xmrig | ee1e718fff4fe79fb4072cf26feaf7e6c2c9ecb306eaaffb7038dff053611cfb

Analysis

max time kernel
133s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
Size

2.2MB
MD5

4a47a72abf5c1042b72ce5f7ad6e6c40
SHA1

01ea073e3cc87d544372ba21280170efa3913646
SHA256

ee1e718fff4fe79fb4072cf26feaf7e6c2c9ecb306eaaffb7038dff053611cfb
SHA512

c072a99597177b9053ca3ed10618b231cca339b1dcae32b9d81eb8e9954e146e841c6e6f4db4d115f934f2c69740844e6af2c452e4c0c984d4d9a45563043a09
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQOYFB9bbANOkJQ7q:BemTLkNdfE0pZrQG

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3388-0-0x00007FF7A65C0000-0x00007FF7A6914000-memory.dmp	xmrig
C:\Windows\System\vvhKKgh.exe	xmrig
C:\Windows\System\OZxKVkj.exe	xmrig
C:\Windows\System\HSWsjOI.exe	xmrig
C:\Windows\System\reIawDh.exe	xmrig
C:\Windows\System\OQTByxC.exe	xmrig
behavioral2/memory/532-57-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp	xmrig
C:\Windows\System\zetVztu.exe	xmrig
C:\Windows\System\XCOLeFs.exe	xmrig
C:\Windows\System\GJpEgzc.exe	xmrig
behavioral2/memory/1312-128-0x00007FF6E9AA0000-0x00007FF6E9DF4000-memory.dmp	xmrig
behavioral2/memory/2672-143-0x00007FF698A40000-0x00007FF698D94000-memory.dmp	xmrig
behavioral2/memory/4088-147-0x00007FF7AADA0000-0x00007FF7AB0F4000-memory.dmp	xmrig
C:\Windows\System\BuJpwHQ.exe	xmrig
C:\Windows\System\HsLWuSJ.exe	xmrig
behavioral2/memory/2788-210-0x00007FF691620000-0x00007FF691974000-memory.dmp	xmrig
behavioral2/memory/3924-218-0x00007FF742B00000-0x00007FF742E54000-memory.dmp	xmrig
behavioral2/memory/2684-217-0x00007FF65EDF0000-0x00007FF65F144000-memory.dmp	xmrig
behavioral2/memory/1920-213-0x00007FF740570000-0x00007FF7408C4000-memory.dmp	xmrig
C:\Windows\System\hRQsjGx.exe	xmrig
C:\Windows\System\BdCtrGj.exe	xmrig
C:\Windows\System\eBQfMvo.exe	xmrig
C:\Windows\System\ROuBlrV.exe	xmrig
C:\Windows\System\STKPdas.exe	xmrig
C:\Windows\System\njiiQVO.exe	xmrig
C:\Windows\System\WRSPOon.exe	xmrig
C:\Windows\System\BbjdshI.exe	xmrig
behavioral2/memory/4124-151-0x00007FF637CE0000-0x00007FF638034000-memory.dmp	xmrig
behavioral2/memory/2172-150-0x00007FF7EE7A0000-0x00007FF7EEAF4000-memory.dmp	xmrig
behavioral2/memory/1848-149-0x00007FF643220000-0x00007FF643574000-memory.dmp	xmrig
behavioral2/memory/4740-148-0x00007FF7B0190000-0x00007FF7B04E4000-memory.dmp	xmrig
behavioral2/memory/1980-146-0x00007FF636A10000-0x00007FF636D64000-memory.dmp	xmrig
behavioral2/memory/1364-145-0x00007FF6736D0000-0x00007FF673A24000-memory.dmp	xmrig
behavioral2/memory/1640-144-0x00007FF6F38E0000-0x00007FF6F3C34000-memory.dmp	xmrig
behavioral2/memory/1888-142-0x00007FF74A230000-0x00007FF74A584000-memory.dmp	xmrig
behavioral2/memory/4012-141-0x00007FF7CD840000-0x00007FF7CDB94000-memory.dmp	xmrig
C:\Windows\System\DREusLd.exe	xmrig
C:\Windows\System\RGtRtMD.exe	xmrig
C:\Windows\System\emlIhcQ.exe	xmrig
C:\Windows\System\TpUvRkH.exe	xmrig
C:\Windows\System\WWOhfNE.exe	xmrig
C:\Windows\System\OwMLDlT.exe	xmrig
C:\Windows\System\KamSoBw.exe	xmrig
C:\Windows\System\GiNprbl.exe	xmrig
behavioral2/memory/4476-123-0x00007FF64A960000-0x00007FF64ACB4000-memory.dmp	xmrig
behavioral2/memory/4980-122-0x00007FF714100000-0x00007FF714454000-memory.dmp	xmrig
behavioral2/memory/5024-111-0x00007FF79EEA0000-0x00007FF79F1F4000-memory.dmp	xmrig
C:\Windows\System\IUWEjgx.exe	xmrig
behavioral2/memory/3220-91-0x00007FF7ACE80000-0x00007FF7AD1D4000-memory.dmp	xmrig
C:\Windows\System\lLAEJMK.exe	xmrig
behavioral2/memory/3448-82-0x00007FF66C310000-0x00007FF66C664000-memory.dmp	xmrig
C:\Windows\System\SSHVCPh.exe	xmrig
C:\Windows\System\mhLIppu.exe	xmrig
C:\Windows\System\LjYAMvl.exe	xmrig
behavioral2/memory/2564-72-0x00007FF72EBC0000-0x00007FF72EF14000-memory.dmp	xmrig
C:\Windows\System\dVnunBN.exe	xmrig
behavioral2/memory/1164-60-0x00007FF7DAD80000-0x00007FF7DB0D4000-memory.dmp	xmrig
C:\Windows\System\vUtJpGv.exe	xmrig
C:\Windows\System\GtZHDSz.exe	xmrig
behavioral2/memory/3076-45-0x00007FF6B01C0000-0x00007FF6B0514000-memory.dmp	xmrig
behavioral2/memory/1084-38-0x00007FF6E66F0000-0x00007FF6E6A44000-memory.dmp	xmrig
behavioral2/memory/2988-37-0x00007FF6B4790000-0x00007FF6B4AE4000-memory.dmp	xmrig
behavioral2/memory/4820-23-0x00007FF60E2C0000-0x00007FF60E614000-memory.dmp	xmrig
C:\Windows\System\mLejziv.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

vvhKKgh.exeHSWsjOI.exemLejziv.exeOZxKVkj.exeGtZHDSz.exereIawDh.exevUtJpGv.exedVnunBN.exeOQTByxC.exeSSHVCPh.exeLjYAMvl.exemhLIppu.exezetVztu.exelLAEJMK.exeXCOLeFs.exeIUWEjgx.exeGJpEgzc.exeGiNprbl.exeKamSoBw.exeOwMLDlT.exeWWOhfNE.exeTpUvRkH.exeemlIhcQ.exeRGtRtMD.exeDREusLd.exeBuJpwHQ.exeSTKPdas.exeeBQfMvo.exeBbjdshI.exehRQsjGx.exeWRSPOon.exenjiiQVO.exeHsLWuSJ.exeROuBlrV.exeBdCtrGj.exeSJreKKP.exeoJFXuTR.exeOUJeFcx.exemWjdwQQ.exexyoWJmB.exeZJQtBol.exempJUrKi.exenDCrbgf.exeqGgAiUc.exebMjOHqX.execpiTsMx.exesBEUcuY.exeugCwOeI.exeCMVMDBa.exeGazKmkY.exegPpbYBm.exestoAKtO.exeAFJkJqJ.exeCCGuZcs.exevGAPjXM.exeQUvpooJ.exeyPIArnh.exetddfLCe.exepVLvypA.exegGLigoY.exeYJjuJni.exejhuMLec.exeEepdvlY.exeiBdxCUf.exe

pid	process
4540	vvhKKgh.exe
4820	HSWsjOI.exe
2988	mLejziv.exe
1084	OZxKVkj.exe
3076	GtZHDSz.exe
1640	reIawDh.exe
1364	vUtJpGv.exe
532	dVnunBN.exe
1164	OQTByxC.exe
2564	SSHVCPh.exe
1980	LjYAMvl.exe
3448	mhLIppu.exe
4088	zetVztu.exe
3220	lLAEJMK.exe
4740	XCOLeFs.exe
5024	IUWEjgx.exe
1848	GJpEgzc.exe
2172	GiNprbl.exe
4980	KamSoBw.exe
4124	OwMLDlT.exe
4476	WWOhfNE.exe
1312	TpUvRkH.exe
4012	emlIhcQ.exe
1888	RGtRtMD.exe
2672	DREusLd.exe
2788	BuJpwHQ.exe
1920	STKPdas.exe
2684	eBQfMvo.exe
3924	BbjdshI.exe
5012	hRQsjGx.exe
2096	WRSPOon.exe
4364	njiiQVO.exe
3160	HsLWuSJ.exe
3012	ROuBlrV.exe
2412	BdCtrGj.exe
4800	SJreKKP.exe
1112	oJFXuTR.exe
5100	OUJeFcx.exe
1828	mWjdwQQ.exe
4028	xyoWJmB.exe
4816	ZJQtBol.exe
2908	mpJUrKi.exe
1656	nDCrbgf.exe
4728	qGgAiUc.exe
2824	bMjOHqX.exe
3108	cpiTsMx.exe
2704	sBEUcuY.exe
2032	ugCwOeI.exe
3080	CMVMDBa.exe
4880	GazKmkY.exe
3776	gPpbYBm.exe
5000	stoAKtO.exe
4924	AFJkJqJ.exe
5060	CCGuZcs.exe
3412	vGAPjXM.exe
2948	QUvpooJ.exe
4832	yPIArnh.exe
536	tddfLCe.exe
4168	pVLvypA.exe
4564	gGLigoY.exe
1692	YJjuJni.exe
1832	jhuMLec.exe
1212	EepdvlY.exe
3536	iBdxCUf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3388-0-0x00007FF7A65C0000-0x00007FF7A6914000-memory.dmp	upx
C:\Windows\System\vvhKKgh.exe	upx
C:\Windows\System\OZxKVkj.exe	upx
C:\Windows\System\HSWsjOI.exe	upx
C:\Windows\System\reIawDh.exe	upx
C:\Windows\System\OQTByxC.exe	upx
behavioral2/memory/532-57-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp	upx
C:\Windows\System\zetVztu.exe	upx
C:\Windows\System\XCOLeFs.exe	upx
C:\Windows\System\GJpEgzc.exe	upx
behavioral2/memory/1312-128-0x00007FF6E9AA0000-0x00007FF6E9DF4000-memory.dmp	upx
behavioral2/memory/2672-143-0x00007FF698A40000-0x00007FF698D94000-memory.dmp	upx
behavioral2/memory/4088-147-0x00007FF7AADA0000-0x00007FF7AB0F4000-memory.dmp	upx
C:\Windows\System\BuJpwHQ.exe	upx
C:\Windows\System\HsLWuSJ.exe	upx
behavioral2/memory/2788-210-0x00007FF691620000-0x00007FF691974000-memory.dmp	upx
behavioral2/memory/3924-218-0x00007FF742B00000-0x00007FF742E54000-memory.dmp	upx
behavioral2/memory/2684-217-0x00007FF65EDF0000-0x00007FF65F144000-memory.dmp	upx
behavioral2/memory/1920-213-0x00007FF740570000-0x00007FF7408C4000-memory.dmp	upx
C:\Windows\System\hRQsjGx.exe	upx
C:\Windows\System\BdCtrGj.exe	upx
C:\Windows\System\eBQfMvo.exe	upx
C:\Windows\System\ROuBlrV.exe	upx
C:\Windows\System\STKPdas.exe	upx
C:\Windows\System\njiiQVO.exe	upx
C:\Windows\System\WRSPOon.exe	upx
C:\Windows\System\BbjdshI.exe	upx
behavioral2/memory/4124-151-0x00007FF637CE0000-0x00007FF638034000-memory.dmp	upx
behavioral2/memory/2172-150-0x00007FF7EE7A0000-0x00007FF7EEAF4000-memory.dmp	upx
behavioral2/memory/1848-149-0x00007FF643220000-0x00007FF643574000-memory.dmp	upx
behavioral2/memory/4740-148-0x00007FF7B0190000-0x00007FF7B04E4000-memory.dmp	upx
behavioral2/memory/1980-146-0x00007FF636A10000-0x00007FF636D64000-memory.dmp	upx
behavioral2/memory/1364-145-0x00007FF6736D0000-0x00007FF673A24000-memory.dmp	upx
behavioral2/memory/1640-144-0x00007FF6F38E0000-0x00007FF6F3C34000-memory.dmp	upx
behavioral2/memory/1888-142-0x00007FF74A230000-0x00007FF74A584000-memory.dmp	upx
behavioral2/memory/4012-141-0x00007FF7CD840000-0x00007FF7CDB94000-memory.dmp	upx
C:\Windows\System\DREusLd.exe	upx
C:\Windows\System\RGtRtMD.exe	upx
C:\Windows\System\emlIhcQ.exe	upx
C:\Windows\System\TpUvRkH.exe	upx
C:\Windows\System\WWOhfNE.exe	upx
C:\Windows\System\OwMLDlT.exe	upx
C:\Windows\System\KamSoBw.exe	upx
C:\Windows\System\GiNprbl.exe	upx
behavioral2/memory/4476-123-0x00007FF64A960000-0x00007FF64ACB4000-memory.dmp	upx
behavioral2/memory/4980-122-0x00007FF714100000-0x00007FF714454000-memory.dmp	upx
behavioral2/memory/5024-111-0x00007FF79EEA0000-0x00007FF79F1F4000-memory.dmp	upx
C:\Windows\System\IUWEjgx.exe	upx
behavioral2/memory/3220-91-0x00007FF7ACE80000-0x00007FF7AD1D4000-memory.dmp	upx
C:\Windows\System\lLAEJMK.exe	upx
behavioral2/memory/3448-82-0x00007FF66C310000-0x00007FF66C664000-memory.dmp	upx
C:\Windows\System\SSHVCPh.exe	upx
C:\Windows\System\mhLIppu.exe	upx
C:\Windows\System\LjYAMvl.exe	upx
behavioral2/memory/2564-72-0x00007FF72EBC0000-0x00007FF72EF14000-memory.dmp	upx
C:\Windows\System\dVnunBN.exe	upx
behavioral2/memory/1164-60-0x00007FF7DAD80000-0x00007FF7DB0D4000-memory.dmp	upx
C:\Windows\System\vUtJpGv.exe	upx
C:\Windows\System\GtZHDSz.exe	upx
behavioral2/memory/3076-45-0x00007FF6B01C0000-0x00007FF6B0514000-memory.dmp	upx
behavioral2/memory/1084-38-0x00007FF6E66F0000-0x00007FF6E6A44000-memory.dmp	upx
behavioral2/memory/2988-37-0x00007FF6B4790000-0x00007FF6B4AE4000-memory.dmp	upx
behavioral2/memory/4820-23-0x00007FF60E2C0000-0x00007FF60E614000-memory.dmp	upx
C:\Windows\System\mLejziv.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\bSVgSKZ.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\gWbUTON.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\aaBPeUs.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\KamSoBw.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\GtdwSbr.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\iGmRpCf.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\lvfkcqn.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\wFSaEUD.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\HarxQHc.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\OQTByxC.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\XZXPrYv.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\EiPKXmy.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\wiWzeah.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\DazZztO.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\sdssHDp.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\ufXqUzX.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\oXFYSRl.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\rDHwEJS.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\oUgMPmN.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\PxGMOBm.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\peyNpkv.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\TjfGEqX.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\lNvsrCn.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\OVEGiVW.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\xiQEMOd.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\TDqLzmP.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\ekhRjbP.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\CJwkBFN.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\sbZExis.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\cCpGbcy.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\SkGDnwD.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\wyMTdoW.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\HDVPeeT.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\LzuCrho.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\CxrSUnW.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\vRFeieT.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\vbOISoX.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\OYiuMXZ.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\qUNYJbi.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\XTYbUrH.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\ZUCIbYo.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\jnqFmZB.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\xntPnhA.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\XQQoJad.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\brQSmqJ.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\ZzhyuZd.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\UPHAngd.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\OsDLEHs.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\XmhwHSO.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\GeparpL.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\NPPMPrm.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\DkctLgR.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\DREusLd.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\GqvZvBu.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\GnEtWyK.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\nvHKDZl.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\BuJpwHQ.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\NhCMPlG.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\RZbueBO.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\oOxWrjp.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\qeRRcNi.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\UufVOTY.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\WRSPOon.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
File created	C:\Windows\System\LxVLtUt.exe	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	15232	dwm.exe
Token: SeChangeNotifyPrivilege	15232	dwm.exe
Token: 33	15232	dwm.exe
Token: SeIncBasePriorityPrivilege	15232	dwm.exe
Token: SeShutdownPrivilege	15232	dwm.exe
Token: SeCreatePagefilePrivilege	15232	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe

description	pid	process	target process
PID 3388 wrote to memory of 4540	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	vvhKKgh.exe
PID 3388 wrote to memory of 4540	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	vvhKKgh.exe
PID 3388 wrote to memory of 4820	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	HSWsjOI.exe
PID 3388 wrote to memory of 4820	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	HSWsjOI.exe
PID 3388 wrote to memory of 1084	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	OZxKVkj.exe
PID 3388 wrote to memory of 1084	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	OZxKVkj.exe
PID 3388 wrote to memory of 2988	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	mLejziv.exe
PID 3388 wrote to memory of 2988	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	mLejziv.exe
PID 3388 wrote to memory of 3076	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	GtZHDSz.exe
PID 3388 wrote to memory of 3076	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	GtZHDSz.exe
PID 3388 wrote to memory of 1640	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	reIawDh.exe
PID 3388 wrote to memory of 1640	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	reIawDh.exe
PID 3388 wrote to memory of 532	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	dVnunBN.exe
PID 3388 wrote to memory of 532	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	dVnunBN.exe
PID 3388 wrote to memory of 2564	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	SSHVCPh.exe
PID 3388 wrote to memory of 2564	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	SSHVCPh.exe
PID 3388 wrote to memory of 1364	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	vUtJpGv.exe
PID 3388 wrote to memory of 1364	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	vUtJpGv.exe
PID 3388 wrote to memory of 1164	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	OQTByxC.exe
PID 3388 wrote to memory of 1164	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	OQTByxC.exe
PID 3388 wrote to memory of 1980	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	LjYAMvl.exe
PID 3388 wrote to memory of 1980	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	LjYAMvl.exe
PID 3388 wrote to memory of 3448	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	mhLIppu.exe
PID 3388 wrote to memory of 3448	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	mhLIppu.exe
PID 3388 wrote to memory of 4088	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	zetVztu.exe
PID 3388 wrote to memory of 4088	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	zetVztu.exe
PID 3388 wrote to memory of 3220	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	lLAEJMK.exe
PID 3388 wrote to memory of 3220	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	lLAEJMK.exe
PID 3388 wrote to memory of 4740	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	XCOLeFs.exe
PID 3388 wrote to memory of 4740	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	XCOLeFs.exe
PID 3388 wrote to memory of 5024	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	IUWEjgx.exe
PID 3388 wrote to memory of 5024	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	IUWEjgx.exe
PID 3388 wrote to memory of 1848	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	GJpEgzc.exe
PID 3388 wrote to memory of 1848	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	GJpEgzc.exe
PID 3388 wrote to memory of 2172	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	GiNprbl.exe
PID 3388 wrote to memory of 2172	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	GiNprbl.exe
PID 3388 wrote to memory of 4980	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	KamSoBw.exe
PID 3388 wrote to memory of 4980	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	KamSoBw.exe
PID 3388 wrote to memory of 4124	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	OwMLDlT.exe
PID 3388 wrote to memory of 4124	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	OwMLDlT.exe
PID 3388 wrote to memory of 4476	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	WWOhfNE.exe
PID 3388 wrote to memory of 4476	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	WWOhfNE.exe
PID 3388 wrote to memory of 1312	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	TpUvRkH.exe
PID 3388 wrote to memory of 1312	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	TpUvRkH.exe
PID 3388 wrote to memory of 4012	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	emlIhcQ.exe
PID 3388 wrote to memory of 4012	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	emlIhcQ.exe
PID 3388 wrote to memory of 1888	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	RGtRtMD.exe
PID 3388 wrote to memory of 1888	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	RGtRtMD.exe
PID 3388 wrote to memory of 2672	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	DREusLd.exe
PID 3388 wrote to memory of 2672	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	DREusLd.exe
PID 3388 wrote to memory of 2788	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	BuJpwHQ.exe
PID 3388 wrote to memory of 2788	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	BuJpwHQ.exe
PID 3388 wrote to memory of 1920	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	STKPdas.exe
PID 3388 wrote to memory of 1920	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	STKPdas.exe
PID 3388 wrote to memory of 2684	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	eBQfMvo.exe
PID 3388 wrote to memory of 2684	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	eBQfMvo.exe
PID 3388 wrote to memory of 3924	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	BbjdshI.exe
PID 3388 wrote to memory of 3924	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	BbjdshI.exe
PID 3388 wrote to memory of 5012	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	hRQsjGx.exe
PID 3388 wrote to memory of 5012	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	hRQsjGx.exe
PID 3388 wrote to memory of 2096	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	WRSPOon.exe
PID 3388 wrote to memory of 2096	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	WRSPOon.exe
PID 3388 wrote to memory of 4364	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	njiiQVO.exe
PID 3388 wrote to memory of 4364	3388	4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe	njiiQVO.exe

C:\Users\Admin\AppData\Local\Temp\4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a47a72abf5c1042b72ce5f7ad6e6c40_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Windows\System\vvhKKgh.exe
  C:\Windows\System\vvhKKgh.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\HSWsjOI.exe
  C:\Windows\System\HSWsjOI.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\OZxKVkj.exe
  C:\Windows\System\OZxKVkj.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\mLejziv.exe
  C:\Windows\System\mLejziv.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\GtZHDSz.exe
  C:\Windows\System\GtZHDSz.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\reIawDh.exe
  C:\Windows\System\reIawDh.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\dVnunBN.exe
  C:\Windows\System\dVnunBN.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\SSHVCPh.exe
  C:\Windows\System\SSHVCPh.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\vUtJpGv.exe
  C:\Windows\System\vUtJpGv.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\OQTByxC.exe
  C:\Windows\System\OQTByxC.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\LjYAMvl.exe
  C:\Windows\System\LjYAMvl.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\mhLIppu.exe
  C:\Windows\System\mhLIppu.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\zetVztu.exe
  C:\Windows\System\zetVztu.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\lLAEJMK.exe
  C:\Windows\System\lLAEJMK.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\XCOLeFs.exe
  C:\Windows\System\XCOLeFs.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\IUWEjgx.exe
  C:\Windows\System\IUWEjgx.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\GJpEgzc.exe
  C:\Windows\System\GJpEgzc.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\GiNprbl.exe
  C:\Windows\System\GiNprbl.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\KamSoBw.exe
  C:\Windows\System\KamSoBw.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\OwMLDlT.exe
  C:\Windows\System\OwMLDlT.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\WWOhfNE.exe
  C:\Windows\System\WWOhfNE.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\TpUvRkH.exe
  C:\Windows\System\TpUvRkH.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\emlIhcQ.exe
  C:\Windows\System\emlIhcQ.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\RGtRtMD.exe
  C:\Windows\System\RGtRtMD.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\DREusLd.exe
  C:\Windows\System\DREusLd.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\BuJpwHQ.exe
  C:\Windows\System\BuJpwHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\STKPdas.exe
  C:\Windows\System\STKPdas.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\eBQfMvo.exe
  C:\Windows\System\eBQfMvo.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\BbjdshI.exe
  C:\Windows\System\BbjdshI.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\hRQsjGx.exe
  C:\Windows\System\hRQsjGx.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\WRSPOon.exe
  C:\Windows\System\WRSPOon.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\njiiQVO.exe
  C:\Windows\System\njiiQVO.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\HsLWuSJ.exe
  C:\Windows\System\HsLWuSJ.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\ROuBlrV.exe
  C:\Windows\System\ROuBlrV.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\BdCtrGj.exe
  C:\Windows\System\BdCtrGj.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\SJreKKP.exe
  C:\Windows\System\SJreKKP.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\oJFXuTR.exe
  C:\Windows\System\oJFXuTR.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\OUJeFcx.exe
  C:\Windows\System\OUJeFcx.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\mWjdwQQ.exe
  C:\Windows\System\mWjdwQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\xyoWJmB.exe
  C:\Windows\System\xyoWJmB.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\ZJQtBol.exe
  C:\Windows\System\ZJQtBol.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\mpJUrKi.exe
  C:\Windows\System\mpJUrKi.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\nDCrbgf.exe
  C:\Windows\System\nDCrbgf.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\qGgAiUc.exe
  C:\Windows\System\qGgAiUc.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\bMjOHqX.exe
  C:\Windows\System\bMjOHqX.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\cpiTsMx.exe
  C:\Windows\System\cpiTsMx.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\sBEUcuY.exe
  C:\Windows\System\sBEUcuY.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\ugCwOeI.exe
  C:\Windows\System\ugCwOeI.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\CMVMDBa.exe
  C:\Windows\System\CMVMDBa.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\GazKmkY.exe
  C:\Windows\System\GazKmkY.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\gPpbYBm.exe
  C:\Windows\System\gPpbYBm.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\stoAKtO.exe
  C:\Windows\System\stoAKtO.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\AFJkJqJ.exe
  C:\Windows\System\AFJkJqJ.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\CCGuZcs.exe
  C:\Windows\System\CCGuZcs.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\vGAPjXM.exe
  C:\Windows\System\vGAPjXM.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\QUvpooJ.exe
  C:\Windows\System\QUvpooJ.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\yPIArnh.exe
  C:\Windows\System\yPIArnh.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\tddfLCe.exe
  C:\Windows\System\tddfLCe.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\pVLvypA.exe
  C:\Windows\System\pVLvypA.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\gGLigoY.exe
  C:\Windows\System\gGLigoY.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\YJjuJni.exe
  C:\Windows\System\YJjuJni.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\jhuMLec.exe
  C:\Windows\System\jhuMLec.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\EepdvlY.exe
  C:\Windows\System\EepdvlY.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\iBdxCUf.exe
  C:\Windows\System\iBdxCUf.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\YSujBcp.exe
  C:\Windows\System\YSujBcp.exe
  2⤵
  PID:4604
- C:\Windows\System\wmSbaDn.exe
  C:\Windows\System\wmSbaDn.exe
  2⤵
  PID:640
- C:\Windows\System\WaXKsjX.exe
  C:\Windows\System\WaXKsjX.exe
  2⤵
  PID:4928
- C:\Windows\System\cwMXcdo.exe
  C:\Windows\System\cwMXcdo.exe
  2⤵
  PID:3656
- C:\Windows\System\bZwKXpW.exe
  C:\Windows\System\bZwKXpW.exe
  2⤵
  PID:4748
- C:\Windows\System\LxVLtUt.exe
  C:\Windows\System\LxVLtUt.exe
  2⤵
  PID:4184
- C:\Windows\System\IgZEWVn.exe
  C:\Windows\System\IgZEWVn.exe
  2⤵
  PID:4188
- C:\Windows\System\FzLxsbz.exe
  C:\Windows\System\FzLxsbz.exe
  2⤵
  PID:3972
- C:\Windows\System\SEfAwQA.exe
  C:\Windows\System\SEfAwQA.exe
  2⤵
  PID:464
- C:\Windows\System\TzcRsJj.exe
  C:\Windows\System\TzcRsJj.exe
  2⤵
  PID:3648
- C:\Windows\System\xiQEMOd.exe
  C:\Windows\System\xiQEMOd.exe
  2⤵
  PID:760
- C:\Windows\System\cLINRuZ.exe
  C:\Windows\System\cLINRuZ.exe
  2⤵
  PID:2244
- C:\Windows\System\WvBvLeb.exe
  C:\Windows\System\WvBvLeb.exe
  2⤵
  PID:3868
- C:\Windows\System\SRNZaax.exe
  C:\Windows\System\SRNZaax.exe
  2⤵
  PID:4300
- C:\Windows\System\CPXUrlt.exe
  C:\Windows\System\CPXUrlt.exe
  2⤵
  PID:4848
- C:\Windows\System\MoHeWlA.exe
  C:\Windows\System\MoHeWlA.exe
  2⤵
  PID:1368
- C:\Windows\System\WHPYbYS.exe
  C:\Windows\System\WHPYbYS.exe
  2⤵
  PID:3612
- C:\Windows\System\roKRvvB.exe
  C:\Windows\System\roKRvvB.exe
  2⤵
  PID:1460
- C:\Windows\System\jyOlFuj.exe
  C:\Windows\System\jyOlFuj.exe
  2⤵
  PID:4544
- C:\Windows\System\GtdwSbr.exe
  C:\Windows\System\GtdwSbr.exe
  2⤵
  PID:976
- C:\Windows\System\qCJZDrU.exe
  C:\Windows\System\qCJZDrU.exe
  2⤵
  PID:1136
- C:\Windows\System\iGmRpCf.exe
  C:\Windows\System\iGmRpCf.exe
  2⤵
  PID:3228
- C:\Windows\System\WgAGJOw.exe
  C:\Windows\System\WgAGJOw.exe
  2⤵
  PID:3860
- C:\Windows\System\RzJGCTK.exe
  C:\Windows\System\RzJGCTK.exe
  2⤵
  PID:4376
- C:\Windows\System\ytXcobB.exe
  C:\Windows\System\ytXcobB.exe
  2⤵
  PID:3872
- C:\Windows\System\XTYbUrH.exe
  C:\Windows\System\XTYbUrH.exe
  2⤵
  PID:4340
- C:\Windows\System\UFMpaZy.exe
  C:\Windows\System\UFMpaZy.exe
  2⤵
  PID:3740
- C:\Windows\System\EqvYoRl.exe
  C:\Windows\System\EqvYoRl.exe
  2⤵
  PID:4900
- C:\Windows\System\rlYtMmn.exe
  C:\Windows\System\rlYtMmn.exe
  2⤵
  PID:5048
- C:\Windows\System\rDHwEJS.exe
  C:\Windows\System\rDHwEJS.exe
  2⤵
  PID:5128
- C:\Windows\System\hhPUvCF.exe
  C:\Windows\System\hhPUvCF.exe
  2⤵
  PID:5156
- C:\Windows\System\mrvcmRB.exe
  C:\Windows\System\mrvcmRB.exe
  2⤵
  PID:5176
- C:\Windows\System\LSnSDBp.exe
  C:\Windows\System\LSnSDBp.exe
  2⤵
  PID:5208
- C:\Windows\System\TOCNDBp.exe
  C:\Windows\System\TOCNDBp.exe
  2⤵
  PID:5248
- C:\Windows\System\ivMesGw.exe
  C:\Windows\System\ivMesGw.exe
  2⤵
  PID:5292
- C:\Windows\System\VVoaZlg.exe
  C:\Windows\System\VVoaZlg.exe
  2⤵
  PID:5328
- C:\Windows\System\JvSxXFH.exe
  C:\Windows\System\JvSxXFH.exe
  2⤵
  PID:5348
- C:\Windows\System\zydpTUo.exe
  C:\Windows\System\zydpTUo.exe
  2⤵
  PID:5380
- C:\Windows\System\XCOJCqI.exe
  C:\Windows\System\XCOJCqI.exe
  2⤵
  PID:5412
- C:\Windows\System\KKXicfb.exe
  C:\Windows\System\KKXicfb.exe
  2⤵
  PID:5440
- C:\Windows\System\CiXZEQh.exe
  C:\Windows\System\CiXZEQh.exe
  2⤵
  PID:5468
- C:\Windows\System\nykWhpe.exe
  C:\Windows\System\nykWhpe.exe
  2⤵
  PID:5496
- C:\Windows\System\YIIVCBl.exe
  C:\Windows\System\YIIVCBl.exe
  2⤵
  PID:5524
- C:\Windows\System\TgWCFyW.exe
  C:\Windows\System\TgWCFyW.exe
  2⤵
  PID:5552
- C:\Windows\System\LtEVBZV.exe
  C:\Windows\System\LtEVBZV.exe
  2⤵
  PID:5580
- C:\Windows\System\ctApAkz.exe
  C:\Windows\System\ctApAkz.exe
  2⤵
  PID:5612
- C:\Windows\System\sqgRHrh.exe
  C:\Windows\System\sqgRHrh.exe
  2⤵
  PID:5640
- C:\Windows\System\OawJObF.exe
  C:\Windows\System\OawJObF.exe
  2⤵
  PID:5672
- C:\Windows\System\etiLntr.exe
  C:\Windows\System\etiLntr.exe
  2⤵
  PID:5700
- C:\Windows\System\cTsvwSx.exe
  C:\Windows\System\cTsvwSx.exe
  2⤵
  PID:5728
- C:\Windows\System\nINeXPD.exe
  C:\Windows\System\nINeXPD.exe
  2⤵
  PID:5756
- C:\Windows\System\rtIsrPW.exe
  C:\Windows\System\rtIsrPW.exe
  2⤵
  PID:5784
- C:\Windows\System\oHiegDI.exe
  C:\Windows\System\oHiegDI.exe
  2⤵
  PID:5804
- C:\Windows\System\SmHtruU.exe
  C:\Windows\System\SmHtruU.exe
  2⤵
  PID:5840
- C:\Windows\System\YptPOvt.exe
  C:\Windows\System\YptPOvt.exe
  2⤵
  PID:5872
- C:\Windows\System\QyovkxE.exe
  C:\Windows\System\QyovkxE.exe
  2⤵
  PID:5904
- C:\Windows\System\PMRkfhP.exe
  C:\Windows\System\PMRkfhP.exe
  2⤵
  PID:5932
- C:\Windows\System\boOrnew.exe
  C:\Windows\System\boOrnew.exe
  2⤵
  PID:5964
- C:\Windows\System\rNXIiHd.exe
  C:\Windows\System\rNXIiHd.exe
  2⤵
  PID:5992
- C:\Windows\System\wAnccgQ.exe
  C:\Windows\System\wAnccgQ.exe
  2⤵
  PID:6016
- C:\Windows\System\bqUGHJy.exe
  C:\Windows\System\bqUGHJy.exe
  2⤵
  PID:6044
- C:\Windows\System\DdWycED.exe
  C:\Windows\System\DdWycED.exe
  2⤵
  PID:6060
- C:\Windows\System\rWNJuSl.exe
  C:\Windows\System\rWNJuSl.exe
  2⤵
  PID:6076
- C:\Windows\System\jEHSdHN.exe
  C:\Windows\System\jEHSdHN.exe
  2⤵
  PID:6092
- C:\Windows\System\VIkvHzN.exe
  C:\Windows\System\VIkvHzN.exe
  2⤵
  PID:6116
- C:\Windows\System\APibKiE.exe
  C:\Windows\System\APibKiE.exe
  2⤵
  PID:5148
- C:\Windows\System\Mscazcx.exe
  C:\Windows\System\Mscazcx.exe
  2⤵
  PID:5232
- C:\Windows\System\bTsOlkQ.exe
  C:\Windows\System\bTsOlkQ.exe
  2⤵
  PID:5336
- C:\Windows\System\oVeHcLP.exe
  C:\Windows\System\oVeHcLP.exe
  2⤵
  PID:5432
- C:\Windows\System\IicyQxk.exe
  C:\Windows\System\IicyQxk.exe
  2⤵
  PID:5516
- C:\Windows\System\whNeUCM.exe
  C:\Windows\System\whNeUCM.exe
  2⤵
  PID:5576
- C:\Windows\System\XgaqBFq.exe
  C:\Windows\System\XgaqBFq.exe
  2⤵
  PID:5624
- C:\Windows\System\GqvZvBu.exe
  C:\Windows\System\GqvZvBu.exe
  2⤵
  PID:5688
- C:\Windows\System\nGNqvAl.exe
  C:\Windows\System\nGNqvAl.exe
  2⤵
  PID:5740
- C:\Windows\System\lWcFMaK.exe
  C:\Windows\System\lWcFMaK.exe
  2⤵
  PID:5824
- C:\Windows\System\vuCYnuR.exe
  C:\Windows\System\vuCYnuR.exe
  2⤵
  PID:5920
- C:\Windows\System\TDqLzmP.exe
  C:\Windows\System\TDqLzmP.exe
  2⤵
  PID:5984
- C:\Windows\System\RKAUdsl.exe
  C:\Windows\System\RKAUdsl.exe
  2⤵
  PID:5316
- C:\Windows\System\anupXKe.exe
  C:\Windows\System\anupXKe.exe
  2⤵
  PID:5452
- C:\Windows\System\bxzZCEI.exe
  C:\Windows\System\bxzZCEI.exe
  2⤵
  PID:5604
- C:\Windows\System\ifqHowT.exe
  C:\Windows\System\ifqHowT.exe
  2⤵
  PID:5752
- C:\Windows\System\ehnvfhs.exe
  C:\Windows\System\ehnvfhs.exe
  2⤵
  PID:5896
- C:\Windows\System\rzmaLBp.exe
  C:\Windows\System\rzmaLBp.exe
  2⤵
  PID:6008
- C:\Windows\System\VpEQEtu.exe
  C:\Windows\System\VpEQEtu.exe
  2⤵
  PID:5492
- C:\Windows\System\ZekNDLe.exe
  C:\Windows\System\ZekNDLe.exe
  2⤵
  PID:5952
- C:\Windows\System\OSBsdkH.exe
  C:\Windows\System\OSBsdkH.exe
  2⤵
  PID:5852
- C:\Windows\System\elJnLBv.exe
  C:\Windows\System\elJnLBv.exe
  2⤵
  PID:6168
- C:\Windows\System\fBmcQdD.exe
  C:\Windows\System\fBmcQdD.exe
  2⤵
  PID:6192
- C:\Windows\System\RjkBnyg.exe
  C:\Windows\System\RjkBnyg.exe
  2⤵
  PID:6212
- C:\Windows\System\YYbmQeU.exe
  C:\Windows\System\YYbmQeU.exe
  2⤵
  PID:6236
- C:\Windows\System\JyGQHKF.exe
  C:\Windows\System\JyGQHKF.exe
  2⤵
  PID:6260
- C:\Windows\System\XZXPrYv.exe
  C:\Windows\System\XZXPrYv.exe
  2⤵
  PID:6288
- C:\Windows\System\YGymUxD.exe
  C:\Windows\System\YGymUxD.exe
  2⤵
  PID:6312
- C:\Windows\System\lvfkcqn.exe
  C:\Windows\System\lvfkcqn.exe
  2⤵
  PID:6340
- C:\Windows\System\cwanPzO.exe
  C:\Windows\System\cwanPzO.exe
  2⤵
  PID:6372
- C:\Windows\System\PrDzKbR.exe
  C:\Windows\System\PrDzKbR.exe
  2⤵
  PID:6404
- C:\Windows\System\ZzhyuZd.exe
  C:\Windows\System\ZzhyuZd.exe
  2⤵
  PID:6448
- C:\Windows\System\cTNqRpr.exe
  C:\Windows\System\cTNqRpr.exe
  2⤵
  PID:6476
- C:\Windows\System\FNdTSBf.exe
  C:\Windows\System\FNdTSBf.exe
  2⤵
  PID:6508
- C:\Windows\System\UPHAngd.exe
  C:\Windows\System\UPHAngd.exe
  2⤵
  PID:6544
- C:\Windows\System\AdewoyP.exe
  C:\Windows\System\AdewoyP.exe
  2⤵
  PID:6572
- C:\Windows\System\QuKAkRD.exe
  C:\Windows\System\QuKAkRD.exe
  2⤵
  PID:6600
- C:\Windows\System\KQOEHFH.exe
  C:\Windows\System\KQOEHFH.exe
  2⤵
  PID:6624
- C:\Windows\System\qDzIITX.exe
  C:\Windows\System\qDzIITX.exe
  2⤵
  PID:6656
- C:\Windows\System\MBPwFgM.exe
  C:\Windows\System\MBPwFgM.exe
  2⤵
  PID:6688
- C:\Windows\System\HHvGpyj.exe
  C:\Windows\System\HHvGpyj.exe
  2⤵
  PID:6716
- C:\Windows\System\ICOgfFp.exe
  C:\Windows\System\ICOgfFp.exe
  2⤵
  PID:6744
- C:\Windows\System\QJhEOlX.exe
  C:\Windows\System\QJhEOlX.exe
  2⤵
  PID:6772
- C:\Windows\System\WKohwqF.exe
  C:\Windows\System\WKohwqF.exe
  2⤵
  PID:6800
- C:\Windows\System\gfoWiks.exe
  C:\Windows\System\gfoWiks.exe
  2⤵
  PID:6828
- C:\Windows\System\JlVNUvZ.exe
  C:\Windows\System\JlVNUvZ.exe
  2⤵
  PID:6856
- C:\Windows\System\vtWzHJk.exe
  C:\Windows\System\vtWzHJk.exe
  2⤵
  PID:6876
- C:\Windows\System\PAYWKic.exe
  C:\Windows\System\PAYWKic.exe
  2⤵
  PID:6916
- C:\Windows\System\RtIlvVg.exe
  C:\Windows\System\RtIlvVg.exe
  2⤵
  PID:6940
- C:\Windows\System\EhNTjYF.exe
  C:\Windows\System\EhNTjYF.exe
  2⤵
  PID:6972
- C:\Windows\System\wURnGhF.exe
  C:\Windows\System\wURnGhF.exe
  2⤵
  PID:7012
- C:\Windows\System\eVuedHJ.exe
  C:\Windows\System\eVuedHJ.exe
  2⤵
  PID:7036
- C:\Windows\System\eVxmXAc.exe
  C:\Windows\System\eVxmXAc.exe
  2⤵
  PID:7056
- C:\Windows\System\DXeSrTu.exe
  C:\Windows\System\DXeSrTu.exe
  2⤵
  PID:7072
- C:\Windows\System\Egcuwfe.exe
  C:\Windows\System\Egcuwfe.exe
  2⤵
  PID:7096
- C:\Windows\System\lyHPFbI.exe
  C:\Windows\System\lyHPFbI.exe
  2⤵
  PID:7120
- C:\Windows\System\fzTBfkA.exe
  C:\Windows\System\fzTBfkA.exe
  2⤵
  PID:7156
- C:\Windows\System\PNmFgcj.exe
  C:\Windows\System\PNmFgcj.exe
  2⤵
  PID:6184
- C:\Windows\System\ddHliBX.exe
  C:\Windows\System\ddHliBX.exe
  2⤵
  PID:6204
- C:\Windows\System\tklDSCb.exe
  C:\Windows\System\tklDSCb.exe
  2⤵
  PID:6284
- C:\Windows\System\EiPKXmy.exe
  C:\Windows\System\EiPKXmy.exe
  2⤵
  PID:6396
- C:\Windows\System\nTXYLMn.exe
  C:\Windows\System\nTXYLMn.exe
  2⤵
  PID:6464
- C:\Windows\System\UChswwU.exe
  C:\Windows\System\UChswwU.exe
  2⤵
  PID:6532
- C:\Windows\System\HTdrjbJ.exe
  C:\Windows\System\HTdrjbJ.exe
  2⤵
  PID:6588
- C:\Windows\System\ekhRjbP.exe
  C:\Windows\System\ekhRjbP.exe
  2⤵
  PID:6676
- C:\Windows\System\dmNBgUh.exe
  C:\Windows\System\dmNBgUh.exe
  2⤵
  PID:6756
- C:\Windows\System\LMywDPl.exe
  C:\Windows\System\LMywDPl.exe
  2⤵
  PID:6820
- C:\Windows\System\SRRZmnW.exe
  C:\Windows\System\SRRZmnW.exe
  2⤵
  PID:6900
- C:\Windows\System\ShkImen.exe
  C:\Windows\System\ShkImen.exe
  2⤵
  PID:6964
- C:\Windows\System\YoOHoqh.exe
  C:\Windows\System\YoOHoqh.exe
  2⤵
  PID:7032
- C:\Windows\System\MdBwINW.exe
  C:\Windows\System\MdBwINW.exe
  2⤵
  PID:7104
- C:\Windows\System\iLcSobL.exe
  C:\Windows\System\iLcSobL.exe
  2⤵
  PID:3780
- C:\Windows\System\exqzHEq.exe
  C:\Windows\System\exqzHEq.exe
  2⤵
  PID:6248
- C:\Windows\System\QRrXsNM.exe
  C:\Windows\System\QRrXsNM.exe
  2⤵
  PID:6388
- C:\Windows\System\OsDLEHs.exe
  C:\Windows\System\OsDLEHs.exe
  2⤵
  PID:6524
- C:\Windows\System\bgeXIgL.exe
  C:\Windows\System\bgeXIgL.exe
  2⤵
  PID:6712
- C:\Windows\System\Ptwrvyc.exe
  C:\Windows\System\Ptwrvyc.exe
  2⤵
  PID:6872
- C:\Windows\System\rOKdSTS.exe
  C:\Windows\System\rOKdSTS.exe
  2⤵
  PID:7088
- C:\Windows\System\DazZztO.exe
  C:\Windows\System\DazZztO.exe
  2⤵
  PID:6392
- C:\Windows\System\LJXxoVH.exe
  C:\Windows\System\LJXxoVH.exe
  2⤵
  PID:6472
- C:\Windows\System\oPvmouc.exe
  C:\Windows\System\oPvmouc.exe
  2⤵
  PID:7008
- C:\Windows\System\CACbZyc.exe
  C:\Windows\System\CACbZyc.exe
  2⤵
  PID:5664
- C:\Windows\System\aTkXJzy.exe
  C:\Windows\System\aTkXJzy.exe
  2⤵
  PID:7192
- C:\Windows\System\uuybDhB.exe
  C:\Windows\System\uuybDhB.exe
  2⤵
  PID:7248
- C:\Windows\System\DgOVCyT.exe
  C:\Windows\System\DgOVCyT.exe
  2⤵
  PID:7280
- C:\Windows\System\mfwsDTi.exe
  C:\Windows\System\mfwsDTi.exe
  2⤵
  PID:7312
- C:\Windows\System\XDKgTNJ.exe
  C:\Windows\System\XDKgTNJ.exe
  2⤵
  PID:7340
- C:\Windows\System\drfZsOP.exe
  C:\Windows\System\drfZsOP.exe
  2⤵
  PID:7368
- C:\Windows\System\zBSKdDj.exe
  C:\Windows\System\zBSKdDj.exe
  2⤵
  PID:7396
- C:\Windows\System\xsjQxFW.exe
  C:\Windows\System\xsjQxFW.exe
  2⤵
  PID:7424
- C:\Windows\System\brEOtDI.exe
  C:\Windows\System\brEOtDI.exe
  2⤵
  PID:7452
- C:\Windows\System\IICThTG.exe
  C:\Windows\System\IICThTG.exe
  2⤵
  PID:7484
- C:\Windows\System\EKJCnuc.exe
  C:\Windows\System\EKJCnuc.exe
  2⤵
  PID:7508
- C:\Windows\System\YcPetBv.exe
  C:\Windows\System\YcPetBv.exe
  2⤵
  PID:7536
- C:\Windows\System\WQOUCaf.exe
  C:\Windows\System\WQOUCaf.exe
  2⤵
  PID:7564
- C:\Windows\System\fJIZnVx.exe
  C:\Windows\System\fJIZnVx.exe
  2⤵
  PID:7592
- C:\Windows\System\HoJEkvu.exe
  C:\Windows\System\HoJEkvu.exe
  2⤵
  PID:7620
- C:\Windows\System\gTJeteb.exe
  C:\Windows\System\gTJeteb.exe
  2⤵
  PID:7648
- C:\Windows\System\svIOXPJ.exe
  C:\Windows\System\svIOXPJ.exe
  2⤵
  PID:7676
- C:\Windows\System\aDuUmxp.exe
  C:\Windows\System\aDuUmxp.exe
  2⤵
  PID:7712
- C:\Windows\System\agCOfiW.exe
  C:\Windows\System\agCOfiW.exe
  2⤵
  PID:7732
- C:\Windows\System\kYgnCne.exe
  C:\Windows\System\kYgnCne.exe
  2⤵
  PID:7760
- C:\Windows\System\cIhbNAQ.exe
  C:\Windows\System\cIhbNAQ.exe
  2⤵
  PID:7788
- C:\Windows\System\CDWKugv.exe
  C:\Windows\System\CDWKugv.exe
  2⤵
  PID:7820
- C:\Windows\System\JAZKJiK.exe
  C:\Windows\System\JAZKJiK.exe
  2⤵
  PID:7848
- C:\Windows\System\mcHdkju.exe
  C:\Windows\System\mcHdkju.exe
  2⤵
  PID:7876
- C:\Windows\System\ZUCIbYo.exe
  C:\Windows\System\ZUCIbYo.exe
  2⤵
  PID:7904
- C:\Windows\System\LnYKTZi.exe
  C:\Windows\System\LnYKTZi.exe
  2⤵
  PID:7932
- C:\Windows\System\GThCvQt.exe
  C:\Windows\System\GThCvQt.exe
  2⤵
  PID:7968
- C:\Windows\System\aOItUwp.exe
  C:\Windows\System\aOItUwp.exe
  2⤵
  PID:7988
- C:\Windows\System\nvYZclp.exe
  C:\Windows\System\nvYZclp.exe
  2⤵
  PID:8016
- C:\Windows\System\UZnszix.exe
  C:\Windows\System\UZnszix.exe
  2⤵
  PID:8044
- C:\Windows\System\EvsZKTd.exe
  C:\Windows\System\EvsZKTd.exe
  2⤵
  PID:8072
- C:\Windows\System\oGlBIKl.exe
  C:\Windows\System\oGlBIKl.exe
  2⤵
  PID:8100
- C:\Windows\System\VRoeUfQ.exe
  C:\Windows\System\VRoeUfQ.exe
  2⤵
  PID:8128
- C:\Windows\System\vceKCkD.exe
  C:\Windows\System\vceKCkD.exe
  2⤵
  PID:8156
- C:\Windows\System\zmYHOOI.exe
  C:\Windows\System\zmYHOOI.exe
  2⤵
  PID:8184
- C:\Windows\System\SbesLkX.exe
  C:\Windows\System\SbesLkX.exe
  2⤵
  PID:5304
- C:\Windows\System\xSkOZsd.exe
  C:\Windows\System\xSkOZsd.exe
  2⤵
  PID:7212
- C:\Windows\System\jnqFmZB.exe
  C:\Windows\System\jnqFmZB.exe
  2⤵
  PID:7308
- C:\Windows\System\uSjglQl.exe
  C:\Windows\System\uSjglQl.exe
  2⤵
  PID:7364
- C:\Windows\System\WcBUCqz.exe
  C:\Windows\System\WcBUCqz.exe
  2⤵
  PID:7444
- C:\Windows\System\HzKZfOe.exe
  C:\Windows\System\HzKZfOe.exe
  2⤵
  PID:7500
- C:\Windows\System\CKeiJgm.exe
  C:\Windows\System\CKeiJgm.exe
  2⤵
  PID:7556
- C:\Windows\System\RupCAAl.exe
  C:\Windows\System\RupCAAl.exe
  2⤵
  PID:7612
- C:\Windows\System\LbmyiKA.exe
  C:\Windows\System\LbmyiKA.exe
  2⤵
  PID:7672
- C:\Windows\System\nZzXpPN.exe
  C:\Windows\System\nZzXpPN.exe
  2⤵
  PID:7756
- C:\Windows\System\pJHlWOR.exe
  C:\Windows\System\pJHlWOR.exe
  2⤵
  PID:7816
- C:\Windows\System\DEkopuv.exe
  C:\Windows\System\DEkopuv.exe
  2⤵
  PID:7892
- C:\Windows\System\lshgNqW.exe
  C:\Windows\System\lshgNqW.exe
  2⤵
  PID:7956
- C:\Windows\System\PcpSJap.exe
  C:\Windows\System\PcpSJap.exe
  2⤵
  PID:8028
- C:\Windows\System\oFDjYNz.exe
  C:\Windows\System\oFDjYNz.exe
  2⤵
  PID:8068
- C:\Windows\System\cmmOHLx.exe
  C:\Windows\System\cmmOHLx.exe
  2⤵
  PID:8140
- C:\Windows\System\JlpbyLC.exe
  C:\Windows\System\JlpbyLC.exe
  2⤵
  PID:5204
- C:\Windows\System\sdssHDp.exe
  C:\Windows\System\sdssHDp.exe
  2⤵
  PID:7292
- C:\Windows\System\mZjFnFL.exe
  C:\Windows\System\mZjFnFL.exe
  2⤵
  PID:7476
- C:\Windows\System\IQyTTXv.exe
  C:\Windows\System\IQyTTXv.exe
  2⤵
  PID:7584
- C:\Windows\System\iNaedGw.exe
  C:\Windows\System\iNaedGw.exe
  2⤵
  PID:7688
- C:\Windows\System\mkklXAL.exe
  C:\Windows\System\mkklXAL.exe
  2⤵
  PID:7860
- C:\Windows\System\eFJVxUW.exe
  C:\Windows\System\eFJVxUW.exe
  2⤵
  PID:8012
- C:\Windows\System\LLuUrYG.exe
  C:\Windows\System\LLuUrYG.exe
  2⤵
  PID:8176
- C:\Windows\System\FCsofMW.exe
  C:\Windows\System\FCsofMW.exe
  2⤵
  PID:7532
- C:\Windows\System\bmmLUpp.exe
  C:\Windows\System\bmmLUpp.exe
  2⤵
  PID:7916
- C:\Windows\System\hxRGLqo.exe
  C:\Windows\System\hxRGLqo.exe
  2⤵
  PID:8092
- C:\Windows\System\olveeUd.exe
  C:\Windows\System\olveeUd.exe
  2⤵
  PID:8220
- C:\Windows\System\TptdYGQ.exe
  C:\Windows\System\TptdYGQ.exe
  2⤵
  PID:8256
- C:\Windows\System\jDuFQVQ.exe
  C:\Windows\System\jDuFQVQ.exe
  2⤵
  PID:8292
- C:\Windows\System\LqoGRim.exe
  C:\Windows\System\LqoGRim.exe
  2⤵
  PID:8312
- C:\Windows\System\EHgBjAO.exe
  C:\Windows\System\EHgBjAO.exe
  2⤵
  PID:8340
- C:\Windows\System\oUgMPmN.exe
  C:\Windows\System\oUgMPmN.exe
  2⤵
  PID:8364
- C:\Windows\System\SFRVmHd.exe
  C:\Windows\System\SFRVmHd.exe
  2⤵
  PID:8396
- C:\Windows\System\yRHFNup.exe
  C:\Windows\System\yRHFNup.exe
  2⤵
  PID:8424
- C:\Windows\System\aagEOfT.exe
  C:\Windows\System\aagEOfT.exe
  2⤵
  PID:8464
- C:\Windows\System\vSkhLGR.exe
  C:\Windows\System\vSkhLGR.exe
  2⤵
  PID:8500
- C:\Windows\System\faUwpSs.exe
  C:\Windows\System\faUwpSs.exe
  2⤵
  PID:8536
- C:\Windows\System\uWzyTSB.exe
  C:\Windows\System\uWzyTSB.exe
  2⤵
  PID:8576
- C:\Windows\System\zvIDYex.exe
  C:\Windows\System\zvIDYex.exe
  2⤵
  PID:8592
- C:\Windows\System\ZzFMuXo.exe
  C:\Windows\System\ZzFMuXo.exe
  2⤵
  PID:8624
- C:\Windows\System\JtKCKkz.exe
  C:\Windows\System\JtKCKkz.exe
  2⤵
  PID:8644
- C:\Windows\System\ladfMcw.exe
  C:\Windows\System\ladfMcw.exe
  2⤵
  PID:8684
- C:\Windows\System\alfTYPD.exe
  C:\Windows\System\alfTYPD.exe
  2⤵
  PID:8720
- C:\Windows\System\EtxuAtZ.exe
  C:\Windows\System\EtxuAtZ.exe
  2⤵
  PID:8752
- C:\Windows\System\wiWzeah.exe
  C:\Windows\System\wiWzeah.exe
  2⤵
  PID:8792
- C:\Windows\System\PCOWkmw.exe
  C:\Windows\System\PCOWkmw.exe
  2⤵
  PID:8812
- C:\Windows\System\clGjyDg.exe
  C:\Windows\System\clGjyDg.exe
  2⤵
  PID:8880
- C:\Windows\System\AiEUMyA.exe
  C:\Windows\System\AiEUMyA.exe
  2⤵
  PID:8904
- C:\Windows\System\xpkbebI.exe
  C:\Windows\System\xpkbebI.exe
  2⤵
  PID:8924
- C:\Windows\System\JedjEsl.exe
  C:\Windows\System\JedjEsl.exe
  2⤵
  PID:8952
- C:\Windows\System\uFLABMO.exe
  C:\Windows\System\uFLABMO.exe
  2⤵
  PID:8972
- C:\Windows\System\bioClut.exe
  C:\Windows\System\bioClut.exe
  2⤵
  PID:9012
- C:\Windows\System\TJxkxHE.exe
  C:\Windows\System\TJxkxHE.exe
  2⤵
  PID:9040
- C:\Windows\System\fojkXOW.exe
  C:\Windows\System\fojkXOW.exe
  2⤵
  PID:9076
- C:\Windows\System\vxXGXBR.exe
  C:\Windows\System\vxXGXBR.exe
  2⤵
  PID:9100
- C:\Windows\System\PdxHrZF.exe
  C:\Windows\System\PdxHrZF.exe
  2⤵
  PID:9132
- C:\Windows\System\yKlFpsz.exe
  C:\Windows\System\yKlFpsz.exe
  2⤵
  PID:9168
- C:\Windows\System\mwxNnfl.exe
  C:\Windows\System\mwxNnfl.exe
  2⤵
  PID:9184
- C:\Windows\System\itAlyio.exe
  C:\Windows\System\itAlyio.exe
  2⤵
  PID:7780
- C:\Windows\System\rnoExua.exe
  C:\Windows\System\rnoExua.exe
  2⤵
  PID:7200
- C:\Windows\System\uspAwJH.exe
  C:\Windows\System\uspAwJH.exe
  2⤵
  PID:8268
- C:\Windows\System\WOWUDsa.exe
  C:\Windows\System\WOWUDsa.exe
  2⤵
  PID:8332
- C:\Windows\System\BwhvYIT.exe
  C:\Windows\System\BwhvYIT.exe
  2⤵
  PID:8448
- C:\Windows\System\FYLSKFU.exe
  C:\Windows\System\FYLSKFU.exe
  2⤵
  PID:8480
- C:\Windows\System\usbMynx.exe
  C:\Windows\System\usbMynx.exe
  2⤵
  PID:8560
- C:\Windows\System\mSHqhjR.exe
  C:\Windows\System\mSHqhjR.exe
  2⤵
  PID:8704
- C:\Windows\System\zJHPqyw.exe
  C:\Windows\System\zJHPqyw.exe
  2⤵
  PID:8804
- C:\Windows\System\YowEZOA.exe
  C:\Windows\System\YowEZOA.exe
  2⤵
  PID:8912
- C:\Windows\System\BHCFWHQ.exe
  C:\Windows\System\BHCFWHQ.exe
  2⤵
  PID:8968
- C:\Windows\System\OoiNRFr.exe
  C:\Windows\System\OoiNRFr.exe
  2⤵
  PID:9008
- C:\Windows\System\rIVtNvX.exe
  C:\Windows\System\rIVtNvX.exe
  2⤵
  PID:9124
- C:\Windows\System\IBTAwIM.exe
  C:\Windows\System\IBTAwIM.exe
  2⤵
  PID:9164
- C:\Windows\System\YoQnKQI.exe
  C:\Windows\System\YoQnKQI.exe
  2⤵
  PID:9204
- C:\Windows\System\kYyvIag.exe
  C:\Windows\System\kYyvIag.exe
  2⤵
  PID:7844
- C:\Windows\System\TNHLHjp.exe
  C:\Windows\System\TNHLHjp.exe
  2⤵
  PID:8276
- C:\Windows\System\bSVgSKZ.exe
  C:\Windows\System\bSVgSKZ.exe
  2⤵
  PID:8488
- C:\Windows\System\LpaWdOY.exe
  C:\Windows\System\LpaWdOY.exe
  2⤵
  PID:8736
- C:\Windows\System\QdUzLdl.exe
  C:\Windows\System\QdUzLdl.exe
  2⤵
  PID:8888
- C:\Windows\System\XZanrYf.exe
  C:\Windows\System\XZanrYf.exe
  2⤵
  PID:9196
- C:\Windows\System\bcVGAoa.exe
  C:\Windows\System\bcVGAoa.exe
  2⤵
  PID:8420
- C:\Windows\System\mjCIXYF.exe
  C:\Windows\System\mjCIXYF.exe
  2⤵
  PID:8360
- C:\Windows\System\wykINzk.exe
  C:\Windows\System\wykINzk.exe
  2⤵
  PID:8876
- C:\Windows\System\QDKvgka.exe
  C:\Windows\System\QDKvgka.exe
  2⤵
  PID:9236
- C:\Windows\System\CRNSbRu.exe
  C:\Windows\System\CRNSbRu.exe
  2⤵
  PID:9256
- C:\Windows\System\iOEKZhh.exe
  C:\Windows\System\iOEKZhh.exe
  2⤵
  PID:9288
- C:\Windows\System\XmhwHSO.exe
  C:\Windows\System\XmhwHSO.exe
  2⤵
  PID:9308
- C:\Windows\System\PelBWrM.exe
  C:\Windows\System\PelBWrM.exe
  2⤵
  PID:9336
- C:\Windows\System\zkrajdm.exe
  C:\Windows\System\zkrajdm.exe
  2⤵
  PID:9372
- C:\Windows\System\dPtRqqC.exe
  C:\Windows\System\dPtRqqC.exe
  2⤵
  PID:9400
- C:\Windows\System\nDBDwGc.exe
  C:\Windows\System\nDBDwGc.exe
  2⤵
  PID:9432
- C:\Windows\System\czmXUpJ.exe
  C:\Windows\System\czmXUpJ.exe
  2⤵
  PID:9464
- C:\Windows\System\nWshkPW.exe
  C:\Windows\System\nWshkPW.exe
  2⤵
  PID:9496
- C:\Windows\System\BNRKtLz.exe
  C:\Windows\System\BNRKtLz.exe
  2⤵
  PID:9516
- C:\Windows\System\xntPnhA.exe
  C:\Windows\System\xntPnhA.exe
  2⤵
  PID:9544
- C:\Windows\System\uloZeCl.exe
  C:\Windows\System\uloZeCl.exe
  2⤵
  PID:9572
- C:\Windows\System\mHqfRQP.exe
  C:\Windows\System\mHqfRQP.exe
  2⤵
  PID:9604
- C:\Windows\System\crZfuTK.exe
  C:\Windows\System\crZfuTK.exe
  2⤵
  PID:9644
- C:\Windows\System\kFdjDCz.exe
  C:\Windows\System\kFdjDCz.exe
  2⤵
  PID:9680
- C:\Windows\System\eMReIgw.exe
  C:\Windows\System\eMReIgw.exe
  2⤵
  PID:9716
- C:\Windows\System\QMlsGqZ.exe
  C:\Windows\System\QMlsGqZ.exe
  2⤵
  PID:9732
- C:\Windows\System\zsxokFo.exe
  C:\Windows\System\zsxokFo.exe
  2⤵
  PID:9772
- C:\Windows\System\rsXepQX.exe
  C:\Windows\System\rsXepQX.exe
  2⤵
  PID:9800
- C:\Windows\System\wWdIvfR.exe
  C:\Windows\System\wWdIvfR.exe
  2⤵
  PID:9828
- C:\Windows\System\mMNhZxR.exe
  C:\Windows\System\mMNhZxR.exe
  2⤵
  PID:9864
- C:\Windows\System\tidQzQQ.exe
  C:\Windows\System\tidQzQQ.exe
  2⤵
  PID:9892
- C:\Windows\System\ZUDUngf.exe
  C:\Windows\System\ZUDUngf.exe
  2⤵
  PID:9920
- C:\Windows\System\WCasFpm.exe
  C:\Windows\System\WCasFpm.exe
  2⤵
  PID:9948
- C:\Windows\System\gHtTcWl.exe
  C:\Windows\System\gHtTcWl.exe
  2⤵
  PID:9968
- C:\Windows\System\FeOrbZw.exe
  C:\Windows\System\FeOrbZw.exe
  2⤵
  PID:9996
- C:\Windows\System\mElUfRZ.exe
  C:\Windows\System\mElUfRZ.exe
  2⤵
  PID:10012
- C:\Windows\System\TTxwixO.exe
  C:\Windows\System\TTxwixO.exe
  2⤵
  PID:10040
- C:\Windows\System\sntddxn.exe
  C:\Windows\System\sntddxn.exe
  2⤵
  PID:10068
- C:\Windows\System\cGKQApU.exe
  C:\Windows\System\cGKQApU.exe
  2⤵
  PID:10104
- C:\Windows\System\VwDgWEr.exe
  C:\Windows\System\VwDgWEr.exe
  2⤵
  PID:10132
- C:\Windows\System\NnJbzDA.exe
  C:\Windows\System\NnJbzDA.exe
  2⤵
  PID:10168
- C:\Windows\System\XsFFnwK.exe
  C:\Windows\System\XsFFnwK.exe
  2⤵
  PID:10196
- C:\Windows\System\OABebOg.exe
  C:\Windows\System\OABebOg.exe
  2⤵
  PID:10228
- C:\Windows\System\NhCMPlG.exe
  C:\Windows\System\NhCMPlG.exe
  2⤵
  PID:9068
- C:\Windows\System\CJwkBFN.exe
  C:\Windows\System\CJwkBFN.exe
  2⤵
  PID:9264
- C:\Windows\System\inzdgyA.exe
  C:\Windows\System\inzdgyA.exe
  2⤵
  PID:9364
- C:\Windows\System\wFSaEUD.exe
  C:\Windows\System\wFSaEUD.exe
  2⤵
  PID:9396
- C:\Windows\System\Ylbpmow.exe
  C:\Windows\System\Ylbpmow.exe
  2⤵
  PID:9484
- C:\Windows\System\SvTDfks.exe
  C:\Windows\System\SvTDfks.exe
  2⤵
  PID:9560
- C:\Windows\System\wkiQXBZ.exe
  C:\Windows\System\wkiQXBZ.exe
  2⤵
  PID:9672
- C:\Windows\System\YdnAzfJ.exe
  C:\Windows\System\YdnAzfJ.exe
  2⤵
  PID:9620
- C:\Windows\System\MMdLSFI.exe
  C:\Windows\System\MMdLSFI.exe
  2⤵
  PID:9784
- C:\Windows\System\DJUeQqR.exe
  C:\Windows\System\DJUeQqR.exe
  2⤵
  PID:9852
- C:\Windows\System\dsCynhk.exe
  C:\Windows\System\dsCynhk.exe
  2⤵
  PID:9960
- C:\Windows\System\lyGyBwX.exe
  C:\Windows\System\lyGyBwX.exe
  2⤵
  PID:9932
- C:\Windows\System\GAOWHlh.exe
  C:\Windows\System\GAOWHlh.exe
  2⤵
  PID:9980
- C:\Windows\System\TVPIlbM.exe
  C:\Windows\System\TVPIlbM.exe
  2⤵
  PID:10060
- C:\Windows\System\IkDVsNL.exe
  C:\Windows\System\IkDVsNL.exe
  2⤵
  PID:10128
- C:\Windows\System\wyMTdoW.exe
  C:\Windows\System\wyMTdoW.exe
  2⤵
  PID:10220
- C:\Windows\System\sSiiOoh.exe
  C:\Windows\System\sSiiOoh.exe
  2⤵
  PID:9284
- C:\Windows\System\CQHLUZJ.exe
  C:\Windows\System\CQHLUZJ.exe
  2⤵
  PID:9592
- C:\Windows\System\iVmAhup.exe
  C:\Windows\System\iVmAhup.exe
  2⤵
  PID:9664
- C:\Windows\System\YXYhbbU.exe
  C:\Windows\System\YXYhbbU.exe
  2⤵
  PID:9816
- C:\Windows\System\gyUsMKm.exe
  C:\Windows\System\gyUsMKm.exe
  2⤵
  PID:9940
- C:\Windows\System\lyBQmuA.exe
  C:\Windows\System\lyBQmuA.exe
  2⤵
  PID:10056
- C:\Windows\System\AUhtAMl.exe
  C:\Windows\System\AUhtAMl.exe
  2⤵
  PID:10160
- C:\Windows\System\ZBFqUVM.exe
  C:\Windows\System\ZBFqUVM.exe
  2⤵
  PID:9632
- C:\Windows\System\bOlkCTV.exe
  C:\Windows\System\bOlkCTV.exe
  2⤵
  PID:9848
- C:\Windows\System\KarKRJR.exe
  C:\Windows\System\KarKRJR.exe
  2⤵
  PID:10004
- C:\Windows\System\WWDgvci.exe
  C:\Windows\System\WWDgvci.exe
  2⤵
  PID:8716
- C:\Windows\System\vAIWnSm.exe
  C:\Windows\System\vAIWnSm.exe
  2⤵
  PID:10260
- C:\Windows\System\eViCeKP.exe
  C:\Windows\System\eViCeKP.exe
  2⤵
  PID:10276
- C:\Windows\System\ujxQdfH.exe
  C:\Windows\System\ujxQdfH.exe
  2⤵
  PID:10312
- C:\Windows\System\FRwHmmt.exe
  C:\Windows\System\FRwHmmt.exe
  2⤵
  PID:10356
- C:\Windows\System\LKRfOOD.exe
  C:\Windows\System\LKRfOOD.exe
  2⤵
  PID:10380
- C:\Windows\System\PnLoWan.exe
  C:\Windows\System\PnLoWan.exe
  2⤵
  PID:10400
- C:\Windows\System\ADrxIdG.exe
  C:\Windows\System\ADrxIdG.exe
  2⤵
  PID:10424
- C:\Windows\System\xxgYxiR.exe
  C:\Windows\System\xxgYxiR.exe
  2⤵
  PID:10440
- C:\Windows\System\eIgBtaN.exe
  C:\Windows\System\eIgBtaN.exe
  2⤵
  PID:10472
- C:\Windows\System\ufXqUzX.exe
  C:\Windows\System\ufXqUzX.exe
  2⤵
  PID:10496
- C:\Windows\System\xBKBDYp.exe
  C:\Windows\System\xBKBDYp.exe
  2⤵
  PID:10532
- C:\Windows\System\xYTWEzG.exe
  C:\Windows\System\xYTWEzG.exe
  2⤵
  PID:10564
- C:\Windows\System\gVGLSiJ.exe
  C:\Windows\System\gVGLSiJ.exe
  2⤵
  PID:10592
- C:\Windows\System\vjqsxiI.exe
  C:\Windows\System\vjqsxiI.exe
  2⤵
  PID:10612
- C:\Windows\System\EhOjAAs.exe
  C:\Windows\System\EhOjAAs.exe
  2⤵
  PID:10636
- C:\Windows\System\gAuVNPt.exe
  C:\Windows\System\gAuVNPt.exe
  2⤵
  PID:10676
- C:\Windows\System\hxHqyhB.exe
  C:\Windows\System\hxHqyhB.exe
  2⤵
  PID:10704
- C:\Windows\System\arhFpDN.exe
  C:\Windows\System\arhFpDN.exe
  2⤵
  PID:10744
- C:\Windows\System\WVniDLQ.exe
  C:\Windows\System\WVniDLQ.exe
  2⤵
  PID:10772
- C:\Windows\System\veJMybq.exe
  C:\Windows\System\veJMybq.exe
  2⤵
  PID:10800
- C:\Windows\System\xvDVFUo.exe
  C:\Windows\System\xvDVFUo.exe
  2⤵
  PID:10832
- C:\Windows\System\muXEEsW.exe
  C:\Windows\System\muXEEsW.exe
  2⤵
  PID:10848
- C:\Windows\System\pLjYerR.exe
  C:\Windows\System\pLjYerR.exe
  2⤵
  PID:10876
- C:\Windows\System\ATehQDt.exe
  C:\Windows\System\ATehQDt.exe
  2⤵
  PID:10904
- C:\Windows\System\tHvMFfT.exe
  C:\Windows\System\tHvMFfT.exe
  2⤵
  PID:10928
- C:\Windows\System\hxrFgwu.exe
  C:\Windows\System\hxrFgwu.exe
  2⤵
  PID:10960
- C:\Windows\System\GnEtWyK.exe
  C:\Windows\System\GnEtWyK.exe
  2⤵
  PID:10996
- C:\Windows\System\qeRRcNi.exe
  C:\Windows\System\qeRRcNi.exe
  2⤵
  PID:11016
- C:\Windows\System\GxDaDlz.exe
  C:\Windows\System\GxDaDlz.exe
  2⤵
  PID:11044
- C:\Windows\System\UzcMXzr.exe
  C:\Windows\System\UzcMXzr.exe
  2⤵
  PID:11072
- C:\Windows\System\HDVPeeT.exe
  C:\Windows\System\HDVPeeT.exe
  2⤵
  PID:11100
- C:\Windows\System\oxYFQXQ.exe
  C:\Windows\System\oxYFQXQ.exe
  2⤵
  PID:11132
- C:\Windows\System\qPAqDhr.exe
  C:\Windows\System\qPAqDhr.exe
  2⤵
  PID:11156
- C:\Windows\System\ZoWbCkF.exe
  C:\Windows\System\ZoWbCkF.exe
  2⤵
  PID:11184
- C:\Windows\System\rkyjYZE.exe
  C:\Windows\System\rkyjYZE.exe
  2⤵
  PID:11212
- C:\Windows\System\ZmpZCtk.exe
  C:\Windows\System\ZmpZCtk.exe
  2⤵
  PID:11244
- C:\Windows\System\eZLwXZk.exe
  C:\Windows\System\eZLwXZk.exe
  2⤵
  PID:10252
- C:\Windows\System\GOBwgWt.exe
  C:\Windows\System\GOBwgWt.exe
  2⤵
  PID:10328
- C:\Windows\System\VwWZKih.exe
  C:\Windows\System\VwWZKih.exe
  2⤵
  PID:10372
- C:\Windows\System\dSjuYXf.exe
  C:\Windows\System\dSjuYXf.exe
  2⤵
  PID:10408
- C:\Windows\System\ssahDvw.exe
  C:\Windows\System\ssahDvw.exe
  2⤵
  PID:10508
- C:\Windows\System\DhAgnFw.exe
  C:\Windows\System\DhAgnFw.exe
  2⤵
  PID:10552
- C:\Windows\System\JBCqosZ.exe
  C:\Windows\System\JBCqosZ.exe
  2⤵
  PID:10656
- C:\Windows\System\LlNKulG.exe
  C:\Windows\System\LlNKulG.exe
  2⤵
  PID:10696
- C:\Windows\System\jYPshCX.exe
  C:\Windows\System\jYPshCX.exe
  2⤵
  PID:10724
- C:\Windows\System\FDYOxNu.exe
  C:\Windows\System\FDYOxNu.exe
  2⤵
  PID:10828
- C:\Windows\System\qgBQUho.exe
  C:\Windows\System\qgBQUho.exe
  2⤵
  PID:10896
- C:\Windows\System\SWGKTCn.exe
  C:\Windows\System\SWGKTCn.exe
  2⤵
  PID:10948
- C:\Windows\System\zMtiPQf.exe
  C:\Windows\System\zMtiPQf.exe
  2⤵
  PID:11088
- C:\Windows\System\yrOhIHs.exe
  C:\Windows\System\yrOhIHs.exe
  2⤵
  PID:11144
- C:\Windows\System\CwebApb.exe
  C:\Windows\System\CwebApb.exe
  2⤵
  PID:11224
- C:\Windows\System\fIVjUhz.exe
  C:\Windows\System\fIVjUhz.exe
  2⤵
  PID:10388
- C:\Windows\System\IPbdhhg.exe
  C:\Windows\System\IPbdhhg.exe
  2⤵
  PID:10432
- C:\Windows\System\ZVuoHIJ.exe
  C:\Windows\System\ZVuoHIJ.exe
  2⤵
  PID:10664
- C:\Windows\System\peyNpkv.exe
  C:\Windows\System\peyNpkv.exe
  2⤵
  PID:10688
- C:\Windows\System\QvWotEF.exe
  C:\Windows\System\QvWotEF.exe
  2⤵
  PID:11004
- C:\Windows\System\nWFjhsm.exe
  C:\Windows\System\nWFjhsm.exe
  2⤵
  PID:11200
- C:\Windows\System\gWbUTON.exe
  C:\Windows\System\gWbUTON.exe
  2⤵
  PID:10352
- C:\Windows\System\CgTCVUN.exe
  C:\Windows\System\CgTCVUN.exe
  2⤵
  PID:10608
- C:\Windows\System\rDcYbwz.exe
  C:\Windows\System\rDcYbwz.exe
  2⤵
  PID:11116
- C:\Windows\System\OzZxxlC.exe
  C:\Windows\System\OzZxxlC.exe
  2⤵
  PID:10972
- C:\Windows\System\seevCMe.exe
  C:\Windows\System\seevCMe.exe
  2⤵
  PID:11272
- C:\Windows\System\KyOJhfO.exe
  C:\Windows\System\KyOJhfO.exe
  2⤵
  PID:11308
- C:\Windows\System\RZbueBO.exe
  C:\Windows\System\RZbueBO.exe
  2⤵
  PID:11336
- C:\Windows\System\mtBpILm.exe
  C:\Windows\System\mtBpILm.exe
  2⤵
  PID:11368
- C:\Windows\System\AymztYf.exe
  C:\Windows\System\AymztYf.exe
  2⤵
  PID:11388
- C:\Windows\System\omECoTq.exe
  C:\Windows\System\omECoTq.exe
  2⤵
  PID:11412
- C:\Windows\System\GJuWRRK.exe
  C:\Windows\System\GJuWRRK.exe
  2⤵
  PID:11440
- C:\Windows\System\NkQqugQ.exe
  C:\Windows\System\NkQqugQ.exe
  2⤵
  PID:11464
- C:\Windows\System\xNuRRtL.exe
  C:\Windows\System\xNuRRtL.exe
  2⤵
  PID:11480
- C:\Windows\System\dbtkowk.exe
  C:\Windows\System\dbtkowk.exe
  2⤵
  PID:11508
- C:\Windows\System\BXvgObs.exe
  C:\Windows\System\BXvgObs.exe
  2⤵
  PID:11528
- C:\Windows\System\KhqqkTh.exe
  C:\Windows\System\KhqqkTh.exe
  2⤵
  PID:11568
- C:\Windows\System\xVupaFW.exe
  C:\Windows\System\xVupaFW.exe
  2⤵
  PID:11596
- C:\Windows\System\GLwEqFU.exe
  C:\Windows\System\GLwEqFU.exe
  2⤵
  PID:11632
- C:\Windows\System\mttsBgM.exe
  C:\Windows\System\mttsBgM.exe
  2⤵
  PID:11664
- C:\Windows\System\zfteBQj.exe
  C:\Windows\System\zfteBQj.exe
  2⤵
  PID:11704
- C:\Windows\System\LkPeIYO.exe
  C:\Windows\System\LkPeIYO.exe
  2⤵
  PID:11732
- C:\Windows\System\czptofS.exe
  C:\Windows\System\czptofS.exe
  2⤵
  PID:11748
- C:\Windows\System\TjfGEqX.exe
  C:\Windows\System\TjfGEqX.exe
  2⤵
  PID:11780
- C:\Windows\System\ErWWbZy.exe
  C:\Windows\System\ErWWbZy.exe
  2⤵
  PID:11804
- C:\Windows\System\gIiCZzT.exe
  C:\Windows\System\gIiCZzT.exe
  2⤵
  PID:11820
- C:\Windows\System\QHkHSZp.exe
  C:\Windows\System\QHkHSZp.exe
  2⤵
  PID:11844
- C:\Windows\System\iEZEenK.exe
  C:\Windows\System\iEZEenK.exe
  2⤵
  PID:11880
- C:\Windows\System\SJPQBcc.exe
  C:\Windows\System\SJPQBcc.exe
  2⤵
  PID:11904
- C:\Windows\System\MRWKvuL.exe
  C:\Windows\System\MRWKvuL.exe
  2⤵
  PID:11944
- C:\Windows\System\mWUHjgA.exe
  C:\Windows\System\mWUHjgA.exe
  2⤵
  PID:11960
- C:\Windows\System\yQNMQFk.exe
  C:\Windows\System\yQNMQFk.exe
  2⤵
  PID:11996
- C:\Windows\System\PIhtHXw.exe
  C:\Windows\System\PIhtHXw.exe
  2⤵
  PID:12028
- C:\Windows\System\VYVoosY.exe
  C:\Windows\System\VYVoosY.exe
  2⤵
  PID:12064
- C:\Windows\System\UgFwPMs.exe
  C:\Windows\System\UgFwPMs.exe
  2⤵
  PID:12084
- C:\Windows\System\XQQoJad.exe
  C:\Windows\System\XQQoJad.exe
  2⤵
  PID:12116
- C:\Windows\System\NKeVKMW.exe
  C:\Windows\System\NKeVKMW.exe
  2⤵
  PID:12144
- C:\Windows\System\dtrRnac.exe
  C:\Windows\System\dtrRnac.exe
  2⤵
  PID:12180
- C:\Windows\System\HarxQHc.exe
  C:\Windows\System\HarxQHc.exe
  2⤵
  PID:12200
- C:\Windows\System\WWRHmiW.exe
  C:\Windows\System\WWRHmiW.exe
  2⤵
  PID:12216
- C:\Windows\System\vRFeieT.exe
  C:\Windows\System\vRFeieT.exe
  2⤵
  PID:12260
- C:\Windows\System\aWWSVtO.exe
  C:\Windows\System\aWWSVtO.exe
  2⤵
  PID:12284
- C:\Windows\System\gebwXpd.exe
  C:\Windows\System\gebwXpd.exe
  2⤵
  PID:11328
- C:\Windows\System\WcJiKnk.exe
  C:\Windows\System\WcJiKnk.exe
  2⤵
  PID:11396
- C:\Windows\System\SoHZGJz.exe
  C:\Windows\System\SoHZGJz.exe
  2⤵
  PID:11436
- C:\Windows\System\avbuiSJ.exe
  C:\Windows\System\avbuiSJ.exe
  2⤵
  PID:11552
- C:\Windows\System\kwRKeXQ.exe
  C:\Windows\System\kwRKeXQ.exe
  2⤵
  PID:11540
- C:\Windows\System\UgZKqdi.exe
  C:\Windows\System\UgZKqdi.exe
  2⤵
  PID:11648
- C:\Windows\System\vbOISoX.exe
  C:\Windows\System\vbOISoX.exe
  2⤵
  PID:11700
- C:\Windows\System\Xuaebur.exe
  C:\Windows\System\Xuaebur.exe
  2⤵
  PID:11764
- C:\Windows\System\brQSmqJ.exe
  C:\Windows\System\brQSmqJ.exe
  2⤵
  PID:11856
- C:\Windows\System\ynHMRwg.exe
  C:\Windows\System\ynHMRwg.exe
  2⤵
  PID:11900
- C:\Windows\System\CKsLlFR.exe
  C:\Windows\System\CKsLlFR.exe
  2⤵
  PID:11956
- C:\Windows\System\ctKrATb.exe
  C:\Windows\System\ctKrATb.exe
  2⤵
  PID:12012
- C:\Windows\System\ZBHlVLa.exe
  C:\Windows\System\ZBHlVLa.exe
  2⤵
  PID:12076
- C:\Windows\System\cjcwdzf.exe
  C:\Windows\System\cjcwdzf.exe
  2⤵
  PID:12164
- C:\Windows\System\nvHKDZl.exe
  C:\Windows\System\nvHKDZl.exe
  2⤵
  PID:12196
- C:\Windows\System\XxMPfmY.exe
  C:\Windows\System\XxMPfmY.exe
  2⤵
  PID:12244
- C:\Windows\System\XgcaPWC.exe
  C:\Windows\System\XgcaPWC.exe
  2⤵
  PID:11280
- C:\Windows\System\UVvflAa.exe
  C:\Windows\System\UVvflAa.exe
  2⤵
  PID:11476
- C:\Windows\System\AWEBlXp.exe
  C:\Windows\System\AWEBlXp.exe
  2⤵
  PID:11588
- C:\Windows\System\cbxDJXT.exe
  C:\Windows\System\cbxDJXT.exe
  2⤵
  PID:11744
- C:\Windows\System\UufVOTY.exe
  C:\Windows\System\UufVOTY.exe
  2⤵
  PID:11980
- C:\Windows\System\LbsjDHQ.exe
  C:\Windows\System\LbsjDHQ.exe
  2⤵
  PID:12136
- C:\Windows\System\RppHkTN.exe
  C:\Windows\System\RppHkTN.exe
  2⤵
  PID:12236
- C:\Windows\System\NUfjkWf.exe
  C:\Windows\System\NUfjkWf.exe
  2⤵
  PID:11740
- C:\Windows\System\xBwqJnY.exe
  C:\Windows\System\xBwqJnY.exe
  2⤵
  PID:11676
- C:\Windows\System\lNvsrCn.exe
  C:\Windows\System\lNvsrCn.exe
  2⤵
  PID:12096
- C:\Windows\System\tiXOJkt.exe
  C:\Windows\System\tiXOJkt.exe
  2⤵
  PID:11608
- C:\Windows\System\wvGOLax.exe
  C:\Windows\System\wvGOLax.exe
  2⤵
  PID:12292
- C:\Windows\System\fUKDJQn.exe
  C:\Windows\System\fUKDJQn.exe
  2⤵
  PID:12312
- C:\Windows\System\sjwafDx.exe
  C:\Windows\System\sjwafDx.exe
  2⤵
  PID:12348
- C:\Windows\System\kqrZFyb.exe
  C:\Windows\System\kqrZFyb.exe
  2⤵
  PID:12372
- C:\Windows\System\TNfvDiK.exe
  C:\Windows\System\TNfvDiK.exe
  2⤵
  PID:12416
- C:\Windows\System\YaTemfC.exe
  C:\Windows\System\YaTemfC.exe
  2⤵
  PID:12448
- C:\Windows\System\XGraJOZ.exe
  C:\Windows\System\XGraJOZ.exe
  2⤵
  PID:12480
- C:\Windows\System\TFEZQlF.exe
  C:\Windows\System\TFEZQlF.exe
  2⤵
  PID:12500
- C:\Windows\System\SysLhxU.exe
  C:\Windows\System\SysLhxU.exe
  2⤵
  PID:12524
- C:\Windows\System\PpyfHDl.exe
  C:\Windows\System\PpyfHDl.exe
  2⤵
  PID:12556
- C:\Windows\System\QkrQmwK.exe
  C:\Windows\System\QkrQmwK.exe
  2⤵
  PID:12584
- C:\Windows\System\UuIjszv.exe
  C:\Windows\System\UuIjszv.exe
  2⤵
  PID:12620
- C:\Windows\System\tWDfcuN.exe
  C:\Windows\System\tWDfcuN.exe
  2⤵
  PID:12644
- C:\Windows\System\ZOnpDko.exe
  C:\Windows\System\ZOnpDko.exe
  2⤵
  PID:12668
- C:\Windows\System\mzXTXYj.exe
  C:\Windows\System\mzXTXYj.exe
  2⤵
  PID:12704
- C:\Windows\System\OkNxyfY.exe
  C:\Windows\System\OkNxyfY.exe
  2⤵
  PID:12724
- C:\Windows\System\VIPKoRd.exe
  C:\Windows\System\VIPKoRd.exe
  2⤵
  PID:12760
- C:\Windows\System\LzuCrho.exe
  C:\Windows\System\LzuCrho.exe
  2⤵
  PID:12780
- C:\Windows\System\TMCqupY.exe
  C:\Windows\System\TMCqupY.exe
  2⤵
  PID:12812
- C:\Windows\System\VCYDRnM.exe
  C:\Windows\System\VCYDRnM.exe
  2⤵
  PID:12840
- C:\Windows\System\YmtubrQ.exe
  C:\Windows\System\YmtubrQ.exe
  2⤵
  PID:12872
- C:\Windows\System\UUwsWUz.exe
  C:\Windows\System\UUwsWUz.exe
  2⤵
  PID:12904
- C:\Windows\System\GeparpL.exe
  C:\Windows\System\GeparpL.exe
  2⤵
  PID:12932
- C:\Windows\System\FVdWoXj.exe
  C:\Windows\System\FVdWoXj.exe
  2⤵
  PID:12960
- C:\Windows\System\JfBZcSh.exe
  C:\Windows\System\JfBZcSh.exe
  2⤵
  PID:12976
- C:\Windows\System\cXShSxH.exe
  C:\Windows\System\cXShSxH.exe
  2⤵
  PID:12996
- C:\Windows\System\dEODIEA.exe
  C:\Windows\System\dEODIEA.exe
  2⤵
  PID:13032
- C:\Windows\System\UtDEupa.exe
  C:\Windows\System\UtDEupa.exe
  2⤵
  PID:13072
- C:\Windows\System\qlsLflt.exe
  C:\Windows\System\qlsLflt.exe
  2⤵
  PID:13100
- C:\Windows\System\pOjIeFs.exe
  C:\Windows\System\pOjIeFs.exe
  2⤵
  PID:13128
- C:\Windows\System\GjnoLpV.exe
  C:\Windows\System\GjnoLpV.exe
  2⤵
  PID:13156
- C:\Windows\System\IlHufEE.exe
  C:\Windows\System\IlHufEE.exe
  2⤵
  PID:13184
- C:\Windows\System\EMZGYIN.exe
  C:\Windows\System\EMZGYIN.exe
  2⤵
  PID:13208
- C:\Windows\System\Uvqrklh.exe
  C:\Windows\System\Uvqrklh.exe
  2⤵
  PID:13228
- C:\Windows\System\IJLRGGf.exe
  C:\Windows\System\IJLRGGf.exe
  2⤵
  PID:13248
- C:\Windows\System\CCOSqSl.exe
  C:\Windows\System\CCOSqSl.exe
  2⤵
  PID:13280
- C:\Windows\System\IGdPmxH.exe
  C:\Windows\System\IGdPmxH.exe
  2⤵
  PID:11816
- C:\Windows\System\zvzOuvs.exe
  C:\Windows\System\zvzOuvs.exe
  2⤵
  PID:12320
- C:\Windows\System\xqwQWPd.exe
  C:\Windows\System\xqwQWPd.exe
  2⤵
  PID:12396
- C:\Windows\System\WaItbYm.exe
  C:\Windows\System\WaItbYm.exe
  2⤵
  PID:12464
- C:\Windows\System\MRxgcLf.exe
  C:\Windows\System\MRxgcLf.exe
  2⤵
  PID:12548
- C:\Windows\System\VbDGEgz.exe
  C:\Windows\System\VbDGEgz.exe
  2⤵
  PID:12596
- C:\Windows\System\lkgJDqY.exe
  C:\Windows\System\lkgJDqY.exe
  2⤵
  PID:12692
- C:\Windows\System\ouWsOjQ.exe
  C:\Windows\System\ouWsOjQ.exe
  2⤵
  PID:12700
- C:\Windows\System\zqWjpnl.exe
  C:\Windows\System\zqWjpnl.exe
  2⤵
  PID:12768
- C:\Windows\System\beHnsuG.exe
  C:\Windows\System\beHnsuG.exe
  2⤵
  PID:12892
- C:\Windows\System\zYJUdtg.exe
  C:\Windows\System\zYJUdtg.exe
  2⤵
  PID:12944
- C:\Windows\System\CxrSUnW.exe
  C:\Windows\System\CxrSUnW.exe
  2⤵
  PID:13024
- C:\Windows\System\yABuUTt.exe
  C:\Windows\System\yABuUTt.exe
  2⤵
  PID:13084
- C:\Windows\System\pRDmJuv.exe
  C:\Windows\System\pRDmJuv.exe
  2⤵
  PID:13140
- C:\Windows\System\OVEGiVW.exe
  C:\Windows\System\OVEGiVW.exe
  2⤵
  PID:13200
- C:\Windows\System\uZNYnoc.exe
  C:\Windows\System\uZNYnoc.exe
  2⤵
  PID:13244
- C:\Windows\System\ZQIhRsO.exe
  C:\Windows\System\ZQIhRsO.exe
  2⤵
  PID:13296
- C:\Windows\System\PITCwQU.exe
  C:\Windows\System\PITCwQU.exe
  2⤵
  PID:12304
- C:\Windows\System\QtELCdh.exe
  C:\Windows\System\QtELCdh.exe
  2⤵
  PID:12492
- C:\Windows\System\VDmtbom.exe
  C:\Windows\System\VDmtbom.exe
  2⤵
  PID:12632
- C:\Windows\System\SCoXHJy.exe
  C:\Windows\System\SCoXHJy.exe
  2⤵
  PID:12772
- C:\Windows\System\FEuRQKd.exe
  C:\Windows\System\FEuRQKd.exe
  2⤵
  PID:12972
- C:\Windows\System\aNYNPpX.exe
  C:\Windows\System\aNYNPpX.exe
  2⤵
  PID:13180
- C:\Windows\System\xgEYPda.exe
  C:\Windows\System\xgEYPda.exe
  2⤵
  PID:3704
- C:\Windows\System\KQVVcXE.exe
  C:\Windows\System\KQVVcXE.exe
  2⤵
  PID:13272
- C:\Windows\System\DLlKlhI.exe
  C:\Windows\System\DLlKlhI.exe
  2⤵
  PID:12664
- C:\Windows\System\CkGtDDk.exe
  C:\Windows\System\CkGtDDk.exe
  2⤵
  PID:12948
- C:\Windows\System\EcrzIAX.exe
  C:\Windows\System\EcrzIAX.exe
  2⤵
  PID:440
- C:\Windows\System\OYiuMXZ.exe
  C:\Windows\System\OYiuMXZ.exe
  2⤵
  PID:1204
- C:\Windows\System\QjBBfSn.exe
  C:\Windows\System\QjBBfSn.exe
  2⤵
  PID:12748
- C:\Windows\System\AfDWjsA.exe
  C:\Windows\System\AfDWjsA.exe
  2⤵
  PID:2940
- C:\Windows\System\xsXaYnd.exe
  C:\Windows\System\xsXaYnd.exe
  2⤵
  PID:13224
- C:\Windows\System\fGSmEVV.exe
  C:\Windows\System\fGSmEVV.exe
  2⤵
  PID:13320
- C:\Windows\System\aaBPeUs.exe
  C:\Windows\System\aaBPeUs.exe
  2⤵
  PID:13360
- C:\Windows\System\BqBmFSl.exe
  C:\Windows\System\BqBmFSl.exe
  2⤵
  PID:13376
- C:\Windows\System\inGaUPS.exe
  C:\Windows\System\inGaUPS.exe
  2⤵
  PID:13404
- C:\Windows\System\qAiaagK.exe
  C:\Windows\System\qAiaagK.exe
  2⤵
  PID:13424
- C:\Windows\System\NoQEIqq.exe
  C:\Windows\System\NoQEIqq.exe
  2⤵
  PID:13456
- C:\Windows\System\FrFPAik.exe
  C:\Windows\System\FrFPAik.exe
  2⤵
  PID:13484
- C:\Windows\System\cgxnNdK.exe
  C:\Windows\System\cgxnNdK.exe
  2⤵
  PID:13520
- C:\Windows\System\CBCIrng.exe
  C:\Windows\System\CBCIrng.exe
  2⤵
  PID:13552
- C:\Windows\System\yYtizlu.exe
  C:\Windows\System\yYtizlu.exe
  2⤵
  PID:13596
- C:\Windows\System\UEUjFuI.exe
  C:\Windows\System\UEUjFuI.exe
  2⤵
  PID:13616
- C:\Windows\System\rujOPap.exe
  C:\Windows\System\rujOPap.exe
  2⤵
  PID:13652
- C:\Windows\System\WRfHFtC.exe
  C:\Windows\System\WRfHFtC.exe
  2⤵
  PID:13688
- C:\Windows\System\cigutgp.exe
  C:\Windows\System\cigutgp.exe
  2⤵
  PID:13720
- C:\Windows\System\LAOtblk.exe
  C:\Windows\System\LAOtblk.exe
  2⤵
  PID:13752
- C:\Windows\System\OgeyccA.exe
  C:\Windows\System\OgeyccA.exe
  2⤵
  PID:13776
- C:\Windows\System\AvKJZcY.exe
  C:\Windows\System\AvKJZcY.exe
  2⤵
  PID:13808
- C:\Windows\System\bCQfryD.exe
  C:\Windows\System\bCQfryD.exe
  2⤵
  PID:13832
- C:\Windows\System\qVQdVVN.exe
  C:\Windows\System\qVQdVVN.exe
  2⤵
  PID:13864
- C:\Windows\System\IfAzFPi.exe
  C:\Windows\System\IfAzFPi.exe
  2⤵
  PID:13892
- C:\Windows\System\omgmMsB.exe
  C:\Windows\System\omgmMsB.exe
  2⤵
  PID:13924
- C:\Windows\System\vCNKMmS.exe
  C:\Windows\System\vCNKMmS.exe
  2⤵
  PID:13940
- C:\Windows\System\BBAkaSn.exe
  C:\Windows\System\BBAkaSn.exe
  2⤵
  PID:13972
- C:\Windows\System\vOYfuei.exe
  C:\Windows\System\vOYfuei.exe
  2⤵
  PID:14012
- C:\Windows\System\kkhQYVv.exe
  C:\Windows\System\kkhQYVv.exe
  2⤵
  PID:14040
- C:\Windows\System\ALwFEgF.exe
  C:\Windows\System\ALwFEgF.exe
  2⤵
  PID:14064
- C:\Windows\System\IVRxxDP.exe
  C:\Windows\System\IVRxxDP.exe
  2⤵
  PID:14096
- C:\Windows\System\bSVLnQS.exe
  C:\Windows\System\bSVLnQS.exe
  2⤵
  PID:14116
- C:\Windows\System\avTluzh.exe
  C:\Windows\System\avTluzh.exe
  2⤵
  PID:14140
- C:\Windows\System\CubIwDh.exe
  C:\Windows\System\CubIwDh.exe
  2⤵
  PID:14176
- C:\Windows\System\GWXnNdD.exe
  C:\Windows\System\GWXnNdD.exe
  2⤵
  PID:14204
- C:\Windows\System\IIzkCAk.exe
  C:\Windows\System\IIzkCAk.exe
  2⤵
  PID:14240
- C:\Windows\System\WsgAOyT.exe
  C:\Windows\System\WsgAOyT.exe
  2⤵
  PID:14268
- C:\Windows\System\RNQxWod.exe
  C:\Windows\System\RNQxWod.exe
  2⤵
  PID:14296
- C:\Windows\System\TNMUKKg.exe
  C:\Windows\System\TNMUKKg.exe
  2⤵
  PID:14324
- C:\Windows\System\sRjkrgd.exe
  C:\Windows\System\sRjkrgd.exe
  2⤵
  PID:3124
- C:\Windows\System\NPPMPrm.exe
  C:\Windows\System\NPPMPrm.exe
  2⤵
  PID:3596
- C:\Windows\System\BEitBlR.exe
  C:\Windows\System\BEitBlR.exe
  2⤵
  PID:13452
- C:\Windows\System\WWccbgq.exe
  C:\Windows\System\WWccbgq.exe
  2⤵
  PID:13540
- C:\Windows\System\cCpGbcy.exe
  C:\Windows\System\cCpGbcy.exe
  2⤵
  PID:13648
- C:\Windows\System\EHLgutE.exe
  C:\Windows\System\EHLgutE.exe
  2⤵
  PID:13668
- C:\Windows\System\OQYRDdw.exe
  C:\Windows\System\OQYRDdw.exe
  2⤵
  PID:13748
- C:\Windows\System\aeyMiUJ.exe
  C:\Windows\System\aeyMiUJ.exe
  2⤵
  PID:13816
- C:\Windows\System\HLIPGaD.exe
  C:\Windows\System\HLIPGaD.exe
  2⤵
  PID:13880
- C:\Windows\System\yneRRmh.exe
  C:\Windows\System\yneRRmh.exe
  2⤵
  PID:13964
- C:\Windows\System\aCEdQJd.exe
  C:\Windows\System\aCEdQJd.exe
  2⤵
  PID:14124
- C:\Windows\System\YVpnCOg.exe
  C:\Windows\System\YVpnCOg.exe
  2⤵
  PID:14128
- C:\Windows\System\UMaLDit.exe
  C:\Windows\System\UMaLDit.exe
  2⤵
  PID:14288
- C:\Windows\System\rmlBujV.exe
  C:\Windows\System\rmlBujV.exe
  2⤵
  PID:14320
- C:\Windows\System\urFoJtb.exe
  C:\Windows\System\urFoJtb.exe
  2⤵
  PID:13412
- C:\Windows\System\rBdtcgX.exe
  C:\Windows\System\rBdtcgX.exe
  2⤵
  PID:13336
- C:\Windows\System\eSPQrCO.exe
  C:\Windows\System\eSPQrCO.exe
  2⤵
  PID:13468
- C:\Windows\System\LEmwKkS.exe
  C:\Windows\System\LEmwKkS.exe
  2⤵
  PID:13448
- C:\Windows\System\CtabWpl.exe
  C:\Windows\System\CtabWpl.exe
  2⤵
  PID:13800
- C:\Windows\System\GSJifoa.exe
  C:\Windows\System\GSJifoa.exe
  2⤵
  PID:14056
- C:\Windows\System\DkctLgR.exe
  C:\Windows\System\DkctLgR.exe
  2⤵
  PID:4496
- C:\Windows\System\oOxWrjp.exe
  C:\Windows\System\oOxWrjp.exe
  2⤵
  PID:13316
- C:\Windows\System\sYKbnVq.exe
  C:\Windows\System\sYKbnVq.exe
  2⤵
  PID:3224
- C:\Windows\System\JLQvTRP.exe
  C:\Windows\System\JLQvTRP.exe
  2⤵
  PID:13240
- C:\Windows\System\EZsTVsh.exe
  C:\Windows\System\EZsTVsh.exe
  2⤵
  PID:14360
- C:\Windows\System\kJGQCOs.exe
  C:\Windows\System\kJGQCOs.exe
  2⤵
  PID:14392
- C:\Windows\System\aJoRHwH.exe
  C:\Windows\System\aJoRHwH.exe
  2⤵
  PID:14420
- C:\Windows\System\VFEUNtu.exe
  C:\Windows\System\VFEUNtu.exe
  2⤵
  PID:14448
- C:\Windows\System\IisoeuF.exe
  C:\Windows\System\IisoeuF.exe
  2⤵
  PID:14484
- C:\Windows\System\vtHVfMf.exe
  C:\Windows\System\vtHVfMf.exe
  2⤵
  PID:14508
- C:\Windows\System\NrDFiLy.exe
  C:\Windows\System\NrDFiLy.exe
  2⤵
  PID:14620
- C:\Windows\System\UmwPhhp.exe
  C:\Windows\System\UmwPhhp.exe
  2⤵
  PID:14636

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BbjdshI.exe

Filesize
2.2MB

MD5
7eff8cf14fed94099685165ced69ae65

SHA1
5f538e3244c101ab6e260278b740dda9c7e65b88

SHA256
fbb601245eedbc6934cf7f0f3b711a064dc3a8081eea2e7a983dc52d0bc990d4

SHA512
b84cff6e094831e3bced68523c156fc3c04e29ed68b6094bc6deba3e917eaec7d1f8973805f5449a20d160cf8d7516f25ba7e8e6de6d7e43440d2455c6cc3ca0

Download Submit
C:\Windows\System\BdCtrGj.exe

Filesize
2.2MB

MD5
37d1182d440172f9c53c12b59a9e239b

SHA1
6b6a03821c061308e56f6eba419e772ccd459323

SHA256
f4a808d8f92c19ef00d59ea984b0fbe32c104ac961cf05ac49485f9e7a502216

SHA512
7c1c03f121bf3f85f80371bd9736af1a9302f3d6c2125a8c48769c030d463abb4691d2c9b389db7828571320b1354bf6b6a056859d2c3692c13770598a8d43f2

Download Submit
C:\Windows\System\BuJpwHQ.exe

Filesize
2.2MB

MD5
a5f35e71b1e35d9af77116ec3912113a

SHA1
47148492334bd9d0fd229c6a9dfdd47911f8973f

SHA256
e6594d190259697d7e0747951b03efd6f7ef90c5d12e035631e1463d402ebbc2

SHA512
1a5ca114fdb7772388dbe5cc634297574aca9df5f0c91f920b490eef044590e0ec0ad2d9834ad3bc400e2e2df00f5bccff0464e4e4fb60826869444188f6cbfe

Download Submit
C:\Windows\System\DREusLd.exe

Filesize
2.2MB

MD5
eec87907f9918fa24a5bf7bdc1ae739c

SHA1
cc8a072a9ca8d47902e22448718a7b16465ba897

SHA256
45e670eae79e9dd4b58249c4ec33fd80a0ac908814807cac2980ed9f290c188e

SHA512
e1efb768d57badb29ebaa825f87df791eea26ff108b81ee44995b328c8b68942bf98214e2c04a6012ab3d85a1990d1185bb0a90975b62159968bd911d97031d3

Download Submit
C:\Windows\System\GJpEgzc.exe

Filesize
2.2MB

MD5
e75a8e7eabdc11e0300ad857a3219d15

SHA1
46cc2bbf4772c49f82c3642949adbcb1fae23cc3

SHA256
fe9b89f8204c1acfd63630ffae784f88a3962552570e2c9dbbe74b2934476b3c

SHA512
3a4ad179833692b76693c3e6a083fb88eaa6b444f0206c440f028c26d992fa2b8236752e5761a80b711017c8a7d14df2ba0afd3c04f52942a709cf36d1461015

Download Submit
C:\Windows\System\GiNprbl.exe

Filesize
2.2MB

MD5
1c2a20223230fd7a75f8568917077870

SHA1
5e4b793467f094a325dca2c94d596558d27e459d

SHA256
6287c86417c70225eb3571e230d2e056d3c053b3dab71d81a36589ac5e1c54b9

SHA512
1da381acc5a320be0978be51d94efd1dbf31be3f29df5a41427ee2382a1e13c9efc991fde18b8fe8a1a5a945b16fae96c0ee4d21aac4369275bd5931a5229df8

Download Submit
C:\Windows\System\GtZHDSz.exe

Filesize
2.2MB

MD5
4c72ad644f9d41842f01764a357d9327

SHA1
e8272c156792799c7af2a76cc00f7e481ca50465

SHA256
cbb0c31504eb3eda6ae625b1b18b5d01d7774bd29a752ee6f217aa1205d6f884

SHA512
96666a4c8f59bdc355bee657167440baff7edba7ab524a29b6e1e74ee53400269682fbce67e028d36ad61450c4144d6014860efa60851fdd9fa2201d026d49ed

Download Submit
C:\Windows\System\HSWsjOI.exe

Filesize
2.2MB

MD5
117a97b557312e495e92b4d5513b24e2

SHA1
6e6230c6fc5612137be921b55ae6315df76f1932

SHA256
57e701b29d578344f085345f22cecc0b34b24cfc61a571e79ee99697b9bf7c23

SHA512
7bfe00893aa4785cfd91f326f889cdad4aa1e3cafbf5ef8782b6fbe114162fabf98ef8be1c069a4f50d50d7700c37d27d2ea0aef43b7f0110ec5dca6aeb3a018

Download Submit
C:\Windows\System\HsLWuSJ.exe

Filesize
2.2MB

MD5
ffbbeae8596ff5a842c4a6c052032a6f

SHA1
79f4f9467816f4afaa6ff7b1df4bb88d41d258d0

SHA256
137ce85f4118a416699bcfa396383f383c6bcb2dcd1a321afb63a90655088eef

SHA512
86d44a711b6d6d13cd417bff843803d8f04f8c359d1047b3eac77815e2feb953c94c5d911f80c2b926bde8bddfaa1f3e6fe32906a604b8a8bdd92367c4484c67

Download Submit
C:\Windows\System\IUWEjgx.exe

Filesize
2.2MB

MD5
9faaf968dc363508810078aa08c6c74f

SHA1
640dec160d1d5fe76191cdcbfb9204eee321d013

SHA256
29b1866dbd4d7548113b72dc4d66f63140633e3deff453337d95f931430e8509

SHA512
9b3792464cdabf27190a8b4f2ac01607f0e7d284db0b1390a09244a44d16018933405fca09714905b60e00df6f4b9e2a337f377ff22a05f5654da906c286da62

Download Submit
C:\Windows\System\KamSoBw.exe

Filesize
2.2MB

MD5
64693c8b4125eb3eb6c1e60c09c8dd69

SHA1
02ae9fa228de03fb121aae8d8c7c1b8bbcb39176

SHA256
da3deacbc4ff45f870ea0f7826807ecc3e773190aeb233e15d3f76c98b0c6108

SHA512
befb935ade1d7fc8e6c57a1755b96dea368d7d1828b793fef665972d49ca693fe1ec100b7faf2e0813c9227d2dbe797b14588378da16dd9bbaccc7dac44b12de

Download Submit
C:\Windows\System\LjYAMvl.exe

Filesize
2.2MB

MD5
2635511a690e9d4b79300209b501df90

SHA1
4e94f6029bb3b1918415cd2b6ecd1c6830521c2f

SHA256
8af19359dcd68884fd7802b217d9e0db4fa67bacee9ab66316edd6480e42b9cd

SHA512
750d9dfeedfe9bf7fd27bfa7ee5d4fde4a7d3bc3dd54d2c82cd9577969ac21148a1d85845b87abac7b74d5dbec8a864a26547b4408931fbc0fd5e4df5bb9f7ca

Download Submit
C:\Windows\System\OQTByxC.exe

Filesize
2.2MB

MD5
f79464d94e558bc340b7a59672b31870

SHA1
fed1ba17a2ec7732721554834c5666417b232159

SHA256
fa74c031b990e19d05f9243485a684693de534c3a07c5de9b82c2dd41c740f3d

SHA512
2b9e925f53272bdfd85e2912d7f35e21b671b5f16091f2859a6e04c0826e3363ea5408426cc84b1e05d7372522769d284cd834ba82092216940a85a7b16539b2

Download Submit
C:\Windows\System\OZxKVkj.exe

Filesize
2.2MB

MD5
6a51916e0dea34b33815afa46e4226d0

SHA1
87ca9043e0767b3139873333f5f69d80e947efbc

SHA256
7fcdcb1fd54c3f7e69c11196be4b75da2874b48aedb63b8477e71bd6f862319a

SHA512
0ca74067620039956c36f9a1b9a2b6f48094161812c19ee676f18a448b133f22318cc4c2a5a8b4ecd76307e82861c937a4e3ef1b3bda932d372769a2acb96bec

Download Submit
C:\Windows\System\OwMLDlT.exe

Filesize
2.2MB

MD5
eefa01d1246ac464dfebb0cbf764d398

SHA1
ebeecd55faaa243e38fd6c3b0daad77802ec5a7a

SHA256
5acc9431b8d16fa4fb44ca8de96972645a5ec54e30e9e54b13f706d1fae3d4b2

SHA512
a106015a13b9aee488eb5b7d749f23d40c4292545a9ffa8b4dedf7c423917fe260c5eff40f65dd40c30328da7f3977a71d729661b8f7ac546c7eea4cd53a6009

Download Submit
C:\Windows\System\RGtRtMD.exe

Filesize
2.2MB

MD5
38dba243d71d53cf6feff611b74d1397

SHA1
be54cbb57ab494dda7539006d2ac766bc436c176

SHA256
7ea194d706009153a05764b9dffe9dee269d5048c8c1d862d7cb6061551089b8

SHA512
1df8d3906e83b8de7f9ea286ecfeb95a58f6db44982ab37507ceca7d801740756225f592c53cac086cfc0a82d5e4da343b34668eb25d1b2655bd313826b3202b

Download Submit
C:\Windows\System\ROuBlrV.exe

Filesize
2.2MB

MD5
944fe6471ffecd40517cc3ef5555ebc8

SHA1
7bb3c1c9e15643cc703424e485fea2eeb30ddb50

SHA256
0963ce8c5d2ab50b6c999eafd56149839570aad2bc90016b5388cc2221af5d3c

SHA512
73dfe95b6027685c32632076fd199158072d9b2ced30970e3fd3b4ed441fd0355da8f9d0cd55c658cfc5f7392e47bf49de7bb2887c60c679cb74916afd62822e

Download Submit
C:\Windows\System\SSHVCPh.exe

Filesize
2.2MB

MD5
60afc9ca2eaa1340d5b7bd130a0d25cd

SHA1
67944991602de6f25a8d14665ec8f00ce7f12173

SHA256
32a1814a68e2bc4564fbddd329ed55a408b967bddc68eb17238ea9e9ac344be9

SHA512
ea1f9f28312be6e78b1b3c9a42d5684219f959555e276d78f5c2e13b9e28d1d91624edbbca94dc50cc2b82e4c058dcec3fa60cbc897d571e593c559c13702961

Download Submit
C:\Windows\System\STKPdas.exe

Filesize
2.2MB

MD5
fa47c87d448d284711280fbc2a6ea05f

SHA1
f2659bf26c0cf43f988c1d167dd04f3e9920c621

SHA256
408351d19b3a477c71480b71a87d3da3be850e0676890b18e3ecc424395b58c6

SHA512
552d1997bf65823d9721a5e64575a08cb19945028c26a4111703263bb54d3c61b46cb5ee9b5c15d35d5084491b073154ae692eb70ff6d636e68359eb44551f99

Download Submit
C:\Windows\System\TpUvRkH.exe

Filesize
2.2MB

MD5
ffa678e407d7523187d2182ada688254

SHA1
76c114ca0ca0a18d23f9d090e60e574619b75719

SHA256
4e33f8e054bb436e9085d03b7b4a07681788b7a6ff2bd493b891c2c2022f00a6

SHA512
b31ded4082e607c3ddb1bbf862f82b532c7684ed3113fc65025c7b8f76ee579c063f3d69c43c7c16c162890a49bd8da1a1046b502de7af8368af227c6a1b4962

Download Submit
C:\Windows\System\WRSPOon.exe

Filesize
2.2MB

MD5
950d09d947250cf9d9b0f26230074f0b

SHA1
d7a349d3029d44ca93e1165b18f0aec5bf1a3257

SHA256
60dda4c1684399afcb0519a64b77b155d9748a26e65adce02171e264e21a94b3

SHA512
3b01916baee223ceeda355ce1b7e69b78b27a41acd28c5df7868cf7f85152094c896bf202da66454f53021326812e6766c9494cb7e04d400778847dfa7d3604e

Download Submit
C:\Windows\System\WWOhfNE.exe

Filesize
2.2MB

MD5
05845b2d7614a4c2d3a33fcb0ac62c54

SHA1
a1acc2eded26a62cd6cdaf9d4851e44f61b30391

SHA256
9a5b4c122384d7a1c2bd21a2fa6bd87a658b12a6a8ccc8e0d89a24f6d28bdfe4

SHA512
d7d5066fee36efa3c755b3973bd2f154965eab867c3761f711b6f21e64e73a72f325b10489b6aa685804fa3db5c96d253131be66d2a94e4425f82426dcb0dfcd

Download Submit
C:\Windows\System\XCOLeFs.exe

Filesize
2.2MB

MD5
02cf98c57f5a1f1ec0d246579512f75a

SHA1
bf912b25eb9d15e46eea65c1b97347abcb2c72f5

SHA256
79b81f425bf7451288f9bddbc2da54f3e5dab6d137fabf6fc8b3fd6f80249eac

SHA512
034457fc2a9b664b177a8d08e823b074151328be8ec9279abb042b890f3020b852f1bd2ce9e595758923dd3cd35fb1d2db78094de1b50c264ee5690615d2df22

Download Submit
C:\Windows\System\dVnunBN.exe

Filesize
2.2MB

MD5
5169d1842d9a8087e03aa1cc7c336242

SHA1
b2c8eb6ff921e0edff312c7b693f3ceca2820661

SHA256
feff67f3207d380b7ac6d690b0fe5722571d34c67aa28263b42efac5cc779a49

SHA512
47d681008ee8c1def3aded007c5ea7ee6e573a7ef9b55452ff0aff9f50d75e43224d9276e0d8e61fcdde5e2ad172b38c5d0c24cbd2b85d0a34d6fcc1ff69220d

Download Submit
C:\Windows\System\eBQfMvo.exe

Filesize
2.2MB

MD5
afe5a4990938efe8bcea33e62f1ee0ff

SHA1
283b875a6b6c48d85db460f1138111b3d6df8ef6

SHA256
daa3635af3cd04ce2faab532d2c584ecd46a919940bf74002bfb882f782f10a8

SHA512
5a1aaceeaa0e1d5b0ee227294eb270bb824e3982c0b0516daea97f3cbf6971239c8222308f1d6f3d6b993efc7efc6b00881bebbc2693f9780e537cb32bdd8772

Download Submit
C:\Windows\System\emlIhcQ.exe

Filesize
2.2MB

MD5
a2ac6dd2a2894b776f3f6accee824548

SHA1
77ba5638859aa5d2b0915f43519a31507d7a9297

SHA256
05c9e8865120259d122e8f666f4b64751b058cb87965df115caf75cedc33fff9

SHA512
b102e74c1262d3a069e055786c44c03e037e809cdc7b54c448f4c601c7d8c5f453b6329b1dc0dbcb89749584023c1df371110e34b149508f99465330730acdc8

Download Submit
C:\Windows\System\hRQsjGx.exe

Filesize
2.2MB

MD5
b04de803b6600bb8a06239d21112bb43

SHA1
bd605b0a1b41f6e054efcf3d51d50089abbf4195

SHA256
7c84be06fac366fc3492ebe149bf658a18e63af4de9e30d7a7f0b8d3b1c66768

SHA512
4deb93242b86e48f9f5fe1168fe116238d7fbcc049dd9d20025e3cb8d576c984113bbaf2985a2f994a68dc2b658dc918f34cf64fef143b5a3c9c995deabc212a

Download Submit
C:\Windows\System\lLAEJMK.exe

Filesize
2.2MB

MD5
3885bda8f919da1f5f36d1e54c208e67

SHA1
083da8a3474dabda1b15ca254200780541e1b6d7

SHA256
d5cc972bd0c5005a51b3476508cc240f3dbf0c597ecc3c7b64c3c1c79be90b91

SHA512
e2cabaa1f771b399a1ab925c4afb9f88ab0fa737ff19d304295d2c7556fd94363226a18820176a8b330e009236dafcd4e218d995efbcd3c464cdb0779376f069

Download Submit
C:\Windows\System\mLejziv.exe

Filesize
2.2MB

MD5
73f04f6860ccef8fe517b82a879876f0

SHA1
334fc4c20cdaaf45f9b56452a952da29d09639db

SHA256
bce8a7e1a4f3141ee926f7b6cf7aae505afc874e8c08b37b1fa1b1a8460466c2

SHA512
bbb3135617532da3bf60273ae00aa91d284ceb4fa7428c40020316e83ac1f0a9c348b980841927463a13e782f1a92347fa3f1cf666354ee647a9a5a067ea6527

Download Submit
C:\Windows\System\mhLIppu.exe

Filesize
2.2MB

MD5
f62ae341cc4d44176649b2c916a6c256

SHA1
7b99e30f0299669514687d3522e10a57dd5e3116

SHA256
388029792269d1c6d377b1df3689803c668aa49b0f56d7966cf4326895bdb1d3

SHA512
2a2845ec3a816004a47f420cb52d2838ae78b9e5e66f2985dd8b26a683129da2b0ede198c938e70093eb5e0d51d111f380b8aa02f83a3f4eb9095889ce1de86a

Download Submit
C:\Windows\System\njiiQVO.exe

Filesize
2.2MB

MD5
03494b94e55fe7c6334f3cbe90af6a95

SHA1
9aedd0efd6804f0edb3dba3715c93e084216e76e

SHA256
ce31e541ad123ea9134deae6a6e89844fa2eb2a7eb1a77a6a77e5954336fe258

SHA512
bf296c146c4b6ecd9b2f81e9174ea911a622a16d9c9998cb81b0834a184bc050f9e83db9acbf9c0ff4e369a64bddd3f3ff2834c45af3441f6d45ddb5610191e7

Download Submit
C:\Windows\System\reIawDh.exe

Filesize
2.2MB

MD5
47fa1119efef9ea920a776a35b13431e

SHA1
e6b86d5ef68a25d223a5a14e433d867ad87027f6

SHA256
2df66c2066f4ae737894e658b3dc9ab39dab8396e2f60fee170294216cfebf40

SHA512
d3ed572ea4c2c3179761c7e2ed2a28b7b0d16931372eed28e4c10b5668818641e42fea0534d6f54711c48b52337403b9980f28fc9939da51dd2da5ec0705c3b4

Download Submit
C:\Windows\System\vUtJpGv.exe

Filesize
2.2MB

MD5
57248da572f786b5434d4e7a9241ac4f

SHA1
ff24cebf04856c09ff729d85f3315b526f6c2b65

SHA256
c1ef8ed1444ae1c5d49eb5a2962374fd0f58b53c385ee3b5c4757a2c1b629b97

SHA512
9d12d86fd6ac57dd8d03b47941707ac03f10ee237514956b9d0d14bcd26572346e8cfc8f0f348dafaab51589f954cf35cb7ff5e812728beb395913b1fb94ca5f

Download Submit
C:\Windows\System\vvhKKgh.exe

Filesize
2.2MB

MD5
4e5a43834ff59f7d25543e6866019437

SHA1
4068f2781dff3edd738e5f0da25ecbd3ec6c1542

SHA256
14330dda6b3590b11b75d32fb138271bdddbf3ebbe9504b1f0932da2ec351de3

SHA512
419daea2277cee4d4ad1efeb7e722c1c1dbee899aafae669ca40a304e05a814c4fbbf20290eb8c8e34077975cae12b9b076e9c216dc914068ed806fa35c55b3b

Download Submit
C:\Windows\System\zetVztu.exe

Filesize
2.2MB

MD5
5583bc14de25d9c0d22f0fc4332ba2c7

SHA1
677718ef90aa00d51a29fae34cf4c96d98199c97

SHA256
bfbbf8bd953e1b3c1046fb56f22fea8eecb51a903cbfb7c6e89745464048a027

SHA512
2dba03ca9c247c45047bb56f01fe0a594f0c8c5bd246ded6bc4125d6618fb0110202fd796245f1eed84d31afc58a4bccf62ea761fc09fd78a04868040cc45dff

Download Submit
memory/532-2088-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp

Filesize
3.3MB

Download
memory/532-57-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp

Filesize
3.3MB

Download
memory/532-2111-0x00007FF75EE10000-0x00007FF75F164000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2104-0x00007FF6E66F0000-0x00007FF6E6A44000-memory.dmp

Filesize
3.3MB

Download
memory/1084-2095-0x00007FF6E66F0000-0x00007FF6E6A44000-memory.dmp

Filesize
3.3MB

Download
memory/1084-38-0x00007FF6E66F0000-0x00007FF6E6A44000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2096-0x00007FF7DAD80000-0x00007FF7DB0D4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-2108-0x00007FF7DAD80000-0x00007FF7DB0D4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-60-0x00007FF7DAD80000-0x00007FF7DB0D4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-2098-0x00007FF6E9AA0000-0x00007FF6E9DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-2117-0x00007FF6E9AA0000-0x00007FF6E9DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-128-0x00007FF6E9AA0000-0x00007FF6E9DF4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-145-0x00007FF6736D0000-0x00007FF673A24000-memory.dmp

Filesize
3.3MB

Download
memory/1364-2107-0x00007FF6736D0000-0x00007FF673A24000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2106-0x00007FF6F38E0000-0x00007FF6F3C34000-memory.dmp

Filesize
3.3MB

Download
memory/1640-144-0x00007FF6F38E0000-0x00007FF6F3C34000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2116-0x00007FF643220000-0x00007FF643574000-memory.dmp

Filesize
3.3MB

Download
memory/1848-149-0x00007FF643220000-0x00007FF643574000-memory.dmp

Filesize
3.3MB

Download
memory/1888-2124-0x00007FF74A230000-0x00007FF74A584000-memory.dmp

Filesize
3.3MB

Download
memory/1888-142-0x00007FF74A230000-0x00007FF74A584000-memory.dmp

Filesize
3.3MB

Download
memory/1920-213-0x00007FF740570000-0x00007FF7408C4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2126-0x00007FF740570000-0x00007FF7408C4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2109-0x00007FF636A10000-0x00007FF636D64000-memory.dmp

Filesize
3.3MB

Download
memory/1980-146-0x00007FF636A10000-0x00007FF636D64000-memory.dmp

Filesize
3.3MB

Download
memory/2172-150-0x00007FF7EE7A0000-0x00007FF7EEAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2118-0x00007FF7EE7A0000-0x00007FF7EEAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2089-0x00007FF72EBC0000-0x00007FF72EF14000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2110-0x00007FF72EBC0000-0x00007FF72EF14000-memory.dmp

Filesize
3.3MB

Download
memory/2564-72-0x00007FF72EBC0000-0x00007FF72EF14000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2123-0x00007FF698A40000-0x00007FF698D94000-memory.dmp

Filesize
3.3MB

Download
memory/2672-143-0x00007FF698A40000-0x00007FF698D94000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2127-0x00007FF65EDF0000-0x00007FF65F144000-memory.dmp

Filesize
3.3MB

Download
memory/2684-217-0x00007FF65EDF0000-0x00007FF65F144000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2125-0x00007FF691620000-0x00007FF691974000-memory.dmp

Filesize
3.3MB

Download
memory/2788-210-0x00007FF691620000-0x00007FF691974000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2103-0x00007FF6B4790000-0x00007FF6B4AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2086-0x00007FF6B4790000-0x00007FF6B4AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-37-0x00007FF6B4790000-0x00007FF6B4AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2105-0x00007FF6B01C0000-0x00007FF6B0514000-memory.dmp

Filesize
3.3MB

Download
memory/3076-2087-0x00007FF6B01C0000-0x00007FF6B0514000-memory.dmp

Filesize
3.3MB

Download
memory/3076-45-0x00007FF6B01C0000-0x00007FF6B0514000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2112-0x00007FF7ACE80000-0x00007FF7AD1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-91-0x00007FF7ACE80000-0x00007FF7AD1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3220-2091-0x00007FF7ACE80000-0x00007FF7AD1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3388-1-0x0000018C65AC0000-0x0000018C65AD0000-memory.dmp

Filesize
64KB

Download
memory/3388-2085-0x00007FF7A65C0000-0x00007FF7A6914000-memory.dmp

Filesize
3.3MB

Download
memory/3388-0-0x00007FF7A65C0000-0x00007FF7A6914000-memory.dmp

Filesize
3.3MB

Download
memory/3448-82-0x00007FF66C310000-0x00007FF66C664000-memory.dmp

Filesize
3.3MB

Download
memory/3448-2114-0x00007FF66C310000-0x00007FF66C664000-memory.dmp

Filesize
3.3MB

Download
memory/3448-2090-0x00007FF66C310000-0x00007FF66C664000-memory.dmp

Filesize
3.3MB

Download
memory/3924-218-0x00007FF742B00000-0x00007FF742E54000-memory.dmp

Filesize
3.3MB

Download
memory/3924-2129-0x00007FF742B00000-0x00007FF742E54000-memory.dmp

Filesize
3.3MB

Download
memory/4012-2122-0x00007FF7CD840000-0x00007FF7CDB94000-memory.dmp

Filesize
3.3MB

Download
memory/4012-2099-0x00007FF7CD840000-0x00007FF7CDB94000-memory.dmp

Filesize
3.3MB

Download
memory/4012-141-0x00007FF7CD840000-0x00007FF7CDB94000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2113-0x00007FF7AADA0000-0x00007FF7AB0F4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-147-0x00007FF7AADA0000-0x00007FF7AB0F4000-memory.dmp

Filesize
3.3MB

Download
memory/4124-2120-0x00007FF637CE0000-0x00007FF638034000-memory.dmp

Filesize
3.3MB

Download
memory/4124-151-0x00007FF637CE0000-0x00007FF638034000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2097-0x00007FF64A960000-0x00007FF64ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-123-0x00007FF64A960000-0x00007FF64ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2121-0x00007FF64A960000-0x00007FF64ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2101-0x00007FF6951B0000-0x00007FF695504000-memory.dmp

Filesize
3.3MB

Download
memory/4540-14-0x00007FF6951B0000-0x00007FF695504000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2128-0x00007FF7B0190000-0x00007FF7B04E4000-memory.dmp

Filesize
3.3MB

Download
memory/4740-2100-0x00007FF7B0190000-0x00007FF7B04E4000-memory.dmp

Filesize
3.3MB

Download
memory/4740-148-0x00007FF7B0190000-0x00007FF7B04E4000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2102-0x00007FF60E2C0000-0x00007FF60E614000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2094-0x00007FF60E2C0000-0x00007FF60E614000-memory.dmp

Filesize
3.3MB

Download
memory/4820-23-0x00007FF60E2C0000-0x00007FF60E614000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2093-0x00007FF714100000-0x00007FF714454000-memory.dmp

Filesize
3.3MB

Download
memory/4980-122-0x00007FF714100000-0x00007FF714454000-memory.dmp

Filesize
3.3MB

Download
memory/4980-2119-0x00007FF714100000-0x00007FF714454000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2115-0x00007FF79EEA0000-0x00007FF79F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-2092-0x00007FF79EEA0000-0x00007FF79F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/5024-111-0x00007FF79EEA0000-0x00007FF79F1F4000-memory.dmp

Filesize
3.3MB

Download