kpot | c38497cd0acc28a788ba9a6e886a9bc99c6c14d9dd5b44179daf49b411b0583b

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
Size

2.5MB
MD5

af11930780db34c667006f0dcd8568a0
SHA1

1c3fa02b9db2049b6d7c856f2bfaf12cd6a1cabe
SHA256

c38497cd0acc28a788ba9a6e886a9bc99c6c14d9dd5b44179daf49b411b0583b
SHA512

cef45a84ced99b2804844981dc4a013d3553646004d950f411dbd420f2ae9672cadc7a9b64326f39a96112a1a5ba4639fcb7b0026848cf2db0128143d399e72e
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eohy:oemTLkNdfE0pZrwm

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000700000002336e-4.dat	family_kpot
behavioral2/files/0x000700000002354d-10.dat	family_kpot
behavioral2/files/0x000900000002353b-15.dat	family_kpot
behavioral2/files/0x0007000000023550-39.dat	family_kpot
behavioral2/files/0x0007000000023553-50.dat	family_kpot
behavioral2/files/0x0007000000023555-64.dat	family_kpot
behavioral2/files/0x0007000000023559-78.dat	family_kpot
behavioral2/files/0x000700000002355c-95.dat	family_kpot
behavioral2/files/0x0007000000023560-119.dat	family_kpot
behavioral2/files/0x0007000000023565-144.dat	family_kpot
behavioral2/files/0x0007000000023569-158.dat	family_kpot
behavioral2/files/0x000700000002356b-168.dat	family_kpot
behavioral2/files/0x000700000002356a-163.dat	family_kpot
behavioral2/files/0x0007000000023568-159.dat	family_kpot
behavioral2/files/0x0007000000023567-154.dat	family_kpot
behavioral2/files/0x0007000000023566-148.dat	family_kpot
behavioral2/files/0x0007000000023564-139.dat	family_kpot
behavioral2/files/0x0007000000023563-133.dat	family_kpot
behavioral2/files/0x0007000000023562-129.dat	family_kpot
behavioral2/files/0x0007000000023561-124.dat	family_kpot
behavioral2/files/0x000700000002355f-114.dat	family_kpot
behavioral2/files/0x000700000002355e-108.dat	family_kpot
behavioral2/files/0x000700000002355d-104.dat	family_kpot
behavioral2/files/0x000700000002355b-93.dat	family_kpot
behavioral2/files/0x000700000002355a-89.dat	family_kpot
behavioral2/files/0x0007000000023558-79.dat	family_kpot
behavioral2/files/0x0007000000023557-73.dat	family_kpot
behavioral2/files/0x0007000000023556-69.dat	family_kpot
behavioral2/files/0x0007000000023554-58.dat	family_kpot
behavioral2/files/0x0007000000023552-48.dat	family_kpot
behavioral2/files/0x0007000000023551-41.dat	family_kpot
behavioral2/files/0x000700000002354f-37.dat	family_kpot
behavioral2/files/0x000700000002354e-32.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1832-0-0x00007FF72A020000-0x00007FF72A374000-memory.dmp	xmrig
behavioral2/files/0x000700000002336e-4.dat	xmrig
behavioral2/memory/1248-8-0x00007FF7A95F0000-0x00007FF7A9944000-memory.dmp	xmrig
behavioral2/files/0x000700000002354d-10.dat	xmrig
behavioral2/memory/3512-16-0x00007FF75A320000-0x00007FF75A674000-memory.dmp	xmrig
behavioral2/files/0x000900000002353b-15.dat	xmrig
behavioral2/memory/1708-22-0x00007FF7E36C0000-0x00007FF7E3A14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023550-39.dat	xmrig
behavioral2/files/0x0007000000023553-50.dat	xmrig
behavioral2/files/0x0007000000023555-64.dat	xmrig
behavioral2/files/0x0007000000023559-78.dat	xmrig
behavioral2/files/0x000700000002355c-95.dat	xmrig
behavioral2/files/0x0007000000023560-119.dat	xmrig
behavioral2/files/0x0007000000023565-144.dat	xmrig
behavioral2/files/0x0007000000023569-158.dat	xmrig
behavioral2/memory/808-660-0x00007FF632A80000-0x00007FF632DD4000-memory.dmp	xmrig
behavioral2/files/0x000700000002356b-168.dat	xmrig
behavioral2/files/0x000700000002356a-163.dat	xmrig
behavioral2/files/0x0007000000023568-159.dat	xmrig
behavioral2/files/0x0007000000023567-154.dat	xmrig
behavioral2/files/0x0007000000023566-148.dat	xmrig
behavioral2/files/0x0007000000023564-139.dat	xmrig
behavioral2/files/0x0007000000023563-133.dat	xmrig
behavioral2/files/0x0007000000023562-129.dat	xmrig
behavioral2/files/0x0007000000023561-124.dat	xmrig
behavioral2/files/0x000700000002355f-114.dat	xmrig
behavioral2/files/0x000700000002355e-108.dat	xmrig
behavioral2/files/0x000700000002355d-104.dat	xmrig
behavioral2/files/0x000700000002355b-93.dat	xmrig
behavioral2/files/0x000700000002355a-89.dat	xmrig
behavioral2/files/0x0007000000023558-79.dat	xmrig
behavioral2/files/0x0007000000023557-73.dat	xmrig
behavioral2/files/0x0007000000023556-69.dat	xmrig
behavioral2/files/0x0007000000023554-58.dat	xmrig
behavioral2/files/0x0007000000023552-48.dat	xmrig
behavioral2/files/0x0007000000023551-41.dat	xmrig
behavioral2/files/0x000700000002354f-37.dat	xmrig
behavioral2/files/0x000700000002354e-32.dat	xmrig
behavioral2/memory/2480-31-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp	xmrig
behavioral2/memory/1496-27-0x00007FF707720000-0x00007FF707A74000-memory.dmp	xmrig
behavioral2/memory/1940-661-0x00007FF704DA0000-0x00007FF7050F4000-memory.dmp	xmrig
behavioral2/memory/3280-662-0x00007FF65AD80000-0x00007FF65B0D4000-memory.dmp	xmrig
behavioral2/memory/3268-663-0x00007FF67E1D0000-0x00007FF67E524000-memory.dmp	xmrig
behavioral2/memory/2608-664-0x00007FF7974B0000-0x00007FF797804000-memory.dmp	xmrig
behavioral2/memory/3908-673-0x00007FF710B60000-0x00007FF710EB4000-memory.dmp	xmrig
behavioral2/memory/3060-670-0x00007FF619260000-0x00007FF6195B4000-memory.dmp	xmrig
behavioral2/memory/2576-684-0x00007FF78B210000-0x00007FF78B564000-memory.dmp	xmrig
behavioral2/memory/4580-678-0x00007FF6AA1F0000-0x00007FF6AA544000-memory.dmp	xmrig
behavioral2/memory/2656-695-0x00007FF7AB5A0000-0x00007FF7AB8F4000-memory.dmp	xmrig
behavioral2/memory/2752-689-0x00007FF6AF340000-0x00007FF6AF694000-memory.dmp	xmrig
behavioral2/memory/4488-686-0x00007FF79A420000-0x00007FF79A774000-memory.dmp	xmrig
behavioral2/memory/1520-702-0x00007FF67BD40000-0x00007FF67C094000-memory.dmp	xmrig
behavioral2/memory/2056-699-0x00007FF62A050000-0x00007FF62A3A4000-memory.dmp	xmrig
behavioral2/memory/2388-709-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp	xmrig
behavioral2/memory/3080-715-0x00007FF74D640000-0x00007FF74D994000-memory.dmp	xmrig
behavioral2/memory/4124-717-0x00007FF65F4B0000-0x00007FF65F804000-memory.dmp	xmrig
behavioral2/memory/752-725-0x00007FF7233A0000-0x00007FF7236F4000-memory.dmp	xmrig
behavioral2/memory/4368-731-0x00007FF6A1D30000-0x00007FF6A2084000-memory.dmp	xmrig
behavioral2/memory/1672-728-0x00007FF701A40000-0x00007FF701D94000-memory.dmp	xmrig
behavioral2/memory/4632-727-0x00007FF7A6020000-0x00007FF7A6374000-memory.dmp	xmrig
behavioral2/memory/3464-719-0x00007FF70AE70000-0x00007FF70B1C4000-memory.dmp	xmrig
behavioral2/memory/2740-712-0x00007FF60E800000-0x00007FF60EB54000-memory.dmp	xmrig
behavioral2/memory/4056-705-0x00007FF6C8070000-0x00007FF6C83C4000-memory.dmp	xmrig
behavioral2/memory/1248-2160-0x00007FF7A95F0000-0x00007FF7A9944000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1248	efHQpzf.exe
3512	vbbPkJh.exe
1708	zhkiKZd.exe
1496	rAKmJAp.exe
808	Yfxvtrp.exe
2480	YJyXRBR.exe
4368	hFxWNUt.exe
1940	gUdFQFi.exe
3280	iLfXvJp.exe
3268	IHdMbiX.exe
2608	CTDOXxF.exe
3060	OhLGBkJ.exe
3908	RRvYWcx.exe
4580	EeQPPSm.exe
2576	wbPtQEm.exe
4488	FoWmqiu.exe
2752	uhJkiYF.exe
2656	wUubaBb.exe
2056	QMtjjAr.exe
1520	zMUabwG.exe
4056	TmtJdFd.exe
2388	bqWMXvB.exe
2740	CRMIhJH.exe
3080	cYOOeUi.exe
4124	spiTUPq.exe
3464	dVvHAnP.exe
752	oMifWzb.exe
4632	jUqortV.exe
1672	fubzqaz.exe
2020	nEhOnLS.exe
2964	iAcjPwW.exe
3704	WzkfCpp.exe
1872	IAGcMbz.exe
5108	CLyQBjU.exe
3668	xpyrLsX.exe
452	RoXqkkt.exe
3436	XALXupx.exe
3324	kyfRttW.exe
2632	NuugRJw.exe
2000	MsfhAvk.exe
2660	wvmGhDL.exe
4348	WhBGVpd.exe
3584	TJBLlBm.exe
2792	QddiiDI.exe
4568	fjVakGE.exe
2340	UCbmAtO.exe
1600	JlJutRU.exe
1968	xMUXYSH.exe
4492	UooeZZi.exe
2528	rFdRfUm.exe
3052	vGyVRdT.exe
4744	eHcKeuN.exe
2800	zDmRDLP.exe
4976	TtSiEMU.exe
4420	cNadonO.exe
1896	HNlzOLI.exe
1416	FtVMWRt.exe
5080	rvEjaIi.exe
2300	tKNawSQ.exe
1380	VDHMtgW.exe
4248	NtRRYbK.exe
4952	ROSvSvK.exe
748	roeiBih.exe
5096	fblMGwA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1832-0-0x00007FF72A020000-0x00007FF72A374000-memory.dmp	upx
behavioral2/files/0x000700000002336e-4.dat	upx
behavioral2/memory/1248-8-0x00007FF7A95F0000-0x00007FF7A9944000-memory.dmp	upx
behavioral2/files/0x000700000002354d-10.dat	upx
behavioral2/memory/3512-16-0x00007FF75A320000-0x00007FF75A674000-memory.dmp	upx
behavioral2/files/0x000900000002353b-15.dat	upx
behavioral2/memory/1708-22-0x00007FF7E36C0000-0x00007FF7E3A14000-memory.dmp	upx
behavioral2/files/0x0007000000023550-39.dat	upx
behavioral2/files/0x0007000000023553-50.dat	upx
behavioral2/files/0x0007000000023555-64.dat	upx
behavioral2/files/0x0007000000023559-78.dat	upx
behavioral2/files/0x000700000002355c-95.dat	upx
behavioral2/files/0x0007000000023560-119.dat	upx
behavioral2/files/0x0007000000023565-144.dat	upx
behavioral2/files/0x0007000000023569-158.dat	upx
behavioral2/memory/808-660-0x00007FF632A80000-0x00007FF632DD4000-memory.dmp	upx
behavioral2/files/0x000700000002356b-168.dat	upx
behavioral2/files/0x000700000002356a-163.dat	upx
behavioral2/files/0x0007000000023568-159.dat	upx
behavioral2/files/0x0007000000023567-154.dat	upx
behavioral2/files/0x0007000000023566-148.dat	upx
behavioral2/files/0x0007000000023564-139.dat	upx
behavioral2/files/0x0007000000023563-133.dat	upx
behavioral2/files/0x0007000000023562-129.dat	upx
behavioral2/files/0x0007000000023561-124.dat	upx
behavioral2/files/0x000700000002355f-114.dat	upx
behavioral2/files/0x000700000002355e-108.dat	upx
behavioral2/files/0x000700000002355d-104.dat	upx
behavioral2/files/0x000700000002355b-93.dat	upx
behavioral2/files/0x000700000002355a-89.dat	upx
behavioral2/files/0x0007000000023558-79.dat	upx
behavioral2/files/0x0007000000023557-73.dat	upx
behavioral2/files/0x0007000000023556-69.dat	upx
behavioral2/files/0x0007000000023554-58.dat	upx
behavioral2/files/0x0007000000023552-48.dat	upx
behavioral2/files/0x0007000000023551-41.dat	upx
behavioral2/files/0x000700000002354f-37.dat	upx
behavioral2/files/0x000700000002354e-32.dat	upx
behavioral2/memory/2480-31-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp	upx
behavioral2/memory/1496-27-0x00007FF707720000-0x00007FF707A74000-memory.dmp	upx
behavioral2/memory/1940-661-0x00007FF704DA0000-0x00007FF7050F4000-memory.dmp	upx
behavioral2/memory/3280-662-0x00007FF65AD80000-0x00007FF65B0D4000-memory.dmp	upx
behavioral2/memory/3268-663-0x00007FF67E1D0000-0x00007FF67E524000-memory.dmp	upx
behavioral2/memory/2608-664-0x00007FF7974B0000-0x00007FF797804000-memory.dmp	upx
behavioral2/memory/3908-673-0x00007FF710B60000-0x00007FF710EB4000-memory.dmp	upx
behavioral2/memory/3060-670-0x00007FF619260000-0x00007FF6195B4000-memory.dmp	upx
behavioral2/memory/2576-684-0x00007FF78B210000-0x00007FF78B564000-memory.dmp	upx
behavioral2/memory/4580-678-0x00007FF6AA1F0000-0x00007FF6AA544000-memory.dmp	upx
behavioral2/memory/2656-695-0x00007FF7AB5A0000-0x00007FF7AB8F4000-memory.dmp	upx
behavioral2/memory/2752-689-0x00007FF6AF340000-0x00007FF6AF694000-memory.dmp	upx
behavioral2/memory/4488-686-0x00007FF79A420000-0x00007FF79A774000-memory.dmp	upx
behavioral2/memory/1520-702-0x00007FF67BD40000-0x00007FF67C094000-memory.dmp	upx
behavioral2/memory/2056-699-0x00007FF62A050000-0x00007FF62A3A4000-memory.dmp	upx
behavioral2/memory/2388-709-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp	upx
behavioral2/memory/3080-715-0x00007FF74D640000-0x00007FF74D994000-memory.dmp	upx
behavioral2/memory/4124-717-0x00007FF65F4B0000-0x00007FF65F804000-memory.dmp	upx
behavioral2/memory/752-725-0x00007FF7233A0000-0x00007FF7236F4000-memory.dmp	upx
behavioral2/memory/4368-731-0x00007FF6A1D30000-0x00007FF6A2084000-memory.dmp	upx
behavioral2/memory/1672-728-0x00007FF701A40000-0x00007FF701D94000-memory.dmp	upx
behavioral2/memory/4632-727-0x00007FF7A6020000-0x00007FF7A6374000-memory.dmp	upx
behavioral2/memory/3464-719-0x00007FF70AE70000-0x00007FF70B1C4000-memory.dmp	upx
behavioral2/memory/2740-712-0x00007FF60E800000-0x00007FF60EB54000-memory.dmp	upx
behavioral2/memory/4056-705-0x00007FF6C8070000-0x00007FF6C83C4000-memory.dmp	upx
behavioral2/memory/1248-2160-0x00007FF7A95F0000-0x00007FF7A9944000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zqEYLgd.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\EFYpeyX.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\VbNEVWw.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\ZDMadhr.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\PggxTlP.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\YlvINCa.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\lGwhXya.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\btBCjbB.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\yNINDMt.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\VcLFgLZ.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\hGPMbUC.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\UKAJOFm.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\sCdVuwW.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\xMUXYSH.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\ROSvSvK.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\JtMVuZh.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\MOHCPsz.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\rRELgNU.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\ybvRsll.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\MKpMhSR.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\hiyzKfN.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\zDmRDLP.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\RAumbgv.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\IiuMerh.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\XTgQaNT.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\HtDfpTH.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\SHKxRLY.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\cMDAUUO.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\LUWTugu.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\NtRRYbK.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\roeiBih.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\CCwcEvf.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\vFnbvzs.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\IAGcMbz.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\uPjrcTS.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\qUyTdrQ.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\kTCudwe.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\XhrVoOq.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\KUGrask.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\KjUudJF.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\PPFUrOM.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\eUWxuGQ.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\EvhlhZN.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\HSFohix.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\jTmsmuk.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\eYOVkEZ.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\rQJkEwx.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\yjYePBf.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\ipqNNaz.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\zhkiKZd.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\iDionfG.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\CMZpaDQ.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\UpaxGBp.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\uzNzJFu.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\lLVPNbe.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\wAqxnov.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\XTcBVFc.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\FpygkCJ.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\eeOueKR.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\LpeddWJ.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\arNVeDH.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\ENXeadR.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\DeisvfI.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
File created	C:\Windows\System\IchbMhU.exe	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14452	dwm.exe
Token: SeChangeNotifyPrivilege	14452	dwm.exe
Token: 33	14452	dwm.exe
Token: SeIncBasePriorityPrivilege	14452	dwm.exe
Token: SeShutdownPrivilege	14452	dwm.exe
Token: SeCreatePagefilePrivilege	14452	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1248	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	84
PID 1832 wrote to memory of 1248	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	84
PID 1832 wrote to memory of 3512	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	86
PID 1832 wrote to memory of 3512	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	86
PID 1832 wrote to memory of 1708	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	87
PID 1832 wrote to memory of 1708	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	87
PID 1832 wrote to memory of 1496	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	88
PID 1832 wrote to memory of 1496	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	88
PID 1832 wrote to memory of 808	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	89
PID 1832 wrote to memory of 808	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	89
PID 1832 wrote to memory of 2480	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	90
PID 1832 wrote to memory of 2480	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	90
PID 1832 wrote to memory of 4368	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	91
PID 1832 wrote to memory of 4368	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	91
PID 1832 wrote to memory of 1940	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	92
PID 1832 wrote to memory of 1940	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	92
PID 1832 wrote to memory of 3280	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	93
PID 1832 wrote to memory of 3280	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	93
PID 1832 wrote to memory of 3268	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	94
PID 1832 wrote to memory of 3268	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	94
PID 1832 wrote to memory of 2608	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	95
PID 1832 wrote to memory of 2608	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	95
PID 1832 wrote to memory of 3060	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	96
PID 1832 wrote to memory of 3060	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	96
PID 1832 wrote to memory of 3908	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	97
PID 1832 wrote to memory of 3908	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	97
PID 1832 wrote to memory of 4580	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	98
PID 1832 wrote to memory of 4580	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	98
PID 1832 wrote to memory of 2576	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	99
PID 1832 wrote to memory of 2576	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	99
PID 1832 wrote to memory of 4488	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	100
PID 1832 wrote to memory of 4488	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	100
PID 1832 wrote to memory of 2752	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	101
PID 1832 wrote to memory of 2752	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	101
PID 1832 wrote to memory of 2656	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	102
PID 1832 wrote to memory of 2656	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	102
PID 1832 wrote to memory of 2056	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	103
PID 1832 wrote to memory of 2056	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	103
PID 1832 wrote to memory of 1520	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	104
PID 1832 wrote to memory of 1520	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	104
PID 1832 wrote to memory of 4056	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	105
PID 1832 wrote to memory of 4056	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	105
PID 1832 wrote to memory of 2388	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	106
PID 1832 wrote to memory of 2388	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	106
PID 1832 wrote to memory of 2740	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	107
PID 1832 wrote to memory of 2740	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	107
PID 1832 wrote to memory of 3080	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	108
PID 1832 wrote to memory of 3080	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	108
PID 1832 wrote to memory of 4124	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	109
PID 1832 wrote to memory of 4124	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	109
PID 1832 wrote to memory of 3464	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	110
PID 1832 wrote to memory of 3464	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	110
PID 1832 wrote to memory of 752	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	111
PID 1832 wrote to memory of 752	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	111
PID 1832 wrote to memory of 4632	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	112
PID 1832 wrote to memory of 4632	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	112
PID 1832 wrote to memory of 1672	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	113
PID 1832 wrote to memory of 1672	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	113
PID 1832 wrote to memory of 2020	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	114
PID 1832 wrote to memory of 2020	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	114
PID 1832 wrote to memory of 2964	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	115
PID 1832 wrote to memory of 2964	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	115
PID 1832 wrote to memory of 3704	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	116
PID 1832 wrote to memory of 3704	1832	af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\af11930780db34c667006f0dcd8568a0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\System\efHQpzf.exe
  C:\Windows\System\efHQpzf.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\vbbPkJh.exe
  C:\Windows\System\vbbPkJh.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\zhkiKZd.exe
  C:\Windows\System\zhkiKZd.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\rAKmJAp.exe
  C:\Windows\System\rAKmJAp.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\Yfxvtrp.exe
  C:\Windows\System\Yfxvtrp.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\YJyXRBR.exe
  C:\Windows\System\YJyXRBR.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\hFxWNUt.exe
  C:\Windows\System\hFxWNUt.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\gUdFQFi.exe
  C:\Windows\System\gUdFQFi.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\iLfXvJp.exe
  C:\Windows\System\iLfXvJp.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\IHdMbiX.exe
  C:\Windows\System\IHdMbiX.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\CTDOXxF.exe
  C:\Windows\System\CTDOXxF.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\OhLGBkJ.exe
  C:\Windows\System\OhLGBkJ.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\RRvYWcx.exe
  C:\Windows\System\RRvYWcx.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\EeQPPSm.exe
  C:\Windows\System\EeQPPSm.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\wbPtQEm.exe
  C:\Windows\System\wbPtQEm.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\FoWmqiu.exe
  C:\Windows\System\FoWmqiu.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\uhJkiYF.exe
  C:\Windows\System\uhJkiYF.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\wUubaBb.exe
  C:\Windows\System\wUubaBb.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\QMtjjAr.exe
  C:\Windows\System\QMtjjAr.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\zMUabwG.exe
  C:\Windows\System\zMUabwG.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\TmtJdFd.exe
  C:\Windows\System\TmtJdFd.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\bqWMXvB.exe
  C:\Windows\System\bqWMXvB.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\CRMIhJH.exe
  C:\Windows\System\CRMIhJH.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\cYOOeUi.exe
  C:\Windows\System\cYOOeUi.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\spiTUPq.exe
  C:\Windows\System\spiTUPq.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\dVvHAnP.exe
  C:\Windows\System\dVvHAnP.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\oMifWzb.exe
  C:\Windows\System\oMifWzb.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\jUqortV.exe
  C:\Windows\System\jUqortV.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\fubzqaz.exe
  C:\Windows\System\fubzqaz.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\nEhOnLS.exe
  C:\Windows\System\nEhOnLS.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\iAcjPwW.exe
  C:\Windows\System\iAcjPwW.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\WzkfCpp.exe
  C:\Windows\System\WzkfCpp.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\IAGcMbz.exe
  C:\Windows\System\IAGcMbz.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\CLyQBjU.exe
  C:\Windows\System\CLyQBjU.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\xpyrLsX.exe
  C:\Windows\System\xpyrLsX.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\RoXqkkt.exe
  C:\Windows\System\RoXqkkt.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\XALXupx.exe
  C:\Windows\System\XALXupx.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\kyfRttW.exe
  C:\Windows\System\kyfRttW.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\NuugRJw.exe
  C:\Windows\System\NuugRJw.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\MsfhAvk.exe
  C:\Windows\System\MsfhAvk.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\wvmGhDL.exe
  C:\Windows\System\wvmGhDL.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\WhBGVpd.exe
  C:\Windows\System\WhBGVpd.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\TJBLlBm.exe
  C:\Windows\System\TJBLlBm.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\QddiiDI.exe
  C:\Windows\System\QddiiDI.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\fjVakGE.exe
  C:\Windows\System\fjVakGE.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\UCbmAtO.exe
  C:\Windows\System\UCbmAtO.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\JlJutRU.exe
  C:\Windows\System\JlJutRU.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\xMUXYSH.exe
  C:\Windows\System\xMUXYSH.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\UooeZZi.exe
  C:\Windows\System\UooeZZi.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\rFdRfUm.exe
  C:\Windows\System\rFdRfUm.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\vGyVRdT.exe
  C:\Windows\System\vGyVRdT.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\eHcKeuN.exe
  C:\Windows\System\eHcKeuN.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\zDmRDLP.exe
  C:\Windows\System\zDmRDLP.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\TtSiEMU.exe
  C:\Windows\System\TtSiEMU.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\cNadonO.exe
  C:\Windows\System\cNadonO.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\HNlzOLI.exe
  C:\Windows\System\HNlzOLI.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\FtVMWRt.exe
  C:\Windows\System\FtVMWRt.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\rvEjaIi.exe
  C:\Windows\System\rvEjaIi.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\tKNawSQ.exe
  C:\Windows\System\tKNawSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\VDHMtgW.exe
  C:\Windows\System\VDHMtgW.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\NtRRYbK.exe
  C:\Windows\System\NtRRYbK.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\ROSvSvK.exe
  C:\Windows\System\ROSvSvK.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\roeiBih.exe
  C:\Windows\System\roeiBih.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\fblMGwA.exe
  C:\Windows\System\fblMGwA.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\vRJWbJr.exe
  C:\Windows\System\vRJWbJr.exe
  2⤵
  PID:4132
- C:\Windows\System\JiLurPD.exe
  C:\Windows\System\JiLurPD.exe
  2⤵
  PID:3568
- C:\Windows\System\QTYIxNK.exe
  C:\Windows\System\QTYIxNK.exe
  2⤵
  PID:4924
- C:\Windows\System\UwKRbfh.exe
  C:\Windows\System\UwKRbfh.exe
  2⤵
  PID:3440
- C:\Windows\System\ROMrKgB.exe
  C:\Windows\System\ROMrKgB.exe
  2⤵
  PID:2936
- C:\Windows\System\QAIHKhX.exe
  C:\Windows\System\QAIHKhX.exe
  2⤵
  PID:1036
- C:\Windows\System\IPFcFnx.exe
  C:\Windows\System\IPFcFnx.exe
  2⤵
  PID:4928
- C:\Windows\System\eYOVkEZ.exe
  C:\Windows\System\eYOVkEZ.exe
  2⤵
  PID:780
- C:\Windows\System\qoqaRht.exe
  C:\Windows\System\qoqaRht.exe
  2⤵
  PID:740
- C:\Windows\System\KjUudJF.exe
  C:\Windows\System\KjUudJF.exe
  2⤵
  PID:3432
- C:\Windows\System\cyMXTCm.exe
  C:\Windows\System\cyMXTCm.exe
  2⤵
  PID:4088
- C:\Windows\System\IjCeHMe.exe
  C:\Windows\System\IjCeHMe.exe
  2⤵
  PID:2392
- C:\Windows\System\RAumbgv.exe
  C:\Windows\System\RAumbgv.exe
  2⤵
  PID:2460
- C:\Windows\System\iDionfG.exe
  C:\Windows\System\iDionfG.exe
  2⤵
  PID:3540
- C:\Windows\System\AWdbiTI.exe
  C:\Windows\System\AWdbiTI.exe
  2⤵
  PID:4948
- C:\Windows\System\HISvNAi.exe
  C:\Windows\System\HISvNAi.exe
  2⤵
  PID:3788
- C:\Windows\System\rJkleGJ.exe
  C:\Windows\System\rJkleGJ.exe
  2⤵
  PID:5124
- C:\Windows\System\srbVTaG.exe
  C:\Windows\System\srbVTaG.exe
  2⤵
  PID:5156
- C:\Windows\System\ZgItiNo.exe
  C:\Windows\System\ZgItiNo.exe
  2⤵
  PID:5184
- C:\Windows\System\zcimvwy.exe
  C:\Windows\System\zcimvwy.exe
  2⤵
  PID:5212
- C:\Windows\System\oXHDjvK.exe
  C:\Windows\System\oXHDjvK.exe
  2⤵
  PID:5240
- C:\Windows\System\YzssKuQ.exe
  C:\Windows\System\YzssKuQ.exe
  2⤵
  PID:5268
- C:\Windows\System\HeVmIdZ.exe
  C:\Windows\System\HeVmIdZ.exe
  2⤵
  PID:5296
- C:\Windows\System\TUntAua.exe
  C:\Windows\System\TUntAua.exe
  2⤵
  PID:5324
- C:\Windows\System\NtLrkUP.exe
  C:\Windows\System\NtLrkUP.exe
  2⤵
  PID:5352
- C:\Windows\System\BrYIBuY.exe
  C:\Windows\System\BrYIBuY.exe
  2⤵
  PID:5380
- C:\Windows\System\gARDdgt.exe
  C:\Windows\System\gARDdgt.exe
  2⤵
  PID:5408
- C:\Windows\System\LsRkgib.exe
  C:\Windows\System\LsRkgib.exe
  2⤵
  PID:5436
- C:\Windows\System\JZeLdsO.exe
  C:\Windows\System\JZeLdsO.exe
  2⤵
  PID:5464
- C:\Windows\System\vYBbBoY.exe
  C:\Windows\System\vYBbBoY.exe
  2⤵
  PID:5492
- C:\Windows\System\swvkbWc.exe
  C:\Windows\System\swvkbWc.exe
  2⤵
  PID:5520
- C:\Windows\System\oxnZWUK.exe
  C:\Windows\System\oxnZWUK.exe
  2⤵
  PID:5548
- C:\Windows\System\tbzifPn.exe
  C:\Windows\System\tbzifPn.exe
  2⤵
  PID:5576
- C:\Windows\System\VUBiyZO.exe
  C:\Windows\System\VUBiyZO.exe
  2⤵
  PID:5604
- C:\Windows\System\HwybwDp.exe
  C:\Windows\System\HwybwDp.exe
  2⤵
  PID:5632
- C:\Windows\System\WFBaOVd.exe
  C:\Windows\System\WFBaOVd.exe
  2⤵
  PID:5656
- C:\Windows\System\CiHrLfE.exe
  C:\Windows\System\CiHrLfE.exe
  2⤵
  PID:5684
- C:\Windows\System\QvALjnr.exe
  C:\Windows\System\QvALjnr.exe
  2⤵
  PID:5712
- C:\Windows\System\WvyxlXd.exe
  C:\Windows\System\WvyxlXd.exe
  2⤵
  PID:5744
- C:\Windows\System\jGXUipI.exe
  C:\Windows\System\jGXUipI.exe
  2⤵
  PID:5768
- C:\Windows\System\VHaAKin.exe
  C:\Windows\System\VHaAKin.exe
  2⤵
  PID:5796
- C:\Windows\System\zhhpURi.exe
  C:\Windows\System\zhhpURi.exe
  2⤵
  PID:5828
- C:\Windows\System\AofQlLQ.exe
  C:\Windows\System\AofQlLQ.exe
  2⤵
  PID:5856
- C:\Windows\System\fSwkcfb.exe
  C:\Windows\System\fSwkcfb.exe
  2⤵
  PID:5884
- C:\Windows\System\EnOmLcz.exe
  C:\Windows\System\EnOmLcz.exe
  2⤵
  PID:5912
- C:\Windows\System\guSunxP.exe
  C:\Windows\System\guSunxP.exe
  2⤵
  PID:5940
- C:\Windows\System\FpygkCJ.exe
  C:\Windows\System\FpygkCJ.exe
  2⤵
  PID:5968
- C:\Windows\System\pPdAjAu.exe
  C:\Windows\System\pPdAjAu.exe
  2⤵
  PID:5992
- C:\Windows\System\BclwZQC.exe
  C:\Windows\System\BclwZQC.exe
  2⤵
  PID:6020
- C:\Windows\System\sdRgOkE.exe
  C:\Windows\System\sdRgOkE.exe
  2⤵
  PID:6052
- C:\Windows\System\sHcdhUX.exe
  C:\Windows\System\sHcdhUX.exe
  2⤵
  PID:6080
- C:\Windows\System\evBrjoA.exe
  C:\Windows\System\evBrjoA.exe
  2⤵
  PID:6108
- C:\Windows\System\fYBXVFO.exe
  C:\Windows\System\fYBXVFO.exe
  2⤵
  PID:6136
- C:\Windows\System\AfXyjBK.exe
  C:\Windows\System\AfXyjBK.exe
  2⤵
  PID:4460
- C:\Windows\System\PUTPaTV.exe
  C:\Windows\System\PUTPaTV.exe
  2⤵
  PID:3140
- C:\Windows\System\IiuMerh.exe
  C:\Windows\System\IiuMerh.exe
  2⤵
  PID:1608
- C:\Windows\System\VrmPZtj.exe
  C:\Windows\System\VrmPZtj.exe
  2⤵
  PID:1888
- C:\Windows\System\jMeBgrt.exe
  C:\Windows\System\jMeBgrt.exe
  2⤵
  PID:5140
- C:\Windows\System\USlCDnw.exe
  C:\Windows\System\USlCDnw.exe
  2⤵
  PID:5200
- C:\Windows\System\qnwbYYq.exe
  C:\Windows\System\qnwbYYq.exe
  2⤵
  PID:5260
- C:\Windows\System\YBcPWsV.exe
  C:\Windows\System\YBcPWsV.exe
  2⤵
  PID:5336
- C:\Windows\System\rkqoXXp.exe
  C:\Windows\System\rkqoXXp.exe
  2⤵
  PID:5396
- C:\Windows\System\YlvINCa.exe
  C:\Windows\System\YlvINCa.exe
  2⤵
  PID:5456
- C:\Windows\System\gklauEa.exe
  C:\Windows\System\gklauEa.exe
  2⤵
  PID:5532
- C:\Windows\System\bdAZXHa.exe
  C:\Windows\System\bdAZXHa.exe
  2⤵
  PID:5592
- C:\Windows\System\eguydPZ.exe
  C:\Windows\System\eguydPZ.exe
  2⤵
  PID:5652
- C:\Windows\System\aMozfjs.exe
  C:\Windows\System\aMozfjs.exe
  2⤵
  PID:5728
- C:\Windows\System\oGDFaFM.exe
  C:\Windows\System\oGDFaFM.exe
  2⤵
  PID:2064
- C:\Windows\System\vYJkTOT.exe
  C:\Windows\System\vYJkTOT.exe
  2⤵
  PID:5844
- C:\Windows\System\wlXVRsX.exe
  C:\Windows\System\wlXVRsX.exe
  2⤵
  PID:5904
- C:\Windows\System\PPFUrOM.exe
  C:\Windows\System\PPFUrOM.exe
  2⤵
  PID:3528
- C:\Windows\System\SsOaPpZ.exe
  C:\Windows\System\SsOaPpZ.exe
  2⤵
  PID:6036
- C:\Windows\System\iyuvYIC.exe
  C:\Windows\System\iyuvYIC.exe
  2⤵
  PID:6096
- C:\Windows\System\WviZMuU.exe
  C:\Windows\System\WviZMuU.exe
  2⤵
  PID:1428
- C:\Windows\System\HYYgnkS.exe
  C:\Windows\System\HYYgnkS.exe
  2⤵
  PID:3924
- C:\Windows\System\xXFYTrW.exe
  C:\Windows\System\xXFYTrW.exe
  2⤵
  PID:5172
- C:\Windows\System\IhKbMSL.exe
  C:\Windows\System\IhKbMSL.exe
  2⤵
  PID:5312
- C:\Windows\System\wRtTwDR.exe
  C:\Windows\System\wRtTwDR.exe
  2⤵
  PID:5488
- C:\Windows\System\MCIqVlk.exe
  C:\Windows\System\MCIqVlk.exe
  2⤵
  PID:1528
- C:\Windows\System\CCwcEvf.exe
  C:\Windows\System\CCwcEvf.exe
  2⤵
  PID:2812
- C:\Windows\System\EOfgvrJ.exe
  C:\Windows\System\EOfgvrJ.exe
  2⤵
  PID:5820
- C:\Windows\System\yNanTEd.exe
  C:\Windows\System\yNanTEd.exe
  2⤵
  PID:6008
- C:\Windows\System\XjqQkHV.exe
  C:\Windows\System\XjqQkHV.exe
  2⤵
  PID:6128
- C:\Windows\System\Xtdgicv.exe
  C:\Windows\System\Xtdgicv.exe
  2⤵
  PID:6148
- C:\Windows\System\nIcElOv.exe
  C:\Windows\System\nIcElOv.exe
  2⤵
  PID:6168
- C:\Windows\System\JtMVuZh.exe
  C:\Windows\System\JtMVuZh.exe
  2⤵
  PID:6196
- C:\Windows\System\osCzVxm.exe
  C:\Windows\System\osCzVxm.exe
  2⤵
  PID:6232
- C:\Windows\System\hTsLFRz.exe
  C:\Windows\System\hTsLFRz.exe
  2⤵
  PID:6252
- C:\Windows\System\rBoIxrX.exe
  C:\Windows\System\rBoIxrX.exe
  2⤵
  PID:6280
- C:\Windows\System\sPPBuqe.exe
  C:\Windows\System\sPPBuqe.exe
  2⤵
  PID:6308
- C:\Windows\System\qfSjPFQ.exe
  C:\Windows\System\qfSjPFQ.exe
  2⤵
  PID:6336
- C:\Windows\System\eeOueKR.exe
  C:\Windows\System\eeOueKR.exe
  2⤵
  PID:6364
- C:\Windows\System\pCTuwLD.exe
  C:\Windows\System\pCTuwLD.exe
  2⤵
  PID:6388
- C:\Windows\System\qUtGBFo.exe
  C:\Windows\System\qUtGBFo.exe
  2⤵
  PID:6420
- C:\Windows\System\NlWrYwQ.exe
  C:\Windows\System\NlWrYwQ.exe
  2⤵
  PID:6448
- C:\Windows\System\LSpriYW.exe
  C:\Windows\System\LSpriYW.exe
  2⤵
  PID:6476
- C:\Windows\System\dbMPghd.exe
  C:\Windows\System\dbMPghd.exe
  2⤵
  PID:6504
- C:\Windows\System\jXLDCPo.exe
  C:\Windows\System\jXLDCPo.exe
  2⤵
  PID:6532
- C:\Windows\System\CXVEIXX.exe
  C:\Windows\System\CXVEIXX.exe
  2⤵
  PID:6560
- C:\Windows\System\XTgQaNT.exe
  C:\Windows\System\XTgQaNT.exe
  2⤵
  PID:6584
- C:\Windows\System\bHCIXpQ.exe
  C:\Windows\System\bHCIXpQ.exe
  2⤵
  PID:6612
- C:\Windows\System\voRiTPz.exe
  C:\Windows\System\voRiTPz.exe
  2⤵
  PID:6644
- C:\Windows\System\LpeddWJ.exe
  C:\Windows\System\LpeddWJ.exe
  2⤵
  PID:6668
- C:\Windows\System\cLiLTAU.exe
  C:\Windows\System\cLiLTAU.exe
  2⤵
  PID:6696
- C:\Windows\System\fMSdwBG.exe
  C:\Windows\System\fMSdwBG.exe
  2⤵
  PID:6724
- C:\Windows\System\ORMLyGU.exe
  C:\Windows\System\ORMLyGU.exe
  2⤵
  PID:6756
- C:\Windows\System\GSoBVJr.exe
  C:\Windows\System\GSoBVJr.exe
  2⤵
  PID:6780
- C:\Windows\System\ioUxXNg.exe
  C:\Windows\System\ioUxXNg.exe
  2⤵
  PID:6816
- C:\Windows\System\XzGGyci.exe
  C:\Windows\System\XzGGyci.exe
  2⤵
  PID:6840
- C:\Windows\System\sbFzLQn.exe
  C:\Windows\System\sbFzLQn.exe
  2⤵
  PID:6868
- C:\Windows\System\htbxAZs.exe
  C:\Windows\System\htbxAZs.exe
  2⤵
  PID:6892
- C:\Windows\System\TxcxewZ.exe
  C:\Windows\System\TxcxewZ.exe
  2⤵
  PID:6924
- C:\Windows\System\GqKITnJ.exe
  C:\Windows\System\GqKITnJ.exe
  2⤵
  PID:6948
- C:\Windows\System\mlYAQkc.exe
  C:\Windows\System\mlYAQkc.exe
  2⤵
  PID:6980
- C:\Windows\System\zYtqxhp.exe
  C:\Windows\System\zYtqxhp.exe
  2⤵
  PID:7008
- C:\Windows\System\FVjCreR.exe
  C:\Windows\System\FVjCreR.exe
  2⤵
  PID:7036
- C:\Windows\System\BAXorBC.exe
  C:\Windows\System\BAXorBC.exe
  2⤵
  PID:7060
- C:\Windows\System\cVVtIZm.exe
  C:\Windows\System\cVVtIZm.exe
  2⤵
  PID:7088
- C:\Windows\System\GYhLlmD.exe
  C:\Windows\System\GYhLlmD.exe
  2⤵
  PID:7120
- C:\Windows\System\GXpMRAe.exe
  C:\Windows\System\GXpMRAe.exe
  2⤵
  PID:7148
- C:\Windows\System\AibohYM.exe
  C:\Windows\System\AibohYM.exe
  2⤵
  PID:5252
- C:\Windows\System\oQfOdop.exe
  C:\Windows\System\oQfOdop.exe
  2⤵
  PID:5680
- C:\Windows\System\JUEeBFZ.exe
  C:\Windows\System\JUEeBFZ.exe
  2⤵
  PID:5952
- C:\Windows\System\TzoFuQs.exe
  C:\Windows\System\TzoFuQs.exe
  2⤵
  PID:1656
- C:\Windows\System\sEYRSii.exe
  C:\Windows\System\sEYRSii.exe
  2⤵
  PID:6208
- C:\Windows\System\pLSaenK.exe
  C:\Windows\System\pLSaenK.exe
  2⤵
  PID:6264
- C:\Windows\System\lGwhXya.exe
  C:\Windows\System\lGwhXya.exe
  2⤵
  PID:2212
- C:\Windows\System\yVcwtQi.exe
  C:\Windows\System\yVcwtQi.exe
  2⤵
  PID:6376
- C:\Windows\System\zawTJHQ.exe
  C:\Windows\System\zawTJHQ.exe
  2⤵
  PID:1468
- C:\Windows\System\MOHCPsz.exe
  C:\Windows\System\MOHCPsz.exe
  2⤵
  PID:2872
- C:\Windows\System\vsCqVJz.exe
  C:\Windows\System\vsCqVJz.exe
  2⤵
  PID:6524
- C:\Windows\System\ZttsGfG.exe
  C:\Windows\System\ZttsGfG.exe
  2⤵
  PID:6600
- C:\Windows\System\rQJkEwx.exe
  C:\Windows\System\rQJkEwx.exe
  2⤵
  PID:6656
- C:\Windows\System\jzjVWWL.exe
  C:\Windows\System\jzjVWWL.exe
  2⤵
  PID:6748
- C:\Windows\System\KrpXrPp.exe
  C:\Windows\System\KrpXrPp.exe
  2⤵
  PID:6880
- C:\Windows\System\geoGHnZ.exe
  C:\Windows\System\geoGHnZ.exe
  2⤵
  PID:6972
- C:\Windows\System\lmmWRWL.exe
  C:\Windows\System\lmmWRWL.exe
  2⤵
  PID:5100
- C:\Windows\System\PGufewQ.exe
  C:\Windows\System\PGufewQ.exe
  2⤵
  PID:7052
- C:\Windows\System\olztuzE.exe
  C:\Windows\System\olztuzE.exe
  2⤵
  PID:7084
- C:\Windows\System\OXFkdek.exe
  C:\Windows\System\OXFkdek.exe
  2⤵
  PID:7164
- C:\Windows\System\XaeRJYe.exe
  C:\Windows\System\XaeRJYe.exe
  2⤵
  PID:1548
- C:\Windows\System\JhRonhK.exe
  C:\Windows\System\JhRonhK.exe
  2⤵
  PID:4880
- C:\Windows\System\UrAsGeq.exe
  C:\Windows\System\UrAsGeq.exe
  2⤵
  PID:6184
- C:\Windows\System\CMZpaDQ.exe
  C:\Windows\System\CMZpaDQ.exe
  2⤵
  PID:6296
- C:\Windows\System\RYLVSDf.exe
  C:\Windows\System\RYLVSDf.exe
  2⤵
  PID:3984
- C:\Windows\System\pqMITPF.exe
  C:\Windows\System\pqMITPF.exe
  2⤵
  PID:6496
- C:\Windows\System\iFPbmSn.exe
  C:\Windows\System\iFPbmSn.exe
  2⤵
  PID:3004
- C:\Windows\System\uvltCvo.exe
  C:\Windows\System\uvltCvo.exe
  2⤵
  PID:6684
- C:\Windows\System\HEMmmWB.exe
  C:\Windows\System\HEMmmWB.exe
  2⤵
  PID:968
- C:\Windows\System\VcLFgLZ.exe
  C:\Windows\System\VcLFgLZ.exe
  2⤵
  PID:6692
- C:\Windows\System\NLUOrnt.exe
  C:\Windows\System\NLUOrnt.exe
  2⤵
  PID:5564
- C:\Windows\System\ENXeadR.exe
  C:\Windows\System\ENXeadR.exe
  2⤵
  PID:2436
- C:\Windows\System\QTxkxGh.exe
  C:\Windows\System\QTxkxGh.exe
  2⤵
  PID:1348
- C:\Windows\System\HvBnXjc.exe
  C:\Windows\System\HvBnXjc.exe
  2⤵
  PID:4476
- C:\Windows\System\yZCDBPQ.exe
  C:\Windows\System\yZCDBPQ.exe
  2⤵
  PID:3196
- C:\Windows\System\FhXzCyh.exe
  C:\Windows\System\FhXzCyh.exe
  2⤵
  PID:6916
- C:\Windows\System\CfXOPUs.exe
  C:\Windows\System\CfXOPUs.exe
  2⤵
  PID:7048
- C:\Windows\System\SWlbKQT.exe
  C:\Windows\System\SWlbKQT.exe
  2⤵
  PID:3672
- C:\Windows\System\eUWxuGQ.exe
  C:\Windows\System\eUWxuGQ.exe
  2⤵
  PID:4104
- C:\Windows\System\cCOlJZc.exe
  C:\Windows\System\cCOlJZc.exe
  2⤵
  PID:6228
- C:\Windows\System\MVKyGPK.exe
  C:\Windows\System\MVKyGPK.exe
  2⤵
  PID:6576
- C:\Windows\System\JqLBOfr.exe
  C:\Windows\System\JqLBOfr.exe
  2⤵
  PID:1844
- C:\Windows\System\bhyVYNC.exe
  C:\Windows\System\bhyVYNC.exe
  2⤵
  PID:1536
- C:\Windows\System\nCYcvLw.exe
  C:\Windows\System\nCYcvLw.exe
  2⤵
  PID:6460
- C:\Windows\System\qsHdcIk.exe
  C:\Windows\System\qsHdcIk.exe
  2⤵
  PID:6964
- C:\Windows\System\uPjrcTS.exe
  C:\Windows\System\uPjrcTS.exe
  2⤵
  PID:7136
- C:\Windows\System\jULiAXg.exe
  C:\Windows\System\jULiAXg.exe
  2⤵
  PID:7196
- C:\Windows\System\eTwtpgp.exe
  C:\Windows\System\eTwtpgp.exe
  2⤵
  PID:7236
- C:\Windows\System\kRzjfig.exe
  C:\Windows\System\kRzjfig.exe
  2⤵
  PID:7264
- C:\Windows\System\SgeuPsa.exe
  C:\Windows\System\SgeuPsa.exe
  2⤵
  PID:7280
- C:\Windows\System\yjYePBf.exe
  C:\Windows\System\yjYePBf.exe
  2⤵
  PID:7304
- C:\Windows\System\NHQgbrn.exe
  C:\Windows\System\NHQgbrn.exe
  2⤵
  PID:7324
- C:\Windows\System\ItdGBNW.exe
  C:\Windows\System\ItdGBNW.exe
  2⤵
  PID:7364
- C:\Windows\System\HUhDYWK.exe
  C:\Windows\System\HUhDYWK.exe
  2⤵
  PID:7400
- C:\Windows\System\FPRMWEC.exe
  C:\Windows\System\FPRMWEC.exe
  2⤵
  PID:7424
- C:\Windows\System\LSCaoMt.exe
  C:\Windows\System\LSCaoMt.exe
  2⤵
  PID:7460
- C:\Windows\System\iNAqTQP.exe
  C:\Windows\System\iNAqTQP.exe
  2⤵
  PID:7488
- C:\Windows\System\fcdISmQ.exe
  C:\Windows\System\fcdISmQ.exe
  2⤵
  PID:7516
- C:\Windows\System\fPxThGb.exe
  C:\Windows\System\fPxThGb.exe
  2⤵
  PID:7532
- C:\Windows\System\QfxMsCE.exe
  C:\Windows\System\QfxMsCE.exe
  2⤵
  PID:7572
- C:\Windows\System\AXsmYaK.exe
  C:\Windows\System\AXsmYaK.exe
  2⤵
  PID:7592
- C:\Windows\System\Udzivdx.exe
  C:\Windows\System\Udzivdx.exe
  2⤵
  PID:7628
- C:\Windows\System\NCfJmgf.exe
  C:\Windows\System\NCfJmgf.exe
  2⤵
  PID:7652
- C:\Windows\System\CnQNYbo.exe
  C:\Windows\System\CnQNYbo.exe
  2⤵
  PID:7684
- C:\Windows\System\LihWvCM.exe
  C:\Windows\System\LihWvCM.exe
  2⤵
  PID:7712
- C:\Windows\System\uIuYdGW.exe
  C:\Windows\System\uIuYdGW.exe
  2⤵
  PID:7728
- C:\Windows\System\rWxKngj.exe
  C:\Windows\System\rWxKngj.exe
  2⤵
  PID:7760
- C:\Windows\System\wEiARHG.exe
  C:\Windows\System\wEiARHG.exe
  2⤵
  PID:7784
- C:\Windows\System\ybwTzNP.exe
  C:\Windows\System\ybwTzNP.exe
  2⤵
  PID:7824
- C:\Windows\System\OfbKKGS.exe
  C:\Windows\System\OfbKKGS.exe
  2⤵
  PID:7852
- C:\Windows\System\WtifOIh.exe
  C:\Windows\System\WtifOIh.exe
  2⤵
  PID:7880
- C:\Windows\System\mBKyomZ.exe
  C:\Windows\System\mBKyomZ.exe
  2⤵
  PID:7908
- C:\Windows\System\CMUrMHM.exe
  C:\Windows\System\CMUrMHM.exe
  2⤵
  PID:7936
- C:\Windows\System\EqDGZCT.exe
  C:\Windows\System\EqDGZCT.exe
  2⤵
  PID:7956
- C:\Windows\System\sgKZjZS.exe
  C:\Windows\System\sgKZjZS.exe
  2⤵
  PID:7988
- C:\Windows\System\pgPxJry.exe
  C:\Windows\System\pgPxJry.exe
  2⤵
  PID:8012
- C:\Windows\System\BwINgQv.exe
  C:\Windows\System\BwINgQv.exe
  2⤵
  PID:8040
- C:\Windows\System\yCvkIXg.exe
  C:\Windows\System\yCvkIXg.exe
  2⤵
  PID:8080
- C:\Windows\System\QBrLkEm.exe
  C:\Windows\System\QBrLkEm.exe
  2⤵
  PID:8096
- C:\Windows\System\bUVXFpv.exe
  C:\Windows\System\bUVXFpv.exe
  2⤵
  PID:8120
- C:\Windows\System\DWrXfbS.exe
  C:\Windows\System\DWrXfbS.exe
  2⤵
  PID:8140
- C:\Windows\System\btBCjbB.exe
  C:\Windows\System\btBCjbB.exe
  2⤵
  PID:8172
- C:\Windows\System\HiUDlHm.exe
  C:\Windows\System\HiUDlHm.exe
  2⤵
  PID:7228
- C:\Windows\System\fhRaofd.exe
  C:\Windows\System\fhRaofd.exe
  2⤵
  PID:7288
- C:\Windows\System\pvMfGDn.exe
  C:\Windows\System\pvMfGDn.exe
  2⤵
  PID:7336
- C:\Windows\System\GFZnPzy.exe
  C:\Windows\System\GFZnPzy.exe
  2⤵
  PID:7384
- C:\Windows\System\gVokhLn.exe
  C:\Windows\System\gVokhLn.exe
  2⤵
  PID:7500
- C:\Windows\System\NMEycMS.exe
  C:\Windows\System\NMEycMS.exe
  2⤵
  PID:7564
- C:\Windows\System\uYfAqeg.exe
  C:\Windows\System\uYfAqeg.exe
  2⤵
  PID:7620
- C:\Windows\System\SKcmnMF.exe
  C:\Windows\System\SKcmnMF.exe
  2⤵
  PID:7676
- C:\Windows\System\HOaqfKF.exe
  C:\Windows\System\HOaqfKF.exe
  2⤵
  PID:7756
- C:\Windows\System\FSRTIWX.exe
  C:\Windows\System\FSRTIWX.exe
  2⤵
  PID:7808
- C:\Windows\System\BKOYzLM.exe
  C:\Windows\System\BKOYzLM.exe
  2⤵
  PID:7868
- C:\Windows\System\FUcvkcT.exe
  C:\Windows\System\FUcvkcT.exe
  2⤵
  PID:7964
- C:\Windows\System\BfSvuVr.exe
  C:\Windows\System\BfSvuVr.exe
  2⤵
  PID:8024
- C:\Windows\System\xbklXmP.exe
  C:\Windows\System\xbklXmP.exe
  2⤵
  PID:8088
- C:\Windows\System\AFriGQe.exe
  C:\Windows\System\AFriGQe.exe
  2⤵
  PID:8152
- C:\Windows\System\JyGxXRW.exe
  C:\Windows\System\JyGxXRW.exe
  2⤵
  PID:7180
- C:\Windows\System\XilvvOQ.exe
  C:\Windows\System\XilvvOQ.exe
  2⤵
  PID:7344
- C:\Windows\System\IdIBQwH.exe
  C:\Windows\System\IdIBQwH.exe
  2⤵
  PID:7524
- C:\Windows\System\tDKytmJ.exe
  C:\Windows\System\tDKytmJ.exe
  2⤵
  PID:7640
- C:\Windows\System\hcPXBvc.exe
  C:\Windows\System\hcPXBvc.exe
  2⤵
  PID:7844
- C:\Windows\System\qTiwmyS.exe
  C:\Windows\System\qTiwmyS.exe
  2⤵
  PID:8008
- C:\Windows\System\jqdboAS.exe
  C:\Windows\System\jqdboAS.exe
  2⤵
  PID:7184
- C:\Windows\System\gEZbywl.exe
  C:\Windows\System\gEZbywl.exe
  2⤵
  PID:7316
- C:\Windows\System\eUnvVDK.exe
  C:\Windows\System\eUnvVDK.exe
  2⤵
  PID:7836
- C:\Windows\System\SmaWfnC.exe
  C:\Windows\System\SmaWfnC.exe
  2⤵
  PID:7900
- C:\Windows\System\yHFGHtQ.exe
  C:\Windows\System\yHFGHtQ.exe
  2⤵
  PID:8116
- C:\Windows\System\ybvRsll.exe
  C:\Windows\System\ybvRsll.exe
  2⤵
  PID:8212
- C:\Windows\System\pWabzWH.exe
  C:\Windows\System\pWabzWH.exe
  2⤵
  PID:8240
- C:\Windows\System\LJFNoLy.exe
  C:\Windows\System\LJFNoLy.exe
  2⤵
  PID:8260
- C:\Windows\System\KmYUhSW.exe
  C:\Windows\System\KmYUhSW.exe
  2⤵
  PID:8296
- C:\Windows\System\QYMTdjV.exe
  C:\Windows\System\QYMTdjV.exe
  2⤵
  PID:8324
- C:\Windows\System\MpuAhox.exe
  C:\Windows\System\MpuAhox.exe
  2⤵
  PID:8352
- C:\Windows\System\cPWHKKL.exe
  C:\Windows\System\cPWHKKL.exe
  2⤵
  PID:8380
- C:\Windows\System\EvhlhZN.exe
  C:\Windows\System\EvhlhZN.exe
  2⤵
  PID:8408
- C:\Windows\System\eTXKzPr.exe
  C:\Windows\System\eTXKzPr.exe
  2⤵
  PID:8424
- C:\Windows\System\eftxQkv.exe
  C:\Windows\System\eftxQkv.exe
  2⤵
  PID:8468
- C:\Windows\System\EFYpeyX.exe
  C:\Windows\System\EFYpeyX.exe
  2⤵
  PID:8488
- C:\Windows\System\kWHXSSp.exe
  C:\Windows\System\kWHXSSp.exe
  2⤵
  PID:8512
- C:\Windows\System\LNTbUlP.exe
  C:\Windows\System\LNTbUlP.exe
  2⤵
  PID:8532
- C:\Windows\System\pqNMDRh.exe
  C:\Windows\System\pqNMDRh.exe
  2⤵
  PID:8568
- C:\Windows\System\peIIkNp.exe
  C:\Windows\System\peIIkNp.exe
  2⤵
  PID:8592
- C:\Windows\System\nvTjiif.exe
  C:\Windows\System\nvTjiif.exe
  2⤵
  PID:8624
- C:\Windows\System\AZAMxPT.exe
  C:\Windows\System\AZAMxPT.exe
  2⤵
  PID:8656
- C:\Windows\System\zWelnQz.exe
  C:\Windows\System\zWelnQz.exe
  2⤵
  PID:8680
- C:\Windows\System\vsCVsVS.exe
  C:\Windows\System\vsCVsVS.exe
  2⤵
  PID:8712
- C:\Windows\System\UaICTaj.exe
  C:\Windows\System\UaICTaj.exe
  2⤵
  PID:8756
- C:\Windows\System\RUMrvMa.exe
  C:\Windows\System\RUMrvMa.exe
  2⤵
  PID:8776
- C:\Windows\System\XqoSxdX.exe
  C:\Windows\System\XqoSxdX.exe
  2⤵
  PID:8804
- C:\Windows\System\TLJGwUm.exe
  C:\Windows\System\TLJGwUm.exe
  2⤵
  PID:8828
- C:\Windows\System\kLDyVNl.exe
  C:\Windows\System\kLDyVNl.exe
  2⤵
  PID:8860
- C:\Windows\System\GkORrNF.exe
  C:\Windows\System\GkORrNF.exe
  2⤵
  PID:8880
- C:\Windows\System\CxFRohp.exe
  C:\Windows\System\CxFRohp.exe
  2⤵
  PID:8916
- C:\Windows\System\WtFAPuC.exe
  C:\Windows\System\WtFAPuC.exe
  2⤵
  PID:8932
- C:\Windows\System\rcmYnJS.exe
  C:\Windows\System\rcmYnJS.exe
  2⤵
  PID:8972
- C:\Windows\System\JrBdAle.exe
  C:\Windows\System\JrBdAle.exe
  2⤵
  PID:9000
- C:\Windows\System\xmyKLKa.exe
  C:\Windows\System\xmyKLKa.exe
  2⤵
  PID:9016
- C:\Windows\System\sCdYIqO.exe
  C:\Windows\System\sCdYIqO.exe
  2⤵
  PID:9044
- C:\Windows\System\gNuQVHF.exe
  C:\Windows\System\gNuQVHF.exe
  2⤵
  PID:9076
- C:\Windows\System\sIVWgWS.exe
  C:\Windows\System\sIVWgWS.exe
  2⤵
  PID:9104
- C:\Windows\System\QSssDPd.exe
  C:\Windows\System\QSssDPd.exe
  2⤵
  PID:9128
- C:\Windows\System\qMBxLgo.exe
  C:\Windows\System\qMBxLgo.exe
  2⤵
  PID:9156
- C:\Windows\System\UAlEsRI.exe
  C:\Windows\System\UAlEsRI.exe
  2⤵
  PID:9200
- C:\Windows\System\KkdXTbM.exe
  C:\Windows\System\KkdXTbM.exe
  2⤵
  PID:7476
- C:\Windows\System\DKztIfK.exe
  C:\Windows\System\DKztIfK.exe
  2⤵
  PID:8232
- C:\Windows\System\buQILQc.exe
  C:\Windows\System\buQILQc.exe
  2⤵
  PID:8344
- C:\Windows\System\fcGqhsg.exe
  C:\Windows\System\fcGqhsg.exe
  2⤵
  PID:8404
- C:\Windows\System\wCpSWgU.exe
  C:\Windows\System\wCpSWgU.exe
  2⤵
  PID:8476
- C:\Windows\System\DnWwaoQ.exe
  C:\Windows\System\DnWwaoQ.exe
  2⤵
  PID:8560
- C:\Windows\System\bAFKZaj.exe
  C:\Windows\System\bAFKZaj.exe
  2⤵
  PID:8548
- C:\Windows\System\wcTvKGN.exe
  C:\Windows\System\wcTvKGN.exe
  2⤵
  PID:8648
- C:\Windows\System\KEYOEtr.exe
  C:\Windows\System\KEYOEtr.exe
  2⤵
  PID:8748
- C:\Windows\System\dursCBi.exe
  C:\Windows\System\dursCBi.exe
  2⤵
  PID:8788
- C:\Windows\System\CaoREzQ.exe
  C:\Windows\System\CaoREzQ.exe
  2⤵
  PID:8844
- C:\Windows\System\DeisvfI.exe
  C:\Windows\System\DeisvfI.exe
  2⤵
  PID:8948
- C:\Windows\System\tEPyIuf.exe
  C:\Windows\System\tEPyIuf.exe
  2⤵
  PID:7552
- C:\Windows\System\AqNDlgx.exe
  C:\Windows\System\AqNDlgx.exe
  2⤵
  PID:9060
- C:\Windows\System\FktCYxz.exe
  C:\Windows\System\FktCYxz.exe
  2⤵
  PID:9092
- C:\Windows\System\fTgcgUe.exe
  C:\Windows\System\fTgcgUe.exe
  2⤵
  PID:9184
- C:\Windows\System\xliCYtd.exe
  C:\Windows\System\xliCYtd.exe
  2⤵
  PID:8204
- C:\Windows\System\oYBCXku.exe
  C:\Windows\System\oYBCXku.exe
  2⤵
  PID:8396
- C:\Windows\System\VTaYIjZ.exe
  C:\Windows\System\VTaYIjZ.exe
  2⤵
  PID:8664
- C:\Windows\System\yODSXpI.exe
  C:\Windows\System\yODSXpI.exe
  2⤵
  PID:8764
- C:\Windows\System\pOovbsb.exe
  C:\Windows\System\pOovbsb.exe
  2⤵
  PID:8868
- C:\Windows\System\TMpMyEd.exe
  C:\Windows\System\TMpMyEd.exe
  2⤵
  PID:9084
- C:\Windows\System\iQzWQhK.exe
  C:\Windows\System\iQzWQhK.exe
  2⤵
  PID:9176
- C:\Windows\System\HIntzPx.exe
  C:\Windows\System\HIntzPx.exe
  2⤵
  PID:8460
- C:\Windows\System\ffAKfFr.exe
  C:\Windows\System\ffAKfFr.exe
  2⤵
  PID:8768
- C:\Windows\System\wKQpBpT.exe
  C:\Windows\System\wKQpBpT.exe
  2⤵
  PID:9036
- C:\Windows\System\aqMraqm.exe
  C:\Windows\System\aqMraqm.exe
  2⤵
  PID:8364
- C:\Windows\System\yYaKXnK.exe
  C:\Windows\System\yYaKXnK.exe
  2⤵
  PID:9240
- C:\Windows\System\kOaaTCb.exe
  C:\Windows\System\kOaaTCb.exe
  2⤵
  PID:9256
- C:\Windows\System\jTlhAob.exe
  C:\Windows\System\jTlhAob.exe
  2⤵
  PID:9280
- C:\Windows\System\veDbSnK.exe
  C:\Windows\System\veDbSnK.exe
  2⤵
  PID:9324
- C:\Windows\System\wsnTCgg.exe
  C:\Windows\System\wsnTCgg.exe
  2⤵
  PID:9352
- C:\Windows\System\gZeeQHU.exe
  C:\Windows\System\gZeeQHU.exe
  2⤵
  PID:9380
- C:\Windows\System\keFraJY.exe
  C:\Windows\System\keFraJY.exe
  2⤵
  PID:9408
- C:\Windows\System\vOHlQrk.exe
  C:\Windows\System\vOHlQrk.exe
  2⤵
  PID:9424
- C:\Windows\System\ioSJJpC.exe
  C:\Windows\System\ioSJJpC.exe
  2⤵
  PID:9464
- C:\Windows\System\GszSdKw.exe
  C:\Windows\System\GszSdKw.exe
  2⤵
  PID:9492
- C:\Windows\System\EkSmpgX.exe
  C:\Windows\System\EkSmpgX.exe
  2⤵
  PID:9520
- C:\Windows\System\fdDYLnq.exe
  C:\Windows\System\fdDYLnq.exe
  2⤵
  PID:9548
- C:\Windows\System\HCztcNy.exe
  C:\Windows\System\HCztcNy.exe
  2⤵
  PID:9576
- C:\Windows\System\aSiRfJt.exe
  C:\Windows\System\aSiRfJt.exe
  2⤵
  PID:9592
- C:\Windows\System\wHzAgVW.exe
  C:\Windows\System\wHzAgVW.exe
  2⤵
  PID:9620
- C:\Windows\System\NQttbgJ.exe
  C:\Windows\System\NQttbgJ.exe
  2⤵
  PID:9656
- C:\Windows\System\BkahnBH.exe
  C:\Windows\System\BkahnBH.exe
  2⤵
  PID:9688
- C:\Windows\System\XnKiBaV.exe
  C:\Windows\System\XnKiBaV.exe
  2⤵
  PID:9704
- C:\Windows\System\GIhixtg.exe
  C:\Windows\System\GIhixtg.exe
  2⤵
  PID:9732
- C:\Windows\System\IchbMhU.exe
  C:\Windows\System\IchbMhU.exe
  2⤵
  PID:9752
- C:\Windows\System\fcILtnq.exe
  C:\Windows\System\fcILtnq.exe
  2⤵
  PID:9788
- C:\Windows\System\XyvmcYj.exe
  C:\Windows\System\XyvmcYj.exe
  2⤵
  PID:9816
- C:\Windows\System\JodrxVk.exe
  C:\Windows\System\JodrxVk.exe
  2⤵
  PID:9844
- C:\Windows\System\NnMbClt.exe
  C:\Windows\System\NnMbClt.exe
  2⤵
  PID:9876
- C:\Windows\System\IaumPKA.exe
  C:\Windows\System\IaumPKA.exe
  2⤵
  PID:9912
- C:\Windows\System\vFnbvzs.exe
  C:\Windows\System\vFnbvzs.exe
  2⤵
  PID:9944
- C:\Windows\System\DvHCXCH.exe
  C:\Windows\System\DvHCXCH.exe
  2⤵
  PID:9968
- C:\Windows\System\WmoqJjG.exe
  C:\Windows\System\WmoqJjG.exe
  2⤵
  PID:9996
- C:\Windows\System\GKGHOVv.exe
  C:\Windows\System\GKGHOVv.exe
  2⤵
  PID:10036
- C:\Windows\System\EUCtzDQ.exe
  C:\Windows\System\EUCtzDQ.exe
  2⤵
  PID:10064
- C:\Windows\System\YdPKgWf.exe
  C:\Windows\System\YdPKgWf.exe
  2⤵
  PID:10092
- C:\Windows\System\xYnbdwC.exe
  C:\Windows\System\xYnbdwC.exe
  2⤵
  PID:10108
- C:\Windows\System\vfxCSFO.exe
  C:\Windows\System\vfxCSFO.exe
  2⤵
  PID:10136
- C:\Windows\System\ImpPrgC.exe
  C:\Windows\System\ImpPrgC.exe
  2⤵
  PID:10176
- C:\Windows\System\qUyTdrQ.exe
  C:\Windows\System\qUyTdrQ.exe
  2⤵
  PID:10204
- C:\Windows\System\rQrGzDC.exe
  C:\Windows\System\rQrGzDC.exe
  2⤵
  PID:10224
- C:\Windows\System\HILJuSX.exe
  C:\Windows\System\HILJuSX.exe
  2⤵
  PID:9248
- C:\Windows\System\ofXQhig.exe
  C:\Windows\System\ofXQhig.exe
  2⤵
  PID:9312
- C:\Windows\System\SWjoVAU.exe
  C:\Windows\System\SWjoVAU.exe
  2⤵
  PID:9368
- C:\Windows\System\ZESZJDg.exe
  C:\Windows\System\ZESZJDg.exe
  2⤵
  PID:9444
- C:\Windows\System\DwUksIH.exe
  C:\Windows\System\DwUksIH.exe
  2⤵
  PID:9488
- C:\Windows\System\JoMkhBp.exe
  C:\Windows\System\JoMkhBp.exe
  2⤵
  PID:9588
- C:\Windows\System\bSPzxcR.exe
  C:\Windows\System\bSPzxcR.exe
  2⤵
  PID:9616
- C:\Windows\System\yJSCLJa.exe
  C:\Windows\System\yJSCLJa.exe
  2⤵
  PID:9700
- C:\Windows\System\ybfQwuY.exe
  C:\Windows\System\ybfQwuY.exe
  2⤵
  PID:9748
- C:\Windows\System\pWKpAKt.exe
  C:\Windows\System\pWKpAKt.exe
  2⤵
  PID:9800
- C:\Windows\System\lIpLZMs.exe
  C:\Windows\System\lIpLZMs.exe
  2⤵
  PID:9884
- C:\Windows\System\CicAVpL.exe
  C:\Windows\System\CicAVpL.exe
  2⤵
  PID:9980
- C:\Windows\System\ZHkvgzg.exe
  C:\Windows\System\ZHkvgzg.exe
  2⤵
  PID:10008
- C:\Windows\System\SVWcVNn.exe
  C:\Windows\System\SVWcVNn.exe
  2⤵
  PID:10120
- C:\Windows\System\vwLuIjU.exe
  C:\Windows\System\vwLuIjU.exe
  2⤵
  PID:10128
- C:\Windows\System\gSdvqdq.exe
  C:\Windows\System\gSdvqdq.exe
  2⤵
  PID:10212
- C:\Windows\System\vXHjkjC.exe
  C:\Windows\System\vXHjkjC.exe
  2⤵
  PID:9392
- C:\Windows\System\sWyoEND.exe
  C:\Windows\System\sWyoEND.exe
  2⤵
  PID:9504
- C:\Windows\System\JiDYvVS.exe
  C:\Windows\System\JiDYvVS.exe
  2⤵
  PID:9612
- C:\Windows\System\yKOkpZy.exe
  C:\Windows\System\yKOkpZy.exe
  2⤵
  PID:9828
- C:\Windows\System\kACJceQ.exe
  C:\Windows\System\kACJceQ.exe
  2⤵
  PID:10020
- C:\Windows\System\bIAblAC.exe
  C:\Windows\System\bIAblAC.exe
  2⤵
  PID:10168
- C:\Windows\System\dFnUIxb.exe
  C:\Windows\System\dFnUIxb.exe
  2⤵
  PID:8320
- C:\Windows\System\yNINDMt.exe
  C:\Windows\System\yNINDMt.exe
  2⤵
  PID:9420
- C:\Windows\System\huXkBYg.exe
  C:\Windows\System\huXkBYg.exe
  2⤵
  PID:9940
- C:\Windows\System\pEQraAc.exe
  C:\Windows\System\pEQraAc.exe
  2⤵
  PID:9684
- C:\Windows\System\UmRrcUn.exe
  C:\Windows\System\UmRrcUn.exe
  2⤵
  PID:10244
- C:\Windows\System\QtlYxze.exe
  C:\Windows\System\QtlYxze.exe
  2⤵
  PID:10276
- C:\Windows\System\NLIUOLz.exe
  C:\Windows\System\NLIUOLz.exe
  2⤵
  PID:10308
- C:\Windows\System\sUzDzlR.exe
  C:\Windows\System\sUzDzlR.exe
  2⤵
  PID:10344
- C:\Windows\System\plpcChV.exe
  C:\Windows\System\plpcChV.exe
  2⤵
  PID:10360
- C:\Windows\System\qdKTZZo.exe
  C:\Windows\System\qdKTZZo.exe
  2⤵
  PID:10400
- C:\Windows\System\gVoqasD.exe
  C:\Windows\System\gVoqasD.exe
  2⤵
  PID:10428
- C:\Windows\System\sKpiEOR.exe
  C:\Windows\System\sKpiEOR.exe
  2⤵
  PID:10456
- C:\Windows\System\FKiCquc.exe
  C:\Windows\System\FKiCquc.exe
  2⤵
  PID:10484
- C:\Windows\System\nMLuyCS.exe
  C:\Windows\System\nMLuyCS.exe
  2⤵
  PID:10512
- C:\Windows\System\XLQqmES.exe
  C:\Windows\System\XLQqmES.exe
  2⤵
  PID:10540
- C:\Windows\System\ooxveuC.exe
  C:\Windows\System\ooxveuC.exe
  2⤵
  PID:10568
- C:\Windows\System\PRkkTEF.exe
  C:\Windows\System\PRkkTEF.exe
  2⤵
  PID:10600
- C:\Windows\System\qavZaUU.exe
  C:\Windows\System\qavZaUU.exe
  2⤵
  PID:10628
- C:\Windows\System\rEdatlv.exe
  C:\Windows\System\rEdatlv.exe
  2⤵
  PID:10656
- C:\Windows\System\mwKWcUT.exe
  C:\Windows\System\mwKWcUT.exe
  2⤵
  PID:10684
- C:\Windows\System\VbNEVWw.exe
  C:\Windows\System\VbNEVWw.exe
  2⤵
  PID:10712
- C:\Windows\System\CZhjydh.exe
  C:\Windows\System\CZhjydh.exe
  2⤵
  PID:10744
- C:\Windows\System\XhKFMfr.exe
  C:\Windows\System\XhKFMfr.exe
  2⤵
  PID:10772
- C:\Windows\System\jfPgGmL.exe
  C:\Windows\System\jfPgGmL.exe
  2⤵
  PID:10800
- C:\Windows\System\dnNGtyb.exe
  C:\Windows\System\dnNGtyb.exe
  2⤵
  PID:10828
- C:\Windows\System\FJJbmZV.exe
  C:\Windows\System\FJJbmZV.exe
  2⤵
  PID:10856
- C:\Windows\System\whikzhO.exe
  C:\Windows\System\whikzhO.exe
  2⤵
  PID:10884
- C:\Windows\System\hGPMbUC.exe
  C:\Windows\System\hGPMbUC.exe
  2⤵
  PID:10912
- C:\Windows\System\QJkRNGW.exe
  C:\Windows\System\QJkRNGW.exe
  2⤵
  PID:10940
- C:\Windows\System\QOhLeHJ.exe
  C:\Windows\System\QOhLeHJ.exe
  2⤵
  PID:10968
- C:\Windows\System\ozFrLyB.exe
  C:\Windows\System\ozFrLyB.exe
  2⤵
  PID:11000
- C:\Windows\System\Ogquatv.exe
  C:\Windows\System\Ogquatv.exe
  2⤵
  PID:11028
- C:\Windows\System\DLyUUDD.exe
  C:\Windows\System\DLyUUDD.exe
  2⤵
  PID:11056
- C:\Windows\System\FtsnJTA.exe
  C:\Windows\System\FtsnJTA.exe
  2⤵
  PID:11084
- C:\Windows\System\nzPxozd.exe
  C:\Windows\System\nzPxozd.exe
  2⤵
  PID:11112
- C:\Windows\System\ihIPygQ.exe
  C:\Windows\System\ihIPygQ.exe
  2⤵
  PID:11140
- C:\Windows\System\YybCYbM.exe
  C:\Windows\System\YybCYbM.exe
  2⤵
  PID:11172
- C:\Windows\System\HtDfpTH.exe
  C:\Windows\System\HtDfpTH.exe
  2⤵
  PID:11204
- C:\Windows\System\arNVeDH.exe
  C:\Windows\System\arNVeDH.exe
  2⤵
  PID:11232
- C:\Windows\System\zTDoqfy.exe
  C:\Windows\System\zTDoqfy.exe
  2⤵
  PID:10196
- C:\Windows\System\cmoYAJe.exe
  C:\Windows\System\cmoYAJe.exe
  2⤵
  PID:10264
- C:\Windows\System\EVjdSBi.exe
  C:\Windows\System\EVjdSBi.exe
  2⤵
  PID:10336
- C:\Windows\System\rHUvEgG.exe
  C:\Windows\System\rHUvEgG.exe
  2⤵
  PID:10412
- C:\Windows\System\lnaccdv.exe
  C:\Windows\System\lnaccdv.exe
  2⤵
  PID:10496
- C:\Windows\System\aemnVXO.exe
  C:\Windows\System\aemnVXO.exe
  2⤵
  PID:10560
- C:\Windows\System\JarzPOH.exe
  C:\Windows\System\JarzPOH.exe
  2⤵
  PID:10624
- C:\Windows\System\XtaZoyP.exe
  C:\Windows\System\XtaZoyP.exe
  2⤵
  PID:10704
- C:\Windows\System\nCyyoYQ.exe
  C:\Windows\System\nCyyoYQ.exe
  2⤵
  PID:10764
- C:\Windows\System\LxJIfXd.exe
  C:\Windows\System\LxJIfXd.exe
  2⤵
  PID:10820
- C:\Windows\System\EeIJvbT.exe
  C:\Windows\System\EeIJvbT.exe
  2⤵
  PID:10896
- C:\Windows\System\FRDCpKs.exe
  C:\Windows\System\FRDCpKs.exe
  2⤵
  PID:10984
- C:\Windows\System\YtEXhDG.exe
  C:\Windows\System\YtEXhDG.exe
  2⤵
  PID:11040
- C:\Windows\System\PeipQMW.exe
  C:\Windows\System\PeipQMW.exe
  2⤵
  PID:11136
- C:\Windows\System\QwPMRlM.exe
  C:\Windows\System\QwPMRlM.exe
  2⤵
  PID:11216
- C:\Windows\System\HWWErzz.exe
  C:\Windows\System\HWWErzz.exe
  2⤵
  PID:9836
- C:\Windows\System\JFwusqU.exe
  C:\Windows\System\JFwusqU.exe
  2⤵
  PID:10420
- C:\Windows\System\FUBaIqn.exe
  C:\Windows\System\FUBaIqn.exe
  2⤵
  PID:10680
- C:\Windows\System\PBKOjUA.exe
  C:\Windows\System\PBKOjUA.exe
  2⤵
  PID:10852
- C:\Windows\System\ZqsnHkG.exe
  C:\Windows\System\ZqsnHkG.exe
  2⤵
  PID:11044
- C:\Windows\System\UdCsWwA.exe
  C:\Windows\System\UdCsWwA.exe
  2⤵
  PID:11244
- C:\Windows\System\vOTmaPm.exe
  C:\Windows\System\vOTmaPm.exe
  2⤵
  PID:10668
- C:\Windows\System\MRJVmEw.exe
  C:\Windows\System\MRJVmEw.exe
  2⤵
  PID:11016
- C:\Windows\System\BTZSPqi.exe
  C:\Windows\System\BTZSPqi.exe
  2⤵
  PID:10796
- C:\Windows\System\DOGPuRO.exe
  C:\Windows\System\DOGPuRO.exe
  2⤵
  PID:11268
- C:\Windows\System\nTzuoRF.exe
  C:\Windows\System\nTzuoRF.exe
  2⤵
  PID:11316
- C:\Windows\System\FgvbQhj.exe
  C:\Windows\System\FgvbQhj.exe
  2⤵
  PID:11344
- C:\Windows\System\ZLSeLqU.exe
  C:\Windows\System\ZLSeLqU.exe
  2⤵
  PID:11364
- C:\Windows\System\nyoKLCz.exe
  C:\Windows\System\nyoKLCz.exe
  2⤵
  PID:11400
- C:\Windows\System\JGACakt.exe
  C:\Windows\System\JGACakt.exe
  2⤵
  PID:11428
- C:\Windows\System\XfBijdg.exe
  C:\Windows\System\XfBijdg.exe
  2⤵
  PID:11444
- C:\Windows\System\XvqdqaG.exe
  C:\Windows\System\XvqdqaG.exe
  2⤵
  PID:11484
- C:\Windows\System\lwWlVJv.exe
  C:\Windows\System\lwWlVJv.exe
  2⤵
  PID:11504
- C:\Windows\System\DcSyOVq.exe
  C:\Windows\System\DcSyOVq.exe
  2⤵
  PID:11548
- C:\Windows\System\toSVaTe.exe
  C:\Windows\System\toSVaTe.exe
  2⤵
  PID:11580
- C:\Windows\System\BSwuBQy.exe
  C:\Windows\System\BSwuBQy.exe
  2⤵
  PID:11608
- C:\Windows\System\DAEVucG.exe
  C:\Windows\System\DAEVucG.exe
  2⤵
  PID:11636
- C:\Windows\System\UpaxGBp.exe
  C:\Windows\System\UpaxGBp.exe
  2⤵
  PID:11664
- C:\Windows\System\uCxgEmI.exe
  C:\Windows\System\uCxgEmI.exe
  2⤵
  PID:11680
- C:\Windows\System\ZeHNBTc.exe
  C:\Windows\System\ZeHNBTc.exe
  2⤵
  PID:11712
- C:\Windows\System\TjLbLXB.exe
  C:\Windows\System\TjLbLXB.exe
  2⤵
  PID:11748
- C:\Windows\System\gzGkkLy.exe
  C:\Windows\System\gzGkkLy.exe
  2⤵
  PID:11776
- C:\Windows\System\cozRuno.exe
  C:\Windows\System\cozRuno.exe
  2⤵
  PID:11804
- C:\Windows\System\dGpAiex.exe
  C:\Windows\System\dGpAiex.exe
  2⤵
  PID:11832
- C:\Windows\System\lTztOGC.exe
  C:\Windows\System\lTztOGC.exe
  2⤵
  PID:11884
- C:\Windows\System\UKAJOFm.exe
  C:\Windows\System\UKAJOFm.exe
  2⤵
  PID:11912
- C:\Windows\System\ldbkoPd.exe
  C:\Windows\System\ldbkoPd.exe
  2⤵
  PID:11940
- C:\Windows\System\lkvrEct.exe
  C:\Windows\System\lkvrEct.exe
  2⤵
  PID:11972
- C:\Windows\System\kTCudwe.exe
  C:\Windows\System\kTCudwe.exe
  2⤵
  PID:12012
- C:\Windows\System\gruXmSY.exe
  C:\Windows\System\gruXmSY.exe
  2⤵
  PID:12048
- C:\Windows\System\SHKxRLY.exe
  C:\Windows\System\SHKxRLY.exe
  2⤵
  PID:12084
- C:\Windows\System\uRLiRwi.exe
  C:\Windows\System\uRLiRwi.exe
  2⤵
  PID:12112
- C:\Windows\System\mLnnEHA.exe
  C:\Windows\System\mLnnEHA.exe
  2⤵
  PID:12144
- C:\Windows\System\JFCcoMZ.exe
  C:\Windows\System\JFCcoMZ.exe
  2⤵
  PID:12176
- C:\Windows\System\lcVADed.exe
  C:\Windows\System\lcVADed.exe
  2⤵
  PID:12204
- C:\Windows\System\XRRgExl.exe
  C:\Windows\System\XRRgExl.exe
  2⤵
  PID:12236
- C:\Windows\System\XXQcdpS.exe
  C:\Windows\System\XXQcdpS.exe
  2⤵
  PID:12272
- C:\Windows\System\aXpJvie.exe
  C:\Windows\System\aXpJvie.exe
  2⤵
  PID:11296
- C:\Windows\System\kwEebep.exe
  C:\Windows\System\kwEebep.exe
  2⤵
  PID:11372
- C:\Windows\System\lskYqRX.exe
  C:\Windows\System\lskYqRX.exe
  2⤵
  PID:11420
- C:\Windows\System\cMDAUUO.exe
  C:\Windows\System\cMDAUUO.exe
  2⤵
  PID:11500
- C:\Windows\System\GHpGhWm.exe
  C:\Windows\System\GHpGhWm.exe
  2⤵
  PID:11572
- C:\Windows\System\TYaSNsV.exe
  C:\Windows\System\TYaSNsV.exe
  2⤵
  PID:11652
- C:\Windows\System\EHWjaQR.exe
  C:\Windows\System\EHWjaQR.exe
  2⤵
  PID:11704
- C:\Windows\System\nckZFYU.exe
  C:\Windows\System\nckZFYU.exe
  2⤵
  PID:11772
- C:\Windows\System\NinbQra.exe
  C:\Windows\System\NinbQra.exe
  2⤵
  PID:11844
- C:\Windows\System\lPbalms.exe
  C:\Windows\System\lPbalms.exe
  2⤵
  PID:11936
- C:\Windows\System\JRTwNAF.exe
  C:\Windows\System\JRTwNAF.exe
  2⤵
  PID:12044
- C:\Windows\System\qgKulOx.exe
  C:\Windows\System\qgKulOx.exe
  2⤵
  PID:12080
- C:\Windows\System\PdfyVqN.exe
  C:\Windows\System\PdfyVqN.exe
  2⤵
  PID:12156
- C:\Windows\System\qfClIXw.exe
  C:\Windows\System\qfClIXw.exe
  2⤵
  PID:4644
- C:\Windows\System\eHtTCZz.exe
  C:\Windows\System\eHtTCZz.exe
  2⤵
  PID:12268
- C:\Windows\System\viXlHcO.exe
  C:\Windows\System\viXlHcO.exe
  2⤵
  PID:11396
- C:\Windows\System\qqggeyg.exe
  C:\Windows\System\qqggeyg.exe
  2⤵
  PID:11560
- C:\Windows\System\ulflEkn.exe
  C:\Windows\System\ulflEkn.exe
  2⤵
  PID:11740
- C:\Windows\System\WuZYtEw.exe
  C:\Windows\System\WuZYtEw.exe
  2⤵
  PID:11908
- C:\Windows\System\bgnboXF.exe
  C:\Windows\System\bgnboXF.exe
  2⤵
  PID:11988
- C:\Windows\System\HTRTOJZ.exe
  C:\Windows\System\HTRTOJZ.exe
  2⤵
  PID:12228
- C:\Windows\System\oGtLptR.exe
  C:\Windows\System\oGtLptR.exe
  2⤵
  PID:11492
- C:\Windows\System\YRhjXil.exe
  C:\Windows\System\YRhjXil.exe
  2⤵
  PID:12004
- C:\Windows\System\JBdkYUl.exe
  C:\Windows\System\JBdkYUl.exe
  2⤵
  PID:11360
- C:\Windows\System\MpMJurE.exe
  C:\Windows\System\MpMJurE.exe
  2⤵
  PID:11904
- C:\Windows\System\GKvAJuc.exe
  C:\Windows\System\GKvAJuc.exe
  2⤵
  PID:12316
- C:\Windows\System\gXZCfNz.exe
  C:\Windows\System\gXZCfNz.exe
  2⤵
  PID:12344
- C:\Windows\System\TkCnhDf.exe
  C:\Windows\System\TkCnhDf.exe
  2⤵
  PID:12372
- C:\Windows\System\nBylNVv.exe
  C:\Windows\System\nBylNVv.exe
  2⤵
  PID:12400
- C:\Windows\System\zHeuiwT.exe
  C:\Windows\System\zHeuiwT.exe
  2⤵
  PID:12428
- C:\Windows\System\CQFhbIY.exe
  C:\Windows\System\CQFhbIY.exe
  2⤵
  PID:12456
- C:\Windows\System\AugkzDa.exe
  C:\Windows\System\AugkzDa.exe
  2⤵
  PID:12484
- C:\Windows\System\RXGGpVN.exe
  C:\Windows\System\RXGGpVN.exe
  2⤵
  PID:12512
- C:\Windows\System\QcZHLWH.exe
  C:\Windows\System\QcZHLWH.exe
  2⤵
  PID:12540
- C:\Windows\System\OfUJcxR.exe
  C:\Windows\System\OfUJcxR.exe
  2⤵
  PID:12568
- C:\Windows\System\dKtIhAF.exe
  C:\Windows\System\dKtIhAF.exe
  2⤵
  PID:12596
- C:\Windows\System\AgeIwpz.exe
  C:\Windows\System\AgeIwpz.exe
  2⤵
  PID:12616
- C:\Windows\System\EwTHlcq.exe
  C:\Windows\System\EwTHlcq.exe
  2⤵
  PID:12652
- C:\Windows\System\uLlHwtE.exe
  C:\Windows\System\uLlHwtE.exe
  2⤵
  PID:12692
- C:\Windows\System\wwdWYiH.exe
  C:\Windows\System\wwdWYiH.exe
  2⤵
  PID:12720
- C:\Windows\System\MUDSjgK.exe
  C:\Windows\System\MUDSjgK.exe
  2⤵
  PID:12748
- C:\Windows\System\kpGhkQu.exe
  C:\Windows\System\kpGhkQu.exe
  2⤵
  PID:12776
- C:\Windows\System\XhrVoOq.exe
  C:\Windows\System\XhrVoOq.exe
  2⤵
  PID:12804
- C:\Windows\System\GgACuBd.exe
  C:\Windows\System\GgACuBd.exe
  2⤵
  PID:12832
- C:\Windows\System\YcpAuJT.exe
  C:\Windows\System\YcpAuJT.exe
  2⤵
  PID:12860
- C:\Windows\System\quiOhgr.exe
  C:\Windows\System\quiOhgr.exe
  2⤵
  PID:12888
- C:\Windows\System\WDWLWgw.exe
  C:\Windows\System\WDWLWgw.exe
  2⤵
  PID:12916
- C:\Windows\System\sdPEwSo.exe
  C:\Windows\System\sdPEwSo.exe
  2⤵
  PID:12944
- C:\Windows\System\uzNzJFu.exe
  C:\Windows\System\uzNzJFu.exe
  2⤵
  PID:12972
- C:\Windows\System\yzEGMdD.exe
  C:\Windows\System\yzEGMdD.exe
  2⤵
  PID:13000
- C:\Windows\System\UfQpKYU.exe
  C:\Windows\System\UfQpKYU.exe
  2⤵
  PID:13028
- C:\Windows\System\EYoaFwl.exe
  C:\Windows\System\EYoaFwl.exe
  2⤵
  PID:13056
- C:\Windows\System\EgnhOYq.exe
  C:\Windows\System\EgnhOYq.exe
  2⤵
  PID:13084
- C:\Windows\System\tAgCqmi.exe
  C:\Windows\System\tAgCqmi.exe
  2⤵
  PID:13112
- C:\Windows\System\mxUrJsq.exe
  C:\Windows\System\mxUrJsq.exe
  2⤵
  PID:13140
- C:\Windows\System\kOUdVKR.exe
  C:\Windows\System\kOUdVKR.exe
  2⤵
  PID:13168
- C:\Windows\System\ehPnYhk.exe
  C:\Windows\System\ehPnYhk.exe
  2⤵
  PID:13200
- C:\Windows\System\reHOmZF.exe
  C:\Windows\System\reHOmZF.exe
  2⤵
  PID:13228
- C:\Windows\System\KUGrask.exe
  C:\Windows\System\KUGrask.exe
  2⤵
  PID:13256
- C:\Windows\System\fosMqBx.exe
  C:\Windows\System\fosMqBx.exe
  2⤵
  PID:13284
- C:\Windows\System\kQeeLTx.exe
  C:\Windows\System\kQeeLTx.exe
  2⤵
  PID:12216
- C:\Windows\System\zlMpTjy.exe
  C:\Windows\System\zlMpTjy.exe
  2⤵
  PID:12340
- C:\Windows\System\OUaODjn.exe
  C:\Windows\System\OUaODjn.exe
  2⤵
  PID:12412
- C:\Windows\System\FhZrQBz.exe
  C:\Windows\System\FhZrQBz.exe
  2⤵
  PID:12476
- C:\Windows\System\uFhMbtL.exe
  C:\Windows\System\uFhMbtL.exe
  2⤵
  PID:12536
- C:\Windows\System\foifPoZ.exe
  C:\Windows\System\foifPoZ.exe
  2⤵
  PID:12608
- C:\Windows\System\FPSCfBe.exe
  C:\Windows\System\FPSCfBe.exe
  2⤵
  PID:12676
- C:\Windows\System\OoCCjjv.exe
  C:\Windows\System\OoCCjjv.exe
  2⤵
  PID:12716
- C:\Windows\System\yUGPByM.exe
  C:\Windows\System\yUGPByM.exe
  2⤵
  PID:12792
- C:\Windows\System\ZDMadhr.exe
  C:\Windows\System\ZDMadhr.exe
  2⤵
  PID:12820
- C:\Windows\System\XcziJsf.exe
  C:\Windows\System\XcziJsf.exe
  2⤵
  PID:12884
- C:\Windows\System\UnkLztB.exe
  C:\Windows\System\UnkLztB.exe
  2⤵
  PID:12956
- C:\Windows\System\CyqcmAJ.exe
  C:\Windows\System\CyqcmAJ.exe
  2⤵
  PID:13020
- C:\Windows\System\GuvdXHa.exe
  C:\Windows\System\GuvdXHa.exe
  2⤵
  PID:13080
- C:\Windows\System\sCdVuwW.exe
  C:\Windows\System\sCdVuwW.exe
  2⤵
  PID:13136
- C:\Windows\System\nayKwPd.exe
  C:\Windows\System\nayKwPd.exe
  2⤵
  PID:13216
- C:\Windows\System\myvJFHV.exe
  C:\Windows\System\myvJFHV.exe
  2⤵
  PID:13276
- C:\Windows\System\dbRDBNl.exe
  C:\Windows\System\dbRDBNl.exe
  2⤵
  PID:12328
- C:\Windows\System\MKpMhSR.exe
  C:\Windows\System\MKpMhSR.exe
  2⤵
  PID:12508
- C:\Windows\System\hOGoiNS.exe
  C:\Windows\System\hOGoiNS.exe
  2⤵
  PID:12640
- C:\Windows\System\ewjZazt.exe
  C:\Windows\System\ewjZazt.exe
  2⤵
  PID:12760
- C:\Windows\System\DAiMbgh.exe
  C:\Windows\System\DAiMbgh.exe
  2⤵
  PID:12816
- C:\Windows\System\ITJVlnR.exe
  C:\Windows\System\ITJVlnR.exe
  2⤵
  PID:12988
- C:\Windows\System\ipqNNaz.exe
  C:\Windows\System\ipqNNaz.exe
  2⤵
  PID:13132
- C:\Windows\System\sTKegvQ.exe
  C:\Windows\System\sTKegvQ.exe
  2⤵
  PID:12336
- C:\Windows\System\lLVPNbe.exe
  C:\Windows\System\lLVPNbe.exe
  2⤵
  PID:12580
- C:\Windows\System\tywEhvd.exe
  C:\Windows\System\tywEhvd.exe
  2⤵
  PID:12880
- C:\Windows\System\zfYrfPT.exe
  C:\Windows\System\zfYrfPT.exe
  2⤵
  PID:4660
- C:\Windows\System\dTgRKgb.exe
  C:\Windows\System\dTgRKgb.exe
  2⤵
  PID:13248
- C:\Windows\System\gvYnlHj.exe
  C:\Windows\System\gvYnlHj.exe
  2⤵
  PID:12768
- C:\Windows\System\VQTJOYI.exe
  C:\Windows\System\VQTJOYI.exe
  2⤵
  PID:13124
- C:\Windows\System\uYEPiol.exe
  C:\Windows\System\uYEPiol.exe
  2⤵
  PID:1072
- C:\Windows\System\VYkjMdZ.exe
  C:\Windows\System\VYkjMdZ.exe
  2⤵
  PID:832
- C:\Windows\System\wUSSSRq.exe
  C:\Windows\System\wUSSSRq.exe
  2⤵
  PID:13332
- C:\Windows\System\TduuBub.exe
  C:\Windows\System\TduuBub.exe
  2⤵
  PID:13360
- C:\Windows\System\HlYtbDS.exe
  C:\Windows\System\HlYtbDS.exe
  2⤵
  PID:13388
- C:\Windows\System\qHbkwPY.exe
  C:\Windows\System\qHbkwPY.exe
  2⤵
  PID:13416
- C:\Windows\System\GtRxnWu.exe
  C:\Windows\System\GtRxnWu.exe
  2⤵
  PID:13444
- C:\Windows\System\pyQwFtu.exe
  C:\Windows\System\pyQwFtu.exe
  2⤵
  PID:13480
- C:\Windows\System\yuvHFMp.exe
  C:\Windows\System\yuvHFMp.exe
  2⤵
  PID:13500
- C:\Windows\System\hiyzKfN.exe
  C:\Windows\System\hiyzKfN.exe
  2⤵
  PID:13528
- C:\Windows\System\XRstGgI.exe
  C:\Windows\System\XRstGgI.exe
  2⤵
  PID:13556
- C:\Windows\System\vdMkfSp.exe
  C:\Windows\System\vdMkfSp.exe
  2⤵
  PID:13584
- C:\Windows\System\kIKfaQj.exe
  C:\Windows\System\kIKfaQj.exe
  2⤵
  PID:13612
- C:\Windows\System\MptkWfc.exe
  C:\Windows\System\MptkWfc.exe
  2⤵
  PID:13640
- C:\Windows\System\uvSPEAM.exe
  C:\Windows\System\uvSPEAM.exe
  2⤵
  PID:13668
- C:\Windows\System\PggxTlP.exe
  C:\Windows\System\PggxTlP.exe
  2⤵
  PID:13696
- C:\Windows\System\tVMtzBi.exe
  C:\Windows\System\tVMtzBi.exe
  2⤵
  PID:13724
- C:\Windows\System\yZPAaTk.exe
  C:\Windows\System\yZPAaTk.exe
  2⤵
  PID:13752
- C:\Windows\System\HWKclKS.exe
  C:\Windows\System\HWKclKS.exe
  2⤵
  PID:13780
- C:\Windows\System\Ctezstk.exe
  C:\Windows\System\Ctezstk.exe
  2⤵
  PID:13808
- C:\Windows\System\yaxUopE.exe
  C:\Windows\System\yaxUopE.exe
  2⤵
  PID:13836
- C:\Windows\System\KTtARSo.exe
  C:\Windows\System\KTtARSo.exe
  2⤵
  PID:13864
- C:\Windows\System\nwWGszN.exe
  C:\Windows\System\nwWGszN.exe
  2⤵
  PID:13892
- C:\Windows\System\KuyLOEY.exe
  C:\Windows\System\KuyLOEY.exe
  2⤵
  PID:13920
- C:\Windows\System\WdqNXMe.exe
  C:\Windows\System\WdqNXMe.exe
  2⤵
  PID:13948
- C:\Windows\System\SyIiVBV.exe
  C:\Windows\System\SyIiVBV.exe
  2⤵
  PID:13976
- C:\Windows\System\vasfbLI.exe
  C:\Windows\System\vasfbLI.exe
  2⤵
  PID:14004
- C:\Windows\System\rWmmUkh.exe
  C:\Windows\System\rWmmUkh.exe
  2⤵
  PID:14032
- C:\Windows\System\MYlfMRu.exe
  C:\Windows\System\MYlfMRu.exe
  2⤵
  PID:14060
- C:\Windows\System\nLZQJLj.exe
  C:\Windows\System\nLZQJLj.exe
  2⤵
  PID:14088
- C:\Windows\System\HSFohix.exe
  C:\Windows\System\HSFohix.exe
  2⤵
  PID:14116
- C:\Windows\System\InUFCld.exe
  C:\Windows\System\InUFCld.exe
  2⤵
  PID:14144
- C:\Windows\System\jTmsmuk.exe
  C:\Windows\System\jTmsmuk.exe
  2⤵
  PID:14172
- C:\Windows\System\ByJoJAB.exe
  C:\Windows\System\ByJoJAB.exe
  2⤵
  PID:14200
- C:\Windows\System\HKhqqxH.exe
  C:\Windows\System\HKhqqxH.exe
  2⤵
  PID:14228
- C:\Windows\System\MczysdI.exe
  C:\Windows\System\MczysdI.exe
  2⤵
  PID:14256
- C:\Windows\System\VmEBOHI.exe
  C:\Windows\System\VmEBOHI.exe
  2⤵
  PID:14284
- C:\Windows\System\ZMGGVXr.exe
  C:\Windows\System\ZMGGVXr.exe
  2⤵
  PID:14312
- C:\Windows\System\JCHicCr.exe
  C:\Windows\System\JCHicCr.exe
  2⤵
  PID:13324
- C:\Windows\System\zyQFQJS.exe
  C:\Windows\System\zyQFQJS.exe
  2⤵
  PID:13384
- C:\Windows\System\TkCfIJj.exe
  C:\Windows\System\TkCfIJj.exe
  2⤵
  PID:13460
- C:\Windows\System\QvScsLn.exe
  C:\Windows\System\QvScsLn.exe
  2⤵
  PID:13516
- C:\Windows\System\FRMRoLO.exe
  C:\Windows\System\FRMRoLO.exe
  2⤵
  PID:13576
- C:\Windows\System\cHhYpbv.exe
  C:\Windows\System\cHhYpbv.exe
  2⤵
  PID:13652
- C:\Windows\System\IKqUpYU.exe
  C:\Windows\System\IKqUpYU.exe
  2⤵
  PID:13716
- C:\Windows\System\LUWTugu.exe
  C:\Windows\System\LUWTugu.exe
  2⤵
  PID:13776
- C:\Windows\System\yPkeSSK.exe
  C:\Windows\System\yPkeSSK.exe
  2⤵
  PID:13848
- C:\Windows\System\ZLmvvyn.exe
  C:\Windows\System\ZLmvvyn.exe
  2⤵
  PID:13912
- C:\Windows\System\gBDMsDM.exe
  C:\Windows\System\gBDMsDM.exe
  2⤵
  PID:13960
- C:\Windows\System\PjqZUFF.exe
  C:\Windows\System\PjqZUFF.exe
  2⤵
  PID:14048
- C:\Windows\System\BiaBaoX.exe
  C:\Windows\System\BiaBaoX.exe
  2⤵
  PID:14108
- C:\Windows\System\TzVzGep.exe
  C:\Windows\System\TzVzGep.exe
  2⤵
  PID:14184
- C:\Windows\System\wVEqUDq.exe
  C:\Windows\System\wVEqUDq.exe
  2⤵
  PID:14248
- C:\Windows\System\kQfBdgg.exe
  C:\Windows\System\kQfBdgg.exe
  2⤵
  PID:14304
- C:\Windows\System\RdmwXTK.exe
  C:\Windows\System\RdmwXTK.exe
  2⤵
  PID:13316
- C:\Windows\System\ASsrhDD.exe
  C:\Windows\System\ASsrhDD.exe
  2⤵
  PID:13548
- C:\Windows\System\wAqxnov.exe
  C:\Windows\System\wAqxnov.exe
  2⤵
  PID:13692
- C:\Windows\System\jeuhpac.exe
  C:\Windows\System\jeuhpac.exe
  2⤵
  PID:13832
- C:\Windows\System\wOoXYuU.exe
  C:\Windows\System\wOoXYuU.exe
  2⤵
  PID:13964
- C:\Windows\System\mMsHVAv.exe
  C:\Windows\System\mMsHVAv.exe
  2⤵
  PID:14160
- C:\Windows\System\TcSZavZ.exe
  C:\Windows\System\TcSZavZ.exe
  2⤵
  PID:14328
- C:\Windows\System\zqEYLgd.exe
  C:\Windows\System\zqEYLgd.exe
  2⤵
  PID:13636

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CRMIhJH.exe

Filesize
2.5MB

MD5
2762d3816f12a202d1c65ee66c722519

SHA1
fd34e3d7a51cee44240025a1850fee993c8eee62

SHA256
3fe668f4fe35f3e5b1896440b8be2e5432129a141a1e936f686a2f07eef928fa

SHA512
7d61c14afc787b2c983d8f2de1f965bb1d5a7716ea818c23fd1e538d051c1dda2186d99e2ae921dce02cdb310e66feb293e6d591b8db1dd89ab1b6bfafaea85f

Download Submit
C:\Windows\System\CTDOXxF.exe

Filesize
2.5MB

MD5
1cb8bbc2878045de05f4e801d2fab628

SHA1
8995580560c506972ec2b3d87ffec4b35e7092d5

SHA256
51a48003d22933f44dd1952ccdda3a8eec24bc4753dd22f21b63ec9d519f459f

SHA512
72d5e50536a8fa26359d2b0a65018c9618d9648c338590046c5acbafbc4f62424a3ded1bf7bf3b440cbb5c47a1627eeb989d28698ef13b292d2cc68e1dfd1a2e

Download Submit
C:\Windows\System\EeQPPSm.exe

Filesize
2.5MB

MD5
4bfb259100516438a582ccec57cd4655

SHA1
e73adf3fc03200628e318082c189d1c9f7bec3dc

SHA256
64a8d33a24de2529eda79d08ae9dca9ce4d5f2d75d91677e37a3b7d89fc7cee7

SHA512
1e55512249994de31173c0dfaff66aae9a577002b91728933f377558dbabf6f8ce059af54719bd774c014f21ff81eb272b5eede702013c5b6ffb71b3b11afc83

Download Submit
C:\Windows\System\FoWmqiu.exe

Filesize
2.5MB

MD5
77c10f61fc4e45f3bd14f9b364e8d902

SHA1
ecc3dd808b080e655789170bf529f6cd9362f2d6

SHA256
3401e68b022b69330649681f7ea60a8fd1c557230d2b9976dd7c968863d10a2f

SHA512
80c609d4f93a4bb87c27e96903737088c52466b1667a93e2260acb28dc81f49ceeb6d271f1c5e89ff39c2307c386cc534a47dedf8efc36ca2cdfc8534c4f8bed

Download Submit
C:\Windows\System\IAGcMbz.exe

Filesize
2.5MB

MD5
5fdb6d7133a1f796dc7caf8148a8aaf5

SHA1
e75cef7a4b779a2e9343a214d58a722f61256a45

SHA256
8a06aed6b05bc684a9bba4ede5cbcc8c96e020ea6126db6be4773eaec8f4f69b

SHA512
74fd07ac9b44e72029060ddb9093b3730853e6d47d5815662b6dceaa87db0b39f35d07bcd79c406c15d65ffb7eb7881e58d3743a51a195ba0e8a3a933e334ab8

Download Submit
C:\Windows\System\IHdMbiX.exe

Filesize
2.5MB

MD5
2e017e97ba0d86cb211fe6ccebea699c

SHA1
d7ec2510bb576815449b0b4947d6e75e670e8019

SHA256
b88175c52227f8f6cc8978ccdee3c94db148340cc49dd4145c9145755d3fe311

SHA512
8055ee885046d4365ce015cf0aea856ce2e05c2da11fe5caed0bc2224b3bf5087f16452dcfda1496c31fd1a76d1d987b996ca2f115392d4d878a4858a1492af8

Download Submit
C:\Windows\System\OhLGBkJ.exe

Filesize
2.5MB

MD5
66c6e1e16d5e2436fcef3075fd0b21a1

SHA1
5f7556501bca1a28ca833d731815dec0b705d7df

SHA256
2a3af8fb48a6a7f846a082b81813b983916b9d49bb16cbd74fe38420199944f8

SHA512
582dfedf996fb2b4d793f129143009775859f377567c1a1ffaf7bfcaf0784eafcf5d84a03fee4e2171e416c277bd1c11e8a3697747f2eadaac83e7e3828da3c4

Download Submit
C:\Windows\System\QMtjjAr.exe

Filesize
2.5MB

MD5
21743f8920683c788d9664b8aa2e29ae

SHA1
6af69d0bb18f94e1e76e7e216b84d6292164946f

SHA256
73ce7dfaa096502a7459515769ba90197d66d81809a570f7bd1e124d607d149e

SHA512
69a54166df35abff96d1b09c931b833545f6dd0114f48252c7d7c811cbfa10ad922abb02044ceb653899529d3b7e1b179595f683625c0d24458e7a0290e6ed73

Download Submit
C:\Windows\System\RRvYWcx.exe

Filesize
2.5MB

MD5
953e786e39ff436672f797e2f49bfa0a

SHA1
3c4c65b468dbef8b096d1e62c4284027df91029e

SHA256
b6c026d6f3c6dcce91f36335ef017eefd958635604e68fab8d5c8299bd6ebf2a

SHA512
f64e6f734b2a689d3cf85a846678c45858f3faa8b55348159167c5b58ad51154c0b774b21c4b7f99bd4325126a33aa359857ce0fd8831ed09146c32f8818201f

Download Submit
C:\Windows\System\TmtJdFd.exe

Filesize
2.5MB

MD5
10a9ca635e995714a82acf6016ea2191

SHA1
e798a5558e1512c4d448f9e5adb589a065a33b96

SHA256
3921ad693783aa73bcbac39bb5735b426476718e4d2ef65c65d0ab33fe695fad

SHA512
034df19a38daf9fc818128e57c4bf980ae8eb84f2fb75cf4152808912513f090f9a85cba519281437e67bb4fb99a4f07f72cecb818dc38966c4b4019a24c5470

Download Submit
C:\Windows\System\WzkfCpp.exe

Filesize
2.5MB

MD5
263b7ab76e6ee45926561fd813798fcb

SHA1
fe2cae10e727e8143e900537b3605c232904e778

SHA256
a8fd0fce31605373c51d4b92b350faffa5cd4b8888f1cb96601b5cf232bddf35

SHA512
1dd89dd83f661405a5327f000cf87980fed351866c042a947a50b110437ed57ae3635bc28c497f06caa659cc4593c07ed75b0b544caf51988d7fa503dbc0598e

Download Submit
C:\Windows\System\YJyXRBR.exe

Filesize
2.5MB

MD5
c7ea493760f5385611e721651a6830e7

SHA1
a0edc624b14b375d1285eb55e6493f3a2cbff48e

SHA256
e123ea6d13aeeb6d5cfa94bfec2bbcf5179827ae320eee71c335db24882274a0

SHA512
9a836e8bbbf609b77b1399e296bf7dc25268b57e1f191da38dfc1cc26179efc985e91c2c12a9463c6a2743b68febd6bdbcc8a7dd391c11ae3c521178ce0c1979

Download Submit
C:\Windows\System\Yfxvtrp.exe

Filesize
2.5MB

MD5
663169899a271b1db73caa4ad9482134

SHA1
443050acb936e447cf73fa6b63cbccc0358716f3

SHA256
6aa44af9a9bfd15841d840513b5f0cf8a85adce6d91dd2a103d5b611cba696b1

SHA512
0b07cde7fc3bb6e4d68cc1020166f335021d63889640c0a737f982005e85b8951aeb34bc5bd71774dcd0e79d62f44150260c3c1456c7e47092708471bdfa5ad0

Download Submit
C:\Windows\System\bqWMXvB.exe

Filesize
2.5MB

MD5
b3f7afda374259da653b585fed18fcc2

SHA1
b6641f09b8f5632686fe4e1322e7c56d4c8a05e4

SHA256
454a0748ba2ecb87af4db8d4eb4e951042dbf9ed58a2b5aa1468b9e93a07683a

SHA512
f172c7f15582a0c084fc28f7987452d6287294127f5cc5e3dd085f0db88507a1ca9ca75d78f710fab84e5c9dd8a14c620a0ceb1231b2b220a9015bee8a421e4d

Download Submit
C:\Windows\System\cYOOeUi.exe

Filesize
2.5MB

MD5
24c566489070e4137fb7f214734876a7

SHA1
736f57519ef1d3311a1d48ec38facadce13b2645

SHA256
1fd0729b5f9b691c9a9910528607150df4043e5e1a9ad6270d60152e4488bf85

SHA512
3da97054605053a392ad69a701d7c1fd40f36ee81061b2127f82c5025933c3bfdcbd6cfe76478ade5c4191bc863c6444c7c65253cd960032b29cd8c99582e49c

Download Submit
C:\Windows\System\dVvHAnP.exe

Filesize
2.5MB

MD5
bbdf94b338b60d243e1f807410354248

SHA1
d769dd21701e9be6b46669bcc69a820982862395

SHA256
0dfd82f758390a6f9cd3197fdf1b273bed6c4229a6190bb5522d56b05dc8622a

SHA512
5555347af0a768393ad7b1ed53de5038a43dbe2b09dedb829dbcc0c1b229695cb16cc358429f4ddf8afa5c45ce8ee42b9418cd2cc7d80f40336b4beee3ecd35e

Download Submit
C:\Windows\System\efHQpzf.exe

Filesize
2.5MB

MD5
f247658cd8f62124a372fad53271d9a3

SHA1
b36882ad19321b7d3597fa88019769576ddbd4f4

SHA256
efae72ef49257726434ddb3a87ed588812c2fc444c3e2a79c2cdc961d980e8ba

SHA512
2e0974e2193f23b90ac2709931363c9a5a31ada9cf6da930a295f257c9783b555f5613220b1f7b763269dac1f05ad0221514cda875ea9d01c013ec0a82ac96b8

Download Submit
C:\Windows\System\fubzqaz.exe

Filesize
2.5MB

MD5
f10ef9bc1ec96e4312c24601cb28d518

SHA1
e32f72eab86981890aa088396ed13280342a1359

SHA256
1b65685509874a13dbaa8efcfc585bf2ba780576c27e60bba2419c7d674dec4b

SHA512
5d49abaeb4e6a1fcaf0b1d1f0ba262dece29543d69b474e949bd45c300a8d429e4cb22a1878ab944ca3d00378f96f1118ce3d40ae49dda7dc2138143cfc79eb3

Download Submit
C:\Windows\System\gUdFQFi.exe

Filesize
2.5MB

MD5
c0df5b5a3f77f035aef68435cf7b24e0

SHA1
684aea5907d0490be0c286cf8dcc358fd3ac7a1a

SHA256
165a7da2590a8699d339ebee2fa992bb51d58a251c2326527670bd50b150796c

SHA512
37ba2eb032fa11fc8a03de14b9106acb9e9de2f562f996a71b3eff86d0d53f6369ce391d51963e1d5540ed377fec21bd8ca8b9fc650fa7d8d3b42a7f99712dc4

Download Submit
C:\Windows\System\hFxWNUt.exe

Filesize
2.5MB

MD5
e2f5893393fe5afc75fcf8dfed3a244c

SHA1
175765b8e7132ff36796732debf1929d86dc8579

SHA256
727aa6dd1d27fb7123593bb2eac5676469f1231c9b2f4168a32edb20717d1b21

SHA512
31afb3f3f510cda9a0041adec727a2242257139b4fae0e306336631479040a4ab9b308b67ad8300ad6bd58334fbd4f4fd7ce2cfe8f605d22bd3c0d79ab4bc332

Download Submit
C:\Windows\System\iAcjPwW.exe

Filesize
2.5MB

MD5
27937b70174fba73a914a9547c9737e9

SHA1
a74ff08fa7bdba88a2fa6a22e314b666d523e2c4

SHA256
0b8cc3c1733a266466e89b2d8fce89dffb2da0ced0ad5817a73dff36fc5c7fb0

SHA512
c8ec5d687458f0da0a851f0851cd3ae633d9f4d2883bc99a6bbc4d79ae34274ee0310e31657604fe3cf3c331aea53836410816ae4f4f170a76ad328d4c7aef04

Download Submit
C:\Windows\System\iLfXvJp.exe

Filesize
2.5MB

MD5
a3677cbf223e7221bf890f7f610a5c1e

SHA1
7f3b2f742376a04cfa97f96f2febb764eea88c26

SHA256
877ee841a714205de418aca38ef237b7b0abe8b0140408d2bf62f93a09cc97dc

SHA512
3e91b33bae06a0b5c02e25d8e0fadaa632a9b8a25dbfeeb072218827bd3a48f31b9d2c58827bea923d4aaffdbec9d47d801b3d0ad540e4483c1201bd3b253c41

Download Submit
C:\Windows\System\jUqortV.exe

Filesize
2.5MB

MD5
40e38bad138149ae0a014ba599f75952

SHA1
6c3c6a4a13c94f04fd202802da6d9494c003af57

SHA256
44ad1a167d19241bb0587a1f3a4f2d8d45c54c530411077b9bbeaa41b84a8e70

SHA512
2cd472613885de60a120115042a9902562fb45b371b561ded524915e33b572a269041de02380749370a96e78caf7a24f0de65ad284d0c427397cdd486892e853

Download Submit
C:\Windows\System\nEhOnLS.exe

Filesize
2.5MB

MD5
37bf64d2ba1ed410a4937b2c75b18ad6

SHA1
e7a51759c16c39de25a6dccfc7d9ce4d203c7620

SHA256
9f6404b5279dc6d233f2d679da56823ffd0dd3d48267732c679f307d51b3bee8

SHA512
2485200e4f4b7126cbe7935e7a396a742327912a95a5b809ae0ec390b5438443570fa7be6d4a4a213112bcf80b27d592e67eb7568430b1e911741f0a7819f82a

Download Submit
C:\Windows\System\oMifWzb.exe

Filesize
2.5MB

MD5
f6a3d38022664ce162941993d642799e

SHA1
56c9a9a35fa880b1932b986f8303bd18c97261e6

SHA256
cee00a32dd1d6db65caf82c8e78a4a65542e5a9667b6f558db15efaad901b0c0

SHA512
e297beba6a2aec10c0e3d21d310fd2b279e72b1360e18c81809b6fcd0177829c5cccb8b9bb4b224c3f8d9593ce4c4d58c50217dcdda757989b669985cb1e6181

Download Submit
C:\Windows\System\rAKmJAp.exe

Filesize
2.5MB

MD5
789966c884310424cc3811b9b4ce6444

SHA1
b530e45687f7756e45ad038643f430845d004311

SHA256
c0c243980901860956d15d73e9fbcd26e1478f8ff558ef1ff9b03226446f2a53

SHA512
b02646f01f69415c695c99ed9d46e9b276b1ce8ad888bf58c3f3cea6105b6a08d011cb842839a46a890bbfa3e783922ffcef072105f14807ee3ab8a3f10eda52

Download Submit
C:\Windows\System\spiTUPq.exe

Filesize
2.5MB

MD5
b5bab93e0c7cc7a208042c1b90ecb98e

SHA1
6c8d3319ce2b1659ff7943f13d07e4baaf21c85b

SHA256
ffeae86408ebf7fdb7e0ae5828871cdf93e780f217b78ab91e5e27a2ca0c2a43

SHA512
962dd089dc1797bba29e346bfcb0e5560c3ac3e3281660728e9af70aa394ca88db9f127b5a13efd659a07576092b19ae01630eab8932befef7d355500887d4c2

Download Submit
C:\Windows\System\uhJkiYF.exe

Filesize
2.5MB

MD5
16001b4a927ecb35ef48aeb71bc2dde0

SHA1
a5a5ee46e8411467dfce5d65b57877782c15529d

SHA256
5ca7f1b279d5994a5c61d03f409e6185a232f75b47374155757514f211026888

SHA512
8df00b5b7e92809a594697ee696091485c8bb730a2220664355dbb64a699a8ab155943d231a14a11f209c4413da5bd8b6ebecf02892a4eb6808090e4490d33d8

Download Submit
C:\Windows\System\vbbPkJh.exe

Filesize
2.5MB

MD5
8cb3a0d64d524bac8580f8245aa5636f

SHA1
172087d14d920d92781c43d7ac6c0e160cde1fac

SHA256
848b4ce0961b7cc8dba6a90ee0eb77b9eb22acbcb2377248df336f59027e99f9

SHA512
59122a9419c0bee11769657d9882e88b2454f82705f897a5b19bf26cdfbdeb60eff072f2efb5608cc56be02ac40e3ce3c4a922b792ed191612f291be9831cbd2

Download Submit
C:\Windows\System\wUubaBb.exe

Filesize
2.5MB

MD5
739e0f4872add22a4ae1963d95b105bc

SHA1
6f241b6a2f19b48ffd5ec477d5124dcc0d4cc0c5

SHA256
7500bf585b671adcff7215af51230c6d801d87bb5d0ff5c2dd0bbf04bdf3dffe

SHA512
956b1e1d2e7a97790eefe085a22aad15907eb0057c2883f025ab994cd1675a2aa3a49c74a0de340b786d335e8a0a7e05b79ee8474ffad82e57bb9b41518a7853

Download Submit
C:\Windows\System\wbPtQEm.exe

Filesize
2.5MB

MD5
663d7a0b6e6ad754ac6e5b1204a7a125

SHA1
46ea753921d0bf7648569307503252708b829df8

SHA256
7eaba2ca7bd01a8b7e57dc9d22fcac87a3acb12e8912b740cee99cb0a3d4f907

SHA512
9e7e711b0f0967af951176d76dd85de8361962b98633cfde81e768001e7518c97c3e8c7552ac718dd4004da37d6f62015915db612a2bf541915f8b8f4e78d754

Download Submit
C:\Windows\System\zMUabwG.exe

Filesize
2.5MB

MD5
18ff73059af5bccfb1b89a14eebca202

SHA1
a2a6764b3226ee450eed09b29f022fc7902876f2

SHA256
b5d4c9c2954dea526e38f941b2a52ab2a891258441ff25b9294ca9fcfdc452a2

SHA512
80e1165d85b4540f827ddfd3396c8448f2a4935ea00429073682b241c14491ee30f410d90e6adb6ba535b82017b29999b268fdb59bddf1e5ca476cb3d23e1a52

Download Submit
C:\Windows\System\zhkiKZd.exe

Filesize
2.5MB

MD5
29c8db0e53e4227e52731b35d0407e42

SHA1
75feada163e07381cde8df080996a3426df1083d

SHA256
d3c079b029550f8f5ec97586a8466e04f9b0ac20e96cd8103b70c0495d0a3059

SHA512
054809cd22a97dadad95588489c0206a80c8de73a3e1b914c4a39a9b0a790371786d250fd1e2703e964e531b9d0efc8dfd34d269f9cc7fdeb370e4d19f7b6952

Download Submit
memory/752-725-0x00007FF7233A0000-0x00007FF7236F4000-memory.dmp

Filesize
3.3MB

Download
memory/752-2189-0x00007FF7233A0000-0x00007FF7236F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-660-0x00007FF632A80000-0x00007FF632DD4000-memory.dmp

Filesize
3.3MB

Download
memory/808-2171-0x00007FF632A80000-0x00007FF632DD4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2160-0x00007FF7A95F0000-0x00007FF7A9944000-memory.dmp

Filesize
3.3MB

Download
memory/1248-8-0x00007FF7A95F0000-0x00007FF7A9944000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2165-0x00007FF7A95F0000-0x00007FF7A9944000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2163-0x00007FF707720000-0x00007FF707A74000-memory.dmp

Filesize
3.3MB

Download
memory/1496-27-0x00007FF707720000-0x00007FF707A74000-memory.dmp

Filesize
3.3MB

Download
memory/1496-2168-0x00007FF707720000-0x00007FF707A74000-memory.dmp

Filesize
3.3MB

Download
memory/1520-2182-0x00007FF67BD40000-0x00007FF67C094000-memory.dmp

Filesize
3.3MB

Download
memory/1520-702-0x00007FF67BD40000-0x00007FF67C094000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2193-0x00007FF701A40000-0x00007FF701D94000-memory.dmp

Filesize
3.3MB

Download
memory/1672-728-0x00007FF701A40000-0x00007FF701D94000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2167-0x00007FF7E36C0000-0x00007FF7E3A14000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2162-0x00007FF7E36C0000-0x00007FF7E3A14000-memory.dmp

Filesize
3.3MB

Download
memory/1708-22-0x00007FF7E36C0000-0x00007FF7E3A14000-memory.dmp

Filesize
3.3MB

Download
memory/1832-0-0x00007FF72A020000-0x00007FF72A374000-memory.dmp

Filesize
3.3MB

Download
memory/1832-1-0x000001DD60E20000-0x000001DD60E30000-memory.dmp

Filesize
64KB

Download
memory/1940-2175-0x00007FF704DA0000-0x00007FF7050F4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-661-0x00007FF704DA0000-0x00007FF7050F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-2183-0x00007FF62A050000-0x00007FF62A3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-699-0x00007FF62A050000-0x00007FF62A3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2185-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp

Filesize
3.3MB

Download
memory/2388-709-0x00007FF63B5C0000-0x00007FF63B914000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2169-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-31-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2164-0x00007FF66F690000-0x00007FF66F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2179-0x00007FF78B210000-0x00007FF78B564000-memory.dmp

Filesize
3.3MB

Download
memory/2576-684-0x00007FF78B210000-0x00007FF78B564000-memory.dmp

Filesize
3.3MB

Download
memory/2608-664-0x00007FF7974B0000-0x00007FF797804000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2178-0x00007FF7974B0000-0x00007FF797804000-memory.dmp

Filesize
3.3MB

Download
memory/2656-695-0x00007FF7AB5A0000-0x00007FF7AB8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2184-0x00007FF7AB5A0000-0x00007FF7AB8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2187-0x00007FF60E800000-0x00007FF60EB54000-memory.dmp

Filesize
3.3MB

Download
memory/2740-712-0x00007FF60E800000-0x00007FF60EB54000-memory.dmp

Filesize
3.3MB

Download
memory/2752-2181-0x00007FF6AF340000-0x00007FF6AF694000-memory.dmp

Filesize
3.3MB

Download
memory/2752-689-0x00007FF6AF340000-0x00007FF6AF694000-memory.dmp

Filesize
3.3MB

Download
memory/3060-670-0x00007FF619260000-0x00007FF6195B4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2173-0x00007FF619260000-0x00007FF6195B4000-memory.dmp

Filesize
3.3MB

Download
memory/3080-715-0x00007FF74D640000-0x00007FF74D994000-memory.dmp

Filesize
3.3MB

Download
memory/3080-2188-0x00007FF74D640000-0x00007FF74D994000-memory.dmp

Filesize
3.3MB

Download
memory/3268-663-0x00007FF67E1D0000-0x00007FF67E524000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2176-0x00007FF67E1D0000-0x00007FF67E524000-memory.dmp

Filesize
3.3MB

Download
memory/3280-662-0x00007FF65AD80000-0x00007FF65B0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3280-2174-0x00007FF65AD80000-0x00007FF65B0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2190-0x00007FF70AE70000-0x00007FF70B1C4000-memory.dmp

Filesize
3.3MB

Download
memory/3464-719-0x00007FF70AE70000-0x00007FF70B1C4000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2161-0x00007FF75A320000-0x00007FF75A674000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2166-0x00007FF75A320000-0x00007FF75A674000-memory.dmp

Filesize
3.3MB

Download
memory/3512-16-0x00007FF75A320000-0x00007FF75A674000-memory.dmp

Filesize
3.3MB

Download
memory/3908-673-0x00007FF710B60000-0x00007FF710EB4000-memory.dmp

Filesize
3.3MB

Download
memory/3908-2177-0x00007FF710B60000-0x00007FF710EB4000-memory.dmp

Filesize
3.3MB

Download
memory/4056-705-0x00007FF6C8070000-0x00007FF6C83C4000-memory.dmp

Filesize
3.3MB

Download
memory/4056-2192-0x00007FF6C8070000-0x00007FF6C83C4000-memory.dmp

Filesize
3.3MB

Download
memory/4124-2191-0x00007FF65F4B0000-0x00007FF65F804000-memory.dmp

Filesize
3.3MB

Download
memory/4124-717-0x00007FF65F4B0000-0x00007FF65F804000-memory.dmp

Filesize
3.3MB

Download
memory/4368-731-0x00007FF6A1D30000-0x00007FF6A2084000-memory.dmp

Filesize
3.3MB

Download
memory/4368-2170-0x00007FF6A1D30000-0x00007FF6A2084000-memory.dmp

Filesize
3.3MB

Download
memory/4488-2180-0x00007FF79A420000-0x00007FF79A774000-memory.dmp

Filesize
3.3MB

Download
memory/4488-686-0x00007FF79A420000-0x00007FF79A774000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2172-0x00007FF6AA1F0000-0x00007FF6AA544000-memory.dmp

Filesize
3.3MB

Download
memory/4580-678-0x00007FF6AA1F0000-0x00007FF6AA544000-memory.dmp

Filesize
3.3MB

Download
memory/4632-2186-0x00007FF7A6020000-0x00007FF7A6374000-memory.dmp

Filesize
3.3MB

Download
memory/4632-727-0x00007FF7A6020000-0x00007FF7A6374000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads