kpot | 6db061980d3ff5c555133fc47da0ea2904335c7c78ac670d9471bc2461b22e1c

Analysis

max time kernel
130s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
Size

2.0MB
MD5

07799eb84a88c579edeb926533403170
SHA1

b27b8f0aa304a8be2d23fe6fa0b6fdaf5e13f434
SHA256

6db061980d3ff5c555133fc47da0ea2904335c7c78ac670d9471bc2461b22e1c
SHA512

4622f8e8c51156e61aae73a7654412b271a0345e8cb28f5a8f742b67fb2a99002bb73f3117f0650c2f3a810bcc2c009dfb7a18e9bbd877910639968cf88cf6ba
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3C:BemTLkNdfE0pZrwK

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 34 IoCs

resource	yara_rule
behavioral2/files/0x00080000000233ec-6.dat	family_kpot
behavioral2/files/0x00070000000233f0-10.dat	family_kpot
behavioral2/files/0x00070000000233f1-11.dat	family_kpot
behavioral2/files/0x00070000000233f2-23.dat	family_kpot
behavioral2/files/0x00070000000233f4-35.dat	family_kpot
behavioral2/files/0x00070000000233f3-40.dat	family_kpot
behavioral2/files/0x00070000000233f6-47.dat	family_kpot
behavioral2/files/0x00070000000233f7-54.dat	family_kpot
behavioral2/files/0x00070000000233f8-58.dat	family_kpot
behavioral2/files/0x00070000000233f5-45.dat	family_kpot
behavioral2/files/0x00070000000233f9-65.dat	family_kpot
behavioral2/files/0x00070000000233fb-78.dat	family_kpot
behavioral2/files/0x00080000000233ed-80.dat	family_kpot
behavioral2/files/0x00070000000233fc-88.dat	family_kpot
behavioral2/files/0x00070000000233fa-75.dat	family_kpot
behavioral2/files/0x00070000000233fd-95.dat	family_kpot
behavioral2/files/0x00070000000233fe-100.dat	family_kpot
behavioral2/files/0x0007000000023401-111.dat	family_kpot
behavioral2/files/0x0007000000023402-118.dat	family_kpot
behavioral2/files/0x0007000000023400-116.dat	family_kpot
behavioral2/files/0x0007000000023403-128.dat	family_kpot
behavioral2/files/0x0007000000023407-137.dat	family_kpot
behavioral2/files/0x0007000000023405-147.dat	family_kpot
behavioral2/files/0x0007000000023406-143.dat	family_kpot
behavioral2/files/0x0007000000023404-140.dat	family_kpot
behavioral2/files/0x0007000000023408-159.dat	family_kpot
behavioral2/files/0x000700000002340b-172.dat	family_kpot
behavioral2/files/0x000700000002340c-173.dat	family_kpot
behavioral2/files/0x000700000002340e-184.dat	family_kpot
behavioral2/files/0x000700000002340f-187.dat	family_kpot
behavioral2/files/0x000700000002340d-186.dat	family_kpot
behavioral2/files/0x0007000000023410-195.dat	family_kpot
behavioral2/files/0x0007000000023409-182.dat	family_kpot
behavioral2/files/0x000700000002340a-178.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1740-0-0x00007FF64A7F0000-0x00007FF64AB44000-memory.dmp	xmrig
behavioral2/files/0x00080000000233ec-6.dat	xmrig
behavioral2/memory/3564-8-0x00007FF6E4320000-0x00007FF6E4674000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f0-10.dat	xmrig
behavioral2/files/0x00070000000233f1-11.dat	xmrig
behavioral2/memory/2568-16-0x00007FF61C440000-0x00007FF61C794000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f2-23.dat	xmrig
behavioral2/files/0x00070000000233f4-35.dat	xmrig
behavioral2/files/0x00070000000233f3-40.dat	xmrig
behavioral2/files/0x00070000000233f6-47.dat	xmrig
behavioral2/files/0x00070000000233f7-54.dat	xmrig
behavioral2/files/0x00070000000233f8-58.dat	xmrig
behavioral2/memory/3744-61-0x00007FF739A50000-0x00007FF739DA4000-memory.dmp	xmrig
behavioral2/memory/2148-62-0x00007FF776850000-0x00007FF776BA4000-memory.dmp	xmrig
behavioral2/memory/1560-60-0x00007FF6E68F0000-0x00007FF6E6C44000-memory.dmp	xmrig
behavioral2/memory/2624-57-0x00007FF7E45C0000-0x00007FF7E4914000-memory.dmp	xmrig
behavioral2/memory/2892-56-0x00007FF737FD0000-0x00007FF738324000-memory.dmp	xmrig
behavioral2/memory/744-53-0x00007FF722F60000-0x00007FF7232B4000-memory.dmp	xmrig
behavioral2/memory/3136-49-0x00007FF647C00000-0x00007FF647F54000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f5-45.dat	xmrig
behavioral2/memory/3960-26-0x00007FF67C3A0000-0x00007FF67C6F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233f9-65.dat	xmrig
behavioral2/files/0x00070000000233fb-78.dat	xmrig
behavioral2/files/0x00080000000233ed-80.dat	xmrig
behavioral2/files/0x00070000000233fc-88.dat	xmrig
behavioral2/memory/64-81-0x00007FF78A970000-0x00007FF78ACC4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fa-75.dat	xmrig
behavioral2/memory/4804-74-0x00007FF6D7F80000-0x00007FF6D82D4000-memory.dmp	xmrig
behavioral2/memory/4128-90-0x00007FF705B20000-0x00007FF705E74000-memory.dmp	xmrig
behavioral2/memory/4172-91-0x00007FF760A50000-0x00007FF760DA4000-memory.dmp	xmrig
behavioral2/memory/3716-92-0x00007FF625C90000-0x00007FF625FE4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fd-95.dat	xmrig
behavioral2/files/0x00070000000233fe-100.dat	xmrig
behavioral2/files/0x0007000000023401-111.dat	xmrig
behavioral2/files/0x0007000000023402-118.dat	xmrig
behavioral2/files/0x0007000000023400-116.dat	xmrig
behavioral2/memory/2092-114-0x00007FF656AB0000-0x00007FF656E04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023403-128.dat	xmrig
behavioral2/files/0x0007000000023407-137.dat	xmrig
behavioral2/files/0x0007000000023405-147.dat	xmrig
behavioral2/files/0x0007000000023406-143.dat	xmrig
behavioral2/files/0x0007000000023404-140.dat	xmrig
behavioral2/memory/4732-127-0x00007FF707A50000-0x00007FF707DA4000-memory.dmp	xmrig
behavioral2/memory/3564-124-0x00007FF6E4320000-0x00007FF6E4674000-memory.dmp	xmrig
behavioral2/memory/2548-121-0x00007FF64BF30000-0x00007FF64C284000-memory.dmp	xmrig
behavioral2/memory/1740-107-0x00007FF64A7F0000-0x00007FF64AB44000-memory.dmp	xmrig
behavioral2/memory/4424-106-0x00007FF64E2C0000-0x00007FF64E614000-memory.dmp	xmrig
behavioral2/memory/1412-149-0x00007FF7FAC70000-0x00007FF7FAFC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023408-159.dat	xmrig
behavioral2/files/0x000700000002340b-172.dat	xmrig
behavioral2/files/0x000700000002340c-173.dat	xmrig
behavioral2/files/0x000700000002340e-184.dat	xmrig
behavioral2/files/0x000700000002340f-187.dat	xmrig
behavioral2/memory/440-197-0x00007FF7688D0000-0x00007FF768C24000-memory.dmp	xmrig
behavioral2/memory/1764-202-0x00007FF654780000-0x00007FF654AD4000-memory.dmp	xmrig
behavioral2/memory/2320-204-0x00007FF7B3650000-0x00007FF7B39A4000-memory.dmp	xmrig
behavioral2/memory/232-192-0x00007FF7418E0000-0x00007FF741C34000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-186.dat	xmrig
behavioral2/files/0x0007000000023410-195.dat	xmrig
behavioral2/memory/4496-185-0x00007FF75DE60000-0x00007FF75E1B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-182.dat	xmrig
behavioral2/files/0x000700000002340a-178.dat	xmrig
behavioral2/memory/1848-177-0x00007FF6B04F0000-0x00007FF6B0844000-memory.dmp	xmrig
behavioral2/memory/764-169-0x00007FF6631E0000-0x00007FF663534000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3564	mYZjZKT.exe
2568	CtxyKfN.exe
3960	XGfAjLI.exe
3136	DQcSDoq.exe
3744	jlizsnh.exe
744	hQSeLyT.exe
2892	csoWaFV.exe
2624	iOiCYeM.exe
1560	IWJkWFF.exe
2148	WYxTpfK.exe
4804	cXarpRg.exe
4128	UnTEkwE.exe
64	NMjdlVD.exe
4172	emGbgmJ.exe
3716	pERQrpI.exe
4424	zpoBBsU.exe
2092	TvhhXVY.exe
2548	mPHFymx.exe
4732	IMIkKif.exe
1412	OuuvOpT.exe
232	LGFlqTs.exe
3692	MqpBJBA.exe
440	DzpWSxP.exe
404	jjDqtNx.exe
764	kaNnxPa.exe
1764	KmiUqyY.exe
1848	DgRQpxT.exe
4496	ZQmaZVU.exe
2320	nxPUuWu.exe
2340	LTMJnrp.exe
3912	GcrLdgJ.exe
2588	sBylhRA.exe
3476	kshMVeq.exe
1984	ajnJIpF.exe
5072	PMtHJQY.exe
3040	DWgmvcJ.exe
3208	naTvggN.exe
2284	ESXiQVC.exe
2576	KebdtuZ.exe
544	oIIAWWS.exe
2880	JJcOSSX.exe
2540	dmmGMVd.exe
4848	ryodfnV.exe
3024	WIIcjRk.exe
1376	dNledVu.exe
1716	AqFceWx.exe
8	aVJmkuQ.exe
1008	QLyugYY.exe
4916	nJHHsyM.exe
4532	XmVDONg.exe
5028	Rdzaysa.exe
2504	AvlAPcR.exe
2748	BDcuQkA.exe
2660	LSYCSOF.exe
1252	iuxvbVp.exe
4112	qaktOVo.exe
2000	ZmJsedE.exe
4136	LwXkSrn.exe
4996	scYLMVY.exe
220	VxeZeWd.exe
4368	wjZjrTz.exe
2388	sqDDNdV.exe
432	BJWKTcG.exe
4028	pWsgHuU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1740-0-0x00007FF64A7F0000-0x00007FF64AB44000-memory.dmp	upx
behavioral2/files/0x00080000000233ec-6.dat	upx
behavioral2/memory/3564-8-0x00007FF6E4320000-0x00007FF6E4674000-memory.dmp	upx
behavioral2/files/0x00070000000233f0-10.dat	upx
behavioral2/files/0x00070000000233f1-11.dat	upx
behavioral2/memory/2568-16-0x00007FF61C440000-0x00007FF61C794000-memory.dmp	upx
behavioral2/files/0x00070000000233f2-23.dat	upx
behavioral2/files/0x00070000000233f4-35.dat	upx
behavioral2/files/0x00070000000233f3-40.dat	upx
behavioral2/files/0x00070000000233f6-47.dat	upx
behavioral2/files/0x00070000000233f7-54.dat	upx
behavioral2/files/0x00070000000233f8-58.dat	upx
behavioral2/memory/3744-61-0x00007FF739A50000-0x00007FF739DA4000-memory.dmp	upx
behavioral2/memory/2148-62-0x00007FF776850000-0x00007FF776BA4000-memory.dmp	upx
behavioral2/memory/1560-60-0x00007FF6E68F0000-0x00007FF6E6C44000-memory.dmp	upx
behavioral2/memory/2624-57-0x00007FF7E45C0000-0x00007FF7E4914000-memory.dmp	upx
behavioral2/memory/2892-56-0x00007FF737FD0000-0x00007FF738324000-memory.dmp	upx
behavioral2/memory/744-53-0x00007FF722F60000-0x00007FF7232B4000-memory.dmp	upx
behavioral2/memory/3136-49-0x00007FF647C00000-0x00007FF647F54000-memory.dmp	upx
behavioral2/files/0x00070000000233f5-45.dat	upx
behavioral2/memory/3960-26-0x00007FF67C3A0000-0x00007FF67C6F4000-memory.dmp	upx
behavioral2/files/0x00070000000233f9-65.dat	upx
behavioral2/files/0x00070000000233fb-78.dat	upx
behavioral2/files/0x00080000000233ed-80.dat	upx
behavioral2/files/0x00070000000233fc-88.dat	upx
behavioral2/memory/64-81-0x00007FF78A970000-0x00007FF78ACC4000-memory.dmp	upx
behavioral2/files/0x00070000000233fa-75.dat	upx
behavioral2/memory/4804-74-0x00007FF6D7F80000-0x00007FF6D82D4000-memory.dmp	upx
behavioral2/memory/4128-90-0x00007FF705B20000-0x00007FF705E74000-memory.dmp	upx
behavioral2/memory/4172-91-0x00007FF760A50000-0x00007FF760DA4000-memory.dmp	upx
behavioral2/memory/3716-92-0x00007FF625C90000-0x00007FF625FE4000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-95.dat	upx
behavioral2/files/0x00070000000233fe-100.dat	upx
behavioral2/files/0x0007000000023401-111.dat	upx
behavioral2/files/0x0007000000023402-118.dat	upx
behavioral2/files/0x0007000000023400-116.dat	upx
behavioral2/memory/2092-114-0x00007FF656AB0000-0x00007FF656E04000-memory.dmp	upx
behavioral2/files/0x0007000000023403-128.dat	upx
behavioral2/files/0x0007000000023407-137.dat	upx
behavioral2/files/0x0007000000023405-147.dat	upx
behavioral2/files/0x0007000000023406-143.dat	upx
behavioral2/files/0x0007000000023404-140.dat	upx
behavioral2/memory/4732-127-0x00007FF707A50000-0x00007FF707DA4000-memory.dmp	upx
behavioral2/memory/3564-124-0x00007FF6E4320000-0x00007FF6E4674000-memory.dmp	upx
behavioral2/memory/2548-121-0x00007FF64BF30000-0x00007FF64C284000-memory.dmp	upx
behavioral2/memory/1740-107-0x00007FF64A7F0000-0x00007FF64AB44000-memory.dmp	upx
behavioral2/memory/4424-106-0x00007FF64E2C0000-0x00007FF64E614000-memory.dmp	upx
behavioral2/memory/1412-149-0x00007FF7FAC70000-0x00007FF7FAFC4000-memory.dmp	upx
behavioral2/files/0x0007000000023408-159.dat	upx
behavioral2/files/0x000700000002340b-172.dat	upx
behavioral2/files/0x000700000002340c-173.dat	upx
behavioral2/files/0x000700000002340e-184.dat	upx
behavioral2/files/0x000700000002340f-187.dat	upx
behavioral2/memory/440-197-0x00007FF7688D0000-0x00007FF768C24000-memory.dmp	upx
behavioral2/memory/1764-202-0x00007FF654780000-0x00007FF654AD4000-memory.dmp	upx
behavioral2/memory/2320-204-0x00007FF7B3650000-0x00007FF7B39A4000-memory.dmp	upx
behavioral2/memory/232-192-0x00007FF7418E0000-0x00007FF741C34000-memory.dmp	upx
behavioral2/files/0x000700000002340d-186.dat	upx
behavioral2/files/0x0007000000023410-195.dat	upx
behavioral2/memory/4496-185-0x00007FF75DE60000-0x00007FF75E1B4000-memory.dmp	upx
behavioral2/files/0x0007000000023409-182.dat	upx
behavioral2/files/0x000700000002340a-178.dat	upx
behavioral2/memory/1848-177-0x00007FF6B04F0000-0x00007FF6B0844000-memory.dmp	upx
behavioral2/memory/764-169-0x00007FF6631E0000-0x00007FF663534000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\taNNUHE.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\woJFzAi.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\CewCHDh.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\RLEsCgr.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\zAJhVAS.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\mkKauzd.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\JJcOSSX.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\KdKffSH.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\wtjCpQU.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\klUaytm.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\oqmwxFn.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\LBQZtxL.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\kmaBetB.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\dDrRWqY.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\oKCTpsY.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\knXnoDQ.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\miamKdq.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\WhfvFkM.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\xVSKnzg.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\BPodhfm.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\rNFlDXA.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\TTEfnLX.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\zntAjlX.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\SlfyMLU.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\EZfZQAl.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\Rdzaysa.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\GBpNNEP.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\YddQlwq.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\AnBcfHl.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\DwdldAp.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\SlsFCHP.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\aTJsVGV.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\vsnTAtD.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\DgRQpxT.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\sBylhRA.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\ZmJsedE.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\LMBnXGq.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\AhjATsS.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\AshTOxL.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\IjXWHnq.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\GKuMaHE.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\jgwewsx.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\ZlBphai.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\ULpNlRJ.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\JBTsLge.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\dRdyBHA.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\bRvKvtU.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\MaMGWYn.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\aVJmkuQ.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\EtkATou.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\FPBGGDf.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\aYdwyzf.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\ZJPQCIl.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\gOOqmkY.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\uFeFekF.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\DEEztSn.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\sbXThJQ.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\CYBFsvn.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\GjADFZI.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\LSYCSOF.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\QLpjdNE.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\JsrVkJF.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\yqipnUz.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
File created	C:\Windows\System\tqBcoJa.exe	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15048	dwm.exe
Token: SeChangeNotifyPrivilege	15048	dwm.exe
Token: 33	15048	dwm.exe
Token: SeIncBasePriorityPrivilege	15048	dwm.exe
Token: SeShutdownPrivilege	15048	dwm.exe
Token: SeCreatePagefilePrivilege	15048	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 3564	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	83
PID 1740 wrote to memory of 3564	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	83
PID 1740 wrote to memory of 2568	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	84
PID 1740 wrote to memory of 2568	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	84
PID 1740 wrote to memory of 3960	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	85
PID 1740 wrote to memory of 3960	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	85
PID 1740 wrote to memory of 3136	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	86
PID 1740 wrote to memory of 3136	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	86
PID 1740 wrote to memory of 3744	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	87
PID 1740 wrote to memory of 3744	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	87
PID 1740 wrote to memory of 744	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	88
PID 1740 wrote to memory of 744	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	88
PID 1740 wrote to memory of 2892	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	89
PID 1740 wrote to memory of 2892	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	89
PID 1740 wrote to memory of 2624	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	90
PID 1740 wrote to memory of 2624	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	90
PID 1740 wrote to memory of 1560	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	91
PID 1740 wrote to memory of 1560	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	91
PID 1740 wrote to memory of 2148	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	92
PID 1740 wrote to memory of 2148	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	92
PID 1740 wrote to memory of 4804	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	93
PID 1740 wrote to memory of 4804	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	93
PID 1740 wrote to memory of 4128	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	94
PID 1740 wrote to memory of 4128	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	94
PID 1740 wrote to memory of 64	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	95
PID 1740 wrote to memory of 64	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	95
PID 1740 wrote to memory of 4172	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	96
PID 1740 wrote to memory of 4172	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	96
PID 1740 wrote to memory of 3716	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	97
PID 1740 wrote to memory of 3716	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	97
PID 1740 wrote to memory of 4424	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	98
PID 1740 wrote to memory of 4424	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	98
PID 1740 wrote to memory of 2092	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	99
PID 1740 wrote to memory of 2092	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	99
PID 1740 wrote to memory of 2548	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	100
PID 1740 wrote to memory of 2548	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	100
PID 1740 wrote to memory of 4732	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	101
PID 1740 wrote to memory of 4732	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	101
PID 1740 wrote to memory of 1412	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	102
PID 1740 wrote to memory of 1412	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	102
PID 1740 wrote to memory of 232	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	103
PID 1740 wrote to memory of 232	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	103
PID 1740 wrote to memory of 3692	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	104
PID 1740 wrote to memory of 3692	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	104
PID 1740 wrote to memory of 764	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	105
PID 1740 wrote to memory of 764	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	105
PID 1740 wrote to memory of 440	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	106
PID 1740 wrote to memory of 440	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	106
PID 1740 wrote to memory of 404	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	107
PID 1740 wrote to memory of 404	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	107
PID 1740 wrote to memory of 1764	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	108
PID 1740 wrote to memory of 1764	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	108
PID 1740 wrote to memory of 1848	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	109
PID 1740 wrote to memory of 1848	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	109
PID 1740 wrote to memory of 4496	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	110
PID 1740 wrote to memory of 4496	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	110
PID 1740 wrote to memory of 2320	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	111
PID 1740 wrote to memory of 2320	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	111
PID 1740 wrote to memory of 2340	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	112
PID 1740 wrote to memory of 2340	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	112
PID 1740 wrote to memory of 3912	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	113
PID 1740 wrote to memory of 3912	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	113
PID 1740 wrote to memory of 2588	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	114
PID 1740 wrote to memory of 2588	1740	07799eb84a88c579edeb926533403170_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\07799eb84a88c579edeb926533403170_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\07799eb84a88c579edeb926533403170_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\System\mYZjZKT.exe
  C:\Windows\System\mYZjZKT.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\CtxyKfN.exe
  C:\Windows\System\CtxyKfN.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\XGfAjLI.exe
  C:\Windows\System\XGfAjLI.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\DQcSDoq.exe
  C:\Windows\System\DQcSDoq.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\jlizsnh.exe
  C:\Windows\System\jlizsnh.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\hQSeLyT.exe
  C:\Windows\System\hQSeLyT.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\csoWaFV.exe
  C:\Windows\System\csoWaFV.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\iOiCYeM.exe
  C:\Windows\System\iOiCYeM.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\IWJkWFF.exe
  C:\Windows\System\IWJkWFF.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\WYxTpfK.exe
  C:\Windows\System\WYxTpfK.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\cXarpRg.exe
  C:\Windows\System\cXarpRg.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\UnTEkwE.exe
  C:\Windows\System\UnTEkwE.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\NMjdlVD.exe
  C:\Windows\System\NMjdlVD.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\emGbgmJ.exe
  C:\Windows\System\emGbgmJ.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\pERQrpI.exe
  C:\Windows\System\pERQrpI.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\zpoBBsU.exe
  C:\Windows\System\zpoBBsU.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\TvhhXVY.exe
  C:\Windows\System\TvhhXVY.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\mPHFymx.exe
  C:\Windows\System\mPHFymx.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\IMIkKif.exe
  C:\Windows\System\IMIkKif.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\OuuvOpT.exe
  C:\Windows\System\OuuvOpT.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\LGFlqTs.exe
  C:\Windows\System\LGFlqTs.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\MqpBJBA.exe
  C:\Windows\System\MqpBJBA.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\kaNnxPa.exe
  C:\Windows\System\kaNnxPa.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\DzpWSxP.exe
  C:\Windows\System\DzpWSxP.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\jjDqtNx.exe
  C:\Windows\System\jjDqtNx.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\KmiUqyY.exe
  C:\Windows\System\KmiUqyY.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\DgRQpxT.exe
  C:\Windows\System\DgRQpxT.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\ZQmaZVU.exe
  C:\Windows\System\ZQmaZVU.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\nxPUuWu.exe
  C:\Windows\System\nxPUuWu.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\LTMJnrp.exe
  C:\Windows\System\LTMJnrp.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\GcrLdgJ.exe
  C:\Windows\System\GcrLdgJ.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\sBylhRA.exe
  C:\Windows\System\sBylhRA.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\kshMVeq.exe
  C:\Windows\System\kshMVeq.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\ajnJIpF.exe
  C:\Windows\System\ajnJIpF.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\PMtHJQY.exe
  C:\Windows\System\PMtHJQY.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\DWgmvcJ.exe
  C:\Windows\System\DWgmvcJ.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\naTvggN.exe
  C:\Windows\System\naTvggN.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\ESXiQVC.exe
  C:\Windows\System\ESXiQVC.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\KebdtuZ.exe
  C:\Windows\System\KebdtuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\oIIAWWS.exe
  C:\Windows\System\oIIAWWS.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\JJcOSSX.exe
  C:\Windows\System\JJcOSSX.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\dmmGMVd.exe
  C:\Windows\System\dmmGMVd.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ryodfnV.exe
  C:\Windows\System\ryodfnV.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\WIIcjRk.exe
  C:\Windows\System\WIIcjRk.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\dNledVu.exe
  C:\Windows\System\dNledVu.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\AqFceWx.exe
  C:\Windows\System\AqFceWx.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\QLyugYY.exe
  C:\Windows\System\QLyugYY.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\aVJmkuQ.exe
  C:\Windows\System\aVJmkuQ.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\nJHHsyM.exe
  C:\Windows\System\nJHHsyM.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\XmVDONg.exe
  C:\Windows\System\XmVDONg.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\Rdzaysa.exe
  C:\Windows\System\Rdzaysa.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\AvlAPcR.exe
  C:\Windows\System\AvlAPcR.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BDcuQkA.exe
  C:\Windows\System\BDcuQkA.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\LSYCSOF.exe
  C:\Windows\System\LSYCSOF.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\iuxvbVp.exe
  C:\Windows\System\iuxvbVp.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\qaktOVo.exe
  C:\Windows\System\qaktOVo.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\ZmJsedE.exe
  C:\Windows\System\ZmJsedE.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\LwXkSrn.exe
  C:\Windows\System\LwXkSrn.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\scYLMVY.exe
  C:\Windows\System\scYLMVY.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\VxeZeWd.exe
  C:\Windows\System\VxeZeWd.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\wjZjrTz.exe
  C:\Windows\System\wjZjrTz.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\sqDDNdV.exe
  C:\Windows\System\sqDDNdV.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\BJWKTcG.exe
  C:\Windows\System\BJWKTcG.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\pWsgHuU.exe
  C:\Windows\System\pWsgHuU.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\xlKLQlb.exe
  C:\Windows\System\xlKLQlb.exe
  2⤵
  PID:2112
- C:\Windows\System\VQuiqJo.exe
  C:\Windows\System\VQuiqJo.exe
  2⤵
  PID:3748
- C:\Windows\System\aCBgSue.exe
  C:\Windows\System\aCBgSue.exe
  2⤵
  PID:2184
- C:\Windows\System\GBpNNEP.exe
  C:\Windows\System\GBpNNEP.exe
  2⤵
  PID:4460
- C:\Windows\System\UZRKWKD.exe
  C:\Windows\System\UZRKWKD.exe
  2⤵
  PID:5024
- C:\Windows\System\pVaVAoB.exe
  C:\Windows\System\pVaVAoB.exe
  2⤵
  PID:3396
- C:\Windows\System\HQDyPsu.exe
  C:\Windows\System\HQDyPsu.exe
  2⤵
  PID:3160
- C:\Windows\System\qXrJuZw.exe
  C:\Windows\System\qXrJuZw.exe
  2⤵
  PID:760
- C:\Windows\System\tixkqCc.exe
  C:\Windows\System\tixkqCc.exe
  2⤵
  PID:1276
- C:\Windows\System\dlFYmuN.exe
  C:\Windows\System\dlFYmuN.exe
  2⤵
  PID:3720
- C:\Windows\System\JEXszhM.exe
  C:\Windows\System\JEXszhM.exe
  2⤵
  PID:3184
- C:\Windows\System\iWRZMtu.exe
  C:\Windows\System\iWRZMtu.exe
  2⤵
  PID:4284
- C:\Windows\System\MRRQxXW.exe
  C:\Windows\System\MRRQxXW.exe
  2⤵
  PID:2628
- C:\Windows\System\RUVZwKU.exe
  C:\Windows\System\RUVZwKU.exe
  2⤵
  PID:4864
- C:\Windows\System\uFeFekF.exe
  C:\Windows\System\uFeFekF.exe
  2⤵
  PID:2452
- C:\Windows\System\AdEOwaA.exe
  C:\Windows\System\AdEOwaA.exe
  2⤵
  PID:3520
- C:\Windows\System\vtgpiRk.exe
  C:\Windows\System\vtgpiRk.exe
  2⤵
  PID:1148
- C:\Windows\System\lCQgHrI.exe
  C:\Windows\System\lCQgHrI.exe
  2⤵
  PID:4048
- C:\Windows\System\IzDAgaK.exe
  C:\Windows\System\IzDAgaK.exe
  2⤵
  PID:3056
- C:\Windows\System\rbTDqEj.exe
  C:\Windows\System\rbTDqEj.exe
  2⤵
  PID:4364
- C:\Windows\System\gJXWbYs.exe
  C:\Windows\System\gJXWbYs.exe
  2⤵
  PID:728
- C:\Windows\System\jpoklAy.exe
  C:\Windows\System\jpoklAy.exe
  2⤵
  PID:2408
- C:\Windows\System\TEcPKLn.exe
  C:\Windows\System\TEcPKLn.exe
  2⤵
  PID:5068
- C:\Windows\System\kYyfWje.exe
  C:\Windows\System\kYyfWje.exe
  2⤵
  PID:2800
- C:\Windows\System\sBPfdHc.exe
  C:\Windows\System\sBPfdHc.exe
  2⤵
  PID:1344
- C:\Windows\System\OMZUUNg.exe
  C:\Windows\System\OMZUUNg.exe
  2⤵
  PID:1032
- C:\Windows\System\RDvMYMM.exe
  C:\Windows\System\RDvMYMM.exe
  2⤵
  PID:2828
- C:\Windows\System\DJwQLrm.exe
  C:\Windows\System\DJwQLrm.exe
  2⤵
  PID:1888
- C:\Windows\System\SRIRSoA.exe
  C:\Windows\System\SRIRSoA.exe
  2⤵
  PID:3096
- C:\Windows\System\DQLcUUN.exe
  C:\Windows\System\DQLcUUN.exe
  2⤵
  PID:5136
- C:\Windows\System\DjTUMLu.exe
  C:\Windows\System\DjTUMLu.exe
  2⤵
  PID:5152
- C:\Windows\System\EtkATou.exe
  C:\Windows\System\EtkATou.exe
  2⤵
  PID:5196
- C:\Windows\System\BiQpKAb.exe
  C:\Windows\System\BiQpKAb.exe
  2⤵
  PID:5220
- C:\Windows\System\OYMxwzF.exe
  C:\Windows\System\OYMxwzF.exe
  2⤵
  PID:5256
- C:\Windows\System\rzfSjqT.exe
  C:\Windows\System\rzfSjqT.exe
  2⤵
  PID:5280
- C:\Windows\System\IQvaLzk.exe
  C:\Windows\System\IQvaLzk.exe
  2⤵
  PID:5296
- C:\Windows\System\kyZTzEK.exe
  C:\Windows\System\kyZTzEK.exe
  2⤵
  PID:5316
- C:\Windows\System\IcGbiCN.exe
  C:\Windows\System\IcGbiCN.exe
  2⤵
  PID:5340
- C:\Windows\System\EZbkidE.exe
  C:\Windows\System\EZbkidE.exe
  2⤵
  PID:5368
- C:\Windows\System\iUyFQpD.exe
  C:\Windows\System\iUyFQpD.exe
  2⤵
  PID:5408
- C:\Windows\System\AkhWynl.exe
  C:\Windows\System\AkhWynl.exe
  2⤵
  PID:5424
- C:\Windows\System\dDrRWqY.exe
  C:\Windows\System\dDrRWqY.exe
  2⤵
  PID:5464
- C:\Windows\System\sRYLtQl.exe
  C:\Windows\System\sRYLtQl.exe
  2⤵
  PID:5492
- C:\Windows\System\jfzZcTk.exe
  C:\Windows\System\jfzZcTk.exe
  2⤵
  PID:5520
- C:\Windows\System\qAPnXXW.exe
  C:\Windows\System\qAPnXXW.exe
  2⤵
  PID:5548
- C:\Windows\System\SgZSqWD.exe
  C:\Windows\System\SgZSqWD.exe
  2⤵
  PID:5580
- C:\Windows\System\GpKJpqG.exe
  C:\Windows\System\GpKJpqG.exe
  2⤵
  PID:5608
- C:\Windows\System\vSjcIVz.exe
  C:\Windows\System\vSjcIVz.exe
  2⤵
  PID:5632
- C:\Windows\System\fJRQhQY.exe
  C:\Windows\System\fJRQhQY.exe
  2⤵
  PID:5652
- C:\Windows\System\Mrilmhc.exe
  C:\Windows\System\Mrilmhc.exe
  2⤵
  PID:5676
- C:\Windows\System\sGeWyLr.exe
  C:\Windows\System\sGeWyLr.exe
  2⤵
  PID:5704
- C:\Windows\System\iFxrWtg.exe
  C:\Windows\System\iFxrWtg.exe
  2⤵
  PID:5732
- C:\Windows\System\iDwguKM.exe
  C:\Windows\System\iDwguKM.exe
  2⤵
  PID:5768
- C:\Windows\System\PyCrwXW.exe
  C:\Windows\System\PyCrwXW.exe
  2⤵
  PID:5792
- C:\Windows\System\kwNbdJV.exe
  C:\Windows\System\kwNbdJV.exe
  2⤵
  PID:5812
- C:\Windows\System\taNNUHE.exe
  C:\Windows\System\taNNUHE.exe
  2⤵
  PID:5848
- C:\Windows\System\McaIHYZ.exe
  C:\Windows\System\McaIHYZ.exe
  2⤵
  PID:5868
- C:\Windows\System\XjFONIv.exe
  C:\Windows\System\XjFONIv.exe
  2⤵
  PID:5908
- C:\Windows\System\yXsIcqY.exe
  C:\Windows\System\yXsIcqY.exe
  2⤵
  PID:5940
- C:\Windows\System\tqBcoJa.exe
  C:\Windows\System\tqBcoJa.exe
  2⤵
  PID:5972
- C:\Windows\System\hGrbGkr.exe
  C:\Windows\System\hGrbGkr.exe
  2⤵
  PID:6008
- C:\Windows\System\fCweqOy.exe
  C:\Windows\System\fCweqOy.exe
  2⤵
  PID:6032
- C:\Windows\System\XJRVQeb.exe
  C:\Windows\System\XJRVQeb.exe
  2⤵
  PID:6052
- C:\Windows\System\Uqosmzq.exe
  C:\Windows\System\Uqosmzq.exe
  2⤵
  PID:6080
- C:\Windows\System\fxETziZ.exe
  C:\Windows\System\fxETziZ.exe
  2⤵
  PID:6108
- C:\Windows\System\TIgdAut.exe
  C:\Windows\System\TIgdAut.exe
  2⤵
  PID:6140
- C:\Windows\System\wcDmXcj.exe
  C:\Windows\System\wcDmXcj.exe
  2⤵
  PID:5188
- C:\Windows\System\UccLwNi.exe
  C:\Windows\System\UccLwNi.exe
  2⤵
  PID:5248
- C:\Windows\System\lJpLmsP.exe
  C:\Windows\System\lJpLmsP.exe
  2⤵
  PID:5304
- C:\Windows\System\OkctcYP.exe
  C:\Windows\System\OkctcYP.exe
  2⤵
  PID:5392
- C:\Windows\System\DytFnJo.exe
  C:\Windows\System\DytFnJo.exe
  2⤵
  PID:5416
- C:\Windows\System\nxKtfoS.exe
  C:\Windows\System\nxKtfoS.exe
  2⤵
  PID:5484
- C:\Windows\System\vgIEWtU.exe
  C:\Windows\System\vgIEWtU.exe
  2⤵
  PID:5560
- C:\Windows\System\oLxAttP.exe
  C:\Windows\System\oLxAttP.exe
  2⤵
  PID:5616
- C:\Windows\System\FPBGGDf.exe
  C:\Windows\System\FPBGGDf.exe
  2⤵
  PID:5660
- C:\Windows\System\pzSvhwI.exe
  C:\Windows\System\pzSvhwI.exe
  2⤵
  PID:5744
- C:\Windows\System\XKAICNw.exe
  C:\Windows\System\XKAICNw.exe
  2⤵
  PID:5724
- C:\Windows\System\aFHPUSo.exe
  C:\Windows\System\aFHPUSo.exe
  2⤵
  PID:5808
- C:\Windows\System\JEuuVcM.exe
  C:\Windows\System\JEuuVcM.exe
  2⤵
  PID:5968
- C:\Windows\System\BPodhfm.exe
  C:\Windows\System\BPodhfm.exe
  2⤵
  PID:6072
- C:\Windows\System\IbltBNM.exe
  C:\Windows\System\IbltBNM.exe
  2⤵
  PID:6096
- C:\Windows\System\HSwZezN.exe
  C:\Windows\System\HSwZezN.exe
  2⤵
  PID:5264
- C:\Windows\System\RLiCDAE.exe
  C:\Windows\System\RLiCDAE.exe
  2⤵
  PID:5476
- C:\Windows\System\uOjjiXW.exe
  C:\Windows\System\uOjjiXW.exe
  2⤵
  PID:5512
- C:\Windows\System\gdVMevg.exe
  C:\Windows\System\gdVMevg.exe
  2⤵
  PID:5788
- C:\Windows\System\DKJflfv.exe
  C:\Windows\System\DKJflfv.exe
  2⤵
  PID:5840
- C:\Windows\System\MidMvsy.exe
  C:\Windows\System\MidMvsy.exe
  2⤵
  PID:6016
- C:\Windows\System\ELTNWIM.exe
  C:\Windows\System\ELTNWIM.exe
  2⤵
  PID:5148
- C:\Windows\System\GKuMaHE.exe
  C:\Windows\System\GKuMaHE.exe
  2⤵
  PID:5532
- C:\Windows\System\aTSnxEn.exe
  C:\Windows\System\aTSnxEn.exe
  2⤵
  PID:2824
- C:\Windows\System\jEdORXH.exe
  C:\Windows\System\jEdORXH.exe
  2⤵
  PID:5388
- C:\Windows\System\jpwrQXY.exe
  C:\Windows\System\jpwrQXY.exe
  2⤵
  PID:6176
- C:\Windows\System\krSYHsa.exe
  C:\Windows\System\krSYHsa.exe
  2⤵
  PID:6212
- C:\Windows\System\wsNrtqB.exe
  C:\Windows\System\wsNrtqB.exe
  2⤵
  PID:6236
- C:\Windows\System\pMRZjXj.exe
  C:\Windows\System\pMRZjXj.exe
  2⤵
  PID:6264
- C:\Windows\System\DGeIIDb.exe
  C:\Windows\System\DGeIIDb.exe
  2⤵
  PID:6296
- C:\Windows\System\nQWnubJ.exe
  C:\Windows\System\nQWnubJ.exe
  2⤵
  PID:6316
- C:\Windows\System\jvqeMIw.exe
  C:\Windows\System\jvqeMIw.exe
  2⤵
  PID:6336
- C:\Windows\System\nLVfPkt.exe
  C:\Windows\System\nLVfPkt.exe
  2⤵
  PID:6380
- C:\Windows\System\KdKffSH.exe
  C:\Windows\System\KdKffSH.exe
  2⤵
  PID:6404
- C:\Windows\System\lTHVzwG.exe
  C:\Windows\System\lTHVzwG.exe
  2⤵
  PID:6420
- C:\Windows\System\HhANckc.exe
  C:\Windows\System\HhANckc.exe
  2⤵
  PID:6456
- C:\Windows\System\DMOciGN.exe
  C:\Windows\System\DMOciGN.exe
  2⤵
  PID:6476
- C:\Windows\System\ooRsfPe.exe
  C:\Windows\System\ooRsfPe.exe
  2⤵
  PID:6508
- C:\Windows\System\VuRGdyD.exe
  C:\Windows\System\VuRGdyD.exe
  2⤵
  PID:6536
- C:\Windows\System\QmCBmuF.exe
  C:\Windows\System\QmCBmuF.exe
  2⤵
  PID:6560
- C:\Windows\System\gccahoe.exe
  C:\Windows\System\gccahoe.exe
  2⤵
  PID:6600
- C:\Windows\System\NchXAGh.exe
  C:\Windows\System\NchXAGh.exe
  2⤵
  PID:6656
- C:\Windows\System\iPaXHcx.exe
  C:\Windows\System\iPaXHcx.exe
  2⤵
  PID:6672
- C:\Windows\System\JFEARHp.exe
  C:\Windows\System\JFEARHp.exe
  2⤵
  PID:6700
- C:\Windows\System\BKdoZUB.exe
  C:\Windows\System\BKdoZUB.exe
  2⤵
  PID:6736
- C:\Windows\System\fVVoaAo.exe
  C:\Windows\System\fVVoaAo.exe
  2⤵
  PID:6788
- C:\Windows\System\FAaTmXh.exe
  C:\Windows\System\FAaTmXh.exe
  2⤵
  PID:6828
- C:\Windows\System\UijBrRS.exe
  C:\Windows\System\UijBrRS.exe
  2⤵
  PID:6864
- C:\Windows\System\CxazshW.exe
  C:\Windows\System\CxazshW.exe
  2⤵
  PID:6880
- C:\Windows\System\CqohoWQ.exe
  C:\Windows\System\CqohoWQ.exe
  2⤵
  PID:6916
- C:\Windows\System\KDIHWjj.exe
  C:\Windows\System\KDIHWjj.exe
  2⤵
  PID:6992
- C:\Windows\System\EhPgmBw.exe
  C:\Windows\System\EhPgmBw.exe
  2⤵
  PID:7020
- C:\Windows\System\wlgUeHx.exe
  C:\Windows\System\wlgUeHx.exe
  2⤵
  PID:7060
- C:\Windows\System\bTXnIYr.exe
  C:\Windows\System\bTXnIYr.exe
  2⤵
  PID:7080
- C:\Windows\System\VBidfUH.exe
  C:\Windows\System\VBidfUH.exe
  2⤵
  PID:7104
- C:\Windows\System\DKrmnYV.exe
  C:\Windows\System\DKrmnYV.exe
  2⤵
  PID:7152
- C:\Windows\System\jspPWCa.exe
  C:\Windows\System\jspPWCa.exe
  2⤵
  PID:6172
- C:\Windows\System\wOiKJlW.exe
  C:\Windows\System\wOiKJlW.exe
  2⤵
  PID:6188
- C:\Windows\System\JCFZSYt.exe
  C:\Windows\System\JCFZSYt.exe
  2⤵
  PID:6224
- C:\Windows\System\byqFSQJ.exe
  C:\Windows\System\byqFSQJ.exe
  2⤵
  PID:6276
- C:\Windows\System\qkTNAhx.exe
  C:\Windows\System\qkTNAhx.exe
  2⤵
  PID:6308
- C:\Windows\System\woJFzAi.exe
  C:\Windows\System\woJFzAi.exe
  2⤵
  PID:6376
- C:\Windows\System\KgWjJLr.exe
  C:\Windows\System\KgWjJLr.exe
  2⤵
  PID:6412
- C:\Windows\System\FZeRQbl.exe
  C:\Windows\System\FZeRQbl.exe
  2⤵
  PID:6528
- C:\Windows\System\miamKdq.exe
  C:\Windows\System\miamKdq.exe
  2⤵
  PID:6720
- C:\Windows\System\vXZSZvJ.exe
  C:\Windows\System\vXZSZvJ.exe
  2⤵
  PID:6780
- C:\Windows\System\qECiHxi.exe
  C:\Windows\System\qECiHxi.exe
  2⤵
  PID:6852
- C:\Windows\System\xvmEjYy.exe
  C:\Windows\System\xvmEjYy.exe
  2⤵
  PID:6936
- C:\Windows\System\lVRNauf.exe
  C:\Windows\System\lVRNauf.exe
  2⤵
  PID:7036
- C:\Windows\System\bBFbdlH.exe
  C:\Windows\System\bBFbdlH.exe
  2⤵
  PID:7100
- C:\Windows\System\GSWblEs.exe
  C:\Windows\System\GSWblEs.exe
  2⤵
  PID:6164
- C:\Windows\System\bxlBSCT.exe
  C:\Windows\System\bxlBSCT.exe
  2⤵
  PID:6292
- C:\Windows\System\hPIjTJs.exe
  C:\Windows\System\hPIjTJs.exe
  2⤵
  PID:6444
- C:\Windows\System\agZNNDv.exe
  C:\Windows\System\agZNNDv.exe
  2⤵
  PID:6496
- C:\Windows\System\dAfTYmg.exe
  C:\Windows\System\dAfTYmg.exe
  2⤵
  PID:6896
- C:\Windows\System\kSYNvIN.exe
  C:\Windows\System\kSYNvIN.exe
  2⤵
  PID:7076
- C:\Windows\System\CfQYraX.exe
  C:\Windows\System\CfQYraX.exe
  2⤵
  PID:6220
- C:\Windows\System\FupiHwD.exe
  C:\Windows\System\FupiHwD.exe
  2⤵
  PID:6504
- C:\Windows\System\ekiFzHV.exe
  C:\Windows\System\ekiFzHV.exe
  2⤵
  PID:7016
- C:\Windows\System\FsOsiSs.exe
  C:\Windows\System\FsOsiSs.exe
  2⤵
  PID:7176
- C:\Windows\System\EMOnQSV.exe
  C:\Windows\System\EMOnQSV.exe
  2⤵
  PID:7204
- C:\Windows\System\aYdwyzf.exe
  C:\Windows\System\aYdwyzf.exe
  2⤵
  PID:7236
- C:\Windows\System\XGjNSGp.exe
  C:\Windows\System\XGjNSGp.exe
  2⤵
  PID:7264
- C:\Windows\System\arteYwq.exe
  C:\Windows\System\arteYwq.exe
  2⤵
  PID:7288
- C:\Windows\System\TjlwgXU.exe
  C:\Windows\System\TjlwgXU.exe
  2⤵
  PID:7304
- C:\Windows\System\QLpjdNE.exe
  C:\Windows\System\QLpjdNE.exe
  2⤵
  PID:7320
- C:\Windows\System\WPHpejY.exe
  C:\Windows\System\WPHpejY.exe
  2⤵
  PID:7336
- C:\Windows\System\uEChDhs.exe
  C:\Windows\System\uEChDhs.exe
  2⤵
  PID:7368
- C:\Windows\System\oRkaHwF.exe
  C:\Windows\System\oRkaHwF.exe
  2⤵
  PID:7416
- C:\Windows\System\wtjCpQU.exe
  C:\Windows\System\wtjCpQU.exe
  2⤵
  PID:7488
- C:\Windows\System\WKsCuQZ.exe
  C:\Windows\System\WKsCuQZ.exe
  2⤵
  PID:7528
- C:\Windows\System\zrBqBdy.exe
  C:\Windows\System\zrBqBdy.exe
  2⤵
  PID:7548
- C:\Windows\System\ptOHlVF.exe
  C:\Windows\System\ptOHlVF.exe
  2⤵
  PID:7576
- C:\Windows\System\qglfNNO.exe
  C:\Windows\System\qglfNNO.exe
  2⤵
  PID:7616
- C:\Windows\System\jInhGLr.exe
  C:\Windows\System\jInhGLr.exe
  2⤵
  PID:7636
- C:\Windows\System\XSNGnoF.exe
  C:\Windows\System\XSNGnoF.exe
  2⤵
  PID:7664
- C:\Windows\System\jgwewsx.exe
  C:\Windows\System\jgwewsx.exe
  2⤵
  PID:7692
- C:\Windows\System\ahbAHXG.exe
  C:\Windows\System\ahbAHXG.exe
  2⤵
  PID:7716
- C:\Windows\System\umxZBCI.exe
  C:\Windows\System\umxZBCI.exe
  2⤵
  PID:7748
- C:\Windows\System\SGFuFAL.exe
  C:\Windows\System\SGFuFAL.exe
  2⤵
  PID:7772
- C:\Windows\System\cRYIVYG.exe
  C:\Windows\System\cRYIVYG.exe
  2⤵
  PID:7812
- C:\Windows\System\CHQWUUY.exe
  C:\Windows\System\CHQWUUY.exe
  2⤵
  PID:7852
- C:\Windows\System\HokdAmN.exe
  C:\Windows\System\HokdAmN.exe
  2⤵
  PID:7868
- C:\Windows\System\HlIAnFN.exe
  C:\Windows\System\HlIAnFN.exe
  2⤵
  PID:7904
- C:\Windows\System\cNVMTrX.exe
  C:\Windows\System\cNVMTrX.exe
  2⤵
  PID:7928
- C:\Windows\System\FQilIqm.exe
  C:\Windows\System\FQilIqm.exe
  2⤵
  PID:7952
- C:\Windows\System\ysyoQFy.exe
  C:\Windows\System\ysyoQFy.exe
  2⤵
  PID:7988
- C:\Windows\System\iBuqRBE.exe
  C:\Windows\System\iBuqRBE.exe
  2⤵
  PID:8028
- C:\Windows\System\baXMiIp.exe
  C:\Windows\System\baXMiIp.exe
  2⤵
  PID:8056
- C:\Windows\System\fMEKdiM.exe
  C:\Windows\System\fMEKdiM.exe
  2⤵
  PID:8084
- C:\Windows\System\MulFSIK.exe
  C:\Windows\System\MulFSIK.exe
  2⤵
  PID:8112
- C:\Windows\System\QmdfKsf.exe
  C:\Windows\System\QmdfKsf.exe
  2⤵
  PID:8148
- C:\Windows\System\cECXETU.exe
  C:\Windows\System\cECXETU.exe
  2⤵
  PID:8164
- C:\Windows\System\vOuoNth.exe
  C:\Windows\System\vOuoNth.exe
  2⤵
  PID:6260
- C:\Windows\System\FlVFnck.exe
  C:\Windows\System\FlVFnck.exe
  2⤵
  PID:7232
- C:\Windows\System\fDzCnVD.exe
  C:\Windows\System\fDzCnVD.exe
  2⤵
  PID:7252
- C:\Windows\System\dKFVCWL.exe
  C:\Windows\System\dKFVCWL.exe
  2⤵
  PID:7316
- C:\Windows\System\oKCTpsY.exe
  C:\Windows\System\oKCTpsY.exe
  2⤵
  PID:6348
- C:\Windows\System\klUaytm.exe
  C:\Windows\System\klUaytm.exe
  2⤵
  PID:7476
- C:\Windows\System\zzmQJvF.exe
  C:\Windows\System\zzmQJvF.exe
  2⤵
  PID:7544
- C:\Windows\System\oqmwxFn.exe
  C:\Windows\System\oqmwxFn.exe
  2⤵
  PID:7588
- C:\Windows\System\MJWRlSM.exe
  C:\Windows\System\MJWRlSM.exe
  2⤵
  PID:7684
- C:\Windows\System\ZnIeEvm.exe
  C:\Windows\System\ZnIeEvm.exe
  2⤵
  PID:7732
- C:\Windows\System\YkAwqEA.exe
  C:\Windows\System\YkAwqEA.exe
  2⤵
  PID:7860
- C:\Windows\System\LWjMAxI.exe
  C:\Windows\System\LWjMAxI.exe
  2⤵
  PID:7888
- C:\Windows\System\nfmZaTJ.exe
  C:\Windows\System\nfmZaTJ.exe
  2⤵
  PID:7972
- C:\Windows\System\TWSHzSp.exe
  C:\Windows\System\TWSHzSp.exe
  2⤵
  PID:5032
- C:\Windows\System\zDtsdng.exe
  C:\Windows\System\zDtsdng.exe
  2⤵
  PID:8072
- C:\Windows\System\PuFguto.exe
  C:\Windows\System\PuFguto.exe
  2⤵
  PID:8128
- C:\Windows\System\jFigrKh.exe
  C:\Windows\System\jFigrKh.exe
  2⤵
  PID:7128
- C:\Windows\System\PfPcVhs.exe
  C:\Windows\System\PfPcVhs.exe
  2⤵
  PID:7392
- C:\Windows\System\GlCPHee.exe
  C:\Windows\System\GlCPHee.exe
  2⤵
  PID:7500
- C:\Windows\System\hykkCgq.exe
  C:\Windows\System\hykkCgq.exe
  2⤵
  PID:7600
- C:\Windows\System\CVYMomm.exe
  C:\Windows\System\CVYMomm.exe
  2⤵
  PID:7808
- C:\Windows\System\MbqPDFp.exe
  C:\Windows\System\MbqPDFp.exe
  2⤵
  PID:7936
- C:\Windows\System\KqvVETn.exe
  C:\Windows\System\KqvVETn.exe
  2⤵
  PID:8136
- C:\Windows\System\BcHpqWc.exe
  C:\Windows\System\BcHpqWc.exe
  2⤵
  PID:8188
- C:\Windows\System\BozLcIr.exe
  C:\Windows\System\BozLcIr.exe
  2⤵
  PID:7408
- C:\Windows\System\CQfAAmr.exe
  C:\Windows\System\CQfAAmr.exe
  2⤵
  PID:7848
- C:\Windows\System\UlLvWzS.exe
  C:\Windows\System\UlLvWzS.exe
  2⤵
  PID:60
- C:\Windows\System\sptNxQu.exe
  C:\Windows\System\sptNxQu.exe
  2⤵
  PID:7736
- C:\Windows\System\hKfRfrS.exe
  C:\Windows\System\hKfRfrS.exe
  2⤵
  PID:7508
- C:\Windows\System\KkMZVGj.exe
  C:\Windows\System\KkMZVGj.exe
  2⤵
  PID:8208
- C:\Windows\System\XycJkBH.exe
  C:\Windows\System\XycJkBH.exe
  2⤵
  PID:8248
- C:\Windows\System\wGDiCfQ.exe
  C:\Windows\System\wGDiCfQ.exe
  2⤵
  PID:8264
- C:\Windows\System\QOOVdZs.exe
  C:\Windows\System\QOOVdZs.exe
  2⤵
  PID:8292
- C:\Windows\System\zxKEAUa.exe
  C:\Windows\System\zxKEAUa.exe
  2⤵
  PID:8348
- C:\Windows\System\CewCHDh.exe
  C:\Windows\System\CewCHDh.exe
  2⤵
  PID:8364
- C:\Windows\System\rjoJsaI.exe
  C:\Windows\System\rjoJsaI.exe
  2⤵
  PID:8392
- C:\Windows\System\cokKxAv.exe
  C:\Windows\System\cokKxAv.exe
  2⤵
  PID:8420
- C:\Windows\System\wSrWZNZ.exe
  C:\Windows\System\wSrWZNZ.exe
  2⤵
  PID:8436
- C:\Windows\System\lZgEeCQ.exe
  C:\Windows\System\lZgEeCQ.exe
  2⤵
  PID:8472
- C:\Windows\System\hXzAvRd.exe
  C:\Windows\System\hXzAvRd.exe
  2⤵
  PID:8492
- C:\Windows\System\zDwBWZj.exe
  C:\Windows\System\zDwBWZj.exe
  2⤵
  PID:8520
- C:\Windows\System\QibxLrE.exe
  C:\Windows\System\QibxLrE.exe
  2⤵
  PID:8540
- C:\Windows\System\LBQZtxL.exe
  C:\Windows\System\LBQZtxL.exe
  2⤵
  PID:8576
- C:\Windows\System\TgyovHI.exe
  C:\Windows\System\TgyovHI.exe
  2⤵
  PID:8592
- C:\Windows\System\pkFDZuw.exe
  C:\Windows\System\pkFDZuw.exe
  2⤵
  PID:8620
- C:\Windows\System\NsbUWsW.exe
  C:\Windows\System\NsbUWsW.exe
  2⤵
  PID:8656
- C:\Windows\System\GDIcjLd.exe
  C:\Windows\System\GDIcjLd.exe
  2⤵
  PID:8680
- C:\Windows\System\PPwXXMw.exe
  C:\Windows\System\PPwXXMw.exe
  2⤵
  PID:8716
- C:\Windows\System\DtqsWVm.exe
  C:\Windows\System\DtqsWVm.exe
  2⤵
  PID:8744
- C:\Windows\System\CaxfYkd.exe
  C:\Windows\System\CaxfYkd.exe
  2⤵
  PID:8764
- C:\Windows\System\gJkIusT.exe
  C:\Windows\System\gJkIusT.exe
  2⤵
  PID:8800
- C:\Windows\System\DisjgfQ.exe
  C:\Windows\System\DisjgfQ.exe
  2⤵
  PID:8840
- C:\Windows\System\AWUyCww.exe
  C:\Windows\System\AWUyCww.exe
  2⤵
  PID:8860
- C:\Windows\System\TkqFbLU.exe
  C:\Windows\System\TkqFbLU.exe
  2⤵
  PID:8884
- C:\Windows\System\ZeEBKzQ.exe
  C:\Windows\System\ZeEBKzQ.exe
  2⤵
  PID:8924
- C:\Windows\System\cevvnKG.exe
  C:\Windows\System\cevvnKG.exe
  2⤵
  PID:8952
- C:\Windows\System\uwVrzLw.exe
  C:\Windows\System\uwVrzLw.exe
  2⤵
  PID:8968
- C:\Windows\System\afaojUC.exe
  C:\Windows\System\afaojUC.exe
  2⤵
  PID:8996
- C:\Windows\System\NIqAPkT.exe
  C:\Windows\System\NIqAPkT.exe
  2⤵
  PID:9016
- C:\Windows\System\mqzXZlp.exe
  C:\Windows\System\mqzXZlp.exe
  2⤵
  PID:9048
- C:\Windows\System\jBoWiHf.exe
  C:\Windows\System\jBoWiHf.exe
  2⤵
  PID:9080
- C:\Windows\System\toDjptg.exe
  C:\Windows\System\toDjptg.exe
  2⤵
  PID:9100
- C:\Windows\System\XHLLqGL.exe
  C:\Windows\System\XHLLqGL.exe
  2⤵
  PID:9132
- C:\Windows\System\lELYdgh.exe
  C:\Windows\System\lELYdgh.exe
  2⤵
  PID:9176
- C:\Windows\System\etePSNW.exe
  C:\Windows\System\etePSNW.exe
  2⤵
  PID:9212
- C:\Windows\System\YUjFuAD.exe
  C:\Windows\System\YUjFuAD.exe
  2⤵
  PID:8260
- C:\Windows\System\AkIvQGD.exe
  C:\Windows\System\AkIvQGD.exe
  2⤵
  PID:8356
- C:\Windows\System\MldJezs.exe
  C:\Windows\System\MldJezs.exe
  2⤵
  PID:8448
- C:\Windows\System\SFtOsjt.exe
  C:\Windows\System\SFtOsjt.exe
  2⤵
  PID:8504
- C:\Windows\System\tUajqIN.exe
  C:\Windows\System\tUajqIN.exe
  2⤵
  PID:8536
- C:\Windows\System\adWAmBU.exe
  C:\Windows\System\adWAmBU.exe
  2⤵
  PID:8584
- C:\Windows\System\NxYjmUb.exe
  C:\Windows\System\NxYjmUb.exe
  2⤵
  PID:8664
- C:\Windows\System\OwVMSxa.exe
  C:\Windows\System\OwVMSxa.exe
  2⤵
  PID:8792
- C:\Windows\System\YBToPue.exe
  C:\Windows\System\YBToPue.exe
  2⤵
  PID:8824
- C:\Windows\System\XmYoGEL.exe
  C:\Windows\System\XmYoGEL.exe
  2⤵
  PID:4120
- C:\Windows\System\JzSAAmj.exe
  C:\Windows\System\JzSAAmj.exe
  2⤵
  PID:8896
- C:\Windows\System\VDMLCKq.exe
  C:\Windows\System\VDMLCKq.exe
  2⤵
  PID:8964
- C:\Windows\System\FbBPkyR.exe
  C:\Windows\System\FbBPkyR.exe
  2⤵
  PID:9056
- C:\Windows\System\AXhdcxl.exe
  C:\Windows\System\AXhdcxl.exe
  2⤵
  PID:9116
- C:\Windows\System\pvRUDFw.exe
  C:\Windows\System\pvRUDFw.exe
  2⤵
  PID:9200
- C:\Windows\System\edQHQWd.exe
  C:\Windows\System\edQHQWd.exe
  2⤵
  PID:8344
- C:\Windows\System\DjAHekw.exe
  C:\Windows\System\DjAHekw.exe
  2⤵
  PID:8460
- C:\Windows\System\YelPltv.exe
  C:\Windows\System\YelPltv.exe
  2⤵
  PID:8612
- C:\Windows\System\KqxQpYi.exe
  C:\Windows\System\KqxQpYi.exe
  2⤵
  PID:8784
- C:\Windows\System\CvhTBqk.exe
  C:\Windows\System\CvhTBqk.exe
  2⤵
  PID:8936
- C:\Windows\System\qTtfOGj.exe
  C:\Windows\System\qTtfOGj.exe
  2⤵
  PID:8340
- C:\Windows\System\EHVzMPR.exe
  C:\Windows\System\EHVzMPR.exe
  2⤵
  PID:8244
- C:\Windows\System\NmfGWOS.exe
  C:\Windows\System\NmfGWOS.exe
  2⤵
  PID:8464
- C:\Windows\System\NPjdsJb.exe
  C:\Windows\System\NPjdsJb.exe
  2⤵
  PID:8852
- C:\Windows\System\UETGetc.exe
  C:\Windows\System\UETGetc.exe
  2⤵
  PID:9156
- C:\Windows\System\moVacrc.exe
  C:\Windows\System\moVacrc.exe
  2⤵
  PID:9124
- C:\Windows\System\syJrbLL.exe
  C:\Windows\System\syJrbLL.exe
  2⤵
  PID:9240
- C:\Windows\System\QzBmZqU.exe
  C:\Windows\System\QzBmZqU.exe
  2⤵
  PID:9264
- C:\Windows\System\UTqyiiF.exe
  C:\Windows\System\UTqyiiF.exe
  2⤵
  PID:9304
- C:\Windows\System\wWjVneM.exe
  C:\Windows\System\wWjVneM.exe
  2⤵
  PID:9332
- C:\Windows\System\zRAeWbq.exe
  C:\Windows\System\zRAeWbq.exe
  2⤵
  PID:9360
- C:\Windows\System\QGuqUbt.exe
  C:\Windows\System\QGuqUbt.exe
  2⤵
  PID:9388
- C:\Windows\System\CseJcFR.exe
  C:\Windows\System\CseJcFR.exe
  2⤵
  PID:9416
- C:\Windows\System\XBBduyQ.exe
  C:\Windows\System\XBBduyQ.exe
  2⤵
  PID:9432
- C:\Windows\System\VuZOsDU.exe
  C:\Windows\System\VuZOsDU.exe
  2⤵
  PID:9448
- C:\Windows\System\vOfvSPR.exe
  C:\Windows\System\vOfvSPR.exe
  2⤵
  PID:9476
- C:\Windows\System\fhtvQsb.exe
  C:\Windows\System\fhtvQsb.exe
  2⤵
  PID:9528
- C:\Windows\System\tsOJINb.exe
  C:\Windows\System\tsOJINb.exe
  2⤵
  PID:9544
- C:\Windows\System\xnroFZU.exe
  C:\Windows\System\xnroFZU.exe
  2⤵
  PID:9576
- C:\Windows\System\UFNYqho.exe
  C:\Windows\System\UFNYqho.exe
  2⤵
  PID:9600
- C:\Windows\System\dqPGhkJ.exe
  C:\Windows\System\dqPGhkJ.exe
  2⤵
  PID:9616
- C:\Windows\System\BDZcwCB.exe
  C:\Windows\System\BDZcwCB.exe
  2⤵
  PID:9644
- C:\Windows\System\aToihTE.exe
  C:\Windows\System\aToihTE.exe
  2⤵
  PID:9676
- C:\Windows\System\vAliCfp.exe
  C:\Windows\System\vAliCfp.exe
  2⤵
  PID:9704
- C:\Windows\System\IfxamTp.exe
  C:\Windows\System\IfxamTp.exe
  2⤵
  PID:9736
- C:\Windows\System\RhsYhlc.exe
  C:\Windows\System\RhsYhlc.exe
  2⤵
  PID:9768
- C:\Windows\System\CisjXri.exe
  C:\Windows\System\CisjXri.exe
  2⤵
  PID:9796
- C:\Windows\System\GTolZMb.exe
  C:\Windows\System\GTolZMb.exe
  2⤵
  PID:9836
- C:\Windows\System\SKJoKZN.exe
  C:\Windows\System\SKJoKZN.exe
  2⤵
  PID:9856
- C:\Windows\System\rMilPis.exe
  C:\Windows\System\rMilPis.exe
  2⤵
  PID:9880
- C:\Windows\System\jSjbTbi.exe
  C:\Windows\System\jSjbTbi.exe
  2⤵
  PID:9912
- C:\Windows\System\RGlgWUs.exe
  C:\Windows\System\RGlgWUs.exe
  2⤵
  PID:9936
- C:\Windows\System\pLSqtWA.exe
  C:\Windows\System\pLSqtWA.exe
  2⤵
  PID:9976
- C:\Windows\System\bEAIDhB.exe
  C:\Windows\System\bEAIDhB.exe
  2⤵
  PID:9992
- C:\Windows\System\rNFlDXA.exe
  C:\Windows\System\rNFlDXA.exe
  2⤵
  PID:10020
- C:\Windows\System\JivZiGL.exe
  C:\Windows\System\JivZiGL.exe
  2⤵
  PID:10048
- C:\Windows\System\tubWkbh.exe
  C:\Windows\System\tubWkbh.exe
  2⤵
  PID:10076
- C:\Windows\System\OCVTGFP.exe
  C:\Windows\System\OCVTGFP.exe
  2⤵
  PID:10116
- C:\Windows\System\romvxXJ.exe
  C:\Windows\System\romvxXJ.exe
  2⤵
  PID:10144
- C:\Windows\System\myEhlfg.exe
  C:\Windows\System\myEhlfg.exe
  2⤵
  PID:10172
- C:\Windows\System\EUwpNoX.exe
  C:\Windows\System\EUwpNoX.exe
  2⤵
  PID:10188
- C:\Windows\System\uBmqJPV.exe
  C:\Windows\System\uBmqJPV.exe
  2⤵
  PID:10220
- C:\Windows\System\eaJMIjE.exe
  C:\Windows\System\eaJMIjE.exe
  2⤵
  PID:8588
- C:\Windows\System\WbhSvDc.exe
  C:\Windows\System\WbhSvDc.exe
  2⤵
  PID:9276
- C:\Windows\System\LMBnXGq.exe
  C:\Windows\System\LMBnXGq.exe
  2⤵
  PID:9328
- C:\Windows\System\zAJhVAS.exe
  C:\Windows\System\zAJhVAS.exe
  2⤵
  PID:9404
- C:\Windows\System\BIgmKAL.exe
  C:\Windows\System\BIgmKAL.exe
  2⤵
  PID:9460
- C:\Windows\System\jmQmIVE.exe
  C:\Windows\System\jmQmIVE.exe
  2⤵
  PID:9524
- C:\Windows\System\bGJMRXZ.exe
  C:\Windows\System\bGJMRXZ.exe
  2⤵
  PID:9584
- C:\Windows\System\dQSXYWi.exe
  C:\Windows\System\dQSXYWi.exe
  2⤵
  PID:9608
- C:\Windows\System\lFGQcZi.exe
  C:\Windows\System\lFGQcZi.exe
  2⤵
  PID:9760
- C:\Windows\System\ZJPQCIl.exe
  C:\Windows\System\ZJPQCIl.exe
  2⤵
  PID:9784
- C:\Windows\System\jdbEQPo.exe
  C:\Windows\System\jdbEQPo.exe
  2⤵
  PID:9832
- C:\Windows\System\sPPrlqU.exe
  C:\Windows\System\sPPrlqU.exe
  2⤵
  PID:4164
- C:\Windows\System\ZzMzEIz.exe
  C:\Windows\System\ZzMzEIz.exe
  2⤵
  PID:9896
- C:\Windows\System\vYPuIYe.exe
  C:\Windows\System\vYPuIYe.exe
  2⤵
  PID:9932
- C:\Windows\System\hnCACzc.exe
  C:\Windows\System\hnCACzc.exe
  2⤵
  PID:10064
- C:\Windows\System\xzhMVvB.exe
  C:\Windows\System\xzhMVvB.exe
  2⤵
  PID:10128
- C:\Windows\System\yxqzffn.exe
  C:\Windows\System\yxqzffn.exe
  2⤵
  PID:10204
- C:\Windows\System\RNOmdwS.exe
  C:\Windows\System\RNOmdwS.exe
  2⤵
  PID:9292
- C:\Windows\System\TYTRgHb.exe
  C:\Windows\System\TYTRgHb.exe
  2⤵
  PID:9324
- C:\Windows\System\sGeTkuQ.exe
  C:\Windows\System\sGeTkuQ.exe
  2⤵
  PID:9520
- C:\Windows\System\hOKYDQX.exe
  C:\Windows\System\hOKYDQX.exe
  2⤵
  PID:9632
- C:\Windows\System\ZyNsUto.exe
  C:\Windows\System\ZyNsUto.exe
  2⤵
  PID:9844
- C:\Windows\System\LeOcoVN.exe
  C:\Windows\System\LeOcoVN.exe
  2⤵
  PID:9892
- C:\Windows\System\WFbTWaB.exe
  C:\Windows\System\WFbTWaB.exe
  2⤵
  PID:9872
- C:\Windows\System\EOkdAxj.exe
  C:\Windows\System\EOkdAxj.exe
  2⤵
  PID:10092
- C:\Windows\System\vRujKAw.exe
  C:\Windows\System\vRujKAw.exe
  2⤵
  PID:9628
- C:\Windows\System\pOBjurI.exe
  C:\Windows\System\pOBjurI.exe
  2⤵
  PID:9812
- C:\Windows\System\tuVYDsa.exe
  C:\Windows\System\tuVYDsa.exe
  2⤵
  PID:10004
- C:\Windows\System\yuDMgYE.exe
  C:\Windows\System\yuDMgYE.exe
  2⤵
  PID:9724
- C:\Windows\System\PqXakDZ.exe
  C:\Windows\System\PqXakDZ.exe
  2⤵
  PID:10244
- C:\Windows\System\wVOaMDo.exe
  C:\Windows\System\wVOaMDo.exe
  2⤵
  PID:10260
- C:\Windows\System\FGmusDH.exe
  C:\Windows\System\FGmusDH.exe
  2⤵
  PID:10300
- C:\Windows\System\mRytAPn.exe
  C:\Windows\System\mRytAPn.exe
  2⤵
  PID:10328
- C:\Windows\System\tukfLvz.exe
  C:\Windows\System\tukfLvz.exe
  2⤵
  PID:10352
- C:\Windows\System\MZjQuGq.exe
  C:\Windows\System\MZjQuGq.exe
  2⤵
  PID:10404
- C:\Windows\System\ajxBdiF.exe
  C:\Windows\System\ajxBdiF.exe
  2⤵
  PID:10432
- C:\Windows\System\kgZvAdt.exe
  C:\Windows\System\kgZvAdt.exe
  2⤵
  PID:10448
- C:\Windows\System\mRXmltB.exe
  C:\Windows\System\mRXmltB.exe
  2⤵
  PID:10488
- C:\Windows\System\UviEHod.exe
  C:\Windows\System\UviEHod.exe
  2⤵
  PID:10516
- C:\Windows\System\XLsJPsA.exe
  C:\Windows\System\XLsJPsA.exe
  2⤵
  PID:10544
- C:\Windows\System\lngzUoe.exe
  C:\Windows\System\lngzUoe.exe
  2⤵
  PID:10560
- C:\Windows\System\uKPHahh.exe
  C:\Windows\System\uKPHahh.exe
  2⤵
  PID:10592
- C:\Windows\System\uhXiVRx.exe
  C:\Windows\System\uhXiVRx.exe
  2⤵
  PID:10616
- C:\Windows\System\NPBYnEc.exe
  C:\Windows\System\NPBYnEc.exe
  2⤵
  PID:10644
- C:\Windows\System\bZBsOMU.exe
  C:\Windows\System\bZBsOMU.exe
  2⤵
  PID:10672
- C:\Windows\System\NmSPRmU.exe
  C:\Windows\System\NmSPRmU.exe
  2⤵
  PID:10712
- C:\Windows\System\ZlBphai.exe
  C:\Windows\System\ZlBphai.exe
  2⤵
  PID:10740
- C:\Windows\System\QwoycPx.exe
  C:\Windows\System\QwoycPx.exe
  2⤵
  PID:10756
- C:\Windows\System\QmJASti.exe
  C:\Windows\System\QmJASti.exe
  2⤵
  PID:10784
- C:\Windows\System\PJNujUI.exe
  C:\Windows\System\PJNujUI.exe
  2⤵
  PID:10824
- C:\Windows\System\NYmGQZL.exe
  C:\Windows\System\NYmGQZL.exe
  2⤵
  PID:10852
- C:\Windows\System\fVzbzFu.exe
  C:\Windows\System\fVzbzFu.exe
  2⤵
  PID:10868
- C:\Windows\System\xBVnmkx.exe
  C:\Windows\System\xBVnmkx.exe
  2⤵
  PID:10896
- C:\Windows\System\RviTkWB.exe
  C:\Windows\System\RviTkWB.exe
  2⤵
  PID:10924
- C:\Windows\System\smZquhx.exe
  C:\Windows\System\smZquhx.exe
  2⤵
  PID:10952
- C:\Windows\System\ULpNlRJ.exe
  C:\Windows\System\ULpNlRJ.exe
  2⤵
  PID:10980
- C:\Windows\System\CBUheEo.exe
  C:\Windows\System\CBUheEo.exe
  2⤵
  PID:11016
- C:\Windows\System\WMfvxVG.exe
  C:\Windows\System\WMfvxVG.exe
  2⤵
  PID:11036
- C:\Windows\System\PKoeqhe.exe
  C:\Windows\System\PKoeqhe.exe
  2⤵
  PID:11076
- C:\Windows\System\UjXBIfA.exe
  C:\Windows\System\UjXBIfA.exe
  2⤵
  PID:11100
- C:\Windows\System\xWcPguC.exe
  C:\Windows\System\xWcPguC.exe
  2⤵
  PID:11128
- C:\Windows\System\BxtNpSA.exe
  C:\Windows\System\BxtNpSA.exe
  2⤵
  PID:11164
- C:\Windows\System\QUXgfsu.exe
  C:\Windows\System\QUXgfsu.exe
  2⤵
  PID:11196
- C:\Windows\System\pVCugLG.exe
  C:\Windows\System\pVCugLG.exe
  2⤵
  PID:11212
- C:\Windows\System\LxfuZOa.exe
  C:\Windows\System\LxfuZOa.exe
  2⤵
  PID:11248
- C:\Windows\System\sgrBHtf.exe
  C:\Windows\System\sgrBHtf.exe
  2⤵
  PID:9864
- C:\Windows\System\SqwbBIe.exe
  C:\Windows\System\SqwbBIe.exe
  2⤵
  PID:10280
- C:\Windows\System\DEEztSn.exe
  C:\Windows\System\DEEztSn.exe
  2⤵
  PID:10376
- C:\Windows\System\LapPJvi.exe
  C:\Windows\System\LapPJvi.exe
  2⤵
  PID:10420
- C:\Windows\System\bLBYuyV.exe
  C:\Windows\System\bLBYuyV.exe
  2⤵
  PID:10508
- C:\Windows\System\LjsWbsS.exe
  C:\Windows\System\LjsWbsS.exe
  2⤵
  PID:10536
- C:\Windows\System\jczvMfX.exe
  C:\Windows\System\jczvMfX.exe
  2⤵
  PID:10604
- C:\Windows\System\dSBUcVH.exe
  C:\Windows\System\dSBUcVH.exe
  2⤵
  PID:10704
- C:\Windows\System\OJvbRlE.exe
  C:\Windows\System\OJvbRlE.exe
  2⤵
  PID:10736
- C:\Windows\System\qxYDDrF.exe
  C:\Windows\System\qxYDDrF.exe
  2⤵
  PID:10796
- C:\Windows\System\bnIXEVN.exe
  C:\Windows\System\bnIXEVN.exe
  2⤵
  PID:10844
- C:\Windows\System\TTEfnLX.exe
  C:\Windows\System\TTEfnLX.exe
  2⤵
  PID:10880
- C:\Windows\System\tGeQUxk.exe
  C:\Windows\System\tGeQUxk.exe
  2⤵
  PID:10940
- C:\Windows\System\DbaQLlR.exe
  C:\Windows\System\DbaQLlR.exe
  2⤵
  PID:11088
- C:\Windows\System\yBuxXYc.exe
  C:\Windows\System\yBuxXYc.exe
  2⤵
  PID:11152
- C:\Windows\System\igjPUhR.exe
  C:\Windows\System\igjPUhR.exe
  2⤵
  PID:11260
- C:\Windows\System\PxetdTQ.exe
  C:\Windows\System\PxetdTQ.exe
  2⤵
  PID:10312
- C:\Windows\System\unmErlR.exe
  C:\Windows\System\unmErlR.exe
  2⤵
  PID:10528
- C:\Windows\System\xdeCefq.exe
  C:\Windows\System\xdeCefq.exe
  2⤵
  PID:2492
- C:\Windows\System\uEwgmKU.exe
  C:\Windows\System\uEwgmKU.exe
  2⤵
  PID:10808
- C:\Windows\System\raPXxLX.exe
  C:\Windows\System\raPXxLX.exe
  2⤵
  PID:11004
- C:\Windows\System\FUSANlQ.exe
  C:\Windows\System\FUSANlQ.exe
  2⤵
  PID:11240
- C:\Windows\System\LduRREo.exe
  C:\Windows\System\LduRREo.exe
  2⤵
  PID:10580
- C:\Windows\System\aeliLcn.exe
  C:\Windows\System\aeliLcn.exe
  2⤵
  PID:11204
- C:\Windows\System\iewBtAx.exe
  C:\Windows\System\iewBtAx.exe
  2⤵
  PID:10936
- C:\Windows\System\ZlOHfEH.exe
  C:\Windows\System\ZlOHfEH.exe
  2⤵
  PID:11268
- C:\Windows\System\yCEbMaN.exe
  C:\Windows\System\yCEbMaN.exe
  2⤵
  PID:11292
- C:\Windows\System\FpsyttF.exe
  C:\Windows\System\FpsyttF.exe
  2⤵
  PID:11328
- C:\Windows\System\CFTvhgQ.exe
  C:\Windows\System\CFTvhgQ.exe
  2⤵
  PID:11360
- C:\Windows\System\xScfERc.exe
  C:\Windows\System\xScfERc.exe
  2⤵
  PID:11412
- C:\Windows\System\mkKauzd.exe
  C:\Windows\System\mkKauzd.exe
  2⤵
  PID:11440
- C:\Windows\System\kCEyvNi.exe
  C:\Windows\System\kCEyvNi.exe
  2⤵
  PID:11472
- C:\Windows\System\YddQlwq.exe
  C:\Windows\System\YddQlwq.exe
  2⤵
  PID:11500
- C:\Windows\System\TbkZpZS.exe
  C:\Windows\System\TbkZpZS.exe
  2⤵
  PID:11516
- C:\Windows\System\zALxygu.exe
  C:\Windows\System\zALxygu.exe
  2⤵
  PID:11552
- C:\Windows\System\JBTsLge.exe
  C:\Windows\System\JBTsLge.exe
  2⤵
  PID:11612
- C:\Windows\System\MBkYuOM.exe
  C:\Windows\System\MBkYuOM.exe
  2⤵
  PID:11644
- C:\Windows\System\XoCditQ.exe
  C:\Windows\System\XoCditQ.exe
  2⤵
  PID:11668
- C:\Windows\System\toYLHmr.exe
  C:\Windows\System\toYLHmr.exe
  2⤵
  PID:11700
- C:\Windows\System\sVNDFyz.exe
  C:\Windows\System\sVNDFyz.exe
  2⤵
  PID:11728
- C:\Windows\System\ymNvtqe.exe
  C:\Windows\System\ymNvtqe.exe
  2⤵
  PID:11756
- C:\Windows\System\GMAsilf.exe
  C:\Windows\System\GMAsilf.exe
  2⤵
  PID:11772
- C:\Windows\System\OHQbCgj.exe
  C:\Windows\System\OHQbCgj.exe
  2⤵
  PID:11808
- C:\Windows\System\FeEaDuI.exe
  C:\Windows\System\FeEaDuI.exe
  2⤵
  PID:11844
- C:\Windows\System\jEfmJxq.exe
  C:\Windows\System\jEfmJxq.exe
  2⤵
  PID:11868
- C:\Windows\System\jOxXrnO.exe
  C:\Windows\System\jOxXrnO.exe
  2⤵
  PID:11900
- C:\Windows\System\bANGtvd.exe
  C:\Windows\System\bANGtvd.exe
  2⤵
  PID:11940
- C:\Windows\System\PoDstOF.exe
  C:\Windows\System\PoDstOF.exe
  2⤵
  PID:11968
- C:\Windows\System\tFlHZVG.exe
  C:\Windows\System\tFlHZVG.exe
  2⤵
  PID:11988
- C:\Windows\System\sbXThJQ.exe
  C:\Windows\System\sbXThJQ.exe
  2⤵
  PID:12004
- C:\Windows\System\leKdLQk.exe
  C:\Windows\System\leKdLQk.exe
  2⤵
  PID:12040
- C:\Windows\System\YXNjEuc.exe
  C:\Windows\System\YXNjEuc.exe
  2⤵
  PID:12084
- C:\Windows\System\SOsqXUW.exe
  C:\Windows\System\SOsqXUW.exe
  2⤵
  PID:12124
- C:\Windows\System\RQSmslK.exe
  C:\Windows\System\RQSmslK.exe
  2⤵
  PID:12140
- C:\Windows\System\xraABFb.exe
  C:\Windows\System\xraABFb.exe
  2⤵
  PID:12164
- C:\Windows\System\FKzPWYT.exe
  C:\Windows\System\FKzPWYT.exe
  2⤵
  PID:12208
- C:\Windows\System\wRGyfOW.exe
  C:\Windows\System\wRGyfOW.exe
  2⤵
  PID:12236
- C:\Windows\System\SoeoOZW.exe
  C:\Windows\System\SoeoOZW.exe
  2⤵
  PID:12252
- C:\Windows\System\vvXcpBq.exe
  C:\Windows\System\vvXcpBq.exe
  2⤵
  PID:12284
- C:\Windows\System\pvYjPCU.exe
  C:\Windows\System\pvYjPCU.exe
  2⤵
  PID:11348
- C:\Windows\System\TJbYONP.exe
  C:\Windows\System\TJbYONP.exe
  2⤵
  PID:11352
- C:\Windows\System\ObhDydq.exe
  C:\Windows\System\ObhDydq.exe
  2⤵
  PID:11484
- C:\Windows\System\LRmhayF.exe
  C:\Windows\System\LRmhayF.exe
  2⤵
  PID:11572
- C:\Windows\System\vdSaTYj.exe
  C:\Windows\System\vdSaTYj.exe
  2⤵
  PID:11628
- C:\Windows\System\AhjATsS.exe
  C:\Windows\System\AhjATsS.exe
  2⤵
  PID:11688
- C:\Windows\System\coTdtdS.exe
  C:\Windows\System\coTdtdS.exe
  2⤵
  PID:11744
- C:\Windows\System\EGuwdzM.exe
  C:\Windows\System\EGuwdzM.exe
  2⤵
  PID:11824
- C:\Windows\System\XTkhcqa.exe
  C:\Windows\System\XTkhcqa.exe
  2⤵
  PID:11864
- C:\Windows\System\IuGJyjl.exe
  C:\Windows\System\IuGJyjl.exe
  2⤵
  PID:11976
- C:\Windows\System\AshTOxL.exe
  C:\Windows\System\AshTOxL.exe
  2⤵
  PID:12064
- C:\Windows\System\FOpqpCa.exe
  C:\Windows\System\FOpqpCa.exe
  2⤵
  PID:12108
- C:\Windows\System\koJVili.exe
  C:\Windows\System\koJVili.exe
  2⤵
  PID:12188
- C:\Windows\System\dRdyBHA.exe
  C:\Windows\System\dRdyBHA.exe
  2⤵
  PID:12224
- C:\Windows\System\AnBcfHl.exe
  C:\Windows\System\AnBcfHl.exe
  2⤵
  PID:11280
- C:\Windows\System\bqAmipC.exe
  C:\Windows\System\bqAmipC.exe
  2⤵
  PID:11452
- C:\Windows\System\WhfvFkM.exe
  C:\Windows\System\WhfvFkM.exe
  2⤵
  PID:11632
- C:\Windows\System\DBCVthq.exe
  C:\Windows\System\DBCVthq.exe
  2⤵
  PID:11748
- C:\Windows\System\KapFjoO.exe
  C:\Windows\System\KapFjoO.exe
  2⤵
  PID:11792
- C:\Windows\System\SjjMTIp.exe
  C:\Windows\System\SjjMTIp.exe
  2⤵
  PID:12016
- C:\Windows\System\aoVeWiF.exe
  C:\Windows\System\aoVeWiF.exe
  2⤵
  PID:12272
- C:\Windows\System\WTpEdme.exe
  C:\Windows\System\WTpEdme.exe
  2⤵
  PID:11392
- C:\Windows\System\xStyRpd.exe
  C:\Windows\System\xStyRpd.exe
  2⤵
  PID:12000
- C:\Windows\System\QIMGgJw.exe
  C:\Windows\System\QIMGgJw.exe
  2⤵
  PID:11888
- C:\Windows\System\ISGxEpC.exe
  C:\Windows\System\ISGxEpC.exe
  2⤵
  PID:12304
- C:\Windows\System\dLREjIV.exe
  C:\Windows\System\dLREjIV.exe
  2⤵
  PID:12332
- C:\Windows\System\FlVoqOL.exe
  C:\Windows\System\FlVoqOL.exe
  2⤵
  PID:12372
- C:\Windows\System\UBipORm.exe
  C:\Windows\System\UBipORm.exe
  2⤵
  PID:12400
- C:\Windows\System\JsrVkJF.exe
  C:\Windows\System\JsrVkJF.exe
  2⤵
  PID:12428
- C:\Windows\System\zntAjlX.exe
  C:\Windows\System\zntAjlX.exe
  2⤵
  PID:12456
- C:\Windows\System\JJdEtlg.exe
  C:\Windows\System\JJdEtlg.exe
  2⤵
  PID:12484
- C:\Windows\System\kmaBetB.exe
  C:\Windows\System\kmaBetB.exe
  2⤵
  PID:12500
- C:\Windows\System\RLEsCgr.exe
  C:\Windows\System\RLEsCgr.exe
  2⤵
  PID:12528
- C:\Windows\System\gNfrskq.exe
  C:\Windows\System\gNfrskq.exe
  2⤵
  PID:12552
- C:\Windows\System\zuKnZZc.exe
  C:\Windows\System\zuKnZZc.exe
  2⤵
  PID:12580
- C:\Windows\System\CryMnya.exe
  C:\Windows\System\CryMnya.exe
  2⤵
  PID:12596
- C:\Windows\System\SlfyMLU.exe
  C:\Windows\System\SlfyMLU.exe
  2⤵
  PID:12620
- C:\Windows\System\MzExHCW.exe
  C:\Windows\System\MzExHCW.exe
  2⤵
  PID:12644
- C:\Windows\System\YOOIxwV.exe
  C:\Windows\System\YOOIxwV.exe
  2⤵
  PID:12676
- C:\Windows\System\CYBFsvn.exe
  C:\Windows\System\CYBFsvn.exe
  2⤵
  PID:12736
- C:\Windows\System\guIdVgI.exe
  C:\Windows\System\guIdVgI.exe
  2⤵
  PID:12756
- C:\Windows\System\aTJsVGV.exe
  C:\Windows\System\aTJsVGV.exe
  2⤵
  PID:12780
- C:\Windows\System\vAIvMAk.exe
  C:\Windows\System\vAIvMAk.exe
  2⤵
  PID:12808
- C:\Windows\System\HugWFLO.exe
  C:\Windows\System\HugWFLO.exe
  2⤵
  PID:12840
- C:\Windows\System\MIHqnLO.exe
  C:\Windows\System\MIHqnLO.exe
  2⤵
  PID:12864
- C:\Windows\System\rpdCMwN.exe
  C:\Windows\System\rpdCMwN.exe
  2⤵
  PID:12896
- C:\Windows\System\mkCfdFU.exe
  C:\Windows\System\mkCfdFU.exe
  2⤵
  PID:12924
- C:\Windows\System\ZeJXswX.exe
  C:\Windows\System\ZeJXswX.exe
  2⤵
  PID:12964
- C:\Windows\System\OOHQvdy.exe
  C:\Windows\System\OOHQvdy.exe
  2⤵
  PID:12992
- C:\Windows\System\AMRPDGT.exe
  C:\Windows\System\AMRPDGT.exe
  2⤵
  PID:13012
- C:\Windows\System\gOOqmkY.exe
  C:\Windows\System\gOOqmkY.exe
  2⤵
  PID:13036
- C:\Windows\System\tqPgMbP.exe
  C:\Windows\System\tqPgMbP.exe
  2⤵
  PID:13064
- C:\Windows\System\RLpVzDD.exe
  C:\Windows\System\RLpVzDD.exe
  2⤵
  PID:13092
- C:\Windows\System\xBXpLXl.exe
  C:\Windows\System\xBXpLXl.exe
  2⤵
  PID:13120
- C:\Windows\System\LclCDPH.exe
  C:\Windows\System\LclCDPH.exe
  2⤵
  PID:13140
- C:\Windows\System\ZiQbDpK.exe
  C:\Windows\System\ZiQbDpK.exe
  2⤵
  PID:13180
- C:\Windows\System\SIMABSw.exe
  C:\Windows\System\SIMABSw.exe
  2⤵
  PID:13204
- C:\Windows\System\OWOuYJR.exe
  C:\Windows\System\OWOuYJR.exe
  2⤵
  PID:13244
- C:\Windows\System\YAmnhTc.exe
  C:\Windows\System\YAmnhTc.exe
  2⤵
  PID:13272
- C:\Windows\System\akdtTkk.exe
  C:\Windows\System\akdtTkk.exe
  2⤵
  PID:13300
- C:\Windows\System\XYrncjR.exe
  C:\Windows\System\XYrncjR.exe
  2⤵
  PID:12292
- C:\Windows\System\EhcMRPm.exe
  C:\Windows\System\EhcMRPm.exe
  2⤵
  PID:12348
- C:\Windows\System\AmBdYph.exe
  C:\Windows\System\AmBdYph.exe
  2⤵
  PID:12412
- C:\Windows\System\dbezeVk.exe
  C:\Windows\System\dbezeVk.exe
  2⤵
  PID:12468
- C:\Windows\System\KzTbdTH.exe
  C:\Windows\System\KzTbdTH.exe
  2⤵
  PID:12516
- C:\Windows\System\hKhUCmw.exe
  C:\Windows\System\hKhUCmw.exe
  2⤵
  PID:12616
- C:\Windows\System\JxeVAWj.exe
  C:\Windows\System\JxeVAWj.exe
  2⤵
  PID:12640
- C:\Windows\System\tHPKBtz.exe
  C:\Windows\System\tHPKBtz.exe
  2⤵
  PID:12732
- C:\Windows\System\PuxBPtu.exe
  C:\Windows\System\PuxBPtu.exe
  2⤵
  PID:12748
- C:\Windows\System\lgCvnpm.exe
  C:\Windows\System\lgCvnpm.exe
  2⤵
  PID:12892
- C:\Windows\System\NDnBqVE.exe
  C:\Windows\System\NDnBqVE.exe
  2⤵
  PID:12912
- C:\Windows\System\QsTCAou.exe
  C:\Windows\System\QsTCAou.exe
  2⤵
  PID:12956
- C:\Windows\System\IjXWHnq.exe
  C:\Windows\System\IjXWHnq.exe
  2⤵
  PID:13080
- C:\Windows\System\nWzkPOc.exe
  C:\Windows\System\nWzkPOc.exe
  2⤵
  PID:13168
- C:\Windows\System\bEAJokZ.exe
  C:\Windows\System\bEAJokZ.exe
  2⤵
  PID:13216
- C:\Windows\System\vsnTAtD.exe
  C:\Windows\System\vsnTAtD.exe
  2⤵
  PID:13292
- C:\Windows\System\DwdldAp.exe
  C:\Windows\System\DwdldAp.exe
  2⤵
  PID:12300
- C:\Windows\System\hcvqLiZ.exe
  C:\Windows\System\hcvqLiZ.exe
  2⤵
  PID:12392
- C:\Windows\System\uernZeP.exe
  C:\Windows\System\uernZeP.exe
  2⤵
  PID:12588
- C:\Windows\System\VZCioKM.exe
  C:\Windows\System\VZCioKM.exe
  2⤵
  PID:12728
- C:\Windows\System\fbULERW.exe
  C:\Windows\System\fbULERW.exe
  2⤵
  PID:12876
- C:\Windows\System\URWXEIt.exe
  C:\Windows\System\URWXEIt.exe
  2⤵
  PID:13148
- C:\Windows\System\vDeyPoQ.exe
  C:\Windows\System\vDeyPoQ.exe
  2⤵
  PID:13268
- C:\Windows\System\yLJyYgh.exe
  C:\Windows\System\yLJyYgh.exe
  2⤵
  PID:12328
- C:\Windows\System\Spsjaac.exe
  C:\Windows\System\Spsjaac.exe
  2⤵
  PID:12652
- C:\Windows\System\bYmAYvF.exe
  C:\Windows\System\bYmAYvF.exe
  2⤵
  PID:13056
- C:\Windows\System\rnxisBs.exe
  C:\Windows\System\rnxisBs.exe
  2⤵
  PID:13232
- C:\Windows\System\RlRKtVb.exe
  C:\Windows\System\RlRKtVb.exe
  2⤵
  PID:13320
- C:\Windows\System\EXGhhlg.exe
  C:\Windows\System\EXGhhlg.exe
  2⤵
  PID:13360
- C:\Windows\System\nBELedm.exe
  C:\Windows\System\nBELedm.exe
  2⤵
  PID:13388
- C:\Windows\System\yqipnUz.exe
  C:\Windows\System\yqipnUz.exe
  2⤵
  PID:13416
- C:\Windows\System\gzygwOq.exe
  C:\Windows\System\gzygwOq.exe
  2⤵
  PID:13436
- C:\Windows\System\fGlirda.exe
  C:\Windows\System\fGlirda.exe
  2⤵
  PID:13460
- C:\Windows\System\SSvnRcG.exe
  C:\Windows\System\SSvnRcG.exe
  2⤵
  PID:13488
- C:\Windows\System\JSMHiQA.exe
  C:\Windows\System\JSMHiQA.exe
  2⤵
  PID:13508
- C:\Windows\System\plagLRp.exe
  C:\Windows\System\plagLRp.exe
  2⤵
  PID:13544
- C:\Windows\System\IJCyOYW.exe
  C:\Windows\System\IJCyOYW.exe
  2⤵
  PID:13564
- C:\Windows\System\GfjUYzO.exe
  C:\Windows\System\GfjUYzO.exe
  2⤵
  PID:13600
- C:\Windows\System\kOJYRRN.exe
  C:\Windows\System\kOJYRRN.exe
  2⤵
  PID:13616
- C:\Windows\System\SXUUkIJ.exe
  C:\Windows\System\SXUUkIJ.exe
  2⤵
  PID:13636
- C:\Windows\System\EAbLrPJ.exe
  C:\Windows\System\EAbLrPJ.exe
  2⤵
  PID:13660
- C:\Windows\System\nsamwNu.exe
  C:\Windows\System\nsamwNu.exe
  2⤵
  PID:13700
- C:\Windows\System\OOUJoJz.exe
  C:\Windows\System\OOUJoJz.exe
  2⤵
  PID:13728
- C:\Windows\System\OjAZBWB.exe
  C:\Windows\System\OjAZBWB.exe
  2⤵
  PID:13772
- C:\Windows\System\sNonciz.exe
  C:\Windows\System\sNonciz.exe
  2⤵
  PID:13796
- C:\Windows\System\UVzhVhd.exe
  C:\Windows\System\UVzhVhd.exe
  2⤵
  PID:13836
- C:\Windows\System\sDZkprQ.exe
  C:\Windows\System\sDZkprQ.exe
  2⤵
  PID:13852
- C:\Windows\System\RhMgJHL.exe
  C:\Windows\System\RhMgJHL.exe
  2⤵
  PID:13892
- C:\Windows\System\vcuvLvz.exe
  C:\Windows\System\vcuvLvz.exe
  2⤵
  PID:13908
- C:\Windows\System\ugHyXAk.exe
  C:\Windows\System\ugHyXAk.exe
  2⤵
  PID:13936
- C:\Windows\System\SlsFCHP.exe
  C:\Windows\System\SlsFCHP.exe
  2⤵
  PID:13976
- C:\Windows\System\FwBzeKX.exe
  C:\Windows\System\FwBzeKX.exe
  2⤵
  PID:13996
- C:\Windows\System\bRvKvtU.exe
  C:\Windows\System\bRvKvtU.exe
  2⤵
  PID:14036
- C:\Windows\System\dxYfffe.exe
  C:\Windows\System\dxYfffe.exe
  2⤵
  PID:14056
- C:\Windows\System\ZZrxfbO.exe
  C:\Windows\System\ZZrxfbO.exe
  2⤵
  PID:14080
- C:\Windows\System\bAtpomZ.exe
  C:\Windows\System\bAtpomZ.exe
  2⤵
  PID:14100
- C:\Windows\System\GLMtyuT.exe
  C:\Windows\System\GLMtyuT.exe
  2⤵
  PID:14124
- C:\Windows\System\fgrWEuA.exe
  C:\Windows\System\fgrWEuA.exe
  2⤵
  PID:14168
- C:\Windows\System\KdXrzkK.exe
  C:\Windows\System\KdXrzkK.exe
  2⤵
  PID:14212
- C:\Windows\System\LdchePq.exe
  C:\Windows\System\LdchePq.exe
  2⤵
  PID:14240
- C:\Windows\System\QddgbeR.exe
  C:\Windows\System\QddgbeR.exe
  2⤵
  PID:14256
- C:\Windows\System\ZbpIGFn.exe
  C:\Windows\System\ZbpIGFn.exe
  2⤵
  PID:14280
- C:\Windows\System\YotHVWC.exe
  C:\Windows\System\YotHVWC.exe
  2⤵
  PID:14316
- C:\Windows\System\zyzpGCI.exe
  C:\Windows\System\zyzpGCI.exe
  2⤵
  PID:12820
- C:\Windows\System\svkOEtN.exe
  C:\Windows\System\svkOEtN.exe
  2⤵
  PID:13348
- C:\Windows\System\hkUPTyH.exe
  C:\Windows\System\hkUPTyH.exe
  2⤵
  PID:13380
- C:\Windows\System\dSRPLZi.exe
  C:\Windows\System\dSRPLZi.exe
  2⤵
  PID:13424
- C:\Windows\System\AOMSXSy.exe
  C:\Windows\System\AOMSXSy.exe
  2⤵
  PID:13476
- C:\Windows\System\tusrniG.exe
  C:\Windows\System\tusrniG.exe
  2⤵
  PID:13588
- C:\Windows\System\XoEnLvE.exe
  C:\Windows\System\XoEnLvE.exe
  2⤵
  PID:13632
- C:\Windows\System\jOtIOSE.exe
  C:\Windows\System\jOtIOSE.exe
  2⤵
  PID:13672
- C:\Windows\System\ThQJJCU.exe
  C:\Windows\System\ThQJJCU.exe
  2⤵
  PID:13720
- C:\Windows\System\ucxFgRo.exe
  C:\Windows\System\ucxFgRo.exe
  2⤵
  PID:13848
- C:\Windows\System\wvvWSTe.exe
  C:\Windows\System\wvvWSTe.exe
  2⤵
  PID:13920
- C:\Windows\System\HccwdIh.exe
  C:\Windows\System\HccwdIh.exe
  2⤵
  PID:13988
- C:\Windows\System\wNaxnWF.exe
  C:\Windows\System\wNaxnWF.exe
  2⤵
  PID:13992
- C:\Windows\System\caYbxhf.exe
  C:\Windows\System\caYbxhf.exe
  2⤵
  PID:14052
- C:\Windows\System\bHWdGhJ.exe
  C:\Windows\System\bHWdGhJ.exe
  2⤵
  PID:14116
- C:\Windows\System\fiXSJkY.exe
  C:\Windows\System\fiXSJkY.exe
  2⤵
  PID:14204
- C:\Windows\System\koCWJSM.exe
  C:\Windows\System\koCWJSM.exe
  2⤵
  PID:14268
- C:\Windows\System\yYCfmeJ.exe
  C:\Windows\System\yYCfmeJ.exe
  2⤵
  PID:14296
- C:\Windows\System\LmPiqia.exe
  C:\Windows\System\LmPiqia.exe
  2⤵
  PID:13384
- C:\Windows\System\TSBUVoo.exe
  C:\Windows\System\TSBUVoo.exe
  2⤵
  PID:13524
- C:\Windows\System\MaMGWYn.exe
  C:\Windows\System\MaMGWYn.exe
  2⤵
  PID:13692
- C:\Windows\System\aYALecA.exe
  C:\Windows\System\aYALecA.exe
  2⤵
  PID:13868
- C:\Windows\System\knXnoDQ.exe
  C:\Windows\System\knXnoDQ.exe
  2⤵
  PID:13968
- C:\Windows\System\ygCfPlS.exe
  C:\Windows\System\ygCfPlS.exe
  2⤵
  PID:14152
- C:\Windows\System\GUENHOf.exe
  C:\Windows\System\GUENHOf.exe
  2⤵
  PID:14308
- C:\Windows\System\RQztAVF.exe
  C:\Windows\System\RQztAVF.exe
  2⤵
  PID:13612
- C:\Windows\System\RdmrQNp.exe
  C:\Windows\System\RdmrQNp.exe
  2⤵
  PID:4704
- C:\Windows\System\ahKcMoJ.exe
  C:\Windows\System\ahKcMoJ.exe
  2⤵
  PID:14160
- C:\Windows\System\LeNbORa.exe
  C:\Windows\System\LeNbORa.exe
  2⤵
  PID:13528
- C:\Windows\System\eTVheeb.exe
  C:\Windows\System\eTVheeb.exe
  2⤵
  PID:14332
- C:\Windows\System\EZfZQAl.exe
  C:\Windows\System\EZfZQAl.exe
  2⤵
  PID:14368
- C:\Windows\System\xVSKnzg.exe
  C:\Windows\System\xVSKnzg.exe
  2⤵
  PID:14392
- C:\Windows\System\tWzYQFR.exe
  C:\Windows\System\tWzYQFR.exe
  2⤵
  PID:14424
- C:\Windows\System\MacKDpC.exe
  C:\Windows\System\MacKDpC.exe
  2⤵
  PID:14448
- C:\Windows\System\yFpBmbV.exe
  C:\Windows\System\yFpBmbV.exe
  2⤵
  PID:14484
- C:\Windows\System\odvhcbC.exe
  C:\Windows\System\odvhcbC.exe
  2⤵
  PID:14544
- C:\Windows\System\KwlHPXa.exe
  C:\Windows\System\KwlHPXa.exe
  2⤵
  PID:14564
- C:\Windows\System\QhjwKBG.exe
  C:\Windows\System\QhjwKBG.exe
  2⤵
  PID:14588
- C:\Windows\System\ECMQqNd.exe
  C:\Windows\System\ECMQqNd.exe
  2⤵
  PID:14620
- C:\Windows\System\ilkNYfP.exe
  C:\Windows\System\ilkNYfP.exe
  2⤵
  PID:14660
- C:\Windows\System\tZtCgFY.exe
  C:\Windows\System\tZtCgFY.exe
  2⤵
  PID:14688
- C:\Windows\System\txnOXDM.exe
  C:\Windows\System\txnOXDM.exe
  2⤵
  PID:14704
- C:\Windows\System\mdnsNBK.exe
  C:\Windows\System\mdnsNBK.exe
  2⤵
  PID:14724
- C:\Windows\System\fjPdjqX.exe
  C:\Windows\System\fjPdjqX.exe
  2⤵
  PID:14756
- C:\Windows\System\ARDpeLw.exe
  C:\Windows\System\ARDpeLw.exe
  2⤵
  PID:14776
- C:\Windows\System\aUeYSsi.exe
  C:\Windows\System\aUeYSsi.exe
  2⤵
  PID:14804
- C:\Windows\System\lteBrPw.exe
  C:\Windows\System\lteBrPw.exe
  2⤵
  PID:14836
- C:\Windows\System\gFFCTEd.exe
  C:\Windows\System\gFFCTEd.exe
  2⤵
  PID:14860
- C:\Windows\System\WZNceOO.exe
  C:\Windows\System\WZNceOO.exe
  2⤵
  PID:14892
- C:\Windows\System\FhNelzb.exe
  C:\Windows\System\FhNelzb.exe
  2⤵
  PID:14924
- C:\Windows\System\HpNpBZP.exe
  C:\Windows\System\HpNpBZP.exe
  2⤵
  PID:14956
- C:\Windows\System\BMfpswB.exe
  C:\Windows\System\BMfpswB.exe
  2⤵
  PID:14996
- C:\Windows\System\EFTXAZU.exe
  C:\Windows\System\EFTXAZU.exe
  2⤵
  PID:15012
- C:\Windows\System\PXfgzqi.exe
  C:\Windows\System\PXfgzqi.exe
  2⤵
  PID:15056
- C:\Windows\System\OLvwcHk.exe
  C:\Windows\System\OLvwcHk.exe
  2⤵
  PID:15084
- C:\Windows\System\pwGshTw.exe
  C:\Windows\System\pwGshTw.exe
  2⤵
  PID:15112

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CtxyKfN.exe

Filesize
2.0MB

MD5
3092db6b8a730ed1fe0d2ef09a4d7435

SHA1
0470a2051accdaf50b808a8da6b57812ccc0912d

SHA256
a4d17393a454958a6567ee26f749101b16f1ec2bcbc0fdc69598a63c59bf5982

SHA512
d7ee8f7c1adae3ae82100257a3c1d84ef12f40cca3b46702cdb3b2c8ee7e2ce1522ffeb54d356404bac35db25b85d6730925392a0068213d734787b42ea216f3

Download Submit
C:\Windows\System\DQcSDoq.exe

Filesize
2.0MB

MD5
0a61b3a588f9d4302410a36b7b08abd2

SHA1
977e43cc8a2f255c363193f1dc6d3a8acf9993f9

SHA256
9c647a3cd76e9b473293fe51cd6b5e835d5bc23b5c1ea87d88116a29312d6bd4

SHA512
059bacf5f8d52eb65e347a10e1a897b2bdc872f049b225fc9b3f0056b6ddd84c17bf8fcaee3736ab321c84e26b218a571fd7854d05206de65c16ad308e70e8f2

Download Submit
C:\Windows\System\DgRQpxT.exe

Filesize
2.0MB

MD5
8a50c83097aa7c368a1bebdd6d00e1d2

SHA1
e3ce917269cc6f716506fe1ca6f9ceed253ff27c

SHA256
6652d8990c59bdb685f4aa1a2364f3d51c283eb6f46803869f68bc9a805ed8bb

SHA512
326f8cb2eff2a66f58cdf859b75d739dc98c7ee39c81e4bb5f25f4233ac1ad176c3d781bb70966d421388f5e2d3f742ef2a852a4c927270883e50e8dc6577b88

Download Submit
C:\Windows\System\DzpWSxP.exe

Filesize
2.0MB

MD5
0f7b5477ab8a820111f4ca79acbf81b0

SHA1
35b7efa9bdd9510a1e12fe7ce1d42edfa0ec096a

SHA256
63e7b336996f9f6df2a05bd86c66898bb19abeb25d28fbe84652bc99019d5e7d

SHA512
189aa382545325a5ed4fd4233afea349e7c365d663a1f6cd4dc67cfc175c372b1e783ee981968a1e95f7442f3596cf39daba505b2b2a9ca27c503c58e070729f

Download Submit
C:\Windows\System\GcrLdgJ.exe

Filesize
2.0MB

MD5
b28646f9b310e39588a492730d57c195

SHA1
1dda7eb0c38b0d7ffdaba6b0647d1ca5dccfd4e1

SHA256
bd8a57ab12d545fab56b9e2c55f367ecd3913cf8a781659ca1aaeb64590390c0

SHA512
34f23f3534659c27dbcf094978efdad1d7404b9397632b4672a18553ed67e772af1d5a1596b1b817af7e440116d1a7ff09c974c2528ddb9974e94a914117ec09

Download Submit
C:\Windows\System\IMIkKif.exe

Filesize
2.0MB

MD5
e2d0281e3cc571749dd62d05ae4b4c0f

SHA1
0c60041e2f0f3915899db0d12b152b3a577705dd

SHA256
e92bab203c2093d20eeda95395d0f4883288d877e6d2e1e21e2aeef6bc876bfb

SHA512
fb61cf4fb7d19a0129726f2867abe0d33baa3572dcac833a75acdb8d1c563b93278446ac4e8bd3039372f7dfdcf6eb02ae082cd300071b6056fbab9cc3a3e3f0

Download Submit
C:\Windows\System\IWJkWFF.exe

Filesize
2.0MB

MD5
fce495a09ca7222394783cbccaab5a2e

SHA1
97ff230574a6447de46eb9cbb907a03c07039c3a

SHA256
81c486a90063e1b2e193db7f4772aa35047622ca204e82ef42e2054bc1df1422

SHA512
85167d463f01ff213841a1f4838242946529c212f0f6360fdffa4243e083e0e0473c5d1cd37e8ef625b293ca21cded8e8f54a0540f116371e6db6314421f0256

Download Submit
C:\Windows\System\KmiUqyY.exe

Filesize
2.0MB

MD5
95e7ca9bade4410bbadca5305e2d459f

SHA1
0b87111b56c5cf83d11b9ee9df831f80d9cd19fb

SHA256
1df7c8a78027050e505f67fb4d08b64847ef6f227a01c73fb6d5a9a58b9a5248

SHA512
ea90004c4f250d073e6328a9a507f5ec7c0bd3ae967205430ad59a9459653664968116b4218fd09af720ccf90b9c4917d3996851c191a6c1214d06ed97cca24f

Download Submit
C:\Windows\System\LGFlqTs.exe

Filesize
2.0MB

MD5
66b1c3d4b1e5821ad37d9022dd4354c8

SHA1
1ba953f626217411a2d64602562f9a9574bf2164

SHA256
15f33b06c705e4527db82c7c1262804683b0406fcc6da048e8291fa764ab0eb7

SHA512
4ed2f47253b35a586e358d2fc629212aafb62bc85eb33f71045c15cc66c88560bfd90a236066b5c4ec8818122c856fa2dfd4a1e6f0ef0d7e6c98a3a8c2577c2e

Download Submit
C:\Windows\System\LTMJnrp.exe

Filesize
2.0MB

MD5
0025f9be5d8f32db77f3e5bfcd3696f3

SHA1
6499058b337b9333adf4c8cea9625085321e4c83

SHA256
ba8d1b5c8bbeede5130afb8bf80201fe16b64deb16c51c90565663d0da36e702

SHA512
d9b011065808c687ead12066218681abff1459fe22e97c9b268512c63851cd5650eb5eab578ca0b12e94c0cfd0c122a4471bab843d1fb4daa7fc2bef4651ed05

Download Submit
C:\Windows\System\MqpBJBA.exe

Filesize
2.0MB

MD5
3fac30440abeb4f303ada2715d120bf5

SHA1
3cb2751e9e6b9d34141ad122a379612e77ff8138

SHA256
cb8b316a7e723005d147da4cb6afc0a8c6812a1a18e9c23cfac1ec6e18996b9e

SHA512
4dda3b2c3fb319909e3cb524dde6a2310415d47488356f1c010334f2afb65d14b179ee08d898f817a3284c96c91dbf5824a3d63af16a81deb5fba591544bba4b

Download Submit
C:\Windows\System\NMjdlVD.exe

Filesize
2.0MB

MD5
e43cb185e1f76d38acbbe2cea75088f9

SHA1
7514db5ce07d9cd9944432ed0449658655912e55

SHA256
54e3b5f44e3fcc6931555fd43339ac9f1fc9f468dbdc3368e40b5e94eff87e24

SHA512
ea8773ddfd6188c946812f6383844cd82f91e5e768ed4b293a4e805405e6d491c5cdf4aca1b77122502de1c81dce1f1e0c6f85fc9ea4b625a0d983cc5521935c

Download Submit
C:\Windows\System\OuuvOpT.exe

Filesize
2.0MB

MD5
6f89d5029109ca98a526bad18b6959ed

SHA1
5ce50e4711eb6b6eafe164296db6490870a98e18

SHA256
73b327c7e59ce2b6a5087a19b5bfad85fefb503d5c31d3e3345f37057301b377

SHA512
a0872300d05e54a8520d6889392d9a744b9a452c6c792e37a8795360dd4d54da161e124d359f3114519f8c02132ac2853bbd4df4196b4ea04b5c083d8f7391fb

Download Submit
C:\Windows\System\TvhhXVY.exe

Filesize
2.0MB

MD5
7e0a657889ac36baeb6769dafcb3a4b8

SHA1
9e9b2380545f65de0987d3194af77531177802d9

SHA256
ea7d0a7480e4a4e94692b738f0179d6e5d277de7d621abd7971a0800c7c2ea6c

SHA512
278d50dfcba859e4f4120726431b6516a825e5ec2667a0805de96eb0541b3d8e26d1e4b5ef0add2ddb965a9280ad8ade100e72b3bd740def8a19850305c4d1e9

Download Submit
C:\Windows\System\UnTEkwE.exe

Filesize
2.0MB

MD5
4d1c61eb9733ad060ba0efb7afdba3b2

SHA1
a4976034df1afc1795a60ff1418a502e29bd9e90

SHA256
49389f1d5b2a72d94826d82c533c818bfd186d666a7e3b40003d327853c325f4

SHA512
48567f7f61e968827402857e2a0a1e445d3264863cd00c5c9dbb5f56cb5a80138f8b4b2f5d304c388dbaf0f8ce7016b72557fe9190cbf05c6bbd8b018cfd854b

Download Submit
C:\Windows\System\WYxTpfK.exe

Filesize
2.0MB

MD5
2dd55d3488b9e629878fb9270fac1efb

SHA1
3adbf231d56987d5892e7ce20c388ee775ece4f2

SHA256
b9e26e3a81f69774422aad8b5c76f04a9d531531fc7849493401eebbc4538218

SHA512
f4566e8f6dd254e0ec32d596e5a6625c31a29c7a3685382beb138668bcab57bffed115cf929b3e03487cae63ede361e3e6b6808b57a5251b443e1a24953c571f

Download Submit
C:\Windows\System\XGfAjLI.exe

Filesize
2.0MB

MD5
c69a7452932bc65a86da38e0f291f892

SHA1
357cbdc26741b317e72dc4682503db831d66dd52

SHA256
1e220a3c01a66803f9eafd77bfb31b30e7cdf45e2c5f7bf699ebc3f5bea63f3b

SHA512
a83d7d1604211f42944a7c42cb783e3d1148d62ff563d45e6268afde86dfa578cd4c6a631d9c60390cd1dc5ab7db4fed331e8114644c7b2afe497b2f55b159d1

Download Submit
C:\Windows\System\ZQmaZVU.exe

Filesize
2.0MB

MD5
b5458c47a92f264e93a6299e18d699b5

SHA1
44d1cfa586e965b0a8b31acdd3fa4fd2da2b3966

SHA256
6a96217426eec635323480d7063dafbfcf0180e608cd7e41239de2ed074eeb78

SHA512
f2e3dd3c0d6b4f7ab3d51721869ebe0030d64303681607f423720e079c13bbeba84c720e02508d094fc5cc3539b484a48c37ec1391fcf2c1a7a6b31abace9dd1

Download Submit
C:\Windows\System\ajnJIpF.exe

Filesize
2.0MB

MD5
5e75047dc8991b9fb21a98e8fcbd06ae

SHA1
2720828835839d0a152dd8242e6aa78db3f4b593

SHA256
1ffeeb48568887071d6b9d59339499e0bfff63258b07933dcf892573e6603539

SHA512
c9c0a17d35e30fcc1c21db48a61c9443441ff63f48a5c4597a29697fb9478c4275ec057be63e188ab5806045cbb2d9e089fecf7b3b74ae307bbd19222e9bea7d

Download Submit
C:\Windows\System\cXarpRg.exe

Filesize
2.0MB

MD5
19ea473640bd486f05be7252828a662a

SHA1
501b75cfa7b02cd2516c84356cd75e4d36d47123

SHA256
b7e175e156629edd0a8a24be902fec9d6ab4901848679058138bf4b74fe55e04

SHA512
bf50e7b3e2744a93053d4633ef892dec7496813a94b173c32b8fbe12b10c57b7c0095b1521abb47face30b8169116cc73cd3c9b9fece89fc2e61dabcd1c623d1

Download Submit
C:\Windows\System\csoWaFV.exe

Filesize
2.0MB

MD5
f9a9601fb75225034d11f5a9c18bd71f

SHA1
1a0dc8a060035041afec0ac6c4bcb1bafe6f5ba6

SHA256
785c6538271c1d963ed7faa3b60efa5cbf4062a2fb80b1ea730d4f0997bd076e

SHA512
7db8dbf8416a440cfbb009ef887e65bbef97cb8a00442f4e0caa5267f3e97de62857a953417f9ee4db9f2c18798a28ff2c6a3eeba1e4c56e7fd1d4d9ddd899bb

Download Submit
C:\Windows\System\emGbgmJ.exe

Filesize
2.0MB

MD5
ef411360d0f86f28367ca68f24c73e02

SHA1
0ead37b28c2417e4879a465f56c71f047c2ae5c8

SHA256
1732f36e9ac296f3a4f28d422cad56d6fa6b67896f13fc19f017cae4d932627e

SHA512
97bae2031a39955e57c62be6853d35d260451fa209303949c6ff388a9a189a333d5607f2d0dde0138be24861e0066139c9909c2d6fe86ef1de0e7dcf0375e810

Download Submit
C:\Windows\System\hQSeLyT.exe

Filesize
2.0MB

MD5
70f60867ae0afd327da4ab94fbd0283f

SHA1
6f3c9bd53d58d9ec173a0643d7211b86de7426d7

SHA256
29c1feb14509dd0309f65c2358c3b76c4c46a80cc52b69918a1d85aa61c22efd

SHA512
277012228b837fc0d765940ab25ae7e9aaebf29fa746e2723f9191437b32c4f42e805a35b4c56cb5960fb8c0d4252e839baa2ae82264a2e588290c18f377158d

Download Submit
C:\Windows\System\iOiCYeM.exe

Filesize
2.0MB

MD5
c72b76c8585da8647d300a864a48d146

SHA1
7b6da06b3446a8c8b57769148cfba719dba53257

SHA256
91a3de16ac0eda367b83bf095375ad37a09413c1a3080c6838fd97746b3d720a

SHA512
d81a1c06ee1ea0bb72c7187436d9097444f369f6833adf1fe91b07fe520ab33b1cb564ab080c46df508c2c6282cc524664416787d4f2f1083df0abfa84ebc71c

Download Submit
C:\Windows\System\jjDqtNx.exe

Filesize
2.0MB

MD5
5e214a7b7a638841e4df1d7960fcc3c9

SHA1
8a094fdc4190b5b94d5dc7885f274c890441c45b

SHA256
5b9683b60717772cc783234cd5d39ac36e9f3028178e873de607bcc12b98616e

SHA512
b80c277facc34309a28d18bca0679f2c2a78595d5265ac8b6992f7b1a46b65e8470fb1bc1a3f174b1843c8a5576a40f9b5f88161f95d594962666bd01a4c0659

Download Submit
C:\Windows\System\jlizsnh.exe

Filesize
2.0MB

MD5
2330b5474a3252eceb92b691ba07c691

SHA1
649960ef118686fc7635e4db3ea64d2f7f042b04

SHA256
8a8af1b5d573fbba634956a4249834dc2cb06902393a687bb8a680d148693373

SHA512
0ff6ed335d14277618c15a6d02cd3558e7dd34502588157b6697475b41b7d8364d90ef865aed29d9bb2ddecbc139ee781dc9fc798bb378a8e7c4d56d7b8c4895

Download Submit
C:\Windows\System\kaNnxPa.exe

Filesize
2.0MB

MD5
3e911b0f79dbb096c48c4ab999e920bf

SHA1
4111a9bb3eabe68d40d042cd47c3eb3395c7ce6a

SHA256
96cdc16b05f79c5feb0c6e89ca088133936ea581ec74fbeb34e5b930782c790c

SHA512
ae8aeb70c84dfe20c8ef760dc176faed5f4ca5faa9e0f9954b44322eb9d50c2484335d2e2039494cb605131e151f41ed772a9e4db5adaa4653c79858798ff2b8

Download Submit
C:\Windows\System\kshMVeq.exe

Filesize
2.0MB

MD5
a0c46d639a4fda1ab846481e5ccf2af6

SHA1
52bb6d93595d7b314c39edc180102068b737a247

SHA256
d62d5443df24c2ecddee2d13b94a354761911296a5d035b51d9fb14179c0db6f

SHA512
f44d31c3501bc7fa602f55d9d75177f32b70631e5983aee61690bb2fbf676c9d94e8b9d34640c2cf71e6b8f105ddf42bec2c46b33eaa8c51c3aaf6d7c204930f

Download Submit
C:\Windows\System\mPHFymx.exe

Filesize
2.0MB

MD5
870414d238906ec9617c013dcbdbfecb

SHA1
1d2f96d1edba182aa2256f8136f1c7384d933614

SHA256
2a5d225597b2f3b18399f12684670cb1eda778516344cc4b0ba76d549b308b49

SHA512
14635c8060c1d908860a45b5a6cff5257e27d9c6854eb94b5569447b437ba6ddca1760bfc619126eefe4e420c8fb49e12c8dac2efbe396d85c1af325f4693435

Download Submit
C:\Windows\System\mYZjZKT.exe

Filesize
2.0MB

MD5
31c9415c8c10d6ff56c7c95772f43c3a

SHA1
fd00cd9a31fb0f2e1530b374f6be67a2d34ffac6

SHA256
3a1732af9f830b96917e8d68b54c224c58afe38cb715a0d1be080bf8aed5df3d

SHA512
f4ac80d6a90a9dbefdfb9023bc4368e4aed2f3d3d7b64de6f887f282c6a3d9e14757b94b0710a4e9c7c4f7fd0507f714e81427aa14f0cb1d54849f43bfe06c9e

Download Submit
C:\Windows\System\nxPUuWu.exe

Filesize
2.0MB

MD5
c70a66b91af6825de1298709ecebe45e

SHA1
72a781027f3f164072de549ba787aab601742cc2

SHA256
877bedc460ec16f5eaaf820b92fc54bcde607b0cd3b074fcd8c0783c26af5ecd

SHA512
58cd934f972b3aa07052957f086eefeed00f7351c52dd17e1ff176b8d85d305a393925e556e7717d9520487ec219a22f5634ec6ffedbaf62aa9674221f815e8b

Download Submit
C:\Windows\System\pERQrpI.exe

Filesize
2.0MB

MD5
5c2a92dfc4723326c4ac703aded79196

SHA1
41ec86cb93f92d7e99412a64b727dd437a9ecd84

SHA256
469bb7145bafa57ec1cc8ed68050bce3266328d71fd7349163ba3b9b825c62eb

SHA512
0f2291f361c43d7417991e2a59a9b9dc53606a6a214669065c90fd687c5f03b371896b379fc5ccfe0300468dc959e348f76bfb25858acd7a5bde9ff07647bd82

Download Submit
C:\Windows\System\sBylhRA.exe

Filesize
2.0MB

MD5
9858f4a860e38f5285787abb980a8744

SHA1
5ca689ad73a223b31f602ba2d8bdf82913824901

SHA256
dc8737d8eb4c129ec737f9feb563331a2e8e3a94e10cc5f601bfe2e362b4ac39

SHA512
45e3211e143e229c6359721b9b2b0162ed69bf5d43c1cb238506cd03d72e6883a15fa750279493298e7a38afde2608c4a48493463b6faf4c416bb093659c14ae

Download Submit
C:\Windows\System\zpoBBsU.exe

Filesize
2.0MB

MD5
65339f18f3945027fe86eb773b6ddab1

SHA1
f8f015d6a7ea8aff6ea558e322d19ae323ffa006

SHA256
3df547ce937966430529b1cc64fbb469c4cac9a436b5f21ac51e84bc9d475779

SHA512
37c6b1e7ce3f33135684a1c7148ee8b51656a7caaf28f3ac2e48477f43e8ec8304ef7ef12feaa2afa1a91276488c66a1c7166546f9d578acaf4d58a24c0e219c

Download Submit
memory/64-2194-0x00007FF78A970000-0x00007FF78ACC4000-memory.dmp

Filesize
3.3MB

Download
memory/64-1636-0x00007FF78A970000-0x00007FF78ACC4000-memory.dmp

Filesize
3.3MB

Download
memory/64-81-0x00007FF78A970000-0x00007FF78ACC4000-memory.dmp

Filesize
3.3MB

Download
memory/232-192-0x00007FF7418E0000-0x00007FF741C34000-memory.dmp

Filesize
3.3MB

Download
memory/232-2203-0x00007FF7418E0000-0x00007FF741C34000-memory.dmp

Filesize
3.3MB

Download
memory/404-2200-0x00007FF737890000-0x00007FF737BE4000-memory.dmp

Filesize
3.3MB

Download
memory/404-165-0x00007FF737890000-0x00007FF737BE4000-memory.dmp

Filesize
3.3MB

Download
memory/440-2204-0x00007FF7688D0000-0x00007FF768C24000-memory.dmp

Filesize
3.3MB

Download
memory/440-197-0x00007FF7688D0000-0x00007FF768C24000-memory.dmp

Filesize
3.3MB

Download
memory/744-53-0x00007FF722F60000-0x00007FF7232B4000-memory.dmp

Filesize
3.3MB

Download
memory/744-2187-0x00007FF722F60000-0x00007FF7232B4000-memory.dmp

Filesize
3.3MB

Download
memory/764-169-0x00007FF6631E0000-0x00007FF663534000-memory.dmp

Filesize
3.3MB

Download
memory/764-2201-0x00007FF6631E0000-0x00007FF663534000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2198-0x00007FF7FAC70000-0x00007FF7FAFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1412-149-0x00007FF7FAC70000-0x00007FF7FAFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-60-0x00007FF6E68F0000-0x00007FF6E6C44000-memory.dmp

Filesize
3.3MB

Download
memory/1560-2188-0x00007FF6E68F0000-0x00007FF6E6C44000-memory.dmp

Filesize
3.3MB

Download
memory/1740-107-0x00007FF64A7F0000-0x00007FF64AB44000-memory.dmp

Filesize
3.3MB

Download
memory/1740-0-0x00007FF64A7F0000-0x00007FF64AB44000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1-0x000001703E3C0000-0x000001703E3D0000-memory.dmp

Filesize
64KB

Download
memory/1764-2205-0x00007FF654780000-0x00007FF654AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-202-0x00007FF654780000-0x00007FF654AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2208-0x00007FF6B04F0000-0x00007FF6B0844000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2179-0x00007FF6B04F0000-0x00007FF6B0844000-memory.dmp

Filesize
3.3MB

Download
memory/1848-177-0x00007FF6B04F0000-0x00007FF6B0844000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2196-0x00007FF656AB0000-0x00007FF656E04000-memory.dmp

Filesize
3.3MB

Download
memory/2092-114-0x00007FF656AB0000-0x00007FF656E04000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2178-0x00007FF656AB0000-0x00007FF656E04000-memory.dmp

Filesize
3.3MB

Download
memory/2148-2189-0x00007FF776850000-0x00007FF776BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-62-0x00007FF776850000-0x00007FF776BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-204-0x00007FF7B3650000-0x00007FF7B39A4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-2206-0x00007FF7B3650000-0x00007FF7B39A4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-121-0x00007FF64BF30000-0x00007FF64C284000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2197-0x00007FF64BF30000-0x00007FF64C284000-memory.dmp

Filesize
3.3MB

Download
memory/2568-16-0x00007FF61C440000-0x00007FF61C794000-memory.dmp

Filesize
3.3MB

Download
memory/2568-2181-0x00007FF61C440000-0x00007FF61C794000-memory.dmp

Filesize
3.3MB

Download
memory/2624-57-0x00007FF7E45C0000-0x00007FF7E4914000-memory.dmp

Filesize
3.3MB

Download
memory/2624-2184-0x00007FF7E45C0000-0x00007FF7E4914000-memory.dmp

Filesize
3.3MB

Download
memory/2892-56-0x00007FF737FD0000-0x00007FF738324000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2185-0x00007FF737FD0000-0x00007FF738324000-memory.dmp

Filesize
3.3MB

Download
memory/3136-49-0x00007FF647C00000-0x00007FF647F54000-memory.dmp

Filesize
3.3MB

Download
memory/3136-2183-0x00007FF647C00000-0x00007FF647F54000-memory.dmp

Filesize
3.3MB

Download
memory/3564-124-0x00007FF6E4320000-0x00007FF6E4674000-memory.dmp

Filesize
3.3MB

Download
memory/3564-2180-0x00007FF6E4320000-0x00007FF6E4674000-memory.dmp

Filesize
3.3MB

Download
memory/3564-8-0x00007FF6E4320000-0x00007FF6E4674000-memory.dmp

Filesize
3.3MB

Download
memory/3692-155-0x00007FF62A870000-0x00007FF62ABC4000-memory.dmp

Filesize
3.3MB

Download
memory/3692-2202-0x00007FF62A870000-0x00007FF62ABC4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-2193-0x00007FF625C90000-0x00007FF625FE4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-92-0x00007FF625C90000-0x00007FF625FE4000-memory.dmp

Filesize
3.3MB

Download
memory/3744-61-0x00007FF739A50000-0x00007FF739DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3744-2186-0x00007FF739A50000-0x00007FF739DA4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-154-0x00007FF67C3A0000-0x00007FF67C6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2182-0x00007FF67C3A0000-0x00007FF67C6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3960-26-0x00007FF67C3A0000-0x00007FF67C6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4128-90-0x00007FF705B20000-0x00007FF705E74000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2191-0x00007FF705B20000-0x00007FF705E74000-memory.dmp

Filesize
3.3MB

Download
memory/4172-2192-0x00007FF760A50000-0x00007FF760DA4000-memory.dmp

Filesize
3.3MB

Download
memory/4172-91-0x00007FF760A50000-0x00007FF760DA4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2195-0x00007FF64E2C0000-0x00007FF64E614000-memory.dmp

Filesize
3.3MB

Download
memory/4424-106-0x00007FF64E2C0000-0x00007FF64E614000-memory.dmp

Filesize
3.3MB

Download
memory/4496-185-0x00007FF75DE60000-0x00007FF75E1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2207-0x00007FF75DE60000-0x00007FF75E1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-2199-0x00007FF707A50000-0x00007FF707DA4000-memory.dmp

Filesize
3.3MB

Download
memory/4732-127-0x00007FF707A50000-0x00007FF707DA4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-74-0x00007FF6D7F80000-0x00007FF6D82D4000-memory.dmp

Filesize
3.3MB

Download
memory/4804-2190-0x00007FF6D7F80000-0x00007FF6D82D4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads