kpot | 9acf861ae11cf9a9e1f6c2cc689d12fa4efa41fb0b0377e146ca05df123e4858

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
Size

2.1MB
MD5

3654b96099ade14737d1e624fb04ece0
SHA1

e3aefb66c3687f68595e44d816ffbf8c450a83f5
SHA256

9acf861ae11cf9a9e1f6c2cc689d12fa4efa41fb0b0377e146ca05df123e4858
SHA512

fc10d548333b035780b384ee5faf04d845de2f3215b46b241ac75f4ed02c6510a5d836fbf623568cc7bc7c11b39ddc8b77113259d9f3b9dd9228568dccfc2783
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3i4F:BemTLkNdfE0pZrwt

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 35 IoCs

resource	yara_rule
behavioral2/files/0x00090000000233ee-7.dat	family_kpot
behavioral2/files/0x0007000000023402-72.dat	family_kpot
behavioral2/files/0x00070000000233fb-85.dat	family_kpot
behavioral2/files/0x0007000000023403-111.dat	family_kpot
behavioral2/files/0x000700000002340e-145.dat	family_kpot
behavioral2/files/0x000700000002340d-143.dat	family_kpot
behavioral2/files/0x000700000002340c-141.dat	family_kpot
behavioral2/files/0x000700000002340b-139.dat	family_kpot
behavioral2/files/0x000700000002340a-137.dat	family_kpot
behavioral2/files/0x0007000000023409-129.dat	family_kpot
behavioral2/files/0x0007000000023408-127.dat	family_kpot
behavioral2/files/0x0007000000023407-125.dat	family_kpot
behavioral2/files/0x0007000000023406-109.dat	family_kpot
behavioral2/files/0x00070000000233fe-107.dat	family_kpot
behavioral2/files/0x0007000000023405-104.dat	family_kpot
behavioral2/files/0x00070000000233fc-102.dat	family_kpot
behavioral2/files/0x0007000000023401-93.dat	family_kpot
behavioral2/files/0x0007000000023404-100.dat	family_kpot
behavioral2/files/0x00070000000233ff-89.dat	family_kpot
behavioral2/files/0x00070000000233fd-87.dat	family_kpot
behavioral2/files/0x0007000000023400-83.dat	family_kpot
behavioral2/files/0x00070000000233f8-67.dat	family_kpot
behavioral2/files/0x00070000000233f7-57.dat	family_kpot
behavioral2/files/0x00070000000233f9-54.dat	family_kpot
behavioral2/files/0x00070000000233f6-48.dat	family_kpot
behavioral2/files/0x00070000000233fa-44.dat	family_kpot
behavioral2/files/0x00070000000233f5-31.dat	family_kpot
behavioral2/files/0x000700000002340f-167.dat	family_kpot
behavioral2/files/0x0007000000023414-186.dat	family_kpot
behavioral2/files/0x0007000000023416-200.dat	family_kpot
behavioral2/files/0x00090000000233f2-197.dat	family_kpot
behavioral2/files/0x0007000000023413-193.dat	family_kpot
behavioral2/files/0x0007000000023412-185.dat	family_kpot
behavioral2/files/0x0007000000023411-184.dat	family_kpot
behavioral2/files/0x0007000000023410-172.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/932-0-0x00007FF724410000-0x00007FF724764000-memory.dmp	xmrig
behavioral2/files/0x00090000000233ee-7.dat	xmrig
behavioral2/files/0x0007000000023402-72.dat	xmrig
behavioral2/files/0x00070000000233fb-85.dat	xmrig
behavioral2/files/0x0007000000023403-111.dat	xmrig
behavioral2/memory/2736-135-0x00007FF62E080000-0x00007FF62E3D4000-memory.dmp	xmrig
behavioral2/memory/436-147-0x00007FF6ECCE0000-0x00007FF6ED034000-memory.dmp	xmrig
behavioral2/memory/1912-150-0x00007FF7E3670000-0x00007FF7E39C4000-memory.dmp	xmrig
behavioral2/memory/3344-155-0x00007FF77C8D0000-0x00007FF77CC24000-memory.dmp	xmrig
behavioral2/memory/4732-159-0x00007FF7A27F0000-0x00007FF7A2B44000-memory.dmp	xmrig
behavioral2/memory/392-164-0x00007FF78C080000-0x00007FF78C3D4000-memory.dmp	xmrig
behavioral2/memory/3200-163-0x00007FF75CCD0000-0x00007FF75D024000-memory.dmp	xmrig
behavioral2/memory/3948-162-0x00007FF6E2A70000-0x00007FF6E2DC4000-memory.dmp	xmrig
behavioral2/memory/4408-161-0x00007FF763C10000-0x00007FF763F64000-memory.dmp	xmrig
behavioral2/memory/3464-160-0x00007FF7377C0000-0x00007FF737B14000-memory.dmp	xmrig
behavioral2/memory/1004-158-0x00007FF7F3310000-0x00007FF7F3664000-memory.dmp	xmrig
behavioral2/memory/1424-157-0x00007FF7F4260000-0x00007FF7F45B4000-memory.dmp	xmrig
behavioral2/memory/2968-156-0x00007FF7A39E0000-0x00007FF7A3D34000-memory.dmp	xmrig
behavioral2/memory/1668-154-0x00007FF70EF80000-0x00007FF70F2D4000-memory.dmp	xmrig
behavioral2/memory/512-153-0x00007FF6AF880000-0x00007FF6AFBD4000-memory.dmp	xmrig
behavioral2/memory/4520-152-0x00007FF674BD0000-0x00007FF674F24000-memory.dmp	xmrig
behavioral2/memory/992-151-0x00007FF65D3D0000-0x00007FF65D724000-memory.dmp	xmrig
behavioral2/memory/2316-149-0x00007FF789160000-0x00007FF7894B4000-memory.dmp	xmrig
behavioral2/memory/1472-148-0x00007FF6A4FF0000-0x00007FF6A5344000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-145.dat	xmrig
behavioral2/files/0x000700000002340d-143.dat	xmrig
behavioral2/files/0x000700000002340c-141.dat	xmrig
behavioral2/files/0x000700000002340b-139.dat	xmrig
behavioral2/files/0x000700000002340a-137.dat	xmrig
behavioral2/memory/2800-136-0x00007FF670EA0000-0x00007FF6711F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-129.dat	xmrig
behavioral2/files/0x0007000000023408-127.dat	xmrig
behavioral2/files/0x0007000000023407-125.dat	xmrig
behavioral2/memory/2892-120-0x00007FF65D6F0000-0x00007FF65DA44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023406-109.dat	xmrig
behavioral2/files/0x00070000000233fe-107.dat	xmrig
behavioral2/files/0x0007000000023405-104.dat	xmrig
behavioral2/files/0x00070000000233fc-102.dat	xmrig
behavioral2/memory/2040-99-0x00007FF7C2A90000-0x00007FF7C2DE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023401-93.dat	xmrig
behavioral2/files/0x0007000000023404-100.dat	xmrig
behavioral2/memory/2036-92-0x00007FF7CA810000-0x00007FF7CAB64000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ff-89.dat	xmrig
behavioral2/files/0x00070000000233fd-87.dat	xmrig
behavioral2/files/0x0007000000023400-83.dat	xmrig
behavioral2/memory/3000-80-0x00007FF7B42F0000-0x00007FF7B4644000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f8-67.dat	xmrig
behavioral2/memory/2420-65-0x00007FF677BF0000-0x00007FF677F44000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f7-57.dat	xmrig
behavioral2/files/0x00070000000233f9-54.dat	xmrig
behavioral2/files/0x00070000000233f6-48.dat	xmrig
behavioral2/files/0x00070000000233fa-44.dat	xmrig
behavioral2/files/0x00070000000233f5-31.dat	xmrig
behavioral2/memory/1968-28-0x00007FF756710000-0x00007FF756A64000-memory.dmp	xmrig
behavioral2/memory/1636-11-0x00007FF65F900000-0x00007FF65FC54000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-167.dat	xmrig
behavioral2/memory/860-189-0x00007FF7B1820000-0x00007FF7B1B74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-186.dat	xmrig
behavioral2/memory/4016-203-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-200.dat	xmrig
behavioral2/files/0x00090000000233f2-197.dat	xmrig
behavioral2/files/0x0007000000023413-193.dat	xmrig
behavioral2/files/0x0007000000023412-185.dat	xmrig
behavioral2/files/0x0007000000023411-184.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1636	UdWyZuC.exe
1968	gEhAthd.exe
4732	nuHxrLv.exe
2420	vrfEKlg.exe
3000	rLDwUtv.exe
2036	GWdSfZy.exe
3464	NccpTgT.exe
2040	pZaOjhF.exe
2892	QvdahgB.exe
2736	wRhmYdh.exe
2800	tyhArgS.exe
4408	NZWtveF.exe
436	yclzSBC.exe
1472	JWTfPNb.exe
2316	QbQABtD.exe
1912	QTnDiyy.exe
992	wAmAcXZ.exe
4520	VwZnfju.exe
512	hfArfKa.exe
1668	qDcXzii.exe
3948	ayVcLNu.exe
3200	TFZZmHv.exe
392	vfTTSDL.exe
3344	sJaGawP.exe
2968	KpQkKtR.exe
1424	XOKDWNb.exe
1004	hVMPhdP.exe
860	FNaxyhu.exe
4016	oIQKkCw.exe
2032	qanhOcP.exe
1744	bQBXIYv.exe
1548	dbXKoDo.exe
2336	vxnzsGD.exe
3056	hCgrLvm.exe
376	WBKcnqD.exe
4224	EYQlGrH.exe
8	cjwJJUU.exe
4036	GLAQmBD.exe
2772	JQeErRv.exe
880	xFlScxp.exe
364	iigyNCr.exe
1028	pTeqiXh.exe
1176	wKZVEeU.exe
1552	PWVMMWM.exe
2116	MLUGuej.exe
1976	ExoWgGB.exe
3212	zvInZYH.exe
4908	KRfoyGI.exe
4708	pqSIpyO.exe
2728	sAtdovr.exe
3424	OEvphEb.exe
3868	uIOVRDP.exe
3708	IXyVnci.exe
1280	dgtwxMJ.exe
5024	TnvUvRb.exe
4148	pMawBKM.exe
1104	tLvnhCS.exe
2940	TOCipmJ.exe
2764	XKbMHDM.exe
1528	SUNOlqg.exe
1116	iOeITOl.exe
1264	GmRbsvM.exe
2304	tXYqDqI.exe
3172	rJuiyoI.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/932-0-0x00007FF724410000-0x00007FF724764000-memory.dmp	upx
behavioral2/files/0x00090000000233ee-7.dat	upx
behavioral2/files/0x0007000000023402-72.dat	upx
behavioral2/files/0x00070000000233fb-85.dat	upx
behavioral2/files/0x0007000000023403-111.dat	upx
behavioral2/memory/2736-135-0x00007FF62E080000-0x00007FF62E3D4000-memory.dmp	upx
behavioral2/memory/436-147-0x00007FF6ECCE0000-0x00007FF6ED034000-memory.dmp	upx
behavioral2/memory/1912-150-0x00007FF7E3670000-0x00007FF7E39C4000-memory.dmp	upx
behavioral2/memory/3344-155-0x00007FF77C8D0000-0x00007FF77CC24000-memory.dmp	upx
behavioral2/memory/4732-159-0x00007FF7A27F0000-0x00007FF7A2B44000-memory.dmp	upx
behavioral2/memory/392-164-0x00007FF78C080000-0x00007FF78C3D4000-memory.dmp	upx
behavioral2/memory/3200-163-0x00007FF75CCD0000-0x00007FF75D024000-memory.dmp	upx
behavioral2/memory/3948-162-0x00007FF6E2A70000-0x00007FF6E2DC4000-memory.dmp	upx
behavioral2/memory/4408-161-0x00007FF763C10000-0x00007FF763F64000-memory.dmp	upx
behavioral2/memory/3464-160-0x00007FF7377C0000-0x00007FF737B14000-memory.dmp	upx
behavioral2/memory/1004-158-0x00007FF7F3310000-0x00007FF7F3664000-memory.dmp	upx
behavioral2/memory/1424-157-0x00007FF7F4260000-0x00007FF7F45B4000-memory.dmp	upx
behavioral2/memory/2968-156-0x00007FF7A39E0000-0x00007FF7A3D34000-memory.dmp	upx
behavioral2/memory/1668-154-0x00007FF70EF80000-0x00007FF70F2D4000-memory.dmp	upx
behavioral2/memory/512-153-0x00007FF6AF880000-0x00007FF6AFBD4000-memory.dmp	upx
behavioral2/memory/4520-152-0x00007FF674BD0000-0x00007FF674F24000-memory.dmp	upx
behavioral2/memory/992-151-0x00007FF65D3D0000-0x00007FF65D724000-memory.dmp	upx
behavioral2/memory/2316-149-0x00007FF789160000-0x00007FF7894B4000-memory.dmp	upx
behavioral2/memory/1472-148-0x00007FF6A4FF0000-0x00007FF6A5344000-memory.dmp	upx
behavioral2/files/0x000700000002340e-145.dat	upx
behavioral2/files/0x000700000002340d-143.dat	upx
behavioral2/files/0x000700000002340c-141.dat	upx
behavioral2/files/0x000700000002340b-139.dat	upx
behavioral2/files/0x000700000002340a-137.dat	upx
behavioral2/memory/2800-136-0x00007FF670EA0000-0x00007FF6711F4000-memory.dmp	upx
behavioral2/files/0x0007000000023409-129.dat	upx
behavioral2/files/0x0007000000023408-127.dat	upx
behavioral2/files/0x0007000000023407-125.dat	upx
behavioral2/memory/2892-120-0x00007FF65D6F0000-0x00007FF65DA44000-memory.dmp	upx
behavioral2/files/0x0007000000023406-109.dat	upx
behavioral2/files/0x00070000000233fe-107.dat	upx
behavioral2/files/0x0007000000023405-104.dat	upx
behavioral2/files/0x00070000000233fc-102.dat	upx
behavioral2/memory/2040-99-0x00007FF7C2A90000-0x00007FF7C2DE4000-memory.dmp	upx
behavioral2/files/0x0007000000023401-93.dat	upx
behavioral2/files/0x0007000000023404-100.dat	upx
behavioral2/memory/2036-92-0x00007FF7CA810000-0x00007FF7CAB64000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-89.dat	upx
behavioral2/files/0x00070000000233fd-87.dat	upx
behavioral2/files/0x0007000000023400-83.dat	upx
behavioral2/memory/3000-80-0x00007FF7B42F0000-0x00007FF7B4644000-memory.dmp	upx
behavioral2/files/0x00070000000233f8-67.dat	upx
behavioral2/memory/2420-65-0x00007FF677BF0000-0x00007FF677F44000-memory.dmp	upx
behavioral2/files/0x00070000000233f7-57.dat	upx
behavioral2/files/0x00070000000233f9-54.dat	upx
behavioral2/files/0x00070000000233f6-48.dat	upx
behavioral2/files/0x00070000000233fa-44.dat	upx
behavioral2/files/0x00070000000233f5-31.dat	upx
behavioral2/memory/1968-28-0x00007FF756710000-0x00007FF756A64000-memory.dmp	upx
behavioral2/memory/1636-11-0x00007FF65F900000-0x00007FF65FC54000-memory.dmp	upx
behavioral2/files/0x000700000002340f-167.dat	upx
behavioral2/memory/860-189-0x00007FF7B1820000-0x00007FF7B1B74000-memory.dmp	upx
behavioral2/files/0x0007000000023414-186.dat	upx
behavioral2/memory/4016-203-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp	upx
behavioral2/files/0x0007000000023416-200.dat	upx
behavioral2/files/0x00090000000233f2-197.dat	upx
behavioral2/files/0x0007000000023413-193.dat	upx
behavioral2/files/0x0007000000023412-185.dat	upx
behavioral2/files/0x0007000000023411-184.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NOpcpYt.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\uHrbvDT.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\yDKHkFB.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\bunXYoM.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\eTyLbpk.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\ipjtcGz.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\bqdYWUd.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\lSMCkbS.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\deUKzQS.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\ZgiPvnB.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\osUPHsA.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\tRHaRns.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\APawHiH.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\fYLIgUn.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\eGIgqOs.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\qrFaIuS.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\hwEuqnM.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\TywQEkT.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\SIshunt.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\lgpciFg.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\lmuOcYL.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\qvIVyDn.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\AwNdAni.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\DYkkrJB.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\qtFdfOo.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\dvixKHa.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\zzfItfL.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\HgfIpVR.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\zukgqea.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\rRgvwcG.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\tkaHwJg.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\SRdBGHa.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\JxcagHA.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\kOpmAml.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\pTeqiXh.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\faRepmr.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\sBKTsSU.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\OGngVQY.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\otPoCpU.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\yclzSBC.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\tlHZRcS.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\pozGFcH.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\csRpNTr.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\swSKvAx.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\upvwOUF.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\jzMMXzA.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\grbvaXQ.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\kuhNAOM.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\eogYgjR.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\VUKLIWE.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\hVMPhdP.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\iOeITOl.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\WJLzEKG.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\mpMlNOA.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\NVqWyYd.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\FvKquEv.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\dgtwxMJ.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\WrDRvpi.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\tXYqDqI.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\RYzRzor.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\hSYCXGR.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\XhTyGvO.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\qanhOcP.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
File created	C:\Windows\System\epYMJRh.exe	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15180	dwm.exe
Token: SeChangeNotifyPrivilege	15180	dwm.exe
Token: 33	15180	dwm.exe
Token: SeIncBasePriorityPrivilege	15180	dwm.exe
Token: SeShutdownPrivilege	15180	dwm.exe
Token: SeCreatePagefilePrivilege	15180	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 1636	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	83
PID 932 wrote to memory of 1636	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	83
PID 932 wrote to memory of 1968	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	84
PID 932 wrote to memory of 1968	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	84
PID 932 wrote to memory of 4732	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	85
PID 932 wrote to memory of 4732	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	85
PID 932 wrote to memory of 2420	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	86
PID 932 wrote to memory of 2420	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	86
PID 932 wrote to memory of 3000	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	87
PID 932 wrote to memory of 3000	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	87
PID 932 wrote to memory of 2036	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	88
PID 932 wrote to memory of 2036	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	88
PID 932 wrote to memory of 3464	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	89
PID 932 wrote to memory of 3464	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	89
PID 932 wrote to memory of 2040	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	90
PID 932 wrote to memory of 2040	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	90
PID 932 wrote to memory of 2892	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	91
PID 932 wrote to memory of 2892	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	91
PID 932 wrote to memory of 2736	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	92
PID 932 wrote to memory of 2736	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	92
PID 932 wrote to memory of 4520	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	93
PID 932 wrote to memory of 4520	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	93
PID 932 wrote to memory of 2800	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	94
PID 932 wrote to memory of 2800	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	94
PID 932 wrote to memory of 4408	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	95
PID 932 wrote to memory of 4408	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	95
PID 932 wrote to memory of 436	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	96
PID 932 wrote to memory of 436	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	96
PID 932 wrote to memory of 1472	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	97
PID 932 wrote to memory of 1472	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	97
PID 932 wrote to memory of 2316	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	98
PID 932 wrote to memory of 2316	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	98
PID 932 wrote to memory of 1912	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	99
PID 932 wrote to memory of 1912	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	99
PID 932 wrote to memory of 992	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	100
PID 932 wrote to memory of 992	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	100
PID 932 wrote to memory of 512	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	101
PID 932 wrote to memory of 512	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	101
PID 932 wrote to memory of 1668	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	102
PID 932 wrote to memory of 1668	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	102
PID 932 wrote to memory of 3948	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	103
PID 932 wrote to memory of 3948	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	103
PID 932 wrote to memory of 3200	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	104
PID 932 wrote to memory of 3200	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	104
PID 932 wrote to memory of 392	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	105
PID 932 wrote to memory of 392	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	105
PID 932 wrote to memory of 3344	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	106
PID 932 wrote to memory of 3344	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	106
PID 932 wrote to memory of 2968	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	107
PID 932 wrote to memory of 2968	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	107
PID 932 wrote to memory of 1424	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	108
PID 932 wrote to memory of 1424	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	108
PID 932 wrote to memory of 1004	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	109
PID 932 wrote to memory of 1004	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	109
PID 932 wrote to memory of 860	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	110
PID 932 wrote to memory of 860	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	110
PID 932 wrote to memory of 2032	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	111
PID 932 wrote to memory of 2032	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	111
PID 932 wrote to memory of 4016	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	112
PID 932 wrote to memory of 4016	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	112
PID 932 wrote to memory of 1744	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	113
PID 932 wrote to memory of 1744	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	113
PID 932 wrote to memory of 1548	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	114
PID 932 wrote to memory of 1548	932	3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3654b96099ade14737d1e624fb04ece0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:932
- C:\Windows\System\UdWyZuC.exe
  C:\Windows\System\UdWyZuC.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\gEhAthd.exe
  C:\Windows\System\gEhAthd.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\nuHxrLv.exe
  C:\Windows\System\nuHxrLv.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\vrfEKlg.exe
  C:\Windows\System\vrfEKlg.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\rLDwUtv.exe
  C:\Windows\System\rLDwUtv.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\GWdSfZy.exe
  C:\Windows\System\GWdSfZy.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\NccpTgT.exe
  C:\Windows\System\NccpTgT.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\pZaOjhF.exe
  C:\Windows\System\pZaOjhF.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\QvdahgB.exe
  C:\Windows\System\QvdahgB.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\wRhmYdh.exe
  C:\Windows\System\wRhmYdh.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\VwZnfju.exe
  C:\Windows\System\VwZnfju.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\tyhArgS.exe
  C:\Windows\System\tyhArgS.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\NZWtveF.exe
  C:\Windows\System\NZWtveF.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\yclzSBC.exe
  C:\Windows\System\yclzSBC.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\JWTfPNb.exe
  C:\Windows\System\JWTfPNb.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\QbQABtD.exe
  C:\Windows\System\QbQABtD.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\QTnDiyy.exe
  C:\Windows\System\QTnDiyy.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\wAmAcXZ.exe
  C:\Windows\System\wAmAcXZ.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\hfArfKa.exe
  C:\Windows\System\hfArfKa.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\qDcXzii.exe
  C:\Windows\System\qDcXzii.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ayVcLNu.exe
  C:\Windows\System\ayVcLNu.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\TFZZmHv.exe
  C:\Windows\System\TFZZmHv.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\vfTTSDL.exe
  C:\Windows\System\vfTTSDL.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\sJaGawP.exe
  C:\Windows\System\sJaGawP.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\KpQkKtR.exe
  C:\Windows\System\KpQkKtR.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\XOKDWNb.exe
  C:\Windows\System\XOKDWNb.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\hVMPhdP.exe
  C:\Windows\System\hVMPhdP.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\FNaxyhu.exe
  C:\Windows\System\FNaxyhu.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\qanhOcP.exe
  C:\Windows\System\qanhOcP.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\oIQKkCw.exe
  C:\Windows\System\oIQKkCw.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\bQBXIYv.exe
  C:\Windows\System\bQBXIYv.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\dbXKoDo.exe
  C:\Windows\System\dbXKoDo.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\hCgrLvm.exe
  C:\Windows\System\hCgrLvm.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\vxnzsGD.exe
  C:\Windows\System\vxnzsGD.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\GLAQmBD.exe
  C:\Windows\System\GLAQmBD.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\WBKcnqD.exe
  C:\Windows\System\WBKcnqD.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\EYQlGrH.exe
  C:\Windows\System\EYQlGrH.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\cjwJJUU.exe
  C:\Windows\System\cjwJJUU.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\JQeErRv.exe
  C:\Windows\System\JQeErRv.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\xFlScxp.exe
  C:\Windows\System\xFlScxp.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\iigyNCr.exe
  C:\Windows\System\iigyNCr.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\pTeqiXh.exe
  C:\Windows\System\pTeqiXh.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\wKZVEeU.exe
  C:\Windows\System\wKZVEeU.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\PWVMMWM.exe
  C:\Windows\System\PWVMMWM.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\MLUGuej.exe
  C:\Windows\System\MLUGuej.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\ExoWgGB.exe
  C:\Windows\System\ExoWgGB.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\zvInZYH.exe
  C:\Windows\System\zvInZYH.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\KRfoyGI.exe
  C:\Windows\System\KRfoyGI.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\pqSIpyO.exe
  C:\Windows\System\pqSIpyO.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\sAtdovr.exe
  C:\Windows\System\sAtdovr.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\OEvphEb.exe
  C:\Windows\System\OEvphEb.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\uIOVRDP.exe
  C:\Windows\System\uIOVRDP.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\IXyVnci.exe
  C:\Windows\System\IXyVnci.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\dgtwxMJ.exe
  C:\Windows\System\dgtwxMJ.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\TnvUvRb.exe
  C:\Windows\System\TnvUvRb.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\pMawBKM.exe
  C:\Windows\System\pMawBKM.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\tLvnhCS.exe
  C:\Windows\System\tLvnhCS.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\TOCipmJ.exe
  C:\Windows\System\TOCipmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\XKbMHDM.exe
  C:\Windows\System\XKbMHDM.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\SUNOlqg.exe
  C:\Windows\System\SUNOlqg.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\iOeITOl.exe
  C:\Windows\System\iOeITOl.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\GmRbsvM.exe
  C:\Windows\System\GmRbsvM.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\tXYqDqI.exe
  C:\Windows\System\tXYqDqI.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\rJuiyoI.exe
  C:\Windows\System\rJuiyoI.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\acCNQLE.exe
  C:\Windows\System\acCNQLE.exe
  2⤵
  PID:3140
- C:\Windows\System\tEgUTGy.exe
  C:\Windows\System\tEgUTGy.exe
  2⤵
  PID:2648
- C:\Windows\System\jjjESSr.exe
  C:\Windows\System\jjjESSr.exe
  2⤵
  PID:4984
- C:\Windows\System\JgsuhOt.exe
  C:\Windows\System\JgsuhOt.exe
  2⤵
  PID:1568
- C:\Windows\System\zOiHgnU.exe
  C:\Windows\System\zOiHgnU.exe
  2⤵
  PID:3552
- C:\Windows\System\OJGxdgf.exe
  C:\Windows\System\OJGxdgf.exe
  2⤵
  PID:548
- C:\Windows\System\nUPGvPz.exe
  C:\Windows\System\nUPGvPz.exe
  2⤵
  PID:4988
- C:\Windows\System\SloVXNZ.exe
  C:\Windows\System\SloVXNZ.exe
  2⤵
  PID:1008
- C:\Windows\System\JojPATx.exe
  C:\Windows\System\JojPATx.exe
  2⤵
  PID:760
- C:\Windows\System\RTCVyAT.exe
  C:\Windows\System\RTCVyAT.exe
  2⤵
  PID:2852
- C:\Windows\System\cdOoFGi.exe
  C:\Windows\System\cdOoFGi.exe
  2⤵
  PID:1716
- C:\Windows\System\QKwItFs.exe
  C:\Windows\System\QKwItFs.exe
  2⤵
  PID:532
- C:\Windows\System\SHNUiTm.exe
  C:\Windows\System\SHNUiTm.exe
  2⤵
  PID:848
- C:\Windows\System\jMzCKWD.exe
  C:\Windows\System\jMzCKWD.exe
  2⤵
  PID:2680
- C:\Windows\System\nHGtccj.exe
  C:\Windows\System\nHGtccj.exe
  2⤵
  PID:2748
- C:\Windows\System\GJJrMqO.exe
  C:\Windows\System\GJJrMqO.exe
  2⤵
  PID:4056
- C:\Windows\System\TZEckeX.exe
  C:\Windows\System\TZEckeX.exe
  2⤵
  PID:4804
- C:\Windows\System\EXxxXjE.exe
  C:\Windows\System\EXxxXjE.exe
  2⤵
  PID:2516
- C:\Windows\System\WZdvZGG.exe
  C:\Windows\System\WZdvZGG.exe
  2⤵
  PID:1876
- C:\Windows\System\DgtBnkc.exe
  C:\Windows\System\DgtBnkc.exe
  2⤵
  PID:3616
- C:\Windows\System\gTmAceA.exe
  C:\Windows\System\gTmAceA.exe
  2⤵
  PID:2440
- C:\Windows\System\IXSqHtw.exe
  C:\Windows\System\IXSqHtw.exe
  2⤵
  PID:4432
- C:\Windows\System\jfETKOv.exe
  C:\Windows\System\jfETKOv.exe
  2⤵
  PID:2084
- C:\Windows\System\VhoMgDi.exe
  C:\Windows\System\VhoMgDi.exe
  2⤵
  PID:3664
- C:\Windows\System\stcbtcs.exe
  C:\Windows\System\stcbtcs.exe
  2⤵
  PID:4800
- C:\Windows\System\RYzRzor.exe
  C:\Windows\System\RYzRzor.exe
  2⤵
  PID:3264
- C:\Windows\System\IWJHyYG.exe
  C:\Windows\System\IWJHyYG.exe
  2⤵
  PID:4676
- C:\Windows\System\GFWBrVV.exe
  C:\Windows\System\GFWBrVV.exe
  2⤵
  PID:1736
- C:\Windows\System\CnZibxh.exe
  C:\Windows\System\CnZibxh.exe
  2⤵
  PID:800
- C:\Windows\System\rAscZud.exe
  C:\Windows\System\rAscZud.exe
  2⤵
  PID:4776
- C:\Windows\System\qrFaIuS.exe
  C:\Windows\System\qrFaIuS.exe
  2⤵
  PID:852
- C:\Windows\System\yHKeXvT.exe
  C:\Windows\System\yHKeXvT.exe
  2⤵
  PID:5152
- C:\Windows\System\DbsLDQI.exe
  C:\Windows\System\DbsLDQI.exe
  2⤵
  PID:5172
- C:\Windows\System\pxbpqcy.exe
  C:\Windows\System\pxbpqcy.exe
  2⤵
  PID:5204
- C:\Windows\System\CVIiONQ.exe
  C:\Windows\System\CVIiONQ.exe
  2⤵
  PID:5220
- C:\Windows\System\jhavyXt.exe
  C:\Windows\System\jhavyXt.exe
  2⤵
  PID:5244
- C:\Windows\System\ypRdFMo.exe
  C:\Windows\System\ypRdFMo.exe
  2⤵
  PID:5276
- C:\Windows\System\sRkiLfB.exe
  C:\Windows\System\sRkiLfB.exe
  2⤵
  PID:5304
- C:\Windows\System\shLFllN.exe
  C:\Windows\System\shLFllN.exe
  2⤵
  PID:5344
- C:\Windows\System\ndDwpFX.exe
  C:\Windows\System\ndDwpFX.exe
  2⤵
  PID:5360
- C:\Windows\System\wYfCxLh.exe
  C:\Windows\System\wYfCxLh.exe
  2⤵
  PID:5380
- C:\Windows\System\snNmAdb.exe
  C:\Windows\System\snNmAdb.exe
  2⤵
  PID:5416
- C:\Windows\System\ZhcayzE.exe
  C:\Windows\System\ZhcayzE.exe
  2⤵
  PID:5448
- C:\Windows\System\DPJgUEJ.exe
  C:\Windows\System\DPJgUEJ.exe
  2⤵
  PID:5484
- C:\Windows\System\SNjQXoe.exe
  C:\Windows\System\SNjQXoe.exe
  2⤵
  PID:5516
- C:\Windows\System\DCjJTZF.exe
  C:\Windows\System\DCjJTZF.exe
  2⤵
  PID:5548
- C:\Windows\System\sGaVSnX.exe
  C:\Windows\System\sGaVSnX.exe
  2⤵
  PID:5568
- C:\Windows\System\WJLzEKG.exe
  C:\Windows\System\WJLzEKG.exe
  2⤵
  PID:5592
- C:\Windows\System\TiGqgWQ.exe
  C:\Windows\System\TiGqgWQ.exe
  2⤵
  PID:5612
- C:\Windows\System\FbJFtgQ.exe
  C:\Windows\System\FbJFtgQ.exe
  2⤵
  PID:5640
- C:\Windows\System\LbonQJw.exe
  C:\Windows\System\LbonQJw.exe
  2⤵
  PID:5684
- C:\Windows\System\ZwFvtFG.exe
  C:\Windows\System\ZwFvtFG.exe
  2⤵
  PID:5716
- C:\Windows\System\TiSReHU.exe
  C:\Windows\System\TiSReHU.exe
  2⤵
  PID:5732
- C:\Windows\System\dtGieGm.exe
  C:\Windows\System\dtGieGm.exe
  2⤵
  PID:5764
- C:\Windows\System\LQhLRpm.exe
  C:\Windows\System\LQhLRpm.exe
  2⤵
  PID:5796
- C:\Windows\System\mnAEQeA.exe
  C:\Windows\System\mnAEQeA.exe
  2⤵
  PID:5816
- C:\Windows\System\hwEuqnM.exe
  C:\Windows\System\hwEuqnM.exe
  2⤵
  PID:5852
- C:\Windows\System\nKxlpUF.exe
  C:\Windows\System\nKxlpUF.exe
  2⤵
  PID:5884
- C:\Windows\System\EpKQjlS.exe
  C:\Windows\System\EpKQjlS.exe
  2⤵
  PID:5900
- C:\Windows\System\fowxdYp.exe
  C:\Windows\System\fowxdYp.exe
  2⤵
  PID:5916
- C:\Windows\System\rTkIhMx.exe
  C:\Windows\System\rTkIhMx.exe
  2⤵
  PID:5932
- C:\Windows\System\yDmlGuE.exe
  C:\Windows\System\yDmlGuE.exe
  2⤵
  PID:5948
- C:\Windows\System\asvWDUj.exe
  C:\Windows\System\asvWDUj.exe
  2⤵
  PID:5980
- C:\Windows\System\xbQGsPy.exe
  C:\Windows\System\xbQGsPy.exe
  2⤵
  PID:6024
- C:\Windows\System\vkpTXDn.exe
  C:\Windows\System\vkpTXDn.exe
  2⤵
  PID:6060
- C:\Windows\System\TfNEHwO.exe
  C:\Windows\System\TfNEHwO.exe
  2⤵
  PID:6100
- C:\Windows\System\McckXOe.exe
  C:\Windows\System\McckXOe.exe
  2⤵
  PID:6124
- C:\Windows\System\YGhyYmf.exe
  C:\Windows\System\YGhyYmf.exe
  2⤵
  PID:5124
- C:\Windows\System\iZqmqfl.exe
  C:\Windows\System\iZqmqfl.exe
  2⤵
  PID:5200
- C:\Windows\System\VPmrHDp.exe
  C:\Windows\System\VPmrHDp.exe
  2⤵
  PID:5292
- C:\Windows\System\PzFbPxE.exe
  C:\Windows\System\PzFbPxE.exe
  2⤵
  PID:5356
- C:\Windows\System\sBXhOCQ.exe
  C:\Windows\System\sBXhOCQ.exe
  2⤵
  PID:5400
- C:\Windows\System\XCsOeul.exe
  C:\Windows\System\XCsOeul.exe
  2⤵
  PID:5480
- C:\Windows\System\SdQRShc.exe
  C:\Windows\System\SdQRShc.exe
  2⤵
  PID:5560
- C:\Windows\System\nmndWGd.exe
  C:\Windows\System\nmndWGd.exe
  2⤵
  PID:5628
- C:\Windows\System\lUmwndP.exe
  C:\Windows\System\lUmwndP.exe
  2⤵
  PID:5700
- C:\Windows\System\MhgAnmi.exe
  C:\Windows\System\MhgAnmi.exe
  2⤵
  PID:5788
- C:\Windows\System\PqsVmKW.exe
  C:\Windows\System\PqsVmKW.exe
  2⤵
  PID:5828
- C:\Windows\System\rlcgJzf.exe
  C:\Windows\System\rlcgJzf.exe
  2⤵
  PID:5896
- C:\Windows\System\xDXeBJP.exe
  C:\Windows\System\xDXeBJP.exe
  2⤵
  PID:5976
- C:\Windows\System\QYzjLyu.exe
  C:\Windows\System\QYzjLyu.exe
  2⤵
  PID:6016
- C:\Windows\System\FOxHdBy.exe
  C:\Windows\System\FOxHdBy.exe
  2⤵
  PID:6088
- C:\Windows\System\gAPXZkJ.exe
  C:\Windows\System\gAPXZkJ.exe
  2⤵
  PID:5256
- C:\Windows\System\hvogvxE.exe
  C:\Windows\System\hvogvxE.exe
  2⤵
  PID:5332
- C:\Windows\System\eUMlmwl.exe
  C:\Windows\System\eUMlmwl.exe
  2⤵
  PID:5436
- C:\Windows\System\HzHlArp.exe
  C:\Windows\System\HzHlArp.exe
  2⤵
  PID:5656
- C:\Windows\System\ggzamwB.exe
  C:\Windows\System\ggzamwB.exe
  2⤵
  PID:5812
- C:\Windows\System\mkuexgT.exe
  C:\Windows\System\mkuexgT.exe
  2⤵
  PID:5912
- C:\Windows\System\srDBMmx.exe
  C:\Windows\System\srDBMmx.exe
  2⤵
  PID:6112
- C:\Windows\System\uCRImCf.exe
  C:\Windows\System\uCRImCf.exe
  2⤵
  PID:5524
- C:\Windows\System\fTfblNY.exe
  C:\Windows\System\fTfblNY.exe
  2⤵
  PID:5880
- C:\Windows\System\FGuitdE.exe
  C:\Windows\System\FGuitdE.exe
  2⤵
  PID:5404
- C:\Windows\System\zzfItfL.exe
  C:\Windows\System\zzfItfL.exe
  2⤵
  PID:6164
- C:\Windows\System\YiXtVeA.exe
  C:\Windows\System\YiXtVeA.exe
  2⤵
  PID:6196
- C:\Windows\System\vDQzdDS.exe
  C:\Windows\System\vDQzdDS.exe
  2⤵
  PID:6228
- C:\Windows\System\yDKHkFB.exe
  C:\Windows\System\yDKHkFB.exe
  2⤵
  PID:6256
- C:\Windows\System\jbanics.exe
  C:\Windows\System\jbanics.exe
  2⤵
  PID:6284
- C:\Windows\System\DglrrnD.exe
  C:\Windows\System\DglrrnD.exe
  2⤵
  PID:6316
- C:\Windows\System\DeSUMWN.exe
  C:\Windows\System\DeSUMWN.exe
  2⤵
  PID:6344
- C:\Windows\System\eCSJRXU.exe
  C:\Windows\System\eCSJRXU.exe
  2⤵
  PID:6380
- C:\Windows\System\MeHgujx.exe
  C:\Windows\System\MeHgujx.exe
  2⤵
  PID:6400
- C:\Windows\System\mpMlNOA.exe
  C:\Windows\System\mpMlNOA.exe
  2⤵
  PID:6428
- C:\Windows\System\JMyELqN.exe
  C:\Windows\System\JMyELqN.exe
  2⤵
  PID:6456
- C:\Windows\System\tRHaRns.exe
  C:\Windows\System\tRHaRns.exe
  2⤵
  PID:6480
- C:\Windows\System\rvKYCLR.exe
  C:\Windows\System\rvKYCLR.exe
  2⤵
  PID:6512
- C:\Windows\System\reGWvUj.exe
  C:\Windows\System\reGWvUj.exe
  2⤵
  PID:6552
- C:\Windows\System\mQEMpHb.exe
  C:\Windows\System\mQEMpHb.exe
  2⤵
  PID:6592
- C:\Windows\System\GdtLveX.exe
  C:\Windows\System\GdtLveX.exe
  2⤵
  PID:6612
- C:\Windows\System\MXcKNbL.exe
  C:\Windows\System\MXcKNbL.exe
  2⤵
  PID:6636
- C:\Windows\System\IdSWhnK.exe
  C:\Windows\System\IdSWhnK.exe
  2⤵
  PID:6656
- C:\Windows\System\XnEKAiM.exe
  C:\Windows\System\XnEKAiM.exe
  2⤵
  PID:6696
- C:\Windows\System\TVHfXsL.exe
  C:\Windows\System\TVHfXsL.exe
  2⤵
  PID:6728
- C:\Windows\System\fUubOJP.exe
  C:\Windows\System\fUubOJP.exe
  2⤵
  PID:6756
- C:\Windows\System\uFBhPmD.exe
  C:\Windows\System\uFBhPmD.exe
  2⤵
  PID:6788
- C:\Windows\System\ZRHJhzx.exe
  C:\Windows\System\ZRHJhzx.exe
  2⤵
  PID:6816
- C:\Windows\System\edIkBmC.exe
  C:\Windows\System\edIkBmC.exe
  2⤵
  PID:6848
- C:\Windows\System\vxeGcBZ.exe
  C:\Windows\System\vxeGcBZ.exe
  2⤵
  PID:6868
- C:\Windows\System\jYSjTsA.exe
  C:\Windows\System\jYSjTsA.exe
  2⤵
  PID:6888
- C:\Windows\System\WyHSvKi.exe
  C:\Windows\System\WyHSvKi.exe
  2⤵
  PID:6928
- C:\Windows\System\vGXBdsP.exe
  C:\Windows\System\vGXBdsP.exe
  2⤵
  PID:6952
- C:\Windows\System\CqhfKzQ.exe
  C:\Windows\System\CqhfKzQ.exe
  2⤵
  PID:6992
- C:\Windows\System\uSqgWwF.exe
  C:\Windows\System\uSqgWwF.exe
  2⤵
  PID:7024
- C:\Windows\System\lULFlIU.exe
  C:\Windows\System\lULFlIU.exe
  2⤵
  PID:7052
- C:\Windows\System\faRepmr.exe
  C:\Windows\System\faRepmr.exe
  2⤵
  PID:7084
- C:\Windows\System\LLXIpfU.exe
  C:\Windows\System\LLXIpfU.exe
  2⤵
  PID:7128
- C:\Windows\System\tlHZRcS.exe
  C:\Windows\System\tlHZRcS.exe
  2⤵
  PID:7156
- C:\Windows\System\KMWBsZj.exe
  C:\Windows\System\KMWBsZj.exe
  2⤵
  PID:6180
- C:\Windows\System\sgDPwgM.exe
  C:\Windows\System\sgDPwgM.exe
  2⤵
  PID:6300
- C:\Windows\System\yXrXnLM.exe
  C:\Windows\System\yXrXnLM.exe
  2⤵
  PID:6356
- C:\Windows\System\FLakwQp.exe
  C:\Windows\System\FLakwQp.exe
  2⤵
  PID:6424
- C:\Windows\System\QtelNMs.exe
  C:\Windows\System\QtelNMs.exe
  2⤵
  PID:6504
- C:\Windows\System\uOgUXij.exe
  C:\Windows\System\uOgUXij.exe
  2⤵
  PID:6608
- C:\Windows\System\uoPqqBU.exe
  C:\Windows\System\uoPqqBU.exe
  2⤵
  PID:6688
- C:\Windows\System\yJRrlut.exe
  C:\Windows\System\yJRrlut.exe
  2⤵
  PID:6752
- C:\Windows\System\dGCFTPe.exe
  C:\Windows\System\dGCFTPe.exe
  2⤵
  PID:6828
- C:\Windows\System\OZnSvVT.exe
  C:\Windows\System\OZnSvVT.exe
  2⤵
  PID:6920
- C:\Windows\System\kiMIRAH.exe
  C:\Windows\System\kiMIRAH.exe
  2⤵
  PID:7000
- C:\Windows\System\nDrNdvA.exe
  C:\Windows\System\nDrNdvA.exe
  2⤵
  PID:7044
- C:\Windows\System\LPCzpYw.exe
  C:\Windows\System\LPCzpYw.exe
  2⤵
  PID:7096
- C:\Windows\System\trzBVZj.exe
  C:\Windows\System\trzBVZj.exe
  2⤵
  PID:7152
- C:\Windows\System\JWdsfjd.exe
  C:\Windows\System\JWdsfjd.exe
  2⤵
  PID:6224
- C:\Windows\System\hSYCXGR.exe
  C:\Windows\System\hSYCXGR.exe
  2⤵
  PID:6564
- C:\Windows\System\dBCriRt.exe
  C:\Windows\System\dBCriRt.exe
  2⤵
  PID:6780
- C:\Windows\System\sBKTsSU.exe
  C:\Windows\System\sBKTsSU.exe
  2⤵
  PID:7016
- C:\Windows\System\wAudpkV.exe
  C:\Windows\System\wAudpkV.exe
  2⤵
  PID:7148
- C:\Windows\System\yUqWIgv.exe
  C:\Windows\System\yUqWIgv.exe
  2⤵
  PID:6936
- C:\Windows\System\ZFLPUff.exe
  C:\Windows\System\ZFLPUff.exe
  2⤵
  PID:5992
- C:\Windows\System\pDybDWh.exe
  C:\Windows\System\pDybDWh.exe
  2⤵
  PID:7192
- C:\Windows\System\MgbuDIa.exe
  C:\Windows\System\MgbuDIa.exe
  2⤵
  PID:7220
- C:\Windows\System\BIXLGxU.exe
  C:\Windows\System\BIXLGxU.exe
  2⤵
  PID:7272
- C:\Windows\System\IjDnKKH.exe
  C:\Windows\System\IjDnKKH.exe
  2⤵
  PID:7296
- C:\Windows\System\vylJbuz.exe
  C:\Windows\System\vylJbuz.exe
  2⤵
  PID:7328
- C:\Windows\System\yyBZuUL.exe
  C:\Windows\System\yyBZuUL.exe
  2⤵
  PID:7376
- C:\Windows\System\DPJQLoW.exe
  C:\Windows\System\DPJQLoW.exe
  2⤵
  PID:7404
- C:\Windows\System\eDiAHbN.exe
  C:\Windows\System\eDiAHbN.exe
  2⤵
  PID:7432
- C:\Windows\System\yxVXHlw.exe
  C:\Windows\System\yxVXHlw.exe
  2⤵
  PID:7464
- C:\Windows\System\grbvaXQ.exe
  C:\Windows\System\grbvaXQ.exe
  2⤵
  PID:7496
- C:\Windows\System\wpJZKWw.exe
  C:\Windows\System\wpJZKWw.exe
  2⤵
  PID:7512
- C:\Windows\System\JBTTVRr.exe
  C:\Windows\System\JBTTVRr.exe
  2⤵
  PID:7532
- C:\Windows\System\TywQEkT.exe
  C:\Windows\System\TywQEkT.exe
  2⤵
  PID:7556
- C:\Windows\System\NwcoKsp.exe
  C:\Windows\System\NwcoKsp.exe
  2⤵
  PID:7580
- C:\Windows\System\FrDOyEE.exe
  C:\Windows\System\FrDOyEE.exe
  2⤵
  PID:7604
- C:\Windows\System\gmYngZd.exe
  C:\Windows\System\gmYngZd.exe
  2⤵
  PID:7636
- C:\Windows\System\etShEPY.exe
  C:\Windows\System\etShEPY.exe
  2⤵
  PID:7660
- C:\Windows\System\aKjRagk.exe
  C:\Windows\System\aKjRagk.exe
  2⤵
  PID:7696
- C:\Windows\System\afKrvYg.exe
  C:\Windows\System\afKrvYg.exe
  2⤵
  PID:7736
- C:\Windows\System\IhZOZSl.exe
  C:\Windows\System\IhZOZSl.exe
  2⤵
  PID:7768
- C:\Windows\System\zRLuLLE.exe
  C:\Windows\System\zRLuLLE.exe
  2⤵
  PID:7792
- C:\Windows\System\dUbebXt.exe
  C:\Windows\System\dUbebXt.exe
  2⤵
  PID:7832
- C:\Windows\System\qObDkSf.exe
  C:\Windows\System\qObDkSf.exe
  2⤵
  PID:7864
- C:\Windows\System\sHWCDLZ.exe
  C:\Windows\System\sHWCDLZ.exe
  2⤵
  PID:7892
- C:\Windows\System\SSkoXUZ.exe
  C:\Windows\System\SSkoXUZ.exe
  2⤵
  PID:7920
- C:\Windows\System\hURghdP.exe
  C:\Windows\System\hURghdP.exe
  2⤵
  PID:7952
- C:\Windows\System\bunXYoM.exe
  C:\Windows\System\bunXYoM.exe
  2⤵
  PID:7984
- C:\Windows\System\RCZSpwu.exe
  C:\Windows\System\RCZSpwu.exe
  2⤵
  PID:8020
- C:\Windows\System\ropYNoT.exe
  C:\Windows\System\ropYNoT.exe
  2⤵
  PID:8048
- C:\Windows\System\yUoWVYj.exe
  C:\Windows\System\yUoWVYj.exe
  2⤵
  PID:8076
- C:\Windows\System\nrqSjzW.exe
  C:\Windows\System\nrqSjzW.exe
  2⤵
  PID:8104
- C:\Windows\System\OGngVQY.exe
  C:\Windows\System\OGngVQY.exe
  2⤵
  PID:8132
- C:\Windows\System\GgKEtvf.exe
  C:\Windows\System\GgKEtvf.exe
  2⤵
  PID:8160
- C:\Windows\System\DPIwsPF.exe
  C:\Windows\System\DPIwsPF.exe
  2⤵
  PID:8188
- C:\Windows\System\QgOWUmP.exe
  C:\Windows\System\QgOWUmP.exe
  2⤵
  PID:7184
- C:\Windows\System\jufOVxP.exe
  C:\Windows\System\jufOVxP.exe
  2⤵
  PID:7260
- C:\Windows\System\cNTzFDE.exe
  C:\Windows\System\cNTzFDE.exe
  2⤵
  PID:7336
- C:\Windows\System\tXIbHbM.exe
  C:\Windows\System\tXIbHbM.exe
  2⤵
  PID:7388
- C:\Windows\System\BVUwKOj.exe
  C:\Windows\System\BVUwKOj.exe
  2⤵
  PID:7488
- C:\Windows\System\fKFCOul.exe
  C:\Windows\System\fKFCOul.exe
  2⤵
  PID:2212
- C:\Windows\System\BSCutXa.exe
  C:\Windows\System\BSCutXa.exe
  2⤵
  PID:7624
- C:\Windows\System\kXgZCki.exe
  C:\Windows\System\kXgZCki.exe
  2⤵
  PID:7716
- C:\Windows\System\pxWkPlo.exe
  C:\Windows\System\pxWkPlo.exe
  2⤵
  PID:7776
- C:\Windows\System\shLGUGM.exe
  C:\Windows\System\shLGUGM.exe
  2⤵
  PID:7812
- C:\Windows\System\DVSFLON.exe
  C:\Windows\System\DVSFLON.exe
  2⤵
  PID:7884
- C:\Windows\System\XisyyjJ.exe
  C:\Windows\System\XisyyjJ.exe
  2⤵
  PID:7968
- C:\Windows\System\kuhNAOM.exe
  C:\Windows\System\kuhNAOM.exe
  2⤵
  PID:8044
- C:\Windows\System\BihSmcu.exe
  C:\Windows\System\BihSmcu.exe
  2⤵
  PID:8088
- C:\Windows\System\WUDWPyX.exe
  C:\Windows\System\WUDWPyX.exe
  2⤵
  PID:8144
- C:\Windows\System\LeIDhIH.exe
  C:\Windows\System\LeIDhIH.exe
  2⤵
  PID:7204
- C:\Windows\System\pSbSTZd.exe
  C:\Windows\System\pSbSTZd.exe
  2⤵
  PID:6804
- C:\Windows\System\KUnjkRW.exe
  C:\Windows\System\KUnjkRW.exe
  2⤵
  PID:7564
- C:\Windows\System\shUIKeJ.exe
  C:\Windows\System\shUIKeJ.exe
  2⤵
  PID:7720
- C:\Windows\System\zgjFgiq.exe
  C:\Windows\System\zgjFgiq.exe
  2⤵
  PID:7876
- C:\Windows\System\pozGFcH.exe
  C:\Windows\System\pozGFcH.exe
  2⤵
  PID:8032
- C:\Windows\System\ajOeWcF.exe
  C:\Windows\System\ajOeWcF.exe
  2⤵
  PID:8172
- C:\Windows\System\yMfKrQd.exe
  C:\Windows\System\yMfKrQd.exe
  2⤵
  PID:7540
- C:\Windows\System\jfbhUxn.exe
  C:\Windows\System\jfbhUxn.exe
  2⤵
  PID:7852
- C:\Windows\System\RMHdzyy.exe
  C:\Windows\System\RMHdzyy.exe
  2⤵
  PID:3268
- C:\Windows\System\BKmocTr.exe
  C:\Windows\System\BKmocTr.exe
  2⤵
  PID:7844
- C:\Windows\System\GCyndJI.exe
  C:\Windows\System\GCyndJI.exe
  2⤵
  PID:5052
- C:\Windows\System\lSMCkbS.exe
  C:\Windows\System\lSMCkbS.exe
  2⤵
  PID:8204
- C:\Windows\System\YGMaJBv.exe
  C:\Windows\System\YGMaJBv.exe
  2⤵
  PID:8224
- C:\Windows\System\TfrJcQQ.exe
  C:\Windows\System\TfrJcQQ.exe
  2⤵
  PID:8240
- C:\Windows\System\kRAwgzy.exe
  C:\Windows\System\kRAwgzy.exe
  2⤵
  PID:8256
- C:\Windows\System\eILouWt.exe
  C:\Windows\System\eILouWt.exe
  2⤵
  PID:8300
- C:\Windows\System\APawHiH.exe
  C:\Windows\System\APawHiH.exe
  2⤵
  PID:8336
- C:\Windows\System\mEVTbYD.exe
  C:\Windows\System\mEVTbYD.exe
  2⤵
  PID:8360
- C:\Windows\System\AVahfSz.exe
  C:\Windows\System\AVahfSz.exe
  2⤵
  PID:8396
- C:\Windows\System\fPKVJGW.exe
  C:\Windows\System\fPKVJGW.exe
  2⤵
  PID:8420
- C:\Windows\System\lgpciFg.exe
  C:\Windows\System\lgpciFg.exe
  2⤵
  PID:8444
- C:\Windows\System\KXCGubi.exe
  C:\Windows\System\KXCGubi.exe
  2⤵
  PID:8476
- C:\Windows\System\BqTaxoa.exe
  C:\Windows\System\BqTaxoa.exe
  2⤵
  PID:8508
- C:\Windows\System\ZnxudRz.exe
  C:\Windows\System\ZnxudRz.exe
  2⤵
  PID:8532
- C:\Windows\System\FGiHCaR.exe
  C:\Windows\System\FGiHCaR.exe
  2⤵
  PID:8560
- C:\Windows\System\ylUqait.exe
  C:\Windows\System\ylUqait.exe
  2⤵
  PID:8600
- C:\Windows\System\otmaFNw.exe
  C:\Windows\System\otmaFNw.exe
  2⤵
  PID:8620
- C:\Windows\System\xasklHb.exe
  C:\Windows\System\xasklHb.exe
  2⤵
  PID:8648
- C:\Windows\System\oKOWfLs.exe
  C:\Windows\System\oKOWfLs.exe
  2⤵
  PID:8676
- C:\Windows\System\sLsqaGk.exe
  C:\Windows\System\sLsqaGk.exe
  2⤵
  PID:8692
- C:\Windows\System\WpwETLh.exe
  C:\Windows\System\WpwETLh.exe
  2⤵
  PID:8716
- C:\Windows\System\UynOfGO.exe
  C:\Windows\System\UynOfGO.exe
  2⤵
  PID:8760
- C:\Windows\System\sqwrWPF.exe
  C:\Windows\System\sqwrWPF.exe
  2⤵
  PID:8784
- C:\Windows\System\iTHzPpr.exe
  C:\Windows\System\iTHzPpr.exe
  2⤵
  PID:8820
- C:\Windows\System\hElRjNY.exe
  C:\Windows\System\hElRjNY.exe
  2⤵
  PID:8848
- C:\Windows\System\RjQRYbq.exe
  C:\Windows\System\RjQRYbq.exe
  2⤵
  PID:8864
- C:\Windows\System\uNGIsFN.exe
  C:\Windows\System\uNGIsFN.exe
  2⤵
  PID:8892
- C:\Windows\System\dVcVTGq.exe
  C:\Windows\System\dVcVTGq.exe
  2⤵
  PID:8928
- C:\Windows\System\pDGALJN.exe
  C:\Windows\System\pDGALJN.exe
  2⤵
  PID:8960
- C:\Windows\System\fYLIgUn.exe
  C:\Windows\System\fYLIgUn.exe
  2⤵
  PID:8988
- C:\Windows\System\AokKSOQ.exe
  C:\Windows\System\AokKSOQ.exe
  2⤵
  PID:9016
- C:\Windows\System\cmpYDKV.exe
  C:\Windows\System\cmpYDKV.exe
  2⤵
  PID:9044
- C:\Windows\System\UjQpZpW.exe
  C:\Windows\System\UjQpZpW.exe
  2⤵
  PID:9072
- C:\Windows\System\iNKYzuZ.exe
  C:\Windows\System\iNKYzuZ.exe
  2⤵
  PID:9100
- C:\Windows\System\cRhgyUU.exe
  C:\Windows\System\cRhgyUU.exe
  2⤵
  PID:9128
- C:\Windows\System\IzowyOT.exe
  C:\Windows\System\IzowyOT.exe
  2⤵
  PID:9156
- C:\Windows\System\XhTyGvO.exe
  C:\Windows\System\XhTyGvO.exe
  2⤵
  PID:9184
- C:\Windows\System\wdnGmQA.exe
  C:\Windows\System\wdnGmQA.exe
  2⤵
  PID:9204
- C:\Windows\System\ilQIWbM.exe
  C:\Windows\System\ilQIWbM.exe
  2⤵
  PID:8236
- C:\Windows\System\aELqXtp.exe
  C:\Windows\System\aELqXtp.exe
  2⤵
  PID:8320
- C:\Windows\System\dLEluMS.exe
  C:\Windows\System\dLEluMS.exe
  2⤵
  PID:8388
- C:\Windows\System\PxrmATm.exe
  C:\Windows\System\PxrmATm.exe
  2⤵
  PID:8488
- C:\Windows\System\tIjgkVY.exe
  C:\Windows\System\tIjgkVY.exe
  2⤵
  PID:7804
- C:\Windows\System\osTYUlV.exe
  C:\Windows\System\osTYUlV.exe
  2⤵
  PID:8636
- C:\Windows\System\hnVspAe.exe
  C:\Windows\System\hnVspAe.exe
  2⤵
  PID:8704
- C:\Windows\System\pjOiiWP.exe
  C:\Windows\System\pjOiiWP.exe
  2⤵
  PID:8768
- C:\Windows\System\YntaSzg.exe
  C:\Windows\System\YntaSzg.exe
  2⤵
  PID:8844
- C:\Windows\System\orMuxff.exe
  C:\Windows\System\orMuxff.exe
  2⤵
  PID:8904
- C:\Windows\System\Oeobniy.exe
  C:\Windows\System\Oeobniy.exe
  2⤵
  PID:8972
- C:\Windows\System\OMskayQ.exe
  C:\Windows\System\OMskayQ.exe
  2⤵
  PID:9040
- C:\Windows\System\CAFDKth.exe
  C:\Windows\System\CAFDKth.exe
  2⤵
  PID:9064
- C:\Windows\System\SyZkZVO.exe
  C:\Windows\System\SyZkZVO.exe
  2⤵
  PID:9096
- C:\Windows\System\krhCWhZ.exe
  C:\Windows\System\krhCWhZ.exe
  2⤵
  PID:9180
- C:\Windows\System\HgfIpVR.exe
  C:\Windows\System\HgfIpVR.exe
  2⤵
  PID:8352
- C:\Windows\System\GgBEWXX.exe
  C:\Windows\System\GgBEWXX.exe
  2⤵
  PID:8472
- C:\Windows\System\QPuDAOi.exe
  C:\Windows\System\QPuDAOi.exe
  2⤵
  PID:8672
- C:\Windows\System\GAzCXMi.exe
  C:\Windows\System\GAzCXMi.exe
  2⤵
  PID:8812
- C:\Windows\System\UICcDXa.exe
  C:\Windows\System\UICcDXa.exe
  2⤵
  PID:8948
- C:\Windows\System\alwcAFV.exe
  C:\Windows\System\alwcAFV.exe
  2⤵
  PID:9084
- C:\Windows\System\OfzdRpu.exe
  C:\Windows\System\OfzdRpu.exe
  2⤵
  PID:8216
- C:\Windows\System\arLpxPX.exe
  C:\Windows\System\arLpxPX.exe
  2⤵
  PID:8732
- C:\Windows\System\tkaHwJg.exe
  C:\Windows\System\tkaHwJg.exe
  2⤵
  PID:9148
- C:\Windows\System\zTqkoJg.exe
  C:\Windows\System\zTqkoJg.exe
  2⤵
  PID:8616
- C:\Windows\System\IFyTKsb.exe
  C:\Windows\System\IFyTKsb.exe
  2⤵
  PID:2368
- C:\Windows\System\VXkFApz.exe
  C:\Windows\System\VXkFApz.exe
  2⤵
  PID:9244
- C:\Windows\System\RixhTps.exe
  C:\Windows\System\RixhTps.exe
  2⤵
  PID:9276
- C:\Windows\System\hvvCBUj.exe
  C:\Windows\System\hvvCBUj.exe
  2⤵
  PID:9296
- C:\Windows\System\tIwXTDl.exe
  C:\Windows\System\tIwXTDl.exe
  2⤵
  PID:9328
- C:\Windows\System\MpMIAjB.exe
  C:\Windows\System\MpMIAjB.exe
  2⤵
  PID:9352
- C:\Windows\System\kMZSXJA.exe
  C:\Windows\System\kMZSXJA.exe
  2⤵
  PID:9376
- C:\Windows\System\ujcTRPI.exe
  C:\Windows\System\ujcTRPI.exe
  2⤵
  PID:9404
- C:\Windows\System\aqeSzVX.exe
  C:\Windows\System\aqeSzVX.exe
  2⤵
  PID:9432
- C:\Windows\System\pbwVOwd.exe
  C:\Windows\System\pbwVOwd.exe
  2⤵
  PID:9464
- C:\Windows\System\lmuOcYL.exe
  C:\Windows\System\lmuOcYL.exe
  2⤵
  PID:9488
- C:\Windows\System\iBDpLPV.exe
  C:\Windows\System\iBDpLPV.exe
  2⤵
  PID:9520
- C:\Windows\System\xTUUsNR.exe
  C:\Windows\System\xTUUsNR.exe
  2⤵
  PID:9556
- C:\Windows\System\KoAsLzR.exe
  C:\Windows\System\KoAsLzR.exe
  2⤵
  PID:9576
- C:\Windows\System\ervSCEG.exe
  C:\Windows\System\ervSCEG.exe
  2⤵
  PID:9604
- C:\Windows\System\BAekPFA.exe
  C:\Windows\System\BAekPFA.exe
  2⤵
  PID:9644
- C:\Windows\System\lHcvqaQ.exe
  C:\Windows\System\lHcvqaQ.exe
  2⤵
  PID:9668
- C:\Windows\System\ZkWZRgX.exe
  C:\Windows\System\ZkWZRgX.exe
  2⤵
  PID:9700
- C:\Windows\System\TrwjNXm.exe
  C:\Windows\System\TrwjNXm.exe
  2⤵
  PID:9728
- C:\Windows\System\CUnyufr.exe
  C:\Windows\System\CUnyufr.exe
  2⤵
  PID:9756
- C:\Windows\System\tbRSqwO.exe
  C:\Windows\System\tbRSqwO.exe
  2⤵
  PID:9784
- C:\Windows\System\vDdNPGz.exe
  C:\Windows\System\vDdNPGz.exe
  2⤵
  PID:9812
- C:\Windows\System\aKtvvFI.exe
  C:\Windows\System\aKtvvFI.exe
  2⤵
  PID:9840
- C:\Windows\System\cbleQYr.exe
  C:\Windows\System\cbleQYr.exe
  2⤵
  PID:9868
- C:\Windows\System\FzYWOwK.exe
  C:\Windows\System\FzYWOwK.exe
  2⤵
  PID:9888
- C:\Windows\System\Dvgexgu.exe
  C:\Windows\System\Dvgexgu.exe
  2⤵
  PID:9924
- C:\Windows\System\znccBmd.exe
  C:\Windows\System\znccBmd.exe
  2⤵
  PID:9956
- C:\Windows\System\evCWdtv.exe
  C:\Windows\System\evCWdtv.exe
  2⤵
  PID:9980
- C:\Windows\System\zukgqea.exe
  C:\Windows\System\zukgqea.exe
  2⤵
  PID:9996
- C:\Windows\System\BPvmkKC.exe
  C:\Windows\System\BPvmkKC.exe
  2⤵
  PID:10020
- C:\Windows\System\NNfEIIF.exe
  C:\Windows\System\NNfEIIF.exe
  2⤵
  PID:10064
- C:\Windows\System\TgMDNfE.exe
  C:\Windows\System\TgMDNfE.exe
  2⤵
  PID:10080
- C:\Windows\System\OvsFYLq.exe
  C:\Windows\System\OvsFYLq.exe
  2⤵
  PID:10120
- C:\Windows\System\VZvbAcJ.exe
  C:\Windows\System\VZvbAcJ.exe
  2⤵
  PID:10148
- C:\Windows\System\NPyliYz.exe
  C:\Windows\System\NPyliYz.exe
  2⤵
  PID:10164
- C:\Windows\System\OqJyzMk.exe
  C:\Windows\System\OqJyzMk.exe
  2⤵
  PID:10200
- C:\Windows\System\yMuQKpZ.exe
  C:\Windows\System\yMuQKpZ.exe
  2⤵
  PID:10220
- C:\Windows\System\DwHHiXN.exe
  C:\Windows\System\DwHHiXN.exe
  2⤵
  PID:9224
- C:\Windows\System\giaxOqC.exe
  C:\Windows\System\giaxOqC.exe
  2⤵
  PID:9312
- C:\Windows\System\nlOlHTl.exe
  C:\Windows\System\nlOlHTl.exe
  2⤵
  PID:9360
- C:\Windows\System\TTyImMp.exe
  C:\Windows\System\TTyImMp.exe
  2⤵
  PID:9428
- C:\Windows\System\ncGLySm.exe
  C:\Windows\System\ncGLySm.exe
  2⤵
  PID:9496
- C:\Windows\System\mYFPxSB.exe
  C:\Windows\System\mYFPxSB.exe
  2⤵
  PID:9568
- C:\Windows\System\lGTOIip.exe
  C:\Windows\System\lGTOIip.exe
  2⤵
  PID:9616
- C:\Windows\System\qNLrBNg.exe
  C:\Windows\System\qNLrBNg.exe
  2⤵
  PID:9684
- C:\Windows\System\rGUxllT.exe
  C:\Windows\System\rGUxllT.exe
  2⤵
  PID:9724
- C:\Windows\System\SGIpNCw.exe
  C:\Windows\System\SGIpNCw.exe
  2⤵
  PID:9836
- C:\Windows\System\ZazOFkt.exe
  C:\Windows\System\ZazOFkt.exe
  2⤵
  PID:9908
- C:\Windows\System\qvIVyDn.exe
  C:\Windows\System\qvIVyDn.exe
  2⤵
  PID:9972
- C:\Windows\System\BbaWynR.exe
  C:\Windows\System\BbaWynR.exe
  2⤵
  PID:10032
- C:\Windows\System\njEsqlP.exe
  C:\Windows\System\njEsqlP.exe
  2⤵
  PID:10104
- C:\Windows\System\kWCqTyi.exe
  C:\Windows\System\kWCqTyi.exe
  2⤵
  PID:10160
- C:\Windows\System\zpviDsm.exe
  C:\Windows\System\zpviDsm.exe
  2⤵
  PID:10216
- C:\Windows\System\dceVmMz.exe
  C:\Windows\System\dceVmMz.exe
  2⤵
  PID:9268
- C:\Windows\System\LNAusrq.exe
  C:\Windows\System\LNAusrq.exe
  2⤵
  PID:9348
- C:\Windows\System\dYJgtsl.exe
  C:\Windows\System\dYJgtsl.exe
  2⤵
  PID:9504
- C:\Windows\System\RLRtYrQ.exe
  C:\Windows\System\RLRtYrQ.exe
  2⤵
  PID:9660
- C:\Windows\System\QuCNast.exe
  C:\Windows\System\QuCNast.exe
  2⤵
  PID:9948
- C:\Windows\System\rBHeCMb.exe
  C:\Windows\System\rBHeCMb.exe
  2⤵
  PID:9284
- C:\Windows\System\wRbWMlr.exe
  C:\Windows\System\wRbWMlr.exe
  2⤵
  PID:9716
- C:\Windows\System\lSyQqQm.exe
  C:\Windows\System\lSyQqQm.exe
  2⤵
  PID:9852
- C:\Windows\System\bvlzPSv.exe
  C:\Windows\System\bvlzPSv.exe
  2⤵
  PID:9456
- C:\Windows\System\nUyxFuI.exe
  C:\Windows\System\nUyxFuI.exe
  2⤵
  PID:9532
- C:\Windows\System\AjjtxML.exe
  C:\Windows\System\AjjtxML.exe
  2⤵
  PID:10268
- C:\Windows\System\xNZavGc.exe
  C:\Windows\System\xNZavGc.exe
  2⤵
  PID:10288
- C:\Windows\System\IHmfJzB.exe
  C:\Windows\System\IHmfJzB.exe
  2⤵
  PID:10304
- C:\Windows\System\yEZzmPD.exe
  C:\Windows\System\yEZzmPD.exe
  2⤵
  PID:10344
- C:\Windows\System\CwnWToh.exe
  C:\Windows\System\CwnWToh.exe
  2⤵
  PID:10384
- C:\Windows\System\LcrZjPY.exe
  C:\Windows\System\LcrZjPY.exe
  2⤵
  PID:10400
- C:\Windows\System\fmoCQrl.exe
  C:\Windows\System\fmoCQrl.exe
  2⤵
  PID:10416
- C:\Windows\System\XjvhaaG.exe
  C:\Windows\System\XjvhaaG.exe
  2⤵
  PID:10432
- C:\Windows\System\SRdBGHa.exe
  C:\Windows\System\SRdBGHa.exe
  2⤵
  PID:10452
- C:\Windows\System\seKPrOJ.exe
  C:\Windows\System\seKPrOJ.exe
  2⤵
  PID:10476
- C:\Windows\System\KsvKPrD.exe
  C:\Windows\System\KsvKPrD.exe
  2⤵
  PID:10492
- C:\Windows\System\eTyLbpk.exe
  C:\Windows\System\eTyLbpk.exe
  2⤵
  PID:10512
- C:\Windows\System\UNJaCPt.exe
  C:\Windows\System\UNJaCPt.exe
  2⤵
  PID:10548
- C:\Windows\System\dGGnQgU.exe
  C:\Windows\System\dGGnQgU.exe
  2⤵
  PID:10568
- C:\Windows\System\hzVMySp.exe
  C:\Windows\System\hzVMySp.exe
  2⤵
  PID:10592
- C:\Windows\System\HeyupJg.exe
  C:\Windows\System\HeyupJg.exe
  2⤵
  PID:10616
- C:\Windows\System\TAiwEjb.exe
  C:\Windows\System\TAiwEjb.exe
  2⤵
  PID:10652
- C:\Windows\System\ipwLfus.exe
  C:\Windows\System\ipwLfus.exe
  2⤵
  PID:10688
- C:\Windows\System\GCvkqwK.exe
  C:\Windows\System\GCvkqwK.exe
  2⤵
  PID:10720
- C:\Windows\System\DwbJVFy.exe
  C:\Windows\System\DwbJVFy.exe
  2⤵
  PID:10740
- C:\Windows\System\deUKzQS.exe
  C:\Windows\System\deUKzQS.exe
  2⤵
  PID:10772
- C:\Windows\System\eGjfEYj.exe
  C:\Windows\System\eGjfEYj.exe
  2⤵
  PID:10804
- C:\Windows\System\WXOdiZC.exe
  C:\Windows\System\WXOdiZC.exe
  2⤵
  PID:10828
- C:\Windows\System\JxcagHA.exe
  C:\Windows\System\JxcagHA.exe
  2⤵
  PID:10848
- C:\Windows\System\Cypgfqi.exe
  C:\Windows\System\Cypgfqi.exe
  2⤵
  PID:10876
- C:\Windows\System\rsggUvW.exe
  C:\Windows\System\rsggUvW.exe
  2⤵
  PID:10908
- C:\Windows\System\aptjakU.exe
  C:\Windows\System\aptjakU.exe
  2⤵
  PID:10936
- C:\Windows\System\YRfNqhg.exe
  C:\Windows\System\YRfNqhg.exe
  2⤵
  PID:10964
- C:\Windows\System\lVrdNEQ.exe
  C:\Windows\System\lVrdNEQ.exe
  2⤵
  PID:11004
- C:\Windows\System\RPZBmgt.exe
  C:\Windows\System\RPZBmgt.exe
  2⤵
  PID:11032
- C:\Windows\System\oUrPwCI.exe
  C:\Windows\System\oUrPwCI.exe
  2⤵
  PID:11068
- C:\Windows\System\glHsHTP.exe
  C:\Windows\System\glHsHTP.exe
  2⤵
  PID:11100
- C:\Windows\System\EBXnIze.exe
  C:\Windows\System\EBXnIze.exe
  2⤵
  PID:11120
- C:\Windows\System\hDTdOQr.exe
  C:\Windows\System\hDTdOQr.exe
  2⤵
  PID:11152
- C:\Windows\System\ObQhghX.exe
  C:\Windows\System\ObQhghX.exe
  2⤵
  PID:11176
- C:\Windows\System\xvicxeL.exe
  C:\Windows\System\xvicxeL.exe
  2⤵
  PID:11200
- C:\Windows\System\rXWxNNI.exe
  C:\Windows\System\rXWxNNI.exe
  2⤵
  PID:11236
- C:\Windows\System\AxlBEOe.exe
  C:\Windows\System\AxlBEOe.exe
  2⤵
  PID:10092
- C:\Windows\System\ZgiPvnB.exe
  C:\Windows\System\ZgiPvnB.exe
  2⤵
  PID:10280
- C:\Windows\System\oLrcUKc.exe
  C:\Windows\System\oLrcUKc.exe
  2⤵
  PID:10328
- C:\Windows\System\OhmIpgQ.exe
  C:\Windows\System\OhmIpgQ.exe
  2⤵
  PID:10460
- C:\Windows\System\eogYgjR.exe
  C:\Windows\System\eogYgjR.exe
  2⤵
  PID:10508
- C:\Windows\System\kOpmAml.exe
  C:\Windows\System\kOpmAml.exe
  2⤵
  PID:10588
- C:\Windows\System\oNxnvxh.exe
  C:\Windows\System\oNxnvxh.exe
  2⤵
  PID:10648
- C:\Windows\System\IZNTzdB.exe
  C:\Windows\System\IZNTzdB.exe
  2⤵
  PID:10676
- C:\Windows\System\kfEOsvS.exe
  C:\Windows\System\kfEOsvS.exe
  2⤵
  PID:10868
- C:\Windows\System\wbKNJVB.exe
  C:\Windows\System\wbKNJVB.exe
  2⤵
  PID:10864
- C:\Windows\System\ghEHtEf.exe
  C:\Windows\System\ghEHtEf.exe
  2⤵
  PID:11020
- C:\Windows\System\HXfBwUL.exe
  C:\Windows\System\HXfBwUL.exe
  2⤵
  PID:11052
- C:\Windows\System\CRHqmTb.exe
  C:\Windows\System\CRHqmTb.exe
  2⤵
  PID:11148
- C:\Windows\System\UTFeLCP.exe
  C:\Windows\System\UTFeLCP.exe
  2⤵
  PID:11192
- C:\Windows\System\GvKzOUU.exe
  C:\Windows\System\GvKzOUU.exe
  2⤵
  PID:10260
- C:\Windows\System\DEAhFRq.exe
  C:\Windows\System\DEAhFRq.exe
  2⤵
  PID:10376
- C:\Windows\System\chNByhh.exe
  C:\Windows\System\chNByhh.exe
  2⤵
  PID:10640
- C:\Windows\System\fjqyJrD.exe
  C:\Windows\System\fjqyJrD.exe
  2⤵
  PID:10856
- C:\Windows\System\katNJPK.exe
  C:\Windows\System\katNJPK.exe
  2⤵
  PID:11044
- C:\Windows\System\PdgrXJl.exe
  C:\Windows\System\PdgrXJl.exe
  2⤵
  PID:11164
- C:\Windows\System\XeCbpES.exe
  C:\Windows\System\XeCbpES.exe
  2⤵
  PID:10396
- C:\Windows\System\bxLcDlZ.exe
  C:\Windows\System\bxLcDlZ.exe
  2⤵
  PID:10708
- C:\Windows\System\ETUGtNJ.exe
  C:\Windows\System\ETUGtNJ.exe
  2⤵
  PID:11272
- C:\Windows\System\uhypfiv.exe
  C:\Windows\System\uhypfiv.exe
  2⤵
  PID:11304
- C:\Windows\System\dJZpRdt.exe
  C:\Windows\System\dJZpRdt.exe
  2⤵
  PID:11336
- C:\Windows\System\TRXTigH.exe
  C:\Windows\System\TRXTigH.exe
  2⤵
  PID:11364
- C:\Windows\System\SAHgBZP.exe
  C:\Windows\System\SAHgBZP.exe
  2⤵
  PID:11384
- C:\Windows\System\eGIgqOs.exe
  C:\Windows\System\eGIgqOs.exe
  2⤵
  PID:11432
- C:\Windows\System\vkLmlua.exe
  C:\Windows\System\vkLmlua.exe
  2⤵
  PID:11460
- C:\Windows\System\kLeuoiK.exe
  C:\Windows\System\kLeuoiK.exe
  2⤵
  PID:11492
- C:\Windows\System\ObRbplr.exe
  C:\Windows\System\ObRbplr.exe
  2⤵
  PID:11512
- C:\Windows\System\MRpvCCP.exe
  C:\Windows\System\MRpvCCP.exe
  2⤵
  PID:11552
- C:\Windows\System\FJDdyxv.exe
  C:\Windows\System\FJDdyxv.exe
  2⤵
  PID:11584
- C:\Windows\System\UdzblGi.exe
  C:\Windows\System\UdzblGi.exe
  2⤵
  PID:11608
- C:\Windows\System\laTNIpL.exe
  C:\Windows\System\laTNIpL.exe
  2⤵
  PID:11644
- C:\Windows\System\EFtWcUd.exe
  C:\Windows\System\EFtWcUd.exe
  2⤵
  PID:11676
- C:\Windows\System\VUKLIWE.exe
  C:\Windows\System\VUKLIWE.exe
  2⤵
  PID:11712
- C:\Windows\System\klHwmoM.exe
  C:\Windows\System\klHwmoM.exe
  2⤵
  PID:11752
- C:\Windows\System\JlkKnlT.exe
  C:\Windows\System\JlkKnlT.exe
  2⤵
  PID:11792
- C:\Windows\System\aZZADEA.exe
  C:\Windows\System\aZZADEA.exe
  2⤵
  PID:11808
- C:\Windows\System\RNyPKhN.exe
  C:\Windows\System\RNyPKhN.exe
  2⤵
  PID:11832
- C:\Windows\System\rRgvwcG.exe
  C:\Windows\System\rRgvwcG.exe
  2⤵
  PID:11860
- C:\Windows\System\kcLrjTR.exe
  C:\Windows\System\kcLrjTR.exe
  2⤵
  PID:11876
- C:\Windows\System\DasSRWH.exe
  C:\Windows\System\DasSRWH.exe
  2⤵
  PID:11892
- C:\Windows\System\eOmKYax.exe
  C:\Windows\System\eOmKYax.exe
  2⤵
  PID:11908
- C:\Windows\System\rQRciqg.exe
  C:\Windows\System\rQRciqg.exe
  2⤵
  PID:11928
- C:\Windows\System\hYxpJMg.exe
  C:\Windows\System\hYxpJMg.exe
  2⤵
  PID:11952
- C:\Windows\System\LQvsTkv.exe
  C:\Windows\System\LQvsTkv.exe
  2⤵
  PID:11980
- C:\Windows\System\zxatQtz.exe
  C:\Windows\System\zxatQtz.exe
  2⤵
  PID:11996
- C:\Windows\System\zoJsWju.exe
  C:\Windows\System\zoJsWju.exe
  2⤵
  PID:12024
- C:\Windows\System\jIEwYSk.exe
  C:\Windows\System\jIEwYSk.exe
  2⤵
  PID:12056
- C:\Windows\System\DCMwOvX.exe
  C:\Windows\System\DCMwOvX.exe
  2⤵
  PID:12088
- C:\Windows\System\bDnZvBw.exe
  C:\Windows\System\bDnZvBw.exe
  2⤵
  PID:12124
- C:\Windows\System\IkWxUTc.exe
  C:\Windows\System\IkWxUTc.exe
  2⤵
  PID:12160
- C:\Windows\System\esKtjIF.exe
  C:\Windows\System\esKtjIF.exe
  2⤵
  PID:12184
- C:\Windows\System\xjVonng.exe
  C:\Windows\System\xjVonng.exe
  2⤵
  PID:12216
- C:\Windows\System\XkfNAbk.exe
  C:\Windows\System\XkfNAbk.exe
  2⤵
  PID:12256
- C:\Windows\System\RrKXwfw.exe
  C:\Windows\System\RrKXwfw.exe
  2⤵
  PID:12280
- C:\Windows\System\aQpdMvU.exe
  C:\Windows\System\aQpdMvU.exe
  2⤵
  PID:11268
- C:\Windows\System\swSKvAx.exe
  C:\Windows\System\swSKvAx.exe
  2⤵
  PID:11456
- C:\Windows\System\foYnwxO.exe
  C:\Windows\System\foYnwxO.exe
  2⤵
  PID:11448
- C:\Windows\System\MFfkmPT.exe
  C:\Windows\System\MFfkmPT.exe
  2⤵
  PID:11508
- C:\Windows\System\IBZqIjr.exe
  C:\Windows\System\IBZqIjr.exe
  2⤵
  PID:11540
- C:\Windows\System\JPAhOsg.exe
  C:\Windows\System\JPAhOsg.exe
  2⤵
  PID:11740
- C:\Windows\System\KxtXLZG.exe
  C:\Windows\System\KxtXLZG.exe
  2⤵
  PID:11704
- C:\Windows\System\tpFNoOT.exe
  C:\Windows\System\tpFNoOT.exe
  2⤵
  PID:11784
- C:\Windows\System\VomoBjA.exe
  C:\Windows\System\VomoBjA.exe
  2⤵
  PID:11844
- C:\Windows\System\XQeSHMj.exe
  C:\Windows\System\XQeSHMj.exe
  2⤵
  PID:11852
- C:\Windows\System\TzpInJj.exe
  C:\Windows\System\TzpInJj.exe
  2⤵
  PID:11900
- C:\Windows\System\BjuKAQz.exe
  C:\Windows\System\BjuKAQz.exe
  2⤵
  PID:12152
- C:\Windows\System\AwNdAni.exe
  C:\Windows\System\AwNdAni.exe
  2⤵
  PID:12108
- C:\Windows\System\AmXKzdT.exe
  C:\Windows\System\AmXKzdT.exe
  2⤵
  PID:12208
- C:\Windows\System\Bfvidrj.exe
  C:\Windows\System\Bfvidrj.exe
  2⤵
  PID:10760
- C:\Windows\System\GVfrSZB.exe
  C:\Windows\System\GVfrSZB.exe
  2⤵
  PID:11092
- C:\Windows\System\FEZnHbi.exe
  C:\Windows\System\FEZnHbi.exe
  2⤵
  PID:11524
- C:\Windows\System\IpLynAO.exe
  C:\Windows\System\IpLynAO.exe
  2⤵
  PID:11696
- C:\Windows\System\xlRubat.exe
  C:\Windows\System\xlRubat.exe
  2⤵
  PID:11748
- C:\Windows\System\feBGWPd.exe
  C:\Windows\System\feBGWPd.exe
  2⤵
  PID:11872
- C:\Windows\System\EGgEmKG.exe
  C:\Windows\System\EGgEmKG.exe
  2⤵
  PID:12036
- C:\Windows\System\epYMJRh.exe
  C:\Windows\System\epYMJRh.exe
  2⤵
  PID:12084
- C:\Windows\System\xIpNLvX.exe
  C:\Windows\System\xIpNLvX.exe
  2⤵
  PID:12200
- C:\Windows\System\LLliRdE.exe
  C:\Windows\System\LLliRdE.exe
  2⤵
  PID:11624
- C:\Windows\System\wrPEzxS.exe
  C:\Windows\System\wrPEzxS.exe
  2⤵
  PID:11992
- C:\Windows\System\awTJiCW.exe
  C:\Windows\System\awTJiCW.exe
  2⤵
  PID:11820
- C:\Windows\System\sVbPmMG.exe
  C:\Windows\System\sVbPmMG.exe
  2⤵
  PID:12312
- C:\Windows\System\xmdEzwb.exe
  C:\Windows\System\xmdEzwb.exe
  2⤵
  PID:12348
- C:\Windows\System\ovQBhyg.exe
  C:\Windows\System\ovQBhyg.exe
  2⤵
  PID:12376
- C:\Windows\System\IonVssX.exe
  C:\Windows\System\IonVssX.exe
  2⤵
  PID:12416
- C:\Windows\System\pEeSzPT.exe
  C:\Windows\System\pEeSzPT.exe
  2⤵
  PID:12440
- C:\Windows\System\ZRkmUyN.exe
  C:\Windows\System\ZRkmUyN.exe
  2⤵
  PID:12460
- C:\Windows\System\QHacHOK.exe
  C:\Windows\System\QHacHOK.exe
  2⤵
  PID:12492
- C:\Windows\System\KWMyPYB.exe
  C:\Windows\System\KWMyPYB.exe
  2⤵
  PID:12516
- C:\Windows\System\kosqjTS.exe
  C:\Windows\System\kosqjTS.exe
  2⤵
  PID:12544
- C:\Windows\System\zbfVKDa.exe
  C:\Windows\System\zbfVKDa.exe
  2⤵
  PID:12572
- C:\Windows\System\AfnbYuA.exe
  C:\Windows\System\AfnbYuA.exe
  2⤵
  PID:12608
- C:\Windows\System\ipjtcGz.exe
  C:\Windows\System\ipjtcGz.exe
  2⤵
  PID:12624
- C:\Windows\System\DYkkrJB.exe
  C:\Windows\System\DYkkrJB.exe
  2⤵
  PID:12664
- C:\Windows\System\XZpiyyQ.exe
  C:\Windows\System\XZpiyyQ.exe
  2⤵
  PID:12692
- C:\Windows\System\wRIxzlv.exe
  C:\Windows\System\wRIxzlv.exe
  2⤵
  PID:12716
- C:\Windows\System\cqplGHS.exe
  C:\Windows\System\cqplGHS.exe
  2⤵
  PID:12748
- C:\Windows\System\XfYOFyE.exe
  C:\Windows\System\XfYOFyE.exe
  2⤵
  PID:12776
- C:\Windows\System\lWwSvnU.exe
  C:\Windows\System\lWwSvnU.exe
  2⤵
  PID:12804
- C:\Windows\System\eYycWGS.exe
  C:\Windows\System\eYycWGS.exe
  2⤵
  PID:12840
- C:\Windows\System\EAGfLPi.exe
  C:\Windows\System\EAGfLPi.exe
  2⤵
  PID:12872
- C:\Windows\System\dMjTNEq.exe
  C:\Windows\System\dMjTNEq.exe
  2⤵
  PID:12900
- C:\Windows\System\msPFrac.exe
  C:\Windows\System\msPFrac.exe
  2⤵
  PID:12936
- C:\Windows\System\iDkdCol.exe
  C:\Windows\System\iDkdCol.exe
  2⤵
  PID:12964
- C:\Windows\System\NVqWyYd.exe
  C:\Windows\System\NVqWyYd.exe
  2⤵
  PID:12992
- C:\Windows\System\fMUDlJU.exe
  C:\Windows\System\fMUDlJU.exe
  2⤵
  PID:13020
- C:\Windows\System\oJoEMBp.exe
  C:\Windows\System\oJoEMBp.exe
  2⤵
  PID:13036
- C:\Windows\System\SVboBqu.exe
  C:\Windows\System\SVboBqu.exe
  2⤵
  PID:13056
- C:\Windows\System\OlzWEpY.exe
  C:\Windows\System\OlzWEpY.exe
  2⤵
  PID:13096
- C:\Windows\System\pIiDjkT.exe
  C:\Windows\System\pIiDjkT.exe
  2⤵
  PID:13128
- C:\Windows\System\bPQNGpQ.exe
  C:\Windows\System\bPQNGpQ.exe
  2⤵
  PID:13148
- C:\Windows\System\CjBkauf.exe
  C:\Windows\System\CjBkauf.exe
  2⤵
  PID:13184
- C:\Windows\System\hUuXdTE.exe
  C:\Windows\System\hUuXdTE.exe
  2⤵
  PID:13216
- C:\Windows\System\NAqsGYa.exe
  C:\Windows\System\NAqsGYa.exe
  2⤵
  PID:13256
- C:\Windows\System\zZwTwnM.exe
  C:\Windows\System\zZwTwnM.exe
  2⤵
  PID:13284
- C:\Windows\System\ipjLFWL.exe
  C:\Windows\System\ipjLFWL.exe
  2⤵
  PID:11684
- C:\Windows\System\lloYDBL.exe
  C:\Windows\System\lloYDBL.exe
  2⤵
  PID:12044
- C:\Windows\System\ZJurhsR.exe
  C:\Windows\System\ZJurhsR.exe
  2⤵
  PID:12332
- C:\Windows\System\UPQFhKY.exe
  C:\Windows\System\UPQFhKY.exe
  2⤵
  PID:12360
- C:\Windows\System\osUPHsA.exe
  C:\Windows\System\osUPHsA.exe
  2⤵
  PID:12528
- C:\Windows\System\upvwOUF.exe
  C:\Windows\System\upvwOUF.exe
  2⤵
  PID:12508
- C:\Windows\System\njFAeVS.exe
  C:\Windows\System\njFAeVS.exe
  2⤵
  PID:12556
- C:\Windows\System\JrWQDLb.exe
  C:\Windows\System\JrWQDLb.exe
  2⤵
  PID:12636
- C:\Windows\System\pxrqrMd.exe
  C:\Windows\System\pxrqrMd.exe
  2⤵
  PID:12660
- C:\Windows\System\bLLNRAG.exe
  C:\Windows\System\bLLNRAG.exe
  2⤵
  PID:12700
- C:\Windows\System\YsnRNpa.exe
  C:\Windows\System\YsnRNpa.exe
  2⤵
  PID:12736
- C:\Windows\System\PNGCQlm.exe
  C:\Windows\System\PNGCQlm.exe
  2⤵
  PID:12832
- C:\Windows\System\qtFdfOo.exe
  C:\Windows\System\qtFdfOo.exe
  2⤵
  PID:12892
- C:\Windows\System\egJmJLs.exe
  C:\Windows\System\egJmJLs.exe
  2⤵
  PID:12984
- C:\Windows\System\jTJBqvh.exe
  C:\Windows\System\jTJBqvh.exe
  2⤵
  PID:13004
- C:\Windows\System\LLUnSXl.exe
  C:\Windows\System\LLUnSXl.exe
  2⤵
  PID:13064
- C:\Windows\System\iZJmlRQ.exe
  C:\Windows\System\iZJmlRQ.exe
  2⤵
  PID:13204
- C:\Windows\System\YwSxqvt.exe
  C:\Windows\System\YwSxqvt.exe
  2⤵
  PID:13276
- C:\Windows\System\PAWGoUv.exe
  C:\Windows\System\PAWGoUv.exe
  2⤵
  PID:13300
- C:\Windows\System\XRbUXdS.exe
  C:\Windows\System\XRbUXdS.exe
  2⤵
  PID:12328
- C:\Windows\System\uezbccA.exe
  C:\Windows\System\uezbccA.exe
  2⤵
  PID:12488
- C:\Windows\System\QqXyugq.exe
  C:\Windows\System\QqXyugq.exe
  2⤵
  PID:12704
- C:\Windows\System\RSjQNuU.exe
  C:\Windows\System\RSjQNuU.exe
  2⤵
  PID:12792
- C:\Windows\System\vOrDblm.exe
  C:\Windows\System\vOrDblm.exe
  2⤵
  PID:12916
- C:\Windows\System\bqdYWUd.exe
  C:\Windows\System\bqdYWUd.exe
  2⤵
  PID:13136
- C:\Windows\System\UDcBkff.exe
  C:\Windows\System\UDcBkff.exe
  2⤵
  PID:13052
- C:\Windows\System\yGxxfzg.exe
  C:\Windows\System\yGxxfzg.exe
  2⤵
  PID:13308
- C:\Windows\System\eovABXi.exe
  C:\Windows\System\eovABXi.exe
  2⤵
  PID:12644
- C:\Windows\System\tHrQlMc.exe
  C:\Windows\System\tHrQlMc.exe
  2⤵
  PID:12924
- C:\Windows\System\IFhthvo.exe
  C:\Windows\System\IFhthvo.exe
  2⤵
  PID:3972
- C:\Windows\System\Djzdfcj.exe
  C:\Windows\System\Djzdfcj.exe
  2⤵
  PID:4468
- C:\Windows\System\ckUNxlA.exe
  C:\Windows\System\ckUNxlA.exe
  2⤵
  PID:12384
- C:\Windows\System\ZVXHIit.exe
  C:\Windows\System\ZVXHIit.exe
  2⤵
  PID:13344
- C:\Windows\System\aIBNjhd.exe
  C:\Windows\System\aIBNjhd.exe
  2⤵
  PID:13372
- C:\Windows\System\dyrXObc.exe
  C:\Windows\System\dyrXObc.exe
  2⤵
  PID:13400
- C:\Windows\System\JawYjHY.exe
  C:\Windows\System\JawYjHY.exe
  2⤵
  PID:13424
- C:\Windows\System\TeNsvcX.exe
  C:\Windows\System\TeNsvcX.exe
  2⤵
  PID:13448
- C:\Windows\System\dvDzRGf.exe
  C:\Windows\System\dvDzRGf.exe
  2⤵
  PID:13476
- C:\Windows\System\nlEAVbu.exe
  C:\Windows\System\nlEAVbu.exe
  2⤵
  PID:13512
- C:\Windows\System\KmgdxCu.exe
  C:\Windows\System\KmgdxCu.exe
  2⤵
  PID:13532
- C:\Windows\System\YKFIXOG.exe
  C:\Windows\System\YKFIXOG.exe
  2⤵
  PID:13564
- C:\Windows\System\ghbMhbr.exe
  C:\Windows\System\ghbMhbr.exe
  2⤵
  PID:13584
- C:\Windows\System\eUutSuR.exe
  C:\Windows\System\eUutSuR.exe
  2⤵
  PID:13616
- C:\Windows\System\EsqdDoI.exe
  C:\Windows\System\EsqdDoI.exe
  2⤵
  PID:13640
- C:\Windows\System\HvpWpWK.exe
  C:\Windows\System\HvpWpWK.exe
  2⤵
  PID:13664
- C:\Windows\System\uBbzIHP.exe
  C:\Windows\System\uBbzIHP.exe
  2⤵
  PID:13684
- C:\Windows\System\ToePaGx.exe
  C:\Windows\System\ToePaGx.exe
  2⤵
  PID:13716
- C:\Windows\System\nDqBeDz.exe
  C:\Windows\System\nDqBeDz.exe
  2⤵
  PID:13736
- C:\Windows\System\JFecuKb.exe
  C:\Windows\System\JFecuKb.exe
  2⤵
  PID:13772
- C:\Windows\System\isImswo.exe
  C:\Windows\System\isImswo.exe
  2⤵
  PID:13792
- C:\Windows\System\RGtQUYy.exe
  C:\Windows\System\RGtQUYy.exe
  2⤵
  PID:13824
- C:\Windows\System\csRpNTr.exe
  C:\Windows\System\csRpNTr.exe
  2⤵
  PID:13848
- C:\Windows\System\vlDroBZ.exe
  C:\Windows\System\vlDroBZ.exe
  2⤵
  PID:13880
- C:\Windows\System\hyOespo.exe
  C:\Windows\System\hyOespo.exe
  2⤵
  PID:13904
- C:\Windows\System\XEtyeYD.exe
  C:\Windows\System\XEtyeYD.exe
  2⤵
  PID:13932
- C:\Windows\System\ijMqBGe.exe
  C:\Windows\System\ijMqBGe.exe
  2⤵
  PID:13956
- C:\Windows\System\gALZSrC.exe
  C:\Windows\System\gALZSrC.exe
  2⤵
  PID:13984
- C:\Windows\System\VuUgkPH.exe
  C:\Windows\System\VuUgkPH.exe
  2⤵
  PID:14008
- C:\Windows\System\WrDRvpi.exe
  C:\Windows\System\WrDRvpi.exe
  2⤵
  PID:14024
- C:\Windows\System\dvixKHa.exe
  C:\Windows\System\dvixKHa.exe
  2⤵
  PID:14056
- C:\Windows\System\dRDAyUV.exe
  C:\Windows\System\dRDAyUV.exe
  2⤵
  PID:14072
- C:\Windows\System\GnnsoUL.exe
  C:\Windows\System\GnnsoUL.exe
  2⤵
  PID:14108
- C:\Windows\System\BOjSZBC.exe
  C:\Windows\System\BOjSZBC.exe
  2⤵
  PID:14136
- C:\Windows\System\dnEuDIn.exe
  C:\Windows\System\dnEuDIn.exe
  2⤵
  PID:14160
- C:\Windows\System\VcQYWQu.exe
  C:\Windows\System\VcQYWQu.exe
  2⤵
  PID:14176
- C:\Windows\System\NOpcpYt.exe
  C:\Windows\System\NOpcpYt.exe
  2⤵
  PID:14208
- C:\Windows\System\DRiFbvu.exe
  C:\Windows\System\DRiFbvu.exe
  2⤵
  PID:14228
- C:\Windows\System\FRSquaq.exe
  C:\Windows\System\FRSquaq.exe
  2⤵
  PID:14244
- C:\Windows\System\rScKMvD.exe
  C:\Windows\System\rScKMvD.exe
  2⤵
  PID:14260
- C:\Windows\System\hTXkeTy.exe
  C:\Windows\System\hTXkeTy.exe
  2⤵
  PID:14296
- C:\Windows\System\pvQvQlC.exe
  C:\Windows\System\pvQvQlC.exe
  2⤵
  PID:14312
- C:\Windows\System\LwWwqFK.exe
  C:\Windows\System\LwWwqFK.exe
  2⤵
  PID:12400
- C:\Windows\System\ECoRHRM.exe
  C:\Windows\System\ECoRHRM.exe
  2⤵
  PID:13324
- C:\Windows\System\dHvmaGf.exe
  C:\Windows\System\dHvmaGf.exe
  2⤵
  PID:13332
- C:\Windows\System\LcVwmbE.exe
  C:\Windows\System\LcVwmbE.exe
  2⤵
  PID:13488
- C:\Windows\System\nGnOtXO.exe
  C:\Windows\System\nGnOtXO.exe
  2⤵
  PID:13412
- C:\Windows\System\iZpiwOv.exe
  C:\Windows\System\iZpiwOv.exe
  2⤵
  PID:13676
- C:\Windows\System\TKzCHOW.exe
  C:\Windows\System\TKzCHOW.exe
  2⤵
  PID:13572
- C:\Windows\System\hYQuZsV.exe
  C:\Windows\System\hYQuZsV.exe
  2⤵
  PID:13648
- C:\Windows\System\dQSgmcW.exe
  C:\Windows\System\dQSgmcW.exe
  2⤵
  PID:13748
- C:\Windows\System\ufLKvfT.exe
  C:\Windows\System\ufLKvfT.exe
  2⤵
  PID:13896
- C:\Windows\System\VFTAefS.exe
  C:\Windows\System\VFTAefS.exe
  2⤵
  PID:13940
- C:\Windows\System\mcqLpXv.exe
  C:\Windows\System\mcqLpXv.exe
  2⤵
  PID:14004
- C:\Windows\System\xafEPgr.exe
  C:\Windows\System\xafEPgr.exe
  2⤵
  PID:14120
- C:\Windows\System\MLnDavp.exe
  C:\Windows\System\MLnDavp.exe
  2⤵
  PID:14256
- C:\Windows\System\BTZhCXD.exe
  C:\Windows\System\BTZhCXD.exe
  2⤵
  PID:14068
- C:\Windows\System\gkLluQZ.exe
  C:\Windows\System\gkLluQZ.exe
  2⤵
  PID:14304
- C:\Windows\System\uZiQelR.exe
  C:\Windows\System\uZiQelR.exe
  2⤵
  PID:14280
- C:\Windows\System\BDxvLFp.exe
  C:\Windows\System\BDxvLFp.exe
  2⤵
  PID:14288
- C:\Windows\System\XLyiRSk.exe
  C:\Windows\System\XLyiRSk.exe
  2⤵
  PID:13540
- C:\Windows\System\ghfelcE.exe
  C:\Windows\System\ghfelcE.exe
  2⤵
  PID:13892
- C:\Windows\System\LIRNREd.exe
  C:\Windows\System\LIRNREd.exe
  2⤵
  PID:13116
- C:\Windows\System\eTEwMxa.exe
  C:\Windows\System\eTEwMxa.exe
  2⤵
  PID:13972
- C:\Windows\System\UvaUYvs.exe
  C:\Windows\System\UvaUYvs.exe
  2⤵
  PID:14052
- C:\Windows\System\QWaSUnx.exe
  C:\Windows\System\QWaSUnx.exe
  2⤵
  PID:13604
- C:\Windows\System\vZoyAvJ.exe
  C:\Windows\System\vZoyAvJ.exe
  2⤵
  PID:14324
- C:\Windows\System\dBlDkVv.exe
  C:\Windows\System\dBlDkVv.exe
  2⤵
  PID:13364
- C:\Windows\System\QDsSZXr.exe
  C:\Windows\System\QDsSZXr.exe
  2⤵
  PID:14348
- C:\Windows\System\pAuCgAM.exe
  C:\Windows\System\pAuCgAM.exe
  2⤵
  PID:14376
- C:\Windows\System\lRPkmNs.exe
  C:\Windows\System\lRPkmNs.exe
  2⤵
  PID:14532

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\FNaxyhu.exe

Filesize
2.1MB

MD5
2655af44ff4899faaf0d480359881694

SHA1
027aec8ae3629e86d4163ad9b643ff8283422aac

SHA256
cfe50f974a1941b36238dd1dcacb648c33ec0f652255e838b328ed0e1853a072

SHA512
56a6efa5fee91fbf02edad5e99855b6bed681b8ed40c043f6f705a16c608fb985d3865d0fd7a030b2ede4b911b7704b944eb62a131f89b5c62596801be498736

Download Submit
C:\Windows\System\GWdSfZy.exe

Filesize
2.1MB

MD5
feab430f29b35deb9caa5716981f11de

SHA1
fcc280ae045cdc3aac180165420beb0b80241eeb

SHA256
f306caec99b15d11c4389f879b86db18e6ff822b9839afbf89f7a7f2e2a77375

SHA512
b8c4e0cbf8e95fe0020b860b27b3aa0780ae9752788c851807cc37f24f798875524c2d1b044cdb19e5a550866bd610ad5818025a7ec7b779a3ea372b0a7558ef

Download Submit
C:\Windows\System\JWTfPNb.exe

Filesize
2.1MB

MD5
ae8ae889d8994df55a60f3436fa9b120

SHA1
b49e0c2e43e26b71c1330457f2d29412aa985f46

SHA256
dc7bd61c7576ec24870a40f20bc7aac744ed4429ee2d693ba8c23d8ff52a4c76

SHA512
cbd83479a93b62b82f3d684db1070b2cf43166c514ca8fb239ab69d3950a196b2bdf57e8393ce851d645b9644b7999760c31f4039e0e168d7f4852033f9f33a1

Download Submit
C:\Windows\System\KpQkKtR.exe

Filesize
2.1MB

MD5
74141553fc229c27c4e7f67fc2028153

SHA1
6799a421a4dc03db41a77ebbf264e4e6a2ebcecf

SHA256
e1704d8db31142e54c1e7f7b3985b139fb3c47b999a412ba261781b7f156cebf

SHA512
1168f4ea5b0cf05e79030a4192999e27ec08013a500026792b0effa919e7e7e4f105989bb2a2b0d44edfe3f2f4c402802b9d65e5fe5cab529fef24a1b889f932

Download Submit
C:\Windows\System\NZWtveF.exe

Filesize
2.1MB

MD5
d868381c7a70124aaab9f3366e337fbb

SHA1
27f8ec79f7aba2ef57adbefcbc10ac752a4eaf60

SHA256
4a85025d2cebfa80cdbfe01774536551e9ae28f32da04822599094bef000c7d8

SHA512
b90e684ccfd5b731aba297899ef0ae56b849054fa3dd62b93d90165572d16cc69953db1ca60fc1029015f202d6e9fdabbb4e214484f87ba0c204923645f6adc2

Download Submit
C:\Windows\System\NccpTgT.exe

Filesize
2.1MB

MD5
1a7aab1141adbf416c34ffcbf75bb433

SHA1
87a801243239dd252876a7e4f64a8de8a2796b68

SHA256
698598a072c7420fed06b48132eefb90d9f17c48d7a9f8b21c311f77bdd5f1dc

SHA512
875a823cd32e18b214bdba90b3f2534f913cfef77ba30fac7e93620e7c5937513777c79ac39d3b784435aa4907ee256070fd68e7999cfd09c2d84fd9dfa9a81f

Download Submit
C:\Windows\System\QTnDiyy.exe

Filesize
2.1MB

MD5
8cd5ecc58a5cd06496cc4fda9c3026d8

SHA1
f5a283b251dc79e6e95914357b6b4800aefcb91d

SHA256
c87895e6b288d1897c1a328aef35572ef3e3cbb21062b17dee787f76a87b8cd9

SHA512
ced0858053a2a5f91fd24dc339988894c771ace250795fc56e1c58ca06efcde15102af85e10d36c54464f969a8f77b2be612fb2a180c000ea8d91d28ff8be017

Download Submit
C:\Windows\System\QbQABtD.exe

Filesize
2.1MB

MD5
df31ac831202dc3f91626806d36a28ca

SHA1
94d583a4bfa487165bd1028ae66ea3730c5c8bab

SHA256
5173a81564b381c6c50f73b059ca48d3e4da2e9fc28bd27391af2b9622c22cbf

SHA512
50cb2f73e47d9b38f56d06cd10a5600f9767a08a9938464397da1de33ff05fc035713526d6b2e42a0a4e6a11601c1191fce65e926ab32a8a025979252fd821d4

Download Submit
C:\Windows\System\QvdahgB.exe

Filesize
2.1MB

MD5
842b8d008435fb7a2d18d69e118c5ce8

SHA1
f29eb966f58d0a68a591fd2520f165d72a049f6f

SHA256
37ac7366355eb1c807d37d959a7cbe75aa33033d31fae1d1a208d9e7c5d14469

SHA512
882bb3a8065acd078b70779de3a11cf5a6b337f2ed1c85035aaec0347c95b2c01d6ee30302217af3deda56c80bb44b76dd6fb8520333e0388831e3fad963697a

Download Submit
C:\Windows\System\TFZZmHv.exe

Filesize
2.1MB

MD5
e01bbc848140518a884f5f8ce9e5e133

SHA1
aa52e68614a0241f49537c2f4a3b351fe5bd7864

SHA256
b0afa0ea52245154f649cb747c526022e8ef34351606891808ce84e6436cde16

SHA512
c77f5164247ceec6bcc65bf59ad27ca14e33fa053a6274971139999423dce43110c783604a1b4b8a5401c87bc77c4bcb5f7fec8e9447cd72b4cedd4d7c854267

Download Submit
C:\Windows\System\UdWyZuC.exe

Filesize
2.1MB

MD5
4349157b71a588954833ac8cd9cc2dbb

SHA1
479d6aac4b245f7f4364d62dce09c976c7be8228

SHA256
c0fb833fb231843f3b24e358e7df73c1c8abd3cbde9d97b7ff841e746ffe832f

SHA512
eab9faca43e46651a64921efde91560ba81a88dbb4755dc5347a5dd5e8b403ce366fbadf218522355834fdc7ccc9a34f107ab6468195c827bc539b9239bce8dc

Download Submit
C:\Windows\System\VwZnfju.exe

Filesize
2.1MB

MD5
b447eb605b468f3bda3595f9a88bb656

SHA1
805d62c1d06d6b3b6855a4540d5ff6bf6769d6ca

SHA256
5e41897312bb37c59dea62d9993ff1835f983d3f50694ff6eae55808f59dd168

SHA512
73bcb5e55c3893474ffc956c818147cbd9fee18ff76743e0c12f339c51dfaf045c69253df861a89bb932ca0410e2950e9700dfe975f1de4004d98437db86dccb

Download Submit
C:\Windows\System\WBKcnqD.exe

Filesize
2.1MB

MD5
08030ee173ec6ac01e8d6cae0b18f912

SHA1
42a6854480b62f272fb359947647e58fc69dd7dd

SHA256
3279c6232d32d22082b0241be9466d553b6fde8b4787f42549d055258e27fdb6

SHA512
10a82510c0185996f37eb470ead3b4f7a03c78c3e9b3e9b460648a4eb4229cdf80f267554e6c995349fa6975009d191f6fb52e71e3ff5ec913a038d75b2ca26e

Download Submit
C:\Windows\System\XOKDWNb.exe

Filesize
2.1MB

MD5
ee9c539d4f3c7159337e0e5345b41112

SHA1
57da0693603c9458ecbec71cac39a228506245e3

SHA256
ff6a3e03135e74bae5b012f35ea7896213e31bfdf51b70bac220c11f3e4d713a

SHA512
14c10586560bbc14b5dfde1e783e6ae19a5bd8c1d19d3f66bba8121824df4ed41eff450a40ef923580bb3e1e409f379995b876479ec4cb02e93012526027aaa5

Download Submit
C:\Windows\System\ayVcLNu.exe

Filesize
2.1MB

MD5
a84f8aaab2c00e0a1efa3b81bfc6661d

SHA1
7381f6ab9707918f242c332a3bbe5048fbbee588

SHA256
919537f19a8bb2a21d351b78297b8f1240d60042355118ec2b9a29851983d7bb

SHA512
93f4bc53cf1d7d3953ea7d031b32202cec8568d8d78e4b6ee95c55ca1ff88b12efb7bc3a095734efba534b3620816c4619cdf8726239398b84ca56793ef93ace

Download Submit
C:\Windows\System\bQBXIYv.exe

Filesize
2.1MB

MD5
e14eae2b586dfd26ade1c590d19c709b

SHA1
4da72f5fe045989ba6909851bfd9f6549c97256b

SHA256
8304dd8dd0a3ead1d0467b89e99197cee65085328e1fd88cd50fab83cb10f389

SHA512
d6d0c5938b33d43a402b4c619be51d3768bb5ee8f2823d204176992361200cf9ebea509813284855309116abe16117568bc078aded0364bc39585ebde643a4e5

Download Submit
C:\Windows\System\dbXKoDo.exe

Filesize
2.1MB

MD5
b8a8018600d5da8669b1c758c3fd86db

SHA1
33367cef879783e760e33d870133b90d8cb1d28d

SHA256
c5e7c8673e7583e25303ec04a9328c12a5e040eaca2bfcbb7f5afe386fcdb0cd

SHA512
ee800b398c2d1ba9edead911be35afa4febe4dadc8a776cfa099e0312f335c942a63366712aaf6f2500d6e365aa4f8dc02a05e71e4920464f574d0518bf26177

Download Submit
C:\Windows\System\gEhAthd.exe

Filesize
2.1MB

MD5
8d6d483d90ee0447a04e4c784d278f46

SHA1
d473aa99a2a6104a5bc16f3ffd3a24c51f512289

SHA256
36756a2d480925cad8b194d9eb51d51896f9e5d90cdd09df5fd724b11a03531d

SHA512
55155d4f0d01744d844641bb5aa3783ca840384db2e267c39153f0c72026b836536976d2313fc4e6ba243fd1d327121fdd24ecfaaae34d5630c605532f5337a5

Download Submit
C:\Windows\System\hCgrLvm.exe

Filesize
2.1MB

MD5
241745fbc4c3bf2249448ea4caac3410

SHA1
b095c8fd16fc0f61a0c43452261d3f32c1356d81

SHA256
8b64b47d8a1f04d27e4f557d92ce19bfae70b8b8a782377854f86b7430aa892d

SHA512
3d2fd20dec54fc2655e2a77318836ce6665f126a41c273ba50292ed834217d631cfb4ee869424c91e608400388305d90106bc8ff5d973a4778903dba6e389818

Download Submit
C:\Windows\System\hVMPhdP.exe

Filesize
2.1MB

MD5
5e28504829c07f3141e2857b26c54f66

SHA1
5afe95a89e484557d0656442c293b7febd722d55

SHA256
72c2940077e6da003b089dfdd585d280394762717dcd67ca0d2ab420b1ae58f1

SHA512
ee227f69acd8aef825eb63ba8075a7e1891422a6e4eb5466a74f658c3a3661c76a258f3a89522e9d9357b36e8f95623afb35a57ef29b731d59652b2dab191ed6

Download Submit
C:\Windows\System\hfArfKa.exe

Filesize
2.1MB

MD5
68c6f30f5b0aba5b170ff066ca0e27e9

SHA1
950a5efe8d098fbeea58c8086c4294b6d463896e

SHA256
1b0c5453266e3c576f4a3d904fc5cd8e93382c35b2f3ed156de44f9b85851298

SHA512
103086421291a9b7d70f67f98e37ebea02a34edf9010d2c07666477c750ffb2cc537fe114be3bb175940b326343bfc6ef85d221d432020fe828a099ff21c080d

Download Submit
C:\Windows\System\nuHxrLv.exe

Filesize
2.1MB

MD5
2d0a82d92da9a121116798cb4bf273f4

SHA1
61c1fd817abd7a45bfdd998ad9382a178b766efc

SHA256
1d38a60a23314024c87fc648d2576d499968396a49e14fa3ebdbc2a4722c85fa

SHA512
8766eed7b1c2e35267e95066227edd43fddf4beabbc8884cddb210f61bd1d19451b8a26705dffc98d39a414e32bbcd6ed88e2eb50ff89bf14270f5d278561499

Download Submit
C:\Windows\System\oIQKkCw.exe

Filesize
2.1MB

MD5
d4e043434cb1fb6919999b8b57397b90

SHA1
2d889a6852915cec1f5027fb4c7910bfe52765d0

SHA256
427e69d6a9f3bf85e23d0bfa4a4ab8839017be877f59018c559127ced3644646

SHA512
d2c9027658435bb3c17ae5358604aa05d476736eca3eaf72a47d4dc16d48c437106fa6f6d966a8e7342fbab549dd7fe55c965cb5e8db9695aaf68c6ddfff2839

Download Submit
C:\Windows\System\pZaOjhF.exe

Filesize
2.1MB

MD5
165dfb98d3194b92fa89b5faa3ed8fd6

SHA1
67ba1f7ee9cdb00f792b81f3fd4eed0714b1f0de

SHA256
7854094676f2f06ccfa499c5986113444caf4bb56bfa9eafb911882bc18aca33

SHA512
ec8e839b651532ab70bbddfce56f597fa51b1210ca4c81beb0d8bda640956b429450294c95795476d6a18c3b281ce514667e505717128d569bc533fa8e16ef94

Download Submit
C:\Windows\System\qDcXzii.exe

Filesize
2.1MB

MD5
018076b7fda4b46f7cd71a6a678fe9b5

SHA1
27050f615fcb3d437b9c7d2e917916c85cfb8100

SHA256
8036be476b8abd27508d1aa9a7f2c40fba5865a55df665a5cfc52d8fdcae8af2

SHA512
85c126fcc0d9740691fe678777bb8c6adfe51199d7032d81eeb464ba3fab2dd0813ffc09f9f6c7d8dc32b56b917addadf26f56f8fc0ebe4bb3e352e9333673cc

Download Submit
C:\Windows\System\qanhOcP.exe

Filesize
2.1MB

MD5
873559be529ff51e8d0975dfd0f710fa

SHA1
6c6418a5fa73f36413cad1588fc31c4b16d6f990

SHA256
4ad00551c351b118968ee428c0e9b89b751239025aa703ef01025ff8279e96d6

SHA512
665ba181b88e6615ebedb07c1c8c138fd1aaef38892d5d42b575e193d54592362a4660c76eb5b253f847e6491115497d32fcab584d31070b15d731ae7db6ac03

Download Submit
C:\Windows\System\rLDwUtv.exe

Filesize
2.1MB

MD5
63abf2e627fb84947866b0d374a7fbba

SHA1
1f83896a96b4ba208c1033c309cae55f8b37d840

SHA256
923807e50103b10ec28ac2efb211bc53536a811b0f7d331ebbbd9e0106266223

SHA512
eb691a1ed209b4d5a26de398e9de8da6a72a640477a2d979766d6db554683db1c35f6b8585c5af57a46f62863f7ddfaa1b76f40ecf0c1d1ad8cf2b9b31dd72dc

Download Submit
C:\Windows\System\sJaGawP.exe

Filesize
2.1MB

MD5
23001cb0dae60ec4f9232f311798fbb7

SHA1
47f1b2a012c42bfcee47d4c54c3dc0af79ee0d9e

SHA256
1e1ee2cdfe621e595a0cd3ab2f132be82a4a160877978468856f3acea8a9aa05

SHA512
57e992a6f0e4fdc6d7c5ef5a6dff293cf1569d6273efa8ad3301478148876a54c3aa2bb08f779f0aca7154d7ea8f3618432db059872f357bb6b6681d3789db2b

Download Submit
C:\Windows\System\tyhArgS.exe

Filesize
2.1MB

MD5
dd79daec80db3c5180ce4b805167162e

SHA1
a0d1bb767a9caf83e741e0b936ad7b6d9a18b602

SHA256
c74b2f94ebf555fcbc0deab4fdb767e764032b9f3d55f48db1fe201e5ff9b785

SHA512
3ec6b3c3a21d0a677363528bb8576d74db828a06ae565a677c3e69c8f0e729b42952614e6ff61d4b9c9c6d3f018f734a7d192bf2d5018d8b10cb2d978e1318d8

Download Submit
C:\Windows\System\vfTTSDL.exe

Filesize
2.1MB

MD5
1555c43a7136b33c3133dd7a9acb4bd2

SHA1
bebe03349637acaae3af4868bdbaeea7cadd178b

SHA256
24d452c848c315aa53063e8da29d257f5a446c19e6ca52eb17505f6c9d9c59c9

SHA512
ae58196a3b1007e4c31b91ffb96ddc45aaf0bb9f28ccee7c704708ace0163ba694e9aef69f539d921b755d529a31020bfe2a8826e188c13a0fd5ea4517454105

Download Submit
C:\Windows\System\vrfEKlg.exe

Filesize
2.1MB

MD5
d4693da83fd04373d4332cbe90f88eec

SHA1
495fa097f68351ba3141f27db8adf57c96814460

SHA256
a7b52e2075cc430bb821fc50aeb9fa27e09a8f04529eadaaf58eb03cc4969bd2

SHA512
483ef7892e6b4b94097fa62a297e256f963aef84f57d0a5a88d256da881f41a568b66be0faeb6ed3b7fff93e1554b205aac6729e0f1fb756ce70203146027b7f

Download Submit
C:\Windows\System\vxnzsGD.exe

Filesize
2.1MB

MD5
a349b6212dadb52608bc559f7f813784

SHA1
2c817c79de0b5c2300c614bc90564f8aaf2a64fe

SHA256
5b0e07227470ceab5391970f9fae025cfe319e97032d8730900790af21d2365b

SHA512
08ef713ee4f6be065fb902c78d781330c1fef3b559734a14bf311cad74cf6e5b59c5838a2c1d1f228f1e7f2faa85b2df4a8076c6865faaf4d7f791fa5b14496e

Download Submit
C:\Windows\System\wAmAcXZ.exe

Filesize
2.1MB

MD5
feea505e9ea77315a91909a86dc0d462

SHA1
72d5d371bcf3fbefe780907b20aa88dc0cd25735

SHA256
6a4fae8496e24194f20d7b9e588119013623db346c36bfd83f239cd41153c131

SHA512
1c11fdcdee0518f5eb4a83beb2a3b9a0969753882af00069d4a36ecdde84e9e545f1e6d21e558ca71dc1c1729759a36e633b2877e27d4e3fe314e2c4367cab8a

Download Submit
C:\Windows\System\wRhmYdh.exe

Filesize
2.1MB

MD5
1b97cb0fe2892af1559dc77a18eb2a91

SHA1
7086e692af55f942f976ae8546217365ca24824d

SHA256
2146050bdec135db3e2d122a685e195a827bdc980cb021299b4555deff48b802

SHA512
d78c6b0a276a2e8e86097a11c27f2ade807ee0686f14e184f538caaa624940fd1fb4e8f2663859275b91e8fd2aa937b6df63a90c7620fd67f5ddda46d52acb9d

Download Submit
C:\Windows\System\yclzSBC.exe

Filesize
2.1MB

MD5
f345dede63b6139a89ca970342929c46

SHA1
e7825d8b914e7244c1a1e07a2246a9fbe39bd54b

SHA256
a8f2de64b1bd2c3908b9ac5d6a4c1e8bce1d6b894eca16d0b7de271770133d1b

SHA512
6f8c1320cdb2c4a2e7aa5158682d6516bd707a0ce6d0b9f443cc674711169d0c0799fbdb7a88c8323d7b1f0ed4fdcb2ebf4818b021ed489748f045f52c3fafd4

Download Submit
memory/392-2121-0x00007FF78C080000-0x00007FF78C3D4000-memory.dmp

Filesize
3.3MB

Download
memory/392-164-0x00007FF78C080000-0x00007FF78C3D4000-memory.dmp

Filesize
3.3MB

Download
memory/436-147-0x00007FF6ECCE0000-0x00007FF6ED034000-memory.dmp

Filesize
3.3MB

Download
memory/436-2107-0x00007FF6ECCE0000-0x00007FF6ED034000-memory.dmp

Filesize
3.3MB

Download
memory/512-2123-0x00007FF6AF880000-0x00007FF6AFBD4000-memory.dmp

Filesize
3.3MB

Download
memory/512-153-0x00007FF6AF880000-0x00007FF6AFBD4000-memory.dmp

Filesize
3.3MB

Download
memory/860-189-0x00007FF7B1820000-0x00007FF7B1B74000-memory.dmp

Filesize
3.3MB

Download
memory/860-2127-0x00007FF7B1820000-0x00007FF7B1B74000-memory.dmp

Filesize
3.3MB

Download
memory/932-1-0x000001CA01C60000-0x000001CA01C70000-memory.dmp

Filesize
64KB

Download
memory/932-2094-0x00007FF724410000-0x00007FF724764000-memory.dmp

Filesize
3.3MB

Download
memory/932-0-0x00007FF724410000-0x00007FF724764000-memory.dmp

Filesize
3.3MB

Download
memory/992-2115-0x00007FF65D3D0000-0x00007FF65D724000-memory.dmp

Filesize
3.3MB

Download
memory/992-151-0x00007FF65D3D0000-0x00007FF65D724000-memory.dmp

Filesize
3.3MB

Download
memory/1004-158-0x00007FF7F3310000-0x00007FF7F3664000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2120-0x00007FF7F3310000-0x00007FF7F3664000-memory.dmp

Filesize
3.3MB

Download
memory/1424-157-0x00007FF7F4260000-0x00007FF7F45B4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2124-0x00007FF7F4260000-0x00007FF7F45B4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2106-0x00007FF6A4FF0000-0x00007FF6A5344000-memory.dmp

Filesize
3.3MB

Download
memory/1472-148-0x00007FF6A4FF0000-0x00007FF6A5344000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2100-0x00007FF65F900000-0x00007FF65FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1636-11-0x00007FF65F900000-0x00007FF65FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1668-154-0x00007FF70EF80000-0x00007FF70F2D4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2118-0x00007FF70EF80000-0x00007FF70F2D4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-150-0x00007FF7E3670000-0x00007FF7E39C4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2114-0x00007FF7E3670000-0x00007FF7E39C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2095-0x00007FF756710000-0x00007FF756A64000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2101-0x00007FF756710000-0x00007FF756A64000-memory.dmp

Filesize
3.3MB

Download
memory/1968-28-0x00007FF756710000-0x00007FF756A64000-memory.dmp

Filesize
3.3MB

Download
memory/2036-92-0x00007FF7CA810000-0x00007FF7CAB64000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2112-0x00007FF7CA810000-0x00007FF7CAB64000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2105-0x00007FF7C2A90000-0x00007FF7C2DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-99-0x00007FF7C2A90000-0x00007FF7C2DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-149-0x00007FF789160000-0x00007FF7894B4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2113-0x00007FF789160000-0x00007FF7894B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2096-0x00007FF677BF0000-0x00007FF677F44000-memory.dmp

Filesize
3.3MB

Download
memory/2420-65-0x00007FF677BF0000-0x00007FF677F44000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2104-0x00007FF677BF0000-0x00007FF677F44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-135-0x00007FF62E080000-0x00007FF62E3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2109-0x00007FF62E080000-0x00007FF62E3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2108-0x00007FF670EA0000-0x00007FF6711F4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-136-0x00007FF670EA0000-0x00007FF6711F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2098-0x00007FF65D6F0000-0x00007FF65DA44000-memory.dmp

Filesize
3.3MB

Download
memory/2892-120-0x00007FF65D6F0000-0x00007FF65DA44000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2116-0x00007FF65D6F0000-0x00007FF65DA44000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2125-0x00007FF7A39E0000-0x00007FF7A3D34000-memory.dmp

Filesize
3.3MB

Download
memory/2968-156-0x00007FF7A39E0000-0x00007FF7A3D34000-memory.dmp

Filesize
3.3MB

Download
memory/3000-80-0x00007FF7B42F0000-0x00007FF7B4644000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2110-0x00007FF7B42F0000-0x00007FF7B4644000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2097-0x00007FF7B42F0000-0x00007FF7B4644000-memory.dmp

Filesize
3.3MB

Download
memory/3200-2119-0x00007FF75CCD0000-0x00007FF75D024000-memory.dmp

Filesize
3.3MB

Download
memory/3200-163-0x00007FF75CCD0000-0x00007FF75D024000-memory.dmp

Filesize
3.3MB

Download
memory/3344-2126-0x00007FF77C8D0000-0x00007FF77CC24000-memory.dmp

Filesize
3.3MB

Download
memory/3344-155-0x00007FF77C8D0000-0x00007FF77CC24000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2102-0x00007FF7377C0000-0x00007FF737B14000-memory.dmp

Filesize
3.3MB

Download
memory/3464-160-0x00007FF7377C0000-0x00007FF737B14000-memory.dmp

Filesize
3.3MB

Download
memory/3948-162-0x00007FF6E2A70000-0x00007FF6E2DC4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-2122-0x00007FF6E2A70000-0x00007FF6E2DC4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2099-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp

Filesize
3.3MB

Download
memory/4016-203-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2128-0x00007FF7F12B0000-0x00007FF7F1604000-memory.dmp

Filesize
3.3MB

Download
memory/4408-2111-0x00007FF763C10000-0x00007FF763F64000-memory.dmp

Filesize
3.3MB

Download
memory/4408-161-0x00007FF763C10000-0x00007FF763F64000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2117-0x00007FF674BD0000-0x00007FF674F24000-memory.dmp

Filesize
3.3MB

Download
memory/4520-152-0x00007FF674BD0000-0x00007FF674F24000-memory.dmp

Filesize
3.3MB

Download
memory/4732-159-0x00007FF7A27F0000-0x00007FF7A2B44000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2103-0x00007FF7A27F0000-0x00007FF7A2B44000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads