kpot | 43c4c90c21fff1d8e547cbd8321be771d3604c9690bc5640a0eed071e7d20f6f

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 23:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
Size

2.2MB
MD5

8f67176ec880e73e1035ba3e39da8d70
SHA1

0552c0e040a53eb0b82b317d7429004e989bf39d
SHA256

43c4c90c21fff1d8e547cbd8321be771d3604c9690bc5640a0eed071e7d20f6f
SHA512

10538e47390ad6281b683a0396ebf074bb1929447d2d7675f291b5e5f2d3272b6704a2bc27c71e20da8cdc4a7ea49397d2824945e737556ccaf40c4d79fca5a0
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6S/Fppa5GePfhX:BemTLkNdfE0pZrwp

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000900000002340c-6.dat	family_kpot
behavioral2/files/0x000700000002341d-14.dat	family_kpot
behavioral2/files/0x000700000002341c-13.dat	family_kpot
behavioral2/files/0x0007000000023420-32.dat	family_kpot
behavioral2/files/0x0007000000023422-40.dat	family_kpot
behavioral2/files/0x0007000000023423-47.dat	family_kpot
behavioral2/files/0x0007000000023425-57.dat	family_kpot
behavioral2/files/0x0007000000023427-65.dat	family_kpot
behavioral2/files/0x0007000000023428-76.dat	family_kpot
behavioral2/files/0x000700000002342a-86.dat	family_kpot
behavioral2/files/0x000700000002342d-97.dat	family_kpot
behavioral2/files/0x000700000002342f-107.dat	family_kpot
behavioral2/files/0x0007000000023431-121.dat	family_kpot
behavioral2/files/0x0007000000023434-135.dat	family_kpot
behavioral2/files/0x000700000002343b-165.dat	family_kpot
behavioral2/files/0x000700000002343a-162.dat	family_kpot
behavioral2/files/0x0007000000023439-160.dat	family_kpot
behavioral2/files/0x0007000000023438-156.dat	family_kpot
behavioral2/files/0x0007000000023437-150.dat	family_kpot
behavioral2/files/0x0007000000023436-146.dat	family_kpot
behavioral2/files/0x0007000000023435-141.dat	family_kpot
behavioral2/files/0x0007000000023433-131.dat	family_kpot
behavioral2/files/0x0007000000023432-126.dat	family_kpot
behavioral2/files/0x0007000000023430-115.dat	family_kpot
behavioral2/files/0x000700000002342e-105.dat	family_kpot
behavioral2/files/0x000700000002342c-95.dat	family_kpot
behavioral2/files/0x000700000002342b-90.dat	family_kpot
behavioral2/files/0x0007000000023429-80.dat	family_kpot
behavioral2/files/0x0007000000023426-66.dat	family_kpot
behavioral2/files/0x0007000000023424-55.dat	family_kpot
behavioral2/files/0x0007000000023421-41.dat	family_kpot
behavioral2/files/0x000700000002341f-28.dat	family_kpot
behavioral2/files/0x000700000002341e-23.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4364-0-0x00007FF702050000-0x00007FF7023A4000-memory.dmp	xmrig
behavioral2/files/0x000900000002340c-6.dat	xmrig
behavioral2/files/0x000700000002341d-14.dat	xmrig
behavioral2/files/0x000700000002341c-13.dat	xmrig
behavioral2/files/0x0007000000023420-32.dat	xmrig
behavioral2/files/0x0007000000023422-40.dat	xmrig
behavioral2/files/0x0007000000023423-47.dat	xmrig
behavioral2/files/0x0007000000023425-57.dat	xmrig
behavioral2/files/0x0007000000023427-65.dat	xmrig
behavioral2/files/0x0007000000023428-76.dat	xmrig
behavioral2/files/0x000700000002342a-86.dat	xmrig
behavioral2/files/0x000700000002342d-97.dat	xmrig
behavioral2/files/0x000700000002342f-107.dat	xmrig
behavioral2/files/0x0007000000023431-121.dat	xmrig
behavioral2/files/0x0007000000023434-135.dat	xmrig
behavioral2/files/0x000700000002343b-165.dat	xmrig
behavioral2/memory/2156-580-0x00007FF7A61D0000-0x00007FF7A6524000-memory.dmp	xmrig
behavioral2/memory/3432-582-0x00007FF6D2E50000-0x00007FF6D31A4000-memory.dmp	xmrig
behavioral2/memory/1520-581-0x00007FF759520000-0x00007FF759874000-memory.dmp	xmrig
behavioral2/memory/3172-584-0x00007FF6E3CC0000-0x00007FF6E4014000-memory.dmp	xmrig
behavioral2/memory/1076-585-0x00007FF60D080000-0x00007FF60D3D4000-memory.dmp	xmrig
behavioral2/memory/2108-583-0x00007FF79F6C0000-0x00007FF79FA14000-memory.dmp	xmrig
behavioral2/memory/1420-586-0x00007FF7AB5A0000-0x00007FF7AB8F4000-memory.dmp	xmrig
behavioral2/memory/1396-587-0x00007FF7AE4C0000-0x00007FF7AE814000-memory.dmp	xmrig
behavioral2/memory/2340-588-0x00007FF705FD0000-0x00007FF706324000-memory.dmp	xmrig
behavioral2/memory/5072-590-0x00007FF62D4F0000-0x00007FF62D844000-memory.dmp	xmrig
behavioral2/memory/856-602-0x00007FF734F40000-0x00007FF735294000-memory.dmp	xmrig
behavioral2/memory/4112-606-0x00007FF715910000-0x00007FF715C64000-memory.dmp	xmrig
behavioral2/memory/5060-629-0x00007FF6D0C50000-0x00007FF6D0FA4000-memory.dmp	xmrig
behavioral2/memory/3692-634-0x00007FF63F610000-0x00007FF63F964000-memory.dmp	xmrig
behavioral2/memory/4400-668-0x00007FF75CEA0000-0x00007FF75D1F4000-memory.dmp	xmrig
behavioral2/memory/1708-674-0x00007FF7F9D50000-0x00007FF7FA0A4000-memory.dmp	xmrig
behavioral2/memory/2444-662-0x00007FF6C7C50000-0x00007FF6C7FA4000-memory.dmp	xmrig
behavioral2/memory/3208-659-0x00007FF6806D0000-0x00007FF680A24000-memory.dmp	xmrig
behavioral2/memory/1852-658-0x00007FF6C66B0000-0x00007FF6C6A04000-memory.dmp	xmrig
behavioral2/memory/552-651-0x00007FF6AFB00000-0x00007FF6AFE54000-memory.dmp	xmrig
behavioral2/memory/4608-646-0x00007FF6B6610000-0x00007FF6B6964000-memory.dmp	xmrig
behavioral2/memory/4752-641-0x00007FF681920000-0x00007FF681C74000-memory.dmp	xmrig
behavioral2/memory/3372-619-0x00007FF737800000-0x00007FF737B54000-memory.dmp	xmrig
behavioral2/memory/2232-613-0x00007FF64CE40000-0x00007FF64D194000-memory.dmp	xmrig
behavioral2/memory/2008-598-0x00007FF7ED030000-0x00007FF7ED384000-memory.dmp	xmrig
behavioral2/memory/3868-591-0x00007FF7E7410000-0x00007FF7E7764000-memory.dmp	xmrig
behavioral2/memory/2120-589-0x00007FF6F5A70000-0x00007FF6F5DC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343a-162.dat	xmrig
behavioral2/files/0x0007000000023439-160.dat	xmrig
behavioral2/files/0x0007000000023438-156.dat	xmrig
behavioral2/files/0x0007000000023437-150.dat	xmrig
behavioral2/files/0x0007000000023436-146.dat	xmrig
behavioral2/files/0x0007000000023435-141.dat	xmrig
behavioral2/files/0x0007000000023433-131.dat	xmrig
behavioral2/files/0x0007000000023432-126.dat	xmrig
behavioral2/files/0x0007000000023430-115.dat	xmrig
behavioral2/files/0x000700000002342e-105.dat	xmrig
behavioral2/files/0x000700000002342c-95.dat	xmrig
behavioral2/files/0x000700000002342b-90.dat	xmrig
behavioral2/files/0x0007000000023429-80.dat	xmrig
behavioral2/files/0x0007000000023426-66.dat	xmrig
behavioral2/files/0x0007000000023424-55.dat	xmrig
behavioral2/files/0x0007000000023421-41.dat	xmrig
behavioral2/files/0x000700000002341f-28.dat	xmrig
behavioral2/files/0x000700000002341e-23.dat	xmrig
behavioral2/memory/348-19-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp	xmrig
behavioral2/memory/2588-17-0x00007FF60B780000-0x00007FF60BAD4000-memory.dmp	xmrig
behavioral2/memory/348-2152-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2588	VzQlPrh.exe
2156	peYYmql.exe
348	YOvJcmQ.exe
1708	nmSlqIA.exe
1520	wjhjWZI.exe
3432	XfGqxNK.exe
2108	TIGmyxz.exe
3172	sfYvUXi.exe
1076	APhetxd.exe
1420	AWILOdG.exe
1396	hNawSZD.exe
2340	XWtElAI.exe
2120	dOJYYBv.exe
5072	UBNtjdg.exe
3868	CmkFpyk.exe
2008	PKCwGNJ.exe
856	bossAdi.exe
4112	fSEOwIS.exe
2232	pqNredL.exe
3372	KdBHKaz.exe
5060	rypYqlg.exe
3692	nRHuKyQ.exe
4752	MzvNyoI.exe
4608	ahyCGzq.exe
552	dLozrLa.exe
1852	riYKsNi.exe
3208	rwWsBrV.exe
2444	mhFqwpv.exe
4400	aNGTSYd.exe
3664	NbNrWPB.exe
4372	JqUlhSO.exe
2260	tKbUkUR.exe
4704	tvQoxYb.exe
2200	Ajfxlar.exe
2368	mjgYzSq.exe
1196	kVGMlBC.exe
4584	CMxKXxD.exe
3280	VjuXVHT.exe
1836	HJuPjHB.exe
3416	khrACkw.exe
1704	KdbiExY.exe
3700	dmpUnYL.exe
4480	tehnONk.exe
1668	VvxsDFV.exe
5108	jCEpiou.exe
3532	SqQTRyD.exe
2324	ezXCdiZ.exe
3264	hFgBhjE.exe
1416	woHKgxi.exe
3204	QbljuTl.exe
2620	ALrtZIh.exe
3148	VCJiHrg.exe
4544	pePPGgz.exe
4308	qJSeMrG.exe
2604	kRUeXiR.exe
732	hiKfSnf.exe
5112	NYhmHZe.exe
2092	dJuKnZY.exe
4624	ajvDYQy.exe
2940	JpzIcMi.exe
4072	GpOVdar.exe
1920	mtRNMss.exe
4964	HvauNOI.exe
4668	qhlZuYE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4364-0-0x00007FF702050000-0x00007FF7023A4000-memory.dmp	upx
behavioral2/files/0x000900000002340c-6.dat	upx
behavioral2/files/0x000700000002341d-14.dat	upx
behavioral2/files/0x000700000002341c-13.dat	upx
behavioral2/files/0x0007000000023420-32.dat	upx
behavioral2/files/0x0007000000023422-40.dat	upx
behavioral2/files/0x0007000000023423-47.dat	upx
behavioral2/files/0x0007000000023425-57.dat	upx
behavioral2/files/0x0007000000023427-65.dat	upx
behavioral2/files/0x0007000000023428-76.dat	upx
behavioral2/files/0x000700000002342a-86.dat	upx
behavioral2/files/0x000700000002342d-97.dat	upx
behavioral2/files/0x000700000002342f-107.dat	upx
behavioral2/files/0x0007000000023431-121.dat	upx
behavioral2/files/0x0007000000023434-135.dat	upx
behavioral2/files/0x000700000002343b-165.dat	upx
behavioral2/memory/2156-580-0x00007FF7A61D0000-0x00007FF7A6524000-memory.dmp	upx
behavioral2/memory/3432-582-0x00007FF6D2E50000-0x00007FF6D31A4000-memory.dmp	upx
behavioral2/memory/1520-581-0x00007FF759520000-0x00007FF759874000-memory.dmp	upx
behavioral2/memory/3172-584-0x00007FF6E3CC0000-0x00007FF6E4014000-memory.dmp	upx
behavioral2/memory/1076-585-0x00007FF60D080000-0x00007FF60D3D4000-memory.dmp	upx
behavioral2/memory/2108-583-0x00007FF79F6C0000-0x00007FF79FA14000-memory.dmp	upx
behavioral2/memory/1420-586-0x00007FF7AB5A0000-0x00007FF7AB8F4000-memory.dmp	upx
behavioral2/memory/1396-587-0x00007FF7AE4C0000-0x00007FF7AE814000-memory.dmp	upx
behavioral2/memory/2340-588-0x00007FF705FD0000-0x00007FF706324000-memory.dmp	upx
behavioral2/memory/5072-590-0x00007FF62D4F0000-0x00007FF62D844000-memory.dmp	upx
behavioral2/memory/856-602-0x00007FF734F40000-0x00007FF735294000-memory.dmp	upx
behavioral2/memory/4112-606-0x00007FF715910000-0x00007FF715C64000-memory.dmp	upx
behavioral2/memory/5060-629-0x00007FF6D0C50000-0x00007FF6D0FA4000-memory.dmp	upx
behavioral2/memory/3692-634-0x00007FF63F610000-0x00007FF63F964000-memory.dmp	upx
behavioral2/memory/4400-668-0x00007FF75CEA0000-0x00007FF75D1F4000-memory.dmp	upx
behavioral2/memory/1708-674-0x00007FF7F9D50000-0x00007FF7FA0A4000-memory.dmp	upx
behavioral2/memory/2444-662-0x00007FF6C7C50000-0x00007FF6C7FA4000-memory.dmp	upx
behavioral2/memory/3208-659-0x00007FF6806D0000-0x00007FF680A24000-memory.dmp	upx
behavioral2/memory/1852-658-0x00007FF6C66B0000-0x00007FF6C6A04000-memory.dmp	upx
behavioral2/memory/552-651-0x00007FF6AFB00000-0x00007FF6AFE54000-memory.dmp	upx
behavioral2/memory/4608-646-0x00007FF6B6610000-0x00007FF6B6964000-memory.dmp	upx
behavioral2/memory/4752-641-0x00007FF681920000-0x00007FF681C74000-memory.dmp	upx
behavioral2/memory/3372-619-0x00007FF737800000-0x00007FF737B54000-memory.dmp	upx
behavioral2/memory/2232-613-0x00007FF64CE40000-0x00007FF64D194000-memory.dmp	upx
behavioral2/memory/2008-598-0x00007FF7ED030000-0x00007FF7ED384000-memory.dmp	upx
behavioral2/memory/3868-591-0x00007FF7E7410000-0x00007FF7E7764000-memory.dmp	upx
behavioral2/memory/2120-589-0x00007FF6F5A70000-0x00007FF6F5DC4000-memory.dmp	upx
behavioral2/files/0x000700000002343a-162.dat	upx
behavioral2/files/0x0007000000023439-160.dat	upx
behavioral2/files/0x0007000000023438-156.dat	upx
behavioral2/files/0x0007000000023437-150.dat	upx
behavioral2/files/0x0007000000023436-146.dat	upx
behavioral2/files/0x0007000000023435-141.dat	upx
behavioral2/files/0x0007000000023433-131.dat	upx
behavioral2/files/0x0007000000023432-126.dat	upx
behavioral2/files/0x0007000000023430-115.dat	upx
behavioral2/files/0x000700000002342e-105.dat	upx
behavioral2/files/0x000700000002342c-95.dat	upx
behavioral2/files/0x000700000002342b-90.dat	upx
behavioral2/files/0x0007000000023429-80.dat	upx
behavioral2/files/0x0007000000023426-66.dat	upx
behavioral2/files/0x0007000000023424-55.dat	upx
behavioral2/files/0x0007000000023421-41.dat	upx
behavioral2/files/0x000700000002341f-28.dat	upx
behavioral2/files/0x000700000002341e-23.dat	upx
behavioral2/memory/348-19-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp	upx
behavioral2/memory/2588-17-0x00007FF60B780000-0x00007FF60BAD4000-memory.dmp	upx
behavioral2/memory/348-2152-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mjgYzSq.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\kMDhcsH.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\qUviUXz.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\QHBBRpt.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\Mqdxsqy.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\CGjJfMJ.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\NDUHoei.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\pyktiRa.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\uvuWUVT.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\YEfsSDh.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\EOQTLYp.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\cYhfKAX.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\hAKJrPE.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\dcQzSJU.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\teoyRSS.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\ckSiwcQ.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\XUAMiIa.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\umqescu.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\GJnaMRJ.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\STfucEa.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\dRNUXVa.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\JucxCaa.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\vjBRSMA.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\dPhEGTC.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\hNYfGae.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\AoselEC.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\cGpYeAs.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\yEXCvPo.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\QPxtNaO.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\HIavDDI.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\fPynMwg.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\DbvCjJK.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\KZBWqCO.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\wSpUBjx.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\IJdxpNM.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\mmKSRpv.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\aWbuapc.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\SVRgWqa.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\RHeWCNY.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\anWgXkV.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\BLEUIpl.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\khrACkw.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\ecsnhRs.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\fvDUVTF.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\yAsyTzm.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\tabtALu.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\wBJgYzr.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\GdaPLfz.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\CzNQMcR.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\jWgiuGV.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\LuhzuUI.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\JGpciQI.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\reeIgdN.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\JFfIQbd.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\kkEUcnt.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\ttTnmyQ.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\zxCRupy.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\VfGNElQ.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\dqhuygh.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\UFaDPBp.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\fDHpfHV.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\FFhMvyM.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\NyPBHVt.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
File created	C:\Windows\System\ZBJFHJX.exe	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13832	dwm.exe
Token: SeChangeNotifyPrivilege	13832	dwm.exe
Token: 33	13832	dwm.exe
Token: SeIncBasePriorityPrivilege	13832	dwm.exe
Token: SeShutdownPrivilege	13832	dwm.exe
Token: SeCreatePagefilePrivilege	13832	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 2588	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	84
PID 4364 wrote to memory of 2588	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	84
PID 4364 wrote to memory of 348	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	85
PID 4364 wrote to memory of 348	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	85
PID 4364 wrote to memory of 2156	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	86
PID 4364 wrote to memory of 2156	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	86
PID 4364 wrote to memory of 1708	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	87
PID 4364 wrote to memory of 1708	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	87
PID 4364 wrote to memory of 1520	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	88
PID 4364 wrote to memory of 1520	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	88
PID 4364 wrote to memory of 3432	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	89
PID 4364 wrote to memory of 3432	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	89
PID 4364 wrote to memory of 2108	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	90
PID 4364 wrote to memory of 2108	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	90
PID 4364 wrote to memory of 3172	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	91
PID 4364 wrote to memory of 3172	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	91
PID 4364 wrote to memory of 1076	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	92
PID 4364 wrote to memory of 1076	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	92
PID 4364 wrote to memory of 1420	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	93
PID 4364 wrote to memory of 1420	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	93
PID 4364 wrote to memory of 1396	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	94
PID 4364 wrote to memory of 1396	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	94
PID 4364 wrote to memory of 2340	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	95
PID 4364 wrote to memory of 2340	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	95
PID 4364 wrote to memory of 2120	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	96
PID 4364 wrote to memory of 2120	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	96
PID 4364 wrote to memory of 5072	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	97
PID 4364 wrote to memory of 5072	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	97
PID 4364 wrote to memory of 3868	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	98
PID 4364 wrote to memory of 3868	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	98
PID 4364 wrote to memory of 2008	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	99
PID 4364 wrote to memory of 2008	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	99
PID 4364 wrote to memory of 856	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	100
PID 4364 wrote to memory of 856	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	100
PID 4364 wrote to memory of 4112	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	101
PID 4364 wrote to memory of 4112	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	101
PID 4364 wrote to memory of 2232	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	102
PID 4364 wrote to memory of 2232	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	102
PID 4364 wrote to memory of 3372	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	103
PID 4364 wrote to memory of 3372	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	103
PID 4364 wrote to memory of 5060	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	104
PID 4364 wrote to memory of 5060	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	104
PID 4364 wrote to memory of 3692	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	105
PID 4364 wrote to memory of 3692	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	105
PID 4364 wrote to memory of 4752	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	106
PID 4364 wrote to memory of 4752	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	106
PID 4364 wrote to memory of 4608	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	107
PID 4364 wrote to memory of 4608	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	107
PID 4364 wrote to memory of 552	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	108
PID 4364 wrote to memory of 552	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	108
PID 4364 wrote to memory of 1852	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	109
PID 4364 wrote to memory of 1852	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	109
PID 4364 wrote to memory of 3208	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	110
PID 4364 wrote to memory of 3208	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	110
PID 4364 wrote to memory of 2444	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	111
PID 4364 wrote to memory of 2444	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	111
PID 4364 wrote to memory of 4400	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	112
PID 4364 wrote to memory of 4400	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	112
PID 4364 wrote to memory of 3664	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	113
PID 4364 wrote to memory of 3664	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	113
PID 4364 wrote to memory of 4372	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	114
PID 4364 wrote to memory of 4372	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	114
PID 4364 wrote to memory of 2260	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	115
PID 4364 wrote to memory of 2260	4364	8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8f67176ec880e73e1035ba3e39da8d70_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\System\VzQlPrh.exe
  C:\Windows\System\VzQlPrh.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\YOvJcmQ.exe
  C:\Windows\System\YOvJcmQ.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\peYYmql.exe
  C:\Windows\System\peYYmql.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\nmSlqIA.exe
  C:\Windows\System\nmSlqIA.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\wjhjWZI.exe
  C:\Windows\System\wjhjWZI.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\XfGqxNK.exe
  C:\Windows\System\XfGqxNK.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\TIGmyxz.exe
  C:\Windows\System\TIGmyxz.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\sfYvUXi.exe
  C:\Windows\System\sfYvUXi.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\APhetxd.exe
  C:\Windows\System\APhetxd.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\AWILOdG.exe
  C:\Windows\System\AWILOdG.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\hNawSZD.exe
  C:\Windows\System\hNawSZD.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\XWtElAI.exe
  C:\Windows\System\XWtElAI.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\dOJYYBv.exe
  C:\Windows\System\dOJYYBv.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\UBNtjdg.exe
  C:\Windows\System\UBNtjdg.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\CmkFpyk.exe
  C:\Windows\System\CmkFpyk.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\PKCwGNJ.exe
  C:\Windows\System\PKCwGNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\bossAdi.exe
  C:\Windows\System\bossAdi.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\fSEOwIS.exe
  C:\Windows\System\fSEOwIS.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\pqNredL.exe
  C:\Windows\System\pqNredL.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\KdBHKaz.exe
  C:\Windows\System\KdBHKaz.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\rypYqlg.exe
  C:\Windows\System\rypYqlg.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\nRHuKyQ.exe
  C:\Windows\System\nRHuKyQ.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\MzvNyoI.exe
  C:\Windows\System\MzvNyoI.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\ahyCGzq.exe
  C:\Windows\System\ahyCGzq.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\dLozrLa.exe
  C:\Windows\System\dLozrLa.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\riYKsNi.exe
  C:\Windows\System\riYKsNi.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\rwWsBrV.exe
  C:\Windows\System\rwWsBrV.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\mhFqwpv.exe
  C:\Windows\System\mhFqwpv.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\aNGTSYd.exe
  C:\Windows\System\aNGTSYd.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\NbNrWPB.exe
  C:\Windows\System\NbNrWPB.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\JqUlhSO.exe
  C:\Windows\System\JqUlhSO.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\tKbUkUR.exe
  C:\Windows\System\tKbUkUR.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\tvQoxYb.exe
  C:\Windows\System\tvQoxYb.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\Ajfxlar.exe
  C:\Windows\System\Ajfxlar.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\mjgYzSq.exe
  C:\Windows\System\mjgYzSq.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\kVGMlBC.exe
  C:\Windows\System\kVGMlBC.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\CMxKXxD.exe
  C:\Windows\System\CMxKXxD.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\VjuXVHT.exe
  C:\Windows\System\VjuXVHT.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\HJuPjHB.exe
  C:\Windows\System\HJuPjHB.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\khrACkw.exe
  C:\Windows\System\khrACkw.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\KdbiExY.exe
  C:\Windows\System\KdbiExY.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\dmpUnYL.exe
  C:\Windows\System\dmpUnYL.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\tehnONk.exe
  C:\Windows\System\tehnONk.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\VvxsDFV.exe
  C:\Windows\System\VvxsDFV.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\jCEpiou.exe
  C:\Windows\System\jCEpiou.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\SqQTRyD.exe
  C:\Windows\System\SqQTRyD.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\ezXCdiZ.exe
  C:\Windows\System\ezXCdiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\hFgBhjE.exe
  C:\Windows\System\hFgBhjE.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\woHKgxi.exe
  C:\Windows\System\woHKgxi.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\QbljuTl.exe
  C:\Windows\System\QbljuTl.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\ALrtZIh.exe
  C:\Windows\System\ALrtZIh.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\VCJiHrg.exe
  C:\Windows\System\VCJiHrg.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\pePPGgz.exe
  C:\Windows\System\pePPGgz.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\qJSeMrG.exe
  C:\Windows\System\qJSeMrG.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\kRUeXiR.exe
  C:\Windows\System\kRUeXiR.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\hiKfSnf.exe
  C:\Windows\System\hiKfSnf.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\NYhmHZe.exe
  C:\Windows\System\NYhmHZe.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\dJuKnZY.exe
  C:\Windows\System\dJuKnZY.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\ajvDYQy.exe
  C:\Windows\System\ajvDYQy.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\JpzIcMi.exe
  C:\Windows\System\JpzIcMi.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\GpOVdar.exe
  C:\Windows\System\GpOVdar.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\mtRNMss.exe
  C:\Windows\System\mtRNMss.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\HvauNOI.exe
  C:\Windows\System\HvauNOI.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\qhlZuYE.exe
  C:\Windows\System\qhlZuYE.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\ckSiwcQ.exe
  C:\Windows\System\ckSiwcQ.exe
  2⤵
  PID:792
- C:\Windows\System\NRqDaIa.exe
  C:\Windows\System\NRqDaIa.exe
  2⤵
  PID:3348
- C:\Windows\System\HXrKkoj.exe
  C:\Windows\System\HXrKkoj.exe
  2⤵
  PID:3856
- C:\Windows\System\TuQDrSn.exe
  C:\Windows\System\TuQDrSn.exe
  2⤵
  PID:4848
- C:\Windows\System\jsbmQPR.exe
  C:\Windows\System\jsbmQPR.exe
  2⤵
  PID:2268
- C:\Windows\System\ecsnhRs.exe
  C:\Windows\System\ecsnhRs.exe
  2⤵
  PID:2824
- C:\Windows\System\CKnHQFd.exe
  C:\Windows\System\CKnHQFd.exe
  2⤵
  PID:4896
- C:\Windows\System\blbQSGP.exe
  C:\Windows\System\blbQSGP.exe
  2⤵
  PID:4336
- C:\Windows\System\wBJgYzr.exe
  C:\Windows\System\wBJgYzr.exe
  2⤵
  PID:844
- C:\Windows\System\ikmNxvy.exe
  C:\Windows\System\ikmNxvy.exe
  2⤵
  PID:3756
- C:\Windows\System\lyGMqTM.exe
  C:\Windows\System\lyGMqTM.exe
  2⤵
  PID:1756
- C:\Windows\System\NWdEMGQ.exe
  C:\Windows\System\NWdEMGQ.exe
  2⤵
  PID:3728
- C:\Windows\System\GfSlYdV.exe
  C:\Windows\System\GfSlYdV.exe
  2⤵
  PID:4528
- C:\Windows\System\sqnjzcz.exe
  C:\Windows\System\sqnjzcz.exe
  2⤵
  PID:4812
- C:\Windows\System\AzESSZj.exe
  C:\Windows\System\AzESSZj.exe
  2⤵
  PID:3864
- C:\Windows\System\DyHeaFf.exe
  C:\Windows\System\DyHeaFf.exe
  2⤵
  PID:1068
- C:\Windows\System\nMztKTa.exe
  C:\Windows\System\nMztKTa.exe
  2⤵
  PID:4996
- C:\Windows\System\wmbkrGR.exe
  C:\Windows\System\wmbkrGR.exe
  2⤵
  PID:3644
- C:\Windows\System\pDmzztU.exe
  C:\Windows\System\pDmzztU.exe
  2⤵
  PID:3028
- C:\Windows\System\laFHWXh.exe
  C:\Windows\System\laFHWXh.exe
  2⤵
  PID:3964
- C:\Windows\System\nIGeYmU.exe
  C:\Windows\System\nIGeYmU.exe
  2⤵
  PID:448
- C:\Windows\System\jBJonni.exe
  C:\Windows\System\jBJonni.exe
  2⤵
  PID:3828
- C:\Windows\System\pNlQVuP.exe
  C:\Windows\System\pNlQVuP.exe
  2⤵
  PID:780
- C:\Windows\System\noquiWk.exe
  C:\Windows\System\noquiWk.exe
  2⤵
  PID:4292
- C:\Windows\System\bRYjzPF.exe
  C:\Windows\System\bRYjzPF.exe
  2⤵
  PID:5148
- C:\Windows\System\OjfpVwE.exe
  C:\Windows\System\OjfpVwE.exe
  2⤵
  PID:5180
- C:\Windows\System\lffqYVs.exe
  C:\Windows\System\lffqYVs.exe
  2⤵
  PID:5204
- C:\Windows\System\VxdLpRU.exe
  C:\Windows\System\VxdLpRU.exe
  2⤵
  PID:5232
- C:\Windows\System\QDfLXQY.exe
  C:\Windows\System\QDfLXQY.exe
  2⤵
  PID:5264
- C:\Windows\System\mUnXowC.exe
  C:\Windows\System\mUnXowC.exe
  2⤵
  PID:5292
- C:\Windows\System\whXPqmx.exe
  C:\Windows\System\whXPqmx.exe
  2⤵
  PID:5316
- C:\Windows\System\dyccEey.exe
  C:\Windows\System\dyccEey.exe
  2⤵
  PID:5348
- C:\Windows\System\zUIkONB.exe
  C:\Windows\System\zUIkONB.exe
  2⤵
  PID:5376
- C:\Windows\System\lGlkoGx.exe
  C:\Windows\System\lGlkoGx.exe
  2⤵
  PID:5404
- C:\Windows\System\XcuCVmk.exe
  C:\Windows\System\XcuCVmk.exe
  2⤵
  PID:5432
- C:\Windows\System\yJJyNHf.exe
  C:\Windows\System\yJJyNHf.exe
  2⤵
  PID:5460
- C:\Windows\System\kkEUcnt.exe
  C:\Windows\System\kkEUcnt.exe
  2⤵
  PID:5488
- C:\Windows\System\XwlrtUc.exe
  C:\Windows\System\XwlrtUc.exe
  2⤵
  PID:5516
- C:\Windows\System\MsTOnmD.exe
  C:\Windows\System\MsTOnmD.exe
  2⤵
  PID:5540
- C:\Windows\System\DQlGZws.exe
  C:\Windows\System\DQlGZws.exe
  2⤵
  PID:5568
- C:\Windows\System\rFCvsNz.exe
  C:\Windows\System\rFCvsNz.exe
  2⤵
  PID:5600
- C:\Windows\System\sYHdBVU.exe
  C:\Windows\System\sYHdBVU.exe
  2⤵
  PID:5628
- C:\Windows\System\zmZrWuq.exe
  C:\Windows\System\zmZrWuq.exe
  2⤵
  PID:5656
- C:\Windows\System\gRMCUeJ.exe
  C:\Windows\System\gRMCUeJ.exe
  2⤵
  PID:5684
- C:\Windows\System\ljvLbOo.exe
  C:\Windows\System\ljvLbOo.exe
  2⤵
  PID:5712
- C:\Windows\System\GdaPLfz.exe
  C:\Windows\System\GdaPLfz.exe
  2⤵
  PID:5740
- C:\Windows\System\HbhbNOm.exe
  C:\Windows\System\HbhbNOm.exe
  2⤵
  PID:5768
- C:\Windows\System\GEDSQDj.exe
  C:\Windows\System\GEDSQDj.exe
  2⤵
  PID:5796
- C:\Windows\System\rYPrusU.exe
  C:\Windows\System\rYPrusU.exe
  2⤵
  PID:5824
- C:\Windows\System\dXamCzj.exe
  C:\Windows\System\dXamCzj.exe
  2⤵
  PID:5852
- C:\Windows\System\UIjVXzF.exe
  C:\Windows\System\UIjVXzF.exe
  2⤵
  PID:5880
- C:\Windows\System\KSWHuBb.exe
  C:\Windows\System\KSWHuBb.exe
  2⤵
  PID:5908
- C:\Windows\System\CzNQMcR.exe
  C:\Windows\System\CzNQMcR.exe
  2⤵
  PID:5936
- C:\Windows\System\JYVwUhy.exe
  C:\Windows\System\JYVwUhy.exe
  2⤵
  PID:5964
- C:\Windows\System\qABusPZ.exe
  C:\Windows\System\qABusPZ.exe
  2⤵
  PID:5992
- C:\Windows\System\oWEQTbk.exe
  C:\Windows\System\oWEQTbk.exe
  2⤵
  PID:6020
- C:\Windows\System\EYcMdzC.exe
  C:\Windows\System\EYcMdzC.exe
  2⤵
  PID:6048
- C:\Windows\System\eQRADYu.exe
  C:\Windows\System\eQRADYu.exe
  2⤵
  PID:6072
- C:\Windows\System\hNYfGae.exe
  C:\Windows\System\hNYfGae.exe
  2⤵
  PID:6104
- C:\Windows\System\mXTHPrD.exe
  C:\Windows\System\mXTHPrD.exe
  2⤵
  PID:6128
- C:\Windows\System\QvWuMrp.exe
  C:\Windows\System\QvWuMrp.exe
  2⤵
  PID:1968
- C:\Windows\System\kzrXXsN.exe
  C:\Windows\System\kzrXXsN.exe
  2⤵
  PID:4804
- C:\Windows\System\hiHMzKR.exe
  C:\Windows\System\hiHMzKR.exe
  2⤵
  PID:3080
- C:\Windows\System\jTShpDv.exe
  C:\Windows\System\jTShpDv.exe
  2⤵
  PID:1660
- C:\Windows\System\uREakSk.exe
  C:\Windows\System\uREakSk.exe
  2⤵
  PID:5164
- C:\Windows\System\BMOYlSn.exe
  C:\Windows\System\BMOYlSn.exe
  2⤵
  PID:5224
- C:\Windows\System\vNLdHGc.exe
  C:\Windows\System\vNLdHGc.exe
  2⤵
  PID:5284
- C:\Windows\System\ZBJFHJX.exe
  C:\Windows\System\ZBJFHJX.exe
  2⤵
  PID:5360
- C:\Windows\System\fPynMwg.exe
  C:\Windows\System\fPynMwg.exe
  2⤵
  PID:5424
- C:\Windows\System\vRRERKj.exe
  C:\Windows\System\vRRERKj.exe
  2⤵
  PID:5508
- C:\Windows\System\cbjXVKA.exe
  C:\Windows\System\cbjXVKA.exe
  2⤵
  PID:5564
- C:\Windows\System\WcsTngP.exe
  C:\Windows\System\WcsTngP.exe
  2⤵
  PID:5616
- C:\Windows\System\bTDvuxi.exe
  C:\Windows\System\bTDvuxi.exe
  2⤵
  PID:5676
- C:\Windows\System\DQsVyMU.exe
  C:\Windows\System\DQsVyMU.exe
  2⤵
  PID:5752
- C:\Windows\System\MsCPlYM.exe
  C:\Windows\System\MsCPlYM.exe
  2⤵
  PID:5812
- C:\Windows\System\peIbfJg.exe
  C:\Windows\System\peIbfJg.exe
  2⤵
  PID:5872
- C:\Windows\System\XUAMiIa.exe
  C:\Windows\System\XUAMiIa.exe
  2⤵
  PID:5948
- C:\Windows\System\FWohnYc.exe
  C:\Windows\System\FWohnYc.exe
  2⤵
  PID:6008
- C:\Windows\System\orKyatO.exe
  C:\Windows\System\orKyatO.exe
  2⤵
  PID:232
- C:\Windows\System\rrGCrQj.exe
  C:\Windows\System\rrGCrQj.exe
  2⤵
  PID:6120
- C:\Windows\System\NDUHoei.exe
  C:\Windows\System\NDUHoei.exe
  2⤵
  PID:3396
- C:\Windows\System\xWTsEsz.exe
  C:\Windows\System\xWTsEsz.exe
  2⤵
  PID:4952
- C:\Windows\System\EcFQutz.exe
  C:\Windows\System\EcFQutz.exe
  2⤵
  PID:5256
- C:\Windows\System\ZWrYtan.exe
  C:\Windows\System\ZWrYtan.exe
  2⤵
  PID:5420
- C:\Windows\System\mHEVheL.exe
  C:\Windows\System\mHEVheL.exe
  2⤵
  PID:5560
- C:\Windows\System\sQqSDtY.exe
  C:\Windows\System\sQqSDtY.exe
  2⤵
  PID:5724
- C:\Windows\System\EaJuUGL.exe
  C:\Windows\System\EaJuUGL.exe
  2⤵
  PID:5844
- C:\Windows\System\WcWxwvM.exe
  C:\Windows\System\WcWxwvM.exe
  2⤵
  PID:5980
- C:\Windows\System\rvDIfjV.exe
  C:\Windows\System\rvDIfjV.exe
  2⤵
  PID:6096
- C:\Windows\System\yRutsab.exe
  C:\Windows\System\yRutsab.exe
  2⤵
  PID:3520
- C:\Windows\System\ykRNJPJ.exe
  C:\Windows\System\ykRNJPJ.exe
  2⤵
  PID:6180
- C:\Windows\System\fUVFWeR.exe
  C:\Windows\System\fUVFWeR.exe
  2⤵
  PID:6196
- C:\Windows\System\uhZKznB.exe
  C:\Windows\System\uhZKznB.exe
  2⤵
  PID:6212
- C:\Windows\System\UgUGijb.exe
  C:\Windows\System\UgUGijb.exe
  2⤵
  PID:6236
- C:\Windows\System\ZstIXXN.exe
  C:\Windows\System\ZstIXXN.exe
  2⤵
  PID:6268
- C:\Windows\System\YsyHCwO.exe
  C:\Windows\System\YsyHCwO.exe
  2⤵
  PID:6284
- C:\Windows\System\rMyZLsT.exe
  C:\Windows\System\rMyZLsT.exe
  2⤵
  PID:6312
- C:\Windows\System\tOmOYhN.exe
  C:\Windows\System\tOmOYhN.exe
  2⤵
  PID:6340
- C:\Windows\System\MHgHORc.exe
  C:\Windows\System\MHgHORc.exe
  2⤵
  PID:6368
- C:\Windows\System\fvDUVTF.exe
  C:\Windows\System\fvDUVTF.exe
  2⤵
  PID:6396
- C:\Windows\System\xxiIPPS.exe
  C:\Windows\System\xxiIPPS.exe
  2⤵
  PID:6424
- C:\Windows\System\njjEINp.exe
  C:\Windows\System\njjEINp.exe
  2⤵
  PID:6452
- C:\Windows\System\SuOwtia.exe
  C:\Windows\System\SuOwtia.exe
  2⤵
  PID:6480
- C:\Windows\System\ezzafMf.exe
  C:\Windows\System\ezzafMf.exe
  2⤵
  PID:6508
- C:\Windows\System\KUjYISu.exe
  C:\Windows\System\KUjYISu.exe
  2⤵
  PID:6536
- C:\Windows\System\zaGlAiI.exe
  C:\Windows\System\zaGlAiI.exe
  2⤵
  PID:6564
- C:\Windows\System\EKusbbD.exe
  C:\Windows\System\EKusbbD.exe
  2⤵
  PID:6592
- C:\Windows\System\NviMBfZ.exe
  C:\Windows\System\NviMBfZ.exe
  2⤵
  PID:6616
- C:\Windows\System\ttTnmyQ.exe
  C:\Windows\System\ttTnmyQ.exe
  2⤵
  PID:6744
- C:\Windows\System\YnxPcuQ.exe
  C:\Windows\System\YnxPcuQ.exe
  2⤵
  PID:6780
- C:\Windows\System\ijIMVyA.exe
  C:\Windows\System\ijIMVyA.exe
  2⤵
  PID:6816
- C:\Windows\System\ErxJghU.exe
  C:\Windows\System\ErxJghU.exe
  2⤵
  PID:6836
- C:\Windows\System\IztRYQe.exe
  C:\Windows\System\IztRYQe.exe
  2⤵
  PID:6852
- C:\Windows\System\GYgHQWI.exe
  C:\Windows\System\GYgHQWI.exe
  2⤵
  PID:6872
- C:\Windows\System\naMnTcj.exe
  C:\Windows\System\naMnTcj.exe
  2⤵
  PID:6912
- C:\Windows\System\FBpQBwQ.exe
  C:\Windows\System\FBpQBwQ.exe
  2⤵
  PID:6932
- C:\Windows\System\rwXGrby.exe
  C:\Windows\System\rwXGrby.exe
  2⤵
  PID:6972
- C:\Windows\System\RjnREEX.exe
  C:\Windows\System\RjnREEX.exe
  2⤵
  PID:6992
- C:\Windows\System\qepbFZB.exe
  C:\Windows\System\qepbFZB.exe
  2⤵
  PID:7016
- C:\Windows\System\kHfgeqf.exe
  C:\Windows\System\kHfgeqf.exe
  2⤵
  PID:7032
- C:\Windows\System\gyivXDO.exe
  C:\Windows\System\gyivXDO.exe
  2⤵
  PID:7048
- C:\Windows\System\LMdcBZj.exe
  C:\Windows\System\LMdcBZj.exe
  2⤵
  PID:7084
- C:\Windows\System\QUKWxoA.exe
  C:\Windows\System\QUKWxoA.exe
  2⤵
  PID:7112
- C:\Windows\System\oICDFHs.exe
  C:\Windows\System\oICDFHs.exe
  2⤵
  PID:5668
- C:\Windows\System\umqescu.exe
  C:\Windows\System\umqescu.exe
  2⤵
  PID:2344
- C:\Windows\System\LNbpfZD.exe
  C:\Windows\System\LNbpfZD.exe
  2⤵
  PID:4344
- C:\Windows\System\kMDhcsH.exe
  C:\Windows\System\kMDhcsH.exe
  2⤵
  PID:6192
- C:\Windows\System\YHkKCEk.exe
  C:\Windows\System\YHkKCEk.exe
  2⤵
  PID:6260
- C:\Windows\System\VQXLJWR.exe
  C:\Windows\System\VQXLJWR.exe
  2⤵
  PID:6304
- C:\Windows\System\oAGDCej.exe
  C:\Windows\System\oAGDCej.exe
  2⤵
  PID:6384
- C:\Windows\System\oBQbkbL.exe
  C:\Windows\System\oBQbkbL.exe
  2⤵
  PID:6440
- C:\Windows\System\MrYbrJf.exe
  C:\Windows\System\MrYbrJf.exe
  2⤵
  PID:6528
- C:\Windows\System\KvJGVEK.exe
  C:\Windows\System\KvJGVEK.exe
  2⤵
  PID:6552
- C:\Windows\System\OAlAYgG.exe
  C:\Windows\System\OAlAYgG.exe
  2⤵
  PID:3972
- C:\Windows\System\aTqEphT.exe
  C:\Windows\System\aTqEphT.exe
  2⤵
  PID:5088
- C:\Windows\System\gYUERtx.exe
  C:\Windows\System\gYUERtx.exe
  2⤵
  PID:3000
- C:\Windows\System\DbvCjJK.exe
  C:\Windows\System\DbvCjJK.exe
  2⤵
  PID:3736
- C:\Windows\System\EJvwggQ.exe
  C:\Windows\System\EJvwggQ.exe
  2⤵
  PID:6788
- C:\Windows\System\wnEAFky.exe
  C:\Windows\System\wnEAFky.exe
  2⤵
  PID:6868
- C:\Windows\System\bkVTRxU.exe
  C:\Windows\System\bkVTRxU.exe
  2⤵
  PID:6948
- C:\Windows\System\QTKdJDZ.exe
  C:\Windows\System\QTKdJDZ.exe
  2⤵
  PID:7004
- C:\Windows\System\rWbrKeN.exe
  C:\Windows\System\rWbrKeN.exe
  2⤵
  PID:7076
- C:\Windows\System\WKPnqBj.exe
  C:\Windows\System\WKPnqBj.exe
  2⤵
  PID:6040
- C:\Windows\System\SVRgWqa.exe
  C:\Windows\System\SVRgWqa.exe
  2⤵
  PID:3492
- C:\Windows\System\ISrJxjP.exe
  C:\Windows\System\ISrJxjP.exe
  2⤵
  PID:6360
- C:\Windows\System\ZUPWecj.exe
  C:\Windows\System\ZUPWecj.exe
  2⤵
  PID:5048
- C:\Windows\System\EOQTLYp.exe
  C:\Windows\System\EOQTLYp.exe
  2⤵
  PID:6608
- C:\Windows\System\KloZDlF.exe
  C:\Windows\System\KloZDlF.exe
  2⤵
  PID:6740
- C:\Windows\System\xbSTDhV.exe
  C:\Windows\System\xbSTDhV.exe
  2⤵
  PID:3112
- C:\Windows\System\rOlfrNg.exe
  C:\Windows\System\rOlfrNg.exe
  2⤵
  PID:4508
- C:\Windows\System\UdNhfSb.exe
  C:\Windows\System\UdNhfSb.exe
  2⤵
  PID:688
- C:\Windows\System\uefpEQn.exe
  C:\Windows\System\uefpEQn.exe
  2⤵
  PID:6776
- C:\Windows\System\gnIJeNW.exe
  C:\Windows\System\gnIJeNW.exe
  2⤵
  PID:2040
- C:\Windows\System\swusJzS.exe
  C:\Windows\System\swusJzS.exe
  2⤵
  PID:6988
- C:\Windows\System\vNLODQs.exe
  C:\Windows\System\vNLODQs.exe
  2⤵
  PID:5500
- C:\Windows\System\efTiOJD.exe
  C:\Windows\System\efTiOJD.exe
  2⤵
  PID:6724
- C:\Windows\System\ThgCXhd.exe
  C:\Windows\System\ThgCXhd.exe
  2⤵
  PID:1440
- C:\Windows\System\EjEDHDh.exe
  C:\Windows\System\EjEDHDh.exe
  2⤵
  PID:1164
- C:\Windows\System\vSmmwhF.exe
  C:\Windows\System\vSmmwhF.exe
  2⤵
  PID:6700
- C:\Windows\System\DqgzVdZ.exe
  C:\Windows\System\DqgzVdZ.exe
  2⤵
  PID:6832
- C:\Windows\System\FTjaDEm.exe
  C:\Windows\System\FTjaDEm.exe
  2⤵
  PID:7072
- C:\Windows\System\ontyRTA.exe
  C:\Windows\System\ontyRTA.exe
  2⤵
  PID:6520
- C:\Windows\System\ITUGkUj.exe
  C:\Windows\System\ITUGkUj.exe
  2⤵
  PID:6712
- C:\Windows\System\NNbGswc.exe
  C:\Windows\System\NNbGswc.exe
  2⤵
  PID:2404
- C:\Windows\System\dLGCDzh.exe
  C:\Windows\System\dLGCDzh.exe
  2⤵
  PID:744
- C:\Windows\System\xmcBXAO.exe
  C:\Windows\System\xmcBXAO.exe
  2⤵
  PID:7296
- C:\Windows\System\RcobIDe.exe
  C:\Windows\System\RcobIDe.exe
  2⤵
  PID:7312
- C:\Windows\System\QYbwaPM.exe
  C:\Windows\System\QYbwaPM.exe
  2⤵
  PID:7332
- C:\Windows\System\DSDRLJV.exe
  C:\Windows\System\DSDRLJV.exe
  2⤵
  PID:7380
- C:\Windows\System\KZBWqCO.exe
  C:\Windows\System\KZBWqCO.exe
  2⤵
  PID:7408
- C:\Windows\System\dMbkyjr.exe
  C:\Windows\System\dMbkyjr.exe
  2⤵
  PID:7436
- C:\Windows\System\TPzBduO.exe
  C:\Windows\System\TPzBduO.exe
  2⤵
  PID:7464
- C:\Windows\System\GcUhyWf.exe
  C:\Windows\System\GcUhyWf.exe
  2⤵
  PID:7492
- C:\Windows\System\vMQXtWx.exe
  C:\Windows\System\vMQXtWx.exe
  2⤵
  PID:7520
- C:\Windows\System\Xtfdlra.exe
  C:\Windows\System\Xtfdlra.exe
  2⤵
  PID:7548
- C:\Windows\System\hItyCLI.exe
  C:\Windows\System\hItyCLI.exe
  2⤵
  PID:7576
- C:\Windows\System\uImjBxt.exe
  C:\Windows\System\uImjBxt.exe
  2⤵
  PID:7604
- C:\Windows\System\XGPKzXo.exe
  C:\Windows\System\XGPKzXo.exe
  2⤵
  PID:7640
- C:\Windows\System\qBpnlgN.exe
  C:\Windows\System\qBpnlgN.exe
  2⤵
  PID:7660
- C:\Windows\System\ZkwRrRs.exe
  C:\Windows\System\ZkwRrRs.exe
  2⤵
  PID:7692
- C:\Windows\System\ojJzsSJ.exe
  C:\Windows\System\ojJzsSJ.exe
  2⤵
  PID:7716
- C:\Windows\System\nErnIMh.exe
  C:\Windows\System\nErnIMh.exe
  2⤵
  PID:7744
- C:\Windows\System\bvYMZsa.exe
  C:\Windows\System\bvYMZsa.exe
  2⤵
  PID:7776
- C:\Windows\System\zxCRupy.exe
  C:\Windows\System\zxCRupy.exe
  2⤵
  PID:7800
- C:\Windows\System\qUviUXz.exe
  C:\Windows\System\qUviUXz.exe
  2⤵
  PID:7828
- C:\Windows\System\IyKeNaz.exe
  C:\Windows\System\IyKeNaz.exe
  2⤵
  PID:7868
- C:\Windows\System\bkpqvUd.exe
  C:\Windows\System\bkpqvUd.exe
  2⤵
  PID:7904
- C:\Windows\System\cwvDAAO.exe
  C:\Windows\System\cwvDAAO.exe
  2⤵
  PID:7936
- C:\Windows\System\PfHglwK.exe
  C:\Windows\System\PfHglwK.exe
  2⤵
  PID:7960
- C:\Windows\System\QGCXSTm.exe
  C:\Windows\System\QGCXSTm.exe
  2⤵
  PID:7996
- C:\Windows\System\RGRHAqa.exe
  C:\Windows\System\RGRHAqa.exe
  2⤵
  PID:8032
- C:\Windows\System\RELKoxc.exe
  C:\Windows\System\RELKoxc.exe
  2⤵
  PID:8056
- C:\Windows\System\ZTSoxei.exe
  C:\Windows\System\ZTSoxei.exe
  2⤵
  PID:8084
- C:\Windows\System\YCbgNmd.exe
  C:\Windows\System\YCbgNmd.exe
  2⤵
  PID:8112
- C:\Windows\System\wdqfDvq.exe
  C:\Windows\System\wdqfDvq.exe
  2⤵
  PID:8140
- C:\Windows\System\JcCpuvo.exe
  C:\Windows\System\JcCpuvo.exe
  2⤵
  PID:8168
- C:\Windows\System\YbJLkcf.exe
  C:\Windows\System\YbJLkcf.exe
  2⤵
  PID:2540
- C:\Windows\System\meLJLQJ.exe
  C:\Windows\System\meLJLQJ.exe
  2⤵
  PID:7172
- C:\Windows\System\byrxKQr.exe
  C:\Windows\System\byrxKQr.exe
  2⤵
  PID:7196
- C:\Windows\System\CimkhJy.exe
  C:\Windows\System\CimkhJy.exe
  2⤵
  PID:7236
- C:\Windows\System\wPCtQCC.exe
  C:\Windows\System\wPCtQCC.exe
  2⤵
  PID:7268
- C:\Windows\System\JffYITk.exe
  C:\Windows\System\JffYITk.exe
  2⤵
  PID:7288
- C:\Windows\System\GwFfrTa.exe
  C:\Windows\System\GwFfrTa.exe
  2⤵
  PID:7152
- C:\Windows\System\eipnfui.exe
  C:\Windows\System\eipnfui.exe
  2⤵
  PID:7376
- C:\Windows\System\MrtcqMc.exe
  C:\Windows\System\MrtcqMc.exe
  2⤵
  PID:7400
- C:\Windows\System\AwBlxca.exe
  C:\Windows\System\AwBlxca.exe
  2⤵
  PID:7476
- C:\Windows\System\tgLAGfn.exe
  C:\Windows\System\tgLAGfn.exe
  2⤵
  PID:7512
- C:\Windows\System\dgNwDYr.exe
  C:\Windows\System\dgNwDYr.exe
  2⤵
  PID:7572
- C:\Windows\System\RHeWCNY.exe
  C:\Windows\System\RHeWCNY.exe
  2⤵
  PID:7680
- C:\Windows\System\unUXaEy.exe
  C:\Windows\System\unUXaEy.exe
  2⤵
  PID:7764
- C:\Windows\System\LaUQpFu.exe
  C:\Windows\System\LaUQpFu.exe
  2⤵
  PID:7824
- C:\Windows\System\hDgaFmx.exe
  C:\Windows\System\hDgaFmx.exe
  2⤵
  PID:7880
- C:\Windows\System\TItuOfN.exe
  C:\Windows\System\TItuOfN.exe
  2⤵
  PID:7988
- C:\Windows\System\AfzFnhs.exe
  C:\Windows\System\AfzFnhs.exe
  2⤵
  PID:8044
- C:\Windows\System\WYCzdIM.exe
  C:\Windows\System\WYCzdIM.exe
  2⤵
  PID:8108
- C:\Windows\System\QEtENUw.exe
  C:\Windows\System\QEtENUw.exe
  2⤵
  PID:4120
- C:\Windows\System\fXPCGkv.exe
  C:\Windows\System\fXPCGkv.exe
  2⤵
  PID:7220
- C:\Windows\System\nkPVYnz.exe
  C:\Windows\System\nkPVYnz.exe
  2⤵
  PID:7304
- C:\Windows\System\ofTWcUj.exe
  C:\Windows\System\ofTWcUj.exe
  2⤵
  PID:7432
- C:\Windows\System\aVrwulm.exe
  C:\Windows\System\aVrwulm.exe
  2⤵
  PID:7560
- C:\Windows\System\lmvdWfw.exe
  C:\Windows\System\lmvdWfw.exe
  2⤵
  PID:7712
- C:\Windows\System\iJzDAws.exe
  C:\Windows\System\iJzDAws.exe
  2⤵
  PID:7864
- C:\Windows\System\rbWMZgy.exe
  C:\Windows\System\rbWMZgy.exe
  2⤵
  PID:8040
- C:\Windows\System\WavGamy.exe
  C:\Windows\System\WavGamy.exe
  2⤵
  PID:7180
- C:\Windows\System\tBLuDxW.exe
  C:\Windows\System\tBLuDxW.exe
  2⤵
  PID:7460
- C:\Windows\System\zdgMVkm.exe
  C:\Windows\System\zdgMVkm.exe
  2⤵
  PID:7820
- C:\Windows\System\EUbbnqg.exe
  C:\Windows\System\EUbbnqg.exe
  2⤵
  PID:6956
- C:\Windows\System\ASToUKP.exe
  C:\Windows\System\ASToUKP.exe
  2⤵
  PID:7368
- C:\Windows\System\qriWByz.exe
  C:\Windows\System\qriWByz.exe
  2⤵
  PID:8220
- C:\Windows\System\YcAKuQE.exe
  C:\Windows\System\YcAKuQE.exe
  2⤵
  PID:8248
- C:\Windows\System\XQEZmNK.exe
  C:\Windows\System\XQEZmNK.exe
  2⤵
  PID:8276
- C:\Windows\System\qWKsakN.exe
  C:\Windows\System\qWKsakN.exe
  2⤵
  PID:8304
- C:\Windows\System\mDpCSQe.exe
  C:\Windows\System\mDpCSQe.exe
  2⤵
  PID:8332
- C:\Windows\System\QOZKxha.exe
  C:\Windows\System\QOZKxha.exe
  2⤵
  PID:8360
- C:\Windows\System\KfWODek.exe
  C:\Windows\System\KfWODek.exe
  2⤵
  PID:8388
- C:\Windows\System\DKyjZyc.exe
  C:\Windows\System\DKyjZyc.exe
  2⤵
  PID:8416
- C:\Windows\System\yVWJwxU.exe
  C:\Windows\System\yVWJwxU.exe
  2⤵
  PID:8444
- C:\Windows\System\cYhfKAX.exe
  C:\Windows\System\cYhfKAX.exe
  2⤵
  PID:8472
- C:\Windows\System\BfMOkqt.exe
  C:\Windows\System\BfMOkqt.exe
  2⤵
  PID:8504
- C:\Windows\System\hWZCZsf.exe
  C:\Windows\System\hWZCZsf.exe
  2⤵
  PID:8528
- C:\Windows\System\WBaoxLB.exe
  C:\Windows\System\WBaoxLB.exe
  2⤵
  PID:8556
- C:\Windows\System\PKCoYhq.exe
  C:\Windows\System\PKCoYhq.exe
  2⤵
  PID:8584
- C:\Windows\System\RtDuAMp.exe
  C:\Windows\System\RtDuAMp.exe
  2⤵
  PID:8612
- C:\Windows\System\rhsqBGm.exe
  C:\Windows\System\rhsqBGm.exe
  2⤵
  PID:8644
- C:\Windows\System\UDRRqDi.exe
  C:\Windows\System\UDRRqDi.exe
  2⤵
  PID:8668
- C:\Windows\System\mhvBABH.exe
  C:\Windows\System\mhvBABH.exe
  2⤵
  PID:8696
- C:\Windows\System\FIVkhtn.exe
  C:\Windows\System\FIVkhtn.exe
  2⤵
  PID:8716
- C:\Windows\System\egqBIqa.exe
  C:\Windows\System\egqBIqa.exe
  2⤵
  PID:8732
- C:\Windows\System\yWGeFpt.exe
  C:\Windows\System\yWGeFpt.exe
  2⤵
  PID:8752
- C:\Windows\System\cdTuGRN.exe
  C:\Windows\System\cdTuGRN.exe
  2⤵
  PID:8784
- C:\Windows\System\CRUdGUl.exe
  C:\Windows\System\CRUdGUl.exe
  2⤵
  PID:8812
- C:\Windows\System\hEjHhat.exe
  C:\Windows\System\hEjHhat.exe
  2⤵
  PID:8856
- C:\Windows\System\gUtLFSI.exe
  C:\Windows\System\gUtLFSI.exe
  2⤵
  PID:8896
- C:\Windows\System\bKoxdPZ.exe
  C:\Windows\System\bKoxdPZ.exe
  2⤵
  PID:8928
- C:\Windows\System\EmONhex.exe
  C:\Windows\System\EmONhex.exe
  2⤵
  PID:8952
- C:\Windows\System\OmKIgUK.exe
  C:\Windows\System\OmKIgUK.exe
  2⤵
  PID:8980
- C:\Windows\System\fZTZBkI.exe
  C:\Windows\System\fZTZBkI.exe
  2⤵
  PID:9008
- C:\Windows\System\vxAnlJm.exe
  C:\Windows\System\vxAnlJm.exe
  2⤵
  PID:9036
- C:\Windows\System\AaopknC.exe
  C:\Windows\System\AaopknC.exe
  2⤵
  PID:9064
- C:\Windows\System\TdCfBVG.exe
  C:\Windows\System\TdCfBVG.exe
  2⤵
  PID:9092
- C:\Windows\System\uNZXFOK.exe
  C:\Windows\System\uNZXFOK.exe
  2⤵
  PID:9116
- C:\Windows\System\AoselEC.exe
  C:\Windows\System\AoselEC.exe
  2⤵
  PID:9136
- C:\Windows\System\xILRyNz.exe
  C:\Windows\System\xILRyNz.exe
  2⤵
  PID:9152
- C:\Windows\System\kIolSYl.exe
  C:\Windows\System\kIolSYl.exe
  2⤵
  PID:9192
- C:\Windows\System\buAANUO.exe
  C:\Windows\System\buAANUO.exe
  2⤵
  PID:8208
- C:\Windows\System\lqHDmaq.exe
  C:\Windows\System\lqHDmaq.exe
  2⤵
  PID:8240
- C:\Windows\System\dREEqKp.exe
  C:\Windows\System\dREEqKp.exe
  2⤵
  PID:8300
- C:\Windows\System\brUzdRY.exe
  C:\Windows\System\brUzdRY.exe
  2⤵
  PID:8400
- C:\Windows\System\QHBBRpt.exe
  C:\Windows\System\QHBBRpt.exe
  2⤵
  PID:8492
- C:\Windows\System\GGdrgMs.exe
  C:\Windows\System\GGdrgMs.exe
  2⤵
  PID:8524
- C:\Windows\System\naCpFOd.exe
  C:\Windows\System\naCpFOd.exe
  2⤵
  PID:8624
- C:\Windows\System\rZtHpsT.exe
  C:\Windows\System\rZtHpsT.exe
  2⤵
  PID:8680
- C:\Windows\System\sUyILXH.exe
  C:\Windows\System\sUyILXH.exe
  2⤵
  PID:8728
- C:\Windows\System\xDKaYGE.exe
  C:\Windows\System\xDKaYGE.exe
  2⤵
  PID:8776
- C:\Windows\System\NzIYVjt.exe
  C:\Windows\System\NzIYVjt.exe
  2⤵
  PID:8852
- C:\Windows\System\GcqfXgF.exe
  C:\Windows\System\GcqfXgF.exe
  2⤵
  PID:8920
- C:\Windows\System\ZaEwjcA.exe
  C:\Windows\System\ZaEwjcA.exe
  2⤵
  PID:8992
- C:\Windows\System\mfPnSfs.exe
  C:\Windows\System\mfPnSfs.exe
  2⤵
  PID:9028
- C:\Windows\System\RSLKjLi.exe
  C:\Windows\System\RSLKjLi.exe
  2⤵
  PID:9084
- C:\Windows\System\jcfFczs.exe
  C:\Windows\System\jcfFczs.exe
  2⤵
  PID:9148
- C:\Windows\System\URSUctx.exe
  C:\Windows\System\URSUctx.exe
  2⤵
  PID:8272
- C:\Windows\System\JtJcMGe.exe
  C:\Windows\System\JtJcMGe.exe
  2⤵
  PID:8432
- C:\Windows\System\sfSjBPo.exe
  C:\Windows\System\sfSjBPo.exe
  2⤵
  PID:8580
- C:\Windows\System\ZFayqZV.exe
  C:\Windows\System\ZFayqZV.exe
  2⤵
  PID:8792
- C:\Windows\System\xVziCfS.exe
  C:\Windows\System\xVziCfS.exe
  2⤵
  PID:8892
- C:\Windows\System\iDITkGH.exe
  C:\Windows\System\iDITkGH.exe
  2⤵
  PID:9024
- C:\Windows\System\ILcjtov.exe
  C:\Windows\System\ILcjtov.exe
  2⤵
  PID:9180
- C:\Windows\System\wufLxFd.exe
  C:\Windows\System\wufLxFd.exe
  2⤵
  PID:8568
- C:\Windows\System\OqenqzC.exe
  C:\Windows\System\OqenqzC.exe
  2⤵
  PID:9004
- C:\Windows\System\aUsQmdi.exe
  C:\Windows\System\aUsQmdi.exe
  2⤵
  PID:8660
- C:\Windows\System\nCYiYnU.exe
  C:\Windows\System\nCYiYnU.exe
  2⤵
  PID:9220
- C:\Windows\System\piMSGlH.exe
  C:\Windows\System\piMSGlH.exe
  2⤵
  PID:9240
- C:\Windows\System\SPPcZgA.exe
  C:\Windows\System\SPPcZgA.exe
  2⤵
  PID:9264
- C:\Windows\System\ZRSDYRL.exe
  C:\Windows\System\ZRSDYRL.exe
  2⤵
  PID:9280
- C:\Windows\System\KUMsMgP.exe
  C:\Windows\System\KUMsMgP.exe
  2⤵
  PID:9316
- C:\Windows\System\nJrnVBf.exe
  C:\Windows\System\nJrnVBf.exe
  2⤵
  PID:9360
- C:\Windows\System\CYWQdcb.exe
  C:\Windows\System\CYWQdcb.exe
  2⤵
  PID:9388
- C:\Windows\System\OviTtni.exe
  C:\Windows\System\OviTtni.exe
  2⤵
  PID:9416
- C:\Windows\System\uWMaBUx.exe
  C:\Windows\System\uWMaBUx.exe
  2⤵
  PID:9440
- C:\Windows\System\RRsRAvq.exe
  C:\Windows\System\RRsRAvq.exe
  2⤵
  PID:9468
- C:\Windows\System\OaQInvk.exe
  C:\Windows\System\OaQInvk.exe
  2⤵
  PID:9488
- C:\Windows\System\nnVQKqy.exe
  C:\Windows\System\nnVQKqy.exe
  2⤵
  PID:9504
- C:\Windows\System\FgQTDlZ.exe
  C:\Windows\System\FgQTDlZ.exe
  2⤵
  PID:9536
- C:\Windows\System\lVyjLko.exe
  C:\Windows\System\lVyjLko.exe
  2⤵
  PID:9564
- C:\Windows\System\jWgiuGV.exe
  C:\Windows\System\jWgiuGV.exe
  2⤵
  PID:9612
- C:\Windows\System\qOqYCZf.exe
  C:\Windows\System\qOqYCZf.exe
  2⤵
  PID:9640
- C:\Windows\System\rWCfEes.exe
  C:\Windows\System\rWCfEes.exe
  2⤵
  PID:9656
- C:\Windows\System\zCIXjww.exe
  C:\Windows\System\zCIXjww.exe
  2⤵
  PID:9688
- C:\Windows\System\UPwGmQa.exe
  C:\Windows\System\UPwGmQa.exe
  2⤵
  PID:9716
- C:\Windows\System\otMrPXm.exe
  C:\Windows\System\otMrPXm.exe
  2⤵
  PID:9744
- C:\Windows\System\WnhJlWB.exe
  C:\Windows\System\WnhJlWB.exe
  2⤵
  PID:9760
- C:\Windows\System\sArfwva.exe
  C:\Windows\System\sArfwva.exe
  2⤵
  PID:9792
- C:\Windows\System\QOIFikL.exe
  C:\Windows\System\QOIFikL.exe
  2⤵
  PID:9816
- C:\Windows\System\YZVkpES.exe
  C:\Windows\System\YZVkpES.exe
  2⤵
  PID:9832
- C:\Windows\System\ErUViyD.exe
  C:\Windows\System\ErUViyD.exe
  2⤵
  PID:9864
- C:\Windows\System\EmJHjSp.exe
  C:\Windows\System\EmJHjSp.exe
  2⤵
  PID:9912
- C:\Windows\System\FHXNtcp.exe
  C:\Windows\System\FHXNtcp.exe
  2⤵
  PID:9952
- C:\Windows\System\btZwnfI.exe
  C:\Windows\System\btZwnfI.exe
  2⤵
  PID:9972
- C:\Windows\System\wSpUBjx.exe
  C:\Windows\System\wSpUBjx.exe
  2⤵
  PID:9996
- C:\Windows\System\KOuERbb.exe
  C:\Windows\System\KOuERbb.exe
  2⤵
  PID:10032
- C:\Windows\System\DSPKwWf.exe
  C:\Windows\System\DSPKwWf.exe
  2⤵
  PID:10060
- C:\Windows\System\lAHcLTS.exe
  C:\Windows\System\lAHcLTS.exe
  2⤵
  PID:10092
- C:\Windows\System\LBnxyle.exe
  C:\Windows\System\LBnxyle.exe
  2⤵
  PID:10120
- C:\Windows\System\rwpFINM.exe
  C:\Windows\System\rwpFINM.exe
  2⤵
  PID:10148
- C:\Windows\System\EhCsTXI.exe
  C:\Windows\System\EhCsTXI.exe
  2⤵
  PID:10164
- C:\Windows\System\ABbgjGD.exe
  C:\Windows\System\ABbgjGD.exe
  2⤵
  PID:10192
- C:\Windows\System\BNiaRPt.exe
  C:\Windows\System\BNiaRPt.exe
  2⤵
  PID:10232
- C:\Windows\System\VsjlRXb.exe
  C:\Windows\System\VsjlRXb.exe
  2⤵
  PID:9260
- C:\Windows\System\AEIAevI.exe
  C:\Windows\System\AEIAevI.exe
  2⤵
  PID:9300
- C:\Windows\System\RuoANvm.exe
  C:\Windows\System\RuoANvm.exe
  2⤵
  PID:8760
- C:\Windows\System\zHXXXLn.exe
  C:\Windows\System\zHXXXLn.exe
  2⤵
  PID:9400
- C:\Windows\System\NvlvOsn.exe
  C:\Windows\System\NvlvOsn.exe
  2⤵
  PID:9496
- C:\Windows\System\riCVVEM.exe
  C:\Windows\System\riCVVEM.exe
  2⤵
  PID:9576
- C:\Windows\System\FDQWqNb.exe
  C:\Windows\System\FDQWqNb.exe
  2⤵
  PID:9600
- C:\Windows\System\pOPSsej.exe
  C:\Windows\System\pOPSsej.exe
  2⤵
  PID:9696
- C:\Windows\System\lCGTJcS.exe
  C:\Windows\System\lCGTJcS.exe
  2⤵
  PID:9736
- C:\Windows\System\ATSzbXx.exe
  C:\Windows\System\ATSzbXx.exe
  2⤵
  PID:9804
- C:\Windows\System\tUYCPgM.exe
  C:\Windows\System\tUYCPgM.exe
  2⤵
  PID:9856
- C:\Windows\System\TtZmmDj.exe
  C:\Windows\System\TtZmmDj.exe
  2⤵
  PID:9944
- C:\Windows\System\JMqFpzd.exe
  C:\Windows\System\JMqFpzd.exe
  2⤵
  PID:9992
- C:\Windows\System\DytMmIV.exe
  C:\Windows\System\DytMmIV.exe
  2⤵
  PID:10056
- C:\Windows\System\GfGmtyV.exe
  C:\Windows\System\GfGmtyV.exe
  2⤵
  PID:10104
- C:\Windows\System\iPeRQrY.exe
  C:\Windows\System\iPeRQrY.exe
  2⤵
  PID:10160
- C:\Windows\System\pJOAAeb.exe
  C:\Windows\System\pJOAAeb.exe
  2⤵
  PID:9276
- C:\Windows\System\OrHBjyD.exe
  C:\Windows\System\OrHBjyD.exe
  2⤵
  PID:9384
- C:\Windows\System\uYfmVMB.exe
  C:\Windows\System\uYfmVMB.exe
  2⤵
  PID:9528
- C:\Windows\System\oYyvFuX.exe
  C:\Windows\System\oYyvFuX.exe
  2⤵
  PID:9732
- C:\Windows\System\UlcQRrR.exe
  C:\Windows\System\UlcQRrR.exe
  2⤵
  PID:9776
- C:\Windows\System\qIcRviO.exe
  C:\Windows\System\qIcRviO.exe
  2⤵
  PID:9964
- C:\Windows\System\nkPYsFz.exe
  C:\Windows\System\nkPYsFz.exe
  2⤵
  PID:10144
- C:\Windows\System\cmhJQSq.exe
  C:\Windows\System\cmhJQSq.exe
  2⤵
  PID:9356
- C:\Windows\System\eYjyFXI.exe
  C:\Windows\System\eYjyFXI.exe
  2⤵
  PID:9712
- C:\Windows\System\QTnFhKr.exe
  C:\Windows\System\QTnFhKr.exe
  2⤵
  PID:2168
- C:\Windows\System\ctEHRMt.exe
  C:\Windows\System\ctEHRMt.exe
  2⤵
  PID:9464
- C:\Windows\System\KpdbnOj.exe
  C:\Windows\System\KpdbnOj.exe
  2⤵
  PID:10180
- C:\Windows\System\IJdxpNM.exe
  C:\Windows\System\IJdxpNM.exe
  2⤵
  PID:10276
- C:\Windows\System\tZkZuZz.exe
  C:\Windows\System\tZkZuZz.exe
  2⤵
  PID:10304
- C:\Windows\System\HyrgCLG.exe
  C:\Windows\System\HyrgCLG.exe
  2⤵
  PID:10332
- C:\Windows\System\ivFbhxI.exe
  C:\Windows\System\ivFbhxI.exe
  2⤵
  PID:10360
- C:\Windows\System\ZNMfkNF.exe
  C:\Windows\System\ZNMfkNF.exe
  2⤵
  PID:10388
- C:\Windows\System\vPiRfSd.exe
  C:\Windows\System\vPiRfSd.exe
  2⤵
  PID:10416
- C:\Windows\System\ESrbHMA.exe
  C:\Windows\System\ESrbHMA.exe
  2⤵
  PID:10444
- C:\Windows\System\GQcRtxA.exe
  C:\Windows\System\GQcRtxA.exe
  2⤵
  PID:10472
- C:\Windows\System\cDQnDFl.exe
  C:\Windows\System\cDQnDFl.exe
  2⤵
  PID:10500
- C:\Windows\System\tNGAMgv.exe
  C:\Windows\System\tNGAMgv.exe
  2⤵
  PID:10516
- C:\Windows\System\IRLQyVl.exe
  C:\Windows\System\IRLQyVl.exe
  2⤵
  PID:10556
- C:\Windows\System\TQGcuOR.exe
  C:\Windows\System\TQGcuOR.exe
  2⤵
  PID:10584
- C:\Windows\System\pRfvtjM.exe
  C:\Windows\System\pRfvtjM.exe
  2⤵
  PID:10616
- C:\Windows\System\alRxizu.exe
  C:\Windows\System\alRxizu.exe
  2⤵
  PID:10640
- C:\Windows\System\iojSyYH.exe
  C:\Windows\System\iojSyYH.exe
  2⤵
  PID:10660
- C:\Windows\System\hRVpTwF.exe
  C:\Windows\System\hRVpTwF.exe
  2⤵
  PID:10696
- C:\Windows\System\YCakMcX.exe
  C:\Windows\System\YCakMcX.exe
  2⤵
  PID:10720
- C:\Windows\System\nNZhnIJ.exe
  C:\Windows\System\nNZhnIJ.exe
  2⤵
  PID:10740
- C:\Windows\System\iIpyODm.exe
  C:\Windows\System\iIpyODm.exe
  2⤵
  PID:10768
- C:\Windows\System\AyTOIxI.exe
  C:\Windows\System\AyTOIxI.exe
  2⤵
  PID:10792
- C:\Windows\System\qWUnxzI.exe
  C:\Windows\System\qWUnxzI.exe
  2⤵
  PID:10820
- C:\Windows\System\vJIQagq.exe
  C:\Windows\System\vJIQagq.exe
  2⤵
  PID:10864
- C:\Windows\System\EuXlZiW.exe
  C:\Windows\System\EuXlZiW.exe
  2⤵
  PID:10888
- C:\Windows\System\GqRExoY.exe
  C:\Windows\System\GqRExoY.exe
  2⤵
  PID:10916
- C:\Windows\System\NfencWR.exe
  C:\Windows\System\NfencWR.exe
  2⤵
  PID:10956
- C:\Windows\System\VfGNElQ.exe
  C:\Windows\System\VfGNElQ.exe
  2⤵
  PID:10984
- C:\Windows\System\ljEiRtB.exe
  C:\Windows\System\ljEiRtB.exe
  2⤵
  PID:11012
- C:\Windows\System\GJnaMRJ.exe
  C:\Windows\System\GJnaMRJ.exe
  2⤵
  PID:11032
- C:\Windows\System\mmKSRpv.exe
  C:\Windows\System\mmKSRpv.exe
  2⤵
  PID:11068
- C:\Windows\System\NaRDPaS.exe
  C:\Windows\System\NaRDPaS.exe
  2⤵
  PID:11096
- C:\Windows\System\HhVsqQk.exe
  C:\Windows\System\HhVsqQk.exe
  2⤵
  PID:11116
- C:\Windows\System\exqARDA.exe
  C:\Windows\System\exqARDA.exe
  2⤵
  PID:11140
- C:\Windows\System\VnbkWKf.exe
  C:\Windows\System\VnbkWKf.exe
  2⤵
  PID:11172
- C:\Windows\System\WNQbzgJ.exe
  C:\Windows\System\WNQbzgJ.exe
  2⤵
  PID:11200
- C:\Windows\System\xwpBFsl.exe
  C:\Windows\System\xwpBFsl.exe
  2⤵
  PID:11224
- C:\Windows\System\ymPscKu.exe
  C:\Windows\System\ymPscKu.exe
  2⤵
  PID:11244
- C:\Windows\System\ahyWCAM.exe
  C:\Windows\System\ahyWCAM.exe
  2⤵
  PID:10292
- C:\Windows\System\LZLHSjS.exe
  C:\Windows\System\LZLHSjS.exe
  2⤵
  PID:10344
- C:\Windows\System\MPmCWMa.exe
  C:\Windows\System\MPmCWMa.exe
  2⤵
  PID:10384
- C:\Windows\System\EXjIaws.exe
  C:\Windows\System\EXjIaws.exe
  2⤵
  PID:10440
- C:\Windows\System\hXhrLZC.exe
  C:\Windows\System\hXhrLZC.exe
  2⤵
  PID:10508
- C:\Windows\System\yxGKnDi.exe
  C:\Windows\System\yxGKnDi.exe
  2⤵
  PID:10552
- C:\Windows\System\CrOMsLD.exe
  C:\Windows\System\CrOMsLD.exe
  2⤵
  PID:10624
- C:\Windows\System\SGesmkh.exe
  C:\Windows\System\SGesmkh.exe
  2⤵
  PID:10688
- C:\Windows\System\bBwyvGr.exe
  C:\Windows\System\bBwyvGr.exe
  2⤵
  PID:10760
- C:\Windows\System\iCchnMp.exe
  C:\Windows\System\iCchnMp.exe
  2⤵
  PID:10804
- C:\Windows\System\kCPRYtb.exe
  C:\Windows\System\kCPRYtb.exe
  2⤵
  PID:10872
- C:\Windows\System\ZcuCFuY.exe
  C:\Windows\System\ZcuCFuY.exe
  2⤵
  PID:11000
- C:\Windows\System\tDumKPi.exe
  C:\Windows\System\tDumKPi.exe
  2⤵
  PID:11060
- C:\Windows\System\YiNOmEi.exe
  C:\Windows\System\YiNOmEi.exe
  2⤵
  PID:11104
- C:\Windows\System\MRAcsun.exe
  C:\Windows\System\MRAcsun.exe
  2⤵
  PID:11124
- C:\Windows\System\xLgkVYz.exe
  C:\Windows\System\xLgkVYz.exe
  2⤵
  PID:11232
- C:\Windows\System\TjtNCbw.exe
  C:\Windows\System\TjtNCbw.exe
  2⤵
  PID:10024
- C:\Windows\System\ysHfhkz.exe
  C:\Windows\System\ysHfhkz.exe
  2⤵
  PID:10456
- C:\Windows\System\QPxtNaO.exe
  C:\Windows\System\QPxtNaO.exe
  2⤵
  PID:10528
- C:\Windows\System\kabBmbl.exe
  C:\Windows\System\kabBmbl.exe
  2⤵
  PID:1816
- C:\Windows\System\GEMngmB.exe
  C:\Windows\System\GEMngmB.exe
  2⤵
  PID:10712
- C:\Windows\System\yApSrZl.exe
  C:\Windows\System\yApSrZl.exe
  2⤵
  PID:10996
- C:\Windows\System\JnKAoFg.exe
  C:\Windows\System\JnKAoFg.exe
  2⤵
  PID:4116
- C:\Windows\System\MVATQsc.exe
  C:\Windows\System\MVATQsc.exe
  2⤵
  PID:11212
- C:\Windows\System\MvAvDho.exe
  C:\Windows\System\MvAvDho.exe
  2⤵
  PID:10600
- C:\Windows\System\NWviwiQ.exe
  C:\Windows\System\NWviwiQ.exe
  2⤵
  PID:10680
- C:\Windows\System\yGlzpfe.exe
  C:\Windows\System\yGlzpfe.exe
  2⤵
  PID:1084
- C:\Windows\System\dVfDQic.exe
  C:\Windows\System\dVfDQic.exe
  2⤵
  PID:10884
- C:\Windows\System\pvgvXDF.exe
  C:\Windows\System\pvgvXDF.exe
  2⤵
  PID:10376
- C:\Windows\System\tYyIQhR.exe
  C:\Windows\System\tYyIQhR.exe
  2⤵
  PID:11272
- C:\Windows\System\XxudXCq.exe
  C:\Windows\System\XxudXCq.exe
  2⤵
  PID:11292
- C:\Windows\System\wpeXGCC.exe
  C:\Windows\System\wpeXGCC.exe
  2⤵
  PID:11320
- C:\Windows\System\dqhuygh.exe
  C:\Windows\System\dqhuygh.exe
  2⤵
  PID:11360
- C:\Windows\System\qKYrVtn.exe
  C:\Windows\System\qKYrVtn.exe
  2⤵
  PID:11376
- C:\Windows\System\JOBZnYI.exe
  C:\Windows\System\JOBZnYI.exe
  2⤵
  PID:11416
- C:\Windows\System\pyktiRa.exe
  C:\Windows\System\pyktiRa.exe
  2⤵
  PID:11432
- C:\Windows\System\xnbOOpl.exe
  C:\Windows\System\xnbOOpl.exe
  2⤵
  PID:11472
- C:\Windows\System\UFaDPBp.exe
  C:\Windows\System\UFaDPBp.exe
  2⤵
  PID:11496
- C:\Windows\System\qXcxKiJ.exe
  C:\Windows\System\qXcxKiJ.exe
  2⤵
  PID:11528
- C:\Windows\System\STfucEa.exe
  C:\Windows\System\STfucEa.exe
  2⤵
  PID:11556
- C:\Windows\System\FSZsaqr.exe
  C:\Windows\System\FSZsaqr.exe
  2⤵
  PID:11584
- C:\Windows\System\fXArZgQ.exe
  C:\Windows\System\fXArZgQ.exe
  2⤵
  PID:11608
- C:\Windows\System\QncpwnV.exe
  C:\Windows\System\QncpwnV.exe
  2⤵
  PID:11628
- C:\Windows\System\HkVuaFx.exe
  C:\Windows\System\HkVuaFx.exe
  2⤵
  PID:11660
- C:\Windows\System\nRSydNK.exe
  C:\Windows\System\nRSydNK.exe
  2⤵
  PID:11696
- C:\Windows\System\yVqqanb.exe
  C:\Windows\System\yVqqanb.exe
  2⤵
  PID:11720
- C:\Windows\System\XaUkIfm.exe
  C:\Windows\System\XaUkIfm.exe
  2⤵
  PID:11744
- C:\Windows\System\TsoAzFv.exe
  C:\Windows\System\TsoAzFv.exe
  2⤵
  PID:11780
- C:\Windows\System\gcCOsKo.exe
  C:\Windows\System\gcCOsKo.exe
  2⤵
  PID:11796
- C:\Windows\System\DUnMqBN.exe
  C:\Windows\System\DUnMqBN.exe
  2⤵
  PID:11820
- C:\Windows\System\HIavDDI.exe
  C:\Windows\System\HIavDDI.exe
  2⤵
  PID:11844
- C:\Windows\System\bfmFIhD.exe
  C:\Windows\System\bfmFIhD.exe
  2⤵
  PID:11884
- C:\Windows\System\ncaroAW.exe
  C:\Windows\System\ncaroAW.exe
  2⤵
  PID:11908
- C:\Windows\System\lYxHsVK.exe
  C:\Windows\System\lYxHsVK.exe
  2⤵
  PID:11940
- C:\Windows\System\YgtlaUu.exe
  C:\Windows\System\YgtlaUu.exe
  2⤵
  PID:11956
- C:\Windows\System\Kvwovcj.exe
  C:\Windows\System\Kvwovcj.exe
  2⤵
  PID:12008
- C:\Windows\System\drPaFOx.exe
  C:\Windows\System\drPaFOx.exe
  2⤵
  PID:12028
- C:\Windows\System\EhDZVHO.exe
  C:\Windows\System\EhDZVHO.exe
  2⤵
  PID:12052
- C:\Windows\System\pnVRkUh.exe
  C:\Windows\System\pnVRkUh.exe
  2⤵
  PID:12092
- C:\Windows\System\IKCkvLg.exe
  C:\Windows\System\IKCkvLg.exe
  2⤵
  PID:12116
- C:\Windows\System\ApPakQn.exe
  C:\Windows\System\ApPakQn.exe
  2⤵
  PID:12148
- C:\Windows\System\HSydZwo.exe
  C:\Windows\System\HSydZwo.exe
  2⤵
  PID:12176
- C:\Windows\System\wveiacn.exe
  C:\Windows\System\wveiacn.exe
  2⤵
  PID:12192
- C:\Windows\System\lZbJjWp.exe
  C:\Windows\System\lZbJjWp.exe
  2⤵
  PID:12224
- C:\Windows\System\uvuWUVT.exe
  C:\Windows\System\uvuWUVT.exe
  2⤵
  PID:12260
- C:\Windows\System\LuhzuUI.exe
  C:\Windows\System\LuhzuUI.exe
  2⤵
  PID:12276
- C:\Windows\System\PWoHBQk.exe
  C:\Windows\System\PWoHBQk.exe
  2⤵
  PID:11288
- C:\Windows\System\KkTISAj.exe
  C:\Windows\System\KkTISAj.exe
  2⤵
  PID:11332
- C:\Windows\System\jRPHkLK.exe
  C:\Windows\System\jRPHkLK.exe
  2⤵
  PID:11448
- C:\Windows\System\ZRISbFj.exe
  C:\Windows\System\ZRISbFj.exe
  2⤵
  PID:11516
- C:\Windows\System\dyGrJKv.exe
  C:\Windows\System\dyGrJKv.exe
  2⤵
  PID:11548
- C:\Windows\System\HxZpISN.exe
  C:\Windows\System\HxZpISN.exe
  2⤵
  PID:2736
- C:\Windows\System\UJWfWsb.exe
  C:\Windows\System\UJWfWsb.exe
  2⤵
  PID:11668
- C:\Windows\System\KcZXuzo.exe
  C:\Windows\System\KcZXuzo.exe
  2⤵
  PID:11772
- C:\Windows\System\nleCSlc.exe
  C:\Windows\System\nleCSlc.exe
  2⤵
  PID:11828
- C:\Windows\System\HwpDCAz.exe
  C:\Windows\System\HwpDCAz.exe
  2⤵
  PID:11872
- C:\Windows\System\aGUcXsY.exe
  C:\Windows\System\aGUcXsY.exe
  2⤵
  PID:11920
- C:\Windows\System\VADKYqE.exe
  C:\Windows\System\VADKYqE.exe
  2⤵
  PID:12020
- C:\Windows\System\HTUyKzK.exe
  C:\Windows\System\HTUyKzK.exe
  2⤵
  PID:12068
- C:\Windows\System\CrssCCP.exe
  C:\Windows\System\CrssCCP.exe
  2⤵
  PID:12132
- C:\Windows\System\JGpciQI.exe
  C:\Windows\System\JGpciQI.exe
  2⤵
  PID:12172
- C:\Windows\System\LoVYGAq.exe
  C:\Windows\System\LoVYGAq.exe
  2⤵
  PID:12252
- C:\Windows\System\lQBvajJ.exe
  C:\Windows\System\lQBvajJ.exe
  2⤵
  PID:11312
- C:\Windows\System\vlRpQsu.exe
  C:\Windows\System\vlRpQsu.exe
  2⤵
  PID:11428
- C:\Windows\System\JucxCaa.exe
  C:\Windows\System\JucxCaa.exe
  2⤵
  PID:11576
- C:\Windows\System\tabtALu.exe
  C:\Windows\System\tabtALu.exe
  2⤵
  PID:11788
- C:\Windows\System\RmbVwuZ.exe
  C:\Windows\System\RmbVwuZ.exe
  2⤵
  PID:11900
- C:\Windows\System\nWmCfYs.exe
  C:\Windows\System\nWmCfYs.exe
  2⤵
  PID:2796
- C:\Windows\System\pTBXzxg.exe
  C:\Windows\System\pTBXzxg.exe
  2⤵
  PID:12208
- C:\Windows\System\TBpHmEK.exe
  C:\Windows\System\TBpHmEK.exe
  2⤵
  PID:10980
- C:\Windows\System\UBzerVX.exe
  C:\Windows\System\UBzerVX.exe
  2⤵
  PID:11728
- C:\Windows\System\cGpYeAs.exe
  C:\Windows\System\cGpYeAs.exe
  2⤵
  PID:11980
- C:\Windows\System\XUtuUtj.exe
  C:\Windows\System\XUtuUtj.exe
  2⤵
  PID:11284
- C:\Windows\System\DMVQZwp.exe
  C:\Windows\System\DMVQZwp.exe
  2⤵
  PID:12144
- C:\Windows\System\NwYTEef.exe
  C:\Windows\System\NwYTEef.exe
  2⤵
  PID:11736
- C:\Windows\System\MyNezFp.exe
  C:\Windows\System\MyNezFp.exe
  2⤵
  PID:12316
- C:\Windows\System\yxjXBHD.exe
  C:\Windows\System\yxjXBHD.exe
  2⤵
  PID:12344
- C:\Windows\System\noRcjlS.exe
  C:\Windows\System\noRcjlS.exe
  2⤵
  PID:12372
- C:\Windows\System\GLvVEEz.exe
  C:\Windows\System\GLvVEEz.exe
  2⤵
  PID:12412
- C:\Windows\System\xdFsNIv.exe
  C:\Windows\System\xdFsNIv.exe
  2⤵
  PID:12440
- C:\Windows\System\TbhQBlt.exe
  C:\Windows\System\TbhQBlt.exe
  2⤵
  PID:12468
- C:\Windows\System\uWegHEZ.exe
  C:\Windows\System\uWegHEZ.exe
  2⤵
  PID:12484
- C:\Windows\System\hwkmxAN.exe
  C:\Windows\System\hwkmxAN.exe
  2⤵
  PID:12524
- C:\Windows\System\HifTGXs.exe
  C:\Windows\System\HifTGXs.exe
  2⤵
  PID:12544
- C:\Windows\System\IcTUcrk.exe
  C:\Windows\System\IcTUcrk.exe
  2⤵
  PID:12576
- C:\Windows\System\mJiNZvO.exe
  C:\Windows\System\mJiNZvO.exe
  2⤵
  PID:12596
- C:\Windows\System\niCcHcO.exe
  C:\Windows\System\niCcHcO.exe
  2⤵
  PID:12636
- C:\Windows\System\YNtlYhn.exe
  C:\Windows\System\YNtlYhn.exe
  2⤵
  PID:12664
- C:\Windows\System\zvCcuay.exe
  C:\Windows\System\zvCcuay.exe
  2⤵
  PID:12692
- C:\Windows\System\hdAaLtn.exe
  C:\Windows\System\hdAaLtn.exe
  2⤵
  PID:12724
- C:\Windows\System\NbyvCln.exe
  C:\Windows\System\NbyvCln.exe
  2⤵
  PID:12752
- C:\Windows\System\ENgdCKH.exe
  C:\Windows\System\ENgdCKH.exe
  2⤵
  PID:12768
- C:\Windows\System\lcAKcAU.exe
  C:\Windows\System\lcAKcAU.exe
  2⤵
  PID:12796
- C:\Windows\System\SxJvavV.exe
  C:\Windows\System\SxJvavV.exe
  2⤵
  PID:12836
- C:\Windows\System\anWgXkV.exe
  C:\Windows\System\anWgXkV.exe
  2⤵
  PID:12864
- C:\Windows\System\YksgWxu.exe
  C:\Windows\System\YksgWxu.exe
  2⤵
  PID:12892
- C:\Windows\System\nUJYhyz.exe
  C:\Windows\System\nUJYhyz.exe
  2⤵
  PID:12920
- C:\Windows\System\gaFYSdf.exe
  C:\Windows\System\gaFYSdf.exe
  2⤵
  PID:12944
- C:\Windows\System\JtxskYT.exe
  C:\Windows\System\JtxskYT.exe
  2⤵
  PID:12960
- C:\Windows\System\TszziYY.exe
  C:\Windows\System\TszziYY.exe
  2⤵
  PID:12980
- C:\Windows\System\Mqdxsqy.exe
  C:\Windows\System\Mqdxsqy.exe
  2⤵
  PID:13032
- C:\Windows\System\lrWeztC.exe
  C:\Windows\System\lrWeztC.exe
  2⤵
  PID:13056
- C:\Windows\System\vjBRSMA.exe
  C:\Windows\System\vjBRSMA.exe
  2⤵
  PID:13080
- C:\Windows\System\rLDXiLv.exe
  C:\Windows\System\rLDXiLv.exe
  2⤵
  PID:13104
- C:\Windows\System\FFyRBLD.exe
  C:\Windows\System\FFyRBLD.exe
  2⤵
  PID:13132
- C:\Windows\System\TdxdUvF.exe
  C:\Windows\System\TdxdUvF.exe
  2⤵
  PID:13160
- C:\Windows\System\dRNUXVa.exe
  C:\Windows\System\dRNUXVa.exe
  2⤵
  PID:13188
- C:\Windows\System\KoRaibs.exe
  C:\Windows\System\KoRaibs.exe
  2⤵
  PID:13228
- C:\Windows\System\reeIgdN.exe
  C:\Windows\System\reeIgdN.exe
  2⤵
  PID:13256
- C:\Windows\System\YdtLdzo.exe
  C:\Windows\System\YdtLdzo.exe
  2⤵
  PID:13284
- C:\Windows\System\ehrylTI.exe
  C:\Windows\System\ehrylTI.exe
  2⤵
  PID:12304
- C:\Windows\System\iuUhIrd.exe
  C:\Windows\System\iuUhIrd.exe
  2⤵
  PID:12336
- C:\Windows\System\yzYAoua.exe
  C:\Windows\System\yzYAoua.exe
  2⤵
  PID:12428
- C:\Windows\System\XeGUQiK.exe
  C:\Windows\System\XeGUQiK.exe
  2⤵
  PID:12480
- C:\Windows\System\WYtmqmo.exe
  C:\Windows\System\WYtmqmo.exe
  2⤵
  PID:12568
- C:\Windows\System\DGGHuCc.exe
  C:\Windows\System\DGGHuCc.exe
  2⤵
  PID:12612
- C:\Windows\System\VtlFLlx.exe
  C:\Windows\System\VtlFLlx.exe
  2⤵
  PID:4492
- C:\Windows\System\nZMuRCd.exe
  C:\Windows\System\nZMuRCd.exe
  2⤵
  PID:12660
- C:\Windows\System\xaytWEc.exe
  C:\Windows\System\xaytWEc.exe
  2⤵
  PID:12784
- C:\Windows\System\EJjskiN.exe
  C:\Windows\System\EJjskiN.exe
  2⤵
  PID:12852
- C:\Windows\System\yAsyTzm.exe
  C:\Windows\System\yAsyTzm.exe
  2⤵
  PID:12884
- C:\Windows\System\erpZQcq.exe
  C:\Windows\System\erpZQcq.exe
  2⤵
  PID:12952
- C:\Windows\System\YwThABF.exe
  C:\Windows\System\YwThABF.exe
  2⤵
  PID:12992
- C:\Windows\System\ApXrOyj.exe
  C:\Windows\System\ApXrOyj.exe
  2⤵
  PID:13064
- C:\Windows\System\iKaKzrj.exe
  C:\Windows\System\iKaKzrj.exe
  2⤵
  PID:13120
- C:\Windows\System\iLCGEVL.exe
  C:\Windows\System\iLCGEVL.exe
  2⤵
  PID:13172
- C:\Windows\System\RydiMmX.exe
  C:\Windows\System\RydiMmX.exe
  2⤵
  PID:13248
- C:\Windows\System\WRrflji.exe
  C:\Windows\System\WRrflji.exe
  2⤵
  PID:13304
- C:\Windows\System\SshTEkE.exe
  C:\Windows\System\SshTEkE.exe
  2⤵
  PID:12588
- C:\Windows\System\JJVuOne.exe
  C:\Windows\System\JJVuOne.exe
  2⤵
  PID:12624
- C:\Windows\System\XoeOGZr.exe
  C:\Windows\System\XoeOGZr.exe
  2⤵
  PID:12828
- C:\Windows\System\LDrkhpI.exe
  C:\Windows\System\LDrkhpI.exe
  2⤵
  PID:12968
- C:\Windows\System\mULokFq.exe
  C:\Windows\System\mULokFq.exe
  2⤵
  PID:13124
- C:\Windows\System\ivqREix.exe
  C:\Windows\System\ivqREix.exe
  2⤵
  PID:13280
- C:\Windows\System\xJFaCGR.exe
  C:\Windows\System\xJFaCGR.exe
  2⤵
  PID:12408
- C:\Windows\System\WRoIGlS.exe
  C:\Windows\System\WRoIGlS.exe
  2⤵
  PID:12908
- C:\Windows\System\qpGMSZy.exe
  C:\Windows\System\qpGMSZy.exe
  2⤵
  PID:13144
- C:\Windows\System\eVkDvjs.exe
  C:\Windows\System\eVkDvjs.exe
  2⤵
  PID:13096
- C:\Windows\System\cZdRhsA.exe
  C:\Windows\System\cZdRhsA.exe
  2⤵
  PID:13320
- C:\Windows\System\CGjJfMJ.exe
  C:\Windows\System\CGjJfMJ.exe
  2⤵
  PID:13348
- C:\Windows\System\ugiGakp.exe
  C:\Windows\System\ugiGakp.exe
  2⤵
  PID:13376
- C:\Windows\System\qRBCweB.exe
  C:\Windows\System\qRBCweB.exe
  2⤵
  PID:13392
- C:\Windows\System\axaLzmF.exe
  C:\Windows\System\axaLzmF.exe
  2⤵
  PID:13432
- C:\Windows\System\PpqsOPi.exe
  C:\Windows\System\PpqsOPi.exe
  2⤵
  PID:13460
- C:\Windows\System\rWlebyu.exe
  C:\Windows\System\rWlebyu.exe
  2⤵
  PID:13476
- C:\Windows\System\QcOihnb.exe
  C:\Windows\System\QcOihnb.exe
  2⤵
  PID:13508
- C:\Windows\System\yfinQKi.exe
  C:\Windows\System\yfinQKi.exe
  2⤵
  PID:13532
- C:\Windows\System\FvBBcfW.exe
  C:\Windows\System\FvBBcfW.exe
  2⤵
  PID:13564
- C:\Windows\System\yEXCvPo.exe
  C:\Windows\System\yEXCvPo.exe
  2⤵
  PID:13580
- C:\Windows\System\JFfIQbd.exe
  C:\Windows\System\JFfIQbd.exe
  2⤵
  PID:13612
- C:\Windows\System\BLEUIpl.exe
  C:\Windows\System\BLEUIpl.exe
  2⤵
  PID:13644
- C:\Windows\System\dnmGDop.exe
  C:\Windows\System\dnmGDop.exe
  2⤵
  PID:13672
- C:\Windows\System\lYgZqZH.exe
  C:\Windows\System\lYgZqZH.exe
  2⤵
  PID:13700
- C:\Windows\System\ICqHOaS.exe
  C:\Windows\System\ICqHOaS.exe
  2⤵
  PID:13728
- C:\Windows\System\hAKJrPE.exe
  C:\Windows\System\hAKJrPE.exe
  2⤵
  PID:13768
- C:\Windows\System\TJmuQcI.exe
  C:\Windows\System\TJmuQcI.exe
  2⤵
  PID:13796
- C:\Windows\System\KpXYexC.exe
  C:\Windows\System\KpXYexC.exe
  2⤵
  PID:13824
- C:\Windows\System\yahDZei.exe
  C:\Windows\System\yahDZei.exe
  2⤵
  PID:13840
- C:\Windows\System\oACeRPc.exe
  C:\Windows\System\oACeRPc.exe
  2⤵
  PID:13868
- C:\Windows\System\tLuNRZe.exe
  C:\Windows\System\tLuNRZe.exe
  2⤵
  PID:13908
- C:\Windows\System\pSigFGt.exe
  C:\Windows\System\pSigFGt.exe
  2⤵
  PID:13924
- C:\Windows\System\nFOyZbm.exe
  C:\Windows\System\nFOyZbm.exe
  2⤵
  PID:13964
- C:\Windows\System\oIAjolJ.exe
  C:\Windows\System\oIAjolJ.exe
  2⤵
  PID:13992
- C:\Windows\System\CQNuwCD.exe
  C:\Windows\System\CQNuwCD.exe
  2⤵
  PID:14008
- C:\Windows\System\mCLlkKJ.exe
  C:\Windows\System\mCLlkKJ.exe
  2⤵
  PID:14036
- C:\Windows\System\rRhQpoX.exe
  C:\Windows\System\rRhQpoX.exe
  2⤵
  PID:14064
- C:\Windows\System\gvheTGS.exe
  C:\Windows\System\gvheTGS.exe
  2⤵
  PID:14092
- C:\Windows\System\YfwnaGt.exe
  C:\Windows\System\YfwnaGt.exe
  2⤵
  PID:14120
- C:\Windows\System\jJUAmrc.exe
  C:\Windows\System\jJUAmrc.exe
  2⤵
  PID:14148
- C:\Windows\System\IxlPdFS.exe
  C:\Windows\System\IxlPdFS.exe
  2⤵
  PID:14176
- C:\Windows\System\fDHpfHV.exe
  C:\Windows\System\fDHpfHV.exe
  2⤵
  PID:14204
- C:\Windows\System\QWioUlH.exe
  C:\Windows\System\QWioUlH.exe
  2⤵
  PID:14232
- C:\Windows\System\iunsGUC.exe
  C:\Windows\System\iunsGUC.exe
  2⤵
  PID:14252
- C:\Windows\System\IsAKYiL.exe
  C:\Windows\System\IsAKYiL.exe
  2⤵
  PID:14288
- C:\Windows\System\EGiUrJT.exe
  C:\Windows\System\EGiUrJT.exe
  2⤵
  PID:14316
- C:\Windows\System\zMSJztx.exe
  C:\Windows\System\zMSJztx.exe
  2⤵
  PID:13332
- C:\Windows\System\zHwocSo.exe
  C:\Windows\System\zHwocSo.exe
  2⤵
  PID:13420
- C:\Windows\System\FFhMvyM.exe
  C:\Windows\System\FFhMvyM.exe
  2⤵
  PID:13472
- C:\Windows\System\MZudvAp.exe
  C:\Windows\System\MZudvAp.exe
  2⤵
  PID:13544
- C:\Windows\System\cLtRHOB.exe
  C:\Windows\System\cLtRHOB.exe
  2⤵
  PID:13572
- C:\Windows\System\ZfkCJFD.exe
  C:\Windows\System\ZfkCJFD.exe
  2⤵
  PID:13624
- C:\Windows\System\itKEsWS.exe
  C:\Windows\System\itKEsWS.exe
  2⤵
  PID:13712
- C:\Windows\System\HzvPoOr.exe
  C:\Windows\System\HzvPoOr.exe
  2⤵
  PID:13740
- C:\Windows\System\lrjaYfW.exe
  C:\Windows\System\lrjaYfW.exe
  2⤵
  PID:13780
- C:\Windows\System\OQgjDyR.exe
  C:\Windows\System\OQgjDyR.exe
  2⤵
  PID:13904

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\APhetxd.exe

Filesize
2.2MB

MD5
475d35b4eec5d17e97f349a0128e80f2

SHA1
15758240a338689e611950ac43d0dec909496beb

SHA256
53d74abd2a99c1a40a98c9da05cc32a06c968831dcff643af723f4e3b32fed40

SHA512
4f1c55fcf1416d9ecb38e9fd59665348a0a7fe702101b084ca4b38af251fff89380a533e97cb7274c6fc4b18ac1cd68a0a403673c7734bf43090010701e4881b

Download Submit
C:\Windows\System\AWILOdG.exe

Filesize
2.2MB

MD5
f2f08be3b300f3353d91efa3a2c6a85a

SHA1
961b0c358c45741aedf498f67d91468c52dde507

SHA256
713daecd3bc1c164086114df639d48b86793df04f091d29fafb6caf97dce2abc

SHA512
771a90b7b1fb3ef04dd2869c64248b742b9689f8b2f5668d369dd60b6251ef158712cbf8615d45ce0444a76b09ce2e90f185a428d23836a4d73ac6e5ed3a81f5

Download Submit
C:\Windows\System\CmkFpyk.exe

Filesize
2.2MB

MD5
8b8ffcf46cf0516b7a2c90706df9b97e

SHA1
89b9516e0f017765bd664071fa5ccd7370d38ce1

SHA256
e4325bc0a4d5faf2e6387125705d0d8b47b28492c4aaec5c56a275e8ed83f327

SHA512
4a3c2fd642ecd00be5b977bf90f169dbb076f0f6a74f1abd1c70b9acfffa49aa9991777b39af7b68433502c224ff49c583bee01afd4ec15af204739b8ceed642

Download Submit
C:\Windows\System\JqUlhSO.exe

Filesize
2.2MB

MD5
06f981b0103419b661d681e6c7e54457

SHA1
d635bd9fe4cc18ea1ae43bf04d059f6ffdba9780

SHA256
7c3405561228bc93c54385eacf73b89c37799414ac20a8190e3ed0d765704af1

SHA512
888a26acbb3c0ed6db0fa5163723af92e10b4aa8ef1ba81b936866358adbb3f8a739a3cf7ee761e5efc6163a06294c53a6ca66722e97be2ae3a393b7db2f4730

Download Submit
C:\Windows\System\KdBHKaz.exe

Filesize
2.2MB

MD5
4ef2b6c508e262d6d158ee1a7213cbd8

SHA1
00e68b749dfdd66bdf4b0fda85c45df5a538d151

SHA256
3d2af51477d4cd50d013b0b8d7f3a4826c65152df2dafda017fcde269d5ae0a0

SHA512
7355303968e1981ed4f6e101879d22202e3bfda35e90f2416a3379364ede1d5e79891c09f391c3a5b72ce3238710033660bd0eaa8a09b0d691d6d1c7c19d362d

Download Submit
C:\Windows\System\MzvNyoI.exe

Filesize
2.2MB

MD5
89ca13b6d004e7dce4a456f203b3e746

SHA1
5c973ad6a18b16b7b5846dd37a6ff78b3da64060

SHA256
a18ca01dbd6bb7aac9944d7df8e60d2d816564d63b70830f6bd979eb717027cb

SHA512
9dc3dd82e22f835200e0d6eed71807125bde996c035b4b9f62be0d6576e519d26d5921b5862368e861316fb4485d0685945f006c75793b86b91fae37bdf477fb

Download Submit
C:\Windows\System\NbNrWPB.exe

Filesize
2.2MB

MD5
a54932d6a4e49f9e3b76ab87645838a3

SHA1
5e059d32e181891da345805ddf6b22d126d0c222

SHA256
71e2fbc0335196503636bce47296f70c7c14bb0b730147cebab973cbc7e30b6f

SHA512
c57d8ee9a2f6f2630cb3adc488d7615f32e0373575bbed77e744d5f54d0bf3c950cde49146b9a9420905c4fda4860b5edf0ed64d1f78f27e63659eed3dbaf6d4

Download Submit
C:\Windows\System\PKCwGNJ.exe

Filesize
2.2MB

MD5
224ae146a4d27e0333e9810596d44888

SHA1
d3484c16ad78f49c7347cc368f3e991c9a7d1d8d

SHA256
693cff7b922f0d95f2e0bd5d72e2195c9acfd9926e8da07953aff64f6c1ca21b

SHA512
31362046a9d6fa0b6083ef1c0b1422b5096418605159d9591fde9eabaae751b60c688729733b717a02b23a379454a7b2d18e9b977d0483f19d6675f996d5b5a2

Download Submit
C:\Windows\System\TIGmyxz.exe

Filesize
2.2MB

MD5
d472719aa377eb0019fd8263c1d861f9

SHA1
03bb41527d3e8b5430480751e9507e75a3a4dade

SHA256
d500e88e23ead5089b9488bc858ab58cd68009d97daccd47372e224e10ba86be

SHA512
ccce799cac74b7a591c15a1e508dc7717f38c95161ed11d0b75b22cc8b46a810bb4601d4a7e8e2020642feca1af4096284304fa941d52892d372b7f1a4468f07

Download Submit
C:\Windows\System\UBNtjdg.exe

Filesize
2.2MB

MD5
212580a5a9a34df3e46afd5470399a41

SHA1
56e10fadc90303dd977a863c97e979af8e49c492

SHA256
94ad35ecfb4dc7f27fc760b4cc3a00715266c1b9de0038a54308f39d24d71cdb

SHA512
8da3880225ecdd50ad7b71f5011cfd93fbe67f5bca4ded1b297bda472ad07b7728c95466927f71adc44dfb12c177d7037edccd515801bfd1e9df3d52e778bdf2

Download Submit
C:\Windows\System\VzQlPrh.exe

Filesize
2.2MB

MD5
1e197ad8aaec7d00a6dac7ce4b5dd8a1

SHA1
3f3f40acbee3b987a3c0e825c478764532de46df

SHA256
09a4d35735f195837583aa574a59ff391e700e7b0a032e9fb45a661de332865f

SHA512
e0d4886d5e332ad06ca3f43b020eba0440bc4c74ae20a6519c0ae29245b4300dfd34830557b032729fb35fe7aba8532f10f7648d1ecf63d5fb567515a2f5147c

Download Submit
C:\Windows\System\XWtElAI.exe

Filesize
2.2MB

MD5
558286f000a9afa2a2be0775173b2522

SHA1
b5fb3b15384172d472b802744ea78703e10234bb

SHA256
392d228ac1d4ebe0662cdbc55c444f6a22bc37b8c97f55ae69ab59ea80f6bf5b

SHA512
3122ecf1c11b4b6b0938bd130236341ac170b0f0806ec1b49f148dca97b79d1833e4057820b0d607bd7c4b55c549fe21e9421529ea50c5243152dec7f0542ec9

Download Submit
C:\Windows\System\XfGqxNK.exe

Filesize
2.2MB

MD5
67016488a6f49c6c54e34eb151a03400

SHA1
f94aa327cff2c5bb7677f1417c64de1f0240de27

SHA256
40624005a69b16f61fe7c803139cab6b0fd76236f24a2b8b395f75a41da3dc14

SHA512
28da63b786d86c98b95c56fbb3b6259c6e8426264c102644a361ea9db7a412d0f31b4d98c81fdce15bacd49bb22f7cb9a4feb0b86ef3c41db7e7562ed65a96ad

Download Submit
C:\Windows\System\YOvJcmQ.exe

Filesize
2.2MB

MD5
55b2fdafee56498924aa08f41e455540

SHA1
28ccb165b5b392529e59af03ac0e99955493e25f

SHA256
6e8f737ac373bc5069f52425a662a2cfdf6706902cd425bc5de5922b023b2851

SHA512
7b55514437ae1ada0a4bb11e810847533cba8db6a5ed9d54b38afd21f5849b709f778361e0d0c34a56ff6adfd990087efb7572420e2997ea42a6e0720bb4efe5

Download Submit
C:\Windows\System\aNGTSYd.exe

Filesize
2.2MB

MD5
a9be025cabf6f8057d60f80cf0f8fecf

SHA1
3403308c5ea16d8cc4a57255f4a4b3f5196397f8

SHA256
879456523b164798e5d8d20963e5789180e32fc2f4e3088efba484e237dda8cd

SHA512
6f4e980cc137d68ed47e58b5cec7034365e0451b39c8b86c4fc7f3675166bc36fb6006fe8c519dc2f08da6fe10294b95421cc09c22b76016ffcbeac2311e95a9

Download Submit
C:\Windows\System\ahyCGzq.exe

Filesize
2.2MB

MD5
3696a7a00ed40e0ae9ed223d6000c832

SHA1
7d504052a5936eac484c349ca21eecd24a88a34c

SHA256
3517ebc76b7f7debd67a435beaba078cd00ac8140e7299051248420f10a5a2ca

SHA512
d4c416441db67e2ebdf4e34e96be4586ae3baad14a2e5c256f910bbe67439b4598e1614ce6192df13e038418e509e1133cbb0de0ed3dfbac338ba7d0189c14b9

Download Submit
C:\Windows\System\bossAdi.exe

Filesize
2.2MB

MD5
a87229637a8c4efb1f8d5b2c20780516

SHA1
ed7d7137dc21eb35e3e0491819d4c068d2afd656

SHA256
c056b01574dcf41fc0c08ce3c1b46234a2fd23a253f884805ab0a4b461633059

SHA512
d491adb7a905222621294091527e9ff23a24daa3d990f2a5b510335d079b4fef8d4c3e8db7092549aa0b78741f08d30e27d6300ae73f585975fb004ef58f4675

Download Submit
C:\Windows\System\dLozrLa.exe

Filesize
2.2MB

MD5
5b97c6a7fa4b44994b516fb82eeb6a86

SHA1
1114062087c5cd9f0e3edb710ffa9cf4133f7742

SHA256
68be8a99d17d88215da7c13e800fba212419d4941f97804a2317c62a4c47ecd3

SHA512
e0ea26ad4a671cca6ecd3f2c385d6bce302d52d0bc4bc222f58b5caa7a496339d7d993b699386dc5284e92309a36d7f9b2f4a0fc830b64c753046fdeeb9c8630

Download Submit
C:\Windows\System\dOJYYBv.exe

Filesize
2.2MB

MD5
0aee350da27a98ba3e76dbd7f9f11674

SHA1
da1400abd52e95ede24583b528cc747a8c8bedc8

SHA256
51a80b4a4c2cced7a298a380298288a55483e3a564d30054cd6778fb0d66667e

SHA512
ee7869068bda54268453f9460261421a5b20804a8ef03142d252f3f2c183bc30adb8c51dc88550a50d81a6f441f4539be0c53f8ce6b73dd6a1d06fd462ce9bf0

Download Submit
C:\Windows\System\fSEOwIS.exe

Filesize
2.2MB

MD5
03655b5ac9415a038a5109c09526ecc1

SHA1
3bf27fceca766530540f8346f80d2e6bbce75503

SHA256
81c039113a5be42cf21e182b2e63e05a9d2a1a2b59e146178a9223ccf30bbae8

SHA512
674d982036ef826359b790553c61361bb1e294580d672380f17b08cef813fae91d7ed440bd5edcbfe2537c78491ce0a3a1e371687d71bffe0ff12e0a3669d013

Download Submit
C:\Windows\System\hNawSZD.exe

Filesize
2.2MB

MD5
9c2372ae3943edce63b66432045c48c0

SHA1
aca400a8158f3b7ade5fe7baa0d3bfef51e8d393

SHA256
c595ad1c12e7bf32297da03e452a888f3f877a55db47ca3ae2f06c380a35bb69

SHA512
d8ecf6b73412240c04797f103056cf4d5f6fbe59164c6bff00961f214f79a1d7c65240bcc603ffbcb0626b0031b098470739b37753a6bb1ef53f4951ddbbc779

Download Submit
C:\Windows\System\mhFqwpv.exe

Filesize
2.2MB

MD5
63aee161563f4694a2370438b48bcaf3

SHA1
e8ddf7102e565232877bb43bae1f0bf9b60af692

SHA256
51050fb5bf139a4b6020165c6f855ec089f031ad154889f60aa831aeb1d31515

SHA512
998d54e35b95f246c326802227e39d808e63c3a3002082c1d1ff48a11577cb0487a09cc5533d664419782c68d8a101385fbbeb1c1d643ce1db0d1f3fb6fa75fb

Download Submit
C:\Windows\System\nRHuKyQ.exe

Filesize
2.2MB

MD5
9d9dc7048e5fa29391e2507cf80f3ff9

SHA1
d28e63fdf53e9f2fe8f86974691f8699c1b00af2

SHA256
2a39f165a5447e3e2f3ed664b436199cd9a2816e4d39632a4ae9c617c471f3de

SHA512
29440afe92b091a2023deaebd3e3c775ac4e7ab23b46d8021adaa00ebb151d22c4406bb7ecaaba28c993f204e101251058a74bcac936c6b33d8cdc7933bc7926

Download Submit
C:\Windows\System\nmSlqIA.exe

Filesize
2.2MB

MD5
09dd90bab77b74f9276e838fa98490cf

SHA1
4ada85adb9cc1f4dc102a0c0b16e314aae39187a

SHA256
d0e90eca56c305ad025b794a2fceb7af3addaf10c16ad3690ee71442868fe306

SHA512
cf7595ac1dfa6e4258314b6e3b532ea3a2f316c0f0b5021f6289f520a467afccfb49d4d204e327523d0f9b88e7eb2fe2152081e40e8cdbbcc66da81e59b161b2

Download Submit
C:\Windows\System\peYYmql.exe

Filesize
2.2MB

MD5
2e43434171da103a2aa48e792d124527

SHA1
19f1c50694f7de7d1045c7c69e7dbbe3fed7d5b4

SHA256
f6787d136faac720392b743c62c32beabe9561071a335166b07caae9596be41d

SHA512
555d64a66133187bfba5ab2cf8c6ceecfa9e121699dc4104270535c6134aedb7d4a2d95ef02fec2bd522aa73bbd21407437609ff673a4ef1168d7230eeaaf9ad

Download Submit
C:\Windows\System\pqNredL.exe

Filesize
2.2MB

MD5
076d5245bbdd7fe8fd65d73a12f99323

SHA1
b6111e99e5e4e2e717c8c883d0057f93662a18bc

SHA256
99e18ccba066c86cb8d9ad11274e626db26d837f1d25979495d16a38120a7aa5

SHA512
2341723fab01c73ef0c11eaad73e8510f1f8e568f0616d7f58f9410358053114f8b58b096dee0049b935bd2c0457a93d5e144137661cc5746bb53bc22474c98a

Download Submit
C:\Windows\System\riYKsNi.exe

Filesize
2.2MB

MD5
aa4440a16440c0b9fdead790091c1522

SHA1
cb1feb6fb3a50e30a25441d55a0fddf81c7ac57c

SHA256
802725704117f58eb82c1a086d65fd7c6f42ed1f8e507739ae0bed8009a9d0f5

SHA512
b2bbfc12d5a9f528e09307cbb069ff0b5f7bdd5b18bdfb8fd5716e174d2bbee618a03ecc0e85c58d391d2166ab6d052b624ee28c16ef7146b9ec1347e7e1233c

Download Submit
C:\Windows\System\rwWsBrV.exe

Filesize
2.2MB

MD5
a9ca3c648b544b285a725ba094c91bb6

SHA1
f792cdbebd46753ef5988bb00bcaa1b78376dc6f

SHA256
300a88daee169842678540aa7022467ffa55673005d68b7389612b4bba482d0c

SHA512
a63c28cbdca63851312c034fda5e33067443a4155ac97113529025e15bdf2d3f622f7162fd57670236e88bc1b95553f06ec3c0ca4ff458edfce628a10427b52a

Download Submit
C:\Windows\System\rypYqlg.exe

Filesize
2.2MB

MD5
8780bd7391ba35f903d22f6704c9be73

SHA1
1ed903da45ed6eee914a63b143c4533c4a61c249

SHA256
26feebba5b96a70aaba82eeb7f491d2f82d813c1ee3f5c8db44f09b7ac603757

SHA512
49a2d0fb485a5c1d39ace6865449dc141ce2c46ec94710c065cd9a41ad40d5b3715dcc8efd007b9b19f51f629795af1578d8a19887293ad6ce3b0cad4daab0eb

Download Submit
C:\Windows\System\sfYvUXi.exe

Filesize
2.2MB

MD5
94e5fe57a74d2096c697e338b96e54e1

SHA1
eeac0db711bfa45923408dcb7ea69b32d4ead7c1

SHA256
2edb77c9b052b63247d822db49409bf62edc445c90de1b50b2323d99415f06d4

SHA512
cc6fe270a6e05b114c5b00e4b11dfa066046c4af410d99ff7c40515bbc078d05f51568e42934e0570d342beacd46aee098c4cb9b3d79cb57dbf2f412b9e6f59c

Download Submit
C:\Windows\System\tKbUkUR.exe

Filesize
2.2MB

MD5
65f13dca686667fd0eb83010bcca3145

SHA1
046b7e72c3fec0c52d36cdeb380331fd978501a6

SHA256
244fd43e54a0065458c1b6f6299e57af1d32f9c035f03f3585c24c4a233ce681

SHA512
58c8000bb9be86e7fb3b96c3f55f681969f086b7a0e7295c3e13a138a121f6f09d5c42126b917338ab13ea615f136d7e96bb7bee6a4b151f8a999801f4780106

Download Submit
C:\Windows\System\tvQoxYb.exe

Filesize
2.2MB

MD5
ec54fa1bdba4b2c93fa57419e176d016

SHA1
f0b7679c3c1726db19ab6d777953935d9474330d

SHA256
93e1a8f54f264d28ff184224e9505440c79315b1fa6bfc51ed67a0edff2acd33

SHA512
f4d61ba656f13aeb6c71d1004146cb172f73c45d182af58949d36246ce03b4ef280544990793b3b2c5cc3ead45a30da8900cf95e0136539255a6bdb831aeb619

Download Submit
C:\Windows\System\wjhjWZI.exe

Filesize
2.2MB

MD5
a38df54711bc0a370208b9c773199480

SHA1
0d0e5276e037f67f66c5f1fa5e74866d90751565

SHA256
c4c40449a5928648fcdef9d71d511e7f787cef4c2628267ce283c75e14da8dc0

SHA512
42b7f2e588b7355d517807feaea14807cb78aa95255f7ad825277d60e01927f60797a28617dc21967d956797cf8ec642c4df67c7291a3363290bc5492dc0ee2d

Download Submit
memory/348-2155-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp

Filesize
3.3MB

Download
memory/348-19-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp

Filesize
3.3MB

Download
memory/348-2152-0x00007FF75B4A0000-0x00007FF75B7F4000-memory.dmp

Filesize
3.3MB

Download
memory/552-651-0x00007FF6AFB00000-0x00007FF6AFE54000-memory.dmp

Filesize
3.3MB

Download
memory/552-2175-0x00007FF6AFB00000-0x00007FF6AFE54000-memory.dmp

Filesize
3.3MB

Download
memory/856-602-0x00007FF734F40000-0x00007FF735294000-memory.dmp

Filesize
3.3MB

Download
memory/856-2180-0x00007FF734F40000-0x00007FF735294000-memory.dmp

Filesize
3.3MB

Download
memory/1076-2159-0x00007FF60D080000-0x00007FF60D3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-585-0x00007FF60D080000-0x00007FF60D3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-587-0x00007FF7AE4C0000-0x00007FF7AE814000-memory.dmp

Filesize
3.3MB

Download
memory/1396-2162-0x00007FF7AE4C0000-0x00007FF7AE814000-memory.dmp

Filesize
3.3MB

Download
memory/1420-586-0x00007FF7AB5A0000-0x00007FF7AB8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1420-2163-0x00007FF7AB5A0000-0x00007FF7AB8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1520-2158-0x00007FF759520000-0x00007FF759874000-memory.dmp

Filesize
3.3MB

Download
memory/1520-581-0x00007FF759520000-0x00007FF759874000-memory.dmp

Filesize
3.3MB

Download
memory/1708-674-0x00007FF7F9D50000-0x00007FF7FA0A4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2156-0x00007FF7F9D50000-0x00007FF7FA0A4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-2176-0x00007FF6C66B0000-0x00007FF6C6A04000-memory.dmp

Filesize
3.3MB

Download
memory/1852-658-0x00007FF6C66B0000-0x00007FF6C6A04000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2169-0x00007FF7ED030000-0x00007FF7ED384000-memory.dmp

Filesize
3.3MB

Download
memory/2008-598-0x00007FF7ED030000-0x00007FF7ED384000-memory.dmp

Filesize
3.3MB

Download
memory/2108-583-0x00007FF79F6C0000-0x00007FF79FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2160-0x00007FF79F6C0000-0x00007FF79FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2120-589-0x00007FF6F5A70000-0x00007FF6F5DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2164-0x00007FF6F5A70000-0x00007FF6F5DC4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-580-0x00007FF7A61D0000-0x00007FF7A6524000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2154-0x00007FF7A61D0000-0x00007FF7A6524000-memory.dmp

Filesize
3.3MB

Download
memory/2232-2174-0x00007FF64CE40000-0x00007FF64D194000-memory.dmp

Filesize
3.3MB

Download
memory/2232-613-0x00007FF64CE40000-0x00007FF64D194000-memory.dmp

Filesize
3.3MB

Download
memory/2340-588-0x00007FF705FD0000-0x00007FF706324000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2165-0x00007FF705FD0000-0x00007FF706324000-memory.dmp

Filesize
3.3MB

Download
memory/2444-662-0x00007FF6C7C50000-0x00007FF6C7FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-2177-0x00007FF6C7C50000-0x00007FF6C7FA4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2153-0x00007FF60B780000-0x00007FF60BAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-17-0x00007FF60B780000-0x00007FF60BAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3172-2161-0x00007FF6E3CC0000-0x00007FF6E4014000-memory.dmp

Filesize
3.3MB

Download
memory/3172-584-0x00007FF6E3CC0000-0x00007FF6E4014000-memory.dmp

Filesize
3.3MB

Download
memory/3208-659-0x00007FF6806D0000-0x00007FF680A24000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2181-0x00007FF6806D0000-0x00007FF680A24000-memory.dmp

Filesize
3.3MB

Download
memory/3372-2167-0x00007FF737800000-0x00007FF737B54000-memory.dmp

Filesize
3.3MB

Download
memory/3372-619-0x00007FF737800000-0x00007FF737B54000-memory.dmp

Filesize
3.3MB

Download
memory/3432-582-0x00007FF6D2E50000-0x00007FF6D31A4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2157-0x00007FF6D2E50000-0x00007FF6D31A4000-memory.dmp

Filesize
3.3MB

Download
memory/3692-2170-0x00007FF63F610000-0x00007FF63F964000-memory.dmp

Filesize
3.3MB

Download
memory/3692-634-0x00007FF63F610000-0x00007FF63F964000-memory.dmp

Filesize
3.3MB

Download
memory/3868-2168-0x00007FF7E7410000-0x00007FF7E7764000-memory.dmp

Filesize
3.3MB

Download
memory/3868-591-0x00007FF7E7410000-0x00007FF7E7764000-memory.dmp

Filesize
3.3MB

Download
memory/4112-606-0x00007FF715910000-0x00007FF715C64000-memory.dmp

Filesize
3.3MB

Download
memory/4112-2173-0x00007FF715910000-0x00007FF715C64000-memory.dmp

Filesize
3.3MB

Download
memory/4364-1-0x0000023167DA0000-0x0000023167DB0000-memory.dmp

Filesize
64KB

Download
memory/4364-0-0x00007FF702050000-0x00007FF7023A4000-memory.dmp

Filesize
3.3MB

Download
memory/4400-668-0x00007FF75CEA0000-0x00007FF75D1F4000-memory.dmp

Filesize
3.3MB

Download
memory/4400-2172-0x00007FF75CEA0000-0x00007FF75D1F4000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2178-0x00007FF6B6610000-0x00007FF6B6964000-memory.dmp

Filesize
3.3MB

Download
memory/4608-646-0x00007FF6B6610000-0x00007FF6B6964000-memory.dmp

Filesize
3.3MB

Download
memory/4752-641-0x00007FF681920000-0x00007FF681C74000-memory.dmp

Filesize
3.3MB

Download
memory/4752-2179-0x00007FF681920000-0x00007FF681C74000-memory.dmp

Filesize
3.3MB

Download
memory/5060-629-0x00007FF6D0C50000-0x00007FF6D0FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2166-0x00007FF6D0C50000-0x00007FF6D0FA4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2171-0x00007FF62D4F0000-0x00007FF62D844000-memory.dmp

Filesize
3.3MB

Download
memory/5072-590-0x00007FF62D4F0000-0x00007FF62D844000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads