xmrig | 669201a20e3ca8ba5320b70a8c4e3bf75e5305570fadfb1f0432598b212d074a

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
Size

2.0MB
MD5

500631428c2f106c6bd2289cda54c940
SHA1

47f235f9bda6201e63aa738460a21d078fc6d071
SHA256

669201a20e3ca8ba5320b70a8c4e3bf75e5305570fadfb1f0432598b212d074a
SHA512

8831e3a9c71a47f3e2ad6f485aaa58eb26fa3196586c9042a339b08d3f941992ce1c52af0dd3749b1d503768986c145f2d2cd139dbdc49f8c1176c4b80e6c605
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQUUvlhqLr2+W4/:BemTLkNdfE0pZrQo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

WerFaultSecure.exe

description pid process target process

PID 14856 created 1296 14856 WerFaultSecure.exe svchost.exe
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

description	pid	process	target process
PID 14856 created 1296	14856	WerFaultSecure.exe	svchost.exe

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/936-0-0x00007FF719DA0000-0x00007FF71A0F4000-memory.dmp	xmrig
C:\Windows\System\QjAjxDW.exe	xmrig
C:\Windows\System\ILMLdxz.exe	xmrig
C:\Windows\System\TnZeVjP.exe	xmrig
behavioral2/memory/1848-30-0x00007FF7F34B0000-0x00007FF7F3804000-memory.dmp	xmrig
C:\Windows\System\vYMqZOF.exe	xmrig
behavioral2/memory/2780-27-0x00007FF6924E0000-0x00007FF692834000-memory.dmp	xmrig
behavioral2/memory/3588-22-0x00007FF696E30000-0x00007FF697184000-memory.dmp	xmrig
behavioral2/memory/4452-21-0x00007FF7F9850000-0x00007FF7F9BA4000-memory.dmp	xmrig
C:\Windows\System\AfYuxGF.exe	xmrig
behavioral2/memory/3612-8-0x00007FF6D1860000-0x00007FF6D1BB4000-memory.dmp	xmrig
C:\Windows\System\ufNKaEk.exe	xmrig
behavioral2/memory/1508-41-0x00007FF7D5CF0000-0x00007FF7D6044000-memory.dmp	xmrig
C:\Windows\System\EnXUmVC.exe	xmrig
C:\Windows\System\tOoTSzB.exe	xmrig
C:\Windows\System\NmBfFmM.exe	xmrig
behavioral2/memory/1800-56-0x00007FF62F5D0000-0x00007FF62F924000-memory.dmp	xmrig
C:\Windows\System\VHCBGns.exe	xmrig
C:\Windows\System\EQnYChs.exe	xmrig
C:\Windows\System\EcXWZrW.exe	xmrig
C:\Windows\System\vICrpUY.exe	xmrig
behavioral2/memory/3832-94-0x00007FF69EB20000-0x00007FF69EE74000-memory.dmp	xmrig
behavioral2/memory/4144-102-0x00007FF678250000-0x00007FF6785A4000-memory.dmp	xmrig
behavioral2/memory/2324-103-0x00007FF7CE3F0000-0x00007FF7CE744000-memory.dmp	xmrig
C:\Windows\System\DoneqLK.exe	xmrig
C:\Windows\System\mdKwowR.exe	xmrig
C:\Windows\System\XYopDDk.exe	xmrig
C:\Windows\System\QJgUazg.exe	xmrig
behavioral2/memory/4396-638-0x00007FF669D70000-0x00007FF66A0C4000-memory.dmp	xmrig
behavioral2/memory/4588-639-0x00007FF6BD4C0000-0x00007FF6BD814000-memory.dmp	xmrig
behavioral2/memory/1748-640-0x00007FF7F3320000-0x00007FF7F3674000-memory.dmp	xmrig
behavioral2/memory/452-649-0x00007FF6882B0000-0x00007FF688604000-memory.dmp	xmrig
behavioral2/memory/1684-658-0x00007FF78B5C0000-0x00007FF78B914000-memory.dmp	xmrig
behavioral2/memory/4888-664-0x00007FF7E00F0000-0x00007FF7E0444000-memory.dmp	xmrig
behavioral2/memory/4628-681-0x00007FF6D80A0000-0x00007FF6D83F4000-memory.dmp	xmrig
behavioral2/memory/2944-677-0x00007FF7A7840000-0x00007FF7A7B94000-memory.dmp	xmrig
behavioral2/memory/3420-676-0x00007FF60BE80000-0x00007FF60C1D4000-memory.dmp	xmrig
behavioral2/memory/3200-672-0x00007FF76AD30000-0x00007FF76B084000-memory.dmp	xmrig
behavioral2/memory/2036-653-0x00007FF7D8050000-0x00007FF7D83A4000-memory.dmp	xmrig
C:\Windows\System\qqGjVEn.exe	xmrig
C:\Windows\System\VuvWZKa.exe	xmrig
C:\Windows\System\jyKEHzc.exe	xmrig
C:\Windows\System\bTwlcaQ.exe	xmrig
C:\Windows\System\rbMBuxC.exe	xmrig
C:\Windows\System\rFnglst.exe	xmrig
C:\Windows\System\lhvXHkm.exe	xmrig
C:\Windows\System\bSDtERP.exe	xmrig
C:\Windows\System\eWTJroh.exe	xmrig
C:\Windows\System\nyXoNnX.exe	xmrig
C:\Windows\System\pZKuvsc.exe	xmrig
behavioral2/memory/4708-104-0x00007FF7FE070000-0x00007FF7FE3C4000-memory.dmp	xmrig
C:\Windows\System\qTEzlae.exe	xmrig
behavioral2/memory/3628-97-0x00007FF6F36C0000-0x00007FF6F3A14000-memory.dmp	xmrig
C:\Windows\System\PfYshnk.exe	xmrig
behavioral2/memory/2284-89-0x00007FF776580000-0x00007FF7768D4000-memory.dmp	xmrig
behavioral2/memory/4256-82-0x00007FF735C00000-0x00007FF735F54000-memory.dmp	xmrig
C:\Windows\System\EpLTzFy.exe	xmrig
behavioral2/memory/3448-75-0x00007FF702860000-0x00007FF702BB4000-memory.dmp	xmrig
behavioral2/memory/2472-66-0x00007FF68ED80000-0x00007FF68F0D4000-memory.dmp	xmrig
C:\Windows\System\wpyPkBT.exe	xmrig
behavioral2/memory/3104-62-0x00007FF753030000-0x00007FF753384000-memory.dmp	xmrig
behavioral2/memory/4716-689-0x00007FF675790000-0x00007FF675AE4000-memory.dmp	xmrig
behavioral2/memory/936-1102-0x00007FF719DA0000-0x00007FF71A0F4000-memory.dmp	xmrig
behavioral2/memory/3612-1106-0x00007FF6D1860000-0x00007FF6D1BB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

AfYuxGF.exeQjAjxDW.exeILMLdxz.exevYMqZOF.exeTnZeVjP.exeNmBfFmM.exeufNKaEk.exeEnXUmVC.exetOoTSzB.exewpyPkBT.exeVHCBGns.exeEQnYChs.exeEpLTzFy.exePfYshnk.exeEcXWZrW.exeqTEzlae.exevICrpUY.exeDoneqLK.exepZKuvsc.exenyXoNnX.exeeWTJroh.exemdKwowR.exeXYopDDk.exebSDtERP.exelhvXHkm.exeQJgUazg.exerFnglst.exerbMBuxC.exebTwlcaQ.exejyKEHzc.exeVuvWZKa.exeqqGjVEn.exehgiBINw.exeFUqPxii.exeUZUiVKH.exeJWLsTCU.exeRygIOSS.exevlnakek.exeIGJbcWc.exeLYEXddi.exexdCnzhL.exenZgDXFM.exeWUaqaZe.exeDZOjlnQ.exeRnlcMli.exeTjGsFjo.exebHFZjCI.exeXwmVCIF.exeloIgbiX.exeuXOrepJ.execfPDvZY.exefUraCjj.exedONdfYj.execTdJInt.exeKHFvLTR.exegablnEK.exelLLVIZD.exePEMBDOD.exegpSCwAF.exeFmCsNbY.exeygKyYpr.exewTyJltp.exelLSywrs.exekPUkOKx.exe

pid	process
3612	AfYuxGF.exe
4452	QjAjxDW.exe
3588	ILMLdxz.exe
2780	vYMqZOF.exe
1848	TnZeVjP.exe
1508	NmBfFmM.exe
1800	ufNKaEk.exe
2472	EnXUmVC.exe
3104	tOoTSzB.exe
3448	wpyPkBT.exe
4256	VHCBGns.exe
2284	EQnYChs.exe
3832	EpLTzFy.exe
2324	PfYshnk.exe
3628	EcXWZrW.exe
4708	qTEzlae.exe
4144	vICrpUY.exe
4396	DoneqLK.exe
4588	pZKuvsc.exe
1748	nyXoNnX.exe
452	eWTJroh.exe
2036	mdKwowR.exe
1684	XYopDDk.exe
4888	bSDtERP.exe
3200	lhvXHkm.exe
3420	QJgUazg.exe
2944	rFnglst.exe
4628	rbMBuxC.exe
4716	bTwlcaQ.exe
4244	jyKEHzc.exe
848	VuvWZKa.exe
944	qqGjVEn.exe
3740	hgiBINw.exe
5016	FUqPxii.exe
2828	UZUiVKH.exe
1616	JWLsTCU.exe
1276	RygIOSS.exe
2996	vlnakek.exe
1368	IGJbcWc.exe
3696	LYEXddi.exe
1592	xdCnzhL.exe
2152	nZgDXFM.exe
4552	WUaqaZe.exe
2832	DZOjlnQ.exe
3976	RnlcMli.exe
4344	TjGsFjo.exe
1908	bHFZjCI.exe
3308	XwmVCIF.exe
2296	loIgbiX.exe
3336	uXOrepJ.exe
1288	cfPDvZY.exe
2364	fUraCjj.exe
2104	dONdfYj.exe
1620	cTdJInt.exe
2556	KHFvLTR.exe
1872	gablnEK.exe
3532	lLLVIZD.exe
4656	PEMBDOD.exe
4536	gpSCwAF.exe
3724	FmCsNbY.exe
4220	ygKyYpr.exe
1484	wTyJltp.exe
3592	lLSywrs.exe
3032	kPUkOKx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/936-0-0x00007FF719DA0000-0x00007FF71A0F4000-memory.dmp	upx
C:\Windows\System\QjAjxDW.exe	upx
C:\Windows\System\ILMLdxz.exe	upx
C:\Windows\System\TnZeVjP.exe	upx
behavioral2/memory/1848-30-0x00007FF7F34B0000-0x00007FF7F3804000-memory.dmp	upx
C:\Windows\System\vYMqZOF.exe	upx
behavioral2/memory/2780-27-0x00007FF6924E0000-0x00007FF692834000-memory.dmp	upx
behavioral2/memory/3588-22-0x00007FF696E30000-0x00007FF697184000-memory.dmp	upx
behavioral2/memory/4452-21-0x00007FF7F9850000-0x00007FF7F9BA4000-memory.dmp	upx
C:\Windows\System\AfYuxGF.exe	upx
behavioral2/memory/3612-8-0x00007FF6D1860000-0x00007FF6D1BB4000-memory.dmp	upx
C:\Windows\System\ufNKaEk.exe	upx
behavioral2/memory/1508-41-0x00007FF7D5CF0000-0x00007FF7D6044000-memory.dmp	upx
C:\Windows\System\EnXUmVC.exe	upx
C:\Windows\System\tOoTSzB.exe	upx
C:\Windows\System\NmBfFmM.exe	upx
behavioral2/memory/1800-56-0x00007FF62F5D0000-0x00007FF62F924000-memory.dmp	upx
C:\Windows\System\VHCBGns.exe	upx
C:\Windows\System\EQnYChs.exe	upx
C:\Windows\System\EcXWZrW.exe	upx
C:\Windows\System\vICrpUY.exe	upx
behavioral2/memory/3832-94-0x00007FF69EB20000-0x00007FF69EE74000-memory.dmp	upx
behavioral2/memory/4144-102-0x00007FF678250000-0x00007FF6785A4000-memory.dmp	upx
behavioral2/memory/2324-103-0x00007FF7CE3F0000-0x00007FF7CE744000-memory.dmp	upx
C:\Windows\System\DoneqLK.exe	upx
C:\Windows\System\mdKwowR.exe	upx
C:\Windows\System\XYopDDk.exe	upx
C:\Windows\System\QJgUazg.exe	upx
behavioral2/memory/4396-638-0x00007FF669D70000-0x00007FF66A0C4000-memory.dmp	upx
behavioral2/memory/4588-639-0x00007FF6BD4C0000-0x00007FF6BD814000-memory.dmp	upx
behavioral2/memory/1748-640-0x00007FF7F3320000-0x00007FF7F3674000-memory.dmp	upx
behavioral2/memory/452-649-0x00007FF6882B0000-0x00007FF688604000-memory.dmp	upx
behavioral2/memory/1684-658-0x00007FF78B5C0000-0x00007FF78B914000-memory.dmp	upx
behavioral2/memory/4888-664-0x00007FF7E00F0000-0x00007FF7E0444000-memory.dmp	upx
behavioral2/memory/4628-681-0x00007FF6D80A0000-0x00007FF6D83F4000-memory.dmp	upx
behavioral2/memory/2944-677-0x00007FF7A7840000-0x00007FF7A7B94000-memory.dmp	upx
behavioral2/memory/3420-676-0x00007FF60BE80000-0x00007FF60C1D4000-memory.dmp	upx
behavioral2/memory/3200-672-0x00007FF76AD30000-0x00007FF76B084000-memory.dmp	upx
behavioral2/memory/2036-653-0x00007FF7D8050000-0x00007FF7D83A4000-memory.dmp	upx
C:\Windows\System\qqGjVEn.exe	upx
C:\Windows\System\VuvWZKa.exe	upx
C:\Windows\System\jyKEHzc.exe	upx
C:\Windows\System\bTwlcaQ.exe	upx
C:\Windows\System\rbMBuxC.exe	upx
C:\Windows\System\rFnglst.exe	upx
C:\Windows\System\lhvXHkm.exe	upx
C:\Windows\System\bSDtERP.exe	upx
C:\Windows\System\eWTJroh.exe	upx
C:\Windows\System\nyXoNnX.exe	upx
C:\Windows\System\pZKuvsc.exe	upx
behavioral2/memory/4708-104-0x00007FF7FE070000-0x00007FF7FE3C4000-memory.dmp	upx
C:\Windows\System\qTEzlae.exe	upx
behavioral2/memory/3628-97-0x00007FF6F36C0000-0x00007FF6F3A14000-memory.dmp	upx
C:\Windows\System\PfYshnk.exe	upx
behavioral2/memory/2284-89-0x00007FF776580000-0x00007FF7768D4000-memory.dmp	upx
behavioral2/memory/4256-82-0x00007FF735C00000-0x00007FF735F54000-memory.dmp	upx
C:\Windows\System\EpLTzFy.exe	upx
behavioral2/memory/3448-75-0x00007FF702860000-0x00007FF702BB4000-memory.dmp	upx
behavioral2/memory/2472-66-0x00007FF68ED80000-0x00007FF68F0D4000-memory.dmp	upx
C:\Windows\System\wpyPkBT.exe	upx
behavioral2/memory/3104-62-0x00007FF753030000-0x00007FF753384000-memory.dmp	upx
behavioral2/memory/4716-689-0x00007FF675790000-0x00007FF675AE4000-memory.dmp	upx
behavioral2/memory/936-1102-0x00007FF719DA0000-0x00007FF71A0F4000-memory.dmp	upx
behavioral2/memory/3612-1106-0x00007FF6D1860000-0x00007FF6D1BB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\RYSnyTx.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\xxuzRIE.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\LDRUOPJ.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\cTjhtbN.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\UYoRGRA.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\pPnlXRr.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\ngxusPX.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\bgBIeEk.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\ZyLKTmy.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\sAbcqNg.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\rFnglst.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\DcFkZkl.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\svJqWTX.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\dghdbVT.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\Hapeffb.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\ktdsOzM.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\yxQhTHi.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\DgilzjK.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\XYopDDk.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\CeTLUeS.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\NqjdQMH.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\mLVmxSo.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\dhXAAdf.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\EfadMDT.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\nRQAjhU.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\ECKRoOn.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\GCZaCvI.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\usjwHcz.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\jCknndA.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\HapupSN.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\lvCRTEW.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\QczMbnD.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\FWugMcR.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\dqisEmm.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\TbgDhHw.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\RJEfMpT.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\kHnQKWv.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\xEDRqtt.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\prKjQVV.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\yHxppzM.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\tZBWlbp.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\AxEUZkn.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\GOKODQH.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\pwFQmWp.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\OVkYsEr.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\fRqqLlh.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\xXFkRRM.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\SiCgzKi.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\DkyEqXw.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\tNcvuOF.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\LKkgLEA.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\MHvHkIo.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\bSDtERP.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\XkSqpXv.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\mCPNpNw.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\yAJbVuP.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\EuWbWqq.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\rWRFNZn.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\cTdJInt.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\FVopJpd.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\wBTjnis.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\WdWgdDA.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\zEqgWaG.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
File created	C:\Windows\System\WGKZpDH.exe	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WerFaultSecure.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

WerFaultSecure.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

WerFaultSecure.exe

pid process

15052 WerFaultSecure.exe
15052 WerFaultSecure.exe

pid	process
15052	WerFaultSecure.exe
15052	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe

description	pid	process	target process
PID 936 wrote to memory of 3612	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	AfYuxGF.exe
PID 936 wrote to memory of 3612	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	AfYuxGF.exe
PID 936 wrote to memory of 4452	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	QjAjxDW.exe
PID 936 wrote to memory of 4452	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	QjAjxDW.exe
PID 936 wrote to memory of 3588	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	ILMLdxz.exe
PID 936 wrote to memory of 3588	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	ILMLdxz.exe
PID 936 wrote to memory of 2780	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	vYMqZOF.exe
PID 936 wrote to memory of 2780	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	vYMqZOF.exe
PID 936 wrote to memory of 1848	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	TnZeVjP.exe
PID 936 wrote to memory of 1848	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	TnZeVjP.exe
PID 936 wrote to memory of 1508	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	NmBfFmM.exe
PID 936 wrote to memory of 1508	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	NmBfFmM.exe
PID 936 wrote to memory of 1800	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	ufNKaEk.exe
PID 936 wrote to memory of 1800	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	ufNKaEk.exe
PID 936 wrote to memory of 2472	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	EnXUmVC.exe
PID 936 wrote to memory of 2472	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	EnXUmVC.exe
PID 936 wrote to memory of 3104	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	tOoTSzB.exe
PID 936 wrote to memory of 3104	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	tOoTSzB.exe
PID 936 wrote to memory of 3448	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	wpyPkBT.exe
PID 936 wrote to memory of 3448	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	wpyPkBT.exe
PID 936 wrote to memory of 4256	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	VHCBGns.exe
PID 936 wrote to memory of 4256	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	VHCBGns.exe
PID 936 wrote to memory of 2284	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	EQnYChs.exe
PID 936 wrote to memory of 2284	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	EQnYChs.exe
PID 936 wrote to memory of 3832	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	EpLTzFy.exe
PID 936 wrote to memory of 3832	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	EpLTzFy.exe
PID 936 wrote to memory of 2324	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	PfYshnk.exe
PID 936 wrote to memory of 2324	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	PfYshnk.exe
PID 936 wrote to memory of 3628	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	EcXWZrW.exe
PID 936 wrote to memory of 3628	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	EcXWZrW.exe
PID 936 wrote to memory of 4708	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	qTEzlae.exe
PID 936 wrote to memory of 4708	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	qTEzlae.exe
PID 936 wrote to memory of 4144	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	vICrpUY.exe
PID 936 wrote to memory of 4144	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	vICrpUY.exe
PID 936 wrote to memory of 4396	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	DoneqLK.exe
PID 936 wrote to memory of 4396	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	DoneqLK.exe
PID 936 wrote to memory of 4588	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	pZKuvsc.exe
PID 936 wrote to memory of 4588	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	pZKuvsc.exe
PID 936 wrote to memory of 1748	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	nyXoNnX.exe
PID 936 wrote to memory of 1748	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	nyXoNnX.exe
PID 936 wrote to memory of 452	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	eWTJroh.exe
PID 936 wrote to memory of 452	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	eWTJroh.exe
PID 936 wrote to memory of 2036	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	mdKwowR.exe
PID 936 wrote to memory of 2036	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	mdKwowR.exe
PID 936 wrote to memory of 1684	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	XYopDDk.exe
PID 936 wrote to memory of 1684	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	XYopDDk.exe
PID 936 wrote to memory of 4888	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	bSDtERP.exe
PID 936 wrote to memory of 4888	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	bSDtERP.exe
PID 936 wrote to memory of 3200	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	lhvXHkm.exe
PID 936 wrote to memory of 3200	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	lhvXHkm.exe
PID 936 wrote to memory of 3420	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	QJgUazg.exe
PID 936 wrote to memory of 3420	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	QJgUazg.exe
PID 936 wrote to memory of 2944	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	rFnglst.exe
PID 936 wrote to memory of 2944	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	rFnglst.exe
PID 936 wrote to memory of 4628	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	rbMBuxC.exe
PID 936 wrote to memory of 4628	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	rbMBuxC.exe
PID 936 wrote to memory of 4716	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	bTwlcaQ.exe
PID 936 wrote to memory of 4716	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	bTwlcaQ.exe
PID 936 wrote to memory of 4244	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	jyKEHzc.exe
PID 936 wrote to memory of 4244	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	jyKEHzc.exe
PID 936 wrote to memory of 848	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	VuvWZKa.exe
PID 936 wrote to memory of 848	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	VuvWZKa.exe
PID 936 wrote to memory of 944	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	qqGjVEn.exe
PID 936 wrote to memory of 944	936	500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe	qqGjVEn.exe

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:1296

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 1296 -s 604
2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:15052

C:\Users\Admin\AppData\Local\Temp\500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\500631428c2f106c6bd2289cda54c940_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:936

C:\Windows\System\AfYuxGF.exe
C:\Windows\System\AfYuxGF.exe
2⤵
- Executes dropped EXE
PID:3612

C:\Windows\System\QjAjxDW.exe
C:\Windows\System\QjAjxDW.exe
2⤵
- Executes dropped EXE
PID:4452

C:\Windows\System\ILMLdxz.exe
C:\Windows\System\ILMLdxz.exe
2⤵
- Executes dropped EXE
PID:3588

C:\Windows\System\vYMqZOF.exe
C:\Windows\System\vYMqZOF.exe
2⤵
- Executes dropped EXE
PID:2780

C:\Windows\System\TnZeVjP.exe
C:\Windows\System\TnZeVjP.exe
2⤵
- Executes dropped EXE
PID:1848

C:\Windows\System\NmBfFmM.exe
C:\Windows\System\NmBfFmM.exe
2⤵
- Executes dropped EXE
PID:1508

C:\Windows\System\ufNKaEk.exe
C:\Windows\System\ufNKaEk.exe
2⤵
- Executes dropped EXE
PID:1800

C:\Windows\System\EnXUmVC.exe
C:\Windows\System\EnXUmVC.exe
2⤵
- Executes dropped EXE
PID:2472

C:\Windows\System\tOoTSzB.exe
C:\Windows\System\tOoTSzB.exe
2⤵
- Executes dropped EXE
PID:3104

C:\Windows\System\wpyPkBT.exe
C:\Windows\System\wpyPkBT.exe
2⤵
- Executes dropped EXE
PID:3448

C:\Windows\System\VHCBGns.exe
C:\Windows\System\VHCBGns.exe
2⤵
- Executes dropped EXE
PID:4256

C:\Windows\System\EQnYChs.exe
C:\Windows\System\EQnYChs.exe
2⤵
- Executes dropped EXE
PID:2284

C:\Windows\System\EpLTzFy.exe
C:\Windows\System\EpLTzFy.exe
2⤵
- Executes dropped EXE
PID:3832

C:\Windows\System\PfYshnk.exe
C:\Windows\System\PfYshnk.exe
2⤵
- Executes dropped EXE
PID:2324

C:\Windows\System\EcXWZrW.exe
C:\Windows\System\EcXWZrW.exe
2⤵
- Executes dropped EXE
PID:3628

C:\Windows\System\qTEzlae.exe
C:\Windows\System\qTEzlae.exe
2⤵
- Executes dropped EXE
PID:4708

C:\Windows\System\vICrpUY.exe
C:\Windows\System\vICrpUY.exe
2⤵
- Executes dropped EXE
PID:4144

C:\Windows\System\DoneqLK.exe
C:\Windows\System\DoneqLK.exe
2⤵
- Executes dropped EXE
PID:4396

C:\Windows\System\pZKuvsc.exe
C:\Windows\System\pZKuvsc.exe
2⤵
- Executes dropped EXE
PID:4588

C:\Windows\System\nyXoNnX.exe
C:\Windows\System\nyXoNnX.exe
2⤵
- Executes dropped EXE
PID:1748

C:\Windows\System\eWTJroh.exe
C:\Windows\System\eWTJroh.exe
2⤵
- Executes dropped EXE
PID:452

C:\Windows\System\mdKwowR.exe
C:\Windows\System\mdKwowR.exe
2⤵
- Executes dropped EXE
PID:2036

C:\Windows\System\XYopDDk.exe
C:\Windows\System\XYopDDk.exe
2⤵
- Executes dropped EXE
PID:1684

C:\Windows\System\bSDtERP.exe
C:\Windows\System\bSDtERP.exe
2⤵
- Executes dropped EXE
PID:4888

C:\Windows\System\lhvXHkm.exe
C:\Windows\System\lhvXHkm.exe
2⤵
- Executes dropped EXE
PID:3200

C:\Windows\System\QJgUazg.exe
C:\Windows\System\QJgUazg.exe
2⤵
- Executes dropped EXE
PID:3420

C:\Windows\System\rFnglst.exe
C:\Windows\System\rFnglst.exe
2⤵
- Executes dropped EXE
PID:2944

C:\Windows\System\rbMBuxC.exe
C:\Windows\System\rbMBuxC.exe
2⤵
- Executes dropped EXE
PID:4628

C:\Windows\System\bTwlcaQ.exe
C:\Windows\System\bTwlcaQ.exe
2⤵
- Executes dropped EXE
PID:4716

C:\Windows\System\jyKEHzc.exe
C:\Windows\System\jyKEHzc.exe
2⤵
- Executes dropped EXE
PID:4244

C:\Windows\System\VuvWZKa.exe
C:\Windows\System\VuvWZKa.exe
2⤵
- Executes dropped EXE
PID:848

C:\Windows\System\qqGjVEn.exe
C:\Windows\System\qqGjVEn.exe
2⤵
- Executes dropped EXE
PID:944

C:\Windows\System\hgiBINw.exe
C:\Windows\System\hgiBINw.exe
2⤵
- Executes dropped EXE
PID:3740

C:\Windows\System\FUqPxii.exe
C:\Windows\System\FUqPxii.exe
2⤵
- Executes dropped EXE
PID:5016

C:\Windows\System\UZUiVKH.exe
C:\Windows\System\UZUiVKH.exe
2⤵
- Executes dropped EXE
PID:2828

C:\Windows\System\JWLsTCU.exe
C:\Windows\System\JWLsTCU.exe
2⤵
- Executes dropped EXE
PID:1616

C:\Windows\System\RygIOSS.exe
C:\Windows\System\RygIOSS.exe
2⤵
- Executes dropped EXE
PID:1276

C:\Windows\System\vlnakek.exe
C:\Windows\System\vlnakek.exe
2⤵
- Executes dropped EXE
PID:2996

C:\Windows\System\IGJbcWc.exe
C:\Windows\System\IGJbcWc.exe
2⤵
- Executes dropped EXE
PID:1368

C:\Windows\System\LYEXddi.exe
C:\Windows\System\LYEXddi.exe
2⤵
- Executes dropped EXE
PID:3696

C:\Windows\System\xdCnzhL.exe
C:\Windows\System\xdCnzhL.exe
2⤵
- Executes dropped EXE
PID:1592

C:\Windows\System\nZgDXFM.exe
C:\Windows\System\nZgDXFM.exe
2⤵
- Executes dropped EXE
PID:2152

C:\Windows\System\WUaqaZe.exe
C:\Windows\System\WUaqaZe.exe
2⤵
- Executes dropped EXE
PID:4552

C:\Windows\System\DZOjlnQ.exe
C:\Windows\System\DZOjlnQ.exe
2⤵
- Executes dropped EXE
PID:2832

C:\Windows\System\RnlcMli.exe
C:\Windows\System\RnlcMli.exe
2⤵
- Executes dropped EXE
PID:3976

C:\Windows\System\TjGsFjo.exe
C:\Windows\System\TjGsFjo.exe
2⤵
- Executes dropped EXE
PID:4344

C:\Windows\System\bHFZjCI.exe
C:\Windows\System\bHFZjCI.exe
2⤵
- Executes dropped EXE
PID:1908

C:\Windows\System\XwmVCIF.exe
C:\Windows\System\XwmVCIF.exe
2⤵
- Executes dropped EXE
PID:3308

C:\Windows\System\loIgbiX.exe
C:\Windows\System\loIgbiX.exe
2⤵
- Executes dropped EXE
PID:2296

C:\Windows\System\uXOrepJ.exe
C:\Windows\System\uXOrepJ.exe
2⤵
- Executes dropped EXE
PID:3336

C:\Windows\System\cfPDvZY.exe
C:\Windows\System\cfPDvZY.exe
2⤵
- Executes dropped EXE
PID:1288

C:\Windows\System\fUraCjj.exe
C:\Windows\System\fUraCjj.exe
2⤵
- Executes dropped EXE
PID:2364

C:\Windows\System\dONdfYj.exe
C:\Windows\System\dONdfYj.exe
2⤵
- Executes dropped EXE
PID:2104

C:\Windows\System\cTdJInt.exe
C:\Windows\System\cTdJInt.exe
2⤵
- Executes dropped EXE
PID:1620

C:\Windows\System\KHFvLTR.exe
C:\Windows\System\KHFvLTR.exe
2⤵
- Executes dropped EXE
PID:2556

C:\Windows\System\gablnEK.exe
C:\Windows\System\gablnEK.exe
2⤵
- Executes dropped EXE
PID:1872

C:\Windows\System\lLLVIZD.exe
C:\Windows\System\lLLVIZD.exe
2⤵
- Executes dropped EXE
PID:3532

C:\Windows\System\PEMBDOD.exe
C:\Windows\System\PEMBDOD.exe
2⤵
- Executes dropped EXE
PID:4656

C:\Windows\System\gpSCwAF.exe
C:\Windows\System\gpSCwAF.exe
2⤵
- Executes dropped EXE
PID:4536

C:\Windows\System\FmCsNbY.exe
C:\Windows\System\FmCsNbY.exe
2⤵
- Executes dropped EXE
PID:3724

C:\Windows\System\ygKyYpr.exe
C:\Windows\System\ygKyYpr.exe
2⤵
- Executes dropped EXE
PID:4220

C:\Windows\System\wTyJltp.exe
C:\Windows\System\wTyJltp.exe
2⤵
- Executes dropped EXE
PID:1484

C:\Windows\System\lLSywrs.exe
C:\Windows\System\lLSywrs.exe
2⤵
- Executes dropped EXE
PID:3592

C:\Windows\System\kPUkOKx.exe
C:\Windows\System\kPUkOKx.exe
2⤵
- Executes dropped EXE
PID:3032

C:\Windows\System\AeFSETH.exe
C:\Windows\System\AeFSETH.exe
2⤵
PID:5112

C:\Windows\System\DcFkZkl.exe
C:\Windows\System\DcFkZkl.exe
2⤵
PID:2312

C:\Windows\System\hGsOoBn.exe
C:\Windows\System\hGsOoBn.exe
2⤵
PID:3100

C:\Windows\System\caXMiVE.exe
C:\Windows\System\caXMiVE.exe
2⤵
PID:3836

C:\Windows\System\TyfSYLM.exe
C:\Windows\System\TyfSYLM.exe
2⤵
PID:3756

C:\Windows\System\bDwWfhW.exe
C:\Windows\System\bDwWfhW.exe
2⤵
PID:468

C:\Windows\System\LgDkFVQ.exe
C:\Windows\System\LgDkFVQ.exe
2⤵
PID:3004

C:\Windows\System\FiLaqWP.exe
C:\Windows\System\FiLaqWP.exe
2⤵
PID:2380

C:\Windows\System\FcPIaXH.exe
C:\Windows\System\FcPIaXH.exe
2⤵
PID:3900

C:\Windows\System\MgUKeRW.exe
C:\Windows\System\MgUKeRW.exe
2⤵
PID:2012

C:\Windows\System\zSCElsL.exe
C:\Windows\System\zSCElsL.exe
2⤵
PID:2044

C:\Windows\System\YuuDnDo.exe
C:\Windows\System\YuuDnDo.exe
2⤵
PID:556

C:\Windows\System\vfkSbXa.exe
C:\Windows\System\vfkSbXa.exe
2⤵
PID:4196

C:\Windows\System\qygquXN.exe
C:\Windows\System\qygquXN.exe
2⤵
PID:228

C:\Windows\System\mZQuLJF.exe
C:\Windows\System\mZQuLJF.exe
2⤵
PID:3752

C:\Windows\System\FQWfARN.exe
C:\Windows\System\FQWfARN.exe
2⤵
PID:2276

C:\Windows\System\vbeNakM.exe
C:\Windows\System\vbeNakM.exe
2⤵
PID:688

C:\Windows\System\rwHOfMq.exe
C:\Windows\System\rwHOfMq.exe
2⤵
PID:4504

C:\Windows\System\CtSqXWu.exe
C:\Windows\System\CtSqXWu.exe
2⤵
PID:5132

C:\Windows\System\WZzbqXe.exe
C:\Windows\System\WZzbqXe.exe
2⤵
PID:5160

C:\Windows\System\SUubCHF.exe
C:\Windows\System\SUubCHF.exe
2⤵
PID:5188

C:\Windows\System\yFYdrzk.exe
C:\Windows\System\yFYdrzk.exe
2⤵
PID:5216

C:\Windows\System\URmGVhb.exe
C:\Windows\System\URmGVhb.exe
2⤵
PID:5248

C:\Windows\System\qAYiYCt.exe
C:\Windows\System\qAYiYCt.exe
2⤵
PID:5276

C:\Windows\System\iLtGhMj.exe
C:\Windows\System\iLtGhMj.exe
2⤵
PID:5304

C:\Windows\System\SMkmdMh.exe
C:\Windows\System\SMkmdMh.exe
2⤵
PID:5332

C:\Windows\System\OZyLKhR.exe
C:\Windows\System\OZyLKhR.exe
2⤵
PID:5348

C:\Windows\System\vNMcCEA.exe
C:\Windows\System\vNMcCEA.exe
2⤵
PID:5376

C:\Windows\System\XhHuMdA.exe
C:\Windows\System\XhHuMdA.exe
2⤵
PID:5404

C:\Windows\System\PdvhzIV.exe
C:\Windows\System\PdvhzIV.exe
2⤵
PID:5432

C:\Windows\System\OWjgsLy.exe
C:\Windows\System\OWjgsLy.exe
2⤵
PID:5460

C:\Windows\System\BhxNkeF.exe
C:\Windows\System\BhxNkeF.exe
2⤵
PID:5488

C:\Windows\System\WfPYVzb.exe
C:\Windows\System\WfPYVzb.exe
2⤵
PID:5516

C:\Windows\System\FaBDXJw.exe
C:\Windows\System\FaBDXJw.exe
2⤵
PID:5544

C:\Windows\System\utpxdUe.exe
C:\Windows\System\utpxdUe.exe
2⤵
PID:5572

C:\Windows\System\GjOVdiJ.exe
C:\Windows\System\GjOVdiJ.exe
2⤵
PID:5600

C:\Windows\System\wgmJZxR.exe
C:\Windows\System\wgmJZxR.exe
2⤵
PID:5628

C:\Windows\System\JnMrPyE.exe
C:\Windows\System\JnMrPyE.exe
2⤵
PID:5656

C:\Windows\System\nkBtGCI.exe
C:\Windows\System\nkBtGCI.exe
2⤵
PID:5684

C:\Windows\System\dYFFAEm.exe
C:\Windows\System\dYFFAEm.exe
2⤵
PID:5712

C:\Windows\System\MVbPGvh.exe
C:\Windows\System\MVbPGvh.exe
2⤵
PID:5740

C:\Windows\System\uLWQtJk.exe
C:\Windows\System\uLWQtJk.exe
2⤵
PID:5768

C:\Windows\System\riyfKJS.exe
C:\Windows\System\riyfKJS.exe
2⤵
PID:5796

C:\Windows\System\pAXDNln.exe
C:\Windows\System\pAXDNln.exe
2⤵
PID:5824

C:\Windows\System\RmYmCdN.exe
C:\Windows\System\RmYmCdN.exe
2⤵
PID:5852

C:\Windows\System\dwRbdbt.exe
C:\Windows\System\dwRbdbt.exe
2⤵
PID:5880

C:\Windows\System\hoOXFVt.exe
C:\Windows\System\hoOXFVt.exe
2⤵
PID:5908

C:\Windows\System\dPHvezY.exe
C:\Windows\System\dPHvezY.exe
2⤵
PID:5936

C:\Windows\System\FioVkHE.exe
C:\Windows\System\FioVkHE.exe
2⤵
PID:5964

C:\Windows\System\bMOGgMs.exe
C:\Windows\System\bMOGgMs.exe
2⤵
PID:5992

C:\Windows\System\ewgGFhV.exe
C:\Windows\System\ewgGFhV.exe
2⤵
PID:6020

C:\Windows\System\FKPDIfQ.exe
C:\Windows\System\FKPDIfQ.exe
2⤵
PID:6048

C:\Windows\System\YCEgZOY.exe
C:\Windows\System\YCEgZOY.exe
2⤵
PID:6076

C:\Windows\System\UHwlZbL.exe
C:\Windows\System\UHwlZbL.exe
2⤵
PID:6104

C:\Windows\System\xiCAkvP.exe
C:\Windows\System\xiCAkvP.exe
2⤵
PID:6132

C:\Windows\System\oxqJdbH.exe
C:\Windows\System\oxqJdbH.exe
2⤵
PID:3580

C:\Windows\System\DzcodAs.exe
C:\Windows\System\DzcodAs.exe
2⤵
PID:4364

C:\Windows\System\wuBRpfw.exe
C:\Windows\System\wuBRpfw.exe
2⤵
PID:420

C:\Windows\System\vvkyoum.exe
C:\Windows\System\vvkyoum.exe
2⤵
PID:4916

C:\Windows\System\PqMzsda.exe
C:\Windows\System\PqMzsda.exe
2⤵
PID:2748

C:\Windows\System\PSirahC.exe
C:\Windows\System\PSirahC.exe
2⤵
PID:5148

C:\Windows\System\qHduQlR.exe
C:\Windows\System\qHduQlR.exe
2⤵
PID:5208

C:\Windows\System\xjLCEVW.exe
C:\Windows\System\xjLCEVW.exe
2⤵
PID:5272

C:\Windows\System\eZmnAAQ.exe
C:\Windows\System\eZmnAAQ.exe
2⤵
PID:5340

C:\Windows\System\BmrnKeT.exe
C:\Windows\System\BmrnKeT.exe
2⤵
PID:5396

C:\Windows\System\MyeshlS.exe
C:\Windows\System\MyeshlS.exe
2⤵
PID:5452

C:\Windows\System\MrrgGlY.exe
C:\Windows\System\MrrgGlY.exe
2⤵
PID:5528

C:\Windows\System\SziXlln.exe
C:\Windows\System\SziXlln.exe
2⤵
PID:5584

C:\Windows\System\JnJRIaf.exe
C:\Windows\System\JnJRIaf.exe
2⤵
PID:5644

C:\Windows\System\wENCver.exe
C:\Windows\System\wENCver.exe
2⤵
PID:5704

C:\Windows\System\ghFeWkD.exe
C:\Windows\System\ghFeWkD.exe
2⤵
PID:5004

C:\Windows\System\EuWbWqq.exe
C:\Windows\System\EuWbWqq.exe
2⤵
PID:5836

C:\Windows\System\JWeNIMw.exe
C:\Windows\System\JWeNIMw.exe
2⤵
PID:5896

C:\Windows\System\ZxRwYFu.exe
C:\Windows\System\ZxRwYFu.exe
2⤵
PID:5956

C:\Windows\System\KfxyEMn.exe
C:\Windows\System\KfxyEMn.exe
2⤵
PID:6032

C:\Windows\System\oPezWvX.exe
C:\Windows\System\oPezWvX.exe
2⤵
PID:6092

C:\Windows\System\oDRwDiH.exe
C:\Windows\System\oDRwDiH.exe
2⤵
PID:1792

C:\Windows\System\SwNteiK.exe
C:\Windows\System\SwNteiK.exe
2⤵
PID:3412

C:\Windows\System\gSamKhf.exe
C:\Windows\System\gSamKhf.exe
2⤵
PID:1420

C:\Windows\System\qqHFYcZ.exe
C:\Windows\System\qqHFYcZ.exe
2⤵
PID:5236

C:\Windows\System\fFbERWK.exe
C:\Windows\System\fFbERWK.exe
2⤵
PID:5364

C:\Windows\System\SFlxjtX.exe
C:\Windows\System\SFlxjtX.exe
2⤵
PID:5500

C:\Windows\System\NTJlbMR.exe
C:\Windows\System\NTJlbMR.exe
2⤵
PID:5672

C:\Windows\System\InMGYol.exe
C:\Windows\System\InMGYol.exe
2⤵
PID:5788

C:\Windows\System\gEYgFVv.exe
C:\Windows\System\gEYgFVv.exe
2⤵
PID:5928

C:\Windows\System\XZYvprw.exe
C:\Windows\System\XZYvprw.exe
2⤵
PID:6064

C:\Windows\System\dKRMYZB.exe
C:\Windows\System\dKRMYZB.exe
2⤵
PID:4496

C:\Windows\System\uwRadOA.exe
C:\Windows\System\uwRadOA.exe
2⤵
PID:6164

C:\Windows\System\KocepBE.exe
C:\Windows\System\KocepBE.exe
2⤵
PID:6192

C:\Windows\System\OVkYsEr.exe
C:\Windows\System\OVkYsEr.exe
2⤵
PID:6220

C:\Windows\System\sdwsSeC.exe
C:\Windows\System\sdwsSeC.exe
2⤵
PID:6248

C:\Windows\System\vVYHPxG.exe
C:\Windows\System\vVYHPxG.exe
2⤵
PID:6276

C:\Windows\System\tcRGoHR.exe
C:\Windows\System\tcRGoHR.exe
2⤵
PID:6304

C:\Windows\System\TbgDhHw.exe
C:\Windows\System\TbgDhHw.exe
2⤵
PID:6332

C:\Windows\System\PxNahyS.exe
C:\Windows\System\PxNahyS.exe
2⤵
PID:6360

C:\Windows\System\nmbJLvE.exe
C:\Windows\System\nmbJLvE.exe
2⤵
PID:6388

C:\Windows\System\fnNLbCZ.exe
C:\Windows\System\fnNLbCZ.exe
2⤵
PID:6416

C:\Windows\System\LJcyawf.exe
C:\Windows\System\LJcyawf.exe
2⤵
PID:6444

C:\Windows\System\HapupSN.exe
C:\Windows\System\HapupSN.exe
2⤵
PID:6472

C:\Windows\System\TIqyBDV.exe
C:\Windows\System\TIqyBDV.exe
2⤵
PID:6500

C:\Windows\System\BkrlRAk.exe
C:\Windows\System\BkrlRAk.exe
2⤵
PID:6528

C:\Windows\System\qLlasQv.exe
C:\Windows\System\qLlasQv.exe
2⤵
PID:6556

C:\Windows\System\pvHgWwn.exe
C:\Windows\System\pvHgWwn.exe
2⤵
PID:6584

C:\Windows\System\FZtJuGz.exe
C:\Windows\System\FZtJuGz.exe
2⤵
PID:6612

C:\Windows\System\GZkQDrC.exe
C:\Windows\System\GZkQDrC.exe
2⤵
PID:6640

C:\Windows\System\XqTnDgB.exe
C:\Windows\System\XqTnDgB.exe
2⤵
PID:6668

C:\Windows\System\VVISNtv.exe
C:\Windows\System\VVISNtv.exe
2⤵
PID:6696

C:\Windows\System\cjSgPwS.exe
C:\Windows\System\cjSgPwS.exe
2⤵
PID:6724

C:\Windows\System\rfSnoNo.exe
C:\Windows\System\rfSnoNo.exe
2⤵
PID:6752

C:\Windows\System\GwkxgEt.exe
C:\Windows\System\GwkxgEt.exe
2⤵
PID:6776

C:\Windows\System\jAZRWdc.exe
C:\Windows\System\jAZRWdc.exe
2⤵
PID:6808

C:\Windows\System\FgcDGxB.exe
C:\Windows\System\FgcDGxB.exe
2⤵
PID:6836

C:\Windows\System\tIunoik.exe
C:\Windows\System\tIunoik.exe
2⤵
PID:6868

C:\Windows\System\jDOHOuz.exe
C:\Windows\System\jDOHOuz.exe
2⤵
PID:6892

C:\Windows\System\aPAwPUD.exe
C:\Windows\System\aPAwPUD.exe
2⤵
PID:6920

C:\Windows\System\rQQsses.exe
C:\Windows\System\rQQsses.exe
2⤵
PID:6948

C:\Windows\System\qllawkX.exe
C:\Windows\System\qllawkX.exe
2⤵
PID:6976

C:\Windows\System\lHlpMMj.exe
C:\Windows\System\lHlpMMj.exe
2⤵
PID:7004

C:\Windows\System\bsbiqWF.exe
C:\Windows\System\bsbiqWF.exe
2⤵
PID:7032

C:\Windows\System\FBAcnZA.exe
C:\Windows\System\FBAcnZA.exe
2⤵
PID:7060

C:\Windows\System\SmqlNsf.exe
C:\Windows\System\SmqlNsf.exe
2⤵
PID:7088

C:\Windows\System\biwgljL.exe
C:\Windows\System\biwgljL.exe
2⤵
PID:7116

C:\Windows\System\ITVRFis.exe
C:\Windows\System\ITVRFis.exe
2⤵
PID:5296

C:\Windows\System\uswaVNX.exe
C:\Windows\System\uswaVNX.exe
2⤵
PID:5560

C:\Windows\System\eHieMWK.exe
C:\Windows\System\eHieMWK.exe
2⤵
PID:5732

C:\Windows\System\gDYgaqc.exe
C:\Windows\System\gDYgaqc.exe
2⤵
PID:6148

C:\Windows\System\CWFbiJH.exe
C:\Windows\System\CWFbiJH.exe
2⤵
PID:6184

C:\Windows\System\DgbsHdg.exe
C:\Windows\System\DgbsHdg.exe
2⤵
PID:6240

C:\Windows\System\mJCFRif.exe
C:\Windows\System\mJCFRif.exe
2⤵
PID:4332

C:\Windows\System\PmWelGH.exe
C:\Windows\System\PmWelGH.exe
2⤵
PID:6352

C:\Windows\System\OJYZwRF.exe
C:\Windows\System\OJYZwRF.exe
2⤵
PID:6488

C:\Windows\System\bwvGSHV.exe
C:\Windows\System\bwvGSHV.exe
2⤵
PID:6568

C:\Windows\System\JiFCkZf.exe
C:\Windows\System\JiFCkZf.exe
2⤵
PID:6624

C:\Windows\System\eVHeCIb.exe
C:\Windows\System\eVHeCIb.exe
2⤵
PID:6684

C:\Windows\System\cpJZKti.exe
C:\Windows\System\cpJZKti.exe
2⤵
PID:4128

C:\Windows\System\pAIXXuV.exe
C:\Windows\System\pAIXXuV.exe
2⤵
PID:6932

C:\Windows\System\ezieoKd.exe
C:\Windows\System\ezieoKd.exe
2⤵
PID:6960

C:\Windows\System\ZnuRqok.exe
C:\Windows\System\ZnuRqok.exe
2⤵
PID:520

C:\Windows\System\fFTqYso.exe
C:\Windows\System\fFTqYso.exe
2⤵
PID:7044

C:\Windows\System\sgAYbZV.exe
C:\Windows\System\sgAYbZV.exe
2⤵
PID:2948

C:\Windows\System\PJIQTgJ.exe
C:\Windows\System\PJIQTgJ.exe
2⤵
PID:7100

C:\Windows\System\mqPoQdi.exe
C:\Windows\System\mqPoQdi.exe
2⤵
PID:220

C:\Windows\System\abVDYGw.exe
C:\Windows\System\abVDYGw.exe
2⤵
PID:2980

C:\Windows\System\CeTLUeS.exe
C:\Windows\System\CeTLUeS.exe
2⤵
PID:64

C:\Windows\System\Hntwqmg.exe
C:\Windows\System\Hntwqmg.exe
2⤵
PID:7132

C:\Windows\System\fRqqLlh.exe
C:\Windows\System\fRqqLlh.exe
2⤵
PID:6208

C:\Windows\System\prKjQVV.exe
C:\Windows\System\prKjQVV.exe
2⤵
PID:6268

C:\Windows\System\fdmpJgK.exe
C:\Windows\System\fdmpJgK.exe
2⤵
PID:6544

C:\Windows\System\ZBNPsff.exe
C:\Windows\System\ZBNPsff.exe
2⤵
PID:6660

C:\Windows\System\zJtKZRW.exe
C:\Windows\System\zJtKZRW.exe
2⤵
PID:5176

C:\Windows\System\hiFmmCW.exe
C:\Windows\System\hiFmmCW.exe
2⤵
PID:6484

C:\Windows\System\hdpMpqU.exe
C:\Windows\System\hdpMpqU.exe
2⤵
PID:4852

C:\Windows\System\yyFvEcD.exe
C:\Windows\System\yyFvEcD.exe
2⤵
PID:4268

C:\Windows\System\scgoLEl.exe
C:\Windows\System\scgoLEl.exe
2⤵
PID:7072

C:\Windows\System\wABMrjZ.exe
C:\Windows\System\wABMrjZ.exe
2⤵
PID:4996

C:\Windows\System\jyWDjfu.exe
C:\Windows\System\jyWDjfu.exe
2⤵
PID:2824

C:\Windows\System\iJCZtRY.exe
C:\Windows\System\iJCZtRY.exe
2⤵
PID:636

C:\Windows\System\qseyCjz.exe
C:\Windows\System\qseyCjz.exe
2⤵
PID:1988

C:\Windows\System\QdPxkHd.exe
C:\Windows\System\QdPxkHd.exe
2⤵
PID:6464

C:\Windows\System\PYMYhgd.exe
C:\Windows\System\PYMYhgd.exe
2⤵
PID:6828

C:\Windows\System\cixPIUa.exe
C:\Windows\System\cixPIUa.exe
2⤵
PID:1448

C:\Windows\System\vWJUoTX.exe
C:\Windows\System\vWJUoTX.exe
2⤵
PID:5752

C:\Windows\System\JGNairN.exe
C:\Windows\System\JGNairN.exe
2⤵
PID:6652

C:\Windows\System\ZhHUACF.exe
C:\Windows\System\ZhHUACF.exe
2⤵
PID:6264

C:\Windows\System\ACLIZTA.exe
C:\Windows\System\ACLIZTA.exe
2⤵
PID:7184

C:\Windows\System\kwLYYnp.exe
C:\Windows\System\kwLYYnp.exe
2⤵
PID:7216

C:\Windows\System\YNxPFAs.exe
C:\Windows\System\YNxPFAs.exe
2⤵
PID:7240

C:\Windows\System\bzVINAh.exe
C:\Windows\System\bzVINAh.exe
2⤵
PID:7280

C:\Windows\System\gcjOetW.exe
C:\Windows\System\gcjOetW.exe
2⤵
PID:7308

C:\Windows\System\NEOVZzH.exe
C:\Windows\System\NEOVZzH.exe
2⤵
PID:7328

C:\Windows\System\ySCDxMl.exe
C:\Windows\System\ySCDxMl.exe
2⤵
PID:7364

C:\Windows\System\SFjZDQP.exe
C:\Windows\System\SFjZDQP.exe
2⤵
PID:7392

C:\Windows\System\rFveSVp.exe
C:\Windows\System\rFveSVp.exe
2⤵
PID:7420

C:\Windows\System\wTdVJWF.exe
C:\Windows\System\wTdVJWF.exe
2⤵
PID:7436

C:\Windows\System\JNdgJDX.exe
C:\Windows\System\JNdgJDX.exe
2⤵
PID:7476

C:\Windows\System\rnflSvP.exe
C:\Windows\System\rnflSvP.exe
2⤵
PID:7492

C:\Windows\System\pmJNiaH.exe
C:\Windows\System\pmJNiaH.exe
2⤵
PID:7520

C:\Windows\System\xXFkRRM.exe
C:\Windows\System\xXFkRRM.exe
2⤵
PID:7560

C:\Windows\System\cTjhtbN.exe
C:\Windows\System\cTjhtbN.exe
2⤵
PID:7588

C:\Windows\System\SefWdyD.exe
C:\Windows\System\SefWdyD.exe
2⤵
PID:7616

C:\Windows\System\ZxmfrGW.exe
C:\Windows\System\ZxmfrGW.exe
2⤵
PID:7644

C:\Windows\System\ySuKFqH.exe
C:\Windows\System\ySuKFqH.exe
2⤵
PID:7672

C:\Windows\System\SiCgzKi.exe
C:\Windows\System\SiCgzKi.exe
2⤵
PID:7700

C:\Windows\System\xneGqmT.exe
C:\Windows\System\xneGqmT.exe
2⤵
PID:7728

C:\Windows\System\kiVaGWS.exe
C:\Windows\System\kiVaGWS.exe
2⤵
PID:7756

C:\Windows\System\FkvFwHO.exe
C:\Windows\System\FkvFwHO.exe
2⤵
PID:7784

C:\Windows\System\XkSqpXv.exe
C:\Windows\System\XkSqpXv.exe
2⤵
PID:7804

C:\Windows\System\MDACrGT.exe
C:\Windows\System\MDACrGT.exe
2⤵
PID:7836

C:\Windows\System\ohhoShr.exe
C:\Windows\System\ohhoShr.exe
2⤵
PID:7876

C:\Windows\System\OLBHxhW.exe
C:\Windows\System\OLBHxhW.exe
2⤵
PID:7904

C:\Windows\System\XxkgbmH.exe
C:\Windows\System\XxkgbmH.exe
2⤵
PID:7932

C:\Windows\System\WNsdyaQ.exe
C:\Windows\System\WNsdyaQ.exe
2⤵
PID:7960

C:\Windows\System\AYGTLwu.exe
C:\Windows\System\AYGTLwu.exe
2⤵
PID:7984

C:\Windows\System\sElLyqK.exe
C:\Windows\System\sElLyqK.exe
2⤵
PID:8016

C:\Windows\System\NNSgGUs.exe
C:\Windows\System\NNSgGUs.exe
2⤵
PID:8044

C:\Windows\System\dkRquXx.exe
C:\Windows\System\dkRquXx.exe
2⤵
PID:8060

C:\Windows\System\nGwfkTE.exe
C:\Windows\System\nGwfkTE.exe
2⤵
PID:8092

C:\Windows\System\ohtzuYb.exe
C:\Windows\System\ohtzuYb.exe
2⤵
PID:8128

C:\Windows\System\JNyFXTn.exe
C:\Windows\System\JNyFXTn.exe
2⤵
PID:8144

C:\Windows\System\srtpryW.exe
C:\Windows\System\srtpryW.exe
2⤵
PID:8172

C:\Windows\System\aAAsCfg.exe
C:\Windows\System\aAAsCfg.exe
2⤵
PID:6456

C:\Windows\System\zXFEcXX.exe
C:\Windows\System\zXFEcXX.exe
2⤵
PID:7232

C:\Windows\System\TlIxMfH.exe
C:\Windows\System\TlIxMfH.exe
2⤵
PID:7260

C:\Windows\System\JYXmXJK.exe
C:\Windows\System\JYXmXJK.exe
2⤵
PID:7316

C:\Windows\System\MwLbsOU.exe
C:\Windows\System\MwLbsOU.exe
2⤵
PID:7388

C:\Windows\System\SnOogXF.exe
C:\Windows\System\SnOogXF.exe
2⤵
PID:1548

C:\Windows\System\cTZFwpc.exe
C:\Windows\System\cTZFwpc.exe
2⤵
PID:7516

C:\Windows\System\LDCOMwQ.exe
C:\Windows\System\LDCOMwQ.exe
2⤵
PID:7608

C:\Windows\System\IJZFpfx.exe
C:\Windows\System\IJZFpfx.exe
2⤵
PID:3416

C:\Windows\System\CSHdwpY.exe
C:\Windows\System\CSHdwpY.exe
2⤵
PID:7724

C:\Windows\System\dYbvAKX.exe
C:\Windows\System\dYbvAKX.exe
2⤵
PID:7796

C:\Windows\System\BCJqYVv.exe
C:\Windows\System\BCJqYVv.exe
2⤵
PID:7892

C:\Windows\System\boJxPQL.exe
C:\Windows\System\boJxPQL.exe
2⤵
PID:7948

C:\Windows\System\sIbtXQz.exe
C:\Windows\System\sIbtXQz.exe
2⤵
PID:7968

C:\Windows\System\CdWtSJz.exe
C:\Windows\System\CdWtSJz.exe
2⤵
PID:8056

C:\Windows\System\mAfxSlx.exe
C:\Windows\System\mAfxSlx.exe
2⤵
PID:8120

C:\Windows\System\LnrgcFJ.exe
C:\Windows\System\LnrgcFJ.exe
2⤵
PID:8156

C:\Windows\System\JdGvOsV.exe
C:\Windows\System\JdGvOsV.exe
2⤵
PID:7176

C:\Windows\System\qoBmAbp.exe
C:\Windows\System\qoBmAbp.exe
2⤵
PID:7416

C:\Windows\System\AeFsVLq.exe
C:\Windows\System\AeFsVLq.exe
2⤵
PID:7512

C:\Windows\System\IYLrBjo.exe
C:\Windows\System\IYLrBjo.exe
2⤵
PID:7692

C:\Windows\System\fCKNgNB.exe
C:\Windows\System\fCKNgNB.exe
2⤵
PID:7824

C:\Windows\System\NILBuFP.exe
C:\Windows\System\NILBuFP.exe
2⤵
PID:7924

C:\Windows\System\gsEiUNe.exe
C:\Windows\System\gsEiUNe.exe
2⤵
PID:8088

C:\Windows\System\JodAiGn.exe
C:\Windows\System\JodAiGn.exe
2⤵
PID:7340

C:\Windows\System\WYdcXBJ.exe
C:\Windows\System\WYdcXBJ.exe
2⤵
PID:7684

C:\Windows\System\GijxOsD.exe
C:\Windows\System\GijxOsD.exe
2⤵
PID:8052

C:\Windows\System\LFxSQeX.exe
C:\Windows\System\LFxSQeX.exe
2⤵
PID:7628

C:\Windows\System\FxyGxxu.exe
C:\Windows\System\FxyGxxu.exe
2⤵
PID:8136

C:\Windows\System\uAaoJki.exe
C:\Windows\System\uAaoJki.exe
2⤵
PID:7432

C:\Windows\System\XiwvpBi.exe
C:\Windows\System\XiwvpBi.exe
2⤵
PID:8220

C:\Windows\System\UEPKvJk.exe
C:\Windows\System\UEPKvJk.exe
2⤵
PID:8248

C:\Windows\System\DDbhzAV.exe
C:\Windows\System\DDbhzAV.exe
2⤵
PID:8288

C:\Windows\System\aKdZjKT.exe
C:\Windows\System\aKdZjKT.exe
2⤵
PID:8316

C:\Windows\System\kpaMFcj.exe
C:\Windows\System\kpaMFcj.exe
2⤵
PID:8344

C:\Windows\System\EnAWOLQ.exe
C:\Windows\System\EnAWOLQ.exe
2⤵
PID:8372

C:\Windows\System\dhXAAdf.exe
C:\Windows\System\dhXAAdf.exe
2⤵
PID:8400

C:\Windows\System\mKbdcjQ.exe
C:\Windows\System\mKbdcjQ.exe
2⤵
PID:8428

C:\Windows\System\DkyEqXw.exe
C:\Windows\System\DkyEqXw.exe
2⤵
PID:8456

C:\Windows\System\MXiaSNl.exe
C:\Windows\System\MXiaSNl.exe
2⤵
PID:8484

C:\Windows\System\GkhkuwF.exe
C:\Windows\System\GkhkuwF.exe
2⤵
PID:8504

C:\Windows\System\ZlIfHTF.exe
C:\Windows\System\ZlIfHTF.exe
2⤵
PID:8532

C:\Windows\System\cZWEImN.exe
C:\Windows\System\cZWEImN.exe
2⤵
PID:8572

C:\Windows\System\FXTIVEN.exe
C:\Windows\System\FXTIVEN.exe
2⤵
PID:8588

C:\Windows\System\HWOGyDz.exe
C:\Windows\System\HWOGyDz.exe
2⤵
PID:8620

C:\Windows\System\XpRXIuW.exe
C:\Windows\System\XpRXIuW.exe
2⤵
PID:8644

C:\Windows\System\RYSnyTx.exe
C:\Windows\System\RYSnyTx.exe
2⤵
PID:8672

C:\Windows\System\LzuClUS.exe
C:\Windows\System\LzuClUS.exe
2⤵
PID:8700

C:\Windows\System\nUVDmao.exe
C:\Windows\System\nUVDmao.exe
2⤵
PID:8728

C:\Windows\System\wLVtTHf.exe
C:\Windows\System\wLVtTHf.exe
2⤵
PID:8756

C:\Windows\System\svJqWTX.exe
C:\Windows\System\svJqWTX.exe
2⤵
PID:8796

C:\Windows\System\iNeDUMv.exe
C:\Windows\System\iNeDUMv.exe
2⤵
PID:8824

C:\Windows\System\IQbBxBt.exe
C:\Windows\System\IQbBxBt.exe
2⤵
PID:8852

C:\Windows\System\EyzyDqQ.exe
C:\Windows\System\EyzyDqQ.exe
2⤵
PID:8880

C:\Windows\System\tQsitdD.exe
C:\Windows\System\tQsitdD.exe
2⤵
PID:8904

C:\Windows\System\bcvMFer.exe
C:\Windows\System\bcvMFer.exe
2⤵
PID:8924

C:\Windows\System\BiXuebc.exe
C:\Windows\System\BiXuebc.exe
2⤵
PID:8952

C:\Windows\System\QnLveaO.exe
C:\Windows\System\QnLveaO.exe
2⤵
PID:8988

C:\Windows\System\POiOxLR.exe
C:\Windows\System\POiOxLR.exe
2⤵
PID:9008

C:\Windows\System\LFozrIu.exe
C:\Windows\System\LFozrIu.exe
2⤵
PID:9036

C:\Windows\System\zYPNMtG.exe
C:\Windows\System\zYPNMtG.exe
2⤵
PID:9072

C:\Windows\System\aFFNpyi.exe
C:\Windows\System\aFFNpyi.exe
2⤵
PID:9092

C:\Windows\System\eJQBjzk.exe
C:\Windows\System\eJQBjzk.exe
2⤵
PID:9124

C:\Windows\System\CsZCQxk.exe
C:\Windows\System\CsZCQxk.exe
2⤵
PID:9148

C:\Windows\System\jRWvetP.exe
C:\Windows\System\jRWvetP.exe
2⤵
PID:9188

C:\Windows\System\bdItCNz.exe
C:\Windows\System\bdItCNz.exe
2⤵
PID:8140

C:\Windows\System\hasLUOu.exe
C:\Windows\System\hasLUOu.exe
2⤵
PID:8264

C:\Windows\System\xAuoouu.exe
C:\Windows\System\xAuoouu.exe
2⤵
PID:8328

C:\Windows\System\DZEUEzp.exe
C:\Windows\System\DZEUEzp.exe
2⤵
PID:8360

C:\Windows\System\ioKYWCo.exe
C:\Windows\System\ioKYWCo.exe
2⤵
PID:8396

C:\Windows\System\fGDnKVn.exe
C:\Windows\System\fGDnKVn.exe
2⤵
PID:8448

C:\Windows\System\iCAhYpz.exe
C:\Windows\System\iCAhYpz.exe
2⤵
PID:8564

C:\Windows\System\YzBqSyo.exe
C:\Windows\System\YzBqSyo.exe
2⤵
PID:8608

C:\Windows\System\XkPAcVU.exe
C:\Windows\System\XkPAcVU.exe
2⤵
PID:8668

C:\Windows\System\KrXBtfN.exe
C:\Windows\System\KrXBtfN.exe
2⤵
PID:8716

C:\Windows\System\MoxGFXL.exe
C:\Windows\System\MoxGFXL.exe
2⤵
PID:8776

C:\Windows\System\UYoRGRA.exe
C:\Windows\System\UYoRGRA.exe
2⤵
PID:8840

C:\Windows\System\pPnlXRr.exe
C:\Windows\System\pPnlXRr.exe
2⤵
PID:9000

C:\Windows\System\bFJocRi.exe
C:\Windows\System\bFJocRi.exe
2⤵
PID:428

C:\Windows\System\dghdbVT.exe
C:\Windows\System\dghdbVT.exe
2⤵
PID:9084

C:\Windows\System\LTmmjDX.exe
C:\Windows\System\LTmmjDX.exe
2⤵
PID:9140

C:\Windows\System\nzPwygn.exe
C:\Windows\System\nzPwygn.exe
2⤵
PID:9184

C:\Windows\System\zSEUFbR.exe
C:\Windows\System\zSEUFbR.exe
2⤵
PID:8240

C:\Windows\System\Mqhhxpx.exe
C:\Windows\System\Mqhhxpx.exe
2⤵
PID:8384

C:\Windows\System\xxuzRIE.exe
C:\Windows\System\xxuzRIE.exe
2⤵
PID:8412

C:\Windows\System\TnewdQK.exe
C:\Windows\System\TnewdQK.exe
2⤵
PID:8792

C:\Windows\System\mCPNpNw.exe
C:\Windows\System\mCPNpNw.exe
2⤵
PID:8916

C:\Windows\System\gBHqjFl.exe
C:\Windows\System\gBHqjFl.exe
2⤵
PID:9032

C:\Windows\System\njTxDaW.exe
C:\Windows\System\njTxDaW.exe
2⤵
PID:9144

C:\Windows\System\yAJbVuP.exe
C:\Windows\System\yAJbVuP.exe
2⤵
PID:8712

C:\Windows\System\YMlmzJS.exe
C:\Windows\System\YMlmzJS.exe
2⤵
PID:9224

C:\Windows\System\FxFRncB.exe
C:\Windows\System\FxFRncB.exe
2⤵
PID:9244

C:\Windows\System\cCEmNTU.exe
C:\Windows\System\cCEmNTU.exe
2⤵
PID:9276

C:\Windows\System\ILbnJye.exe
C:\Windows\System\ILbnJye.exe
2⤵
PID:9300

C:\Windows\System\qMRMgPe.exe
C:\Windows\System\qMRMgPe.exe
2⤵
PID:9328

C:\Windows\System\KexiWuN.exe
C:\Windows\System\KexiWuN.exe
2⤵
PID:9344

C:\Windows\System\yuQYCRz.exe
C:\Windows\System\yuQYCRz.exe
2⤵
PID:9384

C:\Windows\System\prQAmgv.exe
C:\Windows\System\prQAmgv.exe
2⤵
PID:9412

C:\Windows\System\JFOalyw.exe
C:\Windows\System\JFOalyw.exe
2⤵
PID:9444

C:\Windows\System\jJedizY.exe
C:\Windows\System\jJedizY.exe
2⤵
PID:9468

C:\Windows\System\lvCRTEW.exe
C:\Windows\System\lvCRTEW.exe
2⤵
PID:9504

C:\Windows\System\BJiKelu.exe
C:\Windows\System\BJiKelu.exe
2⤵
PID:9536

C:\Windows\System\aYQlxEt.exe
C:\Windows\System\aYQlxEt.exe
2⤵
PID:9552

C:\Windows\System\epwmaWt.exe
C:\Windows\System\epwmaWt.exe
2⤵
PID:9584

C:\Windows\System\ydqHZkP.exe
C:\Windows\System\ydqHZkP.exe
2⤵
PID:9608

C:\Windows\System\bgBIeEk.exe
C:\Windows\System\bgBIeEk.exe
2⤵
PID:9624

C:\Windows\System\yJLWnRi.exe
C:\Windows\System\yJLWnRi.exe
2⤵
PID:9656

C:\Windows\System\QczMbnD.exe
C:\Windows\System\QczMbnD.exe
2⤵
PID:9704

C:\Windows\System\ahVcFcx.exe
C:\Windows\System\ahVcFcx.exe
2⤵
PID:9732

C:\Windows\System\EIpJtwA.exe
C:\Windows\System\EIpJtwA.exe
2⤵
PID:9760

C:\Windows\System\wBTjnis.exe
C:\Windows\System\wBTjnis.exe
2⤵
PID:9776

C:\Windows\System\TgGdwMD.exe
C:\Windows\System\TgGdwMD.exe
2⤵
PID:9804

C:\Windows\System\JvvKkLd.exe
C:\Windows\System\JvvKkLd.exe
2⤵
PID:9844

C:\Windows\System\ScGAyOJ.exe
C:\Windows\System\ScGAyOJ.exe
2⤵
PID:9872

C:\Windows\System\DwksTbA.exe
C:\Windows\System\DwksTbA.exe
2⤵
PID:9900

C:\Windows\System\pSspzFx.exe
C:\Windows\System\pSspzFx.exe
2⤵
PID:9928

C:\Windows\System\ZpIwbcl.exe
C:\Windows\System\ZpIwbcl.exe
2⤵
PID:9944

C:\Windows\System\uxfeHow.exe
C:\Windows\System\uxfeHow.exe
2⤵
PID:9964

C:\Windows\System\arltKGp.exe
C:\Windows\System\arltKGp.exe
2⤵
PID:9996

C:\Windows\System\CMSZcSy.exe
C:\Windows\System\CMSZcSy.exe
2⤵
PID:10032

C:\Windows\System\bppeIMR.exe
C:\Windows\System\bppeIMR.exe
2⤵
PID:10056

C:\Windows\System\BIgpfFD.exe
C:\Windows\System\BIgpfFD.exe
2⤵
PID:10096

C:\Windows\System\LJlDwJO.exe
C:\Windows\System\LJlDwJO.exe
2⤵
PID:10112

C:\Windows\System\hoEwbaJ.exe
C:\Windows\System\hoEwbaJ.exe
2⤵
PID:10152

C:\Windows\System\xYdDgPV.exe
C:\Windows\System\xYdDgPV.exe
2⤵
PID:10180

C:\Windows\System\AMLzmFb.exe
C:\Windows\System\AMLzmFb.exe
2⤵
PID:10208

C:\Windows\System\jUTacRD.exe
C:\Windows\System\jUTacRD.exe
2⤵
PID:10224

C:\Windows\System\prAhdwL.exe
C:\Windows\System\prAhdwL.exe
2⤵
PID:9292

C:\Windows\System\PRGeYIl.exe
C:\Windows\System\PRGeYIl.exe
2⤵
PID:9340

C:\Windows\System\hQVyBzk.exe
C:\Windows\System\hQVyBzk.exe
2⤵
PID:9400

C:\Windows\System\RJEfMpT.exe
C:\Windows\System\RJEfMpT.exe
2⤵
PID:9480

C:\Windows\System\SXLugpt.exe
C:\Windows\System\SXLugpt.exe
2⤵
PID:9524

C:\Windows\System\EwhABYy.exe
C:\Windows\System\EwhABYy.exe
2⤵
PID:9572

C:\Windows\System\ytUqKXl.exe
C:\Windows\System\ytUqKXl.exe
2⤵
PID:9568

C:\Windows\System\NeJyGPq.exe
C:\Windows\System\NeJyGPq.exe
2⤵
PID:9696

C:\Windows\System\kfuWMOU.exe
C:\Windows\System\kfuWMOU.exe
2⤵
PID:9768

C:\Windows\System\kHnQKWv.exe
C:\Windows\System\kHnQKWv.exe
2⤵
PID:9836

C:\Windows\System\uBuRBwG.exe
C:\Windows\System\uBuRBwG.exe
2⤵
PID:9924

C:\Windows\System\ZziyebU.exe
C:\Windows\System\ZziyebU.exe
2⤵
PID:9992

C:\Windows\System\ngGogPK.exe
C:\Windows\System\ngGogPK.exe
2⤵
PID:10024

C:\Windows\System\bWrYBef.exe
C:\Windows\System\bWrYBef.exe
2⤵
PID:10076

C:\Windows\System\qNPlpwT.exe
C:\Windows\System\qNPlpwT.exe
2⤵
PID:10236

C:\Windows\System\EEgsoLh.exe
C:\Windows\System\EEgsoLh.exe
2⤵
PID:1676

C:\Windows\System\iOivQjO.exe
C:\Windows\System\iOivQjO.exe
2⤵
PID:9320

C:\Windows\System\EfadMDT.exe
C:\Windows\System\EfadMDT.exe
2⤵
PID:9548

C:\Windows\System\IeQghLV.exe
C:\Windows\System\IeQghLV.exe
2⤵
PID:9652

C:\Windows\System\BNuEGOD.exe
C:\Windows\System\BNuEGOD.exe
2⤵
PID:9820

C:\Windows\System\BFvfnMv.exe
C:\Windows\System\BFvfnMv.exe
2⤵
PID:10012

C:\Windows\System\UetdCNi.exe
C:\Windows\System\UetdCNi.exe
2⤵
PID:960

C:\Windows\System\jzEMgZu.exe
C:\Windows\System\jzEMgZu.exe
2⤵
PID:9884

C:\Windows\System\YBtOvyw.exe
C:\Windows\System\YBtOvyw.exe
2⤵
PID:10128

C:\Windows\System\zFdxfZV.exe
C:\Windows\System\zFdxfZV.exe
2⤵
PID:8232

C:\Windows\System\kUOveYF.exe
C:\Windows\System\kUOveYF.exe
2⤵
PID:10260

C:\Windows\System\NqjdQMH.exe
C:\Windows\System\NqjdQMH.exe
2⤵
PID:10288

C:\Windows\System\VASucRB.exe
C:\Windows\System\VASucRB.exe
2⤵
PID:10328

C:\Windows\System\fxlUHbJ.exe
C:\Windows\System\fxlUHbJ.exe
2⤵
PID:10360

C:\Windows\System\GcJlOtk.exe
C:\Windows\System\GcJlOtk.exe
2⤵
PID:10392

C:\Windows\System\SfIojyN.exe
C:\Windows\System\SfIojyN.exe
2⤵
PID:10444

C:\Windows\System\ttbNIQV.exe
C:\Windows\System\ttbNIQV.exe
2⤵
PID:10488

C:\Windows\System\btqRRbz.exe
C:\Windows\System\btqRRbz.exe
2⤵
PID:10504

C:\Windows\System\ogzHonZ.exe
C:\Windows\System\ogzHonZ.exe
2⤵
PID:10544

C:\Windows\System\CJhuwWt.exe
C:\Windows\System\CJhuwWt.exe
2⤵
PID:10560

C:\Windows\System\MfJoNhd.exe
C:\Windows\System\MfJoNhd.exe
2⤵
PID:10580

C:\Windows\System\ieSENsr.exe
C:\Windows\System\ieSENsr.exe
2⤵
PID:10624

C:\Windows\System\kelcJre.exe
C:\Windows\System\kelcJre.exe
2⤵
PID:10648

C:\Windows\System\XcizJQD.exe
C:\Windows\System\XcizJQD.exe
2⤵
PID:10692

C:\Windows\System\QnbWqTl.exe
C:\Windows\System\QnbWqTl.exe
2⤵
PID:10732

C:\Windows\System\LkVFCDu.exe
C:\Windows\System\LkVFCDu.exe
2⤵
PID:10772

C:\Windows\System\PqwXFFD.exe
C:\Windows\System\PqwXFFD.exe
2⤵
PID:10824

C:\Windows\System\XZdNRRY.exe
C:\Windows\System\XZdNRRY.exe
2⤵
PID:10840

C:\Windows\System\HWYDVjQ.exe
C:\Windows\System\HWYDVjQ.exe
2⤵
PID:10868

C:\Windows\System\zEtnjUf.exe
C:\Windows\System\zEtnjUf.exe
2⤵
PID:10904

C:\Windows\System\wCXklsU.exe
C:\Windows\System\wCXklsU.exe
2⤵
PID:10928

C:\Windows\System\FWugMcR.exe
C:\Windows\System\FWugMcR.exe
2⤵
PID:10964

C:\Windows\System\sGpwXTi.exe
C:\Windows\System\sGpwXTi.exe
2⤵
PID:11000

C:\Windows\System\dfYGPRp.exe
C:\Windows\System\dfYGPRp.exe
2⤵
PID:11048

C:\Windows\System\ghRcspN.exe
C:\Windows\System\ghRcspN.exe
2⤵
PID:11068

C:\Windows\System\dWyFWFE.exe
C:\Windows\System\dWyFWFE.exe
2⤵
PID:11100

C:\Windows\System\ECKRoOn.exe
C:\Windows\System\ECKRoOn.exe
2⤵
PID:11116

C:\Windows\System\ojQvBbH.exe
C:\Windows\System\ojQvBbH.exe
2⤵
PID:11136

C:\Windows\System\pQQmKHh.exe
C:\Windows\System\pQQmKHh.exe
2⤵
PID:11164

C:\Windows\System\hLbjIsc.exe
C:\Windows\System\hLbjIsc.exe
2⤵
PID:11180

C:\Windows\System\AxEUZkn.exe
C:\Windows\System\AxEUZkn.exe
2⤵
PID:11224

C:\Windows\System\zycRfay.exe
C:\Windows\System\zycRfay.exe
2⤵
PID:11248

C:\Windows\System\cqNaMre.exe
C:\Windows\System\cqNaMre.exe
2⤵
PID:10248

C:\Windows\System\JOYuAAO.exe
C:\Windows\System\JOYuAAO.exe
2⤵
PID:10280

C:\Windows\System\ZKLuDzM.exe
C:\Windows\System\ZKLuDzM.exe
2⤵
PID:10440

C:\Windows\System\ngxusPX.exe
C:\Windows\System\ngxusPX.exe
2⤵
PID:10464

C:\Windows\System\eZtvpod.exe
C:\Windows\System\eZtvpod.exe
2⤵
PID:10568

C:\Windows\System\mLVmxSo.exe
C:\Windows\System\mLVmxSo.exe
2⤵
PID:10700

C:\Windows\System\RmoAgUq.exe
C:\Windows\System\RmoAgUq.exe
2⤵
PID:10752

C:\Windows\System\HcLsqmb.exe
C:\Windows\System\HcLsqmb.exe
2⤵
PID:10836

C:\Windows\System\oxfyJtC.exe
C:\Windows\System\oxfyJtC.exe
2⤵
PID:10948

C:\Windows\System\hFqlfhu.exe
C:\Windows\System\hFqlfhu.exe
2⤵
PID:10992

C:\Windows\System\bSqyUHl.exe
C:\Windows\System\bSqyUHl.exe
2⤵
PID:11064

C:\Windows\System\feNlOlU.exe
C:\Windows\System\feNlOlU.exe
2⤵
PID:11144

C:\Windows\System\wQJrFtp.exe
C:\Windows\System\wQJrFtp.exe
2⤵
PID:11192

C:\Windows\System\blPDZNq.exe
C:\Windows\System\blPDZNq.exe
2⤵
PID:11244

C:\Windows\System\PxpJEXD.exe
C:\Windows\System\PxpJEXD.exe
2⤵
PID:9264

C:\Windows\System\gFKucTF.exe
C:\Windows\System\gFKucTF.exe
2⤵
PID:10380

C:\Windows\System\VcZWLsa.exe
C:\Windows\System\VcZWLsa.exe
2⤵
PID:10684

C:\Windows\System\nqgYOjk.exe
C:\Windows\System\nqgYOjk.exe
2⤵
PID:10896

C:\Windows\System\LRUaOjJ.exe
C:\Windows\System\LRUaOjJ.exe
2⤵
PID:11156

C:\Windows\System\KxFSJBU.exe
C:\Windows\System\KxFSJBU.exe
2⤵
PID:2540

C:\Windows\System\cmsKMuS.exe
C:\Windows\System\cmsKMuS.exe
2⤵
PID:11124

C:\Windows\System\XnEyuYm.exe
C:\Windows\System\XnEyuYm.exe
2⤵
PID:232

C:\Windows\System\ySdpara.exe
C:\Windows\System\ySdpara.exe
2⤵
PID:11280

C:\Windows\System\NyDMlmL.exe
C:\Windows\System\NyDMlmL.exe
2⤵
PID:11296

C:\Windows\System\pXHsbVT.exe
C:\Windows\System\pXHsbVT.exe
2⤵
PID:11324

C:\Windows\System\qgPnBBY.exe
C:\Windows\System\qgPnBBY.exe
2⤵
PID:11360

C:\Windows\System\ZyLKTmy.exe
C:\Windows\System\ZyLKTmy.exe
2⤵
PID:11392

C:\Windows\System\egdZzJI.exe
C:\Windows\System\egdZzJI.exe
2⤵
PID:11408

C:\Windows\System\BWCLalJ.exe
C:\Windows\System\BWCLalJ.exe
2⤵
PID:11428

C:\Windows\System\HgXlloK.exe
C:\Windows\System\HgXlloK.exe
2⤵
PID:11456

C:\Windows\System\pKsYXZX.exe
C:\Windows\System\pKsYXZX.exe
2⤵
PID:11512

C:\Windows\System\bhquSRS.exe
C:\Windows\System\bhquSRS.exe
2⤵
PID:11540

C:\Windows\System\GOKODQH.exe
C:\Windows\System\GOKODQH.exe
2⤵
PID:11576

C:\Windows\System\dltVbAs.exe
C:\Windows\System\dltVbAs.exe
2⤵
PID:11608

C:\Windows\System\UeOEJxu.exe
C:\Windows\System\UeOEJxu.exe
2⤵
PID:11632

C:\Windows\System\xEDRqtt.exe
C:\Windows\System\xEDRqtt.exe
2⤵
PID:11668

C:\Windows\System\lkOaKWJ.exe
C:\Windows\System\lkOaKWJ.exe
2⤵
PID:11696

C:\Windows\System\cOXlnwk.exe
C:\Windows\System\cOXlnwk.exe
2⤵
PID:11728

C:\Windows\System\RJCfXST.exe
C:\Windows\System\RJCfXST.exe
2⤵
PID:11768

C:\Windows\System\WmGiAnh.exe
C:\Windows\System\WmGiAnh.exe
2⤵
PID:11800

C:\Windows\System\fBGcfzt.exe
C:\Windows\System\fBGcfzt.exe
2⤵
PID:11828

C:\Windows\System\aVxaHAj.exe
C:\Windows\System\aVxaHAj.exe
2⤵
PID:11856

C:\Windows\System\JCbsZvz.exe
C:\Windows\System\JCbsZvz.exe
2⤵
PID:11884

C:\Windows\System\ZPuHSrh.exe
C:\Windows\System\ZPuHSrh.exe
2⤵
PID:11912

C:\Windows\System\cHiewFH.exe
C:\Windows\System\cHiewFH.exe
2⤵
PID:11940

C:\Windows\System\xmDdqNr.exe
C:\Windows\System\xmDdqNr.exe
2⤵
PID:11968

C:\Windows\System\fCPoZLo.exe
C:\Windows\System\fCPoZLo.exe
2⤵
PID:11988

C:\Windows\System\GCZaCvI.exe
C:\Windows\System\GCZaCvI.exe
2⤵
PID:12012

C:\Windows\System\DCbIgcj.exe
C:\Windows\System\DCbIgcj.exe
2⤵
PID:12040

C:\Windows\System\pERrQmN.exe
C:\Windows\System\pERrQmN.exe
2⤵
PID:12080

C:\Windows\System\FREqUNf.exe
C:\Windows\System\FREqUNf.exe
2⤵
PID:12108

C:\Windows\System\SRwsuXv.exe
C:\Windows\System\SRwsuXv.exe
2⤵
PID:12124

C:\Windows\System\klQjMos.exe
C:\Windows\System\klQjMos.exe
2⤵
PID:12152

C:\Windows\System\asALaBp.exe
C:\Windows\System\asALaBp.exe
2⤵
PID:12180

C:\Windows\System\PiQxEtY.exe
C:\Windows\System\PiQxEtY.exe
2⤵
PID:12208

C:\Windows\System\GIqLapI.exe
C:\Windows\System\GIqLapI.exe
2⤵
PID:12236

C:\Windows\System\XOpIKaN.exe
C:\Windows\System\XOpIKaN.exe
2⤵
PID:12264

C:\Windows\System\zuNFWEE.exe
C:\Windows\System\zuNFWEE.exe
2⤵
PID:12280

C:\Windows\System\cmLRFti.exe
C:\Windows\System\cmLRFti.exe
2⤵
PID:11344

C:\Windows\System\LElGYew.exe
C:\Windows\System\LElGYew.exe
2⤵
PID:11420

C:\Windows\System\bErjsVD.exe
C:\Windows\System\bErjsVD.exe
2⤵
PID:11484

C:\Windows\System\vNYEcBj.exe
C:\Windows\System\vNYEcBj.exe
2⤵
PID:11536

C:\Windows\System\BGrsGIY.exe
C:\Windows\System\BGrsGIY.exe
2⤵
PID:11712

C:\Windows\System\mGhsHlb.exe
C:\Windows\System\mGhsHlb.exe
2⤵
PID:11708

C:\Windows\System\SsdDaHd.exe
C:\Windows\System\SsdDaHd.exe
2⤵
PID:2908

C:\Windows\System\vKbuNjJ.exe
C:\Windows\System\vKbuNjJ.exe
2⤵
PID:11840

C:\Windows\System\dYVwqtg.exe
C:\Windows\System\dYVwqtg.exe
2⤵
PID:11876

C:\Windows\System\FLwxAZk.exe
C:\Windows\System\FLwxAZk.exe
2⤵
PID:11980

C:\Windows\System\gEhelWz.exe
C:\Windows\System\gEhelWz.exe
2⤵
PID:12032

C:\Windows\System\AucGuIo.exe
C:\Windows\System\AucGuIo.exe
2⤵
PID:12104

C:\Windows\System\KxVWKhY.exe
C:\Windows\System\KxVWKhY.exe
2⤵
PID:12172

C:\Windows\System\biwsfEZ.exe
C:\Windows\System\biwsfEZ.exe
2⤵
PID:12220

C:\Windows\System\JtljnYy.exe
C:\Windows\System\JtljnYy.exe
2⤵
PID:11316

C:\Windows\System\sciSybl.exe
C:\Windows\System\sciSybl.exe
2⤵
PID:11444

C:\Windows\System\ncgrwVs.exe
C:\Windows\System\ncgrwVs.exe
2⤵
PID:11560

C:\Windows\System\kddJZfB.exe
C:\Windows\System\kddJZfB.exe
2⤵
PID:11760

C:\Windows\System\NCMcqhV.exe
C:\Windows\System\NCMcqhV.exe
2⤵
PID:11932

C:\Windows\System\DJGKhNJ.exe
C:\Windows\System\DJGKhNJ.exe
2⤵
PID:12068

C:\Windows\System\GjuhdIU.exe
C:\Windows\System\GjuhdIU.exe
2⤵
PID:12144

C:\Windows\System\WdWgdDA.exe
C:\Windows\System\WdWgdDA.exe
2⤵
PID:11508

C:\Windows\System\uoJRzYj.exe
C:\Windows\System\uoJRzYj.exe
2⤵
PID:11820

C:\Windows\System\SWNKHuw.exe
C:\Windows\System\SWNKHuw.exe
2⤵
PID:12100

C:\Windows\System\GZGxPrv.exe
C:\Windows\System\GZGxPrv.exe
2⤵
PID:11688

C:\Windows\System\FVopJpd.exe
C:\Windows\System\FVopJpd.exe
2⤵
PID:12168

C:\Windows\System\XXJyQyX.exe
C:\Windows\System\XXJyQyX.exe
2⤵
PID:12308

C:\Windows\System\hRjsgCv.exe
C:\Windows\System\hRjsgCv.exe
2⤵
PID:12336

C:\Windows\System\DZuarcD.exe
C:\Windows\System\DZuarcD.exe
2⤵
PID:12352

C:\Windows\System\fYOPeIQ.exe
C:\Windows\System\fYOPeIQ.exe
2⤵
PID:12380

C:\Windows\System\GWRcIgG.exe
C:\Windows\System\GWRcIgG.exe
2⤵
PID:12408

C:\Windows\System\DTuwwgF.exe
C:\Windows\System\DTuwwgF.exe
2⤵
PID:12424

C:\Windows\System\gVUzQQv.exe
C:\Windows\System\gVUzQQv.exe
2⤵
PID:12448

C:\Windows\System\LDRUOPJ.exe
C:\Windows\System\LDRUOPJ.exe
2⤵
PID:12468

C:\Windows\System\YTnObZN.exe
C:\Windows\System\YTnObZN.exe
2⤵
PID:12532

C:\Windows\System\MHvHkIo.exe
C:\Windows\System\MHvHkIo.exe
2⤵
PID:12560

C:\Windows\System\DEgWpme.exe
C:\Windows\System\DEgWpme.exe
2⤵
PID:12580

C:\Windows\System\hcnetAc.exe
C:\Windows\System\hcnetAc.exe
2⤵
PID:12604

C:\Windows\System\QHvBOdw.exe
C:\Windows\System\QHvBOdw.exe
2⤵
PID:12632

C:\Windows\System\ECasuJq.exe
C:\Windows\System\ECasuJq.exe
2⤵
PID:12656

C:\Windows\System\tpFeWMg.exe
C:\Windows\System\tpFeWMg.exe
2⤵
PID:12688

C:\Windows\System\PviqXUI.exe
C:\Windows\System\PviqXUI.exe
2⤵
PID:12708

C:\Windows\System\Hapeffb.exe
C:\Windows\System\Hapeffb.exe
2⤵
PID:12744

C:\Windows\System\iMTXlLJ.exe
C:\Windows\System\iMTXlLJ.exe
2⤵
PID:12764

C:\Windows\System\UxSxkdt.exe
C:\Windows\System\UxSxkdt.exe
2⤵
PID:12808

C:\Windows\System\zRBurnh.exe
C:\Windows\System\zRBurnh.exe
2⤵
PID:12860

C:\Windows\System\WrTpFdl.exe
C:\Windows\System\WrTpFdl.exe
2⤵
PID:12888

C:\Windows\System\rWRFNZn.exe
C:\Windows\System\rWRFNZn.exe
2⤵
PID:12908

C:\Windows\System\onhPpxP.exe
C:\Windows\System\onhPpxP.exe
2⤵
PID:12956

C:\Windows\System\cIkgZoi.exe
C:\Windows\System\cIkgZoi.exe
2⤵
PID:12988

C:\Windows\System\TafLDrG.exe
C:\Windows\System\TafLDrG.exe
2⤵
PID:13032

C:\Windows\System\QURQSIi.exe
C:\Windows\System\QURQSIi.exe
2⤵
PID:13048

C:\Windows\System\hURSXtG.exe
C:\Windows\System\hURSXtG.exe
2⤵
PID:13088

C:\Windows\System\XwlVHTU.exe
C:\Windows\System\XwlVHTU.exe
2⤵
PID:13116

C:\Windows\System\MqABMNa.exe
C:\Windows\System\MqABMNa.exe
2⤵
PID:13144

C:\Windows\System\mMvhrzX.exe
C:\Windows\System\mMvhrzX.exe
2⤵
PID:13160

C:\Windows\System\WtCwTqQ.exe
C:\Windows\System\WtCwTqQ.exe
2⤵
PID:13200

C:\Windows\System\NUMNWDy.exe
C:\Windows\System\NUMNWDy.exe
2⤵
PID:13256

C:\Windows\System\HJkNAcG.exe
C:\Windows\System\HJkNAcG.exe
2⤵
PID:13272

C:\Windows\System\bNjvFUh.exe
C:\Windows\System\bNjvFUh.exe
2⤵
PID:13300

C:\Windows\System\WGMGjCA.exe
C:\Windows\System\WGMGjCA.exe
2⤵
PID:12324

C:\Windows\System\IyDlddA.exe
C:\Windows\System\IyDlddA.exe
2⤵
PID:12396

C:\Windows\System\ywmAGQD.exe
C:\Windows\System\ywmAGQD.exe
2⤵
PID:12520

C:\Windows\System\PcHgFWJ.exe
C:\Windows\System\PcHgFWJ.exe
2⤵
PID:12572

C:\Windows\System\usjwHcz.exe
C:\Windows\System\usjwHcz.exe
2⤵
PID:12652

C:\Windows\System\qprtlvY.exe
C:\Windows\System\qprtlvY.exe
2⤵
PID:12724

C:\Windows\System\TGKCfnF.exe
C:\Windows\System\TGKCfnF.exe
2⤵
PID:12784

C:\Windows\System\OrnCnhB.exe
C:\Windows\System\OrnCnhB.exe
2⤵
PID:12904

C:\Windows\System\rccFViE.exe
C:\Windows\System\rccFViE.exe
2⤵
PID:12932

C:\Windows\System\kTlxyoe.exe
C:\Windows\System\kTlxyoe.exe
2⤵
PID:13008

C:\Windows\System\sAbcqNg.exe
C:\Windows\System\sAbcqNg.exe
2⤵
PID:13084

C:\Windows\System\zEqgWaG.exe
C:\Windows\System\zEqgWaG.exe
2⤵
PID:13140

C:\Windows\System\LUuxpas.exe
C:\Windows\System\LUuxpas.exe
2⤵
PID:13196

C:\Windows\System\XmTEuRh.exe
C:\Windows\System\XmTEuRh.exe
2⤵
PID:8808

C:\Windows\System\tNcvuOF.exe
C:\Windows\System\tNcvuOF.exe
2⤵
PID:3608

C:\Windows\System\mUxSVUv.exe
C:\Windows\System\mUxSVUv.exe
2⤵
PID:13284

C:\Windows\System\njcxWDd.exe
C:\Windows\System\njcxWDd.exe
2⤵
PID:12420

C:\Windows\System\FthcBeP.exe
C:\Windows\System\FthcBeP.exe
2⤵
PID:12644

C:\Windows\System\ewAMEEZ.exe
C:\Windows\System\ewAMEEZ.exe
2⤵
PID:12820

C:\Windows\System\AQZzRge.exe
C:\Windows\System\AQZzRge.exe
2⤵
PID:13044

C:\Windows\System\lMNvEOc.exe
C:\Windows\System\lMNvEOc.exe
2⤵
PID:13188

C:\Windows\System\VoxiPnm.exe
C:\Windows\System\VoxiPnm.exe
2⤵
PID:13228

C:\Windows\System\dNyknlS.exe
C:\Windows\System\dNyknlS.exe
2⤵
PID:1408

C:\Windows\System\wZHtInQ.exe
C:\Windows\System\wZHtInQ.exe
2⤵
PID:13224

C:\Windows\System\xtICbHw.exe
C:\Windows\System\xtICbHw.exe
2⤵
PID:12588

C:\Windows\System\yHxppzM.exe
C:\Windows\System\yHxppzM.exe
2⤵
PID:12976

C:\Windows\System\TQKYoCv.exe
C:\Windows\System\TQKYoCv.exe
2⤵
PID:4952

C:\Windows\System\cvdHYcZ.exe
C:\Windows\System\cvdHYcZ.exe
2⤵
PID:12392

C:\Windows\System\MyqmUiq.exe
C:\Windows\System\MyqmUiq.exe
2⤵
PID:12320

C:\Windows\System\pwFQmWp.exe
C:\Windows\System\pwFQmWp.exe
2⤵
PID:13332

C:\Windows\System\cOBNYOx.exe
C:\Windows\System\cOBNYOx.exe
2⤵
PID:13348

C:\Windows\System\SanGRuk.exe
C:\Windows\System\SanGRuk.exe
2⤵
PID:13388

C:\Windows\System\dHRspDr.exe
C:\Windows\System\dHRspDr.exe
2⤵
PID:13412

C:\Windows\System\mblVflr.exe
C:\Windows\System\mblVflr.exe
2⤵
PID:13432

C:\Windows\System\nRQAjhU.exe
C:\Windows\System\nRQAjhU.exe
2⤵
PID:13468

C:\Windows\System\GDAwsCP.exe
C:\Windows\System\GDAwsCP.exe
2⤵
PID:13488

C:\Windows\System\lBDTBzg.exe
C:\Windows\System\lBDTBzg.exe
2⤵
PID:13520

C:\Windows\System\ktdsOzM.exe
C:\Windows\System\ktdsOzM.exe
2⤵
PID:13544

C:\Windows\System\FKvBAxf.exe
C:\Windows\System\FKvBAxf.exe
2⤵
PID:13572

C:\Windows\System\BHcBxyq.exe
C:\Windows\System\BHcBxyq.exe
2⤵
PID:13588

C:\Windows\System\VpeFFob.exe
C:\Windows\System\VpeFFob.exe
2⤵
PID:13604

C:\Windows\System\mQqZxvb.exe
C:\Windows\System\mQqZxvb.exe
2⤵
PID:13632

C:\Windows\System\CwtBvQU.exe
C:\Windows\System\CwtBvQU.exe
2⤵
PID:13656

C:\Windows\System\BYGRVVp.exe
C:\Windows\System\BYGRVVp.exe
2⤵
PID:13716

C:\Windows\System\VGPtHjg.exe
C:\Windows\System\VGPtHjg.exe
2⤵
PID:13748

C:\Windows\System\lSCjSsG.exe
C:\Windows\System\lSCjSsG.exe
2⤵
PID:13780

C:\Windows\System\yxQhTHi.exe
C:\Windows\System\yxQhTHi.exe
2⤵
PID:13804

C:\Windows\System\laEtFoi.exe
C:\Windows\System\laEtFoi.exe
2⤵
PID:13824

C:\Windows\System\UZfZTzu.exe
C:\Windows\System\UZfZTzu.exe
2⤵
PID:13864

C:\Windows\System\WuXNvyW.exe
C:\Windows\System\WuXNvyW.exe
2⤵
PID:13892

C:\Windows\System\SEQSlUr.exe
C:\Windows\System\SEQSlUr.exe
2⤵
PID:13916

C:\Windows\System\LFLnMqQ.exe
C:\Windows\System\LFLnMqQ.exe
2⤵
PID:13936

C:\Windows\System\xaJYdGn.exe
C:\Windows\System\xaJYdGn.exe
2⤵
PID:13976

C:\Windows\System\XMbMqui.exe
C:\Windows\System\XMbMqui.exe
2⤵
PID:14004

C:\Windows\System\LWPGCxx.exe
C:\Windows\System\LWPGCxx.exe
2⤵
PID:14024

C:\Windows\System\LxoTAQI.exe
C:\Windows\System\LxoTAQI.exe
2⤵
PID:14048

C:\Windows\System\QGnlSFA.exe
C:\Windows\System\QGnlSFA.exe
2⤵
PID:14076

C:\Windows\System\ulrULHo.exe
C:\Windows\System\ulrULHo.exe
2⤵
PID:14096

C:\Windows\System\RuFbrTP.exe
C:\Windows\System\RuFbrTP.exe
2⤵
PID:14144

C:\Windows\System\kWhJWbb.exe
C:\Windows\System\kWhJWbb.exe
2⤵
PID:14164

C:\Windows\System\ZAMoTbV.exe
C:\Windows\System\ZAMoTbV.exe
2⤵
PID:14204

C:\Windows\System\IIWaJho.exe
C:\Windows\System\IIWaJho.exe
2⤵
PID:14232

C:\Windows\System\LyTFzTk.exe
C:\Windows\System\LyTFzTk.exe
2⤵
PID:14252

C:\Windows\System\VeDkDor.exe
C:\Windows\System\VeDkDor.exe
2⤵
PID:14276

C:\Windows\System\WGKZpDH.exe
C:\Windows\System\WGKZpDH.exe
2⤵
PID:14296

C:\Windows\System\lKvvIkF.exe
C:\Windows\System\lKvvIkF.exe
2⤵
PID:14332

C:\Windows\System\NQgtooh.exe
C:\Windows\System\NQgtooh.exe
2⤵
PID:13380

C:\Windows\System\hDdxNXn.exe
C:\Windows\System\hDdxNXn.exe
2⤵
PID:13428

C:\Windows\System\RrCBEuR.exe
C:\Windows\System\RrCBEuR.exe
2⤵
PID:13500

C:\Windows\System\BFyhpSL.exe
C:\Windows\System\BFyhpSL.exe
2⤵
PID:13560

C:\Windows\System\iWncKkl.exe
C:\Windows\System\iWncKkl.exe
2⤵
PID:13596

C:\Windows\System\xMHkvJC.exe
C:\Windows\System\xMHkvJC.exe
2⤵
PID:13740

C:\Windows\System\RICuqBD.exe
C:\Windows\System\RICuqBD.exe
2⤵
PID:13796

C:\Windows\System\TewpGPa.exe
C:\Windows\System\TewpGPa.exe
2⤵
PID:13844

C:\Windows\System\GReykNV.exe
C:\Windows\System\GReykNV.exe
2⤵
PID:13900

C:\Windows\System\JjrZffX.exe
C:\Windows\System\JjrZffX.exe
2⤵
PID:13972

C:\Windows\System\zyREEjy.exe
C:\Windows\System\zyREEjy.exe
2⤵
PID:14020

C:\Windows\System\RskAKWV.exe
C:\Windows\System\RskAKWV.exe
2⤵
PID:14124

C:\Windows\System\oXzzPuR.exe
C:\Windows\System\oXzzPuR.exe
2⤵
PID:14156

C:\Windows\System\BWCeKKK.exe
C:\Windows\System\BWCeKKK.exe
2⤵
PID:14216

C:\Windows\System\hAzQckO.exe
C:\Windows\System\hAzQckO.exe
2⤵
PID:14272

C:\Windows\System\VSluOjr.exe
C:\Windows\System\VSluOjr.exe
2⤵
PID:13340

C:\Windows\System\guASDHA.exe
C:\Windows\System\guASDHA.exe
2⤵
PID:13480

C:\Windows\System\jdbRYwL.exe
C:\Windows\System\jdbRYwL.exe
2⤵
PID:13528

C:\Windows\System\tZBWlbp.exe
C:\Windows\System\tZBWlbp.exe
2⤵
PID:13648

C:\Windows\System\OGazPAO.exe
C:\Windows\System\OGazPAO.exe
2⤵
PID:13908

C:\Windows\System\bGYewYo.exe
C:\Windows\System\bGYewYo.exe
2⤵
PID:14040

C:\Windows\System\RQBslSG.exe
C:\Windows\System\RQBslSG.exe
2⤵
PID:14160

C:\Windows\System\UjDfkbH.exe
C:\Windows\System\UjDfkbH.exe
2⤵
PID:14264

C:\Windows\System\EWDpOvR.exe
C:\Windows\System\EWDpOvR.exe
2⤵
PID:13532

C:\Windows\System\AkYpAND.exe
C:\Windows\System\AkYpAND.exe
2⤵
PID:13996

C:\Windows\System\LWMvlem.exe
C:\Windows\System\LWMvlem.exe
2⤵
PID:14292

C:\Windows\System\MpWSGJq.exe
C:\Windows\System\MpWSGJq.exe
2⤵
PID:14200

C:\Windows\System\QzjgisB.exe
C:\Windows\System\QzjgisB.exe
2⤵
PID:14388

C:\Windows\System\jCknndA.exe
C:\Windows\System\jCknndA.exe
2⤵
PID:14404

C:\Windows\System\HTgBkDA.exe
C:\Windows\System\HTgBkDA.exe
2⤵
PID:14432

C:\Windows\System\GkNPWva.exe
C:\Windows\System\GkNPWva.exe
2⤵
PID:14460

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 1296 -i 1296 -h 528 -j 532 -s 540 -d 14784
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:14856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AfYuxGF.exe

Filesize
2.0MB

MD5
3cbaf9c575d048b82e982b689e302b0d

SHA1
817fd31cd33013e3cb52c759aa6bfe5318934617

SHA256
372eeafe5d4e3f438c1144a670736a797815e008b9f8956a78c35937d20f5343

SHA512
8f52577d349c3f593c1c6e55e7e7e276fcdb8ce5a53184c6eee1495aa22e1a7225af7826c8665973fd244ae97b2a4e653dab3bbd43be913c5c4f958aa45170d4

Download Submit
C:\Windows\System\DoneqLK.exe

Filesize
2.0MB

MD5
a454e3c91d931dd76447e0b372c5c88b

SHA1
f3830c3c799483c10e81902a84c3db5ce978f2e4

SHA256
f5996072fa976497c90b958517b30ea8798da17cd86065ba9d48f8ff4f6aacee

SHA512
a50211971f801eac03acb88ed4b4f0bcfa3da701af54d537895ed51042e7044c237f6488a3dc7d9c662b7587035d15245080eed4e26a1deb3d080efe4797184f

Download Submit
C:\Windows\System\EQnYChs.exe

Filesize
2.0MB

MD5
3bde9b12c2e83ef91d05121ede385a0c

SHA1
e4592022ac879c023068ebd5ffb512453a3b36c0

SHA256
92e7e233b99686e05c0d686efe082f572f761643fa787ec5705a1a5dc884a9e8

SHA512
983bc72fa0afa676f8b45541c2901ebfa9d47203193764c3da7f9e2b4204c326a8fd7879dcd900753c2cd4d335f6e32d13e692e344df540efe30d50fef87b5b7

Download Submit
C:\Windows\System\EcXWZrW.exe

Filesize
2.0MB

MD5
3cc81a2287041d28c1af7e2f18cc296c

SHA1
f4012f7ac275d608880d617266e850bb01c0573b

SHA256
6d117c4bcc0185c5bccda5ded720802f490c5b87473778fbbe3b5762eb33457c

SHA512
a4907754a4c547d56b77120ce22727ff72424013d298e142d27f90a31156d932d12aa46d23d5ba79e562815d6e32ce653478012da7223e86f0128541b918e007

Download Submit
C:\Windows\System\EnXUmVC.exe

Filesize
2.0MB

MD5
e83eed1e90021dfa6c1bb71a869bcb14

SHA1
12556f5ab72eba2daf5b695b91436d8715767ab5

SHA256
91c755115d7a44c971d3be0f30ee3208e91251cf75dbf6f7197d78bdd972cd9b

SHA512
f2f99fee5b4cf2762a592c9804bd4e01d99c27609499f4e93ce40eaade80ae2c1d218bfd237c94be75d0b65b8fb4dc2b58daccbb7a9bd88eafbc15336fb203d1

Download Submit
C:\Windows\System\EpLTzFy.exe

Filesize
2.0MB

MD5
3dd209da8266636037e8d11dfc4dd9d1

SHA1
e18452d13d9651324c4de52bfc1a1a5920a1f641

SHA256
b5c8fb279cfde9380ba027a4c30d465fe69e55f259a1ebfb8f779aefcd9bf2ed

SHA512
ba1e1583c6b621d316f8bcb780280fa0e31a669ce6d9a429864e591e21f4aac5dcb30a90f713bc2c6d7de10cb36cd08112e8fdfb1ab0f344c3b8aa082ae4861d

Download Submit
C:\Windows\System\ILMLdxz.exe

Filesize
2.0MB

MD5
25a474308a90d639e640574f3c48c0e7

SHA1
358d1d27f9e7dddecff00c48801445e80b5052f2

SHA256
98ab169d9967a3ee375bada3462c5cf956fcc8911d2f4d0d19afb50a430cd798

SHA512
c109be97d61b8c4bb228605a290b74bf20b653d51c98cd08b97110c2f5978c598053d848544a31f5eaded0adc750dd7a63098ebbd90ab9140da109c629241b23

Download Submit
C:\Windows\System\NmBfFmM.exe

Filesize
2.0MB

MD5
7bc62c5084129ee96ab3a127e01931d8

SHA1
7bd6bfa25b8480e5adeeb1bbf469d0b66b62140b

SHA256
4c39f008f85f8e908884a5610509b5a84c05c3fbf78ed3589c44851143469d18

SHA512
2effa2644bf794741e265d14242f3070a881484e11c2eadc7cc1fcf3a5c104d9b971694dc574f429f21d40752acc632778152d3fe0068c79a6a98714ee25df16

Download Submit
C:\Windows\System\PfYshnk.exe

Filesize
2.0MB

MD5
c9a7b59107df894366103995d17fdcf4

SHA1
5719ef6bff0bdafc5ce6d4cbb5a944bbf1162d16

SHA256
eb20c494c04ad62503f6fc21f18d194fedee101acc801ef0724f7564adc49592

SHA512
46735351182b2e90c16e55dc484df979626b7c536ace3a2a24fdb25d7106fe17b8f82ba216680367c0a34ca09c768d48b1cc868abeb18bf881d5b1a50cceca84

Download Submit
C:\Windows\System\QJgUazg.exe

Filesize
2.0MB

MD5
032cbcaf054feea42fec113faf3228ad

SHA1
4f21ee0330709b82f7c107e8011a1680a06a8999

SHA256
c1349e2d5234da992c57b6ca5d7bdd1cbe4dab8ed001a68766e69ce7b8eb385a

SHA512
42011cf565f6cdadd6de67510700a3236b273a1923f5cd34db015af0a9b2c6f4be634805960b902b987452c248285f065c92753342e0996b104c243ada42e840

Download Submit
C:\Windows\System\QjAjxDW.exe

Filesize
2.0MB

MD5
829c34bf7f8c9520822599a88784837c

SHA1
6fddcf698dc762ecd0b3675b50408b480b25adb7

SHA256
35b3e79b202d73dec029001eb1dedf20428157535acfdbaa66ca02245474c266

SHA512
89679c14b03f6da8b2952724b1bc5ad82ed92b76676d4347746ae495d43b27c3d931792be618f2e4506c3fc7f0d677234292ff4fe6eb649b4b12c2c27c1373ed

Download Submit
C:\Windows\System\TnZeVjP.exe

Filesize
2.0MB

MD5
960ef2c3e612f71e35b4f9eb7ba9ecf7

SHA1
f4c59f5330e09c63e7a9278f0e4f01a4c4a995f8

SHA256
1c4a4412a7951b2c5c18cc06082e117e3f7f86abf50b909d2ece19fca8ae6d89

SHA512
c539e347bd81d06a2c63b0534841bc1504643c10905714cd417286311a44b84fc16341f1616d290c22421c784ac4769ad7ed55d3d77f64608ecc7573df8b4d3b

Download Submit
C:\Windows\System\VHCBGns.exe

Filesize
2.0MB

MD5
c15a2a8fd4fa3633e4d6377258580b00

SHA1
31dc6694500ebc7c8d11340ea2d5ba904963fe89

SHA256
b783d9eb0eeff26bfabf8f4bb9b176318a68a5e505b51842dfbc6baa8c8e1e17

SHA512
507cd9acbba5591b547414aafa8fed3513680d702386f2e9db2357d9bdcbcd1a84e6d115d1fb67014e2e63874307f29c292a45ddf2ad55b57b6c57475784ee87

Download Submit
C:\Windows\System\VuvWZKa.exe

Filesize
2.0MB

MD5
bc6f57e680d3705718b50c22cb6da24a

SHA1
d8cec527137b9438be536bbb131b6cf4b9783ea6

SHA256
34fdb55066bef22511e70debc5accb6f308c98d0660f26deea97df749f3a163e

SHA512
364a6e8a6447ff1325041cd3d80f1c5e7c96b38f8c2d5fd6dd7cf7aca4680e058ae01dc6c4e7620d0dfd1e7ebb119af84da7b21ee43105a1046243c4f5be9e31

Download Submit
C:\Windows\System\XYopDDk.exe

Filesize
2.0MB

MD5
4e57dcf35f14bb8ad540c2aae36fdfe2

SHA1
f0ad353bb4638c3cd9480ab83123504a15347784

SHA256
b52f71ad2a6a382350f3078a5668759aff5a6eb0207e5f6c18ca9112ffe94c97

SHA512
e853ca2e1757a549c1748122db7fcf62971d2a28aad6a0041980c54e3b9c984b84ab5511cd11693d8afb8e0d951c108362a443fc83f555bd0d920cb9297f82a6

Download Submit
C:\Windows\System\bSDtERP.exe

Filesize
2.0MB

MD5
48823fb2a567bc1b9864cdf977d7434c

SHA1
be6415f5a860e8fd8f2d3b43ea8329aabd943629

SHA256
966f63bac272786f3ac7557e461d1597befb498626d516f50f4a61fa158f27e9

SHA512
2e9afc610080842b081b4f1222dc634155d5579bd0a81bd960e786fc0aa74d4da4503c2823294d3545801f9e99dd655b441e5f9e5c253b8c65c00981891d7c22

Download Submit
C:\Windows\System\bTwlcaQ.exe

Filesize
2.0MB

MD5
836ed2d8787a4d17417dc4c15eca61f4

SHA1
ae1f1ebfab9a72c233a62405c493fb7698e5d958

SHA256
8aaef666bef7eeab4d9d7c01393f8cf40bf73af3cd32e0899f568c33bd3f0e3e

SHA512
17a9c77d09913b1f17828203148beb4e205dbae7779ad391055a9504b954dc02cdeb61b8d04a2100b9a0d2271f41a4cfa98f4cb680c67d7d0fe15d4222246e43

Download Submit
C:\Windows\System\eWTJroh.exe

Filesize
2.0MB

MD5
bd8164cfefc5a4980e2674d6cfad6038

SHA1
8589801e2a2bbf49905614495ef60b6ded622ffe

SHA256
525abdbc00d131dcd52c0fc04f901e8afa62efba059947d74d18ab1bac1f971f

SHA512
d1fc23ea3d9df0973bfe94aabdbc64d3ab3f92f3cae633714b453cfa945c1d281a1b47ea34bfd39d7f83d9eeb4a341ac8999909fcb3d9406484932b67ffdd77f

Download Submit
C:\Windows\System\jyKEHzc.exe

Filesize
2.0MB

MD5
b013f55b7de8af0a49ba3e04ddc33044

SHA1
46c2a18df8a3e65c7a489ac6eddde7a547289cee

SHA256
2f733b3e6cd6a64ba8f3eb17c8ff8f44d6ccbb6b1db9043098ab133e69589656

SHA512
902634d8e9cf15f9b551cd7bd8a64e06faa3febd51937ab46fa4fbb36eab4ab1c3d95c0eca3cec809837ab2140421057f6e74e09d5ff639d16fcd9b66eca089f

Download Submit
C:\Windows\System\lhvXHkm.exe

Filesize
2.0MB

MD5
b5f85dfdf5b7165d6999e233536c47c8

SHA1
4f6d1072ce7febab016a03b5f3f49507d27fbe07

SHA256
e6d6b4f76b3cf18f0bd458ee722aa58ac145f0b38114859638eaa008d06b8c34

SHA512
4bf4b4f8bf9be27454d84455538641d779da70d2da21aab5b0bc271d7b2f7929c7d967cf8a115d38cf52cabb561e851a0fac9dc2ea1031ad58bca028e53a25a6

Download Submit
C:\Windows\System\mdKwowR.exe

Filesize
2.0MB

MD5
d0150dfca63cdf35e82fd6583661bd3f

SHA1
1589c282308afbafafed917dce35b9bcb1e70932

SHA256
f298ae939c2ee880b4a2e5c0510ab0cedc24ea3d1f07086ed50d74e51b469fb0

SHA512
41d0c1a254f818dcaaa2b625d45d83b9415230b711ef56a3e0d1e0c9e9efd914cbe015f46cfa0a7717302fb4463814758ed4a0305faefd442c94f25f7488b684

Download Submit
C:\Windows\System\nyXoNnX.exe

Filesize
2.0MB

MD5
5ec96c870ef3ef48b6a7c54471f5a131

SHA1
d43a20ee1c8dd45330fe8c2314e988c72ac29928

SHA256
66008437ce9888499692bc2e608a7d04220fe1620c66bdaa89bebfa4b4ec9439

SHA512
f611c092ab25ffac9dd68b4fa86a129aa003084b02b5d3bd645e7d1d9bc14aa927f055e0228bca99a3c7a29f7100806cd929305a9b0ee57744749160d5e7b01f

Download Submit
C:\Windows\System\pZKuvsc.exe

Filesize
2.0MB

MD5
3f7683c74cf04b707bf706718ea8a742

SHA1
ff476ccb7dffd1ce58d91c902f2d791db4c0dc9e

SHA256
57394f6567ca610815bf1a2e8cbce80091fb59fd610b4baa980fdc55f1b4381d

SHA512
23d4043d9ce2670e1baac14fbef330917bfae01f087b75bf6b48e242c85e40da6d4b1f2d066ebad83a3696225f347ff69ae1397cfdcea2357e77aa3ea16b69a5

Download Submit
C:\Windows\System\qTEzlae.exe

Filesize
2.0MB

MD5
0bd8f17450a0d56646ece992b1e7214e

SHA1
03f45582b80adfa89f37193c55c7c0fedb315aa5

SHA256
3c492f6f09a21226d57789150d64956437478f352d56aa621157c35f4f458854

SHA512
34e55d704660a5062a67467c376db8ff8b296a0d22b925d9ef2b95ac1678a643f3efd9f1613dbc1bab424dc3910512a817f158a7a453c98a1e1b43e190aac459

Download Submit
C:\Windows\System\qqGjVEn.exe

Filesize
2.0MB

MD5
0f74aed47e1a4a1d7c76bbb6e07d6674

SHA1
f28c02c45ed4ec97f91fa85ed4e47dd60816b545

SHA256
8cabad7cace580ebeec63c83792d2039bc23676b2b917b9ec6e5f87b5e59a30a

SHA512
43823fbe9d593fb6bb8ee14805680caf7dc8cb95b41746e5636c2d069d71a73a64334f457d09d53bafc6273d3f30f3ffe49a1eb5220aadee0986c8c155dffebf

Download Submit
C:\Windows\System\rFnglst.exe

Filesize
2.0MB

MD5
335e7fd5c9284bce826ff6e478e5089c

SHA1
51a8e308bebe1e0f808dda92f1d1eace8ae6ce6c

SHA256
4e0427ce0d914efeb4806ff872232463193b5a5db45735d85b55290020550a58

SHA512
00a0a1f6e3dbe0e731447014624ca166ce97970f857beef07f37ba8d9fb2fc53023443323f57184253b27b96ab91134b0d9b43f6887a0bc50a1dc9583bfbc86c

Download Submit
C:\Windows\System\rbMBuxC.exe

Filesize
2.0MB

MD5
e6d8288e4b4ee2129683c00c5f187076

SHA1
dbd34323cfb8f4442b3812e34263d224a2b3068d

SHA256
99c03377b766e88170cd3ece88ba3da130bcf318ed46ee90ea3fecfaa21f81b0

SHA512
94bc1751437dbe472ca447c04f11ba876dc6827a41a8a630f28f1aca791308c80db20717c34aa5e8ecc43ed02093c8e26dff934b249763097a6e3d4afedef6ea

Download Submit
C:\Windows\System\tOoTSzB.exe

Filesize
2.0MB

MD5
3b86741f6d1df79c70a8938ecffb705c

SHA1
f8add4346ff90660a77c4924fd7fde6af215a416

SHA256
1ae1d7509bf69e0a5047ef82fb1607df0c9281f928f17ebcd43133a638271c6f

SHA512
6b7a9dc4ee4d6a3daf6d8915ca059402fd4a7f3784bccd15ea942730d5a55c8ee5231a2438f5cd08e4d45631e7c6381c2aa6c2ab2a7128fd4154abb01099ddb8

Download Submit
C:\Windows\System\ufNKaEk.exe

Filesize
2.0MB

MD5
3fdb28770bbf3c9d065d781f6fc8ff46

SHA1
dc3d7e991898c58aff07a42ada3b76dccfb9d18d

SHA256
dc9f18465a67d26ac6166a44923e55fc465832a044ccc6375cd301e55604a8e1

SHA512
07cb8f35fe0a17449fe002fe53b49f1bb6eaa92ba36f8d8582e0080ea6fb5e676d29e6c00733a9bb193eac215a8a678a3dfcd233fcf1dc5a1b64899147af7c8f

Download Submit
C:\Windows\System\vICrpUY.exe

Filesize
2.0MB

MD5
2a7549d739571df1e4ca731e87ab1d8e

SHA1
ed2ac581c49d9244669a4654546934e8f4ac2cfc

SHA256
e62f9b41394e7e451d2fa932403bf71c96eb039946cdda9426ffc1693bef8956

SHA512
ec1b1d6eb5cf00d26ddef7fb3f08b2117e517317517b986eb263b1582d4f67521f58287503c5c7b2e0bcef6dc27af4b0e4f56e1f587e83e47be58c5ffb9b04f3

Download Submit
C:\Windows\System\vYMqZOF.exe

Filesize
2.0MB

MD5
8cc4a483368c6ad6728e050a95a12450

SHA1
b4aa9d4bf3e8cedefbf90348a54f6af994f47b71

SHA256
2d02433281e6e0eb14930b5dd92a3a38ddf61429f5ac76ce7c8b823dda5b401f

SHA512
d5024437d189424f09013404cf84fce10cf86a36ccc455137c8e8adac8ef756c438cce8cf0e0efa0c32be2791c78f01cfe27dc2de339e384fc98f07242e77816

Download Submit
C:\Windows\System\wpyPkBT.exe

Filesize
2.0MB

MD5
621501d2509f306030e42c137bc7b6a3

SHA1
0fd151817b63baf9a1ce39e96352597e375f6798

SHA256
e00047ab5f1eb3014b96964515027feeb7c4041b8ffbd42f97e88a940f7a080f

SHA512
786bf130a5230831369679514468f3d63056a20aa308e5458dd476ae311c2b0143494e1cf99ed338b31cf0649966485e4553d9dd1852db6934138f8d49b4fc87

Download Submit
memory/452-2154-0x00007FF6882B0000-0x00007FF688604000-memory.dmp

Filesize
3.3MB

Download
memory/452-649-0x00007FF6882B0000-0x00007FF688604000-memory.dmp

Filesize
3.3MB

Download
memory/936-1102-0x00007FF719DA0000-0x00007FF71A0F4000-memory.dmp

Filesize
3.3MB

Download
memory/936-0-0x00007FF719DA0000-0x00007FF71A0F4000-memory.dmp

Filesize
3.3MB

Download
memory/936-1-0x00000248B7AE0000-0x00000248B7AF0000-memory.dmp

Filesize
64KB

Download
memory/1508-2134-0x00007FF7D5CF0000-0x00007FF7D6044000-memory.dmp

Filesize
3.3MB

Download
memory/1508-41-0x00007FF7D5CF0000-0x00007FF7D6044000-memory.dmp

Filesize
3.3MB

Download
memory/1684-658-0x00007FF78B5C0000-0x00007FF78B914000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2149-0x00007FF78B5C0000-0x00007FF78B914000-memory.dmp

Filesize
3.3MB

Download
memory/1748-640-0x00007FF7F3320000-0x00007FF7F3674000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2155-0x00007FF7F3320000-0x00007FF7F3674000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2118-0x00007FF62F5D0000-0x00007FF62F924000-memory.dmp

Filesize
3.3MB

Download
memory/1800-56-0x00007FF62F5D0000-0x00007FF62F924000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2135-0x00007FF62F5D0000-0x00007FF62F924000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2123-0x00007FF7F34B0000-0x00007FF7F3804000-memory.dmp

Filesize
3.3MB

Download
memory/1848-30-0x00007FF7F34B0000-0x00007FF7F3804000-memory.dmp

Filesize
3.3MB

Download
memory/2036-653-0x00007FF7D8050000-0x00007FF7D83A4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2153-0x00007FF7D8050000-0x00007FF7D83A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-2140-0x00007FF776580000-0x00007FF7768D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-89-0x00007FF776580000-0x00007FF7768D4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-103-0x00007FF7CE3F0000-0x00007FF7CE744000-memory.dmp

Filesize
3.3MB

Download
memory/2324-2144-0x00007FF7CE3F0000-0x00007FF7CE744000-memory.dmp

Filesize
3.3MB

Download
memory/2472-2136-0x00007FF68ED80000-0x00007FF68F0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-66-0x00007FF68ED80000-0x00007FF68F0D4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-27-0x00007FF6924E0000-0x00007FF692834000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2124-0x00007FF6924E0000-0x00007FF692834000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2150-0x00007FF7A7840000-0x00007FF7A7B94000-memory.dmp

Filesize
3.3MB

Download
memory/2944-677-0x00007FF7A7840000-0x00007FF7A7B94000-memory.dmp

Filesize
3.3MB

Download
memory/3104-62-0x00007FF753030000-0x00007FF753384000-memory.dmp

Filesize
3.3MB

Download
memory/3104-2137-0x00007FF753030000-0x00007FF753384000-memory.dmp

Filesize
3.3MB

Download
memory/3200-2152-0x00007FF76AD30000-0x00007FF76B084000-memory.dmp

Filesize
3.3MB

Download
memory/3200-672-0x00007FF76AD30000-0x00007FF76B084000-memory.dmp

Filesize
3.3MB

Download
memory/3420-2151-0x00007FF60BE80000-0x00007FF60C1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3420-676-0x00007FF60BE80000-0x00007FF60C1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3448-75-0x00007FF702860000-0x00007FF702BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3448-2138-0x00007FF702860000-0x00007FF702BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3588-2122-0x00007FF696E30000-0x00007FF697184000-memory.dmp

Filesize
3.3MB

Download
memory/3588-22-0x00007FF696E30000-0x00007FF697184000-memory.dmp

Filesize
3.3MB

Download
memory/3612-1106-0x00007FF6D1860000-0x00007FF6D1BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3612-2120-0x00007FF6D1860000-0x00007FF6D1BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3612-8-0x00007FF6D1860000-0x00007FF6D1BB4000-memory.dmp

Filesize
3.3MB

Download
memory/3628-97-0x00007FF6F36C0000-0x00007FF6F3A14000-memory.dmp

Filesize
3.3MB

Download
memory/3628-2142-0x00007FF6F36C0000-0x00007FF6F3A14000-memory.dmp

Filesize
3.3MB

Download
memory/3832-94-0x00007FF69EB20000-0x00007FF69EE74000-memory.dmp

Filesize
3.3MB

Download
memory/3832-2141-0x00007FF69EB20000-0x00007FF69EE74000-memory.dmp

Filesize
3.3MB

Download
memory/4144-102-0x00007FF678250000-0x00007FF6785A4000-memory.dmp

Filesize
3.3MB

Download
memory/4144-2143-0x00007FF678250000-0x00007FF6785A4000-memory.dmp

Filesize
3.3MB

Download
memory/4144-2119-0x00007FF678250000-0x00007FF6785A4000-memory.dmp

Filesize
3.3MB

Download
memory/4256-2139-0x00007FF735C00000-0x00007FF735F54000-memory.dmp

Filesize
3.3MB

Download
memory/4256-82-0x00007FF735C00000-0x00007FF735F54000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2157-0x00007FF669D70000-0x00007FF66A0C4000-memory.dmp

Filesize
3.3MB

Download
memory/4396-638-0x00007FF669D70000-0x00007FF66A0C4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-1521-0x00007FF7F9850000-0x00007FF7F9BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-2121-0x00007FF7F9850000-0x00007FF7F9BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4452-21-0x00007FF7F9850000-0x00007FF7F9BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-2156-0x00007FF6BD4C0000-0x00007FF6BD814000-memory.dmp

Filesize
3.3MB

Download
memory/4588-639-0x00007FF6BD4C0000-0x00007FF6BD814000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2146-0x00007FF6D80A0000-0x00007FF6D83F4000-memory.dmp

Filesize
3.3MB

Download
memory/4628-681-0x00007FF6D80A0000-0x00007FF6D83F4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-2145-0x00007FF7FE070000-0x00007FF7FE3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-104-0x00007FF7FE070000-0x00007FF7FE3C4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-689-0x00007FF675790000-0x00007FF675AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2147-0x00007FF675790000-0x00007FF675AE4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-664-0x00007FF7E00F0000-0x00007FF7E0444000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2148-0x00007FF7E00F0000-0x00007FF7E0444000-memory.dmp

Filesize
3.3MB

Download