kpot | 55488ee3b8fcbee2e0d787872441b8e987efec7a5e1666f3a9bc2c930894ccfa

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
Size

1.9MB
MD5

5dbdfee238aeedcc8c28d9bcacb98b70
SHA1

9e7cd8b6b2fdefd71f356a50afc87e4b47f88071
SHA256

55488ee3b8fcbee2e0d787872441b8e987efec7a5e1666f3a9bc2c930894ccfa
SHA512

bcf8a8b3e989e91f3eabbb47318fbafdba73dd910c728b074315a39cb64ce7005a03ff99eb22a70b19d0b2e6bac6930b8a640381a20d3a7eb0c287f49dc766e5
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6g81pb+:BemTLkNdfE0pZrwY

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023440-5.dat	family_kpot
behavioral2/files/0x0007000000023445-7.dat	family_kpot
behavioral2/files/0x0007000000023444-12.dat	family_kpot
behavioral2/files/0x0007000000023448-33.dat	family_kpot
behavioral2/files/0x000700000002344c-45.dat	family_kpot
behavioral2/files/0x000700000002344e-53.dat	family_kpot
behavioral2/files/0x0007000000023450-61.dat	family_kpot
behavioral2/files/0x0007000000023451-73.dat	family_kpot
behavioral2/files/0x0007000000023456-102.dat	family_kpot
behavioral2/files/0x000700000002345c-126.dat	family_kpot
behavioral2/files/0x0007000000023459-150.dat	family_kpot
behavioral2/files/0x0007000000023461-185.dat	family_kpot
behavioral2/files/0x0007000000023460-165.dat	family_kpot
behavioral2/files/0x000700000002345f-163.dat	family_kpot
behavioral2/files/0x0007000000023457-158.dat	family_kpot
behavioral2/files/0x000700000002345b-156.dat	family_kpot
behavioral2/files/0x000700000002345a-154.dat	family_kpot
behavioral2/files/0x0007000000023455-152.dat	family_kpot
behavioral2/files/0x000700000002345e-147.dat	family_kpot
behavioral2/files/0x0007000000023458-144.dat	family_kpot
behavioral2/files/0x000700000002345d-142.dat	family_kpot
behavioral2/files/0x0007000000023453-137.dat	family_kpot
behavioral2/files/0x0007000000023452-120.dat	family_kpot
behavioral2/files/0x000700000002344f-96.dat	family_kpot
behavioral2/files/0x0007000000023454-109.dat	family_kpot
behavioral2/files/0x0008000000023441-189.dat	family_kpot
behavioral2/files/0x000700000002344d-95.dat	family_kpot
behavioral2/files/0x000700000002344a-65.dat	family_kpot
behavioral2/files/0x0007000000023447-59.dat	family_kpot
behavioral2/files/0x000700000002344b-64.dat	family_kpot
behavioral2/files/0x0007000000023449-52.dat	family_kpot
behavioral2/files/0x0007000000023446-32.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2452-0-0x00007FF6CEBE0000-0x00007FF6CEF34000-memory.dmp	xmrig
behavioral2/files/0x0008000000023440-5.dat	xmrig
behavioral2/files/0x0007000000023445-7.dat	xmrig
behavioral2/files/0x0007000000023444-12.dat	xmrig
behavioral2/memory/5008-15-0x00007FF6DB330000-0x00007FF6DB684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023448-33.dat	xmrig
behavioral2/memory/2144-35-0x00007FF7F7C10000-0x00007FF7F7F64000-memory.dmp	xmrig
behavioral2/files/0x000700000002344c-45.dat	xmrig
behavioral2/files/0x000700000002344e-53.dat	xmrig
behavioral2/files/0x0007000000023450-61.dat	xmrig
behavioral2/files/0x0007000000023451-73.dat	xmrig
behavioral2/memory/4692-84-0x00007FF639CB0000-0x00007FF63A004000-memory.dmp	xmrig
behavioral2/files/0x0007000000023456-102.dat	xmrig
behavioral2/files/0x000700000002345c-126.dat	xmrig
behavioral2/files/0x0007000000023459-150.dat	xmrig
behavioral2/memory/3092-167-0x00007FF767BF0000-0x00007FF767F44000-memory.dmp	xmrig
behavioral2/memory/4568-172-0x00007FF610390000-0x00007FF6106E4000-memory.dmp	xmrig
behavioral2/memory/3620-177-0x00007FF787070000-0x00007FF7873C4000-memory.dmp	xmrig
behavioral2/memory/3776-184-0x00007FF79DCE0000-0x00007FF79E034000-memory.dmp	xmrig
behavioral2/files/0x0007000000023461-185.dat	xmrig
behavioral2/memory/3684-183-0x00007FF6A8030000-0x00007FF6A8384000-memory.dmp	xmrig
behavioral2/memory/4520-182-0x00007FF7C9BE0000-0x00007FF7C9F34000-memory.dmp	xmrig
behavioral2/memory/4356-181-0x00007FF7B9180000-0x00007FF7B94D4000-memory.dmp	xmrig
behavioral2/memory/2512-180-0x00007FF7DB880000-0x00007FF7DBBD4000-memory.dmp	xmrig
behavioral2/memory/996-179-0x00007FF67C740000-0x00007FF67CA94000-memory.dmp	xmrig
behavioral2/memory/1724-178-0x00007FF66EE40000-0x00007FF66F194000-memory.dmp	xmrig
behavioral2/memory/3164-176-0x00007FF7BF210000-0x00007FF7BF564000-memory.dmp	xmrig
behavioral2/memory/3268-175-0x00007FF6ADFB0000-0x00007FF6AE304000-memory.dmp	xmrig
behavioral2/memory/2804-174-0x00007FF7A6820000-0x00007FF7A6B74000-memory.dmp	xmrig
behavioral2/memory/3624-173-0x00007FF7C5480000-0x00007FF7C57D4000-memory.dmp	xmrig
behavioral2/memory/2820-171-0x00007FF754630000-0x00007FF754984000-memory.dmp	xmrig
behavioral2/memory/2652-170-0x00007FF7A1030000-0x00007FF7A1384000-memory.dmp	xmrig
behavioral2/memory/1684-169-0x00007FF784A50000-0x00007FF784DA4000-memory.dmp	xmrig
behavioral2/memory/4492-168-0x00007FF7277A0000-0x00007FF727AF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023460-165.dat	xmrig
behavioral2/files/0x000700000002345f-163.dat	xmrig
behavioral2/memory/3836-162-0x00007FF614AC0000-0x00007FF614E14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023457-158.dat	xmrig
behavioral2/files/0x000700000002345b-156.dat	xmrig
behavioral2/files/0x000700000002345a-154.dat	xmrig
behavioral2/files/0x0007000000023455-152.dat	xmrig
behavioral2/files/0x000700000002345e-147.dat	xmrig
behavioral2/files/0x0007000000023458-144.dat	xmrig
behavioral2/files/0x000700000002345d-142.dat	xmrig
behavioral2/memory/2728-140-0x00007FF6A54D0000-0x00007FF6A5824000-memory.dmp	xmrig
behavioral2/files/0x0007000000023453-137.dat	xmrig
behavioral2/memory/4764-127-0x00007FF670B90000-0x00007FF670EE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023452-120.dat	xmrig
behavioral2/memory/4808-106-0x00007FF715830000-0x00007FF715B84000-memory.dmp	xmrig
behavioral2/files/0x000700000002344f-96.dat	xmrig
behavioral2/files/0x0007000000023454-109.dat	xmrig
behavioral2/files/0x0008000000023441-189.dat	xmrig
behavioral2/files/0x000700000002344d-95.dat	xmrig
behavioral2/files/0x000700000002344a-65.dat	xmrig
behavioral2/memory/1528-60-0x00007FF7117C0000-0x00007FF711B14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023447-59.dat	xmrig
behavioral2/files/0x000700000002344b-64.dat	xmrig
behavioral2/files/0x0007000000023449-52.dat	xmrig
behavioral2/memory/2560-41-0x00007FF660C90000-0x00007FF660FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023446-32.dat	xmrig
behavioral2/memory/4428-25-0x00007FF644950000-0x00007FF644CA4000-memory.dmp	xmrig
behavioral2/memory/1004-14-0x00007FF73D7C0000-0x00007FF73DB14000-memory.dmp	xmrig
behavioral2/memory/2452-2072-0x00007FF6CEBE0000-0x00007FF6CEF34000-memory.dmp	xmrig
behavioral2/memory/1004-2073-0x00007FF73D7C0000-0x00007FF73DB14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1004	gJiSsLz.exe
4428	tMyZFRF.exe
5008	BlWLgFn.exe
2144	bFmYTZA.exe
2512	hiRUfiK.exe
2560	XynbJZF.exe
1528	qaFNHTw.exe
4356	dSLahnc.exe
4692	kcriwwW.exe
4808	mYiEYkH.exe
4764	eZjkDWg.exe
2728	zcBOrsn.exe
3836	JQWmdSW.exe
3092	TeZmwIU.exe
4520	VkhTrce.exe
4492	DlYJyNl.exe
1684	DamQYgM.exe
3684	tEOJmtE.exe
2652	hPrmprJ.exe
2820	QmmlmBw.exe
4568	tzJFlBM.exe
3624	nxBdjYO.exe
2804	VkftJWE.exe
3268	tVRLfwy.exe
3164	XMkeKwt.exe
3620	ooNSmyP.exe
3776	KWuueZe.exe
1724	zTUOOUG.exe
996	nyNMgfc.exe
3844	pPxSDKN.exe
2336	AOFUIDT.exe
1204	SoyaxLd.exe
3760	fOWQqLF.exe
4316	bOWvXTp.exe
2372	WuPKMAp.exe
4700	esfsiEP.exe
1872	XmkBVEJ.exe
4344	HrlKVSS.exe
1032	kQkXoLA.exe
4124	eFbahdS.exe
4416	kuROGXm.exe
4844	THNcRLM.exe
3916	tTHKBit.exe
1828	CvdLURq.exe
2508	fwQEZou.exe
4792	cWSffuw.exe
2376	GHotIsY.exe
2936	GcxXSwF.exe
2576	jWeQBxj.exe
4528	oYkCvFc.exe
3288	xymZMsT.exe
4488	KouLwDb.exe
408	ymOKwEq.exe
1796	lzCCnRn.exe
4532	yvGKULC.exe
1316	DoeqccW.exe
1292	mPHLeZb.exe
2000	XYReSlp.exe
1040	gFnKLco.exe
1948	kPBPdle.exe
1688	OtVWjGI.exe
3764	ixQkfnl.exe
3308	rArgnRv.exe
4788	taXiRnO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2452-0-0x00007FF6CEBE0000-0x00007FF6CEF34000-memory.dmp	upx
behavioral2/files/0x0008000000023440-5.dat	upx
behavioral2/files/0x0007000000023445-7.dat	upx
behavioral2/files/0x0007000000023444-12.dat	upx
behavioral2/memory/5008-15-0x00007FF6DB330000-0x00007FF6DB684000-memory.dmp	upx
behavioral2/files/0x0007000000023448-33.dat	upx
behavioral2/memory/2144-35-0x00007FF7F7C10000-0x00007FF7F7F64000-memory.dmp	upx
behavioral2/files/0x000700000002344c-45.dat	upx
behavioral2/files/0x000700000002344e-53.dat	upx
behavioral2/files/0x0007000000023450-61.dat	upx
behavioral2/files/0x0007000000023451-73.dat	upx
behavioral2/memory/4692-84-0x00007FF639CB0000-0x00007FF63A004000-memory.dmp	upx
behavioral2/files/0x0007000000023456-102.dat	upx
behavioral2/files/0x000700000002345c-126.dat	upx
behavioral2/files/0x0007000000023459-150.dat	upx
behavioral2/memory/3092-167-0x00007FF767BF0000-0x00007FF767F44000-memory.dmp	upx
behavioral2/memory/4568-172-0x00007FF610390000-0x00007FF6106E4000-memory.dmp	upx
behavioral2/memory/3620-177-0x00007FF787070000-0x00007FF7873C4000-memory.dmp	upx
behavioral2/memory/3776-184-0x00007FF79DCE0000-0x00007FF79E034000-memory.dmp	upx
behavioral2/files/0x0007000000023461-185.dat	upx
behavioral2/memory/3684-183-0x00007FF6A8030000-0x00007FF6A8384000-memory.dmp	upx
behavioral2/memory/4520-182-0x00007FF7C9BE0000-0x00007FF7C9F34000-memory.dmp	upx
behavioral2/memory/4356-181-0x00007FF7B9180000-0x00007FF7B94D4000-memory.dmp	upx
behavioral2/memory/2512-180-0x00007FF7DB880000-0x00007FF7DBBD4000-memory.dmp	upx
behavioral2/memory/996-179-0x00007FF67C740000-0x00007FF67CA94000-memory.dmp	upx
behavioral2/memory/1724-178-0x00007FF66EE40000-0x00007FF66F194000-memory.dmp	upx
behavioral2/memory/3164-176-0x00007FF7BF210000-0x00007FF7BF564000-memory.dmp	upx
behavioral2/memory/3268-175-0x00007FF6ADFB0000-0x00007FF6AE304000-memory.dmp	upx
behavioral2/memory/2804-174-0x00007FF7A6820000-0x00007FF7A6B74000-memory.dmp	upx
behavioral2/memory/3624-173-0x00007FF7C5480000-0x00007FF7C57D4000-memory.dmp	upx
behavioral2/memory/2820-171-0x00007FF754630000-0x00007FF754984000-memory.dmp	upx
behavioral2/memory/2652-170-0x00007FF7A1030000-0x00007FF7A1384000-memory.dmp	upx
behavioral2/memory/1684-169-0x00007FF784A50000-0x00007FF784DA4000-memory.dmp	upx
behavioral2/memory/4492-168-0x00007FF7277A0000-0x00007FF727AF4000-memory.dmp	upx
behavioral2/files/0x0007000000023460-165.dat	upx
behavioral2/files/0x000700000002345f-163.dat	upx
behavioral2/memory/3836-162-0x00007FF614AC0000-0x00007FF614E14000-memory.dmp	upx
behavioral2/files/0x0007000000023457-158.dat	upx
behavioral2/files/0x000700000002345b-156.dat	upx
behavioral2/files/0x000700000002345a-154.dat	upx
behavioral2/files/0x0007000000023455-152.dat	upx
behavioral2/files/0x000700000002345e-147.dat	upx
behavioral2/files/0x0007000000023458-144.dat	upx
behavioral2/files/0x000700000002345d-142.dat	upx
behavioral2/memory/2728-140-0x00007FF6A54D0000-0x00007FF6A5824000-memory.dmp	upx
behavioral2/files/0x0007000000023453-137.dat	upx
behavioral2/memory/4764-127-0x00007FF670B90000-0x00007FF670EE4000-memory.dmp	upx
behavioral2/files/0x0007000000023452-120.dat	upx
behavioral2/memory/4808-106-0x00007FF715830000-0x00007FF715B84000-memory.dmp	upx
behavioral2/files/0x000700000002344f-96.dat	upx
behavioral2/files/0x0007000000023454-109.dat	upx
behavioral2/files/0x0008000000023441-189.dat	upx
behavioral2/files/0x000700000002344d-95.dat	upx
behavioral2/files/0x000700000002344a-65.dat	upx
behavioral2/memory/1528-60-0x00007FF7117C0000-0x00007FF711B14000-memory.dmp	upx
behavioral2/files/0x0007000000023447-59.dat	upx
behavioral2/files/0x000700000002344b-64.dat	upx
behavioral2/files/0x0007000000023449-52.dat	upx
behavioral2/memory/2560-41-0x00007FF660C90000-0x00007FF660FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023446-32.dat	upx
behavioral2/memory/4428-25-0x00007FF644950000-0x00007FF644CA4000-memory.dmp	upx
behavioral2/memory/1004-14-0x00007FF73D7C0000-0x00007FF73DB14000-memory.dmp	upx
behavioral2/memory/2452-2072-0x00007FF6CEBE0000-0x00007FF6CEF34000-memory.dmp	upx
behavioral2/memory/1004-2073-0x00007FF73D7C0000-0x00007FF73DB14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VuxvpCR.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\LwcuBjk.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\YtSXZIZ.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\AxupnpD.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\wqIZZin.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\UrwpCSA.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\hPrmprJ.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\tviThZV.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\Wlurngj.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\ruWPUwL.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\jRuJMiO.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\hOwOEdB.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\gCMMWCO.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\yYZJNhI.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\niUpdnH.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\pUjoEMZ.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\GVHHdoA.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\rxvtakl.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\esfsiEP.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\NpAKhQX.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\ecjoOYB.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\BQaiytA.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\qVqFIQS.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\BWyNsXO.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\WjHKxXH.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\CmCqCCf.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\QppatwL.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\TRlfLrJ.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\bNXXqSd.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\CPEnarF.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\ugwgYKK.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\RdyxAzJ.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\qWEehhU.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\pPxSDKN.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\FtXDXxH.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\xremjKr.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\SLaGDsg.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\UhADXlM.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\THFoFDa.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\uRsUzHN.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\WSlubCG.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\hiRUfiK.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\tTHKBit.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\xymZMsT.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\nMYwVjX.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\fwGBGTw.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\OtEnhGt.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\UdwtuXN.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\fjkQgcG.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\jdQJYna.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\YODjAaa.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\CveVjXh.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\bQfhtmQ.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\kGVWALB.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\XwsmlFq.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\znFsGdo.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\AOFUIDT.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\AWqgXWY.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\oTGQusR.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\LhPsvdC.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\sETzfst.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\xAuNNdI.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\tyxgkzV.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
File created	C:\Windows\System\CNmCEIJ.exe	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14652	dwm.exe
Token: SeChangeNotifyPrivilege	14652	dwm.exe
Token: 33	14652	dwm.exe
Token: SeIncBasePriorityPrivilege	14652	dwm.exe
Token: SeShutdownPrivilege	14652	dwm.exe
Token: SeCreatePagefilePrivilege	14652	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 1004	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	85
PID 2452 wrote to memory of 1004	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	85
PID 2452 wrote to memory of 4428	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	86
PID 2452 wrote to memory of 4428	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	86
PID 2452 wrote to memory of 5008	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	87
PID 2452 wrote to memory of 5008	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	87
PID 2452 wrote to memory of 2144	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	88
PID 2452 wrote to memory of 2144	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	88
PID 2452 wrote to memory of 2512	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	89
PID 2452 wrote to memory of 2512	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	89
PID 2452 wrote to memory of 2560	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	90
PID 2452 wrote to memory of 2560	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	90
PID 2452 wrote to memory of 1528	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	91
PID 2452 wrote to memory of 1528	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	91
PID 2452 wrote to memory of 4808	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	92
PID 2452 wrote to memory of 4808	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	92
PID 2452 wrote to memory of 4356	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	93
PID 2452 wrote to memory of 4356	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	93
PID 2452 wrote to memory of 4692	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	94
PID 2452 wrote to memory of 4692	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	94
PID 2452 wrote to memory of 4764	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	95
PID 2452 wrote to memory of 4764	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	95
PID 2452 wrote to memory of 2728	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	96
PID 2452 wrote to memory of 2728	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	96
PID 2452 wrote to memory of 3836	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	97
PID 2452 wrote to memory of 3836	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	97
PID 2452 wrote to memory of 3092	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	98
PID 2452 wrote to memory of 3092	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	98
PID 2452 wrote to memory of 4520	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	99
PID 2452 wrote to memory of 4520	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	99
PID 2452 wrote to memory of 4492	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	100
PID 2452 wrote to memory of 4492	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	100
PID 2452 wrote to memory of 1684	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	101
PID 2452 wrote to memory of 1684	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	101
PID 2452 wrote to memory of 3684	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	102
PID 2452 wrote to memory of 3684	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	102
PID 2452 wrote to memory of 2652	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	103
PID 2452 wrote to memory of 2652	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	103
PID 2452 wrote to memory of 2820	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	104
PID 2452 wrote to memory of 2820	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	104
PID 2452 wrote to memory of 3164	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	105
PID 2452 wrote to memory of 3164	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	105
PID 2452 wrote to memory of 4568	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	106
PID 2452 wrote to memory of 4568	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	106
PID 2452 wrote to memory of 3624	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	107
PID 2452 wrote to memory of 3624	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	107
PID 2452 wrote to memory of 2804	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	108
PID 2452 wrote to memory of 2804	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	108
PID 2452 wrote to memory of 3268	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	109
PID 2452 wrote to memory of 3268	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	109
PID 2452 wrote to memory of 3620	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	110
PID 2452 wrote to memory of 3620	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	110
PID 2452 wrote to memory of 3776	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	111
PID 2452 wrote to memory of 3776	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	111
PID 2452 wrote to memory of 1724	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	112
PID 2452 wrote to memory of 1724	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	112
PID 2452 wrote to memory of 996	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	113
PID 2452 wrote to memory of 996	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	113
PID 2452 wrote to memory of 3844	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	114
PID 2452 wrote to memory of 3844	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	114
PID 2452 wrote to memory of 2336	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	115
PID 2452 wrote to memory of 2336	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	115
PID 2452 wrote to memory of 1204	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	118
PID 2452 wrote to memory of 1204	2452	5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5dbdfee238aeedcc8c28d9bcacb98b70_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\System\gJiSsLz.exe
  C:\Windows\System\gJiSsLz.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\tMyZFRF.exe
  C:\Windows\System\tMyZFRF.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\BlWLgFn.exe
  C:\Windows\System\BlWLgFn.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\bFmYTZA.exe
  C:\Windows\System\bFmYTZA.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\hiRUfiK.exe
  C:\Windows\System\hiRUfiK.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\XynbJZF.exe
  C:\Windows\System\XynbJZF.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\qaFNHTw.exe
  C:\Windows\System\qaFNHTw.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\mYiEYkH.exe
  C:\Windows\System\mYiEYkH.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\dSLahnc.exe
  C:\Windows\System\dSLahnc.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\kcriwwW.exe
  C:\Windows\System\kcriwwW.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\eZjkDWg.exe
  C:\Windows\System\eZjkDWg.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\zcBOrsn.exe
  C:\Windows\System\zcBOrsn.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\JQWmdSW.exe
  C:\Windows\System\JQWmdSW.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\TeZmwIU.exe
  C:\Windows\System\TeZmwIU.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\VkhTrce.exe
  C:\Windows\System\VkhTrce.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\DlYJyNl.exe
  C:\Windows\System\DlYJyNl.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\DamQYgM.exe
  C:\Windows\System\DamQYgM.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\tEOJmtE.exe
  C:\Windows\System\tEOJmtE.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\hPrmprJ.exe
  C:\Windows\System\hPrmprJ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\QmmlmBw.exe
  C:\Windows\System\QmmlmBw.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\XMkeKwt.exe
  C:\Windows\System\XMkeKwt.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\tzJFlBM.exe
  C:\Windows\System\tzJFlBM.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\nxBdjYO.exe
  C:\Windows\System\nxBdjYO.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\VkftJWE.exe
  C:\Windows\System\VkftJWE.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\tVRLfwy.exe
  C:\Windows\System\tVRLfwy.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\ooNSmyP.exe
  C:\Windows\System\ooNSmyP.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\KWuueZe.exe
  C:\Windows\System\KWuueZe.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\zTUOOUG.exe
  C:\Windows\System\zTUOOUG.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\nyNMgfc.exe
  C:\Windows\System\nyNMgfc.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\pPxSDKN.exe
  C:\Windows\System\pPxSDKN.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\AOFUIDT.exe
  C:\Windows\System\AOFUIDT.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\SoyaxLd.exe
  C:\Windows\System\SoyaxLd.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\fOWQqLF.exe
  C:\Windows\System\fOWQqLF.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\bOWvXTp.exe
  C:\Windows\System\bOWvXTp.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\WuPKMAp.exe
  C:\Windows\System\WuPKMAp.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\esfsiEP.exe
  C:\Windows\System\esfsiEP.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\XmkBVEJ.exe
  C:\Windows\System\XmkBVEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\HrlKVSS.exe
  C:\Windows\System\HrlKVSS.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\kQkXoLA.exe
  C:\Windows\System\kQkXoLA.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\eFbahdS.exe
  C:\Windows\System\eFbahdS.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\kuROGXm.exe
  C:\Windows\System\kuROGXm.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\THNcRLM.exe
  C:\Windows\System\THNcRLM.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\tTHKBit.exe
  C:\Windows\System\tTHKBit.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\CvdLURq.exe
  C:\Windows\System\CvdLURq.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\fwQEZou.exe
  C:\Windows\System\fwQEZou.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\cWSffuw.exe
  C:\Windows\System\cWSffuw.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\GHotIsY.exe
  C:\Windows\System\GHotIsY.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\GcxXSwF.exe
  C:\Windows\System\GcxXSwF.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\jWeQBxj.exe
  C:\Windows\System\jWeQBxj.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\oYkCvFc.exe
  C:\Windows\System\oYkCvFc.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\xymZMsT.exe
  C:\Windows\System\xymZMsT.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\KouLwDb.exe
  C:\Windows\System\KouLwDb.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\ymOKwEq.exe
  C:\Windows\System\ymOKwEq.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\lzCCnRn.exe
  C:\Windows\System\lzCCnRn.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\yvGKULC.exe
  C:\Windows\System\yvGKULC.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\DoeqccW.exe
  C:\Windows\System\DoeqccW.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\mPHLeZb.exe
  C:\Windows\System\mPHLeZb.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\XYReSlp.exe
  C:\Windows\System\XYReSlp.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\gFnKLco.exe
  C:\Windows\System\gFnKLco.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\kPBPdle.exe
  C:\Windows\System\kPBPdle.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\OtVWjGI.exe
  C:\Windows\System\OtVWjGI.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\ixQkfnl.exe
  C:\Windows\System\ixQkfnl.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\rArgnRv.exe
  C:\Windows\System\rArgnRv.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\taXiRnO.exe
  C:\Windows\System\taXiRnO.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\lWNDmrK.exe
  C:\Windows\System\lWNDmrK.exe
  2⤵
  PID:2732
- C:\Windows\System\difILxG.exe
  C:\Windows\System\difILxG.exe
  2⤵
  PID:2156
- C:\Windows\System\TLfQGKH.exe
  C:\Windows\System\TLfQGKH.exe
  2⤵
  PID:3328
- C:\Windows\System\FlLdmEb.exe
  C:\Windows\System\FlLdmEb.exe
  2⤵
  PID:2356
- C:\Windows\System\aWuhjqI.exe
  C:\Windows\System\aWuhjqI.exe
  2⤵
  PID:4884
- C:\Windows\System\CmCqCCf.exe
  C:\Windows\System\CmCqCCf.exe
  2⤵
  PID:1764
- C:\Windows\System\HfqCMEr.exe
  C:\Windows\System\HfqCMEr.exe
  2⤵
  PID:1740
- C:\Windows\System\kluxRoj.exe
  C:\Windows\System\kluxRoj.exe
  2⤵
  PID:2216
- C:\Windows\System\gCMMWCO.exe
  C:\Windows\System\gCMMWCO.exe
  2⤵
  PID:4836
- C:\Windows\System\lwQXQfg.exe
  C:\Windows\System\lwQXQfg.exe
  2⤵
  PID:3748
- C:\Windows\System\gphusEj.exe
  C:\Windows\System\gphusEj.exe
  2⤵
  PID:1416
- C:\Windows\System\cjQvxes.exe
  C:\Windows\System\cjQvxes.exe
  2⤵
  PID:4964
- C:\Windows\System\RCfjzni.exe
  C:\Windows\System\RCfjzni.exe
  2⤵
  PID:4536
- C:\Windows\System\WhsRVnN.exe
  C:\Windows\System\WhsRVnN.exe
  2⤵
  PID:2084
- C:\Windows\System\yrVqczp.exe
  C:\Windows\System\yrVqczp.exe
  2⤵
  PID:2524
- C:\Windows\System\qPTmtUq.exe
  C:\Windows\System\qPTmtUq.exe
  2⤵
  PID:756
- C:\Windows\System\xLrYZKE.exe
  C:\Windows\System\xLrYZKE.exe
  2⤵
  PID:4564
- C:\Windows\System\CTpVHni.exe
  C:\Windows\System\CTpVHni.exe
  2⤵
  PID:3124
- C:\Windows\System\fNwhrWR.exe
  C:\Windows\System\fNwhrWR.exe
  2⤵
  PID:4264
- C:\Windows\System\WTNZJpD.exe
  C:\Windows\System\WTNZJpD.exe
  2⤵
  PID:4900
- C:\Windows\System\KqFnoYg.exe
  C:\Windows\System\KqFnoYg.exe
  2⤵
  PID:672
- C:\Windows\System\BnJOkMU.exe
  C:\Windows\System\BnJOkMU.exe
  2⤵
  PID:4804
- C:\Windows\System\SckJXcq.exe
  C:\Windows\System\SckJXcq.exe
  2⤵
  PID:2344
- C:\Windows\System\tMRzsqN.exe
  C:\Windows\System\tMRzsqN.exe
  2⤵
  PID:2016
- C:\Windows\System\uiEoCum.exe
  C:\Windows\System\uiEoCum.exe
  2⤵
  PID:5140
- C:\Windows\System\McsxuyD.exe
  C:\Windows\System\McsxuyD.exe
  2⤵
  PID:5168
- C:\Windows\System\DtqqKJQ.exe
  C:\Windows\System\DtqqKJQ.exe
  2⤵
  PID:5196
- C:\Windows\System\jvuyDlh.exe
  C:\Windows\System\jvuyDlh.exe
  2⤵
  PID:5236
- C:\Windows\System\ornCxgW.exe
  C:\Windows\System\ornCxgW.exe
  2⤵
  PID:5276
- C:\Windows\System\yyBvHsk.exe
  C:\Windows\System\yyBvHsk.exe
  2⤵
  PID:5296
- C:\Windows\System\SVuZeAr.exe
  C:\Windows\System\SVuZeAr.exe
  2⤵
  PID:5324
- C:\Windows\System\LkCepSf.exe
  C:\Windows\System\LkCepSf.exe
  2⤵
  PID:5352
- C:\Windows\System\BlNfzZo.exe
  C:\Windows\System\BlNfzZo.exe
  2⤵
  PID:5380
- C:\Windows\System\EagigPz.exe
  C:\Windows\System\EagigPz.exe
  2⤵
  PID:5408
- C:\Windows\System\OaoVEAm.exe
  C:\Windows\System\OaoVEAm.exe
  2⤵
  PID:5436
- C:\Windows\System\JiLXvJc.exe
  C:\Windows\System\JiLXvJc.exe
  2⤵
  PID:5464
- C:\Windows\System\JLYvCSL.exe
  C:\Windows\System\JLYvCSL.exe
  2⤵
  PID:5492
- C:\Windows\System\acDXcKp.exe
  C:\Windows\System\acDXcKp.exe
  2⤵
  PID:5520
- C:\Windows\System\UJHUsVI.exe
  C:\Windows\System\UJHUsVI.exe
  2⤵
  PID:5548
- C:\Windows\System\NpAKhQX.exe
  C:\Windows\System\NpAKhQX.exe
  2⤵
  PID:5576
- C:\Windows\System\pizQPnn.exe
  C:\Windows\System\pizQPnn.exe
  2⤵
  PID:5608
- C:\Windows\System\YIsHaLu.exe
  C:\Windows\System\YIsHaLu.exe
  2⤵
  PID:5636
- C:\Windows\System\asbFvek.exe
  C:\Windows\System\asbFvek.exe
  2⤵
  PID:5664
- C:\Windows\System\uGWMNnt.exe
  C:\Windows\System\uGWMNnt.exe
  2⤵
  PID:5692
- C:\Windows\System\AVqBXBw.exe
  C:\Windows\System\AVqBXBw.exe
  2⤵
  PID:5720
- C:\Windows\System\CvKtxyT.exe
  C:\Windows\System\CvKtxyT.exe
  2⤵
  PID:5748
- C:\Windows\System\rsQGeFU.exe
  C:\Windows\System\rsQGeFU.exe
  2⤵
  PID:5776
- C:\Windows\System\RfnBKEB.exe
  C:\Windows\System\RfnBKEB.exe
  2⤵
  PID:5804
- C:\Windows\System\ClJOoKr.exe
  C:\Windows\System\ClJOoKr.exe
  2⤵
  PID:5832
- C:\Windows\System\vSzaimr.exe
  C:\Windows\System\vSzaimr.exe
  2⤵
  PID:5864
- C:\Windows\System\tSHjxHp.exe
  C:\Windows\System\tSHjxHp.exe
  2⤵
  PID:5892
- C:\Windows\System\cwdTxxC.exe
  C:\Windows\System\cwdTxxC.exe
  2⤵
  PID:5920
- C:\Windows\System\UMuoyBc.exe
  C:\Windows\System\UMuoyBc.exe
  2⤵
  PID:5948
- C:\Windows\System\SUdVHHn.exe
  C:\Windows\System\SUdVHHn.exe
  2⤵
  PID:5976
- C:\Windows\System\IhrBUgE.exe
  C:\Windows\System\IhrBUgE.exe
  2⤵
  PID:6004
- C:\Windows\System\gGczqHt.exe
  C:\Windows\System\gGczqHt.exe
  2⤵
  PID:6032
- C:\Windows\System\ecjoOYB.exe
  C:\Windows\System\ecjoOYB.exe
  2⤵
  PID:6060
- C:\Windows\System\uYOOfGR.exe
  C:\Windows\System\uYOOfGR.exe
  2⤵
  PID:6088
- C:\Windows\System\wRiSwKN.exe
  C:\Windows\System\wRiSwKN.exe
  2⤵
  PID:6116
- C:\Windows\System\XLbwSLY.exe
  C:\Windows\System\XLbwSLY.exe
  2⤵
  PID:5124
- C:\Windows\System\lwTjrHr.exe
  C:\Windows\System\lwTjrHr.exe
  2⤵
  PID:5180
- C:\Windows\System\WIqyvCi.exe
  C:\Windows\System\WIqyvCi.exe
  2⤵
  PID:5256
- C:\Windows\System\VtMvDQQ.exe
  C:\Windows\System\VtMvDQQ.exe
  2⤵
  PID:5320
- C:\Windows\System\QyJAeoL.exe
  C:\Windows\System\QyJAeoL.exe
  2⤵
  PID:5400
- C:\Windows\System\QeIwVgt.exe
  C:\Windows\System\QeIwVgt.exe
  2⤵
  PID:5460
- C:\Windows\System\AcpOLwd.exe
  C:\Windows\System\AcpOLwd.exe
  2⤵
  PID:5516
- C:\Windows\System\deRCJeK.exe
  C:\Windows\System\deRCJeK.exe
  2⤵
  PID:5596
- C:\Windows\System\FJmaocg.exe
  C:\Windows\System\FJmaocg.exe
  2⤵
  PID:5656
- C:\Windows\System\rIIQhBN.exe
  C:\Windows\System\rIIQhBN.exe
  2⤵
  PID:5716
- C:\Windows\System\aQopOIS.exe
  C:\Windows\System\aQopOIS.exe
  2⤵
  PID:5796
- C:\Windows\System\FMWShOF.exe
  C:\Windows\System\FMWShOF.exe
  2⤵
  PID:5860
- C:\Windows\System\ugwgYKK.exe
  C:\Windows\System\ugwgYKK.exe
  2⤵
  PID:5916
- C:\Windows\System\UmrGqCN.exe
  C:\Windows\System\UmrGqCN.exe
  2⤵
  PID:6000
- C:\Windows\System\ZmVDWIJ.exe
  C:\Windows\System\ZmVDWIJ.exe
  2⤵
  PID:6044
- C:\Windows\System\tDUuait.exe
  C:\Windows\System\tDUuait.exe
  2⤵
  PID:6128
- C:\Windows\System\nSaxOwB.exe
  C:\Windows\System\nSaxOwB.exe
  2⤵
  PID:5132
- C:\Windows\System\MllqvPx.exe
  C:\Windows\System\MllqvPx.exe
  2⤵
  PID:5372
- C:\Windows\System\raFQiXC.exe
  C:\Windows\System\raFQiXC.exe
  2⤵
  PID:5512
- C:\Windows\System\oOcRMKu.exe
  C:\Windows\System\oOcRMKu.exe
  2⤵
  PID:5704
- C:\Windows\System\pyDxlyu.exe
  C:\Windows\System\pyDxlyu.exe
  2⤵
  PID:5824
- C:\Windows\System\tviThZV.exe
  C:\Windows\System\tviThZV.exe
  2⤵
  PID:5912
- C:\Windows\System\nMYwVjX.exe
  C:\Windows\System\nMYwVjX.exe
  2⤵
  PID:6080
- C:\Windows\System\xQlHONP.exe
  C:\Windows\System\xQlHONP.exe
  2⤵
  PID:5348
- C:\Windows\System\FtXDXxH.exe
  C:\Windows\System\FtXDXxH.exe
  2⤵
  PID:5884
- C:\Windows\System\gdLJXfy.exe
  C:\Windows\System\gdLJXfy.exe
  2⤵
  PID:5292
- C:\Windows\System\CdHXaAs.exe
  C:\Windows\System\CdHXaAs.exe
  2⤵
  PID:6028
- C:\Windows\System\fNucnaz.exe
  C:\Windows\System\fNucnaz.exe
  2⤵
  PID:6156
- C:\Windows\System\JlLLmZx.exe
  C:\Windows\System\JlLLmZx.exe
  2⤵
  PID:6192
- C:\Windows\System\dDZxxmX.exe
  C:\Windows\System\dDZxxmX.exe
  2⤵
  PID:6212
- C:\Windows\System\QNjuUNT.exe
  C:\Windows\System\QNjuUNT.exe
  2⤵
  PID:6240
- C:\Windows\System\DSXbcMM.exe
  C:\Windows\System\DSXbcMM.exe
  2⤵
  PID:6272
- C:\Windows\System\ESNbzDU.exe
  C:\Windows\System\ESNbzDU.exe
  2⤵
  PID:6296
- C:\Windows\System\VgGSERv.exe
  C:\Windows\System\VgGSERv.exe
  2⤵
  PID:6324
- C:\Windows\System\ZohdPLX.exe
  C:\Windows\System\ZohdPLX.exe
  2⤵
  PID:6356
- C:\Windows\System\FcBilFx.exe
  C:\Windows\System\FcBilFx.exe
  2⤵
  PID:6384
- C:\Windows\System\eEmUbAP.exe
  C:\Windows\System\eEmUbAP.exe
  2⤵
  PID:6412
- C:\Windows\System\ETuibJr.exe
  C:\Windows\System\ETuibJr.exe
  2⤵
  PID:6440
- C:\Windows\System\xremjKr.exe
  C:\Windows\System\xremjKr.exe
  2⤵
  PID:6468
- C:\Windows\System\NDTnuEe.exe
  C:\Windows\System\NDTnuEe.exe
  2⤵
  PID:6504
- C:\Windows\System\SLaGDsg.exe
  C:\Windows\System\SLaGDsg.exe
  2⤵
  PID:6524
- C:\Windows\System\pJcvkPX.exe
  C:\Windows\System\pJcvkPX.exe
  2⤵
  PID:6552
- C:\Windows\System\nAskSDk.exe
  C:\Windows\System\nAskSDk.exe
  2⤵
  PID:6588
- C:\Windows\System\CJsdNYa.exe
  C:\Windows\System\CJsdNYa.exe
  2⤵
  PID:6612
- C:\Windows\System\ByiEDyr.exe
  C:\Windows\System\ByiEDyr.exe
  2⤵
  PID:6636
- C:\Windows\System\saMSnng.exe
  C:\Windows\System\saMSnng.exe
  2⤵
  PID:6668
- C:\Windows\System\NCfkRmK.exe
  C:\Windows\System\NCfkRmK.exe
  2⤵
  PID:6696
- C:\Windows\System\bGoKOpt.exe
  C:\Windows\System\bGoKOpt.exe
  2⤵
  PID:6720
- C:\Windows\System\MMxRHOF.exe
  C:\Windows\System\MMxRHOF.exe
  2⤵
  PID:6748
- C:\Windows\System\diozekA.exe
  C:\Windows\System\diozekA.exe
  2⤵
  PID:6776
- C:\Windows\System\ZwxIyWC.exe
  C:\Windows\System\ZwxIyWC.exe
  2⤵
  PID:6804
- C:\Windows\System\acKgtTt.exe
  C:\Windows\System\acKgtTt.exe
  2⤵
  PID:6832
- C:\Windows\System\rXlpXog.exe
  C:\Windows\System\rXlpXog.exe
  2⤵
  PID:6860
- C:\Windows\System\fyQPOsM.exe
  C:\Windows\System\fyQPOsM.exe
  2⤵
  PID:6888
- C:\Windows\System\yWOrMCV.exe
  C:\Windows\System\yWOrMCV.exe
  2⤵
  PID:6916
- C:\Windows\System\EIsbrto.exe
  C:\Windows\System\EIsbrto.exe
  2⤵
  PID:6944
- C:\Windows\System\ZmnOdhm.exe
  C:\Windows\System\ZmnOdhm.exe
  2⤵
  PID:6976
- C:\Windows\System\BUCHCmB.exe
  C:\Windows\System\BUCHCmB.exe
  2⤵
  PID:7000
- C:\Windows\System\toLcPqv.exe
  C:\Windows\System\toLcPqv.exe
  2⤵
  PID:7028
- C:\Windows\System\YSGtrCg.exe
  C:\Windows\System\YSGtrCg.exe
  2⤵
  PID:7056
- C:\Windows\System\iqHOTCm.exe
  C:\Windows\System\iqHOTCm.exe
  2⤵
  PID:7084
- C:\Windows\System\gIyxhUs.exe
  C:\Windows\System\gIyxhUs.exe
  2⤵
  PID:7112
- C:\Windows\System\KVwFtLM.exe
  C:\Windows\System\KVwFtLM.exe
  2⤵
  PID:7140
- C:\Windows\System\syNxCHl.exe
  C:\Windows\System\syNxCHl.exe
  2⤵
  PID:5816
- C:\Windows\System\feoweVB.exe
  C:\Windows\System\feoweVB.exe
  2⤵
  PID:6200
- C:\Windows\System\oXzuxIB.exe
  C:\Windows\System\oXzuxIB.exe
  2⤵
  PID:6264
- C:\Windows\System\AWqgXWY.exe
  C:\Windows\System\AWqgXWY.exe
  2⤵
  PID:6336
- C:\Windows\System\ONHDbMS.exe
  C:\Windows\System\ONHDbMS.exe
  2⤵
  PID:6400
- C:\Windows\System\QjHYNvD.exe
  C:\Windows\System\QjHYNvD.exe
  2⤵
  PID:6464
- C:\Windows\System\dJtiXDZ.exe
  C:\Windows\System\dJtiXDZ.exe
  2⤵
  PID:6536
- C:\Windows\System\WMriFXf.exe
  C:\Windows\System\WMriFXf.exe
  2⤵
  PID:6600
- C:\Windows\System\jKkrddX.exe
  C:\Windows\System\jKkrddX.exe
  2⤵
  PID:6660
- C:\Windows\System\bfIEKql.exe
  C:\Windows\System\bfIEKql.exe
  2⤵
  PID:6736
- C:\Windows\System\wXjtkPJ.exe
  C:\Windows\System\wXjtkPJ.exe
  2⤵
  PID:6792
- C:\Windows\System\ISUJTDi.exe
  C:\Windows\System\ISUJTDi.exe
  2⤵
  PID:6856
- C:\Windows\System\BgFjtWt.exe
  C:\Windows\System\BgFjtWt.exe
  2⤵
  PID:6928
- C:\Windows\System\rcyeBfP.exe
  C:\Windows\System\rcyeBfP.exe
  2⤵
  PID:6992
- C:\Windows\System\mdlMyfE.exe
  C:\Windows\System\mdlMyfE.exe
  2⤵
  PID:7048
- C:\Windows\System\SUrxOpU.exe
  C:\Windows\System\SUrxOpU.exe
  2⤵
  PID:7124
- C:\Windows\System\ZlgISDV.exe
  C:\Windows\System\ZlgISDV.exe
  2⤵
  PID:6184
- C:\Windows\System\gLDuDgD.exe
  C:\Windows\System\gLDuDgD.exe
  2⤵
  PID:6368
- C:\Windows\System\PhrAJtj.exe
  C:\Windows\System\PhrAJtj.exe
  2⤵
  PID:6516
- C:\Windows\System\diRnHYs.exe
  C:\Windows\System\diRnHYs.exe
  2⤵
  PID:6628
- C:\Windows\System\nvelcfi.exe
  C:\Windows\System\nvelcfi.exe
  2⤵
  PID:6824
- C:\Windows\System\YWUenjU.exe
  C:\Windows\System\YWUenjU.exe
  2⤵
  PID:6968
- C:\Windows\System\TyfmRia.exe
  C:\Windows\System\TyfmRia.exe
  2⤵
  PID:7108
- C:\Windows\System\sqDItme.exe
  C:\Windows\System\sqDItme.exe
  2⤵
  PID:6428
- C:\Windows\System\eMKGznU.exe
  C:\Windows\System\eMKGznU.exe
  2⤵
  PID:6772
- C:\Windows\System\qNMYNDb.exe
  C:\Windows\System\qNMYNDb.exe
  2⤵
  PID:7104
- C:\Windows\System\VlyyEhG.exe
  C:\Windows\System\VlyyEhG.exe
  2⤵
  PID:7040
- C:\Windows\System\aHgQwSw.exe
  C:\Windows\System\aHgQwSw.exe
  2⤵
  PID:6456
- C:\Windows\System\KCiQuVp.exe
  C:\Windows\System\KCiQuVp.exe
  2⤵
  PID:7188
- C:\Windows\System\grmJVDM.exe
  C:\Windows\System\grmJVDM.exe
  2⤵
  PID:7216
- C:\Windows\System\xOZSgCJ.exe
  C:\Windows\System\xOZSgCJ.exe
  2⤵
  PID:7244
- C:\Windows\System\jyTmHMp.exe
  C:\Windows\System\jyTmHMp.exe
  2⤵
  PID:7280
- C:\Windows\System\uoNvrXn.exe
  C:\Windows\System\uoNvrXn.exe
  2⤵
  PID:7320
- C:\Windows\System\HxcrnKc.exe
  C:\Windows\System\HxcrnKc.exe
  2⤵
  PID:7360
- C:\Windows\System\iGFYcsO.exe
  C:\Windows\System\iGFYcsO.exe
  2⤵
  PID:7392
- C:\Windows\System\Wlurngj.exe
  C:\Windows\System\Wlurngj.exe
  2⤵
  PID:7420
- C:\Windows\System\eJAAfMb.exe
  C:\Windows\System\eJAAfMb.exe
  2⤵
  PID:7456
- C:\Windows\System\KmnRPBi.exe
  C:\Windows\System\KmnRPBi.exe
  2⤵
  PID:7476
- C:\Windows\System\hrzyrmM.exe
  C:\Windows\System\hrzyrmM.exe
  2⤵
  PID:7504
- C:\Windows\System\hJxRQgm.exe
  C:\Windows\System\hJxRQgm.exe
  2⤵
  PID:7532
- C:\Windows\System\VuxvpCR.exe
  C:\Windows\System\VuxvpCR.exe
  2⤵
  PID:7560
- C:\Windows\System\gXTGHkS.exe
  C:\Windows\System\gXTGHkS.exe
  2⤵
  PID:7588
- C:\Windows\System\CcpBpPG.exe
  C:\Windows\System\CcpBpPG.exe
  2⤵
  PID:7616
- C:\Windows\System\WvPWkZv.exe
  C:\Windows\System\WvPWkZv.exe
  2⤵
  PID:7644
- C:\Windows\System\hloFNwz.exe
  C:\Windows\System\hloFNwz.exe
  2⤵
  PID:7676
- C:\Windows\System\UdwtuXN.exe
  C:\Windows\System\UdwtuXN.exe
  2⤵
  PID:7712
- C:\Windows\System\hcfACdt.exe
  C:\Windows\System\hcfACdt.exe
  2⤵
  PID:7732
- C:\Windows\System\VxQfxFA.exe
  C:\Windows\System\VxQfxFA.exe
  2⤵
  PID:7760
- C:\Windows\System\wZiJfrB.exe
  C:\Windows\System\wZiJfrB.exe
  2⤵
  PID:7788
- C:\Windows\System\zFPzwrZ.exe
  C:\Windows\System\zFPzwrZ.exe
  2⤵
  PID:7816
- C:\Windows\System\aNWwqTP.exe
  C:\Windows\System\aNWwqTP.exe
  2⤵
  PID:7844
- C:\Windows\System\nMCTCYa.exe
  C:\Windows\System\nMCTCYa.exe
  2⤵
  PID:7872
- C:\Windows\System\PDnJmCq.exe
  C:\Windows\System\PDnJmCq.exe
  2⤵
  PID:7900
- C:\Windows\System\SbATyKR.exe
  C:\Windows\System\SbATyKR.exe
  2⤵
  PID:7928
- C:\Windows\System\ualNcnu.exe
  C:\Windows\System\ualNcnu.exe
  2⤵
  PID:7956
- C:\Windows\System\MCqzyxC.exe
  C:\Windows\System\MCqzyxC.exe
  2⤵
  PID:7984
- C:\Windows\System\PXLiyLf.exe
  C:\Windows\System\PXLiyLf.exe
  2⤵
  PID:8012
- C:\Windows\System\jMPpwZr.exe
  C:\Windows\System\jMPpwZr.exe
  2⤵
  PID:8040
- C:\Windows\System\rcPNICJ.exe
  C:\Windows\System\rcPNICJ.exe
  2⤵
  PID:8068
- C:\Windows\System\tDjfraM.exe
  C:\Windows\System\tDjfraM.exe
  2⤵
  PID:8096
- C:\Windows\System\dGfJyGw.exe
  C:\Windows\System\dGfJyGw.exe
  2⤵
  PID:8124
- C:\Windows\System\XSSMlAu.exe
  C:\Windows\System\XSSMlAu.exe
  2⤵
  PID:8156
- C:\Windows\System\DzDnjEY.exe
  C:\Windows\System\DzDnjEY.exe
  2⤵
  PID:8184
- C:\Windows\System\FUGNlnF.exe
  C:\Windows\System\FUGNlnF.exe
  2⤵
  PID:7212
- C:\Windows\System\XENuifb.exe
  C:\Windows\System\XENuifb.exe
  2⤵
  PID:7312
- C:\Windows\System\tEogylE.exe
  C:\Windows\System\tEogylE.exe
  2⤵
  PID:7380
- C:\Windows\System\fQqzoby.exe
  C:\Windows\System\fQqzoby.exe
  2⤵
  PID:7440
- C:\Windows\System\ouRCCHW.exe
  C:\Windows\System\ouRCCHW.exe
  2⤵
  PID:7500
- C:\Windows\System\YEIubWU.exe
  C:\Windows\System\YEIubWU.exe
  2⤵
  PID:7572
- C:\Windows\System\ntjxZVJ.exe
  C:\Windows\System\ntjxZVJ.exe
  2⤵
  PID:7636
- C:\Windows\System\zYEztWq.exe
  C:\Windows\System\zYEztWq.exe
  2⤵
  PID:7700
- C:\Windows\System\llqooVL.exe
  C:\Windows\System\llqooVL.exe
  2⤵
  PID:7772
- C:\Windows\System\QPXCbbz.exe
  C:\Windows\System\QPXCbbz.exe
  2⤵
  PID:7836
- C:\Windows\System\mJppwwv.exe
  C:\Windows\System\mJppwwv.exe
  2⤵
  PID:7896
- C:\Windows\System\AuuAVVz.exe
  C:\Windows\System\AuuAVVz.exe
  2⤵
  PID:7976
- C:\Windows\System\oXWQyQW.exe
  C:\Windows\System\oXWQyQW.exe
  2⤵
  PID:8032
- C:\Windows\System\DXOctrV.exe
  C:\Windows\System\DXOctrV.exe
  2⤵
  PID:8092
- C:\Windows\System\MFYODMj.exe
  C:\Windows\System\MFYODMj.exe
  2⤵
  PID:8168
- C:\Windows\System\BbmCFdU.exe
  C:\Windows\System\BbmCFdU.exe
  2⤵
  PID:7272
- C:\Windows\System\iUNRXly.exe
  C:\Windows\System\iUNRXly.exe
  2⤵
  PID:7472
- C:\Windows\System\uxAoguo.exe
  C:\Windows\System\uxAoguo.exe
  2⤵
  PID:7600
- C:\Windows\System\qQOMMZK.exe
  C:\Windows\System\qQOMMZK.exe
  2⤵
  PID:7756
- C:\Windows\System\RuubFMf.exe
  C:\Windows\System\RuubFMf.exe
  2⤵
  PID:7952
- C:\Windows\System\RuEerua.exe
  C:\Windows\System\RuEerua.exe
  2⤵
  PID:8080
- C:\Windows\System\ssGVUsg.exe
  C:\Windows\System\ssGVUsg.exe
  2⤵
  PID:7240
- C:\Windows\System\CveVjXh.exe
  C:\Windows\System\CveVjXh.exe
  2⤵
  PID:7696
- C:\Windows\System\LwcuBjk.exe
  C:\Windows\System\LwcuBjk.exe
  2⤵
  PID:8024
- C:\Windows\System\UhADXlM.exe
  C:\Windows\System\UhADXlM.exe
  2⤵
  PID:7556
- C:\Windows\System\ztJblog.exe
  C:\Windows\System\ztJblog.exe
  2⤵
  PID:8008
- C:\Windows\System\NgjZLqg.exe
  C:\Windows\System\NgjZLqg.exe
  2⤵
  PID:8212
- C:\Windows\System\myxkGrV.exe
  C:\Windows\System\myxkGrV.exe
  2⤵
  PID:8240
- C:\Windows\System\nHfqdVJ.exe
  C:\Windows\System\nHfqdVJ.exe
  2⤵
  PID:8268
- C:\Windows\System\iOBQtxj.exe
  C:\Windows\System\iOBQtxj.exe
  2⤵
  PID:8296
- C:\Windows\System\aamJyIt.exe
  C:\Windows\System\aamJyIt.exe
  2⤵
  PID:8324
- C:\Windows\System\DlDTunL.exe
  C:\Windows\System\DlDTunL.exe
  2⤵
  PID:8340
- C:\Windows\System\yJsvbWx.exe
  C:\Windows\System\yJsvbWx.exe
  2⤵
  PID:8356
- C:\Windows\System\uuzxwMN.exe
  C:\Windows\System\uuzxwMN.exe
  2⤵
  PID:8380
- C:\Windows\System\AKtQfeN.exe
  C:\Windows\System\AKtQfeN.exe
  2⤵
  PID:8400
- C:\Windows\System\iWWwqvk.exe
  C:\Windows\System\iWWwqvk.exe
  2⤵
  PID:8420
- C:\Windows\System\ANvhuSk.exe
  C:\Windows\System\ANvhuSk.exe
  2⤵
  PID:8452
- C:\Windows\System\ZqtqgsR.exe
  C:\Windows\System\ZqtqgsR.exe
  2⤵
  PID:8488
- C:\Windows\System\JQBYcRM.exe
  C:\Windows\System\JQBYcRM.exe
  2⤵
  PID:8528
- C:\Windows\System\wfOeTPB.exe
  C:\Windows\System\wfOeTPB.exe
  2⤵
  PID:8560
- C:\Windows\System\hRIvqhY.exe
  C:\Windows\System\hRIvqhY.exe
  2⤵
  PID:8592
- C:\Windows\System\ghRVmAO.exe
  C:\Windows\System\ghRVmAO.exe
  2⤵
  PID:8632
- C:\Windows\System\NWTdGFo.exe
  C:\Windows\System\NWTdGFo.exe
  2⤵
  PID:8660
- C:\Windows\System\CledGys.exe
  C:\Windows\System\CledGys.exe
  2⤵
  PID:8688
- C:\Windows\System\eOVXBQg.exe
  C:\Windows\System\eOVXBQg.exe
  2⤵
  PID:8716
- C:\Windows\System\JgbGtiy.exe
  C:\Windows\System\JgbGtiy.exe
  2⤵
  PID:8740
- C:\Windows\System\SkPosvi.exe
  C:\Windows\System\SkPosvi.exe
  2⤵
  PID:8768
- C:\Windows\System\HqFyWoU.exe
  C:\Windows\System\HqFyWoU.exe
  2⤵
  PID:8796
- C:\Windows\System\lBcYDWJ.exe
  C:\Windows\System\lBcYDWJ.exe
  2⤵
  PID:8816
- C:\Windows\System\QppatwL.exe
  C:\Windows\System\QppatwL.exe
  2⤵
  PID:8856
- C:\Windows\System\AdUYMAa.exe
  C:\Windows\System\AdUYMAa.exe
  2⤵
  PID:8888
- C:\Windows\System\ipGfdsQ.exe
  C:\Windows\System\ipGfdsQ.exe
  2⤵
  PID:8916
- C:\Windows\System\JPvqGbb.exe
  C:\Windows\System\JPvqGbb.exe
  2⤵
  PID:8944
- C:\Windows\System\tCvvsWc.exe
  C:\Windows\System\tCvvsWc.exe
  2⤵
  PID:8972
- C:\Windows\System\HVobPUK.exe
  C:\Windows\System\HVobPUK.exe
  2⤵
  PID:8992
- C:\Windows\System\CqYKhvc.exe
  C:\Windows\System\CqYKhvc.exe
  2⤵
  PID:9032
- C:\Windows\System\GMbsjnx.exe
  C:\Windows\System\GMbsjnx.exe
  2⤵
  PID:9060
- C:\Windows\System\izRWUHg.exe
  C:\Windows\System\izRWUHg.exe
  2⤵
  PID:9088
- C:\Windows\System\iNakYCI.exe
  C:\Windows\System\iNakYCI.exe
  2⤵
  PID:9116
- C:\Windows\System\sKJNvkz.exe
  C:\Windows\System\sKJNvkz.exe
  2⤵
  PID:9144
- C:\Windows\System\TRlfLrJ.exe
  C:\Windows\System\TRlfLrJ.exe
  2⤵
  PID:9172
- C:\Windows\System\kirZlfM.exe
  C:\Windows\System\kirZlfM.exe
  2⤵
  PID:9200
- C:\Windows\System\PgmLYlt.exe
  C:\Windows\System\PgmLYlt.exe
  2⤵
  PID:8228
- C:\Windows\System\zNyoFGF.exe
  C:\Windows\System\zNyoFGF.exe
  2⤵
  PID:8288
- C:\Windows\System\nDdIqXV.exe
  C:\Windows\System\nDdIqXV.exe
  2⤵
  PID:8372
- C:\Windows\System\erCUciw.exe
  C:\Windows\System\erCUciw.exe
  2⤵
  PID:8408
- C:\Windows\System\BhGpOyX.exe
  C:\Windows\System\BhGpOyX.exe
  2⤵
  PID:8436
- C:\Windows\System\RWXushF.exe
  C:\Windows\System\RWXushF.exe
  2⤵
  PID:8552
- C:\Windows\System\pSTkBtZ.exe
  C:\Windows\System\pSTkBtZ.exe
  2⤵
  PID:8588
- C:\Windows\System\nCJKGgf.exe
  C:\Windows\System\nCJKGgf.exe
  2⤵
  PID:8656
- C:\Windows\System\KkWlvfy.exe
  C:\Windows\System\KkWlvfy.exe
  2⤵
  PID:8724
- C:\Windows\System\axHheKv.exe
  C:\Windows\System\axHheKv.exe
  2⤵
  PID:8812
- C:\Windows\System\DCmUFme.exe
  C:\Windows\System\DCmUFme.exe
  2⤵
  PID:8880
- C:\Windows\System\dRTbbdK.exe
  C:\Windows\System\dRTbbdK.exe
  2⤵
  PID:8900
- C:\Windows\System\bWpWNsl.exe
  C:\Windows\System\bWpWNsl.exe
  2⤵
  PID:8980
- C:\Windows\System\IzhBEZI.exe
  C:\Windows\System\IzhBEZI.exe
  2⤵
  PID:9048
- C:\Windows\System\RrcrdBi.exe
  C:\Windows\System\RrcrdBi.exe
  2⤵
  PID:9076
- C:\Windows\System\DCytstS.exe
  C:\Windows\System\DCytstS.exe
  2⤵
  PID:9156
- C:\Windows\System\cjXsrUd.exe
  C:\Windows\System\cjXsrUd.exe
  2⤵
  PID:8252
- C:\Windows\System\LgJZAYc.exe
  C:\Windows\System\LgJZAYc.exe
  2⤵
  PID:8348
- C:\Windows\System\dxMYycD.exe
  C:\Windows\System\dxMYycD.exe
  2⤵
  PID:8556
- C:\Windows\System\SNMzHlC.exe
  C:\Windows\System\SNMzHlC.exe
  2⤵
  PID:8732
- C:\Windows\System\qIEBxfx.exe
  C:\Windows\System\qIEBxfx.exe
  2⤵
  PID:8912
- C:\Windows\System\DRmxqxS.exe
  C:\Windows\System\DRmxqxS.exe
  2⤵
  PID:9016
- C:\Windows\System\jFGRvmF.exe
  C:\Windows\System\jFGRvmF.exe
  2⤵
  PID:9192
- C:\Windows\System\HgdUDXW.exe
  C:\Windows\System\HgdUDXW.exe
  2⤵
  PID:8352
- C:\Windows\System\vGwKpiI.exe
  C:\Windows\System\vGwKpiI.exe
  2⤵
  PID:8752
- C:\Windows\System\ctnCIym.exe
  C:\Windows\System\ctnCIym.exe
  2⤵
  PID:9072
- C:\Windows\System\wxsHWeV.exe
  C:\Windows\System\wxsHWeV.exe
  2⤵
  PID:7664
- C:\Windows\System\gQQvBsO.exe
  C:\Windows\System\gQQvBsO.exe
  2⤵
  PID:9220
- C:\Windows\System\SfhLgOe.exe
  C:\Windows\System\SfhLgOe.exe
  2⤵
  PID:9248
- C:\Windows\System\vwBduzr.exe
  C:\Windows\System\vwBduzr.exe
  2⤵
  PID:9276
- C:\Windows\System\tDZrnxX.exe
  C:\Windows\System\tDZrnxX.exe
  2⤵
  PID:9312
- C:\Windows\System\cRuwrWi.exe
  C:\Windows\System\cRuwrWi.exe
  2⤵
  PID:9328
- C:\Windows\System\hzecgNt.exe
  C:\Windows\System\hzecgNt.exe
  2⤵
  PID:9360
- C:\Windows\System\XvgJkKe.exe
  C:\Windows\System\XvgJkKe.exe
  2⤵
  PID:9396
- C:\Windows\System\VlNfROB.exe
  C:\Windows\System\VlNfROB.exe
  2⤵
  PID:9424
- C:\Windows\System\sOGFfBx.exe
  C:\Windows\System\sOGFfBx.exe
  2⤵
  PID:9440
- C:\Windows\System\SLcdGkO.exe
  C:\Windows\System\SLcdGkO.exe
  2⤵
  PID:9464
- C:\Windows\System\CyuCapp.exe
  C:\Windows\System\CyuCapp.exe
  2⤵
  PID:9488
- C:\Windows\System\YtSXZIZ.exe
  C:\Windows\System\YtSXZIZ.exe
  2⤵
  PID:9524
- C:\Windows\System\ZJwXttw.exe
  C:\Windows\System\ZJwXttw.exe
  2⤵
  PID:9564
- C:\Windows\System\zQrBnog.exe
  C:\Windows\System\zQrBnog.exe
  2⤵
  PID:9580
- C:\Windows\System\diPZySW.exe
  C:\Windows\System\diPZySW.exe
  2⤵
  PID:9608
- C:\Windows\System\ZpcaVmM.exe
  C:\Windows\System\ZpcaVmM.exe
  2⤵
  PID:9636
- C:\Windows\System\OeFNVte.exe
  C:\Windows\System\OeFNVte.exe
  2⤵
  PID:9660
- C:\Windows\System\aguVxcX.exe
  C:\Windows\System\aguVxcX.exe
  2⤵
  PID:9700
- C:\Windows\System\GGcUuUE.exe
  C:\Windows\System\GGcUuUE.exe
  2⤵
  PID:9720
- C:\Windows\System\oTGQusR.exe
  C:\Windows\System\oTGQusR.exe
  2⤵
  PID:9752
- C:\Windows\System\rZAbwgp.exe
  C:\Windows\System\rZAbwgp.exe
  2⤵
  PID:9788
- C:\Windows\System\NtOtaqW.exe
  C:\Windows\System\NtOtaqW.exe
  2⤵
  PID:9816
- C:\Windows\System\fyalQsf.exe
  C:\Windows\System\fyalQsf.exe
  2⤵
  PID:9848
- C:\Windows\System\kCqfbHt.exe
  C:\Windows\System\kCqfbHt.exe
  2⤵
  PID:9876
- C:\Windows\System\MGoSVdw.exe
  C:\Windows\System\MGoSVdw.exe
  2⤵
  PID:9892
- C:\Windows\System\rBHGxzo.exe
  C:\Windows\System\rBHGxzo.exe
  2⤵
  PID:9928
- C:\Windows\System\SqSDJVJ.exe
  C:\Windows\System\SqSDJVJ.exe
  2⤵
  PID:9960
- C:\Windows\System\iqRCWjA.exe
  C:\Windows\System\iqRCWjA.exe
  2⤵
  PID:9976
- C:\Windows\System\EvZNhki.exe
  C:\Windows\System\EvZNhki.exe
  2⤵
  PID:10004
- C:\Windows\System\lUwmBVM.exe
  C:\Windows\System\lUwmBVM.exe
  2⤵
  PID:10032
- C:\Windows\System\MtzcikG.exe
  C:\Windows\System\MtzcikG.exe
  2⤵
  PID:10064
- C:\Windows\System\gyIIlID.exe
  C:\Windows\System\gyIIlID.exe
  2⤵
  PID:10088
- C:\Windows\System\tYVlXPf.exe
  C:\Windows\System\tYVlXPf.exe
  2⤵
  PID:10104
- C:\Windows\System\LhPsvdC.exe
  C:\Windows\System\LhPsvdC.exe
  2⤵
  PID:10136
- C:\Windows\System\EMzmwyA.exe
  C:\Windows\System\EMzmwyA.exe
  2⤵
  PID:10168
- C:\Windows\System\qyLmCeP.exe
  C:\Windows\System\qyLmCeP.exe
  2⤵
  PID:10200
- C:\Windows\System\Noytzsd.exe
  C:\Windows\System\Noytzsd.exe
  2⤵
  PID:10228
- C:\Windows\System\frbIpZG.exe
  C:\Windows\System\frbIpZG.exe
  2⤵
  PID:9264
- C:\Windows\System\WSlubCG.exe
  C:\Windows\System\WSlubCG.exe
  2⤵
  PID:9340
- C:\Windows\System\yYZJNhI.exe
  C:\Windows\System\yYZJNhI.exe
  2⤵
  PID:9416
- C:\Windows\System\RYXBopA.exe
  C:\Windows\System\RYXBopA.exe
  2⤵
  PID:9500
- C:\Windows\System\aZHmhUj.exe
  C:\Windows\System\aZHmhUj.exe
  2⤵
  PID:9548
- C:\Windows\System\vRwMvfH.exe
  C:\Windows\System\vRwMvfH.exe
  2⤵
  PID:9596
- C:\Windows\System\INgmUQo.exe
  C:\Windows\System\INgmUQo.exe
  2⤵
  PID:9716
- C:\Windows\System\ojnONYC.exe
  C:\Windows\System\ojnONYC.exe
  2⤵
  PID:9780
- C:\Windows\System\sETzfst.exe
  C:\Windows\System\sETzfst.exe
  2⤵
  PID:9860
- C:\Windows\System\YePvbMp.exe
  C:\Windows\System\YePvbMp.exe
  2⤵
  PID:9948
- C:\Windows\System\Itvfjeb.exe
  C:\Windows\System\Itvfjeb.exe
  2⤵
  PID:9988
- C:\Windows\System\dAweoxr.exe
  C:\Windows\System\dAweoxr.exe
  2⤵
  PID:10076
- C:\Windows\System\CJCMuRk.exe
  C:\Windows\System\CJCMuRk.exe
  2⤵
  PID:10132
- C:\Windows\System\LRipAJb.exe
  C:\Windows\System\LRipAJb.exe
  2⤵
  PID:10216
- C:\Windows\System\AKwvccI.exe
  C:\Windows\System\AKwvccI.exe
  2⤵
  PID:9320
- C:\Windows\System\AbYyYor.exe
  C:\Windows\System\AbYyYor.exe
  2⤵
  PID:9436
- C:\Windows\System\EOzYtOe.exe
  C:\Windows\System\EOzYtOe.exe
  2⤵
  PID:9556
- C:\Windows\System\xcrbzlq.exe
  C:\Windows\System\xcrbzlq.exe
  2⤵
  PID:9740
- C:\Windows\System\IGIQeeS.exe
  C:\Windows\System\IGIQeeS.exe
  2⤵
  PID:9904
- C:\Windows\System\pfefIfi.exe
  C:\Windows\System\pfefIfi.exe
  2⤵
  PID:10160
- C:\Windows\System\wXtnljR.exe
  C:\Windows\System\wXtnljR.exe
  2⤵
  PID:9236
- C:\Windows\System\xAuNNdI.exe
  C:\Windows\System\xAuNNdI.exe
  2⤵
  PID:10016
- C:\Windows\System\OyykTiZ.exe
  C:\Windows\System\OyykTiZ.exe
  2⤵
  PID:10268
- C:\Windows\System\wDLoSrF.exe
  C:\Windows\System\wDLoSrF.exe
  2⤵
  PID:10304
- C:\Windows\System\ppOOkhe.exe
  C:\Windows\System\ppOOkhe.exe
  2⤵
  PID:10320
- C:\Windows\System\DBsizSB.exe
  C:\Windows\System\DBsizSB.exe
  2⤵
  PID:10340
- C:\Windows\System\nLeyXnE.exe
  C:\Windows\System\nLeyXnE.exe
  2⤵
  PID:10360
- C:\Windows\System\gXEMTXL.exe
  C:\Windows\System\gXEMTXL.exe
  2⤵
  PID:10388
- C:\Windows\System\bwygJrc.exe
  C:\Windows\System\bwygJrc.exe
  2⤵
  PID:10416
- C:\Windows\System\jXWAoKP.exe
  C:\Windows\System\jXWAoKP.exe
  2⤵
  PID:10460
- C:\Windows\System\NaOxnuy.exe
  C:\Windows\System\NaOxnuy.exe
  2⤵
  PID:10484
- C:\Windows\System\DjywZRC.exe
  C:\Windows\System\DjywZRC.exe
  2⤵
  PID:10532
- C:\Windows\System\DAvMEpo.exe
  C:\Windows\System\DAvMEpo.exe
  2⤵
  PID:10556
- C:\Windows\System\IwwHyGt.exe
  C:\Windows\System\IwwHyGt.exe
  2⤵
  PID:10580
- C:\Windows\System\XrLthiW.exe
  C:\Windows\System\XrLthiW.exe
  2⤵
  PID:10620
- C:\Windows\System\jHNzbtx.exe
  C:\Windows\System\jHNzbtx.exe
  2⤵
  PID:10652
- C:\Windows\System\OvaxByc.exe
  C:\Windows\System\OvaxByc.exe
  2⤵
  PID:10672
- C:\Windows\System\uksDLeQ.exe
  C:\Windows\System\uksDLeQ.exe
  2⤵
  PID:10700
- C:\Windows\System\evIqnQT.exe
  C:\Windows\System\evIqnQT.exe
  2⤵
  PID:10724
- C:\Windows\System\fwGBGTw.exe
  C:\Windows\System\fwGBGTw.exe
  2⤵
  PID:10760
- C:\Windows\System\VNmoPaO.exe
  C:\Windows\System\VNmoPaO.exe
  2⤵
  PID:10792
- C:\Windows\System\bQfhtmQ.exe
  C:\Windows\System\bQfhtmQ.exe
  2⤵
  PID:10816
- C:\Windows\System\QHdTHNj.exe
  C:\Windows\System\QHdTHNj.exe
  2⤵
  PID:10844
- C:\Windows\System\tAuvdZF.exe
  C:\Windows\System\tAuvdZF.exe
  2⤵
  PID:10888
- C:\Windows\System\GFDgMna.exe
  C:\Windows\System\GFDgMna.exe
  2⤵
  PID:10912
- C:\Windows\System\ZBrIrlL.exe
  C:\Windows\System\ZBrIrlL.exe
  2⤵
  PID:10940
- C:\Windows\System\oAxqXVL.exe
  C:\Windows\System\oAxqXVL.exe
  2⤵
  PID:10968
- C:\Windows\System\HiMJXYp.exe
  C:\Windows\System\HiMJXYp.exe
  2⤵
  PID:10996
- C:\Windows\System\HDyMjtM.exe
  C:\Windows\System\HDyMjtM.exe
  2⤵
  PID:11032
- C:\Windows\System\pmVgXVO.exe
  C:\Windows\System\pmVgXVO.exe
  2⤵
  PID:11052
- C:\Windows\System\HxUFcyY.exe
  C:\Windows\System\HxUFcyY.exe
  2⤵
  PID:11068
- C:\Windows\System\PMnnfNo.exe
  C:\Windows\System\PMnnfNo.exe
  2⤵
  PID:11088
- C:\Windows\System\THFoFDa.exe
  C:\Windows\System\THFoFDa.exe
  2⤵
  PID:11108
- C:\Windows\System\BQaiytA.exe
  C:\Windows\System\BQaiytA.exe
  2⤵
  PID:11140
- C:\Windows\System\UPfVuse.exe
  C:\Windows\System\UPfVuse.exe
  2⤵
  PID:11164
- C:\Windows\System\aoGDmeB.exe
  C:\Windows\System\aoGDmeB.exe
  2⤵
  PID:11192
- C:\Windows\System\GdxWxpy.exe
  C:\Windows\System\GdxWxpy.exe
  2⤵
  PID:11216
- C:\Windows\System\kHEKnrK.exe
  C:\Windows\System\kHEKnrK.exe
  2⤵
  PID:11252
- C:\Windows\System\hKSmVUQ.exe
  C:\Windows\System\hKSmVUQ.exe
  2⤵
  PID:10184
- C:\Windows\System\DWdJjFZ.exe
  C:\Windows\System\DWdJjFZ.exe
  2⤵
  PID:10352
- C:\Windows\System\aovjtMo.exe
  C:\Windows\System\aovjtMo.exe
  2⤵
  PID:10412
- C:\Windows\System\MAmCeXz.exe
  C:\Windows\System\MAmCeXz.exe
  2⤵
  PID:10376
- C:\Windows\System\DrPaQpK.exe
  C:\Windows\System\DrPaQpK.exe
  2⤵
  PID:10516
- C:\Windows\System\niUpdnH.exe
  C:\Windows\System\niUpdnH.exe
  2⤵
  PID:10592
- C:\Windows\System\fjkQgcG.exe
  C:\Windows\System\fjkQgcG.exe
  2⤵
  PID:10684
- C:\Windows\System\KLmrEKT.exe
  C:\Windows\System\KLmrEKT.exe
  2⤵
  PID:10776
- C:\Windows\System\MKNgmqp.exe
  C:\Windows\System\MKNgmqp.exe
  2⤵
  PID:10840
- C:\Windows\System\TBdhRSq.exe
  C:\Windows\System\TBdhRSq.exe
  2⤵
  PID:10952
- C:\Windows\System\skDvoLD.exe
  C:\Windows\System\skDvoLD.exe
  2⤵
  PID:10948
- C:\Windows\System\UiufDvX.exe
  C:\Windows\System\UiufDvX.exe
  2⤵
  PID:11028
- C:\Windows\System\oPLdzNM.exe
  C:\Windows\System\oPLdzNM.exe
  2⤵
  PID:11048
- C:\Windows\System\XQJqAhn.exe
  C:\Windows\System\XQJqAhn.exe
  2⤵
  PID:11184
- C:\Windows\System\KuwTgzn.exe
  C:\Windows\System\KuwTgzn.exe
  2⤵
  PID:11188
- C:\Windows\System\TVjBkqI.exe
  C:\Windows\System\TVjBkqI.exe
  2⤵
  PID:10332
- C:\Windows\System\hConEBw.exe
  C:\Windows\System\hConEBw.exe
  2⤵
  PID:10576
- C:\Windows\System\FdlrXdr.exe
  C:\Windows\System\FdlrXdr.exe
  2⤵
  PID:10564
- C:\Windows\System\aAzhLrI.exe
  C:\Windows\System\aAzhLrI.exe
  2⤵
  PID:10752
- C:\Windows\System\SpTqysS.exe
  C:\Windows\System\SpTqysS.exe
  2⤵
  PID:10908
- C:\Windows\System\oNmuDoe.exe
  C:\Windows\System\oNmuDoe.exe
  2⤵
  PID:11116
- C:\Windows\System\WzSrWMR.exe
  C:\Windows\System\WzSrWMR.exe
  2⤵
  PID:11148
- C:\Windows\System\EPAGQoe.exe
  C:\Windows\System\EPAGQoe.exe
  2⤵
  PID:11236
- C:\Windows\System\yroGdqQ.exe
  C:\Windows\System\yroGdqQ.exe
  2⤵
  PID:10692
- C:\Windows\System\PyNmUDU.exe
  C:\Windows\System\PyNmUDU.exe
  2⤵
  PID:11080
- C:\Windows\System\FGcSSQF.exe
  C:\Windows\System\FGcSSQF.exe
  2⤵
  PID:11228
- C:\Windows\System\jdQJYna.exe
  C:\Windows\System\jdQJYna.exe
  2⤵
  PID:11288
- C:\Windows\System\uhPjhEM.exe
  C:\Windows\System\uhPjhEM.exe
  2⤵
  PID:11312
- C:\Windows\System\TTMIKQF.exe
  C:\Windows\System\TTMIKQF.exe
  2⤵
  PID:11332
- C:\Windows\System\GhzAcwA.exe
  C:\Windows\System\GhzAcwA.exe
  2⤵
  PID:11352
- C:\Windows\System\pimDIeT.exe
  C:\Windows\System\pimDIeT.exe
  2⤵
  PID:11372
- C:\Windows\System\zRgaOTF.exe
  C:\Windows\System\zRgaOTF.exe
  2⤵
  PID:11404
- C:\Windows\System\exgjKzi.exe
  C:\Windows\System\exgjKzi.exe
  2⤵
  PID:11436
- C:\Windows\System\YQIUzuH.exe
  C:\Windows\System\YQIUzuH.exe
  2⤵
  PID:11480
- C:\Windows\System\rFpyhdX.exe
  C:\Windows\System\rFpyhdX.exe
  2⤵
  PID:11508
- C:\Windows\System\XkfJrZm.exe
  C:\Windows\System\XkfJrZm.exe
  2⤵
  PID:11548
- C:\Windows\System\jclaEYV.exe
  C:\Windows\System\jclaEYV.exe
  2⤵
  PID:11568
- C:\Windows\System\YgtYbUa.exe
  C:\Windows\System\YgtYbUa.exe
  2⤵
  PID:11608
- C:\Windows\System\grlPanR.exe
  C:\Windows\System\grlPanR.exe
  2⤵
  PID:11632
- C:\Windows\System\TsGELiR.exe
  C:\Windows\System\TsGELiR.exe
  2⤵
  PID:11664
- C:\Windows\System\AxupnpD.exe
  C:\Windows\System\AxupnpD.exe
  2⤵
  PID:11684
- C:\Windows\System\dNVrJMG.exe
  C:\Windows\System\dNVrJMG.exe
  2⤵
  PID:11720
- C:\Windows\System\oZzikWf.exe
  C:\Windows\System\oZzikWf.exe
  2⤵
  PID:11744
- C:\Windows\System\NXmpiOG.exe
  C:\Windows\System\NXmpiOG.exe
  2⤵
  PID:11780
- C:\Windows\System\VZswaRl.exe
  C:\Windows\System\VZswaRl.exe
  2⤵
  PID:11804
- C:\Windows\System\DuHHOnl.exe
  C:\Windows\System\DuHHOnl.exe
  2⤵
  PID:11832
- C:\Windows\System\rfxpdcg.exe
  C:\Windows\System\rfxpdcg.exe
  2⤵
  PID:11868
- C:\Windows\System\DValHgz.exe
  C:\Windows\System\DValHgz.exe
  2⤵
  PID:11904
- C:\Windows\System\LqCLCgd.exe
  C:\Windows\System\LqCLCgd.exe
  2⤵
  PID:11928
- C:\Windows\System\CDrHfUa.exe
  C:\Windows\System\CDrHfUa.exe
  2⤵
  PID:11956
- C:\Windows\System\XCbkacO.exe
  C:\Windows\System\XCbkacO.exe
  2⤵
  PID:11980
- C:\Windows\System\ElyfCJI.exe
  C:\Windows\System\ElyfCJI.exe
  2⤵
  PID:12020
- C:\Windows\System\pUjoEMZ.exe
  C:\Windows\System\pUjoEMZ.exe
  2⤵
  PID:12052
- C:\Windows\System\payeyVB.exe
  C:\Windows\System\payeyVB.exe
  2⤵
  PID:12088
- C:\Windows\System\oejxdad.exe
  C:\Windows\System\oejxdad.exe
  2⤵
  PID:12108
- C:\Windows\System\ApLqRfa.exe
  C:\Windows\System\ApLqRfa.exe
  2⤵
  PID:12128
- C:\Windows\System\yceYPFh.exe
  C:\Windows\System\yceYPFh.exe
  2⤵
  PID:12152
- C:\Windows\System\ukLrmbK.exe
  C:\Windows\System\ukLrmbK.exe
  2⤵
  PID:12172
- C:\Windows\System\pRGmgbE.exe
  C:\Windows\System\pRGmgbE.exe
  2⤵
  PID:12200
- C:\Windows\System\grvINsp.exe
  C:\Windows\System\grvINsp.exe
  2⤵
  PID:12228
- C:\Windows\System\wvTwNDB.exe
  C:\Windows\System\wvTwNDB.exe
  2⤵
  PID:12260
- C:\Windows\System\pPRVGKN.exe
  C:\Windows\System\pPRVGKN.exe
  2⤵
  PID:9748
- C:\Windows\System\fuzFyga.exe
  C:\Windows\System\fuzFyga.exe
  2⤵
  PID:11308
- C:\Windows\System\RInUPiW.exe
  C:\Windows\System\RInUPiW.exe
  2⤵
  PID:11348
- C:\Windows\System\CbkuyoH.exe
  C:\Windows\System\CbkuyoH.exe
  2⤵
  PID:11360
- C:\Windows\System\JhRgtfK.exe
  C:\Windows\System\JhRgtfK.exe
  2⤵
  PID:11416
- C:\Windows\System\mbdnwBX.exe
  C:\Windows\System\mbdnwBX.exe
  2⤵
  PID:11544
- C:\Windows\System\gFhBOLV.exe
  C:\Windows\System\gFhBOLV.exe
  2⤵
  PID:11660
- C:\Windows\System\GCRuTCG.exe
  C:\Windows\System\GCRuTCG.exe
  2⤵
  PID:11716
- C:\Windows\System\zDwxKzi.exe
  C:\Windows\System\zDwxKzi.exe
  2⤵
  PID:11772
- C:\Windows\System\zEGWYKx.exe
  C:\Windows\System\zEGWYKx.exe
  2⤵
  PID:11848
- C:\Windows\System\DTxtaru.exe
  C:\Windows\System\DTxtaru.exe
  2⤵
  PID:11912
- C:\Windows\System\RdyxAzJ.exe
  C:\Windows\System\RdyxAzJ.exe
  2⤵
  PID:11976
- C:\Windows\System\BsfqPWH.exe
  C:\Windows\System\BsfqPWH.exe
  2⤵
  PID:12080
- C:\Windows\System\RvVIWjU.exe
  C:\Windows\System\RvVIWjU.exe
  2⤵
  PID:12116
- C:\Windows\System\RXshoDL.exe
  C:\Windows\System\RXshoDL.exe
  2⤵
  PID:12208
- C:\Windows\System\OtEnhGt.exe
  C:\Windows\System\OtEnhGt.exe
  2⤵
  PID:12252
- C:\Windows\System\vbtCGaX.exe
  C:\Windows\System\vbtCGaX.exe
  2⤵
  PID:10868
- C:\Windows\System\MAixryI.exe
  C:\Windows\System\MAixryI.exe
  2⤵
  PID:11420
- C:\Windows\System\XURXIiX.exe
  C:\Windows\System\XURXIiX.exe
  2⤵
  PID:11592
- C:\Windows\System\KDJudzH.exe
  C:\Windows\System\KDJudzH.exe
  2⤵
  PID:11652
- C:\Windows\System\JfuKQHp.exe
  C:\Windows\System\JfuKQHp.exe
  2⤵
  PID:11732
- C:\Windows\System\seGfbyc.exe
  C:\Windows\System\seGfbyc.exe
  2⤵
  PID:11916
- C:\Windows\System\tpMqKOK.exe
  C:\Windows\System\tpMqKOK.exe
  2⤵
  PID:12044
- C:\Windows\System\qWEehhU.exe
  C:\Windows\System\qWEehhU.exe
  2⤵
  PID:12224
- C:\Windows\System\DjlNddk.exe
  C:\Windows\System\DjlNddk.exe
  2⤵
  PID:11764
- C:\Windows\System\fcZiRyw.exe
  C:\Windows\System\fcZiRyw.exe
  2⤵
  PID:11172
- C:\Windows\System\AKLhbtK.exe
  C:\Windows\System\AKLhbtK.exe
  2⤵
  PID:11488
- C:\Windows\System\uOlbIws.exe
  C:\Windows\System\uOlbIws.exe
  2⤵
  PID:11564
- C:\Windows\System\PSSzadj.exe
  C:\Windows\System\PSSzadj.exe
  2⤵
  PID:12308
- C:\Windows\System\ruWPUwL.exe
  C:\Windows\System\ruWPUwL.exe
  2⤵
  PID:12332
- C:\Windows\System\ziwDjLD.exe
  C:\Windows\System\ziwDjLD.exe
  2⤵
  PID:12356
- C:\Windows\System\RXCzxfi.exe
  C:\Windows\System\RXCzxfi.exe
  2⤵
  PID:12384
- C:\Windows\System\CqKEiyI.exe
  C:\Windows\System\CqKEiyI.exe
  2⤵
  PID:12420
- C:\Windows\System\OAJnWjC.exe
  C:\Windows\System\OAJnWjC.exe
  2⤵
  PID:12456
- C:\Windows\System\RrneYFp.exe
  C:\Windows\System\RrneYFp.exe
  2⤵
  PID:12492
- C:\Windows\System\dVneeOy.exe
  C:\Windows\System\dVneeOy.exe
  2⤵
  PID:12508
- C:\Windows\System\kGVWALB.exe
  C:\Windows\System\kGVWALB.exe
  2⤵
  PID:12540
- C:\Windows\System\QlDEhVa.exe
  C:\Windows\System\QlDEhVa.exe
  2⤵
  PID:12588
- C:\Windows\System\fRkUEHr.exe
  C:\Windows\System\fRkUEHr.exe
  2⤵
  PID:12604
- C:\Windows\System\DdrQkbd.exe
  C:\Windows\System\DdrQkbd.exe
  2⤵
  PID:12624
- C:\Windows\System\jxHxgtD.exe
  C:\Windows\System\jxHxgtD.exe
  2⤵
  PID:12652
- C:\Windows\System\CfLcRhd.exe
  C:\Windows\System\CfLcRhd.exe
  2⤵
  PID:12684
- C:\Windows\System\nvnykIC.exe
  C:\Windows\System\nvnykIC.exe
  2⤵
  PID:12708
- C:\Windows\System\OENTufC.exe
  C:\Windows\System\OENTufC.exe
  2⤵
  PID:12732
- C:\Windows\System\jRuJMiO.exe
  C:\Windows\System\jRuJMiO.exe
  2⤵
  PID:12760
- C:\Windows\System\zPjvuLG.exe
  C:\Windows\System\zPjvuLG.exe
  2⤵
  PID:12788
- C:\Windows\System\IPEaKyO.exe
  C:\Windows\System\IPEaKyO.exe
  2⤵
  PID:12812
- C:\Windows\System\emLzHDs.exe
  C:\Windows\System\emLzHDs.exe
  2⤵
  PID:12840
- C:\Windows\System\UXvSGHm.exe
  C:\Windows\System\UXvSGHm.exe
  2⤵
  PID:12868
- C:\Windows\System\pOxkdsk.exe
  C:\Windows\System\pOxkdsk.exe
  2⤵
  PID:12888
- C:\Windows\System\wqIZZin.exe
  C:\Windows\System\wqIZZin.exe
  2⤵
  PID:12916
- C:\Windows\System\KxAAqGR.exe
  C:\Windows\System\KxAAqGR.exe
  2⤵
  PID:12952
- C:\Windows\System\srdRGSa.exe
  C:\Windows\System\srdRGSa.exe
  2⤵
  PID:12976
- C:\Windows\System\pClQAtL.exe
  C:\Windows\System\pClQAtL.exe
  2⤵
  PID:13016
- C:\Windows\System\uNeTehM.exe
  C:\Windows\System\uNeTehM.exe
  2⤵
  PID:13040
- C:\Windows\System\YvsuYbA.exe
  C:\Windows\System\YvsuYbA.exe
  2⤵
  PID:13072
- C:\Windows\System\YODjAaa.exe
  C:\Windows\System\YODjAaa.exe
  2⤵
  PID:13108
- C:\Windows\System\tyxgkzV.exe
  C:\Windows\System\tyxgkzV.exe
  2⤵
  PID:13132
- C:\Windows\System\pbgdXeb.exe
  C:\Windows\System\pbgdXeb.exe
  2⤵
  PID:13164
- C:\Windows\System\oxWOMvp.exe
  C:\Windows\System\oxWOMvp.exe
  2⤵
  PID:13184
- C:\Windows\System\RIINDtL.exe
  C:\Windows\System\RIINDtL.exe
  2⤵
  PID:13212
- C:\Windows\System\hqZUTec.exe
  C:\Windows\System\hqZUTec.exe
  2⤵
  PID:13236
- C:\Windows\System\jDVryCR.exe
  C:\Windows\System\jDVryCR.exe
  2⤵
  PID:13268
- C:\Windows\System\RrVgHyQ.exe
  C:\Windows\System\RrVgHyQ.exe
  2⤵
  PID:13292
- C:\Windows\System\JSwLOSt.exe
  C:\Windows\System\JSwLOSt.exe
  2⤵
  PID:12196
- C:\Windows\System\rQFmpHw.exe
  C:\Windows\System\rQFmpHw.exe
  2⤵
  PID:12320
- C:\Windows\System\ropuLXy.exe
  C:\Windows\System\ropuLXy.exe
  2⤵
  PID:12436
- C:\Windows\System\fhsMNGJ.exe
  C:\Windows\System\fhsMNGJ.exe
  2⤵
  PID:12452
- C:\Windows\System\SyehtcS.exe
  C:\Windows\System\SyehtcS.exe
  2⤵
  PID:12528
- C:\Windows\System\IwXTxjP.exe
  C:\Windows\System\IwXTxjP.exe
  2⤵
  PID:12532
- C:\Windows\System\QUZxQXq.exe
  C:\Windows\System\QUZxQXq.exe
  2⤵
  PID:12644
- C:\Windows\System\qVqFIQS.exe
  C:\Windows\System\qVqFIQS.exe
  2⤵
  PID:12780
- C:\Windows\System\JvqeUQt.exe
  C:\Windows\System\JvqeUQt.exe
  2⤵
  PID:12856
- C:\Windows\System\mnkVnUi.exe
  C:\Windows\System\mnkVnUi.exe
  2⤵
  PID:12884
- C:\Windows\System\bNXXqSd.exe
  C:\Windows\System\bNXXqSd.exe
  2⤵
  PID:12880
- C:\Windows\System\iFzogbP.exe
  C:\Windows\System\iFzogbP.exe
  2⤵
  PID:12988
- C:\Windows\System\zYqBkiv.exe
  C:\Windows\System\zYqBkiv.exe
  2⤵
  PID:13056
- C:\Windows\System\LAlFEkV.exe
  C:\Windows\System\LAlFEkV.exe
  2⤵
  PID:13144
- C:\Windows\System\uSTpzWs.exe
  C:\Windows\System\uSTpzWs.exe
  2⤵
  PID:13228
- C:\Windows\System\WFNamBH.exe
  C:\Windows\System\WFNamBH.exe
  2⤵
  PID:13256
- C:\Windows\System\hOwOEdB.exe
  C:\Windows\System\hOwOEdB.exe
  2⤵
  PID:12164
- C:\Windows\System\JAwCTgT.exe
  C:\Windows\System\JAwCTgT.exe
  2⤵
  PID:12296
- C:\Windows\System\BWyNsXO.exe
  C:\Windows\System\BWyNsXO.exe
  2⤵
  PID:12448
- C:\Windows\System\GVHHdoA.exe
  C:\Windows\System\GVHHdoA.exe
  2⤵
  PID:12584
- C:\Windows\System\MxpUaZj.exe
  C:\Windows\System\MxpUaZj.exe
  2⤵
  PID:12756
- C:\Windows\System\bsgVqCp.exe
  C:\Windows\System\bsgVqCp.exe
  2⤵
  PID:12820
- C:\Windows\System\jCbQTjG.exe
  C:\Windows\System\jCbQTjG.exe
  2⤵
  PID:13004
- C:\Windows\System\iboObzz.exe
  C:\Windows\System\iboObzz.exe
  2⤵
  PID:11604
- C:\Windows\System\FGAGPMv.exe
  C:\Windows\System\FGAGPMv.exe
  2⤵
  PID:13200
- C:\Windows\System\aziwraN.exe
  C:\Windows\System\aziwraN.exe
  2⤵
  PID:12408
- C:\Windows\System\TzJsZFN.exe
  C:\Windows\System\TzJsZFN.exe
  2⤵
  PID:13316
- C:\Windows\System\YrjeGPr.exe
  C:\Windows\System\YrjeGPr.exe
  2⤵
  PID:13348
- C:\Windows\System\qLpGQkj.exe
  C:\Windows\System\qLpGQkj.exe
  2⤵
  PID:13376
- C:\Windows\System\ubStPPk.exe
  C:\Windows\System\ubStPPk.exe
  2⤵
  PID:13400
- C:\Windows\System\YhSaTZQ.exe
  C:\Windows\System\YhSaTZQ.exe
  2⤵
  PID:13440
- C:\Windows\System\OjafQfY.exe
  C:\Windows\System\OjafQfY.exe
  2⤵
  PID:13460
- C:\Windows\System\zrfVAiY.exe
  C:\Windows\System\zrfVAiY.exe
  2⤵
  PID:13488
- C:\Windows\System\WLShSzk.exe
  C:\Windows\System\WLShSzk.exe
  2⤵
  PID:13512
- C:\Windows\System\EBhiywe.exe
  C:\Windows\System\EBhiywe.exe
  2⤵
  PID:13528
- C:\Windows\System\vRGoAIe.exe
  C:\Windows\System\vRGoAIe.exe
  2⤵
  PID:13556
- C:\Windows\System\npayqkG.exe
  C:\Windows\System\npayqkG.exe
  2⤵
  PID:13592
- C:\Windows\System\XwsmlFq.exe
  C:\Windows\System\XwsmlFq.exe
  2⤵
  PID:13616
- C:\Windows\System\GMzSbzz.exe
  C:\Windows\System\GMzSbzz.exe
  2⤵
  PID:13652
- C:\Windows\System\IOEKYTN.exe
  C:\Windows\System\IOEKYTN.exe
  2⤵
  PID:13668
- C:\Windows\System\nsLFJOw.exe
  C:\Windows\System\nsLFJOw.exe
  2⤵
  PID:13684
- C:\Windows\System\nUajSyI.exe
  C:\Windows\System\nUajSyI.exe
  2⤵
  PID:13716
- C:\Windows\System\dluoQYr.exe
  C:\Windows\System\dluoQYr.exe
  2⤵
  PID:13752
- C:\Windows\System\zpgHvxE.exe
  C:\Windows\System\zpgHvxE.exe
  2⤵
  PID:13780
- C:\Windows\System\otrulLB.exe
  C:\Windows\System\otrulLB.exe
  2⤵
  PID:13800
- C:\Windows\System\kVddQRO.exe
  C:\Windows\System\kVddQRO.exe
  2⤵
  PID:13832
- C:\Windows\System\eoblIIl.exe
  C:\Windows\System\eoblIIl.exe
  2⤵
  PID:13860
- C:\Windows\System\lqRxZrs.exe
  C:\Windows\System\lqRxZrs.exe
  2⤵
  PID:13884
- C:\Windows\System\znFsGdo.exe
  C:\Windows\System\znFsGdo.exe
  2⤵
  PID:13904
- C:\Windows\System\GWOyWky.exe
  C:\Windows\System\GWOyWky.exe
  2⤵
  PID:13932
- C:\Windows\System\PRgSXWr.exe
  C:\Windows\System\PRgSXWr.exe
  2⤵
  PID:13956
- C:\Windows\System\IqfENmo.exe
  C:\Windows\System\IqfENmo.exe
  2⤵
  PID:13976
- C:\Windows\System\ZpECLUw.exe
  C:\Windows\System\ZpECLUw.exe
  2⤵
  PID:13992
- C:\Windows\System\KUDEack.exe
  C:\Windows\System\KUDEack.exe
  2⤵
  PID:14024
- C:\Windows\System\pjymQjH.exe
  C:\Windows\System\pjymQjH.exe
  2⤵
  PID:14052
- C:\Windows\System\cdnEHAj.exe
  C:\Windows\System\cdnEHAj.exe
  2⤵
  PID:14080
- C:\Windows\System\NgHZGhP.exe
  C:\Windows\System\NgHZGhP.exe
  2⤵
  PID:14104
- C:\Windows\System\WjHKxXH.exe
  C:\Windows\System\WjHKxXH.exe
  2⤵
  PID:14132
- C:\Windows\System\nYXAgaY.exe
  C:\Windows\System\nYXAgaY.exe
  2⤵
  PID:14160
- C:\Windows\System\aDCaKgH.exe
  C:\Windows\System\aDCaKgH.exe
  2⤵
  PID:14184
- C:\Windows\System\TyeJVGX.exe
  C:\Windows\System\TyeJVGX.exe
  2⤵
  PID:14220
- C:\Windows\System\qqjCelA.exe
  C:\Windows\System\qqjCelA.exe
  2⤵
  PID:14248
- C:\Windows\System\eELIADM.exe
  C:\Windows\System\eELIADM.exe
  2⤵
  PID:14280
- C:\Windows\System\kyXcCKc.exe
  C:\Windows\System\kyXcCKc.exe
  2⤵
  PID:14304
- C:\Windows\System\vowRJYC.exe
  C:\Windows\System\vowRJYC.exe
  2⤵
  PID:12836
- C:\Windows\System\rkwZGwC.exe
  C:\Windows\System\rkwZGwC.exe
  2⤵
  PID:12700
- C:\Windows\System\ozyZrUP.exe
  C:\Windows\System\ozyZrUP.exe
  2⤵
  PID:13180
- C:\Windows\System\rxvtakl.exe
  C:\Windows\System\rxvtakl.exe
  2⤵
  PID:13732
- C:\Windows\System\LLIQzcM.exe
  C:\Windows\System\LLIQzcM.exe
  2⤵
  PID:13760
- C:\Windows\System\wNiffOz.exe
  C:\Windows\System\wNiffOz.exe
  2⤵
  PID:13600
- C:\Windows\System\DfGjkJN.exe
  C:\Windows\System\DfGjkJN.exe
  2⤵
  PID:13880
- C:\Windows\System\kjiFevq.exe
  C:\Windows\System\kjiFevq.exe
  2⤵
  PID:13872
- C:\Windows\System\EmgPUTR.exe
  C:\Windows\System\EmgPUTR.exe
  2⤵
  PID:13844
- C:\Windows\System\gyMvWMe.exe
  C:\Windows\System\gyMvWMe.exe
  2⤵
  PID:14004
- C:\Windows\System\UrwpCSA.exe
  C:\Windows\System\UrwpCSA.exe
  2⤵
  PID:14116
- C:\Windows\System\bKpZCRA.exe
  C:\Windows\System\bKpZCRA.exe
  2⤵
  PID:14072
- C:\Windows\System\cpGbxll.exe
  C:\Windows\System\cpGbxll.exe
  2⤵
  PID:14092
- C:\Windows\System\SZZGWLk.exe
  C:\Windows\System\SZZGWLk.exe
  2⤵
  PID:14228
- C:\Windows\System\CNmCEIJ.exe
  C:\Windows\System\CNmCEIJ.exe
  2⤵
  PID:14316
- C:\Windows\System\zRgRHhc.exe
  C:\Windows\System\zRgRHhc.exe
  2⤵
  PID:13392
- C:\Windows\System\FnZSZyD.exe
  C:\Windows\System\FnZSZyD.exe
  2⤵
  PID:13412
- C:\Windows\System\yZDUded.exe
  C:\Windows\System\yZDUded.exe
  2⤵
  PID:13580
- C:\Windows\System\pHlHDBD.exe
  C:\Windows\System\pHlHDBD.exe
  2⤵
  PID:2564
- C:\Windows\System\qNSNKpo.exe
  C:\Windows\System\qNSNKpo.exe
  2⤵
  PID:13824
- C:\Windows\System\ztcnSWe.exe
  C:\Windows\System\ztcnSWe.exe
  2⤵
  PID:13972
- C:\Windows\System\oQZjKTz.exe
  C:\Windows\System\oQZjKTz.exe
  2⤵
  PID:13968
- C:\Windows\System\ttFjCDY.exe
  C:\Windows\System\ttFjCDY.exe
  2⤵
  PID:14272
- C:\Windows\System\zWuKUar.exe
  C:\Windows\System\zWuKUar.exe
  2⤵
  PID:13664
- C:\Windows\System\MYBAozr.exe
  C:\Windows\System\MYBAozr.exe
  2⤵
  PID:14192
- C:\Windows\System\xOhhnBs.exe
  C:\Windows\System\xOhhnBs.exe
  2⤵
  PID:14088

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AOFUIDT.exe

Filesize
1.9MB

MD5
38e0baf11d7a06bcd9b16e52a24ed9a2

SHA1
321b9b9c79dd6f727b2198de5b5ed477c81439c5

SHA256
08447be3307723d4fdb4bd1ba319e9184adcf309a0a1c2d83aae0aa427d2aba1

SHA512
32d3b7fc70529b8dc40715fb7076d390d48d54428efc38490c10342be394db35bde5dff031088bade17e9a82031bba25f3600269bba7351f7750b46f512052ee

Download Submit
C:\Windows\System\BlWLgFn.exe

Filesize
1.9MB

MD5
85ca01c3ada3a3a4a8c7f9727ddcd59a

SHA1
63bc2c2b52b6cc3a506df182ecd0b49610180918

SHA256
69a150d00b46d9785da198353de9d8b2feb16eb09be53b6d4e732f088e0b324b

SHA512
4579744eabee5a64443baabc5a99388ff5f6e56261f7600bc377d78c079b25bf106d11f7efc87a0afacfebf17e14d1dfd80398f88a850fc07bbcea36fcc37d39

Download Submit
C:\Windows\System\DamQYgM.exe

Filesize
1.9MB

MD5
4f41e2a08ce92c33081a0420041cffd5

SHA1
32f68a498563f14b1f4a5196119f0a0a37f0ba7f

SHA256
2039105e9842801175ec3d83edea87f38117e2583488af1fcb39d7908e5c4a85

SHA512
8faa9e5fc2367cde78638c2d397369b94aae58022157a2ef8cf7bec1b34f134698ab066ff507ca7c4003f687610a34c8ff9b86d80be93c28d92b06d1064c508e

Download Submit
C:\Windows\System\DlYJyNl.exe

Filesize
1.9MB

MD5
6a3e54c9c47f725f1115cdebe9fc3ea6

SHA1
c9e208b144e9be60d2c5a56377edad548f643a2b

SHA256
7642982827e93bc548367f5708733c387ff1f44b0fe1264134ab4b783a2d88bb

SHA512
bd651588c9d56d6486cf12ef444ea9f66e138eb777c374a5fbcd36db727429a392b5ac3c0e22311dfa300f83198adbf2d8c1c1a77bcc7a3f66945026a7338d9c

Download Submit
C:\Windows\System\JQWmdSW.exe

Filesize
1.9MB

MD5
00cc5e242827b4dc7e2d8963ff7774fd

SHA1
f4fec2ac89d02e60b3d1e90c54aea27e860cb20c

SHA256
5cd7d352893e38f2e4353667e19a176f0342cc163f4cacf831767335a9778139

SHA512
4d527638cd2097023855c23d696ee6e9804dc8e2a0db440b57da6bc0f1bd1b85337faca442c2e81c20673a66bc3cd0f9efdf4e75f6623b6dfb44478892e48153

Download Submit
C:\Windows\System\KWuueZe.exe

Filesize
1.9MB

MD5
7dd09b5fd848e500454c04fbdac84d66

SHA1
75e882965a8c03aea89bf496eaa640227b15623c

SHA256
d7e6ac1791e319dd574321a5c4f8537e21e07c6839a4cfde8b1ea3967dd104e1

SHA512
27251b2d1425f92128f36e8f5fc79c87f42a88aac9b4c1e203d7e392b1922ed914abc212211115c2c520133a2d2f21a7a3d5aa24182580a6de580f21764c3a2d

Download Submit
C:\Windows\System\QmmlmBw.exe

Filesize
1.9MB

MD5
0ea2bcd2d272a86d52a63deaa3d9d7ce

SHA1
9094306030a54921564d0315d2ac9335a29111c3

SHA256
4b7266e78ee5ff3a5b5319a5ab52883821733ae89a1d82db8b0a31ca3d9220a5

SHA512
cbfc74611d38861fee8cf7deca8adc61e9f98c2142f084089b9523877a289bdf65a738a8583fb37422300dee8165846476ff00977ffcc0785902ec8313b72b96

Download Submit
C:\Windows\System\SoyaxLd.exe

Filesize
1.9MB

MD5
938ef246bedf576a46b5b08d60c08dc9

SHA1
2a1715f3f9a06d06530b33e0da9a553191ab1524

SHA256
f708a9b2181650f5c80860204b939a3a928ad703d1845be7704883e90b3767fb

SHA512
2448a54eb34a4e1e4778bfa784900bc28d3adadf35ecf3987ea5d79019ce253d5e2b2c10a7ec9d6ff275bd5e67cd1d746699e404cef44af0d398d4cc9ac943cc

Download Submit
C:\Windows\System\TeZmwIU.exe

Filesize
1.9MB

MD5
9c69f906a5f37c0666988b50a0d8f37e

SHA1
43c10eac7677d01e3ec47f140b9b9a2992947a24

SHA256
ebcd59076625943b11ed81476223af9a5fe7bb3440c77b50165af470ba0a1045

SHA512
e2677ecac0c102084f3c5540c100af99a3ab44fac9bfba53e40cd2b1de4a5372e159d27b114e747ee311717ac75642ffad9730dfeadf83ba84999e79267116ee

Download Submit
C:\Windows\System\VkftJWE.exe

Filesize
1.9MB

MD5
756f8f0eaed9c0edd53be9b5751e48be

SHA1
b0f230f7b9086d8589b0b1304aff1b6acb371b64

SHA256
f840599291400443e37a7248f456e1b1fc9129279bcb44fd438fd8c32ff7ea9d

SHA512
2b06b95cb739a53dc0c91d688f159b33faf8839e11b22314b7d0e7fd8a1c485f0931d7a5b752d226af1b33ccf36b61e44e9dd4f80552b9f670033b7426ee23e2

Download Submit
C:\Windows\System\VkhTrce.exe

Filesize
1.9MB

MD5
1daa2283f06076655e0c5483eca64b66

SHA1
fb8e6fbd397542d231341ee1bb0ad9a14660c9f1

SHA256
22069432566351d8e91610ca9c88e416ee6d349caa7deec990267e9b326c56f1

SHA512
c25dff23ccf5a6b81eee535636f307a575b5052d86f2f59ae8a2781be46bd430bc79e7dfe2c6022982b97d2b057b3472ed3ff5ead23ef07d0adfb67eece65ade

Download Submit
C:\Windows\System\XMkeKwt.exe

Filesize
1.9MB

MD5
82d06a546aff185086ed592dd496b8af

SHA1
8a11e1867fc64b6fe4c24d4f37390705a6caf498

SHA256
7b8b7a464beb4a4c797820300c50010e5ae0d7fda55712a8f6674c13b9cf14fa

SHA512
b37ce20301a03754de5ed9281068b90e7c1a298c801bc8a91d43bf93f62c3ac3336599b981690bc5148817c3b0811ba352a42fa33323b3798d676e1ad6991278

Download Submit
C:\Windows\System\XynbJZF.exe

Filesize
1.9MB

MD5
597be6aea69340c20b4315415eac6249

SHA1
4176c33ef79368bc861633af95960c04dec730ed

SHA256
6f1ac4a5a284564cdfa9e26f7f0838d53061994a08f73954d1d5ea36f26f9ade

SHA512
14bffb5f8243b80c73c5645c35cf06d5e755ef65a897961cfe804f74cca706108354794dbafe2339d58e9cfe6cd3fbc2b8cd46a31d4e1011d22bb38f81642a69

Download Submit
C:\Windows\System\bFmYTZA.exe

Filesize
1.9MB

MD5
4e2c5e05d4058a3e16a2556be73567fb

SHA1
64ee6bc0eb754c1dd30367282f4df5dadf89f508

SHA256
6814778c59f46704d3c393ceec44320f9ee0aab0c1650370c9c0192d2fc91767

SHA512
026404224d15c82b1bf37d1088c2a2a5e9ae96c5200d1248ddb374066758d5f1fd2cddb6b9391d632d46e68e2ad100e6674b2ae27cc5a7de57be8c8d9286b315

Download Submit
C:\Windows\System\dSLahnc.exe

Filesize
1.9MB

MD5
1f7113387bd9419d7f394cb52248ba35

SHA1
61396c56174fe25a151089ad7f4880ce6e2f9356

SHA256
80c5384a2d9c3548d25cbb1444cc4b32a6da792f27b46620cd3cca87ac215deb

SHA512
e423a1a401a9cb39c2422343bd1713402fa025fe5a4e711e5a76eca21e5b0d47f8400ff0c0dfc7c48f31ce6ae67fe47786c4bde3cb7f81e7f83f363e72c11b6d

Download Submit
C:\Windows\System\eZjkDWg.exe

Filesize
1.9MB

MD5
6cc98aa248b619f792c7606ef5384445

SHA1
81f75cdf668af3dcb402f35565b3cace95cb9894

SHA256
9f01d594b9042cf8ca58304a1ae945b288f1a09d4d913400a33f4eaa1d73ff68

SHA512
85b62323959c94087c0b137be286db2fab1045ae01d4d0a237e4b900995bc14079270877d0b827acddfbc858e1fecda32b9d319c6f3fd4fb9c6859c4ea8e6611

Download Submit
C:\Windows\System\gJiSsLz.exe

Filesize
1.9MB

MD5
00b747998660ea416abb4ef17901d0aa

SHA1
7fe6ce7761de3070eb900be603985c6afa91d2ed

SHA256
25bd6a3891b515b49c701be68900209808a06a0254b76e6f2f983fdf56baeadf

SHA512
a70277663b6599c61b1878c8703b02babf98cd8a8277e5e608c14ea7a4401751e28e7872a348ba31724b838d2a76a67a69fe0e729d5e1ece657c1753903922b2

Download Submit
C:\Windows\System\hPrmprJ.exe

Filesize
1.9MB

MD5
07fecbc7ef602ef2a558412558cc571e

SHA1
1f3d5eb88f430867d5145af0c2a8cedc27fd1948

SHA256
c4c5f8b23390268f480f7ddd74219feaec65fe3f30973213e7db41a5ae6bf79c

SHA512
5af080d39486dc7429d4f8f619f8ee6839a50c5d3c3ee2b766a02ba8debccb485a7731bb193d558b04762168d97fd84afab49e1575d76fdcf4003f45abcd31b6

Download Submit
C:\Windows\System\hiRUfiK.exe

Filesize
1.9MB

MD5
f208021ac98793b1a3a23bb2a2826ea9

SHA1
456d6a65c5e30050e50e6d02f4f04de6db532b40

SHA256
1039aaa8960c86ac9781020e4599fa95d9d233fa838fb2c6c97885ea7da81534

SHA512
ef25ec248e88a43e1393d8dabc8d203fb83c46c2a06278af7d871abbd1833b890d6879b764a446632f41f2ec33bacd3f84ec1f23fb060ad0182cd7d113cc9f12

Download Submit
C:\Windows\System\kcriwwW.exe

Filesize
1.9MB

MD5
c2adf52b0f8ad9f1308361cfb9818677

SHA1
dc5c6d0b07c8e460e358b16bc7c82f4b33518556

SHA256
44880cbe09d4a4a5981ae3dbccbd066a0e5d67a15a45e82378b4bdc173922eb8

SHA512
a2bf491f33595ac905db9b0a18564b2aae2ea02fc8ab11e50db2b9e2170535d4f4d3683b6733b840cca47839215f09c6dabd59b97b156de51ff54527057a2983

Download Submit
C:\Windows\System\mYiEYkH.exe

Filesize
1.9MB

MD5
163890b7a6c3790fcdbb68ae7c12ab6e

SHA1
2bab1dda35e1e60de1233a01d3d2ccdd3d7ca84e

SHA256
26f59b67fa7ea0fc587c3b29b2fa7364d3541fc7cca647cd18552d9872dba522

SHA512
dd5a5708462e37d3872f090a1ebc326be0e4082c0e50f831a3085a1cc5d9dd05225248b4042783b7fffe055b5c9f8908f07358593c77f5e533987417f1c65218

Download Submit
C:\Windows\System\nxBdjYO.exe

Filesize
1.9MB

MD5
20971bde4f1e64faec808a4bba9660d4

SHA1
8a6830d6258c09bd261c45843c07540b07575a8f

SHA256
e5024345e4c769da82447aaeaaf1e5bc7e76dbc48ab426f04cd628d03f9977ee

SHA512
62d84e27d03dc2dd388e7f48f48954e22872006db615b39932de858e86ff413352ef5e1af88d74918d98b015540f3500e86ca5ddb91110ffd8b94a2f7af46af4

Download Submit
C:\Windows\System\nyNMgfc.exe

Filesize
1.9MB

MD5
272561eb7e569bbcfcbd81c2b0316cfc

SHA1
61a9c9f156068074c6186c380655ab91de7d1d6d

SHA256
f68303fa0506fc01d1c9c396c4b46045ba89d086b5e927215c502915096fca8e

SHA512
ac0acaa7410549adb9e4f9e47c7a37c9aecfb9426b4eca88a165cfa5d9f844ba42e245e3c30e225b68dec731f2e63be837a37a40414ddedd0cf79885d9bcfbe3

Download Submit
C:\Windows\System\ooNSmyP.exe

Filesize
1.9MB

MD5
d19cefb18767444c1e72bf06fe816ac7

SHA1
188228f9fd380bc79c1545f622c64d9d2ab69069

SHA256
5ef00b3d1f855ced9393d8a4afb1a51559eef792861d5d2595f1369f55a34e3e

SHA512
5292176c4cfa14a539b071573fceae5aaed1de3ef479d2285feb79f6c8f60ebef930949ec16f2bab71b48baae54d56356ff85422e1a6fcf501c47743da15ad4d

Download Submit
C:\Windows\System\pPxSDKN.exe

Filesize
1.9MB

MD5
fba3243bbcc4a90edebf16f2f08fcb85

SHA1
e829d75062bcb7047b4955794f899d2a2d4c37a4

SHA256
841d2fbafbb801a823e640db6512053edc6b95224336523719ad1e4557798320

SHA512
18fa7c458261f402e9937be09ddffe8e4a4b43509c3560cae303cc77f64dd9305db61154916e73d6fd020738345a717fda413ad01dbd3851bc4112327b42d2b7

Download Submit
C:\Windows\System\qaFNHTw.exe

Filesize
1.9MB

MD5
5a3c26dacbbc40defa1344f7c4eb7f4f

SHA1
31290d2a6e5798e70a310820f2d8dbf124e0738b

SHA256
ba85ce0b9065d928dec936acb20462c854845cb17cc9475ccc0c4ede4f2048dd

SHA512
c2a9f020d6226d698e5d3b5e5823df3e6d52331a8a4a96a86533b1fc1017b6f249676f3780f460497c492e5a113322a1e622104ae6dedb80877626d0584458fe

Download Submit
C:\Windows\System\tEOJmtE.exe

Filesize
1.9MB

MD5
a88acad809be4bc3209cbc63a1e00e30

SHA1
3a3bb35e9a7f12ae6748b7674b4d222d08fee5e7

SHA256
fbfcbc2b503f8eea7e1ca127c108a9fd2a9eea2f214fb3b784f8502f43928188

SHA512
9de627b689623a888c65a04168ac883050df9ce9c9c2c4a3ee0b4ae8343b8d48996640c1ffac6b7aceb2ff738059848e5c105c25ec7d96ec93f64779a1332ba5

Download Submit
C:\Windows\System\tMyZFRF.exe

Filesize
1.9MB

MD5
ffc50aa7a2d874ef578bab442eafa9b7

SHA1
cb3fb46d3fd4432859b165aa2b30ccd1973b3116

SHA256
7baaf9275b9d9373e515ceb01fa37225430e60539537d3eb95658a2ceb02d72c

SHA512
ceecdadf16624f8286195388c10ab4cd18491aa011fd941ebda87e4680d375d2ae19a0474cc923a7355da375e541e13c8104d0aa37677a9d96c7c4a337a923a7

Download Submit
C:\Windows\System\tVRLfwy.exe

Filesize
1.9MB

MD5
e33a4cd1736c15b848495a3fae6ecf59

SHA1
5eb35c3b4c1084a03bd7e3b164c8ee2af0688af6

SHA256
0feae5159e6f5123351e4fdc6a5f9e467b4513e5cce3d88ad6e65a3f92451fc6

SHA512
aac4c05b8d60c247a0a7d9cdc1d53884a8bfa54636ca70ed1532cb41dc1a7a43a9a817be97bcd64b1b26580065a322d15e382456696352466793b20e3f72a3ed

Download Submit
C:\Windows\System\tzJFlBM.exe

Filesize
1.9MB

MD5
2bfc03376a3f57c16780af2d56a10090

SHA1
1982f0c8d6445b3f746e3fde1758d3cec1b7524c

SHA256
1d95c4fbfb1cf36244293756201821aad1997e64151c770a95de2108db148887

SHA512
2340dfc1995061f65b3d848d993435d6a848d22e3f5fe842bdb76fc54b0f2c688daf1449d15a35d4cc1cf3154818aa52f19fbc4dd7de95c40b228788858efd96

Download Submit
C:\Windows\System\zTUOOUG.exe

Filesize
1.9MB

MD5
80bff74b81e61d9e1ca21f9026bdb19c

SHA1
edd4693ef5f9fdbf524b0280acc28fc93b686fbf

SHA256
09f6660725c72657bf0d12d7076afce7a116e4284e55fac018f7ba70260fad82

SHA512
5c875cff1f53b5f25159790d8c8309cb562d1af50deb49c40b0dd03f194e0564dd74a37731a91dc4e1609c7357d62459dfd52b2f44051c21b1f44218a442e6f2

Download Submit
C:\Windows\System\zcBOrsn.exe

Filesize
1.9MB

MD5
b0c4b3fdc87c855ab9c80229b2780ba5

SHA1
701c97281fb8b6f78d81e95104141142025e5ed5

SHA256
c1d0b9398ffe32d5b67fc6d58bf8670b1cdf456ff12f7f27b1a9e0fe8f5dad6a

SHA512
b5993445913be6909a610f592a6bf6cdb5db5d2218eebc78245cc527b8027cc5293f7e77b66360c0488d46fa3cc3e1a311f601be6e55422c52ee8360d923302a

Download Submit
memory/996-179-0x00007FF67C740000-0x00007FF67CA94000-memory.dmp

Filesize
3.3MB

Download
memory/996-2109-0x00007FF67C740000-0x00007FF67CA94000-memory.dmp

Filesize
3.3MB

Download
memory/1004-14-0x00007FF73D7C0000-0x00007FF73DB14000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2081-0x00007FF73D7C0000-0x00007FF73DB14000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2073-0x00007FF73D7C0000-0x00007FF73DB14000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2077-0x00007FF7117C0000-0x00007FF711B14000-memory.dmp

Filesize
3.3MB

Download
memory/1528-60-0x00007FF7117C0000-0x00007FF711B14000-memory.dmp

Filesize
3.3MB

Download
memory/1528-2086-0x00007FF7117C0000-0x00007FF711B14000-memory.dmp

Filesize
3.3MB

Download
memory/1684-169-0x00007FF784A50000-0x00007FF784DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2096-0x00007FF784A50000-0x00007FF784DA4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-178-0x00007FF66EE40000-0x00007FF66F194000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2102-0x00007FF66EE40000-0x00007FF66F194000-memory.dmp

Filesize
3.3MB

Download
memory/2144-35-0x00007FF7F7C10000-0x00007FF7F7F64000-memory.dmp

Filesize
3.3MB

Download
memory/2144-2076-0x00007FF7F7C10000-0x00007FF7F7F64000-memory.dmp

Filesize
3.3MB

Download
memory/2144-2084-0x00007FF7F7C10000-0x00007FF7F7F64000-memory.dmp

Filesize
3.3MB

Download
memory/2452-0-0x00007FF6CEBE0000-0x00007FF6CEF34000-memory.dmp

Filesize
3.3MB

Download
memory/2452-1-0x000001CD671D0000-0x000001CD671E0000-memory.dmp

Filesize
64KB

Download
memory/2452-2072-0x00007FF6CEBE0000-0x00007FF6CEF34000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2090-0x00007FF7DB880000-0x00007FF7DBBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-180-0x00007FF7DB880000-0x00007FF7DBBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-41-0x00007FF660C90000-0x00007FF660FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2087-0x00007FF660C90000-0x00007FF660FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2080-0x00007FF660C90000-0x00007FF660FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2106-0x00007FF7A1030000-0x00007FF7A1384000-memory.dmp

Filesize
3.3MB

Download
memory/2652-170-0x00007FF7A1030000-0x00007FF7A1384000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2079-0x00007FF6A54D0000-0x00007FF6A5824000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2098-0x00007FF6A54D0000-0x00007FF6A5824000-memory.dmp

Filesize
3.3MB

Download
memory/2728-140-0x00007FF6A54D0000-0x00007FF6A5824000-memory.dmp

Filesize
3.3MB

Download
memory/2804-174-0x00007FF7A6820000-0x00007FF7A6B74000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2108-0x00007FF7A6820000-0x00007FF7A6B74000-memory.dmp

Filesize
3.3MB

Download
memory/2820-171-0x00007FF754630000-0x00007FF754984000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2097-0x00007FF754630000-0x00007FF754984000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2089-0x00007FF767BF0000-0x00007FF767F44000-memory.dmp

Filesize
3.3MB

Download
memory/3092-167-0x00007FF767BF0000-0x00007FF767F44000-memory.dmp

Filesize
3.3MB

Download
memory/3164-176-0x00007FF7BF210000-0x00007FF7BF564000-memory.dmp

Filesize
3.3MB

Download
memory/3164-2104-0x00007FF7BF210000-0x00007FF7BF564000-memory.dmp

Filesize
3.3MB

Download
memory/3268-175-0x00007FF6ADFB0000-0x00007FF6AE304000-memory.dmp

Filesize
3.3MB

Download
memory/3268-2105-0x00007FF6ADFB0000-0x00007FF6AE304000-memory.dmp

Filesize
3.3MB

Download
memory/3620-2103-0x00007FF787070000-0x00007FF7873C4000-memory.dmp

Filesize
3.3MB

Download
memory/3620-177-0x00007FF787070000-0x00007FF7873C4000-memory.dmp

Filesize
3.3MB

Download
memory/3624-2107-0x00007FF7C5480000-0x00007FF7C57D4000-memory.dmp

Filesize
3.3MB

Download
memory/3624-173-0x00007FF7C5480000-0x00007FF7C57D4000-memory.dmp

Filesize
3.3MB

Download
memory/3684-183-0x00007FF6A8030000-0x00007FF6A8384000-memory.dmp

Filesize
3.3MB

Download
memory/3684-2099-0x00007FF6A8030000-0x00007FF6A8384000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2100-0x00007FF79DCE0000-0x00007FF79E034000-memory.dmp

Filesize
3.3MB

Download
memory/3776-184-0x00007FF79DCE0000-0x00007FF79E034000-memory.dmp

Filesize
3.3MB

Download
memory/3836-162-0x00007FF614AC0000-0x00007FF614E14000-memory.dmp

Filesize
3.3MB

Download
memory/3836-2091-0x00007FF614AC0000-0x00007FF614E14000-memory.dmp

Filesize
3.3MB

Download
memory/4356-181-0x00007FF7B9180000-0x00007FF7B94D4000-memory.dmp

Filesize
3.3MB

Download
memory/4356-2085-0x00007FF7B9180000-0x00007FF7B94D4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-25-0x00007FF644950000-0x00007FF644CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2075-0x00007FF644950000-0x00007FF644CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4428-2082-0x00007FF644950000-0x00007FF644CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4492-168-0x00007FF7277A0000-0x00007FF727AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4492-2094-0x00007FF7277A0000-0x00007FF727AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2095-0x00007FF7C9BE0000-0x00007FF7C9F34000-memory.dmp

Filesize
3.3MB

Download
memory/4520-182-0x00007FF7C9BE0000-0x00007FF7C9F34000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2101-0x00007FF610390000-0x00007FF6106E4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-172-0x00007FF610390000-0x00007FF6106E4000-memory.dmp

Filesize
3.3MB

Download
memory/4692-84-0x00007FF639CB0000-0x00007FF63A004000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2078-0x00007FF639CB0000-0x00007FF63A004000-memory.dmp

Filesize
3.3MB

Download
memory/4692-2092-0x00007FF639CB0000-0x00007FF63A004000-memory.dmp

Filesize
3.3MB

Download
memory/4764-2093-0x00007FF670B90000-0x00007FF670EE4000-memory.dmp

Filesize
3.3MB

Download
memory/4764-127-0x00007FF670B90000-0x00007FF670EE4000-memory.dmp

Filesize
3.3MB

Download
memory/4808-106-0x00007FF715830000-0x00007FF715B84000-memory.dmp

Filesize
3.3MB

Download
memory/4808-2088-0x00007FF715830000-0x00007FF715B84000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2083-0x00007FF6DB330000-0x00007FF6DB684000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2074-0x00007FF6DB330000-0x00007FF6DB684000-memory.dmp

Filesize
3.3MB

Download
memory/5008-15-0x00007FF6DB330000-0x00007FF6DB684000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads