11548
- C:\Windows\System\fIOuNxc.exe
  C:\Windows\System\fIOuNxc.exe
  2⤵
  PID:11572
- C:\Windows\System\XYEihoK.exe
  C:\Windows\System\XYEihoK.exe
  2⤵
  PID:11640
- C:\Windows\System\yDZiflr.exe
  C:\Windows\System\yDZiflr.exe
  2⤵
  PID:11656
- C:\Windows\System\FwiFwRc.exe
  C:\Windows\System\FwiFwRc.exe
  2⤵
  PID:11696
- C:\Windows\System\dZIZpqV.exe
  C:\Windows\System\dZIZpqV.exe
  2⤵
  PID:11724
- C:\Windows\System\yuQDpyC.exe
  C:\Windows\System\yuQDpyC.exe
  2⤵
  PID:11752
- C:\Windows\System\RBdnNBu.exe
  C:\Windows\System\RBdnNBu.exe
  2⤵
  PID:11780
- C:\Windows\System\dZIANZM.exe
  C:\Windows\System\dZIANZM.exe
  2⤵
  PID:11808
- C:\Windows\System\cqMXBcI.exe
  C:\Windows\System\cqMXBcI.exe
  2⤵
  PID:11836
- C:\Windows\System\nsGRurz.exe
  C:\Windows\System\nsGRurz.exe
  2⤵
  PID:11864
- C:\Windows\System\cRxvlnU.exe
  C:\Windows\System\cRxvlnU.exe
  2⤵
  PID:11892
- C:\Windows\System\nnxOXJC.exe
  C:\Windows\System\nnxOXJC.exe
  2⤵
  PID:11920
- C:\Windows\System\qcVUpNY.exe
  C:\Windows\System\qcVUpNY.exe
  2⤵
  PID:11940
- C:\Windows\System\WqxJbUP.exe
  C:\Windows\System\WqxJbUP.exe
  2⤵
  PID:11996
- C:\Windows\System\tRMndFw.exe
  C:\Windows\System\tRMndFw.exe
  2⤵
  PID:12012
- C:\Windows\System\UNgBlhc.exe
  C:\Windows\System\UNgBlhc.exe
  2⤵
  PID:12040
- C:\Windows\System\wvpXibR.exe
  C:\Windows\System\wvpXibR.exe
  2⤵
  PID:12064
- C:\Windows\System\hOrvhVd.exe
  C:\Windows\System\hOrvhVd.exe
  2⤵
  PID:12108
- C:\Windows\System\VPjGjLJ.exe
  C:\Windows\System\VPjGjLJ.exe
  2⤵
  PID:12140
- C:\Windows\System\FNGPClJ.exe
  C:\Windows\System\FNGPClJ.exe
  2⤵
  PID:12160
- C:\Windows\System\fAgMMBE.exe
  C:\Windows\System\fAgMMBE.exe
  2⤵
  PID:12216
- C:\Windows\System\vpedBbV.exe
  C:\Windows\System\vpedBbV.exe
  2⤵
  PID:12240
- C:\Windows\System\DXLrbxJ.exe
  C:\Windows\System\DXLrbxJ.exe
  2⤵
  PID:12260
- C:\Windows\System\VjfDLTB.exe
  C:\Windows\System\VjfDLTB.exe
  2⤵
  PID:10640
- C:\Windows\System\CjoVAzF.exe
  C:\Windows\System\CjoVAzF.exe
  2⤵
  PID:11316
- C:\Windows\System\VTduSVj.exe
  C:\Windows\System\VTduSVj.exe
  2⤵
  PID:11404
- C:\Windows\System\ufiZMiT.exe
  C:\Windows\System\ufiZMiT.exe
  2⤵
  PID:11456
- C:\Windows\System\FPYEaay.exe
  C:\Windows\System\FPYEaay.exe
  2⤵
  PID:11504
- C:\Windows\System\QdMFXCq.exe
  C:\Windows\System\QdMFXCq.exe
  2⤵
  PID:11528
- C:\Windows\System\fvYRjFD.exe
  C:\Windows\System\fvYRjFD.exe
  2⤵
  PID:11604
- C:\Windows\System\rLGFNoz.exe
  C:\Windows\System\rLGFNoz.exe
  2⤵
  PID:11632
- C:\Windows\System\YtEeRPs.exe
  C:\Windows\System\YtEeRPs.exe
  2⤵
  PID:11720
- C:\Windows\System\XVJCEkf.exe
  C:\Windows\System\XVJCEkf.exe
  2⤵
  PID:11800
- C:\Windows\System\eICWgzH.exe
  C:\Windows\System\eICWgzH.exe
  2⤵
  PID:11884
- C:\Windows\System\XRwgjBr.exe
  C:\Windows\System\XRwgjBr.exe
  2⤵
  PID:12008
- C:\Windows\System\MuiBytR.exe
  C:\Windows\System\MuiBytR.exe
  2⤵
  PID:12060
- C:\Windows\System\pkdkpLq.exe
  C:\Windows\System\pkdkpLq.exe
  2⤵
  PID:12124
- C:\Windows\System\INhZzlw.exe
  C:\Windows\System\INhZzlw.exe
  2⤵
  PID:12212
- C:\Windows\System\wqkmcnG.exe
  C:\Windows\System\wqkmcnG.exe
  2⤵
  PID:11052
- C:\Windows\System\KMJHlqD.exe
  C:\Windows\System\KMJHlqD.exe
  2⤵
  PID:12284
- C:\Windows\System\LTYEfNx.exe
  C:\Windows\System\LTYEfNx.exe
  2⤵
  PID:11424
- C:\Windows\System\BmXqaET.exe
  C:\Windows\System\BmXqaET.exe
  2⤵
  PID:11568
- C:\Windows\System\eAlhLPn.exe
  C:\Windows\System\eAlhLPn.exe
  2⤵
  PID:11744
- C:\Windows\System\VgpGBTP.exe
  C:\Windows\System\VgpGBTP.exe
  2⤵
  PID:11852
- C:\Windows\System\fLqCiSR.exe
  C:\Windows\System\fLqCiSR.exe
  2⤵
  PID:12096
- C:\Windows\System\JcMGLnW.exe
  C:\Windows\System\JcMGLnW.exe
  2⤵
  PID:12232
- C:\Windows\System\JaHppLQ.exe
  C:\Windows\System\JaHppLQ.exe
  2⤵
  PID:11432
- C:\Windows\System\dnNPPtn.exe
  C:\Windows\System\dnNPPtn.exe
  2⤵
  PID:11956
- C:\Windows\System\xQXFbrS.exe
  C:\Windows\System\xQXFbrS.exe
  2⤵
  PID:12280
- C:\Windows\System\QLhOEbW.exe
  C:\Windows\System\QLhOEbW.exe
  2⤵
  PID:12132
- C:\Windows\System\xforIiG.exe
  C:\Windows\System\xforIiG.exe
  2⤵
  PID:12300
- C:\Windows\System\HCHllly.exe
  C:\Windows\System\HCHllly.exe
  2⤵
  PID:12316
- C:\Windows\System\OBgQCno.exe
  C:\Windows\System\OBgQCno.exe
  2⤵
  PID:12336
- C:\Windows\System\NSBpQnd.exe
  C:\Windows\System\NSBpQnd.exe
  2⤵
  PID:12384
- C:\Windows\System\rNKuZUp.exe
  C:\Windows\System\rNKuZUp.exe
  2⤵
  PID:12412
- C:\Windows\System\HOEhLsb.exe
  C:\Windows\System\HOEhLsb.exe
  2⤵
  PID:12428
- C:\Windows\System\AgtgCIa.exe
  C:\Windows\System\AgtgCIa.exe
  2⤵
  PID:12456
- C:\Windows\System\LAntYYO.exe
  C:\Windows\System\LAntYYO.exe
  2⤵
  PID:12484
- C:\Windows\System\QrEJLGy.exe
  C:\Windows\System\QrEJLGy.exe
  2⤵
  PID:12512
- C:\Windows\System\FGkuLBv.exe
  C:\Windows\System\FGkuLBv.exe
  2⤵
  PID:12548
- C:\Windows\System\MbEtvmi.exe
  C:\Windows\System\MbEtvmi.exe
  2⤵
  PID:12580
- C:\Windows\System\YlwpGRi.exe
  C:\Windows\System\YlwpGRi.exe
  2⤵
  PID:12596
- C:\Windows\System\vtFMuMG.exe
  C:\Windows\System\vtFMuMG.exe
  2⤵
  PID:12624
- C:\Windows\System\WyeHJjo.exe
  C:\Windows\System\WyeHJjo.exe
  2⤵
  PID:12652
- C:\Windows\System\lGyRqPZ.exe
  C:\Windows\System\lGyRqPZ.exe
  2⤵
  PID:12692
- C:\Windows\System\iSGCtfw.exe
  C:\Windows\System\iSGCtfw.exe
  2⤵
  PID:12720
- C:\Windows\System\ktDatkl.exe
  C:\Windows\System\ktDatkl.exe
  2⤵
  PID:12748
- C:\Windows\System\kyzwTtJ.exe
  C:\Windows\System\kyzwTtJ.exe
  2⤵
  PID:12776
- C:\Windows\System\PagsXeE.exe
  C:\Windows\System\PagsXeE.exe
  2⤵
  PID:12820
- C:\Windows\System\vUugsXO.exe
  C:\Windows\System\vUugsXO.exe
  2⤵
  PID:12836
- C:\Windows\System\ROaSJJv.exe
  C:\Windows\System\ROaSJJv.exe
  2⤵
  PID:12852
- C:\Windows\System\mitYmDT.exe
  C:\Windows\System\mitYmDT.exe
  2⤵
  PID:12876
- C:\Windows\System\OLUbAVd.exe
  C:\Windows\System\OLUbAVd.exe
  2⤵
  PID:12912
- C:\Windows\System\KLSUrDb.exe
  C:\Windows\System\KLSUrDb.exe
  2⤵
  PID:12960
- C:\Windows\System\MSmBbBI.exe
  C:\Windows\System\MSmBbBI.exe
  2⤵
  PID:12976
- C:\Windows\System\fvsqFOX.exe
  C:\Windows\System\fvsqFOX.exe
  2⤵
  PID:13000
- C:\Windows\System\ZUAYqky.exe
  C:\Windows\System\ZUAYqky.exe
  2⤵
  PID:13032
- C:\Windows\System\RRVWOiq.exe
  C:\Windows\System\RRVWOiq.exe
  2⤵
  PID:13060
- C:\Windows\System\lzbBTpO.exe
  C:\Windows\System\lzbBTpO.exe
  2⤵
  PID:13096
- C:\Windows\System\XqEvIXq.exe
  C:\Windows\System\XqEvIXq.exe
  2⤵
  PID:13136
- C:\Windows\System\vstfucJ.exe
  C:\Windows\System\vstfucJ.exe
  2⤵
  PID:13172
- C:\Windows\System\qufcphg.exe
  C:\Windows\System\qufcphg.exe
  2⤵
  PID:13220
- C:\Windows\System\WHWbgpz.exe
  C:\Windows\System\WHWbgpz.exe
  2⤵
  PID:13240
- C:\Windows\System\PYvekvY.exe
  C:\Windows\System\PYvekvY.exe
  2⤵
  PID:13276
- C:\Windows\System\JGRPumL.exe
  C:\Windows\System\JGRPumL.exe
  2⤵
  PID:12248
- C:\Windows\System\BXGQosi.exe
  C:\Windows\System\BXGQosi.exe
  2⤵
  PID:12380
- C:\Windows\System\DkMFukx.exe
  C:\Windows\System\DkMFukx.exe
  2⤵
  PID:12420
- C:\Windows\System\ZCaIgXN.exe
  C:\Windows\System\ZCaIgXN.exe
  2⤵
  PID:12524
- C:\Windows\System\FmNqJaU.exe
  C:\Windows\System\FmNqJaU.exe
  2⤵
  PID:12576
- C:\Windows\System\mxQLFco.exe
  C:\Windows\System\mxQLFco.exe
  2⤵
  PID:12636
- C:\Windows\System\QsdVPsn.exe
  C:\Windows\System\QsdVPsn.exe
  2⤵
  PID:12736
- C:\Windows\System\HrNLJkN.exe
  C:\Windows\System\HrNLJkN.exe
  2⤵
  PID:12816
- C:\Windows\System\bxsomBX.exe
  C:\Windows\System\bxsomBX.exe
  2⤵
  PID:12908
- C:\Windows\System\IaoaDIL.exe
  C:\Windows\System\IaoaDIL.exe
  2⤵
  PID:12992
- C:\Windows\System\wZSXqWd.exe
  C:\Windows\System\wZSXqWd.exe
  2⤵
  PID:13056
- C:\Windows\System\sjhcLbG.exe
  C:\Windows\System\sjhcLbG.exe
  2⤵
  PID:13156
- C:\Windows\System\JjoCRmc.exe
  C:\Windows\System\JjoCRmc.exe
  2⤵
  PID:13228
- C:\Windows\System\bgfKXQU.exe
  C:\Windows\System\bgfKXQU.exe
  2⤵
  PID:12324
- C:\Windows\System\LSygZsB.exe
  C:\Windows\System\LSygZsB.exe
  2⤵
  PID:12608
- C:\Windows\System\YFVoALp.exe
  C:\Windows\System\YFVoALp.exe
  2⤵
  PID:12944
- C:\Windows\System\mqZaccL.exe
  C:\Windows\System\mqZaccL.exe
  2⤵
  PID:13044
- C:\Windows\System\NQZssoP.exe
  C:\Windows\System\NQZssoP.exe
  2⤵
  PID:13184
- C:\Windows\System\yNDSEJS.exe
  C:\Windows\System\yNDSEJS.exe
  2⤵
  PID:12476
- C:\Windows\System\ezQnYfx.exe
  C:\Windows\System\ezQnYfx.exe
  2⤵
  PID:13316
- C:\Windows\System\zNGjoAU.exe
  C:\Windows\System\zNGjoAU.exe
  2⤵
  PID:13332
- C:\Windows\System\AxkTQwn.exe
  C:\Windows\System\AxkTQwn.exe
  2⤵
  PID:13364
- C:\Windows\System\XCkafjd.exe
  C:\Windows\System\XCkafjd.exe
  2⤵
  PID:13392
- C:\Windows\System\USiKbMF.exe
  C:\Windows\System\USiKbMF.exe
  2⤵
  PID:13420
- C:\Windows\System\oJYmlMX.exe
  C:\Windows\System\oJYmlMX.exe
  2⤵
  PID:13456
- C:\Windows\System\CdYUhlN.exe
  C:\Windows\System\CdYUhlN.exe
  2⤵
  PID:13484
- C:\Windows\System\lselAIA.exe
  C:\Windows\System\lselAIA.exe
  2⤵
  PID:13536
- C:\Windows\System\kMCQeoy.exe
  C:\Windows\System\kMCQeoy.exe
  2⤵
  PID:13568
- C:\Windows\System\rcHqrHj.exe
  C:\Windows\System\rcHqrHj.exe
  2⤵
  PID:13620
- C:\Windows\System\rdEUMbM.exe
  C:\Windows\System\rdEUMbM.exe
  2⤵
  PID:13636
- C:\Windows\System\lmSFpUY.exe
  C:\Windows\System\lmSFpUY.exe
  2⤵
  PID:13652
- C:\Windows\System\yDdMwBM.exe
  C:\Windows\System\yDdMwBM.exe
  2⤵
  PID:13672
- C:\Windows\System\MPhqkOB.exe
  C:\Windows\System\MPhqkOB.exe
  2⤵
  PID:13704
- C:\Windows\System\AMWrRCo.exe
  C:\Windows\System\AMWrRCo.exe
  2⤵
  PID:13736
- C:\Windows\System\pkSBDyY.exe
  C:\Windows\System\pkSBDyY.exe
  2⤵
  PID:13752
- C:\Windows\System\wTqjLLX.exe
  C:\Windows\System\wTqjLLX.exe
  2⤵
  PID:13784
- C:\Windows\System\QrbIVsw.exe
  C:\Windows\System\QrbIVsw.exe
  2⤵
  PID:13820
- C:\Windows\System\lqGkAgo.exe
  C:\Windows\System\lqGkAgo.exe
  2⤵
  PID:13844
- C:\Windows\System\DcpNPzV.exe
  C:\Windows\System\DcpNPzV.exe
  2⤵
  PID:13864
- C:\Windows\System\yktnCum.exe
  C:\Windows\System\yktnCum.exe
  2⤵
  PID:13900
- C:\Windows\System\FRDcegL.exe
  C:\Windows\System\FRDcegL.exe
  2⤵
  PID:13932
- C:\Windows\System\wrjLuIe.exe
  C:\Windows\System\wrjLuIe.exe
  2⤵
  PID:13992
- C:\Windows\System\ocdwArZ.exe
  C:\Windows\System\ocdwArZ.exe
  2⤵
  PID:14024
- C:\Windows\System\eRVsMfH.exe
  C:\Windows\System\eRVsMfH.exe
  2⤵
  PID:14052
- C:\Windows\System\uqZRcRH.exe
  C:\Windows\System\uqZRcRH.exe
  2⤵
  PID:14080
- C:\Windows\System\psNPQit.exe
  C:\Windows\System\psNPQit.exe
  2⤵
  PID:14108
- C:\Windows\System\TUMrzHk.exe
  C:\Windows\System\TUMrzHk.exe
  2⤵
  PID:14124
- C:\Windows\System\cObdXMT.exe
  C:\Windows\System\cObdXMT.exe
  2⤵
  PID:14152
- C:\Windows\System\QrkAzEj.exe
  C:\Windows\System\QrkAzEj.exe
  2⤵
  PID:14180
- C:\Windows\System\dzbHzoM.exe
  C:\Windows\System\dzbHzoM.exe
  2⤵
  PID:14208
- C:\Windows\System\qrwbEmT.exe
  C:\Windows\System\qrwbEmT.exe
  2⤵
  PID:14224
- C:\Windows\System\ADTgcGO.exe
  C:\Windows\System\ADTgcGO.exe
  2⤵
  PID:14272
- C:\Windows\System\TeQmfJb.exe
  C:\Windows\System\TeQmfJb.exe
  2⤵
  PID:14288
- C:\Windows\System\MtPnGbZ.exe
  C:\Windows\System\MtPnGbZ.exe
  2⤵
  PID:14308
- C:\Windows\System\OYWxeTK.exe
  C:\Windows\System\OYWxeTK.exe
  2⤵
  PID:14332
- C:\Windows\System\YoBIrnW.exe
  C:\Windows\System\YoBIrnW.exe
  2⤵
  PID:13328
- C:\Windows\System\oLtwRBE.exe
  C:\Windows\System\oLtwRBE.exe
  2⤵
  PID:13384
- C:\Windows\System\KdRJlUp.exe
  C:\Windows\System\KdRJlUp.exe
  2⤵
  PID:13480
- C:\Windows\System\hgiUDAE.exe
  C:\Windows\System\hgiUDAE.exe
  2⤵
  PID:13500
- C:\Windows\System\aXlSJLX.exe
  C:\Windows\System\aXlSJLX.exe
  2⤵
  PID:13548
- C:\Windows\System\MSxBCFG.exe
  C:\Windows\System\MSxBCFG.exe
  2⤵
  PID:13696
- C:\Windows\System\Hytygzu.exe
  C:\Windows\System\Hytygzu.exe
  2⤵
  PID:13780
- C:\Windows\System\OtAemrp.exe
  C:\Windows\System\OtAemrp.exe
  2⤵
  PID:13768
- C:\Windows\System\winhSMd.exe
  C:\Windows\System\winhSMd.exe
  2⤵
  PID:13884
- C:\Windows\System\wsmfJpm.exe
  C:\Windows\System\wsmfJpm.exe
  2⤵
  PID:13984
- C:\Windows\System\xityXpg.exe
  C:\Windows\System\xityXpg.exe
  2⤵
  PID:4628
- C:\Windows\System\gRKFECk.exe
  C:\Windows\System\gRKFECk.exe
  2⤵
  PID:14120
- C:\Windows\System\NVqCexV.exe
  C:\Windows\System\NVqCexV.exe
  2⤵
  PID:14164
- C:\Windows\System\xyICmQN.exe
  C:\Windows\System\xyICmQN.exe
  2⤵
  PID:14236
- C:\Windows\System\gHVcxoU.exe
  C:\Windows\System\gHVcxoU.exe
  2⤵
  PID:14296
- C:\Windows\System\ARzsBaR.exe
  C:\Windows\System\ARzsBaR.exe
  2⤵
  PID:12504
- C:\Windows\System\zFmZkdI.exe
  C:\Windows\System\zFmZkdI.exe
  2⤵
  PID:13444
- C:\Windows\System\KcNfrqU.exe
  C:\Windows\System\KcNfrqU.exe
  2⤵
  PID:13564
- C:\Windows\System\DeWcjib.exe
  C:\Windows\System\DeWcjib.exe
  2⤵
  PID:13748
- C:\Windows\System\lAfuSeO.exe
  C:\Windows\System\lAfuSeO.exe
  2⤵
  PID:13960
- C:\Windows\System\IlArsQv.exe
  C:\Windows\System\IlArsQv.exe
  2⤵
  PID:14048
- C:\Windows\System\EaHgCYP.exe
  C:\Windows\System\EaHgCYP.exe
  2⤵
  PID:14284
- C:\Windows\System\MMlbQGl.exe
  C:\Windows\System\MMlbQGl.exe
  2⤵
  PID:13552
- C:\Windows\System\GIHnPfN.exe
  C:\Windows\System\GIHnPfN.exe
  2⤵
  PID:13832
- C:\Windows\System\amaRFol.exe
  C:\Windows\System\amaRFol.exe
  2⤵
  PID:14216
- C:\Windows\System\cOOAZOD.exe
  C:\Windows\System\cOOAZOD.exe
  2⤵
  PID:13372
- C:\Windows\System\xZDTJfc.exe
  C:\Windows\System\xZDTJfc.exe
  2⤵
  PID:12788
- C:\Windows\System\gzsqupm.exe
  C:\Windows\System\gzsqupm.exe
  2⤵
  PID:14344
- C:\Windows\System\yOFomFg.exe
  C:\Windows\System\yOFomFg.exe
  2⤵
  PID:14384
- C:\Windows\System\pFvqRSF.exe
  C:\Windows\System\pFvqRSF.exe
  2⤵
  PID:14416
- C:\Windows\System\bPlEQhf.exe
  C:\Windows\System\bPlEQhf.exe
  2⤵
  PID:14440
- C:\Windows\System\ahKiMfB.exe
  C:\Windows\System\ahKiMfB.exe
  2⤵
  PID:14476
- C:\Windows\System\BefChgY.exe
  C:\Windows\System\BefChgY.exe
  2⤵
  PID:14496
- C:\Windows\System\tvXqvPY.exe
  C:\Windows\System\tvXqvPY.exe
  2⤵
  PID:14536
- C:\Windows\System\uFMIsqV.exe
  C:\Windows\System\uFMIsqV.exe
  2⤵
  PID:14564
- C:\Windows\System\JlDadHe.exe
  C:\Windows\System\JlDadHe.exe
  2⤵
  PID:14580
- C:\Windows\System\bpcxIZx.exe
  C:\Windows\System\bpcxIZx.exe
  2⤵
  PID:14608
- C:\Windows\System\XSCazcV.exe
  C:\Windows\System\XSCazcV.exe
  2⤵
  PID:14648
- C:\Windows\System\UBTZEon.exe
  C:\Windows\System\UBTZEon.exe
  2⤵
  PID:14684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3976,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:8
1⤵
PID:2524

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BWeamgK.exe

Filesize
2.0MB

MD5
cb2844c41041deade1ce122c25547020

SHA1
b1d638e697f9a534531269f0eccba6f5db484abf

SHA256
fc1dbf3a544a65c665dda251eca9094118cd4bb2d7eeba7a0df0984316948673

SHA512
5cb390a10e465335d684bb8da4123f662ced95924a07b50b4199ef10ed4271a05d80b3fe7ead24226e2deb630510b4829a9080c6179b531b96eb8b0011a47e9b

Download Submit
C:\Windows\System\DRcocfG.exe

Filesize
2.0MB

MD5
3bae6b8f17f2c1095dd93ad07739a3f8

SHA1
9634aa7426e0fb7abc1d8006c22330489df5ea9a

SHA256
917c120ecf1c22c6a965ff9c16b33e1c73fab1815d217b60828d9e3aad5150e5

SHA512
8d6468d2475d167a539ea91e8d21468bb8538c3abc2923b00dc0f2a1e5fb08c4fc7c3da193bea6f63710dbc790c8b5999f71f8cb97fd191b029be5933c0e55d9

Download Submit
C:\Windows\System\ElnsrRy.exe

Filesize
2.0MB

MD5
96fb6e01721c074fd454460987cac897

SHA1
c3c1fae7e273b17e42c033798b1ab82a357ea2c7

SHA256
9141bc6471ac5cbb44189b9348ea91e9bc12a4b7861ec6b8cd705fee83fbc3dc

SHA512
d79325e017e292a0468efba7cd2b13c52d2bf5583a8205050ff543b342f1c8a7c42857e3f0aa3fcf7987844d180b9257ba2fc08b0898068ee350d5df28012779

Download Submit
C:\Windows\System\FVThUkB.exe

Filesize
2.0MB

MD5
0f5442d2709b7faa758d41aa91bfc2ab

SHA1
3bfc90a4817f48e09d1101b66297c0bb4b67c820

SHA256
65e8e37ba323a3796673110060dab1b4d3b17351ee4d3f5cd3f455fdbb067352

SHA512
a39313fc7748f943515638afa936f0032c8a1ccf7ef1f6a9ec865df8b3072f367c12d31b6da377aa5d4a6e12d639a525f9b4a8b8395ffdc0ed2ab25049204ee8

Download Submit
C:\Windows\System\HrjhguZ.exe

Filesize
2.0MB

MD5
3d4aeefb5cab51fb591e100729e6de7b

SHA1
7686a4b2f21b3697363f45c5e0e557340c9cb129

SHA256
c63735cd8e0d448ca3d6a10b788e31039948b8c00c73996dfd2bb879726bb516

SHA512
7972ae9390043f40fbb35fd96772bc7108d8119924563a88717492ac01384326239eb672dc2b05f1a2db126fe50b9977dc0adf58af4aac207456eb2ebf648790

Download Submit
C:\Windows\System\NQqBzSq.exe

Filesize
2.0MB

MD5
9fa79d5a9422abb3c2bd5d587a7ff52e

SHA1
79a83aea9ce20ceb39d0cccc94cd83110cc0a4d2

SHA256
388de4dadafd9f1b25b493029e486fefb1b347334683238df6f985df66bd5d72

SHA512
7d674a1affab168555520beffd8c7ec2286c1ab705a21040fee18d3f773dc5e1e2940f32d6b023eba400b3918dcf2e95830c9b32242ac6069b6402567713ca61

Download Submit
C:\Windows\System\PVmjUFK.exe

Filesize
2.0MB

MD5
c8646aea884480648d3c8c13ce5069ff

SHA1
04183c722fe5da1b901389c914b25e1b317ebe7d

SHA256
581dc07ecc23e0c7e26e7686d6701bd5c30eb4cfadd1cce06e35f4eb047c7999

SHA512
e89765eef9f9febd80c2de166f201a08de393e276cc8aa80a93dcc1268aa5e26a885ff892e08d0a63eef4ef5cfc831cb28695e96cfcb47cb7f02f078f277252e

Download Submit
C:\Windows\System\PgQXBPV.exe

Filesize
2.0MB

MD5
7f8ed864d762f290175267ae9b26a658

SHA1
3b41035d9f358375e6f06a207d8c6fb1335fbac7

SHA256
849484613119e671d5cefee31aa9bcebe48f3dc77bdea3e897c9c726e8b7cfcf

SHA512
d19e452d1ad714b57ab1cf9f1c9e53bebb56480556a76f6c892b1be0c978024fed563a3921e4f5d0815959c43b0251137190ae764a5d9fd401b1a29bdb0c482c

Download Submit
C:\Windows\System\PsVzniG.exe

Filesize
2.0MB

MD5
49f8202fef10ef0d9a42056729391027

SHA1
fe04ba03d960499e85aaaf3bbf29f6c9c746192b

SHA256
ea4ace3276fdcd6732510642e8711f70eebcc6b6ac0eb859f2ecdc469a6f36c2

SHA512
f987690422a462a84f19a7a23ad8b02d604178e17c01dfbac980e5b1f33e6fcf085980ee5893bb1dba1167434ff9f439ae988608d258aec38b47c3f1756c0266

Download Submit
C:\Windows\System\PtESMFi.exe

Filesize
2.0MB

MD5
bd8f1c8605ebc5e000222373e3761234

SHA1
24a4c267f5a8795636a27f1465d5473134064fa5

SHA256
57bb935635f732dd6c297128a5669636582f39eb7d4bd2c826f1b83c9511ce9f

SHA512
265823249309f095d18809fee6fe04b654eb733898bc7369280e07add135adcecaca0cd1b0d6853b77be6a9f7507f45533065e7d9b61dab0412a62cff5dfecfd

Download Submit
C:\Windows\System\PywMPQW.exe

Filesize
2.0MB

MD5
f275bdb66bf336cd7f98df36bb2160fe

SHA1
a365933ecd9931690c91d71d61e3ba40d136b683

SHA256
39dba36ecde57ba2695331fe4a8c36159465a0523144dec0b1624d7481024c7e

SHA512
a3ca21744cd15eb371b9053ed007180dc5c048204d74588108c16de1d8c8b3354e12fefbc8f763e4467c6a962220f2a84affee28d6d1bef81e212313e5e0d76e

Download Submit
C:\Windows\System\QuCxfvo.exe

Filesize
2.0MB

MD5
3eab1b8761473cb65afadfd80ccb7d10

SHA1
ed5394df5567a6610f65f34309db307ea936d649

SHA256
6a6cf39b8ea9e09e5ab1a9f5152d3efe29e089df79a527a681d5640f8cfce6ba

SHA512
58097407a7a1971dddae7f12fc64ceae29194e887933f9084ea283cf663e103e7730fea0c5f9506be80f9668a0634afa05d0da905b2dc4fde3311a3c88f830e9

Download Submit
C:\Windows\System\RJDBjGA.exe

Filesize
2.0MB

MD5
9cfdb516f67b1fb5e9b144967db05691

SHA1
9cde0efc00e70cea7bd48afc31595110eba51c30

SHA256
92ea41210d20ef67d8f96d6b1a3c378d71ffd73beeb28c0ca18b8acdd4dfed22

SHA512
45757f29e5fdd8c2cc9c27d020e17fbbceb86bbe480f7c7a60d703293574bb0bf79b60f51848ade57a52686bd8e3b58c8689e6753839e48289e905e39245e885

Download Submit
C:\Windows\System\RnLDXyg.exe

Filesize
2.0MB

MD5
55f72bcb031243382c4087183d337f6d

SHA1
e0888479abf98b34d4dce73e0d68c9b08cb2ee14

SHA256
ce1505cac9d7fceaadc2b7d11b489fd8dff12e5181c31f697e9bb8f5ad6f1ab8

SHA512
81c50ec2242d3a7f23bb2e4a9f4314f4ba21ca2e52ec779a7db254699273403495ecda2c6eb21858f194893f831cf722b93055022c018c2ab69ce13647d3ef86

Download Submit
C:\Windows\System\SGwqsAd.exe

Filesize
2.0MB

MD5
055fe8c96e7b0245bb584ec16bbdf350

SHA1
bbdac3e626797fe5548fc62e1987614971226848

SHA256
3f2f2db5eebf82f65fcdf9419cc24ee745853d1a33a52de871aefa03bd58eaa3

SHA512
00d9d5e5e050b9417742130b3857c557ca99fa28af04a3d35554c6e5ec9bf342898c848a35055595159fb69c139ef334dd7b29b444b93416a2d684d74e90efe0

Download Submit
C:\Windows\System\TahmsnD.exe

Filesize
2.0MB

MD5
486474049bb991066e02dd0f13473fcb

SHA1
29ba65404cc9e4b86fad86ac32339921ead8b2f9

SHA256
3b9555f12902c87bfc91468c837eb66b5ec377e43e428e4cc8ef70d5d4a65d52

SHA512
3dfbf8c292e664850b79253fd6e04c0b16c605b29afc77d7afee57f0677687e9be65970b93e85c7809cffad2561bd7bdfb91ab704b66c03caea8d363ee3b77c9

Download Submit
C:\Windows\System\TjrjoOZ.exe

Filesize
2.0MB

MD5
bcc272ebf8f62683ef91d02f1afcf5af

SHA1
f6098c7d12f9ba89af251171057a22659262c696

SHA256
4653227f744a4aca18e5b16374cf4d10e720132a08fab25dca396572a4b632f3

SHA512
579940a4f18171fa2c35e8f59f3d25ed78568d60e06c5fb2c3001106c59df0dd5020f9a33c8c7a83227b217e92cacd66c1c2862bacf258ff5be841e6a474fc77

Download Submit
C:\Windows\System\VoaCEEx.exe

Filesize
2.0MB

MD5
9bead8b0608916daad2fa75393776219

SHA1
19d093e56e26c605651012d9cd1f1bc785136193

SHA256
302c54227546eb705424afe0976959ecbe4e17d6aa0e2a6416d98681ce88cae1

SHA512
fae0e0caad399c787c613a1f88fb70e7f473208df44a8dc11919f70da33ea3a0aa7c02e474c62c52c93b6a8c82d8a3ac0ebed559a008ea0d3de07ea1846356d4

Download Submit
C:\Windows\System\YnCWbux.exe

Filesize
2.0MB

MD5
218b9c3dd76fbbad981f87ca9fea73b7

SHA1
52e85ee0262a9daa201aef5aaddc745f3786036b

SHA256
8fead8dd7435c1921c7bb23f92f7a5f35a39204635b4ac346ab6cdce0ba84014

SHA512
3f04af6058660cc3f0d482fd024fa811b128ce207eaf528a77b14f5e43e02a52eb9621cd45fe6e98f9bc4eb67e5dcb507acb5e5699b615f6a3a09ff527f732ba

Download Submit
C:\Windows\System\ZWbQfxy.exe

Filesize
2.0MB

MD5
ae33710a466d535ea40aaf43fe2edae1

SHA1
8c233d9f5f8ed9cf7356e6be651a05c50c984db9

SHA256
223479bfce2e707a427eca14ff88958ea36cd3d343edec037c7432c7e4d12c65

SHA512
2fbf3546f6a26e808656d4d139502fe98b96045c668c194283a59686d2ba9c79b844875f3536388a8483c42227362e30a34b59435303743f54d8d815499bee17

Download Submit
C:\Windows\System\ZhuBdPB.exe

Filesize
2.0MB

MD5
80d5bf07d349a5a51d216d080db4afe4

SHA1
07fa50e7cd1df39d97a037d95e8373e04c2871bc

SHA256
a5f35443df9aead9d0b0242d9b8ac8fc8231cc55d12d46069c18198f64125913

SHA512
3d2565c04f33acfd308365abebc4ab2ba9986f3dbf9488857418dc9a919a6842872b695578fd88b64afc12c3c104c5013d39f6c18185621cd5186ebb45b58347

Download Submit
C:\Windows\System\bUqldPu.exe

Filesize
2.0MB

MD5
2d64d21cab3f19e9ba206db29765f36b

SHA1
6479b427b7064ca411c7c56be1af7e179eed6a36

SHA256
2c9729e756d1e8a845e5d47c745ee340fae77820ca741b0ce68fc6cb6608371f

SHA512
35a5acfb1081a592b9929b9eb9108a846f0c9c71f251eee50c3af8b347f339ace1340917750e8a661272d60274e01aadc5403e9aab92a273faf13c6c76255ae5

Download Submit
C:\Windows\System\fFJlDWG.exe

Filesize
2.0MB

MD5
c3fd3d332477c2a1f4f656173198711a

SHA1
6efb5b5d386a412429d8c019039742a5cabfed1d

SHA256
3ba7eb1b0cd3b6e80172c163a01b37b5283dfed664d8639f47103833364399ad

SHA512
38bb25d8803d33ddb683c40243a5405f6b2c797bb0b897ebfc2cda31311f6b50de0858bc1bed8d7146379187af0e18340f5e0e952403d8c9dfb06721d319c030

Download Submit
C:\Windows\System\ffnNfUP.exe

Filesize
2.0MB

MD5
a678dfe12de1e79edf6494dbbdab0a66

SHA1
fd0c20bd27130f7b9ee45f07af62d503563d7ed9

SHA256
0f76d56ca82d8ba03b6c2d5f099ab28a137d72ff4e10ba3534b5d3747f824187

SHA512
536e361e9dd45293aff5b4754d0ad37df89b42baca15da56757c35356a5e2a258d41e38dbc01372b4509e0bad579dce424cad4d4e9d9b5c309ddffa037723fb0

Download Submit
C:\Windows\System\hjKvdjE.exe

Filesize
2.0MB

MD5
30c20840be7daca1f09b4b509e2fe010

SHA1
f4e5b931bc70d16a14737fde12cb9fd29ac103f7

SHA256
343df42386618abc6bc0904c31fdf023435863f98ea3030ec050092d4ef78f06

SHA512
f1fca899a6362804c0cb0769e9302681296e75bac2e8b16b34331fefdf0a3c12a9f396629de646f5a25a5117e712ee129781942118f993cd1f80c8a737279edc

Download Submit
C:\Windows\System\jiEfrfu.exe

Filesize
2.0MB

MD5
ac65ca39eda74b74409345295aaaefb6

SHA1
3e4226682a4bcf591b608c33133501eb31b55786

SHA256
576865ab8ac6fab5c0fe5b2a42c2f893b85eaa798e38e8493bc2fc3f1c721ce6

SHA512
91da62f0a25c971808704b900c45a564638b24d7ab4c514bad95ad0e6c37e18e1136768f0532903d257c0c2d1af37965e8a92c0209eca7b6d355ec606443ce04

Download Submit
C:\Windows\System\kpvzJDW.exe

Filesize
2.0MB

MD5
a7f3700fa4d8d7915a9ae80d75f062ed

SHA1
3287980c6e0f08b4a054266dedadc3ad1560dc52

SHA256
4c7a80d6a7f28e30296c7460ea414e33308d014d3964acd42d1541f5d3606d26

SHA512
bb1362facab4ea458d3eb60cfa1e891d335c184dff8497ca0602b898661f6d40668f68047e8c95032a3399e8137c74becc106d2ff0c822f09ffd62f646c766db

Download Submit
C:\Windows\System\mMRRuQI.exe

Filesize
2.0MB

MD5
c6302e02d8db3fec5d8bac3512335a65

SHA1
8a8183efdb62561fd9d3541dfb6a8d65931d375e

SHA256
4cd4210f3af8ef12bad42c2a12af3134cd514b3b17af4e15084636f607a1dd66

SHA512
b671ab80aed5afb9fe6e9e770b9e2bbbce9c042d97f437fe08e0442d61e153ec36232a47f499ba28b6b18304c8ae1504a462a5023335a1272a08a8e21a1ffd8f

Download Submit
C:\Windows\System\mbnFpEg.exe

Filesize
2.0MB

MD5
d7fedee13c7512e94a8978a20441147d

SHA1
a121eb6b6580c209c0bef3c70fd4c46340adceb6

SHA256
5b05c0ec3854213aa77f6da2cff8986cbceed3ba2d54557c6a18d17f159cc0de

SHA512
4b75fc4c2c8e6b9fd75d578866eab7cf29ec23c3b0fb9b21d8e28787ec8084650077d6780c8220445063938afcdef58f7309a4b8fabc8d5968e8aa1065e45dfb

Download Submit
C:\Windows\System\mgPjnXB.exe

Filesize
2.0MB

MD5
8d6ef0b757e1343d333c372ba823c328

SHA1
bcff9ea86df15f26c774f2456b21fc31a4f3b71a

SHA256
9ceb317a81b00a822e756cf998a2f4e449ef58e4907f3ad6d7b7b93e1d601774

SHA512
f4b663f0478aa3f23f212b063cb83345b5a8597e688c728ecd17cd293632d66f5866415d8403667690fa28146007f26099ca5c539884903eb908187d58d13525

Download Submit
C:\Windows\System\pxRPekK.exe

Filesize
2.0MB

MD5
559510cb6c3fe78eff9f3af2c2fab7dd

SHA1
91777a95cb0c15c608da229b58282759547926ca

SHA256
b7e265b379dcfb1618c3cdfd4a428212db4af6318488d280db3c2ca00ec09166

SHA512
ad668df93b9536562aef53274714dd233c878c17fabd9f6d622e9474bcd6a2d233cf11806dc740864f7d5fb8a15e67dd96b3bbac2439af0c2d40080b1605e259

Download Submit
C:\Windows\System\rFVXPCw.exe

Filesize
2.0MB

MD5
cbda883ae440b8aa0afc000114325b98

SHA1
0a1e23554c4364f03078f279947db9c30914377a

SHA256
c3147e61cdc859edb31b6d2d76c588c830477ab8d576201d5a85cb3b7370fd09

SHA512
77592397f9de1d9f728a623d97bb4d3a002b218ecb7bcc7e287707e4ffc4314b38b4c5ab7ed26749bedac69348417bd2c838db92ff1ce85c877362ed49ee16f3

Download Submit
C:\Windows\System\vPIsxaQ.exe

Filesize
2.0MB

MD5
b8a0abcf49dd338f09294770fb8be525

SHA1
af58da01575334da3df868644b16aaa0bc9ca398

SHA256
f60b2af0a2ce7264648ae7e1c85fa46fd8eb26e14db3379545402a136cd13ed9

SHA512
faf96222583687981d3cb08180b788c4a7d51edf6505cb87a507d40eb02fecb6cbe2c978e73067e33d7f767bfb58dd9836a07e1b1512b694ca1ebf0c371e0774

Download Submit
memory/64-842-0x00007FF7BB7C0000-0x00007FF7BBB14000-memory.dmp

Filesize
3.3MB

Download
memory/64-2078-0x00007FF7BB7C0000-0x00007FF7BBB14000-memory.dmp

Filesize
3.3MB

Download
memory/336-2072-0x00007FF7CC6A0000-0x00007FF7CC9F4000-memory.dmp

Filesize
3.3MB

Download
memory/336-749-0x00007FF7CC6A0000-0x00007FF7CC9F4000-memory.dmp

Filesize
3.3MB

Download
memory/736-2049-0x00007FF6035D0000-0x00007FF603924000-memory.dmp

Filesize
3.3MB

Download
memory/736-31-0x00007FF6035D0000-0x00007FF603924000-memory.dmp

Filesize
3.3MB

Download
memory/736-2053-0x00007FF6035D0000-0x00007FF603924000-memory.dmp

Filesize
3.3MB

Download
memory/804-783-0x00007FF6008F0000-0x00007FF600C44000-memory.dmp

Filesize
3.3MB

Download
memory/804-2059-0x00007FF6008F0000-0x00007FF600C44000-memory.dmp

Filesize
3.3MB

Download
memory/1272-834-0x00007FF7AF100000-0x00007FF7AF454000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2076-0x00007FF7AF100000-0x00007FF7AF454000-memory.dmp

Filesize
3.3MB

Download
memory/1280-707-0x00007FF715BE0000-0x00007FF715F34000-memory.dmp

Filesize
3.3MB

Download
memory/1280-2054-0x00007FF715BE0000-0x00007FF715F34000-memory.dmp

Filesize
3.3MB

Download
memory/1892-767-0x00007FF7F59D0000-0x00007FF7F5D24000-memory.dmp

Filesize
3.3MB

Download
memory/1892-2066-0x00007FF7F59D0000-0x00007FF7F5D24000-memory.dmp

Filesize
3.3MB

Download
memory/1964-777-0x00007FF67A0C0000-0x00007FF67A414000-memory.dmp

Filesize
3.3MB

Download
memory/1964-2064-0x00007FF67A0C0000-0x00007FF67A414000-memory.dmp

Filesize
3.3MB

Download
memory/1992-810-0x00007FF731310000-0x00007FF731664000-memory.dmp

Filesize
3.3MB

Download
memory/1992-2077-0x00007FF731310000-0x00007FF731664000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1-0x0000022994C90000-0x0000022994CA0000-memory.dmp

Filesize
64KB

Download
memory/2028-2045-0x00007FF608B60000-0x00007FF608EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-0-0x00007FF608B60000-0x00007FF608EB4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2057-0x00007FF6F38C0000-0x00007FF6F3C14000-memory.dmp

Filesize
3.3MB

Download
memory/2040-711-0x00007FF6F38C0000-0x00007FF6F3C14000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2074-0x00007FF6B4440000-0x00007FF6B4794000-memory.dmp

Filesize
3.3MB

Download
memory/2108-803-0x00007FF6B4440000-0x00007FF6B4794000-memory.dmp

Filesize
3.3MB

Download
memory/2172-723-0x00007FF638340000-0x00007FF638694000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2073-0x00007FF638340000-0x00007FF638694000-memory.dmp

Filesize
3.3MB

Download
memory/2324-712-0x00007FF6DB6C0000-0x00007FF6DBA14000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2063-0x00007FF6DB6C0000-0x00007FF6DBA14000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2061-0x00007FF764AC0000-0x00007FF764E14000-memory.dmp

Filesize
3.3MB

Download
memory/2332-796-0x00007FF764AC0000-0x00007FF764E14000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2062-0x00007FF6B9330000-0x00007FF6B9684000-memory.dmp

Filesize
3.3MB

Download
memory/2372-713-0x00007FF6B9330000-0x00007FF6B9684000-memory.dmp

Filesize
3.3MB

Download
memory/2900-829-0x00007FF7B8430000-0x00007FF7B8784000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2075-0x00007FF7B8430000-0x00007FF7B8784000-memory.dmp

Filesize
3.3MB

Download
memory/2920-709-0x00007FF7A04F0000-0x00007FF7A0844000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2058-0x00007FF7A04F0000-0x00007FF7A0844000-memory.dmp

Filesize
3.3MB

Download
memory/3024-18-0x00007FF6978E0000-0x00007FF697C34000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2047-0x00007FF6978E0000-0x00007FF697C34000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2051-0x00007FF6978E0000-0x00007FF697C34000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2050-0x00007FF7C5320000-0x00007FF7C5674000-memory.dmp

Filesize
3.3MB

Download
memory/3176-9-0x00007FF7C5320000-0x00007FF7C5674000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2046-0x00007FF7C5320000-0x00007FF7C5674000-memory.dmp

Filesize
3.3MB

Download
memory/3216-22-0x00007FF735380000-0x00007FF7356D4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2052-0x00007FF735380000-0x00007FF7356D4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2048-0x00007FF735380000-0x00007FF7356D4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2069-0x00007FF765340000-0x00007FF765694000-memory.dmp

Filesize
3.3MB

Download
memory/3948-740-0x00007FF765340000-0x00007FF765694000-memory.dmp

Filesize
3.3MB

Download
memory/4056-771-0x00007FF632020000-0x00007FF632374000-memory.dmp

Filesize
3.3MB

Download
memory/4056-2065-0x00007FF632020000-0x00007FF632374000-memory.dmp

Filesize
3.3MB

Download
memory/4292-710-0x00007FF7DA530000-0x00007FF7DA884000-memory.dmp

Filesize
3.3MB

Download
memory/4292-2060-0x00007FF7DA530000-0x00007FF7DA884000-memory.dmp

Filesize
3.3MB

Download
memory/4476-843-0x00007FF698C00000-0x00007FF698F54000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2055-0x00007FF698C00000-0x00007FF698F54000-memory.dmp

Filesize
3.3MB

Download
memory/4556-730-0x00007FF6F1FE0000-0x00007FF6F2334000-memory.dmp

Filesize
3.3MB

Download
memory/4556-2070-0x00007FF6F1FE0000-0x00007FF6F2334000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2067-0x00007FF7DA9A0000-0x00007FF7DACF4000-memory.dmp

Filesize
3.3MB

Download
memory/4684-757-0x00007FF7DA9A0000-0x00007FF7DACF4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-708-0x00007FF7EAD30000-0x00007FF7EB084000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2056-0x00007FF7EAD30000-0x00007FF7EB084000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2068-0x00007FF6C17B0000-0x00007FF6C1B04000-memory.dmp

Filesize
3.3MB

Download
memory/4960-739-0x00007FF6C17B0000-0x00007FF6C1B04000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2071-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download
memory/4980-837-0x00007FF779F00000-0x00007FF77A254000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads