kpot | 7e309b66de8abed2c28d508695722976a978f6a021991e5522d73bf9970fb9f4

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 12:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
Size

2.5MB
MD5

ddf3f137d89e441eb171ae374ea80dd0
SHA1

f9bf7ebf3f80cccc4b9dee8bbfdeb56828cb0047
SHA256

7e309b66de8abed2c28d508695722976a978f6a021991e5522d73bf9970fb9f4
SHA512

9b53d6982ce8a2474eddc26e80b71a20ebaef997ab7b258bc8736240f7ae6ca628da5819ff3eeec8f843a5202ee1f036650c45baf9ce9afb6d953d0f19ac59ca
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eo5Q:BemTLkNdfE0pZrwU

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 34 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023432-7.dat	family_kpot
behavioral2/files/0x000900000002342b-15.dat	family_kpot
behavioral2/files/0x0007000000023434-18.dat	family_kpot
behavioral2/files/0x000700000002343b-68.dat	family_kpot
behavioral2/files/0x0007000000023440-95.dat	family_kpot
behavioral2/files/0x000700000002343f-93.dat	family_kpot
behavioral2/files/0x000700000002343e-91.dat	family_kpot
behavioral2/files/0x000700000002343d-89.dat	family_kpot
behavioral2/files/0x0007000000023439-86.dat	family_kpot
behavioral2/files/0x0007000000023438-84.dat	family_kpot
behavioral2/files/0x000700000002343c-78.dat	family_kpot
behavioral2/files/0x0007000000023436-76.dat	family_kpot
behavioral2/files/0x000700000002343a-62.dat	family_kpot
behavioral2/files/0x0007000000023437-61.dat	family_kpot
behavioral2/files/0x0007000000023435-47.dat	family_kpot
behavioral2/files/0x0007000000023433-30.dat	family_kpot
behavioral2/files/0x00060000000232a6-13.dat	family_kpot
behavioral2/files/0x0007000000023441-107.dat	family_kpot
behavioral2/files/0x0007000000023447-155.dat	family_kpot
behavioral2/files/0x000700000002344a-170.dat	family_kpot
behavioral2/files/0x000700000002344d-184.dat	family_kpot
behavioral2/files/0x000700000002344c-192.dat	family_kpot
behavioral2/files/0x0007000000023450-189.dat	family_kpot
behavioral2/files/0x000700000002344b-187.dat	family_kpot
behavioral2/files/0x000700000002344f-186.dat	family_kpot
behavioral2/files/0x000700000002344e-185.dat	family_kpot
behavioral2/files/0x0007000000023449-167.dat	family_kpot
behavioral2/files/0x0007000000023448-163.dat	family_kpot
behavioral2/files/0x0007000000023445-149.dat	family_kpot
behavioral2/files/0x0007000000023446-153.dat	family_kpot
behavioral2/files/0x0007000000023444-140.dat	family_kpot
behavioral2/files/0x000900000002342f-130.dat	family_kpot
behavioral2/files/0x0007000000023442-127.dat	family_kpot
behavioral2/files/0x0007000000023443-126.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2576-0-0x00007FF78D480000-0x00007FF78D7D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-7.dat	xmrig
behavioral2/files/0x000900000002342b-15.dat	xmrig
behavioral2/files/0x0007000000023434-18.dat	xmrig
behavioral2/files/0x000700000002343b-68.dat	xmrig
behavioral2/memory/3244-83-0x00007FF7897A0000-0x00007FF789AF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023440-95.dat	xmrig
behavioral2/memory/228-99-0x00007FF65F320000-0x00007FF65F674000-memory.dmp	xmrig
behavioral2/memory/1796-102-0x00007FF7D9DF0000-0x00007FF7DA144000-memory.dmp	xmrig
behavioral2/memory/3028-104-0x00007FF6D8030000-0x00007FF6D8384000-memory.dmp	xmrig
behavioral2/memory/924-103-0x00007FF676ED0000-0x00007FF677224000-memory.dmp	xmrig
behavioral2/memory/3212-101-0x00007FF787890000-0x00007FF787BE4000-memory.dmp	xmrig
behavioral2/memory/2080-100-0x00007FF6F4C30000-0x00007FF6F4F84000-memory.dmp	xmrig
behavioral2/memory/5040-98-0x00007FF64B420000-0x00007FF64B774000-memory.dmp	xmrig
behavioral2/memory/2408-97-0x00007FF678550000-0x00007FF6788A4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343f-93.dat	xmrig
behavioral2/files/0x000700000002343e-91.dat	xmrig
behavioral2/files/0x000700000002343d-89.dat	xmrig
behavioral2/memory/4296-88-0x00007FF621120000-0x00007FF621474000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-86.dat	xmrig
behavioral2/files/0x0007000000023438-84.dat	xmrig
behavioral2/memory/1912-81-0x00007FF7F47A0000-0x00007FF7F4AF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-78.dat	xmrig
behavioral2/files/0x0007000000023436-76.dat	xmrig
behavioral2/memory/2060-67-0x00007FF6E4C70000-0x00007FF6E4FC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343a-62.dat	xmrig
behavioral2/files/0x0007000000023437-61.dat	xmrig
behavioral2/memory/4560-48-0x00007FF7CCDC0000-0x00007FF7CD114000-memory.dmp	xmrig
behavioral2/files/0x0007000000023435-47.dat	xmrig
behavioral2/memory/2704-35-0x00007FF6BA190000-0x00007FF6BA4E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-30.dat	xmrig
behavioral2/memory/2412-38-0x00007FF7BA270000-0x00007FF7BA5C4000-memory.dmp	xmrig
behavioral2/memory/908-28-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp	xmrig
behavioral2/files/0x00060000000232a6-13.dat	xmrig
behavioral2/memory/2636-12-0x00007FF7B8820000-0x00007FF7B8B74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023441-107.dat	xmrig
behavioral2/files/0x0007000000023447-155.dat	xmrig
behavioral2/files/0x000700000002344a-170.dat	xmrig
behavioral2/files/0x000700000002344d-184.dat	xmrig
behavioral2/memory/3216-190-0x00007FF6ECF00000-0x00007FF6ED254000-memory.dmp	xmrig
behavioral2/files/0x000700000002344c-192.dat	xmrig
behavioral2/memory/2676-191-0x00007FF7ECB40000-0x00007FF7ECE94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023450-189.dat	xmrig
behavioral2/files/0x000700000002344b-187.dat	xmrig
behavioral2/files/0x000700000002344f-186.dat	xmrig
behavioral2/files/0x000700000002344e-185.dat	xmrig
behavioral2/memory/3508-181-0x00007FF6DC560000-0x00007FF6DC8B4000-memory.dmp	xmrig
behavioral2/memory/4432-174-0x00007FF78EE60000-0x00007FF78F1B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023449-167.dat	xmrig
behavioral2/memory/1904-166-0x00007FF704550000-0x00007FF7048A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023448-163.dat	xmrig
behavioral2/memory/2328-160-0x00007FF798CD0000-0x00007FF799024000-memory.dmp	xmrig
behavioral2/memory/1080-150-0x00007FF611690000-0x00007FF6119E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023445-149.dat	xmrig
behavioral2/files/0x0007000000023446-153.dat	xmrig
behavioral2/memory/3712-145-0x00007FF656F60000-0x00007FF6572B4000-memory.dmp	xmrig
behavioral2/memory/544-142-0x00007FF6A0A30000-0x00007FF6A0D84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023444-140.dat	xmrig
behavioral2/memory/4816-134-0x00007FF74CE40000-0x00007FF74D194000-memory.dmp	xmrig
behavioral2/files/0x000900000002342f-130.dat	xmrig
behavioral2/files/0x0007000000023442-127.dat	xmrig
behavioral2/files/0x0007000000023443-126.dat	xmrig
behavioral2/memory/60-123-0x00007FF664280000-0x00007FF6645D4000-memory.dmp	xmrig
behavioral2/memory/3320-118-0x00007FF6C24E0000-0x00007FF6C2834000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2636	fotUqQG.exe
908	nTLjRol.exe
2704	GiyHupO.exe
2412	ZyBGffc.exe
4560	FNWRTEB.exe
3212	iZZDhla.exe
1796	skWePji.exe
2060	djgxGSk.exe
924	Qpalypp.exe
1912	imhUCmw.exe
3244	oTnYfVQ.exe
4296	MreXIyd.exe
2408	CJKgxez.exe
3028	xPcqsvn.exe
5040	UKWhVPI.exe
228	DWhscGa.exe
2080	yvIGtyg.exe
3320	hHkOeKv.exe
60	aTfnhfH.exe
4816	OemSQLw.exe
2328	GZdOblA.exe
544	ncKiPFw.exe
1904	LTGlMfd.exe
3712	fydUseb.exe
1080	RHFzGxq.exe
4432	RkhSUMF.exe
3216	teJNpTL.exe
3508	eenQEgu.exe
2676	wDKDikL.exe
3732	DQxQNGA.exe
4100	uSwanmz.exe
684	qErdJpH.exe
1500	xaoKMyW.exe
1720	BKQEzKv.exe
468	nhEeXbH.exe
2808	yXisMcv.exe
4456	mRPtGGn.exe
3724	sMvuufw.exe
1964	ezTTDRF.exe
808	TKClMau.exe
4068	XGLEGeN.exe
3056	SQyapQB.exe
3344	rlyLMNS.exe
1892	WQKaLGt.exe
4332	SeGCAlu.exe
1656	aNhRJju.exe
2268	SOUNZSL.exe
336	XmBhoIR.exe
716	wjzQkOf.exe
4244	AVjDqcC.exe
2416	xYckEUx.exe
4968	AsrqUOu.exe
1184	qynupUA.exe
4920	diUsJJA.exe
2612	MhJaPHt.exe
4624	loydjLR.exe
960	ytOdjqp.exe
2520	mykUsiD.exe
5076	FFjAAyJ.exe
2168	xVHhIDM.exe
1040	oaAmLHT.exe
1460	blJnZMg.exe
2424	VUVOXbl.exe
756	xpjqjrs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2576-0-0x00007FF78D480000-0x00007FF78D7D4000-memory.dmp	upx
behavioral2/files/0x0007000000023432-7.dat	upx
behavioral2/files/0x000900000002342b-15.dat	upx
behavioral2/files/0x0007000000023434-18.dat	upx
behavioral2/files/0x000700000002343b-68.dat	upx
behavioral2/memory/3244-83-0x00007FF7897A0000-0x00007FF789AF4000-memory.dmp	upx
behavioral2/files/0x0007000000023440-95.dat	upx
behavioral2/memory/228-99-0x00007FF65F320000-0x00007FF65F674000-memory.dmp	upx
behavioral2/memory/1796-102-0x00007FF7D9DF0000-0x00007FF7DA144000-memory.dmp	upx
behavioral2/memory/3028-104-0x00007FF6D8030000-0x00007FF6D8384000-memory.dmp	upx
behavioral2/memory/924-103-0x00007FF676ED0000-0x00007FF677224000-memory.dmp	upx
behavioral2/memory/3212-101-0x00007FF787890000-0x00007FF787BE4000-memory.dmp	upx
behavioral2/memory/2080-100-0x00007FF6F4C30000-0x00007FF6F4F84000-memory.dmp	upx
behavioral2/memory/5040-98-0x00007FF64B420000-0x00007FF64B774000-memory.dmp	upx
behavioral2/memory/2408-97-0x00007FF678550000-0x00007FF6788A4000-memory.dmp	upx
behavioral2/files/0x000700000002343f-93.dat	upx
behavioral2/files/0x000700000002343e-91.dat	upx
behavioral2/files/0x000700000002343d-89.dat	upx
behavioral2/memory/4296-88-0x00007FF621120000-0x00007FF621474000-memory.dmp	upx
behavioral2/files/0x0007000000023439-86.dat	upx
behavioral2/files/0x0007000000023438-84.dat	upx
behavioral2/memory/1912-81-0x00007FF7F47A0000-0x00007FF7F4AF4000-memory.dmp	upx
behavioral2/files/0x000700000002343c-78.dat	upx
behavioral2/files/0x0007000000023436-76.dat	upx
behavioral2/memory/2060-67-0x00007FF6E4C70000-0x00007FF6E4FC4000-memory.dmp	upx
behavioral2/files/0x000700000002343a-62.dat	upx
behavioral2/files/0x0007000000023437-61.dat	upx
behavioral2/memory/4560-48-0x00007FF7CCDC0000-0x00007FF7CD114000-memory.dmp	upx
behavioral2/files/0x0007000000023435-47.dat	upx
behavioral2/memory/2704-35-0x00007FF6BA190000-0x00007FF6BA4E4000-memory.dmp	upx
behavioral2/files/0x0007000000023433-30.dat	upx
behavioral2/memory/2412-38-0x00007FF7BA270000-0x00007FF7BA5C4000-memory.dmp	upx
behavioral2/memory/908-28-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp	upx
behavioral2/files/0x00060000000232a6-13.dat	upx
behavioral2/memory/2636-12-0x00007FF7B8820000-0x00007FF7B8B74000-memory.dmp	upx
behavioral2/files/0x0007000000023441-107.dat	upx
behavioral2/files/0x0007000000023447-155.dat	upx
behavioral2/files/0x000700000002344a-170.dat	upx
behavioral2/files/0x000700000002344d-184.dat	upx
behavioral2/memory/3216-190-0x00007FF6ECF00000-0x00007FF6ED254000-memory.dmp	upx
behavioral2/files/0x000700000002344c-192.dat	upx
behavioral2/memory/2676-191-0x00007FF7ECB40000-0x00007FF7ECE94000-memory.dmp	upx
behavioral2/files/0x0007000000023450-189.dat	upx
behavioral2/files/0x000700000002344b-187.dat	upx
behavioral2/files/0x000700000002344f-186.dat	upx
behavioral2/files/0x000700000002344e-185.dat	upx
behavioral2/memory/3508-181-0x00007FF6DC560000-0x00007FF6DC8B4000-memory.dmp	upx
behavioral2/memory/4432-174-0x00007FF78EE60000-0x00007FF78F1B4000-memory.dmp	upx
behavioral2/files/0x0007000000023449-167.dat	upx
behavioral2/memory/1904-166-0x00007FF704550000-0x00007FF7048A4000-memory.dmp	upx
behavioral2/files/0x0007000000023448-163.dat	upx
behavioral2/memory/2328-160-0x00007FF798CD0000-0x00007FF799024000-memory.dmp	upx
behavioral2/memory/1080-150-0x00007FF611690000-0x00007FF6119E4000-memory.dmp	upx
behavioral2/files/0x0007000000023445-149.dat	upx
behavioral2/files/0x0007000000023446-153.dat	upx
behavioral2/memory/3712-145-0x00007FF656F60000-0x00007FF6572B4000-memory.dmp	upx
behavioral2/memory/544-142-0x00007FF6A0A30000-0x00007FF6A0D84000-memory.dmp	upx
behavioral2/files/0x0007000000023444-140.dat	upx
behavioral2/memory/4816-134-0x00007FF74CE40000-0x00007FF74D194000-memory.dmp	upx
behavioral2/files/0x000900000002342f-130.dat	upx
behavioral2/files/0x0007000000023442-127.dat	upx
behavioral2/files/0x0007000000023443-126.dat	upx
behavioral2/memory/60-123-0x00007FF664280000-0x00007FF6645D4000-memory.dmp	upx
behavioral2/memory/3320-118-0x00007FF6C24E0000-0x00007FF6C2834000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lKnGYEo.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\NKPcysc.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\DQxQNGA.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\AVjDqcC.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\QlkOKEx.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\fiqknDB.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\tRDVrqd.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\iTnmjgF.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\XFYsufN.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\lAZQAHZ.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\WhdIlqm.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\YhYqGKc.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\dagUgTG.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\AnCqypZ.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\OIQFklX.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\GlKRNhh.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\SeGCAlu.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\uDDEGfu.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\olrgRtK.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\zPlXxDM.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\Mwmoeet.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\SsMjMTM.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\yXisMcv.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\mNQieBc.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\qWaEpQQ.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\UUNLsTy.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\xPcIGUL.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\uZlNmtz.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\jPjTvVp.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\YzqvKou.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\UmuIFHD.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\lwWTJZH.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\TcHMULQ.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\aTfnhfH.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\zGJniCT.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\qHvyELR.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\xpjqjrs.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\UdFehjL.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\YgTpQdn.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\hPPFYfg.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\kBWXSJT.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\GzDNads.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\WgvCVkR.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\pPexUDF.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\juqCXtX.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\MldsHrq.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\iZZDhla.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\AAHKAoz.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\eHvRxWz.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\QFIszQU.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\AvhzYDA.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\fdzCBea.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\HoPjBbK.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\xljqnoE.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\MUPLGse.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\tJYquDO.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\jrreUOT.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\CxGYdbS.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\eqkGUcQ.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\qJhQtho.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\ZNdGxDq.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\IunaVeM.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\PLlWIal.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
File created	C:\Windows\System\dFvzemL.exe	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14676	dwm.exe
Token: SeChangeNotifyPrivilege	14676	dwm.exe
Token: 33	14676	dwm.exe
Token: SeIncBasePriorityPrivilege	14676	dwm.exe
Token: SeShutdownPrivilege	14676	dwm.exe
Token: SeCreatePagefilePrivilege	14676	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2636	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	84
PID 2576 wrote to memory of 2636	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	84
PID 2576 wrote to memory of 908	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	85
PID 2576 wrote to memory of 908	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	85
PID 2576 wrote to memory of 2704	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	86
PID 2576 wrote to memory of 2704	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	86
PID 2576 wrote to memory of 4560	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	87
PID 2576 wrote to memory of 4560	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	87
PID 2576 wrote to memory of 2412	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	88
PID 2576 wrote to memory of 2412	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	88
PID 2576 wrote to memory of 3212	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	89
PID 2576 wrote to memory of 3212	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	89
PID 2576 wrote to memory of 1796	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	90
PID 2576 wrote to memory of 1796	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	90
PID 2576 wrote to memory of 2060	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	91
PID 2576 wrote to memory of 2060	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	91
PID 2576 wrote to memory of 924	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	92
PID 2576 wrote to memory of 924	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	92
PID 2576 wrote to memory of 1912	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	93
PID 2576 wrote to memory of 1912	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	93
PID 2576 wrote to memory of 3244	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	94
PID 2576 wrote to memory of 3244	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	94
PID 2576 wrote to memory of 4296	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	95
PID 2576 wrote to memory of 4296	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	95
PID 2576 wrote to memory of 2408	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	96
PID 2576 wrote to memory of 2408	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	96
PID 2576 wrote to memory of 3028	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	97
PID 2576 wrote to memory of 3028	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	97
PID 2576 wrote to memory of 5040	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	98
PID 2576 wrote to memory of 5040	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	98
PID 2576 wrote to memory of 228	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	99
PID 2576 wrote to memory of 228	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	99
PID 2576 wrote to memory of 2080	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	100
PID 2576 wrote to memory of 2080	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	100
PID 2576 wrote to memory of 3320	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	101
PID 2576 wrote to memory of 3320	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	101
PID 2576 wrote to memory of 60	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	102
PID 2576 wrote to memory of 60	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	102
PID 2576 wrote to memory of 4816	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	103
PID 2576 wrote to memory of 4816	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	103
PID 2576 wrote to memory of 2328	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	104
PID 2576 wrote to memory of 2328	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	104
PID 2576 wrote to memory of 544	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	105
PID 2576 wrote to memory of 544	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	105
PID 2576 wrote to memory of 1904	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	106
PID 2576 wrote to memory of 1904	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	106
PID 2576 wrote to memory of 3712	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	107
PID 2576 wrote to memory of 3712	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	107
PID 2576 wrote to memory of 1080	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	108
PID 2576 wrote to memory of 1080	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	108
PID 2576 wrote to memory of 4432	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	109
PID 2576 wrote to memory of 4432	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	109
PID 2576 wrote to memory of 3216	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	110
PID 2576 wrote to memory of 3216	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	110
PID 2576 wrote to memory of 3508	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	111
PID 2576 wrote to memory of 3508	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	111
PID 2576 wrote to memory of 2676	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	112
PID 2576 wrote to memory of 2676	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	112
PID 2576 wrote to memory of 3732	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	113
PID 2576 wrote to memory of 3732	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	113
PID 2576 wrote to memory of 4100	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	114
PID 2576 wrote to memory of 4100	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	114
PID 2576 wrote to memory of 684	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	115
PID 2576 wrote to memory of 684	2576	ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ddf3f137d89e441eb171ae374ea80dd0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Windows\System\fotUqQG.exe
  C:\Windows\System\fotUqQG.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\nTLjRol.exe
  C:\Windows\System\nTLjRol.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\GiyHupO.exe
  C:\Windows\System\GiyHupO.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\FNWRTEB.exe
  C:\Windows\System\FNWRTEB.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\ZyBGffc.exe
  C:\Windows\System\ZyBGffc.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\iZZDhla.exe
  C:\Windows\System\iZZDhla.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\skWePji.exe
  C:\Windows\System\skWePji.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\djgxGSk.exe
  C:\Windows\System\djgxGSk.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\Qpalypp.exe
  C:\Windows\System\Qpalypp.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\imhUCmw.exe
  C:\Windows\System\imhUCmw.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\oTnYfVQ.exe
  C:\Windows\System\oTnYfVQ.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\MreXIyd.exe
  C:\Windows\System\MreXIyd.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\CJKgxez.exe
  C:\Windows\System\CJKgxez.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\xPcqsvn.exe
  C:\Windows\System\xPcqsvn.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\UKWhVPI.exe
  C:\Windows\System\UKWhVPI.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\DWhscGa.exe
  C:\Windows\System\DWhscGa.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\yvIGtyg.exe
  C:\Windows\System\yvIGtyg.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\hHkOeKv.exe
  C:\Windows\System\hHkOeKv.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\aTfnhfH.exe
  C:\Windows\System\aTfnhfH.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\OemSQLw.exe
  C:\Windows\System\OemSQLw.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\GZdOblA.exe
  C:\Windows\System\GZdOblA.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\ncKiPFw.exe
  C:\Windows\System\ncKiPFw.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\LTGlMfd.exe
  C:\Windows\System\LTGlMfd.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\fydUseb.exe
  C:\Windows\System\fydUseb.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\RHFzGxq.exe
  C:\Windows\System\RHFzGxq.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\RkhSUMF.exe
  C:\Windows\System\RkhSUMF.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\teJNpTL.exe
  C:\Windows\System\teJNpTL.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\eenQEgu.exe
  C:\Windows\System\eenQEgu.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\wDKDikL.exe
  C:\Windows\System\wDKDikL.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\DQxQNGA.exe
  C:\Windows\System\DQxQNGA.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\uSwanmz.exe
  C:\Windows\System\uSwanmz.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\qErdJpH.exe
  C:\Windows\System\qErdJpH.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\xaoKMyW.exe
  C:\Windows\System\xaoKMyW.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\BKQEzKv.exe
  C:\Windows\System\BKQEzKv.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\nhEeXbH.exe
  C:\Windows\System\nhEeXbH.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\yXisMcv.exe
  C:\Windows\System\yXisMcv.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\mRPtGGn.exe
  C:\Windows\System\mRPtGGn.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\sMvuufw.exe
  C:\Windows\System\sMvuufw.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\ezTTDRF.exe
  C:\Windows\System\ezTTDRF.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\TKClMau.exe
  C:\Windows\System\TKClMau.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\XGLEGeN.exe
  C:\Windows\System\XGLEGeN.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\SQyapQB.exe
  C:\Windows\System\SQyapQB.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\rlyLMNS.exe
  C:\Windows\System\rlyLMNS.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\WQKaLGt.exe
  C:\Windows\System\WQKaLGt.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\SeGCAlu.exe
  C:\Windows\System\SeGCAlu.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\aNhRJju.exe
  C:\Windows\System\aNhRJju.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\SOUNZSL.exe
  C:\Windows\System\SOUNZSL.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\XmBhoIR.exe
  C:\Windows\System\XmBhoIR.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\wjzQkOf.exe
  C:\Windows\System\wjzQkOf.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\AVjDqcC.exe
  C:\Windows\System\AVjDqcC.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\xYckEUx.exe
  C:\Windows\System\xYckEUx.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\AsrqUOu.exe
  C:\Windows\System\AsrqUOu.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\qynupUA.exe
  C:\Windows\System\qynupUA.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\diUsJJA.exe
  C:\Windows\System\diUsJJA.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\MhJaPHt.exe
  C:\Windows\System\MhJaPHt.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\loydjLR.exe
  C:\Windows\System\loydjLR.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\ytOdjqp.exe
  C:\Windows\System\ytOdjqp.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\mykUsiD.exe
  C:\Windows\System\mykUsiD.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\FFjAAyJ.exe
  C:\Windows\System\FFjAAyJ.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\xVHhIDM.exe
  C:\Windows\System\xVHhIDM.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\oaAmLHT.exe
  C:\Windows\System\oaAmLHT.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\blJnZMg.exe
  C:\Windows\System\blJnZMg.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\VUVOXbl.exe
  C:\Windows\System\VUVOXbl.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\xpjqjrs.exe
  C:\Windows\System\xpjqjrs.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\JuwJIFU.exe
  C:\Windows\System\JuwJIFU.exe
  2⤵
  PID:3752
- C:\Windows\System\mizItWT.exe
  C:\Windows\System\mizItWT.exe
  2⤵
  PID:4644
- C:\Windows\System\LczJfGz.exe
  C:\Windows\System\LczJfGz.exe
  2⤵
  PID:5032
- C:\Windows\System\NzanAMm.exe
  C:\Windows\System\NzanAMm.exe
  2⤵
  PID:1324
- C:\Windows\System\Czubvru.exe
  C:\Windows\System\Czubvru.exe
  2⤵
  PID:5116
- C:\Windows\System\EliZWRQ.exe
  C:\Windows\System\EliZWRQ.exe
  2⤵
  PID:3996
- C:\Windows\System\VjAoYjA.exe
  C:\Windows\System\VjAoYjA.exe
  2⤵
  PID:3800
- C:\Windows\System\IpUeszk.exe
  C:\Windows\System\IpUeszk.exe
  2⤵
  PID:3748
- C:\Windows\System\uWypFZY.exe
  C:\Windows\System\uWypFZY.exe
  2⤵
  PID:1152
- C:\Windows\System\xURgvqZ.exe
  C:\Windows\System\xURgvqZ.exe
  2⤵
  PID:1292
- C:\Windows\System\LXFdeXo.exe
  C:\Windows\System\LXFdeXo.exe
  2⤵
  PID:3328
- C:\Windows\System\tbSUwIZ.exe
  C:\Windows\System\tbSUwIZ.exe
  2⤵
  PID:2188
- C:\Windows\System\MMwzKrH.exe
  C:\Windows\System\MMwzKrH.exe
  2⤵
  PID:2120
- C:\Windows\System\GSRZJpk.exe
  C:\Windows\System\GSRZJpk.exe
  2⤵
  PID:4860
- C:\Windows\System\oiorZUD.exe
  C:\Windows\System\oiorZUD.exe
  2⤵
  PID:2956
- C:\Windows\System\esgWvqz.exe
  C:\Windows\System\esgWvqz.exe
  2⤵
  PID:4416
- C:\Windows\System\bbdZLRF.exe
  C:\Windows\System\bbdZLRF.exe
  2⤵
  PID:4340
- C:\Windows\System\rwKWfgt.exe
  C:\Windows\System\rwKWfgt.exe
  2⤵
  PID:4540
- C:\Windows\System\UQFrIfg.exe
  C:\Windows\System\UQFrIfg.exe
  2⤵
  PID:3396
- C:\Windows\System\axzEzrD.exe
  C:\Windows\System\axzEzrD.exe
  2⤵
  PID:1584
- C:\Windows\System\tIUqigI.exe
  C:\Windows\System\tIUqigI.exe
  2⤵
  PID:1608
- C:\Windows\System\wEdVPjs.exe
  C:\Windows\System\wEdVPjs.exe
  2⤵
  PID:4408
- C:\Windows\System\pKzlZKr.exe
  C:\Windows\System\pKzlZKr.exe
  2⤵
  PID:1148
- C:\Windows\System\BqISKDt.exe
  C:\Windows\System\BqISKDt.exe
  2⤵
  PID:732
- C:\Windows\System\vIQKWLB.exe
  C:\Windows\System\vIQKWLB.exe
  2⤵
  PID:4828
- C:\Windows\System\gkUraJe.exe
  C:\Windows\System\gkUraJe.exe
  2⤵
  PID:3980
- C:\Windows\System\dFvzemL.exe
  C:\Windows\System\dFvzemL.exe
  2⤵
  PID:880
- C:\Windows\System\jLFnjFZ.exe
  C:\Windows\System\jLFnjFZ.exe
  2⤵
  PID:4444
- C:\Windows\System\ZsaGoxT.exe
  C:\Windows\System\ZsaGoxT.exe
  2⤵
  PID:64
- C:\Windows\System\UXOWuug.exe
  C:\Windows\System\UXOWuug.exe
  2⤵
  PID:4640
- C:\Windows\System\lJcCKsd.exe
  C:\Windows\System\lJcCKsd.exe
  2⤵
  PID:4776
- C:\Windows\System\kDgurgq.exe
  C:\Windows\System\kDgurgq.exe
  2⤵
  PID:3280
- C:\Windows\System\rYtRDhw.exe
  C:\Windows\System\rYtRDhw.exe
  2⤵
  PID:1980
- C:\Windows\System\xbLjGuy.exe
  C:\Windows\System\xbLjGuy.exe
  2⤵
  PID:2728
- C:\Windows\System\RYYWSXc.exe
  C:\Windows\System\RYYWSXc.exe
  2⤵
  PID:5136
- C:\Windows\System\ttoYqlg.exe
  C:\Windows\System\ttoYqlg.exe
  2⤵
  PID:5168
- C:\Windows\System\qSJeGHX.exe
  C:\Windows\System\qSJeGHX.exe
  2⤵
  PID:5196
- C:\Windows\System\KZOoIFx.exe
  C:\Windows\System\KZOoIFx.exe
  2⤵
  PID:5224
- C:\Windows\System\CUqsfBI.exe
  C:\Windows\System\CUqsfBI.exe
  2⤵
  PID:5244
- C:\Windows\System\PyxwEle.exe
  C:\Windows\System\PyxwEle.exe
  2⤵
  PID:5284
- C:\Windows\System\chzzQJe.exe
  C:\Windows\System\chzzQJe.exe
  2⤵
  PID:5308
- C:\Windows\System\QpzmaJQ.exe
  C:\Windows\System\QpzmaJQ.exe
  2⤵
  PID:5324
- C:\Windows\System\EVSEbbw.exe
  C:\Windows\System\EVSEbbw.exe
  2⤵
  PID:5364
- C:\Windows\System\sQCihTV.exe
  C:\Windows\System\sQCihTV.exe
  2⤵
  PID:5392
- C:\Windows\System\MSPcLcT.exe
  C:\Windows\System\MSPcLcT.exe
  2⤵
  PID:5420
- C:\Windows\System\GmXbYQE.exe
  C:\Windows\System\GmXbYQE.exe
  2⤵
  PID:5456
- C:\Windows\System\Gyggqdq.exe
  C:\Windows\System\Gyggqdq.exe
  2⤵
  PID:5480
- C:\Windows\System\hkJTakg.exe
  C:\Windows\System\hkJTakg.exe
  2⤵
  PID:5508
- C:\Windows\System\lgiQSiP.exe
  C:\Windows\System\lgiQSiP.exe
  2⤵
  PID:5536
- C:\Windows\System\jvRucVs.exe
  C:\Windows\System\jvRucVs.exe
  2⤵
  PID:5564
- C:\Windows\System\IPleJOf.exe
  C:\Windows\System\IPleJOf.exe
  2⤵
  PID:5592
- C:\Windows\System\wPRlPPv.exe
  C:\Windows\System\wPRlPPv.exe
  2⤵
  PID:5632
- C:\Windows\System\AAHKAoz.exe
  C:\Windows\System\AAHKAoz.exe
  2⤵
  PID:5652
- C:\Windows\System\SaNYKwM.exe
  C:\Windows\System\SaNYKwM.exe
  2⤵
  PID:5684
- C:\Windows\System\wbnZAqP.exe
  C:\Windows\System\wbnZAqP.exe
  2⤵
  PID:5712
- C:\Windows\System\EhbxzzQ.exe
  C:\Windows\System\EhbxzzQ.exe
  2⤵
  PID:5744
- C:\Windows\System\etqOdsB.exe
  C:\Windows\System\etqOdsB.exe
  2⤵
  PID:5764
- C:\Windows\System\sClRCkm.exe
  C:\Windows\System\sClRCkm.exe
  2⤵
  PID:5780
- C:\Windows\System\zbeSoag.exe
  C:\Windows\System\zbeSoag.exe
  2⤵
  PID:5796
- C:\Windows\System\XFarmAU.exe
  C:\Windows\System\XFarmAU.exe
  2⤵
  PID:5812
- C:\Windows\System\OEkjyHv.exe
  C:\Windows\System\OEkjyHv.exe
  2⤵
  PID:5848
- C:\Windows\System\fWmUwsN.exe
  C:\Windows\System\fWmUwsN.exe
  2⤵
  PID:5888
- C:\Windows\System\XQMrLHT.exe
  C:\Windows\System\XQMrLHT.exe
  2⤵
  PID:5920
- C:\Windows\System\lAZQAHZ.exe
  C:\Windows\System\lAZQAHZ.exe
  2⤵
  PID:5948
- C:\Windows\System\DATdMCC.exe
  C:\Windows\System\DATdMCC.exe
  2⤵
  PID:5964
- C:\Windows\System\WhdIlqm.exe
  C:\Windows\System\WhdIlqm.exe
  2⤵
  PID:6000
- C:\Windows\System\ipbzUPT.exe
  C:\Windows\System\ipbzUPT.exe
  2⤵
  PID:6024
- C:\Windows\System\TCDMzTP.exe
  C:\Windows\System\TCDMzTP.exe
  2⤵
  PID:6060
- C:\Windows\System\swiorcc.exe
  C:\Windows\System\swiorcc.exe
  2⤵
  PID:6100
- C:\Windows\System\imXkRNE.exe
  C:\Windows\System\imXkRNE.exe
  2⤵
  PID:6128
- C:\Windows\System\TjHzPHQ.exe
  C:\Windows\System\TjHzPHQ.exe
  2⤵
  PID:1676
- C:\Windows\System\ByGomhY.exe
  C:\Windows\System\ByGomhY.exe
  2⤵
  PID:5184
- C:\Windows\System\MUPLGse.exe
  C:\Windows\System\MUPLGse.exe
  2⤵
  PID:5252
- C:\Windows\System\KhUIcvi.exe
  C:\Windows\System\KhUIcvi.exe
  2⤵
  PID:5348
- C:\Windows\System\TmPaCeN.exe
  C:\Windows\System\TmPaCeN.exe
  2⤵
  PID:5384
- C:\Windows\System\hhajcSn.exe
  C:\Windows\System\hhajcSn.exe
  2⤵
  PID:5444
- C:\Windows\System\fOwfXEY.exe
  C:\Windows\System\fOwfXEY.exe
  2⤵
  PID:5516
- C:\Windows\System\gmXunZn.exe
  C:\Windows\System\gmXunZn.exe
  2⤵
  PID:5584
- C:\Windows\System\AnDDHsl.exe
  C:\Windows\System\AnDDHsl.exe
  2⤵
  PID:5648
- C:\Windows\System\TRCttXd.exe
  C:\Windows\System\TRCttXd.exe
  2⤵
  PID:5720
- C:\Windows\System\QROKafd.exe
  C:\Windows\System\QROKafd.exe
  2⤵
  PID:5772
- C:\Windows\System\XRLjfID.exe
  C:\Windows\System\XRLjfID.exe
  2⤵
  PID:5832
- C:\Windows\System\wxhfXzS.exe
  C:\Windows\System\wxhfXzS.exe
  2⤵
  PID:2096
- C:\Windows\System\qlElnuo.exe
  C:\Windows\System\qlElnuo.exe
  2⤵
  PID:6012
- C:\Windows\System\KWlixpk.exe
  C:\Windows\System\KWlixpk.exe
  2⤵
  PID:6088
- C:\Windows\System\JYwOlQz.exe
  C:\Windows\System\JYwOlQz.exe
  2⤵
  PID:5176
- C:\Windows\System\yCdnlQm.exe
  C:\Windows\System\yCdnlQm.exe
  2⤵
  PID:5320
- C:\Windows\System\lJYHHFc.exe
  C:\Windows\System\lJYHHFc.exe
  2⤵
  PID:5432
- C:\Windows\System\NCEiDRy.exe
  C:\Windows\System\NCEiDRy.exe
  2⤵
  PID:5500
- C:\Windows\System\Jwudzkc.exe
  C:\Windows\System\Jwudzkc.exe
  2⤵
  PID:3688
- C:\Windows\System\qHkiurA.exe
  C:\Windows\System\qHkiurA.exe
  2⤵
  PID:5692
- C:\Windows\System\LplhFAG.exe
  C:\Windows\System\LplhFAG.exe
  2⤵
  PID:5864
- C:\Windows\System\ksxlMLT.exe
  C:\Windows\System\ksxlMLT.exe
  2⤵
  PID:5412
- C:\Windows\System\eHvRxWz.exe
  C:\Windows\System\eHvRxWz.exe
  2⤵
  PID:5624
- C:\Windows\System\IRRUXOe.exe
  C:\Windows\System\IRRUXOe.exe
  2⤵
  PID:5556
- C:\Windows\System\LdTwIZy.exe
  C:\Windows\System\LdTwIZy.exe
  2⤵
  PID:5884
- C:\Windows\System\pPexUDF.exe
  C:\Windows\System\pPexUDF.exe
  2⤵
  PID:6164
- C:\Windows\System\qTNdoIN.exe
  C:\Windows\System\qTNdoIN.exe
  2⤵
  PID:6200
- C:\Windows\System\wznWVLt.exe
  C:\Windows\System\wznWVLt.exe
  2⤵
  PID:6224
- C:\Windows\System\YhYqGKc.exe
  C:\Windows\System\YhYqGKc.exe
  2⤵
  PID:6248
- C:\Windows\System\LmDzydH.exe
  C:\Windows\System\LmDzydH.exe
  2⤵
  PID:6276
- C:\Windows\System\QvdZgRh.exe
  C:\Windows\System\QvdZgRh.exe
  2⤵
  PID:6304
- C:\Windows\System\tzVXRsR.exe
  C:\Windows\System\tzVXRsR.exe
  2⤵
  PID:6332
- C:\Windows\System\MFSkguS.exe
  C:\Windows\System\MFSkguS.exe
  2⤵
  PID:6364
- C:\Windows\System\QFIszQU.exe
  C:\Windows\System\QFIszQU.exe
  2⤵
  PID:6392
- C:\Windows\System\ouzjmac.exe
  C:\Windows\System\ouzjmac.exe
  2⤵
  PID:6416
- C:\Windows\System\UQYpSHD.exe
  C:\Windows\System\UQYpSHD.exe
  2⤵
  PID:6444
- C:\Windows\System\XYDMpQh.exe
  C:\Windows\System\XYDMpQh.exe
  2⤵
  PID:6476
- C:\Windows\System\lGzlmEc.exe
  C:\Windows\System\lGzlmEc.exe
  2⤵
  PID:6504
- C:\Windows\System\FdaTtQV.exe
  C:\Windows\System\FdaTtQV.exe
  2⤵
  PID:6524
- C:\Windows\System\uEdZcvI.exe
  C:\Windows\System\uEdZcvI.exe
  2⤵
  PID:6548
- C:\Windows\System\xcUyMeE.exe
  C:\Windows\System\xcUyMeE.exe
  2⤵
  PID:6584
- C:\Windows\System\KWhGzKv.exe
  C:\Windows\System\KWhGzKv.exe
  2⤵
  PID:6628
- C:\Windows\System\rNlYGor.exe
  C:\Windows\System\rNlYGor.exe
  2⤵
  PID:6660
- C:\Windows\System\BeVEaVR.exe
  C:\Windows\System\BeVEaVR.exe
  2⤵
  PID:6688
- C:\Windows\System\bMFnYLM.exe
  C:\Windows\System\bMFnYLM.exe
  2⤵
  PID:6720
- C:\Windows\System\YRWqCaR.exe
  C:\Windows\System\YRWqCaR.exe
  2⤵
  PID:6740
- C:\Windows\System\jHnChPy.exe
  C:\Windows\System\jHnChPy.exe
  2⤵
  PID:6756
- C:\Windows\System\HRpbmkw.exe
  C:\Windows\System\HRpbmkw.exe
  2⤵
  PID:6792
- C:\Windows\System\hSrYzzD.exe
  C:\Windows\System\hSrYzzD.exe
  2⤵
  PID:6824
- C:\Windows\System\OhmaBqb.exe
  C:\Windows\System\OhmaBqb.exe
  2⤵
  PID:6844
- C:\Windows\System\MOYKfDC.exe
  C:\Windows\System\MOYKfDC.exe
  2⤵
  PID:6884
- C:\Windows\System\LkkpcnT.exe
  C:\Windows\System\LkkpcnT.exe
  2⤵
  PID:6908
- C:\Windows\System\aFSImXv.exe
  C:\Windows\System\aFSImXv.exe
  2⤵
  PID:6936
- C:\Windows\System\GuuEEgz.exe
  C:\Windows\System\GuuEEgz.exe
  2⤵
  PID:6980
- C:\Windows\System\tJYquDO.exe
  C:\Windows\System\tJYquDO.exe
  2⤵
  PID:7008
- C:\Windows\System\elXutKT.exe
  C:\Windows\System\elXutKT.exe
  2⤵
  PID:7036
- C:\Windows\System\HJSRVkI.exe
  C:\Windows\System\HJSRVkI.exe
  2⤵
  PID:7056
- C:\Windows\System\NwmyGNO.exe
  C:\Windows\System\NwmyGNO.exe
  2⤵
  PID:7096
- C:\Windows\System\oiCtZOm.exe
  C:\Windows\System\oiCtZOm.exe
  2⤵
  PID:7140
- C:\Windows\System\WRpxkPN.exe
  C:\Windows\System\WRpxkPN.exe
  2⤵
  PID:7156
- C:\Windows\System\SSRTDlK.exe
  C:\Windows\System\SSRTDlK.exe
  2⤵
  PID:6176
- C:\Windows\System\kscxqHL.exe
  C:\Windows\System\kscxqHL.exe
  2⤵
  PID:6260
- C:\Windows\System\UdFehjL.exe
  C:\Windows\System\UdFehjL.exe
  2⤵
  PID:6380
- C:\Windows\System\YgTpQdn.exe
  C:\Windows\System\YgTpQdn.exe
  2⤵
  PID:6464
- C:\Windows\System\IOfRrsM.exe
  C:\Windows\System\IOfRrsM.exe
  2⤵
  PID:6568
- C:\Windows\System\CLIbQWm.exe
  C:\Windows\System\CLIbQWm.exe
  2⤵
  PID:6652
- C:\Windows\System\tNxlMal.exe
  C:\Windows\System\tNxlMal.exe
  2⤵
  PID:6732
- C:\Windows\System\tZOHMvS.exe
  C:\Windows\System\tZOHMvS.exe
  2⤵
  PID:6752
- C:\Windows\System\hMHcLyo.exe
  C:\Windows\System\hMHcLyo.exe
  2⤵
  PID:6852
- C:\Windows\System\gbcOkru.exe
  C:\Windows\System\gbcOkru.exe
  2⤵
  PID:6932
- C:\Windows\System\xzWZLJl.exe
  C:\Windows\System\xzWZLJl.exe
  2⤵
  PID:7000
- C:\Windows\System\DCiCuUK.exe
  C:\Windows\System\DCiCuUK.exe
  2⤵
  PID:7108
- C:\Windows\System\BtifjFP.exe
  C:\Windows\System\BtifjFP.exe
  2⤵
  PID:6160
- C:\Windows\System\gkgljEM.exe
  C:\Windows\System\gkgljEM.exe
  2⤵
  PID:6512
- C:\Windows\System\QcPvStW.exe
  C:\Windows\System\QcPvStW.exe
  2⤵
  PID:6708
- C:\Windows\System\qlkfiop.exe
  C:\Windows\System\qlkfiop.exe
  2⤵
  PID:6780
- C:\Windows\System\xLFDlks.exe
  C:\Windows\System\xLFDlks.exe
  2⤵
  PID:7048
- C:\Windows\System\tWhyvLR.exe
  C:\Windows\System\tWhyvLR.exe
  2⤵
  PID:6412
- C:\Windows\System\teMlpYJ.exe
  C:\Windows\System\teMlpYJ.exe
  2⤵
  PID:6904
- C:\Windows\System\rIEQylB.exe
  C:\Windows\System\rIEQylB.exe
  2⤵
  PID:7176
- C:\Windows\System\vvAoxVY.exe
  C:\Windows\System\vvAoxVY.exe
  2⤵
  PID:7196
- C:\Windows\System\fKpxFiG.exe
  C:\Windows\System\fKpxFiG.exe
  2⤵
  PID:7236
- C:\Windows\System\QvzmdMi.exe
  C:\Windows\System\QvzmdMi.exe
  2⤵
  PID:7276
- C:\Windows\System\UQnYdIF.exe
  C:\Windows\System\UQnYdIF.exe
  2⤵
  PID:7308
- C:\Windows\System\bURQnwP.exe
  C:\Windows\System\bURQnwP.exe
  2⤵
  PID:7340
- C:\Windows\System\sDrsVGU.exe
  C:\Windows\System\sDrsVGU.exe
  2⤵
  PID:7376
- C:\Windows\System\yoNfVdR.exe
  C:\Windows\System\yoNfVdR.exe
  2⤵
  PID:7404
- C:\Windows\System\uDDEGfu.exe
  C:\Windows\System\uDDEGfu.exe
  2⤵
  PID:7432
- C:\Windows\System\caRtgCa.exe
  C:\Windows\System\caRtgCa.exe
  2⤵
  PID:7468
- C:\Windows\System\LfEgqgs.exe
  C:\Windows\System\LfEgqgs.exe
  2⤵
  PID:7504
- C:\Windows\System\xSxsdAN.exe
  C:\Windows\System\xSxsdAN.exe
  2⤵
  PID:7520
- C:\Windows\System\hMoubdK.exe
  C:\Windows\System\hMoubdK.exe
  2⤵
  PID:7548
- C:\Windows\System\CavCvem.exe
  C:\Windows\System\CavCvem.exe
  2⤵
  PID:7576
- C:\Windows\System\aGiERUQ.exe
  C:\Windows\System\aGiERUQ.exe
  2⤵
  PID:7616
- C:\Windows\System\BGVrJxT.exe
  C:\Windows\System\BGVrJxT.exe
  2⤵
  PID:7652
- C:\Windows\System\MuJYwSh.exe
  C:\Windows\System\MuJYwSh.exe
  2⤵
  PID:7700
- C:\Windows\System\fGyjnvP.exe
  C:\Windows\System\fGyjnvP.exe
  2⤵
  PID:7716
- C:\Windows\System\HHKPoiq.exe
  C:\Windows\System\HHKPoiq.exe
  2⤵
  PID:7736
- C:\Windows\System\pxxPaBc.exe
  C:\Windows\System\pxxPaBc.exe
  2⤵
  PID:7772
- C:\Windows\System\FeZLske.exe
  C:\Windows\System\FeZLske.exe
  2⤵
  PID:7800
- C:\Windows\System\xxMwWMP.exe
  C:\Windows\System\xxMwWMP.exe
  2⤵
  PID:7828
- C:\Windows\System\DkqqAau.exe
  C:\Windows\System\DkqqAau.exe
  2⤵
  PID:7848
- C:\Windows\System\vQVNkIA.exe
  C:\Windows\System\vQVNkIA.exe
  2⤵
  PID:7872
- C:\Windows\System\hPPFYfg.exe
  C:\Windows\System\hPPFYfg.exe
  2⤵
  PID:7900
- C:\Windows\System\yMihFJF.exe
  C:\Windows\System\yMihFJF.exe
  2⤵
  PID:7928
- C:\Windows\System\XKtXAVJ.exe
  C:\Windows\System\XKtXAVJ.exe
  2⤵
  PID:7968
- C:\Windows\System\BSAzvHS.exe
  C:\Windows\System\BSAzvHS.exe
  2⤵
  PID:7996
- C:\Windows\System\vXXiSVI.exe
  C:\Windows\System\vXXiSVI.exe
  2⤵
  PID:8016
- C:\Windows\System\TGJybXb.exe
  C:\Windows\System\TGJybXb.exe
  2⤵
  PID:8052
- C:\Windows\System\NhrqEkl.exe
  C:\Windows\System\NhrqEkl.exe
  2⤵
  PID:8068
- C:\Windows\System\MetfSoj.exe
  C:\Windows\System\MetfSoj.exe
  2⤵
  PID:8108
- C:\Windows\System\mNQieBc.exe
  C:\Windows\System\mNQieBc.exe
  2⤵
  PID:8124
- C:\Windows\System\kBWXSJT.exe
  C:\Windows\System\kBWXSJT.exe
  2⤵
  PID:8164
- C:\Windows\System\RrrLvuE.exe
  C:\Windows\System\RrrLvuE.exe
  2⤵
  PID:8180
- C:\Windows\System\awaUovn.exe
  C:\Windows\System\awaUovn.exe
  2⤵
  PID:7208
- C:\Windows\System\kVVzTiK.exe
  C:\Windows\System\kVVzTiK.exe
  2⤵
  PID:7220
- C:\Windows\System\MPiqcqV.exe
  C:\Windows\System\MPiqcqV.exe
  2⤵
  PID:7296
- C:\Windows\System\jCTySVZ.exe
  C:\Windows\System\jCTySVZ.exe
  2⤵
  PID:7368
- C:\Windows\System\AVCDJKI.exe
  C:\Windows\System\AVCDJKI.exe
  2⤵
  PID:7464
- C:\Windows\System\IrDPodu.exe
  C:\Windows\System\IrDPodu.exe
  2⤵
  PID:7512
- C:\Windows\System\iGBLFjC.exe
  C:\Windows\System\iGBLFjC.exe
  2⤵
  PID:7600
- C:\Windows\System\CFiadgU.exe
  C:\Windows\System\CFiadgU.exe
  2⤵
  PID:7680
- C:\Windows\System\gvmWMAr.exe
  C:\Windows\System\gvmWMAr.exe
  2⤵
  PID:7756
- C:\Windows\System\sYOXgrT.exe
  C:\Windows\System\sYOXgrT.exe
  2⤵
  PID:7812
- C:\Windows\System\wrrFlrY.exe
  C:\Windows\System\wrrFlrY.exe
  2⤵
  PID:7856
- C:\Windows\System\yXlOJnH.exe
  C:\Windows\System\yXlOJnH.exe
  2⤵
  PID:7952
- C:\Windows\System\Npvibwl.exe
  C:\Windows\System\Npvibwl.exe
  2⤵
  PID:7980
- C:\Windows\System\pmzFmLc.exe
  C:\Windows\System\pmzFmLc.exe
  2⤵
  PID:8040
- C:\Windows\System\YWqqEwF.exe
  C:\Windows\System\YWqqEwF.exe
  2⤵
  PID:8116
- C:\Windows\System\MfyxvDA.exe
  C:\Windows\System\MfyxvDA.exe
  2⤵
  PID:8176
- C:\Windows\System\ZwAdcVv.exe
  C:\Windows\System\ZwAdcVv.exe
  2⤵
  PID:7288
- C:\Windows\System\lmxgPIs.exe
  C:\Windows\System\lmxgPIs.exe
  2⤵
  PID:7400
- C:\Windows\System\BERXzBX.exe
  C:\Windows\System\BERXzBX.exe
  2⤵
  PID:7544
- C:\Windows\System\zHVxMPc.exe
  C:\Windows\System\zHVxMPc.exe
  2⤵
  PID:7764
- C:\Windows\System\ZhKHAoq.exe
  C:\Windows\System\ZhKHAoq.exe
  2⤵
  PID:7836
- C:\Windows\System\GZKjGqi.exe
  C:\Windows\System\GZKjGqi.exe
  2⤵
  PID:6208
- C:\Windows\System\hFJqUZq.exe
  C:\Windows\System\hFJqUZq.exe
  2⤵
  PID:8156
- C:\Windows\System\BUaWepd.exe
  C:\Windows\System\BUaWepd.exe
  2⤵
  PID:7420
- C:\Windows\System\ripktDS.exe
  C:\Windows\System\ripktDS.exe
  2⤵
  PID:7896
- C:\Windows\System\xIaTULw.exe
  C:\Windows\System\xIaTULw.exe
  2⤵
  PID:8048
- C:\Windows\System\olrgRtK.exe
  C:\Windows\System\olrgRtK.exe
  2⤵
  PID:7868
- C:\Windows\System\pWwCFyH.exe
  C:\Windows\System\pWwCFyH.exe
  2⤵
  PID:7536
- C:\Windows\System\GdlXXLZ.exe
  C:\Windows\System\GdlXXLZ.exe
  2⤵
  PID:8196
- C:\Windows\System\YebCRiq.exe
  C:\Windows\System\YebCRiq.exe
  2⤵
  PID:8224
- C:\Windows\System\XouOeto.exe
  C:\Windows\System\XouOeto.exe
  2⤵
  PID:8252
- C:\Windows\System\pGGilOw.exe
  C:\Windows\System\pGGilOw.exe
  2⤵
  PID:8280
- C:\Windows\System\pdCMypp.exe
  C:\Windows\System\pdCMypp.exe
  2⤵
  PID:8308
- C:\Windows\System\kshmxbT.exe
  C:\Windows\System\kshmxbT.exe
  2⤵
  PID:8336
- C:\Windows\System\PxhiIqK.exe
  C:\Windows\System\PxhiIqK.exe
  2⤵
  PID:8368
- C:\Windows\System\zNTEJCy.exe
  C:\Windows\System\zNTEJCy.exe
  2⤵
  PID:8396
- C:\Windows\System\HLwbHKl.exe
  C:\Windows\System\HLwbHKl.exe
  2⤵
  PID:8432
- C:\Windows\System\YmVaSTE.exe
  C:\Windows\System\YmVaSTE.exe
  2⤵
  PID:8460
- C:\Windows\System\WuZzMxo.exe
  C:\Windows\System\WuZzMxo.exe
  2⤵
  PID:8488
- C:\Windows\System\MIqFyEG.exe
  C:\Windows\System\MIqFyEG.exe
  2⤵
  PID:8516
- C:\Windows\System\dgADSQu.exe
  C:\Windows\System\dgADSQu.exe
  2⤵
  PID:8544
- C:\Windows\System\YxUmFUB.exe
  C:\Windows\System\YxUmFUB.exe
  2⤵
  PID:8572
- C:\Windows\System\gTAousH.exe
  C:\Windows\System\gTAousH.exe
  2⤵
  PID:8604
- C:\Windows\System\DtJBoUy.exe
  C:\Windows\System\DtJBoUy.exe
  2⤵
  PID:8628
- C:\Windows\System\CeagoAE.exe
  C:\Windows\System\CeagoAE.exe
  2⤵
  PID:8656
- C:\Windows\System\zPlXxDM.exe
  C:\Windows\System\zPlXxDM.exe
  2⤵
  PID:8688
- C:\Windows\System\UbVPuas.exe
  C:\Windows\System\UbVPuas.exe
  2⤵
  PID:8712
- C:\Windows\System\TuJVqnC.exe
  C:\Windows\System\TuJVqnC.exe
  2⤵
  PID:8740
- C:\Windows\System\Mwmoeet.exe
  C:\Windows\System\Mwmoeet.exe
  2⤵
  PID:8768
- C:\Windows\System\DWxwTau.exe
  C:\Windows\System\DWxwTau.exe
  2⤵
  PID:8800
- C:\Windows\System\SQCaNPU.exe
  C:\Windows\System\SQCaNPU.exe
  2⤵
  PID:8828
- C:\Windows\System\WWLMCMd.exe
  C:\Windows\System\WWLMCMd.exe
  2⤵
  PID:8856
- C:\Windows\System\mpFqcKa.exe
  C:\Windows\System\mpFqcKa.exe
  2⤵
  PID:8884
- C:\Windows\System\MnZDdnj.exe
  C:\Windows\System\MnZDdnj.exe
  2⤵
  PID:8912
- C:\Windows\System\NLiXepC.exe
  C:\Windows\System\NLiXepC.exe
  2⤵
  PID:8944
- C:\Windows\System\mzGRsnJ.exe
  C:\Windows\System\mzGRsnJ.exe
  2⤵
  PID:8968
- C:\Windows\System\ByGKMgK.exe
  C:\Windows\System\ByGKMgK.exe
  2⤵
  PID:8996
- C:\Windows\System\zIkVOOL.exe
  C:\Windows\System\zIkVOOL.exe
  2⤵
  PID:9024
- C:\Windows\System\lFxwvJF.exe
  C:\Windows\System\lFxwvJF.exe
  2⤵
  PID:9052
- C:\Windows\System\QlkOKEx.exe
  C:\Windows\System\QlkOKEx.exe
  2⤵
  PID:9080
- C:\Windows\System\wNcRQte.exe
  C:\Windows\System\wNcRQte.exe
  2⤵
  PID:9108
- C:\Windows\System\leoUXJH.exe
  C:\Windows\System\leoUXJH.exe
  2⤵
  PID:9136
- C:\Windows\System\QEnnFsw.exe
  C:\Windows\System\QEnnFsw.exe
  2⤵
  PID:9164
- C:\Windows\System\xWtjFaY.exe
  C:\Windows\System\xWtjFaY.exe
  2⤵
  PID:9192
- C:\Windows\System\BmDBdVY.exe
  C:\Windows\System\BmDBdVY.exe
  2⤵
  PID:8212
- C:\Windows\System\fpEyOhX.exe
  C:\Windows\System\fpEyOhX.exe
  2⤵
  PID:8276
- C:\Windows\System\BavfDnF.exe
  C:\Windows\System\BavfDnF.exe
  2⤵
  PID:8328
- C:\Windows\System\SGXrkgn.exe
  C:\Windows\System\SGXrkgn.exe
  2⤵
  PID:8404
- C:\Windows\System\GSViizi.exe
  C:\Windows\System\GSViizi.exe
  2⤵
  PID:8472
- C:\Windows\System\uTziBjr.exe
  C:\Windows\System\uTziBjr.exe
  2⤵
  PID:8528
- C:\Windows\System\UCTFpyW.exe
  C:\Windows\System\UCTFpyW.exe
  2⤵
  PID:8596
- C:\Windows\System\LHnAeFW.exe
  C:\Windows\System\LHnAeFW.exe
  2⤵
  PID:8676
- C:\Windows\System\lbMfzzo.exe
  C:\Windows\System\lbMfzzo.exe
  2⤵
  PID:8764
- C:\Windows\System\XDBhQYJ.exe
  C:\Windows\System\XDBhQYJ.exe
  2⤵
  PID:8852
- C:\Windows\System\uFWsJnc.exe
  C:\Windows\System\uFWsJnc.exe
  2⤵
  PID:8924
- C:\Windows\System\RitrsXD.exe
  C:\Windows\System\RitrsXD.exe
  2⤵
  PID:8980
- C:\Windows\System\qZrcbAp.exe
  C:\Windows\System\qZrcbAp.exe
  2⤵
  PID:9048
- C:\Windows\System\FdMEGUt.exe
  C:\Windows\System\FdMEGUt.exe
  2⤵
  PID:9100
- C:\Windows\System\BgQgRFT.exe
  C:\Windows\System\BgQgRFT.exe
  2⤵
  PID:9176
- C:\Windows\System\pgBCBQy.exe
  C:\Windows\System\pgBCBQy.exe
  2⤵
  PID:8260
- C:\Windows\System\CSPKgWL.exe
  C:\Windows\System\CSPKgWL.exe
  2⤵
  PID:8384
- C:\Windows\System\aTyuYnC.exe
  C:\Windows\System\aTyuYnC.exe
  2⤵
  PID:8188
- C:\Windows\System\ZNfZYsx.exe
  C:\Windows\System\ZNfZYsx.exe
  2⤵
  PID:2472
- C:\Windows\System\EKiBUYH.exe
  C:\Windows\System\EKiBUYH.exe
  2⤵
  PID:8840
- C:\Windows\System\hAOCIiZ.exe
  C:\Windows\System\hAOCIiZ.exe
  2⤵
  PID:9012
- C:\Windows\System\BGfNFnU.exe
  C:\Windows\System\BGfNFnU.exe
  2⤵
  PID:9160
- C:\Windows\System\nkGRBai.exe
  C:\Windows\System\nkGRBai.exe
  2⤵
  PID:8456
- C:\Windows\System\khRaecd.exe
  C:\Windows\System\khRaecd.exe
  2⤵
  PID:8760
- C:\Windows\System\scedEOu.exe
  C:\Windows\System\scedEOu.exe
  2⤵
  PID:9064
- C:\Windows\System\taKvhCn.exe
  C:\Windows\System\taKvhCn.exe
  2⤵
  PID:8640
- C:\Windows\System\TdGneNb.exe
  C:\Windows\System\TdGneNb.exe
  2⤵
  PID:9132
- C:\Windows\System\LVeubum.exe
  C:\Windows\System\LVeubum.exe
  2⤵
  PID:9232
- C:\Windows\System\VJqSWFY.exe
  C:\Windows\System\VJqSWFY.exe
  2⤵
  PID:9260
- C:\Windows\System\QKzvdia.exe
  C:\Windows\System\QKzvdia.exe
  2⤵
  PID:9288
- C:\Windows\System\QJSnLeJ.exe
  C:\Windows\System\QJSnLeJ.exe
  2⤵
  PID:9316
- C:\Windows\System\iwUQnNp.exe
  C:\Windows\System\iwUQnNp.exe
  2⤵
  PID:9344
- C:\Windows\System\nCIRmLY.exe
  C:\Windows\System\nCIRmLY.exe
  2⤵
  PID:9364
- C:\Windows\System\CjeRLvu.exe
  C:\Windows\System\CjeRLvu.exe
  2⤵
  PID:9388
- C:\Windows\System\eCKWiLv.exe
  C:\Windows\System\eCKWiLv.exe
  2⤵
  PID:9416
- C:\Windows\System\qWaEpQQ.exe
  C:\Windows\System\qWaEpQQ.exe
  2⤵
  PID:9456
- C:\Windows\System\zmPdyjc.exe
  C:\Windows\System\zmPdyjc.exe
  2⤵
  PID:9476
- C:\Windows\System\VSrGHjc.exe
  C:\Windows\System\VSrGHjc.exe
  2⤵
  PID:9516
- C:\Windows\System\qidJUVd.exe
  C:\Windows\System\qidJUVd.exe
  2⤵
  PID:9544
- C:\Windows\System\AHmgcUP.exe
  C:\Windows\System\AHmgcUP.exe
  2⤵
  PID:9560
- C:\Windows\System\juqCXtX.exe
  C:\Windows\System\juqCXtX.exe
  2⤵
  PID:9592
- C:\Windows\System\IxzDmQo.exe
  C:\Windows\System\IxzDmQo.exe
  2⤵
  PID:9616
- C:\Windows\System\GutcXaP.exe
  C:\Windows\System\GutcXaP.exe
  2⤵
  PID:9652
- C:\Windows\System\lGizWpR.exe
  C:\Windows\System\lGizWpR.exe
  2⤵
  PID:9672
- C:\Windows\System\DbgPZCH.exe
  C:\Windows\System\DbgPZCH.exe
  2⤵
  PID:9708
- C:\Windows\System\pFuIQYy.exe
  C:\Windows\System\pFuIQYy.exe
  2⤵
  PID:9728
- C:\Windows\System\fbyCteS.exe
  C:\Windows\System\fbyCteS.exe
  2⤵
  PID:9756
- C:\Windows\System\yqIQjHo.exe
  C:\Windows\System\yqIQjHo.exe
  2⤵
  PID:9784
- C:\Windows\System\UiKAynb.exe
  C:\Windows\System\UiKAynb.exe
  2⤵
  PID:9820
- C:\Windows\System\jrreUOT.exe
  C:\Windows\System\jrreUOT.exe
  2⤵
  PID:9852
- C:\Windows\System\EkMaxhf.exe
  C:\Windows\System\EkMaxhf.exe
  2⤵
  PID:9880
- C:\Windows\System\Dzutwko.exe
  C:\Windows\System\Dzutwko.exe
  2⤵
  PID:9896
- C:\Windows\System\IStkOkn.exe
  C:\Windows\System\IStkOkn.exe
  2⤵
  PID:9932
- C:\Windows\System\ihwKRCc.exe
  C:\Windows\System\ihwKRCc.exe
  2⤵
  PID:9952
- C:\Windows\System\ROZific.exe
  C:\Windows\System\ROZific.exe
  2⤵
  PID:9988
- C:\Windows\System\icDBtYh.exe
  C:\Windows\System\icDBtYh.exe
  2⤵
  PID:10004
- C:\Windows\System\DxCdRhe.exe
  C:\Windows\System\DxCdRhe.exe
  2⤵
  PID:10032
- C:\Windows\System\IfbLVMj.exe
  C:\Windows\System\IfbLVMj.exe
  2⤵
  PID:10064
- C:\Windows\System\oRHsJbl.exe
  C:\Windows\System\oRHsJbl.exe
  2⤵
  PID:10096
- C:\Windows\System\RfizXwx.exe
  C:\Windows\System\RfizXwx.exe
  2⤵
  PID:10132
- C:\Windows\System\zqYKUJB.exe
  C:\Windows\System\zqYKUJB.exe
  2⤵
  PID:10156
- C:\Windows\System\XEcUysI.exe
  C:\Windows\System\XEcUysI.exe
  2⤵
  PID:10180
- C:\Windows\System\mKrbbYN.exe
  C:\Windows\System\mKrbbYN.exe
  2⤵
  PID:10204
- C:\Windows\System\HuLVqMm.exe
  C:\Windows\System\HuLVqMm.exe
  2⤵
  PID:10232
- C:\Windows\System\OXSXBfq.exe
  C:\Windows\System\OXSXBfq.exe
  2⤵
  PID:9280
- C:\Windows\System\ccqIlmU.exe
  C:\Windows\System\ccqIlmU.exe
  2⤵
  PID:9372
- C:\Windows\System\ieQeYAc.exe
  C:\Windows\System\ieQeYAc.exe
  2⤵
  PID:9356
- C:\Windows\System\HFRFaEd.exe
  C:\Windows\System\HFRFaEd.exe
  2⤵
  PID:9464
- C:\Windows\System\UUNLsTy.exe
  C:\Windows\System\UUNLsTy.exe
  2⤵
  PID:9536
- C:\Windows\System\zHUXszL.exe
  C:\Windows\System\zHUXszL.exe
  2⤵
  PID:9600
- C:\Windows\System\SFnrpfe.exe
  C:\Windows\System\SFnrpfe.exe
  2⤵
  PID:9668
- C:\Windows\System\kSxUcex.exe
  C:\Windows\System\kSxUcex.exe
  2⤵
  PID:9688
- C:\Windows\System\gWtIhPl.exe
  C:\Windows\System\gWtIhPl.exe
  2⤵
  PID:9780
- C:\Windows\System\cILrcOQ.exe
  C:\Windows\System\cILrcOQ.exe
  2⤵
  PID:9844
- C:\Windows\System\nhddieL.exe
  C:\Windows\System\nhddieL.exe
  2⤵
  PID:9924
- C:\Windows\System\GzDNads.exe
  C:\Windows\System\GzDNads.exe
  2⤵
  PID:9972
- C:\Windows\System\eDyUgsQ.exe
  C:\Windows\System\eDyUgsQ.exe
  2⤵
  PID:10040
- C:\Windows\System\JyVUbUX.exe
  C:\Windows\System\JyVUbUX.exe
  2⤵
  PID:10084
- C:\Windows\System\FOsOVbl.exe
  C:\Windows\System\FOsOVbl.exe
  2⤵
  PID:10164
- C:\Windows\System\dagUgTG.exe
  C:\Windows\System\dagUgTG.exe
  2⤵
  PID:9224
- C:\Windows\System\iIgjzYD.exe
  C:\Windows\System\iIgjzYD.exe
  2⤵
  PID:9440
- C:\Windows\System\hmRsOTV.exe
  C:\Windows\System\hmRsOTV.exe
  2⤵
  PID:9556
- C:\Windows\System\UTNYANV.exe
  C:\Windows\System\UTNYANV.exe
  2⤵
  PID:9604
- C:\Windows\System\CVMNbPv.exe
  C:\Windows\System\CVMNbPv.exe
  2⤵
  PID:9768
- C:\Windows\System\RcyAwUr.exe
  C:\Windows\System\RcyAwUr.exe
  2⤵
  PID:9892
- C:\Windows\System\fsQKlAV.exe
  C:\Windows\System\fsQKlAV.exe
  2⤵
  PID:9944
- C:\Windows\System\CxGYdbS.exe
  C:\Windows\System\CxGYdbS.exe
  2⤵
  PID:10140
- C:\Windows\System\AvhzYDA.exe
  C:\Windows\System\AvhzYDA.exe
  2⤵
  PID:9300
- C:\Windows\System\GBdqTmj.exe
  C:\Windows\System\GBdqTmj.exe
  2⤵
  PID:9848
- C:\Windows\System\ETksCHQ.exe
  C:\Windows\System\ETksCHQ.exe
  2⤵
  PID:9740
- C:\Windows\System\pVyYsIT.exe
  C:\Windows\System\pVyYsIT.exe
  2⤵
  PID:10276
- C:\Windows\System\qPqLofp.exe
  C:\Windows\System\qPqLofp.exe
  2⤵
  PID:10312
- C:\Windows\System\VKgwijt.exe
  C:\Windows\System\VKgwijt.exe
  2⤵
  PID:10340
- C:\Windows\System\QqQaPkM.exe
  C:\Windows\System\QqQaPkM.exe
  2⤵
  PID:10368
- C:\Windows\System\GcSxPBn.exe
  C:\Windows\System\GcSxPBn.exe
  2⤵
  PID:10400
- C:\Windows\System\GiKNyLp.exe
  C:\Windows\System\GiKNyLp.exe
  2⤵
  PID:10444
- C:\Windows\System\znlTCyU.exe
  C:\Windows\System\znlTCyU.exe
  2⤵
  PID:10476
- C:\Windows\System\pOhIeQJ.exe
  C:\Windows\System\pOhIeQJ.exe
  2⤵
  PID:10512
- C:\Windows\System\thAQCLQ.exe
  C:\Windows\System\thAQCLQ.exe
  2⤵
  PID:10540
- C:\Windows\System\wuMToGn.exe
  C:\Windows\System\wuMToGn.exe
  2⤵
  PID:10560
- C:\Windows\System\uzLFPbF.exe
  C:\Windows\System\uzLFPbF.exe
  2⤵
  PID:10592
- C:\Windows\System\jvfNrZo.exe
  C:\Windows\System\jvfNrZo.exe
  2⤵
  PID:10616
- C:\Windows\System\UImjsCs.exe
  C:\Windows\System\UImjsCs.exe
  2⤵
  PID:10648
- C:\Windows\System\pqthXGS.exe
  C:\Windows\System\pqthXGS.exe
  2⤵
  PID:10672
- C:\Windows\System\jCWxTUN.exe
  C:\Windows\System\jCWxTUN.exe
  2⤵
  PID:10708
- C:\Windows\System\ekEbsJD.exe
  C:\Windows\System\ekEbsJD.exe
  2⤵
  PID:10728
- C:\Windows\System\zaHrRLR.exe
  C:\Windows\System\zaHrRLR.exe
  2⤵
  PID:10768
- C:\Windows\System\xztYEMI.exe
  C:\Windows\System\xztYEMI.exe
  2⤵
  PID:10784
- C:\Windows\System\fiqknDB.exe
  C:\Windows\System\fiqknDB.exe
  2⤵
  PID:10812
- C:\Windows\System\TcQvUrG.exe
  C:\Windows\System\TcQvUrG.exe
  2⤵
  PID:10840
- C:\Windows\System\HPCKrbB.exe
  C:\Windows\System\HPCKrbB.exe
  2⤵
  PID:10868
- C:\Windows\System\QmrOECm.exe
  C:\Windows\System\QmrOECm.exe
  2⤵
  PID:10896
- C:\Windows\System\HrsFxld.exe
  C:\Windows\System\HrsFxld.exe
  2⤵
  PID:10924
- C:\Windows\System\pmkjWeM.exe
  C:\Windows\System\pmkjWeM.exe
  2⤵
  PID:10940
- C:\Windows\System\tRDVrqd.exe
  C:\Windows\System\tRDVrqd.exe
  2⤵
  PID:10964
- C:\Windows\System\mbgjthQ.exe
  C:\Windows\System\mbgjthQ.exe
  2⤵
  PID:11008
- C:\Windows\System\tlKRKRS.exe
  C:\Windows\System\tlKRKRS.exe
  2⤵
  PID:11032
- C:\Windows\System\gHIwNIF.exe
  C:\Windows\System\gHIwNIF.exe
  2⤵
  PID:11060
- C:\Windows\System\LLPtkpP.exe
  C:\Windows\System\LLPtkpP.exe
  2⤵
  PID:11080
- C:\Windows\System\VbdYUAK.exe
  C:\Windows\System\VbdYUAK.exe
  2⤵
  PID:11108
- C:\Windows\System\ObFwJoP.exe
  C:\Windows\System\ObFwJoP.exe
  2⤵
  PID:11140
- C:\Windows\System\gyZFkLE.exe
  C:\Windows\System\gyZFkLE.exe
  2⤵
  PID:11164
- C:\Windows\System\eqkGUcQ.exe
  C:\Windows\System\eqkGUcQ.exe
  2⤵
  PID:11204
- C:\Windows\System\zxczUKb.exe
  C:\Windows\System\zxczUKb.exe
  2⤵
  PID:11232
- C:\Windows\System\TPUQFYJ.exe
  C:\Windows\System\TPUQFYJ.exe
  2⤵
  PID:10016
- C:\Windows\System\xPpmnKX.exe
  C:\Windows\System\xPpmnKX.exe
  2⤵
  PID:10284
- C:\Windows\System\pXKONJz.exe
  C:\Windows\System\pXKONJz.exe
  2⤵
  PID:10296
- C:\Windows\System\eMuRsun.exe
  C:\Windows\System\eMuRsun.exe
  2⤵
  PID:10352
- C:\Windows\System\gSgNtrM.exe
  C:\Windows\System\gSgNtrM.exe
  2⤵
  PID:10424
- C:\Windows\System\KejTbHZ.exe
  C:\Windows\System\KejTbHZ.exe
  2⤵
  PID:10488
- C:\Windows\System\HvzvHgm.exe
  C:\Windows\System\HvzvHgm.exe
  2⤵
  PID:10548
- C:\Windows\System\ZLyXnFo.exe
  C:\Windows\System\ZLyXnFo.exe
  2⤵
  PID:10636
- C:\Windows\System\yLRCYvx.exe
  C:\Windows\System\yLRCYvx.exe
  2⤵
  PID:10684
- C:\Windows\System\cpuTIny.exe
  C:\Windows\System\cpuTIny.exe
  2⤵
  PID:10756
- C:\Windows\System\PbyVEIL.exe
  C:\Windows\System\PbyVEIL.exe
  2⤵
  PID:10800
- C:\Windows\System\IunaVeM.exe
  C:\Windows\System\IunaVeM.exe
  2⤵
  PID:10860
- C:\Windows\System\pcopEUQ.exe
  C:\Windows\System\pcopEUQ.exe
  2⤵
  PID:10916
- C:\Windows\System\LdYiPKE.exe
  C:\Windows\System\LdYiPKE.exe
  2⤵
  PID:10984
- C:\Windows\System\wBtxZVV.exe
  C:\Windows\System\wBtxZVV.exe
  2⤵
  PID:11052
- C:\Windows\System\pDoeccB.exe
  C:\Windows\System\pDoeccB.exe
  2⤵
  PID:11096
- C:\Windows\System\zCPWbTB.exe
  C:\Windows\System\zCPWbTB.exe
  2⤵
  PID:11216
- C:\Windows\System\ZTPyLrA.exe
  C:\Windows\System\ZTPyLrA.exe
  2⤵
  PID:9488
- C:\Windows\System\hGEsZHE.exe
  C:\Windows\System\hGEsZHE.exe
  2⤵
  PID:10308
- C:\Windows\System\SSkdUqw.exe
  C:\Windows\System\SSkdUqw.exe
  2⤵
  PID:10440
- C:\Windows\System\PZLESDv.exe
  C:\Windows\System\PZLESDv.exe
  2⤵
  PID:10724
- C:\Windows\System\mpIlzQx.exe
  C:\Windows\System\mpIlzQx.exe
  2⤵
  PID:10856
- C:\Windows\System\unRRhGJ.exe
  C:\Windows\System\unRRhGJ.exe
  2⤵
  PID:10880
- C:\Windows\System\RrClumH.exe
  C:\Windows\System\RrClumH.exe
  2⤵
  PID:11040
- C:\Windows\System\oCsrLwr.exe
  C:\Windows\System\oCsrLwr.exe
  2⤵
  PID:11252
- C:\Windows\System\dWydugI.exe
  C:\Windows\System\dWydugI.exe
  2⤵
  PID:10508
- C:\Windows\System\zGJniCT.exe
  C:\Windows\System\zGJniCT.exe
  2⤵
  PID:10688
- C:\Windows\System\fHdvUBF.exe
  C:\Windows\System\fHdvUBF.exe
  2⤵
  PID:11148
- C:\Windows\System\SAInRfg.exe
  C:\Windows\System\SAInRfg.exe
  2⤵
  PID:10956
- C:\Windows\System\EYKwHJd.exe
  C:\Windows\System\EYKwHJd.exe
  2⤵
  PID:11268
- C:\Windows\System\nXSHxOJ.exe
  C:\Windows\System\nXSHxOJ.exe
  2⤵
  PID:11304
- C:\Windows\System\vhUrYhc.exe
  C:\Windows\System\vhUrYhc.exe
  2⤵
  PID:11332
- C:\Windows\System\ItHzpLV.exe
  C:\Windows\System\ItHzpLV.exe
  2⤵
  PID:11368
- C:\Windows\System\oEFbGGx.exe
  C:\Windows\System\oEFbGGx.exe
  2⤵
  PID:11408
- C:\Windows\System\jPjTvVp.exe
  C:\Windows\System\jPjTvVp.exe
  2⤵
  PID:11436
- C:\Windows\System\SmZVzFv.exe
  C:\Windows\System\SmZVzFv.exe
  2⤵
  PID:11476
- C:\Windows\System\ICgdWSh.exe
  C:\Windows\System\ICgdWSh.exe
  2⤵
  PID:11496
- C:\Windows\System\qHvyELR.exe
  C:\Windows\System\qHvyELR.exe
  2⤵
  PID:11536
- C:\Windows\System\sAjwfbj.exe
  C:\Windows\System\sAjwfbj.exe
  2⤵
  PID:11552
- C:\Windows\System\TKMDHay.exe
  C:\Windows\System\TKMDHay.exe
  2⤵
  PID:11576
- C:\Windows\System\ysDnqOp.exe
  C:\Windows\System\ysDnqOp.exe
  2⤵
  PID:11600
- C:\Windows\System\fBrxMHG.exe
  C:\Windows\System\fBrxMHG.exe
  2⤵
  PID:11628
- C:\Windows\System\zCLxXoD.exe
  C:\Windows\System\zCLxXoD.exe
  2⤵
  PID:11664
- C:\Windows\System\BTGMQEQ.exe
  C:\Windows\System\BTGMQEQ.exe
  2⤵
  PID:11684
- C:\Windows\System\MGNUPDo.exe
  C:\Windows\System\MGNUPDo.exe
  2⤵
  PID:11712
- C:\Windows\System\JqMscLD.exe
  C:\Windows\System\JqMscLD.exe
  2⤵
  PID:11752
- C:\Windows\System\UTdrUHO.exe
  C:\Windows\System\UTdrUHO.exe
  2⤵
  PID:11784
- C:\Windows\System\TXASSDg.exe
  C:\Windows\System\TXASSDg.exe
  2⤵
  PID:11820
- C:\Windows\System\DplwSLy.exe
  C:\Windows\System\DplwSLy.exe
  2⤵
  PID:11852
- C:\Windows\System\MASdGWo.exe
  C:\Windows\System\MASdGWo.exe
  2⤵
  PID:11884
- C:\Windows\System\xttqFhY.exe
  C:\Windows\System\xttqFhY.exe
  2⤵
  PID:11936
- C:\Windows\System\CBTxcsh.exe
  C:\Windows\System\CBTxcsh.exe
  2⤵
  PID:11956
- C:\Windows\System\ewNeDBc.exe
  C:\Windows\System\ewNeDBc.exe
  2⤵
  PID:12004
- C:\Windows\System\Qsohjvm.exe
  C:\Windows\System\Qsohjvm.exe
  2⤵
  PID:12032
- C:\Windows\System\BnDWLql.exe
  C:\Windows\System\BnDWLql.exe
  2⤵
  PID:12056
- C:\Windows\System\XXBdOHR.exe
  C:\Windows\System\XXBdOHR.exe
  2⤵
  PID:12084
- C:\Windows\System\CJLYPds.exe
  C:\Windows\System\CJLYPds.exe
  2⤵
  PID:12100
- C:\Windows\System\iCgAkmj.exe
  C:\Windows\System\iCgAkmj.exe
  2⤵
  PID:12152
- C:\Windows\System\bzLBMwq.exe
  C:\Windows\System\bzLBMwq.exe
  2⤵
  PID:12176
- C:\Windows\System\YjgtMAT.exe
  C:\Windows\System\YjgtMAT.exe
  2⤵
  PID:12208
- C:\Windows\System\vIebBMp.exe
  C:\Windows\System\vIebBMp.exe
  2⤵
  PID:12252
- C:\Windows\System\xwywPEd.exe
  C:\Windows\System\xwywPEd.exe
  2⤵
  PID:12276
- C:\Windows\System\MMPSuIO.exe
  C:\Windows\System\MMPSuIO.exe
  2⤵
  PID:10776
- C:\Windows\System\nqMwRBZ.exe
  C:\Windows\System\nqMwRBZ.exe
  2⤵
  PID:11324
- C:\Windows\System\xOlxROx.exe
  C:\Windows\System\xOlxROx.exe
  2⤵
  PID:11432
- C:\Windows\System\WgvCVkR.exe
  C:\Windows\System\WgvCVkR.exe
  2⤵
  PID:11512
- C:\Windows\System\iTnmjgF.exe
  C:\Windows\System\iTnmjgF.exe
  2⤵
  PID:11596
- C:\Windows\System\UOtHYTL.exe
  C:\Windows\System\UOtHYTL.exe
  2⤵
  PID:11708
- C:\Windows\System\xRgjtED.exe
  C:\Windows\System\xRgjtED.exe
  2⤵
  PID:11796
- C:\Windows\System\KTmqtif.exe
  C:\Windows\System\KTmqtif.exe
  2⤵
  PID:11808
- C:\Windows\System\QJdaPzG.exe
  C:\Windows\System\QJdaPzG.exe
  2⤵
  PID:11356
- C:\Windows\System\tIqpYUE.exe
  C:\Windows\System\tIqpYUE.exe
  2⤵
  PID:12076
- C:\Windows\System\rHBbuGL.exe
  C:\Windows\System\rHBbuGL.exe
  2⤵
  PID:12096
- C:\Windows\System\pEAQmKf.exe
  C:\Windows\System\pEAQmKf.exe
  2⤵
  PID:12168
- C:\Windows\System\JIsTnTk.exe
  C:\Windows\System\JIsTnTk.exe
  2⤵
  PID:12228
- C:\Windows\System\AnCqypZ.exe
  C:\Windows\System\AnCqypZ.exe
  2⤵
  PID:12284
- C:\Windows\System\fdzCBea.exe
  C:\Windows\System\fdzCBea.exe
  2⤵
  PID:12260
- C:\Windows\System\PpDRJvZ.exe
  C:\Windows\System\PpDRJvZ.exe
  2⤵
  PID:11456
- C:\Windows\System\BXWuSHh.exe
  C:\Windows\System\BXWuSHh.exe
  2⤵
  PID:11488
- C:\Windows\System\xPcIGUL.exe
  C:\Windows\System\xPcIGUL.exe
  2⤵
  PID:11696
- C:\Windows\System\SeImgxp.exe
  C:\Windows\System\SeImgxp.exe
  2⤵
  PID:11872
- C:\Windows\System\YeuHDxY.exe
  C:\Windows\System\YeuHDxY.exe
  2⤵
  PID:12028
- C:\Windows\System\keJdhww.exe
  C:\Windows\System\keJdhww.exe
  2⤵
  PID:12164
- C:\Windows\System\mLZsHUl.exe
  C:\Windows\System\mLZsHUl.exe
  2⤵
  PID:11608
- C:\Windows\System\lsxNhfF.exe
  C:\Windows\System\lsxNhfF.exe
  2⤵
  PID:11876
- C:\Windows\System\srMTwmp.exe
  C:\Windows\System\srMTwmp.exe
  2⤵
  PID:12316
- C:\Windows\System\JztpPyP.exe
  C:\Windows\System\JztpPyP.exe
  2⤵
  PID:12356
- C:\Windows\System\ezGsJfc.exe
  C:\Windows\System\ezGsJfc.exe
  2⤵
  PID:12388
- C:\Windows\System\vABxHff.exe
  C:\Windows\System\vABxHff.exe
  2⤵
  PID:12408
- C:\Windows\System\XWlymGC.exe
  C:\Windows\System\XWlymGC.exe
  2⤵
  PID:12428
- C:\Windows\System\CirKKec.exe
  C:\Windows\System\CirKKec.exe
  2⤵
  PID:12452
- C:\Windows\System\tnOBlqN.exe
  C:\Windows\System\tnOBlqN.exe
  2⤵
  PID:12488
- C:\Windows\System\IrEQauK.exe
  C:\Windows\System\IrEQauK.exe
  2⤵
  PID:12524
- C:\Windows\System\uHGVMgm.exe
  C:\Windows\System\uHGVMgm.exe
  2⤵
  PID:12548
- C:\Windows\System\gaDgjgW.exe
  C:\Windows\System\gaDgjgW.exe
  2⤵
  PID:12580
- C:\Windows\System\qJhQtho.exe
  C:\Windows\System\qJhQtho.exe
  2⤵
  PID:12612
- C:\Windows\System\XAepFTU.exe
  C:\Windows\System\XAepFTU.exe
  2⤵
  PID:12644
- C:\Windows\System\PnLKcjZ.exe
  C:\Windows\System\PnLKcjZ.exe
  2⤵
  PID:12668
- C:\Windows\System\ZUwtGmI.exe
  C:\Windows\System\ZUwtGmI.exe
  2⤵
  PID:12696
- C:\Windows\System\SnRKaZA.exe
  C:\Windows\System\SnRKaZA.exe
  2⤵
  PID:12724
- C:\Windows\System\fFqrlDn.exe
  C:\Windows\System\fFqrlDn.exe
  2⤵
  PID:12760
- C:\Windows\System\RUIJWSV.exe
  C:\Windows\System\RUIJWSV.exe
  2⤵
  PID:12796
- C:\Windows\System\CZyyCuQ.exe
  C:\Windows\System\CZyyCuQ.exe
  2⤵
  PID:12864
- C:\Windows\System\HoPjBbK.exe
  C:\Windows\System\HoPjBbK.exe
  2⤵
  PID:12888
- C:\Windows\System\pncHnpo.exe
  C:\Windows\System\pncHnpo.exe
  2⤵
  PID:12920
- C:\Windows\System\IwvICTX.exe
  C:\Windows\System\IwvICTX.exe
  2⤵
  PID:12948
- C:\Windows\System\YzqvKou.exe
  C:\Windows\System\YzqvKou.exe
  2⤵
  PID:12976
- C:\Windows\System\spHVzkw.exe
  C:\Windows\System\spHVzkw.exe
  2⤵
  PID:12992
- C:\Windows\System\zEKPPkr.exe
  C:\Windows\System\zEKPPkr.exe
  2⤵
  PID:13020
- C:\Windows\System\bcjYFCw.exe
  C:\Windows\System\bcjYFCw.exe
  2⤵
  PID:13052
- C:\Windows\System\MFcuCrC.exe
  C:\Windows\System\MFcuCrC.exe
  2⤵
  PID:13084
- C:\Windows\System\uXdQfYw.exe
  C:\Windows\System\uXdQfYw.exe
  2⤵
  PID:13104
- C:\Windows\System\bOEdgzy.exe
  C:\Windows\System\bOEdgzy.exe
  2⤵
  PID:13120
- C:\Windows\System\hRZteIF.exe
  C:\Windows\System\hRZteIF.exe
  2⤵
  PID:13144
- C:\Windows\System\MGWyuYA.exe
  C:\Windows\System\MGWyuYA.exe
  2⤵
  PID:13172
- C:\Windows\System\IIEPlZA.exe
  C:\Windows\System\IIEPlZA.exe
  2⤵
  PID:13192
- C:\Windows\System\QbgXqlc.exe
  C:\Windows\System\QbgXqlc.exe
  2⤵
  PID:13216
- C:\Windows\System\ppmXHyp.exe
  C:\Windows\System\ppmXHyp.exe
  2⤵
  PID:13244
- C:\Windows\System\xaDsZSI.exe
  C:\Windows\System\xaDsZSI.exe
  2⤵
  PID:13276
- C:\Windows\System\tdpHGSS.exe
  C:\Windows\System\tdpHGSS.exe
  2⤵
  PID:13292
- C:\Windows\System\bmeMGkc.exe
  C:\Windows\System\bmeMGkc.exe
  2⤵
  PID:12000
- C:\Windows\System\PLlWIal.exe
  C:\Windows\System\PLlWIal.exe
  2⤵
  PID:12348
- C:\Windows\System\sHBkbFW.exe
  C:\Windows\System\sHBkbFW.exe
  2⤵
  PID:12344
- C:\Windows\System\jYrbauu.exe
  C:\Windows\System\jYrbauu.exe
  2⤵
  PID:12468
- C:\Windows\System\xJKjVRA.exe
  C:\Windows\System\xJKjVRA.exe
  2⤵
  PID:12516
- C:\Windows\System\rNBHyRT.exe
  C:\Windows\System\rNBHyRT.exe
  2⤵
  PID:12572
- C:\Windows\System\dQiwYzO.exe
  C:\Windows\System\dQiwYzO.exe
  2⤵
  PID:12656
- C:\Windows\System\FSGFVJL.exe
  C:\Windows\System\FSGFVJL.exe
  2⤵
  PID:12708
- C:\Windows\System\UmuIFHD.exe
  C:\Windows\System\UmuIFHD.exe
  2⤵
  PID:12748
- C:\Windows\System\HBtANMC.exe
  C:\Windows\System\HBtANMC.exe
  2⤵
  PID:12876
- C:\Windows\System\hmTOAzA.exe
  C:\Windows\System\hmTOAzA.exe
  2⤵
  PID:12960
- C:\Windows\System\yBZQGzd.exe
  C:\Windows\System\yBZQGzd.exe
  2⤵
  PID:13012
- C:\Windows\System\OIQFklX.exe
  C:\Windows\System\OIQFklX.exe
  2⤵
  PID:13092
- C:\Windows\System\DXgJOyu.exe
  C:\Windows\System\DXgJOyu.exe
  2⤵
  PID:13132
- C:\Windows\System\oQFbxCB.exe
  C:\Windows\System\oQFbxCB.exe
  2⤵
  PID:13204
- C:\Windows\System\SsMjMTM.exe
  C:\Windows\System\SsMjMTM.exe
  2⤵
  PID:12236
- C:\Windows\System\jornRPP.exe
  C:\Windows\System\jornRPP.exe
  2⤵
  PID:12404
- C:\Windows\System\hDbwZZf.exe
  C:\Windows\System\hDbwZZf.exe
  2⤵
  PID:12424
- C:\Windows\System\RxNdmjC.exe
  C:\Windows\System\RxNdmjC.exe
  2⤵
  PID:12660
- C:\Windows\System\rxptGYV.exe
  C:\Windows\System\rxptGYV.exe
  2⤵
  PID:12720
- C:\Windows\System\KtXLvpK.exe
  C:\Windows\System\KtXLvpK.exe
  2⤵
  PID:12972
- C:\Windows\System\JTJTfgy.exe
  C:\Windows\System\JTJTfgy.exe
  2⤵
  PID:13140
- C:\Windows\System\lKnGYEo.exe
  C:\Windows\System\lKnGYEo.exe
  2⤵
  PID:13184
- C:\Windows\System\zymujme.exe
  C:\Windows\System\zymujme.exe
  2⤵
  PID:13164
- C:\Windows\System\qQaRWWE.exe
  C:\Windows\System\qQaRWWE.exe
  2⤵
  PID:12400
- C:\Windows\System\XZpeCGT.exe
  C:\Windows\System\XZpeCGT.exe
  2⤵
  PID:12500
- C:\Windows\System\sFeMghE.exe
  C:\Windows\System\sFeMghE.exe
  2⤵
  PID:12936
- C:\Windows\System\NcaYXZd.exe
  C:\Windows\System\NcaYXZd.exe
  2⤵
  PID:13320
- C:\Windows\System\qLuSrke.exe
  C:\Windows\System\qLuSrke.exe
  2⤵
  PID:13360
- C:\Windows\System\IMcFwty.exe
  C:\Windows\System\IMcFwty.exe
  2⤵
  PID:13400
- C:\Windows\System\PNpfHhr.exe
  C:\Windows\System\PNpfHhr.exe
  2⤵
  PID:13428
- C:\Windows\System\BLFhbMa.exe
  C:\Windows\System\BLFhbMa.exe
  2⤵
  PID:13468
- C:\Windows\System\asYNEKo.exe
  C:\Windows\System\asYNEKo.exe
  2⤵
  PID:13504
- C:\Windows\System\YcQFiUT.exe
  C:\Windows\System\YcQFiUT.exe
  2⤵
  PID:13532
- C:\Windows\System\GRjKFPW.exe
  C:\Windows\System\GRjKFPW.exe
  2⤵
  PID:13576
- C:\Windows\System\IFbJUyX.exe
  C:\Windows\System\IFbJUyX.exe
  2⤵
  PID:13600
- C:\Windows\System\vBouMiR.exe
  C:\Windows\System\vBouMiR.exe
  2⤵
  PID:13644
- C:\Windows\System\tuYikgt.exe
  C:\Windows\System\tuYikgt.exe
  2⤵
  PID:13680
- C:\Windows\System\ayQjWlK.exe
  C:\Windows\System\ayQjWlK.exe
  2⤵
  PID:13696
- C:\Windows\System\OZpJZxJ.exe
  C:\Windows\System\OZpJZxJ.exe
  2⤵
  PID:13724
- C:\Windows\System\thahCut.exe
  C:\Windows\System\thahCut.exe
  2⤵
  PID:13752
- C:\Windows\System\CvxHiPn.exe
  C:\Windows\System\CvxHiPn.exe
  2⤵
  PID:13780
- C:\Windows\System\EFzrpEn.exe
  C:\Windows\System\EFzrpEn.exe
  2⤵
  PID:13800
- C:\Windows\System\uZlNmtz.exe
  C:\Windows\System\uZlNmtz.exe
  2⤵
  PID:13820
- C:\Windows\System\zmuBQCp.exe
  C:\Windows\System\zmuBQCp.exe
  2⤵
  PID:13852
- C:\Windows\System\JYHgbGK.exe
  C:\Windows\System\JYHgbGK.exe
  2⤵
  PID:13880
- C:\Windows\System\gbGWHjI.exe
  C:\Windows\System\gbGWHjI.exe
  2⤵
  PID:13916
- C:\Windows\System\euAHcBD.exe
  C:\Windows\System\euAHcBD.exe
  2⤵
  PID:13936
- C:\Windows\System\XTeaRay.exe
  C:\Windows\System\XTeaRay.exe
  2⤵
  PID:13960
- C:\Windows\System\MldsHrq.exe
  C:\Windows\System\MldsHrq.exe
  2⤵
  PID:13984
- C:\Windows\System\nrouUwm.exe
  C:\Windows\System\nrouUwm.exe
  2⤵
  PID:14016
- C:\Windows\System\bwdNbIH.exe
  C:\Windows\System\bwdNbIH.exe
  2⤵
  PID:14048
- C:\Windows\System\wuCCaGf.exe
  C:\Windows\System\wuCCaGf.exe
  2⤵
  PID:14076
- C:\Windows\System\twQBZiZ.exe
  C:\Windows\System\twQBZiZ.exe
  2⤵
  PID:14092
- C:\Windows\System\YdXDJFc.exe
  C:\Windows\System\YdXDJFc.exe
  2⤵
  PID:14108
- C:\Windows\System\KZQecSB.exe
  C:\Windows\System\KZQecSB.exe
  2⤵
  PID:14128
- C:\Windows\System\CkURrdL.exe
  C:\Windows\System\CkURrdL.exe
  2⤵
  PID:14164
- C:\Windows\System\yrhWTBJ.exe
  C:\Windows\System\yrhWTBJ.exe
  2⤵
  PID:14216
- C:\Windows\System\tjmmPAt.exe
  C:\Windows\System\tjmmPAt.exe
  2⤵
  PID:14244
- C:\Windows\System\BImzMuB.exe
  C:\Windows\System\BImzMuB.exe
  2⤵
  PID:14272
- C:\Windows\System\HBakUzo.exe
  C:\Windows\System\HBakUzo.exe
  2⤵
  PID:14288
- C:\Windows\System\ACbVoiI.exe
  C:\Windows\System\ACbVoiI.exe
  2⤵
  PID:14320
- C:\Windows\System\lqchUge.exe
  C:\Windows\System\lqchUge.exe
  2⤵
  PID:12568
- C:\Windows\System\gGHtvaA.exe
  C:\Windows\System\gGHtvaA.exe
  2⤵
  PID:13412
- C:\Windows\System\HhYnair.exe
  C:\Windows\System\HhYnair.exe
  2⤵
  PID:13480
- C:\Windows\System\wZOnZOF.exe
  C:\Windows\System\wZOnZOF.exe
  2⤵
  PID:13452
- C:\Windows\System\XOTbvmW.exe
  C:\Windows\System\XOTbvmW.exe
  2⤵
  PID:1776
- C:\Windows\System\NKPcysc.exe
  C:\Windows\System\NKPcysc.exe
  2⤵
  PID:800
- C:\Windows\System\JgFqMDL.exe
  C:\Windows\System\JgFqMDL.exe
  2⤵
  PID:13616
- C:\Windows\System\DNnSbwK.exe
  C:\Windows\System\DNnSbwK.exe
  2⤵
  PID:12544
- C:\Windows\System\GlKRNhh.exe
  C:\Windows\System\GlKRNhh.exe
  2⤵
  PID:13676
- C:\Windows\System\MJfGVqK.exe
  C:\Windows\System\MJfGVqK.exe
  2⤵
  PID:13744
- C:\Windows\System\OzJxILT.exe
  C:\Windows\System\OzJxILT.exe
  2⤵
  PID:13768
- C:\Windows\System\gIXAXEC.exe
  C:\Windows\System\gIXAXEC.exe
  2⤵
  PID:13796
- C:\Windows\System\iFlXNwo.exe
  C:\Windows\System\iFlXNwo.exe
  2⤵
  PID:13904
- C:\Windows\System\vKqKRTe.exe
  C:\Windows\System\vKqKRTe.exe
  2⤵
  PID:14056
- C:\Windows\System\adVTbVb.exe
  C:\Windows\System\adVTbVb.exe
  2⤵
  PID:14088
- C:\Windows\System\qCEAwnJ.exe
  C:\Windows\System\qCEAwnJ.exe
  2⤵
  PID:14148
- C:\Windows\System\rtBfozq.exe
  C:\Windows\System\rtBfozq.exe
  2⤵
  PID:14156
- C:\Windows\System\hHJlAPV.exe
  C:\Windows\System\hHJlAPV.exe
  2⤵
  PID:14252
- C:\Windows\System\UnpsKop.exe
  C:\Windows\System\UnpsKop.exe
  2⤵
  PID:14284
- C:\Windows\System\tQruuWi.exe
  C:\Windows\System\tQruuWi.exe
  2⤵
  PID:13212
- C:\Windows\System\icoMsYc.exe
  C:\Windows\System\icoMsYc.exe
  2⤵
  PID:13440
- C:\Windows\System\qRhFfFP.exe
  C:\Windows\System\qRhFfFP.exe
  2⤵
  PID:13584
- C:\Windows\System\sMLhQGi.exe
  C:\Windows\System\sMLhQGi.exe
  2⤵
  PID:13712
- C:\Windows\System\MxpaRPD.exe
  C:\Windows\System\MxpaRPD.exe
  2⤵
  PID:13976
- C:\Windows\System\dGlEAQO.exe
  C:\Windows\System\dGlEAQO.exe
  2⤵
  PID:14100
- C:\Windows\System\nQroHEh.exe
  C:\Windows\System\nQroHEh.exe
  2⤵
  PID:14228
- C:\Windows\System\dqctCGV.exe
  C:\Windows\System\dqctCGV.exe
  2⤵
  PID:14264
- C:\Windows\System\eaBaeLs.exe
  C:\Windows\System\eaBaeLs.exe
  2⤵
  PID:13860
- C:\Windows\System\KfNuHkp.exe
  C:\Windows\System\KfNuHkp.exe
  2⤵
  PID:13764
- C:\Windows\System\APwfsls.exe
  C:\Windows\System\APwfsls.exe
  2⤵
  PID:14328
- C:\Windows\System\ztFrcSd.exe
  C:\Windows\System\ztFrcSd.exe
  2⤵
  PID:13348
- C:\Windows\System\lwWTJZH.exe
  C:\Windows\System\lwWTJZH.exe
  2⤵
  PID:14352
- C:\Windows\System\AsqHdTq.exe
  C:\Windows\System\AsqHdTq.exe
  2⤵
  PID:14376
- C:\Windows\System\SKiRdXY.exe
  C:\Windows\System\SKiRdXY.exe
  2⤵
  PID:14408
- C:\Windows\System\ItPnEoJ.exe
  C:\Windows\System\ItPnEoJ.exe
  2⤵
  PID:14444
- C:\Windows\System\JmHvRtC.exe
  C:\Windows\System\JmHvRtC.exe
  2⤵
  PID:14460
- C:\Windows\System\nQJFUOh.exe
  C:\Windows\System\nQJFUOh.exe
  2⤵
  PID:14484
- C:\Windows\System\OYmrkls.exe
  C:\Windows\System\OYmrkls.exe
  2⤵
  PID:14520
- C:\Windows\System\vqazVSA.exe
  C:\Windows\System\vqazVSA.exe
  2⤵
  PID:14552
- C:\Windows\System\usNrkBH.exe
  C:\Windows\System\usNrkBH.exe
  2⤵
  PID:14584
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14584 -s 248
    3⤵
    PID:15236
- C:\Windows\System\KTSRQMc.exe
  C:\Windows\System\KTSRQMc.exe
  2⤵
  PID:14612
- C:\Windows\System\crEiQfX.exe
  C:\Windows\System\crEiQfX.exe
  2⤵
  PID:14640
- C:\Windows\System\DKqjyzZ.exe
  C:\Windows\System\DKqjyzZ.exe
  2⤵
  PID:14656
- C:\Windows\System\IMkLjiQ.exe
  C:\Windows\System\IMkLjiQ.exe
  2⤵
  PID:14680
- C:\Windows\System\ItHWnCt.exe
  C:\Windows\System\ItHWnCt.exe
  2⤵
  PID:14828

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BKQEzKv.exe

Filesize
2.5MB

MD5
db4b133c6fc40f48ccdaa17139cc88d9

SHA1
beaf73fbeff1ddaeafcea50ecba2f91fd29ab3e3

SHA256
0a26901f44579f0deb5e42f29e1d028d6b2b22328bfd9b66ba6fa8c8afd6b355

SHA512
663ccca4b62e3848970994e567070c0a3f44768431658669714521e9cf03947e60f3ed6a466bcef1dad54ccf2b9434dc1aa81306028db2d494a4719c7267526e

Download Submit
C:\Windows\System\CJKgxez.exe

Filesize
2.5MB

MD5
7cce472888712d6e15b51fdd084683f6

SHA1
a3e5d12620355b40a5321ec3030b3207bd1f2af5

SHA256
76f4b9d3631b89b4b8dc8f5b8fd9549fff8f2a680fa47dda7bf0dce238f4391e

SHA512
ab1b14f9641b2f707a458119d19d5eaad9c560d3cc236bbff2967ed380061aa8498df2b4916d63813f429bf92e9fd5892ee292a518c5bd15bbe105868cc7a858

Download Submit
C:\Windows\System\DQxQNGA.exe

Filesize
2.5MB

MD5
98e3da8a5fa7705b92d7404445ff1285

SHA1
5c92c0dafa33e7893f5e02d46891b73708021f0c

SHA256
085ad241b0f68d22f2685c7776e46c5d1c2012561b5ddecbcf72b981e4b06f9f

SHA512
cfb352a0d6c693b087d8ce8329604dbe873abbe24f6369b59f22f2c8eb18168c2be7f2f04ffa7d6a653079500f12abd28cd6ba32be5d1051f31f5d4f3345311e

Download Submit
C:\Windows\System\DWhscGa.exe

Filesize
2.5MB

MD5
6c2c78744191d72d3fbd5f0dccb3e782

SHA1
d08ec10cf9b57336e9fbb43755c8a4466ffe670a

SHA256
5b7d38737f00693d2a197a425d7425a5f23c425c3ec5965030eebc0043a1b1bd

SHA512
505dfe15152a9f1b32f139ba2b1dcd79700d83296bdf874b041ea300899cadace7527d0d87f43f4dfc6fe1f6101a9a5464963ae337520776e8eeb5eda66ab6ed

Download Submit
C:\Windows\System\FNWRTEB.exe

Filesize
2.5MB

MD5
670afcea08058c7e173ebff30db3128b

SHA1
8705b0fa945247df970e79263d2af82b81a6a91f

SHA256
d0ac184670ad1c7932670c7edd6f3191248637bf673b12ba231a3d89f72d3e42

SHA512
3bcc78b5c147e350589c86fb69c8ee3686413494be8d6e112d3319c1700027925990152edc3f2659bb2f678f5c4468737475da6e352d49bcf0e5caa1e2a137b8

Download Submit
C:\Windows\System\GZdOblA.exe

Filesize
2.5MB

MD5
d0b6dea54dc263346e1abd76e79accca

SHA1
02b677902945b53590b3611d01d864c23d482aa6

SHA256
a25d6b1a4ff90c7104cd74424bd1d87681537e7736f5d3318faa750758b85160

SHA512
e122e22a3a60b3aa719f3805d8ccc8bd65fd5f61e99d25fb5be749c5517a2603ffdb2c4353da4508f9b92490767f51685fb7d2146be8513e391b012953a37546

Download Submit
C:\Windows\System\GiyHupO.exe

Filesize
2.5MB

MD5
72ef600e1542eb0b13cab5f138953e22

SHA1
ff9de1d4759de1019ca39e34fa3eeb120572e6d0

SHA256
b62b3399373d7a6340054c5b95401c2f191015105c3c8eb362024d2ef6e1b77a

SHA512
24063998db150562ee1597f8faa8d2bf3847c8a68c2f9cc147335e51f9c321b29b1c5a412b797cb5e3b12ca63ffc58a55a0f5040ebf85615fae0cfbb0ead9927

Download Submit
C:\Windows\System\LTGlMfd.exe

Filesize
2.5MB

MD5
e0778ddd3f252eee1fcebfb52130c7c7

SHA1
d4a4342d4223008d19380c9d3cc992c04ed91a8e

SHA256
6cc3f289a1b082071c499454c603776c3fbf1f1d59201649ea03a3b108af708e

SHA512
81948aeae12c09f5234c790490ac53e2162ba25ddb7fd69df4f262c580cc2c156dded67398de16329b682767a154a773920890998e10f47418baac2d719503f7

Download Submit
C:\Windows\System\MreXIyd.exe

Filesize
2.5MB

MD5
df8c32a36f63876793a388aec33e491b

SHA1
28824f1cb2f0345ba7d845e47e6298482621714c

SHA256
d39ff044a04cc21f999394ea90087777e2e9eeb5e63decafb15e486a7c613eca

SHA512
d58893921a8f3405cf928a323cfa9cb6af2fcd490d515efc470803c5f01c8eb2e417a927b426510a3ec90fe4456263e050d30c40fa3bba22c67d9aea78214e04

Download Submit
C:\Windows\System\OemSQLw.exe

Filesize
2.5MB

MD5
1deb51f3a13aa4e7f19ba57ed0bf8551

SHA1
339b5d9081f19920ac94a765be7bdc93c7bb64a5

SHA256
0977c028df4f812e2c0ea6567a02fbebe6d14d161523713b0e0c9b7fa4106ef1

SHA512
e93b22c8e53c0aef19a9945b4329aeeb5803759179baf4cdf75275a50dcabeec1155fe23ec882aca76e2a376cdb22e63ac695841903b5514a42210bac06d199b

Download Submit
C:\Windows\System\Qpalypp.exe

Filesize
2.5MB

MD5
a041ac2b4aa75ebedd478d460e0bb65b

SHA1
f0e2cdce2e35df519ce4bc4d856cbd98ccc38ad3

SHA256
db82b6fe4ed39a63145c3e86d5148da092ec183ce7a1c65aa4ba6a5d736baf14

SHA512
03c95e282190ab0bb7af8715139a0164c0c6178208502714b537224238b114c33ae62074ce16fcfd19add34ac3d60ac3be643404211b9e21d07ba80db19969dd

Download Submit
C:\Windows\System\RHFzGxq.exe

Filesize
2.5MB

MD5
fd042a2aa49a589ccb7440efd070a790

SHA1
1317211395cc7216f3ce7fd24513de436f26ca1f

SHA256
46543dbd0ad626d6e0b002f5c94cef1bd0e8d4c2254742885bd2f66274a70ef9

SHA512
526456aa24553ee28f337fce67c05970159961bf7d886d916ba25fc3f89ed52e64d561e8ff0aa41e94f04d3067900ef6d39901593d68e03a4e921102c959b464

Download Submit
C:\Windows\System\RkhSUMF.exe

Filesize
2.5MB

MD5
150f1fe8d837147c3616fed01b49f8ba

SHA1
b4430fbfc3b8d204b53af1f7131da07fe6bc76e0

SHA256
ba1801f1976698a8f8b07f631e2d93fc1f9c4056c19045d41d6d93cf9d78f2bc

SHA512
388cc6a2f4382324b82780868a5177fadef911b5c7b0e090d6468563f146c94d30b14a24625fa9a8863787feca8ba1ff20840aef7bf5939cbeff6639df0ccdc5

Download Submit
C:\Windows\System\UKWhVPI.exe

Filesize
2.5MB

MD5
4d5c26b84b2a59021492f4f08114050e

SHA1
a9c0cbb40294c188f6889a2f8afd26d8dbe94ccb

SHA256
756f7871c0b61bf08ef984070059c0852248ca3545e58d2526f3fe9880769cc7

SHA512
4150568fb9ddde3cc9a60c051ce58b8063b7dbdf27131bd89435166631c35b4a320ef97a957e155954f5dde4eb5384f886b0f4f182ec78cb342f9900fb563449

Download Submit
C:\Windows\System\ZyBGffc.exe

Filesize
2.5MB

MD5
0c1e79d9743eacc3cca43129a2b25416

SHA1
bf57a9a6a8ff307ba23ac7640e37b4979a41bfc6

SHA256
37335734f55c889ff16cf795cf51863650b46627c7662bf44b46f24e69d74972

SHA512
056788a088f6a23588562c8da971edc849758069b05c3f49ab0340197abc8811b89eceefc60a46191f1ba3309a46f665ff11903c7d80246f787e398e0b06bba5

Download Submit
C:\Windows\System\aTfnhfH.exe

Filesize
2.5MB

MD5
e787519f3d73baf949f76ef8f15199bc

SHA1
4245ebbddf4dc2b01f6518b9dc4dd4ccf818df25

SHA256
de71bb21ceea194d6c32e3f740a34319df46825a88a418491715461f06619964

SHA512
ae7cc788980d633bbdcc2ccb0f93378bbefab677acd0783e8647b509f0094ec1af197fd602cc5d0560069491f75fce69877385e5e910477307e60818e6a2e469

Download Submit
C:\Windows\System\djgxGSk.exe

Filesize
2.5MB

MD5
eaae01dd2b0c90d67037fb28d96ecd45

SHA1
a312bc313dcca8dd1688d5a238f6a99996656f49

SHA256
e68232a5f809c0affd32a40571c0e3fc6946c5e520280a00dd1086f1854de04b

SHA512
8da9032640e66c35c20873496f9a22390e63bc286c26b4e128822f8de5e77929264028c943513a78281f52c8d03a178b14c49455319f061ea53622c34d2aa96f

Download Submit
C:\Windows\System\eenQEgu.exe

Filesize
2.5MB

MD5
89f02caf0744ab1513fd6f7ab10c4234

SHA1
05542d53c139c96b6aa89ba28e45166fc9f2a93d

SHA256
ad8f1931dc8351a003106a3939281652e85794f9d1f7ee3464658168460f5e89

SHA512
d212d9790896f191dc9ebd548cd9bad2e714a5d2a0b951333f9fdb351a4f3154209c4f5f55fae4b133467aed77c451c76bacf1b8fe272d4640ca89fe528bd37e

Download Submit
C:\Windows\System\fotUqQG.exe

Filesize
2.5MB

MD5
d91ac79c2c1bb188d6c1aacb70d321d7

SHA1
bc302c585301dac855a7df1f1a9d8933f4c77492

SHA256
57d69eb5392db90d13916c3b4ed3e2c2a44287c5795b75ef92d7c961402ae9b7

SHA512
3dd8d68342af7b72bc4e971b61e1482bf1da0b2f0e53389f4598e98884f19b493f691a224a779c7cbb478e2b9b116d1eb3307f1728b2c38b4902604fd410246b

Download Submit
C:\Windows\System\fydUseb.exe

Filesize
2.5MB

MD5
554bca93ca354c95b560c450e93f5572

SHA1
387fcdcf5d78f4219192c8df5b1fc9e6cd04ff77

SHA256
07f08f6da9a534fce6d0b8a6bb77dd2e840c0a95660261f8688fdc7a4c3f840c

SHA512
f61f772ade7080aa34dd9ab78829b94413f736290946445e709184da8779dfef20a4548ebee00ff837fe7e59756397651358af0a83f46f636c4b5a17ee4ff757

Download Submit
C:\Windows\System\hHkOeKv.exe

Filesize
2.5MB

MD5
14190261b9e486223486e7ab45bfe835

SHA1
87f2b82c748afc4e9b52d9e43d18b964f9dcafd9

SHA256
ff300da98b74b3e35f77a723d9c5466701a9f4e9258b98f7fe057620c258cc18

SHA512
9e692927441a1ef946a8c7bbe34140289ce45e162e7b86f56980297564b8b8cbceb9baac3e03252af1349ead9ec4d7d09c66f0e77597a4f5e0e317d4f26183d9

Download Submit
C:\Windows\System\iZZDhla.exe

Filesize
2.5MB

MD5
45ffea18c753cec857e4d908d4c6c83c

SHA1
072618fb16b10df24b6c720b1b3d9b25926ab231

SHA256
aba1894ec16ecc8f32df6df2001a29c3e14f78a65db8463f36ee756deb844912

SHA512
5776d3e6d256c6586a38baea0630584b95cb7b320c60f0b9c2e8fdac56063dcf7509d829d9e915c300a06b029dfcbf2373ea14aa39ca524b612f7c0586bdc1f9

Download Submit
C:\Windows\System\imhUCmw.exe

Filesize
2.5MB

MD5
5e5a958c68c9089e4d6756b4a77638dc

SHA1
f4120fb3a68ddb8628d7f1e8a17b15752ee8d5f5

SHA256
b986aef3c2c15504f6da9cc29ba0cb0050ac24a24a8dfc5a890f8f32db65396f

SHA512
0a304a7294eddec14380bea29b947e15b0502e239a0f62a303e5caa0e259cf7b25acd81352d75049241267b08ff2db7753b76fe64b175560cfbe3a4d4c2c1ca5

Download Submit
C:\Windows\System\nTLjRol.exe

Filesize
2.5MB

MD5
9bf4d47e84a012cded985f77cdae63b0

SHA1
f6d99c1f76c28451837fc1bcaa0740f329daf6a6

SHA256
7a97635b9e3a0924703fccb048643c283b7c0005bd68c9f98bcdcc306e8ddeb4

SHA512
55e486723e12b0a7acb7bf4c168405c51a21577025aeef1e4a262b52d51a9687f8e23367a614e782e6cda1e4a0c9feb9681b99d14317526b60066ff86e193af2

Download Submit
C:\Windows\System\ncKiPFw.exe

Filesize
2.5MB

MD5
6e46c93720e68f23470330fba5bcc086

SHA1
b5208668022cfceaf4eee0de0cdd274769f401f1

SHA256
8025067d4b8540121237b670b0c20dbb5cea039f08bcd9599aca121fca8c67ae

SHA512
ba9acb2d94a50ec20c531689f63de128e72cbd0d9c5e7fcb69c594d9767752077ef240b605f950d4fb3a3c49701d524140521cbc5ee48dac55d06e1e5081b117

Download Submit
C:\Windows\System\oTnYfVQ.exe

Filesize
2.5MB

MD5
dd785d382e6337aaffc0b035a0235336

SHA1
706074ddcd0bee59ff48b9e86f4e75a31c850514

SHA256
9237dfbb00adb22c2cfd2890674481f21b3292773d7a561649d92ef3480cf190

SHA512
0f7e69875b2b4c4edf24f3fed0e14afbe88600f9084cad1affa74122a23b1b7ef6211139958ad688a0f56a225e625a8be3779a2429540eaa350a0b8db30653eb

Download Submit
C:\Windows\System\qErdJpH.exe

Filesize
2.5MB

MD5
6012a466baea64c6f820d46dfe78be3d

SHA1
8e5270b82db4fb5428152ac268677cbdb5809f23

SHA256
37a8024987d459ff1ead9390aa8d2232c375e49343169063184f387c05d06626

SHA512
baa7e2c54a619f3fbf38c183120452b398f8ff8d8e37a315a7e768664439cf53c54068c8bbfbafe88689c915addb92b7cca60d483602fc69ee09a5b8f4792584

Download Submit
C:\Windows\System\skWePji.exe

Filesize
2.5MB

MD5
e4b693fcb31b68218180c373413b271e

SHA1
ab7fa323a4314e5b792f23a20275b198b98e1c69

SHA256
5a5bdc50162c73cadfe2364845c820073fa542ceb0bcb18e21d3e1f22e7849ac

SHA512
3889779b3da2c5d5803a848517078323b3b4af179435376351b9bc0385d8a14fa599ad0fef59dfe38a4646d1f4c921574870e8c1cf1441e8449a3808a51d79dd

Download Submit
C:\Windows\System\teJNpTL.exe

Filesize
2.5MB

MD5
7be7a578eb188da8d7173e80e2a54bd5

SHA1
8e161d6c295c575f688252120432603983da03f9

SHA256
a4db86fd825e115a1ece25dd112a0e8aeb97edac16676c10c7db52939b89f614

SHA512
f1ab3cdf50c32eeff1a2dc12e1379cd84404ddee58ea5277fa09c9bd1cddc93d48199ce5058fedef5b76a74f4897eaef0078abce4f84c15ef8305d2261935bff

Download Submit
C:\Windows\System\uSwanmz.exe

Filesize
2.5MB

MD5
a5a1dde7fb06e2fedae87204089dcc75

SHA1
293ed451708cd0f919bed0d6b8c92df61ff0ef47

SHA256
239a3171088537d0fe45d7186fed15f856a0f237899ce3fccb9b63ac31bc22a9

SHA512
1d3610404afb377f8bb0c2a2f6eb334b4029b574e94d5e7bdf8886a12215285981cf3678e064dac50e0a4a6078072479069ba857acf0620af268e1d7dc391c81

Download Submit
C:\Windows\System\wDKDikL.exe

Filesize
2.5MB

MD5
c89612c9a88fef22fb3395f6ed979d8c

SHA1
a19df1f760fd2d350529789e9d28b4f57252b690

SHA256
bdb5c295fd9f23702dab8545ce537013289548499c0e0b8503bd9970cf5e35f4

SHA512
16f2bf1d629963bc62966c4c9ae23b9c02843de78168647fe047ceeef71afbcc615b8666e8d3340c8b204f7b3583e804ac862449a512b52d2ad2a9c878e7942d

Download Submit
C:\Windows\System\xPcqsvn.exe

Filesize
2.5MB

MD5
186505e6b8ebea072950e82a54455c9e

SHA1
76d9b360ef9e302130571fd3d47fd00a87908d60

SHA256
f018321d143c80f9dd6b5c88ea50f162ec6db565ba275ea50812c6f067981c64

SHA512
60df6b8a23fda341c49920e07f8c31b62614b4bc3a6a8975744ddb69c5dded3b9e3bd11200e94179aff10db99b97cc843fb89cb740fbb384adf900ae4226595d

Download Submit
C:\Windows\System\xaoKMyW.exe

Filesize
2.5MB

MD5
11a290a2990915eed6d88382aeb24325

SHA1
61bc24a0582cbea92d5f82d1adc591f91011565b

SHA256
004a1ee0bcd95e72e681ae3ced349e0870575f2506a25dc586cdd3ef0f9608ac

SHA512
30e4d3d42bf79f85f1a4bddaf777b301b1026f83500655fab34e19fade4c0a2df649098daa996db1554da5cdea5af4f325be5a05ce928660633ef4f46f07742b

Download Submit
C:\Windows\System\yvIGtyg.exe

Filesize
2.5MB

MD5
22e05a7a3abc13713ee47c747d45b599

SHA1
d0b2eba84c6e36d858750e6c7d9a11acb7de002b

SHA256
b8ea12aadb18bfcbcc3a3df1757e29fbe839dd55104474c2b9cd777809849f4a

SHA512
7101118866fbf9bfd4812340175df0296387f2eec93fa76830e68706d275d53b10b9519cfb555b4930fc372ce1d9123ca0653c586b624f49b475220cc601744f

Download Submit
memory/60-2184-0x00007FF664280000-0x00007FF6645D4000-memory.dmp

Filesize
3.3MB

Download
memory/60-123-0x00007FF664280000-0x00007FF6645D4000-memory.dmp

Filesize
3.3MB

Download
memory/60-2160-0x00007FF664280000-0x00007FF6645D4000-memory.dmp

Filesize
3.3MB

Download
memory/228-2178-0x00007FF65F320000-0x00007FF65F674000-memory.dmp

Filesize
3.3MB

Download
memory/228-99-0x00007FF65F320000-0x00007FF65F674000-memory.dmp

Filesize
3.3MB

Download
memory/544-2161-0x00007FF6A0A30000-0x00007FF6A0D84000-memory.dmp

Filesize
3.3MB

Download
memory/544-2185-0x00007FF6A0A30000-0x00007FF6A0D84000-memory.dmp

Filesize
3.3MB

Download
memory/544-142-0x00007FF6A0A30000-0x00007FF6A0D84000-memory.dmp

Filesize
3.3MB

Download
memory/908-2165-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp

Filesize
3.3MB

Download
memory/908-28-0x00007FF634CA0000-0x00007FF634FF4000-memory.dmp

Filesize
3.3MB

Download
memory/924-103-0x00007FF676ED0000-0x00007FF677224000-memory.dmp

Filesize
3.3MB

Download
memory/924-2170-0x00007FF676ED0000-0x00007FF677224000-memory.dmp

Filesize
3.3MB

Download
memory/1080-150-0x00007FF611690000-0x00007FF6119E4000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2163-0x00007FF611690000-0x00007FF6119E4000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2188-0x00007FF611690000-0x00007FF6119E4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2176-0x00007FF7D9DF0000-0x00007FF7DA144000-memory.dmp

Filesize
3.3MB

Download
memory/1796-102-0x00007FF7D9DF0000-0x00007FF7DA144000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2186-0x00007FF704550000-0x00007FF7048A4000-memory.dmp

Filesize
3.3MB

Download
memory/1904-166-0x00007FF704550000-0x00007FF7048A4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-1842-0x00007FF7F47A0000-0x00007FF7F4AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2169-0x00007FF7F47A0000-0x00007FF7F4AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-81-0x00007FF7F47A0000-0x00007FF7F4AF4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2172-0x00007FF6E4C70000-0x00007FF6E4FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-67-0x00007FF6E4C70000-0x00007FF6E4FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1834-0x00007FF6E4C70000-0x00007FF6E4FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2174-0x00007FF6F4C30000-0x00007FF6F4F84000-memory.dmp

Filesize
3.3MB

Download
memory/2080-100-0x00007FF6F4C30000-0x00007FF6F4F84000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2182-0x00007FF798CD0000-0x00007FF799024000-memory.dmp

Filesize
3.3MB

Download
memory/2328-160-0x00007FF798CD0000-0x00007FF799024000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2171-0x00007FF678550000-0x00007FF6788A4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-97-0x00007FF678550000-0x00007FF6788A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-38-0x00007FF7BA270000-0x00007FF7BA5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-2168-0x00007FF7BA270000-0x00007FF7BA5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-0-0x00007FF78D480000-0x00007FF78D7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1281-0x00007FF78D480000-0x00007FF78D7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1-0x0000024CCCED0000-0x0000024CCCEE0000-memory.dmp

Filesize
64KB

Download
memory/2636-12-0x00007FF7B8820000-0x00007FF7B8B74000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2164-0x00007FF7B8820000-0x00007FF7B8B74000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1828-0x00007FF7B8820000-0x00007FF7B8B74000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2191-0x00007FF7ECB40000-0x00007FF7ECE94000-memory.dmp

Filesize
3.3MB

Download
memory/2676-191-0x00007FF7ECB40000-0x00007FF7ECE94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2166-0x00007FF6BA190000-0x00007FF6BA4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-35-0x00007FF6BA190000-0x00007FF6BA4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2179-0x00007FF6D8030000-0x00007FF6D8384000-memory.dmp

Filesize
3.3MB

Download
memory/3028-104-0x00007FF6D8030000-0x00007FF6D8384000-memory.dmp

Filesize
3.3MB

Download
memory/3212-101-0x00007FF787890000-0x00007FF787BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-2173-0x00007FF787890000-0x00007FF787BE4000-memory.dmp

Filesize
3.3MB

Download
memory/3216-190-0x00007FF6ECF00000-0x00007FF6ED254000-memory.dmp

Filesize
3.3MB

Download
memory/3216-2190-0x00007FF6ECF00000-0x00007FF6ED254000-memory.dmp

Filesize
3.3MB

Download
memory/3244-2177-0x00007FF7897A0000-0x00007FF789AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3244-83-0x00007FF7897A0000-0x00007FF789AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-118-0x00007FF6C24E0000-0x00007FF6C2834000-memory.dmp

Filesize
3.3MB

Download
memory/3320-2181-0x00007FF6C24E0000-0x00007FF6C2834000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2189-0x00007FF6DC560000-0x00007FF6DC8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3508-181-0x00007FF6DC560000-0x00007FF6DC8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-145-0x00007FF656F60000-0x00007FF6572B4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2187-0x00007FF656F60000-0x00007FF6572B4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2162-0x00007FF656F60000-0x00007FF6572B4000-memory.dmp

Filesize
3.3MB

Download
memory/4296-88-0x00007FF621120000-0x00007FF621474000-memory.dmp

Filesize
3.3MB

Download
memory/4296-2175-0x00007FF621120000-0x00007FF621474000-memory.dmp

Filesize
3.3MB

Download
memory/4432-2192-0x00007FF78EE60000-0x00007FF78F1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4432-174-0x00007FF78EE60000-0x00007FF78F1B4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2167-0x00007FF7CCDC0000-0x00007FF7CD114000-memory.dmp

Filesize
3.3MB

Download
memory/4560-48-0x00007FF7CCDC0000-0x00007FF7CD114000-memory.dmp

Filesize
3.3MB

Download
memory/4816-134-0x00007FF74CE40000-0x00007FF74D194000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2183-0x00007FF74CE40000-0x00007FF74D194000-memory.dmp

Filesize
3.3MB

Download
memory/5040-98-0x00007FF64B420000-0x00007FF64B774000-memory.dmp

Filesize
3.3MB

Download
memory/5040-2180-0x00007FF64B420000-0x00007FF64B774000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads