kpot | 7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842

Analysis

max time kernel
142s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
Size

2.0MB
MD5

416f7f2eb6eb92b75295a0ff74e43d80
SHA1

6bef1976fcb61d421819e5cf8aa3ea9d20dc3b40
SHA256

7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842
SHA512

39d3ef45b90868e11fe69a101cd533647955ba8e2afbe01b4331387f41952208fd6a042b68ff1a91a84c9052767d6fb69f1f135fed2c785a6e177e6900f2a45c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6g81pbNciM:BemTLkNdfE0pZrwY

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 36 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023441-5.dat	family_kpot
behavioral2/files/0x0007000000023442-15.dat	family_kpot
behavioral2/files/0x0007000000023444-34.dat	family_kpot
behavioral2/files/0x0007000000023443-46.dat	family_kpot
behavioral2/files/0x0007000000023447-67.dat	family_kpot
behavioral2/files/0x000700000002344d-103.dat	family_kpot
behavioral2/files/0x0007000000023453-132.dat	family_kpot
behavioral2/files/0x000700000002345c-178.dat	family_kpot
behavioral2/files/0x0007000000023457-180.dat	family_kpot
behavioral2/files/0x000700000002345b-176.dat	family_kpot
behavioral2/files/0x000700000002345a-172.dat	family_kpot
behavioral2/files/0x0007000000023459-170.dat	family_kpot
behavioral2/files/0x0007000000023458-168.dat	family_kpot
behavioral2/files/0x0007000000023464-167.dat	family_kpot
behavioral2/files/0x0007000000023456-165.dat	family_kpot
behavioral2/files/0x0007000000023463-161.dat	family_kpot
behavioral2/files/0x0007000000023462-160.dat	family_kpot
behavioral2/files/0x0007000000023461-159.dat	family_kpot
behavioral2/files/0x0007000000023460-158.dat	family_kpot
behavioral2/files/0x000700000002345f-157.dat	family_kpot
behavioral2/files/0x0007000000023454-154.dat	family_kpot
behavioral2/files/0x000700000002345e-153.dat	family_kpot
behavioral2/files/0x000700000002345d-152.dat	family_kpot
behavioral2/files/0x0007000000023452-127.dat	family_kpot
behavioral2/files/0x0007000000023451-122.dat	family_kpot
behavioral2/files/0x0007000000023455-116.dat	family_kpot
behavioral2/files/0x000700000002344c-101.dat	family_kpot
behavioral2/files/0x000700000002344a-95.dat	family_kpot
behavioral2/files/0x000700000002344e-105.dat	family_kpot
behavioral2/files/0x000700000002344b-98.dat	family_kpot
behavioral2/files/0x0007000000023450-82.dat	family_kpot
behavioral2/files/0x0007000000023449-81.dat	family_kpot
behavioral2/files/0x0007000000023448-78.dat	family_kpot
behavioral2/files/0x000700000002344f-72.dat	family_kpot
behavioral2/files/0x0007000000023446-59.dat	family_kpot
behavioral2/files/0x0007000000023445-35.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2148-0-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023441-5.dat	xmrig
behavioral2/files/0x0007000000023442-15.dat	xmrig
behavioral2/files/0x0007000000023444-34.dat	xmrig
behavioral2/files/0x0007000000023443-46.dat	xmrig
behavioral2/memory/4316-50-0x00007FF6CC070000-0x00007FF6CC3C4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023447-67.dat	xmrig
behavioral2/files/0x000700000002344d-103.dat	xmrig
behavioral2/files/0x0007000000023453-132.dat	xmrig
behavioral2/memory/2548-163-0x00007FF669F30000-0x00007FF66A284000-memory.dmp	xmrig
behavioral2/files/0x000700000002345c-178.dat	xmrig
behavioral2/memory/3688-197-0x00007FF6CBC80000-0x00007FF6CBFD4000-memory.dmp	xmrig
behavioral2/memory/3112-210-0x00007FF7BE9D0000-0x00007FF7BED24000-memory.dmp	xmrig
behavioral2/memory/4188-225-0x00007FF6037A0000-0x00007FF603AF4000-memory.dmp	xmrig
behavioral2/memory/232-229-0x00007FF6F2720000-0x00007FF6F2A74000-memory.dmp	xmrig
behavioral2/memory/4816-228-0x00007FF76FD20000-0x00007FF770074000-memory.dmp	xmrig
behavioral2/memory/4524-227-0x00007FF70EB50000-0x00007FF70EEA4000-memory.dmp	xmrig
behavioral2/memory/4940-226-0x00007FF65B660000-0x00007FF65B9B4000-memory.dmp	xmrig
behavioral2/memory/2624-224-0x00007FF6965D0000-0x00007FF696924000-memory.dmp	xmrig
behavioral2/memory/776-223-0x00007FF6110C0000-0x00007FF611414000-memory.dmp	xmrig
behavioral2/memory/3964-222-0x00007FF6331B0000-0x00007FF633504000-memory.dmp	xmrig
behavioral2/memory/932-213-0x00007FF7D0070000-0x00007FF7D03C4000-memory.dmp	xmrig
behavioral2/memory/2672-212-0x00007FF679960000-0x00007FF679CB4000-memory.dmp	xmrig
behavioral2/memory/1056-209-0x00007FF6F5BD0000-0x00007FF6F5F24000-memory.dmp	xmrig
behavioral2/memory/3064-208-0x00007FF6BFEF0000-0x00007FF6C0244000-memory.dmp	xmrig
behavioral2/files/0x0007000000023457-180.dat	xmrig
behavioral2/files/0x000700000002345b-176.dat	xmrig
behavioral2/memory/3500-175-0x00007FF782DF0000-0x00007FF783144000-memory.dmp	xmrig
behavioral2/memory/1364-174-0x00007FF67CC70000-0x00007FF67CFC4000-memory.dmp	xmrig
behavioral2/files/0x000700000002345a-172.dat	xmrig
behavioral2/files/0x0007000000023459-170.dat	xmrig
behavioral2/files/0x0007000000023458-168.dat	xmrig
behavioral2/files/0x0007000000023464-167.dat	xmrig
behavioral2/files/0x0007000000023456-165.dat	xmrig
behavioral2/memory/1444-164-0x00007FF7A6830000-0x00007FF7A6B84000-memory.dmp	xmrig
behavioral2/memory/3900-162-0x00007FF631C60000-0x00007FF631FB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023463-161.dat	xmrig
behavioral2/files/0x0007000000023462-160.dat	xmrig
behavioral2/files/0x0007000000023461-159.dat	xmrig
behavioral2/files/0x0007000000023460-158.dat	xmrig
behavioral2/files/0x000700000002345f-157.dat	xmrig
behavioral2/files/0x0007000000023454-154.dat	xmrig
behavioral2/files/0x000700000002345e-153.dat	xmrig
behavioral2/files/0x000700000002345d-152.dat	xmrig
behavioral2/memory/5044-145-0x00007FF746750000-0x00007FF746AA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023452-127.dat	xmrig
behavioral2/files/0x0007000000023451-122.dat	xmrig
behavioral2/files/0x0007000000023455-116.dat	xmrig
behavioral2/memory/4388-111-0x00007FF6E8590000-0x00007FF6E88E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002344c-101.dat	xmrig
behavioral2/files/0x000700000002344a-95.dat	xmrig
behavioral2/memory/2848-92-0x00007FF6419B0000-0x00007FF641D04000-memory.dmp	xmrig
behavioral2/memory/3440-91-0x00007FF765DD0000-0x00007FF766124000-memory.dmp	xmrig
behavioral2/files/0x000700000002344e-105.dat	xmrig
behavioral2/files/0x000700000002344b-98.dat	xmrig
behavioral2/files/0x0007000000023450-82.dat	xmrig
behavioral2/files/0x0007000000023449-81.dat	xmrig
behavioral2/files/0x0007000000023448-78.dat	xmrig
behavioral2/memory/2400-76-0x00007FF7B9930000-0x00007FF7B9C84000-memory.dmp	xmrig
behavioral2/files/0x000700000002344f-72.dat	xmrig
behavioral2/files/0x0007000000023446-59.dat	xmrig
behavioral2/files/0x0007000000023445-35.dat	xmrig
behavioral2/memory/1108-43-0x00007FF65F170000-0x00007FF65F4C4000-memory.dmp	xmrig
behavioral2/memory/3628-28-0x00007FF733610000-0x00007FF733964000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
744	KewToFl.exe
3408	QGiaMMm.exe
776	FPkDAlo.exe
3628	xvfquEZ.exe
1108	DJmRPKC.exe
2624	ndyxiiU.exe
4316	gAfQMdF.exe
2400	yzGacgC.exe
3440	gMCjsaK.exe
4188	BeRGOfR.exe
2848	kkKZaCC.exe
4388	ReEOapY.exe
5044	PKhbpDF.exe
3900	bWvabdt.exe
2548	ltxbgDd.exe
4940	ubrmJlR.exe
1444	fFxQdyf.exe
1364	imQfExq.exe
3500	mvYJBHJ.exe
3688	CIoOszJ.exe
4524	qZzlgZt.exe
4816	hSsdqME.exe
3064	MFTiqeT.exe
1056	zZqZUYt.exe
3112	XJBhMPd.exe
2672	GupTZnB.exe
232	dndzTBM.exe
932	jVwQdvc.exe
3964	TaaiKFi.exe
3016	OCcOalg.exe
1028	aWJAfDR.exe
3560	TweBlCu.exe
1636	DUNhoui.exe
764	fVqUxeO.exe
1248	TaDuMRB.exe
648	cWZtIcP.exe
1864	VCLYLxT.exe
4040	VYhPkQQ.exe
4088	dTbwQJs.exe
4568	KajQwdO.exe
1564	HUEQTnw.exe
2576	zdfnoQT.exe
3348	AdigOeh.exe
1596	IXjxpsR.exe
1556	yOoTPaG.exe
452	acSYsPL.exe
5108	PHwtcgR.exe
4908	FaHwjTZ.exe
4384	Xbzwxgk.exe
1728	VCdFiHB.exe
3132	mvDcbde.exe
2900	ggojjls.exe
5064	sfnapCR.exe
2224	hJwwpup.exe
1344	RvlmnYL.exe
4152	TsXLCag.exe
5048	wYnnBMn.exe
4044	fxVzntB.exe
4984	MtduLVV.exe
3932	cpTSfzb.exe
1208	OPpuCgz.exe
1852	hmlwnai.exe
2736	DoYasoZ.exe
4756	tIHwQGU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2148-0-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp	upx
behavioral2/files/0x0008000000023441-5.dat	upx
behavioral2/files/0x0007000000023442-15.dat	upx
behavioral2/files/0x0007000000023444-34.dat	upx
behavioral2/files/0x0007000000023443-46.dat	upx
behavioral2/memory/4316-50-0x00007FF6CC070000-0x00007FF6CC3C4000-memory.dmp	upx
behavioral2/files/0x0007000000023447-67.dat	upx
behavioral2/files/0x000700000002344d-103.dat	upx
behavioral2/files/0x0007000000023453-132.dat	upx
behavioral2/memory/2548-163-0x00007FF669F30000-0x00007FF66A284000-memory.dmp	upx
behavioral2/files/0x000700000002345c-178.dat	upx
behavioral2/memory/3688-197-0x00007FF6CBC80000-0x00007FF6CBFD4000-memory.dmp	upx
behavioral2/memory/3112-210-0x00007FF7BE9D0000-0x00007FF7BED24000-memory.dmp	upx
behavioral2/memory/4188-225-0x00007FF6037A0000-0x00007FF603AF4000-memory.dmp	upx
behavioral2/memory/232-229-0x00007FF6F2720000-0x00007FF6F2A74000-memory.dmp	upx
behavioral2/memory/4816-228-0x00007FF76FD20000-0x00007FF770074000-memory.dmp	upx
behavioral2/memory/4524-227-0x00007FF70EB50000-0x00007FF70EEA4000-memory.dmp	upx
behavioral2/memory/4940-226-0x00007FF65B660000-0x00007FF65B9B4000-memory.dmp	upx
behavioral2/memory/2624-224-0x00007FF6965D0000-0x00007FF696924000-memory.dmp	upx
behavioral2/memory/776-223-0x00007FF6110C0000-0x00007FF611414000-memory.dmp	upx
behavioral2/memory/3964-222-0x00007FF6331B0000-0x00007FF633504000-memory.dmp	upx
behavioral2/memory/932-213-0x00007FF7D0070000-0x00007FF7D03C4000-memory.dmp	upx
behavioral2/memory/2672-212-0x00007FF679960000-0x00007FF679CB4000-memory.dmp	upx
behavioral2/memory/1056-209-0x00007FF6F5BD0000-0x00007FF6F5F24000-memory.dmp	upx
behavioral2/memory/3064-208-0x00007FF6BFEF0000-0x00007FF6C0244000-memory.dmp	upx
behavioral2/files/0x0007000000023457-180.dat	upx
behavioral2/files/0x000700000002345b-176.dat	upx
behavioral2/memory/3500-175-0x00007FF782DF0000-0x00007FF783144000-memory.dmp	upx
behavioral2/memory/1364-174-0x00007FF67CC70000-0x00007FF67CFC4000-memory.dmp	upx
behavioral2/files/0x000700000002345a-172.dat	upx
behavioral2/files/0x0007000000023459-170.dat	upx
behavioral2/files/0x0007000000023458-168.dat	upx
behavioral2/files/0x0007000000023464-167.dat	upx
behavioral2/files/0x0007000000023456-165.dat	upx
behavioral2/memory/1444-164-0x00007FF7A6830000-0x00007FF7A6B84000-memory.dmp	upx
behavioral2/memory/3900-162-0x00007FF631C60000-0x00007FF631FB4000-memory.dmp	upx
behavioral2/files/0x0007000000023463-161.dat	upx
behavioral2/files/0x0007000000023462-160.dat	upx
behavioral2/files/0x0007000000023461-159.dat	upx
behavioral2/files/0x0007000000023460-158.dat	upx
behavioral2/files/0x000700000002345f-157.dat	upx
behavioral2/files/0x0007000000023454-154.dat	upx
behavioral2/files/0x000700000002345e-153.dat	upx
behavioral2/files/0x000700000002345d-152.dat	upx
behavioral2/memory/5044-145-0x00007FF746750000-0x00007FF746AA4000-memory.dmp	upx
behavioral2/files/0x0007000000023452-127.dat	upx
behavioral2/files/0x0007000000023451-122.dat	upx
behavioral2/files/0x0007000000023455-116.dat	upx
behavioral2/memory/4388-111-0x00007FF6E8590000-0x00007FF6E88E4000-memory.dmp	upx
behavioral2/files/0x000700000002344c-101.dat	upx
behavioral2/files/0x000700000002344a-95.dat	upx
behavioral2/memory/2848-92-0x00007FF6419B0000-0x00007FF641D04000-memory.dmp	upx
behavioral2/memory/3440-91-0x00007FF765DD0000-0x00007FF766124000-memory.dmp	upx
behavioral2/files/0x000700000002344e-105.dat	upx
behavioral2/files/0x000700000002344b-98.dat	upx
behavioral2/files/0x0007000000023450-82.dat	upx
behavioral2/files/0x0007000000023449-81.dat	upx
behavioral2/files/0x0007000000023448-78.dat	upx
behavioral2/memory/2400-76-0x00007FF7B9930000-0x00007FF7B9C84000-memory.dmp	upx
behavioral2/files/0x000700000002344f-72.dat	upx
behavioral2/files/0x0007000000023446-59.dat	upx
behavioral2/files/0x0007000000023445-35.dat	upx
behavioral2/memory/1108-43-0x00007FF65F170000-0x00007FF65F4C4000-memory.dmp	upx
behavioral2/memory/3628-28-0x00007FF733610000-0x00007FF733964000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FwysgxF.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\JeEJcQX.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\ojPWJVE.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\cbTQfRI.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\apjwXwY.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\YzPvNxx.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\pWHKtNl.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\JPPTlVC.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\HuKrmYH.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\XHtMpik.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\yCLxkjZ.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\pwCsfaz.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\UMjCruu.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\ffeSuTU.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\pbgkbBh.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\amSFiDZ.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\yNSWBBI.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\XQhmTDn.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\gAfQMdF.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\LzzXNdx.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\NqYNasX.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\RmKNLoV.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\UtqXvxX.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\aBgAOda.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\dopmTam.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\mvDcbde.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\cqfKpNs.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\pyvzprc.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\IbJNbrj.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\cjWhGxn.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\YzvfWPx.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\AWWiUMr.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\BeRGOfR.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\mbdksbn.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\OBFKkxT.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\YfLjxZb.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\ihCgRtN.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\TvXieMR.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\JwiQNUs.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\GeRxDAo.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\vvYDAcA.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\UQfJreo.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\CbdgLuy.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\mvYJBHJ.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\zZqZUYt.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\dndzTBM.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\sbanGrm.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\mUJfQju.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\OofthhI.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\WmORoEG.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\yGKBADm.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\WFJXeeM.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\RooMsTu.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\VreUGri.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\HZxAaYr.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\OsCYqmX.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\bsgWpuz.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\sQNNgsM.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\wetHUwt.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\yIRgUeS.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\EwPDcbc.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\sPcmnwh.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\VvZnPMC.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
File created	C:\Windows\System\shFwlPT.exe	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14568	dwm.exe
Token: SeChangeNotifyPrivilege	14568	dwm.exe
Token: 33	14568	dwm.exe
Token: SeIncBasePriorityPrivilege	14568	dwm.exe
Token: SeShutdownPrivilege	14568	dwm.exe
Token: SeCreatePagefilePrivilege	14568	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 744	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	83
PID 2148 wrote to memory of 744	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	83
PID 2148 wrote to memory of 3408	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	84
PID 2148 wrote to memory of 3408	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	84
PID 2148 wrote to memory of 776	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	85
PID 2148 wrote to memory of 776	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	85
PID 2148 wrote to memory of 3628	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	86
PID 2148 wrote to memory of 3628	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	86
PID 2148 wrote to memory of 1108	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	87
PID 2148 wrote to memory of 1108	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	87
PID 2148 wrote to memory of 2624	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	88
PID 2148 wrote to memory of 2624	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	88
PID 2148 wrote to memory of 4316	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	89
PID 2148 wrote to memory of 4316	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	89
PID 2148 wrote to memory of 2400	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	90
PID 2148 wrote to memory of 2400	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	90
PID 2148 wrote to memory of 3440	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	91
PID 2148 wrote to memory of 3440	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	91
PID 2148 wrote to memory of 4188	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	92
PID 2148 wrote to memory of 4188	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	92
PID 2148 wrote to memory of 2848	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	93
PID 2148 wrote to memory of 2848	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	93
PID 2148 wrote to memory of 4388	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	94
PID 2148 wrote to memory of 4388	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	94
PID 2148 wrote to memory of 5044	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	95
PID 2148 wrote to memory of 5044	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	95
PID 2148 wrote to memory of 3900	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	96
PID 2148 wrote to memory of 3900	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	96
PID 2148 wrote to memory of 2548	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	97
PID 2148 wrote to memory of 2548	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	97
PID 2148 wrote to memory of 4940	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	98
PID 2148 wrote to memory of 4940	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	98
PID 2148 wrote to memory of 1444	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	99
PID 2148 wrote to memory of 1444	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	99
PID 2148 wrote to memory of 1364	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	100
PID 2148 wrote to memory of 1364	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	100
PID 2148 wrote to memory of 3500	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	101
PID 2148 wrote to memory of 3500	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	101
PID 2148 wrote to memory of 3688	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	102
PID 2148 wrote to memory of 3688	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	102
PID 2148 wrote to memory of 4524	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	103
PID 2148 wrote to memory of 4524	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	103
PID 2148 wrote to memory of 4816	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	104
PID 2148 wrote to memory of 4816	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	104
PID 2148 wrote to memory of 3064	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	105
PID 2148 wrote to memory of 3064	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	105
PID 2148 wrote to memory of 1056	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	106
PID 2148 wrote to memory of 1056	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	106
PID 2148 wrote to memory of 3112	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	107
PID 2148 wrote to memory of 3112	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	107
PID 2148 wrote to memory of 2672	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	108
PID 2148 wrote to memory of 2672	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	108
PID 2148 wrote to memory of 232	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	109
PID 2148 wrote to memory of 232	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	109
PID 2148 wrote to memory of 932	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	110
PID 2148 wrote to memory of 932	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	110
PID 2148 wrote to memory of 3964	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	111
PID 2148 wrote to memory of 3964	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	111
PID 2148 wrote to memory of 3016	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	112
PID 2148 wrote to memory of 3016	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	112
PID 2148 wrote to memory of 1028	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	113
PID 2148 wrote to memory of 1028	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	113
PID 2148 wrote to memory of 3560	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	114
PID 2148 wrote to memory of 3560	2148	7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7a55f09737cd29fe284a0d54d46368266df4be18d249361b9d813ee09dae1842_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\System\KewToFl.exe
  C:\Windows\System\KewToFl.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\QGiaMMm.exe
  C:\Windows\System\QGiaMMm.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\FPkDAlo.exe
  C:\Windows\System\FPkDAlo.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\xvfquEZ.exe
  C:\Windows\System\xvfquEZ.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\DJmRPKC.exe
  C:\Windows\System\DJmRPKC.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\ndyxiiU.exe
  C:\Windows\System\ndyxiiU.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\gAfQMdF.exe
  C:\Windows\System\gAfQMdF.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\yzGacgC.exe
  C:\Windows\System\yzGacgC.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\gMCjsaK.exe
  C:\Windows\System\gMCjsaK.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\BeRGOfR.exe
  C:\Windows\System\BeRGOfR.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\kkKZaCC.exe
  C:\Windows\System\kkKZaCC.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ReEOapY.exe
  C:\Windows\System\ReEOapY.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\PKhbpDF.exe
  C:\Windows\System\PKhbpDF.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\bWvabdt.exe
  C:\Windows\System\bWvabdt.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\ltxbgDd.exe
  C:\Windows\System\ltxbgDd.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\ubrmJlR.exe
  C:\Windows\System\ubrmJlR.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\fFxQdyf.exe
  C:\Windows\System\fFxQdyf.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\imQfExq.exe
  C:\Windows\System\imQfExq.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\mvYJBHJ.exe
  C:\Windows\System\mvYJBHJ.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\CIoOszJ.exe
  C:\Windows\System\CIoOszJ.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\qZzlgZt.exe
  C:\Windows\System\qZzlgZt.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\hSsdqME.exe
  C:\Windows\System\hSsdqME.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\MFTiqeT.exe
  C:\Windows\System\MFTiqeT.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\zZqZUYt.exe
  C:\Windows\System\zZqZUYt.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\XJBhMPd.exe
  C:\Windows\System\XJBhMPd.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\GupTZnB.exe
  C:\Windows\System\GupTZnB.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\dndzTBM.exe
  C:\Windows\System\dndzTBM.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\jVwQdvc.exe
  C:\Windows\System\jVwQdvc.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\TaaiKFi.exe
  C:\Windows\System\TaaiKFi.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\OCcOalg.exe
  C:\Windows\System\OCcOalg.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\aWJAfDR.exe
  C:\Windows\System\aWJAfDR.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\TweBlCu.exe
  C:\Windows\System\TweBlCu.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\DUNhoui.exe
  C:\Windows\System\DUNhoui.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\fVqUxeO.exe
  C:\Windows\System\fVqUxeO.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\TaDuMRB.exe
  C:\Windows\System\TaDuMRB.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\cWZtIcP.exe
  C:\Windows\System\cWZtIcP.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\VCLYLxT.exe
  C:\Windows\System\VCLYLxT.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\VYhPkQQ.exe
  C:\Windows\System\VYhPkQQ.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\dTbwQJs.exe
  C:\Windows\System\dTbwQJs.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\KajQwdO.exe
  C:\Windows\System\KajQwdO.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\HUEQTnw.exe
  C:\Windows\System\HUEQTnw.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\zdfnoQT.exe
  C:\Windows\System\zdfnoQT.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\AdigOeh.exe
  C:\Windows\System\AdigOeh.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\IXjxpsR.exe
  C:\Windows\System\IXjxpsR.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\yOoTPaG.exe
  C:\Windows\System\yOoTPaG.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\acSYsPL.exe
  C:\Windows\System\acSYsPL.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\PHwtcgR.exe
  C:\Windows\System\PHwtcgR.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\FaHwjTZ.exe
  C:\Windows\System\FaHwjTZ.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\Xbzwxgk.exe
  C:\Windows\System\Xbzwxgk.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\VCdFiHB.exe
  C:\Windows\System\VCdFiHB.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\mvDcbde.exe
  C:\Windows\System\mvDcbde.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\ggojjls.exe
  C:\Windows\System\ggojjls.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\sfnapCR.exe
  C:\Windows\System\sfnapCR.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\hJwwpup.exe
  C:\Windows\System\hJwwpup.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\RvlmnYL.exe
  C:\Windows\System\RvlmnYL.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\TsXLCag.exe
  C:\Windows\System\TsXLCag.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\wYnnBMn.exe
  C:\Windows\System\wYnnBMn.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\fxVzntB.exe
  C:\Windows\System\fxVzntB.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\MtduLVV.exe
  C:\Windows\System\MtduLVV.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\cpTSfzb.exe
  C:\Windows\System\cpTSfzb.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\OPpuCgz.exe
  C:\Windows\System\OPpuCgz.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\hmlwnai.exe
  C:\Windows\System\hmlwnai.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\DoYasoZ.exe
  C:\Windows\System\DoYasoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\tIHwQGU.exe
  C:\Windows\System\tIHwQGU.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\LuGfdVX.exe
  C:\Windows\System\LuGfdVX.exe
  2⤵
  PID:2956
- C:\Windows\System\HegzKuG.exe
  C:\Windows\System\HegzKuG.exe
  2⤵
  PID:3836
- C:\Windows\System\fNWRHTy.exe
  C:\Windows\System\fNWRHTy.exe
  2⤵
  PID:3740
- C:\Windows\System\xeODjGG.exe
  C:\Windows\System\xeODjGG.exe
  2⤵
  PID:4420
- C:\Windows\System\kjVjhAW.exe
  C:\Windows\System\kjVjhAW.exe
  2⤵
  PID:2508
- C:\Windows\System\NQzZXip.exe
  C:\Windows\System\NQzZXip.exe
  2⤵
  PID:4348
- C:\Windows\System\UydbUcM.exe
  C:\Windows\System\UydbUcM.exe
  2⤵
  PID:1388
- C:\Windows\System\ynkIaOc.exe
  C:\Windows\System\ynkIaOc.exe
  2⤵
  PID:1660
- C:\Windows\System\OtyesNN.exe
  C:\Windows\System\OtyesNN.exe
  2⤵
  PID:3976
- C:\Windows\System\ftUgPkd.exe
  C:\Windows\System\ftUgPkd.exe
  2⤵
  PID:1720
- C:\Windows\System\pvLOdSH.exe
  C:\Windows\System\pvLOdSH.exe
  2⤵
  PID:4712
- C:\Windows\System\CqQXdMV.exe
  C:\Windows\System\CqQXdMV.exe
  2⤵
  PID:208
- C:\Windows\System\ScHLZlj.exe
  C:\Windows\System\ScHLZlj.exe
  2⤵
  PID:3816
- C:\Windows\System\dAozqoy.exe
  C:\Windows\System\dAozqoy.exe
  2⤵
  PID:4392
- C:\Windows\System\xsvrgkz.exe
  C:\Windows\System\xsvrgkz.exe
  2⤵
  PID:3620
- C:\Windows\System\WOmIRjB.exe
  C:\Windows\System\WOmIRjB.exe
  2⤵
  PID:2884
- C:\Windows\System\vHjVwsg.exe
  C:\Windows\System\vHjVwsg.exe
  2⤵
  PID:892
- C:\Windows\System\QsMFalm.exe
  C:\Windows\System\QsMFalm.exe
  2⤵
  PID:864
- C:\Windows\System\AKeWeet.exe
  C:\Windows\System\AKeWeet.exe
  2⤵
  PID:4684
- C:\Windows\System\DeJqSBW.exe
  C:\Windows\System\DeJqSBW.exe
  2⤵
  PID:2364
- C:\Windows\System\IsjItEV.exe
  C:\Windows\System\IsjItEV.exe
  2⤵
  PID:3828
- C:\Windows\System\qLxJuac.exe
  C:\Windows\System\qLxJuac.exe
  2⤵
  PID:944
- C:\Windows\System\ZWmzhgl.exe
  C:\Windows\System\ZWmzhgl.exe
  2⤵
  PID:1548
- C:\Windows\System\griwDBj.exe
  C:\Windows\System\griwDBj.exe
  2⤵
  PID:3720
- C:\Windows\System\eHClbVY.exe
  C:\Windows\System\eHClbVY.exe
  2⤵
  PID:3444
- C:\Windows\System\noevcDn.exe
  C:\Windows\System\noevcDn.exe
  2⤵
  PID:4936
- C:\Windows\System\ZlaKfoX.exe
  C:\Windows\System\ZlaKfoX.exe
  2⤵
  PID:4056
- C:\Windows\System\UftTnlk.exe
  C:\Windows\System\UftTnlk.exe
  2⤵
  PID:3676
- C:\Windows\System\EKPknmx.exe
  C:\Windows\System\EKPknmx.exe
  2⤵
  PID:1300
- C:\Windows\System\BGLFwbt.exe
  C:\Windows\System\BGLFwbt.exe
  2⤵
  PID:2060
- C:\Windows\System\mjXQiuW.exe
  C:\Windows\System\mjXQiuW.exe
  2⤵
  PID:4932
- C:\Windows\System\LzzXNdx.exe
  C:\Windows\System\LzzXNdx.exe
  2⤵
  PID:4168
- C:\Windows\System\dBlofYm.exe
  C:\Windows\System\dBlofYm.exe
  2⤵
  PID:2616
- C:\Windows\System\kDbReGR.exe
  C:\Windows\System\kDbReGR.exe
  2⤵
  PID:1628
- C:\Windows\System\sqfgWzi.exe
  C:\Windows\System\sqfgWzi.exe
  2⤵
  PID:1240
- C:\Windows\System\RuVxXsD.exe
  C:\Windows\System\RuVxXsD.exe
  2⤵
  PID:2532
- C:\Windows\System\nEDJVHI.exe
  C:\Windows\System\nEDJVHI.exe
  2⤵
  PID:4804
- C:\Windows\System\EFUqvWI.exe
  C:\Windows\System\EFUqvWI.exe
  2⤵
  PID:2452
- C:\Windows\System\sQNNgsM.exe
  C:\Windows\System\sQNNgsM.exe
  2⤵
  PID:5132
- C:\Windows\System\czDOSaw.exe
  C:\Windows\System\czDOSaw.exe
  2⤵
  PID:5160
- C:\Windows\System\MrogbCY.exe
  C:\Windows\System\MrogbCY.exe
  2⤵
  PID:5196
- C:\Windows\System\xjaLPac.exe
  C:\Windows\System\xjaLPac.exe
  2⤵
  PID:5232
- C:\Windows\System\WFJXeeM.exe
  C:\Windows\System\WFJXeeM.exe
  2⤵
  PID:5260
- C:\Windows\System\kJHghUn.exe
  C:\Windows\System\kJHghUn.exe
  2⤵
  PID:5288
- C:\Windows\System\ricPmLv.exe
  C:\Windows\System\ricPmLv.exe
  2⤵
  PID:5332
- C:\Windows\System\wluXDDw.exe
  C:\Windows\System\wluXDDw.exe
  2⤵
  PID:5360
- C:\Windows\System\jkcEzqd.exe
  C:\Windows\System\jkcEzqd.exe
  2⤵
  PID:5388
- C:\Windows\System\QAIpExS.exe
  C:\Windows\System\QAIpExS.exe
  2⤵
  PID:5428
- C:\Windows\System\QWLPuPP.exe
  C:\Windows\System\QWLPuPP.exe
  2⤵
  PID:5464
- C:\Windows\System\lRfDnul.exe
  C:\Windows\System\lRfDnul.exe
  2⤵
  PID:5496
- C:\Windows\System\abAGveK.exe
  C:\Windows\System\abAGveK.exe
  2⤵
  PID:5520
- C:\Windows\System\mPqebdE.exe
  C:\Windows\System\mPqebdE.exe
  2⤵
  PID:5548
- C:\Windows\System\PmsPjmx.exe
  C:\Windows\System\PmsPjmx.exe
  2⤵
  PID:5580
- C:\Windows\System\IrWISKT.exe
  C:\Windows\System\IrWISKT.exe
  2⤵
  PID:5608
- C:\Windows\System\sKYQJqK.exe
  C:\Windows\System\sKYQJqK.exe
  2⤵
  PID:5636
- C:\Windows\System\GPxKkVC.exe
  C:\Windows\System\GPxKkVC.exe
  2⤵
  PID:5664
- C:\Windows\System\eajFIeC.exe
  C:\Windows\System\eajFIeC.exe
  2⤵
  PID:5692
- C:\Windows\System\QbUCDmA.exe
  C:\Windows\System\QbUCDmA.exe
  2⤵
  PID:5720
- C:\Windows\System\xLeDoBe.exe
  C:\Windows\System\xLeDoBe.exe
  2⤵
  PID:5748
- C:\Windows\System\cqfKpNs.exe
  C:\Windows\System\cqfKpNs.exe
  2⤵
  PID:5780
- C:\Windows\System\BRIDKHV.exe
  C:\Windows\System\BRIDKHV.exe
  2⤵
  PID:5812
- C:\Windows\System\bhmtdIH.exe
  C:\Windows\System\bhmtdIH.exe
  2⤵
  PID:5844
- C:\Windows\System\LWceBdw.exe
  C:\Windows\System\LWceBdw.exe
  2⤵
  PID:5892
- C:\Windows\System\ifsVgxx.exe
  C:\Windows\System\ifsVgxx.exe
  2⤵
  PID:5924
- C:\Windows\System\tRXZmAP.exe
  C:\Windows\System\tRXZmAP.exe
  2⤵
  PID:5952
- C:\Windows\System\ygXgtld.exe
  C:\Windows\System\ygXgtld.exe
  2⤵
  PID:6012
- C:\Windows\System\mbdksbn.exe
  C:\Windows\System\mbdksbn.exe
  2⤵
  PID:6028
- C:\Windows\System\vvYDAcA.exe
  C:\Windows\System\vvYDAcA.exe
  2⤵
  PID:6056
- C:\Windows\System\uBZmEPo.exe
  C:\Windows\System\uBZmEPo.exe
  2⤵
  PID:6084
- C:\Windows\System\pyvzprc.exe
  C:\Windows\System\pyvzprc.exe
  2⤵
  PID:6112
- C:\Windows\System\yCLxkjZ.exe
  C:\Windows\System\yCLxkjZ.exe
  2⤵
  PID:6140
- C:\Windows\System\ByqWrxl.exe
  C:\Windows\System\ByqWrxl.exe
  2⤵
  PID:5188
- C:\Windows\System\KfVjMAZ.exe
  C:\Windows\System\KfVjMAZ.exe
  2⤵
  PID:5252
- C:\Windows\System\lcLDHrE.exe
  C:\Windows\System\lcLDHrE.exe
  2⤵
  PID:5352
- C:\Windows\System\imajxrU.exe
  C:\Windows\System\imajxrU.exe
  2⤵
  PID:5420
- C:\Windows\System\EwPDcbc.exe
  C:\Windows\System\EwPDcbc.exe
  2⤵
  PID:5512
- C:\Windows\System\RmfwLdA.exe
  C:\Windows\System\RmfwLdA.exe
  2⤵
  PID:5564
- C:\Windows\System\SoBnWnh.exe
  C:\Windows\System\SoBnWnh.exe
  2⤵
  PID:5632
- C:\Windows\System\ypBKpkb.exe
  C:\Windows\System\ypBKpkb.exe
  2⤵
  PID:5712
- C:\Windows\System\dYbbfqv.exe
  C:\Windows\System\dYbbfqv.exe
  2⤵
  PID:5768
- C:\Windows\System\hjwsrJi.exe
  C:\Windows\System\hjwsrJi.exe
  2⤵
  PID:5840
- C:\Windows\System\pdBzOqd.exe
  C:\Windows\System\pdBzOqd.exe
  2⤵
  PID:5904
- C:\Windows\System\rHpUiWk.exe
  C:\Windows\System\rHpUiWk.exe
  2⤵
  PID:5304
- C:\Windows\System\auBMTvI.exe
  C:\Windows\System\auBMTvI.exe
  2⤵
  PID:5340
- C:\Windows\System\jOwLdJX.exe
  C:\Windows\System\jOwLdJX.exe
  2⤵
  PID:6044
- C:\Windows\System\ihEcWBR.exe
  C:\Windows\System\ihEcWBR.exe
  2⤵
  PID:6128
- C:\Windows\System\IYxCked.exe
  C:\Windows\System\IYxCked.exe
  2⤵
  PID:5172
- C:\Windows\System\mQCncbt.exe
  C:\Windows\System\mQCncbt.exe
  2⤵
  PID:5316
- C:\Windows\System\PkOAezH.exe
  C:\Windows\System\PkOAezH.exe
  2⤵
  PID:5476
- C:\Windows\System\pRZsVek.exe
  C:\Windows\System\pRZsVek.exe
  2⤵
  PID:5660
- C:\Windows\System\GvBxJZl.exe
  C:\Windows\System\GvBxJZl.exe
  2⤵
  PID:5824
- C:\Windows\System\cTNpOri.exe
  C:\Windows\System\cTNpOri.exe
  2⤵
  PID:5968
- C:\Windows\System\NqYNasX.exe
  C:\Windows\System\NqYNasX.exe
  2⤵
  PID:5280
- C:\Windows\System\fYkPTtq.exe
  C:\Windows\System\fYkPTtq.exe
  2⤵
  PID:5248
- C:\Windows\System\rZQnlQz.exe
  C:\Windows\System\rZQnlQz.exe
  2⤵
  PID:5808
- C:\Windows\System\YHufjmX.exe
  C:\Windows\System\YHufjmX.exe
  2⤵
  PID:6080
- C:\Windows\System\EsIyusU.exe
  C:\Windows\System\EsIyusU.exe
  2⤵
  PID:5804
- C:\Windows\System\iXwrAEg.exe
  C:\Windows\System\iXwrAEg.exe
  2⤵
  PID:6168
- C:\Windows\System\hxcHRlH.exe
  C:\Windows\System\hxcHRlH.exe
  2⤵
  PID:6192
- C:\Windows\System\XLdkCIL.exe
  C:\Windows\System\XLdkCIL.exe
  2⤵
  PID:6220
- C:\Windows\System\NufOGIg.exe
  C:\Windows\System\NufOGIg.exe
  2⤵
  PID:6244
- C:\Windows\System\lntrzIl.exe
  C:\Windows\System\lntrzIl.exe
  2⤵
  PID:6276
- C:\Windows\System\mHXTkGx.exe
  C:\Windows\System\mHXTkGx.exe
  2⤵
  PID:6308
- C:\Windows\System\RcIpWcE.exe
  C:\Windows\System\RcIpWcE.exe
  2⤵
  PID:6336
- C:\Windows\System\YQanHAx.exe
  C:\Windows\System\YQanHAx.exe
  2⤵
  PID:6364
- C:\Windows\System\ryyMHaw.exe
  C:\Windows\System\ryyMHaw.exe
  2⤵
  PID:6396
- C:\Windows\System\LcYLLkC.exe
  C:\Windows\System\LcYLLkC.exe
  2⤵
  PID:6420
- C:\Windows\System\qqVNMTa.exe
  C:\Windows\System\qqVNMTa.exe
  2⤵
  PID:6448
- C:\Windows\System\IayVsBY.exe
  C:\Windows\System\IayVsBY.exe
  2⤵
  PID:6476
- C:\Windows\System\UMTAzCT.exe
  C:\Windows\System\UMTAzCT.exe
  2⤵
  PID:6504
- C:\Windows\System\KmvWCxD.exe
  C:\Windows\System\KmvWCxD.exe
  2⤵
  PID:6532
- C:\Windows\System\YexPHBe.exe
  C:\Windows\System\YexPHBe.exe
  2⤵
  PID:6552
- C:\Windows\System\fLJyHpb.exe
  C:\Windows\System\fLJyHpb.exe
  2⤵
  PID:6576
- C:\Windows\System\BTHWyaQ.exe
  C:\Windows\System\BTHWyaQ.exe
  2⤵
  PID:6600
- C:\Windows\System\HrZIeex.exe
  C:\Windows\System\HrZIeex.exe
  2⤵
  PID:6620
- C:\Windows\System\iooLmEo.exe
  C:\Windows\System\iooLmEo.exe
  2⤵
  PID:6656
- C:\Windows\System\lomwLHZ.exe
  C:\Windows\System\lomwLHZ.exe
  2⤵
  PID:6696
- C:\Windows\System\BSzZAGa.exe
  C:\Windows\System\BSzZAGa.exe
  2⤵
  PID:6728
- C:\Windows\System\WXKdYfO.exe
  C:\Windows\System\WXKdYfO.exe
  2⤵
  PID:6756
- C:\Windows\System\uxddMis.exe
  C:\Windows\System\uxddMis.exe
  2⤵
  PID:6784
- C:\Windows\System\BtaqXfy.exe
  C:\Windows\System\BtaqXfy.exe
  2⤵
  PID:6800
- C:\Windows\System\BcvJhZS.exe
  C:\Windows\System\BcvJhZS.exe
  2⤵
  PID:6828
- C:\Windows\System\pVdJnzF.exe
  C:\Windows\System\pVdJnzF.exe
  2⤵
  PID:6860
- C:\Windows\System\WNbRIXK.exe
  C:\Windows\System\WNbRIXK.exe
  2⤵
  PID:6888
- C:\Windows\System\gaQKvki.exe
  C:\Windows\System\gaQKvki.exe
  2⤵
  PID:6924
- C:\Windows\System\jiTwgWO.exe
  C:\Windows\System\jiTwgWO.exe
  2⤵
  PID:6940
- C:\Windows\System\ZBrdqxs.exe
  C:\Windows\System\ZBrdqxs.exe
  2⤵
  PID:6968
- C:\Windows\System\DyDrLaZ.exe
  C:\Windows\System\DyDrLaZ.exe
  2⤵
  PID:6984
- C:\Windows\System\elEGfCP.exe
  C:\Windows\System\elEGfCP.exe
  2⤵
  PID:7024
- C:\Windows\System\eLKKntq.exe
  C:\Windows\System\eLKKntq.exe
  2⤵
  PID:7052
- C:\Windows\System\pRQLPNS.exe
  C:\Windows\System\pRQLPNS.exe
  2⤵
  PID:7068
- C:\Windows\System\utlFtRP.exe
  C:\Windows\System\utlFtRP.exe
  2⤵
  PID:7088
- C:\Windows\System\UeyaSEO.exe
  C:\Windows\System\UeyaSEO.exe
  2⤵
  PID:7104
- C:\Windows\System\DcCrTLT.exe
  C:\Windows\System\DcCrTLT.exe
  2⤵
  PID:7120
- C:\Windows\System\PfEhgFG.exe
  C:\Windows\System\PfEhgFG.exe
  2⤵
  PID:7152
- C:\Windows\System\NcSpyKZ.exe
  C:\Windows\System\NcSpyKZ.exe
  2⤵
  PID:6152
- C:\Windows\System\kqHTsmj.exe
  C:\Windows\System\kqHTsmj.exe
  2⤵
  PID:6228
- C:\Windows\System\LWcyQzq.exe
  C:\Windows\System\LWcyQzq.exe
  2⤵
  PID:6292
- C:\Windows\System\jpvdMWD.exe
  C:\Windows\System\jpvdMWD.exe
  2⤵
  PID:6360
- C:\Windows\System\tbxGMCf.exe
  C:\Windows\System\tbxGMCf.exe
  2⤵
  PID:6460
- C:\Windows\System\UnzZcDU.exe
  C:\Windows\System\UnzZcDU.exe
  2⤵
  PID:6492
- C:\Windows\System\hhQSNuY.exe
  C:\Windows\System\hhQSNuY.exe
  2⤵
  PID:6632
- C:\Windows\System\SsBrSEr.exe
  C:\Windows\System\SsBrSEr.exe
  2⤵
  PID:6724
- C:\Windows\System\NGRDEuJ.exe
  C:\Windows\System\NGRDEuJ.exe
  2⤵
  PID:6776
- C:\Windows\System\aFcunJQ.exe
  C:\Windows\System\aFcunJQ.exe
  2⤵
  PID:6812
- C:\Windows\System\zFnKQxQ.exe
  C:\Windows\System\zFnKQxQ.exe
  2⤵
  PID:6896
- C:\Windows\System\SJhabsT.exe
  C:\Windows\System\SJhabsT.exe
  2⤵
  PID:6936
- C:\Windows\System\bkfxkQQ.exe
  C:\Windows\System\bkfxkQQ.exe
  2⤵
  PID:7012
- C:\Windows\System\SESvOUY.exe
  C:\Windows\System\SESvOUY.exe
  2⤵
  PID:7080
- C:\Windows\System\IqjxyXz.exe
  C:\Windows\System\IqjxyXz.exe
  2⤵
  PID:5920
- C:\Windows\System\xzKgvHm.exe
  C:\Windows\System\xzKgvHm.exe
  2⤵
  PID:6332
- C:\Windows\System\PIAkQqC.exe
  C:\Windows\System\PIAkQqC.exe
  2⤵
  PID:6416
- C:\Windows\System\eNJWFAg.exe
  C:\Windows\System\eNJWFAg.exe
  2⤵
  PID:6636
- C:\Windows\System\WrRhMKP.exe
  C:\Windows\System\WrRhMKP.exe
  2⤵
  PID:6684
- C:\Windows\System\yRkCtbu.exe
  C:\Windows\System\yRkCtbu.exe
  2⤵
  PID:6908
- C:\Windows\System\JokVoNN.exe
  C:\Windows\System\JokVoNN.exe
  2⤵
  PID:6912
- C:\Windows\System\apjwXwY.exe
  C:\Windows\System\apjwXwY.exe
  2⤵
  PID:6540
- C:\Windows\System\WEsvtmJ.exe
  C:\Windows\System\WEsvtmJ.exe
  2⤵
  PID:6500
- C:\Windows\System\yGoBkaK.exe
  C:\Windows\System\yGoBkaK.exe
  2⤵
  PID:7140
- C:\Windows\System\pVRKiwV.exe
  C:\Windows\System\pVRKiwV.exe
  2⤵
  PID:6588
- C:\Windows\System\WViSelr.exe
  C:\Windows\System\WViSelr.exe
  2⤵
  PID:7184
- C:\Windows\System\DYCJRkN.exe
  C:\Windows\System\DYCJRkN.exe
  2⤵
  PID:7212
- C:\Windows\System\GxWTPua.exe
  C:\Windows\System\GxWTPua.exe
  2⤵
  PID:7248
- C:\Windows\System\MGDJmnx.exe
  C:\Windows\System\MGDJmnx.exe
  2⤵
  PID:7276
- C:\Windows\System\nnhkJVH.exe
  C:\Windows\System\nnhkJVH.exe
  2⤵
  PID:7296
- C:\Windows\System\cvaTLeD.exe
  C:\Windows\System\cvaTLeD.exe
  2⤵
  PID:7320
- C:\Windows\System\lvnxAMr.exe
  C:\Windows\System\lvnxAMr.exe
  2⤵
  PID:7340
- C:\Windows\System\rgCkzQI.exe
  C:\Windows\System\rgCkzQI.exe
  2⤵
  PID:7376
- C:\Windows\System\dOoMnvn.exe
  C:\Windows\System\dOoMnvn.exe
  2⤵
  PID:7404
- C:\Windows\System\ygcxqfo.exe
  C:\Windows\System\ygcxqfo.exe
  2⤵
  PID:7436
- C:\Windows\System\USxjHsr.exe
  C:\Windows\System\USxjHsr.exe
  2⤵
  PID:7464
- C:\Windows\System\KLfRERW.exe
  C:\Windows\System\KLfRERW.exe
  2⤵
  PID:7500
- C:\Windows\System\FpNKLhs.exe
  C:\Windows\System\FpNKLhs.exe
  2⤵
  PID:7520
- C:\Windows\System\VUecaML.exe
  C:\Windows\System\VUecaML.exe
  2⤵
  PID:7556
- C:\Windows\System\bRRGVyy.exe
  C:\Windows\System\bRRGVyy.exe
  2⤵
  PID:7588
- C:\Windows\System\MgXdFSl.exe
  C:\Windows\System\MgXdFSl.exe
  2⤵
  PID:7616
- C:\Windows\System\FZzDRAZ.exe
  C:\Windows\System\FZzDRAZ.exe
  2⤵
  PID:7648
- C:\Windows\System\kCjxzTi.exe
  C:\Windows\System\kCjxzTi.exe
  2⤵
  PID:7664
- C:\Windows\System\AyIOSSL.exe
  C:\Windows\System\AyIOSSL.exe
  2⤵
  PID:7700
- C:\Windows\System\FCsEVfu.exe
  C:\Windows\System\FCsEVfu.exe
  2⤵
  PID:7732
- C:\Windows\System\wOgCluQ.exe
  C:\Windows\System\wOgCluQ.exe
  2⤵
  PID:7760
- C:\Windows\System\nzwumuu.exe
  C:\Windows\System\nzwumuu.exe
  2⤵
  PID:7776
- C:\Windows\System\aFPQwQM.exe
  C:\Windows\System\aFPQwQM.exe
  2⤵
  PID:7792
- C:\Windows\System\KMpeLgM.exe
  C:\Windows\System\KMpeLgM.exe
  2⤵
  PID:7824
- C:\Windows\System\vGtZqlz.exe
  C:\Windows\System\vGtZqlz.exe
  2⤵
  PID:7860
- C:\Windows\System\XpshuKP.exe
  C:\Windows\System\XpshuKP.exe
  2⤵
  PID:7876
- C:\Windows\System\BzZnIOo.exe
  C:\Windows\System\BzZnIOo.exe
  2⤵
  PID:7916
- C:\Windows\System\XFtvTES.exe
  C:\Windows\System\XFtvTES.exe
  2⤵
  PID:7944
- C:\Windows\System\TXpQrrb.exe
  C:\Windows\System\TXpQrrb.exe
  2⤵
  PID:7972
- C:\Windows\System\CFnVjbF.exe
  C:\Windows\System\CFnVjbF.exe
  2⤵
  PID:7988
- C:\Windows\System\umsWTdl.exe
  C:\Windows\System\umsWTdl.exe
  2⤵
  PID:8016
- C:\Windows\System\cVzdgRs.exe
  C:\Windows\System\cVzdgRs.exe
  2⤵
  PID:8036
- C:\Windows\System\pWHKtNl.exe
  C:\Windows\System\pWHKtNl.exe
  2⤵
  PID:8072
- C:\Windows\System\aJbsDjD.exe
  C:\Windows\System\aJbsDjD.exe
  2⤵
  PID:8100
- C:\Windows\System\wetHUwt.exe
  C:\Windows\System\wetHUwt.exe
  2⤵
  PID:8140
- C:\Windows\System\MQFRLuQ.exe
  C:\Windows\System\MQFRLuQ.exe
  2⤵
  PID:8176
- C:\Windows\System\GvwKOjj.exe
  C:\Windows\System\GvwKOjj.exe
  2⤵
  PID:7096
- C:\Windows\System\AZASVeA.exe
  C:\Windows\System\AZASVeA.exe
  2⤵
  PID:7200
- C:\Windows\System\ZuQoAfx.exe
  C:\Windows\System\ZuQoAfx.exe
  2⤵
  PID:7272
- C:\Windows\System\UXuFjRV.exe
  C:\Windows\System\UXuFjRV.exe
  2⤵
  PID:7332
- C:\Windows\System\dfwaoUN.exe
  C:\Windows\System\dfwaoUN.exe
  2⤵
  PID:7420
- C:\Windows\System\eoyeUhn.exe
  C:\Windows\System\eoyeUhn.exe
  2⤵
  PID:7492
- C:\Windows\System\RooMsTu.exe
  C:\Windows\System\RooMsTu.exe
  2⤵
  PID:7572
- C:\Windows\System\csbjQsc.exe
  C:\Windows\System\csbjQsc.exe
  2⤵
  PID:7600
- C:\Windows\System\TMFXWGU.exe
  C:\Windows\System\TMFXWGU.exe
  2⤵
  PID:7644
- C:\Windows\System\KwXThEd.exe
  C:\Windows\System\KwXThEd.exe
  2⤵
  PID:7728
- C:\Windows\System\YYhXvIx.exe
  C:\Windows\System\YYhXvIx.exe
  2⤵
  PID:7788
- C:\Windows\System\xbkvqke.exe
  C:\Windows\System\xbkvqke.exe
  2⤵
  PID:7872
- C:\Windows\System\gkHKuBM.exe
  C:\Windows\System\gkHKuBM.exe
  2⤵
  PID:7956
- C:\Windows\System\hVvaYRK.exe
  C:\Windows\System\hVvaYRK.exe
  2⤵
  PID:8000
- C:\Windows\System\RmKNLoV.exe
  C:\Windows\System\RmKNLoV.exe
  2⤵
  PID:8056
- C:\Windows\System\rjGQCZo.exe
  C:\Windows\System\rjGQCZo.exe
  2⤵
  PID:8128
- C:\Windows\System\BCxPBYF.exe
  C:\Windows\System\BCxPBYF.exe
  2⤵
  PID:8188
- C:\Windows\System\cAdROsi.exe
  C:\Windows\System\cAdROsi.exe
  2⤵
  PID:7292
- C:\Windows\System\wNLgeUw.exe
  C:\Windows\System\wNLgeUw.exe
  2⤵
  PID:7456
- C:\Windows\System\VEPwFDO.exe
  C:\Windows\System\VEPwFDO.exe
  2⤵
  PID:7568
- C:\Windows\System\DdDKEBG.exe
  C:\Windows\System\DdDKEBG.exe
  2⤵
  PID:7716
- C:\Windows\System\sbanGrm.exe
  C:\Windows\System\sbanGrm.exe
  2⤵
  PID:7900
- C:\Windows\System\uexSDDj.exe
  C:\Windows\System\uexSDDj.exe
  2⤵
  PID:8084
- C:\Windows\System\AYqkbSR.exe
  C:\Windows\System\AYqkbSR.exe
  2⤵
  PID:8156
- C:\Windows\System\HUbPOBM.exe
  C:\Windows\System\HUbPOBM.exe
  2⤵
  PID:7656
- C:\Windows\System\XFkqcAF.exe
  C:\Windows\System\XFkqcAF.exe
  2⤵
  PID:8024
- C:\Windows\System\svfeLUi.exe
  C:\Windows\System\svfeLUi.exe
  2⤵
  PID:7540
- C:\Windows\System\mUJfQju.exe
  C:\Windows\System\mUJfQju.exe
  2⤵
  PID:7204
- C:\Windows\System\OofthhI.exe
  C:\Windows\System\OofthhI.exe
  2⤵
  PID:8208
- C:\Windows\System\FwysgxF.exe
  C:\Windows\System\FwysgxF.exe
  2⤵
  PID:8244
- C:\Windows\System\zASbccV.exe
  C:\Windows\System\zASbccV.exe
  2⤵
  PID:8264
- C:\Windows\System\bzxFVic.exe
  C:\Windows\System\bzxFVic.exe
  2⤵
  PID:8292
- C:\Windows\System\FvDPWVl.exe
  C:\Windows\System\FvDPWVl.exe
  2⤵
  PID:8308
- C:\Windows\System\SUFtXXC.exe
  C:\Windows\System\SUFtXXC.exe
  2⤵
  PID:8344
- C:\Windows\System\nIaZEmu.exe
  C:\Windows\System\nIaZEmu.exe
  2⤵
  PID:8372
- C:\Windows\System\pwCsfaz.exe
  C:\Windows\System\pwCsfaz.exe
  2⤵
  PID:8408
- C:\Windows\System\wWhxjgW.exe
  C:\Windows\System\wWhxjgW.exe
  2⤵
  PID:8436
- C:\Windows\System\YWSALuy.exe
  C:\Windows\System\YWSALuy.exe
  2⤵
  PID:8464
- C:\Windows\System\NRzEsCv.exe
  C:\Windows\System\NRzEsCv.exe
  2⤵
  PID:8508
- C:\Windows\System\IDgwEDT.exe
  C:\Windows\System\IDgwEDT.exe
  2⤵
  PID:8528
- C:\Windows\System\SItxpDv.exe
  C:\Windows\System\SItxpDv.exe
  2⤵
  PID:8556
- C:\Windows\System\dhYvaqo.exe
  C:\Windows\System\dhYvaqo.exe
  2⤵
  PID:8580
- C:\Windows\System\WmORoEG.exe
  C:\Windows\System\WmORoEG.exe
  2⤵
  PID:8608
- C:\Windows\System\sRTLkRM.exe
  C:\Windows\System\sRTLkRM.exe
  2⤵
  PID:8640
- C:\Windows\System\wtsjOqP.exe
  C:\Windows\System\wtsjOqP.exe
  2⤵
  PID:8660
- C:\Windows\System\IbJNbrj.exe
  C:\Windows\System\IbJNbrj.exe
  2⤵
  PID:8680
- C:\Windows\System\GdkiBFM.exe
  C:\Windows\System\GdkiBFM.exe
  2⤵
  PID:8712
- C:\Windows\System\xqIelqu.exe
  C:\Windows\System\xqIelqu.exe
  2⤵
  PID:8748
- C:\Windows\System\bMchibC.exe
  C:\Windows\System\bMchibC.exe
  2⤵
  PID:8780
- C:\Windows\System\QyPdUBA.exe
  C:\Windows\System\QyPdUBA.exe
  2⤵
  PID:8812
- C:\Windows\System\hFfZjNG.exe
  C:\Windows\System\hFfZjNG.exe
  2⤵
  PID:8836
- C:\Windows\System\NGzPPcw.exe
  C:\Windows\System\NGzPPcw.exe
  2⤵
  PID:8872
- C:\Windows\System\HserqdV.exe
  C:\Windows\System\HserqdV.exe
  2⤵
  PID:8900
- C:\Windows\System\dGhpwlQ.exe
  C:\Windows\System\dGhpwlQ.exe
  2⤵
  PID:8936
- C:\Windows\System\qomyfbe.exe
  C:\Windows\System\qomyfbe.exe
  2⤵
  PID:8956
- C:\Windows\System\JPPTlVC.exe
  C:\Windows\System\JPPTlVC.exe
  2⤵
  PID:8996
- C:\Windows\System\ekLwdzb.exe
  C:\Windows\System\ekLwdzb.exe
  2⤵
  PID:9032
- C:\Windows\System\OxueZMB.exe
  C:\Windows\System\OxueZMB.exe
  2⤵
  PID:9064
- C:\Windows\System\RBRGgsY.exe
  C:\Windows\System\RBRGgsY.exe
  2⤵
  PID:9080
- C:\Windows\System\dTMcvOS.exe
  C:\Windows\System\dTMcvOS.exe
  2⤵
  PID:9108
- C:\Windows\System\OGycqaY.exe
  C:\Windows\System\OGycqaY.exe
  2⤵
  PID:9132
- C:\Windows\System\OPVoJjb.exe
  C:\Windows\System\OPVoJjb.exe
  2⤵
  PID:9160
- C:\Windows\System\UbvbLRQ.exe
  C:\Windows\System\UbvbLRQ.exe
  2⤵
  PID:9180
- C:\Windows\System\sCsdtjJ.exe
  C:\Windows\System\sCsdtjJ.exe
  2⤵
  PID:8196
- C:\Windows\System\kXnnszK.exe
  C:\Windows\System\kXnnszK.exe
  2⤵
  PID:8284
- C:\Windows\System\CbdgLuy.exe
  C:\Windows\System\CbdgLuy.exe
  2⤵
  PID:8352
- C:\Windows\System\GGDFEJg.exe
  C:\Windows\System\GGDFEJg.exe
  2⤵
  PID:8400
- C:\Windows\System\cJINWiD.exe
  C:\Windows\System\cJINWiD.exe
  2⤵
  PID:8476
- C:\Windows\System\omlokel.exe
  C:\Windows\System\omlokel.exe
  2⤵
  PID:8536
- C:\Windows\System\ddxGqRP.exe
  C:\Windows\System\ddxGqRP.exe
  2⤵
  PID:8592
- C:\Windows\System\uymDPNf.exe
  C:\Windows\System\uymDPNf.exe
  2⤵
  PID:8668
- C:\Windows\System\BGDrEeG.exe
  C:\Windows\System\BGDrEeG.exe
  2⤵
  PID:8764
- C:\Windows\System\GhnmXqO.exe
  C:\Windows\System\GhnmXqO.exe
  2⤵
  PID:8760
- C:\Windows\System\kEBbNOe.exe
  C:\Windows\System\kEBbNOe.exe
  2⤵
  PID:8864
- C:\Windows\System\xibiYXP.exe
  C:\Windows\System\xibiYXP.exe
  2⤵
  PID:8896
- C:\Windows\System\NRYwnoy.exe
  C:\Windows\System\NRYwnoy.exe
  2⤵
  PID:9008
- C:\Windows\System\doOhWlt.exe
  C:\Windows\System\doOhWlt.exe
  2⤵
  PID:9052
- C:\Windows\System\TlXSmcO.exe
  C:\Windows\System\TlXSmcO.exe
  2⤵
  PID:9124
- C:\Windows\System\lvUNpBG.exe
  C:\Windows\System\lvUNpBG.exe
  2⤵
  PID:9172
- C:\Windows\System\UMjCruu.exe
  C:\Windows\System\UMjCruu.exe
  2⤵
  PID:8320
- C:\Windows\System\ELmAXxY.exe
  C:\Windows\System\ELmAXxY.exe
  2⤵
  PID:8448
- C:\Windows\System\eDWbiZa.exe
  C:\Windows\System\eDWbiZa.exe
  2⤵
  PID:8564
- C:\Windows\System\dbzTGcv.exe
  C:\Windows\System\dbzTGcv.exe
  2⤵
  PID:8732
- C:\Windows\System\XMDpVmB.exe
  C:\Windows\System\XMDpVmB.exe
  2⤵
  PID:8980
- C:\Windows\System\OGwuXxt.exe
  C:\Windows\System\OGwuXxt.exe
  2⤵
  PID:8256
- C:\Windows\System\JkZaFGM.exe
  C:\Windows\System\JkZaFGM.exe
  2⤵
  PID:8504
- C:\Windows\System\vbGAHBq.exe
  C:\Windows\System\vbGAHBq.exe
  2⤵
  PID:8804
- C:\Windows\System\ywEeCne.exe
  C:\Windows\System\ywEeCne.exe
  2⤵
  PID:8380
- C:\Windows\System\QrHjTVn.exe
  C:\Windows\System\QrHjTVn.exe
  2⤵
  PID:8860
- C:\Windows\System\fMagDhK.exe
  C:\Windows\System\fMagDhK.exe
  2⤵
  PID:9232
- C:\Windows\System\cjWhGxn.exe
  C:\Windows\System\cjWhGxn.exe
  2⤵
  PID:9252
- C:\Windows\System\jWLIQAB.exe
  C:\Windows\System\jWLIQAB.exe
  2⤵
  PID:9284
- C:\Windows\System\NEwPBJN.exe
  C:\Windows\System\NEwPBJN.exe
  2⤵
  PID:9308
- C:\Windows\System\zLOjtnF.exe
  C:\Windows\System\zLOjtnF.exe
  2⤵
  PID:9324
- C:\Windows\System\VreUGri.exe
  C:\Windows\System\VreUGri.exe
  2⤵
  PID:9352
- C:\Windows\System\gVaQlFA.exe
  C:\Windows\System\gVaQlFA.exe
  2⤵
  PID:9376
- C:\Windows\System\jXTeVCf.exe
  C:\Windows\System\jXTeVCf.exe
  2⤵
  PID:9392
- C:\Windows\System\FbkLfNS.exe
  C:\Windows\System\FbkLfNS.exe
  2⤵
  PID:9420
- C:\Windows\System\HARQkjf.exe
  C:\Windows\System\HARQkjf.exe
  2⤵
  PID:9448
- C:\Windows\System\zsCkphZ.exe
  C:\Windows\System\zsCkphZ.exe
  2⤵
  PID:9480
- C:\Windows\System\uzdPHiS.exe
  C:\Windows\System\uzdPHiS.exe
  2⤵
  PID:9512
- C:\Windows\System\ffeSuTU.exe
  C:\Windows\System\ffeSuTU.exe
  2⤵
  PID:9540
- C:\Windows\System\nOumwBG.exe
  C:\Windows\System\nOumwBG.exe
  2⤵
  PID:9568
- C:\Windows\System\UkcNUVt.exe
  C:\Windows\System\UkcNUVt.exe
  2⤵
  PID:9596
- C:\Windows\System\fqCvsnV.exe
  C:\Windows\System\fqCvsnV.exe
  2⤵
  PID:9624
- C:\Windows\System\HZxAaYr.exe
  C:\Windows\System\HZxAaYr.exe
  2⤵
  PID:9656
- C:\Windows\System\UtqXvxX.exe
  C:\Windows\System\UtqXvxX.exe
  2⤵
  PID:9688
- C:\Windows\System\AeAvuSB.exe
  C:\Windows\System\AeAvuSB.exe
  2⤵
  PID:9712
- C:\Windows\System\umklIsf.exe
  C:\Windows\System\umklIsf.exe
  2⤵
  PID:9728
- C:\Windows\System\kdcGAMA.exe
  C:\Windows\System\kdcGAMA.exe
  2⤵
  PID:9760
- C:\Windows\System\PHYCaJt.exe
  C:\Windows\System\PHYCaJt.exe
  2⤵
  PID:9796
- C:\Windows\System\oImrdxa.exe
  C:\Windows\System\oImrdxa.exe
  2⤵
  PID:9828
- C:\Windows\System\GxWoBOn.exe
  C:\Windows\System\GxWoBOn.exe
  2⤵
  PID:9868
- C:\Windows\System\HuKrmYH.exe
  C:\Windows\System\HuKrmYH.exe
  2⤵
  PID:9896
- C:\Windows\System\RDySyNq.exe
  C:\Windows\System\RDySyNq.exe
  2⤵
  PID:9936
- C:\Windows\System\ZnhceGT.exe
  C:\Windows\System\ZnhceGT.exe
  2⤵
  PID:9952
- C:\Windows\System\morjtSl.exe
  C:\Windows\System\morjtSl.exe
  2⤵
  PID:9980
- C:\Windows\System\GyEmNhb.exe
  C:\Windows\System\GyEmNhb.exe
  2⤵
  PID:10008
- C:\Windows\System\OBFKkxT.exe
  C:\Windows\System\OBFKkxT.exe
  2⤵
  PID:10036
- C:\Windows\System\WPoqQmE.exe
  C:\Windows\System\WPoqQmE.exe
  2⤵
  PID:10072
- C:\Windows\System\eYHkmRG.exe
  C:\Windows\System\eYHkmRG.exe
  2⤵
  PID:10088
- C:\Windows\System\FfUUgRn.exe
  C:\Windows\System\FfUUgRn.exe
  2⤵
  PID:10120
- C:\Windows\System\tVFYRzP.exe
  C:\Windows\System\tVFYRzP.exe
  2⤵
  PID:10148
- C:\Windows\System\WxuLYYj.exe
  C:\Windows\System\WxuLYYj.exe
  2⤵
  PID:10176
- C:\Windows\System\JeEJcQX.exe
  C:\Windows\System\JeEJcQX.exe
  2⤵
  PID:10232
- C:\Windows\System\SEFvFZz.exe
  C:\Windows\System\SEFvFZz.exe
  2⤵
  PID:9244
- C:\Windows\System\DfasQrR.exe
  C:\Windows\System\DfasQrR.exe
  2⤵
  PID:9292
- C:\Windows\System\fZvzWrw.exe
  C:\Windows\System\fZvzWrw.exe
  2⤵
  PID:9364
- C:\Windows\System\WLbQYFh.exe
  C:\Windows\System\WLbQYFh.exe
  2⤵
  PID:9436
- C:\Windows\System\fnGpZUc.exe
  C:\Windows\System\fnGpZUc.exe
  2⤵
  PID:9464
- C:\Windows\System\NdNZZyV.exe
  C:\Windows\System\NdNZZyV.exe
  2⤵
  PID:9508
- C:\Windows\System\QenKbMt.exe
  C:\Windows\System\QenKbMt.exe
  2⤵
  PID:9588
- C:\Windows\System\wegwVPB.exe
  C:\Windows\System\wegwVPB.exe
  2⤵
  PID:9704
- C:\Windows\System\vXBICba.exe
  C:\Windows\System\vXBICba.exe
  2⤵
  PID:9720
- C:\Windows\System\YnODYBs.exe
  C:\Windows\System\YnODYBs.exe
  2⤵
  PID:9780
- C:\Windows\System\IiLGMwx.exe
  C:\Windows\System\IiLGMwx.exe
  2⤵
  PID:9880
- C:\Windows\System\CRfRxtY.exe
  C:\Windows\System\CRfRxtY.exe
  2⤵
  PID:9964
- C:\Windows\System\eWWiZwF.exe
  C:\Windows\System\eWWiZwF.exe
  2⤵
  PID:9972
- C:\Windows\System\vOtrlqj.exe
  C:\Windows\System\vOtrlqj.exe
  2⤵
  PID:10084
- C:\Windows\System\SVmChGx.exe
  C:\Windows\System\SVmChGx.exe
  2⤵
  PID:10172
- C:\Windows\System\YfLjxZb.exe
  C:\Windows\System\YfLjxZb.exe
  2⤵
  PID:9240
- C:\Windows\System\dQJTnQW.exe
  C:\Windows\System\dQJTnQW.exe
  2⤵
  PID:9652
- C:\Windows\System\krghBMS.exe
  C:\Windows\System\krghBMS.exe
  2⤵
  PID:9748
- C:\Windows\System\YOHXZKF.exe
  C:\Windows\System\YOHXZKF.exe
  2⤵
  PID:9848
- C:\Windows\System\LYTCLsv.exe
  C:\Windows\System\LYTCLsv.exe
  2⤵
  PID:9920
- C:\Windows\System\OsCYqmX.exe
  C:\Windows\System\OsCYqmX.exe
  2⤵
  PID:10132
- C:\Windows\System\cgixdtz.exe
  C:\Windows\System\cgixdtz.exe
  2⤵
  PID:9336
- C:\Windows\System\pwwPaCc.exe
  C:\Windows\System\pwwPaCc.exe
  2⤵
  PID:10244
- C:\Windows\System\bdonLqV.exe
  C:\Windows\System\bdonLqV.exe
  2⤵
  PID:10264
- C:\Windows\System\DQUtLrN.exe
  C:\Windows\System\DQUtLrN.exe
  2⤵
  PID:10284
- C:\Windows\System\XYdOWUh.exe
  C:\Windows\System\XYdOWUh.exe
  2⤵
  PID:10316
- C:\Windows\System\Wvoqxnk.exe
  C:\Windows\System\Wvoqxnk.exe
  2⤵
  PID:10356
- C:\Windows\System\KhZXWly.exe
  C:\Windows\System\KhZXWly.exe
  2⤵
  PID:10384
- C:\Windows\System\ARUkGJU.exe
  C:\Windows\System\ARUkGJU.exe
  2⤵
  PID:10416
- C:\Windows\System\Kgfjpad.exe
  C:\Windows\System\Kgfjpad.exe
  2⤵
  PID:10440
- C:\Windows\System\BrNynTo.exe
  C:\Windows\System\BrNynTo.exe
  2⤵
  PID:10472
- C:\Windows\System\lCLHwUL.exe
  C:\Windows\System\lCLHwUL.exe
  2⤵
  PID:10508
- C:\Windows\System\xTIAwzs.exe
  C:\Windows\System\xTIAwzs.exe
  2⤵
  PID:10524
- C:\Windows\System\iBslucb.exe
  C:\Windows\System\iBslucb.exe
  2⤵
  PID:10560
- C:\Windows\System\DdWFlzR.exe
  C:\Windows\System\DdWFlzR.exe
  2⤵
  PID:10588
- C:\Windows\System\BDYRqsf.exe
  C:\Windows\System\BDYRqsf.exe
  2⤵
  PID:10624
- C:\Windows\System\LruqItY.exe
  C:\Windows\System\LruqItY.exe
  2⤵
  PID:10656
- C:\Windows\System\VZrhRIs.exe
  C:\Windows\System\VZrhRIs.exe
  2⤵
  PID:10680
- C:\Windows\System\RbLlqmi.exe
  C:\Windows\System\RbLlqmi.exe
  2⤵
  PID:10708
- C:\Windows\System\aWshQLX.exe
  C:\Windows\System\aWshQLX.exe
  2⤵
  PID:10740
- C:\Windows\System\eQWSbxt.exe
  C:\Windows\System\eQWSbxt.exe
  2⤵
  PID:10772
- C:\Windows\System\ZIakqRd.exe
  C:\Windows\System\ZIakqRd.exe
  2⤵
  PID:10816
- C:\Windows\System\CTzJgCh.exe
  C:\Windows\System\CTzJgCh.exe
  2⤵
  PID:10832
- C:\Windows\System\VkhPuYu.exe
  C:\Windows\System\VkhPuYu.exe
  2⤵
  PID:10848
- C:\Windows\System\HCWUGlO.exe
  C:\Windows\System\HCWUGlO.exe
  2⤵
  PID:10872
- C:\Windows\System\vhRIayC.exe
  C:\Windows\System\vhRIayC.exe
  2⤵
  PID:10892
- C:\Windows\System\pjCWOcO.exe
  C:\Windows\System\pjCWOcO.exe
  2⤵
  PID:10920
- C:\Windows\System\SRHCiNb.exe
  C:\Windows\System\SRHCiNb.exe
  2⤵
  PID:10960
- C:\Windows\System\omIjEXH.exe
  C:\Windows\System\omIjEXH.exe
  2⤵
  PID:10996
- C:\Windows\System\ISyOtmw.exe
  C:\Windows\System\ISyOtmw.exe
  2⤵
  PID:11032
- C:\Windows\System\RbMLofv.exe
  C:\Windows\System\RbMLofv.exe
  2⤵
  PID:11064
- C:\Windows\System\SREMyOo.exe
  C:\Windows\System\SREMyOo.exe
  2⤵
  PID:11104
- C:\Windows\System\pkPDNPS.exe
  C:\Windows\System\pkPDNPS.exe
  2⤵
  PID:11132
- C:\Windows\System\fWRhWpy.exe
  C:\Windows\System\fWRhWpy.exe
  2⤵
  PID:11164
- C:\Windows\System\yppTmhN.exe
  C:\Windows\System\yppTmhN.exe
  2⤵
  PID:11192
- C:\Windows\System\eVfSVKt.exe
  C:\Windows\System\eVfSVKt.exe
  2⤵
  PID:11224
- C:\Windows\System\gmUkfaS.exe
  C:\Windows\System\gmUkfaS.exe
  2⤵
  PID:11256
- C:\Windows\System\TlsXAKw.exe
  C:\Windows\System\TlsXAKw.exe
  2⤵
  PID:8700
- C:\Windows\System\RUofICm.exe
  C:\Windows\System\RUofICm.exe
  2⤵
  PID:10256
- C:\Windows\System\BobBgxk.exe
  C:\Windows\System\BobBgxk.exe
  2⤵
  PID:10340
- C:\Windows\System\NKayzdV.exe
  C:\Windows\System\NKayzdV.exe
  2⤵
  PID:10432
- C:\Windows\System\cDwFSGo.exe
  C:\Windows\System\cDwFSGo.exe
  2⤵
  PID:10496
- C:\Windows\System\fKNzkTs.exe
  C:\Windows\System\fKNzkTs.exe
  2⤵
  PID:10520
- C:\Windows\System\XdhBSRY.exe
  C:\Windows\System\XdhBSRY.exe
  2⤵
  PID:10556
- C:\Windows\System\utRQzIl.exe
  C:\Windows\System\utRQzIl.exe
  2⤵
  PID:10612
- C:\Windows\System\ivzKcDB.exe
  C:\Windows\System\ivzKcDB.exe
  2⤵
  PID:10696
- C:\Windows\System\TRBzQfT.exe
  C:\Windows\System\TRBzQfT.exe
  2⤵
  PID:10728
- C:\Windows\System\wPROrkE.exe
  C:\Windows\System\wPROrkE.exe
  2⤵
  PID:10780
- C:\Windows\System\CoRwfnN.exe
  C:\Windows\System\CoRwfnN.exe
  2⤵
  PID:10888
- C:\Windows\System\KwqcRzX.exe
  C:\Windows\System\KwqcRzX.exe
  2⤵
  PID:10988
- C:\Windows\System\YzvfWPx.exe
  C:\Windows\System\YzvfWPx.exe
  2⤵
  PID:11092
- C:\Windows\System\nkPedwb.exe
  C:\Windows\System\nkPedwb.exe
  2⤵
  PID:11156
- C:\Windows\System\SDGNseM.exe
  C:\Windows\System\SDGNseM.exe
  2⤵
  PID:11236
- C:\Windows\System\OIXonqI.exe
  C:\Windows\System\OIXonqI.exe
  2⤵
  PID:10272
- C:\Windows\System\tXmToxR.exe
  C:\Windows\System\tXmToxR.exe
  2⤵
  PID:10296
- C:\Windows\System\ptApSMo.exe
  C:\Windows\System\ptApSMo.exe
  2⤵
  PID:10636
- C:\Windows\System\NySPZxd.exe
  C:\Windows\System\NySPZxd.exe
  2⤵
  PID:10828
- C:\Windows\System\fPGeGxQ.exe
  C:\Windows\System\fPGeGxQ.exe
  2⤵
  PID:10912
- C:\Windows\System\SKIsydE.exe
  C:\Windows\System\SKIsydE.exe
  2⤵
  PID:11152
- C:\Windows\System\cvUvZwj.exe
  C:\Windows\System\cvUvZwj.exe
  2⤵
  PID:10220
- C:\Windows\System\nPrtOBJ.exe
  C:\Windows\System\nPrtOBJ.exe
  2⤵
  PID:10300
- C:\Windows\System\sPcmnwh.exe
  C:\Windows\System\sPcmnwh.exe
  2⤵
  PID:10276
- C:\Windows\System\CiKGPqB.exe
  C:\Windows\System\CiKGPqB.exe
  2⤵
  PID:11208
- C:\Windows\System\ihCgRtN.exe
  C:\Windows\System\ihCgRtN.exe
  2⤵
  PID:11280
- C:\Windows\System\IDtsiKd.exe
  C:\Windows\System\IDtsiKd.exe
  2⤵
  PID:11316
- C:\Windows\System\GiABNMc.exe
  C:\Windows\System\GiABNMc.exe
  2⤵
  PID:11340
- C:\Windows\System\TvXieMR.exe
  C:\Windows\System\TvXieMR.exe
  2⤵
  PID:11372
- C:\Windows\System\aBgAOda.exe
  C:\Windows\System\aBgAOda.exe
  2⤵
  PID:11400
- C:\Windows\System\tzJtyGF.exe
  C:\Windows\System\tzJtyGF.exe
  2⤵
  PID:11428
- C:\Windows\System\YoxwKxj.exe
  C:\Windows\System\YoxwKxj.exe
  2⤵
  PID:11460
- C:\Windows\System\sbwFgvD.exe
  C:\Windows\System\sbwFgvD.exe
  2⤵
  PID:11488
- C:\Windows\System\fPFkbIj.exe
  C:\Windows\System\fPFkbIj.exe
  2⤵
  PID:11524
- C:\Windows\System\EvNbZRv.exe
  C:\Windows\System\EvNbZRv.exe
  2⤵
  PID:11544
- C:\Windows\System\iKkfsCw.exe
  C:\Windows\System\iKkfsCw.exe
  2⤵
  PID:11572
- C:\Windows\System\qFxIbUa.exe
  C:\Windows\System\qFxIbUa.exe
  2⤵
  PID:11608
- C:\Windows\System\rtWWQnT.exe
  C:\Windows\System\rtWWQnT.exe
  2⤵
  PID:11644
- C:\Windows\System\sxzQFVK.exe
  C:\Windows\System\sxzQFVK.exe
  2⤵
  PID:11672
- C:\Windows\System\UfTPtjn.exe
  C:\Windows\System\UfTPtjn.exe
  2⤵
  PID:11696
- C:\Windows\System\lqmFFJL.exe
  C:\Windows\System\lqmFFJL.exe
  2⤵
  PID:11724
- C:\Windows\System\TnSuCVb.exe
  C:\Windows\System\TnSuCVb.exe
  2⤵
  PID:11760
- C:\Windows\System\PBXFEaG.exe
  C:\Windows\System\PBXFEaG.exe
  2⤵
  PID:11792
- C:\Windows\System\gTkhaxn.exe
  C:\Windows\System\gTkhaxn.exe
  2⤵
  PID:11832
- C:\Windows\System\zWKXsMO.exe
  C:\Windows\System\zWKXsMO.exe
  2⤵
  PID:11856
- C:\Windows\System\ofGJMky.exe
  C:\Windows\System\ofGJMky.exe
  2⤵
  PID:11876
- C:\Windows\System\phkiGBJ.exe
  C:\Windows\System\phkiGBJ.exe
  2⤵
  PID:11904
- C:\Windows\System\WRnHiga.exe
  C:\Windows\System\WRnHiga.exe
  2⤵
  PID:11928
- C:\Windows\System\SbebgvJ.exe
  C:\Windows\System\SbebgvJ.exe
  2⤵
  PID:11964
- C:\Windows\System\PqkzKPy.exe
  C:\Windows\System\PqkzKPy.exe
  2⤵
  PID:12000
- C:\Windows\System\qIuyiOa.exe
  C:\Windows\System\qIuyiOa.exe
  2⤵
  PID:12028
- C:\Windows\System\MrUbdGx.exe
  C:\Windows\System\MrUbdGx.exe
  2⤵
  PID:12056
- C:\Windows\System\VvZnPMC.exe
  C:\Windows\System\VvZnPMC.exe
  2⤵
  PID:12092
- C:\Windows\System\EGORoyV.exe
  C:\Windows\System\EGORoyV.exe
  2⤵
  PID:12132
- C:\Windows\System\BnddhTi.exe
  C:\Windows\System\BnddhTi.exe
  2⤵
  PID:12156
- C:\Windows\System\aLKryeT.exe
  C:\Windows\System\aLKryeT.exe
  2⤵
  PID:12184
- C:\Windows\System\sYleIYW.exe
  C:\Windows\System\sYleIYW.exe
  2⤵
  PID:12208
- C:\Windows\System\BaHBQrr.exe
  C:\Windows\System\BaHBQrr.exe
  2⤵
  PID:12228
- C:\Windows\System\gIgWXVD.exe
  C:\Windows\System\gIgWXVD.exe
  2⤵
  PID:12256
- C:\Windows\System\ojPWJVE.exe
  C:\Windows\System\ojPWJVE.exe
  2⤵
  PID:10760
- C:\Windows\System\eOaSdeK.exe
  C:\Windows\System\eOaSdeK.exe
  2⤵
  PID:11268
- C:\Windows\System\UcmIcRD.exe
  C:\Windows\System\UcmIcRD.exe
  2⤵
  PID:11312
- C:\Windows\System\elpeUhU.exe
  C:\Windows\System\elpeUhU.exe
  2⤵
  PID:11396
- C:\Windows\System\shFwlPT.exe
  C:\Windows\System\shFwlPT.exe
  2⤵
  PID:11512
- C:\Windows\System\ybPPPei.exe
  C:\Windows\System\ybPPPei.exe
  2⤵
  PID:11476
- C:\Windows\System\NwhScud.exe
  C:\Windows\System\NwhScud.exe
  2⤵
  PID:11480
- C:\Windows\System\grWGbNZ.exe
  C:\Windows\System\grWGbNZ.exe
  2⤵
  PID:11712
- C:\Windows\System\ViPlDUt.exe
  C:\Windows\System\ViPlDUt.exe
  2⤵
  PID:11828
- C:\Windows\System\FrFoJFE.exe
  C:\Windows\System\FrFoJFE.exe
  2⤵
  PID:11848
- C:\Windows\System\eptHsqP.exe
  C:\Windows\System\eptHsqP.exe
  2⤵
  PID:11984
- C:\Windows\System\GCGpfAO.exe
  C:\Windows\System\GCGpfAO.exe
  2⤵
  PID:11980
- C:\Windows\System\KXQsJpd.exe
  C:\Windows\System\KXQsJpd.exe
  2⤵
  PID:12024
- C:\Windows\System\dsxWOvU.exe
  C:\Windows\System\dsxWOvU.exe
  2⤵
  PID:12200
- C:\Windows\System\SuodzZx.exe
  C:\Windows\System\SuodzZx.exe
  2⤵
  PID:12252
- C:\Windows\System\iTUlCdq.exe
  C:\Windows\System\iTUlCdq.exe
  2⤵
  PID:11336
- C:\Windows\System\hKXxCDK.exe
  C:\Windows\System\hKXxCDK.exe
  2⤵
  PID:11440
- C:\Windows\System\JkwlAMd.exe
  C:\Windows\System\JkwlAMd.exe
  2⤵
  PID:11664
- C:\Windows\System\ccszaxC.exe
  C:\Windows\System\ccszaxC.exe
  2⤵
  PID:11668
- C:\Windows\System\lwscYKS.exe
  C:\Windows\System\lwscYKS.exe
  2⤵
  PID:11864
- C:\Windows\System\rVIVklv.exe
  C:\Windows\System\rVIVklv.exe
  2⤵
  PID:11940
- C:\Windows\System\lPMuENu.exe
  C:\Windows\System\lPMuENu.exe
  2⤵
  PID:12196
- C:\Windows\System\hoWKtOQ.exe
  C:\Windows\System\hoWKtOQ.exe
  2⤵
  PID:11392
- C:\Windows\System\ukhWFaO.exe
  C:\Windows\System\ukhWFaO.exe
  2⤵
  PID:11508
- C:\Windows\System\yGKBADm.exe
  C:\Windows\System\yGKBADm.exe
  2⤵
  PID:11784
- C:\Windows\System\eakDJth.exe
  C:\Windows\System\eakDJth.exe
  2⤵
  PID:12076
- C:\Windows\System\bsgWpuz.exe
  C:\Windows\System\bsgWpuz.exe
  2⤵
  PID:11556
- C:\Windows\System\FqPPbAg.exe
  C:\Windows\System\FqPPbAg.exe
  2⤵
  PID:12304
- C:\Windows\System\fziTbmf.exe
  C:\Windows\System\fziTbmf.exe
  2⤵
  PID:12328
- C:\Windows\System\motARKi.exe
  C:\Windows\System\motARKi.exe
  2⤵
  PID:12360
- C:\Windows\System\itijxwq.exe
  C:\Windows\System\itijxwq.exe
  2⤵
  PID:12392
- C:\Windows\System\kbQGjyN.exe
  C:\Windows\System\kbQGjyN.exe
  2⤵
  PID:12428
- C:\Windows\System\lOFUAYz.exe
  C:\Windows\System\lOFUAYz.exe
  2⤵
  PID:12456
- C:\Windows\System\FVuhosi.exe
  C:\Windows\System\FVuhosi.exe
  2⤵
  PID:12476
- C:\Windows\System\EfGaCJU.exe
  C:\Windows\System\EfGaCJU.exe
  2⤵
  PID:12496
- C:\Windows\System\bvuaImJ.exe
  C:\Windows\System\bvuaImJ.exe
  2⤵
  PID:12524
- C:\Windows\System\JwiQNUs.exe
  C:\Windows\System\JwiQNUs.exe
  2⤵
  PID:12572
- C:\Windows\System\nEaWrzo.exe
  C:\Windows\System\nEaWrzo.exe
  2⤵
  PID:12600
- C:\Windows\System\lwdWvAk.exe
  C:\Windows\System\lwdWvAk.exe
  2⤵
  PID:12636
- C:\Windows\System\eTxQQRY.exe
  C:\Windows\System\eTxQQRY.exe
  2⤵
  PID:12668
- C:\Windows\System\IKseIeA.exe
  C:\Windows\System\IKseIeA.exe
  2⤵
  PID:12700
- C:\Windows\System\IGaftOA.exe
  C:\Windows\System\IGaftOA.exe
  2⤵
  PID:12732
- C:\Windows\System\ACHQUGY.exe
  C:\Windows\System\ACHQUGY.exe
  2⤵
  PID:12752
- C:\Windows\System\aATaYlT.exe
  C:\Windows\System\aATaYlT.exe
  2⤵
  PID:12776
- C:\Windows\System\FkfeicS.exe
  C:\Windows\System\FkfeicS.exe
  2⤵
  PID:12792
- C:\Windows\System\wpoTFKS.exe
  C:\Windows\System\wpoTFKS.exe
  2⤵
  PID:12816
- C:\Windows\System\GqxnPzu.exe
  C:\Windows\System\GqxnPzu.exe
  2⤵
  PID:12832
- C:\Windows\System\hxnKhdW.exe
  C:\Windows\System\hxnKhdW.exe
  2⤵
  PID:12872
- C:\Windows\System\PXQUWFq.exe
  C:\Windows\System\PXQUWFq.exe
  2⤵
  PID:12908
- C:\Windows\System\dJixtEl.exe
  C:\Windows\System\dJixtEl.exe
  2⤵
  PID:12932
- C:\Windows\System\omTHhEp.exe
  C:\Windows\System\omTHhEp.exe
  2⤵
  PID:12960
- C:\Windows\System\UtTXHag.exe
  C:\Windows\System\UtTXHag.exe
  2⤵
  PID:12996
- C:\Windows\System\AWWiUMr.exe
  C:\Windows\System\AWWiUMr.exe
  2⤵
  PID:13028
- C:\Windows\System\ZBnEAAX.exe
  C:\Windows\System\ZBnEAAX.exe
  2⤵
  PID:13064
- C:\Windows\System\QHFowvC.exe
  C:\Windows\System\QHFowvC.exe
  2⤵
  PID:13096
- C:\Windows\System\CJZHaTM.exe
  C:\Windows\System\CJZHaTM.exe
  2⤵
  PID:13128
- C:\Windows\System\sLFEdaC.exe
  C:\Windows\System\sLFEdaC.exe
  2⤵
  PID:13148
- C:\Windows\System\yblYfJB.exe
  C:\Windows\System\yblYfJB.exe
  2⤵
  PID:13180
- C:\Windows\System\YpLwmuE.exe
  C:\Windows\System\YpLwmuE.exe
  2⤵
  PID:13216
- C:\Windows\System\hLMvFBr.exe
  C:\Windows\System\hLMvFBr.exe
  2⤵
  PID:13232
- C:\Windows\System\sNSVhrZ.exe
  C:\Windows\System\sNSVhrZ.exe
  2⤵
  PID:13268
- C:\Windows\System\hKZDEGR.exe
  C:\Windows\System\hKZDEGR.exe
  2⤵
  PID:13304
- C:\Windows\System\pqHiinq.exe
  C:\Windows\System\pqHiinq.exe
  2⤵
  PID:12320
- C:\Windows\System\xlQkWfh.exe
  C:\Windows\System\xlQkWfh.exe
  2⤵
  PID:12376
- C:\Windows\System\uyDDREf.exe
  C:\Windows\System\uyDDREf.exe
  2⤵
  PID:12348
- C:\Windows\System\OeYxWsG.exe
  C:\Windows\System\OeYxWsG.exe
  2⤵
  PID:12412
- C:\Windows\System\pJoQccy.exe
  C:\Windows\System\pJoQccy.exe
  2⤵
  PID:12552
- C:\Windows\System\UQfJreo.exe
  C:\Windows\System\UQfJreo.exe
  2⤵
  PID:12588
- C:\Windows\System\VZKtBXd.exe
  C:\Windows\System\VZKtBXd.exe
  2⤵
  PID:12664
- C:\Windows\System\tfSuWiz.exe
  C:\Windows\System\tfSuWiz.exe
  2⤵
  PID:12740
- C:\Windows\System\pbgkbBh.exe
  C:\Windows\System\pbgkbBh.exe
  2⤵
  PID:12788
- C:\Windows\System\BSChmlm.exe
  C:\Windows\System\BSChmlm.exe
  2⤵
  PID:12864
- C:\Windows\System\kfUXNaw.exe
  C:\Windows\System\kfUXNaw.exe
  2⤵
  PID:12928
- C:\Windows\System\mIeRIra.exe
  C:\Windows\System\mIeRIra.exe
  2⤵
  PID:13040
- C:\Windows\System\cHogKCC.exe
  C:\Windows\System\cHogKCC.exe
  2⤵
  PID:13104
- C:\Windows\System\PutvlHX.exe
  C:\Windows\System\PutvlHX.exe
  2⤵
  PID:13112
- C:\Windows\System\GOfPtYn.exe
  C:\Windows\System\GOfPtYn.exe
  2⤵
  PID:13188
- C:\Windows\System\yIRgUeS.exe
  C:\Windows\System\yIRgUeS.exe
  2⤵
  PID:13224
- C:\Windows\System\tdvQaER.exe
  C:\Windows\System\tdvQaER.exe
  2⤵
  PID:11332
- C:\Windows\System\RIVqYjo.exe
  C:\Windows\System\RIVqYjo.exe
  2⤵
  PID:12312
- C:\Windows\System\iFqBDDX.exe
  C:\Windows\System\iFqBDDX.exe
  2⤵
  PID:12512
- C:\Windows\System\txuQbTk.exe
  C:\Windows\System\txuQbTk.exe
  2⤵
  PID:12744
- C:\Windows\System\rxhjXZe.exe
  C:\Windows\System\rxhjXZe.exe
  2⤵
  PID:12968
- C:\Windows\System\Bkgnvxn.exe
  C:\Windows\System\Bkgnvxn.exe
  2⤵
  PID:13024
- C:\Windows\System\RSvaXWW.exe
  C:\Windows\System\RSvaXWW.exe
  2⤵
  PID:13136
- C:\Windows\System\yvJRIug.exe
  C:\Windows\System\yvJRIug.exe
  2⤵
  PID:12400
- C:\Windows\System\FjFreln.exe
  C:\Windows\System\FjFreln.exe
  2⤵
  PID:12904
- C:\Windows\System\uXotmSQ.exe
  C:\Windows\System\uXotmSQ.exe
  2⤵
  PID:13228
- C:\Windows\System\zeZeBkx.exe
  C:\Windows\System\zeZeBkx.exe
  2⤵
  PID:13316
- C:\Windows\System\vZsDmsC.exe
  C:\Windows\System\vZsDmsC.exe
  2⤵
  PID:13348
- C:\Windows\System\YzPvNxx.exe
  C:\Windows\System\YzPvNxx.exe
  2⤵
  PID:13388
- C:\Windows\System\ogwqBht.exe
  C:\Windows\System\ogwqBht.exe
  2⤵
  PID:13416
- C:\Windows\System\HqxlhmM.exe
  C:\Windows\System\HqxlhmM.exe
  2⤵
  PID:13436
- C:\Windows\System\cbTQfRI.exe
  C:\Windows\System\cbTQfRI.exe
  2⤵
  PID:13460
- C:\Windows\System\NxLSXoq.exe
  C:\Windows\System\NxLSXoq.exe
  2⤵
  PID:13488
- C:\Windows\System\Thlbjah.exe
  C:\Windows\System\Thlbjah.exe
  2⤵
  PID:13532
- C:\Windows\System\jfRuoHG.exe
  C:\Windows\System\jfRuoHG.exe
  2⤵
  PID:13572
- C:\Windows\System\oIrFMJJ.exe
  C:\Windows\System\oIrFMJJ.exe
  2⤵
  PID:13596
- C:\Windows\System\fTsUWwc.exe
  C:\Windows\System\fTsUWwc.exe
  2⤵
  PID:13620
- C:\Windows\System\JadXUjL.exe
  C:\Windows\System\JadXUjL.exe
  2⤵
  PID:13644
- C:\Windows\System\GzQciQY.exe
  C:\Windows\System\GzQciQY.exe
  2⤵
  PID:13672
- C:\Windows\System\KzsqTWR.exe
  C:\Windows\System\KzsqTWR.exe
  2⤵
  PID:13688
- C:\Windows\System\vhWYpJM.exe
  C:\Windows\System\vhWYpJM.exe
  2⤵
  PID:13716
- C:\Windows\System\qMIUAkB.exe
  C:\Windows\System\qMIUAkB.exe
  2⤵
  PID:13732
- C:\Windows\System\AUTULyV.exe
  C:\Windows\System\AUTULyV.exe
  2⤵
  PID:13756
- C:\Windows\System\xyMLWeo.exe
  C:\Windows\System\xyMLWeo.exe
  2⤵
  PID:13780
- C:\Windows\System\KUkMYcp.exe
  C:\Windows\System\KUkMYcp.exe
  2⤵
  PID:13808
- C:\Windows\System\cygMyKr.exe
  C:\Windows\System\cygMyKr.exe
  2⤵
  PID:13836
- C:\Windows\System\DBUlsyc.exe
  C:\Windows\System\DBUlsyc.exe
  2⤵
  PID:13872
- C:\Windows\System\eqFQFrP.exe
  C:\Windows\System\eqFQFrP.exe
  2⤵
  PID:13900
- C:\Windows\System\QJikruY.exe
  C:\Windows\System\QJikruY.exe
  2⤵
  PID:13916
- C:\Windows\System\prLZNNn.exe
  C:\Windows\System\prLZNNn.exe
  2⤵
  PID:13944
- C:\Windows\System\LZrVXFD.exe
  C:\Windows\System\LZrVXFD.exe
  2⤵
  PID:13980
- C:\Windows\System\UzScvSY.exe
  C:\Windows\System\UzScvSY.exe
  2⤵
  PID:14000
- C:\Windows\System\KevMeMm.exe
  C:\Windows\System\KevMeMm.exe
  2⤵
  PID:14032
- C:\Windows\System\jZzEjZu.exe
  C:\Windows\System\jZzEjZu.exe
  2⤵
  PID:14056
- C:\Windows\System\iiROdZn.exe
  C:\Windows\System\iiROdZn.exe
  2⤵
  PID:14092
- C:\Windows\System\KFIYBIy.exe
  C:\Windows\System\KFIYBIy.exe
  2⤵
  PID:14120
- C:\Windows\System\uAOpEJU.exe
  C:\Windows\System\uAOpEJU.exe
  2⤵
  PID:14152
- C:\Windows\System\leaDnbn.exe
  C:\Windows\System\leaDnbn.exe
  2⤵
  PID:14184
- C:\Windows\System\WwGRxaf.exe
  C:\Windows\System\WwGRxaf.exe
  2⤵
  PID:14224
- C:\Windows\System\KmeeSQr.exe
  C:\Windows\System\KmeeSQr.exe
  2⤵
  PID:14252
- C:\Windows\System\iloccuk.exe
  C:\Windows\System\iloccuk.exe
  2⤵
  PID:14284
- C:\Windows\System\RLHfPAk.exe
  C:\Windows\System\RLHfPAk.exe
  2⤵
  PID:14316
- C:\Windows\System\dSTHjxG.exe
  C:\Windows\System\dSTHjxG.exe
  2⤵
  PID:13276
- C:\Windows\System\wSRzJzi.exe
  C:\Windows\System\wSRzJzi.exe
  2⤵
  PID:13340
- C:\Windows\System\QFVnxEo.exe
  C:\Windows\System\QFVnxEo.exe
  2⤵
  PID:13384
- C:\Windows\System\ZsHkoYU.exe
  C:\Windows\System\ZsHkoYU.exe
  2⤵
  PID:13424
- C:\Windows\System\fWbmFTn.exe
  C:\Windows\System\fWbmFTn.exe
  2⤵
  PID:13520
- C:\Windows\System\rOflGkh.exe
  C:\Windows\System\rOflGkh.exe
  2⤵
  PID:13580
- C:\Windows\System\YANDMzW.exe
  C:\Windows\System\YANDMzW.exe
  2⤵
  PID:2868
- C:\Windows\System\LbbEMRE.exe
  C:\Windows\System\LbbEMRE.exe
  2⤵
  PID:1552
- C:\Windows\System\mABrTkX.exe
  C:\Windows\System\mABrTkX.exe
  2⤵
  PID:13684
- C:\Windows\System\qZvzKVl.exe
  C:\Windows\System\qZvzKVl.exe
  2⤵
  PID:13772
- C:\Windows\System\QqMXkRE.exe
  C:\Windows\System\QqMXkRE.exe
  2⤵
  PID:13880
- C:\Windows\System\MiRuBcc.exe
  C:\Windows\System\MiRuBcc.exe
  2⤵
  PID:13844
- C:\Windows\System\OmFAnPk.exe
  C:\Windows\System\OmFAnPk.exe
  2⤵
  PID:13912
- C:\Windows\System\kQRvOQw.exe
  C:\Windows\System\kQRvOQw.exe
  2⤵
  PID:14028
- C:\Windows\System\bWXXACS.exe
  C:\Windows\System\bWXXACS.exe
  2⤵
  PID:14044
- C:\Windows\System\nKZRuDa.exe
  C:\Windows\System\nKZRuDa.exe
  2⤵
  PID:14176
- C:\Windows\System\uNWHbBd.exe
  C:\Windows\System\uNWHbBd.exe
  2⤵
  PID:14240
- C:\Windows\System\pVYIiZx.exe
  C:\Windows\System\pVYIiZx.exe
  2⤵
  PID:14328
- C:\Windows\System\YIEUHxF.exe
  C:\Windows\System\YIEUHxF.exe
  2⤵
  PID:13368
- C:\Windows\System\OOitfUj.exe
  C:\Windows\System\OOitfUj.exe
  2⤵
  PID:13560
- C:\Windows\System\tNNHsbM.exe
  C:\Windows\System\tNNHsbM.exe
  2⤵
  PID:13700
- C:\Windows\System\CxqTlsO.exe
  C:\Windows\System\CxqTlsO.exe
  2⤵
  PID:13804
- C:\Windows\System\oYZikxs.exe
  C:\Windows\System\oYZikxs.exe
  2⤵
  PID:13976
- C:\Windows\System\sbpjzQm.exe
  C:\Windows\System\sbpjzQm.exe
  2⤵
  PID:3108
- C:\Windows\System\MuLJZdj.exe
  C:\Windows\System\MuLJZdj.exe
  2⤵
  PID:14144
- C:\Windows\System\SKtuhCk.exe
  C:\Windows\System\SKtuhCk.exe
  2⤵
  PID:12580
- C:\Windows\System\xCBMeat.exe
  C:\Windows\System\xCBMeat.exe
  2⤵
  PID:13248

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BeRGOfR.exe

Filesize
2.0MB

MD5
5c2cb08982aa6bf5007638d86dbeaabd

SHA1
722ecdedc0263af7ab4c1803b3455fec7ad0de1f

SHA256
660e202216fda2dff0a3400e75e4a813bcdf6c9ec465e5fdd3485ba94dbae57b

SHA512
37d6aaa8d12bbb9ab86507b575284f0cad4f67792186baf2a465be35658c6250d0e5024f561229d0d3667b8c791d22cd90b304136a2c03aa10d3ff3732169aa7

Download Submit
C:\Windows\System\CIoOszJ.exe

Filesize
2.0MB

MD5
31b01278af4d412ca87211b274d343e4

SHA1
858e9230c726f8375c3422ad83275c2f726b098f

SHA256
39fa15493a2afd37a987910801208730595c645a831993d3bce212bac73a3a0d

SHA512
6ae85660f7ed99ae587b5300add027ba056dc590193e8386c0624542fc5c625904a2d2fc3029bc8148ca2c9f728c2cee95366dd52f4b77fd3811800694d3101b

Download Submit
C:\Windows\System\DJmRPKC.exe

Filesize
2.0MB

MD5
ff98a9fa1144a9a937989c61f138fd3c

SHA1
26f91bed9c7860288f1bd8b6ef8fc57c762a9769

SHA256
3c94f41106c44f01e0c5db06c9c87f8342f2ada1ae82456a5e4c12359b527d5f

SHA512
928b4426da6030e02170b3f3af372391daab9f0faad2f46123f633f25ef9cd43520cbe87aa0eafbecee1fdcc62dd0b4d729ad3d99cbb35b8b6f1e1bb52964acb

Download Submit
C:\Windows\System\DUNhoui.exe

Filesize
2.0MB

MD5
f65a7008b344babcf51ec8c442531842

SHA1
4e6d61dc963b276c5b603b2fd8a6bc91b07f603b

SHA256
97e0cf3bdfc09885a1b3a4635b1ef41fcfc091d4a6ac2c38f461dcbf1ed3427d

SHA512
c24bce916fb91284c49127886ce513efd5ffff3476ef580665ed7577f40175cff2ac7d56e25f8b6ec56161b8077b28016b1416578f2bf32ba5ca885ce0c81d2e

Download Submit
C:\Windows\System\FPkDAlo.exe

Filesize
2.0MB

MD5
54db1360e4de3cd0c6b54c30f2ec7b06

SHA1
94e6994bebb435878f1ffa98d6c092e9bc35dd83

SHA256
5665c1e5ab38891813881d6d67b0a102cd45e8c7baf39919291c48c3dca72cb0

SHA512
491dcc3bd244ed7ab056bbccfb64a384491120843f3ad94cebb09bfc7b462d0cfe8a19cada6ce3e1a3d9f31f7132f810456f80751120a9dd8fee3af00d5b044d

Download Submit
C:\Windows\System\GupTZnB.exe

Filesize
2.0MB

MD5
8a90bef9d224a5cc0b5bf8ecc5f50dd9

SHA1
7e4c1da64253a71341d532e0a0f77c28b87be835

SHA256
734ce114d3eeba9c48890b90584850202ab31979f64851cfec2fd10562747415

SHA512
e549babb2c5ea034f11659a6569258f153b944de56ac0ccbeea29543ae6ea6f7368df313b751cd4b209b65e53e359f308d3b72f2cf61d49688232e36d33754ec

Download Submit
C:\Windows\System\KewToFl.exe

Filesize
2.0MB

MD5
5f30561bdff44748faa59fa4c4049c01

SHA1
d3f993d54a8c6b825d19d16c81611327e83b3b93

SHA256
8dd5e274665741fe499b019de7b002719a5677a0c83846c62d36923828704764

SHA512
b05f0f994af06e6ebb4b0aa7735b29dfb4f16b215001ca37c43037165e2c0dc7abf2a35ee7c730dd6acd21ca3a7a024cfd17b4269357c826a7331e2f61ed82e2

Download Submit
C:\Windows\System\MFTiqeT.exe

Filesize
2.0MB

MD5
fd9a29b349a4263d74bd832b71f73e4a

SHA1
c31901dcba92b294eabbc9f0b34331f84b0c8908

SHA256
9c2fb41a6dd8ecf036130996a1fd6275085737dcb21c6ff1cdac53eeba40c7ad

SHA512
4bb999e0e6f9192267b6e76aefbe505c5556a48ca7c65be003029371b6c39d5a7f65b7207dd2ecb45866cf484debd62832b457f3133ef2f10f3be890bb238105

Download Submit
C:\Windows\System\OCcOalg.exe

Filesize
2.0MB

MD5
e450f650b3198aad286b5491cd68753e

SHA1
30295a381f44701bcb1579d4e2772111bef369e1

SHA256
e6a537201da850e7d803ea05d7f21b622e15c2fecb1f30c1d11b73f57fdee19d

SHA512
e1a9ebed18f29a99f982d5cc984cb78cb1f8368c5a70133fc9cc916829ad676676cb50e73edcd5f79b72be29443f940211da886959a7584e6d20b0cb6cf34ba3

Download Submit
C:\Windows\System\PKhbpDF.exe

Filesize
2.0MB

MD5
82413207934f16de47cfc9e83d438d64

SHA1
d7590969e5f6beb4f13d65ee6aff35c39cf14bc3

SHA256
dcf8847b5dd40477f3b4c99edcbafe37e53ddfd009a90b84335515cce82168a5

SHA512
dae3e78c6acc7beab9d2028246b72648588a7525a5d709e76ac77e1eac15161cdcdc7df41444634d47432c366d09db89a60c212bf0f09bef6fa171bca881941d

Download Submit
C:\Windows\System\QGiaMMm.exe

Filesize
2.0MB

MD5
7da929faf597650d16640003cc687ac5

SHA1
1b495caa375e955e2907d072132891ffaa554117

SHA256
cd5257c0c59ce5bfeb4d09acb675ffd364a32d66d30d30598fc4cea1d405130b

SHA512
03a3311d63368653fb908772528418c4b71347d0ce889975756872ef3a65a30f572a4613426ab1c63628587323ea913cbb20ad7caa5a5582747e7362389a1cf3

Download Submit
C:\Windows\System\ReEOapY.exe

Filesize
2.0MB

MD5
83dd0d753f72330395c17e68d04ff41a

SHA1
a7af8514088949dd28804e2f9eee9ed00c75982b

SHA256
58b86dca2f66d7aec2185daab6ecd978772e935adfa0f989338c03874f9d0551

SHA512
e0fe8b070c212bf9278773789a41e6de467188b1e50af6c1080d7fe989fd93d1b99cdd3400ca39e1a6bfab82968cc98a8694699b370bf89ac1cd045277f54a56

Download Submit
C:\Windows\System\TaDuMRB.exe

Filesize
2.0MB

MD5
a35afcd8bddf742829809b5b0b989398

SHA1
f16b18a5bcfd429533ef0dc16979c78fc4e9720d

SHA256
cde30f65f8c43d7e5443a26ef244e407105943d3fba3ba2083bf245c6280eda0

SHA512
842850defe1aea8560239d06fdecdad2048b21e148ad894d97d7beaadb6f8611be94c1207ab3e45e13707134e28b5e818413c31617a03488accd6721d56c8541

Download Submit
C:\Windows\System\TaaiKFi.exe

Filesize
2.0MB

MD5
eb1b98bd98827baabc02e19817fb90fa

SHA1
d2cbcc656ff705d98d354041633c600bd52ac5e3

SHA256
d0d97db3d32e5b46ae7881c792f28b36ccb5d474a6b696bb04fee6973c4edb78

SHA512
1f3308e5cf02b345b73646a872ae50ba5a7d54ae7112d3341ae92d86f2ae53bfc8758301439df45e82a83051669ab2488b14c74af5555f4623271863f2b6f6a8

Download Submit
C:\Windows\System\TweBlCu.exe

Filesize
2.0MB

MD5
1dec39cb7863be2592a0425f1bc05798

SHA1
188e267009a61e6ff4c54b0eb3e43701998e9ba7

SHA256
453cef9a896c4bcfa166d1e4850ccb486126614111d2660df196a96341a01af3

SHA512
2a8f3b2fdb40121ca37955d29d0c614df6f97e461ca048b26c485df7133b45f435634d4d52fae8a63ecbbef8074d1d60c37aca7a7dc6a711a46b0611ed47a49c

Download Submit
C:\Windows\System\XJBhMPd.exe

Filesize
2.0MB

MD5
6843adc39396261fc43e7cae04555ced

SHA1
44e0dca78710a76b36ff3f20c7e074baaadc837d

SHA256
2df3e118118344830c2aad4f95af1edccbf8634ee36643963f89a75aa60ea3a5

SHA512
c5666523bfe43bb941c6f7b63a2ae4f462efab18742a05eae8678c151a5f8026501e2a8926de8dbc9383398659d41408628f9f8956179f5d2975ffdf2d9eb45d

Download Submit
C:\Windows\System\aWJAfDR.exe

Filesize
2.0MB

MD5
0e0f52a29a294faf4664e5b94f91f086

SHA1
f17aad287db09db3799db3842bb168b87d7498f8

SHA256
612a221308522be2ffac06cdd52bd9c37bdf8e5c99077407baa55f7ec091a230

SHA512
4b6af84be9859bce80e5a04909562fd363761b35390383213230edd29d14c095514e551cf2486a41898fce14aba3f95d41b97cfa7831dfc713086a021ba480c6

Download Submit
C:\Windows\System\bWvabdt.exe

Filesize
2.0MB

MD5
b5ec5ef1eba26b1c10c8a5e1e13111d0

SHA1
6a529e99bd05518b1581e7071a287bcba0ca4ac3

SHA256
131586a70600e7b3eadf95019b8ee52970fa03f4674aaa4602c430c9c24d0aea

SHA512
d4ffaa8d76cba7c2ccf623a5d6a55e6bc790d37d5d64fcbb0a080a5f63e576409c4590f5bb6feafa32dacb351f9773e0b8b372790e5f72fbabbdda5f2e63dc11

Download Submit
C:\Windows\System\cWZtIcP.exe

Filesize
2.0MB

MD5
3e67400434c9cdad7041f8592a0a9e42

SHA1
909dad45982387475aab35f4bf483baefaddd9cc

SHA256
689a835c677b1a32aa610384b749fa9d1c698f92fb51cd0f20e322d984b49ff2

SHA512
f790a88a479d13a28635a3a21f704beea6c5ef837ce3b3d33e8ef3936df92e47af8e91d89168077446785d743d730513ccdc7ca234c8ed8189d4dbd724df34e4

Download Submit
C:\Windows\System\dndzTBM.exe

Filesize
2.0MB

MD5
5a083a2605daaf44ff8c128a83ba08ef

SHA1
76bb3461c523e02351f6b01e63f6d260692105d1

SHA256
14d78032de55eb148b6039458103d23cc92ec6062a87123c6e7a3aadfb2dfc19

SHA512
d2dbb49ce9d533ededd58bcfcce792967a85057a7f0d640300316f26ee42b3e565e99f965e2df6973a27bd8dd24e8e85176a7ecbef57e139c5153bdca0c55865

Download Submit
C:\Windows\System\fFxQdyf.exe

Filesize
2.0MB

MD5
8c011707c65a28c16bd2cc8ae36d0eed

SHA1
51b8b5082f84d279ab7e42a3e3a23b5be611806d

SHA256
2df82fe88a47a97674cbe3cb7d8629cdba1c727d96228312146619c90b353f45

SHA512
28a99bf8aedf5eb9d90b9a6ec9d5f2d003e9a3b14eb2212811ad52f336392279e63ada4c65af674772f4dac0608048eff51f20b72cce5e006a3c2f30615befb3

Download Submit
C:\Windows\System\fVqUxeO.exe

Filesize
2.0MB

MD5
d0dbce16f1e47176b0962b6a52baad00

SHA1
1f18072b4df2f21c9e62fb23b7b15ec0203dca6e

SHA256
9399353c5db745d43c9521acf0857927925e7579fdd311ea1f453e0027cba857

SHA512
defecfe19bead6d4fc54e2c9089a3dee73d4c5f3a52dcfcdf72ef2cb887638353211d9bc734ba00613e83718c1c8a3139d1afbf851bf1c569caeb3fb8a013766

Download Submit
C:\Windows\System\gAfQMdF.exe

Filesize
2.0MB

MD5
9414a5e3db5c65f78f38c16e99d62f2c

SHA1
38eb827c1d81cd55db5ef143efd05a83a9b0ce7c

SHA256
94a86da1a64333b03c89307febcc68523506745b4bde0f097b6187d9ca09e66b

SHA512
28082d9eb4ee00044820830dc78e87ec84bc23900bfd7654b4894f6f27fc5f40de087317df6769fe4d80aefec6b8f9b3dbb9a8c55b269fc648776f5111f7e93e

Download Submit
C:\Windows\System\gMCjsaK.exe

Filesize
2.0MB

MD5
44539d00e2b22f218a0f3fbd38bc1f7f

SHA1
3790abce6f740fb1453eccf29c0804e027bccda4

SHA256
534654396466fcdb590719d1cfa95123f2eee10c6f5caa18641db6e996f038d4

SHA512
eb5f3876f511300b99599a4941394f5b8978ead30658fc17f3a9e109def8f103853641aca85b0bf90253a974a3be7302c36ded1f9043b31979819bbf16304b1b

Download Submit
C:\Windows\System\hSsdqME.exe

Filesize
2.0MB

MD5
bd33ed189dd19b92c9dce428cffb958e

SHA1
15f2e1c22bd2db0bac9ec27e9c0dc183f04c1215

SHA256
28ce1d6404ae610697f123e9801cfabdc6e4a77950c0183011ab51e1f40714a2

SHA512
48c0a9d005a9190d99e26897920bf362cf2f460016498bddf849d425c25251c8420599d7b5d9cc164111138e66a83313f933b8f46fc8a4ad835d43a42108c3f6

Download Submit
C:\Windows\System\imQfExq.exe

Filesize
2.0MB

MD5
482c5278a1c3d420f3959522634d0663

SHA1
ae368d8ccc8c3fcb2f0368b8ea5b574ec59b2641

SHA256
54d5e89bb547ea7699316debf1026f0a440c471f062bf957e9f27a20bd223462

SHA512
4e6ef80b81e1d39ed9408bff23b9be505f0081edfc0993c7efe7e206caf017f1c182d38a68d14cced0d774ab951c9e42d17e1efe16aec00f14484261e86c30b9

Download Submit
C:\Windows\System\jVwQdvc.exe

Filesize
2.0MB

MD5
9432746ecbf6eb03e6bddecd7ff7dfef

SHA1
7543f1336a9a152de6db6d4cc661ac9a36f31008

SHA256
cf0a39058aeba8dbc8c65d9253ca9ddfeb6dc756141cac14051b58f94ee03eb0

SHA512
d5ef68cb32c53b5f1386d499b2647427444339b1e3c5fb948d232eb63308e80bedcae59cbf8306ddb3f90f40aec32517ccb839263dad95e73660c921cc2a0712

Download Submit
C:\Windows\System\kkKZaCC.exe

Filesize
2.0MB

MD5
0c48f83a99c01a23330329178c83ac59

SHA1
480a3c1ff2181c348a5394cdc7a970f43791e7fa

SHA256
6dca9007105e28b41b0c9f50aa7fa193e813187ca29fc2734399aa8e3499230f

SHA512
b05f155a4725ff035d081112087956992726bcc6dd58bb37ef34f1ba6e17ccc15c1b2aeb17a2af991d162e09371f997794c7e642c7d881f1b15e80763ad35bb2

Download Submit
C:\Windows\System\ltxbgDd.exe

Filesize
2.0MB

MD5
fcd025823153e12af9061e870d43db2c

SHA1
0161b7fbf282f18451505326765d10ecdf0701a7

SHA256
aa7ca123005760a45d936288a3d370e3b6074aab9f25134ab55bb12d13ee217f

SHA512
3c18e8dacb88552c8cd50cef587a2fa6b035b3fdd905a00c7afa9831037e099966f5fd6f32972e952cb9e8c5c6e6fa78c89d63c8aecc008ad66feaae2a7bce57

Download Submit
C:\Windows\System\mvYJBHJ.exe

Filesize
2.0MB

MD5
720c3fcfcb67c034249f389554c4aa06

SHA1
379f00fe9c840967956d1b954f35630feb27c752

SHA256
3707b4d380996b2567307f991f6b75183ffa4cdf8280785e489d9609e26b675a

SHA512
32b3d99aa2ffeed36828b2b40e1f75f73ceb7ec0b8ab4113b262489fb06a0072cfc788bbe1b34a2d478e501c8d43b5a1ad33ecc07169931ac834459eea38d0d4

Download Submit
C:\Windows\System\ndyxiiU.exe

Filesize
2.0MB

MD5
ff0d93368b23082d22930d052a93dd4c

SHA1
20104e7ccf5e208c9de588c18d08b03ab53f5714

SHA256
f8bd696db94089d6ec8824a68491d3d5e6c9d93fedd35083cdaab5d87ab3bf81

SHA512
134f1a9b39f9533894fb7d839497d027ec1d0ff47628b8d44eded677e02b2838ba2dd39ffec060d4453555b78d379ec01537db37ba1503c9d8456126d242270b

Download Submit
C:\Windows\System\qZzlgZt.exe

Filesize
2.0MB

MD5
1889548b5993df541ccfc101f82e48d4

SHA1
32bfe38a5d4f0477babce5a46b22d3fc452d2ba4

SHA256
3fa92b27a7586a2e3edf4f84a9bbba6e7029d0b1ef19d47a0031dae3ee2db48d

SHA512
19993623834cc269639849db05db2c05994b393af873a361da37539a60a3f67f0661ec6452f7423540d3406431786e5c0c7c434c7a84a84bec63c8020bd84795

Download Submit
C:\Windows\System\ubrmJlR.exe

Filesize
2.0MB

MD5
5d73a070386796acf1164b2e30747689

SHA1
d44e337aba1cc6a12ef739beb2d14b79dfa4d51e

SHA256
86704318f6f5a31dd9e9729e9d7a378c2180e9e4db53d82bef21be68cdd41581

SHA512
804bbc0002c4e925633ece731495974a2db9e0d4780b451eda392d94706bba2ae03c1c6a7b40bf009152449b1b3b7efc8ab8ffb8832dd27e2517b994f9a45210

Download Submit
C:\Windows\System\xvfquEZ.exe

Filesize
2.0MB

MD5
7283d3730acfb80c3f0c816d16640006

SHA1
410740fd2f3b032553f826ed88d70822bd749971

SHA256
5bc6d50f4b7029b4fb14588ed8faea8a50f791ceaf81148421122e9b093debd0

SHA512
1d0109699830140443b06716f4fd46357b51a6c43b3ddae9d29ed50f1370f2d38665c5598a1842cadce8250f33616209feb7517c8978a3ddb58a5caa41ef0b2d

Download Submit
C:\Windows\System\yzGacgC.exe

Filesize
2.0MB

MD5
8110db9192b529f9688378087f72624c

SHA1
a1e292170a83d5a1240ad624725552b020abf21a

SHA256
2569fc13d4bb377d848c05bb8fcd7809fee4bd5ffe39293a3464e3d565ef0ec4

SHA512
5554651aa61bfe1c45e42f527a5485e0746e9769032d7bcab5fe0fa0c9c82a10f5b8edca7f390fab3b7a9bd5ada3bb334fdcb116907e6f93ba8d00f9851f27ce

Download Submit
C:\Windows\System\zZqZUYt.exe

Filesize
2.0MB

MD5
966f61131704661681a535843aa328f4

SHA1
bdb7cfeb6ec3e85c28ce3a260e248d2625eeee66

SHA256
b6821004508828299ca47c014682b828f1f186bbbbbac1dd47b86f8dab80b40c

SHA512
a8679da25f31403fd00626590f99ae0890b21a3f8d7bb94899e6e383152652080d0fa6d1e79cf02cf314efb314808bb30e25a068b0edcfc8389eacff1ae0a7aa

Download Submit
memory/232-229-0x00007FF6F2720000-0x00007FF6F2A74000-memory.dmp

Filesize
3.3MB

Download
memory/232-2149-0x00007FF6F2720000-0x00007FF6F2A74000-memory.dmp

Filesize
3.3MB

Download
memory/744-12-0x00007FF6E04F0000-0x00007FF6E0844000-memory.dmp

Filesize
3.3MB

Download
memory/744-2127-0x00007FF6E04F0000-0x00007FF6E0844000-memory.dmp

Filesize
3.3MB

Download
memory/776-223-0x00007FF6110C0000-0x00007FF611414000-memory.dmp

Filesize
3.3MB

Download
memory/776-2131-0x00007FF6110C0000-0x00007FF611414000-memory.dmp

Filesize
3.3MB

Download
memory/932-213-0x00007FF7D0070000-0x00007FF7D03C4000-memory.dmp

Filesize
3.3MB

Download
memory/932-2145-0x00007FF7D0070000-0x00007FF7D03C4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-209-0x00007FF6F5BD0000-0x00007FF6F5F24000-memory.dmp

Filesize
3.3MB

Download
memory/1056-2153-0x00007FF6F5BD0000-0x00007FF6F5F24000-memory.dmp

Filesize
3.3MB

Download
memory/1108-2119-0x00007FF65F170000-0x00007FF65F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-43-0x00007FF65F170000-0x00007FF65F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-2129-0x00007FF65F170000-0x00007FF65F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2144-0x00007FF67CC70000-0x00007FF67CFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-174-0x00007FF67CC70000-0x00007FF67CFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-164-0x00007FF7A6830000-0x00007FF7A6B84000-memory.dmp

Filesize
3.3MB

Download
memory/1444-2142-0x00007FF7A6830000-0x00007FF7A6B84000-memory.dmp

Filesize
3.3MB

Download
memory/2148-1-0x0000027686060000-0x0000027686070000-memory.dmp

Filesize
64KB

Download
memory/2148-0-0x00007FF7EB890000-0x00007FF7EBBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2137-0x00007FF7B9930000-0x00007FF7B9C84000-memory.dmp

Filesize
3.3MB

Download
memory/2400-76-0x00007FF7B9930000-0x00007FF7B9C84000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2132-0x00007FF669F30000-0x00007FF66A284000-memory.dmp

Filesize
3.3MB

Download
memory/2548-163-0x00007FF669F30000-0x00007FF66A284000-memory.dmp

Filesize
3.3MB

Download
memory/2624-224-0x00007FF6965D0000-0x00007FF696924000-memory.dmp

Filesize
3.3MB

Download
memory/2624-2134-0x00007FF6965D0000-0x00007FF696924000-memory.dmp

Filesize
3.3MB

Download
memory/2672-212-0x00007FF679960000-0x00007FF679CB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2146-0x00007FF679960000-0x00007FF679CB4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-92-0x00007FF6419B0000-0x00007FF641D04000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2143-0x00007FF6419B0000-0x00007FF641D04000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2125-0x00007FF6419B0000-0x00007FF641D04000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2148-0x00007FF6BFEF0000-0x00007FF6C0244000-memory.dmp

Filesize
3.3MB

Download
memory/3064-208-0x00007FF6BFEF0000-0x00007FF6C0244000-memory.dmp

Filesize
3.3MB

Download
memory/3112-210-0x00007FF7BE9D0000-0x00007FF7BED24000-memory.dmp

Filesize
3.3MB

Download
memory/3112-2147-0x00007FF7BE9D0000-0x00007FF7BED24000-memory.dmp

Filesize
3.3MB

Download
memory/3408-24-0x00007FF638F20000-0x00007FF639274000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2118-0x00007FF638F20000-0x00007FF639274000-memory.dmp

Filesize
3.3MB

Download
memory/3408-2126-0x00007FF638F20000-0x00007FF639274000-memory.dmp

Filesize
3.3MB

Download
memory/3440-2135-0x00007FF765DD0000-0x00007FF766124000-memory.dmp

Filesize
3.3MB

Download
memory/3440-2121-0x00007FF765DD0000-0x00007FF766124000-memory.dmp

Filesize
3.3MB

Download
memory/3440-91-0x00007FF765DD0000-0x00007FF766124000-memory.dmp

Filesize
3.3MB

Download
memory/3500-175-0x00007FF782DF0000-0x00007FF783144000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2154-0x00007FF782DF0000-0x00007FF783144000-memory.dmp

Filesize
3.3MB

Download
memory/3628-28-0x00007FF733610000-0x00007FF733964000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2123-0x00007FF733610000-0x00007FF733964000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2128-0x00007FF733610000-0x00007FF733964000-memory.dmp

Filesize
3.3MB

Download
memory/3688-197-0x00007FF6CBC80000-0x00007FF6CBFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3688-2151-0x00007FF6CBC80000-0x00007FF6CBFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3900-2136-0x00007FF631C60000-0x00007FF631FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3900-162-0x00007FF631C60000-0x00007FF631FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2150-0x00007FF6331B0000-0x00007FF633504000-memory.dmp

Filesize
3.3MB

Download
memory/3964-222-0x00007FF6331B0000-0x00007FF633504000-memory.dmp

Filesize
3.3MB

Download
memory/4188-225-0x00007FF6037A0000-0x00007FF603AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4188-2139-0x00007FF6037A0000-0x00007FF603AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-50-0x00007FF6CC070000-0x00007FF6CC3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-2130-0x00007FF6CC070000-0x00007FF6CC3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4316-2124-0x00007FF6CC070000-0x00007FF6CC3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4388-2122-0x00007FF6E8590000-0x00007FF6E88E4000-memory.dmp

Filesize
3.3MB

Download
memory/4388-111-0x00007FF6E8590000-0x00007FF6E88E4000-memory.dmp

Filesize
3.3MB

Download
memory/4388-2138-0x00007FF6E8590000-0x00007FF6E88E4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-227-0x00007FF70EB50000-0x00007FF70EEA4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2141-0x00007FF70EB50000-0x00007FF70EEA4000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2152-0x00007FF76FD20000-0x00007FF770074000-memory.dmp

Filesize
3.3MB

Download
memory/4816-228-0x00007FF76FD20000-0x00007FF770074000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2133-0x00007FF65B660000-0x00007FF65B9B4000-memory.dmp

Filesize
3.3MB

Download
memory/4940-226-0x00007FF65B660000-0x00007FF65B9B4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-145-0x00007FF746750000-0x00007FF746AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-2140-0x00007FF746750000-0x00007FF746AA4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads