kpot | 6429ffa8e988e457715aecf422ce67b7797269e4df84464ff6e60c6d69ca4535

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
Size

2.4MB
MD5

1818e459e235fc30c038b19d6f146db0
SHA1

f036f99326bb4a95a713c1698915894a92501915
SHA256

6429ffa8e988e457715aecf422ce67b7797269e4df84464ff6e60c6d69ca4535
SHA512

8bda6ce58369e1d4a1ef5ede3f7d8fb06646a164b98c6223ea30d0347cd5e64609be2c7c5c71892cacc9c822216834aec91d539807c133bc3e4e20678b20676c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eoM:BemTLkNdfE0pZrwy

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023419-6.dat	family_kpot
behavioral2/files/0x0007000000023435-8.dat	family_kpot
behavioral2/files/0x0007000000023434-22.dat	family_kpot
behavioral2/files/0x0007000000023439-38.dat	family_kpot
behavioral2/files/0x000700000002343a-43.dat	family_kpot
behavioral2/files/0x000700000002343d-59.dat	family_kpot
behavioral2/files/0x000700000002343f-77.dat	family_kpot
behavioral2/files/0x0007000000023443-89.dat	family_kpot
behavioral2/files/0x0007000000023444-102.dat	family_kpot
behavioral2/files/0x000700000002344c-134.dat	family_kpot
behavioral2/files/0x000700000002344f-149.dat	family_kpot
behavioral2/files/0x0007000000023453-169.dat	family_kpot
behavioral2/files/0x0007000000023451-167.dat	family_kpot
behavioral2/files/0x0007000000023452-164.dat	family_kpot
behavioral2/files/0x0007000000023450-162.dat	family_kpot
behavioral2/files/0x000700000002344e-152.dat	family_kpot
behavioral2/files/0x000700000002344d-147.dat	family_kpot
behavioral2/files/0x000700000002344b-137.dat	family_kpot
behavioral2/files/0x000700000002344a-132.dat	family_kpot
behavioral2/files/0x0007000000023449-127.dat	family_kpot
behavioral2/files/0x0007000000023448-122.dat	family_kpot
behavioral2/files/0x0007000000023447-117.dat	family_kpot
behavioral2/files/0x0007000000023446-112.dat	family_kpot
behavioral2/files/0x0007000000023445-107.dat	family_kpot
behavioral2/files/0x0007000000023442-92.dat	family_kpot
behavioral2/files/0x0007000000023441-87.dat	family_kpot
behavioral2/files/0x0007000000023440-82.dat	family_kpot
behavioral2/files/0x000700000002343e-72.dat	family_kpot
behavioral2/files/0x000700000002343c-62.dat	family_kpot
behavioral2/files/0x000700000002343b-57.dat	family_kpot
behavioral2/files/0x0007000000023438-42.dat	family_kpot
behavioral2/files/0x0007000000023437-34.dat	family_kpot
behavioral2/files/0x0007000000023436-26.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3880-0-0x00007FF731DD0000-0x00007FF732124000-memory.dmp	xmrig
behavioral2/files/0x0009000000023419-6.dat	xmrig
behavioral2/files/0x0007000000023435-8.dat	xmrig
behavioral2/memory/4508-10-0x00007FF605EC0000-0x00007FF606214000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-22.dat	xmrig
behavioral2/files/0x0007000000023439-38.dat	xmrig
behavioral2/files/0x000700000002343a-43.dat	xmrig
behavioral2/files/0x000700000002343d-59.dat	xmrig
behavioral2/files/0x000700000002343f-77.dat	xmrig
behavioral2/files/0x0007000000023443-89.dat	xmrig
behavioral2/files/0x0007000000023444-102.dat	xmrig
behavioral2/files/0x000700000002344c-134.dat	xmrig
behavioral2/files/0x000700000002344f-149.dat	xmrig
behavioral2/memory/3456-680-0x00007FF677230000-0x00007FF677584000-memory.dmp	xmrig
behavioral2/memory/3036-681-0x00007FF6AE4A0000-0x00007FF6AE7F4000-memory.dmp	xmrig
behavioral2/memory/1708-683-0x00007FF71B1F0000-0x00007FF71B544000-memory.dmp	xmrig
behavioral2/memory/916-682-0x00007FF7F87E0000-0x00007FF7F8B34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023453-169.dat	xmrig
behavioral2/files/0x0007000000023451-167.dat	xmrig
behavioral2/files/0x0007000000023452-164.dat	xmrig
behavioral2/files/0x0007000000023450-162.dat	xmrig
behavioral2/files/0x000700000002344e-152.dat	xmrig
behavioral2/files/0x000700000002344d-147.dat	xmrig
behavioral2/files/0x000700000002344b-137.dat	xmrig
behavioral2/files/0x000700000002344a-132.dat	xmrig
behavioral2/files/0x0007000000023449-127.dat	xmrig
behavioral2/files/0x0007000000023448-122.dat	xmrig
behavioral2/files/0x0007000000023447-117.dat	xmrig
behavioral2/files/0x0007000000023446-112.dat	xmrig
behavioral2/memory/4572-684-0x00007FF7B1EE0000-0x00007FF7B2234000-memory.dmp	xmrig
behavioral2/memory/4052-685-0x00007FF6BAA70000-0x00007FF6BADC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023445-107.dat	xmrig
behavioral2/files/0x0007000000023442-92.dat	xmrig
behavioral2/files/0x0007000000023441-87.dat	xmrig
behavioral2/files/0x0007000000023440-82.dat	xmrig
behavioral2/files/0x000700000002343e-72.dat	xmrig
behavioral2/files/0x000700000002343c-62.dat	xmrig
behavioral2/files/0x000700000002343b-57.dat	xmrig
behavioral2/files/0x0007000000023438-42.dat	xmrig
behavioral2/memory/1680-41-0x00007FF6C40B0000-0x00007FF6C4404000-memory.dmp	xmrig
behavioral2/memory/4688-37-0x00007FF662600000-0x00007FF662954000-memory.dmp	xmrig
behavioral2/memory/3340-36-0x00007FF7D9580000-0x00007FF7D98D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-34.dat	xmrig
behavioral2/memory/3108-29-0x00007FF785CF0000-0x00007FF786044000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-26.dat	xmrig
behavioral2/memory/1588-21-0x00007FF7BA9C0000-0x00007FF7BAD14000-memory.dmp	xmrig
behavioral2/memory/1288-686-0x00007FF691DE0000-0x00007FF692134000-memory.dmp	xmrig
behavioral2/memory/4720-701-0x00007FF748220000-0x00007FF748574000-memory.dmp	xmrig
behavioral2/memory/4204-705-0x00007FF7352B0000-0x00007FF735604000-memory.dmp	xmrig
behavioral2/memory/2168-710-0x00007FF6C3CA0000-0x00007FF6C3FF4000-memory.dmp	xmrig
behavioral2/memory/3928-713-0x00007FF7BB420000-0x00007FF7BB774000-memory.dmp	xmrig
behavioral2/memory/2916-734-0x00007FF79F470000-0x00007FF79F7C4000-memory.dmp	xmrig
behavioral2/memory/2364-746-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp	xmrig
behavioral2/memory/220-743-0x00007FF7CC2E0000-0x00007FF7CC634000-memory.dmp	xmrig
behavioral2/memory/5060-742-0x00007FF70B9A0000-0x00007FF70BCF4000-memory.dmp	xmrig
behavioral2/memory/4132-759-0x00007FF7B7600000-0x00007FF7B7954000-memory.dmp	xmrig
behavioral2/memory/3288-760-0x00007FF6DEFB0000-0x00007FF6DF304000-memory.dmp	xmrig
behavioral2/memory/3488-763-0x00007FF6B2010000-0x00007FF6B2364000-memory.dmp	xmrig
behavioral2/memory/2192-758-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp	xmrig
behavioral2/memory/2436-728-0x00007FF787820000-0x00007FF787B74000-memory.dmp	xmrig
behavioral2/memory/656-722-0x00007FF695870000-0x00007FF695BC4000-memory.dmp	xmrig
behavioral2/memory/1052-718-0x00007FF79A0C0000-0x00007FF79A414000-memory.dmp	xmrig
behavioral2/memory/4776-717-0x00007FF6C1B70000-0x00007FF6C1EC4000-memory.dmp	xmrig
behavioral2/memory/3880-2096-0x00007FF731DD0000-0x00007FF732124000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4508	lAmwOUS.exe
1588	RfVNXRx.exe
3108	zqdIjbI.exe
4688	BzBFyqm.exe
3340	qDsWrDw.exe
1680	PHqMlRQ.exe
3456	KCjWFlY.exe
3488	CseSyLX.exe
3036	MteMJMk.exe
916	tmjMOfv.exe
1708	kfITnpU.exe
4572	PrnXlmt.exe
4052	CnEXSci.exe
1288	xStSIpg.exe
4720	tOzlDld.exe
4204	jXqWfRi.exe
2168	GgoyhpC.exe
3928	qSojTeA.exe
4776	dJJcXZp.exe
1052	FZLmHTh.exe
656	uxKwWET.exe
2436	YOYuqPJ.exe
2916	sTAsKBd.exe
5060	rIvQVIC.exe
220	fmPahdK.exe
2364	PVorQSL.exe
2192	dEcLoZe.exe
4132	Lhhpfic.exe
3288	wzeEaSn.exe
3240	cBGlgJP.exe
2792	aubCSjD.exe
1248	qGLcrkO.exe
2532	wVcckJf.exe
3608	gBonUoJ.exe
808	YSQBeWu.exe
4484	UmAzMrs.exe
3368	ZBEbTcL.exe
3432	DYrLvEW.exe
2368	SKOpodl.exe
548	LYlzLVA.exe
4104	NlNNNUr.exe
3668	SOgASsP.exe
2696	cYVtjgi.exe
2204	NaSkVNI.exe
4704	invWMqf.exe
4012	uCTKsiD.exe
1100	hHRypCJ.exe
1536	MCgedYv.exe
1632	mhXrqbh.exe
2476	QlmeyVI.exe
4336	vgEXRtU.exe
3260	phZNqHr.exe
1416	AjkEofC.exe
1600	XDucHhl.exe
624	piRmJZN.exe
1728	gzgiFpX.exe
4676	feWzmbP.exe
4808	aAnkcwW.exe
4928	bkJTkhq.exe
2508	YAorWzM.exe
1560	wMUQjUs.exe
3076	uDOjTBt.exe
8	qWaPcGO.exe
1408	uVWqHsX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3880-0-0x00007FF731DD0000-0x00007FF732124000-memory.dmp	upx
behavioral2/files/0x0009000000023419-6.dat	upx
behavioral2/files/0x0007000000023435-8.dat	upx
behavioral2/memory/4508-10-0x00007FF605EC0000-0x00007FF606214000-memory.dmp	upx
behavioral2/files/0x0007000000023434-22.dat	upx
behavioral2/files/0x0007000000023439-38.dat	upx
behavioral2/files/0x000700000002343a-43.dat	upx
behavioral2/files/0x000700000002343d-59.dat	upx
behavioral2/files/0x000700000002343f-77.dat	upx
behavioral2/files/0x0007000000023443-89.dat	upx
behavioral2/files/0x0007000000023444-102.dat	upx
behavioral2/files/0x000700000002344c-134.dat	upx
behavioral2/files/0x000700000002344f-149.dat	upx
behavioral2/memory/3456-680-0x00007FF677230000-0x00007FF677584000-memory.dmp	upx
behavioral2/memory/3036-681-0x00007FF6AE4A0000-0x00007FF6AE7F4000-memory.dmp	upx
behavioral2/memory/1708-683-0x00007FF71B1F0000-0x00007FF71B544000-memory.dmp	upx
behavioral2/memory/916-682-0x00007FF7F87E0000-0x00007FF7F8B34000-memory.dmp	upx
behavioral2/files/0x0007000000023453-169.dat	upx
behavioral2/files/0x0007000000023451-167.dat	upx
behavioral2/files/0x0007000000023452-164.dat	upx
behavioral2/files/0x0007000000023450-162.dat	upx
behavioral2/files/0x000700000002344e-152.dat	upx
behavioral2/files/0x000700000002344d-147.dat	upx
behavioral2/files/0x000700000002344b-137.dat	upx
behavioral2/files/0x000700000002344a-132.dat	upx
behavioral2/files/0x0007000000023449-127.dat	upx
behavioral2/files/0x0007000000023448-122.dat	upx
behavioral2/files/0x0007000000023447-117.dat	upx
behavioral2/files/0x0007000000023446-112.dat	upx
behavioral2/memory/4572-684-0x00007FF7B1EE0000-0x00007FF7B2234000-memory.dmp	upx
behavioral2/memory/4052-685-0x00007FF6BAA70000-0x00007FF6BADC4000-memory.dmp	upx
behavioral2/files/0x0007000000023445-107.dat	upx
behavioral2/files/0x0007000000023442-92.dat	upx
behavioral2/files/0x0007000000023441-87.dat	upx
behavioral2/files/0x0007000000023440-82.dat	upx
behavioral2/files/0x000700000002343e-72.dat	upx
behavioral2/files/0x000700000002343c-62.dat	upx
behavioral2/files/0x000700000002343b-57.dat	upx
behavioral2/files/0x0007000000023438-42.dat	upx
behavioral2/memory/1680-41-0x00007FF6C40B0000-0x00007FF6C4404000-memory.dmp	upx
behavioral2/memory/4688-37-0x00007FF662600000-0x00007FF662954000-memory.dmp	upx
behavioral2/memory/3340-36-0x00007FF7D9580000-0x00007FF7D98D4000-memory.dmp	upx
behavioral2/files/0x0007000000023437-34.dat	upx
behavioral2/memory/3108-29-0x00007FF785CF0000-0x00007FF786044000-memory.dmp	upx
behavioral2/files/0x0007000000023436-26.dat	upx
behavioral2/memory/1588-21-0x00007FF7BA9C0000-0x00007FF7BAD14000-memory.dmp	upx
behavioral2/memory/1288-686-0x00007FF691DE0000-0x00007FF692134000-memory.dmp	upx
behavioral2/memory/4720-701-0x00007FF748220000-0x00007FF748574000-memory.dmp	upx
behavioral2/memory/4204-705-0x00007FF7352B0000-0x00007FF735604000-memory.dmp	upx
behavioral2/memory/2168-710-0x00007FF6C3CA0000-0x00007FF6C3FF4000-memory.dmp	upx
behavioral2/memory/3928-713-0x00007FF7BB420000-0x00007FF7BB774000-memory.dmp	upx
behavioral2/memory/2916-734-0x00007FF79F470000-0x00007FF79F7C4000-memory.dmp	upx
behavioral2/memory/2364-746-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp	upx
behavioral2/memory/220-743-0x00007FF7CC2E0000-0x00007FF7CC634000-memory.dmp	upx
behavioral2/memory/5060-742-0x00007FF70B9A0000-0x00007FF70BCF4000-memory.dmp	upx
behavioral2/memory/4132-759-0x00007FF7B7600000-0x00007FF7B7954000-memory.dmp	upx
behavioral2/memory/3288-760-0x00007FF6DEFB0000-0x00007FF6DF304000-memory.dmp	upx
behavioral2/memory/3488-763-0x00007FF6B2010000-0x00007FF6B2364000-memory.dmp	upx
behavioral2/memory/2192-758-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp	upx
behavioral2/memory/2436-728-0x00007FF787820000-0x00007FF787B74000-memory.dmp	upx
behavioral2/memory/656-722-0x00007FF695870000-0x00007FF695BC4000-memory.dmp	upx
behavioral2/memory/1052-718-0x00007FF79A0C0000-0x00007FF79A414000-memory.dmp	upx
behavioral2/memory/4776-717-0x00007FF6C1B70000-0x00007FF6C1EC4000-memory.dmp	upx
behavioral2/memory/3880-2096-0x00007FF731DD0000-0x00007FF732124000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uSzhpLe.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\gBonUoJ.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\eerOWxM.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\CFTZlHj.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\mOZfIya.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\WhVnQZl.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\dposxtF.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\kClYqFa.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\oUkunkz.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\knjqxHP.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\mhXrqbh.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\YhnyXTj.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\DsJcASS.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\pqsNXMm.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\taeIWZD.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\YVKRMNA.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\nDLnQWT.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\bzoJOFI.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\VMyFEfC.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\hMUYQYo.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\fjfmwFw.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\AaUsBls.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\bkJTkhq.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\ZzgkEnH.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\ZPSLaja.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\xgSsAoO.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\IlUejAQ.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\aRCIAqY.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\YQWyDHS.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\KPZOfte.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\lJKpYLT.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\jUcfGgO.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\nAfMxza.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\KQgkPcn.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\LJNkayd.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\rAuuDIV.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\sdGozUZ.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\FDBfqiG.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\FFWzjZE.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\SCcKPDJ.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\plUyRVH.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\WYtHyMC.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\tRNdNsy.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\qNjizLC.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\wzeEaSn.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\vgEXRtU.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\KEwqowJ.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\XThjBoS.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\oBNcEnH.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\vnpKzCC.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\ybKsWFQ.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\aFrTemF.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\zOvecvO.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\zlYeBlc.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\xGSBWrK.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\EXQSRWM.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\OEmJVUH.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\eWlnOuk.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\BgrvbpT.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\qHFULgi.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\abYGTfN.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\lZNJEXB.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\qJgTzLs.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
File created	C:\Windows\System\lyafltk.exe	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14744	dwm.exe
Token: SeChangeNotifyPrivilege	14744	dwm.exe
Token: 33	14744	dwm.exe
Token: SeIncBasePriorityPrivilege	14744	dwm.exe
Token: SeShutdownPrivilege	14744	dwm.exe
Token: SeCreatePagefilePrivilege	14744	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 4508	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	83
PID 3880 wrote to memory of 4508	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	83
PID 3880 wrote to memory of 1588	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	84
PID 3880 wrote to memory of 1588	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	84
PID 3880 wrote to memory of 3108	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	85
PID 3880 wrote to memory of 3108	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	85
PID 3880 wrote to memory of 4688	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	86
PID 3880 wrote to memory of 4688	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	86
PID 3880 wrote to memory of 3340	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	87
PID 3880 wrote to memory of 3340	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	87
PID 3880 wrote to memory of 1680	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	88
PID 3880 wrote to memory of 1680	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	88
PID 3880 wrote to memory of 3456	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	89
PID 3880 wrote to memory of 3456	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	89
PID 3880 wrote to memory of 3488	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	90
PID 3880 wrote to memory of 3488	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	90
PID 3880 wrote to memory of 3036	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	91
PID 3880 wrote to memory of 3036	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	91
PID 3880 wrote to memory of 916	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	92
PID 3880 wrote to memory of 916	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	92
PID 3880 wrote to memory of 1708	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	93
PID 3880 wrote to memory of 1708	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	93
PID 3880 wrote to memory of 4572	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	94
PID 3880 wrote to memory of 4572	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	94
PID 3880 wrote to memory of 4052	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	95
PID 3880 wrote to memory of 4052	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	95
PID 3880 wrote to memory of 1288	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	96
PID 3880 wrote to memory of 1288	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	96
PID 3880 wrote to memory of 4720	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	97
PID 3880 wrote to memory of 4720	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	97
PID 3880 wrote to memory of 4204	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	98
PID 3880 wrote to memory of 4204	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	98
PID 3880 wrote to memory of 2168	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	99
PID 3880 wrote to memory of 2168	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	99
PID 3880 wrote to memory of 3928	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	100
PID 3880 wrote to memory of 3928	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	100
PID 3880 wrote to memory of 4776	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	101
PID 3880 wrote to memory of 4776	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	101
PID 3880 wrote to memory of 1052	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	102
PID 3880 wrote to memory of 1052	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	102
PID 3880 wrote to memory of 656	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	103
PID 3880 wrote to memory of 656	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	103
PID 3880 wrote to memory of 2436	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	104
PID 3880 wrote to memory of 2436	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	104
PID 3880 wrote to memory of 2916	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	105
PID 3880 wrote to memory of 2916	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	105
PID 3880 wrote to memory of 5060	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	106
PID 3880 wrote to memory of 5060	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	106
PID 3880 wrote to memory of 220	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	107
PID 3880 wrote to memory of 220	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	107
PID 3880 wrote to memory of 2364	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	108
PID 3880 wrote to memory of 2364	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	108
PID 3880 wrote to memory of 2192	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	109
PID 3880 wrote to memory of 2192	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	109
PID 3880 wrote to memory of 4132	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	110
PID 3880 wrote to memory of 4132	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	110
PID 3880 wrote to memory of 3288	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	111
PID 3880 wrote to memory of 3288	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	111
PID 3880 wrote to memory of 3240	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	112
PID 3880 wrote to memory of 3240	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	112
PID 3880 wrote to memory of 2792	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	113
PID 3880 wrote to memory of 2792	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	113
PID 3880 wrote to memory of 1248	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	114
PID 3880 wrote to memory of 1248	3880	1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1818e459e235fc30c038b19d6f146db0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Windows\System\lAmwOUS.exe
  C:\Windows\System\lAmwOUS.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\RfVNXRx.exe
  C:\Windows\System\RfVNXRx.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\zqdIjbI.exe
  C:\Windows\System\zqdIjbI.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\BzBFyqm.exe
  C:\Windows\System\BzBFyqm.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\qDsWrDw.exe
  C:\Windows\System\qDsWrDw.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\PHqMlRQ.exe
  C:\Windows\System\PHqMlRQ.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\KCjWFlY.exe
  C:\Windows\System\KCjWFlY.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\CseSyLX.exe
  C:\Windows\System\CseSyLX.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\MteMJMk.exe
  C:\Windows\System\MteMJMk.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\tmjMOfv.exe
  C:\Windows\System\tmjMOfv.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\kfITnpU.exe
  C:\Windows\System\kfITnpU.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\PrnXlmt.exe
  C:\Windows\System\PrnXlmt.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\CnEXSci.exe
  C:\Windows\System\CnEXSci.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\xStSIpg.exe
  C:\Windows\System\xStSIpg.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\tOzlDld.exe
  C:\Windows\System\tOzlDld.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\jXqWfRi.exe
  C:\Windows\System\jXqWfRi.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\GgoyhpC.exe
  C:\Windows\System\GgoyhpC.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\qSojTeA.exe
  C:\Windows\System\qSojTeA.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\dJJcXZp.exe
  C:\Windows\System\dJJcXZp.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\FZLmHTh.exe
  C:\Windows\System\FZLmHTh.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\uxKwWET.exe
  C:\Windows\System\uxKwWET.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\YOYuqPJ.exe
  C:\Windows\System\YOYuqPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\sTAsKBd.exe
  C:\Windows\System\sTAsKBd.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\rIvQVIC.exe
  C:\Windows\System\rIvQVIC.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\fmPahdK.exe
  C:\Windows\System\fmPahdK.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\PVorQSL.exe
  C:\Windows\System\PVorQSL.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\dEcLoZe.exe
  C:\Windows\System\dEcLoZe.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\Lhhpfic.exe
  C:\Windows\System\Lhhpfic.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\wzeEaSn.exe
  C:\Windows\System\wzeEaSn.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\cBGlgJP.exe
  C:\Windows\System\cBGlgJP.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\aubCSjD.exe
  C:\Windows\System\aubCSjD.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\qGLcrkO.exe
  C:\Windows\System\qGLcrkO.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\wVcckJf.exe
  C:\Windows\System\wVcckJf.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\gBonUoJ.exe
  C:\Windows\System\gBonUoJ.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\YSQBeWu.exe
  C:\Windows\System\YSQBeWu.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\UmAzMrs.exe
  C:\Windows\System\UmAzMrs.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\ZBEbTcL.exe
  C:\Windows\System\ZBEbTcL.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\DYrLvEW.exe
  C:\Windows\System\DYrLvEW.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\SKOpodl.exe
  C:\Windows\System\SKOpodl.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\LYlzLVA.exe
  C:\Windows\System\LYlzLVA.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\NlNNNUr.exe
  C:\Windows\System\NlNNNUr.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\SOgASsP.exe
  C:\Windows\System\SOgASsP.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\cYVtjgi.exe
  C:\Windows\System\cYVtjgi.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\NaSkVNI.exe
  C:\Windows\System\NaSkVNI.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\invWMqf.exe
  C:\Windows\System\invWMqf.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\uCTKsiD.exe
  C:\Windows\System\uCTKsiD.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\hHRypCJ.exe
  C:\Windows\System\hHRypCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\MCgedYv.exe
  C:\Windows\System\MCgedYv.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\mhXrqbh.exe
  C:\Windows\System\mhXrqbh.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\QlmeyVI.exe
  C:\Windows\System\QlmeyVI.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\vgEXRtU.exe
  C:\Windows\System\vgEXRtU.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\phZNqHr.exe
  C:\Windows\System\phZNqHr.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\AjkEofC.exe
  C:\Windows\System\AjkEofC.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\XDucHhl.exe
  C:\Windows\System\XDucHhl.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\piRmJZN.exe
  C:\Windows\System\piRmJZN.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\gzgiFpX.exe
  C:\Windows\System\gzgiFpX.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\feWzmbP.exe
  C:\Windows\System\feWzmbP.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\aAnkcwW.exe
  C:\Windows\System\aAnkcwW.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\bkJTkhq.exe
  C:\Windows\System\bkJTkhq.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\YAorWzM.exe
  C:\Windows\System\YAorWzM.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\wMUQjUs.exe
  C:\Windows\System\wMUQjUs.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\uDOjTBt.exe
  C:\Windows\System\uDOjTBt.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\qWaPcGO.exe
  C:\Windows\System\qWaPcGO.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\uVWqHsX.exe
  C:\Windows\System\uVWqHsX.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\FDBfqiG.exe
  C:\Windows\System\FDBfqiG.exe
  2⤵
  PID:4664
- C:\Windows\System\rTiXKsN.exe
  C:\Windows\System\rTiXKsN.exe
  2⤵
  PID:3836
- C:\Windows\System\qzyoEfs.exe
  C:\Windows\System\qzyoEfs.exe
  2⤵
  PID:4848
- C:\Windows\System\kaGWCxM.exe
  C:\Windows\System\kaGWCxM.exe
  2⤵
  PID:4100
- C:\Windows\System\KPZOfte.exe
  C:\Windows\System\KPZOfte.exe
  2⤵
  PID:2732
- C:\Windows\System\zVTXpQZ.exe
  C:\Windows\System\zVTXpQZ.exe
  2⤵
  PID:2092
- C:\Windows\System\OCDNChC.exe
  C:\Windows\System\OCDNChC.exe
  2⤵
  PID:3600
- C:\Windows\System\SQxgUxT.exe
  C:\Windows\System\SQxgUxT.exe
  2⤵
  PID:2308
- C:\Windows\System\tewHaVV.exe
  C:\Windows\System\tewHaVV.exe
  2⤵
  PID:4140
- C:\Windows\System\LVpKssJ.exe
  C:\Windows\System\LVpKssJ.exe
  2⤵
  PID:184
- C:\Windows\System\XVShjov.exe
  C:\Windows\System\XVShjov.exe
  2⤵
  PID:4564
- C:\Windows\System\LZsaheX.exe
  C:\Windows\System\LZsaheX.exe
  2⤵
  PID:1620
- C:\Windows\System\NLAYsdB.exe
  C:\Windows\System\NLAYsdB.exe
  2⤵
  PID:1044
- C:\Windows\System\pwdXczO.exe
  C:\Windows\System\pwdXczO.exe
  2⤵
  PID:3384
- C:\Windows\System\RGgqaGy.exe
  C:\Windows\System\RGgqaGy.exe
  2⤵
  PID:4696
- C:\Windows\System\JegsbpG.exe
  C:\Windows\System\JegsbpG.exe
  2⤵
  PID:100
- C:\Windows\System\VdbreIZ.exe
  C:\Windows\System\VdbreIZ.exe
  2⤵
  PID:2100
- C:\Windows\System\ofIAJzW.exe
  C:\Windows\System\ofIAJzW.exe
  2⤵
  PID:1720
- C:\Windows\System\fqbVBVl.exe
  C:\Windows\System\fqbVBVl.exe
  2⤵
  PID:3568
- C:\Windows\System\pjEsaqI.exe
  C:\Windows\System\pjEsaqI.exe
  2⤵
  PID:5148
- C:\Windows\System\Tudilbu.exe
  C:\Windows\System\Tudilbu.exe
  2⤵
  PID:5176
- C:\Windows\System\ONSyXkR.exe
  C:\Windows\System\ONSyXkR.exe
  2⤵
  PID:5204
- C:\Windows\System\syZzNHv.exe
  C:\Windows\System\syZzNHv.exe
  2⤵
  PID:5232
- C:\Windows\System\UuotTsg.exe
  C:\Windows\System\UuotTsg.exe
  2⤵
  PID:5256
- C:\Windows\System\ntwcrpY.exe
  C:\Windows\System\ntwcrpY.exe
  2⤵
  PID:5288
- C:\Windows\System\HzvhGuN.exe
  C:\Windows\System\HzvhGuN.exe
  2⤵
  PID:5316
- C:\Windows\System\lJKpYLT.exe
  C:\Windows\System\lJKpYLT.exe
  2⤵
  PID:5344
- C:\Windows\System\ChAridi.exe
  C:\Windows\System\ChAridi.exe
  2⤵
  PID:5372
- C:\Windows\System\FFWzjZE.exe
  C:\Windows\System\FFWzjZE.exe
  2⤵
  PID:5400
- C:\Windows\System\zlYeBlc.exe
  C:\Windows\System\zlYeBlc.exe
  2⤵
  PID:5428
- C:\Windows\System\vrRGyKL.exe
  C:\Windows\System\vrRGyKL.exe
  2⤵
  PID:5456
- C:\Windows\System\ImyAtdP.exe
  C:\Windows\System\ImyAtdP.exe
  2⤵
  PID:5480
- C:\Windows\System\SlSGMwT.exe
  C:\Windows\System\SlSGMwT.exe
  2⤵
  PID:5512
- C:\Windows\System\VJqAyRS.exe
  C:\Windows\System\VJqAyRS.exe
  2⤵
  PID:5540
- C:\Windows\System\jNFNQRf.exe
  C:\Windows\System\jNFNQRf.exe
  2⤵
  PID:5568
- C:\Windows\System\iegDhbK.exe
  C:\Windows\System\iegDhbK.exe
  2⤵
  PID:5592
- C:\Windows\System\bgnVFWY.exe
  C:\Windows\System\bgnVFWY.exe
  2⤵
  PID:5624
- C:\Windows\System\dXzkPhr.exe
  C:\Windows\System\dXzkPhr.exe
  2⤵
  PID:5652
- C:\Windows\System\DBiyfkJ.exe
  C:\Windows\System\DBiyfkJ.exe
  2⤵
  PID:5680
- C:\Windows\System\DSgVOVl.exe
  C:\Windows\System\DSgVOVl.exe
  2⤵
  PID:5708
- C:\Windows\System\eAMgLEX.exe
  C:\Windows\System\eAMgLEX.exe
  2⤵
  PID:5736
- C:\Windows\System\aJdbSxp.exe
  C:\Windows\System\aJdbSxp.exe
  2⤵
  PID:5764
- C:\Windows\System\lVwBpMv.exe
  C:\Windows\System\lVwBpMv.exe
  2⤵
  PID:5792
- C:\Windows\System\pHYPfkE.exe
  C:\Windows\System\pHYPfkE.exe
  2⤵
  PID:5820
- C:\Windows\System\BgrvbpT.exe
  C:\Windows\System\BgrvbpT.exe
  2⤵
  PID:5848
- C:\Windows\System\WnEgJXr.exe
  C:\Windows\System\WnEgJXr.exe
  2⤵
  PID:5876
- C:\Windows\System\XfViMMX.exe
  C:\Windows\System\XfViMMX.exe
  2⤵
  PID:5904
- C:\Windows\System\fBThvgL.exe
  C:\Windows\System\fBThvgL.exe
  2⤵
  PID:5932
- C:\Windows\System\imBGjTh.exe
  C:\Windows\System\imBGjTh.exe
  2⤵
  PID:5960
- C:\Windows\System\ucGuUgX.exe
  C:\Windows\System\ucGuUgX.exe
  2⤵
  PID:5988
- C:\Windows\System\dayjwIM.exe
  C:\Windows\System\dayjwIM.exe
  2⤵
  PID:6016
- C:\Windows\System\sUQZZDB.exe
  C:\Windows\System\sUQZZDB.exe
  2⤵
  PID:6044
- C:\Windows\System\OiZodio.exe
  C:\Windows\System\OiZodio.exe
  2⤵
  PID:6072
- C:\Windows\System\EenoQby.exe
  C:\Windows\System\EenoQby.exe
  2⤵
  PID:6100
- C:\Windows\System\RjDqqTp.exe
  C:\Windows\System\RjDqqTp.exe
  2⤵
  PID:6124
- C:\Windows\System\kyWirIK.exe
  C:\Windows\System\kyWirIK.exe
  2⤵
  PID:1320
- C:\Windows\System\nXTKKuy.exe
  C:\Windows\System\nXTKKuy.exe
  2⤵
  PID:1344
- C:\Windows\System\jNAnpUO.exe
  C:\Windows\System\jNAnpUO.exe
  2⤵
  PID:3060
- C:\Windows\System\JYNiega.exe
  C:\Windows\System\JYNiega.exe
  2⤵
  PID:2620
- C:\Windows\System\bzoJOFI.exe
  C:\Windows\System\bzoJOFI.exe
  2⤵
  PID:4420
- C:\Windows\System\fXMrMBG.exe
  C:\Windows\System\fXMrMBG.exe
  2⤵
  PID:1676
- C:\Windows\System\xmIdeZF.exe
  C:\Windows\System\xmIdeZF.exe
  2⤵
  PID:5188
- C:\Windows\System\yHryzCz.exe
  C:\Windows\System\yHryzCz.exe
  2⤵
  PID:5248
- C:\Windows\System\NIXvndD.exe
  C:\Windows\System\NIXvndD.exe
  2⤵
  PID:5308
- C:\Windows\System\trKTyCG.exe
  C:\Windows\System\trKTyCG.exe
  2⤵
  PID:5384
- C:\Windows\System\EZLMJjD.exe
  C:\Windows\System\EZLMJjD.exe
  2⤵
  PID:5444
- C:\Windows\System\YrzreYz.exe
  C:\Windows\System\YrzreYz.exe
  2⤵
  PID:5504
- C:\Windows\System\xGSBWrK.exe
  C:\Windows\System\xGSBWrK.exe
  2⤵
  PID:5580
- C:\Windows\System\yBymdgq.exe
  C:\Windows\System\yBymdgq.exe
  2⤵
  PID:5636
- C:\Windows\System\MkriZOb.exe
  C:\Windows\System\MkriZOb.exe
  2⤵
  PID:5700
- C:\Windows\System\YrQriPh.exe
  C:\Windows\System\YrQriPh.exe
  2⤵
  PID:5776
- C:\Windows\System\ifkFQcm.exe
  C:\Windows\System\ifkFQcm.exe
  2⤵
  PID:5832
- C:\Windows\System\XvlbJhD.exe
  C:\Windows\System\XvlbJhD.exe
  2⤵
  PID:5892
- C:\Windows\System\tyYUXta.exe
  C:\Windows\System\tyYUXta.exe
  2⤵
  PID:5952
- C:\Windows\System\luwmMMj.exe
  C:\Windows\System\luwmMMj.exe
  2⤵
  PID:6028
- C:\Windows\System\IUbmhRG.exe
  C:\Windows\System\IUbmhRG.exe
  2⤵
  PID:6084
- C:\Windows\System\cuxgPGG.exe
  C:\Windows\System\cuxgPGG.exe
  2⤵
  PID:3376
- C:\Windows\System\qXvmfIM.exe
  C:\Windows\System\qXvmfIM.exe
  2⤵
  PID:2992
- C:\Windows\System\hSQOEVc.exe
  C:\Windows\System\hSQOEVc.exe
  2⤵
  PID:4532
- C:\Windows\System\qsBdDFZ.exe
  C:\Windows\System\qsBdDFZ.exe
  2⤵
  PID:5216
- C:\Windows\System\YOIKaWo.exe
  C:\Windows\System\YOIKaWo.exe
  2⤵
  PID:5356
- C:\Windows\System\qHFULgi.exe
  C:\Windows\System\qHFULgi.exe
  2⤵
  PID:5496
- C:\Windows\System\kBteoCG.exe
  C:\Windows\System\kBteoCG.exe
  2⤵
  PID:5672
- C:\Windows\System\yiuOVnv.exe
  C:\Windows\System\yiuOVnv.exe
  2⤵
  PID:5808
- C:\Windows\System\adQYcXL.exe
  C:\Windows\System\adQYcXL.exe
  2⤵
  PID:5948
- C:\Windows\System\NxddYci.exe
  C:\Windows\System\NxddYci.exe
  2⤵
  PID:6064
- C:\Windows\System\BVFQjce.exe
  C:\Windows\System\BVFQjce.exe
  2⤵
  PID:5044
- C:\Windows\System\kTGRaRE.exe
  C:\Windows\System\kTGRaRE.exe
  2⤵
  PID:5336
- C:\Windows\System\EgyQwzq.exe
  C:\Windows\System\EgyQwzq.exe
  2⤵
  PID:6172
- C:\Windows\System\irSvRKc.exe
  C:\Windows\System\irSvRKc.exe
  2⤵
  PID:6200
- C:\Windows\System\dYDOdDW.exe
  C:\Windows\System\dYDOdDW.exe
  2⤵
  PID:6228
- C:\Windows\System\SCcKPDJ.exe
  C:\Windows\System\SCcKPDJ.exe
  2⤵
  PID:6252
- C:\Windows\System\cNNjGMf.exe
  C:\Windows\System\cNNjGMf.exe
  2⤵
  PID:6280
- C:\Windows\System\TCocCQO.exe
  C:\Windows\System\TCocCQO.exe
  2⤵
  PID:6312
- C:\Windows\System\GANMVbE.exe
  C:\Windows\System\GANMVbE.exe
  2⤵
  PID:6336
- C:\Windows\System\FVuTnqm.exe
  C:\Windows\System\FVuTnqm.exe
  2⤵
  PID:6364
- C:\Windows\System\udpVfJk.exe
  C:\Windows\System\udpVfJk.exe
  2⤵
  PID:6392
- C:\Windows\System\uJPCKSx.exe
  C:\Windows\System\uJPCKSx.exe
  2⤵
  PID:6420
- C:\Windows\System\JyGkucX.exe
  C:\Windows\System\JyGkucX.exe
  2⤵
  PID:6452
- C:\Windows\System\lCPsMTE.exe
  C:\Windows\System\lCPsMTE.exe
  2⤵
  PID:6476
- C:\Windows\System\lyafltk.exe
  C:\Windows\System\lyafltk.exe
  2⤵
  PID:6504
- C:\Windows\System\EyRbfcJ.exe
  C:\Windows\System\EyRbfcJ.exe
  2⤵
  PID:6532
- C:\Windows\System\KIFYhRW.exe
  C:\Windows\System\KIFYhRW.exe
  2⤵
  PID:6560
- C:\Windows\System\iijCWCR.exe
  C:\Windows\System\iijCWCR.exe
  2⤵
  PID:6588
- C:\Windows\System\VMyFEfC.exe
  C:\Windows\System\VMyFEfC.exe
  2⤵
  PID:6620
- C:\Windows\System\YyOjryw.exe
  C:\Windows\System\YyOjryw.exe
  2⤵
  PID:6648
- C:\Windows\System\MycAAdy.exe
  C:\Windows\System\MycAAdy.exe
  2⤵
  PID:6676
- C:\Windows\System\nUUIUSt.exe
  C:\Windows\System\nUUIUSt.exe
  2⤵
  PID:6704
- C:\Windows\System\jUcfGgO.exe
  C:\Windows\System\jUcfGgO.exe
  2⤵
  PID:6732
- C:\Windows\System\UMzzezv.exe
  C:\Windows\System\UMzzezv.exe
  2⤵
  PID:6760
- C:\Windows\System\bkMtuBl.exe
  C:\Windows\System\bkMtuBl.exe
  2⤵
  PID:6788
- C:\Windows\System\KaLYiId.exe
  C:\Windows\System\KaLYiId.exe
  2⤵
  PID:6816
- C:\Windows\System\UHlUrmc.exe
  C:\Windows\System\UHlUrmc.exe
  2⤵
  PID:6848
- C:\Windows\System\YhnyXTj.exe
  C:\Windows\System\YhnyXTj.exe
  2⤵
  PID:6872
- C:\Windows\System\ZzgkEnH.exe
  C:\Windows\System\ZzgkEnH.exe
  2⤵
  PID:6900
- C:\Windows\System\PDlnTSs.exe
  C:\Windows\System\PDlnTSs.exe
  2⤵
  PID:6928
- C:\Windows\System\UtaHvev.exe
  C:\Windows\System\UtaHvev.exe
  2⤵
  PID:6952
- C:\Windows\System\JqOZFYO.exe
  C:\Windows\System\JqOZFYO.exe
  2⤵
  PID:6980
- C:\Windows\System\nAfMxza.exe
  C:\Windows\System\nAfMxza.exe
  2⤵
  PID:7012
- C:\Windows\System\oUkunkz.exe
  C:\Windows\System\oUkunkz.exe
  2⤵
  PID:7040
- C:\Windows\System\VJjGxwa.exe
  C:\Windows\System\VJjGxwa.exe
  2⤵
  PID:7068
- C:\Windows\System\QhUjyMh.exe
  C:\Windows\System\QhUjyMh.exe
  2⤵
  PID:7096
- C:\Windows\System\CTBlCbY.exe
  C:\Windows\System\CTBlCbY.exe
  2⤵
  PID:7124
- C:\Windows\System\UaOhxmx.exe
  C:\Windows\System\UaOhxmx.exe
  2⤵
  PID:7152
- C:\Windows\System\ORvSjbq.exe
  C:\Windows\System\ORvSjbq.exe
  2⤵
  PID:5608
- C:\Windows\System\qipAdXB.exe
  C:\Windows\System\qipAdXB.exe
  2⤵
  PID:5888
- C:\Windows\System\IprvCkU.exe
  C:\Windows\System\IprvCkU.exe
  2⤵
  PID:4032
- C:\Windows\System\jmVcBPR.exe
  C:\Windows\System\jmVcBPR.exe
  2⤵
  PID:6184
- C:\Windows\System\HPZVVBv.exe
  C:\Windows\System\HPZVVBv.exe
  2⤵
  PID:1936
- C:\Windows\System\cWNhius.exe
  C:\Windows\System\cWNhius.exe
  2⤵
  PID:6296
- C:\Windows\System\plUyRVH.exe
  C:\Windows\System\plUyRVH.exe
  2⤵
  PID:6352
- C:\Windows\System\DvMBFnI.exe
  C:\Windows\System\DvMBFnI.exe
  2⤵
  PID:6388
- C:\Windows\System\ymvpvvd.exe
  C:\Windows\System\ymvpvvd.exe
  2⤵
  PID:4044
- C:\Windows\System\GoUMgTd.exe
  C:\Windows\System\GoUMgTd.exe
  2⤵
  PID:6500
- C:\Windows\System\LswWqzY.exe
  C:\Windows\System\LswWqzY.exe
  2⤵
  PID:6552
- C:\Windows\System\UMmCtMD.exe
  C:\Windows\System\UMmCtMD.exe
  2⤵
  PID:6612
- C:\Windows\System\dJYpULF.exe
  C:\Windows\System\dJYpULF.exe
  2⤵
  PID:6668
- C:\Windows\System\NHzVnKh.exe
  C:\Windows\System\NHzVnKh.exe
  2⤵
  PID:6724
- C:\Windows\System\aNSfKxV.exe
  C:\Windows\System\aNSfKxV.exe
  2⤵
  PID:6800
- C:\Windows\System\Snsbnfx.exe
  C:\Windows\System\Snsbnfx.exe
  2⤵
  PID:6864
- C:\Windows\System\iDWUYEO.exe
  C:\Windows\System\iDWUYEO.exe
  2⤵
  PID:1548
- C:\Windows\System\ofcfVrW.exe
  C:\Windows\System\ofcfVrW.exe
  2⤵
  PID:7164
- C:\Windows\System\jDGjmAa.exe
  C:\Windows\System\jDGjmAa.exe
  2⤵
  PID:740
- C:\Windows\System\fxLulqq.exe
  C:\Windows\System\fxLulqq.exe
  2⤵
  PID:5100
- C:\Windows\System\EXQSRWM.exe
  C:\Windows\System\EXQSRWM.exe
  2⤵
  PID:6192
- C:\Windows\System\fxdUzWr.exe
  C:\Windows\System\fxdUzWr.exe
  2⤵
  PID:6248
- C:\Windows\System\AXbOsXG.exe
  C:\Windows\System\AXbOsXG.exe
  2⤵
  PID:6436
- C:\Windows\System\kqKXrby.exe
  C:\Windows\System\kqKXrby.exe
  2⤵
  PID:3144
- C:\Windows\System\JzDxtMK.exe
  C:\Windows\System\JzDxtMK.exe
  2⤵
  PID:2244
- C:\Windows\System\FWnhDaL.exe
  C:\Windows\System\FWnhDaL.exe
  2⤵
  PID:6720
- C:\Windows\System\DhWOwTJ.exe
  C:\Windows\System\DhWOwTJ.exe
  2⤵
  PID:1192
- C:\Windows\System\cSMRazW.exe
  C:\Windows\System\cSMRazW.exe
  2⤵
  PID:6840
- C:\Windows\System\OEmJVUH.exe
  C:\Windows\System\OEmJVUH.exe
  2⤵
  PID:6996
- C:\Windows\System\IWsklzR.exe
  C:\Windows\System\IWsklzR.exe
  2⤵
  PID:7084
- C:\Windows\System\MjNnrKH.exe
  C:\Windows\System\MjNnrKH.exe
  2⤵
  PID:4900
- C:\Windows\System\AsPPTng.exe
  C:\Windows\System\AsPPTng.exe
  2⤵
  PID:2224
- C:\Windows\System\nslyhoE.exe
  C:\Windows\System\nslyhoE.exe
  2⤵
  PID:5420
- C:\Windows\System\MgRYCqg.exe
  C:\Windows\System\MgRYCqg.exe
  2⤵
  PID:6240
- C:\Windows\System\XaojvfN.exe
  C:\Windows\System\XaojvfN.exe
  2⤵
  PID:6160
- C:\Windows\System\xipxLwc.exe
  C:\Windows\System\xipxLwc.exe
  2⤵
  PID:7060
- C:\Windows\System\eerOWxM.exe
  C:\Windows\System\eerOWxM.exe
  2⤵
  PID:2428
- C:\Windows\System\SDhmcwf.exe
  C:\Windows\System\SDhmcwf.exe
  2⤵
  PID:1716
- C:\Windows\System\KqkHmbI.exe
  C:\Windows\System\KqkHmbI.exe
  2⤵
  PID:7172
- C:\Windows\System\tDgTXsC.exe
  C:\Windows\System\tDgTXsC.exe
  2⤵
  PID:7188
- C:\Windows\System\FKdgeFh.exe
  C:\Windows\System\FKdgeFh.exe
  2⤵
  PID:7212
- C:\Windows\System\BRqDFGL.exe
  C:\Windows\System\BRqDFGL.exe
  2⤵
  PID:7244
- C:\Windows\System\lciYuJT.exe
  C:\Windows\System\lciYuJT.exe
  2⤵
  PID:7260
- C:\Windows\System\wlGXLcn.exe
  C:\Windows\System\wlGXLcn.exe
  2⤵
  PID:7288
- C:\Windows\System\MoGclVS.exe
  C:\Windows\System\MoGclVS.exe
  2⤵
  PID:7328
- C:\Windows\System\iJDeuce.exe
  C:\Windows\System\iJDeuce.exe
  2⤵
  PID:7352
- C:\Windows\System\LZsWFGY.exe
  C:\Windows\System\LZsWFGY.exe
  2⤵
  PID:7384
- C:\Windows\System\FejXtbO.exe
  C:\Windows\System\FejXtbO.exe
  2⤵
  PID:7408
- C:\Windows\System\kjNPTYK.exe
  C:\Windows\System\kjNPTYK.exe
  2⤵
  PID:7436
- C:\Windows\System\WiRNFZD.exe
  C:\Windows\System\WiRNFZD.exe
  2⤵
  PID:7468
- C:\Windows\System\rddonNf.exe
  C:\Windows\System\rddonNf.exe
  2⤵
  PID:7504
- C:\Windows\System\cauyGWI.exe
  C:\Windows\System\cauyGWI.exe
  2⤵
  PID:7572
- C:\Windows\System\TdEXqss.exe
  C:\Windows\System\TdEXqss.exe
  2⤵
  PID:7588
- C:\Windows\System\tgrycQS.exe
  C:\Windows\System\tgrycQS.exe
  2⤵
  PID:7632
- C:\Windows\System\xWmQtfQ.exe
  C:\Windows\System\xWmQtfQ.exe
  2⤵
  PID:7648
- C:\Windows\System\vTYOcbk.exe
  C:\Windows\System\vTYOcbk.exe
  2⤵
  PID:7744
- C:\Windows\System\kqreCbR.exe
  C:\Windows\System\kqreCbR.exe
  2⤵
  PID:7788
- C:\Windows\System\YjuYMnb.exe
  C:\Windows\System\YjuYMnb.exe
  2⤵
  PID:7824
- C:\Windows\System\qCBXUtr.exe
  C:\Windows\System\qCBXUtr.exe
  2⤵
  PID:7852
- C:\Windows\System\vhmGXoa.exe
  C:\Windows\System\vhmGXoa.exe
  2⤵
  PID:7868
- C:\Windows\System\YDUorkm.exe
  C:\Windows\System\YDUorkm.exe
  2⤵
  PID:7908
- C:\Windows\System\wPJeNFp.exe
  C:\Windows\System\wPJeNFp.exe
  2⤵
  PID:7936
- C:\Windows\System\mwdznMQ.exe
  C:\Windows\System\mwdznMQ.exe
  2⤵
  PID:7964
- C:\Windows\System\iyNDXhS.exe
  C:\Windows\System\iyNDXhS.exe
  2⤵
  PID:7992
- C:\Windows\System\VdvJLto.exe
  C:\Windows\System\VdvJLto.exe
  2⤵
  PID:8024
- C:\Windows\System\bCMVyRh.exe
  C:\Windows\System\bCMVyRh.exe
  2⤵
  PID:8052
- C:\Windows\System\jzwpAht.exe
  C:\Windows\System\jzwpAht.exe
  2⤵
  PID:8072
- C:\Windows\System\RTvELyS.exe
  C:\Windows\System\RTvELyS.exe
  2⤵
  PID:8108
- C:\Windows\System\OFSMqyw.exe
  C:\Windows\System\OFSMqyw.exe
  2⤵
  PID:8140
- C:\Windows\System\cdCesfq.exe
  C:\Windows\System\cdCesfq.exe
  2⤵
  PID:8164
- C:\Windows\System\OLBVhvy.exe
  C:\Windows\System\OLBVhvy.exe
  2⤵
  PID:8184
- C:\Windows\System\Zwojgai.exe
  C:\Windows\System\Zwojgai.exe
  2⤵
  PID:7180
- C:\Windows\System\EOoUjPF.exe
  C:\Windows\System\EOoUjPF.exe
  2⤵
  PID:7236
- C:\Windows\System\JYzPeKX.exe
  C:\Windows\System\JYzPeKX.exe
  2⤵
  PID:7316
- C:\Windows\System\fLuvwrO.exe
  C:\Windows\System\fLuvwrO.exe
  2⤵
  PID:7376
- C:\Windows\System\WYtHyMC.exe
  C:\Windows\System\WYtHyMC.exe
  2⤵
  PID:7488
- C:\Windows\System\tkhdaMD.exe
  C:\Windows\System\tkhdaMD.exe
  2⤵
  PID:7492
- C:\Windows\System\llNyUsp.exe
  C:\Windows\System\llNyUsp.exe
  2⤵
  PID:7584
- C:\Windows\System\iXUDBqq.exe
  C:\Windows\System\iXUDBqq.exe
  2⤵
  PID:7676
- C:\Windows\System\dHLGFjc.exe
  C:\Windows\System\dHLGFjc.exe
  2⤵
  PID:5476
- C:\Windows\System\qXTclGz.exe
  C:\Windows\System\qXTclGz.exe
  2⤵
  PID:7804
- C:\Windows\System\fXqpuZg.exe
  C:\Windows\System\fXqpuZg.exe
  2⤵
  PID:7820
- C:\Windows\System\WpiRSIM.exe
  C:\Windows\System\WpiRSIM.exe
  2⤵
  PID:7900
- C:\Windows\System\OctqLkp.exe
  C:\Windows\System\OctqLkp.exe
  2⤵
  PID:7948
- C:\Windows\System\tWZYcho.exe
  C:\Windows\System\tWZYcho.exe
  2⤵
  PID:8040
- C:\Windows\System\sCuwQcn.exe
  C:\Windows\System\sCuwQcn.exe
  2⤵
  PID:8120
- C:\Windows\System\PMFZGdE.exe
  C:\Windows\System\PMFZGdE.exe
  2⤵
  PID:7184
- C:\Windows\System\PzgxYmt.exe
  C:\Windows\System\PzgxYmt.exe
  2⤵
  PID:7272
- C:\Windows\System\PDGmbRH.exe
  C:\Windows\System\PDGmbRH.exe
  2⤵
  PID:7464
- C:\Windows\System\rjviGvo.exe
  C:\Windows\System\rjviGvo.exe
  2⤵
  PID:7596
- C:\Windows\System\zxZKERk.exe
  C:\Windows\System\zxZKERk.exe
  2⤵
  PID:6776
- C:\Windows\System\GcOFTZf.exe
  C:\Windows\System\GcOFTZf.exe
  2⤵
  PID:7816
- C:\Windows\System\exRgNLt.exe
  C:\Windows\System\exRgNLt.exe
  2⤵
  PID:8080
- C:\Windows\System\ivzAPgk.exe
  C:\Windows\System\ivzAPgk.exe
  2⤵
  PID:4468
- C:\Windows\System\OIjTqPa.exe
  C:\Windows\System\OIjTqPa.exe
  2⤵
  PID:7460
- C:\Windows\System\qiMKPCP.exe
  C:\Windows\System\qiMKPCP.exe
  2⤵
  PID:7956
- C:\Windows\System\gRNQuFn.exe
  C:\Windows\System\gRNQuFn.exe
  2⤵
  PID:8156
- C:\Windows\System\vzVWBrm.exe
  C:\Windows\System\vzVWBrm.exe
  2⤵
  PID:8148
- C:\Windows\System\gZcxctW.exe
  C:\Windows\System\gZcxctW.exe
  2⤵
  PID:8196
- C:\Windows\System\oqdnIfH.exe
  C:\Windows\System\oqdnIfH.exe
  2⤵
  PID:8228
- C:\Windows\System\kTrwzrN.exe
  C:\Windows\System\kTrwzrN.exe
  2⤵
  PID:8256
- C:\Windows\System\ZPSLaja.exe
  C:\Windows\System\ZPSLaja.exe
  2⤵
  PID:8284
- C:\Windows\System\CElVOok.exe
  C:\Windows\System\CElVOok.exe
  2⤵
  PID:8316
- C:\Windows\System\HJXkcBc.exe
  C:\Windows\System\HJXkcBc.exe
  2⤵
  PID:8356
- C:\Windows\System\BBYJYdh.exe
  C:\Windows\System\BBYJYdh.exe
  2⤵
  PID:8372
- C:\Windows\System\nikFvnV.exe
  C:\Windows\System\nikFvnV.exe
  2⤵
  PID:8388
- C:\Windows\System\asNaxkX.exe
  C:\Windows\System\asNaxkX.exe
  2⤵
  PID:8424
- C:\Windows\System\CTNPOLz.exe
  C:\Windows\System\CTNPOLz.exe
  2⤵
  PID:8444
- C:\Windows\System\hRoYgVO.exe
  C:\Windows\System\hRoYgVO.exe
  2⤵
  PID:8476
- C:\Windows\System\AjHoxHK.exe
  C:\Windows\System\AjHoxHK.exe
  2⤵
  PID:8512
- C:\Windows\System\gCYVCvX.exe
  C:\Windows\System\gCYVCvX.exe
  2⤵
  PID:8540
- C:\Windows\System\dQPzMzr.exe
  C:\Windows\System\dQPzMzr.exe
  2⤵
  PID:8576
- C:\Windows\System\xEuDJxx.exe
  C:\Windows\System\xEuDJxx.exe
  2⤵
  PID:8604
- C:\Windows\System\uVMPQqn.exe
  C:\Windows\System\uVMPQqn.exe
  2⤵
  PID:8620
- C:\Windows\System\VfkqXbZ.exe
  C:\Windows\System\VfkqXbZ.exe
  2⤵
  PID:8648
- C:\Windows\System\xgSsAoO.exe
  C:\Windows\System\xgSsAoO.exe
  2⤵
  PID:8680
- C:\Windows\System\TYIAAwU.exe
  C:\Windows\System\TYIAAwU.exe
  2⤵
  PID:8716
- C:\Windows\System\sXwFFsL.exe
  C:\Windows\System\sXwFFsL.exe
  2⤵
  PID:8768
- C:\Windows\System\IcsrfXX.exe
  C:\Windows\System\IcsrfXX.exe
  2⤵
  PID:8796
- C:\Windows\System\ZQeTRYb.exe
  C:\Windows\System\ZQeTRYb.exe
  2⤵
  PID:8824
- C:\Windows\System\ceINGlB.exe
  C:\Windows\System\ceINGlB.exe
  2⤵
  PID:8852
- C:\Windows\System\UNJwqCw.exe
  C:\Windows\System\UNJwqCw.exe
  2⤵
  PID:8880
- C:\Windows\System\WVywRyI.exe
  C:\Windows\System\WVywRyI.exe
  2⤵
  PID:8912
- C:\Windows\System\pIAJFQA.exe
  C:\Windows\System\pIAJFQA.exe
  2⤵
  PID:8936
- C:\Windows\System\MCoURDu.exe
  C:\Windows\System\MCoURDu.exe
  2⤵
  PID:8976
- C:\Windows\System\rcmIpXD.exe
  C:\Windows\System\rcmIpXD.exe
  2⤵
  PID:8996
- C:\Windows\System\WkNCdcq.exe
  C:\Windows\System\WkNCdcq.exe
  2⤵
  PID:9024
- C:\Windows\System\FLrHAUT.exe
  C:\Windows\System\FLrHAUT.exe
  2⤵
  PID:9052
- C:\Windows\System\qUrvtfA.exe
  C:\Windows\System\qUrvtfA.exe
  2⤵
  PID:9088
- C:\Windows\System\anhHbMh.exe
  C:\Windows\System\anhHbMh.exe
  2⤵
  PID:9108
- C:\Windows\System\WGcdBZu.exe
  C:\Windows\System\WGcdBZu.exe
  2⤵
  PID:9136
- C:\Windows\System\aCBMXBk.exe
  C:\Windows\System\aCBMXBk.exe
  2⤵
  PID:9152
- C:\Windows\System\LWdiXWU.exe
  C:\Windows\System\LWdiXWU.exe
  2⤵
  PID:9192
- C:\Windows\System\ODMCKcT.exe
  C:\Windows\System\ODMCKcT.exe
  2⤵
  PID:9208
- C:\Windows\System\ZqngOOi.exe
  C:\Windows\System\ZqngOOi.exe
  2⤵
  PID:8276
- C:\Windows\System\xuKmpIp.exe
  C:\Windows\System\xuKmpIp.exe
  2⤵
  PID:7716
- C:\Windows\System\tllXDQw.exe
  C:\Windows\System\tllXDQw.exe
  2⤵
  PID:8340
- C:\Windows\System\xURcjQN.exe
  C:\Windows\System\xURcjQN.exe
  2⤵
  PID:7752
- C:\Windows\System\kRuxqpN.exe
  C:\Windows\System\kRuxqpN.exe
  2⤵
  PID:8440
- C:\Windows\System\DXkLhVv.exe
  C:\Windows\System\DXkLhVv.exe
  2⤵
  PID:8492
- C:\Windows\System\abYGTfN.exe
  C:\Windows\System\abYGTfN.exe
  2⤵
  PID:8564
- C:\Windows\System\nPMqinU.exe
  C:\Windows\System\nPMqinU.exe
  2⤵
  PID:8632
- C:\Windows\System\NkqndIs.exe
  C:\Windows\System\NkqndIs.exe
  2⤵
  PID:8672
- C:\Windows\System\dMVjuij.exe
  C:\Windows\System\dMVjuij.exe
  2⤵
  PID:8760
- C:\Windows\System\aycXjlP.exe
  C:\Windows\System\aycXjlP.exe
  2⤵
  PID:8820
- C:\Windows\System\zUzFnZa.exe
  C:\Windows\System\zUzFnZa.exe
  2⤵
  PID:8924
- C:\Windows\System\SPEGqQu.exe
  C:\Windows\System\SPEGqQu.exe
  2⤵
  PID:8988
- C:\Windows\System\kOGOnCK.exe
  C:\Windows\System\kOGOnCK.exe
  2⤵
  PID:9044
- C:\Windows\System\QplYWac.exe
  C:\Windows\System\QplYWac.exe
  2⤵
  PID:9132
- C:\Windows\System\HGzjOQZ.exe
  C:\Windows\System\HGzjOQZ.exe
  2⤵
  PID:9200
- C:\Windows\System\azbRYAs.exe
  C:\Windows\System\azbRYAs.exe
  2⤵
  PID:8308
- C:\Windows\System\jYNNAoF.exe
  C:\Windows\System\jYNNAoF.exe
  2⤵
  PID:8400
- C:\Windows\System\teyvFvu.exe
  C:\Windows\System\teyvFvu.exe
  2⤵
  PID:8552
- C:\Windows\System\lZNJEXB.exe
  C:\Windows\System\lZNJEXB.exe
  2⤵
  PID:8704
- C:\Windows\System\DGLUUWb.exe
  C:\Windows\System\DGLUUWb.exe
  2⤵
  PID:8808
- C:\Windows\System\ogUYRAV.exe
  C:\Windows\System\ogUYRAV.exe
  2⤵
  PID:8952
- C:\Windows\System\aKlpfin.exe
  C:\Windows\System\aKlpfin.exe
  2⤵
  PID:9048
- C:\Windows\System\SgOhlqa.exe
  C:\Windows\System\SgOhlqa.exe
  2⤵
  PID:9184
- C:\Windows\System\XfaDvob.exe
  C:\Windows\System\XfaDvob.exe
  2⤵
  PID:8644
- C:\Windows\System\aVnmmPe.exe
  C:\Windows\System\aVnmmPe.exe
  2⤵
  PID:8904
- C:\Windows\System\RVJbcyM.exe
  C:\Windows\System\RVJbcyM.exe
  2⤵
  PID:7564
- C:\Windows\System\yWMxjCl.exe
  C:\Windows\System\yWMxjCl.exe
  2⤵
  PID:7736
- C:\Windows\System\ekPrJys.exe
  C:\Windows\System\ekPrJys.exe
  2⤵
  PID:9228
- C:\Windows\System\ORtByuZ.exe
  C:\Windows\System\ORtByuZ.exe
  2⤵
  PID:9260
- C:\Windows\System\zKesvJy.exe
  C:\Windows\System\zKesvJy.exe
  2⤵
  PID:9288
- C:\Windows\System\TzIDRiM.exe
  C:\Windows\System\TzIDRiM.exe
  2⤵
  PID:9304
- C:\Windows\System\BVyQkdN.exe
  C:\Windows\System\BVyQkdN.exe
  2⤵
  PID:9332
- C:\Windows\System\pLMyRkz.exe
  C:\Windows\System\pLMyRkz.exe
  2⤵
  PID:9360
- C:\Windows\System\cLYlXyG.exe
  C:\Windows\System\cLYlXyG.exe
  2⤵
  PID:9400
- C:\Windows\System\WTlsMWn.exe
  C:\Windows\System\WTlsMWn.exe
  2⤵
  PID:9428
- C:\Windows\System\AmCdZVM.exe
  C:\Windows\System\AmCdZVM.exe
  2⤵
  PID:9456
- C:\Windows\System\ubILFKR.exe
  C:\Windows\System\ubILFKR.exe
  2⤵
  PID:9480
- C:\Windows\System\qCYqTYa.exe
  C:\Windows\System\qCYqTYa.exe
  2⤵
  PID:9516
- C:\Windows\System\YAhrCKk.exe
  C:\Windows\System\YAhrCKk.exe
  2⤵
  PID:9544
- C:\Windows\System\hOwLNRB.exe
  C:\Windows\System\hOwLNRB.exe
  2⤵
  PID:9572
- C:\Windows\System\ybKsWFQ.exe
  C:\Windows\System\ybKsWFQ.exe
  2⤵
  PID:9600
- C:\Windows\System\IQTGUqV.exe
  C:\Windows\System\IQTGUqV.exe
  2⤵
  PID:9628
- C:\Windows\System\TYeommc.exe
  C:\Windows\System\TYeommc.exe
  2⤵
  PID:9656
- C:\Windows\System\zpJtWkY.exe
  C:\Windows\System\zpJtWkY.exe
  2⤵
  PID:9684
- C:\Windows\System\ZiSqeOH.exe
  C:\Windows\System\ZiSqeOH.exe
  2⤵
  PID:9712
- C:\Windows\System\knjqxHP.exe
  C:\Windows\System\knjqxHP.exe
  2⤵
  PID:9740
- C:\Windows\System\DsJcASS.exe
  C:\Windows\System\DsJcASS.exe
  2⤵
  PID:9768
- C:\Windows\System\GNPqGwM.exe
  C:\Windows\System\GNPqGwM.exe
  2⤵
  PID:9836
- C:\Windows\System\YJauYeW.exe
  C:\Windows\System\YJauYeW.exe
  2⤵
  PID:9860
- C:\Windows\System\GIWHMvs.exe
  C:\Windows\System\GIWHMvs.exe
  2⤵
  PID:9888
- C:\Windows\System\NzDiwWN.exe
  C:\Windows\System\NzDiwWN.exe
  2⤵
  PID:9920
- C:\Windows\System\XYVrCyt.exe
  C:\Windows\System\XYVrCyt.exe
  2⤵
  PID:9948
- C:\Windows\System\DySYrqb.exe
  C:\Windows\System\DySYrqb.exe
  2⤵
  PID:9976
- C:\Windows\System\tRNdNsy.exe
  C:\Windows\System\tRNdNsy.exe
  2⤵
  PID:10004
- C:\Windows\System\RLDeadc.exe
  C:\Windows\System\RLDeadc.exe
  2⤵
  PID:10032
- C:\Windows\System\wvNHEei.exe
  C:\Windows\System\wvNHEei.exe
  2⤵
  PID:10060
- C:\Windows\System\hMUYQYo.exe
  C:\Windows\System\hMUYQYo.exe
  2⤵
  PID:10088
- C:\Windows\System\qNjizLC.exe
  C:\Windows\System\qNjizLC.exe
  2⤵
  PID:10116
- C:\Windows\System\WccXqzx.exe
  C:\Windows\System\WccXqzx.exe
  2⤵
  PID:10144
- C:\Windows\System\jiBPRgH.exe
  C:\Windows\System\jiBPRgH.exe
  2⤵
  PID:10172
- C:\Windows\System\ewTArYB.exe
  C:\Windows\System\ewTArYB.exe
  2⤵
  PID:10188
- C:\Windows\System\sdGozUZ.exe
  C:\Windows\System\sdGozUZ.exe
  2⤵
  PID:10228
- C:\Windows\System\kPCiWZJ.exe
  C:\Windows\System\kPCiWZJ.exe
  2⤵
  PID:9244
- C:\Windows\System\khsaRhp.exe
  C:\Windows\System\khsaRhp.exe
  2⤵
  PID:9300
- C:\Windows\System\uoabBEL.exe
  C:\Windows\System\uoabBEL.exe
  2⤵
  PID:9344
- C:\Windows\System\iyLJhVQ.exe
  C:\Windows\System\iyLJhVQ.exe
  2⤵
  PID:9424
- C:\Windows\System\nFFyUZf.exe
  C:\Windows\System\nFFyUZf.exe
  2⤵
  PID:9488
- C:\Windows\System\LRcNKhg.exe
  C:\Windows\System\LRcNKhg.exe
  2⤵
  PID:9540
- C:\Windows\System\zRkDhmm.exe
  C:\Windows\System\zRkDhmm.exe
  2⤵
  PID:9556
- C:\Windows\System\pvxBLSf.exe
  C:\Windows\System\pvxBLSf.exe
  2⤵
  PID:9648
- C:\Windows\System\BLYKGnm.exe
  C:\Windows\System\BLYKGnm.exe
  2⤵
  PID:9736
- C:\Windows\System\YgYbCnB.exe
  C:\Windows\System\YgYbCnB.exe
  2⤵
  PID:712
- C:\Windows\System\rJpuuvS.exe
  C:\Windows\System\rJpuuvS.exe
  2⤵
  PID:3388
- C:\Windows\System\qLJafAt.exe
  C:\Windows\System\qLJafAt.exe
  2⤵
  PID:9944
- C:\Windows\System\gCaOyAY.exe
  C:\Windows\System\gCaOyAY.exe
  2⤵
  PID:10020
- C:\Windows\System\MOYQFOJ.exe
  C:\Windows\System\MOYQFOJ.exe
  2⤵
  PID:10084
- C:\Windows\System\iPMJwcV.exe
  C:\Windows\System\iPMJwcV.exe
  2⤵
  PID:10140
- C:\Windows\System\rYTxeXP.exe
  C:\Windows\System\rYTxeXP.exe
  2⤵
  PID:10200
- C:\Windows\System\hkEqqHV.exe
  C:\Windows\System\hkEqqHV.exe
  2⤵
  PID:8964
- C:\Windows\System\PtSgkcf.exe
  C:\Windows\System\PtSgkcf.exe
  2⤵
  PID:9320
- C:\Windows\System\IlUejAQ.exe
  C:\Windows\System\IlUejAQ.exe
  2⤵
  PID:9564
- C:\Windows\System\ZUtHBZH.exe
  C:\Windows\System\ZUtHBZH.exe
  2⤵
  PID:9596
- C:\Windows\System\djmCNxS.exe
  C:\Windows\System\djmCNxS.exe
  2⤵
  PID:9896
- C:\Windows\System\NrTHSlW.exe
  C:\Windows\System\NrTHSlW.exe
  2⤵
  PID:9996
- C:\Windows\System\VnmGcsS.exe
  C:\Windows\System\VnmGcsS.exe
  2⤵
  PID:10048
- C:\Windows\System\HAAvRiu.exe
  C:\Windows\System\HAAvRiu.exe
  2⤵
  PID:10216
- C:\Windows\System\KCCNppm.exe
  C:\Windows\System\KCCNppm.exe
  2⤵
  PID:4376
- C:\Windows\System\DVUrMGq.exe
  C:\Windows\System\DVUrMGq.exe
  2⤵
  PID:9972
- C:\Windows\System\mYIoDjp.exe
  C:\Windows\System\mYIoDjp.exe
  2⤵
  PID:4852
- C:\Windows\System\pYygLHH.exe
  C:\Windows\System\pYygLHH.exe
  2⤵
  PID:10168
- C:\Windows\System\DSoFwnH.exe
  C:\Windows\System\DSoFwnH.exe
  2⤵
  PID:4524
- C:\Windows\System\mAPTguF.exe
  C:\Windows\System\mAPTguF.exe
  2⤵
  PID:10260
- C:\Windows\System\kedbVWA.exe
  C:\Windows\System\kedbVWA.exe
  2⤵
  PID:10292
- C:\Windows\System\TkGCTYX.exe
  C:\Windows\System\TkGCTYX.exe
  2⤵
  PID:10312
- C:\Windows\System\YcaLSiD.exe
  C:\Windows\System\YcaLSiD.exe
  2⤵
  PID:10352
- C:\Windows\System\LpIavmt.exe
  C:\Windows\System\LpIavmt.exe
  2⤵
  PID:10380
- C:\Windows\System\dSTSNpZ.exe
  C:\Windows\System\dSTSNpZ.exe
  2⤵
  PID:10408
- C:\Windows\System\SEfdAkO.exe
  C:\Windows\System\SEfdAkO.exe
  2⤵
  PID:10436
- C:\Windows\System\KEwqowJ.exe
  C:\Windows\System\KEwqowJ.exe
  2⤵
  PID:10464
- C:\Windows\System\OrVKrhG.exe
  C:\Windows\System\OrVKrhG.exe
  2⤵
  PID:10480
- C:\Windows\System\aFrTemF.exe
  C:\Windows\System\aFrTemF.exe
  2⤵
  PID:10508
- C:\Windows\System\BMzmYFr.exe
  C:\Windows\System\BMzmYFr.exe
  2⤵
  PID:10548
- C:\Windows\System\nUaFMCI.exe
  C:\Windows\System\nUaFMCI.exe
  2⤵
  PID:10564
- C:\Windows\System\tNpopot.exe
  C:\Windows\System\tNpopot.exe
  2⤵
  PID:10580
- C:\Windows\System\kmKEMGp.exe
  C:\Windows\System\kmKEMGp.exe
  2⤵
  PID:10624
- C:\Windows\System\vOQRooM.exe
  C:\Windows\System\vOQRooM.exe
  2⤵
  PID:10660
- C:\Windows\System\wwOebwI.exe
  C:\Windows\System\wwOebwI.exe
  2⤵
  PID:10676
- C:\Windows\System\jMMuFDG.exe
  C:\Windows\System\jMMuFDG.exe
  2⤵
  PID:10704
- C:\Windows\System\QNSPFVh.exe
  C:\Windows\System\QNSPFVh.exe
  2⤵
  PID:10732
- C:\Windows\System\iTELthH.exe
  C:\Windows\System\iTELthH.exe
  2⤵
  PID:10760
- C:\Windows\System\ZHmDogf.exe
  C:\Windows\System\ZHmDogf.exe
  2⤵
  PID:10776
- C:\Windows\System\TwZViiQ.exe
  C:\Windows\System\TwZViiQ.exe
  2⤵
  PID:10828
- C:\Windows\System\QDLuPcG.exe
  C:\Windows\System\QDLuPcG.exe
  2⤵
  PID:10856
- C:\Windows\System\oNzJaGg.exe
  C:\Windows\System\oNzJaGg.exe
  2⤵
  PID:10876
- C:\Windows\System\IyOelOK.exe
  C:\Windows\System\IyOelOK.exe
  2⤵
  PID:10912
- C:\Windows\System\lUdzaRW.exe
  C:\Windows\System\lUdzaRW.exe
  2⤵
  PID:10944
- C:\Windows\System\TWoXLXZ.exe
  C:\Windows\System\TWoXLXZ.exe
  2⤵
  PID:10968
- C:\Windows\System\bSNZYUm.exe
  C:\Windows\System\bSNZYUm.exe
  2⤵
  PID:10988
- C:\Windows\System\iRZoIoX.exe
  C:\Windows\System\iRZoIoX.exe
  2⤵
  PID:11028
- C:\Windows\System\mFetgIc.exe
  C:\Windows\System\mFetgIc.exe
  2⤵
  PID:11052
- C:\Windows\System\WSibfMG.exe
  C:\Windows\System\WSibfMG.exe
  2⤵
  PID:11072
- C:\Windows\System\qSEXPze.exe
  C:\Windows\System\qSEXPze.exe
  2⤵
  PID:11092
- C:\Windows\System\YGuUZkC.exe
  C:\Windows\System\YGuUZkC.exe
  2⤵
  PID:11128
- C:\Windows\System\xiVCAJJ.exe
  C:\Windows\System\xiVCAJJ.exe
  2⤵
  PID:11156
- C:\Windows\System\twVbZMg.exe
  C:\Windows\System\twVbZMg.exe
  2⤵
  PID:11196
- C:\Windows\System\rIxRSJG.exe
  C:\Windows\System\rIxRSJG.exe
  2⤵
  PID:11224
- C:\Windows\System\pqsNXMm.exe
  C:\Windows\System\pqsNXMm.exe
  2⤵
  PID:11252
- C:\Windows\System\GmyLYBa.exe
  C:\Windows\System\GmyLYBa.exe
  2⤵
  PID:10284
- C:\Windows\System\sDQetre.exe
  C:\Windows\System\sDQetre.exe
  2⤵
  PID:10364
- C:\Windows\System\xlMfAPX.exe
  C:\Windows\System\xlMfAPX.exe
  2⤵
  PID:10400
- C:\Windows\System\BDmOfoB.exe
  C:\Windows\System\BDmOfoB.exe
  2⤵
  PID:10476
- C:\Windows\System\OtBKiEQ.exe
  C:\Windows\System\OtBKiEQ.exe
  2⤵
  PID:10528
- C:\Windows\System\KJXGisn.exe
  C:\Windows\System\KJXGisn.exe
  2⤵
  PID:10592
- C:\Windows\System\sTZBWGN.exe
  C:\Windows\System\sTZBWGN.exe
  2⤵
  PID:10648
- C:\Windows\System\iKvuanx.exe
  C:\Windows\System\iKvuanx.exe
  2⤵
  PID:10692
- C:\Windows\System\NyuqxmU.exe
  C:\Windows\System\NyuqxmU.exe
  2⤵
  PID:10796
- C:\Windows\System\Fniytza.exe
  C:\Windows\System\Fniytza.exe
  2⤵
  PID:10816
- C:\Windows\System\AmedgdE.exe
  C:\Windows\System\AmedgdE.exe
  2⤵
  PID:10932
- C:\Windows\System\joCxlGH.exe
  C:\Windows\System\joCxlGH.exe
  2⤵
  PID:10976
- C:\Windows\System\GBefTPP.exe
  C:\Windows\System\GBefTPP.exe
  2⤵
  PID:11048
- C:\Windows\System\TGvEeQK.exe
  C:\Windows\System\TGvEeQK.exe
  2⤵
  PID:11088
- C:\Windows\System\YkPouZw.exe
  C:\Windows\System\YkPouZw.exe
  2⤵
  PID:11176
- C:\Windows\System\nRlsewE.exe
  C:\Windows\System\nRlsewE.exe
  2⤵
  PID:11236
- C:\Windows\System\MmFGRYv.exe
  C:\Windows\System\MmFGRYv.exe
  2⤵
  PID:10332
- C:\Windows\System\CzxuBOk.exe
  C:\Windows\System\CzxuBOk.exe
  2⤵
  PID:10396
- C:\Windows\System\ksdzvke.exe
  C:\Windows\System\ksdzvke.exe
  2⤵
  PID:10532
- C:\Windows\System\WuQEuqj.exe
  C:\Windows\System\WuQEuqj.exe
  2⤵
  PID:10716
- C:\Windows\System\QuFAACl.exe
  C:\Windows\System\QuFAACl.exe
  2⤵
  PID:10768
- C:\Windows\System\JVBlhEN.exe
  C:\Windows\System\JVBlhEN.exe
  2⤵
  PID:10936
- C:\Windows\System\eWlnOuk.exe
  C:\Windows\System\eWlnOuk.exe
  2⤵
  PID:11152
- C:\Windows\System\sUVYpgr.exe
  C:\Windows\System\sUVYpgr.exe
  2⤵
  PID:10328
- C:\Windows\System\iSyGzwY.exe
  C:\Windows\System\iSyGzwY.exe
  2⤵
  PID:10644
- C:\Windows\System\gUUEMKl.exe
  C:\Windows\System\gUUEMKl.exe
  2⤵
  PID:10848
- C:\Windows\System\kGmSHSo.exe
  C:\Windows\System\kGmSHSo.exe
  2⤵
  PID:11220
- C:\Windows\System\teuAVUJ.exe
  C:\Windows\System\teuAVUJ.exe
  2⤵
  PID:10748
- C:\Windows\System\uJmdbEL.exe
  C:\Windows\System\uJmdbEL.exe
  2⤵
  PID:10252
- C:\Windows\System\cKtEuvK.exe
  C:\Windows\System\cKtEuvK.exe
  2⤵
  PID:11288
- C:\Windows\System\YgwdqHo.exe
  C:\Windows\System\YgwdqHo.exe
  2⤵
  PID:11324
- C:\Windows\System\pRsybrB.exe
  C:\Windows\System\pRsybrB.exe
  2⤵
  PID:11348
- C:\Windows\System\ELOHzYb.exe
  C:\Windows\System\ELOHzYb.exe
  2⤵
  PID:11368
- C:\Windows\System\VRAvYOs.exe
  C:\Windows\System\VRAvYOs.exe
  2⤵
  PID:11408
- C:\Windows\System\TPHpBaM.exe
  C:\Windows\System\TPHpBaM.exe
  2⤵
  PID:11436
- C:\Windows\System\zrpkbMP.exe
  C:\Windows\System\zrpkbMP.exe
  2⤵
  PID:11456
- C:\Windows\System\OSzokXT.exe
  C:\Windows\System\OSzokXT.exe
  2⤵
  PID:11492
- C:\Windows\System\YjvqDWI.exe
  C:\Windows\System\YjvqDWI.exe
  2⤵
  PID:11520
- C:\Windows\System\JrbftZP.exe
  C:\Windows\System\JrbftZP.exe
  2⤵
  PID:11548
- C:\Windows\System\iSXGPqH.exe
  C:\Windows\System\iSXGPqH.exe
  2⤵
  PID:11576
- C:\Windows\System\EWBFqoP.exe
  C:\Windows\System\EWBFqoP.exe
  2⤵
  PID:11604
- C:\Windows\System\HbNpNJv.exe
  C:\Windows\System\HbNpNJv.exe
  2⤵
  PID:11632
- C:\Windows\System\pXaruvd.exe
  C:\Windows\System\pXaruvd.exe
  2⤵
  PID:11668
- C:\Windows\System\rRMuHBE.exe
  C:\Windows\System\rRMuHBE.exe
  2⤵
  PID:11696
- C:\Windows\System\kwKgyRI.exe
  C:\Windows\System\kwKgyRI.exe
  2⤵
  PID:11724
- C:\Windows\System\Skqoell.exe
  C:\Windows\System\Skqoell.exe
  2⤵
  PID:11740
- C:\Windows\System\OsDktBw.exe
  C:\Windows\System\OsDktBw.exe
  2⤵
  PID:11780
- C:\Windows\System\CFTZlHj.exe
  C:\Windows\System\CFTZlHj.exe
  2⤵
  PID:11808
- C:\Windows\System\HakrbEN.exe
  C:\Windows\System\HakrbEN.exe
  2⤵
  PID:11832
- C:\Windows\System\JuDQVbi.exe
  C:\Windows\System\JuDQVbi.exe
  2⤵
  PID:11864
- C:\Windows\System\VxZPeBm.exe
  C:\Windows\System\VxZPeBm.exe
  2⤵
  PID:11892
- C:\Windows\System\PZLzAMY.exe
  C:\Windows\System\PZLzAMY.exe
  2⤵
  PID:11920
- C:\Windows\System\UNMcmWb.exe
  C:\Windows\System\UNMcmWb.exe
  2⤵
  PID:11948
- C:\Windows\System\CRHdkah.exe
  C:\Windows\System\CRHdkah.exe
  2⤵
  PID:11976
- C:\Windows\System\SDDZrnf.exe
  C:\Windows\System\SDDZrnf.exe
  2⤵
  PID:12004
- C:\Windows\System\eeeBoMQ.exe
  C:\Windows\System\eeeBoMQ.exe
  2⤵
  PID:12024
- C:\Windows\System\fJqClTh.exe
  C:\Windows\System\fJqClTh.exe
  2⤵
  PID:12064
- C:\Windows\System\NgCryGz.exe
  C:\Windows\System\NgCryGz.exe
  2⤵
  PID:12092
- C:\Windows\System\MksRjYt.exe
  C:\Windows\System\MksRjYt.exe
  2⤵
  PID:12120
- C:\Windows\System\CFNEXHO.exe
  C:\Windows\System\CFNEXHO.exe
  2⤵
  PID:12164
- C:\Windows\System\VXbWeUW.exe
  C:\Windows\System\VXbWeUW.exe
  2⤵
  PID:12196
- C:\Windows\System\fjfmwFw.exe
  C:\Windows\System\fjfmwFw.exe
  2⤵
  PID:12232
- C:\Windows\System\uMnTpVX.exe
  C:\Windows\System\uMnTpVX.exe
  2⤵
  PID:12256
- C:\Windows\System\MQSAKvJ.exe
  C:\Windows\System\MQSAKvJ.exe
  2⤵
  PID:11024
- C:\Windows\System\vJHdFFF.exe
  C:\Windows\System\vJHdFFF.exe
  2⤵
  PID:11364
- C:\Windows\System\kbQiTBU.exe
  C:\Windows\System\kbQiTBU.exe
  2⤵
  PID:11432
- C:\Windows\System\wTisAhY.exe
  C:\Windows\System\wTisAhY.exe
  2⤵
  PID:11516
- C:\Windows\System\taeIWZD.exe
  C:\Windows\System\taeIWZD.exe
  2⤵
  PID:11568
- C:\Windows\System\DCjSBuX.exe
  C:\Windows\System\DCjSBuX.exe
  2⤵
  PID:11620
- C:\Windows\System\EXHhRTf.exe
  C:\Windows\System\EXHhRTf.exe
  2⤵
  PID:11688
- C:\Windows\System\lMmXNeA.exe
  C:\Windows\System\lMmXNeA.exe
  2⤵
  PID:11764
- C:\Windows\System\aPuhQrq.exe
  C:\Windows\System\aPuhQrq.exe
  2⤵
  PID:11816
- C:\Windows\System\eaVlEmB.exe
  C:\Windows\System\eaVlEmB.exe
  2⤵
  PID:11880
- C:\Windows\System\VdGMXKx.exe
  C:\Windows\System\VdGMXKx.exe
  2⤵
  PID:11932
- C:\Windows\System\lxTLqGa.exe
  C:\Windows\System\lxTLqGa.exe
  2⤵
  PID:12000
- C:\Windows\System\uDtVnGh.exe
  C:\Windows\System\uDtVnGh.exe
  2⤵
  PID:12060
- C:\Windows\System\uxXsUum.exe
  C:\Windows\System\uxXsUum.exe
  2⤵
  PID:12136
- C:\Windows\System\XThjBoS.exe
  C:\Windows\System\XThjBoS.exe
  2⤵
  PID:12248
- C:\Windows\System\aJVYZbs.exe
  C:\Windows\System\aJVYZbs.exe
  2⤵
  PID:12276
- C:\Windows\System\cMeyzhw.exe
  C:\Windows\System\cMeyzhw.exe
  2⤵
  PID:11404
- C:\Windows\System\gtLUnMe.exe
  C:\Windows\System\gtLUnMe.exe
  2⤵
  PID:11544
- C:\Windows\System\iavWXvg.exe
  C:\Windows\System\iavWXvg.exe
  2⤵
  PID:11824
- C:\Windows\System\rfACxkg.exe
  C:\Windows\System\rfACxkg.exe
  2⤵
  PID:11968
- C:\Windows\System\AaUsBls.exe
  C:\Windows\System\AaUsBls.exe
  2⤵
  PID:12108
- C:\Windows\System\DxZPobo.exe
  C:\Windows\System\DxZPobo.exe
  2⤵
  PID:12280
- C:\Windows\System\AqDreRG.exe
  C:\Windows\System\AqDreRG.exe
  2⤵
  PID:11476
- C:\Windows\System\uWYQHUO.exe
  C:\Windows\System\uWYQHUO.exe
  2⤵
  PID:11756
- C:\Windows\System\KQgkPcn.exe
  C:\Windows\System\KQgkPcn.exe
  2⤵
  PID:12056
- C:\Windows\System\IxBhTLr.exe
  C:\Windows\System\IxBhTLr.exe
  2⤵
  PID:12300
- C:\Windows\System\rJVxgvg.exe
  C:\Windows\System\rJVxgvg.exe
  2⤵
  PID:12316
- C:\Windows\System\yKSjoho.exe
  C:\Windows\System\yKSjoho.exe
  2⤵
  PID:12336
- C:\Windows\System\nTbUgLM.exe
  C:\Windows\System\nTbUgLM.exe
  2⤵
  PID:12364
- C:\Windows\System\MWHFpVU.exe
  C:\Windows\System\MWHFpVU.exe
  2⤵
  PID:12400
- C:\Windows\System\YoJUTkC.exe
  C:\Windows\System\YoJUTkC.exe
  2⤵
  PID:12428
- C:\Windows\System\uUxKnAV.exe
  C:\Windows\System\uUxKnAV.exe
  2⤵
  PID:12456
- C:\Windows\System\UoWxqwJ.exe
  C:\Windows\System\UoWxqwJ.exe
  2⤵
  PID:12484
- C:\Windows\System\xkHopPj.exe
  C:\Windows\System\xkHopPj.exe
  2⤵
  PID:12520
- C:\Windows\System\vpUOWZT.exe
  C:\Windows\System\vpUOWZT.exe
  2⤵
  PID:12556
- C:\Windows\System\IwiosNA.exe
  C:\Windows\System\IwiosNA.exe
  2⤵
  PID:12584
- C:\Windows\System\tJQBFHF.exe
  C:\Windows\System\tJQBFHF.exe
  2⤵
  PID:12600
- C:\Windows\System\shScxsA.exe
  C:\Windows\System\shScxsA.exe
  2⤵
  PID:12624
- C:\Windows\System\SXaFWPY.exe
  C:\Windows\System\SXaFWPY.exe
  2⤵
  PID:12644
- C:\Windows\System\aKmiFMb.exe
  C:\Windows\System\aKmiFMb.exe
  2⤵
  PID:12672
- C:\Windows\System\XyFbDTX.exe
  C:\Windows\System\XyFbDTX.exe
  2⤵
  PID:12744
- C:\Windows\System\qeOGsUX.exe
  C:\Windows\System\qeOGsUX.exe
  2⤵
  PID:12764
- C:\Windows\System\jHuvNXU.exe
  C:\Windows\System\jHuvNXU.exe
  2⤵
  PID:12796
- C:\Windows\System\SrbxQqA.exe
  C:\Windows\System\SrbxQqA.exe
  2⤵
  PID:12856
- C:\Windows\System\LmsXbNJ.exe
  C:\Windows\System\LmsXbNJ.exe
  2⤵
  PID:12880
- C:\Windows\System\uQtAnaj.exe
  C:\Windows\System\uQtAnaj.exe
  2⤵
  PID:12932
- C:\Windows\System\YVKRMNA.exe
  C:\Windows\System\YVKRMNA.exe
  2⤵
  PID:12968
- C:\Windows\System\qJgTzLs.exe
  C:\Windows\System\qJgTzLs.exe
  2⤵
  PID:13016
- C:\Windows\System\TmYXzOI.exe
  C:\Windows\System\TmYXzOI.exe
  2⤵
  PID:13044
- C:\Windows\System\enzNmbR.exe
  C:\Windows\System\enzNmbR.exe
  2⤵
  PID:13072
- C:\Windows\System\LJNkayd.exe
  C:\Windows\System\LJNkayd.exe
  2⤵
  PID:13124
- C:\Windows\System\tbPAPVv.exe
  C:\Windows\System\tbPAPVv.exe
  2⤵
  PID:13148
- C:\Windows\System\TRXanph.exe
  C:\Windows\System\TRXanph.exe
  2⤵
  PID:13180
- C:\Windows\System\NKdEgVU.exe
  C:\Windows\System\NKdEgVU.exe
  2⤵
  PID:13228
- C:\Windows\System\ZjFnaVv.exe
  C:\Windows\System\ZjFnaVv.exe
  2⤵
  PID:13264
- C:\Windows\System\CwfTtAX.exe
  C:\Windows\System\CwfTtAX.exe
  2⤵
  PID:13280
- C:\Windows\System\FpYOUwH.exe
  C:\Windows\System\FpYOUwH.exe
  2⤵
  PID:13308
- C:\Windows\System\nDLnQWT.exe
  C:\Windows\System\nDLnQWT.exe
  2⤵
  PID:12396
- C:\Windows\System\wPtZQCh.exe
  C:\Windows\System\wPtZQCh.exe
  2⤵
  PID:12388
- C:\Windows\System\uGJNBdW.exe
  C:\Windows\System\uGJNBdW.exe
  2⤵
  PID:12500
- C:\Windows\System\xsDMUuv.exe
  C:\Windows\System\xsDMUuv.exe
  2⤵
  PID:12596
- C:\Windows\System\BpfFUzw.exe
  C:\Windows\System\BpfFUzw.exe
  2⤵
  PID:12612
- C:\Windows\System\oBNcEnH.exe
  C:\Windows\System\oBNcEnH.exe
  2⤵
  PID:12700
- C:\Windows\System\bcqvSQF.exe
  C:\Windows\System\bcqvSQF.exe
  2⤵
  PID:12816
- C:\Windows\System\zdAfBGu.exe
  C:\Windows\System\zdAfBGu.exe
  2⤵
  PID:12892
- C:\Windows\System\vnpKzCC.exe
  C:\Windows\System\vnpKzCC.exe
  2⤵
  PID:13008
- C:\Windows\System\ELPExpz.exe
  C:\Windows\System\ELPExpz.exe
  2⤵
  PID:13120
- C:\Windows\System\asQNxxL.exe
  C:\Windows\System\asQNxxL.exe
  2⤵
  PID:13224
- C:\Windows\System\KlJrjCS.exe
  C:\Windows\System\KlJrjCS.exe
  2⤵
  PID:13260
- C:\Windows\System\ZToDXWe.exe
  C:\Windows\System\ZToDXWe.exe
  2⤵
  PID:12444
- C:\Windows\System\aRCIAqY.exe
  C:\Windows\System\aRCIAqY.exe
  2⤵
  PID:12568
- C:\Windows\System\KaSruQi.exe
  C:\Windows\System\KaSruQi.exe
  2⤵
  PID:12572
- C:\Windows\System\ZfmwKNe.exe
  C:\Windows\System\ZfmwKNe.exe
  2⤵
  PID:12956
- C:\Windows\System\CWfsBWo.exe
  C:\Windows\System\CWfsBWo.exe
  2⤵
  PID:13204
- C:\Windows\System\SRQjNzB.exe
  C:\Windows\System\SRQjNzB.exe
  2⤵
  PID:12468
- C:\Windows\System\GGJxBHL.exe
  C:\Windows\System\GGJxBHL.exe
  2⤵
  PID:13096
- C:\Windows\System\DqeIAhM.exe
  C:\Windows\System\DqeIAhM.exe
  2⤵
  PID:13164
- C:\Windows\System\SClnUIQ.exe
  C:\Windows\System\SClnUIQ.exe
  2⤵
  PID:13328
- C:\Windows\System\ykTWpZf.exe
  C:\Windows\System\ykTWpZf.exe
  2⤵
  PID:13356
- C:\Windows\System\pLdabro.exe
  C:\Windows\System\pLdabro.exe
  2⤵
  PID:13384
- C:\Windows\System\PqPUqGP.exe
  C:\Windows\System\PqPUqGP.exe
  2⤵
  PID:13412
- C:\Windows\System\vzuuWKy.exe
  C:\Windows\System\vzuuWKy.exe
  2⤵
  PID:13440
- C:\Windows\System\zGNxrjn.exe
  C:\Windows\System\zGNxrjn.exe
  2⤵
  PID:13468
- C:\Windows\System\UpMhQIo.exe
  C:\Windows\System\UpMhQIo.exe
  2⤵
  PID:13496
- C:\Windows\System\zOvecvO.exe
  C:\Windows\System\zOvecvO.exe
  2⤵
  PID:13516
- C:\Windows\System\NIfbYic.exe
  C:\Windows\System\NIfbYic.exe
  2⤵
  PID:13552
- C:\Windows\System\WkekBCh.exe
  C:\Windows\System\WkekBCh.exe
  2⤵
  PID:13572
- C:\Windows\System\rZxPWUR.exe
  C:\Windows\System\rZxPWUR.exe
  2⤵
  PID:13612
- C:\Windows\System\jSoSaQV.exe
  C:\Windows\System\jSoSaQV.exe
  2⤵
  PID:13640
- C:\Windows\System\CrnrszZ.exe
  C:\Windows\System\CrnrszZ.exe
  2⤵
  PID:13664
- C:\Windows\System\XOlDIfA.exe
  C:\Windows\System\XOlDIfA.exe
  2⤵
  PID:13688
- C:\Windows\System\rErgCoW.exe
  C:\Windows\System\rErgCoW.exe
  2⤵
  PID:13728
- C:\Windows\System\vVFJzIn.exe
  C:\Windows\System\vVFJzIn.exe
  2⤵
  PID:13756
- C:\Windows\System\TbGaSBW.exe
  C:\Windows\System\TbGaSBW.exe
  2⤵
  PID:13784
- C:\Windows\System\rdCxGWs.exe
  C:\Windows\System\rdCxGWs.exe
  2⤵
  PID:13812
- C:\Windows\System\FgHxkcm.exe
  C:\Windows\System\FgHxkcm.exe
  2⤵
  PID:13840
- C:\Windows\System\vCZPyyX.exe
  C:\Windows\System\vCZPyyX.exe
  2⤵
  PID:13856
- C:\Windows\System\BvldjTV.exe
  C:\Windows\System\BvldjTV.exe
  2⤵
  PID:13876
- C:\Windows\System\mOZfIya.exe
  C:\Windows\System\mOZfIya.exe
  2⤵
  PID:13896
- C:\Windows\System\XYGLvQW.exe
  C:\Windows\System\XYGLvQW.exe
  2⤵
  PID:13932
- C:\Windows\System\EBVLOBA.exe
  C:\Windows\System\EBVLOBA.exe
  2⤵
  PID:13960
- C:\Windows\System\iswCsoO.exe
  C:\Windows\System\iswCsoO.exe
  2⤵
  PID:13984
- C:\Windows\System\nRqfeBn.exe
  C:\Windows\System\nRqfeBn.exe
  2⤵
  PID:14004
- C:\Windows\System\YeqCEVg.exe
  C:\Windows\System\YeqCEVg.exe
  2⤵
  PID:14020
- C:\Windows\System\saSIxte.exe
  C:\Windows\System\saSIxte.exe
  2⤵
  PID:14060
- C:\Windows\System\gtyLrdN.exe
  C:\Windows\System\gtyLrdN.exe
  2⤵
  PID:14096
- C:\Windows\System\dFlDccm.exe
  C:\Windows\System\dFlDccm.exe
  2⤵
  PID:14124
- C:\Windows\System\WhVnQZl.exe
  C:\Windows\System\WhVnQZl.exe
  2⤵
  PID:14152
- C:\Windows\System\pcqGlDS.exe
  C:\Windows\System\pcqGlDS.exe
  2⤵
  PID:14188
- C:\Windows\System\NNLaDpW.exe
  C:\Windows\System\NNLaDpW.exe
  2⤵
  PID:14224
- C:\Windows\System\FNjZWiE.exe
  C:\Windows\System\FNjZWiE.exe
  2⤵
  PID:14260
- C:\Windows\System\IjPkJZg.exe
  C:\Windows\System\IjPkJZg.exe
  2⤵
  PID:14284
- C:\Windows\System\WROYOSc.exe
  C:\Windows\System\WROYOSc.exe
  2⤵
  PID:14308
- C:\Windows\System\lmCPiHm.exe
  C:\Windows\System\lmCPiHm.exe
  2⤵
  PID:13324
- C:\Windows\System\eFFdCbR.exe
  C:\Windows\System\eFFdCbR.exe
  2⤵
  PID:13404
- C:\Windows\System\osdBNOC.exe
  C:\Windows\System\osdBNOC.exe
  2⤵
  PID:13456
- C:\Windows\System\VSNeVAu.exe
  C:\Windows\System\VSNeVAu.exe
  2⤵
  PID:13532
- C:\Windows\System\arhdpcq.exe
  C:\Windows\System\arhdpcq.exe
  2⤵
  PID:13568
- C:\Windows\System\rzMUitv.exe
  C:\Windows\System\rzMUitv.exe
  2⤵
  PID:3168
- C:\Windows\System\gWuPGcU.exe
  C:\Windows\System\gWuPGcU.exe
  2⤵
  PID:13656
- C:\Windows\System\oLZvylU.exe
  C:\Windows\System\oLZvylU.exe
  2⤵
  PID:13700
- C:\Windows\System\esrzbWk.exe
  C:\Windows\System\esrzbWk.exe
  2⤵
  PID:13780
- C:\Windows\System\xvZgsGa.exe
  C:\Windows\System\xvZgsGa.exe
  2⤵
  PID:13848
- C:\Windows\System\vmdmgfQ.exe
  C:\Windows\System\vmdmgfQ.exe
  2⤵
  PID:13908
- C:\Windows\System\ekijsTM.exe
  C:\Windows\System\ekijsTM.exe
  2⤵
  PID:13972
- C:\Windows\System\ubxpUHK.exe
  C:\Windows\System\ubxpUHK.exe
  2⤵
  PID:14000
- C:\Windows\System\QJciRlV.exe
  C:\Windows\System\QJciRlV.exe
  2⤵
  PID:14108
- C:\Windows\System\JlkwiFm.exe
  C:\Windows\System\JlkwiFm.exe
  2⤵
  PID:14196
- C:\Windows\System\CEPJhup.exe
  C:\Windows\System\CEPJhup.exe
  2⤵
  PID:14236
- C:\Windows\System\CUfuVMd.exe
  C:\Windows\System\CUfuVMd.exe
  2⤵
  PID:14300
- C:\Windows\System\WkYciUe.exe
  C:\Windows\System\WkYciUe.exe
  2⤵
  PID:13380
- C:\Windows\System\rAuuDIV.exe
  C:\Windows\System\rAuuDIV.exe
  2⤵
  PID:13548
- C:\Windows\System\AZNsMFc.exe
  C:\Windows\System\AZNsMFc.exe
  2⤵
  PID:13636
- C:\Windows\System\gZWNUJq.exe
  C:\Windows\System\gZWNUJq.exe
  2⤵
  PID:13776
- C:\Windows\System\KBCites.exe
  C:\Windows\System\KBCites.exe
  2⤵
  PID:13956
- C:\Windows\System\BUXUHUt.exe
  C:\Windows\System\BUXUHUt.exe
  2⤵
  PID:13976
- C:\Windows\System\nCpjGXX.exe
  C:\Windows\System\nCpjGXX.exe
  2⤵
  PID:14172
- C:\Windows\System\YQWyDHS.exe
  C:\Windows\System\YQWyDHS.exe
  2⤵
  PID:14320
- C:\Windows\System\gUJUdzU.exe
  C:\Windows\System\gUJUdzU.exe
  2⤵
  PID:13604
- C:\Windows\System\hNPqBBd.exe
  C:\Windows\System\hNPqBBd.exe
  2⤵
  PID:14032
- C:\Windows\System\dCCPATj.exe
  C:\Windows\System\dCCPATj.exe
  2⤵
  PID:14304

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BzBFyqm.exe

Filesize
2.4MB

MD5
74427e9dfa7710a5a6302d88569cbd0d

SHA1
8cf6afb22c603c5d5d473fce53096870ca574e60

SHA256
942c1a12a97affe2b474925bf6a3d5ae32b47015ad6e5bc716ff8d097d0733df

SHA512
49a862d097a54a5703bf4d7873a965c42ff12b647dbe6ce78da845f36aa81cf045744daa2b5fd900de3d7e204983c56291a46ce6937c74d583f4c78f015c2952

Download Submit
C:\Windows\System\CnEXSci.exe

Filesize
2.4MB

MD5
5a116f09b4d6fc9fc4c90bd27cdd6831

SHA1
c847a060c0e2d82ff8bcda1b510d6f4865bacc26

SHA256
950c2b0762d61ee6ad905803fa0d1397846d68f45126bc6d4bc10bb87a2fd94c

SHA512
e5385c0bc685e170e41aa2ddd163c3dc67829a6a8ee5d9724bfb0345b41c10be4343689c27eb720659177910fa637710e37952b155aa440e1dbea38a1a4f0ac4

Download Submit
C:\Windows\System\CseSyLX.exe

Filesize
2.4MB

MD5
66617bf0ec68e27d46781c046e321443

SHA1
99b7f8b7d4426013c22f191890fd9fd1675e890a

SHA256
b3ec12fce3e5d7ec89e7823696a274c8cb290ed3bec4f334c8a8f9c64a133344

SHA512
bc2ffae8d3929f8beac25a75a48150aa4abcd2d87aa75a34d5c67d3a1db6ba99bde2c3686f562d0b17ef9f94aca653841961dd5814538aa4edfff49c6ea1505f

Download Submit
C:\Windows\System\FZLmHTh.exe

Filesize
2.4MB

MD5
4afc984354e03af0a5b79060b484eb18

SHA1
5867eafaa4c1b4cb7e34beef89d9f2de23ee6b83

SHA256
5d503bcf51fd28d6f1bc7ddb0a0ef639a7caeee49556f3f3201ea9901d9871e4

SHA512
3c3014de67d6704d05bf8542d86fd799c3396e26210a91b1f2f26fd56cc044bbff4d9d4309c4c2d3f308c3236a6ba81b8e0425edb0a8bc194b1b08b0a84d68ca

Download Submit
C:\Windows\System\GgoyhpC.exe

Filesize
2.4MB

MD5
069a2dac318474ee04c4766632a2805d

SHA1
c9b58d4a2562bfb0007736f27d26ad36e1d62799

SHA256
697d14e03a70c1cc8eaf69b58b03f2f851017e78c8e8a0a61ae132b999a4c3b3

SHA512
f015070221eb69c726c0e3189f9783a9ca32cc58cba8f44c15449707e6ce709ffa3c54f210514496aaaaeb1e3f2afc14f3c21a75fb1d8d7d0e2f21a318f3a84e

Download Submit
C:\Windows\System\KCjWFlY.exe

Filesize
2.4MB

MD5
69ff82cc5ec852c8bdba5e4ac3e85074

SHA1
d0dd734a281f99614e891dad2f7a84ac1dd4fa74

SHA256
7b1186c58dc7d34054a6ab26ee272539de5a4dbe7a851cbd597911f48772fc02

SHA512
1233618d7f16ca1a9f75bcd2f6ea704a701d2362dfeba721ab2cb5c118da8dea337d5a1b32ac68ecb04ef01b5f60f1fece8431c986849e9e0b8d15d71f9a1ddd

Download Submit
C:\Windows\System\Lhhpfic.exe

Filesize
2.4MB

MD5
1b884051f0666e3545199693d2c1f465

SHA1
d017afb28e2ccd46a2c1b344b0a62cc1ab89d226

SHA256
9d91a0369bc2c8fb987f3149f4918fa48889f09be40153ead17c4a19092ebff0

SHA512
0da4b76049917a76b1194b0538dbb6eca1ef57a9718cfbf517ef3b8742a7a9198d7c285a6181510c79d36abbbf53f2e006050a609baf7356fc96be9780530057

Download Submit
C:\Windows\System\MteMJMk.exe

Filesize
2.4MB

MD5
f05a9a413456a32d28324acd749d7d11

SHA1
484389df70c7121bb204b5f9c0de2de91f7df10b

SHA256
2f3cdabb92d26caf6dcbdfc5ae65474791c724af1c2ba212c7afbe4a066cecdb

SHA512
6959c86980215a8796c8e7b2a781dd5dfd05f74ae5f586118e3f9510038966be9b0218a811a517e87e9e506d10d40b22c9bcb0ef083e9becf4dcb67b69648b99

Download Submit
C:\Windows\System\PHqMlRQ.exe

Filesize
2.4MB

MD5
24b032e6ac771712c8c673dbfdecfcd1

SHA1
e4d1ccc917c92b027dea407640e13190d6fbbe80

SHA256
9cf9961d10c0dae05703ecddadbef424da39259cd79ce82480da2fbca2ca77b2

SHA512
fa3aa817a0f230be8c7610f4067ee365ec102b45eba00485a32e91dcbfc5d93990021c396c14ea2a0ac0452f8904a2a56aecf12827b2ba9b17d83fba77358fcd

Download Submit
C:\Windows\System\PVorQSL.exe

Filesize
2.4MB

MD5
f5eabac02a3af86d2e32240f75262c43

SHA1
21d4446502633770ed8463ea8c7e029751014042

SHA256
caaa2ede156fec055c8c964a8cc5ca764826500582bb90bcdc89b3d55f092409

SHA512
e71f059bc65028a57a498f1f3fae91f1c6d27d515ceadeb8169cdc0e62239c2e0fc37a54ff2396bcff2d244b5c21ee52c674b4cbe81f462f67bdb56be88933e0

Download Submit
C:\Windows\System\PrnXlmt.exe

Filesize
2.4MB

MD5
ee440be6ff2f1d6c7ad63d95d865294a

SHA1
6d7352b9e2d66ae55ee0c3c74eacc8a33094fbf2

SHA256
3763477422d7dcd79530887f5308e5ebe12148b2d0caf2b572fd447ecfed8854

SHA512
36801c55a68e0b2f482c1eda85f54f70d9275ed6e871684c23b330d268222cd909c2b6522861db0fcd9c573461214252ab651b88a3491f7214eabbe20f328d06

Download Submit
C:\Windows\System\RfVNXRx.exe

Filesize
2.4MB

MD5
4ad72b668bb7d70577e37b52a57c97a7

SHA1
06a31468b31e2bedc7d08ea107125bb4a8047fff

SHA256
c0871d8f98a46671560152ae6c8bad0f2412bb2ec808a376f0243a6ed364f14a

SHA512
5cbe3653e957094624fcfc434ffc4a2df57dc7b0ae01c777e92bc01de26fe031ce96801f1b27a19e1233a88308f23f42576c0b1bf8372e6df1438a0e7e9087dd

Download Submit
C:\Windows\System\YOYuqPJ.exe

Filesize
2.4MB

MD5
91fc222b3b2fa94c2506a48e1488611e

SHA1
113069dd265fffa2f7b17740c1a920527c36d310

SHA256
e38dd58fd83dba73a39e24f97bbd52f900aa678b9d1e809afee857c4c08a2a3b

SHA512
3e95a130a3abfba97161072f140ae8274c5a2fecad6719e2abbd531b6ee6008638a5a685460e00ee09e48dfad4dca389fe3e3e9f1aec282ea820d3f7e3e26f7e

Download Submit
C:\Windows\System\aubCSjD.exe

Filesize
2.4MB

MD5
e146e6e8227dee9172cf9d075356680c

SHA1
bf6def56b07d21046d5dd87d2ce6ae775212796e

SHA256
6a436767e1fc2cfbe9f407a55b890e2402a38674da27b07e97dd79abde2f121b

SHA512
7b7583f4c9c90df220dc2fe7b43803d11bd9085505d252bd2fd6e1fd5f068cd38ac58bcbd4002f4b955060e26f496b3ebbde6fc468f02a9fb0055532e66daee6

Download Submit
C:\Windows\System\cBGlgJP.exe

Filesize
2.4MB

MD5
a1cc80c23a35858cec7386c0ec580659

SHA1
5810d1f8c6a820134f3d9c48d25d16a0f99347ae

SHA256
a7123bf0074f16b63e2b0c7da4eb79a39a7f7800364b3fb08850818d605a8c36

SHA512
686f161739006d9d277a348496c35a2acba04fa11b0dc46980bea4889005afce5b8fa2dd33173dcfcdd1e5523ce1d3b9087782fd92fece3a5a5fe436ba220168

Download Submit
C:\Windows\System\dEcLoZe.exe

Filesize
2.4MB

MD5
44d65a47c48ac2a424cc37311abdca75

SHA1
7d82185e9394c00b2d0be5e5e360188ec8215eaa

SHA256
55bf5e80f3496754bcaa2805d5fa3702cf8a22fd46f552e78a600eda08b7f836

SHA512
9c837387af1114b9c8bb6227fd62f71d45d0f4842112e86ebe3763ef81b65c7aab845c83ce237644dff2446580b7bd209e5dc32066cda70d77717cbebed55587

Download Submit
C:\Windows\System\dJJcXZp.exe

Filesize
2.4MB

MD5
4603ed0d1355b6320986ccb44e2c5b10

SHA1
e566a7139fb64063a739e9933c29135c2b96d0f5

SHA256
b8b2f6c021a706552979861236152515aece2db565ae1f5818d3a7e747f130c5

SHA512
2e80eef5ac2e68f280896700600b792a956c188995dc57890f1f5e7e64b481e96450419d570d61e2132efb18446cfe8eefaf5e25b2d3545adbebd5880823b957

Download Submit
C:\Windows\System\fmPahdK.exe

Filesize
2.4MB

MD5
fbdf2ff51b1064e02c38336483e379f0

SHA1
00041136f443f0640b9d9fa6c8c51f5f86a05d4c

SHA256
44a9ce0770174d8010be637acccab1fe6644bdc1c16e305fbf01198981f47bf2

SHA512
25d71bd0dfe1278f730a8ea6366df75b2ca2952013083ca5fe15f6b7777b466be2c6fb619e41aaa2f89890392798c7f195eefd20adf69ef539f1ea5043ea1fa7

Download Submit
C:\Windows\System\jXqWfRi.exe

Filesize
2.4MB

MD5
19da44eb7701760a022e4e7b2263d56d

SHA1
2ce17324913b3b4238537fb7566a8014682cf734

SHA256
68708c0bb76c0b4678ff40c157827a30f6ff00cd9f65dbd80e82d17b6e003235

SHA512
9c450d6562906d2320b47bace10927667c31876f819a63143273d0efa279469882d5c21500bb812b36a90342e54e7abc7853b0a5d623222ccbb9ea52f2d300f9

Download Submit
C:\Windows\System\kfITnpU.exe

Filesize
2.4MB

MD5
3dbb584bd0627fa24f656c9e1f228045

SHA1
cdaca00ed79a788714cbf2a3ca81fe31b000ece6

SHA256
6b3a36db1354ccdf9a3d5cfce51bdc3ab71949ed3bfbd1622948c4c52448cef3

SHA512
cb51243bc1b2f2a7f23f34bf8c4ccf0497f38dafcd66f200e3b9410ce343bbd129af348793a85ee02bbb949fa4d2f80711fb86d8c8453b79befb6fa21f7ff698

Download Submit
C:\Windows\System\lAmwOUS.exe

Filesize
2.4MB

MD5
340dc92906c9ba0a55eb20c1a05dafef

SHA1
5d271fbe98f2dfde7996d75f989a5a53dd6161db

SHA256
5dc51a9a43f6b6f89506d657f3bcc5b6b4399e2b602a59c702ce1dfddb61e7c3

SHA512
1c2c9262f8d97b31fcf9656f9a657c2c41fcea0949c0523c18b3af9947832d2d4856c9001839decfc67674d3316b382e9aafe4d4e6e921c3e86b95e9f21cfd2f

Download Submit
C:\Windows\System\qDsWrDw.exe

Filesize
2.4MB

MD5
86f979b2fe94e4013fb3b58e45ef1a92

SHA1
e3deda562a4edb2b82edb66cdf4511e22add50ba

SHA256
3515722849a66ec9e23e52a5883710517867eeee6f2a355297bf59cc0a428fd4

SHA512
939a0a68fb7dc686dc38e34473ac47fa53a17522faa06234b12190906511171802fddcc9bd92ce1bd7f0962439b046dd193569fca803c45bb1b6a9068399e1c8

Download Submit
C:\Windows\System\qGLcrkO.exe

Filesize
2.4MB

MD5
ee49ccc09600576c8d3930abfefe88b5

SHA1
4d889f40f2f6d120abc807a1a1185bc7acf959a8

SHA256
073e62c43038374af7ed08b0b40864b5399cdb0b6b5e56be108ab88d85c18b55

SHA512
e313de8df81e0f95ffae054c20bc4dd7296c4c4c409a73a755f9696d8dcf2e25a4d9db1d312270df0b491b842d903943baf5ac4b983b95c5d9ffb84adea4303b

Download Submit
C:\Windows\System\qSojTeA.exe

Filesize
2.4MB

MD5
391df06f390c41c538c10cf87dfe2014

SHA1
3e5c3debc5f85693bb3a78d57dea4bc7ad37e7ba

SHA256
c1d0df75d9f2affbe763f49288709b548be2910c4874a35e41a9aaa642659dfe

SHA512
0e49a8abea56840bf68c3f886b56fdb1ee997cdab2267ae83cc6cf4a1463f096f63ba1b4b9e87085a88862824828f7d0d6500adfe5b9d8c0fc23fff4a5c0e597

Download Submit
C:\Windows\System\rIvQVIC.exe

Filesize
2.4MB

MD5
c7f6fcd7d402a83a4ac87b540c08af28

SHA1
7309bcea85596d73d7a8cff7af5803b02c682179

SHA256
594b1d01d4dc6f77540110f31a6e5dbabac41c24cd34aff5e71ab392b22710f6

SHA512
ce2de6c234023b8b0a6c9a239e3d21d5caee9d2e04ff4a8ea531d567ff5398cb4b171d255ac71d4a6828d997f1afd64674ae7da453853b94ee7ac56783802b84

Download Submit
C:\Windows\System\sTAsKBd.exe

Filesize
2.4MB

MD5
2b35d1c5eebf6c88dc0e13f6d7d935f4

SHA1
7ca4ec86feaa25b0db94f71a274db69784257bf6

SHA256
32d5ceb1471b26dae2273f1ea743a29cffe5ddbba53970823373c6995052aacc

SHA512
454848821ac6622879c184907be2664d4468635b78ee789e38d266e47ba3e59dd7890ebb57fccb238fa04b6885477c07a51f510633aa361a1c326fd10b1e1ce4

Download Submit
C:\Windows\System\tOzlDld.exe

Filesize
2.4MB

MD5
163c05a8bf1c324f2120aa9c89fdd8bc

SHA1
f86c10bd7c9bcece709f8f349f11ec47365df42a

SHA256
1b5159456c27d4bdcf6286d876287a33f42b940f13e27299114bea2e3ebe06b1

SHA512
5f8a864787fc967207f5f8d76c8f8b905ec7d57f2e60ea7cc812b89255d23fa6a53a8ea680e5a996e826b700b9de60fc2f4e1cadbbfbb9050fa2f63c6ba73b8f

Download Submit
C:\Windows\System\tmjMOfv.exe

Filesize
2.4MB

MD5
5e96876c33ac8c64d32902d3faf400d7

SHA1
389f277593811b2d81b161a52a0dfcbc7543525c

SHA256
2f809a885912b8ffb07f05d73510107967067fecdb359e8c1ab187ba03be8ee1

SHA512
01d99881fc948d60dee6f6ca2dc00b174a72baeb553ccb8ad9a234264bb9a533de3c02bc24b1c651d33f15934fb2e544f283dbe128e15d644baa456ab4fd8975

Download Submit
C:\Windows\System\uxKwWET.exe

Filesize
2.4MB

MD5
786cb894626faf362ae8c49a74a239bb

SHA1
b961a295f2d8ad6719de85b2005738d835a656bc

SHA256
7e6c4a68035586e9846148c1852c35793f69ba5ae4c0caf67e1105e6003b6ac9

SHA512
a195cb381e0f13a7ad7cac1f04bc62498302759d2918c16b2ad010477f3a196dcb82b72ed91e4d18fd89bcf70e06051ba477175a1ee378104cc348b7832e4b45

Download Submit
C:\Windows\System\wVcckJf.exe

Filesize
2.4MB

MD5
f800aef2e74f415126d094d89a58d749

SHA1
657ad65cce0971944f43aa108d011c7252cd843e

SHA256
044be0e662265247d3329437198d3133ce215bb6e16bf83ce37f35833c93e781

SHA512
04ffdd364657b485aa94f2112070d9c95bd1f07cdf3116ba426623dd0494090933a6e762b0777ac14dafb15ac47593a9f3aa55481e7ea4895824819bdcdd73b7

Download Submit
C:\Windows\System\wzeEaSn.exe

Filesize
2.4MB

MD5
f04f04eb3edde0562ecb335b23e9bd24

SHA1
d981cf8b2281b8a8223a8a38e87e8a1cbd710189

SHA256
7223b5656c140d2442d35d4cd2801d002f33e7352f09b619c1a3134104e76093

SHA512
8035231072581d077d1aafffd82f5045efd7112bb6e7d4236b8f6518427c67e1ef5acd9d9f46f232deff04b80c9daa25e422f91bd6a84ef1e1e44641acea85ac

Download Submit
C:\Windows\System\xStSIpg.exe

Filesize
2.4MB

MD5
8fb8774fcb45d0fd45b5fa5a277dae6c

SHA1
bfb1952505d14e1a4694fc5d9a84883930b6324e

SHA256
6bbb0dc4c71245d7a35b233ceac5fc23e071ad23e39261458cf31fddec0e311b

SHA512
b4587593d936598decf1c55e7aa943bdd9c8af2bf0a907d82349b4ae6c1b35f701948a3ced922029ccaf48a0a66e30db57384892c95e9be7eaf54f4dc5334606

Download Submit
C:\Windows\System\zqdIjbI.exe

Filesize
2.4MB

MD5
faff90fcf955c81c66109d10e12a254f

SHA1
36d1102b79d605bd39c75bce6248ce8f413a0f02

SHA256
90d4b7bd334ea77eae77edfee8f7ad15871f91a4e8879271e3e247e22b1eacfd

SHA512
606d5d91c382f84480168b21af8b71ca71ed62e27d6b259257744e2646293978c1cff6ce20d197610a3556eeff01facfe208d8c16098a1a80984d9e0b57cb831

Download Submit
memory/220-2122-0x00007FF7CC2E0000-0x00007FF7CC634000-memory.dmp

Filesize
3.3MB

Download
memory/220-743-0x00007FF7CC2E0000-0x00007FF7CC634000-memory.dmp

Filesize
3.3MB

Download
memory/656-2125-0x00007FF695870000-0x00007FF695BC4000-memory.dmp

Filesize
3.3MB

Download
memory/656-722-0x00007FF695870000-0x00007FF695BC4000-memory.dmp

Filesize
3.3MB

Download
memory/916-682-0x00007FF7F87E0000-0x00007FF7F8B34000-memory.dmp

Filesize
3.3MB

Download
memory/916-2110-0x00007FF7F87E0000-0x00007FF7F8B34000-memory.dmp

Filesize
3.3MB

Download
memory/1052-2127-0x00007FF79A0C0000-0x00007FF79A414000-memory.dmp

Filesize
3.3MB

Download
memory/1052-718-0x00007FF79A0C0000-0x00007FF79A414000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2114-0x00007FF691DE0000-0x00007FF692134000-memory.dmp

Filesize
3.3MB

Download
memory/1288-686-0x00007FF691DE0000-0x00007FF692134000-memory.dmp

Filesize
3.3MB

Download
memory/1588-21-0x00007FF7BA9C0000-0x00007FF7BAD14000-memory.dmp

Filesize
3.3MB

Download
memory/1588-2097-0x00007FF7BA9C0000-0x00007FF7BAD14000-memory.dmp

Filesize
3.3MB

Download
memory/1588-2103-0x00007FF7BA9C0000-0x00007FF7BAD14000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2099-0x00007FF6C40B0000-0x00007FF6C4404000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2106-0x00007FF6C40B0000-0x00007FF6C4404000-memory.dmp

Filesize
3.3MB

Download
memory/1680-41-0x00007FF6C40B0000-0x00007FF6C4404000-memory.dmp

Filesize
3.3MB

Download
memory/1708-683-0x00007FF71B1F0000-0x00007FF71B544000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2112-0x00007FF71B1F0000-0x00007FF71B544000-memory.dmp

Filesize
3.3MB

Download
memory/2168-710-0x00007FF6C3CA0000-0x00007FF6C3FF4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2116-0x00007FF6C3CA0000-0x00007FF6C3FF4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-758-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2123-0x00007FF6C5230000-0x00007FF6C5584000-memory.dmp

Filesize
3.3MB

Download
memory/2364-746-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2120-0x00007FF73F820000-0x00007FF73FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2126-0x00007FF787820000-0x00007FF787B74000-memory.dmp

Filesize
3.3MB

Download
memory/2436-728-0x00007FF787820000-0x00007FF787B74000-memory.dmp

Filesize
3.3MB

Download
memory/2916-734-0x00007FF79F470000-0x00007FF79F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2121-0x00007FF79F470000-0x00007FF79F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-2109-0x00007FF6AE4A0000-0x00007FF6AE7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-681-0x00007FF6AE4A0000-0x00007FF6AE7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3108-29-0x00007FF785CF0000-0x00007FF786044000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2102-0x00007FF785CF0000-0x00007FF786044000-memory.dmp

Filesize
3.3MB

Download
memory/3288-760-0x00007FF6DEFB0000-0x00007FF6DF304000-memory.dmp

Filesize
3.3MB

Download
memory/3288-2129-0x00007FF6DEFB0000-0x00007FF6DF304000-memory.dmp

Filesize
3.3MB

Download
memory/3340-2105-0x00007FF7D9580000-0x00007FF7D98D4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-2098-0x00007FF7D9580000-0x00007FF7D98D4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-36-0x00007FF7D9580000-0x00007FF7D98D4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2107-0x00007FF677230000-0x00007FF677584000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2100-0x00007FF677230000-0x00007FF677584000-memory.dmp

Filesize
3.3MB

Download
memory/3456-680-0x00007FF677230000-0x00007FF677584000-memory.dmp

Filesize
3.3MB

Download
memory/3488-763-0x00007FF6B2010000-0x00007FF6B2364000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2108-0x00007FF6B2010000-0x00007FF6B2364000-memory.dmp

Filesize
3.3MB

Download
memory/3880-1-0x000002755A980000-0x000002755A990000-memory.dmp

Filesize
64KB

Download
memory/3880-2096-0x00007FF731DD0000-0x00007FF732124000-memory.dmp

Filesize
3.3MB

Download
memory/3880-0-0x00007FF731DD0000-0x00007FF732124000-memory.dmp

Filesize
3.3MB

Download
memory/3928-713-0x00007FF7BB420000-0x00007FF7BB774000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2118-0x00007FF7BB420000-0x00007FF7BB774000-memory.dmp

Filesize
3.3MB

Download
memory/4052-685-0x00007FF6BAA70000-0x00007FF6BADC4000-memory.dmp

Filesize
3.3MB

Download
memory/4052-2113-0x00007FF6BAA70000-0x00007FF6BADC4000-memory.dmp

Filesize
3.3MB

Download
memory/4132-2124-0x00007FF7B7600000-0x00007FF7B7954000-memory.dmp

Filesize
3.3MB

Download
memory/4132-759-0x00007FF7B7600000-0x00007FF7B7954000-memory.dmp

Filesize
3.3MB

Download
memory/4204-705-0x00007FF7352B0000-0x00007FF735604000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2115-0x00007FF7352B0000-0x00007FF735604000-memory.dmp

Filesize
3.3MB

Download
memory/4508-10-0x00007FF605EC0000-0x00007FF606214000-memory.dmp

Filesize
3.3MB

Download
memory/4508-2101-0x00007FF605EC0000-0x00007FF606214000-memory.dmp

Filesize
3.3MB

Download
memory/4572-684-0x00007FF7B1EE0000-0x00007FF7B2234000-memory.dmp

Filesize
3.3MB

Download
memory/4572-2111-0x00007FF7B1EE0000-0x00007FF7B2234000-memory.dmp

Filesize
3.3MB

Download
memory/4688-2104-0x00007FF662600000-0x00007FF662954000-memory.dmp

Filesize
3.3MB

Download
memory/4688-37-0x00007FF662600000-0x00007FF662954000-memory.dmp

Filesize
3.3MB

Download
memory/4720-701-0x00007FF748220000-0x00007FF748574000-memory.dmp

Filesize
3.3MB

Download
memory/4720-2117-0x00007FF748220000-0x00007FF748574000-memory.dmp

Filesize
3.3MB

Download
memory/4776-717-0x00007FF6C1B70000-0x00007FF6C1EC4000-memory.dmp

Filesize
3.3MB

Download
memory/4776-2119-0x00007FF6C1B70000-0x00007FF6C1EC4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2128-0x00007FF70B9A0000-0x00007FF70BCF4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-742-0x00007FF70B9A0000-0x00007FF70BCF4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads