xmrig | 1017adc3942e625fb795e3f4bf9ac125a6d00e27e38b810a77a655f1c60efc99

Analysis

max time kernel
136s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
Size

2.2MB
MD5

1381d1d395192342276ab33575f81e80
SHA1

d2acf3fc1c2e00f259b0cd8d5aea56d73078ee59
SHA256

1017adc3942e625fb795e3f4bf9ac125a6d00e27e38b810a77a655f1c60efc99
SHA512

366c50a695596c66b890417e195d0ab5898f6358ee38d4917fdb6e189ce355d63a6b4777d7c679d55d9961df850ad581e93cc1026c4b7ce48020a30d19dc058e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbdhDLL4eDZUUmEy6ok:BemTLkNdfE0pZrM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/1184-0-0x00007FF7146E0000-0x00007FF714A34000-memory.dmp	xmrig
C:\Windows\System\gQYzAht.exe	xmrig
C:\Windows\System\ykQcsPi.exe	xmrig
C:\Windows\System\cUsJieK.exe	xmrig
C:\Windows\System\ZIcGIri.exe	xmrig
C:\Windows\System\dUfBkzh.exe	xmrig
C:\Windows\System\JWkBkOB.exe	xmrig
C:\Windows\System\AvccROY.exe	xmrig
C:\Windows\System\TWOnIax.exe	xmrig
C:\Windows\System\dgnHcVT.exe	xmrig
C:\Windows\System\dZLYnAx.exe	xmrig
C:\Windows\System\qzjyNVg.exe	xmrig
C:\Windows\System\yJgWkeG.exe	xmrig
behavioral2/memory/3468-517-0x00007FF6B9450000-0x00007FF6B97A4000-memory.dmp	xmrig
behavioral2/memory/2096-546-0x00007FF668EB0000-0x00007FF669204000-memory.dmp	xmrig
behavioral2/memory/1960-578-0x00007FF751320000-0x00007FF751674000-memory.dmp	xmrig
behavioral2/memory/2744-563-0x00007FF740080000-0x00007FF7403D4000-memory.dmp	xmrig
behavioral2/memory/3720-584-0x00007FF745D00000-0x00007FF746054000-memory.dmp	xmrig
behavioral2/memory/4188-604-0x00007FF76A270000-0x00007FF76A5C4000-memory.dmp	xmrig
behavioral2/memory/5028-609-0x00007FF656890000-0x00007FF656BE4000-memory.dmp	xmrig
behavioral2/memory/3024-637-0x00007FF780B50000-0x00007FF780EA4000-memory.dmp	xmrig
behavioral2/memory/1080-643-0x00007FF6772E0000-0x00007FF677634000-memory.dmp	xmrig
behavioral2/memory/2452-653-0x00007FF6F44D0000-0x00007FF6F4824000-memory.dmp	xmrig
behavioral2/memory/1788-650-0x00007FF6FB610000-0x00007FF6FB964000-memory.dmp	xmrig
behavioral2/memory/4680-634-0x00007FF6EB240000-0x00007FF6EB594000-memory.dmp	xmrig
behavioral2/memory/2488-630-0x00007FF754000000-0x00007FF754354000-memory.dmp	xmrig
behavioral2/memory/3332-623-0x00007FF679770000-0x00007FF679AC4000-memory.dmp	xmrig
behavioral2/memory/5016-620-0x00007FF7B20A0000-0x00007FF7B23F4000-memory.dmp	xmrig
behavioral2/memory/4964-614-0x00007FF763060000-0x00007FF7633B4000-memory.dmp	xmrig
behavioral2/memory/2460-613-0x00007FF749C70000-0x00007FF749FC4000-memory.dmp	xmrig
behavioral2/memory/3272-600-0x00007FF6A6C00000-0x00007FF6A6F54000-memory.dmp	xmrig
behavioral2/memory/2544-589-0x00007FF644170000-0x00007FF6444C4000-memory.dmp	xmrig
behavioral2/memory/3060-566-0x00007FF747740000-0x00007FF747A94000-memory.dmp	xmrig
behavioral2/memory/1800-555-0x00007FF7E8B00000-0x00007FF7E8E54000-memory.dmp	xmrig
behavioral2/memory/628-551-0x00007FF6E9B30000-0x00007FF6E9E84000-memory.dmp	xmrig
behavioral2/memory/1044-537-0x00007FF732580000-0x00007FF7328D4000-memory.dmp	xmrig
behavioral2/memory/4792-532-0x00007FF61D190000-0x00007FF61D4E4000-memory.dmp	xmrig
behavioral2/memory/4116-524-0x00007FF736D90000-0x00007FF7370E4000-memory.dmp	xmrig
C:\Windows\System\CvMrvvH.exe	xmrig
C:\Windows\System\OpKnxUl.exe	xmrig
C:\Windows\System\WzeEzuC.exe	xmrig
C:\Windows\System\oFhjavd.exe	xmrig
C:\Windows\System\xEfKvXA.exe	xmrig
C:\Windows\System\XobNuhn.exe	xmrig
C:\Windows\System\lGgdkuf.exe	xmrig
C:\Windows\System\Xzwaeau.exe	xmrig
C:\Windows\System\eGDcwjk.exe	xmrig
C:\Windows\System\tQKNwsu.exe	xmrig
C:\Windows\System\kqaEJdQ.exe	xmrig
C:\Windows\System\dCELPmv.exe	xmrig
C:\Windows\System\JuVPqok.exe	xmrig
C:\Windows\System\DpuLPFZ.exe	xmrig
C:\Windows\System\ZUuWEbj.exe	xmrig
C:\Windows\System\lNbAoGQ.exe	xmrig
C:\Windows\System\NFgjByT.exe	xmrig
C:\Windows\System\aVnmcNg.exe	xmrig
C:\Windows\System\QkxWraG.exe	xmrig
behavioral2/memory/4008-36-0x00007FF77BFA0000-0x00007FF77C2F4000-memory.dmp	xmrig
C:\Windows\System\HihCtlT.exe	xmrig
behavioral2/memory/3572-30-0x00007FF6401E0000-0x00007FF640534000-memory.dmp	xmrig
C:\Windows\System\aMAZsRo.exe	xmrig
behavioral2/memory/4596-19-0x00007FF645030000-0x00007FF645384000-memory.dmp	xmrig
behavioral2/memory/1744-9-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp	xmrig
behavioral2/memory/1744-2108-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

ykQcsPi.execUsJieK.exegQYzAht.exeaMAZsRo.exeHihCtlT.exeZIcGIri.exeQkxWraG.exeaVnmcNg.exedUfBkzh.exeNFgjByT.exeJWkBkOB.exelNbAoGQ.exeZUuWEbj.exeDpuLPFZ.exeAvccROY.exeJuVPqok.exeTWOnIax.exedCELPmv.exedgnHcVT.exekqaEJdQ.exetQKNwsu.exedZLYnAx.exeeGDcwjk.exeXzwaeau.exelGgdkuf.exeqzjyNVg.exeXobNuhn.exexEfKvXA.exeoFhjavd.exeWzeEzuC.exeCvMrvvH.exeOpKnxUl.exeyJgWkeG.exeGyWJAwu.exegRxjviC.exeQOxrNRn.exeEDwdEGp.exeBHvlwRK.exeOFqhYll.exeZdsihkQ.exeyYduobk.exeKzlIcIR.exeuKrGhVi.exeJMpofQB.exexUNugOD.exevJCOuKC.exedGtYIXg.exeNlMUuiw.exedUonMyF.exebceGIvw.exeOzYLfpq.exegTiSYmT.exeFGExCpv.exeRKYeDLE.exeiPDtlln.exeNQcpBsS.exehVqtqeg.exeCaOGimN.exeWsnNJer.exekSBdIda.exeIBzGxFW.exeTnYhzlo.exeEfKmuFC.exeeeUAsRB.exe

pid	process
1744	ykQcsPi.exe
4596	cUsJieK.exe
3572	gQYzAht.exe
3468	aMAZsRo.exe
4008	HihCtlT.exe
4116	ZIcGIri.exe
2452	QkxWraG.exe
4792	aVnmcNg.exe
1044	dUfBkzh.exe
2096	NFgjByT.exe
628	JWkBkOB.exe
1800	lNbAoGQ.exe
2744	ZUuWEbj.exe
3060	DpuLPFZ.exe
1960	AvccROY.exe
3720	JuVPqok.exe
2544	TWOnIax.exe
3272	dCELPmv.exe
4188	dgnHcVT.exe
5028	kqaEJdQ.exe
2460	tQKNwsu.exe
4964	dZLYnAx.exe
5016	eGDcwjk.exe
3332	Xzwaeau.exe
2488	lGgdkuf.exe
4680	qzjyNVg.exe
3024	XobNuhn.exe
1080	xEfKvXA.exe
1788	oFhjavd.exe
2992	WzeEzuC.exe
4580	CvMrvvH.exe
4796	OpKnxUl.exe
664	yJgWkeG.exe
3472	GyWJAwu.exe
2348	gRxjviC.exe
4196	QOxrNRn.exe
4092	EDwdEGp.exe
2352	BHvlwRK.exe
2492	OFqhYll.exe
216	ZdsihkQ.exe
1904	yYduobk.exe
3344	KzlIcIR.exe
3760	uKrGhVi.exe
1252	JMpofQB.exe
2560	xUNugOD.exe
4772	vJCOuKC.exe
3476	dGtYIXg.exe
4372	NlMUuiw.exe
4356	dUonMyF.exe
3268	bceGIvw.exe
836	OzYLfpq.exe
1568	gTiSYmT.exe
4636	FGExCpv.exe
2832	RKYeDLE.exe
3124	iPDtlln.exe
3648	NQcpBsS.exe
2996	hVqtqeg.exe
4568	CaOGimN.exe
3224	WsnNJer.exe
916	kSBdIda.exe
1192	IBzGxFW.exe
3340	TnYhzlo.exe
3152	EfKmuFC.exe
2968	eeUAsRB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1184-0-0x00007FF7146E0000-0x00007FF714A34000-memory.dmp	upx
C:\Windows\System\gQYzAht.exe	upx
C:\Windows\System\ykQcsPi.exe	upx
C:\Windows\System\cUsJieK.exe	upx
C:\Windows\System\ZIcGIri.exe	upx
C:\Windows\System\dUfBkzh.exe	upx
C:\Windows\System\JWkBkOB.exe	upx
C:\Windows\System\AvccROY.exe	upx
C:\Windows\System\TWOnIax.exe	upx
C:\Windows\System\dgnHcVT.exe	upx
C:\Windows\System\dZLYnAx.exe	upx
C:\Windows\System\qzjyNVg.exe	upx
C:\Windows\System\yJgWkeG.exe	upx
behavioral2/memory/3468-517-0x00007FF6B9450000-0x00007FF6B97A4000-memory.dmp	upx
behavioral2/memory/2096-546-0x00007FF668EB0000-0x00007FF669204000-memory.dmp	upx
behavioral2/memory/1960-578-0x00007FF751320000-0x00007FF751674000-memory.dmp	upx
behavioral2/memory/2744-563-0x00007FF740080000-0x00007FF7403D4000-memory.dmp	upx
behavioral2/memory/3720-584-0x00007FF745D00000-0x00007FF746054000-memory.dmp	upx
behavioral2/memory/4188-604-0x00007FF76A270000-0x00007FF76A5C4000-memory.dmp	upx
behavioral2/memory/5028-609-0x00007FF656890000-0x00007FF656BE4000-memory.dmp	upx
behavioral2/memory/3024-637-0x00007FF780B50000-0x00007FF780EA4000-memory.dmp	upx
behavioral2/memory/1080-643-0x00007FF6772E0000-0x00007FF677634000-memory.dmp	upx
behavioral2/memory/2452-653-0x00007FF6F44D0000-0x00007FF6F4824000-memory.dmp	upx
behavioral2/memory/1788-650-0x00007FF6FB610000-0x00007FF6FB964000-memory.dmp	upx
behavioral2/memory/4680-634-0x00007FF6EB240000-0x00007FF6EB594000-memory.dmp	upx
behavioral2/memory/2488-630-0x00007FF754000000-0x00007FF754354000-memory.dmp	upx
behavioral2/memory/3332-623-0x00007FF679770000-0x00007FF679AC4000-memory.dmp	upx
behavioral2/memory/5016-620-0x00007FF7B20A0000-0x00007FF7B23F4000-memory.dmp	upx
behavioral2/memory/4964-614-0x00007FF763060000-0x00007FF7633B4000-memory.dmp	upx
behavioral2/memory/2460-613-0x00007FF749C70000-0x00007FF749FC4000-memory.dmp	upx
behavioral2/memory/3272-600-0x00007FF6A6C00000-0x00007FF6A6F54000-memory.dmp	upx
behavioral2/memory/2544-589-0x00007FF644170000-0x00007FF6444C4000-memory.dmp	upx
behavioral2/memory/3060-566-0x00007FF747740000-0x00007FF747A94000-memory.dmp	upx
behavioral2/memory/1800-555-0x00007FF7E8B00000-0x00007FF7E8E54000-memory.dmp	upx
behavioral2/memory/628-551-0x00007FF6E9B30000-0x00007FF6E9E84000-memory.dmp	upx
behavioral2/memory/1044-537-0x00007FF732580000-0x00007FF7328D4000-memory.dmp	upx
behavioral2/memory/4792-532-0x00007FF61D190000-0x00007FF61D4E4000-memory.dmp	upx
behavioral2/memory/4116-524-0x00007FF736D90000-0x00007FF7370E4000-memory.dmp	upx
C:\Windows\System\CvMrvvH.exe	upx
C:\Windows\System\OpKnxUl.exe	upx
C:\Windows\System\WzeEzuC.exe	upx
C:\Windows\System\oFhjavd.exe	upx
C:\Windows\System\xEfKvXA.exe	upx
C:\Windows\System\XobNuhn.exe	upx
C:\Windows\System\lGgdkuf.exe	upx
C:\Windows\System\Xzwaeau.exe	upx
C:\Windows\System\eGDcwjk.exe	upx
C:\Windows\System\tQKNwsu.exe	upx
C:\Windows\System\kqaEJdQ.exe	upx
C:\Windows\System\dCELPmv.exe	upx
C:\Windows\System\JuVPqok.exe	upx
C:\Windows\System\DpuLPFZ.exe	upx
C:\Windows\System\ZUuWEbj.exe	upx
C:\Windows\System\lNbAoGQ.exe	upx
C:\Windows\System\NFgjByT.exe	upx
C:\Windows\System\aVnmcNg.exe	upx
C:\Windows\System\QkxWraG.exe	upx
behavioral2/memory/4008-36-0x00007FF77BFA0000-0x00007FF77C2F4000-memory.dmp	upx
C:\Windows\System\HihCtlT.exe	upx
behavioral2/memory/3572-30-0x00007FF6401E0000-0x00007FF640534000-memory.dmp	upx
C:\Windows\System\aMAZsRo.exe	upx
behavioral2/memory/4596-19-0x00007FF645030000-0x00007FF645384000-memory.dmp	upx
behavioral2/memory/1744-9-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp	upx
behavioral2/memory/1744-2108-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\xUNugOD.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\qVLWBDm.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\vzCyxqk.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\esEDWSJ.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\PPzgGdu.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\fNYEVYe.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\IBzGxFW.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\glJBCZv.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\qLNgVuO.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\zyzsRpN.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\gBtSQWB.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\uKrGhVi.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\YazPZaV.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\JhAmjun.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\nMBZgjY.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\wzfQryC.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\GteKvWI.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\HsHHHnE.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\CKLUHLy.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\vxBaUzu.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\tQKNwsu.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\BWGxHGm.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\WcZFqfx.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\jsqnDuy.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\GZLWkld.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\GyWJAwu.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\OgNjWwE.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\xOsKKdu.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\NAgLTCB.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\uHuNUcN.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\YFgkUhI.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\SBcBRjO.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\wskrFJW.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\walqBek.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\WhTbRQj.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\afVejVQ.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\pWSfSPA.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\PwWcIqM.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\ROBDvaC.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\AiuaQSJ.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\iroSScr.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\jvyDzYc.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\OQoqQsq.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\XobNuhn.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\QOxrNRn.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\RKYeDLE.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\JOKRiim.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\rbvHtRB.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\ksHJKdD.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\EkbhcMY.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\kAEsagL.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\VoDvNil.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\ozyEEpt.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\zBeFEvw.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\GZQtoIr.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\AzSOxlT.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\YuJHcPs.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\jCsSlLU.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\RCzFETH.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\QOQoTzv.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\xUOeMCw.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\Xzwaeau.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\OdXPHjF.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
File created	C:\Windows\System\VsHULrx.exe	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	14952	dwm.exe
Token: SeChangeNotifyPrivilege	14952	dwm.exe
Token: 33	14952	dwm.exe
Token: SeIncBasePriorityPrivilege	14952	dwm.exe
Token: SeShutdownPrivilege	14952	dwm.exe
Token: SeCreatePagefilePrivilege	14952	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe

description	pid	process	target process
PID 1184 wrote to memory of 1744	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	ykQcsPi.exe
PID 1184 wrote to memory of 1744	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	ykQcsPi.exe
PID 1184 wrote to memory of 4596	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	cUsJieK.exe
PID 1184 wrote to memory of 4596	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	cUsJieK.exe
PID 1184 wrote to memory of 3572	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	gQYzAht.exe
PID 1184 wrote to memory of 3572	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	gQYzAht.exe
PID 1184 wrote to memory of 3468	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	aMAZsRo.exe
PID 1184 wrote to memory of 3468	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	aMAZsRo.exe
PID 1184 wrote to memory of 4008	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	HihCtlT.exe
PID 1184 wrote to memory of 4008	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	HihCtlT.exe
PID 1184 wrote to memory of 4116	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	ZIcGIri.exe
PID 1184 wrote to memory of 4116	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	ZIcGIri.exe
PID 1184 wrote to memory of 2452	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	QkxWraG.exe
PID 1184 wrote to memory of 2452	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	QkxWraG.exe
PID 1184 wrote to memory of 4792	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	aVnmcNg.exe
PID 1184 wrote to memory of 4792	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	aVnmcNg.exe
PID 1184 wrote to memory of 1044	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	dUfBkzh.exe
PID 1184 wrote to memory of 1044	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	dUfBkzh.exe
PID 1184 wrote to memory of 2096	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	NFgjByT.exe
PID 1184 wrote to memory of 2096	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	NFgjByT.exe
PID 1184 wrote to memory of 628	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	JWkBkOB.exe
PID 1184 wrote to memory of 628	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	JWkBkOB.exe
PID 1184 wrote to memory of 1800	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	lNbAoGQ.exe
PID 1184 wrote to memory of 1800	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	lNbAoGQ.exe
PID 1184 wrote to memory of 2744	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	ZUuWEbj.exe
PID 1184 wrote to memory of 2744	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	ZUuWEbj.exe
PID 1184 wrote to memory of 3060	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	DpuLPFZ.exe
PID 1184 wrote to memory of 3060	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	DpuLPFZ.exe
PID 1184 wrote to memory of 1960	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	AvccROY.exe
PID 1184 wrote to memory of 1960	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	AvccROY.exe
PID 1184 wrote to memory of 3720	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	JuVPqok.exe
PID 1184 wrote to memory of 3720	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	JuVPqok.exe
PID 1184 wrote to memory of 2544	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	TWOnIax.exe
PID 1184 wrote to memory of 2544	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	TWOnIax.exe
PID 1184 wrote to memory of 3272	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	dCELPmv.exe
PID 1184 wrote to memory of 3272	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	dCELPmv.exe
PID 1184 wrote to memory of 4188	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	dgnHcVT.exe
PID 1184 wrote to memory of 4188	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	dgnHcVT.exe
PID 1184 wrote to memory of 5028	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	kqaEJdQ.exe
PID 1184 wrote to memory of 5028	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	kqaEJdQ.exe
PID 1184 wrote to memory of 2460	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	tQKNwsu.exe
PID 1184 wrote to memory of 2460	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	tQKNwsu.exe
PID 1184 wrote to memory of 4964	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	dZLYnAx.exe
PID 1184 wrote to memory of 4964	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	dZLYnAx.exe
PID 1184 wrote to memory of 5016	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	eGDcwjk.exe
PID 1184 wrote to memory of 5016	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	eGDcwjk.exe
PID 1184 wrote to memory of 3332	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	Xzwaeau.exe
PID 1184 wrote to memory of 3332	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	Xzwaeau.exe
PID 1184 wrote to memory of 2488	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	lGgdkuf.exe
PID 1184 wrote to memory of 2488	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	lGgdkuf.exe
PID 1184 wrote to memory of 4680	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	qzjyNVg.exe
PID 1184 wrote to memory of 4680	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	qzjyNVg.exe
PID 1184 wrote to memory of 3024	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	XobNuhn.exe
PID 1184 wrote to memory of 3024	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	XobNuhn.exe
PID 1184 wrote to memory of 1080	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	xEfKvXA.exe
PID 1184 wrote to memory of 1080	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	xEfKvXA.exe
PID 1184 wrote to memory of 1788	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	oFhjavd.exe
PID 1184 wrote to memory of 1788	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	oFhjavd.exe
PID 1184 wrote to memory of 2992	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	WzeEzuC.exe
PID 1184 wrote to memory of 2992	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	WzeEzuC.exe
PID 1184 wrote to memory of 4580	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	CvMrvvH.exe
PID 1184 wrote to memory of 4580	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	CvMrvvH.exe
PID 1184 wrote to memory of 4796	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	OpKnxUl.exe
PID 1184 wrote to memory of 4796	1184	1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe	OpKnxUl.exe

C:\Users\Admin\AppData\Local\Temp\1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1381d1d395192342276ab33575f81e80_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1184

C:\Windows\System\ykQcsPi.exe
C:\Windows\System\ykQcsPi.exe
2⤵
- Executes dropped EXE
PID:1744

C:\Windows\System\cUsJieK.exe
C:\Windows\System\cUsJieK.exe
2⤵
- Executes dropped EXE
PID:4596

C:\Windows\System\gQYzAht.exe
C:\Windows\System\gQYzAht.exe
2⤵
- Executes dropped EXE
PID:3572

C:\Windows\System\aMAZsRo.exe
C:\Windows\System\aMAZsRo.exe
2⤵
- Executes dropped EXE
PID:3468

C:\Windows\System\HihCtlT.exe
C:\Windows\System\HihCtlT.exe
2⤵
- Executes dropped EXE
PID:4008

C:\Windows\System\ZIcGIri.exe
C:\Windows\System\ZIcGIri.exe
2⤵
- Executes dropped EXE
PID:4116

C:\Windows\System\QkxWraG.exe
C:\Windows\System\QkxWraG.exe
2⤵
- Executes dropped EXE
PID:2452

C:\Windows\System\aVnmcNg.exe
C:\Windows\System\aVnmcNg.exe
2⤵
- Executes dropped EXE
PID:4792

C:\Windows\System\dUfBkzh.exe
C:\Windows\System\dUfBkzh.exe
2⤵
- Executes dropped EXE
PID:1044

C:\Windows\System\NFgjByT.exe
C:\Windows\System\NFgjByT.exe
2⤵
- Executes dropped EXE
PID:2096

C:\Windows\System\JWkBkOB.exe
C:\Windows\System\JWkBkOB.exe
2⤵
- Executes dropped EXE
PID:628

C:\Windows\System\lNbAoGQ.exe
C:\Windows\System\lNbAoGQ.exe
2⤵
- Executes dropped EXE
PID:1800

C:\Windows\System\ZUuWEbj.exe
C:\Windows\System\ZUuWEbj.exe
2⤵
- Executes dropped EXE
PID:2744

C:\Windows\System\DpuLPFZ.exe
C:\Windows\System\DpuLPFZ.exe
2⤵
- Executes dropped EXE
PID:3060

C:\Windows\System\AvccROY.exe
C:\Windows\System\AvccROY.exe
2⤵
- Executes dropped EXE
PID:1960

C:\Windows\System\JuVPqok.exe
C:\Windows\System\JuVPqok.exe
2⤵
- Executes dropped EXE
PID:3720

C:\Windows\System\TWOnIax.exe
C:\Windows\System\TWOnIax.exe
2⤵
- Executes dropped EXE
PID:2544

C:\Windows\System\dCELPmv.exe
C:\Windows\System\dCELPmv.exe
2⤵
- Executes dropped EXE
PID:3272

C:\Windows\System\dgnHcVT.exe
C:\Windows\System\dgnHcVT.exe
2⤵
- Executes dropped EXE
PID:4188

C:\Windows\System\kqaEJdQ.exe
C:\Windows\System\kqaEJdQ.exe
2⤵
- Executes dropped EXE
PID:5028

C:\Windows\System\tQKNwsu.exe
C:\Windows\System\tQKNwsu.exe
2⤵
- Executes dropped EXE
PID:2460

C:\Windows\System\dZLYnAx.exe
C:\Windows\System\dZLYnAx.exe
2⤵
- Executes dropped EXE
PID:4964

C:\Windows\System\eGDcwjk.exe
C:\Windows\System\eGDcwjk.exe
2⤵
- Executes dropped EXE
PID:5016

C:\Windows\System\Xzwaeau.exe
C:\Windows\System\Xzwaeau.exe
2⤵
- Executes dropped EXE
PID:3332

C:\Windows\System\lGgdkuf.exe
C:\Windows\System\lGgdkuf.exe
2⤵
- Executes dropped EXE
PID:2488

C:\Windows\System\qzjyNVg.exe
C:\Windows\System\qzjyNVg.exe
2⤵
- Executes dropped EXE
PID:4680

C:\Windows\System\XobNuhn.exe
C:\Windows\System\XobNuhn.exe
2⤵
- Executes dropped EXE
PID:3024

C:\Windows\System\xEfKvXA.exe
C:\Windows\System\xEfKvXA.exe
2⤵
- Executes dropped EXE
PID:1080

C:\Windows\System\oFhjavd.exe
C:\Windows\System\oFhjavd.exe
2⤵
- Executes dropped EXE
PID:1788

C:\Windows\System\WzeEzuC.exe
C:\Windows\System\WzeEzuC.exe
2⤵
- Executes dropped EXE
PID:2992

C:\Windows\System\CvMrvvH.exe
C:\Windows\System\CvMrvvH.exe
2⤵
- Executes dropped EXE
PID:4580

C:\Windows\System\OpKnxUl.exe
C:\Windows\System\OpKnxUl.exe
2⤵
- Executes dropped EXE
PID:4796

C:\Windows\System\yJgWkeG.exe
C:\Windows\System\yJgWkeG.exe
2⤵
- Executes dropped EXE
PID:664

C:\Windows\System\GyWJAwu.exe
C:\Windows\System\GyWJAwu.exe
2⤵
- Executes dropped EXE
PID:3472

C:\Windows\System\gRxjviC.exe
C:\Windows\System\gRxjviC.exe
2⤵
- Executes dropped EXE
PID:2348

C:\Windows\System\QOxrNRn.exe
C:\Windows\System\QOxrNRn.exe
2⤵
- Executes dropped EXE
PID:4196

C:\Windows\System\EDwdEGp.exe
C:\Windows\System\EDwdEGp.exe
2⤵
- Executes dropped EXE
PID:4092

C:\Windows\System\BHvlwRK.exe
C:\Windows\System\BHvlwRK.exe
2⤵
- Executes dropped EXE
PID:2352

C:\Windows\System\OFqhYll.exe
C:\Windows\System\OFqhYll.exe
2⤵
- Executes dropped EXE
PID:2492

C:\Windows\System\ZdsihkQ.exe
C:\Windows\System\ZdsihkQ.exe
2⤵
- Executes dropped EXE
PID:216

C:\Windows\System\yYduobk.exe
C:\Windows\System\yYduobk.exe
2⤵
- Executes dropped EXE
PID:1904

C:\Windows\System\KzlIcIR.exe
C:\Windows\System\KzlIcIR.exe
2⤵
- Executes dropped EXE
PID:3344

C:\Windows\System\uKrGhVi.exe
C:\Windows\System\uKrGhVi.exe
2⤵
- Executes dropped EXE
PID:3760

C:\Windows\System\JMpofQB.exe
C:\Windows\System\JMpofQB.exe
2⤵
- Executes dropped EXE
PID:1252

C:\Windows\System\xUNugOD.exe
C:\Windows\System\xUNugOD.exe
2⤵
- Executes dropped EXE
PID:2560

C:\Windows\System\vJCOuKC.exe
C:\Windows\System\vJCOuKC.exe
2⤵
- Executes dropped EXE
PID:4772

C:\Windows\System\dGtYIXg.exe
C:\Windows\System\dGtYIXg.exe
2⤵
- Executes dropped EXE
PID:3476

C:\Windows\System\NlMUuiw.exe
C:\Windows\System\NlMUuiw.exe
2⤵
- Executes dropped EXE
PID:4372

C:\Windows\System\dUonMyF.exe
C:\Windows\System\dUonMyF.exe
2⤵
- Executes dropped EXE
PID:4356

C:\Windows\System\bceGIvw.exe
C:\Windows\System\bceGIvw.exe
2⤵
- Executes dropped EXE
PID:3268

C:\Windows\System\OzYLfpq.exe
C:\Windows\System\OzYLfpq.exe
2⤵
- Executes dropped EXE
PID:836

C:\Windows\System\gTiSYmT.exe
C:\Windows\System\gTiSYmT.exe
2⤵
- Executes dropped EXE
PID:1568

C:\Windows\System\FGExCpv.exe
C:\Windows\System\FGExCpv.exe
2⤵
- Executes dropped EXE
PID:4636

C:\Windows\System\RKYeDLE.exe
C:\Windows\System\RKYeDLE.exe
2⤵
- Executes dropped EXE
PID:2832

C:\Windows\System\iPDtlln.exe
C:\Windows\System\iPDtlln.exe
2⤵
- Executes dropped EXE
PID:3124

C:\Windows\System\NQcpBsS.exe
C:\Windows\System\NQcpBsS.exe
2⤵
- Executes dropped EXE
PID:3648

C:\Windows\System\hVqtqeg.exe
C:\Windows\System\hVqtqeg.exe
2⤵
- Executes dropped EXE
PID:2996

C:\Windows\System\CaOGimN.exe
C:\Windows\System\CaOGimN.exe
2⤵
- Executes dropped EXE
PID:4568

C:\Windows\System\WsnNJer.exe
C:\Windows\System\WsnNJer.exe
2⤵
- Executes dropped EXE
PID:3224

C:\Windows\System\kSBdIda.exe
C:\Windows\System\kSBdIda.exe
2⤵
- Executes dropped EXE
PID:916

C:\Windows\System\IBzGxFW.exe
C:\Windows\System\IBzGxFW.exe
2⤵
- Executes dropped EXE
PID:1192

C:\Windows\System\TnYhzlo.exe
C:\Windows\System\TnYhzlo.exe
2⤵
- Executes dropped EXE
PID:3340

C:\Windows\System\EfKmuFC.exe
C:\Windows\System\EfKmuFC.exe
2⤵
- Executes dropped EXE
PID:3152

C:\Windows\System\eeUAsRB.exe
C:\Windows\System\eeUAsRB.exe
2⤵
- Executes dropped EXE
PID:2968

C:\Windows\System\mLwyRvG.exe
C:\Windows\System\mLwyRvG.exe
2⤵
PID:3788

C:\Windows\System\RNMYltd.exe
C:\Windows\System\RNMYltd.exe
2⤵
PID:4812

C:\Windows\System\tgupJZW.exe
C:\Windows\System\tgupJZW.exe
2⤵
PID:1688

C:\Windows\System\FYHDkqS.exe
C:\Windows\System\FYHDkqS.exe
2⤵
PID:1952

C:\Windows\System\glJBCZv.exe
C:\Windows\System\glJBCZv.exe
2⤵
PID:3680

C:\Windows\System\rbvHtRB.exe
C:\Windows\System\rbvHtRB.exe
2⤵
PID:4384

C:\Windows\System\KHbGcdH.exe
C:\Windows\System\KHbGcdH.exe
2⤵
PID:5108

C:\Windows\System\elCPqgr.exe
C:\Windows\System\elCPqgr.exe
2⤵
PID:1512

C:\Windows\System\GOkhhBL.exe
C:\Windows\System\GOkhhBL.exe
2⤵
PID:2480

C:\Windows\System\NQmVflZ.exe
C:\Windows\System\NQmVflZ.exe
2⤵
PID:4292

C:\Windows\System\ySDooMk.exe
C:\Windows\System\ySDooMk.exe
2⤵
PID:4616

C:\Windows\System\VzzWhiH.exe
C:\Windows\System\VzzWhiH.exe
2⤵
PID:3764

C:\Windows\System\xmTBLQV.exe
C:\Windows\System\xmTBLQV.exe
2⤵
PID:5144

C:\Windows\System\iXkJPlc.exe
C:\Windows\System\iXkJPlc.exe
2⤵
PID:5172

C:\Windows\System\XflEpkF.exe
C:\Windows\System\XflEpkF.exe
2⤵
PID:5204

C:\Windows\System\fojiRXv.exe
C:\Windows\System\fojiRXv.exe
2⤵
PID:5228

C:\Windows\System\KiEAzdC.exe
C:\Windows\System\KiEAzdC.exe
2⤵
PID:5256

C:\Windows\System\fSByKEZ.exe
C:\Windows\System\fSByKEZ.exe
2⤵
PID:5284

C:\Windows\System\iNmsXKR.exe
C:\Windows\System\iNmsXKR.exe
2⤵
PID:5308

C:\Windows\System\dvRMhSz.exe
C:\Windows\System\dvRMhSz.exe
2⤵
PID:5340

C:\Windows\System\PwWcIqM.exe
C:\Windows\System\PwWcIqM.exe
2⤵
PID:5364

C:\Windows\System\OSfAytA.exe
C:\Windows\System\OSfAytA.exe
2⤵
PID:5392

C:\Windows\System\RDcwcFb.exe
C:\Windows\System\RDcwcFb.exe
2⤵
PID:5420

C:\Windows\System\RWTfcEo.exe
C:\Windows\System\RWTfcEo.exe
2⤵
PID:5452

C:\Windows\System\XXUlILL.exe
C:\Windows\System\XXUlILL.exe
2⤵
PID:5480

C:\Windows\System\OdDYRkC.exe
C:\Windows\System\OdDYRkC.exe
2⤵
PID:5508

C:\Windows\System\PTbtcHC.exe
C:\Windows\System\PTbtcHC.exe
2⤵
PID:5532

C:\Windows\System\NhhEOjQ.exe
C:\Windows\System\NhhEOjQ.exe
2⤵
PID:5560

C:\Windows\System\zJWGtjy.exe
C:\Windows\System\zJWGtjy.exe
2⤵
PID:5592

C:\Windows\System\FsvHaCf.exe
C:\Windows\System\FsvHaCf.exe
2⤵
PID:5620

C:\Windows\System\XlqjtRY.exe
C:\Windows\System\XlqjtRY.exe
2⤵
PID:5648

C:\Windows\System\OYIAEkm.exe
C:\Windows\System\OYIAEkm.exe
2⤵
PID:5672

C:\Windows\System\HaJkHmx.exe
C:\Windows\System\HaJkHmx.exe
2⤵
PID:5700

C:\Windows\System\QadmlzB.exe
C:\Windows\System\QadmlzB.exe
2⤵
PID:5732

C:\Windows\System\jcxfOiS.exe
C:\Windows\System\jcxfOiS.exe
2⤵
PID:5760

C:\Windows\System\kUOKrFL.exe
C:\Windows\System\kUOKrFL.exe
2⤵
PID:5784

C:\Windows\System\xLFUNVK.exe
C:\Windows\System\xLFUNVK.exe
2⤵
PID:5816

C:\Windows\System\gMjjbLf.exe
C:\Windows\System\gMjjbLf.exe
2⤵
PID:5844

C:\Windows\System\QkkERhP.exe
C:\Windows\System\QkkERhP.exe
2⤵
PID:5872

C:\Windows\System\rtBMxwq.exe
C:\Windows\System\rtBMxwq.exe
2⤵
PID:5900

C:\Windows\System\qLNgVuO.exe
C:\Windows\System\qLNgVuO.exe
2⤵
PID:5928

C:\Windows\System\rroqLeg.exe
C:\Windows\System\rroqLeg.exe
2⤵
PID:5956

C:\Windows\System\CyxcKZb.exe
C:\Windows\System\CyxcKZb.exe
2⤵
PID:5980

C:\Windows\System\fqAifxo.exe
C:\Windows\System\fqAifxo.exe
2⤵
PID:6008

C:\Windows\System\vlVLWTg.exe
C:\Windows\System\vlVLWTg.exe
2⤵
PID:6040

C:\Windows\System\sfjjiPm.exe
C:\Windows\System\sfjjiPm.exe
2⤵
PID:6064

C:\Windows\System\ksHJKdD.exe
C:\Windows\System\ksHJKdD.exe
2⤵
PID:6092

C:\Windows\System\zgrnqXQ.exe
C:\Windows\System\zgrnqXQ.exe
2⤵
PID:6120

C:\Windows\System\EkbhcMY.exe
C:\Windows\System\EkbhcMY.exe
2⤵
PID:5084

C:\Windows\System\uLBfJVp.exe
C:\Windows\System\uLBfJVp.exe
2⤵
PID:4876

C:\Windows\System\InVldfj.exe
C:\Windows\System\InVldfj.exe
2⤵
PID:2856

C:\Windows\System\NBmONiV.exe
C:\Windows\System\NBmONiV.exe
2⤵
PID:4968

C:\Windows\System\PcQvbeq.exe
C:\Windows\System\PcQvbeq.exe
2⤵
PID:4592

C:\Windows\System\fdNDjUK.exe
C:\Windows\System\fdNDjUK.exe
2⤵
PID:5132

C:\Windows\System\oBDXxsq.exe
C:\Windows\System\oBDXxsq.exe
2⤵
PID:5332

C:\Windows\System\ROBDvaC.exe
C:\Windows\System\ROBDvaC.exe
2⤵
PID:3244

C:\Windows\System\RXZAiBH.exe
C:\Windows\System\RXZAiBH.exe
2⤵
PID:5416

C:\Windows\System\lxyseAo.exe
C:\Windows\System\lxyseAo.exe
2⤵
PID:5496

C:\Windows\System\lAeIfjb.exe
C:\Windows\System\lAeIfjb.exe
2⤵
PID:5556

C:\Windows\System\fqDfuPe.exe
C:\Windows\System\fqDfuPe.exe
2⤵
PID:5612

C:\Windows\System\UsejHNh.exe
C:\Windows\System\UsejHNh.exe
2⤵
PID:5664

C:\Windows\System\xQwuNeJ.exe
C:\Windows\System\xQwuNeJ.exe
2⤵
PID:5724

C:\Windows\System\KYyiduq.exe
C:\Windows\System\KYyiduq.exe
2⤵
PID:5800

C:\Windows\System\VbKOnFj.exe
C:\Windows\System\VbKOnFj.exe
2⤵
PID:5860

C:\Windows\System\zSXEdGL.exe
C:\Windows\System\zSXEdGL.exe
2⤵
PID:5920

C:\Windows\System\sFVncYG.exe
C:\Windows\System\sFVncYG.exe
2⤵
PID:5996

C:\Windows\System\BCvcfFp.exe
C:\Windows\System\BCvcfFp.exe
2⤵
PID:6052

C:\Windows\System\xRVfXFg.exe
C:\Windows\System\xRVfXFg.exe
2⤵
PID:6108

C:\Windows\System\BWGxHGm.exe
C:\Windows\System\BWGxHGm.exe
2⤵
PID:772

C:\Windows\System\jCsSlLU.exe
C:\Windows\System\jCsSlLU.exe
2⤵
PID:1900

C:\Windows\System\qFwLtuN.exe
C:\Windows\System\qFwLtuN.exe
2⤵
PID:4540

C:\Windows\System\OgNjWwE.exe
C:\Windows\System\OgNjWwE.exe
2⤵
PID:1436

C:\Windows\System\dRzuSCa.exe
C:\Windows\System\dRzuSCa.exe
2⤵
PID:5268

C:\Windows\System\tqNmnBK.exe
C:\Windows\System\tqNmnBK.exe
2⤵
PID:5388

C:\Windows\System\OjiHWmq.exe
C:\Windows\System\OjiHWmq.exe
2⤵
PID:5492

C:\Windows\System\XRZmcFL.exe
C:\Windows\System\XRZmcFL.exe
2⤵
PID:5608

C:\Windows\System\lFhcURZ.exe
C:\Windows\System\lFhcURZ.exe
2⤵
PID:5716

C:\Windows\System\uFAtrAE.exe
C:\Windows\System\uFAtrAE.exe
2⤵
PID:3616

C:\Windows\System\GIwWQlu.exe
C:\Windows\System\GIwWQlu.exe
2⤵
PID:6024

C:\Windows\System\RMmoGSM.exe
C:\Windows\System\RMmoGSM.exe
2⤵
PID:3304

C:\Windows\System\fkAORyG.exe
C:\Windows\System\fkAORyG.exe
2⤵
PID:4380

C:\Windows\System\AIqoCLV.exe
C:\Windows\System\AIqoCLV.exe
2⤵
PID:1736

C:\Windows\System\uIpkYAU.exe
C:\Windows\System\uIpkYAU.exe
2⤵
PID:2556

C:\Windows\System\urmVkav.exe
C:\Windows\System\urmVkav.exe
2⤵
PID:4972

C:\Windows\System\NTqqypo.exe
C:\Windows\System\NTqqypo.exe
2⤵
PID:5528

C:\Windows\System\RgKWfOQ.exe
C:\Windows\System\RgKWfOQ.exe
2⤵
PID:5776

C:\Windows\System\pRHOvSd.exe
C:\Windows\System\pRHOvSd.exe
2⤵
PID:6080

C:\Windows\System\GrvvYrX.exe
C:\Windows\System\GrvvYrX.exe
2⤵
PID:1680

C:\Windows\System\BWNHEsG.exe
C:\Windows\System\BWNHEsG.exe
2⤵
PID:3792

C:\Windows\System\YSjXZsa.exe
C:\Windows\System\YSjXZsa.exe
2⤵
PID:3056

C:\Windows\System\dhKMuZL.exe
C:\Windows\System\dhKMuZL.exe
2⤵
PID:5692

C:\Windows\System\juGRopo.exe
C:\Windows\System\juGRopo.exe
2⤵
PID:3996

C:\Windows\System\kcrhSrw.exe
C:\Windows\System\kcrhSrw.exe
2⤵
PID:3128

C:\Windows\System\pVarlgI.exe
C:\Windows\System\pVarlgI.exe
2⤵
PID:2600

C:\Windows\System\KouAOwG.exe
C:\Windows\System\KouAOwG.exe
2⤵
PID:6172

C:\Windows\System\EOdtkux.exe
C:\Windows\System\EOdtkux.exe
2⤵
PID:6228

C:\Windows\System\VbdvkYv.exe
C:\Windows\System\VbdvkYv.exe
2⤵
PID:6244

C:\Windows\System\ldEizPN.exe
C:\Windows\System\ldEizPN.exe
2⤵
PID:6264

C:\Windows\System\RuwTrPc.exe
C:\Windows\System\RuwTrPc.exe
2⤵
PID:6284

C:\Windows\System\djNnArr.exe
C:\Windows\System\djNnArr.exe
2⤵
PID:6304

C:\Windows\System\pmuMgAy.exe
C:\Windows\System\pmuMgAy.exe
2⤵
PID:6336

C:\Windows\System\keVmsgs.exe
C:\Windows\System\keVmsgs.exe
2⤵
PID:6360

C:\Windows\System\inHAFXh.exe
C:\Windows\System\inHAFXh.exe
2⤵
PID:6392

C:\Windows\System\cXaOPUt.exe
C:\Windows\System\cXaOPUt.exe
2⤵
PID:6424

C:\Windows\System\zyzsRpN.exe
C:\Windows\System\zyzsRpN.exe
2⤵
PID:6448

C:\Windows\System\SmSTfsm.exe
C:\Windows\System\SmSTfsm.exe
2⤵
PID:6468

C:\Windows\System\mhcfcRJ.exe
C:\Windows\System\mhcfcRJ.exe
2⤵
PID:6496

C:\Windows\System\HIVAaJD.exe
C:\Windows\System\HIVAaJD.exe
2⤵
PID:6516

C:\Windows\System\UswjZNH.exe
C:\Windows\System\UswjZNH.exe
2⤵
PID:6536

C:\Windows\System\qVLWBDm.exe
C:\Windows\System\qVLWBDm.exe
2⤵
PID:6572

C:\Windows\System\UfTsmii.exe
C:\Windows\System\UfTsmii.exe
2⤵
PID:6604

C:\Windows\System\FixNLgn.exe
C:\Windows\System\FixNLgn.exe
2⤵
PID:6636

C:\Windows\System\pnkkcRi.exe
C:\Windows\System\pnkkcRi.exe
2⤵
PID:6736

C:\Windows\System\xBAPPQM.exe
C:\Windows\System\xBAPPQM.exe
2⤵
PID:6760

C:\Windows\System\KtTLMlF.exe
C:\Windows\System\KtTLMlF.exe
2⤵
PID:6800

C:\Windows\System\kUBxCFH.exe
C:\Windows\System\kUBxCFH.exe
2⤵
PID:6824

C:\Windows\System\AUEpZPg.exe
C:\Windows\System\AUEpZPg.exe
2⤵
PID:6844

C:\Windows\System\ftZGmzn.exe
C:\Windows\System\ftZGmzn.exe
2⤵
PID:6864

C:\Windows\System\qPtIwSs.exe
C:\Windows\System\qPtIwSs.exe
2⤵
PID:6896

C:\Windows\System\wandlpp.exe
C:\Windows\System\wandlpp.exe
2⤵
PID:6936

C:\Windows\System\jVNIJnL.exe
C:\Windows\System\jVNIJnL.exe
2⤵
PID:6964

C:\Windows\System\DwZXbWd.exe
C:\Windows\System\DwZXbWd.exe
2⤵
PID:6992

C:\Windows\System\crKwmjR.exe
C:\Windows\System\crKwmjR.exe
2⤵
PID:7016

C:\Windows\System\HgySsmb.exe
C:\Windows\System\HgySsmb.exe
2⤵
PID:7036

C:\Windows\System\bSJcWKn.exe
C:\Windows\System\bSJcWKn.exe
2⤵
PID:7064

C:\Windows\System\bGHhvqB.exe
C:\Windows\System\bGHhvqB.exe
2⤵
PID:7088

C:\Windows\System\ZtjQTtN.exe
C:\Windows\System\ZtjQTtN.exe
2⤵
PID:7112

C:\Windows\System\buDjEAT.exe
C:\Windows\System\buDjEAT.exe
2⤵
PID:6164

C:\Windows\System\RCzFETH.exe
C:\Windows\System\RCzFETH.exe
2⤵
PID:804

C:\Windows\System\CPKppwe.exe
C:\Windows\System\CPKppwe.exe
2⤵
PID:3508

C:\Windows\System\JnxBabG.exe
C:\Windows\System\JnxBabG.exe
2⤵
PID:6372

C:\Windows\System\PyFNqry.exe
C:\Windows\System\PyFNqry.exe
2⤵
PID:6324

C:\Windows\System\QOQoTzv.exe
C:\Windows\System\QOQoTzv.exe
2⤵
PID:6292

C:\Windows\System\Daresbj.exe
C:\Windows\System\Daresbj.exe
2⤵
PID:6464

C:\Windows\System\HhuedNe.exe
C:\Windows\System\HhuedNe.exe
2⤵
PID:6600

C:\Windows\System\lJBrGkH.exe
C:\Windows\System\lJBrGkH.exe
2⤵
PID:6672

C:\Windows\System\MtRdSes.exe
C:\Windows\System\MtRdSes.exe
2⤵
PID:6748

C:\Windows\System\kCcwXVU.exe
C:\Windows\System\kCcwXVU.exe
2⤵
PID:6888

C:\Windows\System\qUwhIxh.exe
C:\Windows\System\qUwhIxh.exe
2⤵
PID:6956

C:\Windows\System\dPlQXue.exe
C:\Windows\System\dPlQXue.exe
2⤵
PID:7004

C:\Windows\System\XUqqZTD.exe
C:\Windows\System\XUqqZTD.exe
2⤵
PID:7056

C:\Windows\System\CgLWyNQ.exe
C:\Windows\System\CgLWyNQ.exe
2⤵
PID:4536

C:\Windows\System\yVNOzlz.exe
C:\Windows\System\yVNOzlz.exe
2⤵
PID:6188

C:\Windows\System\ODMKQuk.exe
C:\Windows\System\ODMKQuk.exe
2⤵
PID:6352

C:\Windows\System\gKDqCSz.exe
C:\Windows\System\gKDqCSz.exe
2⤵
PID:6644

C:\Windows\System\JxDLeGT.exe
C:\Windows\System\JxDLeGT.exe
2⤵
PID:6660

C:\Windows\System\BJZfVaG.exe
C:\Windows\System\BJZfVaG.exe
2⤵
PID:6884

C:\Windows\System\JhOwztL.exe
C:\Windows\System\JhOwztL.exe
2⤵
PID:7052

C:\Windows\System\hcWsoIC.exe
C:\Windows\System\hcWsoIC.exe
2⤵
PID:6280

C:\Windows\System\hCnqUcf.exe
C:\Windows\System\hCnqUcf.exe
2⤵
PID:6632

C:\Windows\System\zPUxeFo.exe
C:\Windows\System\zPUxeFo.exe
2⤵
PID:6436

C:\Windows\System\vzCyxqk.exe
C:\Windows\System\vzCyxqk.exe
2⤵
PID:6840

C:\Windows\System\dtpSajV.exe
C:\Windows\System\dtpSajV.exe
2⤵
PID:6528

C:\Windows\System\qieQTZI.exe
C:\Windows\System\qieQTZI.exe
2⤵
PID:7196

C:\Windows\System\wRyHqRa.exe
C:\Windows\System\wRyHqRa.exe
2⤵
PID:7236

C:\Windows\System\esEDWSJ.exe
C:\Windows\System\esEDWSJ.exe
2⤵
PID:7268

C:\Windows\System\sthbQVh.exe
C:\Windows\System\sthbQVh.exe
2⤵
PID:7296

C:\Windows\System\iDjBitV.exe
C:\Windows\System\iDjBitV.exe
2⤵
PID:7328

C:\Windows\System\ePVXyLT.exe
C:\Windows\System\ePVXyLT.exe
2⤵
PID:7368

C:\Windows\System\Cfvqtsy.exe
C:\Windows\System\Cfvqtsy.exe
2⤵
PID:7396

C:\Windows\System\buqhZIe.exe
C:\Windows\System\buqhZIe.exe
2⤵
PID:7432

C:\Windows\System\xevKCDA.exe
C:\Windows\System\xevKCDA.exe
2⤵
PID:7460

C:\Windows\System\ROcrVkh.exe
C:\Windows\System\ROcrVkh.exe
2⤵
PID:7504

C:\Windows\System\zmSJEMf.exe
C:\Windows\System\zmSJEMf.exe
2⤵
PID:7548

C:\Windows\System\sLLPDTA.exe
C:\Windows\System\sLLPDTA.exe
2⤵
PID:7580

C:\Windows\System\RgejhUR.exe
C:\Windows\System\RgejhUR.exe
2⤵
PID:7604

C:\Windows\System\uWVGcAm.exe
C:\Windows\System\uWVGcAm.exe
2⤵
PID:7640

C:\Windows\System\kAEsagL.exe
C:\Windows\System\kAEsagL.exe
2⤵
PID:7672

C:\Windows\System\xGvqMJr.exe
C:\Windows\System\xGvqMJr.exe
2⤵
PID:7700

C:\Windows\System\dYBQUup.exe
C:\Windows\System\dYBQUup.exe
2⤵
PID:7736

C:\Windows\System\VXnAvvC.exe
C:\Windows\System\VXnAvvC.exe
2⤵
PID:7764

C:\Windows\System\ojIVEQT.exe
C:\Windows\System\ojIVEQT.exe
2⤵
PID:7796

C:\Windows\System\ANzXFDk.exe
C:\Windows\System\ANzXFDk.exe
2⤵
PID:7824

C:\Windows\System\CZpqMti.exe
C:\Windows\System\CZpqMti.exe
2⤵
PID:7852

C:\Windows\System\tOREOxC.exe
C:\Windows\System\tOREOxC.exe
2⤵
PID:7872

C:\Windows\System\BOwbVvT.exe
C:\Windows\System\BOwbVvT.exe
2⤵
PID:7908

C:\Windows\System\fkrIGoF.exe
C:\Windows\System\fkrIGoF.exe
2⤵
PID:7936

C:\Windows\System\XJDTvgl.exe
C:\Windows\System\XJDTvgl.exe
2⤵
PID:7964

C:\Windows\System\iewVcrS.exe
C:\Windows\System\iewVcrS.exe
2⤵
PID:7992

C:\Windows\System\TwRYiPB.exe
C:\Windows\System\TwRYiPB.exe
2⤵
PID:8020

C:\Windows\System\kPwLYFz.exe
C:\Windows\System\kPwLYFz.exe
2⤵
PID:8048

C:\Windows\System\DqXelZA.exe
C:\Windows\System\DqXelZA.exe
2⤵
PID:8076

C:\Windows\System\KyhSOGv.exe
C:\Windows\System\KyhSOGv.exe
2⤵
PID:8104

C:\Windows\System\uWMfgpp.exe
C:\Windows\System\uWMfgpp.exe
2⤵
PID:8132

C:\Windows\System\xUYazry.exe
C:\Windows\System\xUYazry.exe
2⤵
PID:8160

C:\Windows\System\NdxkhBk.exe
C:\Windows\System\NdxkhBk.exe
2⤵
PID:8188

C:\Windows\System\xpeayRl.exe
C:\Windows\System\xpeayRl.exe
2⤵
PID:7188

C:\Windows\System\YOYnBxr.exe
C:\Windows\System\YOYnBxr.exe
2⤵
PID:7220

C:\Windows\System\hjVAXwb.exe
C:\Windows\System\hjVAXwb.exe
2⤵
PID:7248

C:\Windows\System\LArudIX.exe
C:\Windows\System\LArudIX.exe
2⤵
PID:7320

C:\Windows\System\FGXENiR.exe
C:\Windows\System\FGXENiR.exe
2⤵
PID:7392

C:\Windows\System\QYNXRxd.exe
C:\Windows\System\QYNXRxd.exe
2⤵
PID:7452

C:\Windows\System\wTSLCPw.exe
C:\Windows\System\wTSLCPw.exe
2⤵
PID:7536

C:\Windows\System\ELgnmhQ.exe
C:\Windows\System\ELgnmhQ.exe
2⤵
PID:7632

C:\Windows\System\vniXasN.exe
C:\Windows\System\vniXasN.exe
2⤵
PID:6208

C:\Windows\System\RYvcQbk.exe
C:\Windows\System\RYvcQbk.exe
2⤵
PID:7788

C:\Windows\System\zcljfRS.exe
C:\Windows\System\zcljfRS.exe
2⤵
PID:7844

C:\Windows\System\NDIzDyu.exe
C:\Windows\System\NDIzDyu.exe
2⤵
PID:7900

C:\Windows\System\qBXvTvA.exe
C:\Windows\System\qBXvTvA.exe
2⤵
PID:7256

C:\Windows\System\GVUWYZQ.exe
C:\Windows\System\GVUWYZQ.exe
2⤵
PID:7960

C:\Windows\System\dSQysYu.exe
C:\Windows\System\dSQysYu.exe
2⤵
PID:6368

C:\Windows\System\PxfwVOh.exe
C:\Windows\System\PxfwVOh.exe
2⤵
PID:8040

C:\Windows\System\IjLuYVj.exe
C:\Windows\System\IjLuYVj.exe
2⤵
PID:8096

C:\Windows\System\YazPZaV.exe
C:\Windows\System\YazPZaV.exe
2⤵
PID:8152

C:\Windows\System\NxwssWj.exe
C:\Windows\System\NxwssWj.exe
2⤵
PID:6912

C:\Windows\System\YPoKbds.exe
C:\Windows\System\YPoKbds.exe
2⤵
PID:544

C:\Windows\System\EzcHkAF.exe
C:\Windows\System\EzcHkAF.exe
2⤵
PID:7476

C:\Windows\System\OdXPHjF.exe
C:\Windows\System\OdXPHjF.exe
2⤵
PID:6252

C:\Windows\System\DVfTqJg.exe
C:\Windows\System\DVfTqJg.exe
2⤵
PID:7808

C:\Windows\System\UssAkpz.exe
C:\Windows\System\UssAkpz.exe
2⤵
PID:7956

C:\Windows\System\DSpDsNJ.exe
C:\Windows\System\DSpDsNJ.exe
2⤵
PID:7356

C:\Windows\System\JnrhEuz.exe
C:\Windows\System\JnrhEuz.exe
2⤵
PID:7024

C:\Windows\System\QoDSfke.exe
C:\Windows\System\QoDSfke.exe
2⤵
PID:8184

C:\Windows\System\pVBnkqC.exe
C:\Windows\System\pVBnkqC.exe
2⤵
PID:6560

C:\Windows\System\heTKXrH.exe
C:\Windows\System\heTKXrH.exe
2⤵
PID:7952

C:\Windows\System\SCBGzik.exe
C:\Windows\System\SCBGzik.exe
2⤵
PID:8172

C:\Windows\System\GkXXMMp.exe
C:\Windows\System\GkXXMMp.exe
2⤵
PID:6852

C:\Windows\System\npKaquJ.exe
C:\Windows\System\npKaquJ.exe
2⤵
PID:8212

C:\Windows\System\tEOFTcf.exe
C:\Windows\System\tEOFTcf.exe
2⤵
PID:8240

C:\Windows\System\BWBiLqV.exe
C:\Windows\System\BWBiLqV.exe
2⤵
PID:8268

C:\Windows\System\kUydvnY.exe
C:\Windows\System\kUydvnY.exe
2⤵
PID:8304

C:\Windows\System\ZyqNPUq.exe
C:\Windows\System\ZyqNPUq.exe
2⤵
PID:8336

C:\Windows\System\jrynNgZ.exe
C:\Windows\System\jrynNgZ.exe
2⤵
PID:8364

C:\Windows\System\LmZXQTx.exe
C:\Windows\System\LmZXQTx.exe
2⤵
PID:8392

C:\Windows\System\bFWMNkd.exe
C:\Windows\System\bFWMNkd.exe
2⤵
PID:8424

C:\Windows\System\AeHyykN.exe
C:\Windows\System\AeHyykN.exe
2⤵
PID:8452

C:\Windows\System\JhAmjun.exe
C:\Windows\System\JhAmjun.exe
2⤵
PID:8480

C:\Windows\System\CiJlIMH.exe
C:\Windows\System\CiJlIMH.exe
2⤵
PID:8508

C:\Windows\System\WLAxsEM.exe
C:\Windows\System\WLAxsEM.exe
2⤵
PID:8552

C:\Windows\System\LfkGlaz.exe
C:\Windows\System\LfkGlaz.exe
2⤵
PID:8572

C:\Windows\System\TrUxmEA.exe
C:\Windows\System\TrUxmEA.exe
2⤵
PID:8604

C:\Windows\System\knhhqdM.exe
C:\Windows\System\knhhqdM.exe
2⤵
PID:8636

C:\Windows\System\cLylapK.exe
C:\Windows\System\cLylapK.exe
2⤵
PID:8668

C:\Windows\System\CYMYqBX.exe
C:\Windows\System\CYMYqBX.exe
2⤵
PID:8696

C:\Windows\System\XYiyfwx.exe
C:\Windows\System\XYiyfwx.exe
2⤵
PID:8724

C:\Windows\System\iCBTaVK.exe
C:\Windows\System\iCBTaVK.exe
2⤵
PID:8740

C:\Windows\System\rOfbGqM.exe
C:\Windows\System\rOfbGqM.exe
2⤵
PID:8760

C:\Windows\System\KspkVbz.exe
C:\Windows\System\KspkVbz.exe
2⤵
PID:8776

C:\Windows\System\LSdKFap.exe
C:\Windows\System\LSdKFap.exe
2⤵
PID:8800

C:\Windows\System\IJCQxyC.exe
C:\Windows\System\IJCQxyC.exe
2⤵
PID:8872

C:\Windows\System\GRdLweo.exe
C:\Windows\System\GRdLweo.exe
2⤵
PID:8900

C:\Windows\System\swjvnsd.exe
C:\Windows\System\swjvnsd.exe
2⤵
PID:8928

C:\Windows\System\OhiupLl.exe
C:\Windows\System\OhiupLl.exe
2⤵
PID:8956

C:\Windows\System\vEUWZgn.exe
C:\Windows\System\vEUWZgn.exe
2⤵
PID:8984

C:\Windows\System\nMBZgjY.exe
C:\Windows\System\nMBZgjY.exe
2⤵
PID:9016

C:\Windows\System\wzfQryC.exe
C:\Windows\System\wzfQryC.exe
2⤵
PID:9044

C:\Windows\System\fpDGXaG.exe
C:\Windows\System\fpDGXaG.exe
2⤵
PID:9068

C:\Windows\System\TwmAIZo.exe
C:\Windows\System\TwmAIZo.exe
2⤵
PID:9096

C:\Windows\System\BUduAyq.exe
C:\Windows\System\BUduAyq.exe
2⤵
PID:9144

C:\Windows\System\JBJeZsJ.exe
C:\Windows\System\JBJeZsJ.exe
2⤵
PID:9180

C:\Windows\System\WhCRwfn.exe
C:\Windows\System\WhCRwfn.exe
2⤵
PID:8116

C:\Windows\System\mYPZFKX.exe
C:\Windows\System\mYPZFKX.exe
2⤵
PID:8276

C:\Windows\System\mqMzkSl.exe
C:\Windows\System\mqMzkSl.exe
2⤵
PID:8356

C:\Windows\System\AYRBtZs.exe
C:\Windows\System\AYRBtZs.exe
2⤵
PID:8420

C:\Windows\System\PZFZCbA.exe
C:\Windows\System\PZFZCbA.exe
2⤵
PID:8524

C:\Windows\System\dVGwcGV.exe
C:\Windows\System\dVGwcGV.exe
2⤵
PID:8584

C:\Windows\System\FcTTsqh.exe
C:\Windows\System\FcTTsqh.exe
2⤵
PID:8652

C:\Windows\System\hHxUxqn.exe
C:\Windows\System\hHxUxqn.exe
2⤵
PID:8692

C:\Windows\System\cBkIobq.exe
C:\Windows\System\cBkIobq.exe
2⤵
PID:8748

C:\Windows\System\lCHFYem.exe
C:\Windows\System\lCHFYem.exe
2⤵
PID:8824

C:\Windows\System\lRKVkXq.exe
C:\Windows\System\lRKVkXq.exe
2⤵
PID:7760

C:\Windows\System\whErUXm.exe
C:\Windows\System\whErUXm.exe
2⤵
PID:8952

C:\Windows\System\VxFtVIm.exe
C:\Windows\System\VxFtVIm.exe
2⤵
PID:9088

C:\Windows\System\bYAJCWL.exe
C:\Windows\System\bYAJCWL.exe
2⤵
PID:9164

C:\Windows\System\PTRgOkJ.exe
C:\Windows\System\PTRgOkJ.exe
2⤵
PID:8320

C:\Windows\System\symALYo.exe
C:\Windows\System\symALYo.exe
2⤵
PID:8496

C:\Windows\System\ypWrhFz.exe
C:\Windows\System\ypWrhFz.exe
2⤵
PID:8568

C:\Windows\System\pmjsGBZ.exe
C:\Windows\System\pmjsGBZ.exe
2⤵
PID:8752

C:\Windows\System\qUxqLlS.exe
C:\Windows\System\qUxqLlS.exe
2⤵
PID:8844

C:\Windows\System\LkrGcDd.exe
C:\Windows\System\LkrGcDd.exe
2⤵
PID:8884

C:\Windows\System\zVRdZQH.exe
C:\Windows\System\zVRdZQH.exe
2⤵
PID:8976

C:\Windows\System\VFuNXsZ.exe
C:\Windows\System\VFuNXsZ.exe
2⤵
PID:8256

C:\Windows\System\aYZOZih.exe
C:\Windows\System\aYZOZih.exe
2⤵
PID:8688

C:\Windows\System\zSmeDyt.exe
C:\Windows\System\zSmeDyt.exe
2⤵
PID:9060

C:\Windows\System\UptqrQv.exe
C:\Windows\System\UptqrQv.exe
2⤵
PID:8632

C:\Windows\System\CxHnRJE.exe
C:\Windows\System\CxHnRJE.exe
2⤵
PID:9036

C:\Windows\System\DLPzEdx.exe
C:\Windows\System\DLPzEdx.exe
2⤵
PID:9244

C:\Windows\System\LIemzOm.exe
C:\Windows\System\LIemzOm.exe
2⤵
PID:9276

C:\Windows\System\VGNxALC.exe
C:\Windows\System\VGNxALC.exe
2⤵
PID:9308

C:\Windows\System\VjFYJDK.exe
C:\Windows\System\VjFYJDK.exe
2⤵
PID:9336

C:\Windows\System\EcPCBFA.exe
C:\Windows\System\EcPCBFA.exe
2⤵
PID:9368

C:\Windows\System\PmiPCrn.exe
C:\Windows\System\PmiPCrn.exe
2⤵
PID:9396

C:\Windows\System\hRWolxa.exe
C:\Windows\System\hRWolxa.exe
2⤵
PID:9432

C:\Windows\System\ONzwqoq.exe
C:\Windows\System\ONzwqoq.exe
2⤵
PID:9460

C:\Windows\System\zmQaThV.exe
C:\Windows\System\zmQaThV.exe
2⤵
PID:9488

C:\Windows\System\AJkKPWr.exe
C:\Windows\System\AJkKPWr.exe
2⤵
PID:9520

C:\Windows\System\FPMFDHL.exe
C:\Windows\System\FPMFDHL.exe
2⤵
PID:9548

C:\Windows\System\fcurvGS.exe
C:\Windows\System\fcurvGS.exe
2⤵
PID:9576

C:\Windows\System\ccgkPRE.exe
C:\Windows\System\ccgkPRE.exe
2⤵
PID:9604

C:\Windows\System\GteKvWI.exe
C:\Windows\System\GteKvWI.exe
2⤵
PID:9628

C:\Windows\System\cuUFHVj.exe
C:\Windows\System\cuUFHVj.exe
2⤵
PID:9664

C:\Windows\System\SzmjCGI.exe
C:\Windows\System\SzmjCGI.exe
2⤵
PID:9696

C:\Windows\System\IxuLOIe.exe
C:\Windows\System\IxuLOIe.exe
2⤵
PID:9724

C:\Windows\System\CHAiUiw.exe
C:\Windows\System\CHAiUiw.exe
2⤵
PID:9752

C:\Windows\System\UoOCwaS.exe
C:\Windows\System\UoOCwaS.exe
2⤵
PID:9780

C:\Windows\System\GJrqEbO.exe
C:\Windows\System\GJrqEbO.exe
2⤵
PID:9808

C:\Windows\System\xUOeMCw.exe
C:\Windows\System\xUOeMCw.exe
2⤵
PID:9832

C:\Windows\System\bTXIRdf.exe
C:\Windows\System\bTXIRdf.exe
2⤵
PID:9864

C:\Windows\System\EftvYLu.exe
C:\Windows\System\EftvYLu.exe
2⤵
PID:9900

C:\Windows\System\xOsKKdu.exe
C:\Windows\System\xOsKKdu.exe
2⤵
PID:9944

C:\Windows\System\CNPbUWJ.exe
C:\Windows\System\CNPbUWJ.exe
2⤵
PID:9972

C:\Windows\System\YVaEWSv.exe
C:\Windows\System\YVaEWSv.exe
2⤵
PID:9996

C:\Windows\System\OXYpzWR.exe
C:\Windows\System\OXYpzWR.exe
2⤵
PID:10016

C:\Windows\System\zvpteVH.exe
C:\Windows\System\zvpteVH.exe
2⤵
PID:10060

C:\Windows\System\rGEzUuL.exe
C:\Windows\System\rGEzUuL.exe
2⤵
PID:10100

C:\Windows\System\cRWCBAa.exe
C:\Windows\System\cRWCBAa.exe
2⤵
PID:10140

C:\Windows\System\NAgLTCB.exe
C:\Windows\System\NAgLTCB.exe
2⤵
PID:10188

C:\Windows\System\ZxdlvvZ.exe
C:\Windows\System\ZxdlvvZ.exe
2⤵
PID:10236

C:\Windows\System\RwBitqA.exe
C:\Windows\System\RwBitqA.exe
2⤵
PID:9320

C:\Windows\System\DxJcHNb.exe
C:\Windows\System\DxJcHNb.exe
2⤵
PID:9392

C:\Windows\System\BhEbjTN.exe
C:\Windows\System\BhEbjTN.exe
2⤵
PID:9512

C:\Windows\System\oIXkKep.exe
C:\Windows\System\oIXkKep.exe
2⤵
PID:9600

C:\Windows\System\JNULBAt.exe
C:\Windows\System\JNULBAt.exe
2⤵
PID:9680

C:\Windows\System\pHKnpYB.exe
C:\Windows\System\pHKnpYB.exe
2⤵
PID:9744

C:\Windows\System\ykSDCuU.exe
C:\Windows\System\ykSDCuU.exe
2⤵
PID:9792

C:\Windows\System\pbtVxNg.exe
C:\Windows\System\pbtVxNg.exe
2⤵
PID:9848

C:\Windows\System\mzYfrxx.exe
C:\Windows\System\mzYfrxx.exe
2⤵
PID:9212

C:\Windows\System\uHuNUcN.exe
C:\Windows\System\uHuNUcN.exe
2⤵
PID:9936

C:\Windows\System\NMJEWek.exe
C:\Windows\System\NMJEWek.exe
2⤵
PID:10008

C:\Windows\System\oUMDEQE.exe
C:\Windows\System\oUMDEQE.exe
2⤵
PID:10076

C:\Windows\System\qWacAXy.exe
C:\Windows\System\qWacAXy.exe
2⤵
PID:10172

C:\Windows\System\gxyWJkN.exe
C:\Windows\System\gxyWJkN.exe
2⤵
PID:9272

C:\Windows\System\JOKRiim.exe
C:\Windows\System\JOKRiim.exe
2⤵
PID:9572

C:\Windows\System\aFCTcIU.exe
C:\Windows\System\aFCTcIU.exe
2⤵
PID:9824

C:\Windows\System\qlQDfDO.exe
C:\Windows\System\qlQDfDO.exe
2⤵
PID:9640

C:\Windows\System\LnhwMrx.exe
C:\Windows\System\LnhwMrx.exe
2⤵
PID:10056

C:\Windows\System\ZmqtaMw.exe
C:\Windows\System\ZmqtaMw.exe
2⤵
PID:8684

C:\Windows\System\ANfbykA.exe
C:\Windows\System\ANfbykA.exe
2⤵
PID:9852

C:\Windows\System\aYlQrDI.exe
C:\Windows\System\aYlQrDI.exe
2⤵
PID:10220

C:\Windows\System\BelATmh.exe
C:\Windows\System\BelATmh.exe
2⤵
PID:10164

C:\Windows\System\eZywKOx.exe
C:\Windows\System\eZywKOx.exe
2⤵
PID:10256

C:\Windows\System\fSFSayg.exe
C:\Windows\System\fSFSayg.exe
2⤵
PID:10284

C:\Windows\System\uDfnIRe.exe
C:\Windows\System\uDfnIRe.exe
2⤵
PID:10312

C:\Windows\System\UooxBkR.exe
C:\Windows\System\UooxBkR.exe
2⤵
PID:10340

C:\Windows\System\SAliAkE.exe
C:\Windows\System\SAliAkE.exe
2⤵
PID:10368

C:\Windows\System\LopZIqD.exe
C:\Windows\System\LopZIqD.exe
2⤵
PID:10396

C:\Windows\System\XkanPKe.exe
C:\Windows\System\XkanPKe.exe
2⤵
PID:10428

C:\Windows\System\sHbbIHG.exe
C:\Windows\System\sHbbIHG.exe
2⤵
PID:10456

C:\Windows\System\gKhscxX.exe
C:\Windows\System\gKhscxX.exe
2⤵
PID:10484

C:\Windows\System\EYZnBAE.exe
C:\Windows\System\EYZnBAE.exe
2⤵
PID:10512

C:\Windows\System\dYwwWet.exe
C:\Windows\System\dYwwWet.exe
2⤵
PID:10540

C:\Windows\System\fxhamUd.exe
C:\Windows\System\fxhamUd.exe
2⤵
PID:10568

C:\Windows\System\xSkNgmV.exe
C:\Windows\System\xSkNgmV.exe
2⤵
PID:10596

C:\Windows\System\nzQzGMC.exe
C:\Windows\System\nzQzGMC.exe
2⤵
PID:10624

C:\Windows\System\DxRihkY.exe
C:\Windows\System\DxRihkY.exe
2⤵
PID:10652

C:\Windows\System\qSPobKH.exe
C:\Windows\System\qSPobKH.exe
2⤵
PID:10680

C:\Windows\System\tdTZAqc.exe
C:\Windows\System\tdTZAqc.exe
2⤵
PID:10708

C:\Windows\System\wskrFJW.exe
C:\Windows\System\wskrFJW.exe
2⤵
PID:10736

C:\Windows\System\FnyoUEA.exe
C:\Windows\System\FnyoUEA.exe
2⤵
PID:10764

C:\Windows\System\plfFiHB.exe
C:\Windows\System\plfFiHB.exe
2⤵
PID:10792

C:\Windows\System\kNppZNs.exe
C:\Windows\System\kNppZNs.exe
2⤵
PID:10820

C:\Windows\System\OdAiDiC.exe
C:\Windows\System\OdAiDiC.exe
2⤵
PID:10852

C:\Windows\System\mMUSNWn.exe
C:\Windows\System\mMUSNWn.exe
2⤵
PID:10880

C:\Windows\System\wWytWgh.exe
C:\Windows\System\wWytWgh.exe
2⤵
PID:10908

C:\Windows\System\arkTwMi.exe
C:\Windows\System\arkTwMi.exe
2⤵
PID:10936

C:\Windows\System\AEqSTXw.exe
C:\Windows\System\AEqSTXw.exe
2⤵
PID:10980

C:\Windows\System\ImPVdOi.exe
C:\Windows\System\ImPVdOi.exe
2⤵
PID:11000

C:\Windows\System\PPzgGdu.exe
C:\Windows\System\PPzgGdu.exe
2⤵
PID:11024

C:\Windows\System\zBeFEvw.exe
C:\Windows\System\zBeFEvw.exe
2⤵
PID:11040

C:\Windows\System\UqFaKle.exe
C:\Windows\System\UqFaKle.exe
2⤵
PID:11088

C:\Windows\System\yyZFZnv.exe
C:\Windows\System\yyZFZnv.exe
2⤵
PID:11120

C:\Windows\System\bgPwFqp.exe
C:\Windows\System\bgPwFqp.exe
2⤵
PID:11148

C:\Windows\System\YhUcfCR.exe
C:\Windows\System\YhUcfCR.exe
2⤵
PID:11176

C:\Windows\System\RzWwCQZ.exe
C:\Windows\System\RzWwCQZ.exe
2⤵
PID:11204

C:\Windows\System\AiuaQSJ.exe
C:\Windows\System\AiuaQSJ.exe
2⤵
PID:11232

C:\Windows\System\PeXxBtb.exe
C:\Windows\System\PeXxBtb.exe
2⤵
PID:11260

C:\Windows\System\DUgCIJd.exe
C:\Windows\System\DUgCIJd.exe
2⤵
PID:10300

C:\Windows\System\NnImLdS.exe
C:\Windows\System\NnImLdS.exe
2⤵
PID:10360

C:\Windows\System\YVmMIZy.exe
C:\Windows\System\YVmMIZy.exe
2⤵
PID:10424

C:\Windows\System\nReVwaF.exe
C:\Windows\System\nReVwaF.exe
2⤵
PID:10500

C:\Windows\System\nUGjSXN.exe
C:\Windows\System\nUGjSXN.exe
2⤵
PID:10560

C:\Windows\System\UnkSJog.exe
C:\Windows\System\UnkSJog.exe
2⤵
PID:9872

C:\Windows\System\izKPLix.exe
C:\Windows\System\izKPLix.exe
2⤵
PID:10672

C:\Windows\System\yPFxbPB.exe
C:\Windows\System\yPFxbPB.exe
2⤵
PID:10752

C:\Windows\System\FiGSCYM.exe
C:\Windows\System\FiGSCYM.exe
2⤵
PID:10812

C:\Windows\System\DIJgxAM.exe
C:\Windows\System\DIJgxAM.exe
2⤵
PID:10876

C:\Windows\System\zmNGQUF.exe
C:\Windows\System\zmNGQUF.exe
2⤵
PID:10952

C:\Windows\System\MperLxa.exe
C:\Windows\System\MperLxa.exe
2⤵
PID:11032

C:\Windows\System\hVXgedW.exe
C:\Windows\System\hVXgedW.exe
2⤵
PID:11100

C:\Windows\System\avpzLcF.exe
C:\Windows\System\avpzLcF.exe
2⤵
PID:11164

C:\Windows\System\iroSScr.exe
C:\Windows\System\iroSScr.exe
2⤵
PID:11224

C:\Windows\System\hLkGXun.exe
C:\Windows\System\hLkGXun.exe
2⤵
PID:10280

C:\Windows\System\lHvxBvQ.exe
C:\Windows\System\lHvxBvQ.exe
2⤵
PID:10468

C:\Windows\System\HSSbpKc.exe
C:\Windows\System\HSSbpKc.exe
2⤵
PID:10608

C:\Windows\System\FQPXMnr.exe
C:\Windows\System\FQPXMnr.exe
2⤵
PID:10732

C:\Windows\System\buEOCSd.exe
C:\Windows\System\buEOCSd.exe
2⤵
PID:10928

C:\Windows\System\lJcJGhD.exe
C:\Windows\System\lJcJGhD.exe
2⤵
PID:11084

C:\Windows\System\QhmnvUX.exe
C:\Windows\System\QhmnvUX.exe
2⤵
PID:11256

C:\Windows\System\ijVJiSP.exe
C:\Windows\System\ijVJiSP.exe
2⤵
PID:10588

C:\Windows\System\gBtSQWB.exe
C:\Windows\System\gBtSQWB.exe
2⤵
PID:10920

C:\Windows\System\PolOaGu.exe
C:\Windows\System\PolOaGu.exe
2⤵
PID:10388

C:\Windows\System\TVbijjs.exe
C:\Windows\System\TVbijjs.exe
2⤵
PID:11200

C:\Windows\System\yCrhQJf.exe
C:\Windows\System\yCrhQJf.exe
2⤵
PID:11272

C:\Windows\System\YFgkUhI.exe
C:\Windows\System\YFgkUhI.exe
2⤵
PID:11300

C:\Windows\System\WcZFqfx.exe
C:\Windows\System\WcZFqfx.exe
2⤵
PID:11328

C:\Windows\System\hvaGpug.exe
C:\Windows\System\hvaGpug.exe
2⤵
PID:11356

C:\Windows\System\uPNoWWh.exe
C:\Windows\System\uPNoWWh.exe
2⤵
PID:11384

C:\Windows\System\hqLZAIy.exe
C:\Windows\System\hqLZAIy.exe
2⤵
PID:11412

C:\Windows\System\jsqnDuy.exe
C:\Windows\System\jsqnDuy.exe
2⤵
PID:11440

C:\Windows\System\QtEizgb.exe
C:\Windows\System\QtEizgb.exe
2⤵
PID:11468

C:\Windows\System\hBRuoon.exe
C:\Windows\System\hBRuoon.exe
2⤵
PID:11496

C:\Windows\System\xaVEVBN.exe
C:\Windows\System\xaVEVBN.exe
2⤵
PID:11524

C:\Windows\System\EyBGiJt.exe
C:\Windows\System\EyBGiJt.exe
2⤵
PID:11552

C:\Windows\System\fsFpPlt.exe
C:\Windows\System\fsFpPlt.exe
2⤵
PID:11580

C:\Windows\System\GYUpFko.exe
C:\Windows\System\GYUpFko.exe
2⤵
PID:11608

C:\Windows\System\vdqMjet.exe
C:\Windows\System\vdqMjet.exe
2⤵
PID:11636

C:\Windows\System\jvyDzYc.exe
C:\Windows\System\jvyDzYc.exe
2⤵
PID:11664

C:\Windows\System\AGgtTGU.exe
C:\Windows\System\AGgtTGU.exe
2⤵
PID:11692

C:\Windows\System\AXhcMRg.exe
C:\Windows\System\AXhcMRg.exe
2⤵
PID:11720

C:\Windows\System\FQTwVNm.exe
C:\Windows\System\FQTwVNm.exe
2⤵
PID:11748

C:\Windows\System\TwPfQfn.exe
C:\Windows\System\TwPfQfn.exe
2⤵
PID:11776

C:\Windows\System\nwTvPdr.exe
C:\Windows\System\nwTvPdr.exe
2⤵
PID:11804

C:\Windows\System\CjvICwZ.exe
C:\Windows\System\CjvICwZ.exe
2⤵
PID:11832

C:\Windows\System\SKFBkWO.exe
C:\Windows\System\SKFBkWO.exe
2⤵
PID:11868

C:\Windows\System\AGwOBii.exe
C:\Windows\System\AGwOBii.exe
2⤵
PID:11888

C:\Windows\System\wUGaVfH.exe
C:\Windows\System\wUGaVfH.exe
2⤵
PID:11916

C:\Windows\System\qZjGfRS.exe
C:\Windows\System\qZjGfRS.exe
2⤵
PID:11944

C:\Windows\System\cydDlvY.exe
C:\Windows\System\cydDlvY.exe
2⤵
PID:11972

C:\Windows\System\cBwFnYm.exe
C:\Windows\System\cBwFnYm.exe
2⤵
PID:12004

C:\Windows\System\WWnjQnB.exe
C:\Windows\System\WWnjQnB.exe
2⤵
PID:12032

C:\Windows\System\EWtHtEw.exe
C:\Windows\System\EWtHtEw.exe
2⤵
PID:12060

C:\Windows\System\UEgnzfo.exe
C:\Windows\System\UEgnzfo.exe
2⤵
PID:12088

C:\Windows\System\MXMBMqO.exe
C:\Windows\System\MXMBMqO.exe
2⤵
PID:12116

C:\Windows\System\oJuidcF.exe
C:\Windows\System\oJuidcF.exe
2⤵
PID:12144

C:\Windows\System\RlORQGm.exe
C:\Windows\System\RlORQGm.exe
2⤵
PID:12172

C:\Windows\System\LMOoTnd.exe
C:\Windows\System\LMOoTnd.exe
2⤵
PID:12200

C:\Windows\System\ghgYeuK.exe
C:\Windows\System\ghgYeuK.exe
2⤵
PID:12228

C:\Windows\System\bgNDQpR.exe
C:\Windows\System\bgNDQpR.exe
2⤵
PID:12256

C:\Windows\System\cyqcAXj.exe
C:\Windows\System\cyqcAXj.exe
2⤵
PID:12284

C:\Windows\System\PEpsAOI.exe
C:\Windows\System\PEpsAOI.exe
2⤵
PID:11320

C:\Windows\System\sGnFRzF.exe
C:\Windows\System\sGnFRzF.exe
2⤵
PID:11380

C:\Windows\System\OCPmCiD.exe
C:\Windows\System\OCPmCiD.exe
2⤵
PID:11456

C:\Windows\System\TUmvTPN.exe
C:\Windows\System\TUmvTPN.exe
2⤵
PID:11516

C:\Windows\System\hARrbsv.exe
C:\Windows\System\hARrbsv.exe
2⤵
PID:11576

C:\Windows\System\gYATDYW.exe
C:\Windows\System\gYATDYW.exe
2⤵
PID:11632

C:\Windows\System\nRVIRdz.exe
C:\Windows\System\nRVIRdz.exe
2⤵
PID:11704

C:\Windows\System\PcLvPKV.exe
C:\Windows\System\PcLvPKV.exe
2⤵
PID:11768

C:\Windows\System\PyjoGwf.exe
C:\Windows\System\PyjoGwf.exe
2⤵
PID:11828

C:\Windows\System\lbvLVjf.exe
C:\Windows\System\lbvLVjf.exe
2⤵
PID:11904

C:\Windows\System\SizIMCB.exe
C:\Windows\System\SizIMCB.exe
2⤵
PID:11964

C:\Windows\System\WglfjnR.exe
C:\Windows\System\WglfjnR.exe
2⤵
PID:12028

C:\Windows\System\moGMySe.exe
C:\Windows\System\moGMySe.exe
2⤵
PID:12104

C:\Windows\System\DxrlXRf.exe
C:\Windows\System\DxrlXRf.exe
2⤵
PID:12164

C:\Windows\System\ccPaJcy.exe
C:\Windows\System\ccPaJcy.exe
2⤵
PID:12224

C:\Windows\System\wSgEPcj.exe
C:\Windows\System\wSgEPcj.exe
2⤵
PID:11292

C:\Windows\System\BMxmYzw.exe
C:\Windows\System\BMxmYzw.exe
2⤵
PID:11492

C:\Windows\System\STPHHjs.exe
C:\Windows\System\STPHHjs.exe
2⤵
PID:11684

C:\Windows\System\sfcafRr.exe
C:\Windows\System\sfcafRr.exe
2⤵
PID:11932

C:\Windows\System\pbLAWBg.exe
C:\Windows\System\pbLAWBg.exe
2⤵
PID:12080

C:\Windows\System\tdabMlD.exe
C:\Windows\System\tdabMlD.exe
2⤵
PID:12220

C:\Windows\System\PXqlHuj.exe
C:\Windows\System\PXqlHuj.exe
2⤵
PID:11544

C:\Windows\System\nFRZiLu.exe
C:\Windows\System\nFRZiLu.exe
2⤵
PID:12020

C:\Windows\System\NoLebjS.exe
C:\Windows\System\NoLebjS.exe
2⤵
PID:11368

C:\Windows\System\CAXjDvZ.exe
C:\Windows\System\CAXjDvZ.exe
2⤵
PID:12216

C:\Windows\System\xDSRunc.exe
C:\Windows\System\xDSRunc.exe
2⤵
PID:12296

C:\Windows\System\VoDvNil.exe
C:\Windows\System\VoDvNil.exe
2⤵
PID:12324

C:\Windows\System\XxiIvmy.exe
C:\Windows\System\XxiIvmy.exe
2⤵
PID:12352

C:\Windows\System\nqsnCEx.exe
C:\Windows\System\nqsnCEx.exe
2⤵
PID:12380

C:\Windows\System\pesZuSP.exe
C:\Windows\System\pesZuSP.exe
2⤵
PID:12408

C:\Windows\System\lVcQrFk.exe
C:\Windows\System\lVcQrFk.exe
2⤵
PID:12436

C:\Windows\System\UnnEVTK.exe
C:\Windows\System\UnnEVTK.exe
2⤵
PID:12464

C:\Windows\System\HgYPeKe.exe
C:\Windows\System\HgYPeKe.exe
2⤵
PID:12492

C:\Windows\System\dMKzNfk.exe
C:\Windows\System\dMKzNfk.exe
2⤵
PID:12520

C:\Windows\System\FpjyiPN.exe
C:\Windows\System\FpjyiPN.exe
2⤵
PID:12536

C:\Windows\System\walqBek.exe
C:\Windows\System\walqBek.exe
2⤵
PID:12556

C:\Windows\System\VsHULrx.exe
C:\Windows\System\VsHULrx.exe
2⤵
PID:12596

C:\Windows\System\yxVINzO.exe
C:\Windows\System\yxVINzO.exe
2⤵
PID:12632

C:\Windows\System\gxfwZAt.exe
C:\Windows\System\gxfwZAt.exe
2⤵
PID:12664

C:\Windows\System\WvBRRDd.exe
C:\Windows\System\WvBRRDd.exe
2⤵
PID:12692

C:\Windows\System\ozyEEpt.exe
C:\Windows\System\ozyEEpt.exe
2⤵
PID:12720

C:\Windows\System\mxRjplz.exe
C:\Windows\System\mxRjplz.exe
2⤵
PID:12748

C:\Windows\System\cvojJUU.exe
C:\Windows\System\cvojJUU.exe
2⤵
PID:12776

C:\Windows\System\RJEYWxs.exe
C:\Windows\System\RJEYWxs.exe
2⤵
PID:12804

C:\Windows\System\GZQtoIr.exe
C:\Windows\System\GZQtoIr.exe
2⤵
PID:12832

C:\Windows\System\dlvAOix.exe
C:\Windows\System\dlvAOix.exe
2⤵
PID:12860

C:\Windows\System\jhUxEXE.exe
C:\Windows\System\jhUxEXE.exe
2⤵
PID:12892

C:\Windows\System\KVJlloV.exe
C:\Windows\System\KVJlloV.exe
2⤵
PID:12920

C:\Windows\System\JPNLJYo.exe
C:\Windows\System\JPNLJYo.exe
2⤵
PID:12948

C:\Windows\System\ZJqNVas.exe
C:\Windows\System\ZJqNVas.exe
2⤵
PID:12976

C:\Windows\System\JmFoAoT.exe
C:\Windows\System\JmFoAoT.exe
2⤵
PID:13004

C:\Windows\System\mSPgPzJ.exe
C:\Windows\System\mSPgPzJ.exe
2⤵
PID:13032

C:\Windows\System\MhRiGKJ.exe
C:\Windows\System\MhRiGKJ.exe
2⤵
PID:13060

C:\Windows\System\QzsfKpF.exe
C:\Windows\System\QzsfKpF.exe
2⤵
PID:13088

C:\Windows\System\GZLWkld.exe
C:\Windows\System\GZLWkld.exe
2⤵
PID:13108

C:\Windows\System\OUvYzjs.exe
C:\Windows\System\OUvYzjs.exe
2⤵
PID:13144

C:\Windows\System\fOGobQu.exe
C:\Windows\System\fOGobQu.exe
2⤵
PID:13164

C:\Windows\System\JiUDHUR.exe
C:\Windows\System\JiUDHUR.exe
2⤵
PID:13188

C:\Windows\System\UfkaGQt.exe
C:\Windows\System\UfkaGQt.exe
2⤵
PID:13216

C:\Windows\System\dsFfbUx.exe
C:\Windows\System\dsFfbUx.exe
2⤵
PID:13252

C:\Windows\System\tbyvddD.exe
C:\Windows\System\tbyvddD.exe
2⤵
PID:13284

C:\Windows\System\WozEPCl.exe
C:\Windows\System\WozEPCl.exe
2⤵
PID:12140

C:\Windows\System\RmjDuJJ.exe
C:\Windows\System\RmjDuJJ.exe
2⤵
PID:12320

C:\Windows\System\QdubONi.exe
C:\Windows\System\QdubONi.exe
2⤵
PID:12396

C:\Windows\System\AKZZmlJ.exe
C:\Windows\System\AKZZmlJ.exe
2⤵
PID:12456

C:\Windows\System\ntbxYzR.exe
C:\Windows\System\ntbxYzR.exe
2⤵
PID:12516

C:\Windows\System\izDSWwq.exe
C:\Windows\System\izDSWwq.exe
2⤵
PID:12572

C:\Windows\System\aHEsRAg.exe
C:\Windows\System\aHEsRAg.exe
2⤵
PID:12660

C:\Windows\System\DxdyAOn.exe
C:\Windows\System\DxdyAOn.exe
2⤵
PID:12740

C:\Windows\System\MaLfICp.exe
C:\Windows\System\MaLfICp.exe
2⤵
PID:12800

C:\Windows\System\YsUEgQZ.exe
C:\Windows\System\YsUEgQZ.exe
2⤵
PID:12884

C:\Windows\System\OQPjvLz.exe
C:\Windows\System\OQPjvLz.exe
2⤵
PID:12940

C:\Windows\System\JGXMMXF.exe
C:\Windows\System\JGXMMXF.exe
2⤵
PID:13020

C:\Windows\System\HdhBCVD.exe
C:\Windows\System\HdhBCVD.exe
2⤵
PID:13072

C:\Windows\System\POZAtVw.exe
C:\Windows\System\POZAtVw.exe
2⤵
PID:13136

C:\Windows\System\mGudEIJ.exe
C:\Windows\System\mGudEIJ.exe
2⤵
PID:13180

C:\Windows\System\DjDLVoQ.exe
C:\Windows\System\DjDLVoQ.exe
2⤵
PID:13244

C:\Windows\System\MIUyFFa.exe
C:\Windows\System\MIUyFFa.exe
2⤵
PID:13300

C:\Windows\System\WhTbRQj.exe
C:\Windows\System\WhTbRQj.exe
2⤵
PID:12432

C:\Windows\System\GwcOlNi.exe
C:\Windows\System\GwcOlNi.exe
2⤵
PID:12656

C:\Windows\System\WuQHNKq.exe
C:\Windows\System\WuQHNKq.exe
2⤵
PID:12848

C:\Windows\System\DkReISQ.exe
C:\Windows\System\DkReISQ.exe
2⤵
PID:12908

C:\Windows\System\NqvVTRn.exe
C:\Windows\System\NqvVTRn.exe
2⤵
PID:13076

C:\Windows\System\WPYSAmy.exe
C:\Windows\System\WPYSAmy.exe
2⤵
PID:13160

C:\Windows\System\vnDXbdQ.exe
C:\Windows\System\vnDXbdQ.exe
2⤵
PID:1416

C:\Windows\System\ZYtUUud.exe
C:\Windows\System\ZYtUUud.exe
2⤵
PID:12348

C:\Windows\System\zGhlbdA.exe
C:\Windows\System\zGhlbdA.exe
2⤵
PID:12576

C:\Windows\System\jwpPdIf.exe
C:\Windows\System\jwpPdIf.exe
2⤵
PID:13128

C:\Windows\System\eIPoxXd.exe
C:\Windows\System\eIPoxXd.exe
2⤵
PID:12544

C:\Windows\System\pqqGEyr.exe
C:\Windows\System\pqqGEyr.exe
2⤵
PID:12640

C:\Windows\System\SdjVkGR.exe
C:\Windows\System\SdjVkGR.exe
2⤵
PID:13320

C:\Windows\System\OpQxFFB.exe
C:\Windows\System\OpQxFFB.exe
2⤵
PID:13340

C:\Windows\System\JWLqFsU.exe
C:\Windows\System\JWLqFsU.exe
2⤵
PID:13376

C:\Windows\System\bKcdrcP.exe
C:\Windows\System\bKcdrcP.exe
2⤵
PID:13404

C:\Windows\System\OHZYZKY.exe
C:\Windows\System\OHZYZKY.exe
2⤵
PID:13432

C:\Windows\System\RtRAeFJ.exe
C:\Windows\System\RtRAeFJ.exe
2⤵
PID:13452

C:\Windows\System\LzoCIbP.exe
C:\Windows\System\LzoCIbP.exe
2⤵
PID:13480

C:\Windows\System\xNEMiOn.exe
C:\Windows\System\xNEMiOn.exe
2⤵
PID:13520

C:\Windows\System\tEipPTR.exe
C:\Windows\System\tEipPTR.exe
2⤵
PID:13548

C:\Windows\System\pkELcJW.exe
C:\Windows\System\pkELcJW.exe
2⤵
PID:13576

C:\Windows\System\YJoUbGc.exe
C:\Windows\System\YJoUbGc.exe
2⤵
PID:13604

C:\Windows\System\cSpeZFQ.exe
C:\Windows\System\cSpeZFQ.exe
2⤵
PID:13620

C:\Windows\System\xCnFGLS.exe
C:\Windows\System\xCnFGLS.exe
2⤵
PID:13660

C:\Windows\System\RAyFOaA.exe
C:\Windows\System\RAyFOaA.exe
2⤵
PID:13688

C:\Windows\System\zdPZvQh.exe
C:\Windows\System\zdPZvQh.exe
2⤵
PID:13716

C:\Windows\System\WDjAiUb.exe
C:\Windows\System\WDjAiUb.exe
2⤵
PID:13740

C:\Windows\System\bPcMtnm.exe
C:\Windows\System\bPcMtnm.exe
2⤵
PID:13760

C:\Windows\System\sfEFTwI.exe
C:\Windows\System\sfEFTwI.exe
2⤵
PID:13780

C:\Windows\System\fNYEVYe.exe
C:\Windows\System\fNYEVYe.exe
2⤵
PID:13816

C:\Windows\System\upEAcMx.exe
C:\Windows\System\upEAcMx.exe
2⤵
PID:13848

C:\Windows\System\tPcVkId.exe
C:\Windows\System\tPcVkId.exe
2⤵
PID:13884

C:\Windows\System\NqgBSFq.exe
C:\Windows\System\NqgBSFq.exe
2⤵
PID:13904

C:\Windows\System\NhLnBlK.exe
C:\Windows\System\NhLnBlK.exe
2⤵
PID:13928

C:\Windows\System\okpuEIX.exe
C:\Windows\System\okpuEIX.exe
2⤵
PID:13968

C:\Windows\System\dWfzICc.exe
C:\Windows\System\dWfzICc.exe
2⤵
PID:13996

C:\Windows\System\vYmziLB.exe
C:\Windows\System\vYmziLB.exe
2⤵
PID:14020

C:\Windows\System\uqRTQWo.exe
C:\Windows\System\uqRTQWo.exe
2⤵
PID:14052

C:\Windows\System\LzMMmWm.exe
C:\Windows\System\LzMMmWm.exe
2⤵
PID:14080

C:\Windows\System\SINmbii.exe
C:\Windows\System\SINmbii.exe
2⤵
PID:14108

C:\Windows\System\kNdgtyv.exe
C:\Windows\System\kNdgtyv.exe
2⤵
PID:14128

C:\Windows\System\HsHHHnE.exe
C:\Windows\System\HsHHHnE.exe
2⤵
PID:14164

C:\Windows\System\TBvWVBT.exe
C:\Windows\System\TBvWVBT.exe
2⤵
PID:14192

C:\Windows\System\TDSVwUk.exe
C:\Windows\System\TDSVwUk.exe
2⤵
PID:14220

C:\Windows\System\SoavlkA.exe
C:\Windows\System\SoavlkA.exe
2⤵
PID:14236

C:\Windows\System\eYJRBng.exe
C:\Windows\System\eYJRBng.exe
2⤵
PID:14276

C:\Windows\System\cqzTFTe.exe
C:\Windows\System\cqzTFTe.exe
2⤵
PID:14292

C:\Windows\System\BlLFXTB.exe
C:\Windows\System\BlLFXTB.exe
2⤵
PID:14308

C:\Windows\System\PTDVxDo.exe
C:\Windows\System\PTDVxDo.exe
2⤵
PID:13336

C:\Windows\System\qJcDnzp.exe
C:\Windows\System\qJcDnzp.exe
2⤵
PID:13416

C:\Windows\System\jMOfvyp.exe
C:\Windows\System\jMOfvyp.exe
2⤵
PID:13468

C:\Windows\System\NLGJvaT.exe
C:\Windows\System\NLGJvaT.exe
2⤵
PID:13540

C:\Windows\System\LTkHKHs.exe
C:\Windows\System\LTkHKHs.exe
2⤵
PID:13588

C:\Windows\System\LhVHCJV.exe
C:\Windows\System\LhVHCJV.exe
2⤵
PID:13676

C:\Windows\System\vrhOngK.exe
C:\Windows\System\vrhOngK.exe
2⤵
PID:13724

C:\Windows\System\afVejVQ.exe
C:\Windows\System\afVejVQ.exe
2⤵
PID:13804

C:\Windows\System\RKcDdIf.exe
C:\Windows\System\RKcDdIf.exe
2⤵
PID:13832

C:\Windows\System\AzSOxlT.exe
C:\Windows\System\AzSOxlT.exe
2⤵
PID:13892

C:\Windows\System\lsiNPFu.exe
C:\Windows\System\lsiNPFu.exe
2⤵
PID:13952

C:\Windows\System\sdXHbAt.exe
C:\Windows\System\sdXHbAt.exe
2⤵
PID:14032

C:\Windows\System\fxuptQa.exe
C:\Windows\System\fxuptQa.exe
2⤵
PID:14100

C:\Windows\System\bsvLmqc.exe
C:\Windows\System\bsvLmqc.exe
2⤵
PID:14152

C:\Windows\System\lJEnwHn.exe
C:\Windows\System\lJEnwHn.exe
2⤵
PID:14212

C:\Windows\System\uvGqxqs.exe
C:\Windows\System\uvGqxqs.exe
2⤵
PID:14256

C:\Windows\System\jQkcEiC.exe
C:\Windows\System\jQkcEiC.exe
2⤵
PID:13304

C:\Windows\System\VcdFJkw.exe
C:\Windows\System\VcdFJkw.exe
2⤵
PID:13532

C:\Windows\System\KZhUQnI.exe
C:\Windows\System\KZhUQnI.exe
2⤵
PID:13684

C:\Windows\System\FLtDbZm.exe
C:\Windows\System\FLtDbZm.exe
2⤵
PID:13800

C:\Windows\System\kjwKBqD.exe
C:\Windows\System\kjwKBqD.exe
2⤵
PID:13860

C:\Windows\System\DvVHciW.exe
C:\Windows\System\DvVHciW.exe
2⤵
PID:14044

C:\Windows\System\KPjLrgB.exe
C:\Windows\System\KPjLrgB.exe
2⤵
PID:13400

C:\Windows\System\gwYGfNj.exe
C:\Windows\System\gwYGfNj.exe
2⤵
PID:13612

C:\Windows\System\xeTMEtb.exe
C:\Windows\System\xeTMEtb.exe
2⤵
PID:14252

C:\Windows\System\udlEmVV.exe
C:\Windows\System\udlEmVV.exe
2⤵
PID:14360

C:\Windows\System\edTUiUV.exe
C:\Windows\System\edTUiUV.exe
2⤵
PID:14380

C:\Windows\System\HVLqpHj.exe
C:\Windows\System\HVLqpHj.exe
2⤵
PID:14412

C:\Windows\System\BJQfrfg.exe
C:\Windows\System\BJQfrfg.exe
2⤵
PID:14436

C:\Windows\System\KNvEFtK.exe
C:\Windows\System\KNvEFtK.exe
2⤵
PID:14472

C:\Windows\System\stYItYm.exe
C:\Windows\System\stYItYm.exe
2⤵
PID:14496

C:\Windows\System\pCkBWqQ.exe
C:\Windows\System\pCkBWqQ.exe
2⤵
PID:14528

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AvccROY.exe

Filesize
2.2MB

MD5
b0124a7cbd9585a8aee126c0cf903141

SHA1
501fe73bc9a90fae63678a6fa6c8bea4efd87006

SHA256
4375bce9b447ed86ca143904b441dcedede649054bfc200c5fe8b4926439828e

SHA512
ba7649ae7f731407ff7a6702e1692ddabf9fdc5bec4b1826502180973b9a3e379d2d53d2de197d99b3721ef3ccffd73aa7e8baa11b2afd4c0f9bdb3246aabbfc

Download Submit
C:\Windows\System\CvMrvvH.exe

Filesize
2.2MB

MD5
134eefeddcd57befc306bee7baae3f7b

SHA1
3ea3eb949526e20c9e41745762d6a8f31239518c

SHA256
122f29be251323ea19efa3dc8ce6cb21af4be84b6252c94f9040efe30c789be2

SHA512
0e5c8165352df0acc741ec830d74bca2c5d6ea7a81bb90cdf17dcb5594fa7ac9541c1222832c6c0211ba85c7dfc0adf5b4ce5e25cf09e53e53295c18cd1336c7

Download Submit
C:\Windows\System\DpuLPFZ.exe

Filesize
2.2MB

MD5
be1a405de3a118e55423a51288a2c216

SHA1
0ee78d46142c5286f077ea24ec00ebd1c75c6395

SHA256
7c5e09935d125dd01e3aea2bc8f1ad36242d91afc54a65682771f17a142e1d71

SHA512
f3ce5077095377e2456ac877dac2061016d073561807a0ea82c39d92cda623d9b1a375d6128e2ba1c4d63a0df755ee0fd51a34fefa3ee787419910458106946b

Download Submit
C:\Windows\System\HihCtlT.exe

Filesize
2.2MB

MD5
e2a0f10ac3852f79499ac5ae15239544

SHA1
5837780cf64c592e7a1fde47a8ddeb93638b87da

SHA256
69136180344f5979480199d8a1248b9aa11d57ea6846d73af310d24f00ceb085

SHA512
1fde0e00c86c6aa807913b14ceee60217bcbf4506355dfd32b3ad4f934db912502bc99bc28cd07a50da8cb012b3c2051a4f96d02459d0e4c3a4d93e9d986d1c7

Download Submit
C:\Windows\System\JWkBkOB.exe

Filesize
2.2MB

MD5
f5650ccd8a569a7d367541ca3bf34be5

SHA1
8b7bd763ae9e1a32d6488db4e4eb414e095b4a39

SHA256
e7a7f51d4ae33c6675191f5124339b5c4b4e96b7234c7c5f8139e201ec97cf41

SHA512
c46095f0954eaaee36ce4cd335a4faf28972369c156e49eb8bddc3f9e963be2e2fc99de10e3618660f8dc4650293f7c8d518643325145fa1252ba73ae77883db

Download Submit
C:\Windows\System\JuVPqok.exe

Filesize
2.2MB

MD5
6e4cce0eacfbeecca5f2d7652bd4bcc2

SHA1
63733717aeef1904057e584d02c6b677e9345628

SHA256
7389d86dbaebd394d9ff08bfb76275c5a14232cbc429cca0b8535fd171b8150e

SHA512
38e36a18305c0a08761f7a7927af5591ec70b8900d4640cc39a709ec6b746f992aa4542ccca5277c6d7bea2a50793482115eaead5219d6f04804be8375611b42

Download Submit
C:\Windows\System\NFgjByT.exe

Filesize
2.2MB

MD5
babb6290a1245696185cf771cd2ba38e

SHA1
13c9c29406b85045875601415182e17f616689ca

SHA256
e0edcd94f065b37f271b036eafec9d9b8a971d5ba83dca15d51093121443594c

SHA512
b3c6d394b05b2f5e26b1eb295dca3f7b95fd73fc1db61b0597a558e9db16e06d754be5247b74ee0045c54352a54b7d1f50f7af0a64eb8639a1864fa77a08c87b

Download Submit
C:\Windows\System\OpKnxUl.exe

Filesize
2.2MB

MD5
96db78976bae6fbfc1d165456b7f34a5

SHA1
a28dc50f177f2cd21c67c9737a6cd745fdf6ef68

SHA256
053104e4b421858c779d3bd4594a85188c648b02e85c7e16ebb876cab67dedda

SHA512
14a83ac54b7c200d40455e5ae7cf945ce52963de1a2bd3553f484d9c97d6de982cd5f8d604a8518f939035db97204e72972611bb3f6aeb0b3a87fbc19f812903

Download Submit
C:\Windows\System\QkxWraG.exe

Filesize
2.2MB

MD5
585a49d5d4b59ff9ae6b5f7da77d6b68

SHA1
1338c742705cffcdbeb9ed4d68aa488bcf596942

SHA256
d6664a770a99e0a567a60165ea71f92259751e222a0b30d8e9463c7520f63609

SHA512
764ba812602b06e1609d8c9d39d9c4e0265e2d2179acd6f667f047a47c1d2bb88b5429c7b13bab0d5587a9e31fdce73fa9f2149afc9c2aef461292073b2e6f80

Download Submit
C:\Windows\System\TWOnIax.exe

Filesize
2.2MB

MD5
00a54a49d43fd083c4a3173be5d5026c

SHA1
69ebdfffba03ba21050fc8ba5a642300e3b149ef

SHA256
06e357aa87fa770a78bc55f9296f9c0795afbd8196ced19e5aa7f4c166d81a35

SHA512
4de3a8a6ba0d9ec79f855e476bdb557b941db3cf8de498a776faf8ebaaed67463ff72631347fc723321ece9e2db4bbcdd99313ad7cc3540b9c60689e7b9e977e

Download Submit
C:\Windows\System\WzeEzuC.exe

Filesize
2.2MB

MD5
e1345ea6aafd99335ac45aa94b1e40a0

SHA1
962f0a801dd292f276819b383855d52776a719c3

SHA256
a2ab9b23da4de9b6bcec88fb06b3bcd8012c677921c309638775b3aa61a4d347

SHA512
cadab1e302c8475a67865bbaeeb315edfe84c54b2aea0e040f422aa6e634bc65a49c28e09c5d5a3d6b6f5e82b87e8ca598367268936f26abbf72525cff6d8133

Download Submit
C:\Windows\System\XobNuhn.exe

Filesize
2.2MB

MD5
eb87f86ffe28322e132a7692b00a9180

SHA1
f744abaa2b6961076a653bf35a2c6e4105597db8

SHA256
9e92979477bf4f2e9cc21d0c843375e81c9bc1b83791b2a124fe74aae73a2ca9

SHA512
e9e1b6be54367ffd6b403644be22479bf2ba9f5b4c4e15716fcc8a04cf58154c3f49971e50bc40c42eec90af9db263bbe19170346f00d5ff91fbf81a53077662

Download Submit
C:\Windows\System\Xzwaeau.exe

Filesize
2.2MB

MD5
57a07be5e882f35621a744de1cfbb0d5

SHA1
9269d62d571ce7175933c5321ac2dd92df7ccaad

SHA256
df274f7a20586e122f6ddf6e0cb9b6d3f843c0bcdc90e3ff89b9a9fd2b07d4e7

SHA512
bd638e155aeb45fd6fe59c7995125e1c9229369a83a47b38718256221c8a5539fa53343141a0954af828808416ff1ecbb45d2260598533d21343e4cd14d063ad

Download Submit
C:\Windows\System\ZIcGIri.exe

Filesize
2.2MB

MD5
f2fbd907f2173ab1b0edce5b777fd9ef

SHA1
ebe8122197a1598cf5c31dfb2a87cf61c79d3998

SHA256
4b489ffc1e0daac09a3c5ef06ac25ac634e5708ff5ad9a6816aaff49964c411c

SHA512
43366742bbf16355bd8d91325dbe07147b639e9349dbb5768ed9f88c574be5fbaf4f198431acaf741d47b4b96d7127439c97636744a76df316d3d907227b1641

Download Submit
C:\Windows\System\ZUuWEbj.exe

Filesize
2.2MB

MD5
b96a5db272d92def636b274bd56ee331

SHA1
e8774b1d6de5c9eba3a93437d46b93cfccf8f02f

SHA256
1d99ec212d41cf8cdb928ed6d1c9c87cc3153df1032ece04c41a6d94e16c0e4d

SHA512
fdd51ca846930e25f53d7af4b00c26ef6a5947aadd984bfb5d0577af00363402830368f03fc3e4bcaf8e5f30897a53e9c3b0be569a58dfdd400f9b3645013f41

Download Submit
C:\Windows\System\aMAZsRo.exe

Filesize
2.2MB

MD5
c0266fa411e1f9ec89220972aa71653f

SHA1
d556fbc7c0f927059214a018c3508d0c4aaafd74

SHA256
178c1cce06373fa5461dfe454657657378bc3df266488cf9926de89dec86ee89

SHA512
674128192823fc662fe43cc8322f87dff70ac8af8abd3d2fa0e908825e7bdb6041395dee71ba44e5a8833196adddd58d758cbe9e758b9460f6a8bb15eec5b990

Download Submit
C:\Windows\System\aVnmcNg.exe

Filesize
2.2MB

MD5
2a3d3d3ade9d2a78a897a0c00dd39295

SHA1
667072d9cd626dd4d23c78e6c9ac615ceaa86a60

SHA256
e54d85993a14c74c1ed9112e9b550a4e17795ba21ae0ca862e29d354eb9589c0

SHA512
196f224160ee373cdc45cddd32187cbb3e90de6dd87386be65a37b4c8aed819acfc4dbb64c7d1017eca20555c8357d95a1f87b8c8d1903abbdae36954dd4e55e

Download Submit
C:\Windows\System\cUsJieK.exe

Filesize
2.2MB

MD5
73785a0055881f9c82baef9144665c82

SHA1
dcbbccfe5cab230331bc37902e91f6bb7aae4125

SHA256
da493bd0c14da93e7dd8eb4d673fa9fe6f0b939a74f38befa7bf263d01f78a22

SHA512
610a5e1548db19493530adebe41082ae527aa6b3d09bb0809cf07090565226ea5d4ce2d654d86daaad34bdec58a005283a86c96e6ecfba9f6dea49aa5bd83d41

Download Submit
C:\Windows\System\dCELPmv.exe

Filesize
2.2MB

MD5
39496eb5fd4c33046a07c2fc2c8b42c9

SHA1
c90d18ff8ea548d50619ef8083be855bd2ee0bc1

SHA256
4ccdc200ee731fd635d04b49fc5aed2eeff83f5075694813a82b86c39e76ba47

SHA512
02a5d202fc3575dec11a6af48dbd2c4046678d72e24d078bd36e41f889c764c63cf19f5221e97b072bf3b5dd28ba1ad858ba081c5b3c3c0965a8fa1e4ab77a38

Download Submit
C:\Windows\System\dUfBkzh.exe

Filesize
2.2MB

MD5
2a59840f9580e1a6167b0d327e9cb530

SHA1
3aaf0c8f96f917007ec5e8e30170cd18cc29b92c

SHA256
f89b2f2b7343b18f013018fa0c326e45c4943ce1e76674a68b87dab80629bbda

SHA512
689be7e3b779b7316221af207d2c215b2e02455f69a557e65191f1fc134306918e13b7b7ed5b2c6b9444a52353f13944f8cb45213d1bda2c2c67e5c71acf0baa

Download Submit
C:\Windows\System\dZLYnAx.exe

Filesize
2.2MB

MD5
fb21eb2a1ff1d3c7e251c76f5fb0d8f1

SHA1
f9073e598333583132049503668298526df13f61

SHA256
924627a5b1449bae0aa0f6665bfc7e89eb99399ef89d0e8ceb39ee2462af2830

SHA512
d84ebd23efc3cb704cace649e10617b48f0f50dda2e9b2db88de3ad113c91db53f09e8e8f0ebbb40c97f4b925770524b00763ccae97467213da7b0ecf7047d47

Download Submit
C:\Windows\System\dgnHcVT.exe

Filesize
2.2MB

MD5
13a8639e4a827b5089ef531c87cb39b2

SHA1
c0bbc5c3f42e42f873df55d22274ff596f301904

SHA256
af8782668f153b1d4277391cb9dc860cf7e366e02e986b8aa6505cf270622476

SHA512
ba7fac9fe1a069a4c4d1afb4aae67fa7f011c04e9d624aa9c75fce951ee3194155c1433bbb94afd754ea3928b6cf6989a606b4dd7e972e58660271c614c7da02

Download Submit
C:\Windows\System\eGDcwjk.exe

Filesize
2.2MB

MD5
395f9e6fdcc7a35ade6c65cbefbbc665

SHA1
6861026bd471c0d42d514535ccadff4f6d39261f

SHA256
905659b07ebc4905b211aaebb49ab1482332eda9a1763b07fc7c4467fec2beb4

SHA512
f51e3265e6fbdbb5cbbb766ff7557c33d0b5121bf9c89586ece6457658ca58c85998e497be4405ee428924f63a3e8444f58773b3ddc8844012df0bb1fb919c43

Download Submit
C:\Windows\System\gQYzAht.exe

Filesize
2.2MB

MD5
0e21dbcc7b295e992db10d6ba8bc1d51

SHA1
ca144b668f73d7af8f6a0bb8989ec0b25478dd4a

SHA256
6f871873f3abae9da51a5804144eff27ba4ab8bfa4d4c01719a07c5b17e24d27

SHA512
6e989afe175c066c452302498ea641edc054b9c9baa9579b2d3ade118795cfe3d070a7a2dfdac063bad66ed5e37621ecffb01d501280a3f7ebfbd898477751d9

Download Submit
C:\Windows\System\kqaEJdQ.exe

Filesize
2.2MB

MD5
71bc055421bcf9e8a3417a6ca85c2d82

SHA1
176eabd4f3c57b728041805a78e961746e6df50e

SHA256
00adacd5e1b486c998c9fae99c663ad17e2643f9cd399a9c108264a9896696fa

SHA512
763783b59c079ac412a4098880c5b803b2871d8a6bc2ed0f8090295ed3e6e0a24f47af3c3295a9048aade3134b1c692dfa3c15feb6b54a4a2e7ee9eb642d024c

Download Submit
C:\Windows\System\lGgdkuf.exe

Filesize
2.2MB

MD5
2fc97bf4ac07eb10e0598553f22b3d89

SHA1
a0dbdb741396c577e1a8532e7871ffe6c739e487

SHA256
7d758080a39cfe50144da3cf42ed9c3247c9427f62071a4d0ab896c574929b3f

SHA512
60f6a0bc774008f287461bf8eb48bd704bf4f2047c5698d05935ae6941022dc666e6da013a5efa514f68697c6c30efd39a83b8bcfdfb2ece0ca590fc24e19b44

Download Submit
C:\Windows\System\lNbAoGQ.exe

Filesize
2.2MB

MD5
9bdee5a0d904879ce8bbfb72f78591f8

SHA1
31685e7945c0f4565b73222c14240b2b58877d8b

SHA256
e29db8ce1651c8f1cd93aac1ded159261e4b0465f283f5d686b4ac3a250eb0c6

SHA512
5e7bb5c398985aea26e3ae85f2145141a3b5eacebf7c0b737505cc92df3a65481b4ce2865241defc7594376a51cf56a4e346cff086e142378160e7f330df680b

Download Submit
C:\Windows\System\oFhjavd.exe

Filesize
2.2MB

MD5
efaf6529b29c60efc170095f7787ec10

SHA1
52f55f4dd1233dae57d0be7b37e8a41c3c8d95b1

SHA256
454fedbf95a6f7ba05d06f43b465e79e71d260cf996363e75582dc4384cf4d48

SHA512
04fc67051198511c7038f361f5a4e767c122537d17fa9f73dbd1cff39fccf0c7180a0536ab266066067937b5de2a823ea0dc7df0c5250c78192ddfad99b4a742

Download Submit
C:\Windows\System\qzjyNVg.exe

Filesize
2.2MB

MD5
4007535e3404eb33bb87aa0d49939b4c

SHA1
364fc724322816c45e591fb7887c8eae8d57d656

SHA256
eb24ef40a2225e58ea784c53f8915439b6153427904195769ccb8751a539c91a

SHA512
b34b8dbb132ea1904d91f687d72fe284a14ec8efbf04bb86c88afb1d5e2ac114ad2306bc980ce6c1d64e973631594ba47f9e69dab440ea73c58db7df4ce92b4c

Download Submit
C:\Windows\System\tQKNwsu.exe

Filesize
2.2MB

MD5
f679fbb93a2fb024993ea88adf905906

SHA1
c6034391d678580360c12771203752d409130af7

SHA256
48fab07c2b7f47ffb5df6147b6e587bfa8d0778d92dc89877266a0a6ad10b453

SHA512
1454a394259b666b7fb7dba1efe8f90b3306938b8e496780b6827e75c2433fc0622d590c8e90418c8497ded223bf6e2df33e7e93a3ac9cb2271a24372cb5792a

Download Submit
C:\Windows\System\xEfKvXA.exe

Filesize
2.2MB

MD5
281b17a395a921450dfad99e73e7041f

SHA1
f79082c2ddaa4675aee3c36771df6ac53d491687

SHA256
3a4b529a6cf44b095ffdc8f2601393c8403f5686bff7633d5aefc04f0a7ed71f

SHA512
51957ebee59edfefefd532114446b702bbe7a9ca047a780cb967ef76d24aa00ca9902124496414860744a3975fad57269783cf25b115de84e4857d2242e2852b

Download Submit
C:\Windows\System\yJgWkeG.exe

Filesize
2.2MB

MD5
965d23e4bedc6bf857dfffbcca9c9d6f

SHA1
18f146e361d70554855b46c5c8da0f5b218e5afb

SHA256
83c2876d1351c42c862f8231cc4a17f43e618d86b515a8fc02a2300a5c3a8af1

SHA512
d120a769fd1dba2e64781217f766a15fd048a9add8937a59b3d554058e10e78bac362f1b4af6a98fbe537e74fd06e039405601be9cc9fd20a372dfea207db38f

Download Submit
C:\Windows\System\ykQcsPi.exe

Filesize
2.2MB

MD5
580c9a511cd1d6249ca3b98864fa2643

SHA1
df591e9d81cd89ad0291acf229ab2b2c77450960

SHA256
628bbf69611c81ed057bc6c031223b42894ca78a07e06ece33206deba3be68a2

SHA512
30adab2008af22aebda5f0be4161c8916aa232a753948e095345366bb1c79b64745eb2fcfd082527dc39c41e1a6da0e998f19821eb6d45efd011f861e26d6515

Download Submit
memory/628-551-0x00007FF6E9B30000-0x00007FF6E9E84000-memory.dmp

Filesize
3.3MB

Download
memory/628-2118-0x00007FF6E9B30000-0x00007FF6E9E84000-memory.dmp

Filesize
3.3MB

Download
memory/1044-537-0x00007FF732580000-0x00007FF7328D4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2119-0x00007FF732580000-0x00007FF7328D4000-memory.dmp

Filesize
3.3MB

Download
memory/1080-643-0x00007FF6772E0000-0x00007FF677634000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2138-0x00007FF6772E0000-0x00007FF677634000-memory.dmp

Filesize
3.3MB

Download
memory/1184-1-0x000002DF54490000-0x000002DF544A0000-memory.dmp

Filesize
64KB

Download
memory/1184-0-0x00007FF7146E0000-0x00007FF714A34000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2111-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp

Filesize
3.3MB

Download
memory/1744-9-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2108-0x00007FF7C30E0000-0x00007FF7C3434000-memory.dmp

Filesize
3.3MB

Download
memory/1788-650-0x00007FF6FB610000-0x00007FF6FB964000-memory.dmp

Filesize
3.3MB

Download
memory/1788-2139-0x00007FF6FB610000-0x00007FF6FB964000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2116-0x00007FF7E8B00000-0x00007FF7E8E54000-memory.dmp

Filesize
3.3MB

Download
memory/1800-555-0x00007FF7E8B00000-0x00007FF7E8E54000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2123-0x00007FF751320000-0x00007FF751674000-memory.dmp

Filesize
3.3MB

Download
memory/1960-578-0x00007FF751320000-0x00007FF751674000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2117-0x00007FF668EB0000-0x00007FF669204000-memory.dmp

Filesize
3.3MB

Download
memory/2096-546-0x00007FF668EB0000-0x00007FF669204000-memory.dmp

Filesize
3.3MB

Download
memory/2452-653-0x00007FF6F44D0000-0x00007FF6F4824000-memory.dmp

Filesize
3.3MB

Download
memory/2452-2121-0x00007FF6F44D0000-0x00007FF6F4824000-memory.dmp

Filesize
3.3MB

Download
memory/2460-613-0x00007FF749C70000-0x00007FF749FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2133-0x00007FF749C70000-0x00007FF749FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2135-0x00007FF754000000-0x00007FF754354000-memory.dmp

Filesize
3.3MB

Download
memory/2488-630-0x00007FF754000000-0x00007FF754354000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2128-0x00007FF644170000-0x00007FF6444C4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-589-0x00007FF644170000-0x00007FF6444C4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-563-0x00007FF740080000-0x00007FF7403D4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2124-0x00007FF740080000-0x00007FF7403D4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2136-0x00007FF780B50000-0x00007FF780EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-637-0x00007FF780B50000-0x00007FF780EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-566-0x00007FF747740000-0x00007FF747A94000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2130-0x00007FF747740000-0x00007FF747A94000-memory.dmp

Filesize
3.3MB

Download
memory/3272-600-0x00007FF6A6C00000-0x00007FF6A6F54000-memory.dmp

Filesize
3.3MB

Download
memory/3272-2129-0x00007FF6A6C00000-0x00007FF6A6F54000-memory.dmp

Filesize
3.3MB

Download
memory/3332-623-0x00007FF679770000-0x00007FF679AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3332-2131-0x00007FF679770000-0x00007FF679AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3468-517-0x00007FF6B9450000-0x00007FF6B97A4000-memory.dmp

Filesize
3.3MB

Download
memory/3468-2114-0x00007FF6B9450000-0x00007FF6B97A4000-memory.dmp

Filesize
3.3MB

Download
memory/3572-2113-0x00007FF6401E0000-0x00007FF640534000-memory.dmp

Filesize
3.3MB

Download
memory/3572-30-0x00007FF6401E0000-0x00007FF640534000-memory.dmp

Filesize
3.3MB

Download
memory/3720-2126-0x00007FF745D00000-0x00007FF746054000-memory.dmp

Filesize
3.3MB

Download
memory/3720-584-0x00007FF745D00000-0x00007FF746054000-memory.dmp

Filesize
3.3MB

Download
memory/4008-36-0x00007FF77BFA0000-0x00007FF77C2F4000-memory.dmp

Filesize
3.3MB

Download
memory/4008-2115-0x00007FF77BFA0000-0x00007FF77C2F4000-memory.dmp

Filesize
3.3MB

Download
memory/4008-2110-0x00007FF77BFA0000-0x00007FF77C2F4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-2122-0x00007FF736D90000-0x00007FF7370E4000-memory.dmp

Filesize
3.3MB

Download
memory/4116-524-0x00007FF736D90000-0x00007FF7370E4000-memory.dmp

Filesize
3.3MB

Download
memory/4188-2125-0x00007FF76A270000-0x00007FF76A5C4000-memory.dmp

Filesize
3.3MB

Download
memory/4188-604-0x00007FF76A270000-0x00007FF76A5C4000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2112-0x00007FF645030000-0x00007FF645384000-memory.dmp

Filesize
3.3MB

Download
memory/4596-19-0x00007FF645030000-0x00007FF645384000-memory.dmp

Filesize
3.3MB

Download
memory/4596-2109-0x00007FF645030000-0x00007FF645384000-memory.dmp

Filesize
3.3MB

Download
memory/4680-634-0x00007FF6EB240000-0x00007FF6EB594000-memory.dmp

Filesize
3.3MB

Download
memory/4680-2137-0x00007FF6EB240000-0x00007FF6EB594000-memory.dmp

Filesize
3.3MB

Download
memory/4792-2120-0x00007FF61D190000-0x00007FF61D4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4792-532-0x00007FF61D190000-0x00007FF61D4E4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-2134-0x00007FF763060000-0x00007FF7633B4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-614-0x00007FF763060000-0x00007FF7633B4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-620-0x00007FF7B20A0000-0x00007FF7B23F4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-2132-0x00007FF7B20A0000-0x00007FF7B23F4000-memory.dmp

Filesize
3.3MB

Download
memory/5028-2127-0x00007FF656890000-0x00007FF656BE4000-memory.dmp

Filesize
3.3MB

Download
memory/5028-609-0x00007FF656890000-0x00007FF656BE4000-memory.dmp

Filesize
3.3MB

Download