kpot | b71a6f9ba7c28daa3279c286c3210c4afd8263fcd28d2650450a2b181361eec8

Analysis

max time kernel
128s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
Size

2.4MB
MD5

0117121e82ae51fdfea6585eebf99dc0
SHA1

1f8ea76120d35d0624a2819348f7a5c71ead694a
SHA256

b71a6f9ba7c28daa3279c286c3210c4afd8263fcd28d2650450a2b181361eec8
SHA512

c88086469883a5b07b5eb2448d8b8dcc642557e34deb9074faf8fc7fd6ddd40f929c495e761ab3f9e4af4e1797c71bcda7937978179038f4d683b95c8162d56a
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eoV:BemTLkNdfE0pZrwb

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 34 IoCs

resource	yara_rule
behavioral2/files/0x00090000000233f4-4.dat	family_kpot
behavioral2/files/0x000700000002340d-7.dat	family_kpot
behavioral2/files/0x000700000002340e-29.dat	family_kpot
behavioral2/files/0x000700000002340f-39.dat	family_kpot
behavioral2/files/0x0007000000023411-54.dat	family_kpot
behavioral2/files/0x0007000000023419-72.dat	family_kpot
behavioral2/files/0x0007000000023414-83.dat	family_kpot
behavioral2/files/0x000700000002341a-98.dat	family_kpot
behavioral2/files/0x000700000002341d-110.dat	family_kpot
behavioral2/files/0x000700000002341e-114.dat	family_kpot
behavioral2/files/0x000700000002341c-104.dat	family_kpot
behavioral2/files/0x000700000002341b-100.dat	family_kpot
behavioral2/files/0x0007000000023418-93.dat	family_kpot
behavioral2/files/0x0007000000023416-89.dat	family_kpot
behavioral2/files/0x0007000000023417-88.dat	family_kpot
behavioral2/files/0x0007000000023415-85.dat	family_kpot
behavioral2/files/0x0007000000023412-74.dat	family_kpot
behavioral2/files/0x0007000000023413-79.dat	family_kpot
behavioral2/files/0x0007000000023410-57.dat	family_kpot
behavioral2/files/0x000700000002340c-11.dat	family_kpot
behavioral2/files/0x000700000002341f-125.dat	family_kpot
behavioral2/files/0x0007000000023420-134.dat	family_kpot
behavioral2/files/0x0007000000023421-141.dat	family_kpot
behavioral2/files/0x0007000000023426-165.dat	family_kpot
behavioral2/files/0x0007000000023428-174.dat	family_kpot
behavioral2/files/0x000700000002342b-199.dat	family_kpot
behavioral2/files/0x0007000000023427-197.dat	family_kpot
behavioral2/files/0x000700000002342a-196.dat	family_kpot
behavioral2/files/0x0007000000023429-185.dat	family_kpot
behavioral2/files/0x0007000000023425-177.dat	family_kpot
behavioral2/files/0x0007000000023424-175.dat	family_kpot
behavioral2/files/0x0007000000023423-173.dat	family_kpot
behavioral2/files/0x0007000000023422-145.dat	family_kpot
behavioral2/files/0x0008000000023409-137.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4028-0-0x00007FF6ED8C0000-0x00007FF6EDC14000-memory.dmp	xmrig
behavioral2/files/0x00090000000233f4-4.dat	xmrig
behavioral2/files/0x000700000002340d-7.dat	xmrig
behavioral2/files/0x000700000002340e-29.dat	xmrig
behavioral2/files/0x000700000002340f-39.dat	xmrig
behavioral2/files/0x0007000000023411-54.dat	xmrig
behavioral2/files/0x0007000000023419-72.dat	xmrig
behavioral2/files/0x0007000000023414-83.dat	xmrig
behavioral2/files/0x000700000002341a-98.dat	xmrig
behavioral2/files/0x000700000002341d-110.dat	xmrig
behavioral2/memory/4376-117-0x00007FF78CE20000-0x00007FF78D174000-memory.dmp	xmrig
behavioral2/memory/2572-121-0x00007FF67A3A0000-0x00007FF67A6F4000-memory.dmp	xmrig
behavioral2/memory/3324-120-0x00007FF6A2900000-0x00007FF6A2C54000-memory.dmp	xmrig
behavioral2/memory/2952-119-0x00007FF7B48E0000-0x00007FF7B4C34000-memory.dmp	xmrig
behavioral2/memory/2672-118-0x00007FF7EF120000-0x00007FF7EF474000-memory.dmp	xmrig
behavioral2/memory/1284-116-0x00007FF6D39B0000-0x00007FF6D3D04000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-114.dat	xmrig
behavioral2/memory/4676-113-0x00007FF630FB0000-0x00007FF631304000-memory.dmp	xmrig
behavioral2/memory/3188-109-0x00007FF7C4B70000-0x00007FF7C4EC4000-memory.dmp	xmrig
behavioral2/memory/4984-108-0x00007FF6001E0000-0x00007FF600534000-memory.dmp	xmrig
behavioral2/memory/4696-106-0x00007FF763160000-0x00007FF7634B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-104.dat	xmrig
behavioral2/files/0x000700000002341b-100.dat	xmrig
behavioral2/files/0x0007000000023418-93.dat	xmrig
behavioral2/memory/3040-92-0x00007FF6D58F0000-0x00007FF6D5C44000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-89.dat	xmrig
behavioral2/files/0x0007000000023417-88.dat	xmrig
behavioral2/files/0x0007000000023415-85.dat	xmrig
behavioral2/memory/2084-78-0x00007FF7FE380000-0x00007FF7FE6D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-74.dat	xmrig
behavioral2/memory/652-69-0x00007FF7EBD80000-0x00007FF7EC0D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-79.dat	xmrig
behavioral2/files/0x0007000000023410-57.dat	xmrig
behavioral2/memory/1472-51-0x00007FF726B30000-0x00007FF726E84000-memory.dmp	xmrig
behavioral2/memory/548-35-0x00007FF707150000-0x00007FF7074A4000-memory.dmp	xmrig
behavioral2/memory/512-34-0x00007FF601DB0000-0x00007FF602104000-memory.dmp	xmrig
behavioral2/memory/3096-38-0x00007FF6A21D0000-0x00007FF6A2524000-memory.dmp	xmrig
behavioral2/memory/3952-25-0x00007FF6CB4D0000-0x00007FF6CB824000-memory.dmp	xmrig
behavioral2/memory/4060-18-0x00007FF62DD60000-0x00007FF62E0B4000-memory.dmp	xmrig
behavioral2/memory/1968-13-0x00007FF627960000-0x00007FF627CB4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-11.dat	xmrig
behavioral2/files/0x000700000002341f-125.dat	xmrig
behavioral2/memory/3560-130-0x00007FF7C4060000-0x00007FF7C43B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-134.dat	xmrig
behavioral2/files/0x0007000000023421-141.dat	xmrig
behavioral2/files/0x0007000000023426-165.dat	xmrig
behavioral2/files/0x0007000000023428-174.dat	xmrig
behavioral2/memory/2788-200-0x00007FF7ED150000-0x00007FF7ED4A4000-memory.dmp	xmrig
behavioral2/memory/736-202-0x00007FF6B0320000-0x00007FF6B0674000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-199.dat	xmrig
behavioral2/files/0x0007000000023427-197.dat	xmrig
behavioral2/files/0x000700000002342a-196.dat	xmrig
behavioral2/memory/2676-190-0x00007FF686FF0000-0x00007FF687344000-memory.dmp	xmrig
behavioral2/memory/1968-188-0x00007FF627960000-0x00007FF627CB4000-memory.dmp	xmrig
behavioral2/memory/4028-186-0x00007FF6ED8C0000-0x00007FF6EDC14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-185.dat	xmrig
behavioral2/files/0x0007000000023425-177.dat	xmrig
behavioral2/files/0x0007000000023424-175.dat	xmrig
behavioral2/files/0x0007000000023423-173.dat	xmrig
behavioral2/memory/2268-170-0x00007FF659680000-0x00007FF6599D4000-memory.dmp	xmrig
behavioral2/memory/3212-161-0x00007FF749070000-0x00007FF7493C4000-memory.dmp	xmrig
behavioral2/memory/4360-160-0x00007FF69A430000-0x00007FF69A784000-memory.dmp	xmrig
behavioral2/memory/1000-148-0x00007FF6D09B0000-0x00007FF6D0D04000-memory.dmp	xmrig
behavioral2/files/0x0007000000023422-145.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1968	ivdVYBj.exe
4060	onKEyLG.exe
512	xXsemlc.exe
3952	jzLBmfa.exe
548	ndUTKzc.exe
3096	Nejduuo.exe
1472	HqVqPpB.exe
2672	hRCZcdA.exe
652	wVWxcYE.exe
2084	dNWMPqB.exe
3040	uGrHsPM.exe
4696	xORtAAZ.exe
4984	BphtbLI.exe
2952	kZXyOfH.exe
3188	BHkFdrg.exe
4676	TxfkrpE.exe
1284	bFhjVDw.exe
4376	POfUQJZ.exe
3324	HqZIGZx.exe
2572	UQsCGvG.exe
3560	epcOdSd.exe
1056	AlRyqkD.exe
1000	xYrgaus.exe
2676	nHXAfiW.exe
4360	vHQwnpI.exe
2788	KKFmRyg.exe
3212	fJlpncy.exe
2268	AmoPkLO.exe
736	KqlYEYh.exe
3252	BnpyVCq.exe
2168	FxWFrqb.exe
2100	wNNabvG.exe
2384	jFyWQGi.exe
1272	RIMIitK.exe
1532	OlFRMZE.exe
1828	UqAxTNR.exe
864	pYjtJpf.exe
3520	XUKXglI.exe
1128	yBrsCaQ.exe
212	OujnjiM.exe
4292	ebaWLis.exe
4280	YDUDpsR.exe
4988	rIQIcpY.exe
4896	pwweJyZ.exe
5096	ofeUJSM.exe
1464	BDSFUnZ.exe
1640	aPCBtdP.exe
2208	ThSeWuV.exe
1836	lSJZxor.exe
4524	PrvZvpn.exe
4780	kGucSEx.exe
4916	njZkHvo.exe
3160	SAnPfaU.exe
4840	QuneFsJ.exe
1660	zshoQui.exe
2608	jqrLsJo.exe
1672	yyGhzVX.exe
536	NLKwegI.exe
4064	BiKZaTW.exe
4748	pTTAOFZ.exe
3456	FgkgsRT.exe
3960	SkBeWbB.exe
2920	YbGnOMY.exe
5004	xdZQFlP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4028-0-0x00007FF6ED8C0000-0x00007FF6EDC14000-memory.dmp	upx
behavioral2/files/0x00090000000233f4-4.dat	upx
behavioral2/files/0x000700000002340d-7.dat	upx
behavioral2/files/0x000700000002340e-29.dat	upx
behavioral2/files/0x000700000002340f-39.dat	upx
behavioral2/files/0x0007000000023411-54.dat	upx
behavioral2/files/0x0007000000023419-72.dat	upx
behavioral2/files/0x0007000000023414-83.dat	upx
behavioral2/files/0x000700000002341a-98.dat	upx
behavioral2/files/0x000700000002341d-110.dat	upx
behavioral2/memory/4376-117-0x00007FF78CE20000-0x00007FF78D174000-memory.dmp	upx
behavioral2/memory/2572-121-0x00007FF67A3A0000-0x00007FF67A6F4000-memory.dmp	upx
behavioral2/memory/3324-120-0x00007FF6A2900000-0x00007FF6A2C54000-memory.dmp	upx
behavioral2/memory/2952-119-0x00007FF7B48E0000-0x00007FF7B4C34000-memory.dmp	upx
behavioral2/memory/2672-118-0x00007FF7EF120000-0x00007FF7EF474000-memory.dmp	upx
behavioral2/memory/1284-116-0x00007FF6D39B0000-0x00007FF6D3D04000-memory.dmp	upx
behavioral2/files/0x000700000002341e-114.dat	upx
behavioral2/memory/4676-113-0x00007FF630FB0000-0x00007FF631304000-memory.dmp	upx
behavioral2/memory/3188-109-0x00007FF7C4B70000-0x00007FF7C4EC4000-memory.dmp	upx
behavioral2/memory/4984-108-0x00007FF6001E0000-0x00007FF600534000-memory.dmp	upx
behavioral2/memory/4696-106-0x00007FF763160000-0x00007FF7634B4000-memory.dmp	upx
behavioral2/files/0x000700000002341c-104.dat	upx
behavioral2/files/0x000700000002341b-100.dat	upx
behavioral2/files/0x0007000000023418-93.dat	upx
behavioral2/memory/3040-92-0x00007FF6D58F0000-0x00007FF6D5C44000-memory.dmp	upx
behavioral2/files/0x0007000000023416-89.dat	upx
behavioral2/files/0x0007000000023417-88.dat	upx
behavioral2/files/0x0007000000023415-85.dat	upx
behavioral2/memory/2084-78-0x00007FF7FE380000-0x00007FF7FE6D4000-memory.dmp	upx
behavioral2/files/0x0007000000023412-74.dat	upx
behavioral2/memory/652-69-0x00007FF7EBD80000-0x00007FF7EC0D4000-memory.dmp	upx
behavioral2/files/0x0007000000023413-79.dat	upx
behavioral2/files/0x0007000000023410-57.dat	upx
behavioral2/memory/1472-51-0x00007FF726B30000-0x00007FF726E84000-memory.dmp	upx
behavioral2/memory/548-35-0x00007FF707150000-0x00007FF7074A4000-memory.dmp	upx
behavioral2/memory/512-34-0x00007FF601DB0000-0x00007FF602104000-memory.dmp	upx
behavioral2/memory/3096-38-0x00007FF6A21D0000-0x00007FF6A2524000-memory.dmp	upx
behavioral2/memory/3952-25-0x00007FF6CB4D0000-0x00007FF6CB824000-memory.dmp	upx
behavioral2/memory/4060-18-0x00007FF62DD60000-0x00007FF62E0B4000-memory.dmp	upx
behavioral2/memory/1968-13-0x00007FF627960000-0x00007FF627CB4000-memory.dmp	upx
behavioral2/files/0x000700000002340c-11.dat	upx
behavioral2/files/0x000700000002341f-125.dat	upx
behavioral2/memory/3560-130-0x00007FF7C4060000-0x00007FF7C43B4000-memory.dmp	upx
behavioral2/files/0x0007000000023420-134.dat	upx
behavioral2/files/0x0007000000023421-141.dat	upx
behavioral2/files/0x0007000000023426-165.dat	upx
behavioral2/files/0x0007000000023428-174.dat	upx
behavioral2/memory/2788-200-0x00007FF7ED150000-0x00007FF7ED4A4000-memory.dmp	upx
behavioral2/memory/736-202-0x00007FF6B0320000-0x00007FF6B0674000-memory.dmp	upx
behavioral2/files/0x000700000002342b-199.dat	upx
behavioral2/files/0x0007000000023427-197.dat	upx
behavioral2/files/0x000700000002342a-196.dat	upx
behavioral2/memory/2676-190-0x00007FF686FF0000-0x00007FF687344000-memory.dmp	upx
behavioral2/memory/1968-188-0x00007FF627960000-0x00007FF627CB4000-memory.dmp	upx
behavioral2/memory/4028-186-0x00007FF6ED8C0000-0x00007FF6EDC14000-memory.dmp	upx
behavioral2/files/0x0007000000023429-185.dat	upx
behavioral2/files/0x0007000000023425-177.dat	upx
behavioral2/files/0x0007000000023424-175.dat	upx
behavioral2/files/0x0007000000023423-173.dat	upx
behavioral2/memory/2268-170-0x00007FF659680000-0x00007FF6599D4000-memory.dmp	upx
behavioral2/memory/3212-161-0x00007FF749070000-0x00007FF7493C4000-memory.dmp	upx
behavioral2/memory/4360-160-0x00007FF69A430000-0x00007FF69A784000-memory.dmp	upx
behavioral2/memory/1000-148-0x00007FF6D09B0000-0x00007FF6D0D04000-memory.dmp	upx
behavioral2/files/0x0007000000023422-145.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\onKEyLG.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\yfcCCAL.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\OWslRqd.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\PNbyJUo.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\CShBYZu.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\xdZQFlP.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\GMpsrTh.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\SfBtIas.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\rWXZTQS.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\SzHplPi.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\IWCNwoj.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\uGrHsPM.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\BiKZaTW.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\YMzGhSK.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\eiYtjdf.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\gECzaFF.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\pHcqRGk.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\ComGmds.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\BqDJfdc.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\sJiqTXO.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\FKxVhTs.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\uEbFqxs.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\dIMXsXe.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\PNqCCQa.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\IldmsZL.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\kGucSEx.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\qgJQjSV.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\NrTiqGd.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\AbwHoMy.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\gzmtBeD.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\sYzTKRI.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\AkKtuGf.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\lxQCget.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\IJZVvyW.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\OPPJhRl.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\frsEgcK.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\VxiTvnO.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\kdRIdQr.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\TDyrvpT.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\wcWCbHr.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\SfbnbCq.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\wOMxkup.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\TrMKdLl.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\bFwGQnD.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\GYSkPph.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\aDBhbmE.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\YfcOcaE.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\rIQIcpY.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\gFMNvOL.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\phVyJsE.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\ODLcxmw.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\JsjaVJT.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\clHdqgk.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\euhcrXT.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\HqVqPpB.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\pRSERNS.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\vTBfzUk.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\fOntZOi.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\JOOVqDe.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\PfHzEmY.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\EopqwRm.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\jzLBmfa.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\OujnjiM.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
File created	C:\Windows\System\ApIAIZH.exe	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15188	dwm.exe
Token: SeChangeNotifyPrivilege	15188	dwm.exe
Token: 33	15188	dwm.exe
Token: SeIncBasePriorityPrivilege	15188	dwm.exe
Token: SeShutdownPrivilege	15188	dwm.exe
Token: SeCreatePagefilePrivilege	15188	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 1968	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	84
PID 4028 wrote to memory of 1968	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	84
PID 4028 wrote to memory of 4060	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	85
PID 4028 wrote to memory of 4060	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	85
PID 4028 wrote to memory of 512	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	86
PID 4028 wrote to memory of 512	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	86
PID 4028 wrote to memory of 3952	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	87
PID 4028 wrote to memory of 3952	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	87
PID 4028 wrote to memory of 548	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	88
PID 4028 wrote to memory of 548	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	88
PID 4028 wrote to memory of 3096	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	89
PID 4028 wrote to memory of 3096	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	89
PID 4028 wrote to memory of 652	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	90
PID 4028 wrote to memory of 652	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	90
PID 4028 wrote to memory of 1472	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	91
PID 4028 wrote to memory of 1472	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	91
PID 4028 wrote to memory of 2672	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	92
PID 4028 wrote to memory of 2672	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	92
PID 4028 wrote to memory of 2084	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	93
PID 4028 wrote to memory of 2084	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	93
PID 4028 wrote to memory of 3040	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	94
PID 4028 wrote to memory of 3040	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	94
PID 4028 wrote to memory of 4696	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	95
PID 4028 wrote to memory of 4696	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	95
PID 4028 wrote to memory of 4984	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	96
PID 4028 wrote to memory of 4984	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	96
PID 4028 wrote to memory of 2952	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	97
PID 4028 wrote to memory of 2952	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	97
PID 4028 wrote to memory of 3188	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	98
PID 4028 wrote to memory of 3188	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	98
PID 4028 wrote to memory of 4676	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	99
PID 4028 wrote to memory of 4676	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	99
PID 4028 wrote to memory of 1284	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	100
PID 4028 wrote to memory of 1284	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	100
PID 4028 wrote to memory of 4376	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	101
PID 4028 wrote to memory of 4376	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	101
PID 4028 wrote to memory of 3324	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	102
PID 4028 wrote to memory of 3324	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	102
PID 4028 wrote to memory of 2572	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	103
PID 4028 wrote to memory of 2572	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	103
PID 4028 wrote to memory of 3560	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	104
PID 4028 wrote to memory of 3560	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	104
PID 4028 wrote to memory of 1056	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	106
PID 4028 wrote to memory of 1056	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	106
PID 4028 wrote to memory of 1000	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	107
PID 4028 wrote to memory of 1000	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	107
PID 4028 wrote to memory of 2676	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	108
PID 4028 wrote to memory of 2676	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	108
PID 4028 wrote to memory of 4360	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	109
PID 4028 wrote to memory of 4360	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	109
PID 4028 wrote to memory of 2788	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	110
PID 4028 wrote to memory of 2788	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	110
PID 4028 wrote to memory of 3212	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	111
PID 4028 wrote to memory of 3212	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	111
PID 4028 wrote to memory of 2268	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	112
PID 4028 wrote to memory of 2268	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	112
PID 4028 wrote to memory of 736	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	113
PID 4028 wrote to memory of 736	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	113
PID 4028 wrote to memory of 3252	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	114
PID 4028 wrote to memory of 3252	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	114
PID 4028 wrote to memory of 2168	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	115
PID 4028 wrote to memory of 2168	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	115
PID 4028 wrote to memory of 2100	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	116
PID 4028 wrote to memory of 2100	4028	0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0117121e82ae51fdfea6585eebf99dc0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Windows\System\ivdVYBj.exe
  C:\Windows\System\ivdVYBj.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\onKEyLG.exe
  C:\Windows\System\onKEyLG.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\xXsemlc.exe
  C:\Windows\System\xXsemlc.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\jzLBmfa.exe
  C:\Windows\System\jzLBmfa.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\ndUTKzc.exe
  C:\Windows\System\ndUTKzc.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\Nejduuo.exe
  C:\Windows\System\Nejduuo.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\wVWxcYE.exe
  C:\Windows\System\wVWxcYE.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\HqVqPpB.exe
  C:\Windows\System\HqVqPpB.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\hRCZcdA.exe
  C:\Windows\System\hRCZcdA.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\dNWMPqB.exe
  C:\Windows\System\dNWMPqB.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\uGrHsPM.exe
  C:\Windows\System\uGrHsPM.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\xORtAAZ.exe
  C:\Windows\System\xORtAAZ.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\BphtbLI.exe
  C:\Windows\System\BphtbLI.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\kZXyOfH.exe
  C:\Windows\System\kZXyOfH.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\BHkFdrg.exe
  C:\Windows\System\BHkFdrg.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\TxfkrpE.exe
  C:\Windows\System\TxfkrpE.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\bFhjVDw.exe
  C:\Windows\System\bFhjVDw.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\POfUQJZ.exe
  C:\Windows\System\POfUQJZ.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\HqZIGZx.exe
  C:\Windows\System\HqZIGZx.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\UQsCGvG.exe
  C:\Windows\System\UQsCGvG.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\epcOdSd.exe
  C:\Windows\System\epcOdSd.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\AlRyqkD.exe
  C:\Windows\System\AlRyqkD.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\xYrgaus.exe
  C:\Windows\System\xYrgaus.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\nHXAfiW.exe
  C:\Windows\System\nHXAfiW.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\vHQwnpI.exe
  C:\Windows\System\vHQwnpI.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\KKFmRyg.exe
  C:\Windows\System\KKFmRyg.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\fJlpncy.exe
  C:\Windows\System\fJlpncy.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\AmoPkLO.exe
  C:\Windows\System\AmoPkLO.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\KqlYEYh.exe
  C:\Windows\System\KqlYEYh.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\BnpyVCq.exe
  C:\Windows\System\BnpyVCq.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\FxWFrqb.exe
  C:\Windows\System\FxWFrqb.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\wNNabvG.exe
  C:\Windows\System\wNNabvG.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\jFyWQGi.exe
  C:\Windows\System\jFyWQGi.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\RIMIitK.exe
  C:\Windows\System\RIMIitK.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\OlFRMZE.exe
  C:\Windows\System\OlFRMZE.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\UqAxTNR.exe
  C:\Windows\System\UqAxTNR.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\pYjtJpf.exe
  C:\Windows\System\pYjtJpf.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\XUKXglI.exe
  C:\Windows\System\XUKXglI.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\OujnjiM.exe
  C:\Windows\System\OujnjiM.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\yBrsCaQ.exe
  C:\Windows\System\yBrsCaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\ebaWLis.exe
  C:\Windows\System\ebaWLis.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\YDUDpsR.exe
  C:\Windows\System\YDUDpsR.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\rIQIcpY.exe
  C:\Windows\System\rIQIcpY.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\pwweJyZ.exe
  C:\Windows\System\pwweJyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\ofeUJSM.exe
  C:\Windows\System\ofeUJSM.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\BDSFUnZ.exe
  C:\Windows\System\BDSFUnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\aPCBtdP.exe
  C:\Windows\System\aPCBtdP.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ThSeWuV.exe
  C:\Windows\System\ThSeWuV.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\lSJZxor.exe
  C:\Windows\System\lSJZxor.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\PrvZvpn.exe
  C:\Windows\System\PrvZvpn.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\kGucSEx.exe
  C:\Windows\System\kGucSEx.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\njZkHvo.exe
  C:\Windows\System\njZkHvo.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\SAnPfaU.exe
  C:\Windows\System\SAnPfaU.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\QuneFsJ.exe
  C:\Windows\System\QuneFsJ.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\zshoQui.exe
  C:\Windows\System\zshoQui.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\jqrLsJo.exe
  C:\Windows\System\jqrLsJo.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\yyGhzVX.exe
  C:\Windows\System\yyGhzVX.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\NLKwegI.exe
  C:\Windows\System\NLKwegI.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\BiKZaTW.exe
  C:\Windows\System\BiKZaTW.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\pTTAOFZ.exe
  C:\Windows\System\pTTAOFZ.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\FgkgsRT.exe
  C:\Windows\System\FgkgsRT.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\SkBeWbB.exe
  C:\Windows\System\SkBeWbB.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\YbGnOMY.exe
  C:\Windows\System\YbGnOMY.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\xdZQFlP.exe
  C:\Windows\System\xdZQFlP.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\riwaqcI.exe
  C:\Windows\System\riwaqcI.exe
  2⤵
  PID:4960
- C:\Windows\System\KoHvwbY.exe
  C:\Windows\System\KoHvwbY.exe
  2⤵
  PID:4184
- C:\Windows\System\fNsaCVO.exe
  C:\Windows\System\fNsaCVO.exe
  2⤵
  PID:640
- C:\Windows\System\hwjxlqK.exe
  C:\Windows\System\hwjxlqK.exe
  2⤵
  PID:3140
- C:\Windows\System\fIQgobj.exe
  C:\Windows\System\fIQgobj.exe
  2⤵
  PID:2444
- C:\Windows\System\lxQCget.exe
  C:\Windows\System\lxQCget.exe
  2⤵
  PID:4340
- C:\Windows\System\QdRoCqp.exe
  C:\Windows\System\QdRoCqp.exe
  2⤵
  PID:4868
- C:\Windows\System\VoVKwmY.exe
  C:\Windows\System\VoVKwmY.exe
  2⤵
  PID:4536
- C:\Windows\System\NpoREnU.exe
  C:\Windows\System\NpoREnU.exe
  2⤵
  PID:3924
- C:\Windows\System\JYCNSWV.exe
  C:\Windows\System\JYCNSWV.exe
  2⤵
  PID:4496
- C:\Windows\System\DzfztzJ.exe
  C:\Windows\System\DzfztzJ.exe
  2⤵
  PID:4440
- C:\Windows\System\chkCyyF.exe
  C:\Windows\System\chkCyyF.exe
  2⤵
  PID:4860
- C:\Windows\System\nTcxtSO.exe
  C:\Windows\System\nTcxtSO.exe
  2⤵
  PID:4972
- C:\Windows\System\bpZElxR.exe
  C:\Windows\System\bpZElxR.exe
  2⤵
  PID:2816
- C:\Windows\System\SfbnbCq.exe
  C:\Windows\System\SfbnbCq.exe
  2⤵
  PID:1032
- C:\Windows\System\mHIbbEl.exe
  C:\Windows\System\mHIbbEl.exe
  2⤵
  PID:2520
- C:\Windows\System\hULRgxp.exe
  C:\Windows\System\hULRgxp.exe
  2⤵
  PID:1940
- C:\Windows\System\PpjnJnS.exe
  C:\Windows\System\PpjnJnS.exe
  2⤵
  PID:3036
- C:\Windows\System\VdONuNI.exe
  C:\Windows\System\VdONuNI.exe
  2⤵
  PID:4596
- C:\Windows\System\xcVwsDT.exe
  C:\Windows\System\xcVwsDT.exe
  2⤵
  PID:1332
- C:\Windows\System\vymMsjq.exe
  C:\Windows\System\vymMsjq.exe
  2⤵
  PID:2104
- C:\Windows\System\ecgsOvG.exe
  C:\Windows\System\ecgsOvG.exe
  2⤵
  PID:4188
- C:\Windows\System\rdScvwu.exe
  C:\Windows\System\rdScvwu.exe
  2⤵
  PID:740
- C:\Windows\System\vEBIWZQ.exe
  C:\Windows\System\vEBIWZQ.exe
  2⤵
  PID:4544
- C:\Windows\System\dwttWrU.exe
  C:\Windows\System\dwttWrU.exe
  2⤵
  PID:3876
- C:\Windows\System\hZlbvxp.exe
  C:\Windows\System\hZlbvxp.exe
  2⤵
  PID:4500
- C:\Windows\System\neppjDI.exe
  C:\Windows\System\neppjDI.exe
  2⤵
  PID:5040
- C:\Windows\System\gvHexFC.exe
  C:\Windows\System\gvHexFC.exe
  2⤵
  PID:4428
- C:\Windows\System\eCurUYW.exe
  C:\Windows\System\eCurUYW.exe
  2⤵
  PID:2968
- C:\Windows\System\ComGmds.exe
  C:\Windows\System\ComGmds.exe
  2⤵
  PID:1780
- C:\Windows\System\UJwIGEs.exe
  C:\Windows\System\UJwIGEs.exe
  2⤵
  PID:2152
- C:\Windows\System\HuZcgnh.exe
  C:\Windows\System\HuZcgnh.exe
  2⤵
  PID:3508
- C:\Windows\System\cWoLbxM.exe
  C:\Windows\System\cWoLbxM.exe
  2⤵
  PID:1068
- C:\Windows\System\ctNtHdF.exe
  C:\Windows\System\ctNtHdF.exe
  2⤵
  PID:1864
- C:\Windows\System\Njltqqa.exe
  C:\Windows\System\Njltqqa.exe
  2⤵
  PID:5128
- C:\Windows\System\ePjUjYN.exe
  C:\Windows\System\ePjUjYN.exe
  2⤵
  PID:5148
- C:\Windows\System\Bltcngd.exe
  C:\Windows\System\Bltcngd.exe
  2⤵
  PID:5164
- C:\Windows\System\LySAUGI.exe
  C:\Windows\System\LySAUGI.exe
  2⤵
  PID:5192
- C:\Windows\System\lSPLZOv.exe
  C:\Windows\System\lSPLZOv.exe
  2⤵
  PID:5228
- C:\Windows\System\hHXRdAM.exe
  C:\Windows\System\hHXRdAM.exe
  2⤵
  PID:5276
- C:\Windows\System\ZIIACei.exe
  C:\Windows\System\ZIIACei.exe
  2⤵
  PID:5320
- C:\Windows\System\nRaDcnB.exe
  C:\Windows\System\nRaDcnB.exe
  2⤵
  PID:5356
- C:\Windows\System\LDiXGNg.exe
  C:\Windows\System\LDiXGNg.exe
  2⤵
  PID:5388
- C:\Windows\System\GZlNTSC.exe
  C:\Windows\System\GZlNTSC.exe
  2⤵
  PID:5420
- C:\Windows\System\vMIJSiP.exe
  C:\Windows\System\vMIJSiP.exe
  2⤵
  PID:5436
- C:\Windows\System\GMpsrTh.exe
  C:\Windows\System\GMpsrTh.exe
  2⤵
  PID:5476
- C:\Windows\System\ItAsooR.exe
  C:\Windows\System\ItAsooR.exe
  2⤵
  PID:5492
- C:\Windows\System\ihNHHkg.exe
  C:\Windows\System\ihNHHkg.exe
  2⤵
  PID:5508
- C:\Windows\System\fcKriiH.exe
  C:\Windows\System\fcKriiH.exe
  2⤵
  PID:5540
- C:\Windows\System\lXnJyrS.exe
  C:\Windows\System\lXnJyrS.exe
  2⤵
  PID:5568
- C:\Windows\System\nNrGdBg.exe
  C:\Windows\System\nNrGdBg.exe
  2⤵
  PID:5596
- C:\Windows\System\JncWDzd.exe
  C:\Windows\System\JncWDzd.exe
  2⤵
  PID:5624
- C:\Windows\System\uwrVCtY.exe
  C:\Windows\System\uwrVCtY.exe
  2⤵
  PID:5640
- C:\Windows\System\KkFQOnQ.exe
  C:\Windows\System\KkFQOnQ.exe
  2⤵
  PID:5668
- C:\Windows\System\MehiwxB.exe
  C:\Windows\System\MehiwxB.exe
  2⤵
  PID:5696
- C:\Windows\System\kPunxZj.exe
  C:\Windows\System\kPunxZj.exe
  2⤵
  PID:5720
- C:\Windows\System\HhsYkKN.exe
  C:\Windows\System\HhsYkKN.exe
  2⤵
  PID:5760
- C:\Windows\System\fcMYIpX.exe
  C:\Windows\System\fcMYIpX.exe
  2⤵
  PID:5788
- C:\Windows\System\IRwJThK.exe
  C:\Windows\System\IRwJThK.exe
  2⤵
  PID:5824
- C:\Windows\System\pRSERNS.exe
  C:\Windows\System\pRSERNS.exe
  2⤵
  PID:5860
- C:\Windows\System\qgJQjSV.exe
  C:\Windows\System\qgJQjSV.exe
  2⤵
  PID:5880
- C:\Windows\System\xnfQqbI.exe
  C:\Windows\System\xnfQqbI.exe
  2⤵
  PID:5904
- C:\Windows\System\vGLGTSl.exe
  C:\Windows\System\vGLGTSl.exe
  2⤵
  PID:5940
- C:\Windows\System\EgKMncB.exe
  C:\Windows\System\EgKMncB.exe
  2⤵
  PID:5972
- C:\Windows\System\NemTerV.exe
  C:\Windows\System\NemTerV.exe
  2⤵
  PID:6000
- C:\Windows\System\PIAsfVQ.exe
  C:\Windows\System\PIAsfVQ.exe
  2⤵
  PID:6040
- C:\Windows\System\YzQenQp.exe
  C:\Windows\System\YzQenQp.exe
  2⤵
  PID:6068
- C:\Windows\System\nsNsOlC.exe
  C:\Windows\System\nsNsOlC.exe
  2⤵
  PID:6084
- C:\Windows\System\uEbFqxs.exe
  C:\Windows\System\uEbFqxs.exe
  2⤵
  PID:6112
- C:\Windows\System\Kiqadby.exe
  C:\Windows\System\Kiqadby.exe
  2⤵
  PID:2320
- C:\Windows\System\xPGpDfa.exe
  C:\Windows\System\xPGpDfa.exe
  2⤵
  PID:4344
- C:\Windows\System\JOxfNhx.exe
  C:\Windows\System\JOxfNhx.exe
  2⤵
  PID:5136
- C:\Windows\System\GEXDSFn.exe
  C:\Windows\System\GEXDSFn.exe
  2⤵
  PID:5212
- C:\Windows\System\PUJrxJX.exe
  C:\Windows\System\PUJrxJX.exe
  2⤵
  PID:5364
- C:\Windows\System\rkvdDOE.exe
  C:\Windows\System\rkvdDOE.exe
  2⤵
  PID:5404
- C:\Windows\System\vTBfzUk.exe
  C:\Windows\System\vTBfzUk.exe
  2⤵
  PID:5464
- C:\Windows\System\oMuXwra.exe
  C:\Windows\System\oMuXwra.exe
  2⤵
  PID:5524
- C:\Windows\System\yfcCCAL.exe
  C:\Windows\System\yfcCCAL.exe
  2⤵
  PID:5592
- C:\Windows\System\YtYhoRb.exe
  C:\Windows\System\YtYhoRb.exe
  2⤵
  PID:5656
- C:\Windows\System\LCxLoxT.exe
  C:\Windows\System\LCxLoxT.exe
  2⤵
  PID:5744
- C:\Windows\System\HpHbSoB.exe
  C:\Windows\System\HpHbSoB.exe
  2⤵
  PID:5820
- C:\Windows\System\mQXbuOt.exe
  C:\Windows\System\mQXbuOt.exe
  2⤵
  PID:5856
- C:\Windows\System\dtbbHXF.exe
  C:\Windows\System\dtbbHXF.exe
  2⤵
  PID:5868
- C:\Windows\System\LnTeBnk.exe
  C:\Windows\System\LnTeBnk.exe
  2⤵
  PID:5992
- C:\Windows\System\PAzgXBZ.exe
  C:\Windows\System\PAzgXBZ.exe
  2⤵
  PID:6052
- C:\Windows\System\MSFpdvW.exe
  C:\Windows\System\MSFpdvW.exe
  2⤵
  PID:6140
- C:\Windows\System\CseAmub.exe
  C:\Windows\System\CseAmub.exe
  2⤵
  PID:5224
- C:\Windows\System\ptUMpBA.exe
  C:\Windows\System\ptUMpBA.exe
  2⤵
  PID:5340
- C:\Windows\System\kEgGiRf.exe
  C:\Windows\System\kEgGiRf.exe
  2⤵
  PID:5488
- C:\Windows\System\uUYuVqT.exe
  C:\Windows\System\uUYuVqT.exe
  2⤵
  PID:5688
- C:\Windows\System\eLlzIgM.exe
  C:\Windows\System\eLlzIgM.exe
  2⤵
  PID:5876
- C:\Windows\System\SyoMsXV.exe
  C:\Windows\System\SyoMsXV.exe
  2⤵
  PID:6080
- C:\Windows\System\xCQsNrR.exe
  C:\Windows\System\xCQsNrR.exe
  2⤵
  PID:1868
- C:\Windows\System\TEpxyXB.exe
  C:\Windows\System\TEpxyXB.exe
  2⤵
  PID:5556
- C:\Windows\System\vHLrRCA.exe
  C:\Windows\System\vHLrRCA.exe
  2⤵
  PID:5836
- C:\Windows\System\BPUCiYW.exe
  C:\Windows\System\BPUCiYW.exe
  2⤵
  PID:5336
- C:\Windows\System\mSwbxAZ.exe
  C:\Windows\System\mSwbxAZ.exe
  2⤵
  PID:6152
- C:\Windows\System\jdimdUV.exe
  C:\Windows\System\jdimdUV.exe
  2⤵
  PID:6184
- C:\Windows\System\TlNOVWm.exe
  C:\Windows\System\TlNOVWm.exe
  2⤵
  PID:6208
- C:\Windows\System\NuoLCkY.exe
  C:\Windows\System\NuoLCkY.exe
  2⤵
  PID:6232
- C:\Windows\System\XPzYFxN.exe
  C:\Windows\System\XPzYFxN.exe
  2⤵
  PID:6260
- C:\Windows\System\UGfkfCp.exe
  C:\Windows\System\UGfkfCp.exe
  2⤵
  PID:6300
- C:\Windows\System\Yddvxiq.exe
  C:\Windows\System\Yddvxiq.exe
  2⤵
  PID:6320
- C:\Windows\System\rdCjxEt.exe
  C:\Windows\System\rdCjxEt.exe
  2⤵
  PID:6348
- C:\Windows\System\EQQojHH.exe
  C:\Windows\System\EQQojHH.exe
  2⤵
  PID:6376
- C:\Windows\System\lCnjzwa.exe
  C:\Windows\System\lCnjzwa.exe
  2⤵
  PID:6404
- C:\Windows\System\yagPoOG.exe
  C:\Windows\System\yagPoOG.exe
  2⤵
  PID:6432
- C:\Windows\System\XDXTWWz.exe
  C:\Windows\System\XDXTWWz.exe
  2⤵
  PID:6452
- C:\Windows\System\aGyrXsT.exe
  C:\Windows\System\aGyrXsT.exe
  2⤵
  PID:6488
- C:\Windows\System\XfNvkAg.exe
  C:\Windows\System\XfNvkAg.exe
  2⤵
  PID:6532
- C:\Windows\System\rmXxyzu.exe
  C:\Windows\System\rmXxyzu.exe
  2⤵
  PID:6564
- C:\Windows\System\mOomMAu.exe
  C:\Windows\System\mOomMAu.exe
  2⤵
  PID:6592
- C:\Windows\System\aMAclJr.exe
  C:\Windows\System\aMAclJr.exe
  2⤵
  PID:6620
- C:\Windows\System\haPSGYS.exe
  C:\Windows\System\haPSGYS.exe
  2⤵
  PID:6640
- C:\Windows\System\hMbkoQS.exe
  C:\Windows\System\hMbkoQS.exe
  2⤵
  PID:6664
- C:\Windows\System\TYBDKLa.exe
  C:\Windows\System\TYBDKLa.exe
  2⤵
  PID:6692
- C:\Windows\System\ZPufuHi.exe
  C:\Windows\System\ZPufuHi.exe
  2⤵
  PID:6724
- C:\Windows\System\IlxgePf.exe
  C:\Windows\System\IlxgePf.exe
  2⤵
  PID:6760
- C:\Windows\System\hLGHTxk.exe
  C:\Windows\System\hLGHTxk.exe
  2⤵
  PID:6788
- C:\Windows\System\TpYIjqE.exe
  C:\Windows\System\TpYIjqE.exe
  2⤵
  PID:6804
- C:\Windows\System\QOsWcui.exe
  C:\Windows\System\QOsWcui.exe
  2⤵
  PID:6832
- C:\Windows\System\gCctOiF.exe
  C:\Windows\System\gCctOiF.exe
  2⤵
  PID:6852
- C:\Windows\System\eAxFAVt.exe
  C:\Windows\System\eAxFAVt.exe
  2⤵
  PID:6888
- C:\Windows\System\ApIAIZH.exe
  C:\Windows\System\ApIAIZH.exe
  2⤵
  PID:6916
- C:\Windows\System\edyRmGZ.exe
  C:\Windows\System\edyRmGZ.exe
  2⤵
  PID:6956
- C:\Windows\System\xHPwSIL.exe
  C:\Windows\System\xHPwSIL.exe
  2⤵
  PID:6984
- C:\Windows\System\nMtcnEF.exe
  C:\Windows\System\nMtcnEF.exe
  2⤵
  PID:7008
- C:\Windows\System\OHnNFkB.exe
  C:\Windows\System\OHnNFkB.exe
  2⤵
  PID:7032
- C:\Windows\System\LRVvBaO.exe
  C:\Windows\System\LRVvBaO.exe
  2⤵
  PID:7048
- C:\Windows\System\LIxaDtF.exe
  C:\Windows\System\LIxaDtF.exe
  2⤵
  PID:7068
- C:\Windows\System\fRccAgu.exe
  C:\Windows\System\fRccAgu.exe
  2⤵
  PID:7088
- C:\Windows\System\qmgSuth.exe
  C:\Windows\System\qmgSuth.exe
  2⤵
  PID:7112
- C:\Windows\System\IDvURJm.exe
  C:\Windows\System\IDvURJm.exe
  2⤵
  PID:7140
- C:\Windows\System\HNupFPS.exe
  C:\Windows\System\HNupFPS.exe
  2⤵
  PID:7160
- C:\Windows\System\uvUWrpP.exe
  C:\Windows\System\uvUWrpP.exe
  2⤵
  PID:6176
- C:\Windows\System\gwAKXCP.exe
  C:\Windows\System\gwAKXCP.exe
  2⤵
  PID:6244
- C:\Windows\System\bMgNHYK.exe
  C:\Windows\System\bMgNHYK.exe
  2⤵
  PID:6308
- C:\Windows\System\VkDnotb.exe
  C:\Windows\System\VkDnotb.exe
  2⤵
  PID:6336
- C:\Windows\System\FJqbmWJ.exe
  C:\Windows\System\FJqbmWJ.exe
  2⤵
  PID:6392
- C:\Windows\System\zGkauGH.exe
  C:\Windows\System\zGkauGH.exe
  2⤵
  PID:6468
- C:\Windows\System\gFMNvOL.exe
  C:\Windows\System\gFMNvOL.exe
  2⤵
  PID:6524
- C:\Windows\System\NbxmSzo.exe
  C:\Windows\System\NbxmSzo.exe
  2⤵
  PID:6628
- C:\Windows\System\vlejPpo.exe
  C:\Windows\System\vlejPpo.exe
  2⤵
  PID:6704
- C:\Windows\System\fBepmQs.exe
  C:\Windows\System\fBepmQs.exe
  2⤵
  PID:6776
- C:\Windows\System\CsILnCt.exe
  C:\Windows\System\CsILnCt.exe
  2⤵
  PID:6848
- C:\Windows\System\vUKUwQO.exe
  C:\Windows\System\vUKUwQO.exe
  2⤵
  PID:6928
- C:\Windows\System\MoYKYDT.exe
  C:\Windows\System\MoYKYDT.exe
  2⤵
  PID:7084
- C:\Windows\System\VLGuhLQ.exe
  C:\Windows\System\VLGuhLQ.exe
  2⤵
  PID:7080
- C:\Windows\System\hqsZHmS.exe
  C:\Windows\System\hqsZHmS.exe
  2⤵
  PID:7124
- C:\Windows\System\WlQRmuo.exe
  C:\Windows\System\WlQRmuo.exe
  2⤵
  PID:5160
- C:\Windows\System\WigfxUM.exe
  C:\Windows\System\WigfxUM.exe
  2⤵
  PID:6712
- C:\Windows\System\aqSiaQe.exe
  C:\Windows\System\aqSiaQe.exe
  2⤵
  PID:6752
- C:\Windows\System\ryMamoy.exe
  C:\Windows\System\ryMamoy.exe
  2⤵
  PID:7016
- C:\Windows\System\eUWxkdE.exe
  C:\Windows\System\eUWxkdE.exe
  2⤵
  PID:6276
- C:\Windows\System\PoUGSbl.exe
  C:\Windows\System\PoUGSbl.exe
  2⤵
  PID:6228
- C:\Windows\System\IMmVKVQ.exe
  C:\Windows\System\IMmVKVQ.exe
  2⤵
  PID:6912
- C:\Windows\System\efBaKna.exe
  C:\Windows\System\efBaKna.exe
  2⤵
  PID:6656
- C:\Windows\System\lOBHRSS.exe
  C:\Windows\System\lOBHRSS.exe
  2⤵
  PID:6684
- C:\Windows\System\jActNtc.exe
  C:\Windows\System\jActNtc.exe
  2⤵
  PID:7196
- C:\Windows\System\CQuOlsJ.exe
  C:\Windows\System\CQuOlsJ.exe
  2⤵
  PID:7224
- C:\Windows\System\ArGSurV.exe
  C:\Windows\System\ArGSurV.exe
  2⤵
  PID:7260
- C:\Windows\System\ElSYraj.exe
  C:\Windows\System\ElSYraj.exe
  2⤵
  PID:7296
- C:\Windows\System\ooYUJbg.exe
  C:\Windows\System\ooYUJbg.exe
  2⤵
  PID:7320
- C:\Windows\System\IHqMjvD.exe
  C:\Windows\System\IHqMjvD.exe
  2⤵
  PID:7356
- C:\Windows\System\oBgBdcK.exe
  C:\Windows\System\oBgBdcK.exe
  2⤵
  PID:7388
- C:\Windows\System\aEyPYfI.exe
  C:\Windows\System\aEyPYfI.exe
  2⤵
  PID:7416
- C:\Windows\System\wOMxkup.exe
  C:\Windows\System\wOMxkup.exe
  2⤵
  PID:7440
- C:\Windows\System\YwFyBuY.exe
  C:\Windows\System\YwFyBuY.exe
  2⤵
  PID:7460
- C:\Windows\System\nZWjvTg.exe
  C:\Windows\System\nZWjvTg.exe
  2⤵
  PID:7488
- C:\Windows\System\iEvNDgo.exe
  C:\Windows\System\iEvNDgo.exe
  2⤵
  PID:7504
- C:\Windows\System\IJZVvyW.exe
  C:\Windows\System\IJZVvyW.exe
  2⤵
  PID:7544
- C:\Windows\System\qsGgdfs.exe
  C:\Windows\System\qsGgdfs.exe
  2⤵
  PID:7584
- C:\Windows\System\TXkqMIq.exe
  C:\Windows\System\TXkqMIq.exe
  2⤵
  PID:7600
- C:\Windows\System\VUTZfVT.exe
  C:\Windows\System\VUTZfVT.exe
  2⤵
  PID:7628
- C:\Windows\System\ChVKCCr.exe
  C:\Windows\System\ChVKCCr.exe
  2⤵
  PID:7656
- C:\Windows\System\eXnGyuh.exe
  C:\Windows\System\eXnGyuh.exe
  2⤵
  PID:7696
- C:\Windows\System\VqwUbPC.exe
  C:\Windows\System\VqwUbPC.exe
  2⤵
  PID:7724
- C:\Windows\System\shOfGSj.exe
  C:\Windows\System\shOfGSj.exe
  2⤵
  PID:7744
- C:\Windows\System\eEkIYxN.exe
  C:\Windows\System\eEkIYxN.exe
  2⤵
  PID:7764
- C:\Windows\System\lkTPngW.exe
  C:\Windows\System\lkTPngW.exe
  2⤵
  PID:7784
- C:\Windows\System\DrlmSOK.exe
  C:\Windows\System\DrlmSOK.exe
  2⤵
  PID:7816
- C:\Windows\System\njuQlmm.exe
  C:\Windows\System\njuQlmm.exe
  2⤵
  PID:7848
- C:\Windows\System\jiAzclD.exe
  C:\Windows\System\jiAzclD.exe
  2⤵
  PID:7880
- C:\Windows\System\lWVeCeW.exe
  C:\Windows\System\lWVeCeW.exe
  2⤵
  PID:7912
- C:\Windows\System\GtVMDnb.exe
  C:\Windows\System\GtVMDnb.exe
  2⤵
  PID:7940
- C:\Windows\System\vHFjBUo.exe
  C:\Windows\System\vHFjBUo.exe
  2⤵
  PID:7976
- C:\Windows\System\ijuCOvV.exe
  C:\Windows\System\ijuCOvV.exe
  2⤵
  PID:7992
- C:\Windows\System\lLOLJhw.exe
  C:\Windows\System\lLOLJhw.exe
  2⤵
  PID:8032
- C:\Windows\System\RtXDdnr.exe
  C:\Windows\System\RtXDdnr.exe
  2⤵
  PID:8056
- C:\Windows\System\xGsIoBq.exe
  C:\Windows\System\xGsIoBq.exe
  2⤵
  PID:8080
- C:\Windows\System\TrMKdLl.exe
  C:\Windows\System\TrMKdLl.exe
  2⤵
  PID:8104
- C:\Windows\System\KePTIjG.exe
  C:\Windows\System\KePTIjG.exe
  2⤵
  PID:8128
- C:\Windows\System\pFZCTOj.exe
  C:\Windows\System\pFZCTOj.exe
  2⤵
  PID:8156
- C:\Windows\System\FIZRsTw.exe
  C:\Windows\System\FIZRsTw.exe
  2⤵
  PID:8188
- C:\Windows\System\WoPbGvg.exe
  C:\Windows\System\WoPbGvg.exe
  2⤵
  PID:7208
- C:\Windows\System\mjtDlQk.exe
  C:\Windows\System\mjtDlQk.exe
  2⤵
  PID:7284
- C:\Windows\System\onynwze.exe
  C:\Windows\System\onynwze.exe
  2⤵
  PID:7308
- C:\Windows\System\RagwnwB.exe
  C:\Windows\System\RagwnwB.exe
  2⤵
  PID:7380
- C:\Windows\System\IFwzJjg.exe
  C:\Windows\System\IFwzJjg.exe
  2⤵
  PID:7428
- C:\Windows\System\mbSlCJH.exe
  C:\Windows\System\mbSlCJH.exe
  2⤵
  PID:7524
- C:\Windows\System\NrTiqGd.exe
  C:\Windows\System\NrTiqGd.exe
  2⤵
  PID:7592
- C:\Windows\System\RLeHtId.exe
  C:\Windows\System\RLeHtId.exe
  2⤵
  PID:7668
- C:\Windows\System\iGlzhxU.exe
  C:\Windows\System\iGlzhxU.exe
  2⤵
  PID:7684
- C:\Windows\System\rMgZIUS.exe
  C:\Windows\System\rMgZIUS.exe
  2⤵
  PID:7732
- C:\Windows\System\uDmxWby.exe
  C:\Windows\System\uDmxWby.exe
  2⤵
  PID:7752
- C:\Windows\System\OWslRqd.exe
  C:\Windows\System\OWslRqd.exe
  2⤵
  PID:7844
- C:\Windows\System\fnGXYIF.exe
  C:\Windows\System\fnGXYIF.exe
  2⤵
  PID:7900
- C:\Windows\System\uEyrUNB.exe
  C:\Windows\System\uEyrUNB.exe
  2⤵
  PID:8016
- C:\Windows\System\yZHHWUc.exe
  C:\Windows\System\yZHHWUc.exe
  2⤵
  PID:8096
- C:\Windows\System\zbtnLcJ.exe
  C:\Windows\System\zbtnLcJ.exe
  2⤵
  PID:8120
- C:\Windows\System\OboWqFb.exe
  C:\Windows\System\OboWqFb.exe
  2⤵
  PID:7188
- C:\Windows\System\MKAKPUA.exe
  C:\Windows\System\MKAKPUA.exe
  2⤵
  PID:7376
- C:\Windows\System\eARjYFh.exe
  C:\Windows\System\eARjYFh.exe
  2⤵
  PID:7480
- C:\Windows\System\VrQwSqn.exe
  C:\Windows\System\VrQwSqn.exe
  2⤵
  PID:7532
- C:\Windows\System\CqrhhGE.exe
  C:\Windows\System\CqrhhGE.exe
  2⤵
  PID:7620
- C:\Windows\System\xwfxLol.exe
  C:\Windows\System\xwfxLol.exe
  2⤵
  PID:7740
- C:\Windows\System\rDSMYXs.exe
  C:\Windows\System\rDSMYXs.exe
  2⤵
  PID:7872
- C:\Windows\System\IgEyvyJ.exe
  C:\Windows\System\IgEyvyJ.exe
  2⤵
  PID:7948
- C:\Windows\System\PNbyJUo.exe
  C:\Windows\System\PNbyJUo.exe
  2⤵
  PID:7312
- C:\Windows\System\TfqduML.exe
  C:\Windows\System\TfqduML.exe
  2⤵
  PID:7908
- C:\Windows\System\SfBtIas.exe
  C:\Windows\System\SfBtIas.exe
  2⤵
  PID:8088
- C:\Windows\System\klncjVL.exe
  C:\Windows\System\klncjVL.exe
  2⤵
  PID:7412
- C:\Windows\System\YniKdLb.exe
  C:\Windows\System\YniKdLb.exe
  2⤵
  PID:1104
- C:\Windows\System\WRNGMSh.exe
  C:\Windows\System\WRNGMSh.exe
  2⤵
  PID:8200
- C:\Windows\System\XrJNpXC.exe
  C:\Windows\System\XrJNpXC.exe
  2⤵
  PID:8228
- C:\Windows\System\jOuAaRj.exe
  C:\Windows\System\jOuAaRj.exe
  2⤵
  PID:8256
- C:\Windows\System\gaogVPv.exe
  C:\Windows\System\gaogVPv.exe
  2⤵
  PID:8284
- C:\Windows\System\kSttHba.exe
  C:\Windows\System\kSttHba.exe
  2⤵
  PID:8312
- C:\Windows\System\YfAXwBN.exe
  C:\Windows\System\YfAXwBN.exe
  2⤵
  PID:8328
- C:\Windows\System\AYLBfTQ.exe
  C:\Windows\System\AYLBfTQ.exe
  2⤵
  PID:8364
- C:\Windows\System\cGpTpqT.exe
  C:\Windows\System\cGpTpqT.exe
  2⤵
  PID:8396
- C:\Windows\System\zqviKmV.exe
  C:\Windows\System\zqviKmV.exe
  2⤵
  PID:8424
- C:\Windows\System\klJqGow.exe
  C:\Windows\System\klJqGow.exe
  2⤵
  PID:8452
- C:\Windows\System\NWLYUSw.exe
  C:\Windows\System\NWLYUSw.exe
  2⤵
  PID:8480
- C:\Windows\System\cYSLLQH.exe
  C:\Windows\System\cYSLLQH.exe
  2⤵
  PID:8500
- C:\Windows\System\QXPISHV.exe
  C:\Windows\System\QXPISHV.exe
  2⤵
  PID:8528
- C:\Windows\System\apyKCbZ.exe
  C:\Windows\System\apyKCbZ.exe
  2⤵
  PID:8564
- C:\Windows\System\YMzGhSK.exe
  C:\Windows\System\YMzGhSK.exe
  2⤵
  PID:8580
- C:\Windows\System\iXkeVhr.exe
  C:\Windows\System\iXkeVhr.exe
  2⤵
  PID:8608
- C:\Windows\System\cQpLYWF.exe
  C:\Windows\System\cQpLYWF.exe
  2⤵
  PID:8636
- C:\Windows\System\FGqIghS.exe
  C:\Windows\System\FGqIghS.exe
  2⤵
  PID:8664
- C:\Windows\System\lhxifjC.exe
  C:\Windows\System\lhxifjC.exe
  2⤵
  PID:8684
- C:\Windows\System\EbgcMMV.exe
  C:\Windows\System\EbgcMMV.exe
  2⤵
  PID:8720
- C:\Windows\System\NCviWwd.exe
  C:\Windows\System\NCviWwd.exe
  2⤵
  PID:8748
- C:\Windows\System\fTcHLgX.exe
  C:\Windows\System\fTcHLgX.exe
  2⤵
  PID:8776
- C:\Windows\System\uQFDSaE.exe
  C:\Windows\System\uQFDSaE.exe
  2⤵
  PID:8816
- C:\Windows\System\WCdzspF.exe
  C:\Windows\System\WCdzspF.exe
  2⤵
  PID:8840
- C:\Windows\System\GLvulca.exe
  C:\Windows\System\GLvulca.exe
  2⤵
  PID:8860
- C:\Windows\System\oKDEMLv.exe
  C:\Windows\System\oKDEMLv.exe
  2⤵
  PID:8904
- C:\Windows\System\phVyJsE.exe
  C:\Windows\System\phVyJsE.exe
  2⤵
  PID:8932
- C:\Windows\System\hajBNHW.exe
  C:\Windows\System\hajBNHW.exe
  2⤵
  PID:8996
- C:\Windows\System\OPPJhRl.exe
  C:\Windows\System\OPPJhRl.exe
  2⤵
  PID:9012
- C:\Windows\System\aSXHiXW.exe
  C:\Windows\System\aSXHiXW.exe
  2⤵
  PID:9040
- C:\Windows\System\urvXJql.exe
  C:\Windows\System\urvXJql.exe
  2⤵
  PID:9072
- C:\Windows\System\wBKCJBE.exe
  C:\Windows\System\wBKCJBE.exe
  2⤵
  PID:9092
- C:\Windows\System\xtHTsEN.exe
  C:\Windows\System\xtHTsEN.exe
  2⤵
  PID:9120
- C:\Windows\System\wULcXdD.exe
  C:\Windows\System\wULcXdD.exe
  2⤵
  PID:9156
- C:\Windows\System\yRZttTh.exe
  C:\Windows\System\yRZttTh.exe
  2⤵
  PID:9172
- C:\Windows\System\GuurFII.exe
  C:\Windows\System\GuurFII.exe
  2⤵
  PID:9208
- C:\Windows\System\CRnHiQW.exe
  C:\Windows\System\CRnHiQW.exe
  2⤵
  PID:8212
- C:\Windows\System\vnQgcHc.exe
  C:\Windows\System\vnQgcHc.exe
  2⤵
  PID:8276
- C:\Windows\System\ombBwpA.exe
  C:\Windows\System\ombBwpA.exe
  2⤵
  PID:8372
- C:\Windows\System\rNCmeNE.exe
  C:\Windows\System\rNCmeNE.exe
  2⤵
  PID:8444
- C:\Windows\System\eJReGqE.exe
  C:\Windows\System\eJReGqE.exe
  2⤵
  PID:8508
- C:\Windows\System\bIzDoxT.exe
  C:\Windows\System\bIzDoxT.exe
  2⤵
  PID:8620
- C:\Windows\System\nXYNmpg.exe
  C:\Windows\System\nXYNmpg.exe
  2⤵
  PID:8652
- C:\Windows\System\ODLcxmw.exe
  C:\Windows\System\ODLcxmw.exe
  2⤵
  PID:8736
- C:\Windows\System\BEaaUvE.exe
  C:\Windows\System\BEaaUvE.exe
  2⤵
  PID:8812
- C:\Windows\System\LhzNTef.exe
  C:\Windows\System\LhzNTef.exe
  2⤵
  PID:8852
- C:\Windows\System\vqUknhx.exe
  C:\Windows\System\vqUknhx.exe
  2⤵
  PID:8968
- C:\Windows\System\fccSBvR.exe
  C:\Windows\System\fccSBvR.exe
  2⤵
  PID:1236
- C:\Windows\System\gXiLbtt.exe
  C:\Windows\System\gXiLbtt.exe
  2⤵
  PID:4976
- C:\Windows\System\bFwGQnD.exe
  C:\Windows\System\bFwGQnD.exe
  2⤵
  PID:9024
- C:\Windows\System\ivQmSNQ.exe
  C:\Windows\System\ivQmSNQ.exe
  2⤵
  PID:9112
- C:\Windows\System\yHMTZCk.exe
  C:\Windows\System\yHMTZCk.exe
  2⤵
  PID:9132
- C:\Windows\System\bbzxwJn.exe
  C:\Windows\System\bbzxwJn.exe
  2⤵
  PID:9164
- C:\Windows\System\pueWFVB.exe
  C:\Windows\System\pueWFVB.exe
  2⤵
  PID:8380
- C:\Windows\System\RbanJql.exe
  C:\Windows\System\RbanJql.exe
  2⤵
  PID:8488
- C:\Windows\System\PDJapIU.exe
  C:\Windows\System\PDJapIU.exe
  2⤵
  PID:8708
- C:\Windows\System\HBoZQXG.exe
  C:\Windows\System\HBoZQXG.exe
  2⤵
  PID:8800
- C:\Windows\System\IldmsZL.exe
  C:\Windows\System\IldmsZL.exe
  2⤵
  PID:8892
- C:\Windows\System\GYSkPph.exe
  C:\Windows\System\GYSkPph.exe
  2⤵
  PID:1508
- C:\Windows\System\hPtTgQY.exe
  C:\Windows\System\hPtTgQY.exe
  2⤵
  PID:9056
- C:\Windows\System\eUbJJux.exe
  C:\Windows\System\eUbJJux.exe
  2⤵
  PID:8320
- C:\Windows\System\JkBherI.exe
  C:\Windows\System\JkBherI.exe
  2⤵
  PID:8772
- C:\Windows\System\PzvZvAP.exe
  C:\Windows\System\PzvZvAP.exe
  2⤵
  PID:2576
- C:\Windows\System\pHiaLtL.exe
  C:\Windows\System\pHiaLtL.exe
  2⤵
  PID:9068
- C:\Windows\System\ECycMWf.exe
  C:\Windows\System\ECycMWf.exe
  2⤵
  PID:9228
- C:\Windows\System\GteDumW.exe
  C:\Windows\System\GteDumW.exe
  2⤵
  PID:9264
- C:\Windows\System\eWuhRig.exe
  C:\Windows\System\eWuhRig.exe
  2⤵
  PID:9288
- C:\Windows\System\BhekqVQ.exe
  C:\Windows\System\BhekqVQ.exe
  2⤵
  PID:9312
- C:\Windows\System\VvrQeTp.exe
  C:\Windows\System\VvrQeTp.exe
  2⤵
  PID:9352
- C:\Windows\System\qVdzRJd.exe
  C:\Windows\System\qVdzRJd.exe
  2⤵
  PID:9376
- C:\Windows\System\PPJeVcL.exe
  C:\Windows\System\PPJeVcL.exe
  2⤵
  PID:9416
- C:\Windows\System\tnAwmGF.exe
  C:\Windows\System\tnAwmGF.exe
  2⤵
  PID:9436
- C:\Windows\System\cclrwRr.exe
  C:\Windows\System\cclrwRr.exe
  2⤵
  PID:9464
- C:\Windows\System\AvawzxQ.exe
  C:\Windows\System\AvawzxQ.exe
  2⤵
  PID:9480
- C:\Windows\System\TAzUdeq.exe
  C:\Windows\System\TAzUdeq.exe
  2⤵
  PID:9500
- C:\Windows\System\ncCKvAG.exe
  C:\Windows\System\ncCKvAG.exe
  2⤵
  PID:9544
- C:\Windows\System\EkeTmXh.exe
  C:\Windows\System\EkeTmXh.exe
  2⤵
  PID:9564
- C:\Windows\System\cvDHlHb.exe
  C:\Windows\System\cvDHlHb.exe
  2⤵
  PID:9600
- C:\Windows\System\zFMrqjs.exe
  C:\Windows\System\zFMrqjs.exe
  2⤵
  PID:9632
- C:\Windows\System\eiYtjdf.exe
  C:\Windows\System\eiYtjdf.exe
  2⤵
  PID:9660
- C:\Windows\System\BqDJfdc.exe
  C:\Windows\System\BqDJfdc.exe
  2⤵
  PID:9696
- C:\Windows\System\iVlWHMg.exe
  C:\Windows\System\iVlWHMg.exe
  2⤵
  PID:9716
- C:\Windows\System\JtfmIuv.exe
  C:\Windows\System\JtfmIuv.exe
  2⤵
  PID:9744
- C:\Windows\System\qbTaVyU.exe
  C:\Windows\System\qbTaVyU.exe
  2⤵
  PID:9772
- C:\Windows\System\ouRFdBB.exe
  C:\Windows\System\ouRFdBB.exe
  2⤵
  PID:9808
- C:\Windows\System\ZHuIZYG.exe
  C:\Windows\System\ZHuIZYG.exe
  2⤵
  PID:9840
- C:\Windows\System\GzmFuaC.exe
  C:\Windows\System\GzmFuaC.exe
  2⤵
  PID:9868
- C:\Windows\System\JFbJfFD.exe
  C:\Windows\System\JFbJfFD.exe
  2⤵
  PID:9896
- C:\Windows\System\JtcKpwM.exe
  C:\Windows\System\JtcKpwM.exe
  2⤵
  PID:9924
- C:\Windows\System\bqoMMMX.exe
  C:\Windows\System\bqoMMMX.exe
  2⤵
  PID:9944
- C:\Windows\System\evxDKKv.exe
  C:\Windows\System\evxDKKv.exe
  2⤵
  PID:9968
- C:\Windows\System\fOntZOi.exe
  C:\Windows\System\fOntZOi.exe
  2⤵
  PID:9996
- C:\Windows\System\kiZCvGI.exe
  C:\Windows\System\kiZCvGI.exe
  2⤵
  PID:10024
- C:\Windows\System\qvPnyBX.exe
  C:\Windows\System\qvPnyBX.exe
  2⤵
  PID:10052
- C:\Windows\System\vWvNBvL.exe
  C:\Windows\System\vWvNBvL.exe
  2⤵
  PID:10084
- C:\Windows\System\itdmpUz.exe
  C:\Windows\System\itdmpUz.exe
  2⤵
  PID:10120
- C:\Windows\System\GAvLEDS.exe
  C:\Windows\System\GAvLEDS.exe
  2⤵
  PID:10152
- C:\Windows\System\gNDlmxO.exe
  C:\Windows\System\gNDlmxO.exe
  2⤵
  PID:10180
- C:\Windows\System\iqILKGH.exe
  C:\Windows\System\iqILKGH.exe
  2⤵
  PID:10224
- C:\Windows\System\hpEkoje.exe
  C:\Windows\System\hpEkoje.exe
  2⤵
  PID:8988
- C:\Windows\System\PZHCyfR.exe
  C:\Windows\System\PZHCyfR.exe
  2⤵
  PID:9144
- C:\Windows\System\cjWqlyD.exe
  C:\Windows\System\cjWqlyD.exe
  2⤵
  PID:9304
- C:\Windows\System\LfUCzaz.exe
  C:\Windows\System\LfUCzaz.exe
  2⤵
  PID:9336
- C:\Windows\System\mjRgtoI.exe
  C:\Windows\System\mjRgtoI.exe
  2⤵
  PID:9432
- C:\Windows\System\pMOkyKT.exe
  C:\Windows\System\pMOkyKT.exe
  2⤵
  PID:9488
- C:\Windows\System\vvYKsMV.exe
  C:\Windows\System\vvYKsMV.exe
  2⤵
  PID:9556
- C:\Windows\System\sHdrLIQ.exe
  C:\Windows\System\sHdrLIQ.exe
  2⤵
  PID:9612
- C:\Windows\System\chmCxtx.exe
  C:\Windows\System\chmCxtx.exe
  2⤵
  PID:9712
- C:\Windows\System\iiCHrVm.exe
  C:\Windows\System\iiCHrVm.exe
  2⤵
  PID:9764
- C:\Windows\System\zfgvMgd.exe
  C:\Windows\System\zfgvMgd.exe
  2⤵
  PID:9828
- C:\Windows\System\JReyjsh.exe
  C:\Windows\System\JReyjsh.exe
  2⤵
  PID:9888
- C:\Windows\System\UODVsHB.exe
  C:\Windows\System\UODVsHB.exe
  2⤵
  PID:9940
- C:\Windows\System\kbiTemK.exe
  C:\Windows\System\kbiTemK.exe
  2⤵
  PID:9960
- C:\Windows\System\EGqkZNG.exe
  C:\Windows\System\EGqkZNG.exe
  2⤵
  PID:10080
- C:\Windows\System\DyOLiVK.exe
  C:\Windows\System\DyOLiVK.exe
  2⤵
  PID:10132
- C:\Windows\System\JfbFgEf.exe
  C:\Windows\System\JfbFgEf.exe
  2⤵
  PID:10232
- C:\Windows\System\oOHXgty.exe
  C:\Windows\System\oOHXgty.exe
  2⤵
  PID:9284
- C:\Windows\System\bMiGTUS.exe
  C:\Windows\System\bMiGTUS.exe
  2⤵
  PID:9368
- C:\Windows\System\Odpseen.exe
  C:\Windows\System\Odpseen.exe
  2⤵
  PID:9560
- C:\Windows\System\wDTOLGY.exe
  C:\Windows\System\wDTOLGY.exe
  2⤵
  PID:9756
- C:\Windows\System\QrZieAM.exe
  C:\Windows\System\QrZieAM.exe
  2⤵
  PID:9824
- C:\Windows\System\FpHLTUA.exe
  C:\Windows\System\FpHLTUA.exe
  2⤵
  PID:2028
- C:\Windows\System\dIMXsXe.exe
  C:\Windows\System\dIMXsXe.exe
  2⤵
  PID:10040
- C:\Windows\System\egHezRy.exe
  C:\Windows\System\egHezRy.exe
  2⤵
  PID:10216
- C:\Windows\System\uMevvZv.exe
  C:\Windows\System\uMevvZv.exe
  2⤵
  PID:9588
- C:\Windows\System\iRhuCyq.exe
  C:\Windows\System\iRhuCyq.exe
  2⤵
  PID:9908
- C:\Windows\System\jTgAuLz.exe
  C:\Windows\System\jTgAuLz.exe
  2⤵
  PID:9428
- C:\Windows\System\XiISjIZ.exe
  C:\Windows\System\XiISjIZ.exe
  2⤵
  PID:8716
- C:\Windows\System\AbwHoMy.exe
  C:\Windows\System\AbwHoMy.exe
  2⤵
  PID:10264
- C:\Windows\System\StZHfeB.exe
  C:\Windows\System\StZHfeB.exe
  2⤵
  PID:10300
- C:\Windows\System\bPtDdmj.exe
  C:\Windows\System\bPtDdmj.exe
  2⤵
  PID:10316
- C:\Windows\System\uPQaTpG.exe
  C:\Windows\System\uPQaTpG.exe
  2⤵
  PID:10336
- C:\Windows\System\GrarPaH.exe
  C:\Windows\System\GrarPaH.exe
  2⤵
  PID:10368
- C:\Windows\System\TzNLSOn.exe
  C:\Windows\System\TzNLSOn.exe
  2⤵
  PID:10404
- C:\Windows\System\bnBimhd.exe
  C:\Windows\System\bnBimhd.exe
  2⤵
  PID:10436
- C:\Windows\System\LekbMeT.exe
  C:\Windows\System\LekbMeT.exe
  2⤵
  PID:10460
- C:\Windows\System\NXfRapD.exe
  C:\Windows\System\NXfRapD.exe
  2⤵
  PID:10484
- C:\Windows\System\aDBhbmE.exe
  C:\Windows\System\aDBhbmE.exe
  2⤵
  PID:10516
- C:\Windows\System\rWXZTQS.exe
  C:\Windows\System\rWXZTQS.exe
  2⤵
  PID:10552
- C:\Windows\System\VravEqO.exe
  C:\Windows\System\VravEqO.exe
  2⤵
  PID:10572
- C:\Windows\System\ALOyokU.exe
  C:\Windows\System\ALOyokU.exe
  2⤵
  PID:10600
- C:\Windows\System\xJLlQpG.exe
  C:\Windows\System\xJLlQpG.exe
  2⤵
  PID:10616
- C:\Windows\System\PNqCCQa.exe
  C:\Windows\System\PNqCCQa.exe
  2⤵
  PID:10644
- C:\Windows\System\TDyrvpT.exe
  C:\Windows\System\TDyrvpT.exe
  2⤵
  PID:10664
- C:\Windows\System\gnwFPlv.exe
  C:\Windows\System\gnwFPlv.exe
  2⤵
  PID:10688
- C:\Windows\System\PJGslTb.exe
  C:\Windows\System\PJGslTb.exe
  2⤵
  PID:10708
- C:\Windows\System\skRPHnF.exe
  C:\Windows\System\skRPHnF.exe
  2⤵
  PID:10748
- C:\Windows\System\qXqtfJM.exe
  C:\Windows\System\qXqtfJM.exe
  2⤵
  PID:10780
- C:\Windows\System\NkUGNaY.exe
  C:\Windows\System\NkUGNaY.exe
  2⤵
  PID:10808
- C:\Windows\System\rjoHLaa.exe
  C:\Windows\System\rjoHLaa.exe
  2⤵
  PID:10836
- C:\Windows\System\nQoeJCs.exe
  C:\Windows\System\nQoeJCs.exe
  2⤵
  PID:10868
- C:\Windows\System\lCyPIyI.exe
  C:\Windows\System\lCyPIyI.exe
  2⤵
  PID:10896
- C:\Windows\System\vCUodaH.exe
  C:\Windows\System\vCUodaH.exe
  2⤵
  PID:10924
- C:\Windows\System\LXquqFr.exe
  C:\Windows\System\LXquqFr.exe
  2⤵
  PID:10964
- C:\Windows\System\VJEEjni.exe
  C:\Windows\System\VJEEjni.exe
  2⤵
  PID:10988
- C:\Windows\System\XlDKseK.exe
  C:\Windows\System\XlDKseK.exe
  2⤵
  PID:11020
- C:\Windows\System\GSJiIHw.exe
  C:\Windows\System\GSJiIHw.exe
  2⤵
  PID:11048
- C:\Windows\System\hcfFEZZ.exe
  C:\Windows\System\hcfFEZZ.exe
  2⤵
  PID:11076
- C:\Windows\System\qrJaTYh.exe
  C:\Windows\System\qrJaTYh.exe
  2⤵
  PID:11104
- C:\Windows\System\MTBZHCi.exe
  C:\Windows\System\MTBZHCi.exe
  2⤵
  PID:11132
- C:\Windows\System\efidVww.exe
  C:\Windows\System\efidVww.exe
  2⤵
  PID:11160
- C:\Windows\System\dssRUlW.exe
  C:\Windows\System\dssRUlW.exe
  2⤵
  PID:11180
- C:\Windows\System\IbLhZyz.exe
  C:\Windows\System\IbLhZyz.exe
  2⤵
  PID:11208
- C:\Windows\System\fsmCAMt.exe
  C:\Windows\System\fsmCAMt.exe
  2⤵
  PID:11244
- C:\Windows\System\psNwBPa.exe
  C:\Windows\System\psNwBPa.exe
  2⤵
  PID:10248
- C:\Windows\System\FcMNiKo.exe
  C:\Windows\System\FcMNiKo.exe
  2⤵
  PID:10312
- C:\Windows\System\LLPCuTi.exe
  C:\Windows\System\LLPCuTi.exe
  2⤵
  PID:10348
- C:\Windows\System\aUyebiH.exe
  C:\Windows\System\aUyebiH.exe
  2⤵
  PID:10424
- C:\Windows\System\TyoPGvc.exe
  C:\Windows\System\TyoPGvc.exe
  2⤵
  PID:10500
- C:\Windows\System\CUgkMLO.exe
  C:\Windows\System\CUgkMLO.exe
  2⤵
  PID:10560
- C:\Windows\System\AbbLlhv.exe
  C:\Windows\System\AbbLlhv.exe
  2⤵
  PID:10632
- C:\Windows\System\xyLtzKl.exe
  C:\Windows\System\xyLtzKl.exe
  2⤵
  PID:10652
- C:\Windows\System\FSznkYA.exe
  C:\Windows\System\FSznkYA.exe
  2⤵
  PID:10776
- C:\Windows\System\NttChQJ.exe
  C:\Windows\System\NttChQJ.exe
  2⤵
  PID:10828
- C:\Windows\System\Tpxzubl.exe
  C:\Windows\System\Tpxzubl.exe
  2⤵
  PID:10852
- C:\Windows\System\JOAWpud.exe
  C:\Windows\System\JOAWpud.exe
  2⤵
  PID:10940
- C:\Windows\System\WqxlWis.exe
  C:\Windows\System\WqxlWis.exe
  2⤵
  PID:11032
- C:\Windows\System\BqWNwIw.exe
  C:\Windows\System\BqWNwIw.exe
  2⤵
  PID:11092
- C:\Windows\System\vSIkegd.exe
  C:\Windows\System\vSIkegd.exe
  2⤵
  PID:11148
- C:\Windows\System\ubqFsJw.exe
  C:\Windows\System\ubqFsJw.exe
  2⤵
  PID:11204
- C:\Windows\System\sHVcSmV.exe
  C:\Windows\System\sHVcSmV.exe
  2⤵
  PID:9584
- C:\Windows\System\MCZsdJx.exe
  C:\Windows\System\MCZsdJx.exe
  2⤵
  PID:10332
- C:\Windows\System\nVGRCCM.exe
  C:\Windows\System\nVGRCCM.exe
  2⤵
  PID:10584
- C:\Windows\System\LRUpstn.exe
  C:\Windows\System\LRUpstn.exe
  2⤵
  PID:10820
- C:\Windows\System\bIxUJXl.exe
  C:\Windows\System\bIxUJXl.exe
  2⤵
  PID:11040
- C:\Windows\System\vcFgxby.exe
  C:\Windows\System\vcFgxby.exe
  2⤵
  PID:11128
- C:\Windows\System\cUhnhnE.exe
  C:\Windows\System\cUhnhnE.exe
  2⤵
  PID:11196
- C:\Windows\System\CShBYZu.exe
  C:\Windows\System\CShBYZu.exe
  2⤵
  PID:10612
- C:\Windows\System\rFWFvjU.exe
  C:\Windows\System\rFWFvjU.exe
  2⤵
  PID:10948
- C:\Windows\System\iyhstTZ.exe
  C:\Windows\System\iyhstTZ.exe
  2⤵
  PID:11272
- C:\Windows\System\buTDvLb.exe
  C:\Windows\System\buTDvLb.exe
  2⤵
  PID:11300
- C:\Windows\System\ZHosTDQ.exe
  C:\Windows\System\ZHosTDQ.exe
  2⤵
  PID:11332
- C:\Windows\System\MRNzhwo.exe
  C:\Windows\System\MRNzhwo.exe
  2⤵
  PID:11364
- C:\Windows\System\zDdLWek.exe
  C:\Windows\System\zDdLWek.exe
  2⤵
  PID:11400
- C:\Windows\System\yIASiTU.exe
  C:\Windows\System\yIASiTU.exe
  2⤵
  PID:11432
- C:\Windows\System\JOOVqDe.exe
  C:\Windows\System\JOOVqDe.exe
  2⤵
  PID:11460
- C:\Windows\System\QRqpDqI.exe
  C:\Windows\System\QRqpDqI.exe
  2⤵
  PID:11484
- C:\Windows\System\CdwdjqX.exe
  C:\Windows\System\CdwdjqX.exe
  2⤵
  PID:11516
- C:\Windows\System\nielGOo.exe
  C:\Windows\System\nielGOo.exe
  2⤵
  PID:11560
- C:\Windows\System\hMiXabU.exe
  C:\Windows\System\hMiXabU.exe
  2⤵
  PID:11592
- C:\Windows\System\kSVNBsB.exe
  C:\Windows\System\kSVNBsB.exe
  2⤵
  PID:11620
- C:\Windows\System\MpVNSDT.exe
  C:\Windows\System\MpVNSDT.exe
  2⤵
  PID:11648
- C:\Windows\System\LMewFYD.exe
  C:\Windows\System\LMewFYD.exe
  2⤵
  PID:11696
- C:\Windows\System\pzOVFSA.exe
  C:\Windows\System\pzOVFSA.exe
  2⤵
  PID:11712
- C:\Windows\System\hkoPRpg.exe
  C:\Windows\System\hkoPRpg.exe
  2⤵
  PID:11732
- C:\Windows\System\dDkhAGO.exe
  C:\Windows\System\dDkhAGO.exe
  2⤵
  PID:11756
- C:\Windows\System\QmnNQJX.exe
  C:\Windows\System\QmnNQJX.exe
  2⤵
  PID:11788
- C:\Windows\System\xrKkOsj.exe
  C:\Windows\System\xrKkOsj.exe
  2⤵
  PID:11812
- C:\Windows\System\CoZhPkN.exe
  C:\Windows\System\CoZhPkN.exe
  2⤵
  PID:11852
- C:\Windows\System\BUtkGmd.exe
  C:\Windows\System\BUtkGmd.exe
  2⤵
  PID:11892
- C:\Windows\System\RIPZpip.exe
  C:\Windows\System\RIPZpip.exe
  2⤵
  PID:11928
- C:\Windows\System\liJthXJ.exe
  C:\Windows\System\liJthXJ.exe
  2⤵
  PID:11960
- C:\Windows\System\OkdjZnm.exe
  C:\Windows\System\OkdjZnm.exe
  2⤵
  PID:11984
- C:\Windows\System\nMSHSew.exe
  C:\Windows\System\nMSHSew.exe
  2⤵
  PID:12028
- C:\Windows\System\JQvGqid.exe
  C:\Windows\System\JQvGqid.exe
  2⤵
  PID:12064
- C:\Windows\System\BJUIkmp.exe
  C:\Windows\System\BJUIkmp.exe
  2⤵
  PID:12096
- C:\Windows\System\IYdnuuE.exe
  C:\Windows\System\IYdnuuE.exe
  2⤵
  PID:12132
- C:\Windows\System\HblAwWW.exe
  C:\Windows\System\HblAwWW.exe
  2⤵
  PID:12160
- C:\Windows\System\PfHzEmY.exe
  C:\Windows\System\PfHzEmY.exe
  2⤵
  PID:12192
- C:\Windows\System\ONOghJh.exe
  C:\Windows\System\ONOghJh.exe
  2⤵
  PID:12228
- C:\Windows\System\JlWBUvP.exe
  C:\Windows\System\JlWBUvP.exe
  2⤵
  PID:12264
- C:\Windows\System\WBOUmTR.exe
  C:\Windows\System\WBOUmTR.exe
  2⤵
  PID:10360
- C:\Windows\System\cyBWLqG.exe
  C:\Windows\System\cyBWLqG.exe
  2⤵
  PID:11292
- C:\Windows\System\nvHTTZk.exe
  C:\Windows\System\nvHTTZk.exe
  2⤵
  PID:11328
- C:\Windows\System\tbFvajc.exe
  C:\Windows\System\tbFvajc.exe
  2⤵
  PID:11376
- C:\Windows\System\KxjlopN.exe
  C:\Windows\System\KxjlopN.exe
  2⤵
  PID:11472
- C:\Windows\System\tUeAohw.exe
  C:\Windows\System\tUeAohw.exe
  2⤵
  PID:11548
- C:\Windows\System\EnQmIvi.exe
  C:\Windows\System\EnQmIvi.exe
  2⤵
  PID:11588
- C:\Windows\System\HdciyzE.exe
  C:\Windows\System\HdciyzE.exe
  2⤵
  PID:11720
- C:\Windows\System\rgOxAtn.exe
  C:\Windows\System\rgOxAtn.exe
  2⤵
  PID:11752
- C:\Windows\System\clHdqgk.exe
  C:\Windows\System\clHdqgk.exe
  2⤵
  PID:11832
- C:\Windows\System\jeNOopS.exe
  C:\Windows\System\jeNOopS.exe
  2⤵
  PID:11948
- C:\Windows\System\bVpjHne.exe
  C:\Windows\System\bVpjHne.exe
  2⤵
  PID:11996
- C:\Windows\System\XbJCpuD.exe
  C:\Windows\System\XbJCpuD.exe
  2⤵
  PID:12044
- C:\Windows\System\frsEgcK.exe
  C:\Windows\System\frsEgcK.exe
  2⤵
  PID:12168
- C:\Windows\System\pQFpkdR.exe
  C:\Windows\System\pQFpkdR.exe
  2⤵
  PID:12204
- C:\Windows\System\okaCJTR.exe
  C:\Windows\System\okaCJTR.exe
  2⤵
  PID:10888
- C:\Windows\System\abNSwJi.exe
  C:\Windows\System\abNSwJi.exe
  2⤵
  PID:11320
- C:\Windows\System\SobjfrU.exe
  C:\Windows\System\SobjfrU.exe
  2⤵
  PID:11512
- C:\Windows\System\zNzvSaQ.exe
  C:\Windows\System\zNzvSaQ.exe
  2⤵
  PID:11680
- C:\Windows\System\MOIUGDJ.exe
  C:\Windows\System\MOIUGDJ.exe
  2⤵
  PID:11824
- C:\Windows\System\cHzBSHi.exe
  C:\Windows\System\cHzBSHi.exe
  2⤵
  PID:11844
- C:\Windows\System\lWmbPcG.exe
  C:\Windows\System\lWmbPcG.exe
  2⤵
  PID:11876
- C:\Windows\System\japaBHn.exe
  C:\Windows\System\japaBHn.exe
  2⤵
  PID:12240
- C:\Windows\System\euhcrXT.exe
  C:\Windows\System\euhcrXT.exe
  2⤵
  PID:10536
- C:\Windows\System\EopqwRm.exe
  C:\Windows\System\EopqwRm.exe
  2⤵
  PID:11784
- C:\Windows\System\BoUkgSN.exe
  C:\Windows\System\BoUkgSN.exe
  2⤵
  PID:12300
- C:\Windows\System\VxiTvnO.exe
  C:\Windows\System\VxiTvnO.exe
  2⤵
  PID:12324
- C:\Windows\System\hOWwRJW.exe
  C:\Windows\System\hOWwRJW.exe
  2⤵
  PID:12348
- C:\Windows\System\ypyrqaH.exe
  C:\Windows\System\ypyrqaH.exe
  2⤵
  PID:12368
- C:\Windows\System\JQyMLUl.exe
  C:\Windows\System\JQyMLUl.exe
  2⤵
  PID:12392
- C:\Windows\System\gzmtBeD.exe
  C:\Windows\System\gzmtBeD.exe
  2⤵
  PID:12416
- C:\Windows\System\wZFeqGV.exe
  C:\Windows\System\wZFeqGV.exe
  2⤵
  PID:12440
- C:\Windows\System\UvEXGia.exe
  C:\Windows\System\UvEXGia.exe
  2⤵
  PID:12464
- C:\Windows\System\kmIJbaq.exe
  C:\Windows\System\kmIJbaq.exe
  2⤵
  PID:12492
- C:\Windows\System\cixyVRW.exe
  C:\Windows\System\cixyVRW.exe
  2⤵
  PID:12520
- C:\Windows\System\Kauxjaa.exe
  C:\Windows\System\Kauxjaa.exe
  2⤵
  PID:12552
- C:\Windows\System\ZvnKrVj.exe
  C:\Windows\System\ZvnKrVj.exe
  2⤵
  PID:12596
- C:\Windows\System\sJiqTXO.exe
  C:\Windows\System\sJiqTXO.exe
  2⤵
  PID:12636
- C:\Windows\System\PZMZgfQ.exe
  C:\Windows\System\PZMZgfQ.exe
  2⤵
  PID:12676
- C:\Windows\System\fEMqxml.exe
  C:\Windows\System\fEMqxml.exe
  2⤵
  PID:12712
- C:\Windows\System\IEcXmEQ.exe
  C:\Windows\System\IEcXmEQ.exe
  2⤵
  PID:12740
- C:\Windows\System\QHdUEni.exe
  C:\Windows\System\QHdUEni.exe
  2⤵
  PID:12776
- C:\Windows\System\AcVhGfN.exe
  C:\Windows\System\AcVhGfN.exe
  2⤵
  PID:12796
- C:\Windows\System\BVNGdBg.exe
  C:\Windows\System\BVNGdBg.exe
  2⤵
  PID:12816
- C:\Windows\System\nhvcvIW.exe
  C:\Windows\System\nhvcvIW.exe
  2⤵
  PID:12836
- C:\Windows\System\syQfFGV.exe
  C:\Windows\System\syQfFGV.exe
  2⤵
  PID:12860
- C:\Windows\System\MDprXsw.exe
  C:\Windows\System\MDprXsw.exe
  2⤵
  PID:12884
- C:\Windows\System\qHAoUuP.exe
  C:\Windows\System\qHAoUuP.exe
  2⤵
  PID:12908
- C:\Windows\System\HhIqhtR.exe
  C:\Windows\System\HhIqhtR.exe
  2⤵
  PID:12936
- C:\Windows\System\tWdqEHs.exe
  C:\Windows\System\tWdqEHs.exe
  2⤵
  PID:12968
- C:\Windows\System\bZTQAAm.exe
  C:\Windows\System\bZTQAAm.exe
  2⤵
  PID:13004
- C:\Windows\System\rmmfAxI.exe
  C:\Windows\System\rmmfAxI.exe
  2⤵
  PID:13040
- C:\Windows\System\kdRIdQr.exe
  C:\Windows\System\kdRIdQr.exe
  2⤵
  PID:13068
- C:\Windows\System\VsVNRsL.exe
  C:\Windows\System\VsVNRsL.exe
  2⤵
  PID:13108
- C:\Windows\System\XjAGkfk.exe
  C:\Windows\System\XjAGkfk.exe
  2⤵
  PID:13132
- C:\Windows\System\MuUjfUQ.exe
  C:\Windows\System\MuUjfUQ.exe
  2⤵
  PID:13152
- C:\Windows\System\ykTAtcY.exe
  C:\Windows\System\ykTAtcY.exe
  2⤵
  PID:13208
- C:\Windows\System\jhJJhWG.exe
  C:\Windows\System\jhJJhWG.exe
  2⤵
  PID:13232
- C:\Windows\System\nSSMHbC.exe
  C:\Windows\System\nSSMHbC.exe
  2⤵
  PID:13264
- C:\Windows\System\TSkvskT.exe
  C:\Windows\System\TSkvskT.exe
  2⤵
  PID:13288
- C:\Windows\System\wRnZvMt.exe
  C:\Windows\System\wRnZvMt.exe
  2⤵
  PID:11804
- C:\Windows\System\LSSaWKv.exe
  C:\Windows\System\LSSaWKv.exe
  2⤵
  PID:11920
- C:\Windows\System\ktZjmOF.exe
  C:\Windows\System\ktZjmOF.exe
  2⤵
  PID:12360
- C:\Windows\System\gqJISQG.exe
  C:\Windows\System\gqJISQG.exe
  2⤵
  PID:12432
- C:\Windows\System\KKlPFET.exe
  C:\Windows\System\KKlPFET.exe
  2⤵
  PID:12584
- C:\Windows\System\wcWCbHr.exe
  C:\Windows\System\wcWCbHr.exe
  2⤵
  PID:12632
- C:\Windows\System\mVPUzcu.exe
  C:\Windows\System\mVPUzcu.exe
  2⤵
  PID:12768
- C:\Windows\System\GLwvkYS.exe
  C:\Windows\System\GLwvkYS.exe
  2⤵
  PID:12792
- C:\Windows\System\IcQzzQX.exe
  C:\Windows\System\IcQzzQX.exe
  2⤵
  PID:12804
- C:\Windows\System\QxgVbOb.exe
  C:\Windows\System\QxgVbOb.exe
  2⤵
  PID:13032
- C:\Windows\System\bqaWFwh.exe
  C:\Windows\System\bqaWFwh.exe
  2⤵
  PID:12872
- C:\Windows\System\yQZSpYp.exe
  C:\Windows\System\yQZSpYp.exe
  2⤵
  PID:12896
- C:\Windows\System\xMTTnWj.exe
  C:\Windows\System\xMTTnWj.exe
  2⤵
  PID:13052
- C:\Windows\System\dFdXORR.exe
  C:\Windows\System\dFdXORR.exe
  2⤵
  PID:13100
- C:\Windows\System\sDBmvbZ.exe
  C:\Windows\System\sDBmvbZ.exe
  2⤵
  PID:13272
- C:\Windows\System\CUSwBRq.exe
  C:\Windows\System\CUSwBRq.exe
  2⤵
  PID:11412
- C:\Windows\System\sYzTKRI.exe
  C:\Windows\System\sYzTKRI.exe
  2⤵
  PID:12296
- C:\Windows\System\IMsCruI.exe
  C:\Windows\System\IMsCruI.exe
  2⤵
  PID:12916
- C:\Windows\System\LCCjPOg.exe
  C:\Windows\System\LCCjPOg.exe
  2⤵
  PID:12544
- C:\Windows\System\oxOwMqd.exe
  C:\Windows\System\oxOwMqd.exe
  2⤵
  PID:12784
- C:\Windows\System\VtobPxd.exe
  C:\Windows\System\VtobPxd.exe
  2⤵
  PID:12988
- C:\Windows\System\NRhOjWf.exe
  C:\Windows\System\NRhOjWf.exe
  2⤵
  PID:13168
- C:\Windows\System\lmXnsSL.exe
  C:\Windows\System\lmXnsSL.exe
  2⤵
  PID:13216
- C:\Windows\System\QxKoIfD.exe
  C:\Windows\System\QxKoIfD.exe
  2⤵
  PID:12504
- C:\Windows\System\uTedbyP.exe
  C:\Windows\System\uTedbyP.exe
  2⤵
  PID:12788
- C:\Windows\System\ueDjpuh.exe
  C:\Windows\System\ueDjpuh.exe
  2⤵
  PID:13308
- C:\Windows\System\BHXbOIL.exe
  C:\Windows\System\BHXbOIL.exe
  2⤵
  PID:12732
- C:\Windows\System\gECzaFF.exe
  C:\Windows\System\gECzaFF.exe
  2⤵
  PID:13328
- C:\Windows\System\FHEaUih.exe
  C:\Windows\System\FHEaUih.exe
  2⤵
  PID:13356
- C:\Windows\System\PsNzZaW.exe
  C:\Windows\System\PsNzZaW.exe
  2⤵
  PID:13396
- C:\Windows\System\pkhZtOR.exe
  C:\Windows\System\pkhZtOR.exe
  2⤵
  PID:13424
- C:\Windows\System\SkJAxIy.exe
  C:\Windows\System\SkJAxIy.exe
  2⤵
  PID:13440
- C:\Windows\System\pHcqRGk.exe
  C:\Windows\System\pHcqRGk.exe
  2⤵
  PID:13464
- C:\Windows\System\BMGaiIT.exe
  C:\Windows\System\BMGaiIT.exe
  2⤵
  PID:13504
- C:\Windows\System\NlfjaOG.exe
  C:\Windows\System\NlfjaOG.exe
  2⤵
  PID:13520
- C:\Windows\System\SDMmLZa.exe
  C:\Windows\System\SDMmLZa.exe
  2⤵
  PID:13548
- C:\Windows\System\hRawDgQ.exe
  C:\Windows\System\hRawDgQ.exe
  2⤵
  PID:13592
- C:\Windows\System\ekySSKN.exe
  C:\Windows\System\ekySSKN.exe
  2⤵
  PID:13620
- C:\Windows\System\cAzORgg.exe
  C:\Windows\System\cAzORgg.exe
  2⤵
  PID:13660
- C:\Windows\System\ismvWGr.exe
  C:\Windows\System\ismvWGr.exe
  2⤵
  PID:13684
- C:\Windows\System\DhCYzel.exe
  C:\Windows\System\DhCYzel.exe
  2⤵
  PID:13708
- C:\Windows\System\ZGkXRNm.exe
  C:\Windows\System\ZGkXRNm.exe
  2⤵
  PID:13752
- C:\Windows\System\wQRmMyE.exe
  C:\Windows\System\wQRmMyE.exe
  2⤵
  PID:13768
- C:\Windows\System\CCIqSza.exe
  C:\Windows\System\CCIqSza.exe
  2⤵
  PID:13796
- C:\Windows\System\NurjEDv.exe
  C:\Windows\System\NurjEDv.exe
  2⤵
  PID:13836
- C:\Windows\System\aWqlkZP.exe
  C:\Windows\System\aWqlkZP.exe
  2⤵
  PID:13876
- C:\Windows\System\cBWGogB.exe
  C:\Windows\System\cBWGogB.exe
  2⤵
  PID:13904
- C:\Windows\System\ZYajNsV.exe
  C:\Windows\System\ZYajNsV.exe
  2⤵
  PID:13936
- C:\Windows\System\uMyampt.exe
  C:\Windows\System\uMyampt.exe
  2⤵
  PID:13964
- C:\Windows\System\BobIQzy.exe
  C:\Windows\System\BobIQzy.exe
  2⤵
  PID:13980
- C:\Windows\System\CuoDSsN.exe
  C:\Windows\System\CuoDSsN.exe
  2⤵
  PID:14004
- C:\Windows\System\AFNoOXN.exe
  C:\Windows\System\AFNoOXN.exe
  2⤵
  PID:14036
- C:\Windows\System\YTDnmKk.exe
  C:\Windows\System\YTDnmKk.exe
  2⤵
  PID:14064
- C:\Windows\System\LsoPwUd.exe
  C:\Windows\System\LsoPwUd.exe
  2⤵
  PID:14100
- C:\Windows\System\ehucoEg.exe
  C:\Windows\System\ehucoEg.exe
  2⤵
  PID:14128
- C:\Windows\System\egqhGvd.exe
  C:\Windows\System\egqhGvd.exe
  2⤵
  PID:14148
- C:\Windows\System\DzzbnUo.exe
  C:\Windows\System\DzzbnUo.exe
  2⤵
  PID:14180
- C:\Windows\System\bUSZdfa.exe
  C:\Windows\System\bUSZdfa.exe
  2⤵
  PID:14216
- C:\Windows\System\PfKxgoR.exe
  C:\Windows\System\PfKxgoR.exe
  2⤵
  PID:14248
- C:\Windows\System\yTwCAhq.exe
  C:\Windows\System\yTwCAhq.exe
  2⤵
  PID:14276
- C:\Windows\System\bRoiZxR.exe
  C:\Windows\System\bRoiZxR.exe
  2⤵
  PID:14300
- C:\Windows\System\RowHAqW.exe
  C:\Windows\System\RowHAqW.exe
  2⤵
  PID:12996
- C:\Windows\System\ciTHYoq.exe
  C:\Windows\System\ciTHYoq.exe
  2⤵
  PID:13324
- C:\Windows\System\JMAMClP.exe
  C:\Windows\System\JMAMClP.exe
  2⤵
  PID:13344
- C:\Windows\System\KxJxqNH.exe
  C:\Windows\System\KxJxqNH.exe
  2⤵
  PID:13432
- C:\Windows\System\uAcbtlo.exe
  C:\Windows\System\uAcbtlo.exe
  2⤵
  PID:13472
- C:\Windows\System\YVMXoUb.exe
  C:\Windows\System\YVMXoUb.exe
  2⤵
  PID:13580
- C:\Windows\System\BpeVzdR.exe
  C:\Windows\System\BpeVzdR.exe
  2⤵
  PID:13640
- C:\Windows\System\ATgxcWW.exe
  C:\Windows\System\ATgxcWW.exe
  2⤵
  PID:13704
- C:\Windows\System\IvdAFFo.exe
  C:\Windows\System\IvdAFFo.exe
  2⤵
  PID:13700
- C:\Windows\System\yKdcoPr.exe
  C:\Windows\System\yKdcoPr.exe
  2⤵
  PID:13844
- C:\Windows\System\qSWgPsx.exe
  C:\Windows\System\qSWgPsx.exe
  2⤵
  PID:13868
- C:\Windows\System\qOmRkNV.exe
  C:\Windows\System\qOmRkNV.exe
  2⤵
  PID:3956
- C:\Windows\System\vCGPDhw.exe
  C:\Windows\System\vCGPDhw.exe
  2⤵
  PID:972
- C:\Windows\System\VZWwDQV.exe
  C:\Windows\System\VZWwDQV.exe
  2⤵
  PID:14000
- C:\Windows\System\ixImYsy.exe
  C:\Windows\System\ixImYsy.exe
  2⤵
  PID:14076
- C:\Windows\System\hFbJydE.exe
  C:\Windows\System\hFbJydE.exe
  2⤵
  PID:14084
- C:\Windows\System\XXIAgiH.exe
  C:\Windows\System\XXIAgiH.exe
  2⤵
  PID:14172
- C:\Windows\System\GqPFBqr.exe
  C:\Windows\System\GqPFBqr.exe
  2⤵
  PID:14296
- C:\Windows\System\DfKTwFs.exe
  C:\Windows\System\DfKTwFs.exe
  2⤵
  PID:13340
- C:\Windows\System\CIQGxdl.exe
  C:\Windows\System\CIQGxdl.exe
  2⤵
  PID:13380
- C:\Windows\System\DsgdvVv.exe
  C:\Windows\System\DsgdvVv.exe
  2⤵
  PID:13632
- C:\Windows\System\ckOtWOM.exe
  C:\Windows\System\ckOtWOM.exe
  2⤵
  PID:13764
- C:\Windows\System\oPMiZhO.exe
  C:\Windows\System\oPMiZhO.exe
  2⤵
  PID:13916
- C:\Windows\System\LroyizW.exe
  C:\Windows\System\LroyizW.exe
  2⤵
  PID:13956
- C:\Windows\System\ZQugKWe.exe
  C:\Windows\System\ZQugKWe.exe
  2⤵
  PID:14048
- C:\Windows\System\NJdKqaZ.exe
  C:\Windows\System\NJdKqaZ.exe
  2⤵
  PID:14116
- C:\Windows\System\ypZtaNe.exe
  C:\Windows\System\ypZtaNe.exe
  2⤵
  PID:14332
- C:\Windows\System\mRbXuJw.exe
  C:\Windows\System\mRbXuJw.exe
  2⤵
  PID:13760
- C:\Windows\System\yrYkDrp.exe
  C:\Windows\System\yrYkDrp.exe
  2⤵
  PID:12116
- C:\Windows\System\jvJGQbo.exe
  C:\Windows\System\jvJGQbo.exe
  2⤵
  PID:13248
- C:\Windows\System\izlCQCr.exe
  C:\Windows\System\izlCQCr.exe
  2⤵
  PID:14348
- C:\Windows\System\OOqOwlB.exe
  C:\Windows\System\OOqOwlB.exe
  2⤵
  PID:14384
- C:\Windows\System\SzHplPi.exe
  C:\Windows\System\SzHplPi.exe
  2⤵
  PID:14412
- C:\Windows\System\ZMrmVlX.exe
  C:\Windows\System\ZMrmVlX.exe
  2⤵
  PID:14440
- C:\Windows\System\laEeRSz.exe
  C:\Windows\System\laEeRSz.exe
  2⤵
  PID:14468
- C:\Windows\System\dQfHixQ.exe
  C:\Windows\System\dQfHixQ.exe
  2⤵
  PID:14508
- C:\Windows\System\DNSyBqO.exe
  C:\Windows\System\DNSyBqO.exe
  2⤵
  PID:14524

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AlRyqkD.exe

Filesize
2.4MB

MD5
681178cc5e99a316a52c45a8ce89ad3e

SHA1
2cef2d8da8ea710feea6151d1a51b3026993f027

SHA256
43f3260cc77bbd34352501b36e26adb60333a8852151d873f97d92e64c395bca

SHA512
a1af98ed187e3c3b9222711377c86d7da8b5e8e741d666f62d64bc986457b953dcfda79ab2fb5e7a7e930f3b9c249248317ab92733126fd5effb28e93d9f7669

Download Submit
C:\Windows\System\AmoPkLO.exe

Filesize
2.4MB

MD5
3586b7384a8ac62508d40dca4c48c529

SHA1
66c4eed99ee11249e602e4bd2f8e668b418b6bea

SHA256
93d58c89cd7576f287039e4545e3e4e33431fe33f6dc14b154330dee3a505535

SHA512
813f6c4203dab5defda757cfceed67d53926f17a59b9b9abac9f47d3c056a3c016a5741800f407aa1f37380f15cc2fc9f5f0179853e4a268c019e6a6596d8387

Download Submit
C:\Windows\System\BHkFdrg.exe

Filesize
2.4MB

MD5
68040cae18dd3ba19b6a7ef02d6e57e9

SHA1
09f3ccaf36e675efc70738bec38e1c7f27017b45

SHA256
0ba8e63692ed20994d12aceb4f4a7999c379f884c107e0131e86e0786ff18912

SHA512
73b5a631f0e7a4357505ecd67798b94e3ab1ba09b705a3f0d15b5b83fa62df0f3d06af08f0fc419cbf8c8aa892bb3b90a654c3ee3630dbc54388e35710e6bb68

Download Submit
C:\Windows\System\BnpyVCq.exe

Filesize
2.4MB

MD5
55c377079331f86682091222bec31c8f

SHA1
d046e83d15aeb6a7180eb4b92323e202bef4c9af

SHA256
8839207cdcfd047055c0c06935ce64af939b438cbd3cc3057479b818c566edee

SHA512
f68443d943d0d0f2820d8f675308d4b894786bf95d4e8d4f86609d8a7e4afb6af9205b78ea87c9501feafa5d6f22c467f0644ebe569d29c2878a01e9beb01456

Download Submit
C:\Windows\System\BphtbLI.exe

Filesize
2.4MB

MD5
d7d48c0fe46f8dfe43d5c7a54ddc46b6

SHA1
fc3062fd1af4b5737880d701e29a42140c62966b

SHA256
f802d527d157aadfd3c4497975b4ebbe1de7d887a0d8ebabddce9b2c0c165faa

SHA512
a2b0333f32421f341a4403a5bc3354d1cc69d49dc4c8faa3d01924c108bb8def27403559855619294fc730493d47d14b32ccbe9d1a171e1eb97283eca7c6f084

Download Submit
C:\Windows\System\FxWFrqb.exe

Filesize
2.4MB

MD5
3fb04a2ddd7c9152eaae9993b4c2eaac

SHA1
331ffc4d4b75eeb4ec1b30d3d2e32b59015edfe8

SHA256
12ee696b30d514fcf31e3375e3a1eba5d684cbc065adb2e5eb0f776e08be598a

SHA512
731ba0d493ee7d7e8457d222771dc11533955d928c5db1a0bd4e95f3328fa585af8176184af7d7c3254d1a7fb69d14cb2f0ffd1eda036cb0de3bcb7c9feb6e90

Download Submit
C:\Windows\System\HqVqPpB.exe

Filesize
2.4MB

MD5
5a499298e0453d0bc0ed643ef8183e3d

SHA1
a3488efbd4146c636cdc6bcf044202bebad483d3

SHA256
f656fc131fd1b3e9f03dddea8d51065ae51116dc85afbbdaaa59ea17ac57b06e

SHA512
3f00143b9448b1874dbc18064a2cd08f567a3ed7fd55c32ff574befdd353b8bb589803cee60a7bb1553127083bd2186228958632009f269d43fc8a678cc913e7

Download Submit
C:\Windows\System\HqZIGZx.exe

Filesize
2.4MB

MD5
e47b4df3353b50a6668da89510dabd5e

SHA1
12c69075e89c9b71a18093f84a84fef2292c63c1

SHA256
1caaf5143e060814d359c362a90ce1bfc30f767220357b363fee371e78b7ec26

SHA512
4cdae31365da592712809dd712c85f6da033f0a4283f333e2c3c6a7eb2e9d6a228cc24ffc289e7c78a219aeab070c8c34b4b39673a0bac77c6633cead9412275

Download Submit
C:\Windows\System\KKFmRyg.exe

Filesize
2.4MB

MD5
597361adf4e9c39465f6e8283e0120b6

SHA1
781f3c479e919443df281b892e1c1bf6f301db74

SHA256
e88cbd156845169e2d1fa246519645175e33692dc6c772f18fcb5b3b459b2465

SHA512
1c11eff63e5b72dfae01f256d3f8d6eb9b4b1903e25fa7d0694c8e8a02c20054adacbe28b4f01879d41322c04aac132bd0684e8288e5d39bb0560d2d7fa3c928

Download Submit
C:\Windows\System\KqlYEYh.exe

Filesize
2.4MB

MD5
2b42267b7869110cc015d468ba61aa8f

SHA1
a7c9830023479bfa2c8e43ab072c698615784a11

SHA256
a48fccdd4aad67123d87f68f4ea7126a91c23b42a11b08183cf1ae2546dbd0f1

SHA512
7226544e88f22ad086feb01cd575ee0c612aca790435c4197b171af23c653351e0af7604ff5fd94c39965e844cdf43d617cf797a4f9c3fc473fea9bb2b2e9a4d

Download Submit
C:\Windows\System\Nejduuo.exe

Filesize
2.4MB

MD5
7348578a57dd810f447e410fb0ba977e

SHA1
98c04446022701865897fc9b92d7a90877395cb5

SHA256
b9e049527d8fc729943eb340a265ffd67df3d2fd21d6b3fd650d08c769df04b3

SHA512
37098277c2f18659ef0afabaa084c73d04f97864af6112668afebf31a6ae9052fd0d62df0247ca94d6028d14c393b4b12452fab06c7415342c8f7371b8877a24

Download Submit
C:\Windows\System\POfUQJZ.exe

Filesize
2.4MB

MD5
410e9adccabcdb520fb505409925e49d

SHA1
a37dc10da92bad59bd48c1e4c5d73ed744c3376b

SHA256
47c55a95a06ec0bfe7fcdc68234d4ea59876448ea141f6d54b8db24c64312338

SHA512
13e742b8c829667acd6b3b10ac40a1c0a7b7beb291e1c8bde0c8a601c55d72675c1b0cc6675f9ac7b5fc242fe8b6e5a54efe3d21e28d6440439dacd096b024ed

Download Submit
C:\Windows\System\RIMIitK.exe

Filesize
2.4MB

MD5
98f4bac5bcba4ce3ace8a6a4e375dfed

SHA1
9f6eef43ee3abfc7668ff2f9e71c0a55681ccd73

SHA256
a1986f4435b6b1e6e427be39edfa95369e7cf62abe60d9ef28ee598fa05470c2

SHA512
45f0ed8a39de487a52eb77c864ed1eb9f94f0641d8f80ec8bd1a9be785fcda23587f34beadbefe1c27b8f6d00ec88ebd354beda10a94c1ac7df997d39165466a

Download Submit
C:\Windows\System\TxfkrpE.exe

Filesize
2.4MB

MD5
e9ca537d1697dd148d2a1e584c9c33ec

SHA1
4389d6b7c392ee1b0b7d67ec3060d081737e69eb

SHA256
0a8926e2397f57a1b5710a795059a3f5a5fea10544d8a8fd4954cd79d4dc2a92

SHA512
3607c4a2efdbc74fe732aa3a4f0b0330e4a8b69379fceb4c23aaa05b29916164436ee586b2f2f41172f048b2ea52ba18b38620d66d82cdc13bf643686308b0d7

Download Submit
C:\Windows\System\UQsCGvG.exe

Filesize
2.4MB

MD5
c5cbc9f26c0d4c3b849ab2513774b57b

SHA1
11cea51c2f4d858fb5831e0ec910273cdd000920

SHA256
2a84a56ece00819d06ba8a66ecd5ea58edfd2eb579d0679964e6dd5d8a5b9db1

SHA512
5d0b2e2d0d1661dd719839a3563f24d0d2627fdf893e3ca55ceb435dc8753222302e3955ea8f22110d11ed25c4c6a03e46a98680af93213f638783a19a9f3556

Download Submit
C:\Windows\System\bFhjVDw.exe

Filesize
2.4MB

MD5
771c4a2469e6697bc4cbb2441e2e5bb8

SHA1
49b4cf22ad4e73af0c25d74b9261d1028819bb13

SHA256
de665a02c5226a922e1bf25b0e04e471b73bc7475d772be82c13e5037b4fd0d7

SHA512
71b9155b5701b68bb004c6b9eeac14f1c98c00323a1796366266a9052ffa988df1e6f1e69ab1127ef87c58d75a9e4a57bb97f47932844239ba41362623c43f97

Download Submit
C:\Windows\System\dNWMPqB.exe

Filesize
2.4MB

MD5
5c46476bc1dfb0db81950c01b717c634

SHA1
e73ec5fb0fe34efc64ae952ba73486041e65957a

SHA256
1ae3dc029cf79c6e39c1ea26aabc6ff4f63d192afe03dd1a0c242c50b4fb6327

SHA512
e5fc23e890ee6dec220376dac81e5cf43a6d45f2d7b27dffb3ab910d5cb86c122c1a2853c43dc8748fd95ab718a09e9393a9c816a2d92e65497313bd7ab75ba3

Download Submit
C:\Windows\System\epcOdSd.exe

Filesize
2.4MB

MD5
97f833fef93a7e615db6e6f598ab1ad6

SHA1
54eae213b9e61e56a9a9d1ad1dca62912400a07f

SHA256
ee860df3ecdbd9c4c5aeadca276b53a28feb9b5ee45160087baa9f2f1a4302ba

SHA512
c99615419a3a0347644f24b782a8b837ff317633238a28087127d43f26e9407cf6c20a9b6b9806c364bb9733f695c629e096ab3698a760a0d1f2a2977b1bb3c6

Download Submit
C:\Windows\System\fJlpncy.exe

Filesize
2.4MB

MD5
2c66586b71f11c5e13bec648f75a8203

SHA1
9438cd66a8db6538f6406886c869845e526c19f8

SHA256
c70b5829ff5ed8cae04b806f0cec1d6053072d2a5c21921bd162db3934fb5ffc

SHA512
22e44507882d4b6046d0477f5f5f4c098a2844a65515d7bba7942ea3c90e566ad1795079f9be07d4c2d73375a403b430523729d08f9744d7fa9db72ee089b0d4

Download Submit
C:\Windows\System\hRCZcdA.exe

Filesize
2.4MB

MD5
abfe0966db8d77ae09ab95dd8e46b6e6

SHA1
ef1c2d708dd41ae54902d8896e63d442f01e5dbd

SHA256
0ff27f7315187857a2f2cb98a751ca99dcaab72070fbebc66bf8d1ce0e80bb45

SHA512
6fe941582b79e423b78682503f00b7a75e0b46ad28ee7cfcf36535f6809283dddfb34bd5166265b0efe466a10a91b771b34dbe7ca2fb1973035c802cbcc6e9fe

Download Submit
C:\Windows\System\ivdVYBj.exe

Filesize
2.4MB

MD5
e176e3417a5ae96391e77977265b5f5f

SHA1
9ff35df9a8125165200c54386bfc72a43d5fecd1

SHA256
b3b1bd82e9c6e54cf5bad587df564b15f2645559eb65be6835a1730d845ec231

SHA512
5003d4729b1a3aeaf496267400f8e369dc759893d68d91229e68d10e9e4e0aec611d5d7b887b903ad2bc8c9af90cad2e169383ae6d2efe8741030aa26f4ea66d

Download Submit
C:\Windows\System\jFyWQGi.exe

Filesize
2.4MB

MD5
729adc8ed4515da85618f84c4144234b

SHA1
530cdb75864acab6ce415fefb7aef02f7dd172bf

SHA256
1730b607fb01f84ceb1f93c57b09c49ab737b2a5796f630cbc28d4366fc71fb3

SHA512
70b5f29a650705afa655642846894f7106db00e4ea7ddd3389ae0ced48328b7cd89b28aeb88f2038ede686d4d7ba6c7e72aac1b660fc610118ee97ecdc11d716

Download Submit
C:\Windows\System\jzLBmfa.exe

Filesize
2.4MB

MD5
8e8eb73802158ed7c3296770dde51388

SHA1
f19d4359dad7dcaf90a24c2f72d01fbad6ee617e

SHA256
6890b12d30784a42878a40e1233812548ada76e93413eddc2a5f6c5c51b9fd78

SHA512
1f3c51b5b581abb93d090a37490316705817b9a71af2e117528e7f4bbdd62071fdd626050980d0cf8a07c72b824bb1320f501eba7769dfb4176041faf25b372e

Download Submit
C:\Windows\System\kZXyOfH.exe

Filesize
2.4MB

MD5
664220de8ae7ec289530d0b2895567d2

SHA1
4cf843a5d57ebff006038cf22d0ab706e311633e

SHA256
0471e7646a9f69eed0fe8df9f64bc32f54b72818eb6193a68de6b1376b1c4885

SHA512
cba11880b896bd636d9dfa8f5e947feaed477222df5fbeaa38004bd9454432cca734383708a52b3d09ea3ac6f45c27d4e322caca8032ec3171dd0a6f4766466a

Download Submit
C:\Windows\System\nHXAfiW.exe

Filesize
2.4MB

MD5
45c762f7e09e865a1d1745bec9384b3f

SHA1
a41f161ae79264e622cc2ebed7f0d8f61990f4b2

SHA256
cbb9fe1eb41b39c9432e571c22722efa5c607531086efe404da47490cd2b3e9d

SHA512
a63e627a53dab3428afa11db30dd3c984f24d0a4c6c876d03fa1ccfb74b4b6eee03a37f854b957346f1ccf5990cca03cc72ebbe9621595404c1e488200015d58

Download Submit
C:\Windows\System\ndUTKzc.exe

Filesize
2.4MB

MD5
82c4f20d9ed014f72b97c68c96d2321d

SHA1
57ba078a9a2cfe64d78e82bf63340f3b14c8ad2c

SHA256
581bb24e4a3dacfda31df94e366f0c6d35b064265126fe15ad220b9a4e07f94b

SHA512
53cdbe0c0684730b9b8887571ba1506e70a78a06d465363427ee86012e295574015bcc7c3150fc28a88b495cc68f8b78acdb77cecc8da54bb8ea51be55656853

Download Submit
C:\Windows\System\onKEyLG.exe

Filesize
2.4MB

MD5
0242bf318e3be6acd3dd00907f2777fe

SHA1
1c79c3a006e2f388f136ed3d81c84e2f8911f07c

SHA256
a67a133d5ff30f9526ba7a56c45e234ca5941599de638d3c3852cdfb0abf456e

SHA512
50d8815e73da6520c05cc0f57b8d6ba0428450048fa3404ab2f7caf7efc2df1c682306773ccfb39414a29e0c44b3b26859056f0a74f45977d568fef4d7abaaa8

Download Submit
C:\Windows\System\uGrHsPM.exe

Filesize
2.4MB

MD5
149f8cbb26f44561e99b39be092ca031

SHA1
e5cec2aa1badd8008c9a3774619ceafbc03446c4

SHA256
3c034ee51d58b83bb8f4c8d1be24b523240fc370417189a1925af50cdf4a0db9

SHA512
4d4b5a7448cadd17f30ba6de56dbe661ffd8aa098c4b674b9c8bbad0a620e74d98993b50bd2b1c09d115ffa2cb5270f27cc6601a5427bdbddc5904c5b0230115

Download Submit
C:\Windows\System\vHQwnpI.exe

Filesize
2.4MB

MD5
62f0df8e1b4d1402665c150a7723275a

SHA1
be30fa4e4ad513488c722e32c66b858af6e13ebb

SHA256
d34a095e0fdbbdaa0c37e8476f57435106ca7a78d56ab19c7834a19ee3494b34

SHA512
47b6a28fc88c199f8576b2cecfdf72e3e60812264fe1673223b831b036dca665fd213872f3e5540551229ad0af136eeb60c11acf09430651bc6dd93d1942f23b

Download Submit
C:\Windows\System\wNNabvG.exe

Filesize
2.4MB

MD5
7770d68c37d58e0a78e639206cb563ad

SHA1
c11d06ac3b64a85f343362d5a61b98694d17f2c4

SHA256
a03611b29c6e41d028eced6370f9a00e3d0d67359663c470a49f374447bda100

SHA512
8ef2047537028e44d8a63b049842a64d5979b2c209da8b88e44ae8337538b3332226108447e4ec86aec92a5bfff13c378a05f698ad3640bf5f08e139540fcb77

Download Submit
C:\Windows\System\wVWxcYE.exe

Filesize
2.4MB

MD5
01f17298dc12788842130cb301f048b9

SHA1
65016feace4a0b7dcbb96df3d5764281c92a1139

SHA256
ea6542d26a5d262ac01f9f741f3126ce67e6aa85cffec6cda884a508445ac36e

SHA512
8bb234cee6acb38d0582805f9edf7e1d305af422b7557d9ad39261aff75798d15fbc79ab545b28f6662125f103dca2f81c46bc3be651851fe5000136f0b532fb

Download Submit
C:\Windows\System\xORtAAZ.exe

Filesize
2.4MB

MD5
74439e13a42211f142f0cdcf423268ba

SHA1
5316ecfe8ac39d557290d45c1179a98742553096

SHA256
4221eb7126b1716622726f418ff9fccdc8365215a509e61ebf2efcbe68e25da8

SHA512
e07005b482dd18550cef79ac77f3e240b3bbf2cca1043611259282a4087d36e1f9e1721ae1145f54d4140e4b534947fee92e955f35d58dedf7635415a9ef579c

Download Submit
C:\Windows\System\xXsemlc.exe

Filesize
2.4MB

MD5
8aa7d4bc03cb7906d091c5fe4899ccbd

SHA1
f494d5d46cb2830764cdb8524f42466db6b7ea43

SHA256
d61e3ca321cfb7a09c1e5ea5a75442a028c6dbf1a3a5e5c490a2692123ca5cca

SHA512
260e60d64a448203efa275ed347996b2ab08bad4941799d4ed24bc99c50d9f5f6350a1c0713356009da9e7fc8f661cfbf61a204819d4391307451e106a56836d

Download Submit
C:\Windows\System\xYrgaus.exe

Filesize
2.4MB

MD5
e6a788a6b43c3f68b149ba31be38ac94

SHA1
ae0cd104f181e0b5fec740968146d91e97c47b3b

SHA256
dfc370e5a07889bc997a634387e14a62caf01eb5b32dd7f8b5d52fa1462eb814

SHA512
4bf508e7ff23525180d452e467667a8fe33ecd439a7f7e1b43b1745da24f25e07448fa67dc2de673cb40835e54e789f39f06084b52023a078727692ebf954d81

Download Submit
memory/512-676-0x00007FF601DB0000-0x00007FF602104000-memory.dmp

Filesize
3.3MB

Download
memory/512-34-0x00007FF601DB0000-0x00007FF602104000-memory.dmp

Filesize
3.3MB

Download
memory/512-2149-0x00007FF601DB0000-0x00007FF602104000-memory.dmp

Filesize
3.3MB

Download
memory/548-35-0x00007FF707150000-0x00007FF7074A4000-memory.dmp

Filesize
3.3MB

Download
memory/548-1747-0x00007FF707150000-0x00007FF7074A4000-memory.dmp

Filesize
3.3MB

Download
memory/548-2152-0x00007FF707150000-0x00007FF7074A4000-memory.dmp

Filesize
3.3MB

Download
memory/652-69-0x00007FF7EBD80000-0x00007FF7EC0D4000-memory.dmp

Filesize
3.3MB

Download
memory/652-2161-0x00007FF7EBD80000-0x00007FF7EC0D4000-memory.dmp

Filesize
3.3MB

Download
memory/736-2175-0x00007FF6B0320000-0x00007FF6B0674000-memory.dmp

Filesize
3.3MB

Download
memory/736-202-0x00007FF6B0320000-0x00007FF6B0674000-memory.dmp

Filesize
3.3MB

Download
memory/1000-2145-0x00007FF6D09B0000-0x00007FF6D0D04000-memory.dmp

Filesize
3.3MB

Download
memory/1000-2172-0x00007FF6D09B0000-0x00007FF6D0D04000-memory.dmp

Filesize
3.3MB

Download
memory/1000-148-0x00007FF6D09B0000-0x00007FF6D0D04000-memory.dmp

Filesize
3.3MB

Download
memory/1056-2143-0x00007FF699900000-0x00007FF699C54000-memory.dmp

Filesize
3.3MB

Download
memory/1056-2169-0x00007FF699900000-0x00007FF699C54000-memory.dmp

Filesize
3.3MB

Download
memory/1056-138-0x00007FF699900000-0x00007FF699C54000-memory.dmp

Filesize
3.3MB

Download
memory/1284-2155-0x00007FF6D39B0000-0x00007FF6D3D04000-memory.dmp

Filesize
3.3MB

Download
memory/1284-116-0x00007FF6D39B0000-0x00007FF6D3D04000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2163-0x00007FF726B30000-0x00007FF726E84000-memory.dmp

Filesize
3.3MB

Download
memory/1472-51-0x00007FF726B30000-0x00007FF726E84000-memory.dmp

Filesize
3.3MB

Download
memory/1968-13-0x00007FF627960000-0x00007FF627CB4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-188-0x00007FF627960000-0x00007FF627CB4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2148-0x00007FF627960000-0x00007FF627CB4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2141-0x00007FF7FE380000-0x00007FF7FE6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2158-0x00007FF7FE380000-0x00007FF7FE6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-78-0x00007FF7FE380000-0x00007FF7FE6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2144-0x00007FF659680000-0x00007FF6599D4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2170-0x00007FF659680000-0x00007FF6599D4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-170-0x00007FF659680000-0x00007FF6599D4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2166-0x00007FF67A3A0000-0x00007FF67A6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-121-0x00007FF67A3A0000-0x00007FF67A6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2162-0x00007FF7EF120000-0x00007FF7EF474000-memory.dmp

Filesize
3.3MB

Download
memory/2672-118-0x00007FF7EF120000-0x00007FF7EF474000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2173-0x00007FF686FF0000-0x00007FF687344000-memory.dmp

Filesize
3.3MB

Download
memory/2676-190-0x00007FF686FF0000-0x00007FF687344000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2174-0x00007FF7ED150000-0x00007FF7ED4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-200-0x00007FF7ED150000-0x00007FF7ED4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-119-0x00007FF7B48E0000-0x00007FF7B4C34000-memory.dmp

Filesize
3.3MB

Download
memory/2952-2157-0x00007FF7B48E0000-0x00007FF7B4C34000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2156-0x00007FF6D58F0000-0x00007FF6D5C44000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2142-0x00007FF6D58F0000-0x00007FF6D5C44000-memory.dmp

Filesize
3.3MB

Download
memory/3040-92-0x00007FF6D58F0000-0x00007FF6D5C44000-memory.dmp

Filesize
3.3MB

Download
memory/3096-38-0x00007FF6A21D0000-0x00007FF6A2524000-memory.dmp

Filesize
3.3MB

Download
memory/3096-2151-0x00007FF6A21D0000-0x00007FF6A2524000-memory.dmp

Filesize
3.3MB

Download
memory/3096-1756-0x00007FF6A21D0000-0x00007FF6A2524000-memory.dmp

Filesize
3.3MB

Download
memory/3188-2160-0x00007FF7C4B70000-0x00007FF7C4EC4000-memory.dmp

Filesize
3.3MB

Download
memory/3188-109-0x00007FF7C4B70000-0x00007FF7C4EC4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-161-0x00007FF749070000-0x00007FF7493C4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2146-0x00007FF749070000-0x00007FF7493C4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2171-0x00007FF749070000-0x00007FF7493C4000-memory.dmp

Filesize
3.3MB

Download
memory/3324-2165-0x00007FF6A2900000-0x00007FF6A2C54000-memory.dmp

Filesize
3.3MB

Download
memory/3324-120-0x00007FF6A2900000-0x00007FF6A2C54000-memory.dmp

Filesize
3.3MB

Download
memory/3560-2167-0x00007FF7C4060000-0x00007FF7C43B4000-memory.dmp

Filesize
3.3MB

Download
memory/3560-130-0x00007FF7C4060000-0x00007FF7C43B4000-memory.dmp

Filesize
3.3MB

Download
memory/3952-673-0x00007FF6CB4D0000-0x00007FF6CB824000-memory.dmp

Filesize
3.3MB

Download
memory/3952-2150-0x00007FF6CB4D0000-0x00007FF6CB824000-memory.dmp

Filesize
3.3MB

Download
memory/3952-25-0x00007FF6CB4D0000-0x00007FF6CB824000-memory.dmp

Filesize
3.3MB

Download
memory/4028-186-0x00007FF6ED8C0000-0x00007FF6EDC14000-memory.dmp

Filesize
3.3MB

Download
memory/4028-1-0x000001F5076A0000-0x000001F5076B0000-memory.dmp

Filesize
64KB

Download
memory/4028-0-0x00007FF6ED8C0000-0x00007FF6EDC14000-memory.dmp

Filesize
3.3MB

Download
memory/4060-2147-0x00007FF62DD60000-0x00007FF62E0B4000-memory.dmp

Filesize
3.3MB

Download
memory/4060-18-0x00007FF62DD60000-0x00007FF62E0B4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-2168-0x00007FF69A430000-0x00007FF69A784000-memory.dmp

Filesize
3.3MB

Download
memory/4360-160-0x00007FF69A430000-0x00007FF69A784000-memory.dmp

Filesize
3.3MB

Download
memory/4376-2153-0x00007FF78CE20000-0x00007FF78D174000-memory.dmp

Filesize
3.3MB

Download
memory/4376-117-0x00007FF78CE20000-0x00007FF78D174000-memory.dmp

Filesize
3.3MB

Download
memory/4676-113-0x00007FF630FB0000-0x00007FF631304000-memory.dmp

Filesize
3.3MB

Download
memory/4676-2164-0x00007FF630FB0000-0x00007FF631304000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2154-0x00007FF763160000-0x00007FF7634B4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-106-0x00007FF763160000-0x00007FF7634B4000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2140-0x00007FF763160000-0x00007FF7634B4000-memory.dmp

Filesize
3.3MB

Download
memory/4984-108-0x00007FF6001E0000-0x00007FF600534000-memory.dmp

Filesize
3.3MB

Download
memory/4984-2159-0x00007FF6001E0000-0x00007FF600534000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads