kpot | 88cdb44ec3916a9a99e606d449d7e8540fd8cd2dc3af82232fc719393771e472

Analysis

max time kernel
111s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
Size

2.1MB
MD5

60d9f3b8c7c127ed045f97b41cda9960
SHA1

edba98013c545916f0f5250d89be30c90baa1875
SHA256

88cdb44ec3916a9a99e606d449d7e8540fd8cd2dc3af82232fc719393771e472
SHA512

decb5271d1995f88f9f685dc6c70efa1c7e8e8e0a04d8756b8e9c633cdeb7515bbdd66b8c1ebf4b7065469308b760570e75291f4b69718659b099382a17b7684
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3isP:BemTLkNdfE0pZrwt

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x00060000000233cd-6.dat	family_kpot
behavioral2/files/0x0008000000023586-12.dat	family_kpot
behavioral2/files/0x0007000000023588-25.dat	family_kpot
behavioral2/files/0x000700000002358e-60.dat	family_kpot
behavioral2/files/0x000700000002358a-54.dat	family_kpot
behavioral2/files/0x0007000000023590-53.dat	family_kpot
behavioral2/files/0x0007000000023589-45.dat	family_kpot
behavioral2/files/0x000700000002358d-42.dat	family_kpot
behavioral2/files/0x000700000002358c-40.dat	family_kpot
behavioral2/files/0x000700000002358b-38.dat	family_kpot
behavioral2/files/0x0007000000023592-72.dat	family_kpot
behavioral2/files/0x000700000002358f-65.dat	family_kpot
behavioral2/files/0x0007000000023591-61.dat	family_kpot
behavioral2/files/0x0007000000023587-21.dat	family_kpot
behavioral2/files/0x0007000000023596-101.dat	family_kpot
behavioral2/files/0x000700000002359b-113.dat	family_kpot
behavioral2/files/0x000700000002359a-125.dat	family_kpot
behavioral2/files/0x000700000002359f-153.dat	family_kpot
behavioral2/files/0x000700000002359e-151.dat	family_kpot
behavioral2/files/0x000700000002359d-149.dat	family_kpot
behavioral2/files/0x000700000002359c-147.dat	family_kpot
behavioral2/files/0x0007000000023595-123.dat	family_kpot
behavioral2/files/0x0007000000023599-121.dat	family_kpot
behavioral2/files/0x0007000000023598-119.dat	family_kpot
behavioral2/files/0x0007000000023597-117.dat	family_kpot
behavioral2/files/0x0007000000023593-108.dat	family_kpot
behavioral2/files/0x0007000000023594-94.dat	family_kpot
behavioral2/files/0x00070000000235a0-166.dat	family_kpot
behavioral2/files/0x0008000000023584-179.dat	family_kpot
behavioral2/files/0x00070000000235a4-193.dat	family_kpot
behavioral2/files/0x00070000000235a3-192.dat	family_kpot
behavioral2/files/0x00070000000235a1-185.dat	family_kpot
behavioral2/files/0x00070000000235a2-177.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5000-0-0x00007FF7F3720000-0x00007FF7F3A74000-memory.dmp	xmrig
behavioral2/files/0x00060000000233cd-6.dat	xmrig
behavioral2/files/0x0008000000023586-12.dat	xmrig
behavioral2/files/0x0007000000023588-25.dat	xmrig
behavioral2/files/0x000700000002358e-60.dat	xmrig
behavioral2/files/0x000700000002358a-54.dat	xmrig
behavioral2/files/0x0007000000023590-53.dat	xmrig
behavioral2/memory/2628-50-0x00007FF789450000-0x00007FF7897A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023589-45.dat	xmrig
behavioral2/memory/1656-56-0x00007FF6FCDE0000-0x00007FF6FD134000-memory.dmp	xmrig
behavioral2/files/0x000700000002358d-42.dat	xmrig
behavioral2/files/0x000700000002358c-40.dat	xmrig
behavioral2/files/0x000700000002358b-38.dat	xmrig
behavioral2/memory/3016-33-0x00007FF731BB0000-0x00007FF731F04000-memory.dmp	xmrig
behavioral2/memory/2964-28-0x00007FF6D3E60000-0x00007FF6D41B4000-memory.dmp	xmrig
behavioral2/memory/2968-75-0x00007FF63CD30000-0x00007FF63D084000-memory.dmp	xmrig
behavioral2/files/0x0007000000023592-72.dat	xmrig
behavioral2/files/0x000700000002358f-65.dat	xmrig
behavioral2/files/0x0007000000023591-61.dat	xmrig
behavioral2/files/0x0007000000023587-21.dat	xmrig
behavioral2/memory/2976-10-0x00007FF755F50000-0x00007FF7562A4000-memory.dmp	xmrig
behavioral2/memory/4484-79-0x00007FF63CC90000-0x00007FF63CFE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023596-101.dat	xmrig
behavioral2/files/0x000700000002359b-113.dat	xmrig
behavioral2/files/0x000700000002359a-125.dat	xmrig
behavioral2/memory/392-144-0x00007FF60A930000-0x00007FF60AC84000-memory.dmp	xmrig
behavioral2/memory/3724-156-0x00007FF657D90000-0x00007FF6580E4000-memory.dmp	xmrig
behavioral2/memory/2548-161-0x00007FF6F0D80000-0x00007FF6F10D4000-memory.dmp	xmrig
behavioral2/memory/2144-163-0x00007FF695BD0000-0x00007FF695F24000-memory.dmp	xmrig
behavioral2/memory/2112-162-0x00007FF6028B0000-0x00007FF602C04000-memory.dmp	xmrig
behavioral2/memory/2300-160-0x00007FF6A46E0000-0x00007FF6A4A34000-memory.dmp	xmrig
behavioral2/memory/3448-159-0x00007FF72E9E0000-0x00007FF72ED34000-memory.dmp	xmrig
behavioral2/memory/3008-158-0x00007FF609FC0000-0x00007FF60A314000-memory.dmp	xmrig
behavioral2/memory/4248-157-0x00007FF6C9360000-0x00007FF6C96B4000-memory.dmp	xmrig
behavioral2/memory/408-155-0x00007FF769A30000-0x00007FF769D84000-memory.dmp	xmrig
behavioral2/files/0x000700000002359f-153.dat	xmrig
behavioral2/files/0x000700000002359e-151.dat	xmrig
behavioral2/files/0x000700000002359d-149.dat	xmrig
behavioral2/files/0x000700000002359c-147.dat	xmrig
behavioral2/memory/2880-146-0x00007FF652D60000-0x00007FF6530B4000-memory.dmp	xmrig
behavioral2/memory/232-145-0x00007FF6BBF70000-0x00007FF6BC2C4000-memory.dmp	xmrig
behavioral2/memory/3020-143-0x00007FF635A20000-0x00007FF635D74000-memory.dmp	xmrig
behavioral2/memory/2716-137-0x00007FF654580000-0x00007FF6548D4000-memory.dmp	xmrig
behavioral2/memory/3728-129-0x00007FF7133B0000-0x00007FF713704000-memory.dmp	xmrig
behavioral2/files/0x0007000000023595-123.dat	xmrig
behavioral2/files/0x0007000000023599-121.dat	xmrig
behavioral2/files/0x0007000000023598-119.dat	xmrig
behavioral2/memory/4544-114-0x00007FF630370000-0x00007FF6306C4000-memory.dmp	xmrig
behavioral2/memory/3340-112-0x00007FF632790000-0x00007FF632AE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023597-117.dat	xmrig
behavioral2/memory/732-111-0x00007FF60F9A0000-0x00007FF60FCF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023593-108.dat	xmrig
behavioral2/memory/1332-99-0x00007FF68CD60000-0x00007FF68D0B4000-memory.dmp	xmrig
behavioral2/memory/784-96-0x00007FF6256A0000-0x00007FF6259F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023594-94.dat	xmrig
behavioral2/files/0x00070000000235a0-166.dat	xmrig
behavioral2/files/0x0008000000023584-179.dat	xmrig
behavioral2/memory/1000-181-0x00007FF7CE7D0000-0x00007FF7CEB24000-memory.dmp	xmrig
behavioral2/files/0x00070000000235a4-193.dat	xmrig
behavioral2/files/0x00070000000235a3-192.dat	xmrig
behavioral2/files/0x00070000000235a1-185.dat	xmrig
behavioral2/memory/1780-184-0x00007FF74FF20000-0x00007FF750274000-memory.dmp	xmrig
behavioral2/files/0x00070000000235a2-177.dat	xmrig
behavioral2/memory/5000-1968-0x00007FF7F3720000-0x00007FF7F3A74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2976	izbEPKi.exe
2964	DgZmNDT.exe
3016	LJaSRRF.exe
3020	shnWoAz.exe
2628	XLoTKqn.exe
392	nzeBtvQ.exe
232	JqTsWhd.exe
1656	ROByAUN.exe
2968	MaRBkng.exe
4484	RpZZDnm.exe
2880	sJlNaBc.exe
408	FROvgBR.exe
784	nGmKXFs.exe
1332	zElQFvj.exe
3724	KYLcecW.exe
732	uoOYpzI.exe
4248	upmZIHs.exe
3008	EqWaWYJ.exe
3340	CdbZRCs.exe
4544	nyrtRcf.exe
3728	GkXNqHi.exe
2716	AKgpZOY.exe
3448	bQnZQRT.exe
2144	jDBHloa.exe
2300	SpDQFvH.exe
2548	BaOOnMn.exe
2112	pGYvEUf.exe
1000	pStLsyp.exe
1780	nxmYbtS.exe
4884	GIRnqeT.exe
3840	WjVdJKn.exe
2876	tDLSKXR.exe
1764	vpbYBRe.exe
5024	iPefdoR.exe
4252	VVrOcBI.exe
4376	bGUpUkG.exe
3388	CUVZzbH.exe
2536	dfQxtRC.exe
372	mZYzEaO.exe
636	sWXQyKM.exe
2916	RIlNuaO.exe
4600	XKddlmQ.exe
4328	tNlsaFR.exe
4324	CYQRgix.exe
5068	vbgqdpK.exe
520	zBuRYEP.exe
2752	nfdvChA.exe
4904	eVbCbip.exe
3444	VBYKBWb.exe
4072	uEbqHiB.exe
1940	EgawcnJ.exe
1164	zyLrLhw.exe
1108	zjERaxo.exe
4928	WzQMgni.exe
2920	oZbRrXB.exe
3952	plrcUmi.exe
1944	FIwAMtY.exe
2660	hmdOikN.exe
2852	YMqtUFN.exe
4560	daaPArh.exe
1044	bvtFWaw.exe
2464	uEmelQg.exe
4576	ffOoJRZ.exe
4832	dRLydqw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5000-0-0x00007FF7F3720000-0x00007FF7F3A74000-memory.dmp	upx
behavioral2/files/0x00060000000233cd-6.dat	upx
behavioral2/files/0x0008000000023586-12.dat	upx
behavioral2/files/0x0007000000023588-25.dat	upx
behavioral2/files/0x000700000002358e-60.dat	upx
behavioral2/files/0x000700000002358a-54.dat	upx
behavioral2/files/0x0007000000023590-53.dat	upx
behavioral2/memory/2628-50-0x00007FF789450000-0x00007FF7897A4000-memory.dmp	upx
behavioral2/files/0x0007000000023589-45.dat	upx
behavioral2/memory/1656-56-0x00007FF6FCDE0000-0x00007FF6FD134000-memory.dmp	upx
behavioral2/files/0x000700000002358d-42.dat	upx
behavioral2/files/0x000700000002358c-40.dat	upx
behavioral2/files/0x000700000002358b-38.dat	upx
behavioral2/memory/3016-33-0x00007FF731BB0000-0x00007FF731F04000-memory.dmp	upx
behavioral2/memory/2964-28-0x00007FF6D3E60000-0x00007FF6D41B4000-memory.dmp	upx
behavioral2/memory/2968-75-0x00007FF63CD30000-0x00007FF63D084000-memory.dmp	upx
behavioral2/files/0x0007000000023592-72.dat	upx
behavioral2/files/0x000700000002358f-65.dat	upx
behavioral2/files/0x0007000000023591-61.dat	upx
behavioral2/files/0x0007000000023587-21.dat	upx
behavioral2/memory/2976-10-0x00007FF755F50000-0x00007FF7562A4000-memory.dmp	upx
behavioral2/memory/4484-79-0x00007FF63CC90000-0x00007FF63CFE4000-memory.dmp	upx
behavioral2/files/0x0007000000023596-101.dat	upx
behavioral2/files/0x000700000002359b-113.dat	upx
behavioral2/files/0x000700000002359a-125.dat	upx
behavioral2/memory/392-144-0x00007FF60A930000-0x00007FF60AC84000-memory.dmp	upx
behavioral2/memory/3724-156-0x00007FF657D90000-0x00007FF6580E4000-memory.dmp	upx
behavioral2/memory/2548-161-0x00007FF6F0D80000-0x00007FF6F10D4000-memory.dmp	upx
behavioral2/memory/2144-163-0x00007FF695BD0000-0x00007FF695F24000-memory.dmp	upx
behavioral2/memory/2112-162-0x00007FF6028B0000-0x00007FF602C04000-memory.dmp	upx
behavioral2/memory/2300-160-0x00007FF6A46E0000-0x00007FF6A4A34000-memory.dmp	upx
behavioral2/memory/3448-159-0x00007FF72E9E0000-0x00007FF72ED34000-memory.dmp	upx
behavioral2/memory/3008-158-0x00007FF609FC0000-0x00007FF60A314000-memory.dmp	upx
behavioral2/memory/4248-157-0x00007FF6C9360000-0x00007FF6C96B4000-memory.dmp	upx
behavioral2/memory/408-155-0x00007FF769A30000-0x00007FF769D84000-memory.dmp	upx
behavioral2/files/0x000700000002359f-153.dat	upx
behavioral2/files/0x000700000002359e-151.dat	upx
behavioral2/files/0x000700000002359d-149.dat	upx
behavioral2/files/0x000700000002359c-147.dat	upx
behavioral2/memory/2880-146-0x00007FF652D60000-0x00007FF6530B4000-memory.dmp	upx
behavioral2/memory/232-145-0x00007FF6BBF70000-0x00007FF6BC2C4000-memory.dmp	upx
behavioral2/memory/3020-143-0x00007FF635A20000-0x00007FF635D74000-memory.dmp	upx
behavioral2/memory/2716-137-0x00007FF654580000-0x00007FF6548D4000-memory.dmp	upx
behavioral2/memory/3728-129-0x00007FF7133B0000-0x00007FF713704000-memory.dmp	upx
behavioral2/files/0x0007000000023595-123.dat	upx
behavioral2/files/0x0007000000023599-121.dat	upx
behavioral2/files/0x0007000000023598-119.dat	upx
behavioral2/memory/4544-114-0x00007FF630370000-0x00007FF6306C4000-memory.dmp	upx
behavioral2/memory/3340-112-0x00007FF632790000-0x00007FF632AE4000-memory.dmp	upx
behavioral2/files/0x0007000000023597-117.dat	upx
behavioral2/memory/732-111-0x00007FF60F9A0000-0x00007FF60FCF4000-memory.dmp	upx
behavioral2/files/0x0007000000023593-108.dat	upx
behavioral2/memory/1332-99-0x00007FF68CD60000-0x00007FF68D0B4000-memory.dmp	upx
behavioral2/memory/784-96-0x00007FF6256A0000-0x00007FF6259F4000-memory.dmp	upx
behavioral2/files/0x0007000000023594-94.dat	upx
behavioral2/files/0x00070000000235a0-166.dat	upx
behavioral2/files/0x0008000000023584-179.dat	upx
behavioral2/memory/1000-181-0x00007FF7CE7D0000-0x00007FF7CEB24000-memory.dmp	upx
behavioral2/files/0x00070000000235a4-193.dat	upx
behavioral2/files/0x00070000000235a3-192.dat	upx
behavioral2/files/0x00070000000235a1-185.dat	upx
behavioral2/memory/1780-184-0x00007FF74FF20000-0x00007FF750274000-memory.dmp	upx
behavioral2/files/0x00070000000235a2-177.dat	upx
behavioral2/memory/5000-1968-0x00007FF7F3720000-0x00007FF7F3A74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hEnGSJx.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\UQiNDuP.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\WzwlPOO.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\GstzXuZ.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\GoUxBmJ.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\fDGTMaY.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\mAhwDrU.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\zwJyHqu.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\wCxxBLR.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\WhWMWzb.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\tNlsaFR.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\dRLydqw.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\hWOlZNX.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\bPsJGlF.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\xBDvZbB.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\PzfrPYT.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\zislhjz.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\shnWoAz.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\huEsTEl.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\MnVWrmA.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\euRNvjC.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\vigwddH.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\OMYaCoK.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\MUiFcJs.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\WiOejTT.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\leVdsGT.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\WrCVqaE.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\DVbTqqp.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\VpRjFcW.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\ROByAUN.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\hQdmuwa.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\mueaPnH.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\XUDZPya.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\sowwmlm.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\OrRTIen.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\VMaFMAr.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\cVYIrQp.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\jItxcBc.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\TglCLdI.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\sSELneU.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\qPoAsKG.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\WftigVU.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\aENZLGp.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\AKgpZOY.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\YevdQRv.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\DbXQCRl.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\JMOJvNp.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\plrcUmi.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\CXsLVTD.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\IJPqURP.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\erIpkou.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\lXoBSkL.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\fgGiDCt.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\jrGZUQx.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\VUogXmt.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\yXqiVZv.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\pTZtuBf.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\QXTklZY.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\MMdezAE.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\LJaSRRF.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\nGmKXFs.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\cCrYUuF.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\dhmPnwv.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
File created	C:\Windows\System\XmTNDwZ.exe	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4512	dwm.exe
Token: SeChangeNotifyPrivilege	4512	dwm.exe
Token: 33	4512	dwm.exe
Token: SeIncBasePriorityPrivilege	4512	dwm.exe
Token: SeShutdownPrivilege	4512	dwm.exe
Token: SeCreatePagefilePrivilege	4512	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 2976	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	83
PID 5000 wrote to memory of 2976	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	83
PID 5000 wrote to memory of 2964	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	84
PID 5000 wrote to memory of 2964	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	84
PID 5000 wrote to memory of 3016	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	85
PID 5000 wrote to memory of 3016	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	85
PID 5000 wrote to memory of 2628	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	86
PID 5000 wrote to memory of 2628	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	86
PID 5000 wrote to memory of 3020	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	87
PID 5000 wrote to memory of 3020	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	87
PID 5000 wrote to memory of 392	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	88
PID 5000 wrote to memory of 392	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	88
PID 5000 wrote to memory of 232	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	89
PID 5000 wrote to memory of 232	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	89
PID 5000 wrote to memory of 1656	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	90
PID 5000 wrote to memory of 1656	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	90
PID 5000 wrote to memory of 2968	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	91
PID 5000 wrote to memory of 2968	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	91
PID 5000 wrote to memory of 4484	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	92
PID 5000 wrote to memory of 4484	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	92
PID 5000 wrote to memory of 784	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	93
PID 5000 wrote to memory of 784	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	93
PID 5000 wrote to memory of 2880	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	94
PID 5000 wrote to memory of 2880	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	94
PID 5000 wrote to memory of 408	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	95
PID 5000 wrote to memory of 408	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	95
PID 5000 wrote to memory of 1332	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	96
PID 5000 wrote to memory of 1332	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	96
PID 5000 wrote to memory of 3724	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	97
PID 5000 wrote to memory of 3724	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	97
PID 5000 wrote to memory of 732	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	98
PID 5000 wrote to memory of 732	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	98
PID 5000 wrote to memory of 4248	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	99
PID 5000 wrote to memory of 4248	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	99
PID 5000 wrote to memory of 3008	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	100
PID 5000 wrote to memory of 3008	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	100
PID 5000 wrote to memory of 3340	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	101
PID 5000 wrote to memory of 3340	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	101
PID 5000 wrote to memory of 4544	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	102
PID 5000 wrote to memory of 4544	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	102
PID 5000 wrote to memory of 3728	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	103
PID 5000 wrote to memory of 3728	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	103
PID 5000 wrote to memory of 2716	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	104
PID 5000 wrote to memory of 2716	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	104
PID 5000 wrote to memory of 3448	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	105
PID 5000 wrote to memory of 3448	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	105
PID 5000 wrote to memory of 2144	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	106
PID 5000 wrote to memory of 2144	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	106
PID 5000 wrote to memory of 2300	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	107
PID 5000 wrote to memory of 2300	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	107
PID 5000 wrote to memory of 2548	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	108
PID 5000 wrote to memory of 2548	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	108
PID 5000 wrote to memory of 2112	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	109
PID 5000 wrote to memory of 2112	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	109
PID 5000 wrote to memory of 1000	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	110
PID 5000 wrote to memory of 1000	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	110
PID 5000 wrote to memory of 1780	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	112
PID 5000 wrote to memory of 1780	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	112
PID 5000 wrote to memory of 4884	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	113
PID 5000 wrote to memory of 4884	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	113
PID 5000 wrote to memory of 3840	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	114
PID 5000 wrote to memory of 3840	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	114
PID 5000 wrote to memory of 1764	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	115
PID 5000 wrote to memory of 1764	5000	60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\60d9f3b8c7c127ed045f97b41cda9960_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Windows\System\izbEPKi.exe
  C:\Windows\System\izbEPKi.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\DgZmNDT.exe
  C:\Windows\System\DgZmNDT.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\LJaSRRF.exe
  C:\Windows\System\LJaSRRF.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\XLoTKqn.exe
  C:\Windows\System\XLoTKqn.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\shnWoAz.exe
  C:\Windows\System\shnWoAz.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\nzeBtvQ.exe
  C:\Windows\System\nzeBtvQ.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\JqTsWhd.exe
  C:\Windows\System\JqTsWhd.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\ROByAUN.exe
  C:\Windows\System\ROByAUN.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\MaRBkng.exe
  C:\Windows\System\MaRBkng.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\RpZZDnm.exe
  C:\Windows\System\RpZZDnm.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\nGmKXFs.exe
  C:\Windows\System\nGmKXFs.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\sJlNaBc.exe
  C:\Windows\System\sJlNaBc.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\FROvgBR.exe
  C:\Windows\System\FROvgBR.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\zElQFvj.exe
  C:\Windows\System\zElQFvj.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\KYLcecW.exe
  C:\Windows\System\KYLcecW.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\uoOYpzI.exe
  C:\Windows\System\uoOYpzI.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\upmZIHs.exe
  C:\Windows\System\upmZIHs.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\EqWaWYJ.exe
  C:\Windows\System\EqWaWYJ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\CdbZRCs.exe
  C:\Windows\System\CdbZRCs.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\nyrtRcf.exe
  C:\Windows\System\nyrtRcf.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\GkXNqHi.exe
  C:\Windows\System\GkXNqHi.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\AKgpZOY.exe
  C:\Windows\System\AKgpZOY.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\bQnZQRT.exe
  C:\Windows\System\bQnZQRT.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\jDBHloa.exe
  C:\Windows\System\jDBHloa.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\SpDQFvH.exe
  C:\Windows\System\SpDQFvH.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\BaOOnMn.exe
  C:\Windows\System\BaOOnMn.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\pGYvEUf.exe
  C:\Windows\System\pGYvEUf.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\pStLsyp.exe
  C:\Windows\System\pStLsyp.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\nxmYbtS.exe
  C:\Windows\System\nxmYbtS.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\GIRnqeT.exe
  C:\Windows\System\GIRnqeT.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\WjVdJKn.exe
  C:\Windows\System\WjVdJKn.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\vpbYBRe.exe
  C:\Windows\System\vpbYBRe.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\tDLSKXR.exe
  C:\Windows\System\tDLSKXR.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\iPefdoR.exe
  C:\Windows\System\iPefdoR.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\VVrOcBI.exe
  C:\Windows\System\VVrOcBI.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\bGUpUkG.exe
  C:\Windows\System\bGUpUkG.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\CUVZzbH.exe
  C:\Windows\System\CUVZzbH.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\dfQxtRC.exe
  C:\Windows\System\dfQxtRC.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\mZYzEaO.exe
  C:\Windows\System\mZYzEaO.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\sWXQyKM.exe
  C:\Windows\System\sWXQyKM.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\RIlNuaO.exe
  C:\Windows\System\RIlNuaO.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\XKddlmQ.exe
  C:\Windows\System\XKddlmQ.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\tNlsaFR.exe
  C:\Windows\System\tNlsaFR.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\CYQRgix.exe
  C:\Windows\System\CYQRgix.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\vbgqdpK.exe
  C:\Windows\System\vbgqdpK.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\zBuRYEP.exe
  C:\Windows\System\zBuRYEP.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\nfdvChA.exe
  C:\Windows\System\nfdvChA.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\eVbCbip.exe
  C:\Windows\System\eVbCbip.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\VBYKBWb.exe
  C:\Windows\System\VBYKBWb.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\uEbqHiB.exe
  C:\Windows\System\uEbqHiB.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\EgawcnJ.exe
  C:\Windows\System\EgawcnJ.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\zyLrLhw.exe
  C:\Windows\System\zyLrLhw.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\zjERaxo.exe
  C:\Windows\System\zjERaxo.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\WzQMgni.exe
  C:\Windows\System\WzQMgni.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\oZbRrXB.exe
  C:\Windows\System\oZbRrXB.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\plrcUmi.exe
  C:\Windows\System\plrcUmi.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\FIwAMtY.exe
  C:\Windows\System\FIwAMtY.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\hmdOikN.exe
  C:\Windows\System\hmdOikN.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\YMqtUFN.exe
  C:\Windows\System\YMqtUFN.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\daaPArh.exe
  C:\Windows\System\daaPArh.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\bvtFWaw.exe
  C:\Windows\System\bvtFWaw.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\uEmelQg.exe
  C:\Windows\System\uEmelQg.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\ffOoJRZ.exe
  C:\Windows\System\ffOoJRZ.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\dRLydqw.exe
  C:\Windows\System\dRLydqw.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\EMCnzKy.exe
  C:\Windows\System\EMCnzKy.exe
  2⤵
  PID:4876
- C:\Windows\System\EBJrWHb.exe
  C:\Windows\System\EBJrWHb.exe
  2⤵
  PID:4056
- C:\Windows\System\KaKVhOb.exe
  C:\Windows\System\KaKVhOb.exe
  2⤵
  PID:1132
- C:\Windows\System\TLbxWRT.exe
  C:\Windows\System\TLbxWRT.exe
  2⤵
  PID:2308
- C:\Windows\System\IInmGgP.exe
  C:\Windows\System\IInmGgP.exe
  2⤵
  PID:3984
- C:\Windows\System\Amcptlm.exe
  C:\Windows\System\Amcptlm.exe
  2⤵
  PID:3820
- C:\Windows\System\GgSfZFI.exe
  C:\Windows\System\GgSfZFI.exe
  2⤵
  PID:4112
- C:\Windows\System\EnIgTPc.exe
  C:\Windows\System\EnIgTPc.exe
  2⤵
  PID:2956
- C:\Windows\System\vVZywUX.exe
  C:\Windows\System\vVZywUX.exe
  2⤵
  PID:3680
- C:\Windows\System\ZKoxGZn.exe
  C:\Windows\System\ZKoxGZn.exe
  2⤵
  PID:5032
- C:\Windows\System\NFdRiGC.exe
  C:\Windows\System\NFdRiGC.exe
  2⤵
  PID:2812
- C:\Windows\System\PYpsBdr.exe
  C:\Windows\System\PYpsBdr.exe
  2⤵
  PID:2856
- C:\Windows\System\PoIgAIf.exe
  C:\Windows\System\PoIgAIf.exe
  2⤵
  PID:3312
- C:\Windows\System\scseAQO.exe
  C:\Windows\System\scseAQO.exe
  2⤵
  PID:3076
- C:\Windows\System\SiFDDSN.exe
  C:\Windows\System\SiFDDSN.exe
  2⤵
  PID:1768
- C:\Windows\System\mdmgXgA.exe
  C:\Windows\System\mdmgXgA.exe
  2⤵
  PID:2140
- C:\Windows\System\mpwwECO.exe
  C:\Windows\System\mpwwECO.exe
  2⤵
  PID:4320
- C:\Windows\System\AGkkFYG.exe
  C:\Windows\System\AGkkFYG.exe
  2⤵
  PID:4780
- C:\Windows\System\rIMmPAN.exe
  C:\Windows\System\rIMmPAN.exe
  2⤵
  PID:2356
- C:\Windows\System\qKYRbnQ.exe
  C:\Windows\System\qKYRbnQ.exe
  2⤵
  PID:1320
- C:\Windows\System\RtFReyS.exe
  C:\Windows\System\RtFReyS.exe
  2⤵
  PID:3668
- C:\Windows\System\KQqkNTM.exe
  C:\Windows\System\KQqkNTM.exe
  2⤵
  PID:3564
- C:\Windows\System\DNPRlRh.exe
  C:\Windows\System\DNPRlRh.exe
  2⤵
  PID:3652
- C:\Windows\System\POWhaWe.exe
  C:\Windows\System\POWhaWe.exe
  2⤵
  PID:3768
- C:\Windows\System\IrMeqsZ.exe
  C:\Windows\System\IrMeqsZ.exe
  2⤵
  PID:464
- C:\Windows\System\fohYaja.exe
  C:\Windows\System\fohYaja.exe
  2⤵
  PID:5012
- C:\Windows\System\cyqvfFf.exe
  C:\Windows\System\cyqvfFf.exe
  2⤵
  PID:1580
- C:\Windows\System\vFTngTX.exe
  C:\Windows\System\vFTngTX.exe
  2⤵
  PID:432
- C:\Windows\System\lQDFNwx.exe
  C:\Windows\System\lQDFNwx.exe
  2⤵
  PID:552
- C:\Windows\System\eIBaaUt.exe
  C:\Windows\System\eIBaaUt.exe
  2⤵
  PID:676
- C:\Windows\System\gErhzPZ.exe
  C:\Windows\System\gErhzPZ.exe
  2⤵
  PID:3128
- C:\Windows\System\yLMPesK.exe
  C:\Windows\System\yLMPesK.exe
  2⤵
  PID:1640
- C:\Windows\System\YXYiQYN.exe
  C:\Windows\System\YXYiQYN.exe
  2⤵
  PID:4960
- C:\Windows\System\RVSXlph.exe
  C:\Windows\System\RVSXlph.exe
  2⤵
  PID:4996
- C:\Windows\System\raKEoHO.exe
  C:\Windows\System\raKEoHO.exe
  2⤵
  PID:4400
- C:\Windows\System\DtmBfrl.exe
  C:\Windows\System\DtmBfrl.exe
  2⤵
  PID:632
- C:\Windows\System\rxGyzPV.exe
  C:\Windows\System\rxGyzPV.exe
  2⤵
  PID:1664
- C:\Windows\System\gGYfvHD.exe
  C:\Windows\System\gGYfvHD.exe
  2⤵
  PID:4496
- C:\Windows\System\jAiuFAe.exe
  C:\Windows\System\jAiuFAe.exe
  2⤵
  PID:1456
- C:\Windows\System\WzwlPOO.exe
  C:\Windows\System\WzwlPOO.exe
  2⤵
  PID:2084
- C:\Windows\System\nxVDmxX.exe
  C:\Windows\System\nxVDmxX.exe
  2⤵
  PID:5148
- C:\Windows\System\LOZpCYK.exe
  C:\Windows\System\LOZpCYK.exe
  2⤵
  PID:5176
- C:\Windows\System\QnxsPhx.exe
  C:\Windows\System\QnxsPhx.exe
  2⤵
  PID:5204
- C:\Windows\System\ctVksVF.exe
  C:\Windows\System\ctVksVF.exe
  2⤵
  PID:5228
- C:\Windows\System\knRhAud.exe
  C:\Windows\System\knRhAud.exe
  2⤵
  PID:5264
- C:\Windows\System\fvVnTzA.exe
  C:\Windows\System\fvVnTzA.exe
  2⤵
  PID:5284
- C:\Windows\System\ltqECne.exe
  C:\Windows\System\ltqECne.exe
  2⤵
  PID:5308
- C:\Windows\System\fbjnrGI.exe
  C:\Windows\System\fbjnrGI.exe
  2⤵
  PID:5340
- C:\Windows\System\GstzXuZ.exe
  C:\Windows\System\GstzXuZ.exe
  2⤵
  PID:5364
- C:\Windows\System\tslzqKS.exe
  C:\Windows\System\tslzqKS.exe
  2⤵
  PID:5396
- C:\Windows\System\QrZAZHP.exe
  C:\Windows\System\QrZAZHP.exe
  2⤵
  PID:5424
- C:\Windows\System\LmXtQFT.exe
  C:\Windows\System\LmXtQFT.exe
  2⤵
  PID:5452
- C:\Windows\System\POTaYry.exe
  C:\Windows\System\POTaYry.exe
  2⤵
  PID:5492
- C:\Windows\System\qsgSzEV.exe
  C:\Windows\System\qsgSzEV.exe
  2⤵
  PID:5520
- C:\Windows\System\MUiFcJs.exe
  C:\Windows\System\MUiFcJs.exe
  2⤵
  PID:5548
- C:\Windows\System\bxrJxyq.exe
  C:\Windows\System\bxrJxyq.exe
  2⤵
  PID:5576
- C:\Windows\System\uraDFMP.exe
  C:\Windows\System\uraDFMP.exe
  2⤵
  PID:5604
- C:\Windows\System\LeRkzzR.exe
  C:\Windows\System\LeRkzzR.exe
  2⤵
  PID:5660
- C:\Windows\System\JOZepif.exe
  C:\Windows\System\JOZepif.exe
  2⤵
  PID:5680
- C:\Windows\System\nKMLBiY.exe
  C:\Windows\System\nKMLBiY.exe
  2⤵
  PID:5712
- C:\Windows\System\hOxNsaU.exe
  C:\Windows\System\hOxNsaU.exe
  2⤵
  PID:5740
- C:\Windows\System\ZJigmMs.exe
  C:\Windows\System\ZJigmMs.exe
  2⤵
  PID:5772
- C:\Windows\System\CTfZRim.exe
  C:\Windows\System\CTfZRim.exe
  2⤵
  PID:5800
- C:\Windows\System\SStbEFv.exe
  C:\Windows\System\SStbEFv.exe
  2⤵
  PID:5828
- C:\Windows\System\xjopbbo.exe
  C:\Windows\System\xjopbbo.exe
  2⤵
  PID:5856
- C:\Windows\System\ZzTiWGE.exe
  C:\Windows\System\ZzTiWGE.exe
  2⤵
  PID:5888
- C:\Windows\System\GoUxBmJ.exe
  C:\Windows\System\GoUxBmJ.exe
  2⤵
  PID:5916
- C:\Windows\System\xVbvbQd.exe
  C:\Windows\System\xVbvbQd.exe
  2⤵
  PID:5952
- C:\Windows\System\hjGBADb.exe
  C:\Windows\System\hjGBADb.exe
  2⤵
  PID:5980
- C:\Windows\System\ssuMVzh.exe
  C:\Windows\System\ssuMVzh.exe
  2⤵
  PID:6008
- C:\Windows\System\rVZaSJU.exe
  C:\Windows\System\rVZaSJU.exe
  2⤵
  PID:6036
- C:\Windows\System\JgZPcxL.exe
  C:\Windows\System\JgZPcxL.exe
  2⤵
  PID:6064
- C:\Windows\System\RHRQgZw.exe
  C:\Windows\System\RHRQgZw.exe
  2⤵
  PID:6092
- C:\Windows\System\OoZCVSf.exe
  C:\Windows\System\OoZCVSf.exe
  2⤵
  PID:6132
- C:\Windows\System\dxtSQJw.exe
  C:\Windows\System\dxtSQJw.exe
  2⤵
  PID:5140
- C:\Windows\System\yKSipmP.exe
  C:\Windows\System\yKSipmP.exe
  2⤵
  PID:5192
- C:\Windows\System\fEAlzSG.exe
  C:\Windows\System\fEAlzSG.exe
  2⤵
  PID:5272
- C:\Windows\System\fDGTMaY.exe
  C:\Windows\System\fDGTMaY.exe
  2⤵
  PID:5300
- C:\Windows\System\uzznGcf.exe
  C:\Windows\System\uzznGcf.exe
  2⤵
  PID:5408
- C:\Windows\System\oFzKxwB.exe
  C:\Windows\System\oFzKxwB.exe
  2⤵
  PID:5440
- C:\Windows\System\pvjjEmv.exe
  C:\Windows\System\pvjjEmv.exe
  2⤵
  PID:5508
- C:\Windows\System\iDNbnyj.exe
  C:\Windows\System\iDNbnyj.exe
  2⤵
  PID:5588
- C:\Windows\System\efiojBW.exe
  C:\Windows\System\efiojBW.exe
  2⤵
  PID:5676
- C:\Windows\System\UtqSmMC.exe
  C:\Windows\System\UtqSmMC.exe
  2⤵
  PID:5724
- C:\Windows\System\WKhPdDe.exe
  C:\Windows\System\WKhPdDe.exe
  2⤵
  PID:5824
- C:\Windows\System\sowwmlm.exe
  C:\Windows\System\sowwmlm.exe
  2⤵
  PID:5900
- C:\Windows\System\uhCBwpx.exe
  C:\Windows\System\uhCBwpx.exe
  2⤵
  PID:5972
- C:\Windows\System\DaehCYm.exe
  C:\Windows\System\DaehCYm.exe
  2⤵
  PID:5940
- C:\Windows\System\IUlhPpe.exe
  C:\Windows\System\IUlhPpe.exe
  2⤵
  PID:6060
- C:\Windows\System\VuevBAY.exe
  C:\Windows\System\VuevBAY.exe
  2⤵
  PID:6140
- C:\Windows\System\hWOlZNX.exe
  C:\Windows\System\hWOlZNX.exe
  2⤵
  PID:5324
- C:\Windows\System\cvteOon.exe
  C:\Windows\System\cvteOon.exe
  2⤵
  PID:5512
- C:\Windows\System\RXyzfGh.exe
  C:\Windows\System\RXyzfGh.exe
  2⤵
  PID:5628
- C:\Windows\System\cupszqT.exe
  C:\Windows\System\cupszqT.exe
  2⤵
  PID:5796
- C:\Windows\System\BTFgSgN.exe
  C:\Windows\System\BTFgSgN.exe
  2⤵
  PID:5964
- C:\Windows\System\DmatizT.exe
  C:\Windows\System\DmatizT.exe
  2⤵
  PID:5132
- C:\Windows\System\DhAnTBe.exe
  C:\Windows\System\DhAnTBe.exe
  2⤵
  PID:5476
- C:\Windows\System\AfDkMBe.exe
  C:\Windows\System\AfDkMBe.exe
  2⤵
  PID:6052
- C:\Windows\System\dxsTfPR.exe
  C:\Windows\System\dxsTfPR.exe
  2⤵
  PID:6020
- C:\Windows\System\HTvNKea.exe
  C:\Windows\System\HTvNKea.exe
  2⤵
  PID:6148
- C:\Windows\System\pHCipdz.exe
  C:\Windows\System\pHCipdz.exe
  2⤵
  PID:6176
- C:\Windows\System\xPIgzmB.exe
  C:\Windows\System\xPIgzmB.exe
  2⤵
  PID:6204
- C:\Windows\System\nyNwyij.exe
  C:\Windows\System\nyNwyij.exe
  2⤵
  PID:6236
- C:\Windows\System\pcknAVh.exe
  C:\Windows\System\pcknAVh.exe
  2⤵
  PID:6256
- C:\Windows\System\QPaUnsB.exe
  C:\Windows\System\QPaUnsB.exe
  2⤵
  PID:6292
- C:\Windows\System\huEsTEl.exe
  C:\Windows\System\huEsTEl.exe
  2⤵
  PID:6320
- C:\Windows\System\MVCCbYJ.exe
  C:\Windows\System\MVCCbYJ.exe
  2⤵
  PID:6348
- C:\Windows\System\eheGhMr.exe
  C:\Windows\System\eheGhMr.exe
  2⤵
  PID:6364
- C:\Windows\System\Wncafhb.exe
  C:\Windows\System\Wncafhb.exe
  2⤵
  PID:6380
- C:\Windows\System\yTckIgW.exe
  C:\Windows\System\yTckIgW.exe
  2⤵
  PID:6408
- C:\Windows\System\uZGqDiP.exe
  C:\Windows\System\uZGqDiP.exe
  2⤵
  PID:6448
- C:\Windows\System\FnxKGNe.exe
  C:\Windows\System\FnxKGNe.exe
  2⤵
  PID:6484
- C:\Windows\System\DJCEHip.exe
  C:\Windows\System\DJCEHip.exe
  2⤵
  PID:6520
- C:\Windows\System\VRVIEaz.exe
  C:\Windows\System\VRVIEaz.exe
  2⤵
  PID:6556
- C:\Windows\System\VXbCVZE.exe
  C:\Windows\System\VXbCVZE.exe
  2⤵
  PID:6588
- C:\Windows\System\rJHbeaF.exe
  C:\Windows\System\rJHbeaF.exe
  2⤵
  PID:6616
- C:\Windows\System\gqBxkIo.exe
  C:\Windows\System\gqBxkIo.exe
  2⤵
  PID:6640
- C:\Windows\System\NAkHHSe.exe
  C:\Windows\System\NAkHHSe.exe
  2⤵
  PID:6660
- C:\Windows\System\jmmUPoZ.exe
  C:\Windows\System\jmmUPoZ.exe
  2⤵
  PID:6688
- C:\Windows\System\qpeYRIe.exe
  C:\Windows\System\qpeYRIe.exe
  2⤵
  PID:6716
- C:\Windows\System\iiPRIgR.exe
  C:\Windows\System\iiPRIgR.exe
  2⤵
  PID:6736
- C:\Windows\System\arvUHcy.exe
  C:\Windows\System\arvUHcy.exe
  2⤵
  PID:6764
- C:\Windows\System\CNqdAhl.exe
  C:\Windows\System\CNqdAhl.exe
  2⤵
  PID:6804
- C:\Windows\System\cuSWnFh.exe
  C:\Windows\System\cuSWnFh.exe
  2⤵
  PID:6828
- C:\Windows\System\rpSqpNQ.exe
  C:\Windows\System\rpSqpNQ.exe
  2⤵
  PID:6856
- C:\Windows\System\nhuGDkq.exe
  C:\Windows\System\nhuGDkq.exe
  2⤵
  PID:6896
- C:\Windows\System\paTCXIV.exe
  C:\Windows\System\paTCXIV.exe
  2⤵
  PID:6920
- C:\Windows\System\PLJFJWB.exe
  C:\Windows\System\PLJFJWB.exe
  2⤵
  PID:6940
- C:\Windows\System\hJDDlxZ.exe
  C:\Windows\System\hJDDlxZ.exe
  2⤵
  PID:6972
- C:\Windows\System\vVIWwPA.exe
  C:\Windows\System\vVIWwPA.exe
  2⤵
  PID:7000
- C:\Windows\System\zfwTggs.exe
  C:\Windows\System\zfwTggs.exe
  2⤵
  PID:7028
- C:\Windows\System\aTPltLd.exe
  C:\Windows\System\aTPltLd.exe
  2⤵
  PID:7064
- C:\Windows\System\zXXFwAL.exe
  C:\Windows\System\zXXFwAL.exe
  2⤵
  PID:7088
- C:\Windows\System\zEgvQDn.exe
  C:\Windows\System\zEgvQDn.exe
  2⤵
  PID:7116
- C:\Windows\System\bEjEcRT.exe
  C:\Windows\System\bEjEcRT.exe
  2⤵
  PID:7144
- C:\Windows\System\SRLoUdS.exe
  C:\Windows\System\SRLoUdS.exe
  2⤵
  PID:5244
- C:\Windows\System\evyheuk.exe
  C:\Windows\System\evyheuk.exe
  2⤵
  PID:6228
- C:\Windows\System\MnVWrmA.exe
  C:\Windows\System\MnVWrmA.exe
  2⤵
  PID:6272
- C:\Windows\System\iOoEWre.exe
  C:\Windows\System\iOoEWre.exe
  2⤵
  PID:6356
- C:\Windows\System\DXEEnES.exe
  C:\Windows\System\DXEEnES.exe
  2⤵
  PID:6440
- C:\Windows\System\nNSNpLR.exe
  C:\Windows\System\nNSNpLR.exe
  2⤵
  PID:6512
- C:\Windows\System\KZRsQhL.exe
  C:\Windows\System\KZRsQhL.exe
  2⤵
  PID:6572
- C:\Windows\System\AOaNejS.exe
  C:\Windows\System\AOaNejS.exe
  2⤵
  PID:6648
- C:\Windows\System\fPiyWql.exe
  C:\Windows\System\fPiyWql.exe
  2⤵
  PID:6700
- C:\Windows\System\PPyRuja.exe
  C:\Windows\System\PPyRuja.exe
  2⤵
  PID:6748
- C:\Windows\System\JkojheJ.exe
  C:\Windows\System\JkojheJ.exe
  2⤵
  PID:6784
- C:\Windows\System\tLbNPFk.exe
  C:\Windows\System\tLbNPFk.exe
  2⤵
  PID:6880
- C:\Windows\System\lXoBSkL.exe
  C:\Windows\System\lXoBSkL.exe
  2⤵
  PID:6960
- C:\Windows\System\rgrLXUW.exe
  C:\Windows\System\rgrLXUW.exe
  2⤵
  PID:7008
- C:\Windows\System\tAyzIoC.exe
  C:\Windows\System\tAyzIoC.exe
  2⤵
  PID:7080
- C:\Windows\System\ZoWkziD.exe
  C:\Windows\System\ZoWkziD.exe
  2⤵
  PID:7132
- C:\Windows\System\NHbuZXu.exe
  C:\Windows\System\NHbuZXu.exe
  2⤵
  PID:6244
- C:\Windows\System\IEzDqTp.exe
  C:\Windows\System\IEzDqTp.exe
  2⤵
  PID:6312
- C:\Windows\System\ZBFzLFr.exe
  C:\Windows\System\ZBFzLFr.exe
  2⤵
  PID:6492
- C:\Windows\System\vvcNuAz.exe
  C:\Windows\System\vvcNuAz.exe
  2⤵
  PID:6680
- C:\Windows\System\BvrpIpS.exe
  C:\Windows\System\BvrpIpS.exe
  2⤵
  PID:6800
- C:\Windows\System\avrHfGN.exe
  C:\Windows\System\avrHfGN.exe
  2⤵
  PID:6840
- C:\Windows\System\hQdmuwa.exe
  C:\Windows\System\hQdmuwa.exe
  2⤵
  PID:6996
- C:\Windows\System\xBsrKuf.exe
  C:\Windows\System\xBsrKuf.exe
  2⤵
  PID:6184
- C:\Windows\System\dRPMtIf.exe
  C:\Windows\System\dRPMtIf.exe
  2⤵
  PID:6600
- C:\Windows\System\omxvHLF.exe
  C:\Windows\System\omxvHLF.exe
  2⤵
  PID:6984
- C:\Windows\System\pqqPaHS.exe
  C:\Windows\System\pqqPaHS.exe
  2⤵
  PID:6376
- C:\Windows\System\FATfCrP.exe
  C:\Windows\System\FATfCrP.exe
  2⤵
  PID:7188
- C:\Windows\System\qwVNmXW.exe
  C:\Windows\System\qwVNmXW.exe
  2⤵
  PID:7220
- C:\Windows\System\LRgHbKB.exe
  C:\Windows\System\LRgHbKB.exe
  2⤵
  PID:7236
- C:\Windows\System\STgNbiS.exe
  C:\Windows\System\STgNbiS.exe
  2⤵
  PID:7276
- C:\Windows\System\aGceZFn.exe
  C:\Windows\System\aGceZFn.exe
  2⤵
  PID:7300
- C:\Windows\System\kWeHMKk.exe
  C:\Windows\System\kWeHMKk.exe
  2⤵
  PID:7336
- C:\Windows\System\FBWxhQx.exe
  C:\Windows\System\FBWxhQx.exe
  2⤵
  PID:7364
- C:\Windows\System\oDkYKzj.exe
  C:\Windows\System\oDkYKzj.exe
  2⤵
  PID:7396
- C:\Windows\System\tESlyFV.exe
  C:\Windows\System\tESlyFV.exe
  2⤵
  PID:7428
- C:\Windows\System\wjfUbwn.exe
  C:\Windows\System\wjfUbwn.exe
  2⤵
  PID:7448
- C:\Windows\System\dlWQAHe.exe
  C:\Windows\System\dlWQAHe.exe
  2⤵
  PID:7468
- C:\Windows\System\IifEFdb.exe
  C:\Windows\System\IifEFdb.exe
  2⤵
  PID:7504
- C:\Windows\System\lfDCWlN.exe
  C:\Windows\System\lfDCWlN.exe
  2⤵
  PID:7536
- C:\Windows\System\AKqGVrd.exe
  C:\Windows\System\AKqGVrd.exe
  2⤵
  PID:7560
- C:\Windows\System\SxDIDjX.exe
  C:\Windows\System\SxDIDjX.exe
  2⤵
  PID:7588
- C:\Windows\System\eDXgtoY.exe
  C:\Windows\System\eDXgtoY.exe
  2⤵
  PID:7624
- C:\Windows\System\DffdYWp.exe
  C:\Windows\System\DffdYWp.exe
  2⤵
  PID:7648
- C:\Windows\System\qWTdkDJ.exe
  C:\Windows\System\qWTdkDJ.exe
  2⤵
  PID:7672
- C:\Windows\System\mqwlILu.exe
  C:\Windows\System\mqwlILu.exe
  2⤵
  PID:7692
- C:\Windows\System\vXZIndF.exe
  C:\Windows\System\vXZIndF.exe
  2⤵
  PID:7728
- C:\Windows\System\tmafTXQ.exe
  C:\Windows\System\tmafTXQ.exe
  2⤵
  PID:7764
- C:\Windows\System\WjaMjdW.exe
  C:\Windows\System\WjaMjdW.exe
  2⤵
  PID:7788
- C:\Windows\System\JjJGzId.exe
  C:\Windows\System\JjJGzId.exe
  2⤵
  PID:7812
- C:\Windows\System\SEDtrTn.exe
  C:\Windows\System\SEDtrTn.exe
  2⤵
  PID:7840
- C:\Windows\System\MotljLX.exe
  C:\Windows\System\MotljLX.exe
  2⤵
  PID:7872
- C:\Windows\System\bPsJGlF.exe
  C:\Windows\System\bPsJGlF.exe
  2⤵
  PID:7900
- C:\Windows\System\edelinI.exe
  C:\Windows\System\edelinI.exe
  2⤵
  PID:7924
- C:\Windows\System\YnmEWGq.exe
  C:\Windows\System\YnmEWGq.exe
  2⤵
  PID:7952
- C:\Windows\System\CXsLVTD.exe
  C:\Windows\System\CXsLVTD.exe
  2⤵
  PID:7988
- C:\Windows\System\OVDhlbY.exe
  C:\Windows\System\OVDhlbY.exe
  2⤵
  PID:8020
- C:\Windows\System\MluxUbb.exe
  C:\Windows\System\MluxUbb.exe
  2⤵
  PID:8048
- C:\Windows\System\DUeYSWo.exe
  C:\Windows\System\DUeYSWo.exe
  2⤵
  PID:8076
- C:\Windows\System\CXnbGsC.exe
  C:\Windows\System\CXnbGsC.exe
  2⤵
  PID:8104
- C:\Windows\System\DfvnUUU.exe
  C:\Windows\System\DfvnUUU.exe
  2⤵
  PID:8132
- C:\Windows\System\awCnDUz.exe
  C:\Windows\System\awCnDUz.exe
  2⤵
  PID:8160
- C:\Windows\System\tzfWPjP.exe
  C:\Windows\System\tzfWPjP.exe
  2⤵
  PID:8188
- C:\Windows\System\WiOejTT.exe
  C:\Windows\System\WiOejTT.exe
  2⤵
  PID:7228
- C:\Windows\System\EXYzQUR.exe
  C:\Windows\System\EXYzQUR.exe
  2⤵
  PID:7324
- C:\Windows\System\WxbhVhF.exe
  C:\Windows\System\WxbhVhF.exe
  2⤵
  PID:7352
- C:\Windows\System\YuGycIo.exe
  C:\Windows\System\YuGycIo.exe
  2⤵
  PID:7440
- C:\Windows\System\fLtQqgk.exe
  C:\Windows\System\fLtQqgk.exe
  2⤵
  PID:7496
- C:\Windows\System\kHVWZev.exe
  C:\Windows\System\kHVWZev.exe
  2⤵
  PID:7544
- C:\Windows\System\JqPCeOI.exe
  C:\Windows\System\JqPCeOI.exe
  2⤵
  PID:7608
- C:\Windows\System\cVYIrQp.exe
  C:\Windows\System\cVYIrQp.exe
  2⤵
  PID:7716
- C:\Windows\System\mAhwDrU.exe
  C:\Windows\System\mAhwDrU.exe
  2⤵
  PID:7772
- C:\Windows\System\vBEjPfK.exe
  C:\Windows\System\vBEjPfK.exe
  2⤵
  PID:7832
- C:\Windows\System\oGIDKon.exe
  C:\Windows\System\oGIDKon.exe
  2⤵
  PID:7912
- C:\Windows\System\MuFiKiu.exe
  C:\Windows\System\MuFiKiu.exe
  2⤵
  PID:7976
- C:\Windows\System\mkOLNwZ.exe
  C:\Windows\System\mkOLNwZ.exe
  2⤵
  PID:8032
- C:\Windows\System\lsmxMeW.exe
  C:\Windows\System\lsmxMeW.exe
  2⤵
  PID:8068
- C:\Windows\System\qPoAsKG.exe
  C:\Windows\System\qPoAsKG.exe
  2⤵
  PID:8148
- C:\Windows\System\ZFgWUXo.exe
  C:\Windows\System\ZFgWUXo.exe
  2⤵
  PID:6336
- C:\Windows\System\mueaPnH.exe
  C:\Windows\System\mueaPnH.exe
  2⤵
  PID:7464
- C:\Windows\System\XUDZPya.exe
  C:\Windows\System\XUDZPya.exe
  2⤵
  PID:7632
- C:\Windows\System\WiVAKGO.exe
  C:\Windows\System\WiVAKGO.exe
  2⤵
  PID:7708
- C:\Windows\System\BICOowt.exe
  C:\Windows\System\BICOowt.exe
  2⤵
  PID:7936
- C:\Windows\System\CgxuDKc.exe
  C:\Windows\System\CgxuDKc.exe
  2⤵
  PID:8092
- C:\Windows\System\oKFQYMW.exe
  C:\Windows\System\oKFQYMW.exe
  2⤵
  PID:6564
- C:\Windows\System\wYuUHNV.exe
  C:\Windows\System\wYuUHNV.exe
  2⤵
  PID:7576
- C:\Windows\System\SUpbpQb.exe
  C:\Windows\System\SUpbpQb.exe
  2⤵
  PID:7860
- C:\Windows\System\YevdQRv.exe
  C:\Windows\System\YevdQRv.exe
  2⤵
  PID:7532
- C:\Windows\System\EqiEnnA.exe
  C:\Windows\System\EqiEnnA.exe
  2⤵
  PID:8124
- C:\Windows\System\FqOXgVj.exe
  C:\Windows\System\FqOXgVj.exe
  2⤵
  PID:8204
- C:\Windows\System\HpAoQki.exe
  C:\Windows\System\HpAoQki.exe
  2⤵
  PID:8232
- C:\Windows\System\OYUSfNy.exe
  C:\Windows\System\OYUSfNy.exe
  2⤵
  PID:8276
- C:\Windows\System\YfQQsHj.exe
  C:\Windows\System\YfQQsHj.exe
  2⤵
  PID:8300
- C:\Windows\System\DMIBkRj.exe
  C:\Windows\System\DMIBkRj.exe
  2⤵
  PID:8320
- C:\Windows\System\ZtIOFCF.exe
  C:\Windows\System\ZtIOFCF.exe
  2⤵
  PID:8344
- C:\Windows\System\RmbAYJc.exe
  C:\Windows\System\RmbAYJc.exe
  2⤵
  PID:8380
- C:\Windows\System\ltWQjuT.exe
  C:\Windows\System\ltWQjuT.exe
  2⤵
  PID:8404
- C:\Windows\System\swDVolU.exe
  C:\Windows\System\swDVolU.exe
  2⤵
  PID:8428
- C:\Windows\System\chjRZVG.exe
  C:\Windows\System\chjRZVG.exe
  2⤵
  PID:8468
- C:\Windows\System\YkAOgNi.exe
  C:\Windows\System\YkAOgNi.exe
  2⤵
  PID:8496
- C:\Windows\System\gbpRSVZ.exe
  C:\Windows\System\gbpRSVZ.exe
  2⤵
  PID:8524
- C:\Windows\System\dadQlAZ.exe
  C:\Windows\System\dadQlAZ.exe
  2⤵
  PID:8552
- C:\Windows\System\VvGJQmG.exe
  C:\Windows\System\VvGJQmG.exe
  2⤵
  PID:8568
- C:\Windows\System\ZYLjdxS.exe
  C:\Windows\System\ZYLjdxS.exe
  2⤵
  PID:8608
- C:\Windows\System\ZLcoPTM.exe
  C:\Windows\System\ZLcoPTM.exe
  2⤵
  PID:8636
- C:\Windows\System\RjXjxtb.exe
  C:\Windows\System\RjXjxtb.exe
  2⤵
  PID:8660
- C:\Windows\System\cGjJaca.exe
  C:\Windows\System\cGjJaca.exe
  2⤵
  PID:8680
- C:\Windows\System\mIRSquH.exe
  C:\Windows\System\mIRSquH.exe
  2⤵
  PID:8708
- C:\Windows\System\IJPqURP.exe
  C:\Windows\System\IJPqURP.exe
  2⤵
  PID:8736
- C:\Windows\System\RbuLzRg.exe
  C:\Windows\System\RbuLzRg.exe
  2⤵
  PID:8772
- C:\Windows\System\NoFgVJz.exe
  C:\Windows\System\NoFgVJz.exe
  2⤵
  PID:8804
- C:\Windows\System\uZWyMrV.exe
  C:\Windows\System\uZWyMrV.exe
  2⤵
  PID:8832
- C:\Windows\System\MYJqNZG.exe
  C:\Windows\System\MYJqNZG.exe
  2⤵
  PID:8860
- C:\Windows\System\XauYMJX.exe
  C:\Windows\System\XauYMJX.exe
  2⤵
  PID:8888
- C:\Windows\System\bmJghSH.exe
  C:\Windows\System\bmJghSH.exe
  2⤵
  PID:8908
- C:\Windows\System\ArvMpMV.exe
  C:\Windows\System\ArvMpMV.exe
  2⤵
  PID:8944
- C:\Windows\System\DMOnmia.exe
  C:\Windows\System\DMOnmia.exe
  2⤵
  PID:8972
- C:\Windows\System\zKERlTo.exe
  C:\Windows\System\zKERlTo.exe
  2⤵
  PID:9000
- C:\Windows\System\UwShaHk.exe
  C:\Windows\System\UwShaHk.exe
  2⤵
  PID:9036
- C:\Windows\System\PTgzZmm.exe
  C:\Windows\System\PTgzZmm.exe
  2⤵
  PID:9068
- C:\Windows\System\JfPyhmb.exe
  C:\Windows\System\JfPyhmb.exe
  2⤵
  PID:9092
- C:\Windows\System\PFVDsFA.exe
  C:\Windows\System\PFVDsFA.exe
  2⤵
  PID:9120
- C:\Windows\System\jcTrrBR.exe
  C:\Windows\System\jcTrrBR.exe
  2⤵
  PID:9148
- C:\Windows\System\dnnofMh.exe
  C:\Windows\System\dnnofMh.exe
  2⤵
  PID:9176
- C:\Windows\System\eVvEQJE.exe
  C:\Windows\System\eVvEQJE.exe
  2⤵
  PID:9204
- C:\Windows\System\nxbuijL.exe
  C:\Windows\System\nxbuijL.exe
  2⤵
  PID:8244
- C:\Windows\System\ydltDbB.exe
  C:\Windows\System\ydltDbB.exe
  2⤵
  PID:8292
- C:\Windows\System\MCpDLkO.exe
  C:\Windows\System\MCpDLkO.exe
  2⤵
  PID:8356
- C:\Windows\System\QCrPrlE.exe
  C:\Windows\System\QCrPrlE.exe
  2⤵
  PID:8420
- C:\Windows\System\hqvdkIp.exe
  C:\Windows\System\hqvdkIp.exe
  2⤵
  PID:8480
- C:\Windows\System\UOKJMlN.exe
  C:\Windows\System\UOKJMlN.exe
  2⤵
  PID:8508
- C:\Windows\System\CFsuGEO.exe
  C:\Windows\System\CFsuGEO.exe
  2⤵
  PID:8564
- C:\Windows\System\YhmThNC.exe
  C:\Windows\System\YhmThNC.exe
  2⤵
  PID:8656
- C:\Windows\System\IsRNOwD.exe
  C:\Windows\System\IsRNOwD.exe
  2⤵
  PID:8748
- C:\Windows\System\RcfRucx.exe
  C:\Windows\System\RcfRucx.exe
  2⤵
  PID:8816
- C:\Windows\System\ulDGRLE.exe
  C:\Windows\System\ulDGRLE.exe
  2⤵
  PID:8848
- C:\Windows\System\ALTlqrr.exe
  C:\Windows\System\ALTlqrr.exe
  2⤵
  PID:8896
- C:\Windows\System\IAnUiyq.exe
  C:\Windows\System\IAnUiyq.exe
  2⤵
  PID:8956
- C:\Windows\System\hdMqVgw.exe
  C:\Windows\System\hdMqVgw.exe
  2⤵
  PID:9012
- C:\Windows\System\ktTGrQf.exe
  C:\Windows\System\ktTGrQf.exe
  2⤵
  PID:9060
- C:\Windows\System\RPssmMX.exe
  C:\Windows\System\RPssmMX.exe
  2⤵
  PID:9160
- C:\Windows\System\ZKSKIMf.exe
  C:\Windows\System\ZKSKIMf.exe
  2⤵
  PID:8284
- C:\Windows\System\cCrYUuF.exe
  C:\Windows\System\cCrYUuF.exe
  2⤵
  PID:8336
- C:\Windows\System\Liqpltt.exe
  C:\Windows\System\Liqpltt.exe
  2⤵
  PID:8560
- C:\Windows\System\vWEyJbK.exe
  C:\Windows\System\vWEyJbK.exe
  2⤵
  PID:8700
- C:\Windows\System\AjyBzVN.exe
  C:\Windows\System\AjyBzVN.exe
  2⤵
  PID:8936
- C:\Windows\System\jItxcBc.exe
  C:\Windows\System\jItxcBc.exe
  2⤵
  PID:8932
- C:\Windows\System\GyvNmiU.exe
  C:\Windows\System\GyvNmiU.exe
  2⤵
  PID:9084
- C:\Windows\System\XcYGNXB.exe
  C:\Windows\System\XcYGNXB.exe
  2⤵
  PID:8580
- C:\Windows\System\DVbTqqp.exe
  C:\Windows\System\DVbTqqp.exe
  2⤵
  PID:8732
- C:\Windows\System\umtAyMC.exe
  C:\Windows\System\umtAyMC.exe
  2⤵
  PID:9116
- C:\Windows\System\rJhPShG.exe
  C:\Windows\System\rJhPShG.exe
  2⤵
  PID:8992
- C:\Windows\System\dmDOgtp.exe
  C:\Windows\System\dmDOgtp.exe
  2⤵
  PID:9232
- C:\Windows\System\llDOzgm.exe
  C:\Windows\System\llDOzgm.exe
  2⤵
  PID:9260
- C:\Windows\System\fhguxwb.exe
  C:\Windows\System\fhguxwb.exe
  2⤵
  PID:9288
- C:\Windows\System\gIYCwVM.exe
  C:\Windows\System\gIYCwVM.exe
  2⤵
  PID:9304
- C:\Windows\System\dhmPnwv.exe
  C:\Windows\System\dhmPnwv.exe
  2⤵
  PID:9324
- C:\Windows\System\AzOVEXq.exe
  C:\Windows\System\AzOVEXq.exe
  2⤵
  PID:9352
- C:\Windows\System\EmReEPe.exe
  C:\Windows\System\EmReEPe.exe
  2⤵
  PID:9392
- C:\Windows\System\CvWJhJc.exe
  C:\Windows\System\CvWJhJc.exe
  2⤵
  PID:9416
- C:\Windows\System\QYUfqtC.exe
  C:\Windows\System\QYUfqtC.exe
  2⤵
  PID:9448
- C:\Windows\System\bfUdtew.exe
  C:\Windows\System\bfUdtew.exe
  2⤵
  PID:9476
- C:\Windows\System\hnYFTlR.exe
  C:\Windows\System\hnYFTlR.exe
  2⤵
  PID:9516
- C:\Windows\System\PYYsRsu.exe
  C:\Windows\System\PYYsRsu.exe
  2⤵
  PID:9544
- C:\Windows\System\PnmriCB.exe
  C:\Windows\System\PnmriCB.exe
  2⤵
  PID:9560
- C:\Windows\System\eEztFvk.exe
  C:\Windows\System\eEztFvk.exe
  2⤵
  PID:9600
- C:\Windows\System\WLZkAoX.exe
  C:\Windows\System\WLZkAoX.exe
  2⤵
  PID:9616
- C:\Windows\System\LEoKeWZ.exe
  C:\Windows\System\LEoKeWZ.exe
  2⤵
  PID:9640
- C:\Windows\System\OrRTIen.exe
  C:\Windows\System\OrRTIen.exe
  2⤵
  PID:9664
- C:\Windows\System\HNBGQXl.exe
  C:\Windows\System\HNBGQXl.exe
  2⤵
  PID:9704
- C:\Windows\System\stdoREL.exe
  C:\Windows\System\stdoREL.exe
  2⤵
  PID:9728
- C:\Windows\System\mqRMMYF.exe
  C:\Windows\System\mqRMMYF.exe
  2⤵
  PID:9760
- C:\Windows\System\toTPlrD.exe
  C:\Windows\System\toTPlrD.exe
  2⤵
  PID:9796
- C:\Windows\System\CFxyFua.exe
  C:\Windows\System\CFxyFua.exe
  2⤵
  PID:9824
- C:\Windows\System\KTFwVdK.exe
  C:\Windows\System\KTFwVdK.exe
  2⤵
  PID:9852
- C:\Windows\System\WuKUqzw.exe
  C:\Windows\System\WuKUqzw.exe
  2⤵
  PID:9880
- C:\Windows\System\yCdyuwG.exe
  C:\Windows\System\yCdyuwG.exe
  2⤵
  PID:9896
- C:\Windows\System\pBANBej.exe
  C:\Windows\System\pBANBej.exe
  2⤵
  PID:9920
- C:\Windows\System\ZUaBfyM.exe
  C:\Windows\System\ZUaBfyM.exe
  2⤵
  PID:9956
- C:\Windows\System\pomzuTM.exe
  C:\Windows\System\pomzuTM.exe
  2⤵
  PID:9980
- C:\Windows\System\VDhBETa.exe
  C:\Windows\System\VDhBETa.exe
  2⤵
  PID:10008
- C:\Windows\System\tclLEmI.exe
  C:\Windows\System\tclLEmI.exe
  2⤵
  PID:10040
- C:\Windows\System\fgGiDCt.exe
  C:\Windows\System\fgGiDCt.exe
  2⤵
  PID:10064
- C:\Windows\System\rldjKSf.exe
  C:\Windows\System\rldjKSf.exe
  2⤵
  PID:10096
- C:\Windows\System\euRNvjC.exe
  C:\Windows\System\euRNvjC.exe
  2⤵
  PID:10120
- C:\Windows\System\cuIMNdu.exe
  C:\Windows\System\cuIMNdu.exe
  2⤵
  PID:10148
- C:\Windows\System\Voaskul.exe
  C:\Windows\System\Voaskul.exe
  2⤵
  PID:10164
- C:\Windows\System\mTabjKg.exe
  C:\Windows\System\mTabjKg.exe
  2⤵
  PID:10204
- C:\Windows\System\xyvJNqL.exe
  C:\Windows\System\xyvJNqL.exe
  2⤵
  PID:10236
- C:\Windows\System\snunAdb.exe
  C:\Windows\System\snunAdb.exe
  2⤵
  PID:9276
- C:\Windows\System\LRfzIUw.exe
  C:\Windows\System\LRfzIUw.exe
  2⤵
  PID:9300
- C:\Windows\System\NhIgNHP.exe
  C:\Windows\System\NhIgNHP.exe
  2⤵
  PID:9388
- C:\Windows\System\leVdsGT.exe
  C:\Windows\System\leVdsGT.exe
  2⤵
  PID:9468
- C:\Windows\System\zislhjz.exe
  C:\Windows\System\zislhjz.exe
  2⤵
  PID:9532
- C:\Windows\System\erIpkou.exe
  C:\Windows\System\erIpkou.exe
  2⤵
  PID:9580
- C:\Windows\System\GoVVhyZ.exe
  C:\Windows\System\GoVVhyZ.exe
  2⤵
  PID:9624
- C:\Windows\System\HNcIhkU.exe
  C:\Windows\System\HNcIhkU.exe
  2⤵
  PID:9696
- C:\Windows\System\EjWplga.exe
  C:\Windows\System\EjWplga.exe
  2⤵
  PID:9748
- C:\Windows\System\NRjIqob.exe
  C:\Windows\System\NRjIqob.exe
  2⤵
  PID:9836
- C:\Windows\System\WsWcgYC.exe
  C:\Windows\System\WsWcgYC.exe
  2⤵
  PID:9932
- C:\Windows\System\WftigVU.exe
  C:\Windows\System\WftigVU.exe
  2⤵
  PID:10000
- C:\Windows\System\UtbxrED.exe
  C:\Windows\System\UtbxrED.exe
  2⤵
  PID:10028
- C:\Windows\System\rxqPUwh.exe
  C:\Windows\System\rxqPUwh.exe
  2⤵
  PID:10116
- C:\Windows\System\SfmnwAV.exe
  C:\Windows\System\SfmnwAV.exe
  2⤵
  PID:10184
- C:\Windows\System\PJrKGre.exe
  C:\Windows\System\PJrKGre.exe
  2⤵
  PID:9224
- C:\Windows\System\iOLzccX.exe
  C:\Windows\System\iOLzccX.exe
  2⤵
  PID:9464
- C:\Windows\System\uFlaSDL.exe
  C:\Windows\System\uFlaSDL.exe
  2⤵
  PID:9552
- C:\Windows\System\XJaLDsS.exe
  C:\Windows\System\XJaLDsS.exe
  2⤵
  PID:9680
- C:\Windows\System\YFcIlPG.exe
  C:\Windows\System\YFcIlPG.exe
  2⤵
  PID:9912
- C:\Windows\System\JbwuOUe.exe
  C:\Windows\System\JbwuOUe.exe
  2⤵
  PID:10036
- C:\Windows\System\mtLnzND.exe
  C:\Windows\System\mtLnzND.exe
  2⤵
  PID:10156
- C:\Windows\System\PlEWNEh.exe
  C:\Windows\System\PlEWNEh.exe
  2⤵
  PID:9344
- C:\Windows\System\kYOEbGR.exe
  C:\Windows\System\kYOEbGR.exe
  2⤵
  PID:9816
- C:\Windows\System\XXasJmV.exe
  C:\Windows\System\XXasJmV.exe
  2⤵
  PID:9972
- C:\Windows\System\gDJFDNo.exe
  C:\Windows\System\gDJFDNo.exe
  2⤵
  PID:9244
- C:\Windows\System\cDcttVu.exe
  C:\Windows\System\cDcttVu.exe
  2⤵
  PID:10084
- C:\Windows\System\GAHGcqC.exe
  C:\Windows\System\GAHGcqC.exe
  2⤵
  PID:10260
- C:\Windows\System\weARDjA.exe
  C:\Windows\System\weARDjA.exe
  2⤵
  PID:10292
- C:\Windows\System\ThiKwuM.exe
  C:\Windows\System\ThiKwuM.exe
  2⤵
  PID:10324
- C:\Windows\System\PdpDQlT.exe
  C:\Windows\System\PdpDQlT.exe
  2⤵
  PID:10360
- C:\Windows\System\StwNLaB.exe
  C:\Windows\System\StwNLaB.exe
  2⤵
  PID:10380
- C:\Windows\System\qfqrMgM.exe
  C:\Windows\System\qfqrMgM.exe
  2⤵
  PID:10408
- C:\Windows\System\yaZigch.exe
  C:\Windows\System\yaZigch.exe
  2⤵
  PID:10436
- C:\Windows\System\zwJyHqu.exe
  C:\Windows\System\zwJyHqu.exe
  2⤵
  PID:10464
- C:\Windows\System\jctwbPK.exe
  C:\Windows\System\jctwbPK.exe
  2⤵
  PID:10504
- C:\Windows\System\VYxlGEX.exe
  C:\Windows\System\VYxlGEX.exe
  2⤵
  PID:10520
- C:\Windows\System\vyrOksU.exe
  C:\Windows\System\vyrOksU.exe
  2⤵
  PID:10548
- C:\Windows\System\oZyUuNf.exe
  C:\Windows\System\oZyUuNf.exe
  2⤵
  PID:10576
- C:\Windows\System\mRIXrrz.exe
  C:\Windows\System\mRIXrrz.exe
  2⤵
  PID:10600
- C:\Windows\System\FHjBQEk.exe
  C:\Windows\System\FHjBQEk.exe
  2⤵
  PID:10628
- C:\Windows\System\JWkYlfe.exe
  C:\Windows\System\JWkYlfe.exe
  2⤵
  PID:10648
- C:\Windows\System\oDFKkzy.exe
  C:\Windows\System\oDFKkzy.exe
  2⤵
  PID:10688
- C:\Windows\System\ddIxovy.exe
  C:\Windows\System\ddIxovy.exe
  2⤵
  PID:10720
- C:\Windows\System\XgOtUNp.exe
  C:\Windows\System\XgOtUNp.exe
  2⤵
  PID:10748
- C:\Windows\System\UVCwYmx.exe
  C:\Windows\System\UVCwYmx.exe
  2⤵
  PID:10768
- C:\Windows\System\YMrcQhO.exe
  C:\Windows\System\YMrcQhO.exe
  2⤵
  PID:10804
- C:\Windows\System\hNnXLmB.exe
  C:\Windows\System\hNnXLmB.exe
  2⤵
  PID:10832
- C:\Windows\System\DbXQCRl.exe
  C:\Windows\System\DbXQCRl.exe
  2⤵
  PID:10860
- C:\Windows\System\xeWIRBk.exe
  C:\Windows\System\xeWIRBk.exe
  2⤵
  PID:10888
- C:\Windows\System\KmehREe.exe
  C:\Windows\System\KmehREe.exe
  2⤵
  PID:10924
- C:\Windows\System\upMXqxW.exe
  C:\Windows\System\upMXqxW.exe
  2⤵
  PID:10944
- C:\Windows\System\JByFsYe.exe
  C:\Windows\System\JByFsYe.exe
  2⤵
  PID:10972
- C:\Windows\System\FjQvTqV.exe
  C:\Windows\System\FjQvTqV.exe
  2⤵
  PID:11000
- C:\Windows\System\fVEVmJy.exe
  C:\Windows\System\fVEVmJy.exe
  2⤵
  PID:11028
- C:\Windows\System\WgkTehQ.exe
  C:\Windows\System\WgkTehQ.exe
  2⤵
  PID:11048
- C:\Windows\System\XGXTlrI.exe
  C:\Windows\System\XGXTlrI.exe
  2⤵
  PID:11068
- C:\Windows\System\yXqiVZv.exe
  C:\Windows\System\yXqiVZv.exe
  2⤵
  PID:11092
- C:\Windows\System\eLKOUKb.exe
  C:\Windows\System\eLKOUKb.exe
  2⤵
  PID:11124
- C:\Windows\System\wCxxBLR.exe
  C:\Windows\System\wCxxBLR.exe
  2⤵
  PID:11152
- C:\Windows\System\xbHtHQP.exe
  C:\Windows\System\xbHtHQP.exe
  2⤵
  PID:11188
- C:\Windows\System\MVPHzhi.exe
  C:\Windows\System\MVPHzhi.exe
  2⤵
  PID:11224
- C:\Windows\System\wpSrCae.exe
  C:\Windows\System\wpSrCae.exe
  2⤵
  PID:9948
- C:\Windows\System\raQlIBs.exe
  C:\Windows\System\raQlIBs.exe
  2⤵
  PID:10284
- C:\Windows\System\DxXBsFc.exe
  C:\Windows\System\DxXBsFc.exe
  2⤵
  PID:10348
- C:\Windows\System\qIyMnqX.exe
  C:\Windows\System\qIyMnqX.exe
  2⤵
  PID:10420
- C:\Windows\System\pLABHau.exe
  C:\Windows\System\pLABHau.exe
  2⤵
  PID:10460
- C:\Windows\System\KmgoxgO.exe
  C:\Windows\System\KmgoxgO.exe
  2⤵
  PID:10516
- C:\Windows\System\oxNVbIq.exe
  C:\Windows\System\oxNVbIq.exe
  2⤵
  PID:228
- C:\Windows\System\NsArSHn.exe
  C:\Windows\System\NsArSHn.exe
  2⤵
  PID:10608
- C:\Windows\System\DbkODqL.exe
  C:\Windows\System\DbkODqL.exe
  2⤵
  PID:10712
- C:\Windows\System\RBlVzsr.exe
  C:\Windows\System\RBlVzsr.exe
  2⤵
  PID:10736
- C:\Windows\System\xqZncLp.exe
  C:\Windows\System\xqZncLp.exe
  2⤵
  PID:10800
- C:\Windows\System\gtqcclL.exe
  C:\Windows\System\gtqcclL.exe
  2⤵
  PID:10900
- C:\Windows\System\pqtlYqO.exe
  C:\Windows\System\pqtlYqO.exe
  2⤵
  PID:10956
- C:\Windows\System\JjVouhF.exe
  C:\Windows\System\JjVouhF.exe
  2⤵
  PID:11064
- C:\Windows\System\iEWKGzr.exe
  C:\Windows\System\iEWKGzr.exe
  2⤵
  PID:11100
- C:\Windows\System\SFBavQf.exe
  C:\Windows\System\SFBavQf.exe
  2⤵
  PID:11120
- C:\Windows\System\uVvOkKe.exe
  C:\Windows\System\uVvOkKe.exe
  2⤵
  PID:11252
- C:\Windows\System\dhRNmig.exe
  C:\Windows\System\dhRNmig.exe
  2⤵
  PID:9608
- C:\Windows\System\QHyRaeY.exe
  C:\Windows\System\QHyRaeY.exe
  2⤵
  PID:10400
- C:\Windows\System\HeAXBYw.exe
  C:\Windows\System\HeAXBYw.exe
  2⤵
  PID:10560
- C:\Windows\System\eOHwzzs.exe
  C:\Windows\System\eOHwzzs.exe
  2⤵
  PID:10672
- C:\Windows\System\KYmMRdn.exe
  C:\Windows\System\KYmMRdn.exe
  2⤵
  PID:10856
- C:\Windows\System\FJGKVVS.exe
  C:\Windows\System\FJGKVVS.exe
  2⤵
  PID:11012
- C:\Windows\System\eiGGVsG.exe
  C:\Windows\System\eiGGVsG.exe
  2⤵
  PID:11176
- C:\Windows\System\WoHkjCZ.exe
  C:\Windows\System\WoHkjCZ.exe
  2⤵
  PID:10568
- C:\Windows\System\tHtqCPM.exe
  C:\Windows\System\tHtqCPM.exe
  2⤵
  PID:10680
- C:\Windows\System\VZvDiFF.exe
  C:\Windows\System\VZvDiFF.exe
  2⤵
  PID:11084
- C:\Windows\System\WrCVqaE.exe
  C:\Windows\System\WrCVqaE.exe
  2⤵
  PID:10372
- C:\Windows\System\hEnGSJx.exe
  C:\Windows\System\hEnGSJx.exe
  2⤵
  PID:10932
- C:\Windows\System\laYvzWT.exe
  C:\Windows\System\laYvzWT.exe
  2⤵
  PID:11088
- C:\Windows\System\fmmgbcg.exe
  C:\Windows\System\fmmgbcg.exe
  2⤵
  PID:11288
- C:\Windows\System\EOmsbzd.exe
  C:\Windows\System\EOmsbzd.exe
  2⤵
  PID:11328
- C:\Windows\System\fadOHiS.exe
  C:\Windows\System\fadOHiS.exe
  2⤵
  PID:11348
- C:\Windows\System\xIOUAlh.exe
  C:\Windows\System\xIOUAlh.exe
  2⤵
  PID:11372
- C:\Windows\System\CgxOWvT.exe
  C:\Windows\System\CgxOWvT.exe
  2⤵
  PID:11400
- C:\Windows\System\voyVteC.exe
  C:\Windows\System\voyVteC.exe
  2⤵
  PID:11428
- C:\Windows\System\DngSeva.exe
  C:\Windows\System\DngSeva.exe
  2⤵
  PID:11460
- C:\Windows\System\zQbqzrd.exe
  C:\Windows\System\zQbqzrd.exe
  2⤵
  PID:11484
- C:\Windows\System\FImUhqc.exe
  C:\Windows\System\FImUhqc.exe
  2⤵
  PID:11524
- C:\Windows\System\qxAIUtT.exe
  C:\Windows\System\qxAIUtT.exe
  2⤵
  PID:11544
- C:\Windows\System\FafmlVj.exe
  C:\Windows\System\FafmlVj.exe
  2⤵
  PID:11564
- C:\Windows\System\bBpUFaL.exe
  C:\Windows\System\bBpUFaL.exe
  2⤵
  PID:11604
- C:\Windows\System\pTZtuBf.exe
  C:\Windows\System\pTZtuBf.exe
  2⤵
  PID:11628
- C:\Windows\System\AHoTfDT.exe
  C:\Windows\System\AHoTfDT.exe
  2⤵
  PID:11656
- C:\Windows\System\JMOJvNp.exe
  C:\Windows\System\JMOJvNp.exe
  2⤵
  PID:11688
- C:\Windows\System\hrIfLbt.exe
  C:\Windows\System\hrIfLbt.exe
  2⤵
  PID:11712
- C:\Windows\System\QXTklZY.exe
  C:\Windows\System\QXTklZY.exe
  2⤵
  PID:11744
- C:\Windows\System\qhAOBOn.exe
  C:\Windows\System\qhAOBOn.exe
  2⤵
  PID:11768
- C:\Windows\System\iqTiwsg.exe
  C:\Windows\System\iqTiwsg.exe
  2⤵
  PID:11796
- C:\Windows\System\IdgvzqS.exe
  C:\Windows\System\IdgvzqS.exe
  2⤵
  PID:11824
- C:\Windows\System\uuHieHX.exe
  C:\Windows\System\uuHieHX.exe
  2⤵
  PID:11840
- C:\Windows\System\wfjTyqv.exe
  C:\Windows\System\wfjTyqv.exe
  2⤵
  PID:11872
- C:\Windows\System\YxLrhCd.exe
  C:\Windows\System\YxLrhCd.exe
  2⤵
  PID:11900
- C:\Windows\System\eptxmQj.exe
  C:\Windows\System\eptxmQj.exe
  2⤵
  PID:11916
- C:\Windows\System\ZdIJsbi.exe
  C:\Windows\System\ZdIJsbi.exe
  2⤵
  PID:11948
- C:\Windows\System\eLhrfUS.exe
  C:\Windows\System\eLhrfUS.exe
  2⤵
  PID:11968
- C:\Windows\System\yescSSJ.exe
  C:\Windows\System\yescSSJ.exe
  2⤵
  PID:11992
- C:\Windows\System\WhWMWzb.exe
  C:\Windows\System\WhWMWzb.exe
  2⤵
  PID:12028
- C:\Windows\System\PcXEeLg.exe
  C:\Windows\System\PcXEeLg.exe
  2⤵
  PID:12056
- C:\Windows\System\XsXixEc.exe
  C:\Windows\System\XsXixEc.exe
  2⤵
  PID:12092
- C:\Windows\System\ZOAhjbc.exe
  C:\Windows\System\ZOAhjbc.exe
  2⤵
  PID:12132
- C:\Windows\System\XfQkaCo.exe
  C:\Windows\System\XfQkaCo.exe
  2⤵
  PID:12152
- C:\Windows\System\VintbBm.exe
  C:\Windows\System\VintbBm.exe
  2⤵
  PID:12172
- C:\Windows\System\EuacZzH.exe
  C:\Windows\System\EuacZzH.exe
  2⤵
  PID:12204
- C:\Windows\System\fipFxJh.exe
  C:\Windows\System\fipFxJh.exe
  2⤵
  PID:12232
- C:\Windows\System\owMpXvL.exe
  C:\Windows\System\owMpXvL.exe
  2⤵
  PID:12268
- C:\Windows\System\LkDuEnA.exe
  C:\Windows\System\LkDuEnA.exe
  2⤵
  PID:11300
- C:\Windows\System\ZGtGfNP.exe
  C:\Windows\System\ZGtGfNP.exe
  2⤵
  PID:11344
- C:\Windows\System\oHrBfev.exe
  C:\Windows\System\oHrBfev.exe
  2⤵
  PID:11416
- C:\Windows\System\RepWtuG.exe
  C:\Windows\System\RepWtuG.exe
  2⤵
  PID:11436
- C:\Windows\System\hWakbcM.exe
  C:\Windows\System\hWakbcM.exe
  2⤵
  PID:11476
- C:\Windows\System\sGKuwbU.exe
  C:\Windows\System\sGKuwbU.exe
  2⤵
  PID:11588
- C:\Windows\System\iuaoYWO.exe
  C:\Windows\System\iuaoYWO.exe
  2⤵
  PID:11612
- C:\Windows\System\SbPxqFk.exe
  C:\Windows\System\SbPxqFk.exe
  2⤵
  PID:11708
- C:\Windows\System\jSOjVxF.exe
  C:\Windows\System\jSOjVxF.exe
  2⤵
  PID:11760
- C:\Windows\System\CYOjWjp.exe
  C:\Windows\System\CYOjWjp.exe
  2⤵
  PID:11812
- C:\Windows\System\jmwCmUY.exe
  C:\Windows\System\jmwCmUY.exe
  2⤵
  PID:4564
- C:\Windows\System\hDrDLdO.exe
  C:\Windows\System\hDrDLdO.exe
  2⤵
  PID:12012
- C:\Windows\System\QZNaVzs.exe
  C:\Windows\System\QZNaVzs.exe
  2⤵
  PID:12036
- C:\Windows\System\HpzHoBp.exe
  C:\Windows\System\HpzHoBp.exe
  2⤵
  PID:12072
- C:\Windows\System\AUfXsHA.exe
  C:\Windows\System\AUfXsHA.exe
  2⤵
  PID:12184
- C:\Windows\System\WAfDcaL.exe
  C:\Windows\System\WAfDcaL.exe
  2⤵
  PID:12224
- C:\Windows\System\LYvAoEE.exe
  C:\Windows\System\LYvAoEE.exe
  2⤵
  PID:11276
- C:\Windows\System\obfUpBL.exe
  C:\Windows\System\obfUpBL.exe
  2⤵
  PID:11412
- C:\Windows\System\EezRczF.exe
  C:\Windows\System\EezRczF.exe
  2⤵
  PID:11540
- C:\Windows\System\yIOqAOL.exe
  C:\Windows\System\yIOqAOL.exe
  2⤵
  PID:11676
- C:\Windows\System\RWQKZSD.exe
  C:\Windows\System\RWQKZSD.exe
  2⤵
  PID:11980
- C:\Windows\System\rMQfSSd.exe
  C:\Windows\System\rMQfSSd.exe
  2⤵
  PID:11988
- C:\Windows\System\VMfIECq.exe
  C:\Windows\System\VMfIECq.exe
  2⤵
  PID:12112
- C:\Windows\System\pdYXaTR.exe
  C:\Windows\System\pdYXaTR.exe
  2⤵
  PID:11496
- C:\Windows\System\zAbTaCW.exe
  C:\Windows\System\zAbTaCW.exe
  2⤵
  PID:11940
- C:\Windows\System\XdGdiMl.exe
  C:\Windows\System\XdGdiMl.exe
  2⤵
  PID:11888
- C:\Windows\System\dHbLwPB.exe
  C:\Windows\System\dHbLwPB.exe
  2⤵
  PID:11752
- C:\Windows\System\IIUCeYl.exe
  C:\Windows\System\IIUCeYl.exe
  2⤵
  PID:12212
- C:\Windows\System\MEnaVoy.exe
  C:\Windows\System\MEnaVoy.exe
  2⤵
  PID:12304
- C:\Windows\System\XAgDlzu.exe
  C:\Windows\System\XAgDlzu.exe
  2⤵
  PID:12336
- C:\Windows\System\xBDvZbB.exe
  C:\Windows\System\xBDvZbB.exe
  2⤵
  PID:12372
- C:\Windows\System\QGBpWsL.exe
  C:\Windows\System\QGBpWsL.exe
  2⤵
  PID:12400
- C:\Windows\System\GhhnMJB.exe
  C:\Windows\System\GhhnMJB.exe
  2⤵
  PID:12428
- C:\Windows\System\jFnBgVd.exe
  C:\Windows\System\jFnBgVd.exe
  2⤵
  PID:12444
- C:\Windows\System\CJQuuCB.exe
  C:\Windows\System\CJQuuCB.exe
  2⤵
  PID:12472
- C:\Windows\System\RtnqPtx.exe
  C:\Windows\System\RtnqPtx.exe
  2⤵
  PID:12508
- C:\Windows\System\yerjRWn.exe
  C:\Windows\System\yerjRWn.exe
  2⤵
  PID:12528
- C:\Windows\System\rxjsvVi.exe
  C:\Windows\System\rxjsvVi.exe
  2⤵
  PID:12564
- C:\Windows\System\gQRpUUc.exe
  C:\Windows\System\gQRpUUc.exe
  2⤵
  PID:12588
- C:\Windows\System\shDglxC.exe
  C:\Windows\System\shDglxC.exe
  2⤵
  PID:12616
- C:\Windows\System\xLVUTse.exe
  C:\Windows\System\xLVUTse.exe
  2⤵
  PID:12636
- C:\Windows\System\yDfeyDS.exe
  C:\Windows\System\yDfeyDS.exe
  2⤵
  PID:12660
- C:\Windows\System\AMQMLDm.exe
  C:\Windows\System\AMQMLDm.exe
  2⤵
  PID:12692
- C:\Windows\System\KenIhiB.exe
  C:\Windows\System\KenIhiB.exe
  2⤵
  PID:12732
- C:\Windows\System\TglCLdI.exe
  C:\Windows\System\TglCLdI.exe
  2⤵
  PID:12756
- C:\Windows\System\ZSBKupt.exe
  C:\Windows\System\ZSBKupt.exe
  2⤵
  PID:12788
- C:\Windows\System\ayqBPWu.exe
  C:\Windows\System\ayqBPWu.exe
  2⤵
  PID:12804
- C:\Windows\System\qTgDDyU.exe
  C:\Windows\System\qTgDDyU.exe
  2⤵
  PID:12820
- C:\Windows\System\VpRjFcW.exe
  C:\Windows\System\VpRjFcW.exe
  2⤵
  PID:12836
- C:\Windows\System\OmESlEd.exe
  C:\Windows\System\OmESlEd.exe
  2⤵
  PID:12860
- C:\Windows\System\CqvUnsL.exe
  C:\Windows\System\CqvUnsL.exe
  2⤵
  PID:12936
- C:\Windows\System\QBkCMvc.exe
  C:\Windows\System\QBkCMvc.exe
  2⤵
  PID:12964
- C:\Windows\System\kLvlBmF.exe
  C:\Windows\System\kLvlBmF.exe
  2⤵
  PID:13000
- C:\Windows\System\LXTJmpc.exe
  C:\Windows\System\LXTJmpc.exe
  2⤵
  PID:13020
- C:\Windows\System\aAihcNs.exe
  C:\Windows\System\aAihcNs.exe
  2⤵
  PID:13056
- C:\Windows\System\GrZhvjO.exe
  C:\Windows\System\GrZhvjO.exe
  2⤵
  PID:13088
- C:\Windows\System\IAOPKiF.exe
  C:\Windows\System\IAOPKiF.exe
  2⤵
  PID:13124
- C:\Windows\System\UPjuBcP.exe
  C:\Windows\System\UPjuBcP.exe
  2⤵
  PID:13144
- C:\Windows\System\KBNYkAQ.exe
  C:\Windows\System\KBNYkAQ.exe
  2⤵
  PID:13176
- C:\Windows\System\nvsjqnU.exe
  C:\Windows\System\nvsjqnU.exe
  2⤵
  PID:13200
- C:\Windows\System\UQiNDuP.exe
  C:\Windows\System\UQiNDuP.exe
  2⤵
  PID:13228
- C:\Windows\System\dkTqLwQ.exe
  C:\Windows\System\dkTqLwQ.exe
  2⤵
  PID:13248
- C:\Windows\System\vtOxqjs.exe
  C:\Windows\System\vtOxqjs.exe
  2⤵
  PID:13284
- C:\Windows\System\QFFBoHw.exe
  C:\Windows\System\QFFBoHw.exe
  2⤵
  PID:11312
- C:\Windows\System\UMcfXcN.exe
  C:\Windows\System\UMcfXcN.exe
  2⤵
  PID:12320
- C:\Windows\System\TuwKQwh.exe
  C:\Windows\System\TuwKQwh.exe
  2⤵
  PID:12424
- C:\Windows\System\XmnNvum.exe
  C:\Windows\System\XmnNvum.exe
  2⤵
  PID:11420
- C:\Windows\System\lElctep.exe
  C:\Windows\System\lElctep.exe
  2⤵
  PID:12540
- C:\Windows\System\sSELneU.exe
  C:\Windows\System\sSELneU.exe
  2⤵
  PID:12600
- C:\Windows\System\FEarZDS.exe
  C:\Windows\System\FEarZDS.exe
  2⤵
  PID:12648
- C:\Windows\System\tfVAAbZ.exe
  C:\Windows\System\tfVAAbZ.exe
  2⤵
  PID:12748
- C:\Windows\System\izZIGGg.exe
  C:\Windows\System\izZIGGg.exe
  2⤵
  PID:12776
- C:\Windows\System\PutMiVc.exe
  C:\Windows\System\PutMiVc.exe
  2⤵
  PID:12868
- C:\Windows\System\XBFVmBO.exe
  C:\Windows\System\XBFVmBO.exe
  2⤵
  PID:12932
- C:\Windows\System\YVkftOM.exe
  C:\Windows\System\YVkftOM.exe
  2⤵
  PID:13032
- C:\Windows\System\jozhWLA.exe
  C:\Windows\System\jozhWLA.exe
  2⤵
  PID:13072
- C:\Windows\System\UGtGGrA.exe
  C:\Windows\System\UGtGGrA.exe
  2⤵
  PID:13156
- C:\Windows\System\wzTNcqr.exe
  C:\Windows\System\wzTNcqr.exe
  2⤵
  PID:13196
- C:\Windows\System\WMoxyTy.exe
  C:\Windows\System\WMoxyTy.exe
  2⤵
  PID:13260
- C:\Windows\System\SuiMnXZ.exe
  C:\Windows\System\SuiMnXZ.exe
  2⤵
  PID:13300
- C:\Windows\System\oaaydUp.exe
  C:\Windows\System\oaaydUp.exe
  2⤵
  PID:12368
- C:\Windows\System\zJGFuAo.exe
  C:\Windows\System\zJGFuAo.exe
  2⤵
  PID:12440
- C:\Windows\System\eRYWisY.exe
  C:\Windows\System\eRYWisY.exe
  2⤵
  PID:12688
- C:\Windows\System\SIYpySU.exe
  C:\Windows\System\SIYpySU.exe
  2⤵
  PID:12812
- C:\Windows\System\jdDGXzj.exe
  C:\Windows\System\jdDGXzj.exe
  2⤵
  PID:12960
- C:\Windows\System\GzfZnql.exe
  C:\Windows\System\GzfZnql.exe
  2⤵
  PID:3560
- C:\Windows\System\mUSioIX.exe
  C:\Windows\System\mUSioIX.exe
  2⤵
  PID:3032
- C:\Windows\System\QZTzjBY.exe
  C:\Windows\System\QZTzjBY.exe
  2⤵
  PID:12516
- C:\Windows\System\bsMwuqu.exe
  C:\Windows\System\bsMwuqu.exe
  2⤵
  PID:12384
- C:\Windows\System\QWrtLOd.exe
  C:\Windows\System\QWrtLOd.exe
  2⤵
  PID:12624
- C:\Windows\System\wwmcrEI.exe
  C:\Windows\System\wwmcrEI.exe
  2⤵
  PID:3776
- C:\Windows\System\NktnHci.exe
  C:\Windows\System\NktnHci.exe
  2⤵
  PID:13316
- C:\Windows\System\dtdwEqK.exe
  C:\Windows\System\dtdwEqK.exe
  2⤵
  PID:13336
- C:\Windows\System\rHsAShX.exe
  C:\Windows\System\rHsAShX.exe
  2⤵
  PID:13376
- C:\Windows\System\vnvySSA.exe
  C:\Windows\System\vnvySSA.exe
  2⤵
  PID:13416
- C:\Windows\System\mKUfxkD.exe
  C:\Windows\System\mKUfxkD.exe
  2⤵
  PID:13444
- C:\Windows\System\YjoCYOQ.exe
  C:\Windows\System\YjoCYOQ.exe
  2⤵
  PID:13460
- C:\Windows\System\bRwnDgn.exe
  C:\Windows\System\bRwnDgn.exe
  2⤵
  PID:13476
- C:\Windows\System\YtHOXsd.exe
  C:\Windows\System\YtHOXsd.exe
  2⤵
  PID:13516
- C:\Windows\System\bTyEGmg.exe
  C:\Windows\System\bTyEGmg.exe
  2⤵
  PID:13536
- C:\Windows\System\FAwmeNM.exe
  C:\Windows\System\FAwmeNM.exe
  2⤵
  PID:13572
- C:\Windows\System\IakapMe.exe
  C:\Windows\System\IakapMe.exe
  2⤵
  PID:13632
- C:\Windows\System\IjKOxpl.exe
  C:\Windows\System\IjKOxpl.exe
  2⤵
  PID:13668
- C:\Windows\System\ACNnmoy.exe
  C:\Windows\System\ACNnmoy.exe
  2⤵
  PID:13704
- C:\Windows\System\rArYryi.exe
  C:\Windows\System\rArYryi.exe
  2⤵
  PID:13736
- C:\Windows\System\zqHseXY.exe
  C:\Windows\System\zqHseXY.exe
  2⤵
  PID:13780
- C:\Windows\System\DWBnEum.exe
  C:\Windows\System\DWBnEum.exe
  2⤵
  PID:13796
- C:\Windows\System\cCxSPTw.exe
  C:\Windows\System\cCxSPTw.exe
  2⤵
  PID:13824
- C:\Windows\System\JTOgGdz.exe
  C:\Windows\System\JTOgGdz.exe
  2⤵
  PID:13852
- C:\Windows\System\pPMHyDr.exe
  C:\Windows\System\pPMHyDr.exe
  2⤵
  PID:13872
- C:\Windows\System\jCeWJTF.exe
  C:\Windows\System\jCeWJTF.exe
  2⤵
  PID:13888
- C:\Windows\System\sUxGNPJ.exe
  C:\Windows\System\sUxGNPJ.exe
  2⤵
  PID:13912
- C:\Windows\System\qxJlMft.exe
  C:\Windows\System\qxJlMft.exe
  2⤵
  PID:13944
- C:\Windows\System\PgJJVfl.exe
  C:\Windows\System\PgJJVfl.exe
  2⤵
  PID:13988
- C:\Windows\System\rygpFzb.exe
  C:\Windows\System\rygpFzb.exe
  2⤵
  PID:14024
- C:\Windows\System\DKFAuDI.exe
  C:\Windows\System\DKFAuDI.exe
  2⤵
  PID:14040
- C:\Windows\System\aENZLGp.exe
  C:\Windows\System\aENZLGp.exe
  2⤵
  PID:14056
- C:\Windows\System\CkgIQMN.exe
  C:\Windows\System\CkgIQMN.exe
  2⤵
  PID:14088
- C:\Windows\System\bTmzqzz.exe
  C:\Windows\System\bTmzqzz.exe
  2⤵
  PID:14136
- C:\Windows\System\JtMqkqi.exe
  C:\Windows\System\JtMqkqi.exe
  2⤵
  PID:14160
- C:\Windows\System\XsfDZPq.exe
  C:\Windows\System\XsfDZPq.exe
  2⤵
  PID:14180
- C:\Windows\System\jhIlbJw.exe
  C:\Windows\System\jhIlbJw.exe
  2⤵
  PID:14212
- C:\Windows\System\vuKWZXi.exe
  C:\Windows\System\vuKWZXi.exe
  2⤵
  PID:14236
- C:\Windows\System\hhfpRjT.exe
  C:\Windows\System\hhfpRjT.exe
  2⤵
  PID:14264
- C:\Windows\System\ioqdBQC.exe
  C:\Windows\System\ioqdBQC.exe
  2⤵
  PID:14292
- C:\Windows\System\jrGZUQx.exe
  C:\Windows\System\jrGZUQx.exe
  2⤵
  PID:14320
- C:\Windows\System\MMdezAE.exe
  C:\Windows\System\MMdezAE.exe
  2⤵
  PID:12984
- C:\Windows\System\sBuMefT.exe
  C:\Windows\System\sBuMefT.exe
  2⤵
  PID:13360
- C:\Windows\System\GQoziUm.exe
  C:\Windows\System\GQoziUm.exe
  2⤵
  PID:13392
- C:\Windows\System\vNHbVru.exe
  C:\Windows\System\vNHbVru.exe
  2⤵
  PID:13488
- C:\Windows\System\REaJVnA.exe
  C:\Windows\System\REaJVnA.exe
  2⤵
  PID:13588
- C:\Windows\System\XmTNDwZ.exe
  C:\Windows\System\XmTNDwZ.exe
  2⤵
  PID:13644
- C:\Windows\System\PMRFpsv.exe
  C:\Windows\System\PMRFpsv.exe
  2⤵
  PID:13728
- C:\Windows\System\kvIFYJn.exe
  C:\Windows\System\kvIFYJn.exe
  2⤵
  PID:13788
- C:\Windows\System\OQzOcEc.exe
  C:\Windows\System\OQzOcEc.exe
  2⤵
  PID:13844
- C:\Windows\System\eqjkLom.exe
  C:\Windows\System\eqjkLom.exe
  2⤵
  PID:13932
- C:\Windows\System\TzWniwA.exe
  C:\Windows\System\TzWniwA.exe
  2⤵
  PID:14008
- C:\Windows\System\MlZzfoQ.exe
  C:\Windows\System\MlZzfoQ.exe
  2⤵
  PID:14052
- C:\Windows\System\IzHfgaD.exe
  C:\Windows\System\IzHfgaD.exe
  2⤵
  PID:14100
- C:\Windows\System\BaNjloV.exe
  C:\Windows\System\BaNjloV.exe
  2⤵
  PID:14168
- C:\Windows\System\EVcCIYR.exe
  C:\Windows\System\EVcCIYR.exe
  2⤵
  PID:14224
- C:\Windows\System\HEYdAZZ.exe
  C:\Windows\System\HEYdAZZ.exe
  2⤵
  PID:14308
- C:\Windows\System\dADkVGC.exe
  C:\Windows\System\dADkVGC.exe
  2⤵
  PID:13432
- C:\Windows\System\iHFKQqL.exe
  C:\Windows\System\iHFKQqL.exe
  2⤵
  PID:13528
- C:\Windows\System\eOQPBxF.exe
  C:\Windows\System\eOQPBxF.exe
  2⤵
  PID:13776

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AKgpZOY.exe

Filesize
2.1MB

MD5
e8b6825c0e31841887617178f27c9dc0

SHA1
d7c9838849215461fa0fbb68b7b0fcfe27664cdc

SHA256
22c22e55aa0d7c394ec6311ffce8e009f78a6c58d6dbc2be86dd2c7f4f387d8d

SHA512
ffb0a04223112b04e87682cd1ec2ff5303bbfa088e7da0632e547b2215d538bc32ed929ba65bc29b64e16245419bce675e763f64af204b29ab74a3584ff9d28b

Download Submit
C:\Windows\System\BaOOnMn.exe

Filesize
2.1MB

MD5
c561e41227f48e77a4a46ab8aa6f035b

SHA1
6b012ca2b6f5982773c4fc886b37e7ebc3c74a77

SHA256
0e370956e877aabc782ecce1fcc3f5fd153ed0011620ba74ddd4f2c144f96040

SHA512
f9816e908355430b00df2491a4b91c638c5c72b9bf10d3c768d9d08128c66d39ecef30f95aeddd7ad5416c9bfbe7ec662509946e725916b32793b61d4e17937c

Download Submit
C:\Windows\System\CdbZRCs.exe

Filesize
2.1MB

MD5
74d4505369167340246f6401cc4ee55b

SHA1
6ae537275ccb8ec1c0468f8c168054c79ddd9285

SHA256
f9b47bce613ebd224ae9206e04f6e1d51ae79425cf2fbc4fccd0a52f3fabbf08

SHA512
f33f7c9658d494bf2635394f43a7da13fef3c3b4f689983a4ffe70fedd337cdcd9d5aeb7141705fb8ec64e6c8b206a915ee9eabb5c4035956ec813b214aec521

Download Submit
C:\Windows\System\DgZmNDT.exe

Filesize
2.1MB

MD5
d3e5b02edb4bd258a60097d5aff2175f

SHA1
9f4e8ebb771c3eb553d2ac6250aaaaaa6182e98d

SHA256
bcccfe7871033b618751be97f5d436b3115e0e4aea4b0e41a01a0a98301747ea

SHA512
5859210aeb6ceb2dee666ed888694f8e5e39db115b7a8d143e71b9960f2d2f6058da6304ab00f22a2effdb38401261f18bcc60a411f514cdef7273f9f5908dbd

Download Submit
C:\Windows\System\EqWaWYJ.exe

Filesize
2.1MB

MD5
42cb28cc1d2cfce629e2acd6645a93cb

SHA1
03743be737122f287feda9ff69cb514cd70e42b5

SHA256
512785e8435d24c25c6cc3f4d4d42619b198450c0c8ca41e36b74100bd08c761

SHA512
670e6e6b2f4e0daced13fd7aa6f14cc1c0dc643217c98575f013da1b665c9552490286c2161111cfd146f23fdd848f138b45e0b89aad05393c6762eedb40baf2

Download Submit
C:\Windows\System\FROvgBR.exe

Filesize
2.1MB

MD5
7590a9d5fb309df62c072b05c1bdd5fc

SHA1
42c027ffdf23c3341b0ef966a5c381e89b84d811

SHA256
ca938ff45d0a24bbb9b4e42562843c7714be148de60983e43eac96dbe30569fe

SHA512
a75df518c1b4514160dae27aa3836137f38832e31a1ef4c48e32cda1e8af25cf5b6bc9976ffea83c73d7ce9dcc3757ceb90cf20d79058d80bc69ff04ce6270d9

Download Submit
C:\Windows\System\GIRnqeT.exe

Filesize
2.1MB

MD5
7062f199247d224247b93a19cc7d8eee

SHA1
b1b6fccf61689e49a72ab4d66ca1288581d5ade3

SHA256
272aac77e828e04508248bc85b4475bfab092a6657e8d8412545d34872c962e6

SHA512
2ba14cd4a6b19cac3b5ce4a39e08a284c6f397e41f2b302fcf86f34c10830d4edd4c064e5b9b9828b9aeccf0a51c69f2e5678c3fd33a589cd79ecaa43d00022b

Download Submit
C:\Windows\System\GkXNqHi.exe

Filesize
2.1MB

MD5
da6dda80bbb7e73cf9acbb52265e5742

SHA1
f049d48107aae8f8111af909fb4a24bfcc03a7c5

SHA256
508cee361d7c6ff614a19fd6a33e81b4b7b03625c1c4afc24e4e0a64adaf0407

SHA512
ada51dc26caa9fef52c11c8fe151fe21979f20428b049de6878b68f1e1a452f0c188097554c54a70d7446f28a5947a075ad830ad2c224451fc2b8ce707cd7e16

Download Submit
C:\Windows\System\JqTsWhd.exe

Filesize
2.1MB

MD5
ff2553d0ecb19f56cf5c6f26d16727db

SHA1
30653f968bff64ef12836a5b80402de9e902a71a

SHA256
d519f365db1e7022e263b1533d57fe6c25b5cdbf106b21179e131f3a5c8b98b9

SHA512
e2a4d8a33403bf81506177a3313dbeea1077ddbff9a8ec4069102947c2a83e8629823aea6b89496f7b81d951b708d4cacd917b11bd414ac73e5701844ee9ffaf

Download Submit
C:\Windows\System\KYLcecW.exe

Filesize
2.1MB

MD5
bc624800ea51af53a3d455a76e102080

SHA1
51dc1b1020f5d064c0f33a92befa20b3628ad7e5

SHA256
ee0d910aeeec10ce7fdcacac7e76b0fec0fef035a2ddd6f6f2843d01daa06882

SHA512
a78a3d54da617e6d62d8ab4a2b630bac313cd65ca8f4e975116d69788be511bcdbcddbb7165a3bb8229e89c2764ae22e8b9cf8868d1a7a35b8952ae6298f3f99

Download Submit
C:\Windows\System\LJaSRRF.exe

Filesize
2.1MB

MD5
a51518c406de8b5a4be34bc4eacab1b4

SHA1
de5cbde928ba7437dc908b12d5c3d9ed0a7e69a8

SHA256
d5dea9da0adfcf22b63a764fdb48de139a9669ec7bb0cc061e557fd021102303

SHA512
6837b04be9eb090b5b3ac209842e6da4f684e54ef54712b02653a9c3d50860cceb631aeffacc4cc94650abab38b30dc48235bf97b762d130a22404875e271c8c

Download Submit
C:\Windows\System\MaRBkng.exe

Filesize
2.1MB

MD5
7c23cce2e067b82456360740fd657958

SHA1
ca5e321c191488e55f0937a6783d9f2a231d3de0

SHA256
ff4ee48364bc035aec4809a72e5e2263de2a24069cd6c46171f7bd13aed98be2

SHA512
9e50751ae51f6d9e2a1f3c870139fd4d63c3bd0c448a8da32aed4b974f05b364f70541a9da1afea21dea5d828d34e9774f2b30639df8fa54f407e9c07f446ea8

Download Submit
C:\Windows\System\ROByAUN.exe

Filesize
2.1MB

MD5
8e76190c8dd390251d42b5ead0cf084f

SHA1
f083c9a870f9cccf7a0ca68fca4d10bc9a14d481

SHA256
9380af54e87f70284b5d4ceafe3752357d18311e1fe88fef67eae5fa710516eb

SHA512
f0db1ebec3c0697268ca3541dafd2f681845cb3864f3d65421977cb374bf1e4d0b48045e4a9cef9bfd7ffb51d04bd17919892fb26e5146f2bdfde5d512ba4266

Download Submit
C:\Windows\System\RpZZDnm.exe

Filesize
2.1MB

MD5
1161cccbaefcb6fad9411f24438679ac

SHA1
95c6b246971efec08d4058e3f79b94de8bd225ff

SHA256
1b2bf27e914396e0912abc133be79fcfa307b5d648f71d39adb3beea2a1efa69

SHA512
a72c8de6c1125b14eef5dd1026d33a0c4393500fbd5e7d4ff6957f5cc629805904307fdada4b047e21a8952d18dbcfd1615e9c5eabaab652ae7d28c1e5623fa9

Download Submit
C:\Windows\System\SpDQFvH.exe

Filesize
2.1MB

MD5
a39baa2a40b23ec79c7ea30f56d5730c

SHA1
8c35eeb8530ba5ec68a408a72d61563596c985fc

SHA256
2d8b32c6d16be9aa51e0a9b5cee3bf89ca9ac84c7910441f3fefbe2563beb664

SHA512
273b3f45ba60bc8142db692a4fa4976a1e8d4e424d61f3550a2bb350be78821b3dbcf851d676efb32184feb827c06a1247a4be7f3b2e18885294aa3e6c3e1bc6

Download Submit
C:\Windows\System\WjVdJKn.exe

Filesize
2.1MB

MD5
0d7b0e0a49da6d2b27fc7d85a4b4d523

SHA1
35b241eb1e71ef73812702b31a2c7e98eae4d4c1

SHA256
be7d2db46e743357ee5d698ce7a654be3cc2a43c0bcbc88137108f22958728c1

SHA512
45a69a4f973b8286a5de76a593b96109968afcc08e4eae9a445aa115dcf065e4c418511a3c6460626ac8816f48aa67c34a8cc6cfe32eaba197c2be0b34d3c39e

Download Submit
C:\Windows\System\XLoTKqn.exe

Filesize
2.1MB

MD5
30bde686f083438feb0917b3fcd0d72e

SHA1
59da2b2535d4ac84be1f606b7302d2aa87fd8ddc

SHA256
6f01d55f56b0f421fdf88b1533bbd4d9873d3e268167b18226ca81b302bf8558

SHA512
262db1bb3884307e61026baa9322edcd4891765157f67e71a363e3656afc6bd3bb803d6b3c74a2a1c87988dc8a524f25526c5b0260c53430d86d4b2a31e9b05d

Download Submit
C:\Windows\System\bQnZQRT.exe

Filesize
2.1MB

MD5
189f0a1635971c42f153fd11b017ce68

SHA1
840060659ef63d6671af3ee968ded418d52ceb36

SHA256
c2f6b629a96b949d0f57352486271e6bd681f604f217fffd8c8ae417c77a2535

SHA512
7563469117a339adf095e11de319fe551504bfc88719a7ab19a29ac338454141c3b4747cf336f0c33d214861651496874dfe125520e5aadccfc6e3d40b5beac0

Download Submit
C:\Windows\System\izbEPKi.exe

Filesize
2.1MB

MD5
c5ebb32955626184fa8c6c564882db64

SHA1
a2eb129971b0366cadd43165ef8de0b4afbab9b0

SHA256
91506aca93af319cd9bbc879c2e590737d54cdbd4d4a9def0cbca2928148adca

SHA512
4b5f207a67c0d1c5faa5bb8256976dbbb1eaf5c38ef040717d45b7cd4c32a399f9324151e720ec041801cbe796ccece3b208d201316da232ca1eb5a9f8624419

Download Submit
C:\Windows\System\jDBHloa.exe

Filesize
2.1MB

MD5
76503c5ba242d5e56390abe46f69e9d2

SHA1
b700e448b11e64bb2819e41ab262a985a8ce3974

SHA256
b84aab1a6c2ae4b7747427ffc9f6fb6906bb1a140c1676079193d050f8505dc8

SHA512
6235b4d15338a96d6d7040598e53b92568cba39671333d3d3a474e9394726d55661c16b0554f61835c0f1f58abd1a3e851a515fdee36f5f8e57dfdf996f8f438

Download Submit
C:\Windows\System\nGmKXFs.exe

Filesize
2.1MB

MD5
96444e56df5ff1610fb1ea5204ec8b8c

SHA1
7e74d11bc3b89ba959e309dcd0ea53890eb1c0b7

SHA256
55f058d55b0eddb44ab1e9c43c2e8d9955cf54df5fb3d032631b4d227314adce

SHA512
9517bd32a20c63ceda661f59cd8dd698860a61276a806fb47dbb74e5273d536f5ff2b12ce2e2bf31be851fae010373ad7f54b377406332378418561c1cd107d9

Download Submit
C:\Windows\System\nxmYbtS.exe

Filesize
2.1MB

MD5
17c041d6d6b15b6e86b2080527f2089f

SHA1
c0959ea2e2cab1735723a8e71246abcca9336e68

SHA256
384fb893439e8c7cb9b241fb6f6480ab7095cd9f58d5705daf0091b8035c3abc

SHA512
28bbe5f679106c095b91a13cebb1963f41d1a6c9173cc8a5bd5c1d99b8fa3778791ae821e886ad35e5017af5d84bcefcd472ff2e37be1f20c22564145656240e

Download Submit
C:\Windows\System\nyrtRcf.exe

Filesize
2.1MB

MD5
c87c9942cc54e5221852947516167387

SHA1
f02db5583328845e56aa00285ca1a1ced96e8586

SHA256
007471d971e5eddb888f7e9675252c4b26761a71b10fea2ee56e69b5ca6a3669

SHA512
974616a8066cc11d3e5713ef48a0961ca747f912160b063e3f5e506c90fb8e98505ad02b8f6b93a22edead0b3798ba52e5229cbfb1c38d903849cf1e3667d258

Download Submit
C:\Windows\System\nzeBtvQ.exe

Filesize
2.1MB

MD5
954bb515d6ac0b708f7f33a1aee26964

SHA1
45f3e54402b5434a12913ff2c3c4bddded428507

SHA256
0b6271527a8379b67f8dd438edcbefd8623849ab191ddd848f8db9b7808b14e7

SHA512
4022f6eff2fc901436c154575aa5a2d610e7c74426b707b6930cbae5d3dee5a1c35b6dc0ca33946b80b7ff85e255e07b80deb953a75ab0272e426e7c91c09d4b

Download Submit
C:\Windows\System\pGYvEUf.exe

Filesize
2.1MB

MD5
818e8838a022f4831d65961d81070a3a

SHA1
85feb63eefef63207db0b04dbb98b34cc182e944

SHA256
b8d5c50eea0c5b91cf5b565b57ea6ebfd7b00aa0455fb50ee04037a68437c97a

SHA512
37f1d7e6451d55e12702de15a49ddbe64cb5fd68fb26cc23ea56bac6df0350d97afbb4ad5989d59c254941b234a279d627a0037df2fceacea55151ecd72c5d98

Download Submit
C:\Windows\System\pStLsyp.exe

Filesize
2.1MB

MD5
c22e047718997ae8d1a522af5644cda3

SHA1
2cac9784c920a6d46dd7b8bef7d50af28df36489

SHA256
9ed4a72d30fdc253442d80ad6d663b65acf7e4c3a3439a22e6cccea123ff5eb7

SHA512
99ec8f56e3e1b1ddd93e2698eb6fff01256e6fc989aaf32b968360e11de3596a11a09d9f670c2db8d938c0808a5b18e704ff433f57356bcdb78fc13274d4ed6c

Download Submit
C:\Windows\System\sJlNaBc.exe

Filesize
2.1MB

MD5
5851cfcb517324492f1d487634531939

SHA1
c52a0fec843d8294b42a6fa699a16d485322ee03

SHA256
2b1adf66a325b723bd2b78f32b99279c6ff336018d6a8f749f1798309fdfd4d9

SHA512
53276c2a3a1283821e66e3d81a4915d6d72ebb86a73b9e75ac0b60167eec5145b52a1dfa2cc22f1e559690b4c8db2a8fdf82c677ca0a429fcdc2a98c5396ae1c

Download Submit
C:\Windows\System\shnWoAz.exe

Filesize
2.1MB

MD5
6f5438f3f0d44df00347bee54a15491f

SHA1
43651d97ba147ffff7d7c409c844146edbc6baac

SHA256
81818e1e6e429ed40cbf925529812578d6451a5e4537f133aa01ce8b9a2197cc

SHA512
608aa1ee83da8d98288ca2ab59517e56504d55f41ec828c96ef99565f0e69cd7840abbd3710da109bd52d40b1384cae43e5da3836f46975e6353bf13a0102cea

Download Submit
C:\Windows\System\tDLSKXR.exe

Filesize
2.1MB

MD5
833e1b288c0f1e4c19efb87c1f63a949

SHA1
d31d20f765393681b0def1112444fa56ea647139

SHA256
95df21edb919c6aa988d35129c40a222cf468d63d3d190c614dc52bab8b6dba9

SHA512
0a39a20080e8eb5316b14a49f8c018c30a90302855c4a178280ac4bd40654b84ca0e2920f84be24e3f8d77bd263f051b86233f41caea2b8608c89bf7eebbda4b

Download Submit
C:\Windows\System\uoOYpzI.exe

Filesize
2.1MB

MD5
cfeac3dd869dae4de06147c9617ac710

SHA1
6ac3b863e99d8b8033a4f843dd633b6aea2e71c1

SHA256
987ec7011d7865e012fc51879bf753be2ae9a5e014403d901f9b4657ce6e735a

SHA512
6dec8dd6e5330bd4d78225aa59f45befd1d04059b7f259628e69348980eac872d285475c0462d85ca7475f0383f83dd37904179e3660306f8552fbdb7ba1618e

Download Submit
C:\Windows\System\upmZIHs.exe

Filesize
2.1MB

MD5
a7f83006fbd02c5d478b845dfdbd1370

SHA1
66454263f9ce3bf8f51a7e9efdfc44538b1036ff

SHA256
0e23a5a7d405a1c9bfce999dbb0737932ecfe4d6f44942a28b297d4a579c7a73

SHA512
14414d254b2578e18b880d5eef934913cc78cc1df28eb38c25da59d60b4dea87981452484f60ccc0cb5aabeaaa68b5fa7df09095749a5a79301f39a4a0698877

Download Submit
C:\Windows\System\vpbYBRe.exe

Filesize
2.1MB

MD5
ab504afa2e6ac7ecc6318fced275b38b

SHA1
0c642c08d2e115cd7650159716fa5108b1f4b2cb

SHA256
95bf999876bb7db0f7ff84a88e669354cdbb69ce1355ea568ce2b3c2f3fae54d

SHA512
1d29e1da9dac5346a03ea66166d592d8bddcdb9795b91b7db7dcad58a14766926572f643f19259810ac6c5cd8f39871dd8fce38fd338b6d03aec1da38233dd43

Download Submit
C:\Windows\System\zElQFvj.exe

Filesize
2.1MB

MD5
ac79534f834e4f4e829caac3446c8e56

SHA1
7692d56f88f80e3970f7f232e123045cb69c26b5

SHA256
8e9163926acb433fa9ac6846108988a91328c2f8a54844961d957a709ac75953

SHA512
6b8ffb807b8764d989f77000f0dd8d48a883ffdeca79bc31d6ed1655894ed38da9f8cb00d3d589f77b1c8d04c579678f0a1fe049b861f57efb94eab201390fd6

Download Submit
memory/232-145-0x00007FF6BBF70000-0x00007FF6BC2C4000-memory.dmp

Filesize
3.3MB

Download
memory/232-2135-0x00007FF6BBF70000-0x00007FF6BC2C4000-memory.dmp

Filesize
3.3MB

Download
memory/392-2133-0x00007FF60A930000-0x00007FF60AC84000-memory.dmp

Filesize
3.3MB

Download
memory/392-144-0x00007FF60A930000-0x00007FF60AC84000-memory.dmp

Filesize
3.3MB

Download
memory/408-155-0x00007FF769A30000-0x00007FF769D84000-memory.dmp

Filesize
3.3MB

Download
memory/408-2150-0x00007FF769A30000-0x00007FF769D84000-memory.dmp

Filesize
3.3MB

Download
memory/732-111-0x00007FF60F9A0000-0x00007FF60FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/732-2151-0x00007FF60F9A0000-0x00007FF60FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/784-96-0x00007FF6256A0000-0x00007FF6259F4000-memory.dmp

Filesize
3.3MB

Download
memory/784-2123-0x00007FF6256A0000-0x00007FF6259F4000-memory.dmp

Filesize
3.3MB

Download
memory/784-2149-0x00007FF6256A0000-0x00007FF6259F4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-2127-0x00007FF7CE7D0000-0x00007FF7CEB24000-memory.dmp

Filesize
3.3MB

Download
memory/1000-2155-0x00007FF7CE7D0000-0x00007FF7CEB24000-memory.dmp

Filesize
3.3MB

Download
memory/1000-181-0x00007FF7CE7D0000-0x00007FF7CEB24000-memory.dmp

Filesize
3.3MB

Download
memory/1332-2153-0x00007FF68CD60000-0x00007FF68D0B4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-99-0x00007FF68CD60000-0x00007FF68D0B4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2121-0x00007FF6FCDE0000-0x00007FF6FD134000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2137-0x00007FF6FCDE0000-0x00007FF6FD134000-memory.dmp

Filesize
3.3MB

Download
memory/1656-56-0x00007FF6FCDE0000-0x00007FF6FD134000-memory.dmp

Filesize
3.3MB

Download
memory/1780-2156-0x00007FF74FF20000-0x00007FF750274000-memory.dmp

Filesize
3.3MB

Download
memory/1780-184-0x00007FF74FF20000-0x00007FF750274000-memory.dmp

Filesize
3.3MB

Download
memory/2112-162-0x00007FF6028B0000-0x00007FF602C04000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2141-0x00007FF6028B0000-0x00007FF602C04000-memory.dmp

Filesize
3.3MB

Download
memory/2144-163-0x00007FF695BD0000-0x00007FF695F24000-memory.dmp

Filesize
3.3MB

Download
memory/2144-2139-0x00007FF695BD0000-0x00007FF695F24000-memory.dmp

Filesize
3.3MB

Download
memory/2300-160-0x00007FF6A46E0000-0x00007FF6A4A34000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2142-0x00007FF6A46E0000-0x00007FF6A4A34000-memory.dmp

Filesize
3.3MB

Download
memory/2548-161-0x00007FF6F0D80000-0x00007FF6F10D4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2140-0x00007FF6F0D80000-0x00007FF6F10D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-50-0x00007FF789450000-0x00007FF7897A4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2120-0x00007FF789450000-0x00007FF7897A4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2131-0x00007FF789450000-0x00007FF7897A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2154-0x00007FF654580000-0x00007FF6548D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-137-0x00007FF654580000-0x00007FF6548D4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-146-0x00007FF652D60000-0x00007FF6530B4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2138-0x00007FF652D60000-0x00007FF6530B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2129-0x00007FF6D3E60000-0x00007FF6D41B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-28-0x00007FF6D3E60000-0x00007FF6D41B4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2122-0x00007FF63CD30000-0x00007FF63D084000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2134-0x00007FF63CD30000-0x00007FF63D084000-memory.dmp

Filesize
3.3MB

Download
memory/2968-75-0x00007FF63CD30000-0x00007FF63D084000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2128-0x00007FF755F50000-0x00007FF7562A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-10-0x00007FF755F50000-0x00007FF7562A4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2146-0x00007FF609FC0000-0x00007FF60A314000-memory.dmp

Filesize
3.3MB

Download
memory/3008-158-0x00007FF609FC0000-0x00007FF60A314000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2130-0x00007FF731BB0000-0x00007FF731F04000-memory.dmp

Filesize
3.3MB

Download
memory/3016-33-0x00007FF731BB0000-0x00007FF731F04000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2132-0x00007FF635A20000-0x00007FF635D74000-memory.dmp

Filesize
3.3MB

Download
memory/3020-143-0x00007FF635A20000-0x00007FF635D74000-memory.dmp

Filesize
3.3MB

Download
memory/3340-2147-0x00007FF632790000-0x00007FF632AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-112-0x00007FF632790000-0x00007FF632AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-2126-0x00007FF632790000-0x00007FF632AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3448-2143-0x00007FF72E9E0000-0x00007FF72ED34000-memory.dmp

Filesize
3.3MB

Download
memory/3448-159-0x00007FF72E9E0000-0x00007FF72ED34000-memory.dmp

Filesize
3.3MB

Download
memory/3724-2152-0x00007FF657D90000-0x00007FF6580E4000-memory.dmp

Filesize
3.3MB

Download
memory/3724-156-0x00007FF657D90000-0x00007FF6580E4000-memory.dmp

Filesize
3.3MB

Download
memory/3728-2125-0x00007FF7133B0000-0x00007FF713704000-memory.dmp

Filesize
3.3MB

Download
memory/3728-129-0x00007FF7133B0000-0x00007FF713704000-memory.dmp

Filesize
3.3MB

Download
memory/3728-2145-0x00007FF7133B0000-0x00007FF713704000-memory.dmp

Filesize
3.3MB

Download
memory/4248-2144-0x00007FF6C9360000-0x00007FF6C96B4000-memory.dmp

Filesize
3.3MB

Download
memory/4248-157-0x00007FF6C9360000-0x00007FF6C96B4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-79-0x00007FF63CC90000-0x00007FF63CFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2136-0x00007FF63CC90000-0x00007FF63CFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-114-0x00007FF630370000-0x00007FF6306C4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2124-0x00007FF630370000-0x00007FF6306C4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2148-0x00007FF630370000-0x00007FF6306C4000-memory.dmp

Filesize
3.3MB

Download
memory/5000-1968-0x00007FF7F3720000-0x00007FF7F3A74000-memory.dmp

Filesize
3.3MB

Download
memory/5000-0-0x00007FF7F3720000-0x00007FF7F3A74000-memory.dmp

Filesize
3.3MB

Download
memory/5000-1-0x000001B60BC10000-0x000001B60BC20000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads