kpot | afff9ff6ab30fe9ab199175007275a829683e834a53c5a8fa9c7da811f471fe8

Analysis

max time kernel
105s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
Size

2.5MB
MD5

a2ca18bc67c5c8609774fabc0ea602e0
SHA1

75c01d1c97f3547452e39acf98a03bfd255ac756
SHA256

afff9ff6ab30fe9ab199175007275a829683e834a53c5a8fa9c7da811f471fe8
SHA512

5d5769fe0ad1f951fe047f6af21cab098c5ffa476c4ab8e8f0f548f220ecbddbe093cb37796354231779d7a63795ed5a25f858f6a4c445d1d2d5883542b48e47
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eou:BemTLkNdfE0pZrwA

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000900000002327a-5.dat	family_kpot
behavioral2/files/0x0007000000023412-8.dat	family_kpot
behavioral2/files/0x0007000000023413-21.dat	family_kpot
behavioral2/files/0x0007000000023414-33.dat	family_kpot
behavioral2/files/0x0007000000023417-43.dat	family_kpot
behavioral2/files/0x000700000002341d-73.dat	family_kpot
behavioral2/files/0x000700000002341e-81.dat	family_kpot
behavioral2/files/0x0007000000023422-103.dat	family_kpot
behavioral2/files/0x0007000000023424-113.dat	family_kpot
behavioral2/files/0x0007000000023430-168.dat	family_kpot
behavioral2/files/0x000700000002342e-164.dat	family_kpot
behavioral2/files/0x000700000002342f-163.dat	family_kpot
behavioral2/files/0x000700000002342d-159.dat	family_kpot
behavioral2/files/0x000700000002342c-154.dat	family_kpot
behavioral2/files/0x000700000002342b-149.dat	family_kpot
behavioral2/files/0x000700000002342a-144.dat	family_kpot
behavioral2/files/0x0007000000023429-139.dat	family_kpot
behavioral2/files/0x0007000000023428-134.dat	family_kpot
behavioral2/files/0x0007000000023427-128.dat	family_kpot
behavioral2/files/0x0007000000023426-124.dat	family_kpot
behavioral2/files/0x0007000000023425-119.dat	family_kpot
behavioral2/files/0x0007000000023423-109.dat	family_kpot
behavioral2/files/0x0007000000023421-99.dat	family_kpot
behavioral2/files/0x0007000000023420-93.dat	family_kpot
behavioral2/files/0x000700000002341f-89.dat	family_kpot
behavioral2/files/0x000700000002341c-74.dat	family_kpot
behavioral2/files/0x000700000002341b-68.dat	family_kpot
behavioral2/files/0x000700000002341a-64.dat	family_kpot
behavioral2/files/0x0007000000023419-58.dat	family_kpot
behavioral2/files/0x0007000000023418-54.dat	family_kpot
behavioral2/files/0x0007000000023416-44.dat	family_kpot
behavioral2/files/0x0007000000023415-41.dat	family_kpot
behavioral2/files/0x0008000000023411-15.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2528-0-0x00007FF761820000-0x00007FF761B74000-memory.dmp	xmrig
behavioral2/files/0x000900000002327a-5.dat	xmrig
behavioral2/files/0x0007000000023412-8.dat	xmrig
behavioral2/memory/4268-17-0x00007FF646400000-0x00007FF646754000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-21.dat	xmrig
behavioral2/memory/380-22-0x00007FF75E480000-0x00007FF75E7D4000-memory.dmp	xmrig
behavioral2/memory/3076-26-0x00007FF6D6820000-0x00007FF6D6B74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-33.dat	xmrig
behavioral2/files/0x0007000000023417-43.dat	xmrig
behavioral2/files/0x000700000002341d-73.dat	xmrig
behavioral2/files/0x000700000002341e-81.dat	xmrig
behavioral2/files/0x0007000000023422-103.dat	xmrig
behavioral2/files/0x0007000000023424-113.dat	xmrig
behavioral2/memory/3224-661-0x00007FF79E4A0000-0x00007FF79E7F4000-memory.dmp	xmrig
behavioral2/memory/3288-660-0x00007FF752B40000-0x00007FF752E94000-memory.dmp	xmrig
behavioral2/memory/2468-662-0x00007FF623A80000-0x00007FF623DD4000-memory.dmp	xmrig
behavioral2/memory/4872-677-0x00007FF6D1590000-0x00007FF6D18E4000-memory.dmp	xmrig
behavioral2/memory/3672-681-0x00007FF74A930000-0x00007FF74AC84000-memory.dmp	xmrig
behavioral2/memory/5068-714-0x00007FF6D0AB0000-0x00007FF6D0E04000-memory.dmp	xmrig
behavioral2/memory/3744-712-0x00007FF7CA7E0000-0x00007FF7CAB34000-memory.dmp	xmrig
behavioral2/memory/452-709-0x00007FF7D7870000-0x00007FF7D7BC4000-memory.dmp	xmrig
behavioral2/memory/5072-706-0x00007FF6B52C0000-0x00007FF6B5614000-memory.dmp	xmrig
behavioral2/memory/3440-702-0x00007FF73E240000-0x00007FF73E594000-memory.dmp	xmrig
behavioral2/memory/1652-699-0x00007FF61B580000-0x00007FF61B8D4000-memory.dmp	xmrig
behavioral2/memory/1196-691-0x00007FF73D3F0000-0x00007FF73D744000-memory.dmp	xmrig
behavioral2/memory/3032-689-0x00007FF68DAA0000-0x00007FF68DDF4000-memory.dmp	xmrig
behavioral2/memory/1064-687-0x00007FF6D3B10000-0x00007FF6D3E64000-memory.dmp	xmrig
behavioral2/memory/3472-719-0x00007FF61CEA0000-0x00007FF61D1F4000-memory.dmp	xmrig
behavioral2/memory/968-717-0x00007FF7E0C10000-0x00007FF7E0F64000-memory.dmp	xmrig
behavioral2/memory/544-678-0x00007FF62F150000-0x00007FF62F4A4000-memory.dmp	xmrig
behavioral2/memory/3116-673-0x00007FF623530000-0x00007FF623884000-memory.dmp	xmrig
behavioral2/memory/1676-670-0x00007FF780140000-0x00007FF780494000-memory.dmp	xmrig
behavioral2/memory/232-665-0x00007FF62C770000-0x00007FF62CAC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-168.dat	xmrig
behavioral2/files/0x000700000002342e-164.dat	xmrig
behavioral2/files/0x000700000002342f-163.dat	xmrig
behavioral2/files/0x000700000002342d-159.dat	xmrig
behavioral2/files/0x000700000002342c-154.dat	xmrig
behavioral2/files/0x000700000002342b-149.dat	xmrig
behavioral2/files/0x000700000002342a-144.dat	xmrig
behavioral2/files/0x0007000000023429-139.dat	xmrig
behavioral2/files/0x0007000000023428-134.dat	xmrig
behavioral2/files/0x0007000000023427-128.dat	xmrig
behavioral2/files/0x0007000000023426-124.dat	xmrig
behavioral2/files/0x0007000000023425-119.dat	xmrig
behavioral2/files/0x0007000000023423-109.dat	xmrig
behavioral2/files/0x0007000000023421-99.dat	xmrig
behavioral2/files/0x0007000000023420-93.dat	xmrig
behavioral2/files/0x000700000002341f-89.dat	xmrig
behavioral2/files/0x000700000002341c-74.dat	xmrig
behavioral2/files/0x000700000002341b-68.dat	xmrig
behavioral2/files/0x000700000002341a-64.dat	xmrig
behavioral2/files/0x0007000000023419-58.dat	xmrig
behavioral2/files/0x0007000000023418-54.dat	xmrig
behavioral2/files/0x0007000000023416-44.dat	xmrig
behavioral2/memory/4480-730-0x00007FF6F8810000-0x00007FF6F8B64000-memory.dmp	xmrig
behavioral2/memory/4812-737-0x00007FF686630000-0x00007FF686984000-memory.dmp	xmrig
behavioral2/memory/4420-741-0x00007FF78EA30000-0x00007FF78ED84000-memory.dmp	xmrig
behavioral2/memory/2276-727-0x00007FF6B52F0000-0x00007FF6B5644000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-41.dat	xmrig
behavioral2/memory/3184-32-0x00007FF6EB930000-0x00007FF6EBC84000-memory.dmp	xmrig
behavioral2/memory/3996-13-0x00007FF6479F0000-0x00007FF647D44000-memory.dmp	xmrig
behavioral2/files/0x0008000000023411-15.dat	xmrig
behavioral2/memory/4268-2127-0x00007FF646400000-0x00007FF646754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3996	OAfadwl.exe
4268	iaFDXlB.exe
380	ZULmSSL.exe
3076	jzwgfFn.exe
3184	GsyamNm.exe
3288	tDVaolm.exe
3224	JEizfdf.exe
2468	qBvThPi.exe
232	ynGXcoE.exe
1676	Ttydglm.exe
3116	dwHfqvG.exe
4872	QbEWDIj.exe
544	ZQpvCOM.exe
3672	ZlbUerd.exe
1064	QLQpzkH.exe
3032	GqPSRaF.exe
1196	YKRhfKf.exe
1652	anNZQJE.exe
3440	KMgyovb.exe
5072	sDQcAIe.exe
452	KULLpnt.exe
3744	VXhSFuO.exe
5068	arrOnsG.exe
968	AWDcpsq.exe
3472	UcfRZBd.exe
2276	CmYJfCL.exe
4480	DIOMkhC.exe
4812	iWsqsnD.exe
4420	ApxNWdK.exe
624	agZgejO.exe
1664	voQsUVs.exe
4584	dkZbkmn.exe
704	zgmFGjS.exe
3932	UoFUCMx.exe
2204	fNszITV.exe
1952	ObaArMo.exe
456	FerlvEe.exe
2868	Gvwvxmx.exe
892	VMznlwv.exe
4452	qkbDuRj.exe
3468	iSDYhWJ.exe
4632	tbXOqfP.exe
660	VnJgymE.exe
3484	QNYFZdw.exe
4380	KSutFZG.exe
4764	jgORIju.exe
1792	lotcTdV.exe
1908	VEMigGO.exe
3160	OWxLMTi.exe
3944	ovPssHT.exe
1628	dblXhVc.exe
3308	WlFEHaW.exe
2168	SnPolpq.exe
3736	TpuyChz.exe
3180	WwQdjlC.exe
1336	XDpCERB.exe
532	SGezioM.exe
2548	QIrejtv.exe
4652	soqyNaz.exe
2164	DYvmmGn.exe
1088	lagNSXd.exe
1068	TEUZaCD.exe
2092	xFvyEEU.exe
3980	tnppKWV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2528-0-0x00007FF761820000-0x00007FF761B74000-memory.dmp	upx
behavioral2/files/0x000900000002327a-5.dat	upx
behavioral2/files/0x0007000000023412-8.dat	upx
behavioral2/memory/4268-17-0x00007FF646400000-0x00007FF646754000-memory.dmp	upx
behavioral2/files/0x0007000000023413-21.dat	upx
behavioral2/memory/380-22-0x00007FF75E480000-0x00007FF75E7D4000-memory.dmp	upx
behavioral2/memory/3076-26-0x00007FF6D6820000-0x00007FF6D6B74000-memory.dmp	upx
behavioral2/files/0x0007000000023414-33.dat	upx
behavioral2/files/0x0007000000023417-43.dat	upx
behavioral2/files/0x000700000002341d-73.dat	upx
behavioral2/files/0x000700000002341e-81.dat	upx
behavioral2/files/0x0007000000023422-103.dat	upx
behavioral2/files/0x0007000000023424-113.dat	upx
behavioral2/memory/3224-661-0x00007FF79E4A0000-0x00007FF79E7F4000-memory.dmp	upx
behavioral2/memory/3288-660-0x00007FF752B40000-0x00007FF752E94000-memory.dmp	upx
behavioral2/memory/2468-662-0x00007FF623A80000-0x00007FF623DD4000-memory.dmp	upx
behavioral2/memory/4872-677-0x00007FF6D1590000-0x00007FF6D18E4000-memory.dmp	upx
behavioral2/memory/3672-681-0x00007FF74A930000-0x00007FF74AC84000-memory.dmp	upx
behavioral2/memory/5068-714-0x00007FF6D0AB0000-0x00007FF6D0E04000-memory.dmp	upx
behavioral2/memory/3744-712-0x00007FF7CA7E0000-0x00007FF7CAB34000-memory.dmp	upx
behavioral2/memory/452-709-0x00007FF7D7870000-0x00007FF7D7BC4000-memory.dmp	upx
behavioral2/memory/5072-706-0x00007FF6B52C0000-0x00007FF6B5614000-memory.dmp	upx
behavioral2/memory/3440-702-0x00007FF73E240000-0x00007FF73E594000-memory.dmp	upx
behavioral2/memory/1652-699-0x00007FF61B580000-0x00007FF61B8D4000-memory.dmp	upx
behavioral2/memory/1196-691-0x00007FF73D3F0000-0x00007FF73D744000-memory.dmp	upx
behavioral2/memory/3032-689-0x00007FF68DAA0000-0x00007FF68DDF4000-memory.dmp	upx
behavioral2/memory/1064-687-0x00007FF6D3B10000-0x00007FF6D3E64000-memory.dmp	upx
behavioral2/memory/3472-719-0x00007FF61CEA0000-0x00007FF61D1F4000-memory.dmp	upx
behavioral2/memory/968-717-0x00007FF7E0C10000-0x00007FF7E0F64000-memory.dmp	upx
behavioral2/memory/544-678-0x00007FF62F150000-0x00007FF62F4A4000-memory.dmp	upx
behavioral2/memory/3116-673-0x00007FF623530000-0x00007FF623884000-memory.dmp	upx
behavioral2/memory/1676-670-0x00007FF780140000-0x00007FF780494000-memory.dmp	upx
behavioral2/memory/232-665-0x00007FF62C770000-0x00007FF62CAC4000-memory.dmp	upx
behavioral2/files/0x0007000000023430-168.dat	upx
behavioral2/files/0x000700000002342e-164.dat	upx
behavioral2/files/0x000700000002342f-163.dat	upx
behavioral2/files/0x000700000002342d-159.dat	upx
behavioral2/files/0x000700000002342c-154.dat	upx
behavioral2/files/0x000700000002342b-149.dat	upx
behavioral2/files/0x000700000002342a-144.dat	upx
behavioral2/files/0x0007000000023429-139.dat	upx
behavioral2/files/0x0007000000023428-134.dat	upx
behavioral2/files/0x0007000000023427-128.dat	upx
behavioral2/files/0x0007000000023426-124.dat	upx
behavioral2/files/0x0007000000023425-119.dat	upx
behavioral2/files/0x0007000000023423-109.dat	upx
behavioral2/files/0x0007000000023421-99.dat	upx
behavioral2/files/0x0007000000023420-93.dat	upx
behavioral2/files/0x000700000002341f-89.dat	upx
behavioral2/files/0x000700000002341c-74.dat	upx
behavioral2/files/0x000700000002341b-68.dat	upx
behavioral2/files/0x000700000002341a-64.dat	upx
behavioral2/files/0x0007000000023419-58.dat	upx
behavioral2/files/0x0007000000023418-54.dat	upx
behavioral2/files/0x0007000000023416-44.dat	upx
behavioral2/memory/4480-730-0x00007FF6F8810000-0x00007FF6F8B64000-memory.dmp	upx
behavioral2/memory/4812-737-0x00007FF686630000-0x00007FF686984000-memory.dmp	upx
behavioral2/memory/4420-741-0x00007FF78EA30000-0x00007FF78ED84000-memory.dmp	upx
behavioral2/memory/2276-727-0x00007FF6B52F0000-0x00007FF6B5644000-memory.dmp	upx
behavioral2/files/0x0007000000023415-41.dat	upx
behavioral2/memory/3184-32-0x00007FF6EB930000-0x00007FF6EBC84000-memory.dmp	upx
behavioral2/memory/3996-13-0x00007FF6479F0000-0x00007FF647D44000-memory.dmp	upx
behavioral2/files/0x0008000000023411-15.dat	upx
behavioral2/memory/4268-2127-0x00007FF646400000-0x00007FF646754000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HaiayVa.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\oEedXbu.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\YFkjleK.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZQpvCOM.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\WwQdjlC.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\DYvmmGn.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\VhFkvSh.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\ZSkVpPV.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\fNszITV.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\aMgAKdZ.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\GOlHgmT.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\PlxBVHV.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\VaUoCxd.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\yLnZEJx.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\afHZZTA.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\GqPSRaF.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\fKOnfdH.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\pGydbXK.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\GRhRCMK.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\GIgfJIu.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\KrWYuFH.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\GmgSoiw.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\ysxssEf.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\mTJWThK.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\kFCcAgy.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\SHRXWQt.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\BvQLABK.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\NXJyOwd.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\gxORReN.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\gOwUvmP.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\XOVLGxm.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\OeThuNY.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\jEmRUuE.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\buLAZjV.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\NVQGgbY.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\vCPuWez.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\OWxLMTi.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\MNEGgSJ.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\QyCfibx.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\MDYMkOa.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\SnPolpq.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\OUQbFBc.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\fngmyal.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\KEzEnwD.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\EWzEbge.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\vibwnBw.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\NbcDmfe.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\EqvcjKJ.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\CPwlWWh.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\ORcYQzM.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\kfFYnmp.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\UXbrRUF.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\JAafJXR.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\wSkOtuF.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\IRhEFVL.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\wwXBtLS.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\YzCxPCp.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\GsyamNm.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\kVvsNsR.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\UgMREiD.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\agZgejO.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\YcSfcEP.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\QlSzHpT.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
File created	C:\Windows\System\YOyxusY.exe	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4616	dwm.exe
Token: SeChangeNotifyPrivilege	4616	dwm.exe
Token: 33	4616	dwm.exe
Token: SeIncBasePriorityPrivilege	4616	dwm.exe
Token: SeShutdownPrivilege	4616	dwm.exe
Token: SeCreatePagefilePrivilege	4616	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 3996	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	82
PID 2528 wrote to memory of 3996	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	82
PID 2528 wrote to memory of 4268	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	83
PID 2528 wrote to memory of 4268	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	83
PID 2528 wrote to memory of 380	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	84
PID 2528 wrote to memory of 380	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	84
PID 2528 wrote to memory of 3076	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	85
PID 2528 wrote to memory of 3076	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	85
PID 2528 wrote to memory of 3184	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	86
PID 2528 wrote to memory of 3184	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	86
PID 2528 wrote to memory of 3288	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	87
PID 2528 wrote to memory of 3288	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	87
PID 2528 wrote to memory of 3224	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	88
PID 2528 wrote to memory of 3224	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	88
PID 2528 wrote to memory of 2468	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	89
PID 2528 wrote to memory of 2468	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	89
PID 2528 wrote to memory of 232	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	90
PID 2528 wrote to memory of 232	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	90
PID 2528 wrote to memory of 1676	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	91
PID 2528 wrote to memory of 1676	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	91
PID 2528 wrote to memory of 3116	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	92
PID 2528 wrote to memory of 3116	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	92
PID 2528 wrote to memory of 4872	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	93
PID 2528 wrote to memory of 4872	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	93
PID 2528 wrote to memory of 544	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	94
PID 2528 wrote to memory of 544	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	94
PID 2528 wrote to memory of 3672	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	95
PID 2528 wrote to memory of 3672	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	95
PID 2528 wrote to memory of 1064	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	96
PID 2528 wrote to memory of 1064	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	96
PID 2528 wrote to memory of 3032	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	97
PID 2528 wrote to memory of 3032	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	97
PID 2528 wrote to memory of 1196	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	98
PID 2528 wrote to memory of 1196	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	98
PID 2528 wrote to memory of 1652	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	99
PID 2528 wrote to memory of 1652	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	99
PID 2528 wrote to memory of 3440	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	100
PID 2528 wrote to memory of 3440	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	100
PID 2528 wrote to memory of 5072	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	101
PID 2528 wrote to memory of 5072	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	101
PID 2528 wrote to memory of 452	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	102
PID 2528 wrote to memory of 452	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	102
PID 2528 wrote to memory of 3744	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	103
PID 2528 wrote to memory of 3744	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	103
PID 2528 wrote to memory of 5068	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	104
PID 2528 wrote to memory of 5068	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	104
PID 2528 wrote to memory of 968	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	105
PID 2528 wrote to memory of 968	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	105
PID 2528 wrote to memory of 3472	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	106
PID 2528 wrote to memory of 3472	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	106
PID 2528 wrote to memory of 2276	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	107
PID 2528 wrote to memory of 2276	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	107
PID 2528 wrote to memory of 4480	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	108
PID 2528 wrote to memory of 4480	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	108
PID 2528 wrote to memory of 4812	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	109
PID 2528 wrote to memory of 4812	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	109
PID 2528 wrote to memory of 4420	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	110
PID 2528 wrote to memory of 4420	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	110
PID 2528 wrote to memory of 624	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	111
PID 2528 wrote to memory of 624	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	111
PID 2528 wrote to memory of 1664	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	112
PID 2528 wrote to memory of 1664	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	112
PID 2528 wrote to memory of 4584	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	113
PID 2528 wrote to memory of 4584	2528	a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a2ca18bc67c5c8609774fabc0ea602e0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\System\OAfadwl.exe
  C:\Windows\System\OAfadwl.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\iaFDXlB.exe
  C:\Windows\System\iaFDXlB.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\ZULmSSL.exe
  C:\Windows\System\ZULmSSL.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\jzwgfFn.exe
  C:\Windows\System\jzwgfFn.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\GsyamNm.exe
  C:\Windows\System\GsyamNm.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\tDVaolm.exe
  C:\Windows\System\tDVaolm.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\JEizfdf.exe
  C:\Windows\System\JEizfdf.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\qBvThPi.exe
  C:\Windows\System\qBvThPi.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ynGXcoE.exe
  C:\Windows\System\ynGXcoE.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\Ttydglm.exe
  C:\Windows\System\Ttydglm.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\dwHfqvG.exe
  C:\Windows\System\dwHfqvG.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\QbEWDIj.exe
  C:\Windows\System\QbEWDIj.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\ZQpvCOM.exe
  C:\Windows\System\ZQpvCOM.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\ZlbUerd.exe
  C:\Windows\System\ZlbUerd.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\QLQpzkH.exe
  C:\Windows\System\QLQpzkH.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\GqPSRaF.exe
  C:\Windows\System\GqPSRaF.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\YKRhfKf.exe
  C:\Windows\System\YKRhfKf.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\anNZQJE.exe
  C:\Windows\System\anNZQJE.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\KMgyovb.exe
  C:\Windows\System\KMgyovb.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\sDQcAIe.exe
  C:\Windows\System\sDQcAIe.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\KULLpnt.exe
  C:\Windows\System\KULLpnt.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\VXhSFuO.exe
  C:\Windows\System\VXhSFuO.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\arrOnsG.exe
  C:\Windows\System\arrOnsG.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\AWDcpsq.exe
  C:\Windows\System\AWDcpsq.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\UcfRZBd.exe
  C:\Windows\System\UcfRZBd.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\CmYJfCL.exe
  C:\Windows\System\CmYJfCL.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\DIOMkhC.exe
  C:\Windows\System\DIOMkhC.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\iWsqsnD.exe
  C:\Windows\System\iWsqsnD.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\ApxNWdK.exe
  C:\Windows\System\ApxNWdK.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\agZgejO.exe
  C:\Windows\System\agZgejO.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\voQsUVs.exe
  C:\Windows\System\voQsUVs.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\dkZbkmn.exe
  C:\Windows\System\dkZbkmn.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\zgmFGjS.exe
  C:\Windows\System\zgmFGjS.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\UoFUCMx.exe
  C:\Windows\System\UoFUCMx.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\fNszITV.exe
  C:\Windows\System\fNszITV.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\ObaArMo.exe
  C:\Windows\System\ObaArMo.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\FerlvEe.exe
  C:\Windows\System\FerlvEe.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\Gvwvxmx.exe
  C:\Windows\System\Gvwvxmx.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\VMznlwv.exe
  C:\Windows\System\VMznlwv.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\qkbDuRj.exe
  C:\Windows\System\qkbDuRj.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\iSDYhWJ.exe
  C:\Windows\System\iSDYhWJ.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\tbXOqfP.exe
  C:\Windows\System\tbXOqfP.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\VnJgymE.exe
  C:\Windows\System\VnJgymE.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\QNYFZdw.exe
  C:\Windows\System\QNYFZdw.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\KSutFZG.exe
  C:\Windows\System\KSutFZG.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\jgORIju.exe
  C:\Windows\System\jgORIju.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\lotcTdV.exe
  C:\Windows\System\lotcTdV.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\VEMigGO.exe
  C:\Windows\System\VEMigGO.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\OWxLMTi.exe
  C:\Windows\System\OWxLMTi.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\ovPssHT.exe
  C:\Windows\System\ovPssHT.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\dblXhVc.exe
  C:\Windows\System\dblXhVc.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\WlFEHaW.exe
  C:\Windows\System\WlFEHaW.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\SnPolpq.exe
  C:\Windows\System\SnPolpq.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\TpuyChz.exe
  C:\Windows\System\TpuyChz.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\WwQdjlC.exe
  C:\Windows\System\WwQdjlC.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\XDpCERB.exe
  C:\Windows\System\XDpCERB.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\SGezioM.exe
  C:\Windows\System\SGezioM.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\QIrejtv.exe
  C:\Windows\System\QIrejtv.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\soqyNaz.exe
  C:\Windows\System\soqyNaz.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\DYvmmGn.exe
  C:\Windows\System\DYvmmGn.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\lagNSXd.exe
  C:\Windows\System\lagNSXd.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\TEUZaCD.exe
  C:\Windows\System\TEUZaCD.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\xFvyEEU.exe
  C:\Windows\System\xFvyEEU.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\tnppKWV.exe
  C:\Windows\System\tnppKWV.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\bKFDDjn.exe
  C:\Windows\System\bKFDDjn.exe
  2⤵
  PID:1276
- C:\Windows\System\ZCeSxmz.exe
  C:\Windows\System\ZCeSxmz.exe
  2⤵
  PID:632
- C:\Windows\System\OeThuNY.exe
  C:\Windows\System\OeThuNY.exe
  2⤵
  PID:4836
- C:\Windows\System\JetHysa.exe
  C:\Windows\System\JetHysa.exe
  2⤵
  PID:5044
- C:\Windows\System\GXLtUlP.exe
  C:\Windows\System\GXLtUlP.exe
  2⤵
  PID:4016
- C:\Windows\System\aGkCWvd.exe
  C:\Windows\System\aGkCWvd.exe
  2⤵
  PID:3424
- C:\Windows\System\UVzgVaX.exe
  C:\Windows\System\UVzgVaX.exe
  2⤵
  PID:1872
- C:\Windows\System\EVuKNFb.exe
  C:\Windows\System\EVuKNFb.exe
  2⤵
  PID:548
- C:\Windows\System\aQSsnHE.exe
  C:\Windows\System\aQSsnHE.exe
  2⤵
  PID:3396
- C:\Windows\System\oKBsNgS.exe
  C:\Windows\System\oKBsNgS.exe
  2⤵
  PID:4264
- C:\Windows\System\UGvNgIT.exe
  C:\Windows\System\UGvNgIT.exe
  2⤵
  PID:4880
- C:\Windows\System\CxEpFnC.exe
  C:\Windows\System\CxEpFnC.exe
  2⤵
  PID:3688
- C:\Windows\System\Hynwzbk.exe
  C:\Windows\System\Hynwzbk.exe
  2⤵
  PID:4212
- C:\Windows\System\ZvGqEOB.exe
  C:\Windows\System\ZvGqEOB.exe
  2⤵
  PID:4348
- C:\Windows\System\HpUkBMu.exe
  C:\Windows\System\HpUkBMu.exe
  2⤵
  PID:2372
- C:\Windows\System\ooHxQfO.exe
  C:\Windows\System\ooHxQfO.exe
  2⤵
  PID:540
- C:\Windows\System\NXsiynb.exe
  C:\Windows\System\NXsiynb.exe
  2⤵
  PID:4636
- C:\Windows\System\zuczPGJ.exe
  C:\Windows\System\zuczPGJ.exe
  2⤵
  PID:3752
- C:\Windows\System\imomQdd.exe
  C:\Windows\System\imomQdd.exe
  2⤵
  PID:912
- C:\Windows\System\AccxNPt.exe
  C:\Windows\System\AccxNPt.exe
  2⤵
  PID:1360
- C:\Windows\System\ykgbTnA.exe
  C:\Windows\System\ykgbTnA.exe
  2⤵
  PID:4840
- C:\Windows\System\TWFmAfT.exe
  C:\Windows\System\TWFmAfT.exe
  2⤵
  PID:2780
- C:\Windows\System\eYWgLVA.exe
  C:\Windows\System\eYWgLVA.exe
  2⤵
  PID:432
- C:\Windows\System\iEoZDGB.exe
  C:\Windows\System\iEoZDGB.exe
  2⤵
  PID:5124
- C:\Windows\System\ZttXKwT.exe
  C:\Windows\System\ZttXKwT.exe
  2⤵
  PID:5152
- C:\Windows\System\BumnqWf.exe
  C:\Windows\System\BumnqWf.exe
  2⤵
  PID:5176
- C:\Windows\System\sNMxLri.exe
  C:\Windows\System\sNMxLri.exe
  2⤵
  PID:5204
- C:\Windows\System\NpvpneB.exe
  C:\Windows\System\NpvpneB.exe
  2⤵
  PID:5236
- C:\Windows\System\vudYkns.exe
  C:\Windows\System\vudYkns.exe
  2⤵
  PID:5264
- C:\Windows\System\HyCHhVQ.exe
  C:\Windows\System\HyCHhVQ.exe
  2⤵
  PID:5292
- C:\Windows\System\jyezfjQ.exe
  C:\Windows\System\jyezfjQ.exe
  2⤵
  PID:5320
- C:\Windows\System\LbqsDDr.exe
  C:\Windows\System\LbqsDDr.exe
  2⤵
  PID:5348
- C:\Windows\System\LyJEXEl.exe
  C:\Windows\System\LyJEXEl.exe
  2⤵
  PID:5376
- C:\Windows\System\bWAqxcq.exe
  C:\Windows\System\bWAqxcq.exe
  2⤵
  PID:5404
- C:\Windows\System\gxORReN.exe
  C:\Windows\System\gxORReN.exe
  2⤵
  PID:5432
- C:\Windows\System\qLgxNht.exe
  C:\Windows\System\qLgxNht.exe
  2⤵
  PID:5456
- C:\Windows\System\LtrpbNd.exe
  C:\Windows\System\LtrpbNd.exe
  2⤵
  PID:5488
- C:\Windows\System\twPAnWp.exe
  C:\Windows\System\twPAnWp.exe
  2⤵
  PID:5516
- C:\Windows\System\sXakUhq.exe
  C:\Windows\System\sXakUhq.exe
  2⤵
  PID:5544
- C:\Windows\System\rlTwrqu.exe
  C:\Windows\System\rlTwrqu.exe
  2⤵
  PID:5572
- C:\Windows\System\iuehhSY.exe
  C:\Windows\System\iuehhSY.exe
  2⤵
  PID:5600
- C:\Windows\System\DUlpqLc.exe
  C:\Windows\System\DUlpqLc.exe
  2⤵
  PID:5628
- C:\Windows\System\OZYGlMO.exe
  C:\Windows\System\OZYGlMO.exe
  2⤵
  PID:5656
- C:\Windows\System\mOzbXhD.exe
  C:\Windows\System\mOzbXhD.exe
  2⤵
  PID:5684
- C:\Windows\System\LDmYCNs.exe
  C:\Windows\System\LDmYCNs.exe
  2⤵
  PID:5712
- C:\Windows\System\SNYzwyR.exe
  C:\Windows\System\SNYzwyR.exe
  2⤵
  PID:5740
- C:\Windows\System\DrWIELm.exe
  C:\Windows\System\DrWIELm.exe
  2⤵
  PID:5768
- C:\Windows\System\gWgGqUJ.exe
  C:\Windows\System\gWgGqUJ.exe
  2⤵
  PID:5796
- C:\Windows\System\GwWSGyY.exe
  C:\Windows\System\GwWSGyY.exe
  2⤵
  PID:5824
- C:\Windows\System\MDIJwrq.exe
  C:\Windows\System\MDIJwrq.exe
  2⤵
  PID:5856
- C:\Windows\System\EPnpVid.exe
  C:\Windows\System\EPnpVid.exe
  2⤵
  PID:5880
- C:\Windows\System\QKiHQbE.exe
  C:\Windows\System\QKiHQbE.exe
  2⤵
  PID:5908
- C:\Windows\System\fcAFJCt.exe
  C:\Windows\System\fcAFJCt.exe
  2⤵
  PID:5936
- C:\Windows\System\fNjbnLt.exe
  C:\Windows\System\fNjbnLt.exe
  2⤵
  PID:5964
- C:\Windows\System\OMWHUyw.exe
  C:\Windows\System\OMWHUyw.exe
  2⤵
  PID:5992
- C:\Windows\System\piUqCaC.exe
  C:\Windows\System\piUqCaC.exe
  2⤵
  PID:6020
- C:\Windows\System\nLXhwzq.exe
  C:\Windows\System\nLXhwzq.exe
  2⤵
  PID:6048
- C:\Windows\System\EcthZOf.exe
  C:\Windows\System\EcthZOf.exe
  2⤵
  PID:6076
- C:\Windows\System\mJBTXZQ.exe
  C:\Windows\System\mJBTXZQ.exe
  2⤵
  PID:6104
- C:\Windows\System\ftcNGcV.exe
  C:\Windows\System\ftcNGcV.exe
  2⤵
  PID:6132
- C:\Windows\System\bxSqdgy.exe
  C:\Windows\System\bxSqdgy.exe
  2⤵
  PID:4028
- C:\Windows\System\kqgoTnh.exe
  C:\Windows\System\kqgoTnh.exe
  2⤵
  PID:2896
- C:\Windows\System\rQBudci.exe
  C:\Windows\System\rQBudci.exe
  2⤵
  PID:4560
- C:\Windows\System\fqGOQbB.exe
  C:\Windows\System\fqGOQbB.exe
  2⤵
  PID:4464
- C:\Windows\System\VhFkvSh.exe
  C:\Windows\System\VhFkvSh.exe
  2⤵
  PID:5136
- C:\Windows\System\gmrzcpX.exe
  C:\Windows\System\gmrzcpX.exe
  2⤵
  PID:5196
- C:\Windows\System\VQHaDiz.exe
  C:\Windows\System\VQHaDiz.exe
  2⤵
  PID:5252
- C:\Windows\System\nKQucQx.exe
  C:\Windows\System\nKQucQx.exe
  2⤵
  PID:5312
- C:\Windows\System\JfDNaoe.exe
  C:\Windows\System\JfDNaoe.exe
  2⤵
  PID:5388
- C:\Windows\System\EogdDef.exe
  C:\Windows\System\EogdDef.exe
  2⤵
  PID:5444
- C:\Windows\System\DrNBygJ.exe
  C:\Windows\System\DrNBygJ.exe
  2⤵
  PID:5508
- C:\Windows\System\cJsubZt.exe
  C:\Windows\System\cJsubZt.exe
  2⤵
  PID:5584
- C:\Windows\System\XHXxYTj.exe
  C:\Windows\System\XHXxYTj.exe
  2⤵
  PID:5644
- C:\Windows\System\DvAwveM.exe
  C:\Windows\System\DvAwveM.exe
  2⤵
  PID:5704
- C:\Windows\System\ywKoiSR.exe
  C:\Windows\System\ywKoiSR.exe
  2⤵
  PID:5760
- C:\Windows\System\UVKDtLw.exe
  C:\Windows\System\UVKDtLw.exe
  2⤵
  PID:5836
- C:\Windows\System\zdyFlie.exe
  C:\Windows\System\zdyFlie.exe
  2⤵
  PID:5896
- C:\Windows\System\sLfQoYE.exe
  C:\Windows\System\sLfQoYE.exe
  2⤵
  PID:5956
- C:\Windows\System\LevOtYt.exe
  C:\Windows\System\LevOtYt.exe
  2⤵
  PID:6032
- C:\Windows\System\RaDiRii.exe
  C:\Windows\System\RaDiRii.exe
  2⤵
  PID:6092
- C:\Windows\System\raGPvcb.exe
  C:\Windows\System\raGPvcb.exe
  2⤵
  PID:636
- C:\Windows\System\ukTKDCf.exe
  C:\Windows\System\ukTKDCf.exe
  2⤵
  PID:2508
- C:\Windows\System\gwMbUxk.exe
  C:\Windows\System\gwMbUxk.exe
  2⤵
  PID:5164
- C:\Windows\System\NiPGVaR.exe
  C:\Windows\System\NiPGVaR.exe
  2⤵
  PID:5284
- C:\Windows\System\ZtVEVVY.exe
  C:\Windows\System\ZtVEVVY.exe
  2⤵
  PID:5420
- C:\Windows\System\RIXRBjT.exe
  C:\Windows\System\RIXRBjT.exe
  2⤵
  PID:5556
- C:\Windows\System\CvjeaJe.exe
  C:\Windows\System\CvjeaJe.exe
  2⤵
  PID:5696
- C:\Windows\System\rCorpWZ.exe
  C:\Windows\System\rCorpWZ.exe
  2⤵
  PID:5808
- C:\Windows\System\XFlwted.exe
  C:\Windows\System\XFlwted.exe
  2⤵
  PID:5984
- C:\Windows\System\iSsSrto.exe
  C:\Windows\System\iSsSrto.exe
  2⤵
  PID:6124
- C:\Windows\System\sPvTvbE.exe
  C:\Windows\System\sPvTvbE.exe
  2⤵
  PID:6172
- C:\Windows\System\hhDclVb.exe
  C:\Windows\System\hhDclVb.exe
  2⤵
  PID:6200
- C:\Windows\System\EamwTGM.exe
  C:\Windows\System\EamwTGM.exe
  2⤵
  PID:6232
- C:\Windows\System\gDZGfmW.exe
  C:\Windows\System\gDZGfmW.exe
  2⤵
  PID:6256
- C:\Windows\System\nJJRPJJ.exe
  C:\Windows\System\nJJRPJJ.exe
  2⤵
  PID:6284
- C:\Windows\System\jaGpHSn.exe
  C:\Windows\System\jaGpHSn.exe
  2⤵
  PID:6312
- C:\Windows\System\HPqbTNV.exe
  C:\Windows\System\HPqbTNV.exe
  2⤵
  PID:6340
- C:\Windows\System\ssvGIWB.exe
  C:\Windows\System\ssvGIWB.exe
  2⤵
  PID:6372
- C:\Windows\System\eNMwqiv.exe
  C:\Windows\System\eNMwqiv.exe
  2⤵
  PID:6404
- C:\Windows\System\jlMOaTu.exe
  C:\Windows\System\jlMOaTu.exe
  2⤵
  PID:6432
- C:\Windows\System\vIrWjNI.exe
  C:\Windows\System\vIrWjNI.exe
  2⤵
  PID:6452
- C:\Windows\System\CPwlWWh.exe
  C:\Windows\System\CPwlWWh.exe
  2⤵
  PID:6480
- C:\Windows\System\YpUQPad.exe
  C:\Windows\System\YpUQPad.exe
  2⤵
  PID:6508
- C:\Windows\System\ivQzsdP.exe
  C:\Windows\System\ivQzsdP.exe
  2⤵
  PID:6536
- C:\Windows\System\jEmRUuE.exe
  C:\Windows\System\jEmRUuE.exe
  2⤵
  PID:6564
- C:\Windows\System\oNcJSpr.exe
  C:\Windows\System\oNcJSpr.exe
  2⤵
  PID:6592
- C:\Windows\System\lUwuVYx.exe
  C:\Windows\System\lUwuVYx.exe
  2⤵
  PID:6616
- C:\Windows\System\NtYQFRh.exe
  C:\Windows\System\NtYQFRh.exe
  2⤵
  PID:6648
- C:\Windows\System\DIiocXQ.exe
  C:\Windows\System\DIiocXQ.exe
  2⤵
  PID:6676
- C:\Windows\System\qcvMpYw.exe
  C:\Windows\System\qcvMpYw.exe
  2⤵
  PID:6704
- C:\Windows\System\ZcZIsRS.exe
  C:\Windows\System\ZcZIsRS.exe
  2⤵
  PID:6732
- C:\Windows\System\akcrgJV.exe
  C:\Windows\System\akcrgJV.exe
  2⤵
  PID:6760
- C:\Windows\System\aMgAKdZ.exe
  C:\Windows\System\aMgAKdZ.exe
  2⤵
  PID:6788
- C:\Windows\System\ukZDoKv.exe
  C:\Windows\System\ukZDoKv.exe
  2⤵
  PID:6816
- C:\Windows\System\CgRcipn.exe
  C:\Windows\System\CgRcipn.exe
  2⤵
  PID:6844
- C:\Windows\System\uOlBDBZ.exe
  C:\Windows\System\uOlBDBZ.exe
  2⤵
  PID:6872
- C:\Windows\System\jkVrulq.exe
  C:\Windows\System\jkVrulq.exe
  2⤵
  PID:6900
- C:\Windows\System\jrNvcqL.exe
  C:\Windows\System\jrNvcqL.exe
  2⤵
  PID:6928
- C:\Windows\System\PKWgUWZ.exe
  C:\Windows\System\PKWgUWZ.exe
  2⤵
  PID:6956
- C:\Windows\System\xmOzAKZ.exe
  C:\Windows\System\xmOzAKZ.exe
  2⤵
  PID:6984
- C:\Windows\System\txqaMCA.exe
  C:\Windows\System\txqaMCA.exe
  2⤵
  PID:7012
- C:\Windows\System\XMSYMmp.exe
  C:\Windows\System\XMSYMmp.exe
  2⤵
  PID:7040
- C:\Windows\System\HGaWVqH.exe
  C:\Windows\System\HGaWVqH.exe
  2⤵
  PID:7068
- C:\Windows\System\nBPnVnK.exe
  C:\Windows\System\nBPnVnK.exe
  2⤵
  PID:7096
- C:\Windows\System\fvMssqI.exe
  C:\Windows\System\fvMssqI.exe
  2⤵
  PID:7124
- C:\Windows\System\RiWyKwL.exe
  C:\Windows\System\RiWyKwL.exe
  2⤵
  PID:7152
- C:\Windows\System\iheupIY.exe
  C:\Windows\System\iheupIY.exe
  2⤵
  PID:4368
- C:\Windows\System\xNqZyHW.exe
  C:\Windows\System\xNqZyHW.exe
  2⤵
  PID:5228
- C:\Windows\System\zTzgDZS.exe
  C:\Windows\System\zTzgDZS.exe
  2⤵
  PID:5616
- C:\Windows\System\RPYNjHp.exe
  C:\Windows\System\RPYNjHp.exe
  2⤵
  PID:5924
- C:\Windows\System\XrbHxps.exe
  C:\Windows\System\XrbHxps.exe
  2⤵
  PID:6160
- C:\Windows\System\ORcYQzM.exe
  C:\Windows\System\ORcYQzM.exe
  2⤵
  PID:6228
- C:\Windows\System\zujqsET.exe
  C:\Windows\System\zujqsET.exe
  2⤵
  PID:6296
- C:\Windows\System\fUuvqoV.exe
  C:\Windows\System\fUuvqoV.exe
  2⤵
  PID:6332
- C:\Windows\System\fgOImhU.exe
  C:\Windows\System\fgOImhU.exe
  2⤵
  PID:6524
- C:\Windows\System\ysynwjo.exe
  C:\Windows\System\ysynwjo.exe
  2⤵
  PID:6608
- C:\Windows\System\YRiUZbe.exe
  C:\Windows\System\YRiUZbe.exe
  2⤵
  PID:6664
- C:\Windows\System\lgmFGlL.exe
  C:\Windows\System\lgmFGlL.exe
  2⤵
  PID:6696
- C:\Windows\System\rXhcMPp.exe
  C:\Windows\System\rXhcMPp.exe
  2⤵
  PID:1376
- C:\Windows\System\IDmUHjC.exe
  C:\Windows\System\IDmUHjC.exe
  2⤵
  PID:6804
- C:\Windows\System\CwAYILF.exe
  C:\Windows\System\CwAYILF.exe
  2⤵
  PID:6856
- C:\Windows\System\ZtZtrCO.exe
  C:\Windows\System\ZtZtrCO.exe
  2⤵
  PID:6884
- C:\Windows\System\YcSfcEP.exe
  C:\Windows\System\YcSfcEP.exe
  2⤵
  PID:6944
- C:\Windows\System\IMGDxwT.exe
  C:\Windows\System\IMGDxwT.exe
  2⤵
  PID:5076
- C:\Windows\System\mTJWThK.exe
  C:\Windows\System\mTJWThK.exe
  2⤵
  PID:3536
- C:\Windows\System\IGFGMMD.exe
  C:\Windows\System\IGFGMMD.exe
  2⤵
  PID:1364
- C:\Windows\System\ZSkVpPV.exe
  C:\Windows\System\ZSkVpPV.exe
  2⤵
  PID:7116
- C:\Windows\System\qOflsGf.exe
  C:\Windows\System\qOflsGf.exe
  2⤵
  PID:7164
- C:\Windows\System\uVqTsdi.exe
  C:\Windows\System\uVqTsdi.exe
  2⤵
  PID:4216
- C:\Windows\System\bzmvwcX.exe
  C:\Windows\System\bzmvwcX.exe
  2⤵
  PID:6068
- C:\Windows\System\HIWiPdP.exe
  C:\Windows\System\HIWiPdP.exe
  2⤵
  PID:6304
- C:\Windows\System\ezsvwJP.exe
  C:\Windows\System\ezsvwJP.exe
  2⤵
  PID:3108
- C:\Windows\System\xjmtfRP.exe
  C:\Windows\System\xjmtfRP.exe
  2⤵
  PID:5008
- C:\Windows\System\GOlHgmT.exe
  C:\Windows\System\GOlHgmT.exe
  2⤵
  PID:6580
- C:\Windows\System\ecUDQKz.exe
  C:\Windows\System\ecUDQKz.exe
  2⤵
  PID:6636
- C:\Windows\System\NQlStfA.exe
  C:\Windows\System\NQlStfA.exe
  2⤵
  PID:6808
- C:\Windows\System\EjRhXMB.exe
  C:\Windows\System\EjRhXMB.exe
  2⤵
  PID:6864
- C:\Windows\System\JmCvQXU.exe
  C:\Windows\System\JmCvQXU.exe
  2⤵
  PID:6940
- C:\Windows\System\AnvKHQd.exe
  C:\Windows\System\AnvKHQd.exe
  2⤵
  PID:4596
- C:\Windows\System\yRmwwXa.exe
  C:\Windows\System\yRmwwXa.exe
  2⤵
  PID:5788
- C:\Windows\System\HGIUums.exe
  C:\Windows\System\HGIUums.exe
  2⤵
  PID:6272
- C:\Windows\System\ZqBmzXZ.exe
  C:\Windows\System\ZqBmzXZ.exe
  2⤵
  PID:4940
- C:\Windows\System\kFCcAgy.exe
  C:\Windows\System\kFCcAgy.exe
  2⤵
  PID:6324
- C:\Windows\System\AtpZVFv.exe
  C:\Windows\System\AtpZVFv.exe
  2⤵
  PID:1476
- C:\Windows\System\WQvfwuK.exe
  C:\Windows\System\WQvfwuK.exe
  2⤵
  PID:5036
- C:\Windows\System\PwnFpvR.exe
  C:\Windows\System\PwnFpvR.exe
  2⤵
  PID:2288
- C:\Windows\System\wxLfEsn.exe
  C:\Windows\System\wxLfEsn.exe
  2⤵
  PID:6976
- C:\Windows\System\AZXfDuJ.exe
  C:\Windows\System\AZXfDuJ.exe
  2⤵
  PID:7108
- C:\Windows\System\ZQAMOKu.exe
  C:\Windows\System\ZQAMOKu.exe
  2⤵
  PID:4428
- C:\Windows\System\fKOnfdH.exe
  C:\Windows\System\fKOnfdH.exe
  2⤵
  PID:6720
- C:\Windows\System\HaiayVa.exe
  C:\Windows\System\HaiayVa.exe
  2⤵
  PID:4252
- C:\Windows\System\kiOFIBT.exe
  C:\Windows\System\kiOFIBT.exe
  2⤵
  PID:6968
- C:\Windows\System\pZWBvbG.exe
  C:\Windows\System\pZWBvbG.exe
  2⤵
  PID:6828
- C:\Windows\System\DukxSiX.exe
  C:\Windows\System\DukxSiX.exe
  2⤵
  PID:6772
- C:\Windows\System\kwaHWDi.exe
  C:\Windows\System\kwaHWDi.exe
  2⤵
  PID:7172
- C:\Windows\System\OKHBzrr.exe
  C:\Windows\System\OKHBzrr.exe
  2⤵
  PID:7216
- C:\Windows\System\PTQthkG.exe
  C:\Windows\System\PTQthkG.exe
  2⤵
  PID:7236
- C:\Windows\System\ngNFdbK.exe
  C:\Windows\System\ngNFdbK.exe
  2⤵
  PID:7260
- C:\Windows\System\uUmMPKb.exe
  C:\Windows\System\uUmMPKb.exe
  2⤵
  PID:7292
- C:\Windows\System\eICSJWV.exe
  C:\Windows\System\eICSJWV.exe
  2⤵
  PID:7312
- C:\Windows\System\WtxuDGZ.exe
  C:\Windows\System\WtxuDGZ.exe
  2⤵
  PID:7344
- C:\Windows\System\UgJXXUZ.exe
  C:\Windows\System\UgJXXUZ.exe
  2⤵
  PID:7376
- C:\Windows\System\gOwUvmP.exe
  C:\Windows\System\gOwUvmP.exe
  2⤵
  PID:7392
- C:\Windows\System\POEFoLq.exe
  C:\Windows\System\POEFoLq.exe
  2⤵
  PID:7416
- C:\Windows\System\EOCxMBK.exe
  C:\Windows\System\EOCxMBK.exe
  2⤵
  PID:7460
- C:\Windows\System\ckvFPcN.exe
  C:\Windows\System\ckvFPcN.exe
  2⤵
  PID:7508
- C:\Windows\System\GUsSICX.exe
  C:\Windows\System\GUsSICX.exe
  2⤵
  PID:7532
- C:\Windows\System\LSIoSiP.exe
  C:\Windows\System\LSIoSiP.exe
  2⤵
  PID:7560
- C:\Windows\System\neaowzZ.exe
  C:\Windows\System\neaowzZ.exe
  2⤵
  PID:7592
- C:\Windows\System\PoVvMaI.exe
  C:\Windows\System\PoVvMaI.exe
  2⤵
  PID:7612
- C:\Windows\System\pcEgAEa.exe
  C:\Windows\System\pcEgAEa.exe
  2⤵
  PID:7636
- C:\Windows\System\VtOMxFW.exe
  C:\Windows\System\VtOMxFW.exe
  2⤵
  PID:7672
- C:\Windows\System\GfGfsMX.exe
  C:\Windows\System\GfGfsMX.exe
  2⤵
  PID:7692
- C:\Windows\System\QrIELeg.exe
  C:\Windows\System\QrIELeg.exe
  2⤵
  PID:7720
- C:\Windows\System\gpOWLru.exe
  C:\Windows\System\gpOWLru.exe
  2⤵
  PID:7748
- C:\Windows\System\lKfRKvf.exe
  C:\Windows\System\lKfRKvf.exe
  2⤵
  PID:7776
- C:\Windows\System\nySlgLt.exe
  C:\Windows\System\nySlgLt.exe
  2⤵
  PID:7796
- C:\Windows\System\Gehdvfq.exe
  C:\Windows\System\Gehdvfq.exe
  2⤵
  PID:7824
- C:\Windows\System\nDYDEnm.exe
  C:\Windows\System\nDYDEnm.exe
  2⤵
  PID:7848
- C:\Windows\System\jcceXHZ.exe
  C:\Windows\System\jcceXHZ.exe
  2⤵
  PID:7864
- C:\Windows\System\lUvvXHt.exe
  C:\Windows\System\lUvvXHt.exe
  2⤵
  PID:7880
- C:\Windows\System\CWIvhqR.exe
  C:\Windows\System\CWIvhqR.exe
  2⤵
  PID:7900
- C:\Windows\System\iCDBraX.exe
  C:\Windows\System\iCDBraX.exe
  2⤵
  PID:7964
- C:\Windows\System\DXjUADo.exe
  C:\Windows\System\DXjUADo.exe
  2⤵
  PID:8004
- C:\Windows\System\kfFYnmp.exe
  C:\Windows\System\kfFYnmp.exe
  2⤵
  PID:8024
- C:\Windows\System\qCtppQZ.exe
  C:\Windows\System\qCtppQZ.exe
  2⤵
  PID:8056
- C:\Windows\System\OUQbFBc.exe
  C:\Windows\System\OUQbFBc.exe
  2⤵
  PID:8084
- C:\Windows\System\ZeBeWXV.exe
  C:\Windows\System\ZeBeWXV.exe
  2⤵
  PID:8112
- C:\Windows\System\deRRlut.exe
  C:\Windows\System\deRRlut.exe
  2⤵
  PID:8140
- C:\Windows\System\kVvsNsR.exe
  C:\Windows\System\kVvsNsR.exe
  2⤵
  PID:8168
- C:\Windows\System\YlvcXOo.exe
  C:\Windows\System\YlvcXOo.exe
  2⤵
  PID:7184
- C:\Windows\System\TtgIFmW.exe
  C:\Windows\System\TtgIFmW.exe
  2⤵
  PID:7256
- C:\Windows\System\euSvTUe.exe
  C:\Windows\System\euSvTUe.exe
  2⤵
  PID:7336
- C:\Windows\System\XJnInwu.exe
  C:\Windows\System\XJnInwu.exe
  2⤵
  PID:7368
- C:\Windows\System\BYHeLCo.exe
  C:\Windows\System\BYHeLCo.exe
  2⤵
  PID:7480
- C:\Windows\System\opowEpH.exe
  C:\Windows\System\opowEpH.exe
  2⤵
  PID:7572
- C:\Windows\System\IPZQHEZ.exe
  C:\Windows\System\IPZQHEZ.exe
  2⤵
  PID:7608
- C:\Windows\System\wOaURVQ.exe
  C:\Windows\System\wOaURVQ.exe
  2⤵
  PID:7704
- C:\Windows\System\rOaDJyl.exe
  C:\Windows\System\rOaDJyl.exe
  2⤵
  PID:7736
- C:\Windows\System\KAYfsKs.exe
  C:\Windows\System\KAYfsKs.exe
  2⤵
  PID:7816
- C:\Windows\System\fcVbfgg.exe
  C:\Windows\System\fcVbfgg.exe
  2⤵
  PID:7872
- C:\Windows\System\PDIMLBF.exe
  C:\Windows\System\PDIMLBF.exe
  2⤵
  PID:7932
- C:\Windows\System\BbtSxis.exe
  C:\Windows\System\BbtSxis.exe
  2⤵
  PID:8044
- C:\Windows\System\fAOMqKi.exe
  C:\Windows\System\fAOMqKi.exe
  2⤵
  PID:8080
- C:\Windows\System\NusUXPS.exe
  C:\Windows\System\NusUXPS.exe
  2⤵
  PID:8132
- C:\Windows\System\QtDsIlL.exe
  C:\Windows\System\QtDsIlL.exe
  2⤵
  PID:7280
- C:\Windows\System\cODRzhz.exe
  C:\Windows\System\cODRzhz.exe
  2⤵
  PID:7408
- C:\Windows\System\ynkrTew.exe
  C:\Windows\System\ynkrTew.exe
  2⤵
  PID:7600
- C:\Windows\System\rkeeKeJ.exe
  C:\Windows\System\rkeeKeJ.exe
  2⤵
  PID:7716
- C:\Windows\System\UXbrRUF.exe
  C:\Windows\System\UXbrRUF.exe
  2⤵
  PID:7908
- C:\Windows\System\hzgBbpR.exe
  C:\Windows\System\hzgBbpR.exe
  2⤵
  PID:7976
- C:\Windows\System\grPURJB.exe
  C:\Windows\System\grPURJB.exe
  2⤵
  PID:8152
- C:\Windows\System\fngmyal.exe
  C:\Windows\System\fngmyal.exe
  2⤵
  PID:7360
- C:\Windows\System\lXvVlMN.exe
  C:\Windows\System\lXvVlMN.exe
  2⤵
  PID:7984
- C:\Windows\System\MlwYolp.exe
  C:\Windows\System\MlwYolp.exe
  2⤵
  PID:7384
- C:\Windows\System\EpuBvJJ.exe
  C:\Windows\System\EpuBvJJ.exe
  2⤵
  PID:7928
- C:\Windows\System\XOVLGxm.exe
  C:\Windows\System\XOVLGxm.exe
  2⤵
  PID:8220
- C:\Windows\System\ISTsZNh.exe
  C:\Windows\System\ISTsZNh.exe
  2⤵
  PID:8248
- C:\Windows\System\wJwlCxu.exe
  C:\Windows\System\wJwlCxu.exe
  2⤵
  PID:8276
- C:\Windows\System\BQJNLYC.exe
  C:\Windows\System\BQJNLYC.exe
  2⤵
  PID:8324
- C:\Windows\System\MvhyvAe.exe
  C:\Windows\System\MvhyvAe.exe
  2⤵
  PID:8340
- C:\Windows\System\bRNBDGT.exe
  C:\Windows\System\bRNBDGT.exe
  2⤵
  PID:8356
- C:\Windows\System\oMvyxdg.exe
  C:\Windows\System\oMvyxdg.exe
  2⤵
  PID:8396
- C:\Windows\System\SHRXWQt.exe
  C:\Windows\System\SHRXWQt.exe
  2⤵
  PID:8412
- C:\Windows\System\DSFGhNl.exe
  C:\Windows\System\DSFGhNl.exe
  2⤵
  PID:8452
- C:\Windows\System\minewTS.exe
  C:\Windows\System\minewTS.exe
  2⤵
  PID:8480
- C:\Windows\System\mpXfgvz.exe
  C:\Windows\System\mpXfgvz.exe
  2⤵
  PID:8508
- C:\Windows\System\wqtoQXg.exe
  C:\Windows\System\wqtoQXg.exe
  2⤵
  PID:8536
- C:\Windows\System\PBQgVcX.exe
  C:\Windows\System\PBQgVcX.exe
  2⤵
  PID:8552
- C:\Windows\System\wtwbfYa.exe
  C:\Windows\System\wtwbfYa.exe
  2⤵
  PID:8576
- C:\Windows\System\hCZnsbB.exe
  C:\Windows\System\hCZnsbB.exe
  2⤵
  PID:8604
- C:\Windows\System\ZWiRWhv.exe
  C:\Windows\System\ZWiRWhv.exe
  2⤵
  PID:8636
- C:\Windows\System\EFHlBGH.exe
  C:\Windows\System\EFHlBGH.exe
  2⤵
  PID:8664
- C:\Windows\System\JAafJXR.exe
  C:\Windows\System\JAafJXR.exe
  2⤵
  PID:8692
- C:\Windows\System\FVvqRlQ.exe
  C:\Windows\System\FVvqRlQ.exe
  2⤵
  PID:8732
- C:\Windows\System\EUSJFqu.exe
  C:\Windows\System\EUSJFqu.exe
  2⤵
  PID:8748
- C:\Windows\System\qBjVlsT.exe
  C:\Windows\System\qBjVlsT.exe
  2⤵
  PID:8788
- C:\Windows\System\fALVIYI.exe
  C:\Windows\System\fALVIYI.exe
  2⤵
  PID:8816
- C:\Windows\System\XcNGyKC.exe
  C:\Windows\System\XcNGyKC.exe
  2⤵
  PID:8856
- C:\Windows\System\lOSpHHN.exe
  C:\Windows\System\lOSpHHN.exe
  2⤵
  PID:8872
- C:\Windows\System\GGBoHkZ.exe
  C:\Windows\System\GGBoHkZ.exe
  2⤵
  PID:8912
- C:\Windows\System\pSeFDCM.exe
  C:\Windows\System\pSeFDCM.exe
  2⤵
  PID:8928
- C:\Windows\System\hIPZtQn.exe
  C:\Windows\System\hIPZtQn.exe
  2⤵
  PID:8960
- C:\Windows\System\LQJRixA.exe
  C:\Windows\System\LQJRixA.exe
  2⤵
  PID:9004
- C:\Windows\System\kFZcxrb.exe
  C:\Windows\System\kFZcxrb.exe
  2⤵
  PID:9048
- C:\Windows\System\JjpWtaD.exe
  C:\Windows\System\JjpWtaD.exe
  2⤵
  PID:9084
- C:\Windows\System\cUVDXzC.exe
  C:\Windows\System\cUVDXzC.exe
  2⤵
  PID:9116
- C:\Windows\System\UlNDsDt.exe
  C:\Windows\System\UlNDsDt.exe
  2⤵
  PID:9148
- C:\Windows\System\tOiZeQr.exe
  C:\Windows\System\tOiZeQr.exe
  2⤵
  PID:9164
- C:\Windows\System\TNGcprT.exe
  C:\Windows\System\TNGcprT.exe
  2⤵
  PID:9192
- C:\Windows\System\EnHDNde.exe
  C:\Windows\System\EnHDNde.exe
  2⤵
  PID:8196
- C:\Windows\System\iQgishm.exe
  C:\Windows\System\iQgishm.exe
  2⤵
  PID:8216
- C:\Windows\System\gAYPiET.exe
  C:\Windows\System\gAYPiET.exe
  2⤵
  PID:8260
- C:\Windows\System\XDByXyg.exe
  C:\Windows\System\XDByXyg.exe
  2⤵
  PID:8376
- C:\Windows\System\GPOoxxo.exe
  C:\Windows\System\GPOoxxo.exe
  2⤵
  PID:8448
- C:\Windows\System\NyviZBM.exe
  C:\Windows\System\NyviZBM.exe
  2⤵
  PID:8524
- C:\Windows\System\hjucbAv.exe
  C:\Windows\System\hjucbAv.exe
  2⤵
  PID:8560
- C:\Windows\System\XIVgDld.exe
  C:\Windows\System\XIVgDld.exe
  2⤵
  PID:8628
- C:\Windows\System\vdQYSOg.exe
  C:\Windows\System\vdQYSOg.exe
  2⤵
  PID:8724
- C:\Windows\System\wkDBoMc.exe
  C:\Windows\System\wkDBoMc.exe
  2⤵
  PID:8772
- C:\Windows\System\sNCuuTC.exe
  C:\Windows\System\sNCuuTC.exe
  2⤵
  PID:8868
- C:\Windows\System\xXySHCm.exe
  C:\Windows\System\xXySHCm.exe
  2⤵
  PID:8924
- C:\Windows\System\bkLdDFX.exe
  C:\Windows\System\bkLdDFX.exe
  2⤵
  PID:8996
- C:\Windows\System\bXZzmOI.exe
  C:\Windows\System\bXZzmOI.exe
  2⤵
  PID:9060
- C:\Windows\System\MNEGgSJ.exe
  C:\Windows\System\MNEGgSJ.exe
  2⤵
  PID:9180
- C:\Windows\System\KSYclWt.exe
  C:\Windows\System\KSYclWt.exe
  2⤵
  PID:8200
- C:\Windows\System\ctWBacw.exe
  C:\Windows\System\ctWBacw.exe
  2⤵
  PID:8308
- C:\Windows\System\DUiFcIn.exe
  C:\Windows\System\DUiFcIn.exe
  2⤵
  PID:8496
- C:\Windows\System\WtCcyRJ.exe
  C:\Windows\System\WtCcyRJ.exe
  2⤵
  PID:8568
- C:\Windows\System\pcNjhej.exe
  C:\Windows\System\pcNjhej.exe
  2⤵
  PID:8828
- C:\Windows\System\OyQIyPy.exe
  C:\Windows\System\OyQIyPy.exe
  2⤵
  PID:9028
- C:\Windows\System\YvtljMX.exe
  C:\Windows\System\YvtljMX.exe
  2⤵
  PID:9212
- C:\Windows\System\IcICgsp.exe
  C:\Windows\System\IcICgsp.exe
  2⤵
  PID:8620
- C:\Windows\System\eMJpNYg.exe
  C:\Windows\System\eMJpNYg.exe
  2⤵
  PID:8712
- C:\Windows\System\GjuSSHW.exe
  C:\Windows\System\GjuSSHW.exe
  2⤵
  PID:9044
- C:\Windows\System\HlmWlWn.exe
  C:\Windows\System\HlmWlWn.exe
  2⤵
  PID:8444
- C:\Windows\System\VPpTJqb.exe
  C:\Windows\System\VPpTJqb.exe
  2⤵
  PID:8680
- C:\Windows\System\GdtxbFs.exe
  C:\Windows\System\GdtxbFs.exe
  2⤵
  PID:9236
- C:\Windows\System\DkuPmYJ.exe
  C:\Windows\System\DkuPmYJ.exe
  2⤵
  PID:9268
- C:\Windows\System\BvQLABK.exe
  C:\Windows\System\BvQLABK.exe
  2⤵
  PID:9312
- C:\Windows\System\SDQPOub.exe
  C:\Windows\System\SDQPOub.exe
  2⤵
  PID:9328
- C:\Windows\System\yLjXmPq.exe
  C:\Windows\System\yLjXmPq.exe
  2⤵
  PID:9368
- C:\Windows\System\shEWSMx.exe
  C:\Windows\System\shEWSMx.exe
  2⤵
  PID:9396
- C:\Windows\System\XDglrHz.exe
  C:\Windows\System\XDglrHz.exe
  2⤵
  PID:9412
- C:\Windows\System\yNspLTv.exe
  C:\Windows\System\yNspLTv.exe
  2⤵
  PID:9444
- C:\Windows\System\BlsvVLp.exe
  C:\Windows\System\BlsvVLp.exe
  2⤵
  PID:9464
- C:\Windows\System\CtcRDCo.exe
  C:\Windows\System\CtcRDCo.exe
  2⤵
  PID:9508
- C:\Windows\System\qlxeJqN.exe
  C:\Windows\System\qlxeJqN.exe
  2⤵
  PID:9536
- C:\Windows\System\LXVzXzr.exe
  C:\Windows\System\LXVzXzr.exe
  2⤵
  PID:9564
- C:\Windows\System\ArSLEKz.exe
  C:\Windows\System\ArSLEKz.exe
  2⤵
  PID:9592
- C:\Windows\System\JpIlgos.exe
  C:\Windows\System\JpIlgos.exe
  2⤵
  PID:9620
- C:\Windows\System\kuKkQVA.exe
  C:\Windows\System\kuKkQVA.exe
  2⤵
  PID:9636
- C:\Windows\System\jyXeCjw.exe
  C:\Windows\System\jyXeCjw.exe
  2⤵
  PID:9676
- C:\Windows\System\GpkSDmt.exe
  C:\Windows\System\GpkSDmt.exe
  2⤵
  PID:9704
- C:\Windows\System\Wwqhgfs.exe
  C:\Windows\System\Wwqhgfs.exe
  2⤵
  PID:9732
- C:\Windows\System\rsWwJAz.exe
  C:\Windows\System\rsWwJAz.exe
  2⤵
  PID:9748
- C:\Windows\System\dJYuujC.exe
  C:\Windows\System\dJYuujC.exe
  2⤵
  PID:9788
- C:\Windows\System\leBTERG.exe
  C:\Windows\System\leBTERG.exe
  2⤵
  PID:9808
- C:\Windows\System\pIJvBxd.exe
  C:\Windows\System\pIJvBxd.exe
  2⤵
  PID:9832
- C:\Windows\System\NXJyOwd.exe
  C:\Windows\System\NXJyOwd.exe
  2⤵
  PID:9852
- C:\Windows\System\adZywzX.exe
  C:\Windows\System\adZywzX.exe
  2⤵
  PID:9892
- C:\Windows\System\sdDSZbX.exe
  C:\Windows\System\sdDSZbX.exe
  2⤵
  PID:9920
- C:\Windows\System\tavbOkr.exe
  C:\Windows\System\tavbOkr.exe
  2⤵
  PID:9944
- C:\Windows\System\SXoITbL.exe
  C:\Windows\System\SXoITbL.exe
  2⤵
  PID:9960
- C:\Windows\System\oiwRcnS.exe
  C:\Windows\System\oiwRcnS.exe
  2⤵
  PID:10012
- C:\Windows\System\WUNhSoA.exe
  C:\Windows\System\WUNhSoA.exe
  2⤵
  PID:10040
- C:\Windows\System\izMShWl.exe
  C:\Windows\System\izMShWl.exe
  2⤵
  PID:10056
- C:\Windows\System\iVyiOlJ.exe
  C:\Windows\System\iVyiOlJ.exe
  2⤵
  PID:10096
- C:\Windows\System\PlxBVHV.exe
  C:\Windows\System\PlxBVHV.exe
  2⤵
  PID:10124
- C:\Windows\System\HMOqeQY.exe
  C:\Windows\System\HMOqeQY.exe
  2⤵
  PID:10152
- C:\Windows\System\ArDTomz.exe
  C:\Windows\System\ArDTomz.exe
  2⤵
  PID:10184
- C:\Windows\System\pGydbXK.exe
  C:\Windows\System\pGydbXK.exe
  2⤵
  PID:10212
- C:\Windows\System\kBrrvXb.exe
  C:\Windows\System\kBrrvXb.exe
  2⤵
  PID:8944
- C:\Windows\System\ZVBCoCI.exe
  C:\Windows\System\ZVBCoCI.exe
  2⤵
  PID:9256
- C:\Windows\System\yDnaEOf.exe
  C:\Windows\System\yDnaEOf.exe
  2⤵
  PID:9340
- C:\Windows\System\hvKTjNM.exe
  C:\Windows\System\hvKTjNM.exe
  2⤵
  PID:9408
- C:\Windows\System\JjXMKBR.exe
  C:\Windows\System\JjXMKBR.exe
  2⤵
  PID:9452
- C:\Windows\System\sOeSNid.exe
  C:\Windows\System\sOeSNid.exe
  2⤵
  PID:9504
- C:\Windows\System\bmoJoVi.exe
  C:\Windows\System\bmoJoVi.exe
  2⤵
  PID:9612
- C:\Windows\System\EtMfHxK.exe
  C:\Windows\System\EtMfHxK.exe
  2⤵
  PID:9656
- C:\Windows\System\KsuqEHe.exe
  C:\Windows\System\KsuqEHe.exe
  2⤵
  PID:9724
- C:\Windows\System\LiBfPWQ.exe
  C:\Windows\System\LiBfPWQ.exe
  2⤵
  PID:9780
- C:\Windows\System\qZIGPbJ.exe
  C:\Windows\System\qZIGPbJ.exe
  2⤵
  PID:9848
- C:\Windows\System\zaGINxr.exe
  C:\Windows\System\zaGINxr.exe
  2⤵
  PID:9904
- C:\Windows\System\gZkcsHq.exe
  C:\Windows\System\gZkcsHq.exe
  2⤵
  PID:9952
- C:\Windows\System\dPGamxN.exe
  C:\Windows\System\dPGamxN.exe
  2⤵
  PID:10036
- C:\Windows\System\ViXTWic.exe
  C:\Windows\System\ViXTWic.exe
  2⤵
  PID:10120
- C:\Windows\System\WkYSupU.exe
  C:\Windows\System\WkYSupU.exe
  2⤵
  PID:10148
- C:\Windows\System\sTbCqqP.exe
  C:\Windows\System\sTbCqqP.exe
  2⤵
  PID:10232
- C:\Windows\System\tgdHGgK.exe
  C:\Windows\System\tgdHGgK.exe
  2⤵
  PID:9304
- C:\Windows\System\GVsXBTz.exe
  C:\Windows\System\GVsXBTz.exe
  2⤵
  PID:9428
- C:\Windows\System\qbVEXjD.exe
  C:\Windows\System\qbVEXjD.exe
  2⤵
  PID:9628
- C:\Windows\System\ZSFLdWD.exe
  C:\Windows\System\ZSFLdWD.exe
  2⤵
  PID:9860
- C:\Windows\System\uGGHOEs.exe
  C:\Windows\System\uGGHOEs.exe
  2⤵
  PID:9932
- C:\Windows\System\EvsvucO.exe
  C:\Windows\System\EvsvucO.exe
  2⤵
  PID:10080
- C:\Windows\System\nynSzaf.exe
  C:\Windows\System\nynSzaf.exe
  2⤵
  PID:10200
- C:\Windows\System\KEzEnwD.exe
  C:\Windows\System\KEzEnwD.exe
  2⤵
  PID:9388
- C:\Windows\System\RrBzDpO.exe
  C:\Windows\System\RrBzDpO.exe
  2⤵
  PID:10204
- C:\Windows\System\QlSzHpT.exe
  C:\Windows\System\QlSzHpT.exe
  2⤵
  PID:9688
- C:\Windows\System\xLJJlCm.exe
  C:\Windows\System\xLJJlCm.exe
  2⤵
  PID:9248
- C:\Windows\System\NybDauc.exe
  C:\Windows\System\NybDauc.exe
  2⤵
  PID:10276
- C:\Windows\System\xayaCXd.exe
  C:\Windows\System\xayaCXd.exe
  2⤵
  PID:10304
- C:\Windows\System\JDgLpAS.exe
  C:\Windows\System\JDgLpAS.exe
  2⤵
  PID:10332
- C:\Windows\System\HSnlQdf.exe
  C:\Windows\System\HSnlQdf.exe
  2⤵
  PID:10360
- C:\Windows\System\hMXMHot.exe
  C:\Windows\System\hMXMHot.exe
  2⤵
  PID:10388
- C:\Windows\System\VLlFfeY.exe
  C:\Windows\System\VLlFfeY.exe
  2⤵
  PID:10412
- C:\Windows\System\FWxaUCo.exe
  C:\Windows\System\FWxaUCo.exe
  2⤵
  PID:10432
- C:\Windows\System\ThGjwgm.exe
  C:\Windows\System\ThGjwgm.exe
  2⤵
  PID:10476
- C:\Windows\System\tuBDiHu.exe
  C:\Windows\System\tuBDiHu.exe
  2⤵
  PID:10492
- C:\Windows\System\yubhvLs.exe
  C:\Windows\System\yubhvLs.exe
  2⤵
  PID:10544
- C:\Windows\System\xycteVE.exe
  C:\Windows\System\xycteVE.exe
  2⤵
  PID:10560
- C:\Windows\System\fBahrsZ.exe
  C:\Windows\System\fBahrsZ.exe
  2⤵
  PID:10592
- C:\Windows\System\uQwKuHf.exe
  C:\Windows\System\uQwKuHf.exe
  2⤵
  PID:10620
- C:\Windows\System\vibwnBw.exe
  C:\Windows\System\vibwnBw.exe
  2⤵
  PID:10656
- C:\Windows\System\UMmTXxM.exe
  C:\Windows\System\UMmTXxM.exe
  2⤵
  PID:10672
- C:\Windows\System\OmvKNpS.exe
  C:\Windows\System\OmvKNpS.exe
  2⤵
  PID:10688
- C:\Windows\System\DpdXVeZ.exe
  C:\Windows\System\DpdXVeZ.exe
  2⤵
  PID:10732
- C:\Windows\System\jKYSYnu.exe
  C:\Windows\System\jKYSYnu.exe
  2⤵
  PID:10776
- C:\Windows\System\NeyUJlN.exe
  C:\Windows\System\NeyUJlN.exe
  2⤵
  PID:10808
- C:\Windows\System\RkoHzPL.exe
  C:\Windows\System\RkoHzPL.exe
  2⤵
  PID:10836
- C:\Windows\System\UgMREiD.exe
  C:\Windows\System\UgMREiD.exe
  2⤵
  PID:10876
- C:\Windows\System\YHdxavu.exe
  C:\Windows\System\YHdxavu.exe
  2⤵
  PID:10904
- C:\Windows\System\eFvjoqh.exe
  C:\Windows\System\eFvjoqh.exe
  2⤵
  PID:10932
- C:\Windows\System\FbUpDsx.exe
  C:\Windows\System\FbUpDsx.exe
  2⤵
  PID:10960
- C:\Windows\System\zXpWhfD.exe
  C:\Windows\System\zXpWhfD.exe
  2⤵
  PID:10992
- C:\Windows\System\ftiJfdj.exe
  C:\Windows\System\ftiJfdj.exe
  2⤵
  PID:11028
- C:\Windows\System\GRhRCMK.exe
  C:\Windows\System\GRhRCMK.exe
  2⤵
  PID:11072
- C:\Windows\System\rDjWmzQ.exe
  C:\Windows\System\rDjWmzQ.exe
  2⤵
  PID:11100
- C:\Windows\System\EuWXxoh.exe
  C:\Windows\System\EuWXxoh.exe
  2⤵
  PID:11136
- C:\Windows\System\jRRTYfV.exe
  C:\Windows\System\jRRTYfV.exe
  2⤵
  PID:11152
- C:\Windows\System\FQXKvMy.exe
  C:\Windows\System\FQXKvMy.exe
  2⤵
  PID:10424
- C:\Windows\System\XVXMawf.exe
  C:\Windows\System\XVXMawf.exe
  2⤵
  PID:10452
- C:\Windows\System\eqLFILe.exe
  C:\Windows\System\eqLFILe.exe
  2⤵
  PID:7580
- C:\Windows\System\EWzEbge.exe
  C:\Windows\System\EWzEbge.exe
  2⤵
  PID:10540
- C:\Windows\System\IqZLxMW.exe
  C:\Windows\System\IqZLxMW.exe
  2⤵
  PID:10616
- C:\Windows\System\OgEnAnX.exe
  C:\Windows\System\OgEnAnX.exe
  2⤵
  PID:10668
- C:\Windows\System\lMYCANZ.exe
  C:\Windows\System\lMYCANZ.exe
  2⤵
  PID:10788
- C:\Windows\System\MIizmcd.exe
  C:\Windows\System\MIizmcd.exe
  2⤵
  PID:10824
- C:\Windows\System\NCefFSL.exe
  C:\Windows\System\NCefFSL.exe
  2⤵
  PID:10900
- C:\Windows\System\TFMBWLX.exe
  C:\Windows\System\TFMBWLX.exe
  2⤵
  PID:10972
- C:\Windows\System\WZxYELL.exe
  C:\Windows\System\WZxYELL.exe
  2⤵
  PID:11064
- C:\Windows\System\lJLLchT.exe
  C:\Windows\System\lJLLchT.exe
  2⤵
  PID:11132
- C:\Windows\System\WpqbbXy.exe
  C:\Windows\System\WpqbbXy.exe
  2⤵
  PID:11192
- C:\Windows\System\oyLnItr.exe
  C:\Windows\System\oyLnItr.exe
  2⤵
  PID:10428
- C:\Windows\System\qhpNtXS.exe
  C:\Windows\System\qhpNtXS.exe
  2⤵
  PID:10324
- C:\Windows\System\AuTetji.exe
  C:\Windows\System\AuTetji.exe
  2⤵
  PID:10008
- C:\Windows\System\SnBPzcU.exe
  C:\Windows\System\SnBPzcU.exe
  2⤵
  PID:11240
- C:\Windows\System\FIMAGcn.exe
  C:\Windows\System\FIMAGcn.exe
  2⤵
  PID:10396
- C:\Windows\System\BHYtAmL.exe
  C:\Windows\System\BHYtAmL.exe
  2⤵
  PID:8296
- C:\Windows\System\PcOPxDv.exe
  C:\Windows\System\PcOPxDv.exe
  2⤵
  PID:10664
- C:\Windows\System\GIgfJIu.exe
  C:\Windows\System\GIgfJIu.exe
  2⤵
  PID:10804
- C:\Windows\System\dXtwAMU.exe
  C:\Windows\System\dXtwAMU.exe
  2⤵
  PID:11004
- C:\Windows\System\ysxssEf.exe
  C:\Windows\System\ysxssEf.exe
  2⤵
  PID:11184
- C:\Windows\System\FDoNZaa.exe
  C:\Windows\System\FDoNZaa.exe
  2⤵
  PID:10268
- C:\Windows\System\uzHxzJV.exe
  C:\Windows\System\uzHxzJV.exe
  2⤵
  PID:11172
- C:\Windows\System\TPvTCAs.exe
  C:\Windows\System\TPvTCAs.exe
  2⤵
  PID:10820
- C:\Windows\System\YOyxusY.exe
  C:\Windows\System\YOyxusY.exe
  2⤵
  PID:11212
- C:\Windows\System\BpPUYJv.exe
  C:\Windows\System\BpPUYJv.exe
  2⤵
  PID:10800
- C:\Windows\System\nMcwqno.exe
  C:\Windows\System\nMcwqno.exe
  2⤵
  PID:10524
- C:\Windows\System\LWniIYa.exe
  C:\Windows\System\LWniIYa.exe
  2⤵
  PID:11280
- C:\Windows\System\ochKaun.exe
  C:\Windows\System\ochKaun.exe
  2⤵
  PID:11312
- C:\Windows\System\cVqHofA.exe
  C:\Windows\System\cVqHofA.exe
  2⤵
  PID:11340
- C:\Windows\System\fRAHqXQ.exe
  C:\Windows\System\fRAHqXQ.exe
  2⤵
  PID:11368
- C:\Windows\System\OGzVFbj.exe
  C:\Windows\System\OGzVFbj.exe
  2⤵
  PID:11396
- C:\Windows\System\NbcDmfe.exe
  C:\Windows\System\NbcDmfe.exe
  2⤵
  PID:11416
- C:\Windows\System\DoGYpMo.exe
  C:\Windows\System\DoGYpMo.exe
  2⤵
  PID:11460
- C:\Windows\System\RGhckKG.exe
  C:\Windows\System\RGhckKG.exe
  2⤵
  PID:11476
- C:\Windows\System\hoASOtz.exe
  C:\Windows\System\hoASOtz.exe
  2⤵
  PID:11520
- C:\Windows\System\eCpZcRy.exe
  C:\Windows\System\eCpZcRy.exe
  2⤵
  PID:11548
- C:\Windows\System\sNNRepB.exe
  C:\Windows\System\sNNRepB.exe
  2⤵
  PID:11576
- C:\Windows\System\LqcNIFG.exe
  C:\Windows\System\LqcNIFG.exe
  2⤵
  PID:11604
- C:\Windows\System\WgLtxzy.exe
  C:\Windows\System\WgLtxzy.exe
  2⤵
  PID:11632
- C:\Windows\System\QJHRoKS.exe
  C:\Windows\System\QJHRoKS.exe
  2⤵
  PID:11660
- C:\Windows\System\dTqEXwZ.exe
  C:\Windows\System\dTqEXwZ.exe
  2⤵
  PID:11688
- C:\Windows\System\EbQFaXr.exe
  C:\Windows\System\EbQFaXr.exe
  2⤵
  PID:11716
- C:\Windows\System\hbCujWc.exe
  C:\Windows\System\hbCujWc.exe
  2⤵
  PID:11744
- C:\Windows\System\HxrClMw.exe
  C:\Windows\System\HxrClMw.exe
  2⤵
  PID:11772
- C:\Windows\System\nDpMtUA.exe
  C:\Windows\System\nDpMtUA.exe
  2⤵
  PID:11800
- C:\Windows\System\gFmnsuL.exe
  C:\Windows\System\gFmnsuL.exe
  2⤵
  PID:11880
- C:\Windows\System\gvHYfrJ.exe
  C:\Windows\System\gvHYfrJ.exe
  2⤵
  PID:11908
- C:\Windows\System\EqvcjKJ.exe
  C:\Windows\System\EqvcjKJ.exe
  2⤵
  PID:11940
- C:\Windows\System\GuTvmpc.exe
  C:\Windows\System\GuTvmpc.exe
  2⤵
  PID:11972
- C:\Windows\System\foDwLho.exe
  C:\Windows\System\foDwLho.exe
  2⤵
  PID:12000
- C:\Windows\System\EGLJjjO.exe
  C:\Windows\System\EGLJjjO.exe
  2⤵
  PID:12028
- C:\Windows\System\OHNpODK.exe
  C:\Windows\System\OHNpODK.exe
  2⤵
  PID:12060
- C:\Windows\System\dRPXLZC.exe
  C:\Windows\System\dRPXLZC.exe
  2⤵
  PID:12088
- C:\Windows\System\cwUChOi.exe
  C:\Windows\System\cwUChOi.exe
  2⤵
  PID:12116
- C:\Windows\System\kCnBwzT.exe
  C:\Windows\System\kCnBwzT.exe
  2⤵
  PID:12148
- C:\Windows\System\YfDeiSO.exe
  C:\Windows\System\YfDeiSO.exe
  2⤵
  PID:12180
- C:\Windows\System\VaUoCxd.exe
  C:\Windows\System\VaUoCxd.exe
  2⤵
  PID:12208
- C:\Windows\System\FcngDib.exe
  C:\Windows\System\FcngDib.exe
  2⤵
  PID:12236
- C:\Windows\System\BcQgLLR.exe
  C:\Windows\System\BcQgLLR.exe
  2⤵
  PID:12264
- C:\Windows\System\jasWvrG.exe
  C:\Windows\System\jasWvrG.exe
  2⤵
  PID:11276
- C:\Windows\System\JXDZkzZ.exe
  C:\Windows\System\JXDZkzZ.exe
  2⤵
  PID:11352
- C:\Windows\System\gAEdYWe.exe
  C:\Windows\System\gAEdYWe.exe
  2⤵
  PID:11408
- C:\Windows\System\GxXarsC.exe
  C:\Windows\System\GxXarsC.exe
  2⤵
  PID:11484
- C:\Windows\System\PaWANYT.exe
  C:\Windows\System\PaWANYT.exe
  2⤵
  PID:11564
- C:\Windows\System\jkLOZmN.exe
  C:\Windows\System\jkLOZmN.exe
  2⤵
  PID:11628
- C:\Windows\System\tOtFSjm.exe
  C:\Windows\System\tOtFSjm.exe
  2⤵
  PID:11704
- C:\Windows\System\BtrYvQL.exe
  C:\Windows\System\BtrYvQL.exe
  2⤵
  PID:11740
- C:\Windows\System\CAgyVZw.exe
  C:\Windows\System\CAgyVZw.exe
  2⤵
  PID:11812
- C:\Windows\System\wBgoWfa.exe
  C:\Windows\System\wBgoWfa.exe
  2⤵
  PID:11840
- C:\Windows\System\lXJohHU.exe
  C:\Windows\System\lXJohHU.exe
  2⤵
  PID:11900
- C:\Windows\System\fExUaPw.exe
  C:\Windows\System\fExUaPw.exe
  2⤵
  PID:11928
- C:\Windows\System\LBofxBk.exe
  C:\Windows\System\LBofxBk.exe
  2⤵
  PID:12020
- C:\Windows\System\YcwRgtD.exe
  C:\Windows\System\YcwRgtD.exe
  2⤵
  PID:12084
- C:\Windows\System\EsUjbYf.exe
  C:\Windows\System\EsUjbYf.exe
  2⤵
  PID:12176
- C:\Windows\System\UFLSgGw.exe
  C:\Windows\System\UFLSgGw.exe
  2⤵
  PID:12232
- C:\Windows\System\kGrFnaY.exe
  C:\Windows\System\kGrFnaY.exe
  2⤵
  PID:11304
- C:\Windows\System\aQmXKgg.exe
  C:\Windows\System\aQmXKgg.exe
  2⤵
  PID:11448
- C:\Windows\System\izobVJo.exe
  C:\Windows\System\izobVJo.exe
  2⤵
  PID:11624
- C:\Windows\System\yLnZEJx.exe
  C:\Windows\System\yLnZEJx.exe
  2⤵
  PID:11792
- C:\Windows\System\ePWRriz.exe
  C:\Windows\System\ePWRriz.exe
  2⤵
  PID:11896
- C:\Windows\System\MJNxZOG.exe
  C:\Windows\System\MJNxZOG.exe
  2⤵
  PID:12040
- C:\Windows\System\FiXkFFh.exe
  C:\Windows\System\FiXkFFh.exe
  2⤵
  PID:12228
- C:\Windows\System\kIPyOQD.exe
  C:\Windows\System\kIPyOQD.exe
  2⤵
  PID:11468
- C:\Windows\System\TGPqiwQ.exe
  C:\Windows\System\TGPqiwQ.exe
  2⤵
  PID:11832
- C:\Windows\System\uBNyzgy.exe
  C:\Windows\System\uBNyzgy.exe
  2⤵
  PID:12144
- C:\Windows\System\GIJSnAX.exe
  C:\Windows\System\GIJSnAX.exe
  2⤵
  PID:11728
- C:\Windows\System\TmiUGkW.exe
  C:\Windows\System\TmiUGkW.exe
  2⤵
  PID:12112
- C:\Windows\System\YnpGpeh.exe
  C:\Windows\System\YnpGpeh.exe
  2⤵
  PID:12308
- C:\Windows\System\aoPivcL.exe
  C:\Windows\System\aoPivcL.exe
  2⤵
  PID:12336
- C:\Windows\System\SVHucQc.exe
  C:\Windows\System\SVHucQc.exe
  2⤵
  PID:12368
- C:\Windows\System\rZxVZGB.exe
  C:\Windows\System\rZxVZGB.exe
  2⤵
  PID:12396
- C:\Windows\System\IkbCKzZ.exe
  C:\Windows\System\IkbCKzZ.exe
  2⤵
  PID:12424
- C:\Windows\System\cMcSPEu.exe
  C:\Windows\System\cMcSPEu.exe
  2⤵
  PID:12456
- C:\Windows\System\XgHxAZc.exe
  C:\Windows\System\XgHxAZc.exe
  2⤵
  PID:12480
- C:\Windows\System\dAZPLPV.exe
  C:\Windows\System\dAZPLPV.exe
  2⤵
  PID:12508
- C:\Windows\System\RhmVxju.exe
  C:\Windows\System\RhmVxju.exe
  2⤵
  PID:12536
- C:\Windows\System\QyCfibx.exe
  C:\Windows\System\QyCfibx.exe
  2⤵
  PID:12564
- C:\Windows\System\oVKywvP.exe
  C:\Windows\System\oVKywvP.exe
  2⤵
  PID:12592
- C:\Windows\System\LTKyjiP.exe
  C:\Windows\System\LTKyjiP.exe
  2⤵
  PID:12620
- C:\Windows\System\lTXgCcn.exe
  C:\Windows\System\lTXgCcn.exe
  2⤵
  PID:12648
- C:\Windows\System\ExKBrYZ.exe
  C:\Windows\System\ExKBrYZ.exe
  2⤵
  PID:12676
- C:\Windows\System\pktsgoo.exe
  C:\Windows\System\pktsgoo.exe
  2⤵
  PID:12704
- C:\Windows\System\wLVlokk.exe
  C:\Windows\System\wLVlokk.exe
  2⤵
  PID:12732
- C:\Windows\System\QGviseB.exe
  C:\Windows\System\QGviseB.exe
  2⤵
  PID:12760
- C:\Windows\System\bIshPMM.exe
  C:\Windows\System\bIshPMM.exe
  2⤵
  PID:12788
- C:\Windows\System\dQfcGSP.exe
  C:\Windows\System\dQfcGSP.exe
  2⤵
  PID:12816
- C:\Windows\System\gvmLDQz.exe
  C:\Windows\System\gvmLDQz.exe
  2⤵
  PID:12844
- C:\Windows\System\uaGmWsb.exe
  C:\Windows\System\uaGmWsb.exe
  2⤵
  PID:12872
- C:\Windows\System\nKWHNLo.exe
  C:\Windows\System\nKWHNLo.exe
  2⤵
  PID:12900
- C:\Windows\System\IwcXwPC.exe
  C:\Windows\System\IwcXwPC.exe
  2⤵
  PID:12928
- C:\Windows\System\zPrkmDy.exe
  C:\Windows\System\zPrkmDy.exe
  2⤵
  PID:12960
- C:\Windows\System\amkffZZ.exe
  C:\Windows\System\amkffZZ.exe
  2⤵
  PID:12988
- C:\Windows\System\VbKeICo.exe
  C:\Windows\System\VbKeICo.exe
  2⤵
  PID:13016
- C:\Windows\System\EqKOVnB.exe
  C:\Windows\System\EqKOVnB.exe
  2⤵
  PID:13044
- C:\Windows\System\wSkOtuF.exe
  C:\Windows\System\wSkOtuF.exe
  2⤵
  PID:13072
- C:\Windows\System\CPAOFvm.exe
  C:\Windows\System\CPAOFvm.exe
  2⤵
  PID:13100
- C:\Windows\System\WWTcWnh.exe
  C:\Windows\System\WWTcWnh.exe
  2⤵
  PID:13128
- C:\Windows\System\LmKUJri.exe
  C:\Windows\System\LmKUJri.exe
  2⤵
  PID:13156
- C:\Windows\System\ZChiPEe.exe
  C:\Windows\System\ZChiPEe.exe
  2⤵
  PID:13184
- C:\Windows\System\SFGURCF.exe
  C:\Windows\System\SFGURCF.exe
  2⤵
  PID:13212
- C:\Windows\System\afHZZTA.exe
  C:\Windows\System\afHZZTA.exe
  2⤵
  PID:13240
- C:\Windows\System\fTZsMax.exe
  C:\Windows\System\fTZsMax.exe
  2⤵
  PID:13268
- C:\Windows\System\oEedXbu.exe
  C:\Windows\System\oEedXbu.exe
  2⤵
  PID:13296
- C:\Windows\System\kaJKZtk.exe
  C:\Windows\System\kaJKZtk.exe
  2⤵
  PID:12304
- C:\Windows\System\XQiynWR.exe
  C:\Windows\System\XQiynWR.exe
  2⤵
  PID:12388
- C:\Windows\System\XVqgPoa.exe
  C:\Windows\System\XVqgPoa.exe
  2⤵
  PID:12444
- C:\Windows\System\FyPuNrE.exe
  C:\Windows\System\FyPuNrE.exe
  2⤵
  PID:12500
- C:\Windows\System\MEfaxsg.exe
  C:\Windows\System\MEfaxsg.exe
  2⤵
  PID:12560
- C:\Windows\System\ZyLmnGO.exe
  C:\Windows\System\ZyLmnGO.exe
  2⤵
  PID:12632
- C:\Windows\System\WVWLtJw.exe
  C:\Windows\System\WVWLtJw.exe
  2⤵
  PID:12700
- C:\Windows\System\EAJbCQj.exe
  C:\Windows\System\EAJbCQj.exe
  2⤵
  PID:12756
- C:\Windows\System\xTDkTvF.exe
  C:\Windows\System\xTDkTvF.exe
  2⤵
  PID:12828
- C:\Windows\System\YFkjleK.exe
  C:\Windows\System\YFkjleK.exe
  2⤵
  PID:12884
- C:\Windows\System\SurMUYb.exe
  C:\Windows\System\SurMUYb.exe
  2⤵
  PID:12952
- C:\Windows\System\KrWYuFH.exe
  C:\Windows\System\KrWYuFH.exe
  2⤵
  PID:13032
- C:\Windows\System\lrRpJfB.exe
  C:\Windows\System\lrRpJfB.exe
  2⤵
  PID:13092
- C:\Windows\System\FfQcQUl.exe
  C:\Windows\System\FfQcQUl.exe
  2⤵
  PID:13148
- C:\Windows\System\EfNjgay.exe
  C:\Windows\System\EfNjgay.exe
  2⤵
  PID:13228
- C:\Windows\System\xahBLCo.exe
  C:\Windows\System\xahBLCo.exe
  2⤵
  PID:13284
- C:\Windows\System\BwWmJrg.exe
  C:\Windows\System\BwWmJrg.exe
  2⤵
  PID:12364
- C:\Windows\System\RoPYVqO.exe
  C:\Windows\System\RoPYVqO.exe
  2⤵
  PID:712
- C:\Windows\System\vZhSjqz.exe
  C:\Windows\System\vZhSjqz.exe
  2⤵
  PID:1896
- C:\Windows\System\YVUATRF.exe
  C:\Windows\System\YVUATRF.exe
  2⤵
  PID:12660
- C:\Windows\System\gqBMNFW.exe
  C:\Windows\System\gqBMNFW.exe
  2⤵
  PID:12808
- C:\Windows\System\oGMUmQO.exe
  C:\Windows\System\oGMUmQO.exe
  2⤵
  PID:12888
- C:\Windows\System\jMDSqQO.exe
  C:\Windows\System\jMDSqQO.exe
  2⤵
  PID:13064
- C:\Windows\System\YTGiGfK.exe
  C:\Windows\System\YTGiGfK.exe
  2⤵
  PID:12344
- C:\Windows\System\TjNKmXz.exe
  C:\Windows\System\TjNKmXz.exe
  2⤵
  PID:1204
- C:\Windows\System\rwIHcal.exe
  C:\Windows\System\rwIHcal.exe
  2⤵
  PID:12752
- C:\Windows\System\uSoVTrJ.exe
  C:\Windows\System\uSoVTrJ.exe
  2⤵
  PID:13180
- C:\Windows\System\OGolOSe.exe
  C:\Windows\System\OGolOSe.exe
  2⤵
  PID:12616
- C:\Windows\System\YOFynkq.exe
  C:\Windows\System\YOFynkq.exe
  2⤵
  PID:13252
- C:\Windows\System\irXJrCy.exe
  C:\Windows\System\irXJrCy.exe
  2⤵
  PID:13320
- C:\Windows\System\buLAZjV.exe
  C:\Windows\System\buLAZjV.exe
  2⤵
  PID:13348
- C:\Windows\System\gSwbglE.exe
  C:\Windows\System\gSwbglE.exe
  2⤵
  PID:13376
- C:\Windows\System\TRAybFg.exe
  C:\Windows\System\TRAybFg.exe
  2⤵
  PID:13404
- C:\Windows\System\xGlBZdA.exe
  C:\Windows\System\xGlBZdA.exe
  2⤵
  PID:13432
- C:\Windows\System\TEYfpjo.exe
  C:\Windows\System\TEYfpjo.exe
  2⤵
  PID:13460
- C:\Windows\System\aTrVdNl.exe
  C:\Windows\System\aTrVdNl.exe
  2⤵
  PID:13488
- C:\Windows\System\eqlnaUf.exe
  C:\Windows\System\eqlnaUf.exe
  2⤵
  PID:13516
- C:\Windows\System\DYSDqJH.exe
  C:\Windows\System\DYSDqJH.exe
  2⤵
  PID:13544
- C:\Windows\System\GJatFtB.exe
  C:\Windows\System\GJatFtB.exe
  2⤵
  PID:13572
- C:\Windows\System\eJmGXjL.exe
  C:\Windows\System\eJmGXjL.exe
  2⤵
  PID:13600
- C:\Windows\System\IRhEFVL.exe
  C:\Windows\System\IRhEFVL.exe
  2⤵
  PID:13628
- C:\Windows\System\YAlZXvt.exe
  C:\Windows\System\YAlZXvt.exe
  2⤵
  PID:13656
- C:\Windows\System\wwXBtLS.exe
  C:\Windows\System\wwXBtLS.exe
  2⤵
  PID:13684
- C:\Windows\System\khFaOTE.exe
  C:\Windows\System\khFaOTE.exe
  2⤵
  PID:13712
- C:\Windows\System\IxFWTmQ.exe
  C:\Windows\System\IxFWTmQ.exe
  2⤵
  PID:13748
- C:\Windows\System\odmuzBd.exe
  C:\Windows\System\odmuzBd.exe
  2⤵
  PID:13764
- C:\Windows\System\xxaHfsU.exe
  C:\Windows\System\xxaHfsU.exe
  2⤵
  PID:13808
- C:\Windows\System\LSdHcTl.exe
  C:\Windows\System\LSdHcTl.exe
  2⤵
  PID:13836
- C:\Windows\System\JjkoCSD.exe
  C:\Windows\System\JjkoCSD.exe
  2⤵
  PID:13864
- C:\Windows\System\EnfWMTX.exe
  C:\Windows\System\EnfWMTX.exe
  2⤵
  PID:13892
- C:\Windows\System\yprFOER.exe
  C:\Windows\System\yprFOER.exe
  2⤵
  PID:13920
- C:\Windows\System\xsfxlVJ.exe
  C:\Windows\System\xsfxlVJ.exe
  2⤵
  PID:13948
- C:\Windows\System\sjqqOFE.exe
  C:\Windows\System\sjqqOFE.exe
  2⤵
  PID:13976
- C:\Windows\System\ecxhLwl.exe
  C:\Windows\System\ecxhLwl.exe
  2⤵
  PID:14004
- C:\Windows\System\rxuoIPv.exe
  C:\Windows\System\rxuoIPv.exe
  2⤵
  PID:14032
- C:\Windows\System\kwSaDOk.exe
  C:\Windows\System\kwSaDOk.exe
  2⤵
  PID:14060
- C:\Windows\System\RXUNdkY.exe
  C:\Windows\System\RXUNdkY.exe
  2⤵
  PID:14088
- C:\Windows\System\HZoDohg.exe
  C:\Windows\System\HZoDohg.exe
  2⤵
  PID:14116
- C:\Windows\System\uxOlsMB.exe
  C:\Windows\System\uxOlsMB.exe
  2⤵
  PID:14144
- C:\Windows\System\hqfwJbL.exe
  C:\Windows\System\hqfwJbL.exe
  2⤵
  PID:14172
- C:\Windows\System\hWLKuuM.exe
  C:\Windows\System\hWLKuuM.exe
  2⤵
  PID:14204
- C:\Windows\System\GZYbBPl.exe
  C:\Windows\System\GZYbBPl.exe
  2⤵
  PID:14232
- C:\Windows\System\LGquvMt.exe
  C:\Windows\System\LGquvMt.exe
  2⤵
  PID:14260
- C:\Windows\System\jGSwRfS.exe
  C:\Windows\System\jGSwRfS.exe
  2⤵
  PID:14292
- C:\Windows\System\cnafIow.exe
  C:\Windows\System\cnafIow.exe
  2⤵
  PID:14320
- C:\Windows\System\qrbWoBk.exe
  C:\Windows\System\qrbWoBk.exe
  2⤵
  PID:12956
- C:\Windows\System\AJppdCi.exe
  C:\Windows\System\AJppdCi.exe
  2⤵
  PID:13420
- C:\Windows\System\qfObHsv.exe
  C:\Windows\System\qfObHsv.exe
  2⤵
  PID:13480
- C:\Windows\System\tIhcERU.exe
  C:\Windows\System\tIhcERU.exe
  2⤵
  PID:13540
- C:\Windows\System\KozXqMZ.exe
  C:\Windows\System\KozXqMZ.exe
  2⤵
  PID:13616
- C:\Windows\System\NwSjcUv.exe
  C:\Windows\System\NwSjcUv.exe
  2⤵
  PID:13676
- C:\Windows\System\TQwaDxa.exe
  C:\Windows\System\TQwaDxa.exe
  2⤵
  PID:13736
- C:\Windows\System\OPDCCfH.exe
  C:\Windows\System\OPDCCfH.exe
  2⤵
  PID:13820
- C:\Windows\System\dGKCuam.exe
  C:\Windows\System\dGKCuam.exe
  2⤵
  PID:13884
- C:\Windows\System\vDqHZVH.exe
  C:\Windows\System\vDqHZVH.exe
  2⤵
  PID:13944
- C:\Windows\System\TqjuvyT.exe
  C:\Windows\System\TqjuvyT.exe
  2⤵
  PID:14048
- C:\Windows\System\UjDDHZZ.exe
  C:\Windows\System\UjDDHZZ.exe
  2⤵
  PID:14128
- C:\Windows\System\xmwcRMI.exe
  C:\Windows\System\xmwcRMI.exe
  2⤵
  PID:14196
- C:\Windows\System\vKWRNnS.exe
  C:\Windows\System\vKWRNnS.exe
  2⤵
  PID:14256
- C:\Windows\System\GmgSoiw.exe
  C:\Windows\System\GmgSoiw.exe
  2⤵
  PID:13340

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AWDcpsq.exe

Filesize
2.5MB

MD5
f29c5538f76bcd5c7234e29afb8123fe

SHA1
30c5165b7712de1b7cfd5daf518cd69117ecf0af

SHA256
df718280e76d27e7fda469440fefd9582112d74984e48024a194717a6cc2ca5a

SHA512
5979b5ce55aa84d249194749f4116ed1b28b8c8c1bf68d27e1d453ba9b7d1ee7eeff068584553ea22f0224d3b0dc43f8853c801a35bf3b3851e5e00f10d019ad

Download Submit
C:\Windows\System\ApxNWdK.exe

Filesize
2.5MB

MD5
372af01dc0c1619dec97b1eb2b2a77b5

SHA1
55264bd03e36c35a0849d2e81587ee0d246da1c6

SHA256
64088e585550a231f28e1c515ee098c40112bc687943cd33430760810b6e5a36

SHA512
7f16f099bc269e48e30fea91356648913f766ee8d79bc0b37cb4a1613161e31f1adf7b92cf1b8de8d90eab8c0a362aa7da4ab40034f5b768e8d2bbff5dd62d7c

Download Submit
C:\Windows\System\CmYJfCL.exe

Filesize
2.5MB

MD5
87ea99aa2acab564c695a8a4791536bc

SHA1
f047c90709516f8cfc7679f8bc872c025f4824fc

SHA256
e73f035227101a03bd67dfd35c54a1429ca81157b9b2edf236da195fec1263e6

SHA512
ec5fdaf093363f8ad053576ebc948304245bbf72eee888ab69c176700a8bc9412202deec66383b93c21691925a039b1fa5b5c9742e166d13052ade93eea937fb

Download Submit
C:\Windows\System\DIOMkhC.exe

Filesize
2.5MB

MD5
cb42d89d0ff7358704fcf976b3b3945b

SHA1
0261457d18437e60cc5a736686b7f220b2301b44

SHA256
9a468dc9538153c56a0277da6cf12f20d6f56f9f40e43419b36e5d1486a2b4ef

SHA512
05e37ffb67a582e4e431a776cc0f6c4239044dea0415cf2387aee54ed7a469676a3cf8407ea9dcb0f1b92b9a6fb7f24b2585ee88eba918529c9d4076e2f5be9f

Download Submit
C:\Windows\System\GqPSRaF.exe

Filesize
2.5MB

MD5
1d3b8afd59d8149bec8aa762a2aea654

SHA1
b8bc188160473d06e73d81e1ca43d3da5663ed54

SHA256
7a9fecf527ae4831a826865b3e1936a89376291af50ba4200e15aa58a6862d2f

SHA512
c625f24a6bf7f88853ad5b80bc784cca348b231569e77b42cb10cc83254d30b9a2bc8f7b0fceb4d94e9374ee37d206871189cfbc75d5265c06ae2371a23abad4

Download Submit
C:\Windows\System\GsyamNm.exe

Filesize
2.5MB

MD5
e48f5b31115c0e409655465bcaaffcee

SHA1
66e08d8c2883d853f67672d73c41665b216a980d

SHA256
ac1cb692c0dfc6e367a28ce1ca158ab54773359bcd118514a5b3d957279f05b2

SHA512
db6b19bc44fa01461bfd175621d9f85be29e43d31ca1ec3237be36022d9ec17710714d18e21c4bd6510d5d41516007884c0b86df221761bbf6972712d0eb7aee

Download Submit
C:\Windows\System\JEizfdf.exe

Filesize
2.5MB

MD5
ad1e4f5f83adc598b3eee76622daf2ae

SHA1
8a39e52288a0ebc324385259bb878c89d2179a30

SHA256
97467cbd2f74aaa1e2d230e3384bb9cea37e71487e6f921907dda877f8aa388b

SHA512
237e075956fb25e73dac911e33506e36fde336fa1e9a708018d241a315f16ad551e894f9522769cd58672de9f84862e4f9a8c89d9996ba6067d0f90db1aab6d8

Download Submit
C:\Windows\System\KMgyovb.exe

Filesize
2.5MB

MD5
85dfef8a2213b06a532eed8aa3a5a862

SHA1
e5bbe5e5163d15916b3f9dea8276b998494a2b7f

SHA256
ca74dd1128fb9a89d0b74f7bdc4f4ac22dc2921e2550d36cff68ba91ea6f6139

SHA512
6bea38ee1dbe59edabcb27de304a3aaeb4d79fba8f32b5adae9f0048e93f96d4f2387e3ba93b6345094cd386c9684318d7d0be4a9aa97bb0f774fa77c5f7e49e

Download Submit
C:\Windows\System\KULLpnt.exe

Filesize
2.5MB

MD5
b9e6782d2a7e752712c70bb43bd543d9

SHA1
cde7281add4eb5940ef4678bcced5f08b5950b7d

SHA256
b451bbf67167e769846121173cb4e0f78ce42a736971a0f528f37ead7bd0935f

SHA512
8cfe0fcdbcd4abadc5973dc3e9733e58e3b89f7070da3215969421bb64245913806e2d8403e9f1ef8055cf5973bea4b4f47974cec90ab0690953db496044d438

Download Submit
C:\Windows\System\OAfadwl.exe

Filesize
2.5MB

MD5
53806eee0422b41683f84d88b964c16a

SHA1
7b4182ca6f908fb32eabc7065e14e6844f5a89ba

SHA256
ea58c4859bccfaaa6d93e7a5db3e9eed07504bcb0841ce0baed73b91c9a0dfc5

SHA512
93274a4cc6115fe604a65a52befc5440c72e79ed405cdf45bd4e413efc2b03e8f144033fe477db8c4f4591fe83c1993bb776eb4441e9611765b79153845e5801

Download Submit
C:\Windows\System\QLQpzkH.exe

Filesize
2.5MB

MD5
00ad6e78611fbca7324258513614f023

SHA1
3d6fb567110d3f40df0c0d94b3fa95f69e4fec61

SHA256
5bc3fa18eb513429f35a2ec9d0074b4e110df4ad5fb3a6d167dfd5eb7333b2ff

SHA512
09a3a5d73a2b07f96331f09d9652f020418b2e9ba8454750f63a2f8aa93658c616b7330bcd227cb9353a2a8efc52569751e310e817d3cfef6f60f526a9b5dd18

Download Submit
C:\Windows\System\QbEWDIj.exe

Filesize
2.5MB

MD5
9ce2c66ba1d2dd57ee945f7076c35b40

SHA1
59fae3aa17b8e56251804fa59da52a565753f878

SHA256
a975ecef91df71e2e43f45edba73c5f3dcfa2859783b6ca15561dc62d2eba5e5

SHA512
4f4687f2b1161df397600032887cff3403d7b05e0146cccd794ef22540f8d456c80aa91db5d569a07348a9e6731871d09341fa8d4f1e5916f1928d785258912b

Download Submit
C:\Windows\System\Ttydglm.exe

Filesize
2.5MB

MD5
3239d4d7d8f9ed3feed602a95a18a014

SHA1
b4357d7477ef7a77103a8b5d028ecf8b6ec3e20a

SHA256
729ac32e718d46a6c4c3dadebc66b85dca8a1013e5c4e86ea4a30493985cceab

SHA512
b4dc86b403382426b0426b95a53bd62f8cbf46f4afa3b0f9f04890b1908599d4a8150255dedcda656d67fc3d797463b87c00abc7324069c5b867406ba3792aec

Download Submit
C:\Windows\System\UcfRZBd.exe

Filesize
2.5MB

MD5
43a2a92a7ad78159be69a261961a4c0f

SHA1
8c1e559d6a4d727db05c74ff05eb7cf304d98c3e

SHA256
8f979f4b3b8611050192512e83289f5e33005def87fc2e74c23cea34bbf3a9fb

SHA512
60458e63013681224a4d9f591b274e2508a1ddf29256ea987b4dfa7ae47e1f9021822138bb4e556e33dab5c4ddf55fe1cf3623ab7f77359ad78ccfd4b4105c32

Download Submit
C:\Windows\System\VXhSFuO.exe

Filesize
2.5MB

MD5
18d5df06b28746d98577bc4cc840d127

SHA1
76f4fba1cb38e78f0dcce31d208aeb79cd26081c

SHA256
2412deaa3e586891264ac7fcbbacb18b000a64db7b4a5efba0384b635e230675

SHA512
09109cfcb651a8eac3dd527d20a2b325265f1f2abb01147fe3b8f2e21bcd4a4e82752de63b06ffacce60d802aa581fcd431cbe197bba35a9ababcd85c518e5cc

Download Submit
C:\Windows\System\YKRhfKf.exe

Filesize
2.5MB

MD5
77b3933f7952ff05106a9e0d98ef5e72

SHA1
01ba032deb68bce5d9c8bb8d8347fe702896af56

SHA256
49afd83fa41a4007188f841136c9b84b7bebc28b63d66c3f60de9fcdb8acf998

SHA512
5513d415f84e5e2dbb2981f3bfe61ff3f07c545c96b4e5654307fa8a389e9c9d37b0a24b7eb6796896fe4fc74bf9e0898901b2377ed9d576601b71af9521b3cf

Download Submit
C:\Windows\System\ZQpvCOM.exe

Filesize
2.5MB

MD5
27fae5b7ba776e7ea3ea68b04b6fe950

SHA1
1ea0bfad908e034026ab777c129724031d42ed62

SHA256
e67b46ee09f69b2930c075acc71d3f5bdd53b0fbade960eb1d1726e0a679dc28

SHA512
0c5085c1a881431fe9c6d04959c8b58be1dc555db5dc22a82003b5c436214168335ff348817ca0c016424e9b50d73e25988f09b1ca8d7a157ed260a7e807ce23

Download Submit
C:\Windows\System\ZULmSSL.exe

Filesize
2.5MB

MD5
d3c7750fcc35b00dba3aebca3f5b9073

SHA1
ec06b3a55ec0e9e24e7e3004381cab9f804604b9

SHA256
41865ed2cdc1f05f4e0a68d713c3291de28d5c8a7ce912c1be799a4a6789c0fb

SHA512
f92bd111cb146cec12f11050734f00aaf13dfdc3009e9b338d85943f689f88a82476fba76a3cfdb3fe5e9fa394132e65be3a65acbc711830826345f338908de4

Download Submit
C:\Windows\System\ZlbUerd.exe

Filesize
2.5MB

MD5
dafc892e3bdb9542d3585b48624a9007

SHA1
79346e4ad3e990f61e47f81dcc7414b615ad9053

SHA256
6ddadd9595de2edd562fe9be39b1666214c438ff4dfb3c3caa47c746b75a4a53

SHA512
4d9623a437e61e683f56b07ce6004fc98d427d9d9af9eb3e2e4f3d86c328e1c885154f28cb646d7aca78e677989bc018359c9787d02f7aa5344402184208cb8d

Download Submit
C:\Windows\System\agZgejO.exe

Filesize
2.5MB

MD5
9a716614b77fad32c569022a1d637248

SHA1
154236d6721a93bf195c303fb5fb786c3d00f8a0

SHA256
0d9f24ed22b4d04724dfe74516c7b0ab8adcdd1e994754e3a41bad5b83128b3e

SHA512
f7ca074e48d8de69dc4dd6b1ba9fa7c30beba11129555aaf79457261eb52559ab230dbbf7608e04f19de8c65513a704371eb34934baedba4e83fa1343f5677b0

Download Submit
C:\Windows\System\anNZQJE.exe

Filesize
2.5MB

MD5
29cdf0e090556d94c5962157a27d9edb

SHA1
91ad23783b862079aefb3d9febd25ebe8cb5283b

SHA256
4144532a93fc622946767dc0be04a95710198a0d0776441563092eb05e83eb10

SHA512
15ce11168c766553a22f0b7a93cf201d92a1afbf856cdc268317f97e534b6bd7a663c14ba4019791f2d261e27810fd441ad0342e71c8a2bfda244cf8c4faefcc

Download Submit
C:\Windows\System\arrOnsG.exe

Filesize
2.5MB

MD5
b24f002b9d5aa14d22054c4bd006a2fb

SHA1
9cf3fdd5c0a9889cf360bffedd8d5ef9a5d7ed36

SHA256
ecca2f1e3da8d9211b69aadf765ad877223c3fc6cfd4951cd284dacf500de6d5

SHA512
4f85b888c87e36b5d29f7398096da86280b6030367f27a090585132f3abb8adda5ea51d01e7fac139cf0204cb1d4357f2b28dca746603d9f83b918a4dea63b4e

Download Submit
C:\Windows\System\dkZbkmn.exe

Filesize
2.5MB

MD5
d13ddd5dac8fb6ccf1b4f31e3860b33f

SHA1
aeb1c7935748b80bc8562bc87a095a830d98e65b

SHA256
7c8f19aecdc77995efb59a2fbcec3f5ec63358e4c4f53f2605c4e978cafd2e03

SHA512
5aad9736998dd69830b570ff6ecb503e70b3d21eae7a6c44f18e0d2b92be7eaa9346c0f1593a77446c6bb1fbf052b3a369147d127f87a0ee504abd9f791bbd85

Download Submit
C:\Windows\System\dwHfqvG.exe

Filesize
2.5MB

MD5
64a4334d6eb8b63c9b598424c83cb039

SHA1
6b67f513c8f1461db4c97a8443a265abec2047f0

SHA256
80e2d8ce47440a7a19569fc28ab8caa8416d5702c21af199064df09eb8a4f274

SHA512
e45ac43c498e8b0c3552d9e58c03c9cb68a48e299c9001b8e94844fae27a68eeeea523a9f09ab48ddce6dc8b1963a547df5bd73fd73a8f11de9e537db0aa9c0a

Download Submit
C:\Windows\System\iWsqsnD.exe

Filesize
2.5MB

MD5
9092dc2771b6d75502e73c39c818c760

SHA1
fe68572619a34319ef755ad323869468576e3388

SHA256
affe779044f1535f216378a99c14a5e812df60a3d2dccaef2987a68ab2918367

SHA512
922a45dbfea91b5adf7655ee76e29bc18c7d144d4c35220cf2b97bfba07811295fdec0b4c59a87b74438e53267aa883e4791a448c01c8120679226bad7f1a73a

Download Submit
C:\Windows\System\iaFDXlB.exe

Filesize
2.5MB

MD5
32f37b7e1814cf05dfacb42488e00179

SHA1
7b8a0330efadf258ea3fb0ecffb5cdf89e5b1788

SHA256
149169b317ddb83d0e3c1744e7999fedaa92762a2c8d4880ea4bd487e3ea8e98

SHA512
2e9b5b7b4c6b41e28fdbd7532037ce5328bfdb445b7a92d789190f8fa102cdacf52b128453c567d3d9d8ebf21d16f237d6c5839698aacc041db6f73994caee87

Download Submit
C:\Windows\System\jzwgfFn.exe

Filesize
2.5MB

MD5
b8c79f0f5fe63086a2ee24dbdc4c3099

SHA1
20481c44c0f3735340102647e88631ec162dd2b9

SHA256
cdc6d2714e3865e754f9b5a2dc3b2b522338b872422860408026f35ecb8dcfd8

SHA512
ed6062985b4438367493969d7276d657378cc35bd24d451f02db143c915240733c212fbc3eba7ca0deca912314baeb2d13b8f46d28cfc2a30160657cdabf9013

Download Submit
C:\Windows\System\qBvThPi.exe

Filesize
2.5MB

MD5
9a26bd9bcab9c4267ba76f08ee1ee04e

SHA1
702cdc360db0eb09a74cfb0942722dfe6de52001

SHA256
c609ff51806a0a3accdf2ec48f6aa1a1408289b12edee6d21bcffc36d4d5c1b5

SHA512
ce1c6fc95471d1abea8c10f84c9d1e32f47a50bb0f26ec82a287c855e8908538f1e13324ab1490dfd9790a11e720cc633990d3168a615ffd9f95c3251696881e

Download Submit
C:\Windows\System\sDQcAIe.exe

Filesize
2.5MB

MD5
92a8b53b275d895db04cf7222aaaf622

SHA1
fd010b853a5794bada05727e7589fdef880497e5

SHA256
27bb50c421bc605f70a898e6bee329a260fc9e1ab02c6a3c08ab6e4887f6547a

SHA512
5c4dc616f0dbc05635b5f236227e880fb2607f3ccb9bfcb7f0d788b0f5cc54c00070a2b1ca670f3f1f9386b4e3c4f9a69c591e45377d2f845c07dd903e585dc0

Download Submit
C:\Windows\System\tDVaolm.exe

Filesize
2.5MB

MD5
2c6e0406f02e9762072229768260b914

SHA1
76bb20f115348d6301d0b88ef5f0336f54262a7a

SHA256
a341607cedc483af21228b49a6dcbcbee16062cd89e13834ce44e7827831b6b2

SHA512
f191e6a7cc83b43949f1ffbab52f23299f33ed568f40bdebf7424842b6d5d6db545a8bd4ca30eeddd8c224539e90c42fee8222b5154541d63bcdfbcce9976183

Download Submit
C:\Windows\System\voQsUVs.exe

Filesize
2.5MB

MD5
6507e40759c1769ec361d00ac0221605

SHA1
f78cec78225d29569f926016031f2f11d94c1291

SHA256
c12d6726a720065d417f19bfdf50e105c3078bab060a88e60d743b8240d55eef

SHA512
5902c1177fe2192adb1e0be67d9979c6d11d54ff4711741afa594fbe7a94cdff9ab179d1fe7b26a526a8206cdfcd910e1411af73375951e44c9b88b65b7658ba

Download Submit
C:\Windows\System\ynGXcoE.exe

Filesize
2.5MB

MD5
7eb28fc5f50cff2c38592bbb9c89de92

SHA1
07b6be569d46f433d77bec0a0f23fb554346ed65

SHA256
3f1b4cdb6a95f2f511f4775fde20cf3c9f1157f2d2f189a1c573d3ae96523621

SHA512
15bd8992d2d781b8bfce2dccda56154de7863478173ef279f86e81b5ef97eae3d06edb0b78625f51729a8aca2f2399f141410d91d42d81e6fafb58926e525593

Download Submit
C:\Windows\System\zgmFGjS.exe

Filesize
2.5MB

MD5
ebe77777b5aaec498b91d49f939d078b

SHA1
675fa33651fb634313b882df17dfc6acb141a2d9

SHA256
667d4eb157e528723fe083504df47d41d06cbda8260c3df7874878002fa795c8

SHA512
5b93f583557fb1ec22308d73bddefe5684ec67d670a358f2c406bcf08cb74ae6f6cc0a8bbb1e28129845aa7a515274f6a7a72ee27b71b7252ce355b3a3de9b06

Download Submit
memory/232-2137-0x00007FF62C770000-0x00007FF62CAC4000-memory.dmp

Filesize
3.3MB

Download
memory/232-665-0x00007FF62C770000-0x00007FF62CAC4000-memory.dmp

Filesize
3.3MB

Download
memory/380-2133-0x00007FF75E480000-0x00007FF75E7D4000-memory.dmp

Filesize
3.3MB

Download
memory/380-22-0x00007FF75E480000-0x00007FF75E7D4000-memory.dmp

Filesize
3.3MB

Download
memory/380-2128-0x00007FF75E480000-0x00007FF75E7D4000-memory.dmp

Filesize
3.3MB

Download
memory/452-709-0x00007FF7D7870000-0x00007FF7D7BC4000-memory.dmp

Filesize
3.3MB

Download
memory/452-2149-0x00007FF7D7870000-0x00007FF7D7BC4000-memory.dmp

Filesize
3.3MB

Download
memory/544-678-0x00007FF62F150000-0x00007FF62F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/544-2144-0x00007FF62F150000-0x00007FF62F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/968-717-0x00007FF7E0C10000-0x00007FF7E0F64000-memory.dmp

Filesize
3.3MB

Download
memory/968-2152-0x00007FF7E0C10000-0x00007FF7E0F64000-memory.dmp

Filesize
3.3MB

Download
memory/1064-2145-0x00007FF6D3B10000-0x00007FF6D3E64000-memory.dmp

Filesize
3.3MB

Download
memory/1064-687-0x00007FF6D3B10000-0x00007FF6D3E64000-memory.dmp

Filesize
3.3MB

Download
memory/1196-2159-0x00007FF73D3F0000-0x00007FF73D744000-memory.dmp

Filesize
3.3MB

Download
memory/1196-691-0x00007FF73D3F0000-0x00007FF73D744000-memory.dmp

Filesize
3.3MB

Download
memory/1652-699-0x00007FF61B580000-0x00007FF61B8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2147-0x00007FF61B580000-0x00007FF61B8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-670-0x00007FF780140000-0x00007FF780494000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2141-0x00007FF780140000-0x00007FF780494000-memory.dmp

Filesize
3.3MB

Download
memory/2276-727-0x00007FF6B52F0000-0x00007FF6B5644000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2154-0x00007FF6B52F0000-0x00007FF6B5644000-memory.dmp

Filesize
3.3MB

Download
memory/2468-662-0x00007FF623A80000-0x00007FF623DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-2139-0x00007FF623A80000-0x00007FF623DD4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-0-0x00007FF761820000-0x00007FF761B74000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1-0x000002A554650000-0x000002A554660000-memory.dmp

Filesize
64KB

Download
memory/3032-2158-0x00007FF68DAA0000-0x00007FF68DDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-689-0x00007FF68DAA0000-0x00007FF68DDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-26-0x00007FF6D6820000-0x00007FF6D6B74000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2134-0x00007FF6D6820000-0x00007FF6D6B74000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2129-0x00007FF6D6820000-0x00007FF6D6B74000-memory.dmp

Filesize
3.3MB

Download
memory/3116-673-0x00007FF623530000-0x00007FF623884000-memory.dmp

Filesize
3.3MB

Download
memory/3116-2136-0x00007FF623530000-0x00007FF623884000-memory.dmp

Filesize
3.3MB

Download
memory/3184-32-0x00007FF6EB930000-0x00007FF6EBC84000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2135-0x00007FF6EB930000-0x00007FF6EBC84000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2130-0x00007FF6EB930000-0x00007FF6EBC84000-memory.dmp

Filesize
3.3MB

Download
memory/3224-661-0x00007FF79E4A0000-0x00007FF79E7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3224-2138-0x00007FF79E4A0000-0x00007FF79E7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3288-660-0x00007FF752B40000-0x00007FF752E94000-memory.dmp

Filesize
3.3MB

Download
memory/3288-2140-0x00007FF752B40000-0x00007FF752E94000-memory.dmp

Filesize
3.3MB

Download
memory/3440-2146-0x00007FF73E240000-0x00007FF73E594000-memory.dmp

Filesize
3.3MB

Download
memory/3440-702-0x00007FF73E240000-0x00007FF73E594000-memory.dmp

Filesize
3.3MB

Download
memory/3472-719-0x00007FF61CEA0000-0x00007FF61D1F4000-memory.dmp

Filesize
3.3MB

Download
memory/3472-2153-0x00007FF61CEA0000-0x00007FF61D1F4000-memory.dmp

Filesize
3.3MB

Download
memory/3672-2143-0x00007FF74A930000-0x00007FF74AC84000-memory.dmp

Filesize
3.3MB

Download
memory/3672-681-0x00007FF74A930000-0x00007FF74AC84000-memory.dmp

Filesize
3.3MB

Download
memory/3744-2151-0x00007FF7CA7E0000-0x00007FF7CAB34000-memory.dmp

Filesize
3.3MB

Download
memory/3744-712-0x00007FF7CA7E0000-0x00007FF7CAB34000-memory.dmp

Filesize
3.3MB

Download
memory/3996-13-0x00007FF6479F0000-0x00007FF647D44000-memory.dmp

Filesize
3.3MB

Download
memory/3996-2131-0x00007FF6479F0000-0x00007FF647D44000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2127-0x00007FF646400000-0x00007FF646754000-memory.dmp

Filesize
3.3MB

Download
memory/4268-17-0x00007FF646400000-0x00007FF646754000-memory.dmp

Filesize
3.3MB

Download
memory/4268-2132-0x00007FF646400000-0x00007FF646754000-memory.dmp

Filesize
3.3MB

Download
memory/4420-741-0x00007FF78EA30000-0x00007FF78ED84000-memory.dmp

Filesize
3.3MB

Download
memory/4420-2156-0x00007FF78EA30000-0x00007FF78ED84000-memory.dmp

Filesize
3.3MB

Download
memory/4480-730-0x00007FF6F8810000-0x00007FF6F8B64000-memory.dmp

Filesize
3.3MB

Download
memory/4480-2155-0x00007FF6F8810000-0x00007FF6F8B64000-memory.dmp

Filesize
3.3MB

Download
memory/4812-737-0x00007FF686630000-0x00007FF686984000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2157-0x00007FF686630000-0x00007FF686984000-memory.dmp

Filesize
3.3MB

Download
memory/4872-2142-0x00007FF6D1590000-0x00007FF6D18E4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-677-0x00007FF6D1590000-0x00007FF6D18E4000-memory.dmp

Filesize
3.3MB

Download
memory/5068-2148-0x00007FF6D0AB0000-0x00007FF6D0E04000-memory.dmp

Filesize
3.3MB

Download
memory/5068-714-0x00007FF6D0AB0000-0x00007FF6D0E04000-memory.dmp

Filesize
3.3MB

Download
memory/5072-2150-0x00007FF6B52C0000-0x00007FF6B5614000-memory.dmp

Filesize
3.3MB

Download
memory/5072-706-0x00007FF6B52C0000-0x00007FF6B5614000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads