kpot | 8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510

Analysis

max time kernel
129s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
Size

2.2MB
MD5

6b2279e36a36c065f411261fe49e9cd0
SHA1

66a54107ee1d68bb77fc011854ca9646facebae8
SHA256

8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510
SHA512

82e74ac84ac5a0e14ec43c31226a3c957255a6b91a3af51d450b458deda1a358f07f6751f2d984cacef1d4195c14988b556bad4637e5b6e9ab2d4dc4e02f901c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3iXk91:BemTLkNdfE0pZrwp

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x00050000000232b2-6.dat	family_kpot
behavioral2/files/0x000700000002347a-9.dat	family_kpot
behavioral2/files/0x0008000000023476-11.dat	family_kpot
behavioral2/files/0x000700000002347c-28.dat	family_kpot
behavioral2/files/0x0007000000023482-50.dat	family_kpot
behavioral2/files/0x000700000002348c-106.dat	family_kpot
behavioral2/files/0x0007000000023491-125.dat	family_kpot
behavioral2/files/0x0007000000023499-165.dat	family_kpot
behavioral2/files/0x0007000000023497-163.dat	family_kpot
behavioral2/files/0x0007000000023498-160.dat	family_kpot
behavioral2/files/0x0007000000023496-158.dat	family_kpot
behavioral2/files/0x0007000000023495-153.dat	family_kpot
behavioral2/files/0x0007000000023494-148.dat	family_kpot
behavioral2/files/0x0007000000023493-141.dat	family_kpot
behavioral2/files/0x0007000000023492-136.dat	family_kpot
behavioral2/files/0x0007000000023490-126.dat	family_kpot
behavioral2/files/0x000700000002348f-121.dat	family_kpot
behavioral2/files/0x000700000002348e-116.dat	family_kpot
behavioral2/files/0x000700000002348d-111.dat	family_kpot
behavioral2/files/0x000700000002348b-101.dat	family_kpot
behavioral2/files/0x000700000002348a-96.dat	family_kpot
behavioral2/files/0x0007000000023489-91.dat	family_kpot
behavioral2/files/0x0007000000023488-86.dat	family_kpot
behavioral2/files/0x0007000000023487-80.dat	family_kpot
behavioral2/files/0x0007000000023486-76.dat	family_kpot
behavioral2/files/0x0007000000023485-71.dat	family_kpot
behavioral2/files/0x0007000000023484-66.dat	family_kpot
behavioral2/files/0x0007000000023483-61.dat	family_kpot
behavioral2/files/0x0007000000023481-51.dat	family_kpot
behavioral2/files/0x0007000000023480-45.dat	family_kpot
behavioral2/files/0x000700000002347f-41.dat	family_kpot
behavioral2/files/0x000700000002347d-35.dat	family_kpot
behavioral2/files/0x000700000002347b-24.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2984-0-0x00007FF7EBD30000-0x00007FF7EC084000-memory.dmp	xmrig
behavioral2/files/0x00050000000232b2-6.dat	xmrig
behavioral2/files/0x000700000002347a-9.dat	xmrig
behavioral2/files/0x0008000000023476-11.dat	xmrig
behavioral2/memory/4524-12-0x00007FF793000000-0x00007FF793354000-memory.dmp	xmrig
behavioral2/files/0x000700000002347c-28.dat	xmrig
behavioral2/files/0x0007000000023482-50.dat	xmrig
behavioral2/files/0x000700000002348c-106.dat	xmrig
behavioral2/files/0x0007000000023491-125.dat	xmrig
behavioral2/files/0x0007000000023499-165.dat	xmrig
behavioral2/files/0x0007000000023497-163.dat	xmrig
behavioral2/files/0x0007000000023498-160.dat	xmrig
behavioral2/files/0x0007000000023496-158.dat	xmrig
behavioral2/files/0x0007000000023495-153.dat	xmrig
behavioral2/files/0x0007000000023494-148.dat	xmrig
behavioral2/files/0x0007000000023493-141.dat	xmrig
behavioral2/files/0x0007000000023492-136.dat	xmrig
behavioral2/files/0x0007000000023490-126.dat	xmrig
behavioral2/files/0x000700000002348f-121.dat	xmrig
behavioral2/files/0x000700000002348e-116.dat	xmrig
behavioral2/files/0x000700000002348d-111.dat	xmrig
behavioral2/files/0x000700000002348b-101.dat	xmrig
behavioral2/files/0x000700000002348a-96.dat	xmrig
behavioral2/files/0x0007000000023489-91.dat	xmrig
behavioral2/files/0x0007000000023488-86.dat	xmrig
behavioral2/files/0x0007000000023487-80.dat	xmrig
behavioral2/files/0x0007000000023486-76.dat	xmrig
behavioral2/files/0x0007000000023485-71.dat	xmrig
behavioral2/files/0x0007000000023484-66.dat	xmrig
behavioral2/memory/2036-858-0x00007FF735460000-0x00007FF7357B4000-memory.dmp	xmrig
behavioral2/memory/3176-857-0x00007FF7F5E40000-0x00007FF7F6194000-memory.dmp	xmrig
behavioral2/memory/1612-860-0x00007FF74E820000-0x00007FF74EB74000-memory.dmp	xmrig
behavioral2/memory/4540-859-0x00007FF6F6E80000-0x00007FF6F71D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023483-61.dat	xmrig
behavioral2/files/0x0007000000023481-51.dat	xmrig
behavioral2/files/0x0007000000023480-45.dat	xmrig
behavioral2/files/0x000700000002347f-41.dat	xmrig
behavioral2/files/0x000700000002347d-35.dat	xmrig
behavioral2/memory/3720-885-0x00007FF7A3C70000-0x00007FF7A3FC4000-memory.dmp	xmrig
behavioral2/memory/4552-890-0x00007FF7754A0000-0x00007FF7757F4000-memory.dmp	xmrig
behavioral2/memory/3000-888-0x00007FF63B600000-0x00007FF63B954000-memory.dmp	xmrig
behavioral2/memory/4752-883-0x00007FF618E40000-0x00007FF619194000-memory.dmp	xmrig
behavioral2/memory/4560-877-0x00007FF61FA10000-0x00007FF61FD64000-memory.dmp	xmrig
behavioral2/memory/1916-901-0x00007FF7A8150000-0x00007FF7A84A4000-memory.dmp	xmrig
behavioral2/memory/5076-903-0x00007FF7CCBA0000-0x00007FF7CCEF4000-memory.dmp	xmrig
behavioral2/memory/4924-905-0x00007FF709230000-0x00007FF709584000-memory.dmp	xmrig
behavioral2/memory/3668-907-0x00007FF6E6820000-0x00007FF6E6B74000-memory.dmp	xmrig
behavioral2/memory/4892-911-0x00007FF664440000-0x00007FF664794000-memory.dmp	xmrig
behavioral2/memory/3964-914-0x00007FF666C00000-0x00007FF666F54000-memory.dmp	xmrig
behavioral2/memory/4956-920-0x00007FF798510000-0x00007FF798864000-memory.dmp	xmrig
behavioral2/memory/1104-918-0x00007FF6B2A30000-0x00007FF6B2D84000-memory.dmp	xmrig
behavioral2/memory/548-915-0x00007FF6E2B10000-0x00007FF6E2E64000-memory.dmp	xmrig
behavioral2/memory/3920-912-0x00007FF779BA0000-0x00007FF779EF4000-memory.dmp	xmrig
behavioral2/memory/3428-908-0x00007FF6AF360000-0x00007FF6AF6B4000-memory.dmp	xmrig
behavioral2/memory/1744-906-0x00007FF735D30000-0x00007FF736084000-memory.dmp	xmrig
behavioral2/memory/3968-904-0x00007FF735A80000-0x00007FF735DD4000-memory.dmp	xmrig
behavioral2/memory/2308-902-0x00007FF6D3170000-0x00007FF6D34C4000-memory.dmp	xmrig
behavioral2/memory/2660-899-0x00007FF646990000-0x00007FF646CE4000-memory.dmp	xmrig
behavioral2/memory/3488-871-0x00007FF7CA880000-0x00007FF7CABD4000-memory.dmp	xmrig
behavioral2/memory/3776-868-0x00007FF61A070000-0x00007FF61A3C4000-memory.dmp	xmrig
behavioral2/memory/452-866-0x00007FF659200000-0x00007FF659554000-memory.dmp	xmrig
behavioral2/files/0x000700000002347b-24.dat	xmrig
behavioral2/memory/864-16-0x00007FF7233D0000-0x00007FF723724000-memory.dmp	xmrig
behavioral2/memory/2984-2131-0x00007FF7EBD30000-0x00007FF7EC084000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4524	qNyrHcY.exe
864	eZTCrRO.exe
3176	FomLuVd.exe
2036	XpMEBcy.exe
4540	RluWtTD.exe
1612	ZSNanuY.exe
452	byZMOiB.exe
3776	jTHSyJi.exe
3488	VjpDhix.exe
4560	YepehbS.exe
4752	efbUeRW.exe
3720	HUqkhHf.exe
3000	wCdmsur.exe
4552	oJtsOBo.exe
2660	TSWBjnA.exe
1916	edksNkp.exe
2308	wEDKzul.exe
5076	rKRsHUR.exe
3968	zLjwfGf.exe
4924	gVKxcKg.exe
1744	rhJtCZj.exe
3668	lbyKPPQ.exe
3428	ioelAYU.exe
4892	hdKiIWW.exe
3920	JePIclv.exe
3964	tAMLmZo.exe
548	mvaBJjA.exe
1104	MGgBSaX.exe
4956	pyNEfBj.exe
1880	omTnKLp.exe
4500	isrPacI.exe
1728	CPdxKnQ.exe
2024	zcsMczz.exe
1420	sKPTVQE.exe
4904	dPdUBfd.exe
2824	NZLbiFP.exe
4224	WpjwNIu.exe
4176	NlVbihg.exe
4828	mHNASJC.exe
2004	URrvigI.exe
1424	uTUwkIs.exe
3108	VTBZoTK.exe
1428	cYOEwNi.exe
4004	MfmCGCk.exe
1252	TRjIljA.exe
4436	xOSZvVU.exe
3024	SVFpYxM.exe
400	sFFxmXP.exe
5004	bUqjZQa.exe
868	ffcMZgD.exe
3712	FKCWTKY.exe
2732	WbYtPzZ.exe
4444	VmAQWpi.exe
4376	MvPyHdP.exe
2720	EvYmjVo.exe
4712	faFfuSI.exe
1764	HTqkvrf.exe
2228	ZtSHlAd.exe
2244	pXmdexe.exe
4872	aeAsPJI.exe
4108	xEaRlHJ.exe
4968	AqCzhUA.exe
3628	DYBDRlm.exe
4692	dsrnnUS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2984-0-0x00007FF7EBD30000-0x00007FF7EC084000-memory.dmp	upx
behavioral2/files/0x00050000000232b2-6.dat	upx
behavioral2/files/0x000700000002347a-9.dat	upx
behavioral2/files/0x0008000000023476-11.dat	upx
behavioral2/memory/4524-12-0x00007FF793000000-0x00007FF793354000-memory.dmp	upx
behavioral2/files/0x000700000002347c-28.dat	upx
behavioral2/files/0x0007000000023482-50.dat	upx
behavioral2/files/0x000700000002348c-106.dat	upx
behavioral2/files/0x0007000000023491-125.dat	upx
behavioral2/files/0x0007000000023499-165.dat	upx
behavioral2/files/0x0007000000023497-163.dat	upx
behavioral2/files/0x0007000000023498-160.dat	upx
behavioral2/files/0x0007000000023496-158.dat	upx
behavioral2/files/0x0007000000023495-153.dat	upx
behavioral2/files/0x0007000000023494-148.dat	upx
behavioral2/files/0x0007000000023493-141.dat	upx
behavioral2/files/0x0007000000023492-136.dat	upx
behavioral2/files/0x0007000000023490-126.dat	upx
behavioral2/files/0x000700000002348f-121.dat	upx
behavioral2/files/0x000700000002348e-116.dat	upx
behavioral2/files/0x000700000002348d-111.dat	upx
behavioral2/files/0x000700000002348b-101.dat	upx
behavioral2/files/0x000700000002348a-96.dat	upx
behavioral2/files/0x0007000000023489-91.dat	upx
behavioral2/files/0x0007000000023488-86.dat	upx
behavioral2/files/0x0007000000023487-80.dat	upx
behavioral2/files/0x0007000000023486-76.dat	upx
behavioral2/files/0x0007000000023485-71.dat	upx
behavioral2/files/0x0007000000023484-66.dat	upx
behavioral2/memory/2036-858-0x00007FF735460000-0x00007FF7357B4000-memory.dmp	upx
behavioral2/memory/3176-857-0x00007FF7F5E40000-0x00007FF7F6194000-memory.dmp	upx
behavioral2/memory/1612-860-0x00007FF74E820000-0x00007FF74EB74000-memory.dmp	upx
behavioral2/memory/4540-859-0x00007FF6F6E80000-0x00007FF6F71D4000-memory.dmp	upx
behavioral2/files/0x0007000000023483-61.dat	upx
behavioral2/files/0x0007000000023481-51.dat	upx
behavioral2/files/0x0007000000023480-45.dat	upx
behavioral2/files/0x000700000002347f-41.dat	upx
behavioral2/files/0x000700000002347d-35.dat	upx
behavioral2/memory/3720-885-0x00007FF7A3C70000-0x00007FF7A3FC4000-memory.dmp	upx
behavioral2/memory/4552-890-0x00007FF7754A0000-0x00007FF7757F4000-memory.dmp	upx
behavioral2/memory/3000-888-0x00007FF63B600000-0x00007FF63B954000-memory.dmp	upx
behavioral2/memory/4752-883-0x00007FF618E40000-0x00007FF619194000-memory.dmp	upx
behavioral2/memory/4560-877-0x00007FF61FA10000-0x00007FF61FD64000-memory.dmp	upx
behavioral2/memory/1916-901-0x00007FF7A8150000-0x00007FF7A84A4000-memory.dmp	upx
behavioral2/memory/5076-903-0x00007FF7CCBA0000-0x00007FF7CCEF4000-memory.dmp	upx
behavioral2/memory/4924-905-0x00007FF709230000-0x00007FF709584000-memory.dmp	upx
behavioral2/memory/3668-907-0x00007FF6E6820000-0x00007FF6E6B74000-memory.dmp	upx
behavioral2/memory/4892-911-0x00007FF664440000-0x00007FF664794000-memory.dmp	upx
behavioral2/memory/3964-914-0x00007FF666C00000-0x00007FF666F54000-memory.dmp	upx
behavioral2/memory/4956-920-0x00007FF798510000-0x00007FF798864000-memory.dmp	upx
behavioral2/memory/1104-918-0x00007FF6B2A30000-0x00007FF6B2D84000-memory.dmp	upx
behavioral2/memory/548-915-0x00007FF6E2B10000-0x00007FF6E2E64000-memory.dmp	upx
behavioral2/memory/3920-912-0x00007FF779BA0000-0x00007FF779EF4000-memory.dmp	upx
behavioral2/memory/3428-908-0x00007FF6AF360000-0x00007FF6AF6B4000-memory.dmp	upx
behavioral2/memory/1744-906-0x00007FF735D30000-0x00007FF736084000-memory.dmp	upx
behavioral2/memory/3968-904-0x00007FF735A80000-0x00007FF735DD4000-memory.dmp	upx
behavioral2/memory/2308-902-0x00007FF6D3170000-0x00007FF6D34C4000-memory.dmp	upx
behavioral2/memory/2660-899-0x00007FF646990000-0x00007FF646CE4000-memory.dmp	upx
behavioral2/memory/3488-871-0x00007FF7CA880000-0x00007FF7CABD4000-memory.dmp	upx
behavioral2/memory/3776-868-0x00007FF61A070000-0x00007FF61A3C4000-memory.dmp	upx
behavioral2/memory/452-866-0x00007FF659200000-0x00007FF659554000-memory.dmp	upx
behavioral2/files/0x000700000002347b-24.dat	upx
behavioral2/memory/864-16-0x00007FF7233D0000-0x00007FF723724000-memory.dmp	upx
behavioral2/memory/2984-2131-0x00007FF7EBD30000-0x00007FF7EC084000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PEumAqv.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\MdLIdrU.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\KUgWSDp.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\PkbEcLs.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\geqdwtM.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\cpnMkla.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\CwKJinp.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\lkDgWrg.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\twKbeQP.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\BOlSIZx.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\NGConAK.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\SbtLIWQ.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\PqxhOFi.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\SLvjImG.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\RZeljFO.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\SrPrVdT.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\Rvbrljt.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\CAvrkOO.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\FygGGFY.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\VCeywQz.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\CzXGtCe.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\uKSEIKg.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\VaPGiIP.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\VlaHTfE.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\NDYekFz.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\GPKOAcq.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\qNKyoox.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\FKCWTKY.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\jQUcNsV.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\rSVZfkJ.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\FDrumzZ.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\cxlsatm.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\rVbuRKk.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\RYzwkfB.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\RmXbDTH.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\Rpmowgp.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\iIbuYFJ.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\OfVZXXl.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\kIFgAOy.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\NZlMxXe.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\vjXmcqo.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\CeixPVZ.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\zaRtdcT.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\axRnaaH.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\SDGjFOG.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\KVGFVfB.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\EeOoNrp.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\AolYeOu.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\CmyBPwv.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\gHOCTip.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\NMyPzis.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\VmAQWpi.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\geaGlQu.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\beesJbS.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\ELrhksc.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\uhkhDqE.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\FOfeOwJ.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\vobfLqE.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\SRFXmsf.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\keFWIEQ.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\yutjBYV.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\PWwlQVe.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\fFzWebv.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
File created	C:\Windows\System\xjeZMYd.exe	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5064	dwm.exe
Token: SeChangeNotifyPrivilege	5064	dwm.exe
Token: 33	5064	dwm.exe
Token: SeIncBasePriorityPrivilege	5064	dwm.exe
Token: SeShutdownPrivilege	5064	dwm.exe
Token: SeCreatePagefilePrivilege	5064	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 4524	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	86
PID 2984 wrote to memory of 4524	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	86
PID 2984 wrote to memory of 864	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	87
PID 2984 wrote to memory of 864	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	87
PID 2984 wrote to memory of 3176	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	88
PID 2984 wrote to memory of 3176	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	88
PID 2984 wrote to memory of 2036	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	89
PID 2984 wrote to memory of 2036	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	89
PID 2984 wrote to memory of 4540	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	90
PID 2984 wrote to memory of 4540	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	90
PID 2984 wrote to memory of 1612	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	91
PID 2984 wrote to memory of 1612	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	91
PID 2984 wrote to memory of 452	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	92
PID 2984 wrote to memory of 452	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	92
PID 2984 wrote to memory of 3776	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	93
PID 2984 wrote to memory of 3776	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	93
PID 2984 wrote to memory of 3488	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	94
PID 2984 wrote to memory of 3488	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	94
PID 2984 wrote to memory of 4560	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	95
PID 2984 wrote to memory of 4560	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	95
PID 2984 wrote to memory of 4752	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	96
PID 2984 wrote to memory of 4752	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	96
PID 2984 wrote to memory of 3720	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	97
PID 2984 wrote to memory of 3720	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	97
PID 2984 wrote to memory of 3000	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	98
PID 2984 wrote to memory of 3000	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	98
PID 2984 wrote to memory of 4552	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	99
PID 2984 wrote to memory of 4552	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	99
PID 2984 wrote to memory of 2660	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	100
PID 2984 wrote to memory of 2660	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	100
PID 2984 wrote to memory of 1916	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	101
PID 2984 wrote to memory of 1916	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	101
PID 2984 wrote to memory of 2308	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	102
PID 2984 wrote to memory of 2308	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	102
PID 2984 wrote to memory of 5076	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	103
PID 2984 wrote to memory of 5076	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	103
PID 2984 wrote to memory of 3968	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	104
PID 2984 wrote to memory of 3968	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	104
PID 2984 wrote to memory of 4924	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	105
PID 2984 wrote to memory of 4924	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	105
PID 2984 wrote to memory of 1744	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	106
PID 2984 wrote to memory of 1744	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	106
PID 2984 wrote to memory of 3668	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	107
PID 2984 wrote to memory of 3668	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	107
PID 2984 wrote to memory of 3428	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	108
PID 2984 wrote to memory of 3428	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	108
PID 2984 wrote to memory of 4892	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	109
PID 2984 wrote to memory of 4892	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	109
PID 2984 wrote to memory of 3920	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	110
PID 2984 wrote to memory of 3920	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	110
PID 2984 wrote to memory of 3964	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	111
PID 2984 wrote to memory of 3964	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	111
PID 2984 wrote to memory of 548	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	112
PID 2984 wrote to memory of 548	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	112
PID 2984 wrote to memory of 1104	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	113
PID 2984 wrote to memory of 1104	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	113
PID 2984 wrote to memory of 4956	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	114
PID 2984 wrote to memory of 4956	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	114
PID 2984 wrote to memory of 1880	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	115
PID 2984 wrote to memory of 1880	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	115
PID 2984 wrote to memory of 4500	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	116
PID 2984 wrote to memory of 4500	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	116
PID 2984 wrote to memory of 1728	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	117
PID 2984 wrote to memory of 1728	2984	8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d4224dda77666c95274acc1d82fa425be6ef459802bd27af53112d7845d0510_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\System\qNyrHcY.exe
  C:\Windows\System\qNyrHcY.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\eZTCrRO.exe
  C:\Windows\System\eZTCrRO.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\FomLuVd.exe
  C:\Windows\System\FomLuVd.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\XpMEBcy.exe
  C:\Windows\System\XpMEBcy.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\RluWtTD.exe
  C:\Windows\System\RluWtTD.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\ZSNanuY.exe
  C:\Windows\System\ZSNanuY.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\byZMOiB.exe
  C:\Windows\System\byZMOiB.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\jTHSyJi.exe
  C:\Windows\System\jTHSyJi.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\VjpDhix.exe
  C:\Windows\System\VjpDhix.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\YepehbS.exe
  C:\Windows\System\YepehbS.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\efbUeRW.exe
  C:\Windows\System\efbUeRW.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\HUqkhHf.exe
  C:\Windows\System\HUqkhHf.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\wCdmsur.exe
  C:\Windows\System\wCdmsur.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\oJtsOBo.exe
  C:\Windows\System\oJtsOBo.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\TSWBjnA.exe
  C:\Windows\System\TSWBjnA.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\edksNkp.exe
  C:\Windows\System\edksNkp.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\wEDKzul.exe
  C:\Windows\System\wEDKzul.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\rKRsHUR.exe
  C:\Windows\System\rKRsHUR.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\zLjwfGf.exe
  C:\Windows\System\zLjwfGf.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\gVKxcKg.exe
  C:\Windows\System\gVKxcKg.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\rhJtCZj.exe
  C:\Windows\System\rhJtCZj.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\lbyKPPQ.exe
  C:\Windows\System\lbyKPPQ.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\ioelAYU.exe
  C:\Windows\System\ioelAYU.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\hdKiIWW.exe
  C:\Windows\System\hdKiIWW.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\JePIclv.exe
  C:\Windows\System\JePIclv.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\tAMLmZo.exe
  C:\Windows\System\tAMLmZo.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\mvaBJjA.exe
  C:\Windows\System\mvaBJjA.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\MGgBSaX.exe
  C:\Windows\System\MGgBSaX.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\pyNEfBj.exe
  C:\Windows\System\pyNEfBj.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\omTnKLp.exe
  C:\Windows\System\omTnKLp.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\isrPacI.exe
  C:\Windows\System\isrPacI.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\CPdxKnQ.exe
  C:\Windows\System\CPdxKnQ.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\zcsMczz.exe
  C:\Windows\System\zcsMczz.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\sKPTVQE.exe
  C:\Windows\System\sKPTVQE.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\dPdUBfd.exe
  C:\Windows\System\dPdUBfd.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\NZLbiFP.exe
  C:\Windows\System\NZLbiFP.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\WpjwNIu.exe
  C:\Windows\System\WpjwNIu.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\NlVbihg.exe
  C:\Windows\System\NlVbihg.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\mHNASJC.exe
  C:\Windows\System\mHNASJC.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\URrvigI.exe
  C:\Windows\System\URrvigI.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\uTUwkIs.exe
  C:\Windows\System\uTUwkIs.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\VTBZoTK.exe
  C:\Windows\System\VTBZoTK.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\cYOEwNi.exe
  C:\Windows\System\cYOEwNi.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\MfmCGCk.exe
  C:\Windows\System\MfmCGCk.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\TRjIljA.exe
  C:\Windows\System\TRjIljA.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\xOSZvVU.exe
  C:\Windows\System\xOSZvVU.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\SVFpYxM.exe
  C:\Windows\System\SVFpYxM.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\sFFxmXP.exe
  C:\Windows\System\sFFxmXP.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\bUqjZQa.exe
  C:\Windows\System\bUqjZQa.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\ffcMZgD.exe
  C:\Windows\System\ffcMZgD.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\FKCWTKY.exe
  C:\Windows\System\FKCWTKY.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\WbYtPzZ.exe
  C:\Windows\System\WbYtPzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\VmAQWpi.exe
  C:\Windows\System\VmAQWpi.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\MvPyHdP.exe
  C:\Windows\System\MvPyHdP.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\EvYmjVo.exe
  C:\Windows\System\EvYmjVo.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\faFfuSI.exe
  C:\Windows\System\faFfuSI.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\HTqkvrf.exe
  C:\Windows\System\HTqkvrf.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ZtSHlAd.exe
  C:\Windows\System\ZtSHlAd.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\pXmdexe.exe
  C:\Windows\System\pXmdexe.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\aeAsPJI.exe
  C:\Windows\System\aeAsPJI.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\xEaRlHJ.exe
  C:\Windows\System\xEaRlHJ.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\AqCzhUA.exe
  C:\Windows\System\AqCzhUA.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\DYBDRlm.exe
  C:\Windows\System\DYBDRlm.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\dsrnnUS.exe
  C:\Windows\System\dsrnnUS.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\keFWIEQ.exe
  C:\Windows\System\keFWIEQ.exe
  2⤵
  PID:1596
- C:\Windows\System\SXmfRPz.exe
  C:\Windows\System\SXmfRPz.exe
  2⤵
  PID:3484
- C:\Windows\System\BlnKCIG.exe
  C:\Windows\System\BlnKCIG.exe
  2⤵
  PID:3656
- C:\Windows\System\WxPzHiS.exe
  C:\Windows\System\WxPzHiS.exe
  2⤵
  PID:4596
- C:\Windows\System\CwKJinp.exe
  C:\Windows\System\CwKJinp.exe
  2⤵
  PID:4672
- C:\Windows\System\XuxQJzn.exe
  C:\Windows\System\XuxQJzn.exe
  2⤵
  PID:5124
- C:\Windows\System\KUgWSDp.exe
  C:\Windows\System\KUgWSDp.exe
  2⤵
  PID:5152
- C:\Windows\System\DEIeYYs.exe
  C:\Windows\System\DEIeYYs.exe
  2⤵
  PID:5184
- C:\Windows\System\mPcFsnm.exe
  C:\Windows\System\mPcFsnm.exe
  2⤵
  PID:5208
- C:\Windows\System\ncVCTkf.exe
  C:\Windows\System\ncVCTkf.exe
  2⤵
  PID:5236
- C:\Windows\System\PaefjUd.exe
  C:\Windows\System\PaefjUd.exe
  2⤵
  PID:5264
- C:\Windows\System\tMZfyPJ.exe
  C:\Windows\System\tMZfyPJ.exe
  2⤵
  PID:5292
- C:\Windows\System\mflRVjj.exe
  C:\Windows\System\mflRVjj.exe
  2⤵
  PID:5316
- C:\Windows\System\waIwtNb.exe
  C:\Windows\System\waIwtNb.exe
  2⤵
  PID:5348
- C:\Windows\System\PkbEcLs.exe
  C:\Windows\System\PkbEcLs.exe
  2⤵
  PID:5376
- C:\Windows\System\axRnaaH.exe
  C:\Windows\System\axRnaaH.exe
  2⤵
  PID:5400
- C:\Windows\System\pQbKZzI.exe
  C:\Windows\System\pQbKZzI.exe
  2⤵
  PID:5432
- C:\Windows\System\AArWwDx.exe
  C:\Windows\System\AArWwDx.exe
  2⤵
  PID:5460
- C:\Windows\System\SmqqoTA.exe
  C:\Windows\System\SmqqoTA.exe
  2⤵
  PID:5492
- C:\Windows\System\YrwfVuu.exe
  C:\Windows\System\YrwfVuu.exe
  2⤵
  PID:5516
- C:\Windows\System\RLLUZum.exe
  C:\Windows\System\RLLUZum.exe
  2⤵
  PID:5544
- C:\Windows\System\qvOBuUC.exe
  C:\Windows\System\qvOBuUC.exe
  2⤵
  PID:5572
- C:\Windows\System\tyjZHDQ.exe
  C:\Windows\System\tyjZHDQ.exe
  2⤵
  PID:5600
- C:\Windows\System\iWHMWtX.exe
  C:\Windows\System\iWHMWtX.exe
  2⤵
  PID:5628
- C:\Windows\System\eacYOPx.exe
  C:\Windows\System\eacYOPx.exe
  2⤵
  PID:5652
- C:\Windows\System\FMZuZUP.exe
  C:\Windows\System\FMZuZUP.exe
  2⤵
  PID:5684
- C:\Windows\System\BfpHbAO.exe
  C:\Windows\System\BfpHbAO.exe
  2⤵
  PID:5708
- C:\Windows\System\yutjBYV.exe
  C:\Windows\System\yutjBYV.exe
  2⤵
  PID:5740
- C:\Windows\System\YekgvKx.exe
  C:\Windows\System\YekgvKx.exe
  2⤵
  PID:5768
- C:\Windows\System\sYMZYkM.exe
  C:\Windows\System\sYMZYkM.exe
  2⤵
  PID:5796
- C:\Windows\System\dmKPIor.exe
  C:\Windows\System\dmKPIor.exe
  2⤵
  PID:5820
- C:\Windows\System\usgRmEs.exe
  C:\Windows\System\usgRmEs.exe
  2⤵
  PID:5848
- C:\Windows\System\caiLJZb.exe
  C:\Windows\System\caiLJZb.exe
  2⤵
  PID:5876
- C:\Windows\System\JSzMLKU.exe
  C:\Windows\System\JSzMLKU.exe
  2⤵
  PID:5908
- C:\Windows\System\cDPgmpH.exe
  C:\Windows\System\cDPgmpH.exe
  2⤵
  PID:5932
- C:\Windows\System\wHryJyY.exe
  C:\Windows\System\wHryJyY.exe
  2⤵
  PID:5960
- C:\Windows\System\apGJlyY.exe
  C:\Windows\System\apGJlyY.exe
  2⤵
  PID:5988
- C:\Windows\System\vaFxIMf.exe
  C:\Windows\System\vaFxIMf.exe
  2⤵
  PID:6016
- C:\Windows\System\jAmTpDF.exe
  C:\Windows\System\jAmTpDF.exe
  2⤵
  PID:6048
- C:\Windows\System\xEyweSk.exe
  C:\Windows\System\xEyweSk.exe
  2⤵
  PID:6076
- C:\Windows\System\AORvBmY.exe
  C:\Windows\System\AORvBmY.exe
  2⤵
  PID:6104
- C:\Windows\System\amVIfam.exe
  C:\Windows\System\amVIfam.exe
  2⤵
  PID:6132
- C:\Windows\System\wbnKlhF.exe
  C:\Windows\System\wbnKlhF.exe
  2⤵
  PID:3388
- C:\Windows\System\zHPwdPw.exe
  C:\Windows\System\zHPwdPw.exe
  2⤵
  PID:5012
- C:\Windows\System\ubsfzeS.exe
  C:\Windows\System\ubsfzeS.exe
  2⤵
  PID:3144
- C:\Windows\System\SLvjImG.exe
  C:\Windows\System\SLvjImG.exe
  2⤵
  PID:2692
- C:\Windows\System\lkDgWrg.exe
  C:\Windows\System\lkDgWrg.exe
  2⤵
  PID:784
- C:\Windows\System\yuZTXaa.exe
  C:\Windows\System\yuZTXaa.exe
  2⤵
  PID:880
- C:\Windows\System\vBJWQne.exe
  C:\Windows\System\vBJWQne.exe
  2⤵
  PID:2840
- C:\Windows\System\ILLDcmB.exe
  C:\Windows\System\ILLDcmB.exe
  2⤵
  PID:5180
- C:\Windows\System\owmNOCf.exe
  C:\Windows\System\owmNOCf.exe
  2⤵
  PID:5248
- C:\Windows\System\mSefWOg.exe
  C:\Windows\System\mSefWOg.exe
  2⤵
  PID:5312
- C:\Windows\System\NNSlIDN.exe
  C:\Windows\System\NNSlIDN.exe
  2⤵
  PID:5368
- C:\Windows\System\UbANDcS.exe
  C:\Windows\System\UbANDcS.exe
  2⤵
  PID:5448
- C:\Windows\System\ARzgIQA.exe
  C:\Windows\System\ARzgIQA.exe
  2⤵
  PID:5512
- C:\Windows\System\RJXepli.exe
  C:\Windows\System\RJXepli.exe
  2⤵
  PID:5584
- C:\Windows\System\GmZevmQ.exe
  C:\Windows\System\GmZevmQ.exe
  2⤵
  PID:5640
- C:\Windows\System\Rpmowgp.exe
  C:\Windows\System\Rpmowgp.exe
  2⤵
  PID:5704
- C:\Windows\System\HsASwvM.exe
  C:\Windows\System\HsASwvM.exe
  2⤵
  PID:5760
- C:\Windows\System\hOfzYza.exe
  C:\Windows\System\hOfzYza.exe
  2⤵
  PID:5836
- C:\Windows\System\laPyrnw.exe
  C:\Windows\System\laPyrnw.exe
  2⤵
  PID:5900
- C:\Windows\System\NLVXZay.exe
  C:\Windows\System\NLVXZay.exe
  2⤵
  PID:5956
- C:\Windows\System\pzbazDW.exe
  C:\Windows\System\pzbazDW.exe
  2⤵
  PID:6032
- C:\Windows\System\QJmWTea.exe
  C:\Windows\System\QJmWTea.exe
  2⤵
  PID:6116
- C:\Windows\System\uNMIatR.exe
  C:\Windows\System\uNMIatR.exe
  2⤵
  PID:3972
- C:\Windows\System\gBHuNIt.exe
  C:\Windows\System\gBHuNIt.exe
  2⤵
  PID:1348
- C:\Windows\System\tXSipti.exe
  C:\Windows\System\tXSipti.exe
  2⤵
  PID:3296
- C:\Windows\System\QvblTxJ.exe
  C:\Windows\System\QvblTxJ.exe
  2⤵
  PID:5168
- C:\Windows\System\ZLUJSTw.exe
  C:\Windows\System\ZLUJSTw.exe
  2⤵
  PID:6148
- C:\Windows\System\gEJlgYr.exe
  C:\Windows\System\gEJlgYr.exe
  2⤵
  PID:6180
- C:\Windows\System\UZXzQlX.exe
  C:\Windows\System\UZXzQlX.exe
  2⤵
  PID:6204
- C:\Windows\System\NRQMlib.exe
  C:\Windows\System\NRQMlib.exe
  2⤵
  PID:6236
- C:\Windows\System\iIbuYFJ.exe
  C:\Windows\System\iIbuYFJ.exe
  2⤵
  PID:6264
- C:\Windows\System\uroMBYb.exe
  C:\Windows\System\uroMBYb.exe
  2⤵
  PID:6288
- C:\Windows\System\pyWZEaQ.exe
  C:\Windows\System\pyWZEaQ.exe
  2⤵
  PID:6316
- C:\Windows\System\CfYTvFZ.exe
  C:\Windows\System\CfYTvFZ.exe
  2⤵
  PID:6344
- C:\Windows\System\BTrREVW.exe
  C:\Windows\System\BTrREVW.exe
  2⤵
  PID:6376
- C:\Windows\System\vrnotmc.exe
  C:\Windows\System\vrnotmc.exe
  2⤵
  PID:6404
- C:\Windows\System\ndEOGQW.exe
  C:\Windows\System\ndEOGQW.exe
  2⤵
  PID:6432
- C:\Windows\System\sPoErGm.exe
  C:\Windows\System\sPoErGm.exe
  2⤵
  PID:6460
- C:\Windows\System\xjeZMYd.exe
  C:\Windows\System\xjeZMYd.exe
  2⤵
  PID:6484
- C:\Windows\System\nGIqIck.exe
  C:\Windows\System\nGIqIck.exe
  2⤵
  PID:6516
- C:\Windows\System\NyvqxXR.exe
  C:\Windows\System\NyvqxXR.exe
  2⤵
  PID:6544
- C:\Windows\System\PHDsAbn.exe
  C:\Windows\System\PHDsAbn.exe
  2⤵
  PID:6572
- C:\Windows\System\PWwlQVe.exe
  C:\Windows\System\PWwlQVe.exe
  2⤵
  PID:6600
- C:\Windows\System\qdzPKtq.exe
  C:\Windows\System\qdzPKtq.exe
  2⤵
  PID:6628
- C:\Windows\System\fzwjSKL.exe
  C:\Windows\System\fzwjSKL.exe
  2⤵
  PID:6656
- C:\Windows\System\lHOkLkD.exe
  C:\Windows\System\lHOkLkD.exe
  2⤵
  PID:6684
- C:\Windows\System\mQJzIGA.exe
  C:\Windows\System\mQJzIGA.exe
  2⤵
  PID:6712
- C:\Windows\System\vckOUOW.exe
  C:\Windows\System\vckOUOW.exe
  2⤵
  PID:6740
- C:\Windows\System\OpyPETY.exe
  C:\Windows\System\OpyPETY.exe
  2⤵
  PID:6768
- C:\Windows\System\qOaElKq.exe
  C:\Windows\System\qOaElKq.exe
  2⤵
  PID:6796
- C:\Windows\System\ZvGqTCT.exe
  C:\Windows\System\ZvGqTCT.exe
  2⤵
  PID:6824
- C:\Windows\System\HlZvKuB.exe
  C:\Windows\System\HlZvKuB.exe
  2⤵
  PID:6852
- C:\Windows\System\LzMKbik.exe
  C:\Windows\System\LzMKbik.exe
  2⤵
  PID:6880
- C:\Windows\System\owdSFEg.exe
  C:\Windows\System\owdSFEg.exe
  2⤵
  PID:6908
- C:\Windows\System\RzxBHti.exe
  C:\Windows\System\RzxBHti.exe
  2⤵
  PID:6936
- C:\Windows\System\XrefVyX.exe
  C:\Windows\System\XrefVyX.exe
  2⤵
  PID:6960
- C:\Windows\System\xvEBPJO.exe
  C:\Windows\System\xvEBPJO.exe
  2⤵
  PID:6988
- C:\Windows\System\mTCZhHs.exe
  C:\Windows\System\mTCZhHs.exe
  2⤵
  PID:7020
- C:\Windows\System\vEbsMeX.exe
  C:\Windows\System\vEbsMeX.exe
  2⤵
  PID:7048
- C:\Windows\System\bOxagnV.exe
  C:\Windows\System\bOxagnV.exe
  2⤵
  PID:7076
- C:\Windows\System\CzXGtCe.exe
  C:\Windows\System\CzXGtCe.exe
  2⤵
  PID:7104
- C:\Windows\System\PknrhLB.exe
  C:\Windows\System\PknrhLB.exe
  2⤵
  PID:7132
- C:\Windows\System\WPCiQYC.exe
  C:\Windows\System\WPCiQYC.exe
  2⤵
  PID:7160
- C:\Windows\System\AdyFgPq.exe
  C:\Windows\System\AdyFgPq.exe
  2⤵
  PID:5424
- C:\Windows\System\dIjTsRo.exe
  C:\Windows\System\dIjTsRo.exe
  2⤵
  PID:5612
- C:\Windows\System\SJxhdIj.exe
  C:\Windows\System\SJxhdIj.exe
  2⤵
  PID:5752
- C:\Windows\System\FzbMVUk.exe
  C:\Windows\System\FzbMVUk.exe
  2⤵
  PID:5872
- C:\Windows\System\jONxzTh.exe
  C:\Windows\System\jONxzTh.exe
  2⤵
  PID:6012
- C:\Windows\System\cLICMzr.exe
  C:\Windows\System\cLICMzr.exe
  2⤵
  PID:2592
- C:\Windows\System\igTDHLt.exe
  C:\Windows\System\igTDHLt.exe
  2⤵
  PID:5164
- C:\Windows\System\qORZPKw.exe
  C:\Windows\System\qORZPKw.exe
  2⤵
  PID:6172
- C:\Windows\System\zDBclzf.exe
  C:\Windows\System\zDBclzf.exe
  2⤵
  PID:6248
- C:\Windows\System\kaYtxWi.exe
  C:\Windows\System\kaYtxWi.exe
  2⤵
  PID:6308
- C:\Windows\System\oMFsNlW.exe
  C:\Windows\System\oMFsNlW.exe
  2⤵
  PID:6388
- C:\Windows\System\OfVZXXl.exe
  C:\Windows\System\OfVZXXl.exe
  2⤵
  PID:6448
- C:\Windows\System\jnhfLjK.exe
  C:\Windows\System\jnhfLjK.exe
  2⤵
  PID:6504
- C:\Windows\System\UZSYSAe.exe
  C:\Windows\System\UZSYSAe.exe
  2⤵
  PID:6564
- C:\Windows\System\dBwycmp.exe
  C:\Windows\System\dBwycmp.exe
  2⤵
  PID:6644
- C:\Windows\System\fUAjshe.exe
  C:\Windows\System\fUAjshe.exe
  2⤵
  PID:6704
- C:\Windows\System\VRwLOmU.exe
  C:\Windows\System\VRwLOmU.exe
  2⤵
  PID:6780
- C:\Windows\System\mVYhcgi.exe
  C:\Windows\System\mVYhcgi.exe
  2⤵
  PID:6840
- C:\Windows\System\rVHKONN.exe
  C:\Windows\System\rVHKONN.exe
  2⤵
  PID:6900
- C:\Windows\System\uKSEIKg.exe
  C:\Windows\System\uKSEIKg.exe
  2⤵
  PID:6956
- C:\Windows\System\aDYWKFG.exe
  C:\Windows\System\aDYWKFG.exe
  2⤵
  PID:7036
- C:\Windows\System\zBRNrfQ.exe
  C:\Windows\System\zBRNrfQ.exe
  2⤵
  PID:7092
- C:\Windows\System\geaGlQu.exe
  C:\Windows\System\geaGlQu.exe
  2⤵
  PID:1760
- C:\Windows\System\erjuVvV.exe
  C:\Windows\System\erjuVvV.exe
  2⤵
  PID:5672
- C:\Windows\System\WjiuQbP.exe
  C:\Windows\System\WjiuQbP.exe
  2⤵
  PID:5952
- C:\Windows\System\uZUofhv.exe
  C:\Windows\System\uZUofhv.exe
  2⤵
  PID:4420
- C:\Windows\System\FxawQgC.exe
  C:\Windows\System\FxawQgC.exe
  2⤵
  PID:6224
- C:\Windows\System\sYgvFsG.exe
  C:\Windows\System\sYgvFsG.exe
  2⤵
  PID:6364
- C:\Windows\System\UZZXQKl.exe
  C:\Windows\System\UZZXQKl.exe
  2⤵
  PID:6556
- C:\Windows\System\twKbeQP.exe
  C:\Windows\System\twKbeQP.exe
  2⤵
  PID:6696
- C:\Windows\System\HnGsqOW.exe
  C:\Windows\System\HnGsqOW.exe
  2⤵
  PID:7180
- C:\Windows\System\ZNmztPm.exe
  C:\Windows\System\ZNmztPm.exe
  2⤵
  PID:7204
- C:\Windows\System\DHRfKmY.exe
  C:\Windows\System\DHRfKmY.exe
  2⤵
  PID:7232
- C:\Windows\System\sfpwXWv.exe
  C:\Windows\System\sfpwXWv.exe
  2⤵
  PID:7264
- C:\Windows\System\yYYCmCH.exe
  C:\Windows\System\yYYCmCH.exe
  2⤵
  PID:7288
- C:\Windows\System\iJvHfHC.exe
  C:\Windows\System\iJvHfHC.exe
  2⤵
  PID:7320
- C:\Windows\System\tVLTysb.exe
  C:\Windows\System\tVLTysb.exe
  2⤵
  PID:7344
- C:\Windows\System\JpmMlyx.exe
  C:\Windows\System\JpmMlyx.exe
  2⤵
  PID:7372
- C:\Windows\System\WdRnqFl.exe
  C:\Windows\System\WdRnqFl.exe
  2⤵
  PID:7400
- C:\Windows\System\AVugNGw.exe
  C:\Windows\System\AVugNGw.exe
  2⤵
  PID:7432
- C:\Windows\System\SNuMrkM.exe
  C:\Windows\System\SNuMrkM.exe
  2⤵
  PID:7460
- C:\Windows\System\SDGjFOG.exe
  C:\Windows\System\SDGjFOG.exe
  2⤵
  PID:7488
- C:\Windows\System\NeuyQtJ.exe
  C:\Windows\System\NeuyQtJ.exe
  2⤵
  PID:7516
- C:\Windows\System\jJaPdmq.exe
  C:\Windows\System\jJaPdmq.exe
  2⤵
  PID:7544
- C:\Windows\System\FmdNzHE.exe
  C:\Windows\System\FmdNzHE.exe
  2⤵
  PID:7568
- C:\Windows\System\cTxqPmI.exe
  C:\Windows\System\cTxqPmI.exe
  2⤵
  PID:7596
- C:\Windows\System\NxUxLpM.exe
  C:\Windows\System\NxUxLpM.exe
  2⤵
  PID:7628
- C:\Windows\System\lxjaAyW.exe
  C:\Windows\System\lxjaAyW.exe
  2⤵
  PID:7656
- C:\Windows\System\SpRkyuC.exe
  C:\Windows\System\SpRkyuC.exe
  2⤵
  PID:7680
- C:\Windows\System\rSBpQNC.exe
  C:\Windows\System\rSBpQNC.exe
  2⤵
  PID:7708
- C:\Windows\System\uAUlpVE.exe
  C:\Windows\System\uAUlpVE.exe
  2⤵
  PID:7736
- C:\Windows\System\mBmFWwJ.exe
  C:\Windows\System\mBmFWwJ.exe
  2⤵
  PID:7764
- C:\Windows\System\VwfAyRp.exe
  C:\Windows\System\VwfAyRp.exe
  2⤵
  PID:7792
- C:\Windows\System\sybRnHf.exe
  C:\Windows\System\sybRnHf.exe
  2⤵
  PID:7824
- C:\Windows\System\TCNhHKk.exe
  C:\Windows\System\TCNhHKk.exe
  2⤵
  PID:7852
- C:\Windows\System\huQyzEv.exe
  C:\Windows\System\huQyzEv.exe
  2⤵
  PID:7876
- C:\Windows\System\ZoekSQf.exe
  C:\Windows\System\ZoekSQf.exe
  2⤵
  PID:7904
- C:\Windows\System\HDugzhl.exe
  C:\Windows\System\HDugzhl.exe
  2⤵
  PID:7936
- C:\Windows\System\vhGHKtm.exe
  C:\Windows\System\vhGHKtm.exe
  2⤵
  PID:7964
- C:\Windows\System\RZeljFO.exe
  C:\Windows\System\RZeljFO.exe
  2⤵
  PID:7992
- C:\Windows\System\LkFXcnA.exe
  C:\Windows\System\LkFXcnA.exe
  2⤵
  PID:8020
- C:\Windows\System\xCZomFe.exe
  C:\Windows\System\xCZomFe.exe
  2⤵
  PID:8048
- C:\Windows\System\uoabTue.exe
  C:\Windows\System\uoabTue.exe
  2⤵
  PID:8076
- C:\Windows\System\fLDNULS.exe
  C:\Windows\System\fLDNULS.exe
  2⤵
  PID:8104
- C:\Windows\System\nhWbZqn.exe
  C:\Windows\System\nhWbZqn.exe
  2⤵
  PID:8128
- C:\Windows\System\fJEpHSD.exe
  C:\Windows\System\fJEpHSD.exe
  2⤵
  PID:8156
- C:\Windows\System\vBuqOfs.exe
  C:\Windows\System\vBuqOfs.exe
  2⤵
  PID:8184
- C:\Windows\System\GqZzNdK.exe
  C:\Windows\System\GqZzNdK.exe
  2⤵
  PID:6948
- C:\Windows\System\DIOSHJX.exe
  C:\Windows\System\DIOSHJX.exe
  2⤵
  PID:7068
- C:\Windows\System\qcabciE.exe
  C:\Windows\System\qcabciE.exe
  2⤵
  PID:5812
- C:\Windows\System\jXvUGHI.exe
  C:\Windows\System\jXvUGHI.exe
  2⤵
  PID:6168
- C:\Windows\System\RwZAQGx.exe
  C:\Windows\System\RwZAQGx.exe
  2⤵
  PID:6500
- C:\Windows\System\jdtWmqh.exe
  C:\Windows\System\jdtWmqh.exe
  2⤵
  PID:7192
- C:\Windows\System\OhkYeHV.exe
  C:\Windows\System\OhkYeHV.exe
  2⤵
  PID:7228
- C:\Windows\System\qoopiNV.exe
  C:\Windows\System\qoopiNV.exe
  2⤵
  PID:7284
- C:\Windows\System\JjfKASV.exe
  C:\Windows\System\JjfKASV.exe
  2⤵
  PID:7360
- C:\Windows\System\KVGFVfB.exe
  C:\Windows\System\KVGFVfB.exe
  2⤵
  PID:7420
- C:\Windows\System\eoKlOYS.exe
  C:\Windows\System\eoKlOYS.exe
  2⤵
  PID:7480
- C:\Windows\System\phWwGHg.exe
  C:\Windows\System\phWwGHg.exe
  2⤵
  PID:7556
- C:\Windows\System\EsEYnxD.exe
  C:\Windows\System\EsEYnxD.exe
  2⤵
  PID:7616
- C:\Windows\System\qOwMnks.exe
  C:\Windows\System\qOwMnks.exe
  2⤵
  PID:7668
- C:\Windows\System\ysuZcTg.exe
  C:\Windows\System\ysuZcTg.exe
  2⤵
  PID:7724
- C:\Windows\System\ImyRmpb.exe
  C:\Windows\System\ImyRmpb.exe
  2⤵
  PID:7760
- C:\Windows\System\wBycIos.exe
  C:\Windows\System\wBycIos.exe
  2⤵
  PID:7836
- C:\Windows\System\hKcttcN.exe
  C:\Windows\System\hKcttcN.exe
  2⤵
  PID:7896
- C:\Windows\System\vWQoIzp.exe
  C:\Windows\System\vWQoIzp.exe
  2⤵
  PID:2996
- C:\Windows\System\pflYLbK.exe
  C:\Windows\System\pflYLbK.exe
  2⤵
  PID:8012
- C:\Windows\System\RDKLxpH.exe
  C:\Windows\System\RDKLxpH.exe
  2⤵
  PID:1576
- C:\Windows\System\lPAbfJV.exe
  C:\Windows\System\lPAbfJV.exe
  2⤵
  PID:8092
- C:\Windows\System\xoHEJwc.exe
  C:\Windows\System\xoHEJwc.exe
  2⤵
  PID:8148
- C:\Windows\System\GUSexwZ.exe
  C:\Windows\System\GUSexwZ.exe
  2⤵
  PID:6892
- C:\Windows\System\hQOezJZ.exe
  C:\Windows\System\hQOezJZ.exe
  2⤵
  PID:532
- C:\Windows\System\nVarpMy.exe
  C:\Windows\System\nVarpMy.exe
  2⤵
  PID:6672
- C:\Windows\System\BBSUOfR.exe
  C:\Windows\System\BBSUOfR.exe
  2⤵
  PID:2408
- C:\Windows\System\nqilNhl.exe
  C:\Windows\System\nqilNhl.exe
  2⤵
  PID:7340
- C:\Windows\System\kIFgAOy.exe
  C:\Windows\System\kIFgAOy.exe
  2⤵
  PID:7752
- C:\Windows\System\RXzkHvY.exe
  C:\Windows\System\RXzkHvY.exe
  2⤵
  PID:7808
- C:\Windows\System\sAFhBxD.exe
  C:\Windows\System\sAFhBxD.exe
  2⤵
  PID:4532
- C:\Windows\System\VgoYxZj.exe
  C:\Windows\System\VgoYxZj.exe
  2⤵
  PID:2276
- C:\Windows\System\LrNnGva.exe
  C:\Windows\System\LrNnGva.exe
  2⤵
  PID:8120
- C:\Windows\System\zLyCBuU.exe
  C:\Windows\System\zLyCBuU.exe
  2⤵
  PID:8180
- C:\Windows\System\qHIdxkL.exe
  C:\Windows\System\qHIdxkL.exe
  2⤵
  PID:4840
- C:\Windows\System\SAQXBGM.exe
  C:\Windows\System\SAQXBGM.exe
  2⤵
  PID:4480
- C:\Windows\System\GlWKusS.exe
  C:\Windows\System\GlWKusS.exe
  2⤵
  PID:3180
- C:\Windows\System\TxXHhKg.exe
  C:\Windows\System\TxXHhKg.exe
  2⤵
  PID:4044
- C:\Windows\System\wcTOIfb.exe
  C:\Windows\System\wcTOIfb.exe
  2⤵
  PID:4640
- C:\Windows\System\TjQqtrG.exe
  C:\Windows\System\TjQqtrG.exe
  2⤵
  PID:4848
- C:\Windows\System\QxDnmPe.exe
  C:\Windows\System\QxDnmPe.exe
  2⤵
  PID:7644
- C:\Windows\System\rNajpBc.exe
  C:\Windows\System\rNajpBc.exe
  2⤵
  PID:6360
- C:\Windows\System\UJXIZqn.exe
  C:\Windows\System\UJXIZqn.exe
  2⤵
  PID:2616
- C:\Windows\System\CQfvvQB.exe
  C:\Windows\System\CQfvvQB.exe
  2⤵
  PID:8004
- C:\Windows\System\XNMZBmW.exe
  C:\Windows\System\XNMZBmW.exe
  2⤵
  PID:4256
- C:\Windows\System\SiQLbke.exe
  C:\Windows\System\SiQLbke.exe
  2⤵
  PID:3580
- C:\Windows\System\GpOQLyl.exe
  C:\Windows\System\GpOQLyl.exe
  2⤵
  PID:2112
- C:\Windows\System\NIeGbVZ.exe
  C:\Windows\System\NIeGbVZ.exe
  2⤵
  PID:7144
- C:\Windows\System\NDYekFz.exe
  C:\Windows\System\NDYekFz.exe
  2⤵
  PID:636
- C:\Windows\System\OSspnsS.exe
  C:\Windows\System\OSspnsS.exe
  2⤵
  PID:3516
- C:\Windows\System\MQRLJKp.exe
  C:\Windows\System\MQRLJKp.exe
  2⤵
  PID:8124
- C:\Windows\System\PQSOhHI.exe
  C:\Windows\System\PQSOhHI.exe
  2⤵
  PID:8216
- C:\Windows\System\noPgYxN.exe
  C:\Windows\System\noPgYxN.exe
  2⤵
  PID:8240
- C:\Windows\System\lRAPqxT.exe
  C:\Windows\System\lRAPqxT.exe
  2⤵
  PID:8268
- C:\Windows\System\ShvAtik.exe
  C:\Windows\System\ShvAtik.exe
  2⤵
  PID:8300
- C:\Windows\System\beesJbS.exe
  C:\Windows\System\beesJbS.exe
  2⤵
  PID:8328
- C:\Windows\System\UGAHQzE.exe
  C:\Windows\System\UGAHQzE.exe
  2⤵
  PID:8364
- C:\Windows\System\elyQyUa.exe
  C:\Windows\System\elyQyUa.exe
  2⤵
  PID:8392
- C:\Windows\System\XXyWdob.exe
  C:\Windows\System\XXyWdob.exe
  2⤵
  PID:8436
- C:\Windows\System\OQbOghz.exe
  C:\Windows\System\OQbOghz.exe
  2⤵
  PID:8456
- C:\Windows\System\jVAYVqV.exe
  C:\Windows\System\jVAYVqV.exe
  2⤵
  PID:8492
- C:\Windows\System\jloHgto.exe
  C:\Windows\System\jloHgto.exe
  2⤵
  PID:8524
- C:\Windows\System\WqEYxbi.exe
  C:\Windows\System\WqEYxbi.exe
  2⤵
  PID:8552
- C:\Windows\System\IRQWQxn.exe
  C:\Windows\System\IRQWQxn.exe
  2⤵
  PID:8628
- C:\Windows\System\EvwvtxY.exe
  C:\Windows\System\EvwvtxY.exe
  2⤵
  PID:8656
- C:\Windows\System\qZIrUvL.exe
  C:\Windows\System\qZIrUvL.exe
  2⤵
  PID:8684
- C:\Windows\System\jXbVwzr.exe
  C:\Windows\System\jXbVwzr.exe
  2⤵
  PID:8700
- C:\Windows\System\FiVLAav.exe
  C:\Windows\System\FiVLAav.exe
  2⤵
  PID:8728
- C:\Windows\System\ryFaunv.exe
  C:\Windows\System\ryFaunv.exe
  2⤵
  PID:8776
- C:\Windows\System\VaPGiIP.exe
  C:\Windows\System\VaPGiIP.exe
  2⤵
  PID:8792
- C:\Windows\System\UIiEHwM.exe
  C:\Windows\System\UIiEHwM.exe
  2⤵
  PID:8828
- C:\Windows\System\DvrqzGv.exe
  C:\Windows\System\DvrqzGv.exe
  2⤵
  PID:8852
- C:\Windows\System\ELrhksc.exe
  C:\Windows\System\ELrhksc.exe
  2⤵
  PID:8892
- C:\Windows\System\ryEbYAK.exe
  C:\Windows\System\ryEbYAK.exe
  2⤵
  PID:8920
- C:\Windows\System\oCldKpc.exe
  C:\Windows\System\oCldKpc.exe
  2⤵
  PID:8952
- C:\Windows\System\jabnfpf.exe
  C:\Windows\System\jabnfpf.exe
  2⤵
  PID:8980
- C:\Windows\System\ojXEWFm.exe
  C:\Windows\System\ojXEWFm.exe
  2⤵
  PID:9008
- C:\Windows\System\tceKgDf.exe
  C:\Windows\System\tceKgDf.exe
  2⤵
  PID:9028
- C:\Windows\System\faGnrZr.exe
  C:\Windows\System\faGnrZr.exe
  2⤵
  PID:9068
- C:\Windows\System\liWnONG.exe
  C:\Windows\System\liWnONG.exe
  2⤵
  PID:9092
- C:\Windows\System\MmtacAc.exe
  C:\Windows\System\MmtacAc.exe
  2⤵
  PID:9116
- C:\Windows\System\QLPsMfF.exe
  C:\Windows\System\QLPsMfF.exe
  2⤵
  PID:9140
- C:\Windows\System\fFzWebv.exe
  C:\Windows\System\fFzWebv.exe
  2⤵
  PID:9176
- C:\Windows\System\vCJzQae.exe
  C:\Windows\System\vCJzQae.exe
  2⤵
  PID:9212
- C:\Windows\System\EWpgaIL.exe
  C:\Windows\System\EWpgaIL.exe
  2⤵
  PID:8204
- C:\Windows\System\SrPrVdT.exe
  C:\Windows\System\SrPrVdT.exe
  2⤵
  PID:8256
- C:\Windows\System\skFBdRR.exe
  C:\Windows\System\skFBdRR.exe
  2⤵
  PID:8320
- C:\Windows\System\SPSDYtO.exe
  C:\Windows\System\SPSDYtO.exe
  2⤵
  PID:8384
- C:\Windows\System\neLYsgE.exe
  C:\Windows\System\neLYsgE.exe
  2⤵
  PID:8444
- C:\Windows\System\mMqQTHY.exe
  C:\Windows\System\mMqQTHY.exe
  2⤵
  PID:8560
- C:\Windows\System\NStbDHS.exe
  C:\Windows\System\NStbDHS.exe
  2⤵
  PID:7948
- C:\Windows\System\ktQAAes.exe
  C:\Windows\System\ktQAAes.exe
  2⤵
  PID:8676
- C:\Windows\System\VehooGP.exe
  C:\Windows\System\VehooGP.exe
  2⤵
  PID:8720
- C:\Windows\System\oIsrKfh.exe
  C:\Windows\System\oIsrKfh.exe
  2⤵
  PID:8816
- C:\Windows\System\SiknPre.exe
  C:\Windows\System\SiknPre.exe
  2⤵
  PID:8868
- C:\Windows\System\jjLjasl.exe
  C:\Windows\System\jjLjasl.exe
  2⤵
  PID:8932
- C:\Windows\System\emegbSO.exe
  C:\Windows\System\emegbSO.exe
  2⤵
  PID:8992
- C:\Windows\System\zLKZQxX.exe
  C:\Windows\System\zLKZQxX.exe
  2⤵
  PID:9084
- C:\Windows\System\LAlOKPb.exe
  C:\Windows\System\LAlOKPb.exe
  2⤵
  PID:9136
- C:\Windows\System\GDdBvaA.exe
  C:\Windows\System\GDdBvaA.exe
  2⤵
  PID:9196
- C:\Windows\System\PYicBLZ.exe
  C:\Windows\System\PYicBLZ.exe
  2⤵
  PID:8232
- C:\Windows\System\VlaHTfE.exe
  C:\Windows\System\VlaHTfE.exe
  2⤵
  PID:8316
- C:\Windows\System\LGuDnvs.exe
  C:\Windows\System\LGuDnvs.exe
  2⤵
  PID:2284
- C:\Windows\System\vobfLqE.exe
  C:\Windows\System\vobfLqE.exe
  2⤵
  PID:8480
- C:\Windows\System\yGqkmZt.exe
  C:\Windows\System\yGqkmZt.exe
  2⤵
  PID:8652
- C:\Windows\System\ITvYRgO.exe
  C:\Windows\System\ITvYRgO.exe
  2⤵
  PID:8848
- C:\Windows\System\PiECArA.exe
  C:\Windows\System\PiECArA.exe
  2⤵
  PID:8976
- C:\Windows\System\cLxYpOC.exe
  C:\Windows\System\cLxYpOC.exe
  2⤵
  PID:892
- C:\Windows\System\NLBXGjA.exe
  C:\Windows\System\NLBXGjA.exe
  2⤵
  PID:4688
- C:\Windows\System\DcCJvBx.exe
  C:\Windows\System\DcCJvBx.exe
  2⤵
  PID:8772
- C:\Windows\System\WcBkCRj.exe
  C:\Windows\System\WcBkCRj.exe
  2⤵
  PID:1092
- C:\Windows\System\bAXCHxX.exe
  C:\Windows\System\bAXCHxX.exe
  2⤵
  PID:4708
- C:\Windows\System\ZCUgRAd.exe
  C:\Windows\System\ZCUgRAd.exe
  2⤵
  PID:3168
- C:\Windows\System\GPKOAcq.exe
  C:\Windows\System\GPKOAcq.exe
  2⤵
  PID:8548
- C:\Windows\System\UFQtThc.exe
  C:\Windows\System\UFQtThc.exe
  2⤵
  PID:9228
- C:\Windows\System\EeOoNrp.exe
  C:\Windows\System\EeOoNrp.exe
  2⤵
  PID:9256
- C:\Windows\System\dYCtpay.exe
  C:\Windows\System\dYCtpay.exe
  2⤵
  PID:9284
- C:\Windows\System\mMBPydr.exe
  C:\Windows\System\mMBPydr.exe
  2⤵
  PID:9312
- C:\Windows\System\fqSLLrf.exe
  C:\Windows\System\fqSLLrf.exe
  2⤵
  PID:9332
- C:\Windows\System\iOKSUWV.exe
  C:\Windows\System\iOKSUWV.exe
  2⤵
  PID:9360
- C:\Windows\System\gkPjVcv.exe
  C:\Windows\System\gkPjVcv.exe
  2⤵
  PID:9400
- C:\Windows\System\QBmQIBJ.exe
  C:\Windows\System\QBmQIBJ.exe
  2⤵
  PID:9420
- C:\Windows\System\cagYEpH.exe
  C:\Windows\System\cagYEpH.exe
  2⤵
  PID:9444
- C:\Windows\System\geqdwtM.exe
  C:\Windows\System\geqdwtM.exe
  2⤵
  PID:9472
- C:\Windows\System\iOGOLux.exe
  C:\Windows\System\iOGOLux.exe
  2⤵
  PID:9500
- C:\Windows\System\VHYtviF.exe
  C:\Windows\System\VHYtviF.exe
  2⤵
  PID:9540
- C:\Windows\System\qxaZjGK.exe
  C:\Windows\System\qxaZjGK.exe
  2⤵
  PID:9568
- C:\Windows\System\MHGebpB.exe
  C:\Windows\System\MHGebpB.exe
  2⤵
  PID:9596
- C:\Windows\System\EISVwna.exe
  C:\Windows\System\EISVwna.exe
  2⤵
  PID:9624
- C:\Windows\System\AolYeOu.exe
  C:\Windows\System\AolYeOu.exe
  2⤵
  PID:9640
- C:\Windows\System\nGVyywo.exe
  C:\Windows\System\nGVyywo.exe
  2⤵
  PID:9668
- C:\Windows\System\NZlMxXe.exe
  C:\Windows\System\NZlMxXe.exe
  2⤵
  PID:9708
- C:\Windows\System\vOyoVwM.exe
  C:\Windows\System\vOyoVwM.exe
  2⤵
  PID:9736
- C:\Windows\System\jBHTNJJ.exe
  C:\Windows\System\jBHTNJJ.exe
  2⤵
  PID:9752
- C:\Windows\System\wYPdfzj.exe
  C:\Windows\System\wYPdfzj.exe
  2⤵
  PID:9772
- C:\Windows\System\Hluyyzq.exe
  C:\Windows\System\Hluyyzq.exe
  2⤵
  PID:9796
- C:\Windows\System\NkBtrMw.exe
  C:\Windows\System\NkBtrMw.exe
  2⤵
  PID:9824
- C:\Windows\System\YxtYECa.exe
  C:\Windows\System\YxtYECa.exe
  2⤵
  PID:9856
- C:\Windows\System\NiBEoio.exe
  C:\Windows\System\NiBEoio.exe
  2⤵
  PID:9900
- C:\Windows\System\dAGFrDy.exe
  C:\Windows\System\dAGFrDy.exe
  2⤵
  PID:9932
- C:\Windows\System\rRjwmWn.exe
  C:\Windows\System\rRjwmWn.exe
  2⤵
  PID:9948
- C:\Windows\System\VWjuIKf.exe
  C:\Windows\System\VWjuIKf.exe
  2⤵
  PID:9988
- C:\Windows\System\xGUDFGF.exe
  C:\Windows\System\xGUDFGF.exe
  2⤵
  PID:10008
- C:\Windows\System\NtexoJc.exe
  C:\Windows\System\NtexoJc.exe
  2⤵
  PID:10048
- C:\Windows\System\orClOGZ.exe
  C:\Windows\System\orClOGZ.exe
  2⤵
  PID:10076
- C:\Windows\System\aHryIbc.exe
  C:\Windows\System\aHryIbc.exe
  2⤵
  PID:10108
- C:\Windows\System\GvGMlZc.exe
  C:\Windows\System\GvGMlZc.exe
  2⤵
  PID:10136
- C:\Windows\System\HBIMwHD.exe
  C:\Windows\System\HBIMwHD.exe
  2⤵
  PID:10152
- C:\Windows\System\lsUplLF.exe
  C:\Windows\System\lsUplLF.exe
  2⤵
  PID:10192
- C:\Windows\System\jQlTtQh.exe
  C:\Windows\System\jQlTtQh.exe
  2⤵
  PID:10208
- C:\Windows\System\dIRUVRe.exe
  C:\Windows\System\dIRUVRe.exe
  2⤵
  PID:8248
- C:\Windows\System\owmskfh.exe
  C:\Windows\System\owmskfh.exe
  2⤵
  PID:9276
- C:\Windows\System\BMZKYmz.exe
  C:\Windows\System\BMZKYmz.exe
  2⤵
  PID:9352
- C:\Windows\System\TxqoaiN.exe
  C:\Windows\System\TxqoaiN.exe
  2⤵
  PID:9392
- C:\Windows\System\TBJHhkx.exe
  C:\Windows\System\TBJHhkx.exe
  2⤵
  PID:9468
- C:\Windows\System\qIJpmaH.exe
  C:\Windows\System\qIJpmaH.exe
  2⤵
  PID:9552
- C:\Windows\System\iKEYoSr.exe
  C:\Windows\System\iKEYoSr.exe
  2⤵
  PID:9584
- C:\Windows\System\cpnMkla.exe
  C:\Windows\System\cpnMkla.exe
  2⤵
  PID:9664
- C:\Windows\System\hJRHwjN.exe
  C:\Windows\System\hJRHwjN.exe
  2⤵
  PID:9720
- C:\Windows\System\FszUgwh.exe
  C:\Windows\System\FszUgwh.exe
  2⤵
  PID:9788
- C:\Windows\System\mpkCHXb.exe
  C:\Windows\System\mpkCHXb.exe
  2⤵
  PID:9884
- C:\Windows\System\rZOjRQc.exe
  C:\Windows\System\rZOjRQc.exe
  2⤵
  PID:9928
- C:\Windows\System\CAvrkOO.exe
  C:\Windows\System\CAvrkOO.exe
  2⤵
  PID:9972
- C:\Windows\System\kvNYslz.exe
  C:\Windows\System\kvNYslz.exe
  2⤵
  PID:10032
- C:\Windows\System\bpzKknP.exe
  C:\Windows\System\bpzKknP.exe
  2⤵
  PID:10124
- C:\Windows\System\EivezPY.exe
  C:\Windows\System\EivezPY.exe
  2⤵
  PID:10184
- C:\Windows\System\HIEWkRB.exe
  C:\Windows\System\HIEWkRB.exe
  2⤵
  PID:10224
- C:\Windows\System\fyHrvit.exe
  C:\Windows\System\fyHrvit.exe
  2⤵
  PID:9432
- C:\Windows\System\Rvbrljt.exe
  C:\Windows\System\Rvbrljt.exe
  2⤵
  PID:9564
- C:\Windows\System\AwVFVgK.exe
  C:\Windows\System\AwVFVgK.exe
  2⤵
  PID:9744
- C:\Windows\System\dWCHJNz.exe
  C:\Windows\System\dWCHJNz.exe
  2⤵
  PID:9868
- C:\Windows\System\LDlOLnv.exe
  C:\Windows\System\LDlOLnv.exe
  2⤵
  PID:10004
- C:\Windows\System\BszZyYE.exe
  C:\Windows\System\BszZyYE.exe
  2⤵
  PID:10132
- C:\Windows\System\CHRHSJN.exe
  C:\Windows\System\CHRHSJN.exe
  2⤵
  PID:9328
- C:\Windows\System\vwTTTjO.exe
  C:\Windows\System\vwTTTjO.exe
  2⤵
  PID:9652
- C:\Windows\System\ZihxTqE.exe
  C:\Windows\System\ZihxTqE.exe
  2⤵
  PID:10128
- C:\Windows\System\WtyxpSb.exe
  C:\Windows\System\WtyxpSb.exe
  2⤵
  PID:9324
- C:\Windows\System\iqsyTFo.exe
  C:\Windows\System\iqsyTFo.exe
  2⤵
  PID:9920
- C:\Windows\System\qoTzfMm.exe
  C:\Windows\System\qoTzfMm.exe
  2⤵
  PID:10268
- C:\Windows\System\CRUsZdh.exe
  C:\Windows\System\CRUsZdh.exe
  2⤵
  PID:10292
- C:\Windows\System\LXyRwsm.exe
  C:\Windows\System\LXyRwsm.exe
  2⤵
  PID:10336
- C:\Windows\System\kXDBQLH.exe
  C:\Windows\System\kXDBQLH.exe
  2⤵
  PID:10364
- C:\Windows\System\kdzqBSX.exe
  C:\Windows\System\kdzqBSX.exe
  2⤵
  PID:10392
- C:\Windows\System\FNiHlup.exe
  C:\Windows\System\FNiHlup.exe
  2⤵
  PID:10420
- C:\Windows\System\aqlBNrv.exe
  C:\Windows\System\aqlBNrv.exe
  2⤵
  PID:10460
- C:\Windows\System\FDXcgbL.exe
  C:\Windows\System\FDXcgbL.exe
  2⤵
  PID:10476
- C:\Windows\System\MNZhFRY.exe
  C:\Windows\System\MNZhFRY.exe
  2⤵
  PID:10516
- C:\Windows\System\yIbfQpp.exe
  C:\Windows\System\yIbfQpp.exe
  2⤵
  PID:10532
- C:\Windows\System\tqbMbLk.exe
  C:\Windows\System\tqbMbLk.exe
  2⤵
  PID:10572
- C:\Windows\System\nYOMNhm.exe
  C:\Windows\System\nYOMNhm.exe
  2⤵
  PID:10600
- C:\Windows\System\LXZUnvx.exe
  C:\Windows\System\LXZUnvx.exe
  2⤵
  PID:10624
- C:\Windows\System\frAKENo.exe
  C:\Windows\System\frAKENo.exe
  2⤵
  PID:10644
- C:\Windows\System\gJpYCgY.exe
  C:\Windows\System\gJpYCgY.exe
  2⤵
  PID:10684
- C:\Windows\System\lKLkNeC.exe
  C:\Windows\System\lKLkNeC.exe
  2⤵
  PID:10700
- C:\Windows\System\GeTKReP.exe
  C:\Windows\System\GeTKReP.exe
  2⤵
  PID:10740
- C:\Windows\System\JesKmrG.exe
  C:\Windows\System\JesKmrG.exe
  2⤵
  PID:10768
- C:\Windows\System\rFKNdSC.exe
  C:\Windows\System\rFKNdSC.exe
  2⤵
  PID:10796
- C:\Windows\System\eYdWLgL.exe
  C:\Windows\System\eYdWLgL.exe
  2⤵
  PID:10824
- C:\Windows\System\cxlsatm.exe
  C:\Windows\System\cxlsatm.exe
  2⤵
  PID:10856
- C:\Windows\System\GtROqlY.exe
  C:\Windows\System\GtROqlY.exe
  2⤵
  PID:10884
- C:\Windows\System\qhFfGLh.exe
  C:\Windows\System\qhFfGLh.exe
  2⤵
  PID:10912
- C:\Windows\System\gTDldEb.exe
  C:\Windows\System\gTDldEb.exe
  2⤵
  PID:10940
- C:\Windows\System\hJcLLcC.exe
  C:\Windows\System\hJcLLcC.exe
  2⤵
  PID:10968
- C:\Windows\System\xaOHWvB.exe
  C:\Windows\System\xaOHWvB.exe
  2⤵
  PID:10988
- C:\Windows\System\BFCgcAi.exe
  C:\Windows\System\BFCgcAi.exe
  2⤵
  PID:11012
- C:\Windows\System\qNqcSLL.exe
  C:\Windows\System\qNqcSLL.exe
  2⤵
  PID:11040
- C:\Windows\System\VmRouxQ.exe
  C:\Windows\System\VmRouxQ.exe
  2⤵
  PID:11068
- C:\Windows\System\LKeLTCY.exe
  C:\Windows\System\LKeLTCY.exe
  2⤵
  PID:11096
- C:\Windows\System\qNKyoox.exe
  C:\Windows\System\qNKyoox.exe
  2⤵
  PID:11136
- C:\Windows\System\fGfIagx.exe
  C:\Windows\System\fGfIagx.exe
  2⤵
  PID:11152
- C:\Windows\System\cPllxzT.exe
  C:\Windows\System\cPllxzT.exe
  2⤵
  PID:11184
- C:\Windows\System\wwJDwPP.exe
  C:\Windows\System\wwJDwPP.exe
  2⤵
  PID:11220
- C:\Windows\System\SJUhYcR.exe
  C:\Windows\System\SJUhYcR.exe
  2⤵
  PID:11252
- C:\Windows\System\aVYuFef.exe
  C:\Windows\System\aVYuFef.exe
  2⤵
  PID:9524
- C:\Windows\System\bFDhjDs.exe
  C:\Windows\System\bFDhjDs.exe
  2⤵
  PID:10352
- C:\Windows\System\GwTFZdn.exe
  C:\Windows\System\GwTFZdn.exe
  2⤵
  PID:10380
- C:\Windows\System\NGaHjfG.exe
  C:\Windows\System\NGaHjfG.exe
  2⤵
  PID:10432
- C:\Windows\System\IgXgrDA.exe
  C:\Windows\System\IgXgrDA.exe
  2⤵
  PID:10500
- C:\Windows\System\BOlSIZx.exe
  C:\Windows\System\BOlSIZx.exe
  2⤵
  PID:10544
- C:\Windows\System\llzzfte.exe
  C:\Windows\System\llzzfte.exe
  2⤵
  PID:10616
- C:\Windows\System\WBAgGHk.exe
  C:\Windows\System\WBAgGHk.exe
  2⤵
  PID:10084
- C:\Windows\System\JfcCSCv.exe
  C:\Windows\System\JfcCSCv.exe
  2⤵
  PID:10764
- C:\Windows\System\kUMoIqd.exe
  C:\Windows\System\kUMoIqd.exe
  2⤵
  PID:10820
- C:\Windows\System\hkPyLEg.exe
  C:\Windows\System\hkPyLEg.exe
  2⤵
  PID:10896
- C:\Windows\System\SBRXnfD.exe
  C:\Windows\System\SBRXnfD.exe
  2⤵
  PID:10956
- C:\Windows\System\CmyBPwv.exe
  C:\Windows\System\CmyBPwv.exe
  2⤵
  PID:11032
- C:\Windows\System\hatDgqS.exe
  C:\Windows\System\hatDgqS.exe
  2⤵
  PID:11088
- C:\Windows\System\PEumAqv.exe
  C:\Windows\System\PEumAqv.exe
  2⤵
  PID:11144
- C:\Windows\System\TRrvZvG.exe
  C:\Windows\System\TRrvZvG.exe
  2⤵
  PID:11232
- C:\Windows\System\gHOCTip.exe
  C:\Windows\System\gHOCTip.exe
  2⤵
  PID:10260
- C:\Windows\System\ALvSUaP.exe
  C:\Windows\System\ALvSUaP.exe
  2⤵
  PID:10416
- C:\Windows\System\NMyPzis.exe
  C:\Windows\System\NMyPzis.exe
  2⤵
  PID:10568
- C:\Windows\System\BgzsfDO.exe
  C:\Windows\System\BgzsfDO.exe
  2⤵
  PID:10716
- C:\Windows\System\PbiKbws.exe
  C:\Windows\System\PbiKbws.exe
  2⤵
  PID:10808
- C:\Windows\System\XkooGAo.exe
  C:\Windows\System\XkooGAo.exe
  2⤵
  PID:10984
- C:\Windows\System\LQnZMDc.exe
  C:\Windows\System\LQnZMDc.exe
  2⤵
  PID:11112
- C:\Windows\System\FMxKOGa.exe
  C:\Windows\System\FMxKOGa.exe
  2⤵
  PID:9588
- C:\Windows\System\JiDIYYt.exe
  C:\Windows\System\JiDIYYt.exe
  2⤵
  PID:10524
- C:\Windows\System\ZUiHckg.exe
  C:\Windows\System\ZUiHckg.exe
  2⤵
  PID:11052
- C:\Windows\System\tGjdYTD.exe
  C:\Windows\System\tGjdYTD.exe
  2⤵
  PID:10496
- C:\Windows\System\UBGiwTS.exe
  C:\Windows\System\UBGiwTS.exe
  2⤵
  PID:11204
- C:\Windows\System\koZuwGU.exe
  C:\Windows\System\koZuwGU.exe
  2⤵
  PID:11284
- C:\Windows\System\IFmwDkm.exe
  C:\Windows\System\IFmwDkm.exe
  2⤵
  PID:11324
- C:\Windows\System\VBEpsKJ.exe
  C:\Windows\System\VBEpsKJ.exe
  2⤵
  PID:11340
- C:\Windows\System\DJBlYqf.exe
  C:\Windows\System\DJBlYqf.exe
  2⤵
  PID:11396
- C:\Windows\System\IiMUpZI.exe
  C:\Windows\System\IiMUpZI.exe
  2⤵
  PID:11440
- C:\Windows\System\egSEpoa.exe
  C:\Windows\System\egSEpoa.exe
  2⤵
  PID:11480
- C:\Windows\System\WazzGaL.exe
  C:\Windows\System\WazzGaL.exe
  2⤵
  PID:11496
- C:\Windows\System\wxhoEhm.exe
  C:\Windows\System\wxhoEhm.exe
  2⤵
  PID:11516
- C:\Windows\System\Ncvvdij.exe
  C:\Windows\System\Ncvvdij.exe
  2⤵
  PID:11548
- C:\Windows\System\zGnuGHI.exe
  C:\Windows\System\zGnuGHI.exe
  2⤵
  PID:11576
- C:\Windows\System\SDbiSXa.exe
  C:\Windows\System\SDbiSXa.exe
  2⤵
  PID:11612
- C:\Windows\System\yQRFHkF.exe
  C:\Windows\System\yQRFHkF.exe
  2⤵
  PID:11656
- C:\Windows\System\HDOlGfb.exe
  C:\Windows\System\HDOlGfb.exe
  2⤵
  PID:11684
- C:\Windows\System\BvMMKMt.exe
  C:\Windows\System\BvMMKMt.exe
  2⤵
  PID:11704
- C:\Windows\System\NOeFhhZ.exe
  C:\Windows\System\NOeFhhZ.exe
  2⤵
  PID:11732
- C:\Windows\System\pjnNPrT.exe
  C:\Windows\System\pjnNPrT.exe
  2⤵
  PID:11768
- C:\Windows\System\hypPeaU.exe
  C:\Windows\System\hypPeaU.exe
  2⤵
  PID:11812
- C:\Windows\System\QWtGBol.exe
  C:\Windows\System\QWtGBol.exe
  2⤵
  PID:11840
- C:\Windows\System\vDQemmF.exe
  C:\Windows\System\vDQemmF.exe
  2⤵
  PID:11856
- C:\Windows\System\COWLHRX.exe
  C:\Windows\System\COWLHRX.exe
  2⤵
  PID:11896
- C:\Windows\System\PERfoRp.exe
  C:\Windows\System\PERfoRp.exe
  2⤵
  PID:11924
- C:\Windows\System\KGyhEhu.exe
  C:\Windows\System\KGyhEhu.exe
  2⤵
  PID:11972
- C:\Windows\System\YLtNfoo.exe
  C:\Windows\System\YLtNfoo.exe
  2⤵
  PID:11992
- C:\Windows\System\lYrbksd.exe
  C:\Windows\System\lYrbksd.exe
  2⤵
  PID:12020
- C:\Windows\System\nowdbOa.exe
  C:\Windows\System\nowdbOa.exe
  2⤵
  PID:12040
- C:\Windows\System\AbAmDPu.exe
  C:\Windows\System\AbAmDPu.exe
  2⤵
  PID:12068
- C:\Windows\System\uBpIMWV.exe
  C:\Windows\System\uBpIMWV.exe
  2⤵
  PID:12092
- C:\Windows\System\iwyXLng.exe
  C:\Windows\System\iwyXLng.exe
  2⤵
  PID:12128
- C:\Windows\System\URSPgXP.exe
  C:\Windows\System\URSPgXP.exe
  2⤵
  PID:12160
- C:\Windows\System\KeLbqrL.exe
  C:\Windows\System\KeLbqrL.exe
  2⤵
  PID:12184
- C:\Windows\System\NGConAK.exe
  C:\Windows\System\NGConAK.exe
  2⤵
  PID:12204
- C:\Windows\System\RrjhtYV.exe
  C:\Windows\System\RrjhtYV.exe
  2⤵
  PID:12232
- C:\Windows\System\vjXmcqo.exe
  C:\Windows\System\vjXmcqo.exe
  2⤵
  PID:12260
- C:\Windows\System\FygGGFY.exe
  C:\Windows\System\FygGGFY.exe
  2⤵
  PID:11008
- C:\Windows\System\NAIDaZk.exe
  C:\Windows\System\NAIDaZk.exe
  2⤵
  PID:11320
- C:\Windows\System\OwTxlEv.exe
  C:\Windows\System\OwTxlEv.exe
  2⤵
  PID:11380
- C:\Windows\System\qjSakjS.exe
  C:\Windows\System\qjSakjS.exe
  2⤵
  PID:11460
- C:\Windows\System\WOzThAJ.exe
  C:\Windows\System\WOzThAJ.exe
  2⤵
  PID:11504
- C:\Windows\System\DaHKUzy.exe
  C:\Windows\System\DaHKUzy.exe
  2⤵
  PID:11604
- C:\Windows\System\WJhVqqF.exe
  C:\Windows\System\WJhVqqF.exe
  2⤵
  PID:11648
- C:\Windows\System\wyIXswh.exe
  C:\Windows\System\wyIXswh.exe
  2⤵
  PID:11724
- C:\Windows\System\aqxdUjg.exe
  C:\Windows\System\aqxdUjg.exe
  2⤵
  PID:11792
- C:\Windows\System\hikHHqJ.exe
  C:\Windows\System\hikHHqJ.exe
  2⤵
  PID:11868
- C:\Windows\System\dbsrxhs.exe
  C:\Windows\System\dbsrxhs.exe
  2⤵
  PID:11940
- C:\Windows\System\XycBLtQ.exe
  C:\Windows\System\XycBLtQ.exe
  2⤵
  PID:12012
- C:\Windows\System\poVwfUl.exe
  C:\Windows\System\poVwfUl.exe
  2⤵
  PID:12056
- C:\Windows\System\ZSPTvtk.exe
  C:\Windows\System\ZSPTvtk.exe
  2⤵
  PID:12136
- C:\Windows\System\QpABBOo.exe
  C:\Windows\System\QpABBOo.exe
  2⤵
  PID:11280
- C:\Windows\System\YWOLeZt.exe
  C:\Windows\System\YWOLeZt.exe
  2⤵
  PID:11492
- C:\Windows\System\fjzzFXE.exe
  C:\Windows\System\fjzzFXE.exe
  2⤵
  PID:11652
- C:\Windows\System\jJScPmW.exe
  C:\Windows\System\jJScPmW.exe
  2⤵
  PID:11696
- C:\Windows\System\xAgIfsg.exe
  C:\Windows\System\xAgIfsg.exe
  2⤵
  PID:12008
- C:\Windows\System\FNUTGnh.exe
  C:\Windows\System\FNUTGnh.exe
  2⤵
  PID:12076
- C:\Windows\System\SbtLIWQ.exe
  C:\Windows\System\SbtLIWQ.exe
  2⤵
  PID:12120
- C:\Windows\System\PYZWlPZ.exe
  C:\Windows\System\PYZWlPZ.exe
  2⤵
  PID:12240
- C:\Windows\System\XPwfwWC.exe
  C:\Windows\System\XPwfwWC.exe
  2⤵
  PID:11988
- C:\Windows\System\mloKmxh.exe
  C:\Windows\System\mloKmxh.exe
  2⤵
  PID:12220
- C:\Windows\System\zpSRgDE.exe
  C:\Windows\System\zpSRgDE.exe
  2⤵
  PID:12304
- C:\Windows\System\tVnDHBG.exe
  C:\Windows\System\tVnDHBG.exe
  2⤵
  PID:12332
- C:\Windows\System\gOaPbNL.exe
  C:\Windows\System\gOaPbNL.exe
  2⤵
  PID:12356
- C:\Windows\System\iCjqOty.exe
  C:\Windows\System\iCjqOty.exe
  2⤵
  PID:12380
- C:\Windows\System\EhgwgTb.exe
  C:\Windows\System\EhgwgTb.exe
  2⤵
  PID:12412
- C:\Windows\System\AtuwvRg.exe
  C:\Windows\System\AtuwvRg.exe
  2⤵
  PID:12432
- C:\Windows\System\nSAOKaQ.exe
  C:\Windows\System\nSAOKaQ.exe
  2⤵
  PID:12472
- C:\Windows\System\mMzFJQm.exe
  C:\Windows\System\mMzFJQm.exe
  2⤵
  PID:12496
- C:\Windows\System\sOWxxJA.exe
  C:\Windows\System\sOWxxJA.exe
  2⤵
  PID:12552
- C:\Windows\System\RKeNayK.exe
  C:\Windows\System\RKeNayK.exe
  2⤵
  PID:12608
- C:\Windows\System\GlJxBdy.exe
  C:\Windows\System\GlJxBdy.exe
  2⤵
  PID:12624
- C:\Windows\System\kODdmMo.exe
  C:\Windows\System\kODdmMo.exe
  2⤵
  PID:12640
- C:\Windows\System\uofXgsW.exe
  C:\Windows\System\uofXgsW.exe
  2⤵
  PID:12680
- C:\Windows\System\XBrEtjY.exe
  C:\Windows\System\XBrEtjY.exe
  2⤵
  PID:12724
- C:\Windows\System\UgzNeNx.exe
  C:\Windows\System\UgzNeNx.exe
  2⤵
  PID:12752
- C:\Windows\System\EYELLdR.exe
  C:\Windows\System\EYELLdR.exe
  2⤵
  PID:12768
- C:\Windows\System\lZNrtxK.exe
  C:\Windows\System\lZNrtxK.exe
  2⤵
  PID:12808
- C:\Windows\System\rqZaEoM.exe
  C:\Windows\System\rqZaEoM.exe
  2⤵
  PID:12844
- C:\Windows\System\rVbuRKk.exe
  C:\Windows\System\rVbuRKk.exe
  2⤵
  PID:12876
- C:\Windows\System\smJrbAE.exe
  C:\Windows\System\smJrbAE.exe
  2⤵
  PID:12912
- C:\Windows\System\RDoWxDZ.exe
  C:\Windows\System\RDoWxDZ.exe
  2⤵
  PID:12936
- C:\Windows\System\uYUswDt.exe
  C:\Windows\System\uYUswDt.exe
  2⤵
  PID:12968
- C:\Windows\System\ImjMzZm.exe
  C:\Windows\System\ImjMzZm.exe
  2⤵
  PID:13008
- C:\Windows\System\pOfnPLJ.exe
  C:\Windows\System\pOfnPLJ.exe
  2⤵
  PID:13040
- C:\Windows\System\CUMmizQ.exe
  C:\Windows\System\CUMmizQ.exe
  2⤵
  PID:13072
- C:\Windows\System\RYzwkfB.exe
  C:\Windows\System\RYzwkfB.exe
  2⤵
  PID:13100
- C:\Windows\System\YyTrZoG.exe
  C:\Windows\System\YyTrZoG.exe
  2⤵
  PID:13132
- C:\Windows\System\ZgLqlqY.exe
  C:\Windows\System\ZgLqlqY.exe
  2⤵
  PID:13156
- C:\Windows\System\JwQUZMl.exe
  C:\Windows\System\JwQUZMl.exe
  2⤵
  PID:13184
- C:\Windows\System\qFAIlvP.exe
  C:\Windows\System\qFAIlvP.exe
  2⤵
  PID:13228
- C:\Windows\System\pOkwpgJ.exe
  C:\Windows\System\pOkwpgJ.exe
  2⤵
  PID:13272
- C:\Windows\System\ZrSZvWc.exe
  C:\Windows\System\ZrSZvWc.exe
  2⤵
  PID:13300
- C:\Windows\System\uTQdIKp.exe
  C:\Windows\System\uTQdIKp.exe
  2⤵
  PID:12300
- C:\Windows\System\ccPGVDc.exe
  C:\Windows\System\ccPGVDc.exe
  2⤵
  PID:12376
- C:\Windows\System\CKWyWaz.exe
  C:\Windows\System\CKWyWaz.exe
  2⤵
  PID:12464
- C:\Windows\System\XpBcllk.exe
  C:\Windows\System\XpBcllk.exe
  2⤵
  PID:12524
- C:\Windows\System\XoAjBgl.exe
  C:\Windows\System\XoAjBgl.exe
  2⤵
  PID:12592
- C:\Windows\System\yUyVoPy.exe
  C:\Windows\System\yUyVoPy.exe
  2⤵
  PID:12676
- C:\Windows\System\wWCNpuK.exe
  C:\Windows\System\wWCNpuK.exe
  2⤵
  PID:12736
- C:\Windows\System\KHXPoMB.exe
  C:\Windows\System\KHXPoMB.exe
  2⤵
  PID:12860
- C:\Windows\System\FEPzFkr.exe
  C:\Windows\System\FEPzFkr.exe
  2⤵
  PID:12872
- C:\Windows\System\YNZtwqx.exe
  C:\Windows\System\YNZtwqx.exe
  2⤵
  PID:12992
- C:\Windows\System\dNvFeCw.exe
  C:\Windows\System\dNvFeCw.exe
  2⤵
  PID:13108
- C:\Windows\System\PpKwimk.exe
  C:\Windows\System\PpKwimk.exe
  2⤵
  PID:13088
- C:\Windows\System\SRFXmsf.exe
  C:\Windows\System\SRFXmsf.exe
  2⤵
  PID:13172
- C:\Windows\System\AvvKLzI.exe
  C:\Windows\System\AvvKLzI.exe
  2⤵
  PID:13240
- C:\Windows\System\ldqMTvt.exe
  C:\Windows\System\ldqMTvt.exe
  2⤵
  PID:12368
- C:\Windows\System\DDhSzJg.exe
  C:\Windows\System\DDhSzJg.exe
  2⤵
  PID:12512
- C:\Windows\System\ClxvFhd.exe
  C:\Windows\System\ClxvFhd.exe
  2⤵
  PID:12716
- C:\Windows\System\CnCcSmp.exe
  C:\Windows\System\CnCcSmp.exe
  2⤵
  PID:12892
- C:\Windows\System\vnPyBfG.exe
  C:\Windows\System\vnPyBfG.exe
  2⤵
  PID:13056
- C:\Windows\System\qyRCCza.exe
  C:\Windows\System\qyRCCza.exe
  2⤵
  PID:13208
- C:\Windows\System\jQUcNsV.exe
  C:\Windows\System\jQUcNsV.exe
  2⤵
  PID:12428
- C:\Windows\System\QHwUYPD.exe
  C:\Windows\System\QHwUYPD.exe
  2⤵
  PID:12932
- C:\Windows\System\sCFYfvY.exe
  C:\Windows\System\sCFYfvY.exe
  2⤵
  PID:13032
- C:\Windows\System\FFCgumM.exe
  C:\Windows\System\FFCgumM.exe
  2⤵
  PID:2960
- C:\Windows\System\semPeAB.exe
  C:\Windows\System\semPeAB.exe
  2⤵
  PID:13340
- C:\Windows\System\oTPRBpq.exe
  C:\Windows\System\oTPRBpq.exe
  2⤵
  PID:13364
- C:\Windows\System\bBIYqhA.exe
  C:\Windows\System\bBIYqhA.exe
  2⤵
  PID:13392
- C:\Windows\System\zoHusiq.exe
  C:\Windows\System\zoHusiq.exe
  2⤵
  PID:13416
- C:\Windows\System\yzNCHwi.exe
  C:\Windows\System\yzNCHwi.exe
  2⤵
  PID:13468
- C:\Windows\System\USFpzQA.exe
  C:\Windows\System\USFpzQA.exe
  2⤵
  PID:13484
- C:\Windows\System\tibbhnW.exe
  C:\Windows\System\tibbhnW.exe
  2⤵
  PID:13516
- C:\Windows\System\sFaWyPP.exe
  C:\Windows\System\sFaWyPP.exe
  2⤵
  PID:13536
- C:\Windows\System\vgshYSV.exe
  C:\Windows\System\vgshYSV.exe
  2⤵
  PID:13560
- C:\Windows\System\zXVtWJD.exe
  C:\Windows\System\zXVtWJD.exe
  2⤵
  PID:13608
- C:\Windows\System\CTUABYV.exe
  C:\Windows\System\CTUABYV.exe
  2⤵
  PID:13652
- C:\Windows\System\PqxhOFi.exe
  C:\Windows\System\PqxhOFi.exe
  2⤵
  PID:13700
- C:\Windows\System\kGMfbxK.exe
  C:\Windows\System\kGMfbxK.exe
  2⤵
  PID:13716
- C:\Windows\System\bHQbWsA.exe
  C:\Windows\System\bHQbWsA.exe
  2⤵
  PID:13744
- C:\Windows\System\sEVjson.exe
  C:\Windows\System\sEVjson.exe
  2⤵
  PID:13772
- C:\Windows\System\jnyQHym.exe
  C:\Windows\System\jnyQHym.exe
  2⤵
  PID:13800
- C:\Windows\System\ItFdUTk.exe
  C:\Windows\System\ItFdUTk.exe
  2⤵
  PID:13828
- C:\Windows\System\DvixrYr.exe
  C:\Windows\System\DvixrYr.exe
  2⤵
  PID:13856
- C:\Windows\System\pYNgMdg.exe
  C:\Windows\System\pYNgMdg.exe
  2⤵
  PID:13880
- C:\Windows\System\ijEHinp.exe
  C:\Windows\System\ijEHinp.exe
  2⤵
  PID:13912
- C:\Windows\System\PgmIrjN.exe
  C:\Windows\System\PgmIrjN.exe
  2⤵
  PID:13932
- C:\Windows\System\WYMfppf.exe
  C:\Windows\System\WYMfppf.exe
  2⤵
  PID:13952
- C:\Windows\System\porrzwV.exe
  C:\Windows\System\porrzwV.exe
  2⤵
  PID:13976
- C:\Windows\System\rSVZfkJ.exe
  C:\Windows\System\rSVZfkJ.exe
  2⤵
  PID:14000
- C:\Windows\System\jbLTZQi.exe
  C:\Windows\System\jbLTZQi.exe
  2⤵
  PID:14028
- C:\Windows\System\oSwFFnx.exe
  C:\Windows\System\oSwFFnx.exe
  2⤵
  PID:14056
- C:\Windows\System\GQtPXMp.exe
  C:\Windows\System\GQtPXMp.exe
  2⤵
  PID:14108
- C:\Windows\System\CxhvaHJ.exe
  C:\Windows\System\CxhvaHJ.exe
  2⤵
  PID:14144
- C:\Windows\System\dACWukR.exe
  C:\Windows\System\dACWukR.exe
  2⤵
  PID:14172
- C:\Windows\System\jIuKgdD.exe
  C:\Windows\System\jIuKgdD.exe
  2⤵
  PID:14196
- C:\Windows\System\HGBhKZc.exe
  C:\Windows\System\HGBhKZc.exe
  2⤵
  PID:14216
- C:\Windows\System\XjdSShs.exe
  C:\Windows\System\XjdSShs.exe
  2⤵
  PID:14248
- C:\Windows\System\OBqdlvK.exe
  C:\Windows\System\OBqdlvK.exe
  2⤵
  PID:14276
- C:\Windows\System\BfLXuPZ.exe
  C:\Windows\System\BfLXuPZ.exe
  2⤵
  PID:14312
- C:\Windows\System\WZgQdgz.exe
  C:\Windows\System\WZgQdgz.exe
  2⤵
  PID:13324
- C:\Windows\System\MRYSslK.exe
  C:\Windows\System\MRYSslK.exe
  2⤵
  PID:13360
- C:\Windows\System\tflgNCh.exe
  C:\Windows\System\tflgNCh.exe
  2⤵
  PID:13412
- C:\Windows\System\mNIHwDv.exe
  C:\Windows\System\mNIHwDv.exe
  2⤵
  PID:13476
- C:\Windows\System\yOGfdLG.exe
  C:\Windows\System\yOGfdLG.exe
  2⤵
  PID:13528
- C:\Windows\System\uhkhDqE.exe
  C:\Windows\System\uhkhDqE.exe
  2⤵
  PID:13616
- C:\Windows\System\zKEHiiK.exe
  C:\Windows\System\zKEHiiK.exe
  2⤵
  PID:1704
- C:\Windows\System\rIiRizg.exe
  C:\Windows\System\rIiRizg.exe
  2⤵
  PID:13668
- C:\Windows\System\CeixPVZ.exe
  C:\Windows\System\CeixPVZ.exe
  2⤵
  PID:13712
- C:\Windows\System\DiiyZmA.exe
  C:\Windows\System\DiiyZmA.exe
  2⤵
  PID:13760
- C:\Windows\System\uCvFErE.exe
  C:\Windows\System\uCvFErE.exe
  2⤵
  PID:13816
- C:\Windows\System\SFqFqyE.exe
  C:\Windows\System\SFqFqyE.exe
  2⤵
  PID:13876
- C:\Windows\System\ZicHwMf.exe
  C:\Windows\System\ZicHwMf.exe
  2⤵
  PID:13928
- C:\Windows\System\MdLIdrU.exe
  C:\Windows\System\MdLIdrU.exe
  2⤵
  PID:13968
- C:\Windows\System\VsTbQcQ.exe
  C:\Windows\System\VsTbQcQ.exe
  2⤵
  PID:14016
- C:\Windows\System\EjxlEFN.exe
  C:\Windows\System\EjxlEFN.exe
  2⤵
  PID:14076
- C:\Windows\System\TxGgtAi.exe
  C:\Windows\System\TxGgtAi.exe
  2⤵
  PID:14168
- C:\Windows\System\tskPMXz.exe
  C:\Windows\System\tskPMXz.exe
  2⤵
  PID:14184
- C:\Windows\System\njCYOmV.exe
  C:\Windows\System\njCYOmV.exe
  2⤵
  PID:14264
- C:\Windows\System\XHAxMSM.exe
  C:\Windows\System\XHAxMSM.exe
  2⤵
  PID:14308
- C:\Windows\System\oypmcIk.exe
  C:\Windows\System\oypmcIk.exe
  2⤵
  PID:8344
- C:\Windows\System\BXGoTPR.exe
  C:\Windows\System\BXGoTPR.exe
  2⤵
  PID:13408
- C:\Windows\System\BjhZcNh.exe
  C:\Windows\System\BjhZcNh.exe
  2⤵
  PID:13460
- C:\Windows\System\BibDgNM.exe
  C:\Windows\System\BibDgNM.exe
  2⤵
  PID:13544
- C:\Windows\System\sqLESOW.exe
  C:\Windows\System\sqLESOW.exe
  2⤵
  PID:13732
- C:\Windows\System\zaRtdcT.exe
  C:\Windows\System\zaRtdcT.exe
  2⤵
  PID:13756
- C:\Windows\System\SlhfSvR.exe
  C:\Windows\System\SlhfSvR.exe
  2⤵
  PID:13992

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CPdxKnQ.exe

Filesize
2.2MB

MD5
75680d85c2d5b0b47bd9ab1f803bf29b

SHA1
62449c959c6cd7ec14a6bbdf4a7171b60e834e58

SHA256
5f48daaf7c6452cdd01e0c8bba6621b8792a65f2f6680794651e1d315f9be4c0

SHA512
0c86276449a7c59c5839e2aca3e2601f5c1df6f1f2dc75cb78693ebbf8621887095bb0c2bc6d7cc6af4731676247cfb166181099ae4a9e658819e76daa4bcd7a

Download Submit
C:\Windows\System\FomLuVd.exe

Filesize
2.2MB

MD5
acf34c872bf274041432f49b0ead4060

SHA1
9532361e5c33e832eae3e2ceb01b52c0bcdd00ae

SHA256
9cfeb97cf33b8465539ef0e5c19379b7016fafe2ee89fcb038979a03c10744b8

SHA512
548dd5f98e6afb93d5c2dfe618129549a1b8952dbdcdc5b88889394f5f2bfe65de6b1dfea5c31561883f005d36a348eda94c6a89bd1562152f1aad268f70028b

Download Submit
C:\Windows\System\HUqkhHf.exe

Filesize
2.2MB

MD5
0bb176ba3907d3df0b3d86ce924ee558

SHA1
61de8b3fa7d9b9f94671879b564d280123b74c40

SHA256
7aab9a6c51495f9ce72f54e5ac0e7bc4d6b68f9fcb87d2284a1f80bd64e099da

SHA512
2dedf8b7cbea485d933dccc822bd5382034f389303bcbec9e587da5caa61155ed3de6206307c2709a84c52bd4419d61ccea2c1ebd00ddc7c6e46d249021e8562

Download Submit
C:\Windows\System\JePIclv.exe

Filesize
2.2MB

MD5
7a719c1a0b947f9476bda6b74b150f56

SHA1
843a484ca879502c6314aca34ff15ca83c8449e7

SHA256
98bd2176fc49be5ac8aeaa662762226461583136464936b144c7b33bbd85b7ee

SHA512
4d2dd944aed08dc2968d647c55df975f9edd91bd66283876ad51b89fef0ffbd3d6c3b87e1e4e5e2557561e14117607342c52d117525bae72fb9e2996dfa8dff4

Download Submit
C:\Windows\System\MGgBSaX.exe

Filesize
2.2MB

MD5
1719b5d20cee5d1f619eb139cbf38c65

SHA1
375f291f843f21fb0baeb28e6262278daf54aa68

SHA256
e76fae075e927472b47a10f5e9367e918261c7045aa07996864376895869e1aa

SHA512
06de3cfc9136b4e8699040493ca2095ff87694fed98476ec88fe62df59f96b5b1357857c53af232d4e4ad15c72c808e957ffd0989817696d3cb7fb738c737619

Download Submit
C:\Windows\System\RluWtTD.exe

Filesize
2.2MB

MD5
9d6422ea0f06c3b42c5590d2a260b03b

SHA1
876fcc005e82357a47cabf0ed1e22ee322c14c47

SHA256
c61958d7462cd5824465e5138a02283dbfcd96e20ef2f50d88c840bc725556fe

SHA512
e0683cd636321c3faaa77b4c0e60eb6791e0113e626bef24c0ef3fe4e40d29bf94d0b71ae791001045c2fb35774b5e6ec33bd81d3b1f8a53aedad9dd03f934be

Download Submit
C:\Windows\System\TSWBjnA.exe

Filesize
2.2MB

MD5
35346747f681ec8897492cafc8a50c87

SHA1
9ff0f2aad0b46d2520f070f171513e43ab36c25f

SHA256
a0da50e203cc57c0ed3126e275196f595290bb36f90df47a3a1d2023b56a9445

SHA512
8c6123c563ef2ccd3481b1befea011cd1876589c32af1638e168971a369d22baa1d55edabcb3e3acca006c6cb7fa83439a76d54ff4967b810b6e295ff8c85ecc

Download Submit
C:\Windows\System\VjpDhix.exe

Filesize
2.2MB

MD5
27db11f7b8f2a52cecaa15606f9204bd

SHA1
d905549db40b65b5fd3ddd2f09db56c8bf16abd9

SHA256
8afb6d7fbafa79ac600600e4cbfa12b4272b39613baeefe453025e0cd721392c

SHA512
14177cf57a79250746c6ae4d9ccf30199a9a038b561312c68129558c8e45e86554fa8a90e7880fac9e96fcda019dc9f7772872b0bf3ce577dd04c69890b28484

Download Submit
C:\Windows\System\XpMEBcy.exe

Filesize
2.2MB

MD5
2faf36b3ae01d886b9353442461ded86

SHA1
847fd7b4158f7a542e044e1a57a368d9e2ba57e1

SHA256
fdd3104fcc0ac16785d8e5dd2d99fa31956e99b16f0b430862d3fd458ef0802f

SHA512
dad5b661159ccac4ddb955dbe2761319162a714ce227cb9221a3a063c3a2157d14dc5924d45dc9a8750ee6401697d63521f0750353056f5af7eba1f4f7d74da8

Download Submit
C:\Windows\System\YepehbS.exe

Filesize
2.2MB

MD5
e0fd5570d419a33d68e87433ead36ba7

SHA1
e0b53d6acf9703c0f3696c0711ccbdf53e11e5d7

SHA256
533a00e265d5bc5c1e64af2e1537ffc6050093de3889c316fa0d18ad3d00a566

SHA512
9d198849c5033ed9ef3bcf69059f5240953d31aa65df7fe1efaba6fd4f14cc5a1d3430e445d98ebb5f08e82a7e2b2e5d0ce9dc6906f92533a2a26863c60556ff

Download Submit
C:\Windows\System\ZSNanuY.exe

Filesize
2.2MB

MD5
482ca1b920db86366bbb2a1cdce5e953

SHA1
f4420629821fb984e0fffe162e532eeb6f268ba2

SHA256
5d3629a53c8e1e78e84aeab560bf86dbd492b9f414a9ec93c52995b8023c2467

SHA512
b10ab4ef11b55519f74f7ad9ec1ff96c51be806d77b57da14498c9152fd653a831cc953e40b437dbd093c66abe50e799d862a87aa64b079273347d384285a7e1

Download Submit
C:\Windows\System\byZMOiB.exe

Filesize
2.2MB

MD5
ed41ef06e3e45a90bcf4c4dfd3ab3b63

SHA1
914266ab16194b36729a8970ee09c7b547d4be3f

SHA256
2808e6f21dd155c5228cf7ed1b8d948343db10a155b4e88665344fd48c4aa923

SHA512
40fedc466bd5249986263abf92e035db7d35af3e2dee989e05c0f1dc1327858c1177664a5472e58ace8b094173829fdb069b320dec04653c6245f9a94c996cb2

Download Submit
C:\Windows\System\eZTCrRO.exe

Filesize
2.2MB

MD5
f1455f5ec3d30fcba437037f9ba43473

SHA1
6ccdef5061fb485127246cfd3096bb341fa3f7e3

SHA256
e5b307d0c70f4cc225f9b0906c2e66a73f209de483a10d5d70cefeb36f7b0232

SHA512
341285e38cb1eb5bf540b7089443eacc623ef13d97d759df755cb63d8313e8ae44a46fbf285fa2c5eed162d2f37035ede28c23b049bce45ee20ca66eea7a5b26

Download Submit
C:\Windows\System\edksNkp.exe

Filesize
2.2MB

MD5
11fa276da447c4222b2d0fe93e3c3b17

SHA1
ff07d6d2d125253462b5111c68c95f2058f97c57

SHA256
8c9de54874f0220095f7c6211013908ec5efc29a19df1a8606c93be06630405f

SHA512
b85e909d040b487019507f4cb441d11ac9f1864e6f8d1911c460e41ce34718b04cc3d56b178c1b3a2c75602c7de5fd99b63291e79ae669125374c3ee2c7c6fa2

Download Submit
C:\Windows\System\efbUeRW.exe

Filesize
2.2MB

MD5
b42507eaf2d92be163bb9318fe106aa8

SHA1
a63f10872a7922d933e141689bcea4877a8a903c

SHA256
70a17970b07209598f96fb5f60a84cc4a940837612a58ff76e5714786582ffb8

SHA512
d68c526ebf9f02bef2c61e62fd51c0a7fb8a5d66448c20ed158b3dacc37b9ce95237255353f377c1c9e8276a27e182b46f584a3437f9a68cf2af46d95779a9c5

Download Submit
C:\Windows\System\gVKxcKg.exe

Filesize
2.2MB

MD5
64bec750995a130d24f1ce7f4b266d39

SHA1
11fad1a635424081cd03dceba44ddc01e2df190e

SHA256
c7093a8851f3cee49e859da33b8334135227c52890d610b0fc6971c2544a3e1c

SHA512
c3aac0c6c4f69d0092ee14cf60a37e382d7606cf18e5e6763bc34d2fe670a2043454d57c8e093870118f95699b3d8bd17cfb60d2140c6991a4abb64a44d854c7

Download Submit
C:\Windows\System\hdKiIWW.exe

Filesize
2.2MB

MD5
49a05f5364a2cb7b0316243169d8daad

SHA1
acc7a9227f3ffce7cf1b8a7f860a6dc50bbfbd60

SHA256
9fb9748bf8e49e76b580c88491b0eeabe1ddc5514de3b2bcb427d303096b846a

SHA512
9310a06cf16cf58b38805f5bdf2ec0582629ed199be228a760ab98c3f7969a09ee7ae464e155c772c5bdafd3e12809c163a6e4725eafa9f7a5f58a96a52f3549

Download Submit
C:\Windows\System\ioelAYU.exe

Filesize
2.2MB

MD5
d5c40f77c35462bad8fe6bf218783e79

SHA1
c153463680d98b95f0659e2b2b4f68e34c9a91b3

SHA256
65e272bf6a46f701d33bd7fb1e9e503eb3261b9234d1c9a8953f0addee3b1241

SHA512
9bf7dd956f60f13b43c4f76ea8265769e98ccbb5ad9ebb123e9a9b2d5cd1c9ed38aee6c5e7835123c0c69626c2da977cf4f4d66666eb193fd79288ac666afa92

Download Submit
C:\Windows\System\isrPacI.exe

Filesize
2.2MB

MD5
71cf95631180b707a27daf70e62297bc

SHA1
fede94835d7e0f51c93054a5e0d085e89774bc60

SHA256
2009e207a4969cbc5369c71f1faab55227644a9a9873280cf523fcfaaa3a0c56

SHA512
498ea364a9b36601ef50612416cd2ef3c2d7336078d511184f7019d2dd8248d9e6c8b6429e581c47d371468012e176ae76783d7dcd7b5baaac2b2bd46b4df75c

Download Submit
C:\Windows\System\jTHSyJi.exe

Filesize
2.2MB

MD5
6564c0cbfc54782d7bf69f8009c196b6

SHA1
bb51fe40a78b5c9acf662ad3be887168f141fcbf

SHA256
05aa754e18cce418c8dcaf0b15cc29d66ce4c186e49e06fbdbae533ad1c69c5a

SHA512
3d09e27426f53a907fe23aff707fc9da7e2233695b689fdf7daaeb2b2b1b2bbf7691f8b9c6255e8e46ac900bc0b9dff67f7894f0991fa6b7b1cd9d3944c48fcc

Download Submit
C:\Windows\System\lbyKPPQ.exe

Filesize
2.2MB

MD5
be001350cd4b14e28363c8985df90539

SHA1
911bece748817421f96cd150a2dc64ab2ed7a3e1

SHA256
8210b954dc430bc096a3d6f8c202814680e9407115ee38162fef3f0cdaac0612

SHA512
468da10d1f7071ae793a4fa01aa8ffa2c9940926c88e6fbfc6f8bed65b2201ea38af64fb00de495f9511ee4f08acd051020be549feae530755d7d0e03c7ccf7e

Download Submit
C:\Windows\System\mvaBJjA.exe

Filesize
2.2MB

MD5
8d4dada520ba4e5e853331994372c256

SHA1
def6eb521deedf67518bdf82bf7c5d554854c15f

SHA256
c7476be4590ad27349e7429bda96a314d83392fa183b9e4c1824b544f5027d8f

SHA512
f2ea992d78de9297434ab265ef7e18e0466d4627ee9aeaed91e9c2279c7f18359e5eeaccec2c51e60dae894848c3fbf8dc48d6b836dbd9a16d7fa1304388bc01

Download Submit
C:\Windows\System\oJtsOBo.exe

Filesize
2.2MB

MD5
9db5dd93e6ee604d9a1565dc051adda6

SHA1
230f6392adf2928248d1a4616d963aaa68f96d5b

SHA256
4072e080223335e79b3394253519ead604d02b7de99c421b4015de90dcf8ef96

SHA512
e98c1b7427409f38ab8cdfa4f8e52e69529caee54dfd1273d19f5573178789e1583dec7018d8ba9d21a68a10c4b16e2a1be620538d7e795d30f0594dd3a2362b

Download Submit
C:\Windows\System\omTnKLp.exe

Filesize
2.2MB

MD5
989ff6df943ed5460daf471af5cb6be7

SHA1
8cd320f0ad94760e29f3731b9339abadeccf1b25

SHA256
6be28cf8b13906785f9f01016ba4412afeed5ac807e8aa70d95e2e4ed894f14a

SHA512
89dc29d530b5a66d9b151729771827ff99ad831e9450c7f3bcedb6e52ef2fd5db1cb2d41b6283233637b26c1915c2c8314e1124730d8bc9cd0547fb8c18e89f5

Download Submit
C:\Windows\System\pyNEfBj.exe

Filesize
2.2MB

MD5
43083e5df5f91d61465316a9470855a7

SHA1
54d308eaaa44d990b22b2569c4f2c85c61f2326d

SHA256
e65f7d375a3449c1976bb25fae0541d2fbd0ece45c335f51ebb9f0de693e005d

SHA512
76b54728dd4a68d0e064ed833edc9c7ceb9fadaabcc293c0f247940adb3a1e582024b7f2aff04c7c022405b52c0b0df3c32909daccfaeadcddb6d995b0461043

Download Submit
C:\Windows\System\qNyrHcY.exe

Filesize
2.2MB

MD5
2fe9ccdb91d0b9208e05aea460f332fd

SHA1
7ea93e743b67baca77a9285008665f78ff61ffdb

SHA256
1423e19b7fda230b2aa91f15ece45d961f8366d19adfafa5ac5e3c90acad79a5

SHA512
41a28081755c5efc00f6da66bba00adc230375886f54e9f137af0de4609d056385caab17858bf7c300eae7a91ec0971eec1649be5ef04b216402b0b5f2383b0b

Download Submit
C:\Windows\System\rKRsHUR.exe

Filesize
2.2MB

MD5
8fdc28e961f8d8ad0727cf6cd74753e0

SHA1
c4d65087fbbf697f34e48fa3967bb2b18204d76e

SHA256
4bef3169201e40aeb9c23c6569cecd5cae5214e2d8871355bf811f386c4d3da3

SHA512
bb31497b925263b043061c8010098b7d1d712539aa18ede7c0ebedfec3e454517a5db689f1f875faf1e85ab633e881c6291e862716101a7df88163156881b8aa

Download Submit
C:\Windows\System\rhJtCZj.exe

Filesize
2.2MB

MD5
a12a85efdbc273e20fc97e566ae12105

SHA1
0ddf3b9685b7a8cd9f7a5d4e87e856e16c57b432

SHA256
8b77d5293caa296dba1dd328c18edacdaaafd9fa841650a0542e990fc42d2343

SHA512
1e99d359718d4840836b75810b1c36903d1e12c9a4d08a5927d089b4abedcce5ce7053699f2bff405829a845fc8c2fa00bc4154625d0bb8fc59bb23d71c58e83

Download Submit
C:\Windows\System\tAMLmZo.exe

Filesize
2.2MB

MD5
afbe36628ed68d224872fac650850670

SHA1
8d9255bf8073110fd844a207e613fcfa5a4c64ff

SHA256
27ba6c4ecd1b475ea7c1f2b78ef07151999c7a71fa078c312c1a85f7799570a8

SHA512
6225e929b26d1ee7f1a944b6231cb2fcc1b1297859ec091a2b6d1b32ed3810dbc83c94156f568963d8e99f2d1a85c6c13f30b491eadb8039a57c6fc0fc438d49

Download Submit
C:\Windows\System\wCdmsur.exe

Filesize
2.2MB

MD5
83e745d0d4a4d8546194d805c8f96a9d

SHA1
b8886ad09167cea35c4a62fd5e3b445975eb9f89

SHA256
45614620b8b4b9d605c34c00c5c2cf7d43c33d72d87873f5e26c930f7d4d1eb4

SHA512
5ed7ed62250a1f19b082c64b187fded5b87806da4be9a9a225046ff4a3fd93c7b100e83bb98b3dea9506bd4ebfb7131464a44ae1b9bfbbbea97cd09ac90b54d2

Download Submit
C:\Windows\System\wEDKzul.exe

Filesize
2.2MB

MD5
3f1561808810e9bd2e71bc764a3486e7

SHA1
952c3f7e3e651f3a37f1c9c1efe660b684054b8b

SHA256
009ffaf7bca4e60de89471d313e027c26e27167057821fbfe9d889fc699756b0

SHA512
fea7651879e15d8b7c4e01c7a1daff581be67e910dfec61068dcc28022774d37f1612cd89122d74c9c78da2e1c2c58b0a165bbb87adca6c2b094c115d30663ef

Download Submit
C:\Windows\System\zLjwfGf.exe

Filesize
2.2MB

MD5
ef5f37e6804c5053562a239f4569bce1

SHA1
d350351960591651afe489d834280e146bbec090

SHA256
dca65402d03b5e048708e182822d42175417dd4250d3aab6c3414e13e5c68c48

SHA512
15947c00726233f2893b84ca59df93c267a9a684485c110d5b9dbb3258b915f39b0b1f57375bdeb4bbd9e7c15309881ecd2cb17b0bb1b166a61b6fc862fa48df

Download Submit
C:\Windows\System\zcsMczz.exe

Filesize
2.2MB

MD5
f9b5bda8ad96e0b838550f5ad4447270

SHA1
c1564ee709099060a1aee6b47afbe6ee578bc217

SHA256
a9bb0863c9d953082c16074df648343edefd4794e982237fe35cbcb273dd02b9

SHA512
6ba9a32760bbe390ccb19df6f2bfb2c609959c8e3e23d9cae63ff933452f8a7cd0382dc4c5c2b7240328b197f16d547e204c7061ef19a4567900b1e008507a9d

Download Submit
memory/452-2139-0x00007FF659200000-0x00007FF659554000-memory.dmp

Filesize
3.3MB

Download
memory/452-866-0x00007FF659200000-0x00007FF659554000-memory.dmp

Filesize
3.3MB

Download
memory/548-2158-0x00007FF6E2B10000-0x00007FF6E2E64000-memory.dmp

Filesize
3.3MB

Download
memory/548-915-0x00007FF6E2B10000-0x00007FF6E2E64000-memory.dmp

Filesize
3.3MB

Download
memory/864-16-0x00007FF7233D0000-0x00007FF723724000-memory.dmp

Filesize
3.3MB

Download
memory/864-2132-0x00007FF7233D0000-0x00007FF723724000-memory.dmp

Filesize
3.3MB

Download
memory/864-2134-0x00007FF7233D0000-0x00007FF723724000-memory.dmp

Filesize
3.3MB

Download
memory/1104-918-0x00007FF6B2A30000-0x00007FF6B2D84000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2160-0x00007FF6B2A30000-0x00007FF6B2D84000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2138-0x00007FF74E820000-0x00007FF74EB74000-memory.dmp

Filesize
3.3MB

Download
memory/1612-860-0x00007FF74E820000-0x00007FF74EB74000-memory.dmp

Filesize
3.3MB

Download
memory/1744-906-0x00007FF735D30000-0x00007FF736084000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2146-0x00007FF735D30000-0x00007FF736084000-memory.dmp

Filesize
3.3MB

Download
memory/1916-901-0x00007FF7A8150000-0x00007FF7A84A4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2149-0x00007FF7A8150000-0x00007FF7A84A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2136-0x00007FF735460000-0x00007FF7357B4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-858-0x00007FF735460000-0x00007FF7357B4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2151-0x00007FF6D3170000-0x00007FF6D34C4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-902-0x00007FF6D3170000-0x00007FF6D34C4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-2152-0x00007FF646990000-0x00007FF646CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-899-0x00007FF646990000-0x00007FF646CE4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-0-0x00007FF7EBD30000-0x00007FF7EC084000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2131-0x00007FF7EBD30000-0x00007FF7EC084000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1-0x0000014C90370000-0x0000014C90380000-memory.dmp

Filesize
64KB

Download
memory/3000-2144-0x00007FF63B600000-0x00007FF63B954000-memory.dmp

Filesize
3.3MB

Download
memory/3000-888-0x00007FF63B600000-0x00007FF63B954000-memory.dmp

Filesize
3.3MB

Download
memory/3176-857-0x00007FF7F5E40000-0x00007FF7F6194000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2135-0x00007FF7F5E40000-0x00007FF7F6194000-memory.dmp

Filesize
3.3MB

Download
memory/3428-2141-0x00007FF6AF360000-0x00007FF6AF6B4000-memory.dmp

Filesize
3.3MB

Download
memory/3428-908-0x00007FF6AF360000-0x00007FF6AF6B4000-memory.dmp

Filesize
3.3MB

Download
memory/3488-2157-0x00007FF7CA880000-0x00007FF7CABD4000-memory.dmp

Filesize
3.3MB

Download
memory/3488-871-0x00007FF7CA880000-0x00007FF7CABD4000-memory.dmp

Filesize
3.3MB

Download
memory/3668-2142-0x00007FF6E6820000-0x00007FF6E6B74000-memory.dmp

Filesize
3.3MB

Download
memory/3668-907-0x00007FF6E6820000-0x00007FF6E6B74000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2153-0x00007FF7A3C70000-0x00007FF7A3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3720-885-0x00007FF7A3C70000-0x00007FF7A3FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2140-0x00007FF61A070000-0x00007FF61A3C4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-868-0x00007FF61A070000-0x00007FF61A3C4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-912-0x00007FF779BA0000-0x00007FF779EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3920-2159-0x00007FF779BA0000-0x00007FF779EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3964-914-0x00007FF666C00000-0x00007FF666F54000-memory.dmp

Filesize
3.3MB

Download
memory/3964-2156-0x00007FF666C00000-0x00007FF666F54000-memory.dmp

Filesize
3.3MB

Download
memory/3968-2148-0x00007FF735A80000-0x00007FF735DD4000-memory.dmp

Filesize
3.3MB

Download
memory/3968-904-0x00007FF735A80000-0x00007FF735DD4000-memory.dmp

Filesize
3.3MB

Download
memory/4524-12-0x00007FF793000000-0x00007FF793354000-memory.dmp

Filesize
3.3MB

Download
memory/4524-2133-0x00007FF793000000-0x00007FF793354000-memory.dmp

Filesize
3.3MB

Download
memory/4540-859-0x00007FF6F6E80000-0x00007FF6F71D4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2137-0x00007FF6F6E80000-0x00007FF6F71D4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2143-0x00007FF7754A0000-0x00007FF7757F4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-890-0x00007FF7754A0000-0x00007FF7757F4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-877-0x00007FF61FA10000-0x00007FF61FD64000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2154-0x00007FF61FA10000-0x00007FF61FD64000-memory.dmp

Filesize
3.3MB

Download
memory/4752-883-0x00007FF618E40000-0x00007FF619194000-memory.dmp

Filesize
3.3MB

Download
memory/4752-2145-0x00007FF618E40000-0x00007FF619194000-memory.dmp

Filesize
3.3MB

Download
memory/4892-911-0x00007FF664440000-0x00007FF664794000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2155-0x00007FF664440000-0x00007FF664794000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2147-0x00007FF709230000-0x00007FF709584000-memory.dmp

Filesize
3.3MB

Download
memory/4924-905-0x00007FF709230000-0x00007FF709584000-memory.dmp

Filesize
3.3MB

Download
memory/4956-920-0x00007FF798510000-0x00007FF798864000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2161-0x00007FF798510000-0x00007FF798864000-memory.dmp

Filesize
3.3MB

Download
memory/5076-903-0x00007FF7CCBA0000-0x00007FF7CCEF4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-2150-0x00007FF7CCBA0000-0x00007FF7CCEF4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads