kpot | 4389f9f7434c3e9820b1fb7e5321de3a9f90e49be95399b26a5c1767aba97ef6

Analysis

max time kernel
149s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
Size

2.5MB
MD5

cb91d658d40e150e51dac94e62aa55b0
SHA1

886722b5543f97e566666b2acb8e3c645b383230
SHA256

4389f9f7434c3e9820b1fb7e5321de3a9f90e49be95399b26a5c1767aba97ef6
SHA512

549d59fb42dbd296506eefb34aa0e3faf33d15a74536222a6edc74e853135c9c37938edf78c811a8ef0957d2fa0d6c3c4dbcc551e952abbee573397e6acf240f
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6tdlmU1/eohW:oemTLkNdfE0pZrw6

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023418-6.dat	family_kpot
behavioral2/files/0x0007000000023419-10.dat	family_kpot
behavioral2/files/0x000700000002341b-28.dat	family_kpot
behavioral2/files/0x000700000002341c-29.dat	family_kpot
behavioral2/files/0x0007000000023422-60.dat	family_kpot
behavioral2/files/0x0007000000023427-75.dat	family_kpot
behavioral2/files/0x0007000000023424-86.dat	family_kpot
behavioral2/files/0x0007000000023428-98.dat	family_kpot
behavioral2/files/0x0007000000023426-91.dat	family_kpot
behavioral2/files/0x0007000000023425-89.dat	family_kpot
behavioral2/files/0x0007000000023423-83.dat	family_kpot
behavioral2/files/0x000700000002341f-80.dat	family_kpot
behavioral2/files/0x0007000000023421-77.dat	family_kpot
behavioral2/files/0x0007000000023420-72.dat	family_kpot
behavioral2/files/0x000700000002341d-59.dat	family_kpot
behavioral2/files/0x000700000002341e-53.dat	family_kpot
behavioral2/files/0x000700000002341a-19.dat	family_kpot
behavioral2/files/0x0007000000023429-106.dat	family_kpot
behavioral2/files/0x000700000002342b-121.dat	family_kpot
behavioral2/files/0x0007000000023434-178.dat	family_kpot
behavioral2/files/0x0007000000023433-191.dat	family_kpot
behavioral2/files/0x0007000000023435-189.dat	family_kpot
behavioral2/files/0x0007000000023437-182.dat	family_kpot
behavioral2/files/0x0007000000023436-181.dat	family_kpot
behavioral2/files/0x0007000000023430-176.dat	family_kpot
behavioral2/files/0x0007000000023431-165.dat	family_kpot
behavioral2/files/0x0007000000023432-158.dat	family_kpot
behavioral2/files/0x000700000002342e-157.dat	family_kpot
behavioral2/files/0x000700000002342f-156.dat	family_kpot
behavioral2/files/0x000700000002342d-150.dat	family_kpot
behavioral2/files/0x000700000002342c-148.dat	family_kpot
behavioral2/files/0x000700000002342a-126.dat	family_kpot
behavioral2/files/0x0009000000023416-118.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4448-0-0x00007FF790600000-0x00007FF790954000-memory.dmp	xmrig
behavioral2/files/0x0008000000023418-6.dat	xmrig
behavioral2/files/0x0007000000023419-10.dat	xmrig
behavioral2/files/0x000700000002341b-28.dat	xmrig
behavioral2/files/0x000700000002341c-29.dat	xmrig
behavioral2/files/0x0007000000023422-60.dat	xmrig
behavioral2/files/0x0007000000023427-75.dat	xmrig
behavioral2/files/0x0007000000023424-86.dat	xmrig
behavioral2/memory/4544-101-0x00007FF6424A0000-0x00007FF6427F4000-memory.dmp	xmrig
behavioral2/memory/5060-104-0x00007FF6C2A20000-0x00007FF6C2D74000-memory.dmp	xmrig
behavioral2/memory/4676-103-0x00007FF741CB0000-0x00007FF742004000-memory.dmp	xmrig
behavioral2/memory/4996-102-0x00007FF6445E0000-0x00007FF644934000-memory.dmp	xmrig
behavioral2/memory/4644-100-0x00007FF6A42E0000-0x00007FF6A4634000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-98.dat	xmrig
behavioral2/memory/3548-97-0x00007FF779D80000-0x00007FF77A0D4000-memory.dmp	xmrig
behavioral2/memory/4624-94-0x00007FF6BFC60000-0x00007FF6BFFB4000-memory.dmp	xmrig
behavioral2/memory/1772-93-0x00007FF73BCC0000-0x00007FF73C014000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-91.dat	xmrig
behavioral2/files/0x0007000000023425-89.dat	xmrig
behavioral2/memory/1800-88-0x00007FF7C44D0000-0x00007FF7C4824000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-83.dat	xmrig
behavioral2/files/0x000700000002341f-80.dat	xmrig
behavioral2/files/0x0007000000023421-77.dat	xmrig
behavioral2/memory/2652-76-0x00007FF6FD550000-0x00007FF6FD8A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-72.dat	xmrig
behavioral2/memory/4888-64-0x00007FF6622D0000-0x00007FF662624000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-59.dat	xmrig
behavioral2/memory/3928-54-0x00007FF798D60000-0x00007FF7990B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-53.dat	xmrig
behavioral2/memory/4520-49-0x00007FF663300000-0x00007FF663654000-memory.dmp	xmrig
behavioral2/memory/2372-38-0x00007FF7BCE30000-0x00007FF7BD184000-memory.dmp	xmrig
behavioral2/memory/3008-24-0x00007FF6D0190000-0x00007FF6D04E4000-memory.dmp	xmrig
behavioral2/memory/3040-21-0x00007FF73AA90000-0x00007FF73ADE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-19.dat	xmrig
behavioral2/memory/3432-18-0x00007FF7CA060000-0x00007FF7CA3B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-106.dat	xmrig
behavioral2/memory/644-114-0x00007FF7B12E0000-0x00007FF7B1634000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-121.dat	xmrig
behavioral2/memory/1832-163-0x00007FF7693A0000-0x00007FF7696F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023434-178.dat	xmrig
behavioral2/memory/4080-184-0x00007FF7D7E00000-0x00007FF7D8154000-memory.dmp	xmrig
behavioral2/memory/3200-186-0x00007FF6869C0000-0x00007FF686D14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-191.dat	xmrig
behavioral2/files/0x0007000000023435-189.dat	xmrig
behavioral2/memory/668-185-0x00007FF6A54F0000-0x00007FF6A5844000-memory.dmp	xmrig
behavioral2/memory/4656-183-0x00007FF762F80000-0x00007FF7632D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-182.dat	xmrig
behavioral2/files/0x0007000000023436-181.dat	xmrig
behavioral2/files/0x0007000000023430-176.dat	xmrig
behavioral2/memory/216-173-0x00007FF761360000-0x00007FF7616B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-165.dat	xmrig
behavioral2/files/0x0007000000023432-158.dat	xmrig
behavioral2/files/0x000700000002342e-157.dat	xmrig
behavioral2/files/0x000700000002342f-156.dat	xmrig
behavioral2/memory/5096-154-0x00007FF760760000-0x00007FF760AB4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342d-150.dat	xmrig
behavioral2/files/0x000700000002342c-148.dat	xmrig
behavioral2/memory/3824-145-0x00007FF705F60000-0x00007FF7062B4000-memory.dmp	xmrig
behavioral2/memory/212-136-0x00007FF787910000-0x00007FF787C64000-memory.dmp	xmrig
behavioral2/memory/3148-133-0x00007FF6502C0000-0x00007FF650614000-memory.dmp	xmrig
behavioral2/memory/3896-127-0x00007FF6886B0000-0x00007FF688A04000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-126.dat	xmrig
behavioral2/files/0x0009000000023416-118.dat	xmrig
behavioral2/memory/4448-956-0x00007FF790600000-0x00007FF790954000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3432	rluadMs.exe
3008	VURBtlb.exe
3040	DYvEIyz.exe
2372	qxmKyEK.exe
4520	OaHZYZY.exe
3928	CUMAyJy.exe
4644	sCUBjNk.exe
4544	IkjoGyr.exe
4888	IiCsdRO.exe
4996	MAuhCfD.exe
2652	eeWxjeA.exe
1800	PwaqTho.exe
1772	nlYJdnx.exe
4624	MVpYxPT.exe
4676	UjeQaaO.exe
3548	IkqmuYz.exe
5060	CBbwfSk.exe
644	TIPemkW.exe
3896	hqYDhPU.exe
3148	FzoRJME.exe
212	mpcEBho.exe
4656	oKoFHVJ.exe
3824	zFPIydw.exe
4080	kXgZuJt.exe
5096	yFxNpoM.exe
668	pBGIWtR.exe
1832	uvbieLQ.exe
216	AmknTBT.exe
3200	dJtMhPG.exe
3752	bIvxpaI.exe
632	DucmTlE.exe
1528	uzKGXHY.exe
2740	CQgMqkK.exe
3880	yfQuFJP.exe
3776	DSSEeNx.exe
712	sKfpYqE.exe
1216	RrIwufI.exe
2328	iJWyUjp.exe
3948	fBtQnXg.exe
532	gTunykI.exe
4152	TspyFkB.exe
1944	lCtcyal.exe
1840	GYqwrbx.exe
740	zKCmkzA.exe
4928	TjqaLqa.exe
3912	VplIYPQ.exe
4300	JburHhZ.exe
3424	WtGVlsI.exe
4428	Alvhpls.exe
4400	WCBxOZB.exe
1824	XHHxszO.exe
3784	TKPAwmn.exe
4180	kGObqsW.exe
4316	jNTBHmG.exe
2112	QOZpPLk.exe
3468	JdBWtLF.exe
3088	JXiTHMd.exe
2132	DooHHrT.exe
3508	QQxtWnc.exe
3204	vNebuJq.exe
1396	JzlwVQz.exe
2148	QMhGjWU.exe
2856	cmFfskg.exe
2184	fjeOkkV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4448-0-0x00007FF790600000-0x00007FF790954000-memory.dmp	upx
behavioral2/files/0x0008000000023418-6.dat	upx
behavioral2/files/0x0007000000023419-10.dat	upx
behavioral2/files/0x000700000002341b-28.dat	upx
behavioral2/files/0x000700000002341c-29.dat	upx
behavioral2/files/0x0007000000023422-60.dat	upx
behavioral2/files/0x0007000000023427-75.dat	upx
behavioral2/files/0x0007000000023424-86.dat	upx
behavioral2/memory/4544-101-0x00007FF6424A0000-0x00007FF6427F4000-memory.dmp	upx
behavioral2/memory/5060-104-0x00007FF6C2A20000-0x00007FF6C2D74000-memory.dmp	upx
behavioral2/memory/4676-103-0x00007FF741CB0000-0x00007FF742004000-memory.dmp	upx
behavioral2/memory/4996-102-0x00007FF6445E0000-0x00007FF644934000-memory.dmp	upx
behavioral2/memory/4644-100-0x00007FF6A42E0000-0x00007FF6A4634000-memory.dmp	upx
behavioral2/files/0x0007000000023428-98.dat	upx
behavioral2/memory/3548-97-0x00007FF779D80000-0x00007FF77A0D4000-memory.dmp	upx
behavioral2/memory/4624-94-0x00007FF6BFC60000-0x00007FF6BFFB4000-memory.dmp	upx
behavioral2/memory/1772-93-0x00007FF73BCC0000-0x00007FF73C014000-memory.dmp	upx
behavioral2/files/0x0007000000023426-91.dat	upx
behavioral2/files/0x0007000000023425-89.dat	upx
behavioral2/memory/1800-88-0x00007FF7C44D0000-0x00007FF7C4824000-memory.dmp	upx
behavioral2/files/0x0007000000023423-83.dat	upx
behavioral2/files/0x000700000002341f-80.dat	upx
behavioral2/files/0x0007000000023421-77.dat	upx
behavioral2/memory/2652-76-0x00007FF6FD550000-0x00007FF6FD8A4000-memory.dmp	upx
behavioral2/files/0x0007000000023420-72.dat	upx
behavioral2/memory/4888-64-0x00007FF6622D0000-0x00007FF662624000-memory.dmp	upx
behavioral2/files/0x000700000002341d-59.dat	upx
behavioral2/memory/3928-54-0x00007FF798D60000-0x00007FF7990B4000-memory.dmp	upx
behavioral2/files/0x000700000002341e-53.dat	upx
behavioral2/memory/4520-49-0x00007FF663300000-0x00007FF663654000-memory.dmp	upx
behavioral2/memory/2372-38-0x00007FF7BCE30000-0x00007FF7BD184000-memory.dmp	upx
behavioral2/memory/3008-24-0x00007FF6D0190000-0x00007FF6D04E4000-memory.dmp	upx
behavioral2/memory/3040-21-0x00007FF73AA90000-0x00007FF73ADE4000-memory.dmp	upx
behavioral2/files/0x000700000002341a-19.dat	upx
behavioral2/memory/3432-18-0x00007FF7CA060000-0x00007FF7CA3B4000-memory.dmp	upx
behavioral2/files/0x0007000000023429-106.dat	upx
behavioral2/memory/644-114-0x00007FF7B12E0000-0x00007FF7B1634000-memory.dmp	upx
behavioral2/files/0x000700000002342b-121.dat	upx
behavioral2/memory/1832-163-0x00007FF7693A0000-0x00007FF7696F4000-memory.dmp	upx
behavioral2/files/0x0007000000023434-178.dat	upx
behavioral2/memory/4080-184-0x00007FF7D7E00000-0x00007FF7D8154000-memory.dmp	upx
behavioral2/memory/3200-186-0x00007FF6869C0000-0x00007FF686D14000-memory.dmp	upx
behavioral2/files/0x0007000000023433-191.dat	upx
behavioral2/files/0x0007000000023435-189.dat	upx
behavioral2/memory/668-185-0x00007FF6A54F0000-0x00007FF6A5844000-memory.dmp	upx
behavioral2/memory/4656-183-0x00007FF762F80000-0x00007FF7632D4000-memory.dmp	upx
behavioral2/files/0x0007000000023437-182.dat	upx
behavioral2/files/0x0007000000023436-181.dat	upx
behavioral2/files/0x0007000000023430-176.dat	upx
behavioral2/memory/216-173-0x00007FF761360000-0x00007FF7616B4000-memory.dmp	upx
behavioral2/files/0x0007000000023431-165.dat	upx
behavioral2/files/0x0007000000023432-158.dat	upx
behavioral2/files/0x000700000002342e-157.dat	upx
behavioral2/files/0x000700000002342f-156.dat	upx
behavioral2/memory/5096-154-0x00007FF760760000-0x00007FF760AB4000-memory.dmp	upx
behavioral2/files/0x000700000002342d-150.dat	upx
behavioral2/files/0x000700000002342c-148.dat	upx
behavioral2/memory/3824-145-0x00007FF705F60000-0x00007FF7062B4000-memory.dmp	upx
behavioral2/memory/212-136-0x00007FF787910000-0x00007FF787C64000-memory.dmp	upx
behavioral2/memory/3148-133-0x00007FF6502C0000-0x00007FF650614000-memory.dmp	upx
behavioral2/memory/3896-127-0x00007FF6886B0000-0x00007FF688A04000-memory.dmp	upx
behavioral2/files/0x000700000002342a-126.dat	upx
behavioral2/files/0x0009000000023416-118.dat	upx
behavioral2/memory/4448-956-0x00007FF790600000-0x00007FF790954000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jUyaKmW.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\rjZAoFz.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\MoLChmB.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\qQPkixO.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\TFqMCSD.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\xaDEmXh.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\oNtSaPm.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\TspyFkB.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\KvvvBCk.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\SfzSPyX.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\EAvsroy.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\nrgYmdc.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\nDTpdud.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\rKNTLmD.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\YyozFfl.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\iKiVIKm.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\VzTaaZg.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\UyQxvEK.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\WehowEx.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\brHKwxf.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\yRSFkgI.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\LZNaydW.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\kkJKlzK.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\lYGiIiz.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\TRDPGds.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\jpceyXL.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\zfZRduC.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\wRyXtdh.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\VSVNyKp.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\VSqszsE.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\yWfOqID.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\ftAwsVl.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\nrbEjaa.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\EkwhTre.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\NSTYTCG.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\ovHrNTT.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\ZudWUkb.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\cYZbzTB.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\UGGgGUl.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\dWPpbyF.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\dJHqDzz.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\HVpQoul.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\HseIMiP.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\wkutKrG.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\LgmnPIe.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\bStHtqe.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\GYqwrbx.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\KMBxVmJ.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\BfOiLTO.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\LelnoKZ.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\LAyTNZq.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\wakGPFO.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\SVCNOOP.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\SHHmcLg.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\kXgZuJt.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\wQZRnNv.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\gpOnJRL.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\jNTBHmG.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\iTeEKvD.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\msWXKLn.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\gNOsiCo.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\hAtBTmh.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\jqeRAZM.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
File created	C:\Windows\System\nOETuAZ.exe	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14568	dwm.exe
Token: SeChangeNotifyPrivilege	14568	dwm.exe
Token: 33	14568	dwm.exe
Token: SeIncBasePriorityPrivilege	14568	dwm.exe
Token: SeShutdownPrivilege	14568	dwm.exe
Token: SeCreatePagefilePrivilege	14568	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 3432	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	82
PID 4448 wrote to memory of 3432	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	82
PID 4448 wrote to memory of 3008	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	83
PID 4448 wrote to memory of 3008	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	83
PID 4448 wrote to memory of 3040	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	84
PID 4448 wrote to memory of 3040	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	84
PID 4448 wrote to memory of 4520	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	85
PID 4448 wrote to memory of 4520	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	85
PID 4448 wrote to memory of 2372	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	86
PID 4448 wrote to memory of 2372	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	86
PID 4448 wrote to memory of 3928	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	87
PID 4448 wrote to memory of 3928	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	87
PID 4448 wrote to memory of 4644	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	88
PID 4448 wrote to memory of 4644	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	88
PID 4448 wrote to memory of 4544	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	89
PID 4448 wrote to memory of 4544	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	89
PID 4448 wrote to memory of 4888	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	90
PID 4448 wrote to memory of 4888	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	90
PID 4448 wrote to memory of 4996	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	91
PID 4448 wrote to memory of 4996	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	91
PID 4448 wrote to memory of 2652	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	92
PID 4448 wrote to memory of 2652	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	92
PID 4448 wrote to memory of 1800	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	93
PID 4448 wrote to memory of 1800	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	93
PID 4448 wrote to memory of 1772	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	94
PID 4448 wrote to memory of 1772	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	94
PID 4448 wrote to memory of 4624	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	95
PID 4448 wrote to memory of 4624	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	95
PID 4448 wrote to memory of 4676	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	96
PID 4448 wrote to memory of 4676	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	96
PID 4448 wrote to memory of 3548	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	97
PID 4448 wrote to memory of 3548	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	97
PID 4448 wrote to memory of 5060	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	98
PID 4448 wrote to memory of 5060	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	98
PID 4448 wrote to memory of 644	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	99
PID 4448 wrote to memory of 644	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	99
PID 4448 wrote to memory of 3896	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	100
PID 4448 wrote to memory of 3896	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	100
PID 4448 wrote to memory of 3148	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	101
PID 4448 wrote to memory of 3148	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	101
PID 4448 wrote to memory of 212	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	102
PID 4448 wrote to memory of 212	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	102
PID 4448 wrote to memory of 4656	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	103
PID 4448 wrote to memory of 4656	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	103
PID 4448 wrote to memory of 3824	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	104
PID 4448 wrote to memory of 3824	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	104
PID 4448 wrote to memory of 4080	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	105
PID 4448 wrote to memory of 4080	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	105
PID 4448 wrote to memory of 5096	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	106
PID 4448 wrote to memory of 5096	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	106
PID 4448 wrote to memory of 668	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	107
PID 4448 wrote to memory of 668	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	107
PID 4448 wrote to memory of 1832	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	108
PID 4448 wrote to memory of 1832	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	108
PID 4448 wrote to memory of 216	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	110
PID 4448 wrote to memory of 216	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	110
PID 4448 wrote to memory of 632	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	111
PID 4448 wrote to memory of 632	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	111
PID 4448 wrote to memory of 3200	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	112
PID 4448 wrote to memory of 3200	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	112
PID 4448 wrote to memory of 3752	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	113
PID 4448 wrote to memory of 3752	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	113
PID 4448 wrote to memory of 1528	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	114
PID 4448 wrote to memory of 1528	4448	cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cb91d658d40e150e51dac94e62aa55b0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Windows\System\rluadMs.exe
  C:\Windows\System\rluadMs.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\VURBtlb.exe
  C:\Windows\System\VURBtlb.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\DYvEIyz.exe
  C:\Windows\System\DYvEIyz.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\OaHZYZY.exe
  C:\Windows\System\OaHZYZY.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\qxmKyEK.exe
  C:\Windows\System\qxmKyEK.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\CUMAyJy.exe
  C:\Windows\System\CUMAyJy.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\sCUBjNk.exe
  C:\Windows\System\sCUBjNk.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\IkjoGyr.exe
  C:\Windows\System\IkjoGyr.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\IiCsdRO.exe
  C:\Windows\System\IiCsdRO.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\MAuhCfD.exe
  C:\Windows\System\MAuhCfD.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\eeWxjeA.exe
  C:\Windows\System\eeWxjeA.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\PwaqTho.exe
  C:\Windows\System\PwaqTho.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\nlYJdnx.exe
  C:\Windows\System\nlYJdnx.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\MVpYxPT.exe
  C:\Windows\System\MVpYxPT.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\UjeQaaO.exe
  C:\Windows\System\UjeQaaO.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\IkqmuYz.exe
  C:\Windows\System\IkqmuYz.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\CBbwfSk.exe
  C:\Windows\System\CBbwfSk.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\TIPemkW.exe
  C:\Windows\System\TIPemkW.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\hqYDhPU.exe
  C:\Windows\System\hqYDhPU.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\FzoRJME.exe
  C:\Windows\System\FzoRJME.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\mpcEBho.exe
  C:\Windows\System\mpcEBho.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\oKoFHVJ.exe
  C:\Windows\System\oKoFHVJ.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\zFPIydw.exe
  C:\Windows\System\zFPIydw.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\kXgZuJt.exe
  C:\Windows\System\kXgZuJt.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\yFxNpoM.exe
  C:\Windows\System\yFxNpoM.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\pBGIWtR.exe
  C:\Windows\System\pBGIWtR.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\uvbieLQ.exe
  C:\Windows\System\uvbieLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\AmknTBT.exe
  C:\Windows\System\AmknTBT.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\DucmTlE.exe
  C:\Windows\System\DucmTlE.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\dJtMhPG.exe
  C:\Windows\System\dJtMhPG.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\bIvxpaI.exe
  C:\Windows\System\bIvxpaI.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\uzKGXHY.exe
  C:\Windows\System\uzKGXHY.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\CQgMqkK.exe
  C:\Windows\System\CQgMqkK.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\yfQuFJP.exe
  C:\Windows\System\yfQuFJP.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\DSSEeNx.exe
  C:\Windows\System\DSSEeNx.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\sKfpYqE.exe
  C:\Windows\System\sKfpYqE.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\RrIwufI.exe
  C:\Windows\System\RrIwufI.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\iJWyUjp.exe
  C:\Windows\System\iJWyUjp.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\fBtQnXg.exe
  C:\Windows\System\fBtQnXg.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\gTunykI.exe
  C:\Windows\System\gTunykI.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\TspyFkB.exe
  C:\Windows\System\TspyFkB.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\lCtcyal.exe
  C:\Windows\System\lCtcyal.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\GYqwrbx.exe
  C:\Windows\System\GYqwrbx.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\zKCmkzA.exe
  C:\Windows\System\zKCmkzA.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\TjqaLqa.exe
  C:\Windows\System\TjqaLqa.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\VplIYPQ.exe
  C:\Windows\System\VplIYPQ.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\JburHhZ.exe
  C:\Windows\System\JburHhZ.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\WtGVlsI.exe
  C:\Windows\System\WtGVlsI.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\Alvhpls.exe
  C:\Windows\System\Alvhpls.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\WCBxOZB.exe
  C:\Windows\System\WCBxOZB.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\XHHxszO.exe
  C:\Windows\System\XHHxszO.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\TKPAwmn.exe
  C:\Windows\System\TKPAwmn.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\kGObqsW.exe
  C:\Windows\System\kGObqsW.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\jNTBHmG.exe
  C:\Windows\System\jNTBHmG.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\QOZpPLk.exe
  C:\Windows\System\QOZpPLk.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\JdBWtLF.exe
  C:\Windows\System\JdBWtLF.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\JXiTHMd.exe
  C:\Windows\System\JXiTHMd.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\DooHHrT.exe
  C:\Windows\System\DooHHrT.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\QQxtWnc.exe
  C:\Windows\System\QQxtWnc.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\vNebuJq.exe
  C:\Windows\System\vNebuJq.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\JzlwVQz.exe
  C:\Windows\System\JzlwVQz.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\QMhGjWU.exe
  C:\Windows\System\QMhGjWU.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\cmFfskg.exe
  C:\Windows\System\cmFfskg.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\fjeOkkV.exe
  C:\Windows\System\fjeOkkV.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\MfLrvPV.exe
  C:\Windows\System\MfLrvPV.exe
  2⤵
  PID:4856
- C:\Windows\System\YyozFfl.exe
  C:\Windows\System\YyozFfl.exe
  2⤵
  PID:924
- C:\Windows\System\jyHvVSa.exe
  C:\Windows\System\jyHvVSa.exe
  2⤵
  PID:3668
- C:\Windows\System\JmofoSC.exe
  C:\Windows\System\JmofoSC.exe
  2⤵
  PID:2404
- C:\Windows\System\jUyaKmW.exe
  C:\Windows\System\jUyaKmW.exe
  2⤵
  PID:2548
- C:\Windows\System\hDMlaRZ.exe
  C:\Windows\System\hDMlaRZ.exe
  2⤵
  PID:1012
- C:\Windows\System\VPWvjsM.exe
  C:\Windows\System\VPWvjsM.exe
  2⤵
  PID:2456
- C:\Windows\System\GXoboeu.exe
  C:\Windows\System\GXoboeu.exe
  2⤵
  PID:1304
- C:\Windows\System\SUZtmiu.exe
  C:\Windows\System\SUZtmiu.exe
  2⤵
  PID:1336
- C:\Windows\System\DwHIQMv.exe
  C:\Windows\System\DwHIQMv.exe
  2⤵
  PID:5080
- C:\Windows\System\alqKrsT.exe
  C:\Windows\System\alqKrsT.exe
  2⤵
  PID:3356
- C:\Windows\System\SAWWcwt.exe
  C:\Windows\System\SAWWcwt.exe
  2⤵
  PID:936
- C:\Windows\System\zBqyivs.exe
  C:\Windows\System\zBqyivs.exe
  2⤵
  PID:3828
- C:\Windows\System\fAiCELT.exe
  C:\Windows\System\fAiCELT.exe
  2⤵
  PID:4440
- C:\Windows\System\wakGPFO.exe
  C:\Windows\System\wakGPFO.exe
  2⤵
  PID:2688
- C:\Windows\System\NGNJCsU.exe
  C:\Windows\System\NGNJCsU.exe
  2⤵
  PID:4768
- C:\Windows\System\gNOsiCo.exe
  C:\Windows\System\gNOsiCo.exe
  2⤵
  PID:2556
- C:\Windows\System\TmBRAhv.exe
  C:\Windows\System\TmBRAhv.exe
  2⤵
  PID:552
- C:\Windows\System\MCJdtkA.exe
  C:\Windows\System\MCJdtkA.exe
  2⤵
  PID:4332
- C:\Windows\System\vnIPFQa.exe
  C:\Windows\System\vnIPFQa.exe
  2⤵
  PID:2648
- C:\Windows\System\LAyTNZq.exe
  C:\Windows\System\LAyTNZq.exe
  2⤵
  PID:4612
- C:\Windows\System\rjZAoFz.exe
  C:\Windows\System\rjZAoFz.exe
  2⤵
  PID:4596
- C:\Windows\System\WwMlEKf.exe
  C:\Windows\System\WwMlEKf.exe
  2⤵
  PID:2668
- C:\Windows\System\yWfOqID.exe
  C:\Windows\System\yWfOqID.exe
  2⤵
  PID:2804
- C:\Windows\System\maLZcvz.exe
  C:\Windows\System\maLZcvz.exe
  2⤵
  PID:5056
- C:\Windows\System\dWPpbyF.exe
  C:\Windows\System\dWPpbyF.exe
  2⤵
  PID:1484
- C:\Windows\System\UZCFQeT.exe
  C:\Windows\System\UZCFQeT.exe
  2⤵
  PID:2004
- C:\Windows\System\whTqrhI.exe
  C:\Windows\System\whTqrhI.exe
  2⤵
  PID:2128
- C:\Windows\System\BOJrCQi.exe
  C:\Windows\System\BOJrCQi.exe
  2⤵
  PID:2716
- C:\Windows\System\GnUtNcm.exe
  C:\Windows\System\GnUtNcm.exe
  2⤵
  PID:3256
- C:\Windows\System\xhrmgCu.exe
  C:\Windows\System\xhrmgCu.exe
  2⤵
  PID:3568
- C:\Windows\System\jRWxwxD.exe
  C:\Windows\System\jRWxwxD.exe
  2⤵
  PID:880
- C:\Windows\System\yMnskui.exe
  C:\Windows\System\yMnskui.exe
  2⤵
  PID:208
- C:\Windows\System\OECvysR.exe
  C:\Windows\System\OECvysR.exe
  2⤵
  PID:1232
- C:\Windows\System\DjZbUJR.exe
  C:\Windows\System\DjZbUJR.exe
  2⤵
  PID:4972
- C:\Windows\System\XEypFeh.exe
  C:\Windows\System\XEypFeh.exe
  2⤵
  PID:4360
- C:\Windows\System\kkJKlzK.exe
  C:\Windows\System\kkJKlzK.exe
  2⤵
  PID:2304
- C:\Windows\System\Ajjlhan.exe
  C:\Windows\System\Ajjlhan.exe
  2⤵
  PID:8
- C:\Windows\System\SFDmCDt.exe
  C:\Windows\System\SFDmCDt.exe
  2⤵
  PID:4868
- C:\Windows\System\GNOmSHs.exe
  C:\Windows\System\GNOmSHs.exe
  2⤵
  PID:4828
- C:\Windows\System\CmXbJuN.exe
  C:\Windows\System\CmXbJuN.exe
  2⤵
  PID:1920
- C:\Windows\System\mjfWTmE.exe
  C:\Windows\System\mjfWTmE.exe
  2⤵
  PID:4692
- C:\Windows\System\ZhfvOfS.exe
  C:\Windows\System\ZhfvOfS.exe
  2⤵
  PID:4736
- C:\Windows\System\XrqOwfe.exe
  C:\Windows\System\XrqOwfe.exe
  2⤵
  PID:2572
- C:\Windows\System\bKEaayk.exe
  C:\Windows\System\bKEaayk.exe
  2⤵
  PID:4012
- C:\Windows\System\tkJrUsZ.exe
  C:\Windows\System\tkJrUsZ.exe
  2⤵
  PID:1032
- C:\Windows\System\RMVRpTM.exe
  C:\Windows\System\RMVRpTM.exe
  2⤵
  PID:3096
- C:\Windows\System\lYGiIiz.exe
  C:\Windows\System\lYGiIiz.exe
  2⤵
  PID:4880
- C:\Windows\System\xjQbZAD.exe
  C:\Windows\System\xjQbZAD.exe
  2⤵
  PID:5132
- C:\Windows\System\rwxzlGh.exe
  C:\Windows\System\rwxzlGh.exe
  2⤵
  PID:5152
- C:\Windows\System\WTGzFse.exe
  C:\Windows\System\WTGzFse.exe
  2⤵
  PID:5180
- C:\Windows\System\FUxtBoQ.exe
  C:\Windows\System\FUxtBoQ.exe
  2⤵
  PID:5216
- C:\Windows\System\DWYUKWx.exe
  C:\Windows\System\DWYUKWx.exe
  2⤵
  PID:5240
- C:\Windows\System\icmeQpz.exe
  C:\Windows\System\icmeQpz.exe
  2⤵
  PID:5264
- C:\Windows\System\sdunnBF.exe
  C:\Windows\System\sdunnBF.exe
  2⤵
  PID:5280
- C:\Windows\System\oXPyvGr.exe
  C:\Windows\System\oXPyvGr.exe
  2⤵
  PID:5320
- C:\Windows\System\yNoLdgN.exe
  C:\Windows\System\yNoLdgN.exe
  2⤵
  PID:5340
- C:\Windows\System\ureCDPd.exe
  C:\Windows\System\ureCDPd.exe
  2⤵
  PID:5384
- C:\Windows\System\ZqBeDck.exe
  C:\Windows\System\ZqBeDck.exe
  2⤵
  PID:5408
- C:\Windows\System\BUVnpub.exe
  C:\Windows\System\BUVnpub.exe
  2⤵
  PID:5432
- C:\Windows\System\PjQwWDN.exe
  C:\Windows\System\PjQwWDN.exe
  2⤵
  PID:5468
- C:\Windows\System\GmEBaxB.exe
  C:\Windows\System\GmEBaxB.exe
  2⤵
  PID:5512
- C:\Windows\System\ldSbAjS.exe
  C:\Windows\System\ldSbAjS.exe
  2⤵
  PID:5532
- C:\Windows\System\aRnPvgi.exe
  C:\Windows\System\aRnPvgi.exe
  2⤵
  PID:5560
- C:\Windows\System\IxDuGsB.exe
  C:\Windows\System\IxDuGsB.exe
  2⤵
  PID:5604
- C:\Windows\System\MulQYuT.exe
  C:\Windows\System\MulQYuT.exe
  2⤵
  PID:5648
- C:\Windows\System\LXZGUux.exe
  C:\Windows\System\LXZGUux.exe
  2⤵
  PID:5684
- C:\Windows\System\QDwtqmV.exe
  C:\Windows\System\QDwtqmV.exe
  2⤵
  PID:5732
- C:\Windows\System\IegUgpW.exe
  C:\Windows\System\IegUgpW.exe
  2⤵
  PID:5764
- C:\Windows\System\SfzSPyX.exe
  C:\Windows\System\SfzSPyX.exe
  2⤵
  PID:5788
- C:\Windows\System\VfoScVC.exe
  C:\Windows\System\VfoScVC.exe
  2⤵
  PID:5820
- C:\Windows\System\EYXGSVt.exe
  C:\Windows\System\EYXGSVt.exe
  2⤵
  PID:5856
- C:\Windows\System\brHKwxf.exe
  C:\Windows\System\brHKwxf.exe
  2⤵
  PID:5888
- C:\Windows\System\qyOjAOT.exe
  C:\Windows\System\qyOjAOT.exe
  2⤵
  PID:5916
- C:\Windows\System\jzguRLu.exe
  C:\Windows\System\jzguRLu.exe
  2⤵
  PID:5956
- C:\Windows\System\zBynONY.exe
  C:\Windows\System\zBynONY.exe
  2⤵
  PID:5996
- C:\Windows\System\gjnNyvn.exe
  C:\Windows\System\gjnNyvn.exe
  2⤵
  PID:6012
- C:\Windows\System\oDOmHuW.exe
  C:\Windows\System\oDOmHuW.exe
  2⤵
  PID:6044
- C:\Windows\System\ThqPynU.exe
  C:\Windows\System\ThqPynU.exe
  2⤵
  PID:6080
- C:\Windows\System\WehowEx.exe
  C:\Windows\System\WehowEx.exe
  2⤵
  PID:6100
- C:\Windows\System\sJsdmfe.exe
  C:\Windows\System\sJsdmfe.exe
  2⤵
  PID:6128
- C:\Windows\System\czAaJTc.exe
  C:\Windows\System\czAaJTc.exe
  2⤵
  PID:5168
- C:\Windows\System\ndLrsVg.exe
  C:\Windows\System\ndLrsVg.exe
  2⤵
  PID:5252
- C:\Windows\System\kEhmeeW.exe
  C:\Windows\System\kEhmeeW.exe
  2⤵
  PID:5348
- C:\Windows\System\MxRmsWU.exe
  C:\Windows\System\MxRmsWU.exe
  2⤵
  PID:5424
- C:\Windows\System\ORuoOXr.exe
  C:\Windows\System\ORuoOXr.exe
  2⤵
  PID:5480
- C:\Windows\System\YItUAxt.exe
  C:\Windows\System\YItUAxt.exe
  2⤵
  PID:5556
- C:\Windows\System\KMBxVmJ.exe
  C:\Windows\System\KMBxVmJ.exe
  2⤵
  PID:5632
- C:\Windows\System\QgEJgfM.exe
  C:\Windows\System\QgEJgfM.exe
  2⤵
  PID:5756
- C:\Windows\System\yuxyOwx.exe
  C:\Windows\System\yuxyOwx.exe
  2⤵
  PID:5828
- C:\Windows\System\HoHzktV.exe
  C:\Windows\System\HoHzktV.exe
  2⤵
  PID:5896
- C:\Windows\System\adtibHu.exe
  C:\Windows\System\adtibHu.exe
  2⤵
  PID:5940
- C:\Windows\System\ndwbozj.exe
  C:\Windows\System\ndwbozj.exe
  2⤵
  PID:5620
- C:\Windows\System\VdTUiMk.exe
  C:\Windows\System\VdTUiMk.exe
  2⤵
  PID:224
- C:\Windows\System\suzJTkz.exe
  C:\Windows\System\suzJTkz.exe
  2⤵
  PID:6040
- C:\Windows\System\AhcLXAG.exe
  C:\Windows\System\AhcLXAG.exe
  2⤵
  PID:6112
- C:\Windows\System\hAtBTmh.exe
  C:\Windows\System\hAtBTmh.exe
  2⤵
  PID:1672
- C:\Windows\System\SnWkDmH.exe
  C:\Windows\System\SnWkDmH.exe
  2⤵
  PID:5416
- C:\Windows\System\jqeRAZM.exe
  C:\Windows\System\jqeRAZM.exe
  2⤵
  PID:5592
- C:\Windows\System\ByMDDNf.exe
  C:\Windows\System\ByMDDNf.exe
  2⤵
  PID:5744
- C:\Windows\System\faUSWfL.exe
  C:\Windows\System\faUSWfL.exe
  2⤵
  PID:5908
- C:\Windows\System\ckodOCz.exe
  C:\Windows\System\ckodOCz.exe
  2⤵
  PID:5624
- C:\Windows\System\zFZORGU.exe
  C:\Windows\System\zFZORGU.exe
  2⤵
  PID:5304
- C:\Windows\System\ExEUAvH.exe
  C:\Windows\System\ExEUAvH.exe
  2⤵
  PID:5464
- C:\Windows\System\UxdJNaz.exe
  C:\Windows\System\UxdJNaz.exe
  2⤵
  PID:1428
- C:\Windows\System\TarKDuh.exe
  C:\Windows\System\TarKDuh.exe
  2⤵
  PID:6092
- C:\Windows\System\ocNwXAP.exe
  C:\Windows\System\ocNwXAP.exe
  2⤵
  PID:5808
- C:\Windows\System\NsVUMty.exe
  C:\Windows\System\NsVUMty.exe
  2⤵
  PID:6160
- C:\Windows\System\cnLtfWf.exe
  C:\Windows\System\cnLtfWf.exe
  2⤵
  PID:6188
- C:\Windows\System\wkFfScY.exe
  C:\Windows\System\wkFfScY.exe
  2⤵
  PID:6228
- C:\Windows\System\nlJTwEk.exe
  C:\Windows\System\nlJTwEk.exe
  2⤵
  PID:6256
- C:\Windows\System\kpDWWle.exe
  C:\Windows\System\kpDWWle.exe
  2⤵
  PID:6284
- C:\Windows\System\ZFsjRYQ.exe
  C:\Windows\System\ZFsjRYQ.exe
  2⤵
  PID:6316
- C:\Windows\System\EAvsroy.exe
  C:\Windows\System\EAvsroy.exe
  2⤵
  PID:6352
- C:\Windows\System\OtDcJdq.exe
  C:\Windows\System\OtDcJdq.exe
  2⤵
  PID:6384
- C:\Windows\System\hjPqtxD.exe
  C:\Windows\System\hjPqtxD.exe
  2⤵
  PID:6408
- C:\Windows\System\mcIYscl.exe
  C:\Windows\System\mcIYscl.exe
  2⤵
  PID:6440
- C:\Windows\System\vQhJquG.exe
  C:\Windows\System\vQhJquG.exe
  2⤵
  PID:6468
- C:\Windows\System\XoWGFZD.exe
  C:\Windows\System\XoWGFZD.exe
  2⤵
  PID:6492
- C:\Windows\System\IQQlwwR.exe
  C:\Windows\System\IQQlwwR.exe
  2⤵
  PID:6520
- C:\Windows\System\ZblcLFL.exe
  C:\Windows\System\ZblcLFL.exe
  2⤵
  PID:6548
- C:\Windows\System\iwdwJny.exe
  C:\Windows\System\iwdwJny.exe
  2⤵
  PID:6576
- C:\Windows\System\TuDtHUp.exe
  C:\Windows\System\TuDtHUp.exe
  2⤵
  PID:6604
- C:\Windows\System\oIzkDJf.exe
  C:\Windows\System\oIzkDJf.exe
  2⤵
  PID:6636
- C:\Windows\System\tEiIRWi.exe
  C:\Windows\System\tEiIRWi.exe
  2⤵
  PID:6660
- C:\Windows\System\eZekGqn.exe
  C:\Windows\System\eZekGqn.exe
  2⤵
  PID:6688
- C:\Windows\System\oEsQHAd.exe
  C:\Windows\System\oEsQHAd.exe
  2⤵
  PID:6720
- C:\Windows\System\xiVaigX.exe
  C:\Windows\System\xiVaigX.exe
  2⤵
  PID:6744
- C:\Windows\System\qHoitLi.exe
  C:\Windows\System\qHoitLi.exe
  2⤵
  PID:6772
- C:\Windows\System\sskciZI.exe
  C:\Windows\System\sskciZI.exe
  2⤵
  PID:6804
- C:\Windows\System\MVRPpmw.exe
  C:\Windows\System\MVRPpmw.exe
  2⤵
  PID:6828
- C:\Windows\System\FrgJgvn.exe
  C:\Windows\System\FrgJgvn.exe
  2⤵
  PID:6860
- C:\Windows\System\lJQWgjN.exe
  C:\Windows\System\lJQWgjN.exe
  2⤵
  PID:6884
- C:\Windows\System\iKiVIKm.exe
  C:\Windows\System\iKiVIKm.exe
  2⤵
  PID:6912
- C:\Windows\System\QnpOOtS.exe
  C:\Windows\System\QnpOOtS.exe
  2⤵
  PID:6948
- C:\Windows\System\nrgYmdc.exe
  C:\Windows\System\nrgYmdc.exe
  2⤵
  PID:6972
- C:\Windows\System\uKNxqTi.exe
  C:\Windows\System\uKNxqTi.exe
  2⤵
  PID:7000
- C:\Windows\System\BXyesgL.exe
  C:\Windows\System\BXyesgL.exe
  2⤵
  PID:7028
- C:\Windows\System\UPXllKZ.exe
  C:\Windows\System\UPXllKZ.exe
  2⤵
  PID:7060
- C:\Windows\System\qqFFxgV.exe
  C:\Windows\System\qqFFxgV.exe
  2⤵
  PID:7088
- C:\Windows\System\VTZUNrB.exe
  C:\Windows\System\VTZUNrB.exe
  2⤵
  PID:7108
- C:\Windows\System\EiZOWmC.exe
  C:\Windows\System\EiZOWmC.exe
  2⤵
  PID:7136
- C:\Windows\System\tQPYRyI.exe
  C:\Windows\System\tQPYRyI.exe
  2⤵
  PID:6152
- C:\Windows\System\HRjxhge.exe
  C:\Windows\System\HRjxhge.exe
  2⤵
  PID:6180
- C:\Windows\System\rlCfuPd.exe
  C:\Windows\System\rlCfuPd.exe
  2⤵
  PID:6248
- C:\Windows\System\aCNvEZA.exe
  C:\Windows\System\aCNvEZA.exe
  2⤵
  PID:6348
- C:\Windows\System\HunvRGE.exe
  C:\Windows\System\HunvRGE.exe
  2⤵
  PID:6400
- C:\Windows\System\sEsyHaL.exe
  C:\Windows\System\sEsyHaL.exe
  2⤵
  PID:6460
- C:\Windows\System\VYCzNel.exe
  C:\Windows\System\VYCzNel.exe
  2⤵
  PID:6516
- C:\Windows\System\quPpZLY.exe
  C:\Windows\System\quPpZLY.exe
  2⤵
  PID:6572
- C:\Windows\System\grNjPOs.exe
  C:\Windows\System\grNjPOs.exe
  2⤵
  PID:6644
- C:\Windows\System\OvwQjdD.exe
  C:\Windows\System\OvwQjdD.exe
  2⤵
  PID:6708
- C:\Windows\System\helrpqC.exe
  C:\Windows\System\helrpqC.exe
  2⤵
  PID:6764
- C:\Windows\System\IwlmcGp.exe
  C:\Windows\System\IwlmcGp.exe
  2⤵
  PID:6824
- C:\Windows\System\TFKAYjI.exe
  C:\Windows\System\TFKAYjI.exe
  2⤵
  PID:6896
- C:\Windows\System\vlbUgQy.exe
  C:\Windows\System\vlbUgQy.exe
  2⤵
  PID:6968
- C:\Windows\System\VNszkCg.exe
  C:\Windows\System\VNszkCg.exe
  2⤵
  PID:7024
- C:\Windows\System\HseIMiP.exe
  C:\Windows\System\HseIMiP.exe
  2⤵
  PID:3336
- C:\Windows\System\LzSkTUF.exe
  C:\Windows\System\LzSkTUF.exe
  2⤵
  PID:7120
- C:\Windows\System\CDjMgWk.exe
  C:\Windows\System\CDjMgWk.exe
  2⤵
  PID:6184
- C:\Windows\System\Cofwjwo.exe
  C:\Windows\System\Cofwjwo.exe
  2⤵
  PID:6372
- C:\Windows\System\TRDPGds.exe
  C:\Windows\System\TRDPGds.exe
  2⤵
  PID:6504
- C:\Windows\System\YPNibtu.exe
  C:\Windows\System\YPNibtu.exe
  2⤵
  PID:6624
- C:\Windows\System\VFBFlpz.exe
  C:\Windows\System\VFBFlpz.exe
  2⤵
  PID:6812
- C:\Windows\System\nzkiGAV.exe
  C:\Windows\System\nzkiGAV.exe
  2⤵
  PID:6940
- C:\Windows\System\wmdWLpJ.exe
  C:\Windows\System\wmdWLpJ.exe
  2⤵
  PID:7096
- C:\Windows\System\ThuDFrU.exe
  C:\Windows\System\ThuDFrU.exe
  2⤵
  PID:6272
- C:\Windows\System\onXGSuy.exe
  C:\Windows\System\onXGSuy.exe
  2⤵
  PID:6020
- C:\Windows\System\RwTMNIT.exe
  C:\Windows\System\RwTMNIT.exe
  2⤵
  PID:7012
- C:\Windows\System\hgkKmKP.exe
  C:\Windows\System\hgkKmKP.exe
  2⤵
  PID:6420
- C:\Windows\System\wQZRnNv.exe
  C:\Windows\System\wQZRnNv.exe
  2⤵
  PID:6168
- C:\Windows\System\KwMPFdY.exe
  C:\Windows\System\KwMPFdY.exe
  2⤵
  PID:7180
- C:\Windows\System\uqcrTOV.exe
  C:\Windows\System\uqcrTOV.exe
  2⤵
  PID:7208
- C:\Windows\System\dLMIUVx.exe
  C:\Windows\System\dLMIUVx.exe
  2⤵
  PID:7248
- C:\Windows\System\NGcHLqT.exe
  C:\Windows\System\NGcHLqT.exe
  2⤵
  PID:7272
- C:\Windows\System\IFqVeTV.exe
  C:\Windows\System\IFqVeTV.exe
  2⤵
  PID:7304
- C:\Windows\System\fUEHtne.exe
  C:\Windows\System\fUEHtne.exe
  2⤵
  PID:7332
- C:\Windows\System\GWrAMGO.exe
  C:\Windows\System\GWrAMGO.exe
  2⤵
  PID:7356
- C:\Windows\System\CRqMEup.exe
  C:\Windows\System\CRqMEup.exe
  2⤵
  PID:7392
- C:\Windows\System\gRxBTUT.exe
  C:\Windows\System\gRxBTUT.exe
  2⤵
  PID:7416
- C:\Windows\System\qYCroHQ.exe
  C:\Windows\System\qYCroHQ.exe
  2⤵
  PID:7444
- C:\Windows\System\bTwQBRS.exe
  C:\Windows\System\bTwQBRS.exe
  2⤵
  PID:7472
- C:\Windows\System\JkaOLAf.exe
  C:\Windows\System\JkaOLAf.exe
  2⤵
  PID:7500
- C:\Windows\System\YOJvaPD.exe
  C:\Windows\System\YOJvaPD.exe
  2⤵
  PID:7528
- C:\Windows\System\cpBvOxG.exe
  C:\Windows\System\cpBvOxG.exe
  2⤵
  PID:7560
- C:\Windows\System\WTRqTDo.exe
  C:\Windows\System\WTRqTDo.exe
  2⤵
  PID:7584
- C:\Windows\System\FpSwqpB.exe
  C:\Windows\System\FpSwqpB.exe
  2⤵
  PID:7612
- C:\Windows\System\rYBSfXf.exe
  C:\Windows\System\rYBSfXf.exe
  2⤵
  PID:7640
- C:\Windows\System\gAZnnCH.exe
  C:\Windows\System\gAZnnCH.exe
  2⤵
  PID:7668
- C:\Windows\System\pbtoSho.exe
  C:\Windows\System\pbtoSho.exe
  2⤵
  PID:7696
- C:\Windows\System\GPMmYru.exe
  C:\Windows\System\GPMmYru.exe
  2⤵
  PID:7724
- C:\Windows\System\dRKpvpb.exe
  C:\Windows\System\dRKpvpb.exe
  2⤵
  PID:7752
- C:\Windows\System\zJTrgIU.exe
  C:\Windows\System\zJTrgIU.exe
  2⤵
  PID:7784
- C:\Windows\System\ZlQfaPl.exe
  C:\Windows\System\ZlQfaPl.exe
  2⤵
  PID:7812
- C:\Windows\System\ptSgZqO.exe
  C:\Windows\System\ptSgZqO.exe
  2⤵
  PID:7832
- C:\Windows\System\IUcuCfl.exe
  C:\Windows\System\IUcuCfl.exe
  2⤵
  PID:7868
- C:\Windows\System\knNDkdJ.exe
  C:\Windows\System\knNDkdJ.exe
  2⤵
  PID:7896
- C:\Windows\System\JihNePG.exe
  C:\Windows\System\JihNePG.exe
  2⤵
  PID:7924
- C:\Windows\System\ZwSoIbL.exe
  C:\Windows\System\ZwSoIbL.exe
  2⤵
  PID:7952
- C:\Windows\System\uQydEwT.exe
  C:\Windows\System\uQydEwT.exe
  2⤵
  PID:7980
- C:\Windows\System\stDhuyj.exe
  C:\Windows\System\stDhuyj.exe
  2⤵
  PID:8008
- C:\Windows\System\ixUnRyq.exe
  C:\Windows\System\ixUnRyq.exe
  2⤵
  PID:8036
- C:\Windows\System\HBHQVoX.exe
  C:\Windows\System\HBHQVoX.exe
  2⤵
  PID:8064
- C:\Windows\System\wXLhVpn.exe
  C:\Windows\System\wXLhVpn.exe
  2⤵
  PID:8092
- C:\Windows\System\jpceyXL.exe
  C:\Windows\System\jpceyXL.exe
  2⤵
  PID:8120
- C:\Windows\System\vqBIztD.exe
  C:\Windows\System\vqBIztD.exe
  2⤵
  PID:8148
- C:\Windows\System\SoTGgkF.exe
  C:\Windows\System\SoTGgkF.exe
  2⤵
  PID:8176
- C:\Windows\System\imzixJy.exe
  C:\Windows\System\imzixJy.exe
  2⤵
  PID:7192
- C:\Windows\System\wtAKfNy.exe
  C:\Windows\System\wtAKfNy.exe
  2⤵
  PID:7264
- C:\Windows\System\kTUbOTg.exe
  C:\Windows\System\kTUbOTg.exe
  2⤵
  PID:7324
- C:\Windows\System\zNJXNjb.exe
  C:\Windows\System\zNJXNjb.exe
  2⤵
  PID:7364
- C:\Windows\System\KdMzxwz.exe
  C:\Windows\System\KdMzxwz.exe
  2⤵
  PID:7408
- C:\Windows\System\wBpwZOS.exe
  C:\Windows\System\wBpwZOS.exe
  2⤵
  PID:7468
- C:\Windows\System\RYsfIpr.exe
  C:\Windows\System\RYsfIpr.exe
  2⤵
  PID:7540
- C:\Windows\System\jXlEwaw.exe
  C:\Windows\System\jXlEwaw.exe
  2⤵
  PID:7604
- C:\Windows\System\qNkCjTZ.exe
  C:\Windows\System\qNkCjTZ.exe
  2⤵
  PID:7664
- C:\Windows\System\ZYKnWbe.exe
  C:\Windows\System\ZYKnWbe.exe
  2⤵
  PID:7736
- C:\Windows\System\PwKJRsI.exe
  C:\Windows\System\PwKJRsI.exe
  2⤵
  PID:7808
- C:\Windows\System\PpagdKu.exe
  C:\Windows\System\PpagdKu.exe
  2⤵
  PID:7848
- C:\Windows\System\vNBKKyX.exe
  C:\Windows\System\vNBKKyX.exe
  2⤵
  PID:7944
- C:\Windows\System\Ugqxvpl.exe
  C:\Windows\System\Ugqxvpl.exe
  2⤵
  PID:8004
- C:\Windows\System\fugJHfA.exe
  C:\Windows\System\fugJHfA.exe
  2⤵
  PID:8060
- C:\Windows\System\ktgVsOo.exe
  C:\Windows\System\ktgVsOo.exe
  2⤵
  PID:8132
- C:\Windows\System\AHwNRci.exe
  C:\Windows\System\AHwNRci.exe
  2⤵
  PID:6852
- C:\Windows\System\rsFTToC.exe
  C:\Windows\System\rsFTToC.exe
  2⤵
  PID:7296
- C:\Windows\System\YoySvYd.exe
  C:\Windows\System\YoySvYd.exe
  2⤵
  PID:5020
- C:\Windows\System\aftaMJg.exe
  C:\Windows\System\aftaMJg.exe
  2⤵
  PID:7400
- C:\Windows\System\IUrIYAJ.exe
  C:\Windows\System\IUrIYAJ.exe
  2⤵
  PID:7520
- C:\Windows\System\fiSoxMJ.exe
  C:\Windows\System\fiSoxMJ.exe
  2⤵
  PID:7596
- C:\Windows\System\azVtqtR.exe
  C:\Windows\System\azVtqtR.exe
  2⤵
  PID:7716
- C:\Windows\System\GenVOdG.exe
  C:\Windows\System\GenVOdG.exe
  2⤵
  PID:7856
- C:\Windows\System\DTsSWKE.exe
  C:\Windows\System\DTsSWKE.exe
  2⤵
  PID:8048
- C:\Windows\System\snYADcI.exe
  C:\Windows\System\snYADcI.exe
  2⤵
  PID:7464
- C:\Windows\System\krzpfKM.exe
  C:\Windows\System\krzpfKM.exe
  2⤵
  PID:7780
- C:\Windows\System\QnGhWxL.exe
  C:\Windows\System\QnGhWxL.exe
  2⤵
  PID:8220
- C:\Windows\System\ZNjLXvD.exe
  C:\Windows\System\ZNjLXvD.exe
  2⤵
  PID:8236
- C:\Windows\System\csyguyG.exe
  C:\Windows\System\csyguyG.exe
  2⤵
  PID:8260
- C:\Windows\System\VzTaaZg.exe
  C:\Windows\System\VzTaaZg.exe
  2⤵
  PID:8296
- C:\Windows\System\IQWErDr.exe
  C:\Windows\System\IQWErDr.exe
  2⤵
  PID:8324
- C:\Windows\System\VXqLhVL.exe
  C:\Windows\System\VXqLhVL.exe
  2⤵
  PID:8364
- C:\Windows\System\oGfZOUq.exe
  C:\Windows\System\oGfZOUq.exe
  2⤵
  PID:8388
- C:\Windows\System\wyIQToa.exe
  C:\Windows\System\wyIQToa.exe
  2⤵
  PID:8408
- C:\Windows\System\LXzDJvI.exe
  C:\Windows\System\LXzDJvI.exe
  2⤵
  PID:8440
- C:\Windows\System\yoCZpKt.exe
  C:\Windows\System\yoCZpKt.exe
  2⤵
  PID:8472
- C:\Windows\System\DTFqkdL.exe
  C:\Windows\System\DTFqkdL.exe
  2⤵
  PID:8504
- C:\Windows\System\qHulFKM.exe
  C:\Windows\System\qHulFKM.exe
  2⤵
  PID:8552
- C:\Windows\System\BfiQqgo.exe
  C:\Windows\System\BfiQqgo.exe
  2⤵
  PID:8576
- C:\Windows\System\RvlUUig.exe
  C:\Windows\System\RvlUUig.exe
  2⤵
  PID:8604
- C:\Windows\System\QTqLiXD.exe
  C:\Windows\System\QTqLiXD.exe
  2⤵
  PID:8636
- C:\Windows\System\fMgvebB.exe
  C:\Windows\System\fMgvebB.exe
  2⤵
  PID:8668
- C:\Windows\System\jJbyfip.exe
  C:\Windows\System\jJbyfip.exe
  2⤵
  PID:8704
- C:\Windows\System\wkutKrG.exe
  C:\Windows\System\wkutKrG.exe
  2⤵
  PID:8736
- C:\Windows\System\veWVbtD.exe
  C:\Windows\System\veWVbtD.exe
  2⤵
  PID:8764
- C:\Windows\System\vlnSzPJ.exe
  C:\Windows\System\vlnSzPJ.exe
  2⤵
  PID:8804
- C:\Windows\System\mfdlVRg.exe
  C:\Windows\System\mfdlVRg.exe
  2⤵
  PID:8820
- C:\Windows\System\aDzviZj.exe
  C:\Windows\System\aDzviZj.exe
  2⤵
  PID:8848
- C:\Windows\System\iYzdRUt.exe
  C:\Windows\System\iYzdRUt.exe
  2⤵
  PID:8876
- C:\Windows\System\zfZRduC.exe
  C:\Windows\System\zfZRduC.exe
  2⤵
  PID:8904
- C:\Windows\System\PQhYISI.exe
  C:\Windows\System\PQhYISI.exe
  2⤵
  PID:8932
- C:\Windows\System\PhPUiFW.exe
  C:\Windows\System\PhPUiFW.exe
  2⤵
  PID:8960
- C:\Windows\System\WjAcygz.exe
  C:\Windows\System\WjAcygz.exe
  2⤵
  PID:8988
- C:\Windows\System\KOXOFzU.exe
  C:\Windows\System\KOXOFzU.exe
  2⤵
  PID:9016
- C:\Windows\System\xYrafDm.exe
  C:\Windows\System\xYrafDm.exe
  2⤵
  PID:9048
- C:\Windows\System\PjuBOgB.exe
  C:\Windows\System\PjuBOgB.exe
  2⤵
  PID:9072
- C:\Windows\System\FgkKdvR.exe
  C:\Windows\System\FgkKdvR.exe
  2⤵
  PID:9100
- C:\Windows\System\nOETuAZ.exe
  C:\Windows\System\nOETuAZ.exe
  2⤵
  PID:9128
- C:\Windows\System\dJKFePk.exe
  C:\Windows\System\dJKFePk.exe
  2⤵
  PID:9156
- C:\Windows\System\lgGRhgP.exe
  C:\Windows\System\lgGRhgP.exe
  2⤵
  PID:9184
- C:\Windows\System\iuqyyMQ.exe
  C:\Windows\System\iuqyyMQ.exe
  2⤵
  PID:8160
- C:\Windows\System\UtTvnau.exe
  C:\Windows\System\UtTvnau.exe
  2⤵
  PID:8188
- C:\Windows\System\pHIBswo.exe
  C:\Windows\System\pHIBswo.exe
  2⤵
  PID:7692
- C:\Windows\System\JksCjJG.exe
  C:\Windows\System\JksCjJG.exe
  2⤵
  PID:8228
- C:\Windows\System\kOenkdB.exe
  C:\Windows\System\kOenkdB.exe
  2⤵
  PID:8356
- C:\Windows\System\nmgCHdw.exe
  C:\Windows\System\nmgCHdw.exe
  2⤵
  PID:8416
- C:\Windows\System\UyQxvEK.exe
  C:\Windows\System\UyQxvEK.exe
  2⤵
  PID:7772
- C:\Windows\System\nKbaPYz.exe
  C:\Windows\System\nKbaPYz.exe
  2⤵
  PID:8540
- C:\Windows\System\rRtooTH.exe
  C:\Windows\System\rRtooTH.exe
  2⤵
  PID:8592
- C:\Windows\System\XuUikVc.exe
  C:\Windows\System\XuUikVc.exe
  2⤵
  PID:8656
- C:\Windows\System\litCRHb.exe
  C:\Windows\System\litCRHb.exe
  2⤵
  PID:8720
- C:\Windows\System\UBTWCKK.exe
  C:\Windows\System\UBTWCKK.exe
  2⤵
  PID:8796
- C:\Windows\System\LyWvMak.exe
  C:\Windows\System\LyWvMak.exe
  2⤵
  PID:8844
- C:\Windows\System\SCuzgfj.exe
  C:\Windows\System\SCuzgfj.exe
  2⤵
  PID:3500
- C:\Windows\System\sufImhj.exe
  C:\Windows\System\sufImhj.exe
  2⤵
  PID:8972
- C:\Windows\System\eFWCQfz.exe
  C:\Windows\System\eFWCQfz.exe
  2⤵
  PID:9036
- C:\Windows\System\wRyXtdh.exe
  C:\Windows\System\wRyXtdh.exe
  2⤵
  PID:9096
- C:\Windows\System\aVOfeFb.exe
  C:\Windows\System\aVOfeFb.exe
  2⤵
  PID:9176
- C:\Windows\System\EaSTynW.exe
  C:\Windows\System\EaSTynW.exe
  2⤵
  PID:7920
- C:\Windows\System\zdbkwLA.exe
  C:\Windows\System\zdbkwLA.exe
  2⤵
  PID:8256
- C:\Windows\System\lwuwTbd.exe
  C:\Windows\System\lwuwTbd.exe
  2⤵
  PID:8404
- C:\Windows\System\KWuknTd.exe
  C:\Windows\System\KWuknTd.exe
  2⤵
  PID:7220
- C:\Windows\System\IIeyotC.exe
  C:\Windows\System\IIeyotC.exe
  2⤵
  PID:8744
- C:\Windows\System\VTApnlg.exe
  C:\Windows\System\VTApnlg.exe
  2⤵
  PID:8892
- C:\Windows\System\hDSaeFq.exe
  C:\Windows\System\hDSaeFq.exe
  2⤵
  PID:9028
- C:\Windows\System\udlMZsi.exe
  C:\Windows\System\udlMZsi.exe
  2⤵
  PID:9212
- C:\Windows\System\nrbEjaa.exe
  C:\Windows\System\nrbEjaa.exe
  2⤵
  PID:8376
- C:\Windows\System\kZDSkeS.exe
  C:\Windows\System\kZDSkeS.exe
  2⤵
  PID:8680
- C:\Windows\System\ielSJzP.exe
  C:\Windows\System\ielSJzP.exe
  2⤵
  PID:9012
- C:\Windows\System\bRTCKKt.exe
  C:\Windows\System\bRTCKKt.exe
  2⤵
  PID:8532
- C:\Windows\System\mpOgbOL.exe
  C:\Windows\System\mpOgbOL.exe
  2⤵
  PID:8204
- C:\Windows\System\rLloSMz.exe
  C:\Windows\System\rLloSMz.exe
  2⤵
  PID:9224
- C:\Windows\System\fPeAXXo.exe
  C:\Windows\System\fPeAXXo.exe
  2⤵
  PID:9256
- C:\Windows\System\IKqGiPr.exe
  C:\Windows\System\IKqGiPr.exe
  2⤵
  PID:9284
- C:\Windows\System\jJEOYyM.exe
  C:\Windows\System\jJEOYyM.exe
  2⤵
  PID:9312
- C:\Windows\System\yCINfwE.exe
  C:\Windows\System\yCINfwE.exe
  2⤵
  PID:9340
- C:\Windows\System\DcvoIzv.exe
  C:\Windows\System\DcvoIzv.exe
  2⤵
  PID:9368
- C:\Windows\System\PkTqlKJ.exe
  C:\Windows\System\PkTqlKJ.exe
  2⤵
  PID:9396
- C:\Windows\System\cbFtJtv.exe
  C:\Windows\System\cbFtJtv.exe
  2⤵
  PID:9424
- C:\Windows\System\CHzmoZl.exe
  C:\Windows\System\CHzmoZl.exe
  2⤵
  PID:9452
- C:\Windows\System\gvazqgZ.exe
  C:\Windows\System\gvazqgZ.exe
  2⤵
  PID:9480
- C:\Windows\System\zLUHNWf.exe
  C:\Windows\System\zLUHNWf.exe
  2⤵
  PID:9508
- C:\Windows\System\gnWKZKX.exe
  C:\Windows\System\gnWKZKX.exe
  2⤵
  PID:9536
- C:\Windows\System\rCqVwZF.exe
  C:\Windows\System\rCqVwZF.exe
  2⤵
  PID:9564
- C:\Windows\System\UhCTqzR.exe
  C:\Windows\System\UhCTqzR.exe
  2⤵
  PID:9592
- C:\Windows\System\wXcydvt.exe
  C:\Windows\System\wXcydvt.exe
  2⤵
  PID:9620
- C:\Windows\System\PUODLnA.exe
  C:\Windows\System\PUODLnA.exe
  2⤵
  PID:9648
- C:\Windows\System\IQcFLMS.exe
  C:\Windows\System\IQcFLMS.exe
  2⤵
  PID:9676
- C:\Windows\System\TOBGCEP.exe
  C:\Windows\System\TOBGCEP.exe
  2⤵
  PID:9704
- C:\Windows\System\boYFUOB.exe
  C:\Windows\System\boYFUOB.exe
  2⤵
  PID:9732
- C:\Windows\System\ButxqUE.exe
  C:\Windows\System\ButxqUE.exe
  2⤵
  PID:9760
- C:\Windows\System\QKbklSy.exe
  C:\Windows\System\QKbklSy.exe
  2⤵
  PID:9788
- C:\Windows\System\sqWEmpD.exe
  C:\Windows\System\sqWEmpD.exe
  2⤵
  PID:9816
- C:\Windows\System\JIleCFO.exe
  C:\Windows\System\JIleCFO.exe
  2⤵
  PID:9844
- C:\Windows\System\yZtnJmO.exe
  C:\Windows\System\yZtnJmO.exe
  2⤵
  PID:9872
- C:\Windows\System\AWSDtgA.exe
  C:\Windows\System\AWSDtgA.exe
  2⤵
  PID:9900
- C:\Windows\System\uZcPabu.exe
  C:\Windows\System\uZcPabu.exe
  2⤵
  PID:9928
- C:\Windows\System\aWRYshA.exe
  C:\Windows\System\aWRYshA.exe
  2⤵
  PID:9956
- C:\Windows\System\oRnCKdz.exe
  C:\Windows\System\oRnCKdz.exe
  2⤵
  PID:9984
- C:\Windows\System\XkjcJMv.exe
  C:\Windows\System\XkjcJMv.exe
  2⤵
  PID:10012
- C:\Windows\System\ortsyHJ.exe
  C:\Windows\System\ortsyHJ.exe
  2⤵
  PID:10040
- C:\Windows\System\UpBHdLf.exe
  C:\Windows\System\UpBHdLf.exe
  2⤵
  PID:10068
- C:\Windows\System\BfOiLTO.exe
  C:\Windows\System\BfOiLTO.exe
  2⤵
  PID:10096
- C:\Windows\System\tFgvytk.exe
  C:\Windows\System\tFgvytk.exe
  2⤵
  PID:10124
- C:\Windows\System\lItSRER.exe
  C:\Windows\System\lItSRER.exe
  2⤵
  PID:10152
- C:\Windows\System\gpOnJRL.exe
  C:\Windows\System\gpOnJRL.exe
  2⤵
  PID:10180
- C:\Windows\System\yHcyhSU.exe
  C:\Windows\System\yHcyhSU.exe
  2⤵
  PID:10208
- C:\Windows\System\ARjsUSS.exe
  C:\Windows\System\ARjsUSS.exe
  2⤵
  PID:10236
- C:\Windows\System\fmTQOvB.exe
  C:\Windows\System\fmTQOvB.exe
  2⤵
  PID:5036
- C:\Windows\System\iTeEKvD.exe
  C:\Windows\System\iTeEKvD.exe
  2⤵
  PID:9324
- C:\Windows\System\aJNjoNE.exe
  C:\Windows\System\aJNjoNE.exe
  2⤵
  PID:9388
- C:\Windows\System\zfuJWbG.exe
  C:\Windows\System\zfuJWbG.exe
  2⤵
  PID:9448
- C:\Windows\System\DSnHtAL.exe
  C:\Windows\System\DSnHtAL.exe
  2⤵
  PID:9520
- C:\Windows\System\scvPscC.exe
  C:\Windows\System\scvPscC.exe
  2⤵
  PID:9576
- C:\Windows\System\JushWzP.exe
  C:\Windows\System\JushWzP.exe
  2⤵
  PID:9644
- C:\Windows\System\KjuCfhW.exe
  C:\Windows\System\KjuCfhW.exe
  2⤵
  PID:9716
- C:\Windows\System\scFQbPf.exe
  C:\Windows\System\scFQbPf.exe
  2⤵
  PID:9812
- C:\Windows\System\KeKkFFl.exe
  C:\Windows\System\KeKkFFl.exe
  2⤵
  PID:9884
- C:\Windows\System\yabqRMs.exe
  C:\Windows\System\yabqRMs.exe
  2⤵
  PID:9948
- C:\Windows\System\HFvrTeL.exe
  C:\Windows\System\HFvrTeL.exe
  2⤵
  PID:10008
- C:\Windows\System\BIXvtAN.exe
  C:\Windows\System\BIXvtAN.exe
  2⤵
  PID:10080
- C:\Windows\System\AvrKVBr.exe
  C:\Windows\System\AvrKVBr.exe
  2⤵
  PID:10140
- C:\Windows\System\mgEdotE.exe
  C:\Windows\System\mgEdotE.exe
  2⤵
  PID:10176
- C:\Windows\System\zlHbJOB.exe
  C:\Windows\System\zlHbJOB.exe
  2⤵
  PID:10228
- C:\Windows\System\rRfNxPC.exe
  C:\Windows\System\rRfNxPC.exe
  2⤵
  PID:9308
- C:\Windows\System\VSVNyKp.exe
  C:\Windows\System\VSVNyKp.exe
  2⤵
  PID:9444
- C:\Windows\System\LwiYnlA.exe
  C:\Windows\System\LwiYnlA.exe
  2⤵
  PID:9632
- C:\Windows\System\pCYDwkh.exe
  C:\Windows\System\pCYDwkh.exe
  2⤵
  PID:9776
- C:\Windows\System\SWjjyqa.exe
  C:\Windows\System\SWjjyqa.exe
  2⤵
  PID:9912
- C:\Windows\System\JXtBMZA.exe
  C:\Windows\System\JXtBMZA.exe
  2⤵
  PID:10108
- C:\Windows\System\DHbAxJP.exe
  C:\Windows\System\DHbAxJP.exe
  2⤵
  PID:10220
- C:\Windows\System\ZhnxtqI.exe
  C:\Windows\System\ZhnxtqI.exe
  2⤵
  PID:9548
- C:\Windows\System\KuicvHY.exe
  C:\Windows\System\KuicvHY.exe
  2⤵
  PID:9980
- C:\Windows\System\rVRQhaF.exe
  C:\Windows\System\rVRQhaF.exe
  2⤵
  PID:10244
- C:\Windows\System\LgmnPIe.exe
  C:\Windows\System\LgmnPIe.exe
  2⤵
  PID:10272
- C:\Windows\System\MoLChmB.exe
  C:\Windows\System\MoLChmB.exe
  2⤵
  PID:10288
- C:\Windows\System\rBEMvzo.exe
  C:\Windows\System\rBEMvzo.exe
  2⤵
  PID:10332
- C:\Windows\System\NaIeJfJ.exe
  C:\Windows\System\NaIeJfJ.exe
  2⤵
  PID:10348
- C:\Windows\System\IvOpNXw.exe
  C:\Windows\System\IvOpNXw.exe
  2⤵
  PID:10388
- C:\Windows\System\EkwhTre.exe
  C:\Windows\System\EkwhTre.exe
  2⤵
  PID:10428
- C:\Windows\System\ljpEPov.exe
  C:\Windows\System\ljpEPov.exe
  2⤵
  PID:10464
- C:\Windows\System\LsgQdgE.exe
  C:\Windows\System\LsgQdgE.exe
  2⤵
  PID:10496
- C:\Windows\System\atgHXmJ.exe
  C:\Windows\System\atgHXmJ.exe
  2⤵
  PID:10512
- C:\Windows\System\NSTYTCG.exe
  C:\Windows\System\NSTYTCG.exe
  2⤵
  PID:10540
- C:\Windows\System\uyJkGTj.exe
  C:\Windows\System\uyJkGTj.exe
  2⤵
  PID:10572
- C:\Windows\System\DvGuBHs.exe
  C:\Windows\System\DvGuBHs.exe
  2⤵
  PID:10608
- C:\Windows\System\yTJGpfs.exe
  C:\Windows\System\yTJGpfs.exe
  2⤵
  PID:10636
- C:\Windows\System\tLsYXgm.exe
  C:\Windows\System\tLsYXgm.exe
  2⤵
  PID:10664
- C:\Windows\System\mYlhXVy.exe
  C:\Windows\System\mYlhXVy.exe
  2⤵
  PID:10688
- C:\Windows\System\CshJGIO.exe
  C:\Windows\System\CshJGIO.exe
  2⤵
  PID:10708
- C:\Windows\System\elSvBov.exe
  C:\Windows\System\elSvBov.exe
  2⤵
  PID:10724
- C:\Windows\System\Kkonccn.exe
  C:\Windows\System\Kkonccn.exe
  2⤵
  PID:10744
- C:\Windows\System\kwhGwcb.exe
  C:\Windows\System\kwhGwcb.exe
  2⤵
  PID:10776
- C:\Windows\System\SfmlKTG.exe
  C:\Windows\System\SfmlKTG.exe
  2⤵
  PID:10808
- C:\Windows\System\bStHtqe.exe
  C:\Windows\System\bStHtqe.exe
  2⤵
  PID:10848
- C:\Windows\System\mXYQSPO.exe
  C:\Windows\System\mXYQSPO.exe
  2⤵
  PID:10876
- C:\Windows\System\ltNMbxK.exe
  C:\Windows\System\ltNMbxK.exe
  2⤵
  PID:10912
- C:\Windows\System\oXuHKFy.exe
  C:\Windows\System\oXuHKFy.exe
  2⤵
  PID:10932
- C:\Windows\System\VPbhxrf.exe
  C:\Windows\System\VPbhxrf.exe
  2⤵
  PID:10948
- C:\Windows\System\HjEsSCf.exe
  C:\Windows\System\HjEsSCf.exe
  2⤵
  PID:10980
- C:\Windows\System\SVCNOOP.exe
  C:\Windows\System\SVCNOOP.exe
  2⤵
  PID:11016
- C:\Windows\System\oKqHEdm.exe
  C:\Windows\System\oKqHEdm.exe
  2⤵
  PID:11044
- C:\Windows\System\FqDzCJV.exe
  C:\Windows\System\FqDzCJV.exe
  2⤵
  PID:11072
- C:\Windows\System\pcqnYcI.exe
  C:\Windows\System\pcqnYcI.exe
  2⤵
  PID:11088
- C:\Windows\System\hiZDWRa.exe
  C:\Windows\System\hiZDWRa.exe
  2⤵
  PID:11120
- C:\Windows\System\KBQpfBJ.exe
  C:\Windows\System\KBQpfBJ.exe
  2⤵
  PID:11156
- C:\Windows\System\tDTCaKf.exe
  C:\Windows\System\tDTCaKf.exe
  2⤵
  PID:11184
- C:\Windows\System\jOFJPNb.exe
  C:\Windows\System\jOFJPNb.exe
  2⤵
  PID:11216
- C:\Windows\System\tlRlaJS.exe
  C:\Windows\System\tlRlaJS.exe
  2⤵
  PID:11240
- C:\Windows\System\flwAbSF.exe
  C:\Windows\System\flwAbSF.exe
  2⤵
  PID:11260
- C:\Windows\System\fyfgruu.exe
  C:\Windows\System\fyfgruu.exe
  2⤵
  PID:10264
- C:\Windows\System\kUbGkbN.exe
  C:\Windows\System\kUbGkbN.exe
  2⤵
  PID:10344
- C:\Windows\System\ovHrNTT.exe
  C:\Windows\System\ovHrNTT.exe
  2⤵
  PID:10368
- C:\Windows\System\mqZFkly.exe
  C:\Windows\System\mqZFkly.exe
  2⤵
  PID:10480
- C:\Windows\System\FjrUQHW.exe
  C:\Windows\System\FjrUQHW.exe
  2⤵
  PID:10504
- C:\Windows\System\ZgkmOLW.exe
  C:\Windows\System\ZgkmOLW.exe
  2⤵
  PID:10596
- C:\Windows\System\fiSVplL.exe
  C:\Windows\System\fiSVplL.exe
  2⤵
  PID:10680
- C:\Windows\System\rKzMBAy.exe
  C:\Windows\System\rKzMBAy.exe
  2⤵
  PID:10732
- C:\Windows\System\IeHNNQI.exe
  C:\Windows\System\IeHNNQI.exe
  2⤵
  PID:10768
- C:\Windows\System\srECgcn.exe
  C:\Windows\System\srECgcn.exe
  2⤵
  PID:10868
- C:\Windows\System\TDpjeSY.exe
  C:\Windows\System\TDpjeSY.exe
  2⤵
  PID:10892
- C:\Windows\System\iZJFSnv.exe
  C:\Windows\System\iZJFSnv.exe
  2⤵
  PID:10960
- C:\Windows\System\kYYkDbB.exe
  C:\Windows\System\kYYkDbB.exe
  2⤵
  PID:10988
- C:\Windows\System\XCXBTDW.exe
  C:\Windows\System\XCXBTDW.exe
  2⤵
  PID:11064
- C:\Windows\System\SaSLAQl.exe
  C:\Windows\System\SaSLAQl.exe
  2⤵
  PID:11144
- C:\Windows\System\QmgDmwp.exe
  C:\Windows\System\QmgDmwp.exe
  2⤵
  PID:11176
- C:\Windows\System\HxudGqJ.exe
  C:\Windows\System\HxudGqJ.exe
  2⤵
  PID:9868
- C:\Windows\System\bAplOci.exe
  C:\Windows\System\bAplOci.exe
  2⤵
  PID:10360
- C:\Windows\System\yWbgeCU.exe
  C:\Windows\System\yWbgeCU.exe
  2⤵
  PID:10552
- C:\Windows\System\ogwxjRp.exe
  C:\Windows\System\ogwxjRp.exe
  2⤵
  PID:10696
- C:\Windows\System\fGCCQiV.exe
  C:\Windows\System\fGCCQiV.exe
  2⤵
  PID:10840
- C:\Windows\System\MxkukJn.exe
  C:\Windows\System\MxkukJn.exe
  2⤵
  PID:10928
- C:\Windows\System\lryntzq.exe
  C:\Windows\System\lryntzq.exe
  2⤵
  PID:11172
- C:\Windows\System\jREjkEo.exe
  C:\Windows\System\jREjkEo.exe
  2⤵
  PID:11236
- C:\Windows\System\GcvtvHO.exe
  C:\Windows\System\GcvtvHO.exe
  2⤵
  PID:10508
- C:\Windows\System\LURSBiF.exe
  C:\Windows\System\LURSBiF.exe
  2⤵
  PID:11112
- C:\Windows\System\VxCAvuS.exe
  C:\Windows\System\VxCAvuS.exe
  2⤵
  PID:10476
- C:\Windows\System\XHdwqvZ.exe
  C:\Windows\System\XHdwqvZ.exe
  2⤵
  PID:10920
- C:\Windows\System\WFZkZxI.exe
  C:\Windows\System\WFZkZxI.exe
  2⤵
  PID:10284
- C:\Windows\System\stMZAGJ.exe
  C:\Windows\System\stMZAGJ.exe
  2⤵
  PID:11300
- C:\Windows\System\DJzfiwN.exe
  C:\Windows\System\DJzfiwN.exe
  2⤵
  PID:11328
- C:\Windows\System\xmeQKds.exe
  C:\Windows\System\xmeQKds.exe
  2⤵
  PID:11368
- C:\Windows\System\fRwRPWt.exe
  C:\Windows\System\fRwRPWt.exe
  2⤵
  PID:11392
- C:\Windows\System\CIpxWub.exe
  C:\Windows\System\CIpxWub.exe
  2⤵
  PID:11440
- C:\Windows\System\WWwRKDr.exe
  C:\Windows\System\WWwRKDr.exe
  2⤵
  PID:11460
- C:\Windows\System\jWShEmv.exe
  C:\Windows\System\jWShEmv.exe
  2⤵
  PID:11476
- C:\Windows\System\NdiXMcb.exe
  C:\Windows\System\NdiXMcb.exe
  2⤵
  PID:11500
- C:\Windows\System\ulbTHeJ.exe
  C:\Windows\System\ulbTHeJ.exe
  2⤵
  PID:11520
- C:\Windows\System\ZLJUpWh.exe
  C:\Windows\System\ZLJUpWh.exe
  2⤵
  PID:11544
- C:\Windows\System\hPnKjDL.exe
  C:\Windows\System\hPnKjDL.exe
  2⤵
  PID:11572
- C:\Windows\System\Sfjauev.exe
  C:\Windows\System\Sfjauev.exe
  2⤵
  PID:11600
- C:\Windows\System\gqdTNba.exe
  C:\Windows\System\gqdTNba.exe
  2⤵
  PID:11640
- C:\Windows\System\juwYwpz.exe
  C:\Windows\System\juwYwpz.exe
  2⤵
  PID:11676
- C:\Windows\System\BIoDhol.exe
  C:\Windows\System\BIoDhol.exe
  2⤵
  PID:11708
- C:\Windows\System\PDIaemG.exe
  C:\Windows\System\PDIaemG.exe
  2⤵
  PID:11740
- C:\Windows\System\DBJRGSD.exe
  C:\Windows\System\DBJRGSD.exe
  2⤵
  PID:11780
- C:\Windows\System\WsOOQUi.exe
  C:\Windows\System\WsOOQUi.exe
  2⤵
  PID:11796
- C:\Windows\System\IKWZhXI.exe
  C:\Windows\System\IKWZhXI.exe
  2⤵
  PID:11824
- C:\Windows\System\HaodEdx.exe
  C:\Windows\System\HaodEdx.exe
  2⤵
  PID:11852
- C:\Windows\System\wnHglDM.exe
  C:\Windows\System\wnHglDM.exe
  2⤵
  PID:11880
- C:\Windows\System\InTGWzL.exe
  C:\Windows\System\InTGWzL.exe
  2⤵
  PID:11908
- C:\Windows\System\IksGNYW.exe
  C:\Windows\System\IksGNYW.exe
  2⤵
  PID:11936
- C:\Windows\System\lgPrcLc.exe
  C:\Windows\System\lgPrcLc.exe
  2⤵
  PID:11964
- C:\Windows\System\dEuxzeI.exe
  C:\Windows\System\dEuxzeI.exe
  2⤵
  PID:11992
- C:\Windows\System\TbOXLlR.exe
  C:\Windows\System\TbOXLlR.exe
  2⤵
  PID:12020
- C:\Windows\System\RujEgvd.exe
  C:\Windows\System\RujEgvd.exe
  2⤵
  PID:12048
- C:\Windows\System\VfPpHDo.exe
  C:\Windows\System\VfPpHDo.exe
  2⤵
  PID:12076
- C:\Windows\System\fyDAxAF.exe
  C:\Windows\System\fyDAxAF.exe
  2⤵
  PID:12116
- C:\Windows\System\iaJvsMZ.exe
  C:\Windows\System\iaJvsMZ.exe
  2⤵
  PID:12144
- C:\Windows\System\xIhzDkP.exe
  C:\Windows\System\xIhzDkP.exe
  2⤵
  PID:12160
- C:\Windows\System\OaudEJb.exe
  C:\Windows\System\OaudEJb.exe
  2⤵
  PID:12188
- C:\Windows\System\fYjltvU.exe
  C:\Windows\System\fYjltvU.exe
  2⤵
  PID:12208
- C:\Windows\System\qQPkixO.exe
  C:\Windows\System\qQPkixO.exe
  2⤵
  PID:12228
- C:\Windows\System\EJWieJy.exe
  C:\Windows\System\EJWieJy.exe
  2⤵
  PID:12256
- C:\Windows\System\FirqtAa.exe
  C:\Windows\System\FirqtAa.exe
  2⤵
  PID:12284
- C:\Windows\System\ZpdHeED.exe
  C:\Windows\System\ZpdHeED.exe
  2⤵
  PID:11196
- C:\Windows\System\IIIDBZX.exe
  C:\Windows\System\IIIDBZX.exe
  2⤵
  PID:11324
- C:\Windows\System\rESqcfo.exe
  C:\Windows\System\rESqcfo.exe
  2⤵
  PID:11380
- C:\Windows\System\Iakwiwo.exe
  C:\Windows\System\Iakwiwo.exe
  2⤵
  PID:11456
- C:\Windows\System\qNmcaqT.exe
  C:\Windows\System\qNmcaqT.exe
  2⤵
  PID:11564
- C:\Windows\System\AwnnDSK.exe
  C:\Windows\System\AwnnDSK.exe
  2⤵
  PID:11656
- C:\Windows\System\psOvSLX.exe
  C:\Windows\System\psOvSLX.exe
  2⤵
  PID:11728
- C:\Windows\System\ZudWUkb.exe
  C:\Windows\System\ZudWUkb.exe
  2⤵
  PID:11788
- C:\Windows\System\DxrgivP.exe
  C:\Windows\System\DxrgivP.exe
  2⤵
  PID:11840
- C:\Windows\System\VhMqRTX.exe
  C:\Windows\System\VhMqRTX.exe
  2⤵
  PID:11928
- C:\Windows\System\XhVQtyJ.exe
  C:\Windows\System\XhVQtyJ.exe
  2⤵
  PID:11948
- C:\Windows\System\LoGxzjS.exe
  C:\Windows\System\LoGxzjS.exe
  2⤵
  PID:12008
- C:\Windows\System\heIMfOC.exe
  C:\Windows\System\heIMfOC.exe
  2⤵
  PID:12060
- C:\Windows\System\sFuSKQo.exe
  C:\Windows\System\sFuSKQo.exe
  2⤵
  PID:12152
- C:\Windows\System\PtxkDVw.exe
  C:\Windows\System\PtxkDVw.exe
  2⤵
  PID:12248
- C:\Windows\System\SzPOxVP.exe
  C:\Windows\System\SzPOxVP.exe
  2⤵
  PID:12272
- C:\Windows\System\kZpJUfz.exe
  C:\Windows\System\kZpJUfz.exe
  2⤵
  PID:11280
- C:\Windows\System\tSMchfM.exe
  C:\Windows\System\tSMchfM.exe
  2⤵
  PID:11492
- C:\Windows\System\sgmgDZY.exe
  C:\Windows\System\sgmgDZY.exe
  2⤵
  PID:11612
- C:\Windows\System\LelnoKZ.exe
  C:\Windows\System\LelnoKZ.exe
  2⤵
  PID:11664
- C:\Windows\System\GEMaSof.exe
  C:\Windows\System\GEMaSof.exe
  2⤵
  PID:11864
- C:\Windows\System\saqyiEt.exe
  C:\Windows\System\saqyiEt.exe
  2⤵
  PID:11980
- C:\Windows\System\HPPiFBK.exe
  C:\Windows\System\HPPiFBK.exe
  2⤵
  PID:12132
- C:\Windows\System\TFqMCSD.exe
  C:\Windows\System\TFqMCSD.exe
  2⤵
  PID:11276
- C:\Windows\System\tpwPoOi.exe
  C:\Windows\System\tpwPoOi.exe
  2⤵
  PID:11532
- C:\Windows\System\LxmdLfO.exe
  C:\Windows\System\LxmdLfO.exe
  2⤵
  PID:11808
- C:\Windows\System\EfDzxoY.exe
  C:\Windows\System\EfDzxoY.exe
  2⤵
  PID:10764
- C:\Windows\System\xdJUuST.exe
  C:\Windows\System\xdJUuST.exe
  2⤵
  PID:12320
- C:\Windows\System\ebVmNZj.exe
  C:\Windows\System\ebVmNZj.exe
  2⤵
  PID:12344
- C:\Windows\System\smEQHlN.exe
  C:\Windows\System\smEQHlN.exe
  2⤵
  PID:12388
- C:\Windows\System\kGUbnJx.exe
  C:\Windows\System\kGUbnJx.exe
  2⤵
  PID:12424
- C:\Windows\System\NihndoD.exe
  C:\Windows\System\NihndoD.exe
  2⤵
  PID:12460
- C:\Windows\System\dLgrgVT.exe
  C:\Windows\System\dLgrgVT.exe
  2⤵
  PID:12492
- C:\Windows\System\JoCHGpq.exe
  C:\Windows\System\JoCHGpq.exe
  2⤵
  PID:12512
- C:\Windows\System\kPOBOEp.exe
  C:\Windows\System\kPOBOEp.exe
  2⤵
  PID:12548
- C:\Windows\System\UkZDYJV.exe
  C:\Windows\System\UkZDYJV.exe
  2⤵
  PID:12580
- C:\Windows\System\Hkrjgkt.exe
  C:\Windows\System\Hkrjgkt.exe
  2⤵
  PID:12604
- C:\Windows\System\cCvvfNK.exe
  C:\Windows\System\cCvvfNK.exe
  2⤵
  PID:12636
- C:\Windows\System\eXkXkxD.exe
  C:\Windows\System\eXkXkxD.exe
  2⤵
  PID:12660
- C:\Windows\System\RHRQPXz.exe
  C:\Windows\System\RHRQPXz.exe
  2⤵
  PID:12688
- C:\Windows\System\nDTpdud.exe
  C:\Windows\System\nDTpdud.exe
  2⤵
  PID:12716
- C:\Windows\System\GpzgeAD.exe
  C:\Windows\System\GpzgeAD.exe
  2⤵
  PID:12748
- C:\Windows\System\ApZckRB.exe
  C:\Windows\System\ApZckRB.exe
  2⤵
  PID:12772
- C:\Windows\System\McHgGfs.exe
  C:\Windows\System\McHgGfs.exe
  2⤵
  PID:12800
- C:\Windows\System\nJYlYTg.exe
  C:\Windows\System\nJYlYTg.exe
  2⤵
  PID:12832
- C:\Windows\System\QfegfIJ.exe
  C:\Windows\System\QfegfIJ.exe
  2⤵
  PID:12864
- C:\Windows\System\QVzwsBl.exe
  C:\Windows\System\QVzwsBl.exe
  2⤵
  PID:12884
- C:\Windows\System\mVbtfDS.exe
  C:\Windows\System\mVbtfDS.exe
  2⤵
  PID:12912
- C:\Windows\System\oZrWfIb.exe
  C:\Windows\System\oZrWfIb.exe
  2⤵
  PID:12928
- C:\Windows\System\WixMtXG.exe
  C:\Windows\System\WixMtXG.exe
  2⤵
  PID:12968
- C:\Windows\System\snVdOPd.exe
  C:\Windows\System\snVdOPd.exe
  2⤵
  PID:13004
- C:\Windows\System\ZHILZMw.exe
  C:\Windows\System\ZHILZMw.exe
  2⤵
  PID:13036
- C:\Windows\System\uxoARpH.exe
  C:\Windows\System\uxoARpH.exe
  2⤵
  PID:13060
- C:\Windows\System\AgPgEEC.exe
  C:\Windows\System\AgPgEEC.exe
  2⤵
  PID:13084
- C:\Windows\System\BCItmfx.exe
  C:\Windows\System\BCItmfx.exe
  2⤵
  PID:13120
- C:\Windows\System\bYCcVzm.exe
  C:\Windows\System\bYCcVzm.exe
  2⤵
  PID:13136
- C:\Windows\System\BFpZlMi.exe
  C:\Windows\System\BFpZlMi.exe
  2⤵
  PID:13164
- C:\Windows\System\tRhBaWi.exe
  C:\Windows\System\tRhBaWi.exe
  2⤵
  PID:13184
- C:\Windows\System\xaDEmXh.exe
  C:\Windows\System\xaDEmXh.exe
  2⤵
  PID:13208
- C:\Windows\System\XGrvkQb.exe
  C:\Windows\System\XGrvkQb.exe
  2⤵
  PID:13248
- C:\Windows\System\fRPuDKW.exe
  C:\Windows\System\fRPuDKW.exe
  2⤵
  PID:13280
- C:\Windows\System\nBHxlea.exe
  C:\Windows\System\nBHxlea.exe
  2⤵
  PID:13304
- C:\Windows\System\gNHpRWj.exe
  C:\Windows\System\gNHpRWj.exe
  2⤵
  PID:12276
- C:\Windows\System\naxePNA.exe
  C:\Windows\System\naxePNA.exe
  2⤵
  PID:11432
- C:\Windows\System\zthYvtK.exe
  C:\Windows\System\zthYvtK.exe
  2⤵
  PID:12452
- C:\Windows\System\Hgvvdmc.exe
  C:\Windows\System\Hgvvdmc.exe
  2⤵
  PID:12472
- C:\Windows\System\EgNxrqW.exe
  C:\Windows\System\EgNxrqW.exe
  2⤵
  PID:12540
- C:\Windows\System\zMRTziB.exe
  C:\Windows\System\zMRTziB.exe
  2⤵
  PID:11404
- C:\Windows\System\ZuXyHXz.exe
  C:\Windows\System\ZuXyHXz.exe
  2⤵
  PID:12760
- C:\Windows\System\JUqLZXd.exe
  C:\Windows\System\JUqLZXd.exe
  2⤵
  PID:12812
- C:\Windows\System\lKIzxgq.exe
  C:\Windows\System\lKIzxgq.exe
  2⤵
  PID:12872
- C:\Windows\System\VCPYjSI.exe
  C:\Windows\System\VCPYjSI.exe
  2⤵
  PID:12920
- C:\Windows\System\DtchEvK.exe
  C:\Windows\System\DtchEvK.exe
  2⤵
  PID:12940
- C:\Windows\System\msWXKLn.exe
  C:\Windows\System\msWXKLn.exe
  2⤵
  PID:13072
- C:\Windows\System\pgGDuli.exe
  C:\Windows\System\pgGDuli.exe
  2⤵
  PID:13100
- C:\Windows\System\WmXMaOO.exe
  C:\Windows\System\WmXMaOO.exe
  2⤵
  PID:13200
- C:\Windows\System\CLXEjUw.exe
  C:\Windows\System\CLXEjUw.exe
  2⤵
  PID:13236
- C:\Windows\System\OmQAWTb.exe
  C:\Windows\System\OmQAWTb.exe
  2⤵
  PID:12304
- C:\Windows\System\scpjAfF.exe
  C:\Windows\System\scpjAfF.exe
  2⤵
  PID:12368
- C:\Windows\System\lFEBpmb.exe
  C:\Windows\System\lFEBpmb.exe
  2⤵
  PID:12560
- C:\Windows\System\qTuiazb.exe
  C:\Windows\System\qTuiazb.exe
  2⤵
  PID:12672
- C:\Windows\System\yDfNUmG.exe
  C:\Windows\System\yDfNUmG.exe
  2⤵
  PID:12848
- C:\Windows\System\kaNiGwT.exe
  C:\Windows\System\kaNiGwT.exe
  2⤵
  PID:12988
- C:\Windows\System\cYZbzTB.exe
  C:\Windows\System\cYZbzTB.exe
  2⤵
  PID:13068
- C:\Windows\System\ybQbUlh.exe
  C:\Windows\System\ybQbUlh.exe
  2⤵
  PID:13148
- C:\Windows\System\oMgoutQ.exe
  C:\Windows\System\oMgoutQ.exe
  2⤵
  PID:13300
- C:\Windows\System\niWauVK.exe
  C:\Windows\System\niWauVK.exe
  2⤵
  PID:12588
- C:\Windows\System\mnxUmzx.exe
  C:\Windows\System\mnxUmzx.exe
  2⤵
  PID:12856
- C:\Windows\System\YLBUxHe.exe
  C:\Windows\System\YLBUxHe.exe
  2⤵
  PID:13196
- C:\Windows\System\HcWvvyU.exe
  C:\Windows\System\HcWvvyU.exe
  2⤵
  PID:12740
- C:\Windows\System\yRSFkgI.exe
  C:\Windows\System\yRSFkgI.exe
  2⤵
  PID:13336
- C:\Windows\System\UGGgGUl.exe
  C:\Windows\System\UGGgGUl.exe
  2⤵
  PID:13364
- C:\Windows\System\aIeDqiO.exe
  C:\Windows\System\aIeDqiO.exe
  2⤵
  PID:13380
- C:\Windows\System\qObVTSR.exe
  C:\Windows\System\qObVTSR.exe
  2⤵
  PID:13400
- C:\Windows\System\dOVTJEU.exe
  C:\Windows\System\dOVTJEU.exe
  2⤵
  PID:13432
- C:\Windows\System\aUBhAzT.exe
  C:\Windows\System\aUBhAzT.exe
  2⤵
  PID:13452
- C:\Windows\System\BXtdsAX.exe
  C:\Windows\System\BXtdsAX.exe
  2⤵
  PID:13484
- C:\Windows\System\XbsPSEi.exe
  C:\Windows\System\XbsPSEi.exe
  2⤵
  PID:13524
- C:\Windows\System\GKrMGHH.exe
  C:\Windows\System\GKrMGHH.exe
  2⤵
  PID:13548
- C:\Windows\System\oNtSaPm.exe
  C:\Windows\System\oNtSaPm.exe
  2⤵
  PID:13584
- C:\Windows\System\lQSpNnv.exe
  C:\Windows\System\lQSpNnv.exe
  2⤵
  PID:13616
- C:\Windows\System\wzDVQgP.exe
  C:\Windows\System\wzDVQgP.exe
  2⤵
  PID:13648
- C:\Windows\System\acgZnxh.exe
  C:\Windows\System\acgZnxh.exe
  2⤵
  PID:13672
- C:\Windows\System\KvvvBCk.exe
  C:\Windows\System\KvvvBCk.exe
  2⤵
  PID:13700
- C:\Windows\System\LCWuHdd.exe
  C:\Windows\System\LCWuHdd.exe
  2⤵
  PID:13728
- C:\Windows\System\Avlelgs.exe
  C:\Windows\System\Avlelgs.exe
  2⤵
  PID:13764
- C:\Windows\System\oVIgROk.exe
  C:\Windows\System\oVIgROk.exe
  2⤵
  PID:13784
- C:\Windows\System\iscVkIO.exe
  C:\Windows\System\iscVkIO.exe
  2⤵
  PID:13812
- C:\Windows\System\RSAyXtC.exe
  C:\Windows\System\RSAyXtC.exe
  2⤵
  PID:13840
- C:\Windows\System\SHHmcLg.exe
  C:\Windows\System\SHHmcLg.exe
  2⤵
  PID:13876
- C:\Windows\System\HAPLoBO.exe
  C:\Windows\System\HAPLoBO.exe
  2⤵
  PID:13896
- C:\Windows\System\nNRqbvR.exe
  C:\Windows\System\nNRqbvR.exe
  2⤵
  PID:13912
- C:\Windows\System\HVpQoul.exe
  C:\Windows\System\HVpQoul.exe
  2⤵
  PID:13940
- C:\Windows\System\mNrUQZH.exe
  C:\Windows\System\mNrUQZH.exe
  2⤵
  PID:13968
- C:\Windows\System\EoTDCjU.exe
  C:\Windows\System\EoTDCjU.exe
  2⤵
  PID:13996
- C:\Windows\System\SAjHNNc.exe
  C:\Windows\System\SAjHNNc.exe
  2⤵
  PID:14012
- C:\Windows\System\BzlnDdk.exe
  C:\Windows\System\BzlnDdk.exe
  2⤵
  PID:14040
- C:\Windows\System\euifXDH.exe
  C:\Windows\System\euifXDH.exe
  2⤵
  PID:14080
- C:\Windows\System\snAUvWo.exe
  C:\Windows\System\snAUvWo.exe
  2⤵
  PID:14096
- C:\Windows\System\wBVgruV.exe
  C:\Windows\System\wBVgruV.exe
  2⤵
  PID:14120
- C:\Windows\System\IzlUTNm.exe
  C:\Windows\System\IzlUTNm.exe
  2⤵
  PID:14156
- C:\Windows\System\GNEjdCY.exe
  C:\Windows\System\GNEjdCY.exe
  2⤵
  PID:14192
- C:\Windows\System\pxzQTxG.exe
  C:\Windows\System\pxzQTxG.exe
  2⤵
  PID:14216
- C:\Windows\System\xhWYHgr.exe
  C:\Windows\System\xhWYHgr.exe
  2⤵
  PID:14252
- C:\Windows\System\BfUUDQC.exe
  C:\Windows\System\BfUUDQC.exe
  2⤵
  PID:14280
- C:\Windows\System\tQsheDt.exe
  C:\Windows\System\tQsheDt.exe
  2⤵
  PID:14308
- C:\Windows\System\yVsClZS.exe
  C:\Windows\System\yVsClZS.exe
  2⤵
  PID:14332
- C:\Windows\System\HOQbXrO.exe
  C:\Windows\System\HOQbXrO.exe
  2⤵
  PID:13352
- C:\Windows\System\daTjOGY.exe
  C:\Windows\System\daTjOGY.exe
  2⤵
  PID:13444
- C:\Windows\System\ElfttYT.exe
  C:\Windows\System\ElfttYT.exe
  2⤵
  PID:13516
- C:\Windows\System\utBAZcQ.exe
  C:\Windows\System\utBAZcQ.exe
  2⤵
  PID:13576
- C:\Windows\System\fjNiHQm.exe
  C:\Windows\System\fjNiHQm.exe
  2⤵
  PID:13656
- C:\Windows\System\LkMGhCX.exe
  C:\Windows\System\LkMGhCX.exe
  2⤵
  PID:13692
- C:\Windows\System\HmajIMs.exe
  C:\Windows\System\HmajIMs.exe
  2⤵
  PID:13780
- C:\Windows\System\kJDPwLD.exe
  C:\Windows\System\kJDPwLD.exe
  2⤵
  PID:13864
- C:\Windows\System\QqJknWz.exe
  C:\Windows\System\QqJknWz.exe
  2⤵
  PID:13888
- C:\Windows\System\fDeuECd.exe
  C:\Windows\System\fDeuECd.exe
  2⤵
  PID:13956
- C:\Windows\System\ljMpbEl.exe
  C:\Windows\System\ljMpbEl.exe
  2⤵
  PID:14004
- C:\Windows\System\LVqNigP.exe
  C:\Windows\System\LVqNigP.exe
  2⤵
  PID:14052
- C:\Windows\System\jGETcqh.exe
  C:\Windows\System\jGETcqh.exe
  2⤵
  PID:14208
- C:\Windows\System\dPTutHf.exe
  C:\Windows\System\dPTutHf.exe
  2⤵
  PID:14228
- C:\Windows\System\BSwCVMR.exe
  C:\Windows\System\BSwCVMR.exe
  2⤵
  PID:14328
- C:\Windows\System\AbBHOMU.exe
  C:\Windows\System\AbBHOMU.exe
  2⤵
  PID:13316
- C:\Windows\System\ybQQGxY.exe
  C:\Windows\System\ybQQGxY.exe
  2⤵
  PID:13496
- C:\Windows\System\MYJduuP.exe
  C:\Windows\System\MYJduuP.exe
  2⤵
  PID:13684
- C:\Windows\System\uUrkgHV.exe
  C:\Windows\System\uUrkgHV.exe
  2⤵
  PID:13740
- C:\Windows\System\tWWjjIq.exe
  C:\Windows\System\tWWjjIq.exe
  2⤵
  PID:13908
- C:\Windows\System\JwzKEIF.exe
  C:\Windows\System\JwzKEIF.exe
  2⤵
  PID:14132

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AmknTBT.exe

Filesize
2.5MB

MD5
637795a2de486f45c0507b71383714ba

SHA1
796dac3ab8a3b4cc7392fb567cdd239687279a22

SHA256
2b4a0773c9ddbe699f515b5390169ddfdb516bc0a59993a5b12484d1da9c1be5

SHA512
240b2090f1aaddd9fe7115a0cafdf19c65afaabc1efa22e30bc81db08ea77234fe26db4cf36a329ce6f2e1373c1fb31be08120b6252c39da8385d40db74cb31e

Download Submit
C:\Windows\System\CBbwfSk.exe

Filesize
2.5MB

MD5
6619d75533146740ac6e6c2817735366

SHA1
aa8acdea4380657563f107f914fbca0047dbd209

SHA256
1cb7824540e411765e01d375038bcfa9a3d5644b1b526e78eaba33de1aa957cb

SHA512
be81e02aa33a1ec36f53a00dbb6ce388e3ed01f8eae2c69694c7661d13a08d4c9db2cf04774d2ecea287023c30d7dcbdd20aed347a235503c7f1bbddff7f28a5

Download Submit
C:\Windows\System\CQgMqkK.exe

Filesize
2.5MB

MD5
449fa556a9acdcb0e2e99b24c1b6e1d9

SHA1
6315e64c262e2ca8119a2be4cb1a16dbdf563d94

SHA256
8b349a93c470b4288dce9e2e9386a2ea235d04ab0e9af8f09530047225622072

SHA512
bffddc37f1a8b9843f9e3ac7522ec7a30c75504ac54dc38866f2402ad160708f5545c89be42c86023ee1bb2b4229d406a3b011c4b2494ba71aba3d4a8e37ed90

Download Submit
C:\Windows\System\CUMAyJy.exe

Filesize
2.5MB

MD5
ed19dfa4fca83fb9fa645efc6c7c9dc8

SHA1
21d60bed1cfb7d2f3894b86cc8f914e066d02fb4

SHA256
2be3dab9bb00151037d347a9f20cc6b443fd7fa781b174171a4bb474524c6f4e

SHA512
6410e7e31891d40891834a81e647fa4f91d0c539d647ddb11967bf0052b0e79fde770d010dc468acbf68187163d9b44295856e7b0dcdcecc5d3b672be0622cd7

Download Submit
C:\Windows\System\DYvEIyz.exe

Filesize
2.5MB

MD5
ce5e18cf155ea440fc6242fd59a11385

SHA1
5515ffc2a7e0dd840c63509325cb8eb3dcf2bf96

SHA256
c5715a89adda703c9e471a0bfa16430c5323752d5daded606b6e0fa1f1697660

SHA512
e8677dfb358d915cfab1d2a368ba3b866e1ee82fc22090943bd1f06f711b34c2d5191b38e1e0634009bb5ae5e7c92b59804d6a5db6d8432c2a3836d5b93c4487

Download Submit
C:\Windows\System\DucmTlE.exe

Filesize
2.5MB

MD5
9064589470120e97cbc878f88a245435

SHA1
0a3b938c87e9d906af0cec1a9b1e98dab66ef412

SHA256
02b829a9a95d4f6df8f9e8d2bfe4a91b19de593be1877e294f76aae4e4b8b67c

SHA512
39c8124382c7ee61f6a196aa4d87962b60dc26bd06497468060d943e2814a7bf9dc8dfe839817b863545bed69114409f772d694b39aff480b4883caa24edde4e

Download Submit
C:\Windows\System\FzoRJME.exe

Filesize
2.5MB

MD5
4b228c3813b815d5c401af2f822d9492

SHA1
5ac450bcf31dabbef70bdf70320179858f581b62

SHA256
b15a64078399542f2afe58e87c544392627da804464ba24085253a1cc205c29d

SHA512
23ebaa1d3e3dc267055d098de63d2caedaaed83c92049d39cd8c4de23e79876368704f52e68ec061dbd05a2109affaff0d712d7eb00f5a9908c5386197074c54

Download Submit
C:\Windows\System\IiCsdRO.exe

Filesize
2.5MB

MD5
6f9628ea4ae57dfda2070b8f018e6a6a

SHA1
b84e8d05766a51cc97237448f452247fdeaceb24

SHA256
d286c8ae660e18901e6660e83db7870962cc524378340898a22bc52b5946c4b0

SHA512
1876b64f1089bcf059c75ed078f0d27f66abcd17d08f45311a6d16da6c8ecce1db6d11499e1bb9576aef6f1fa02e5493acb927ae66e6538f0e3b94ea8473ad72

Download Submit
C:\Windows\System\IkjoGyr.exe

Filesize
2.5MB

MD5
94608c71bd0611159f3b6628cad0d3c5

SHA1
f5c2373bed2da569006a48cafe0bdaefe406199f

SHA256
a1218b329e48b04a9de99d0c543d8f89add97f58c64f9f06ef4b5572211788bf

SHA512
0f51aba72da58dfda93c74ed692f38e41b1d5e758a9f13aa89f5d75ae41eb42c5530e06b33d72ae8be8097fa39c9f602b7b5f16fd205b7c5828f96fa5e4b2b2e

Download Submit
C:\Windows\System\IkqmuYz.exe

Filesize
2.5MB

MD5
5c1ce6263f6357f34d7c7edd6f54abda

SHA1
e4cb368d7e5d7e68c02793974e262baca0d7b4c9

SHA256
d88621a62ba4224dee1d5e87b7bd6000b025ab803e91482712c07f06898d6911

SHA512
eca0a4ef3b1452c4a1d52ec1df38c87c190e192a0e3ad297e22b46d932a4e8c2d3f74944e039f9f53c210491996834ec9edf85f97aeeb57a9d92c5bfdd9ed267

Download Submit
C:\Windows\System\MAuhCfD.exe

Filesize
2.5MB

MD5
6f8330c689acdffb85ec3939188da711

SHA1
463392df61e714fd684071da174ddbfac7a81267

SHA256
81d6ea64f14466b195d2fa318cf5429591ca7f44cb91274029cb68c355c7e3db

SHA512
b47d35a2d4f7f09700b2dfcf44187d28c7e167d7cb62ec42618e12eb551f157fbc244ff35d62b091dd065a642415d245c992648db510de647c4c41dcfb9ad3a1

Download Submit
C:\Windows\System\MVpYxPT.exe

Filesize
2.5MB

MD5
26691933d621c9f089a54a3ee5abb5f5

SHA1
d7827c5815a58650519e98a62a6d6ca61aeca637

SHA256
a52d55a95428044a816b15deed78920e41d25808934f8c0dd711061d44092c05

SHA512
79047e0d8fae20f0e1bbc28f6b27af44c737126e5c613ca43951b747ab7e71bb83e4d5b2b715c68d1e25c204d941359488556dcb9fc85907d4bd1e16902fb0c9

Download Submit
C:\Windows\System\OaHZYZY.exe

Filesize
2.5MB

MD5
eca6faeeecbf770fd09a829e6d21bbd8

SHA1
bc738d6702c5bc92d1018e391fed5d70d0894648

SHA256
11e17ef72a10874827e560de7f556e460bd7dd50bcbd4e8fbada551557f059d2

SHA512
9e040c4c95772ff92dce2803e205c577e1174449b69bf50485e13a289b129c8059b75e5bf890c4a773496596768c1a714e7b2b8ffc9a9afe1f3696d28cc2548f

Download Submit
C:\Windows\System\PwaqTho.exe

Filesize
2.5MB

MD5
62f70b90aaa786ec773d223045abbbee

SHA1
1e97567245631e494fd40fa07a002d874a98b582

SHA256
7ac553dae5fedee9c6ec94a21e51c4929cd2744d6d946028494296d56f783d89

SHA512
8138e93c1f09271636ac50cab284ad347dc93e9b14b925fca8937241344e62ffec0c939ef2496c5d98d10648ee6d9c6d1c556aed573bd76f732faf6ea12e22cf

Download Submit
C:\Windows\System\TIPemkW.exe

Filesize
2.5MB

MD5
0264c51de83491cfdc64a10856c33b8c

SHA1
e8bec1de069a2f24053de723636c1d8843a574fe

SHA256
3dedf59ac2d97be1bde78d517e7f334cd65911102acced0f3c18feeb7382b85d

SHA512
674f64cf91c1f9c6e519a934dbf327489a8f70ce5c0a4445c75479277e3148dca499ded4ca466fa93a041e306ba24475a476358795892dbae71b1623585598d4

Download Submit
C:\Windows\System\UjeQaaO.exe

Filesize
2.5MB

MD5
74760fac130d572917109299d8aed0ab

SHA1
bb94a2b51a53e07dbcef15fd1f8292b17930d11a

SHA256
8ecd7045dc613847b311226dc0367bf07a0943809fc90021980151f4a88a22d3

SHA512
1957f0ae2169a5f11b508f62e37b1bf71b5cec130ca1edad5ed1c0b6cb92326ab13a664cbbd74ed6b3cb59225d17e815d147f43db252ccb65b620fbaa5249373

Download Submit
C:\Windows\System\VURBtlb.exe

Filesize
2.5MB

MD5
95f1a6b49ecc9f742ba717d10c14be5d

SHA1
7c52fffa2a304fa03e3ec25e6d6e169d0169015d

SHA256
5ab0d122c7502846b9b69dc2e466c04d105b72fa3a39622becad5b3541e0209f

SHA512
d0f0045d73d6245cdb8f0b8d49dd95743d21ac9ef100364f12a067088fd38fcb1c16e68bd5fe9613acab88541f7f26a746dcfc7c5adda902601ab91a1e2eb512

Download Submit
C:\Windows\System\bIvxpaI.exe

Filesize
2.5MB

MD5
c0a3564788370ad94940c89dc474794b

SHA1
b197f768930643b841bafe376111003e4b26789c

SHA256
5515add9b168b7701bdf11bf7648c69c7404df0291b3f79d81f01239d62d04df

SHA512
941302bef898426ba009ebb3127aa52d5ed592a3de240fa8f63675e15d38d75514482af03178979bf46a3f5e11a094b0c8d07e7ed6a0ccd156ddce799e2e9e77

Download Submit
C:\Windows\System\dJtMhPG.exe

Filesize
2.5MB

MD5
03d2b8998229a9bf4dee37ae1c67f97a

SHA1
1c2b64d163ef6553454bf3c9752907618d5824be

SHA256
983a63517b3f482bd499c9b72727c5930ce16344f43953a398798c857ae0204a

SHA512
5c77bb983f3260e81b532c1af6b6c756be84988e9cb6e9116406ffdf2fe8980716023ef29236817eaba90d15f291b6839aee9fb68106e16bc1b76109a934d7d1

Download Submit
C:\Windows\System\eeWxjeA.exe

Filesize
2.5MB

MD5
30e59c27612609239909cb92625cda6a

SHA1
057a38023ec81cfb801d5f3c83cda3841c232a17

SHA256
08d33bb726b1ece3b2bd179e922f6574eaf9e0b3e618122cd6c5f47abc5521ba

SHA512
f81eff0f0744a412217bcc06052dc2c78f127b53375b6432777581e1bfca993757aa8d0b3eee3e114c004dd378354168453afa6b1242a17878ef4015355c9841

Download Submit
C:\Windows\System\hqYDhPU.exe

Filesize
2.5MB

MD5
63b6c610f48597f75683b51849810bdb

SHA1
157dde8447cafa1c8b05e0ee6e2c46e30fef6d0c

SHA256
53acd9f52d3daa5aeeaaa77dbbc9934bf8e396e92cd6c7d7eb45be2aab0f0c5a

SHA512
2a0ae1c31011de456806bb7ab6eba76dc0182dd9b3561fb132904acd9647ebf411559b45dfc4a4d659b6edbdca5fdcc0beb7875f7b06292232905e8b411a880a

Download Submit
C:\Windows\System\kXgZuJt.exe

Filesize
2.5MB

MD5
82a094614feb437251c876f201eb9ee4

SHA1
527b4ca264f00b1053ea04f6a5232200c0970e8b

SHA256
c4df5c5cdaac885d47666f299c196de09b9e330bb08ec6bd9fc5ee62fc200370

SHA512
d1825778bf5e9f24d3e93c229ba74ceb2797e7b2962f10bfa74e435bd1b2c60efd650f0ccc54ff986a4b843ca07bdbfb870aa8e369afcd4237b24cf50650052d

Download Submit
C:\Windows\System\mpcEBho.exe

Filesize
2.5MB

MD5
042f92805da2b448b196f603cefc04f0

SHA1
35b0f0383562a8fa9edd4a22bd8f30ecc1d97b0f

SHA256
0986e6c49f2b72c68664bb417bb3fb4188366a7cf3d5eeeb21b78e101fe3221d

SHA512
b6b955917d8028e4c0e2fd71e53fc007056a3e7524d92b20c9ace3a44990dfa1110e72d5c63cff8ab335dd4e178fc959c2df12b4c8bef9dabc5004c602b5a492

Download Submit
C:\Windows\System\nlYJdnx.exe

Filesize
2.5MB

MD5
5630443237962719fad44b20f5773c5c

SHA1
7900c2309590f39243a19653cc6da6933e187c59

SHA256
4d2c0e982915fe40331e8e49ababa5b989e325e300ed5f162c1b25485cdbb06d

SHA512
54aa39a3c1a1c8e0e409d81f545a9c91720ef475270b76909bdf5ca2f8291d7effc040579f680a26690d0fb7e60f0e25f66e4849394066df3b677cd1696b57b9

Download Submit
C:\Windows\System\oKoFHVJ.exe

Filesize
2.5MB

MD5
14dcdf17e379d80169068bbd073e42ae

SHA1
ff686d60ea591c14a489dbd665b68cd219641b89

SHA256
421afe6f1a2374f25b3493f9334494d56ea2304d9970fc79e8515e74327a9a86

SHA512
641c699f8bf39902f5ab31cad5e3225f14e089d8f5338f4abd8812b82dd3343716d136ecde7f47ec3563f38e240c43f78f0dd1afaa76f31573f74167c348e1f6

Download Submit
C:\Windows\System\pBGIWtR.exe

Filesize
2.5MB

MD5
04bf9a9f289c34068e512f592e14ea06

SHA1
7fefe46c6f810688b2e910d4e5851c31bd94479c

SHA256
820ef7011b85fd9610c07d581e3f3c7366b3969d52e0531f26d053108d40a0fc

SHA512
49853459f47f9e30d9e4d45d18d998d04caf4895826555bc6aa6f1290ad18d97eb4ed1053c5579f79c68a87a67c965798e97e6402c35efeecc0e29e3ebc7f7a2

Download Submit
C:\Windows\System\qxmKyEK.exe

Filesize
2.5MB

MD5
2262159262add3df6e025305d513394b

SHA1
bf1c20388487fcd9bfdaaedd247fcfd6d73849c1

SHA256
19ad18db6f66e145fda91cb02b1ec930b7c6cface6948bb580c2991de512025c

SHA512
0f19dd7cf161660d8165f4004063df95c6393a3811abd0cbf0d52179bd0739c321cfcaea871b2dc45bf79a9eb4ef6b4489af3864c164857d1f53ac902ecaef20

Download Submit
C:\Windows\System\rluadMs.exe

Filesize
2.5MB

MD5
4e0afc3629075bee696dde13e9c881ef

SHA1
7eb201645c8f08792823081bb3aa8e72f32fa6f5

SHA256
657136a02ced405cf5d98a6e5b84d01cf7ed5694c9e5dd1a1fda6d1430afe1b6

SHA512
711e26f780f9e14a12985542bade1200e8cab058719085a897cf1c350de01348ca71c5166f8a68f6600c6907ffcc659f80805b5f37dbca975ce6a304a8f466de

Download Submit
C:\Windows\System\sCUBjNk.exe

Filesize
2.5MB

MD5
b2ca5a201f230b1c58af81e53644a60d

SHA1
abe2060e965dd0324170ab83c5bdc000886df834

SHA256
8978816d11b23a0e69b0485aaae188a75c835e64884847f33eb2256e58f12f61

SHA512
fb29599f03058d360dba72483636d4b9391fe294c4e7be9f2be93457ac4f09c7ec093e493e4d2af9f9b4583c0b009866d4b50b9e617e95c3d507b398bc8371cb

Download Submit
C:\Windows\System\uvbieLQ.exe

Filesize
2.5MB

MD5
9ec4f55c7a3278170cbe063dad9ddad9

SHA1
ced490f459da3746e323c2d529841f356abc9f3a

SHA256
f3641a473f9829d2746e9112138ebd597dfff2cdffa427c3b551f6bb381463af

SHA512
03fd6d135e79b9dee1ae15a1e76307544cb30448093ca4b49d0a35472c68dc9adadeac5eb3a25400a831b3c9480cc1bab9aeedb968f7a1a5ef60f296327ac376

Download Submit
C:\Windows\System\uzKGXHY.exe

Filesize
2.5MB

MD5
8503253957a0a7600418448d1fd9dcf4

SHA1
1521f79f6d102dc88ca68f242977333f699070a0

SHA256
d202c4de3446013ec13e64039387de3b4b770b0a99789bb8f9ce51c260702494

SHA512
036682ed22481aca9a363e1b77c6b0a36aecef3011471215c1bf69399a564a54bec8178c6d705fc7e9d22f4226e687b90458a93180ab16de02739f6723149994

Download Submit
C:\Windows\System\yFxNpoM.exe

Filesize
2.5MB

MD5
4b8072e6bb2bf8e7c3629128284b651a

SHA1
598cc64b35cc99801de8c6553e1dbd3471ddc403

SHA256
e0048e2283f8c29d9d8fe01b2a3bf2bab3bb5349c47e2b662a0bd7eee53ca0b9

SHA512
ce3cfea6d8c29c09f184f05fd23e847d1707795061f175651de5592bc734c2161311ebe63bbd52d077731a38ae7e2c889764450a1820783b11164999d5969701

Download Submit
C:\Windows\System\zFPIydw.exe

Filesize
2.5MB

MD5
270411a6d6fb9510644893de88b8f2f4

SHA1
71037f42ddb2abdbc19471f944e811e5ec44c6d9

SHA256
1996de42a2009f6fc11949f7e659aa15130f92c3872c12ccc655f431f07eae61

SHA512
f8a212afe03b783cf6d368003680480f82e721899cd574b5c726e9a6b16d5b1e056f67c4b667d143ae2418d0ce3b170c18fd97ab4e715618c0f0d0ab0767e2ab

Download Submit
memory/212-136-0x00007FF787910000-0x00007FF787C64000-memory.dmp

Filesize
3.3MB

Download
memory/212-2201-0x00007FF787910000-0x00007FF787C64000-memory.dmp

Filesize
3.3MB

Download
memory/216-173-0x00007FF761360000-0x00007FF7616B4000-memory.dmp

Filesize
3.3MB

Download
memory/216-2205-0x00007FF761360000-0x00007FF7616B4000-memory.dmp

Filesize
3.3MB

Download
memory/644-114-0x00007FF7B12E0000-0x00007FF7B1634000-memory.dmp

Filesize
3.3MB

Download
memory/644-2200-0x00007FF7B12E0000-0x00007FF7B1634000-memory.dmp

Filesize
3.3MB

Download
memory/668-185-0x00007FF6A54F0000-0x00007FF6A5844000-memory.dmp

Filesize
3.3MB

Download
memory/668-2210-0x00007FF6A54F0000-0x00007FF6A5844000-memory.dmp

Filesize
3.3MB

Download
memory/1772-2196-0x00007FF73BCC0000-0x00007FF73C014000-memory.dmp

Filesize
3.3MB

Download
memory/1772-93-0x00007FF73BCC0000-0x00007FF73C014000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2195-0x00007FF7C44D0000-0x00007FF7C4824000-memory.dmp

Filesize
3.3MB

Download
memory/1800-88-0x00007FF7C44D0000-0x00007FF7C4824000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1886-0x00007FF7C44D0000-0x00007FF7C4824000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2204-0x00007FF7693A0000-0x00007FF7696F4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-163-0x00007FF7693A0000-0x00007FF7696F4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2181-0x00007FF7693A0000-0x00007FF7696F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-38-0x00007FF7BCE30000-0x00007FF7BD184000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2186-0x00007FF7BCE30000-0x00007FF7BD184000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1885-0x00007FF6FD550000-0x00007FF6FD8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2198-0x00007FF6FD550000-0x00007FF6FD8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-76-0x00007FF6FD550000-0x00007FF6FD8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-24-0x00007FF6D0190000-0x00007FF6D04E4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2183-0x00007FF6D0190000-0x00007FF6D04E4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1337-0x00007FF73AA90000-0x00007FF73ADE4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-21-0x00007FF73AA90000-0x00007FF73ADE4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-2185-0x00007FF73AA90000-0x00007FF73ADE4000-memory.dmp

Filesize
3.3MB

Download
memory/3148-133-0x00007FF6502C0000-0x00007FF650614000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2203-0x00007FF6502C0000-0x00007FF650614000-memory.dmp

Filesize
3.3MB

Download
memory/3148-2178-0x00007FF6502C0000-0x00007FF650614000-memory.dmp

Filesize
3.3MB

Download
memory/3200-2182-0x00007FF6869C0000-0x00007FF686D14000-memory.dmp

Filesize
3.3MB

Download
memory/3200-186-0x00007FF6869C0000-0x00007FF686D14000-memory.dmp

Filesize
3.3MB

Download
memory/3200-2211-0x00007FF6869C0000-0x00007FF686D14000-memory.dmp

Filesize
3.3MB

Download
memory/3432-2184-0x00007FF7CA060000-0x00007FF7CA3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3432-18-0x00007FF7CA060000-0x00007FF7CA3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3548-2177-0x00007FF779D80000-0x00007FF77A0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3548-2199-0x00007FF779D80000-0x00007FF77A0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3548-97-0x00007FF779D80000-0x00007FF77A0D4000-memory.dmp

Filesize
3.3MB

Download
memory/3824-2179-0x00007FF705F60000-0x00007FF7062B4000-memory.dmp

Filesize
3.3MB

Download
memory/3824-145-0x00007FF705F60000-0x00007FF7062B4000-memory.dmp

Filesize
3.3MB

Download
memory/3824-2206-0x00007FF705F60000-0x00007FF7062B4000-memory.dmp

Filesize
3.3MB

Download
memory/3896-2202-0x00007FF6886B0000-0x00007FF688A04000-memory.dmp

Filesize
3.3MB

Download
memory/3896-127-0x00007FF6886B0000-0x00007FF688A04000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2192-0x00007FF798D60000-0x00007FF7990B4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-54-0x00007FF798D60000-0x00007FF7990B4000-memory.dmp

Filesize
3.3MB

Download
memory/4080-184-0x00007FF7D7E00000-0x00007FF7D8154000-memory.dmp

Filesize
3.3MB

Download
memory/4080-2209-0x00007FF7D7E00000-0x00007FF7D8154000-memory.dmp

Filesize
3.3MB

Download
memory/4448-956-0x00007FF790600000-0x00007FF790954000-memory.dmp

Filesize
3.3MB

Download
memory/4448-0-0x00007FF790600000-0x00007FF790954000-memory.dmp

Filesize
3.3MB

Download
memory/4448-1-0x000002CD6A080000-0x000002CD6A090000-memory.dmp

Filesize
64KB

Download
memory/4520-49-0x00007FF663300000-0x00007FF663654000-memory.dmp

Filesize
3.3MB

Download
memory/4520-1883-0x00007FF663300000-0x00007FF663654000-memory.dmp

Filesize
3.3MB

Download
memory/4520-2189-0x00007FF663300000-0x00007FF663654000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2190-0x00007FF6424A0000-0x00007FF6427F4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-101-0x00007FF6424A0000-0x00007FF6427F4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-94-0x00007FF6BFC60000-0x00007FF6BFFB4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2193-0x00007FF6BFC60000-0x00007FF6BFFB4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-100-0x00007FF6A42E0000-0x00007FF6A4634000-memory.dmp

Filesize
3.3MB

Download
memory/4644-2187-0x00007FF6A42E0000-0x00007FF6A4634000-memory.dmp

Filesize
3.3MB

Download
memory/4656-183-0x00007FF762F80000-0x00007FF7632D4000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2208-0x00007FF762F80000-0x00007FF7632D4000-memory.dmp

Filesize
3.3MB

Download
memory/4676-103-0x00007FF741CB0000-0x00007FF742004000-memory.dmp

Filesize
3.3MB

Download
memory/4676-2194-0x00007FF741CB0000-0x00007FF742004000-memory.dmp

Filesize
3.3MB

Download
memory/4888-1884-0x00007FF6622D0000-0x00007FF662624000-memory.dmp

Filesize
3.3MB

Download
memory/4888-64-0x00007FF6622D0000-0x00007FF662624000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2191-0x00007FF6622D0000-0x00007FF662624000-memory.dmp

Filesize
3.3MB

Download
memory/4996-102-0x00007FF6445E0000-0x00007FF644934000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2188-0x00007FF6445E0000-0x00007FF644934000-memory.dmp

Filesize
3.3MB

Download
memory/5060-104-0x00007FF6C2A20000-0x00007FF6C2D74000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2197-0x00007FF6C2A20000-0x00007FF6C2D74000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2180-0x00007FF760760000-0x00007FF760AB4000-memory.dmp

Filesize
3.3MB

Download
memory/5096-154-0x00007FF760760000-0x00007FF760AB4000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2207-0x00007FF760760000-0x00007FF760AB4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads