xmrig | 7238485a7c6f0b146607bb797601d5c88989cf0c686838b5c95ae0714014e3b5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
Size

1.9MB
MD5

6f256113fbafbab8f1e734a24b277700
SHA1

2d69041ffa24b42732aa22c5b04bbd26895d8b8e
SHA256

7238485a7c6f0b146607bb797601d5c88989cf0c686838b5c95ae0714014e3b5
SHA512

97184370a4efad6a3de38d9e89a291725b6b92697ab0281084a77283d37bd4e9f6797c903289c59ada34a786ad9b55b3331a0e71324974d17773ee065468b439
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQF3OioF5qdhpN:BemTLkNdfE0pZrQF

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3992-0-0x00007FF6BD9F0000-0x00007FF6BDD44000-memory.dmp	xmrig
C:\Windows\System\CnbSSBw.exe	xmrig
C:\Windows\System\pFMrifr.exe	xmrig
C:\Windows\System\OTWxhai.exe	xmrig
behavioral2/memory/3392-12-0x00007FF7D7960000-0x00007FF7D7CB4000-memory.dmp	xmrig
C:\Windows\System\RjAQovf.exe	xmrig
C:\Windows\System\MdNzmXq.exe	xmrig
C:\Windows\System\CvfyyvY.exe	xmrig
C:\Windows\System\zBykdLD.exe	xmrig
C:\Windows\System\LjMHbcA.exe	xmrig
C:\Windows\System\Eyoqnpp.exe	xmrig
C:\Windows\System\oAPYtLC.exe	xmrig
C:\Windows\System\FuRwHzU.exe	xmrig
C:\Windows\System\nEUpzGi.exe	xmrig
C:\Windows\System\xREcJhd.exe	xmrig
C:\Windows\System\HnXrAzZ.exe	xmrig
C:\Windows\System\ByYKfrK.exe	xmrig
behavioral2/memory/2928-493-0x00007FF642120000-0x00007FF642474000-memory.dmp	xmrig
behavioral2/memory/2024-494-0x00007FF6CD5F0000-0x00007FF6CD944000-memory.dmp	xmrig
behavioral2/memory/1564-495-0x00007FF75E220000-0x00007FF75E574000-memory.dmp	xmrig
behavioral2/memory/1288-496-0x00007FF7198A0000-0x00007FF719BF4000-memory.dmp	xmrig
behavioral2/memory/4920-497-0x00007FF6F0040000-0x00007FF6F0394000-memory.dmp	xmrig
behavioral2/memory/2044-509-0x00007FF60D3A0000-0x00007FF60D6F4000-memory.dmp	xmrig
behavioral2/memory/372-523-0x00007FF6428F0000-0x00007FF642C44000-memory.dmp	xmrig
behavioral2/memory/4888-531-0x00007FF60A340000-0x00007FF60A694000-memory.dmp	xmrig
behavioral2/memory/3712-528-0x00007FF7FDB70000-0x00007FF7FDEC4000-memory.dmp	xmrig
behavioral2/memory/4868-537-0x00007FF653DC0000-0x00007FF654114000-memory.dmp	xmrig
behavioral2/memory/2392-556-0x00007FF73E7C0000-0x00007FF73EB14000-memory.dmp	xmrig
behavioral2/memory/3388-550-0x00007FF6F1910000-0x00007FF6F1C64000-memory.dmp	xmrig
behavioral2/memory/2228-570-0x00007FF78E030000-0x00007FF78E384000-memory.dmp	xmrig
behavioral2/memory/2348-628-0x00007FF652C70000-0x00007FF652FC4000-memory.dmp	xmrig
behavioral2/memory/2544-634-0x00007FF6D5AA0000-0x00007FF6D5DF4000-memory.dmp	xmrig
behavioral2/memory/632-620-0x00007FF664CF0000-0x00007FF665044000-memory.dmp	xmrig
behavioral2/memory/2372-611-0x00007FF6B4AC0000-0x00007FF6B4E14000-memory.dmp	xmrig
behavioral2/memory/1324-596-0x00007FF61EE00000-0x00007FF61F154000-memory.dmp	xmrig
behavioral2/memory/432-608-0x00007FF68DA40000-0x00007FF68DD94000-memory.dmp	xmrig
behavioral2/memory/4880-589-0x00007FF679370000-0x00007FF6796C4000-memory.dmp	xmrig
behavioral2/memory/5020-586-0x00007FF776D10000-0x00007FF777064000-memory.dmp	xmrig
behavioral2/memory/532-577-0x00007FF7687E0000-0x00007FF768B34000-memory.dmp	xmrig
behavioral2/memory/2524-562-0x00007FF6F7080000-0x00007FF6F73D4000-memory.dmp	xmrig
behavioral2/memory/4624-516-0x00007FF690120000-0x00007FF690474000-memory.dmp	xmrig
behavioral2/memory/2420-502-0x00007FF702870000-0x00007FF702BC4000-memory.dmp	xmrig
behavioral2/memory/4988-498-0x00007FF7AEBE0000-0x00007FF7AEF34000-memory.dmp	xmrig
C:\Windows\System\nDyAOSE.exe	xmrig
C:\Windows\System\qbwFKgT.exe	xmrig
C:\Windows\System\iTUrDIz.exe	xmrig
C:\Windows\System\YZapdlZ.exe	xmrig
C:\Windows\System\NDomaCv.exe	xmrig
C:\Windows\System\kaKvaaR.exe	xmrig
C:\Windows\System\TcgRbqd.exe	xmrig
C:\Windows\System\OyAMkGb.exe	xmrig
C:\Windows\System\SDgAQdD.exe	xmrig
C:\Windows\System\PLqlMHM.exe	xmrig
C:\Windows\System\KdnlYDM.exe	xmrig
C:\Windows\System\btQufeA.exe	xmrig
C:\Windows\System\AcqIhBG.exe	xmrig
C:\Windows\System\orvfKuD.exe	xmrig
C:\Windows\System\oprRADb.exe	xmrig
C:\Windows\System\NTxFlhq.exe	xmrig
C:\Windows\System\WkvavqS.exe	xmrig
C:\Windows\System\AmYLXQD.exe	xmrig
behavioral2/memory/4424-45-0x00007FF7AF850000-0x00007FF7AFBA4000-memory.dmp	xmrig
behavioral2/memory/3820-13-0x00007FF75FF40000-0x00007FF760294000-memory.dmp	xmrig
behavioral2/memory/3392-2133-0x00007FF7D7960000-0x00007FF7D7CB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

CnbSSBw.exeOTWxhai.exepFMrifr.exeRjAQovf.exeMdNzmXq.exezBykdLD.exeCvfyyvY.exeLjMHbcA.exeEyoqnpp.exeAmYLXQD.exeWkvavqS.exeoAPYtLC.exeNTxFlhq.exeoprRADb.exeFuRwHzU.exenEUpzGi.exeorvfKuD.exeAcqIhBG.exebtQufeA.exeKdnlYDM.exePLqlMHM.exexREcJhd.exeHnXrAzZ.exeSDgAQdD.exeOyAMkGb.exeTcgRbqd.exeByYKfrK.exekaKvaaR.exeNDomaCv.exeYZapdlZ.exeqbwFKgT.exeiTUrDIz.exenDyAOSE.exeKohUcpN.exebvyIlUI.exesiQyhqX.exeCzkDNec.exeMoFojtS.exeojLGhaa.exeSGnIACz.exeEzBLzMV.exegSPoSxX.exeEWskETE.exeLHBUnjN.exeJLpFAsH.exeEbJBklq.exeEmOZwTt.exeyAecTIu.exeEuxpqvd.exeLmDUFbD.exeNkpoErl.exeRsEjFYX.exeuYWBQXk.exeFyPjdjW.exewYPAKxS.exerKVMLto.exeMqAZhnL.exeHByKHWL.exewepwocJ.exeFTDQYvX.exezLRWnIb.exegkcTkzF.exeJJdNVdp.exevdofMTB.exe

pid	process
3392	CnbSSBw.exe
3820	OTWxhai.exe
4424	pFMrifr.exe
2928	RjAQovf.exe
2544	MdNzmXq.exe
2024	zBykdLD.exe
1564	CvfyyvY.exe
1288	LjMHbcA.exe
4920	Eyoqnpp.exe
4988	AmYLXQD.exe
2420	WkvavqS.exe
2044	oAPYtLC.exe
4624	NTxFlhq.exe
372	oprRADb.exe
3712	FuRwHzU.exe
4888	nEUpzGi.exe
4868	orvfKuD.exe
3388	AcqIhBG.exe
2392	btQufeA.exe
2524	KdnlYDM.exe
2228	PLqlMHM.exe
532	xREcJhd.exe
5020	HnXrAzZ.exe
4880	SDgAQdD.exe
1324	OyAMkGb.exe
432	TcgRbqd.exe
2372	ByYKfrK.exe
632	kaKvaaR.exe
2348	NDomaCv.exe
2608	YZapdlZ.exe
3628	qbwFKgT.exe
1128	iTUrDIz.exe
1932	nDyAOSE.exe
1760	KohUcpN.exe
984	bvyIlUI.exe
4192	siQyhqX.exe
2904	CzkDNec.exe
4068	MoFojtS.exe
836	ojLGhaa.exe
4532	SGnIACz.exe
3708	EzBLzMV.exe
4508	gSPoSxX.exe
1976	EWskETE.exe
4204	LHBUnjN.exe
4892	JLpFAsH.exe
4360	EbJBklq.exe
4320	EmOZwTt.exe
2076	yAecTIu.exe
3988	Euxpqvd.exe
5016	LmDUFbD.exe
4564	NkpoErl.exe
4552	RsEjFYX.exe
3208	uYWBQXk.exe
3680	FyPjdjW.exe
2648	wYPAKxS.exe
1644	rKVMLto.exe
1424	MqAZhnL.exe
2332	HByKHWL.exe
1252	wepwocJ.exe
3276	FTDQYvX.exe
3032	zLRWnIb.exe
4064	gkcTkzF.exe
4760	JJdNVdp.exe
3476	vdofMTB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3992-0-0x00007FF6BD9F0000-0x00007FF6BDD44000-memory.dmp	upx
C:\Windows\System\CnbSSBw.exe	upx
C:\Windows\System\pFMrifr.exe	upx
C:\Windows\System\OTWxhai.exe	upx
behavioral2/memory/3392-12-0x00007FF7D7960000-0x00007FF7D7CB4000-memory.dmp	upx
C:\Windows\System\RjAQovf.exe	upx
C:\Windows\System\MdNzmXq.exe	upx
C:\Windows\System\CvfyyvY.exe	upx
C:\Windows\System\zBykdLD.exe	upx
C:\Windows\System\LjMHbcA.exe	upx
C:\Windows\System\Eyoqnpp.exe	upx
C:\Windows\System\oAPYtLC.exe	upx
C:\Windows\System\FuRwHzU.exe	upx
C:\Windows\System\nEUpzGi.exe	upx
C:\Windows\System\xREcJhd.exe	upx
C:\Windows\System\HnXrAzZ.exe	upx
C:\Windows\System\ByYKfrK.exe	upx
behavioral2/memory/2928-493-0x00007FF642120000-0x00007FF642474000-memory.dmp	upx
behavioral2/memory/2024-494-0x00007FF6CD5F0000-0x00007FF6CD944000-memory.dmp	upx
behavioral2/memory/1564-495-0x00007FF75E220000-0x00007FF75E574000-memory.dmp	upx
behavioral2/memory/1288-496-0x00007FF7198A0000-0x00007FF719BF4000-memory.dmp	upx
behavioral2/memory/4920-497-0x00007FF6F0040000-0x00007FF6F0394000-memory.dmp	upx
behavioral2/memory/2044-509-0x00007FF60D3A0000-0x00007FF60D6F4000-memory.dmp	upx
behavioral2/memory/372-523-0x00007FF6428F0000-0x00007FF642C44000-memory.dmp	upx
behavioral2/memory/4888-531-0x00007FF60A340000-0x00007FF60A694000-memory.dmp	upx
behavioral2/memory/3712-528-0x00007FF7FDB70000-0x00007FF7FDEC4000-memory.dmp	upx
behavioral2/memory/4868-537-0x00007FF653DC0000-0x00007FF654114000-memory.dmp	upx
behavioral2/memory/2392-556-0x00007FF73E7C0000-0x00007FF73EB14000-memory.dmp	upx
behavioral2/memory/3388-550-0x00007FF6F1910000-0x00007FF6F1C64000-memory.dmp	upx
behavioral2/memory/2228-570-0x00007FF78E030000-0x00007FF78E384000-memory.dmp	upx
behavioral2/memory/2348-628-0x00007FF652C70000-0x00007FF652FC4000-memory.dmp	upx
behavioral2/memory/2544-634-0x00007FF6D5AA0000-0x00007FF6D5DF4000-memory.dmp	upx
behavioral2/memory/632-620-0x00007FF664CF0000-0x00007FF665044000-memory.dmp	upx
behavioral2/memory/2372-611-0x00007FF6B4AC0000-0x00007FF6B4E14000-memory.dmp	upx
behavioral2/memory/1324-596-0x00007FF61EE00000-0x00007FF61F154000-memory.dmp	upx
behavioral2/memory/432-608-0x00007FF68DA40000-0x00007FF68DD94000-memory.dmp	upx
behavioral2/memory/4880-589-0x00007FF679370000-0x00007FF6796C4000-memory.dmp	upx
behavioral2/memory/5020-586-0x00007FF776D10000-0x00007FF777064000-memory.dmp	upx
behavioral2/memory/532-577-0x00007FF7687E0000-0x00007FF768B34000-memory.dmp	upx
behavioral2/memory/2524-562-0x00007FF6F7080000-0x00007FF6F73D4000-memory.dmp	upx
behavioral2/memory/4624-516-0x00007FF690120000-0x00007FF690474000-memory.dmp	upx
behavioral2/memory/2420-502-0x00007FF702870000-0x00007FF702BC4000-memory.dmp	upx
behavioral2/memory/4988-498-0x00007FF7AEBE0000-0x00007FF7AEF34000-memory.dmp	upx
C:\Windows\System\nDyAOSE.exe	upx
C:\Windows\System\qbwFKgT.exe	upx
C:\Windows\System\iTUrDIz.exe	upx
C:\Windows\System\YZapdlZ.exe	upx
C:\Windows\System\NDomaCv.exe	upx
C:\Windows\System\kaKvaaR.exe	upx
C:\Windows\System\TcgRbqd.exe	upx
C:\Windows\System\OyAMkGb.exe	upx
C:\Windows\System\SDgAQdD.exe	upx
C:\Windows\System\PLqlMHM.exe	upx
C:\Windows\System\KdnlYDM.exe	upx
C:\Windows\System\btQufeA.exe	upx
C:\Windows\System\AcqIhBG.exe	upx
C:\Windows\System\orvfKuD.exe	upx
C:\Windows\System\oprRADb.exe	upx
C:\Windows\System\NTxFlhq.exe	upx
C:\Windows\System\WkvavqS.exe	upx
C:\Windows\System\AmYLXQD.exe	upx
behavioral2/memory/4424-45-0x00007FF7AF850000-0x00007FF7AFBA4000-memory.dmp	upx
behavioral2/memory/3820-13-0x00007FF75FF40000-0x00007FF760294000-memory.dmp	upx
behavioral2/memory/3392-2133-0x00007FF7D7960000-0x00007FF7D7CB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\zhyyHzA.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\KoXJABh.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\gkcTkzF.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\UfrrChB.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\dKzWORh.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\zjkCGfx.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\IqfinfV.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\pElYODX.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\oDaqRGa.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\eoQgGQw.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\EEFrzLX.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\kaJUBiE.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\rlhlMoi.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\rKVMLto.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\qJbIDaR.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\PDLKZLn.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\PxEEKCX.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\FgwFmjL.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\PpDczMX.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\kynMnym.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\nRKRVbI.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\gEooPrd.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\fgUJVdL.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\dHsuslM.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\dSCDlAG.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\EmOZwTt.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\QpBLEeC.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\BFwoFdH.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\Euxpqvd.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\zHYQWPE.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\EugTGmQ.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\yAWLTyg.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\mKmztog.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\OgUMkJF.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\vxggoFS.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\ZUKQkpj.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\rDKZfDU.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\XLLJXeQ.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\xEIjind.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\noODimX.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\vigNcua.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\nmbbDWx.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\kxYySas.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\TcgRbqd.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\bYCkkWK.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\arvegUc.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\aUdRehr.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\XNLAthe.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\wqhBWHk.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\IcviDkK.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\soOJwqI.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\LKodqqR.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\vIuUBqd.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\ofSKcuf.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\vSComUY.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\pYhsKBM.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\eECwgnm.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\zPuopgK.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\pGpHqhY.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\PfqYayF.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\oiWxfCZ.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\kaKvaaR.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\tnipBfc.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
File created	C:\Windows\System\inaSIcH.exe	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	15096	dwm.exe
Token: SeChangeNotifyPrivilege	15096	dwm.exe
Token: 33	15096	dwm.exe
Token: SeIncBasePriorityPrivilege	15096	dwm.exe
Token: SeShutdownPrivilege	15096	dwm.exe
Token: SeCreatePagefilePrivilege	15096	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe

description	pid	process	target process
PID 3992 wrote to memory of 3392	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	CnbSSBw.exe
PID 3992 wrote to memory of 3392	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	CnbSSBw.exe
PID 3992 wrote to memory of 3820	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	OTWxhai.exe
PID 3992 wrote to memory of 3820	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	OTWxhai.exe
PID 3992 wrote to memory of 4424	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	pFMrifr.exe
PID 3992 wrote to memory of 4424	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	pFMrifr.exe
PID 3992 wrote to memory of 2928	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	RjAQovf.exe
PID 3992 wrote to memory of 2928	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	RjAQovf.exe
PID 3992 wrote to memory of 2544	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	MdNzmXq.exe
PID 3992 wrote to memory of 2544	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	MdNzmXq.exe
PID 3992 wrote to memory of 2024	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	zBykdLD.exe
PID 3992 wrote to memory of 2024	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	zBykdLD.exe
PID 3992 wrote to memory of 1564	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	CvfyyvY.exe
PID 3992 wrote to memory of 1564	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	CvfyyvY.exe
PID 3992 wrote to memory of 1288	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	LjMHbcA.exe
PID 3992 wrote to memory of 1288	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	LjMHbcA.exe
PID 3992 wrote to memory of 4920	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	Eyoqnpp.exe
PID 3992 wrote to memory of 4920	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	Eyoqnpp.exe
PID 3992 wrote to memory of 4988	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	AmYLXQD.exe
PID 3992 wrote to memory of 4988	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	AmYLXQD.exe
PID 3992 wrote to memory of 2420	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	WkvavqS.exe
PID 3992 wrote to memory of 2420	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	WkvavqS.exe
PID 3992 wrote to memory of 2044	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	oAPYtLC.exe
PID 3992 wrote to memory of 2044	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	oAPYtLC.exe
PID 3992 wrote to memory of 4624	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	NTxFlhq.exe
PID 3992 wrote to memory of 4624	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	NTxFlhq.exe
PID 3992 wrote to memory of 372	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	oprRADb.exe
PID 3992 wrote to memory of 372	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	oprRADb.exe
PID 3992 wrote to memory of 3712	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	FuRwHzU.exe
PID 3992 wrote to memory of 3712	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	FuRwHzU.exe
PID 3992 wrote to memory of 4888	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	nEUpzGi.exe
PID 3992 wrote to memory of 4888	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	nEUpzGi.exe
PID 3992 wrote to memory of 4868	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	orvfKuD.exe
PID 3992 wrote to memory of 4868	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	orvfKuD.exe
PID 3992 wrote to memory of 3388	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	AcqIhBG.exe
PID 3992 wrote to memory of 3388	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	AcqIhBG.exe
PID 3992 wrote to memory of 2392	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	btQufeA.exe
PID 3992 wrote to memory of 2392	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	btQufeA.exe
PID 3992 wrote to memory of 2524	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	KdnlYDM.exe
PID 3992 wrote to memory of 2524	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	KdnlYDM.exe
PID 3992 wrote to memory of 2228	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	PLqlMHM.exe
PID 3992 wrote to memory of 2228	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	PLqlMHM.exe
PID 3992 wrote to memory of 532	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	xREcJhd.exe
PID 3992 wrote to memory of 532	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	xREcJhd.exe
PID 3992 wrote to memory of 5020	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	HnXrAzZ.exe
PID 3992 wrote to memory of 5020	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	HnXrAzZ.exe
PID 3992 wrote to memory of 4880	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	SDgAQdD.exe
PID 3992 wrote to memory of 4880	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	SDgAQdD.exe
PID 3992 wrote to memory of 1324	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	OyAMkGb.exe
PID 3992 wrote to memory of 1324	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	OyAMkGb.exe
PID 3992 wrote to memory of 432	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	TcgRbqd.exe
PID 3992 wrote to memory of 432	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	TcgRbqd.exe
PID 3992 wrote to memory of 2372	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	ByYKfrK.exe
PID 3992 wrote to memory of 2372	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	ByYKfrK.exe
PID 3992 wrote to memory of 632	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	kaKvaaR.exe
PID 3992 wrote to memory of 632	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	kaKvaaR.exe
PID 3992 wrote to memory of 2348	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	NDomaCv.exe
PID 3992 wrote to memory of 2348	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	NDomaCv.exe
PID 3992 wrote to memory of 2608	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	YZapdlZ.exe
PID 3992 wrote to memory of 2608	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	YZapdlZ.exe
PID 3992 wrote to memory of 3628	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	qbwFKgT.exe
PID 3992 wrote to memory of 3628	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	qbwFKgT.exe
PID 3992 wrote to memory of 1128	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	iTUrDIz.exe
PID 3992 wrote to memory of 1128	3992	6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe	iTUrDIz.exe

C:\Users\Admin\AppData\Local\Temp\6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6f256113fbafbab8f1e734a24b277700_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3992

C:\Windows\System\CnbSSBw.exe
C:\Windows\System\CnbSSBw.exe
2⤵
- Executes dropped EXE
PID:3392

C:\Windows\System\OTWxhai.exe
C:\Windows\System\OTWxhai.exe
2⤵
- Executes dropped EXE
PID:3820

C:\Windows\System\pFMrifr.exe
C:\Windows\System\pFMrifr.exe
2⤵
- Executes dropped EXE
PID:4424

C:\Windows\System\RjAQovf.exe
C:\Windows\System\RjAQovf.exe
2⤵
- Executes dropped EXE
PID:2928

C:\Windows\System\MdNzmXq.exe
C:\Windows\System\MdNzmXq.exe
2⤵
- Executes dropped EXE
PID:2544

C:\Windows\System\zBykdLD.exe
C:\Windows\System\zBykdLD.exe
2⤵
- Executes dropped EXE
PID:2024

C:\Windows\System\CvfyyvY.exe
C:\Windows\System\CvfyyvY.exe
2⤵
- Executes dropped EXE
PID:1564

C:\Windows\System\LjMHbcA.exe
C:\Windows\System\LjMHbcA.exe
2⤵
- Executes dropped EXE
PID:1288

C:\Windows\System\Eyoqnpp.exe
C:\Windows\System\Eyoqnpp.exe
2⤵
- Executes dropped EXE
PID:4920

C:\Windows\System\AmYLXQD.exe
C:\Windows\System\AmYLXQD.exe
2⤵
- Executes dropped EXE
PID:4988

C:\Windows\System\WkvavqS.exe
C:\Windows\System\WkvavqS.exe
2⤵
- Executes dropped EXE
PID:2420

C:\Windows\System\oAPYtLC.exe
C:\Windows\System\oAPYtLC.exe
2⤵
- Executes dropped EXE
PID:2044

C:\Windows\System\NTxFlhq.exe
C:\Windows\System\NTxFlhq.exe
2⤵
- Executes dropped EXE
PID:4624

C:\Windows\System\oprRADb.exe
C:\Windows\System\oprRADb.exe
2⤵
- Executes dropped EXE
PID:372

C:\Windows\System\FuRwHzU.exe
C:\Windows\System\FuRwHzU.exe
2⤵
- Executes dropped EXE
PID:3712

C:\Windows\System\nEUpzGi.exe
C:\Windows\System\nEUpzGi.exe
2⤵
- Executes dropped EXE
PID:4888

C:\Windows\System\orvfKuD.exe
C:\Windows\System\orvfKuD.exe
2⤵
- Executes dropped EXE
PID:4868

C:\Windows\System\AcqIhBG.exe
C:\Windows\System\AcqIhBG.exe
2⤵
- Executes dropped EXE
PID:3388

C:\Windows\System\btQufeA.exe
C:\Windows\System\btQufeA.exe
2⤵
- Executes dropped EXE
PID:2392

C:\Windows\System\KdnlYDM.exe
C:\Windows\System\KdnlYDM.exe
2⤵
- Executes dropped EXE
PID:2524

C:\Windows\System\PLqlMHM.exe
C:\Windows\System\PLqlMHM.exe
2⤵
- Executes dropped EXE
PID:2228

C:\Windows\System\xREcJhd.exe
C:\Windows\System\xREcJhd.exe
2⤵
- Executes dropped EXE
PID:532

C:\Windows\System\HnXrAzZ.exe
C:\Windows\System\HnXrAzZ.exe
2⤵
- Executes dropped EXE
PID:5020

C:\Windows\System\SDgAQdD.exe
C:\Windows\System\SDgAQdD.exe
2⤵
- Executes dropped EXE
PID:4880

C:\Windows\System\OyAMkGb.exe
C:\Windows\System\OyAMkGb.exe
2⤵
- Executes dropped EXE
PID:1324

C:\Windows\System\TcgRbqd.exe
C:\Windows\System\TcgRbqd.exe
2⤵
- Executes dropped EXE
PID:432

C:\Windows\System\ByYKfrK.exe
C:\Windows\System\ByYKfrK.exe
2⤵
- Executes dropped EXE
PID:2372

C:\Windows\System\kaKvaaR.exe
C:\Windows\System\kaKvaaR.exe
2⤵
- Executes dropped EXE
PID:632

C:\Windows\System\NDomaCv.exe
C:\Windows\System\NDomaCv.exe
2⤵
- Executes dropped EXE
PID:2348

C:\Windows\System\YZapdlZ.exe
C:\Windows\System\YZapdlZ.exe
2⤵
- Executes dropped EXE
PID:2608

C:\Windows\System\qbwFKgT.exe
C:\Windows\System\qbwFKgT.exe
2⤵
- Executes dropped EXE
PID:3628

C:\Windows\System\iTUrDIz.exe
C:\Windows\System\iTUrDIz.exe
2⤵
- Executes dropped EXE
PID:1128

C:\Windows\System\nDyAOSE.exe
C:\Windows\System\nDyAOSE.exe
2⤵
- Executes dropped EXE
PID:1932

C:\Windows\System\KohUcpN.exe
C:\Windows\System\KohUcpN.exe
2⤵
- Executes dropped EXE
PID:1760

C:\Windows\System\bvyIlUI.exe
C:\Windows\System\bvyIlUI.exe
2⤵
- Executes dropped EXE
PID:984

C:\Windows\System\siQyhqX.exe
C:\Windows\System\siQyhqX.exe
2⤵
- Executes dropped EXE
PID:4192

C:\Windows\System\CzkDNec.exe
C:\Windows\System\CzkDNec.exe
2⤵
- Executes dropped EXE
PID:2904

C:\Windows\System\MoFojtS.exe
C:\Windows\System\MoFojtS.exe
2⤵
- Executes dropped EXE
PID:4068

C:\Windows\System\ojLGhaa.exe
C:\Windows\System\ojLGhaa.exe
2⤵
- Executes dropped EXE
PID:836

C:\Windows\System\SGnIACz.exe
C:\Windows\System\SGnIACz.exe
2⤵
- Executes dropped EXE
PID:4532

C:\Windows\System\EzBLzMV.exe
C:\Windows\System\EzBLzMV.exe
2⤵
- Executes dropped EXE
PID:3708

C:\Windows\System\gSPoSxX.exe
C:\Windows\System\gSPoSxX.exe
2⤵
- Executes dropped EXE
PID:4508

C:\Windows\System\EWskETE.exe
C:\Windows\System\EWskETE.exe
2⤵
- Executes dropped EXE
PID:1976

C:\Windows\System\LHBUnjN.exe
C:\Windows\System\LHBUnjN.exe
2⤵
- Executes dropped EXE
PID:4204

C:\Windows\System\JLpFAsH.exe
C:\Windows\System\JLpFAsH.exe
2⤵
- Executes dropped EXE
PID:4892

C:\Windows\System\EbJBklq.exe
C:\Windows\System\EbJBklq.exe
2⤵
- Executes dropped EXE
PID:4360

C:\Windows\System\EmOZwTt.exe
C:\Windows\System\EmOZwTt.exe
2⤵
- Executes dropped EXE
PID:4320

C:\Windows\System\yAecTIu.exe
C:\Windows\System\yAecTIu.exe
2⤵
- Executes dropped EXE
PID:2076

C:\Windows\System\Euxpqvd.exe
C:\Windows\System\Euxpqvd.exe
2⤵
- Executes dropped EXE
PID:3988

C:\Windows\System\LmDUFbD.exe
C:\Windows\System\LmDUFbD.exe
2⤵
- Executes dropped EXE
PID:5016

C:\Windows\System\NkpoErl.exe
C:\Windows\System\NkpoErl.exe
2⤵
- Executes dropped EXE
PID:4564

C:\Windows\System\RsEjFYX.exe
C:\Windows\System\RsEjFYX.exe
2⤵
- Executes dropped EXE
PID:4552

C:\Windows\System\uYWBQXk.exe
C:\Windows\System\uYWBQXk.exe
2⤵
- Executes dropped EXE
PID:3208

C:\Windows\System\FyPjdjW.exe
C:\Windows\System\FyPjdjW.exe
2⤵
- Executes dropped EXE
PID:3680

C:\Windows\System\wYPAKxS.exe
C:\Windows\System\wYPAKxS.exe
2⤵
- Executes dropped EXE
PID:2648

C:\Windows\System\rKVMLto.exe
C:\Windows\System\rKVMLto.exe
2⤵
- Executes dropped EXE
PID:1644

C:\Windows\System\MqAZhnL.exe
C:\Windows\System\MqAZhnL.exe
2⤵
- Executes dropped EXE
PID:1424

C:\Windows\System\HByKHWL.exe
C:\Windows\System\HByKHWL.exe
2⤵
- Executes dropped EXE
PID:2332

C:\Windows\System\wepwocJ.exe
C:\Windows\System\wepwocJ.exe
2⤵
- Executes dropped EXE
PID:1252

C:\Windows\System\FTDQYvX.exe
C:\Windows\System\FTDQYvX.exe
2⤵
- Executes dropped EXE
PID:3276

C:\Windows\System\zLRWnIb.exe
C:\Windows\System\zLRWnIb.exe
2⤵
- Executes dropped EXE
PID:3032

C:\Windows\System\gkcTkzF.exe
C:\Windows\System\gkcTkzF.exe
2⤵
- Executes dropped EXE
PID:4064

C:\Windows\System\JJdNVdp.exe
C:\Windows\System\JJdNVdp.exe
2⤵
- Executes dropped EXE
PID:4760

C:\Windows\System\vdofMTB.exe
C:\Windows\System\vdofMTB.exe
2⤵
- Executes dropped EXE
PID:3476

C:\Windows\System\rlxaRpV.exe
C:\Windows\System\rlxaRpV.exe
2⤵
PID:980

C:\Windows\System\gEooPrd.exe
C:\Windows\System\gEooPrd.exe
2⤵
PID:1852

C:\Windows\System\DzkpEsb.exe
C:\Windows\System\DzkpEsb.exe
2⤵
PID:4300

C:\Windows\System\qDGrFMn.exe
C:\Windows\System\qDGrFMn.exe
2⤵
PID:3084

C:\Windows\System\kzKpDjH.exe
C:\Windows\System\kzKpDjH.exe
2⤵
PID:5032

C:\Windows\System\YVdbClN.exe
C:\Windows\System\YVdbClN.exe
2⤵
PID:628

C:\Windows\System\chYMRHY.exe
C:\Windows\System\chYMRHY.exe
2⤵
PID:5028

C:\Windows\System\QkhnoYJ.exe
C:\Windows\System\QkhnoYJ.exe
2⤵
PID:2876

C:\Windows\System\BUtlSXW.exe
C:\Windows\System\BUtlSXW.exe
2⤵
PID:3624

C:\Windows\System\CaHWemT.exe
C:\Windows\System\CaHWemT.exe
2⤵
PID:1368

C:\Windows\System\XLLJXeQ.exe
C:\Windows\System\XLLJXeQ.exe
2⤵
PID:2172

C:\Windows\System\lGjXpwX.exe
C:\Windows\System\lGjXpwX.exe
2⤵
PID:3600

C:\Windows\System\WxqBfmb.exe
C:\Windows\System\WxqBfmb.exe
2⤵
PID:3284

C:\Windows\System\ZkZizLR.exe
C:\Windows\System\ZkZizLR.exe
2⤵
PID:3836

C:\Windows\System\BSqvMHT.exe
C:\Windows\System\BSqvMHT.exe
2⤵
PID:3428

C:\Windows\System\cvybwui.exe
C:\Windows\System\cvybwui.exe
2⤵
PID:3468

C:\Windows\System\plHEhBJ.exe
C:\Windows\System\plHEhBJ.exe
2⤵
PID:464

C:\Windows\System\ulltcvp.exe
C:\Windows\System\ulltcvp.exe
2⤵
PID:1152

C:\Windows\System\qtDDAJX.exe
C:\Windows\System\qtDDAJX.exe
2⤵
PID:4416

C:\Windows\System\KTJPGGc.exe
C:\Windows\System\KTJPGGc.exe
2⤵
PID:5136

C:\Windows\System\FcjKBiL.exe
C:\Windows\System\FcjKBiL.exe
2⤵
PID:5164

C:\Windows\System\vIuUBqd.exe
C:\Windows\System\vIuUBqd.exe
2⤵
PID:5192

C:\Windows\System\yMySPLf.exe
C:\Windows\System\yMySPLf.exe
2⤵
PID:5220

C:\Windows\System\pYhsKBM.exe
C:\Windows\System\pYhsKBM.exe
2⤵
PID:5292

C:\Windows\System\AEpBiNv.exe
C:\Windows\System\AEpBiNv.exe
2⤵
PID:5308

C:\Windows\System\UFUaNRq.exe
C:\Windows\System\UFUaNRq.exe
2⤵
PID:5324

C:\Windows\System\mKmztog.exe
C:\Windows\System\mKmztog.exe
2⤵
PID:5340

C:\Windows\System\GwmRKDT.exe
C:\Windows\System\GwmRKDT.exe
2⤵
PID:5368

C:\Windows\System\pElYODX.exe
C:\Windows\System\pElYODX.exe
2⤵
PID:5396

C:\Windows\System\CFzXsxY.exe
C:\Windows\System\CFzXsxY.exe
2⤵
PID:5424

C:\Windows\System\ySLcyAv.exe
C:\Windows\System\ySLcyAv.exe
2⤵
PID:5452

C:\Windows\System\JcTxEjh.exe
C:\Windows\System\JcTxEjh.exe
2⤵
PID:5480

C:\Windows\System\PaHruLZ.exe
C:\Windows\System\PaHruLZ.exe
2⤵
PID:5508

C:\Windows\System\QzXESdN.exe
C:\Windows\System\QzXESdN.exe
2⤵
PID:5536

C:\Windows\System\JreCfLS.exe
C:\Windows\System\JreCfLS.exe
2⤵
PID:5564

C:\Windows\System\oPdsTgM.exe
C:\Windows\System\oPdsTgM.exe
2⤵
PID:5592

C:\Windows\System\PwQSlqE.exe
C:\Windows\System\PwQSlqE.exe
2⤵
PID:5616

C:\Windows\System\MwPSooA.exe
C:\Windows\System\MwPSooA.exe
2⤵
PID:5644

C:\Windows\System\CXRIeal.exe
C:\Windows\System\CXRIeal.exe
2⤵
PID:5672

C:\Windows\System\xEIjind.exe
C:\Windows\System\xEIjind.exe
2⤵
PID:5700

C:\Windows\System\mQEHHqJ.exe
C:\Windows\System\mQEHHqJ.exe
2⤵
PID:5732

C:\Windows\System\zmnAoIP.exe
C:\Windows\System\zmnAoIP.exe
2⤵
PID:5760

C:\Windows\System\HlOFijV.exe
C:\Windows\System\HlOFijV.exe
2⤵
PID:5788

C:\Windows\System\tnipBfc.exe
C:\Windows\System\tnipBfc.exe
2⤵
PID:5816

C:\Windows\System\KduqinJ.exe
C:\Windows\System\KduqinJ.exe
2⤵
PID:5844

C:\Windows\System\mJTTpIB.exe
C:\Windows\System\mJTTpIB.exe
2⤵
PID:5872

C:\Windows\System\CCmuIso.exe
C:\Windows\System\CCmuIso.exe
2⤵
PID:5900

C:\Windows\System\gGPwCoR.exe
C:\Windows\System\gGPwCoR.exe
2⤵
PID:5928

C:\Windows\System\ArxsMsv.exe
C:\Windows\System\ArxsMsv.exe
2⤵
PID:5956

C:\Windows\System\oVeUpXz.exe
C:\Windows\System\oVeUpXz.exe
2⤵
PID:5984

C:\Windows\System\MCoAahN.exe
C:\Windows\System\MCoAahN.exe
2⤵
PID:6012

C:\Windows\System\gWSgHoL.exe
C:\Windows\System\gWSgHoL.exe
2⤵
PID:6040

C:\Windows\System\yIuUUmK.exe
C:\Windows\System\yIuUUmK.exe
2⤵
PID:6068

C:\Windows\System\KmIWtuN.exe
C:\Windows\System\KmIWtuN.exe
2⤵
PID:6096

C:\Windows\System\AwAsjdS.exe
C:\Windows\System\AwAsjdS.exe
2⤵
PID:6120

C:\Windows\System\xIykRve.exe
C:\Windows\System\xIykRve.exe
2⤵
PID:2120

C:\Windows\System\HTaHRVl.exe
C:\Windows\System\HTaHRVl.exe
2⤵
PID:1148

C:\Windows\System\uqhIDOD.exe
C:\Windows\System\uqhIDOD.exe
2⤵
PID:1260

C:\Windows\System\mxJTAJr.exe
C:\Windows\System\mxJTAJr.exe
2⤵
PID:3848

C:\Windows\System\kYcCiYU.exe
C:\Windows\System\kYcCiYU.exe
2⤵
PID:5148

C:\Windows\System\DGbcaYE.exe
C:\Windows\System\DGbcaYE.exe
2⤵
PID:5204

C:\Windows\System\ieWitmG.exe
C:\Windows\System\ieWitmG.exe
2⤵
PID:5236

C:\Windows\System\HlcTcLd.exe
C:\Windows\System\HlcTcLd.exe
2⤵
PID:5332

C:\Windows\System\jCwfEaL.exe
C:\Windows\System\jCwfEaL.exe
2⤵
PID:5384

C:\Windows\System\eECwgnm.exe
C:\Windows\System\eECwgnm.exe
2⤵
PID:5444

C:\Windows\System\KFyvxRX.exe
C:\Windows\System\KFyvxRX.exe
2⤵
PID:5520

C:\Windows\System\hxArDay.exe
C:\Windows\System\hxArDay.exe
2⤵
PID:4860

C:\Windows\System\NRGcGPI.exe
C:\Windows\System\NRGcGPI.exe
2⤵
PID:5636

C:\Windows\System\zIwJRvm.exe
C:\Windows\System\zIwJRvm.exe
2⤵
PID:5696

C:\Windows\System\PqrQfhr.exe
C:\Windows\System\PqrQfhr.exe
2⤵
PID:5748

C:\Windows\System\bHCjwWR.exe
C:\Windows\System\bHCjwWR.exe
2⤵
PID:5808

C:\Windows\System\PICSaMF.exe
C:\Windows\System\PICSaMF.exe
2⤵
PID:5864

C:\Windows\System\PfkqQgo.exe
C:\Windows\System\PfkqQgo.exe
2⤵
PID:5920

C:\Windows\System\fRZsvFO.exe
C:\Windows\System\fRZsvFO.exe
2⤵
PID:6000

C:\Windows\System\TcvnAiY.exe
C:\Windows\System\TcvnAiY.exe
2⤵
PID:6056

C:\Windows\System\nRKRVbI.exe
C:\Windows\System\nRKRVbI.exe
2⤵
PID:6112

C:\Windows\System\nNKOmoa.exe
C:\Windows\System\nNKOmoa.exe
2⤵
PID:4884

C:\Windows\System\bkwxOxe.exe
C:\Windows\System\bkwxOxe.exe
2⤵
PID:3088

C:\Windows\System\VOOLcyu.exe
C:\Windows\System\VOOLcyu.exe
2⤵
PID:5212

C:\Windows\System\gRNpaCw.exe
C:\Windows\System\gRNpaCw.exe
2⤵
PID:5492

C:\Windows\System\keuymzD.exe
C:\Windows\System\keuymzD.exe
2⤵
PID:5608

C:\Windows\System\OxAdEZq.exe
C:\Windows\System\OxAdEZq.exe
2⤵
PID:5688

C:\Windows\System\xoacudb.exe
C:\Windows\System\xoacudb.exe
2⤵
PID:5856

C:\Windows\System\zhyyHzA.exe
C:\Windows\System\zhyyHzA.exe
2⤵
PID:5972

C:\Windows\System\OwxHHGN.exe
C:\Windows\System\OwxHHGN.exe
2⤵
PID:4352

C:\Windows\System\igWlUOg.exe
C:\Windows\System\igWlUOg.exe
2⤵
PID:1560

C:\Windows\System\eTgqyDO.exe
C:\Windows\System\eTgqyDO.exe
2⤵
PID:3264

C:\Windows\System\TDjgFRm.exe
C:\Windows\System\TDjgFRm.exe
2⤵
PID:5124

C:\Windows\System\UTMzwPa.exe
C:\Windows\System\UTMzwPa.exe
2⤵
PID:1780

C:\Windows\System\hQwmIZF.exe
C:\Windows\System\hQwmIZF.exe
2⤵
PID:4436

C:\Windows\System\OgUMkJF.exe
C:\Windows\System\OgUMkJF.exe
2⤵
PID:1604

C:\Windows\System\GrQDFce.exe
C:\Windows\System\GrQDFce.exe
2⤵
PID:3304

C:\Windows\System\hMLZqxR.exe
C:\Windows\System\hMLZqxR.exe
2⤵
PID:3756

C:\Windows\System\dhiYago.exe
C:\Windows\System\dhiYago.exe
2⤵
PID:5556

C:\Windows\System\nadVkjT.exe
C:\Windows\System\nadVkjT.exe
2⤵
PID:3540

C:\Windows\System\rNdverq.exe
C:\Windows\System\rNdverq.exe
2⤵
PID:5836

C:\Windows\System\AtukYOH.exe
C:\Windows\System\AtukYOH.exe
2⤵
PID:512

C:\Windows\System\BNZWNJH.exe
C:\Windows\System\BNZWNJH.exe
2⤵
PID:1656

C:\Windows\System\zhesfwG.exe
C:\Windows\System\zhesfwG.exe
2⤵
PID:4984

C:\Windows\System\BwJsTFF.exe
C:\Windows\System\BwJsTFF.exe
2⤵
PID:6160

C:\Windows\System\sZEsFDx.exe
C:\Windows\System\sZEsFDx.exe
2⤵
PID:6180

C:\Windows\System\uNgGcBS.exe
C:\Windows\System\uNgGcBS.exe
2⤵
PID:6208

C:\Windows\System\ubYdqLo.exe
C:\Windows\System\ubYdqLo.exe
2⤵
PID:6236

C:\Windows\System\QFhmMKd.exe
C:\Windows\System\QFhmMKd.exe
2⤵
PID:6252

C:\Windows\System\VegBPWx.exe
C:\Windows\System\VegBPWx.exe
2⤵
PID:6276

C:\Windows\System\pgkMsXp.exe
C:\Windows\System\pgkMsXp.exe
2⤵
PID:6296

C:\Windows\System\pJIFhog.exe
C:\Windows\System\pJIFhog.exe
2⤵
PID:6316

C:\Windows\System\noODimX.exe
C:\Windows\System\noODimX.exe
2⤵
PID:6344

C:\Windows\System\mXLeZUt.exe
C:\Windows\System\mXLeZUt.exe
2⤵
PID:6368

C:\Windows\System\MjkrxFl.exe
C:\Windows\System\MjkrxFl.exe
2⤵
PID:6396

C:\Windows\System\ybRRHFv.exe
C:\Windows\System\ybRRHFv.exe
2⤵
PID:6424

C:\Windows\System\ujvkisD.exe
C:\Windows\System\ujvkisD.exe
2⤵
PID:6456

C:\Windows\System\GiPVRvO.exe
C:\Windows\System\GiPVRvO.exe
2⤵
PID:6480

C:\Windows\System\YSRvNkR.exe
C:\Windows\System\YSRvNkR.exe
2⤵
PID:6524

C:\Windows\System\eDvRgLC.exe
C:\Windows\System\eDvRgLC.exe
2⤵
PID:6544

C:\Windows\System\AQKmsaL.exe
C:\Windows\System\AQKmsaL.exe
2⤵
PID:6588

C:\Windows\System\oDaqRGa.exe
C:\Windows\System\oDaqRGa.exe
2⤵
PID:6632

C:\Windows\System\IqfinfV.exe
C:\Windows\System\IqfinfV.exe
2⤵
PID:6656

C:\Windows\System\MMfdXwD.exe
C:\Windows\System\MMfdXwD.exe
2⤵
PID:6676

C:\Windows\System\zpoIxKK.exe
C:\Windows\System\zpoIxKK.exe
2⤵
PID:6724

C:\Windows\System\vNeKUCj.exe
C:\Windows\System\vNeKUCj.exe
2⤵
PID:6744

C:\Windows\System\whrepOd.exe
C:\Windows\System\whrepOd.exe
2⤵
PID:6776

C:\Windows\System\siBlaGm.exe
C:\Windows\System\siBlaGm.exe
2⤵
PID:6832

C:\Windows\System\sSXVbDN.exe
C:\Windows\System\sSXVbDN.exe
2⤵
PID:6872

C:\Windows\System\CmpxrwP.exe
C:\Windows\System\CmpxrwP.exe
2⤵
PID:6900

C:\Windows\System\uQGUIgQ.exe
C:\Windows\System\uQGUIgQ.exe
2⤵
PID:6924

C:\Windows\System\HpFaaju.exe
C:\Windows\System\HpFaaju.exe
2⤵
PID:7004

C:\Windows\System\TJpyUKL.exe
C:\Windows\System\TJpyUKL.exe
2⤵
PID:7036

C:\Windows\System\eoQgGQw.exe
C:\Windows\System\eoQgGQw.exe
2⤵
PID:7080

C:\Windows\System\jQQKNAS.exe
C:\Windows\System\jQQKNAS.exe
2⤵
PID:7108

C:\Windows\System\iREBrUo.exe
C:\Windows\System\iREBrUo.exe
2⤵
PID:7144

C:\Windows\System\dexDuxm.exe
C:\Windows\System\dexDuxm.exe
2⤵
PID:7164

C:\Windows\System\inaSIcH.exe
C:\Windows\System\inaSIcH.exe
2⤵
PID:3424

C:\Windows\System\LDOLyoe.exe
C:\Windows\System\LDOLyoe.exe
2⤵
PID:6192

C:\Windows\System\ztXMqne.exe
C:\Windows\System\ztXMqne.exe
2⤵
PID:6264

C:\Windows\System\heiNVNm.exe
C:\Windows\System\heiNVNm.exe
2⤵
PID:6336

C:\Windows\System\zPuopgK.exe
C:\Windows\System\zPuopgK.exe
2⤵
PID:6364

C:\Windows\System\nfwCNxX.exe
C:\Windows\System\nfwCNxX.exe
2⤵
PID:6492

C:\Windows\System\TUvWaPG.exe
C:\Windows\System\TUvWaPG.exe
2⤵
PID:6508

C:\Windows\System\qJbIDaR.exe
C:\Windows\System\qJbIDaR.exe
2⤵
PID:6596

C:\Windows\System\PDLKZLn.exe
C:\Windows\System\PDLKZLn.exe
2⤵
PID:6668

C:\Windows\System\OhuaTFE.exe
C:\Windows\System\OhuaTFE.exe
2⤵
PID:6740

C:\Windows\System\HrHBXMt.exe
C:\Windows\System\HrHBXMt.exe
2⤵
PID:6856

C:\Windows\System\HFvPtDU.exe
C:\Windows\System\HFvPtDU.exe
2⤵
PID:6920

C:\Windows\System\YxnWjkK.exe
C:\Windows\System\YxnWjkK.exe
2⤵
PID:6888

C:\Windows\System\OQsgwsZ.exe
C:\Windows\System\OQsgwsZ.exe
2⤵
PID:6996

C:\Windows\System\rWaspmS.exe
C:\Windows\System\rWaspmS.exe
2⤵
PID:7132

C:\Windows\System\NIRXgjM.exe
C:\Windows\System\NIRXgjM.exe
2⤵
PID:5436

C:\Windows\System\yGbHDqo.exe
C:\Windows\System\yGbHDqo.exe
2⤵
PID:6188

C:\Windows\System\XAEsKpg.exe
C:\Windows\System\XAEsKpg.exe
2⤵
PID:6420

C:\Windows\System\DJQhHpN.exe
C:\Windows\System\DJQhHpN.exe
2⤵
PID:6572

C:\Windows\System\VRJIpKT.exe
C:\Windows\System\VRJIpKT.exe
2⤵
PID:6768

C:\Windows\System\pfAHhrS.exe
C:\Windows\System\pfAHhrS.exe
2⤵
PID:6980

C:\Windows\System\lDVdBiX.exe
C:\Windows\System\lDVdBiX.exe
2⤵
PID:6172

C:\Windows\System\pNecEfn.exe
C:\Windows\System\pNecEfn.exe
2⤵
PID:6500

C:\Windows\System\abNEDPN.exe
C:\Windows\System\abNEDPN.exe
2⤵
PID:6908

C:\Windows\System\bulunYS.exe
C:\Windows\System\bulunYS.exe
2⤵
PID:6764

C:\Windows\System\JBLWAtM.exe
C:\Windows\System\JBLWAtM.exe
2⤵
PID:7092

C:\Windows\System\pGpHqhY.exe
C:\Windows\System\pGpHqhY.exe
2⤵
PID:7204

C:\Windows\System\vfUNVrp.exe
C:\Windows\System\vfUNVrp.exe
2⤵
PID:7224

C:\Windows\System\CErjlJI.exe
C:\Windows\System\CErjlJI.exe
2⤵
PID:7256

C:\Windows\System\uVAhpuA.exe
C:\Windows\System\uVAhpuA.exe
2⤵
PID:7288

C:\Windows\System\fTPxrIw.exe
C:\Windows\System\fTPxrIw.exe
2⤵
PID:7316

C:\Windows\System\AuCxaYe.exe
C:\Windows\System\AuCxaYe.exe
2⤵
PID:7340

C:\Windows\System\gzAfzgx.exe
C:\Windows\System\gzAfzgx.exe
2⤵
PID:7380

C:\Windows\System\MHefHCF.exe
C:\Windows\System\MHefHCF.exe
2⤵
PID:7416

C:\Windows\System\iAaumMv.exe
C:\Windows\System\iAaumMv.exe
2⤵
PID:7440

C:\Windows\System\mQWZjNv.exe
C:\Windows\System\mQWZjNv.exe
2⤵
PID:7472

C:\Windows\System\pcmQNdw.exe
C:\Windows\System\pcmQNdw.exe
2⤵
PID:7504

C:\Windows\System\flYcgzJ.exe
C:\Windows\System\flYcgzJ.exe
2⤵
PID:7544

C:\Windows\System\GVeVqhd.exe
C:\Windows\System\GVeVqhd.exe
2⤵
PID:7568

C:\Windows\System\vyAvuji.exe
C:\Windows\System\vyAvuji.exe
2⤵
PID:7588

C:\Windows\System\inUGylj.exe
C:\Windows\System\inUGylj.exe
2⤵
PID:7608

C:\Windows\System\oifdkpJ.exe
C:\Windows\System\oifdkpJ.exe
2⤵
PID:7644

C:\Windows\System\GMhSCIy.exe
C:\Windows\System\GMhSCIy.exe
2⤵
PID:7688

C:\Windows\System\OXgLYai.exe
C:\Windows\System\OXgLYai.exe
2⤵
PID:7716

C:\Windows\System\chOQlhU.exe
C:\Windows\System\chOQlhU.exe
2⤵
PID:7740

C:\Windows\System\DOdrqRl.exe
C:\Windows\System\DOdrqRl.exe
2⤵
PID:7772

C:\Windows\System\fafdIuC.exe
C:\Windows\System\fafdIuC.exe
2⤵
PID:7800

C:\Windows\System\QgUOwwr.exe
C:\Windows\System\QgUOwwr.exe
2⤵
PID:7828

C:\Windows\System\GgGtSTN.exe
C:\Windows\System\GgGtSTN.exe
2⤵
PID:7856

C:\Windows\System\TvMglDQ.exe
C:\Windows\System\TvMglDQ.exe
2⤵
PID:7888

C:\Windows\System\iNgEiBw.exe
C:\Windows\System\iNgEiBw.exe
2⤵
PID:7912

C:\Windows\System\cQWIZNf.exe
C:\Windows\System\cQWIZNf.exe
2⤵
PID:7940

C:\Windows\System\hfwXOtR.exe
C:\Windows\System\hfwXOtR.exe
2⤵
PID:7968

C:\Windows\System\qiekonG.exe
C:\Windows\System\qiekonG.exe
2⤵
PID:7992

C:\Windows\System\lfJHxkg.exe
C:\Windows\System\lfJHxkg.exe
2⤵
PID:8024

C:\Windows\System\hstreFu.exe
C:\Windows\System\hstreFu.exe
2⤵
PID:8052

C:\Windows\System\ZqfuBBd.exe
C:\Windows\System\ZqfuBBd.exe
2⤵
PID:8080

C:\Windows\System\zIEqfIi.exe
C:\Windows\System\zIEqfIi.exe
2⤵
PID:8108

C:\Windows\System\vxggoFS.exe
C:\Windows\System\vxggoFS.exe
2⤵
PID:8124

C:\Windows\System\xriqaOB.exe
C:\Windows\System\xriqaOB.exe
2⤵
PID:8148

C:\Windows\System\yIoZXQV.exe
C:\Windows\System\yIoZXQV.exe
2⤵
PID:8172

C:\Windows\System\XSPERLU.exe
C:\Windows\System\XSPERLU.exe
2⤵
PID:8188

C:\Windows\System\GoRuQMb.exe
C:\Windows\System\GoRuQMb.exe
2⤵
PID:7192

C:\Windows\System\OplvlCP.exe
C:\Windows\System\OplvlCP.exe
2⤵
PID:7300

C:\Windows\System\HdACMiV.exe
C:\Windows\System\HdACMiV.exe
2⤵
PID:7392

C:\Windows\System\ZNgjdWM.exe
C:\Windows\System\ZNgjdWM.exe
2⤵
PID:7456

C:\Windows\System\EEFrzLX.exe
C:\Windows\System\EEFrzLX.exe
2⤵
PID:7532

C:\Windows\System\PnnfpOx.exe
C:\Windows\System\PnnfpOx.exe
2⤵
PID:7584

C:\Windows\System\MfFJZmY.exe
C:\Windows\System\MfFJZmY.exe
2⤵
PID:7728

C:\Windows\System\ibWHEZa.exe
C:\Windows\System\ibWHEZa.exe
2⤵
PID:7764

C:\Windows\System\pzDTFkm.exe
C:\Windows\System\pzDTFkm.exe
2⤵
PID:7820

C:\Windows\System\bJWUlvS.exe
C:\Windows\System\bJWUlvS.exe
2⤵
PID:7872

C:\Windows\System\KxYyDWi.exe
C:\Windows\System\KxYyDWi.exe
2⤵
PID:7924

C:\Windows\System\OmCIIQq.exe
C:\Windows\System\OmCIIQq.exe
2⤵
PID:7952

C:\Windows\System\yRXgRlh.exe
C:\Windows\System\yRXgRlh.exe
2⤵
PID:7984

C:\Windows\System\ZUKQkpj.exe
C:\Windows\System\ZUKQkpj.exe
2⤵
PID:8064

C:\Windows\System\hkOkrvx.exe
C:\Windows\System\hkOkrvx.exe
2⤵
PID:8088

C:\Windows\System\QpbbvTe.exe
C:\Windows\System\QpbbvTe.exe
2⤵
PID:6356

C:\Windows\System\PihYCHG.exe
C:\Windows\System\PihYCHG.exe
2⤵
PID:7284

C:\Windows\System\dPmGAJo.exe
C:\Windows\System\dPmGAJo.exe
2⤵
PID:7484

C:\Windows\System\ZnZrPnd.exe
C:\Windows\System\ZnZrPnd.exe
2⤵
PID:3980

C:\Windows\System\oWQFAun.exe
C:\Windows\System\oWQFAun.exe
2⤵
PID:7848

C:\Windows\System\hdDJkhI.exe
C:\Windows\System\hdDJkhI.exe
2⤵
PID:7908

C:\Windows\System\BFnfyrm.exe
C:\Windows\System\BFnfyrm.exe
2⤵
PID:5380

C:\Windows\System\vQHdVqC.exe
C:\Windows\System\vQHdVqC.exe
2⤵
PID:8096

C:\Windows\System\wYWpWDP.exe
C:\Windows\System\wYWpWDP.exe
2⤵
PID:7400

C:\Windows\System\TMJPmiU.exe
C:\Windows\System\TMJPmiU.exe
2⤵
PID:8036

C:\Windows\System\AvnSIsw.exe
C:\Windows\System\AvnSIsw.exe
2⤵
PID:7432

C:\Windows\System\RbDLZHE.exe
C:\Windows\System\RbDLZHE.exe
2⤵
PID:8180

C:\Windows\System\zzmFYZb.exe
C:\Windows\System\zzmFYZb.exe
2⤵
PID:8200

C:\Windows\System\RGQnrpU.exe
C:\Windows\System\RGQnrpU.exe
2⤵
PID:8232

C:\Windows\System\zJDexIm.exe
C:\Windows\System\zJDexIm.exe
2⤵
PID:8248

C:\Windows\System\ulHriia.exe
C:\Windows\System\ulHriia.exe
2⤵
PID:8288

C:\Windows\System\pcifmjL.exe
C:\Windows\System\pcifmjL.exe
2⤵
PID:8316

C:\Windows\System\vzHidqk.exe
C:\Windows\System\vzHidqk.exe
2⤵
PID:8344

C:\Windows\System\nFWkZij.exe
C:\Windows\System\nFWkZij.exe
2⤵
PID:8372

C:\Windows\System\PxEEKCX.exe
C:\Windows\System\PxEEKCX.exe
2⤵
PID:8400

C:\Windows\System\UlzmBFQ.exe
C:\Windows\System\UlzmBFQ.exe
2⤵
PID:8436

C:\Windows\System\gGZyQru.exe
C:\Windows\System\gGZyQru.exe
2⤵
PID:8484

C:\Windows\System\nWfzAVc.exe
C:\Windows\System\nWfzAVc.exe
2⤵
PID:8524

C:\Windows\System\WmPJnjA.exe
C:\Windows\System\WmPJnjA.exe
2⤵
PID:8556

C:\Windows\System\IFVfCvr.exe
C:\Windows\System\IFVfCvr.exe
2⤵
PID:8584

C:\Windows\System\GnkpHWh.exe
C:\Windows\System\GnkpHWh.exe
2⤵
PID:8616

C:\Windows\System\sNoEZbZ.exe
C:\Windows\System\sNoEZbZ.exe
2⤵
PID:8632

C:\Windows\System\ENBWEiL.exe
C:\Windows\System\ENBWEiL.exe
2⤵
PID:8680

C:\Windows\System\UaLcKTV.exe
C:\Windows\System\UaLcKTV.exe
2⤵
PID:8732

C:\Windows\System\siwkgeB.exe
C:\Windows\System\siwkgeB.exe
2⤵
PID:8764

C:\Windows\System\mxteGQv.exe
C:\Windows\System\mxteGQv.exe
2⤵
PID:8800

C:\Windows\System\cIsYsSz.exe
C:\Windows\System\cIsYsSz.exe
2⤵
PID:8832

C:\Windows\System\lVwKBXL.exe
C:\Windows\System\lVwKBXL.exe
2⤵
PID:8864

C:\Windows\System\HPqhZpg.exe
C:\Windows\System\HPqhZpg.exe
2⤵
PID:8892

C:\Windows\System\qjwXvDo.exe
C:\Windows\System\qjwXvDo.exe
2⤵
PID:8920

C:\Windows\System\PsuaCUB.exe
C:\Windows\System\PsuaCUB.exe
2⤵
PID:8952

C:\Windows\System\bosUKOA.exe
C:\Windows\System\bosUKOA.exe
2⤵
PID:8984

C:\Windows\System\lzrxhZF.exe
C:\Windows\System\lzrxhZF.exe
2⤵
PID:9040

C:\Windows\System\kSUPnlb.exe
C:\Windows\System\kSUPnlb.exe
2⤵
PID:9056

C:\Windows\System\XmAVIAr.exe
C:\Windows\System\XmAVIAr.exe
2⤵
PID:9080

C:\Windows\System\OWphIlN.exe
C:\Windows\System\OWphIlN.exe
2⤵
PID:9116

C:\Windows\System\ZtFFsvI.exe
C:\Windows\System\ZtFFsvI.exe
2⤵
PID:9148

C:\Windows\System\bqQKFWL.exe
C:\Windows\System\bqQKFWL.exe
2⤵
PID:9192

C:\Windows\System\akpSkzU.exe
C:\Windows\System\akpSkzU.exe
2⤵
PID:8208

C:\Windows\System\pDIXycU.exe
C:\Windows\System\pDIXycU.exe
2⤵
PID:8268

C:\Windows\System\dSRuMLi.exe
C:\Windows\System\dSRuMLi.exe
2⤵
PID:8312

C:\Windows\System\bUrZFIp.exe
C:\Windows\System\bUrZFIp.exe
2⤵
PID:8392

C:\Windows\System\MozITCX.exe
C:\Windows\System\MozITCX.exe
2⤵
PID:8480

C:\Windows\System\qSZWvbw.exe
C:\Windows\System\qSZWvbw.exe
2⤵
PID:4572

C:\Windows\System\FJWLijQ.exe
C:\Windows\System\FJWLijQ.exe
2⤵
PID:8600

C:\Windows\System\AccZTBg.exe
C:\Windows\System\AccZTBg.exe
2⤵
PID:8672

C:\Windows\System\UubiCVj.exe
C:\Windows\System\UubiCVj.exe
2⤵
PID:8752

C:\Windows\System\HDIlLCL.exe
C:\Windows\System\HDIlLCL.exe
2⤵
PID:5416

C:\Windows\System\eguvHhU.exe
C:\Windows\System\eguvHhU.exe
2⤵
PID:8904

C:\Windows\System\EONhCQP.exe
C:\Windows\System\EONhCQP.exe
2⤵
PID:8964

C:\Windows\System\yIbeEvi.exe
C:\Windows\System\yIbeEvi.exe
2⤵
PID:8460

C:\Windows\System\kaJUBiE.exe
C:\Windows\System\kaJUBiE.exe
2⤵
PID:8852

C:\Windows\System\fAMphqd.exe
C:\Windows\System\fAMphqd.exe
2⤵
PID:9072

C:\Windows\System\gqPXNyn.exe
C:\Windows\System\gqPXNyn.exe
2⤵
PID:9144

C:\Windows\System\cMVlRKX.exe
C:\Windows\System\cMVlRKX.exe
2⤵
PID:8240

C:\Windows\System\jUkEoyg.exe
C:\Windows\System\jUkEoyg.exe
2⤵
PID:8384

C:\Windows\System\SXVlKss.exe
C:\Windows\System\SXVlKss.exe
2⤵
PID:8544

C:\Windows\System\iuBRKHM.exe
C:\Windows\System\iuBRKHM.exe
2⤵
PID:8652

C:\Windows\System\oEvjCtP.exe
C:\Windows\System\oEvjCtP.exe
2⤵
PID:7936

C:\Windows\System\OJPSOjR.exe
C:\Windows\System\OJPSOjR.exe
2⤵
PID:8772

C:\Windows\System\vRBonpV.exe
C:\Windows\System\vRBonpV.exe
2⤵
PID:9112

C:\Windows\System\doNWmGN.exe
C:\Windows\System\doNWmGN.exe
2⤵
PID:8364

C:\Windows\System\MSontBN.exe
C:\Windows\System\MSontBN.exe
2⤵
PID:8656

C:\Windows\System\bjOXoKj.exe
C:\Windows\System\bjOXoKj.exe
2⤵
PID:8196

C:\Windows\System\JVjKcos.exe
C:\Windows\System\JVjKcos.exe
2⤵
PID:9048

C:\Windows\System\UZBOFen.exe
C:\Windows\System\UZBOFen.exe
2⤵
PID:9224

C:\Windows\System\OtBAMDO.exe
C:\Windows\System\OtBAMDO.exe
2⤵
PID:9256

C:\Windows\System\Svfgppd.exe
C:\Windows\System\Svfgppd.exe
2⤵
PID:9280

C:\Windows\System\xOvrklL.exe
C:\Windows\System\xOvrklL.exe
2⤵
PID:9308

C:\Windows\System\HUAeNMf.exe
C:\Windows\System\HUAeNMf.exe
2⤵
PID:9332

C:\Windows\System\iGVXRTd.exe
C:\Windows\System\iGVXRTd.exe
2⤵
PID:9360

C:\Windows\System\tprrkAf.exe
C:\Windows\System\tprrkAf.exe
2⤵
PID:9392

C:\Windows\System\VMcFnHo.exe
C:\Windows\System\VMcFnHo.exe
2⤵
PID:9420

C:\Windows\System\aJySDpZ.exe
C:\Windows\System\aJySDpZ.exe
2⤵
PID:9448

C:\Windows\System\KWFIZNI.exe
C:\Windows\System\KWFIZNI.exe
2⤵
PID:9480

C:\Windows\System\wKhRFif.exe
C:\Windows\System\wKhRFif.exe
2⤵
PID:9508

C:\Windows\System\RtUncUb.exe
C:\Windows\System\RtUncUb.exe
2⤵
PID:9536

C:\Windows\System\Egntibp.exe
C:\Windows\System\Egntibp.exe
2⤵
PID:9564

C:\Windows\System\ZZQyxVL.exe
C:\Windows\System\ZZQyxVL.exe
2⤵
PID:9592

C:\Windows\System\tcWnOWG.exe
C:\Windows\System\tcWnOWG.exe
2⤵
PID:9620

C:\Windows\System\fgDTeVt.exe
C:\Windows\System\fgDTeVt.exe
2⤵
PID:9648

C:\Windows\System\kTUByZm.exe
C:\Windows\System\kTUByZm.exe
2⤵
PID:9676

C:\Windows\System\tmRAgzw.exe
C:\Windows\System\tmRAgzw.exe
2⤵
PID:9704

C:\Windows\System\nHyCpUo.exe
C:\Windows\System\nHyCpUo.exe
2⤵
PID:9732

C:\Windows\System\ZYSouJO.exe
C:\Windows\System\ZYSouJO.exe
2⤵
PID:9760

C:\Windows\System\yAWLTyg.exe
C:\Windows\System\yAWLTyg.exe
2⤵
PID:9788

C:\Windows\System\maeFqIh.exe
C:\Windows\System\maeFqIh.exe
2⤵
PID:9816

C:\Windows\System\aKqgoxh.exe
C:\Windows\System\aKqgoxh.exe
2⤵
PID:9848

C:\Windows\System\acdYMqd.exe
C:\Windows\System\acdYMqd.exe
2⤵
PID:9876

C:\Windows\System\puahWqH.exe
C:\Windows\System\puahWqH.exe
2⤵
PID:9904

C:\Windows\System\FYlijRi.exe
C:\Windows\System\FYlijRi.exe
2⤵
PID:9920

C:\Windows\System\HGYUxFw.exe
C:\Windows\System\HGYUxFw.exe
2⤵
PID:9960

C:\Windows\System\PwOdLyw.exe
C:\Windows\System\PwOdLyw.exe
2⤵
PID:9980

C:\Windows\System\JcOyKqM.exe
C:\Windows\System\JcOyKqM.exe
2⤵
PID:10012

C:\Windows\System\DPiMGmQ.exe
C:\Windows\System\DPiMGmQ.exe
2⤵
PID:10044

C:\Windows\System\wqhBWHk.exe
C:\Windows\System\wqhBWHk.exe
2⤵
PID:10060

C:\Windows\System\RytwWrz.exe
C:\Windows\System\RytwWrz.exe
2⤵
PID:10088

C:\Windows\System\XWOCmta.exe
C:\Windows\System\XWOCmta.exe
2⤵
PID:10128

C:\Windows\System\rdqpIwN.exe
C:\Windows\System\rdqpIwN.exe
2⤵
PID:10156

C:\Windows\System\SpMuBHG.exe
C:\Windows\System\SpMuBHG.exe
2⤵
PID:10184

C:\Windows\System\kvemlnq.exe
C:\Windows\System\kvemlnq.exe
2⤵
PID:10220

C:\Windows\System\zuWiXCo.exe
C:\Windows\System\zuWiXCo.exe
2⤵
PID:9236

C:\Windows\System\LJbCclC.exe
C:\Windows\System\LJbCclC.exe
2⤵
PID:9276

C:\Windows\System\wAXBHpG.exe
C:\Windows\System\wAXBHpG.exe
2⤵
PID:9340

C:\Windows\System\oUcPQzT.exe
C:\Windows\System\oUcPQzT.exe
2⤵
PID:9408

C:\Windows\System\fYQzgVb.exe
C:\Windows\System\fYQzgVb.exe
2⤵
PID:9500

C:\Windows\System\LZwQKrZ.exe
C:\Windows\System\LZwQKrZ.exe
2⤵
PID:9560

C:\Windows\System\ohQLWIO.exe
C:\Windows\System\ohQLWIO.exe
2⤵
PID:6200

C:\Windows\System\vtqTOQc.exe
C:\Windows\System\vtqTOQc.exe
2⤵
PID:9700

C:\Windows\System\rbEMArO.exe
C:\Windows\System\rbEMArO.exe
2⤵
PID:9808

C:\Windows\System\rlhlMoi.exe
C:\Windows\System\rlhlMoi.exe
2⤵
PID:9896

C:\Windows\System\CzCJDRm.exe
C:\Windows\System\CzCJDRm.exe
2⤵
PID:9976

C:\Windows\System\VdtFCiF.exe
C:\Windows\System\VdtFCiF.exe
2⤵
PID:10032

C:\Windows\System\ndCXIvX.exe
C:\Windows\System\ndCXIvX.exe
2⤵
PID:10080

C:\Windows\System\JujSGaU.exe
C:\Windows\System\JujSGaU.exe
2⤵
PID:10152

C:\Windows\System\FgwFmjL.exe
C:\Windows\System\FgwFmjL.exe
2⤵
PID:10232

C:\Windows\System\EUsmCVp.exe
C:\Windows\System\EUsmCVp.exe
2⤵
PID:9320

C:\Windows\System\fbOjZco.exe
C:\Windows\System\fbOjZco.exe
2⤵
PID:9464

C:\Windows\System\uHaUQqq.exe
C:\Windows\System\uHaUQqq.exe
2⤵
PID:9588

C:\Windows\System\xjIxjTG.exe
C:\Windows\System\xjIxjTG.exe
2⤵
PID:9776

C:\Windows\System\kixgiVo.exe
C:\Windows\System\kixgiVo.exe
2⤵
PID:9944

C:\Windows\System\vigNcua.exe
C:\Windows\System\vigNcua.exe
2⤵
PID:10120

C:\Windows\System\bYCkkWK.exe
C:\Windows\System\bYCkkWK.exe
2⤵
PID:9300

C:\Windows\System\jQLUCsH.exe
C:\Windows\System\jQLUCsH.exe
2⤵
PID:9584

C:\Windows\System\WrdDKjS.exe
C:\Windows\System\WrdDKjS.exe
2⤵
PID:10076

C:\Windows\System\LMuEQWt.exe
C:\Windows\System\LMuEQWt.exe
2⤵
PID:2428

C:\Windows\System\hAOOIvz.exe
C:\Windows\System\hAOOIvz.exe
2⤵
PID:9416

C:\Windows\System\XCDncxD.exe
C:\Windows\System\XCDncxD.exe
2⤵
PID:10256

C:\Windows\System\hGNFnGL.exe
C:\Windows\System\hGNFnGL.exe
2⤵
PID:10292

C:\Windows\System\jCYNkMv.exe
C:\Windows\System\jCYNkMv.exe
2⤵
PID:10320

C:\Windows\System\GXYJGPi.exe
C:\Windows\System\GXYJGPi.exe
2⤵
PID:10348

C:\Windows\System\DFYiAnI.exe
C:\Windows\System\DFYiAnI.exe
2⤵
PID:10376

C:\Windows\System\ZDlaQVg.exe
C:\Windows\System\ZDlaQVg.exe
2⤵
PID:10404

C:\Windows\System\XiKbEfS.exe
C:\Windows\System\XiKbEfS.exe
2⤵
PID:10432

C:\Windows\System\CMffJgU.exe
C:\Windows\System\CMffJgU.exe
2⤵
PID:10456

C:\Windows\System\VATuvRY.exe
C:\Windows\System\VATuvRY.exe
2⤵
PID:10476

C:\Windows\System\CCqQSBh.exe
C:\Windows\System\CCqQSBh.exe
2⤵
PID:10516

C:\Windows\System\lglrhQS.exe
C:\Windows\System\lglrhQS.exe
2⤵
PID:10544

C:\Windows\System\QTMDore.exe
C:\Windows\System\QTMDore.exe
2⤵
PID:10564

C:\Windows\System\yWDmkJC.exe
C:\Windows\System\yWDmkJC.exe
2⤵
PID:10600

C:\Windows\System\LvNTMPL.exe
C:\Windows\System\LvNTMPL.exe
2⤵
PID:10628

C:\Windows\System\uIPnPmu.exe
C:\Windows\System\uIPnPmu.exe
2⤵
PID:10656

C:\Windows\System\CAVjyJS.exe
C:\Windows\System\CAVjyJS.exe
2⤵
PID:10684

C:\Windows\System\jXXVzDl.exe
C:\Windows\System\jXXVzDl.exe
2⤵
PID:10716

C:\Windows\System\unndPxN.exe
C:\Windows\System\unndPxN.exe
2⤵
PID:10736

C:\Windows\System\nfNPxeP.exe
C:\Windows\System\nfNPxeP.exe
2⤵
PID:10772

C:\Windows\System\QiWsMud.exe
C:\Windows\System\QiWsMud.exe
2⤵
PID:10800

C:\Windows\System\OonVNGO.exe
C:\Windows\System\OonVNGO.exe
2⤵
PID:10828

C:\Windows\System\InJrqky.exe
C:\Windows\System\InJrqky.exe
2⤵
PID:10856

C:\Windows\System\yEusIAL.exe
C:\Windows\System\yEusIAL.exe
2⤵
PID:10888

C:\Windows\System\nujECnN.exe
C:\Windows\System\nujECnN.exe
2⤵
PID:10916

C:\Windows\System\ZzPbJsR.exe
C:\Windows\System\ZzPbJsR.exe
2⤵
PID:10944

C:\Windows\System\KfkWIVM.exe
C:\Windows\System\KfkWIVM.exe
2⤵
PID:10972

C:\Windows\System\nmbbDWx.exe
C:\Windows\System\nmbbDWx.exe
2⤵
PID:11000

C:\Windows\System\PNfWIbh.exe
C:\Windows\System\PNfWIbh.exe
2⤵
PID:11028

C:\Windows\System\LavCBoi.exe
C:\Windows\System\LavCBoi.exe
2⤵
PID:11056

C:\Windows\System\RyWoTSy.exe
C:\Windows\System\RyWoTSy.exe
2⤵
PID:11100

C:\Windows\System\ZJqrPHp.exe
C:\Windows\System\ZJqrPHp.exe
2⤵
PID:11128

C:\Windows\System\GdHpPhV.exe
C:\Windows\System\GdHpPhV.exe
2⤵
PID:11172

C:\Windows\System\KBtPibA.exe
C:\Windows\System\KBtPibA.exe
2⤵
PID:11212

C:\Windows\System\CBMEyUg.exe
C:\Windows\System\CBMEyUg.exe
2⤵
PID:10244

C:\Windows\System\tFVobGC.exe
C:\Windows\System\tFVobGC.exe
2⤵
PID:10340

C:\Windows\System\MJSDQAf.exe
C:\Windows\System\MJSDQAf.exe
2⤵
PID:10388

C:\Windows\System\czPeHCt.exe
C:\Windows\System\czPeHCt.exe
2⤵
PID:10488

C:\Windows\System\ybijrvC.exe
C:\Windows\System\ybijrvC.exe
2⤵
PID:10584

C:\Windows\System\fymwscC.exe
C:\Windows\System\fymwscC.exe
2⤵
PID:10708

C:\Windows\System\eMZmJkm.exe
C:\Windows\System\eMZmJkm.exe
2⤵
PID:10796

C:\Windows\System\spsVTyc.exe
C:\Windows\System\spsVTyc.exe
2⤵
PID:10884

C:\Windows\System\cKqVKpn.exe
C:\Windows\System\cKqVKpn.exe
2⤵
PID:10960

C:\Windows\System\zKpZZEv.exe
C:\Windows\System\zKpZZEv.exe
2⤵
PID:11020

C:\Windows\System\ofSKcuf.exe
C:\Windows\System\ofSKcuf.exe
2⤵
PID:11112

C:\Windows\System\lSPsahO.exe
C:\Windows\System\lSPsahO.exe
2⤵
PID:11168

C:\Windows\System\UfrrChB.exe
C:\Windows\System\UfrrChB.exe
2⤵
PID:10288

C:\Windows\System\UPzBMUr.exe
C:\Windows\System\UPzBMUr.exe
2⤵
PID:10424

C:\Windows\System\GrPoAcP.exe
C:\Windows\System\GrPoAcP.exe
2⤵
PID:10596

C:\Windows\System\jyiufnN.exe
C:\Windows\System\jyiufnN.exe
2⤵
PID:10764

C:\Windows\System\GuakIyr.exe
C:\Windows\System\GuakIyr.exe
2⤵
PID:11148

C:\Windows\System\uxvkTqo.exe
C:\Windows\System\uxvkTqo.exe
2⤵
PID:11236

C:\Windows\System\RskzQwe.exe
C:\Windows\System\RskzQwe.exe
2⤵
PID:11076

C:\Windows\System\KoXJABh.exe
C:\Windows\System\KoXJABh.exe
2⤵
PID:10912

C:\Windows\System\obdvpUQ.exe
C:\Windows\System\obdvpUQ.exe
2⤵
PID:11276

C:\Windows\System\nNnUshx.exe
C:\Windows\System\nNnUshx.exe
2⤵
PID:11304

C:\Windows\System\yoMnxzb.exe
C:\Windows\System\yoMnxzb.exe
2⤵
PID:11356

C:\Windows\System\Biqgxuo.exe
C:\Windows\System\Biqgxuo.exe
2⤵
PID:11372

C:\Windows\System\aRvkCNr.exe
C:\Windows\System\aRvkCNr.exe
2⤵
PID:11400

C:\Windows\System\mtnZfuz.exe
C:\Windows\System\mtnZfuz.exe
2⤵
PID:11428

C:\Windows\System\PtbGtVp.exe
C:\Windows\System\PtbGtVp.exe
2⤵
PID:11448

C:\Windows\System\rhGOHZG.exe
C:\Windows\System\rhGOHZG.exe
2⤵
PID:11500

C:\Windows\System\ArxOGrV.exe
C:\Windows\System\ArxOGrV.exe
2⤵
PID:11528

C:\Windows\System\BSmXtQq.exe
C:\Windows\System\BSmXtQq.exe
2⤵
PID:11556

C:\Windows\System\qJZdImL.exe
C:\Windows\System\qJZdImL.exe
2⤵
PID:11588

C:\Windows\System\zAeBvOf.exe
C:\Windows\System\zAeBvOf.exe
2⤵
PID:11628

C:\Windows\System\jfyaVau.exe
C:\Windows\System\jfyaVau.exe
2⤵
PID:11648

C:\Windows\System\NjCnpEY.exe
C:\Windows\System\NjCnpEY.exe
2⤵
PID:11676

C:\Windows\System\kRNnLaP.exe
C:\Windows\System\kRNnLaP.exe
2⤵
PID:11704

C:\Windows\System\LeNtlmz.exe
C:\Windows\System\LeNtlmz.exe
2⤵
PID:11732

C:\Windows\System\lOkIUhP.exe
C:\Windows\System\lOkIUhP.exe
2⤵
PID:11760

C:\Windows\System\IcviDkK.exe
C:\Windows\System\IcviDkK.exe
2⤵
PID:11788

C:\Windows\System\yRZfLtc.exe
C:\Windows\System\yRZfLtc.exe
2⤵
PID:11816

C:\Windows\System\mnlWYcE.exe
C:\Windows\System\mnlWYcE.exe
2⤵
PID:11844

C:\Windows\System\NETxENC.exe
C:\Windows\System\NETxENC.exe
2⤵
PID:11872

C:\Windows\System\WaULdWe.exe
C:\Windows\System\WaULdWe.exe
2⤵
PID:11900

C:\Windows\System\vSComUY.exe
C:\Windows\System\vSComUY.exe
2⤵
PID:11928

C:\Windows\System\iZmbZYI.exe
C:\Windows\System\iZmbZYI.exe
2⤵
PID:11956

C:\Windows\System\wPePBuq.exe
C:\Windows\System\wPePBuq.exe
2⤵
PID:11984

C:\Windows\System\hdRDnww.exe
C:\Windows\System\hdRDnww.exe
2⤵
PID:12016

C:\Windows\System\zNBYBtW.exe
C:\Windows\System\zNBYBtW.exe
2⤵
PID:12044

C:\Windows\System\GcGZGts.exe
C:\Windows\System\GcGZGts.exe
2⤵
PID:12072

C:\Windows\System\IyFBasE.exe
C:\Windows\System\IyFBasE.exe
2⤵
PID:12100

C:\Windows\System\xxHYdPa.exe
C:\Windows\System\xxHYdPa.exe
2⤵
PID:12128

C:\Windows\System\tyJezDJ.exe
C:\Windows\System\tyJezDJ.exe
2⤵
PID:12180

C:\Windows\System\YEQPSEH.exe
C:\Windows\System\YEQPSEH.exe
2⤵
PID:12208

C:\Windows\System\VVMJDbX.exe
C:\Windows\System\VVMJDbX.exe
2⤵
PID:12236

C:\Windows\System\CYdThgL.exe
C:\Windows\System\CYdThgL.exe
2⤵
PID:12268

C:\Windows\System\LsQWfqE.exe
C:\Windows\System\LsQWfqE.exe
2⤵
PID:11288

C:\Windows\System\hkbDQLZ.exe
C:\Windows\System\hkbDQLZ.exe
2⤵
PID:11364

C:\Windows\System\nDRRjbQ.exe
C:\Windows\System\nDRRjbQ.exe
2⤵
PID:11416

C:\Windows\System\AgotRmR.exe
C:\Windows\System\AgotRmR.exe
2⤵
PID:11516

C:\Windows\System\aiLXpHU.exe
C:\Windows\System\aiLXpHU.exe
2⤵
PID:10712

C:\Windows\System\PpDczMX.exe
C:\Windows\System\PpDczMX.exe
2⤵
PID:11640

C:\Windows\System\foaqPkS.exe
C:\Windows\System\foaqPkS.exe
2⤵
PID:11700

C:\Windows\System\rDAhIiJ.exe
C:\Windows\System\rDAhIiJ.exe
2⤵
PID:11772

C:\Windows\System\MoAeBsg.exe
C:\Windows\System\MoAeBsg.exe
2⤵
PID:11836

C:\Windows\System\GEGAkBE.exe
C:\Windows\System\GEGAkBE.exe
2⤵
PID:11896

C:\Windows\System\MMuJGUK.exe
C:\Windows\System\MMuJGUK.exe
2⤵
PID:11972

C:\Windows\System\arvegUc.exe
C:\Windows\System\arvegUc.exe
2⤵
PID:12036

C:\Windows\System\aGJSXaZ.exe
C:\Windows\System\aGJSXaZ.exe
2⤵
PID:12096

C:\Windows\System\irGKixO.exe
C:\Windows\System\irGKixO.exe
2⤵
PID:12196

C:\Windows\System\XNvHfwE.exe
C:\Windows\System\XNvHfwE.exe
2⤵
PID:12260

C:\Windows\System\VGbEVsT.exe
C:\Windows\System\VGbEVsT.exe
2⤵
PID:11352

C:\Windows\System\dObCIXc.exe
C:\Windows\System\dObCIXc.exe
2⤵
PID:11552

C:\Windows\System\pCCmbND.exe
C:\Windows\System\pCCmbND.exe
2⤵
PID:11696

C:\Windows\System\JdaIUTI.exe
C:\Windows\System\JdaIUTI.exe
2⤵
PID:11868

C:\Windows\System\KjWfsjq.exe
C:\Windows\System\KjWfsjq.exe
2⤵
PID:12008

C:\Windows\System\dKzWORh.exe
C:\Windows\System\dKzWORh.exe
2⤵
PID:12168

C:\Windows\System\GjWZkmA.exe
C:\Windows\System\GjWZkmA.exe
2⤵
PID:11420

C:\Windows\System\xlcrQex.exe
C:\Windows\System\xlcrQex.exe
2⤵
PID:11812

C:\Windows\System\VIEEvbV.exe
C:\Windows\System\VIEEvbV.exe
2⤵
PID:12176

C:\Windows\System\MAyXdQL.exe
C:\Windows\System\MAyXdQL.exe
2⤵
PID:12000

C:\Windows\System\JDolfrg.exe
C:\Windows\System\JDolfrg.exe
2⤵
PID:11332

C:\Windows\System\LwpJtAA.exe
C:\Windows\System\LwpJtAA.exe
2⤵
PID:12312

C:\Windows\System\Mhhdkac.exe
C:\Windows\System\Mhhdkac.exe
2⤵
PID:12340

C:\Windows\System\WvcNkRV.exe
C:\Windows\System\WvcNkRV.exe
2⤵
PID:12368

C:\Windows\System\ZDWRgos.exe
C:\Windows\System\ZDWRgos.exe
2⤵
PID:12396

C:\Windows\System\nAWLcMM.exe
C:\Windows\System\nAWLcMM.exe
2⤵
PID:12424

C:\Windows\System\MMffGsn.exe
C:\Windows\System\MMffGsn.exe
2⤵
PID:12452

C:\Windows\System\aUdRehr.exe
C:\Windows\System\aUdRehr.exe
2⤵
PID:12480

C:\Windows\System\xGWZqbH.exe
C:\Windows\System\xGWZqbH.exe
2⤵
PID:12508

C:\Windows\System\hZzqkIn.exe
C:\Windows\System\hZzqkIn.exe
2⤵
PID:12536

C:\Windows\System\NaSlfSi.exe
C:\Windows\System\NaSlfSi.exe
2⤵
PID:12564

C:\Windows\System\BnXuFOU.exe
C:\Windows\System\BnXuFOU.exe
2⤵
PID:12592

C:\Windows\System\ntCICLQ.exe
C:\Windows\System\ntCICLQ.exe
2⤵
PID:12620

C:\Windows\System\JWZdjmL.exe
C:\Windows\System\JWZdjmL.exe
2⤵
PID:12648

C:\Windows\System\FcPIeRH.exe
C:\Windows\System\FcPIeRH.exe
2⤵
PID:12676

C:\Windows\System\tkHvheF.exe
C:\Windows\System\tkHvheF.exe
2⤵
PID:12712

C:\Windows\System\VMygxen.exe
C:\Windows\System\VMygxen.exe
2⤵
PID:12748

C:\Windows\System\CxhJiVm.exe
C:\Windows\System\CxhJiVm.exe
2⤵
PID:12776

C:\Windows\System\VmFJfcn.exe
C:\Windows\System\VmFJfcn.exe
2⤵
PID:12804

C:\Windows\System\KIVLMff.exe
C:\Windows\System\KIVLMff.exe
2⤵
PID:12820

C:\Windows\System\KlGbnSj.exe
C:\Windows\System\KlGbnSj.exe
2⤵
PID:12844

C:\Windows\System\MIrvKuk.exe
C:\Windows\System\MIrvKuk.exe
2⤵
PID:12876

C:\Windows\System\SjKaxgt.exe
C:\Windows\System\SjKaxgt.exe
2⤵
PID:12916

C:\Windows\System\gkwaSjv.exe
C:\Windows\System\gkwaSjv.exe
2⤵
PID:12944

C:\Windows\System\zHYQWPE.exe
C:\Windows\System\zHYQWPE.exe
2⤵
PID:12972

C:\Windows\System\psGbZPv.exe
C:\Windows\System\psGbZPv.exe
2⤵
PID:13000

C:\Windows\System\vmfaWCP.exe
C:\Windows\System\vmfaWCP.exe
2⤵
PID:13032

C:\Windows\System\jEmXXcW.exe
C:\Windows\System\jEmXXcW.exe
2⤵
PID:13060

C:\Windows\System\aHBzfYr.exe
C:\Windows\System\aHBzfYr.exe
2⤵
PID:13088

C:\Windows\System\cNLCjOf.exe
C:\Windows\System\cNLCjOf.exe
2⤵
PID:13116

C:\Windows\System\NOpcGlm.exe
C:\Windows\System\NOpcGlm.exe
2⤵
PID:13144

C:\Windows\System\iVmsotN.exe
C:\Windows\System\iVmsotN.exe
2⤵
PID:13172

C:\Windows\System\GowflvX.exe
C:\Windows\System\GowflvX.exe
2⤵
PID:13200

C:\Windows\System\GKenZic.exe
C:\Windows\System\GKenZic.exe
2⤵
PID:13228

C:\Windows\System\TRZlSZj.exe
C:\Windows\System\TRZlSZj.exe
2⤵
PID:13256

C:\Windows\System\nXOJFzR.exe
C:\Windows\System\nXOJFzR.exe
2⤵
PID:13284

C:\Windows\System\pitpEzG.exe
C:\Windows\System\pitpEzG.exe
2⤵
PID:12300

C:\Windows\System\ypezBUX.exe
C:\Windows\System\ypezBUX.exe
2⤵
PID:12360

C:\Windows\System\QpBLEeC.exe
C:\Windows\System\QpBLEeC.exe
2⤵
PID:12420

C:\Windows\System\OViAuOM.exe
C:\Windows\System\OViAuOM.exe
2⤵
PID:12496

C:\Windows\System\yOQYvMa.exe
C:\Windows\System\yOQYvMa.exe
2⤵
PID:12556

C:\Windows\System\RAMihTM.exe
C:\Windows\System\RAMihTM.exe
2⤵
PID:12612

C:\Windows\System\swyOgmX.exe
C:\Windows\System\swyOgmX.exe
2⤵
PID:12672

C:\Windows\System\yQuudmH.exe
C:\Windows\System\yQuudmH.exe
2⤵
PID:12764

C:\Windows\System\uuHKDwt.exe
C:\Windows\System\uuHKDwt.exe
2⤵
PID:12816

C:\Windows\System\soOJwqI.exe
C:\Windows\System\soOJwqI.exe
2⤵
PID:12856

C:\Windows\System\VNxBzAi.exe
C:\Windows\System\VNxBzAi.exe
2⤵
PID:12932

C:\Windows\System\pboydMp.exe
C:\Windows\System\pboydMp.exe
2⤵
PID:13012

C:\Windows\System\CkqmtLA.exe
C:\Windows\System\CkqmtLA.exe
2⤵
PID:13080

C:\Windows\System\MYesdyD.exe
C:\Windows\System\MYesdyD.exe
2⤵
PID:13140

C:\Windows\System\PfqYayF.exe
C:\Windows\System\PfqYayF.exe
2⤵
PID:13212

C:\Windows\System\xbdvVDg.exe
C:\Windows\System\xbdvVDg.exe
2⤵
PID:13268

C:\Windows\System\HOdWzll.exe
C:\Windows\System\HOdWzll.exe
2⤵
PID:12352

C:\Windows\System\kSInfhI.exe
C:\Windows\System\kSInfhI.exe
2⤵
PID:12552

C:\Windows\System\kDwNsEx.exe
C:\Windows\System\kDwNsEx.exe
2⤵
PID:12708

C:\Windows\System\rDKZfDU.exe
C:\Windows\System\rDKZfDU.exe
2⤵
PID:12888

C:\Windows\System\IQfJdDV.exe
C:\Windows\System\IQfJdDV.exe
2⤵
PID:13136

C:\Windows\System\YRDtBnp.exe
C:\Windows\System\YRDtBnp.exe
2⤵
PID:13308

C:\Windows\System\kynMnym.exe
C:\Windows\System\kynMnym.exe
2⤵
PID:12836

C:\Windows\System\PJuzixr.exe
C:\Windows\System\PJuzixr.exe
2⤵
PID:13272

C:\Windows\System\NNBKulM.exe
C:\Windows\System\NNBKulM.exe
2⤵
PID:13252

C:\Windows\System\sQBaWcD.exe
C:\Windows\System\sQBaWcD.exe
2⤵
PID:12408

C:\Windows\System\UmbISFf.exe
C:\Windows\System\UmbISFf.exe
2⤵
PID:13340

C:\Windows\System\xvNJCxA.exe
C:\Windows\System\xvNJCxA.exe
2⤵
PID:13368

C:\Windows\System\fgUJVdL.exe
C:\Windows\System\fgUJVdL.exe
2⤵
PID:13396

C:\Windows\System\CiHcmBq.exe
C:\Windows\System\CiHcmBq.exe
2⤵
PID:13424

C:\Windows\System\CniKeSG.exe
C:\Windows\System\CniKeSG.exe
2⤵
PID:13452

C:\Windows\System\gDCSkBX.exe
C:\Windows\System\gDCSkBX.exe
2⤵
PID:13480

C:\Windows\System\EwWZFLK.exe
C:\Windows\System\EwWZFLK.exe
2⤵
PID:13508

C:\Windows\System\ZwqDlln.exe
C:\Windows\System\ZwqDlln.exe
2⤵
PID:13536

C:\Windows\System\SHsMfqs.exe
C:\Windows\System\SHsMfqs.exe
2⤵
PID:13564

C:\Windows\System\xeiHJDY.exe
C:\Windows\System\xeiHJDY.exe
2⤵
PID:13596

C:\Windows\System\PGIErUN.exe
C:\Windows\System\PGIErUN.exe
2⤵
PID:13624

C:\Windows\System\eKpSCiD.exe
C:\Windows\System\eKpSCiD.exe
2⤵
PID:13652

C:\Windows\System\rauEFub.exe
C:\Windows\System\rauEFub.exe
2⤵
PID:13680

C:\Windows\System\ElwYQzA.exe
C:\Windows\System\ElwYQzA.exe
2⤵
PID:13708

C:\Windows\System\FAOhdSQ.exe
C:\Windows\System\FAOhdSQ.exe
2⤵
PID:13736

C:\Windows\System\CrJjFHG.exe
C:\Windows\System\CrJjFHG.exe
2⤵
PID:13764

C:\Windows\System\KSbLVgs.exe
C:\Windows\System\KSbLVgs.exe
2⤵
PID:13780

C:\Windows\System\oiWxfCZ.exe
C:\Windows\System\oiWxfCZ.exe
2⤵
PID:13820

C:\Windows\System\EMhVCcb.exe
C:\Windows\System\EMhVCcb.exe
2⤵
PID:13848

C:\Windows\System\yXRtSjO.exe
C:\Windows\System\yXRtSjO.exe
2⤵
PID:13876

C:\Windows\System\VjfjOox.exe
C:\Windows\System\VjfjOox.exe
2⤵
PID:13904

C:\Windows\System\OQatjLc.exe
C:\Windows\System\OQatjLc.exe
2⤵
PID:13932

C:\Windows\System\NYbcCTt.exe
C:\Windows\System\NYbcCTt.exe
2⤵
PID:13960

C:\Windows\System\SFyctYI.exe
C:\Windows\System\SFyctYI.exe
2⤵
PID:13992

C:\Windows\System\VjfRqvx.exe
C:\Windows\System\VjfRqvx.exe
2⤵
PID:14024

C:\Windows\System\SuydORh.exe
C:\Windows\System\SuydORh.exe
2⤵
PID:14052

C:\Windows\System\qPisugF.exe
C:\Windows\System\qPisugF.exe
2⤵
PID:14080

C:\Windows\System\OkDnqMU.exe
C:\Windows\System\OkDnqMU.exe
2⤵
PID:14108

C:\Windows\System\ywHlXyn.exe
C:\Windows\System\ywHlXyn.exe
2⤵
PID:14136

C:\Windows\System\IkQfPCd.exe
C:\Windows\System\IkQfPCd.exe
2⤵
PID:14164

C:\Windows\System\SXQAmVQ.exe
C:\Windows\System\SXQAmVQ.exe
2⤵
PID:14192

C:\Windows\System\LKodqqR.exe
C:\Windows\System\LKodqqR.exe
2⤵
PID:14220

C:\Windows\System\uEbcIIo.exe
C:\Windows\System\uEbcIIo.exe
2⤵
PID:14248

C:\Windows\System\dHnckbx.exe
C:\Windows\System\dHnckbx.exe
2⤵
PID:14276

C:\Windows\System\gibSvfT.exe
C:\Windows\System\gibSvfT.exe
2⤵
PID:14300

C:\Windows\System\JfADvWP.exe
C:\Windows\System\JfADvWP.exe
2⤵
PID:14332

C:\Windows\System\sdupIci.exe
C:\Windows\System\sdupIci.exe
2⤵
PID:13380

C:\Windows\System\uZlGyya.exe
C:\Windows\System\uZlGyya.exe
2⤵
PID:13444

C:\Windows\System\GWXKzDm.exe
C:\Windows\System\GWXKzDm.exe
2⤵
PID:13504

C:\Windows\System\uNxRggR.exe
C:\Windows\System\uNxRggR.exe
2⤵
PID:13580

C:\Windows\System\qrkErIS.exe
C:\Windows\System\qrkErIS.exe
2⤵
PID:13644

C:\Windows\System\dxjilzX.exe
C:\Windows\System\dxjilzX.exe
2⤵
PID:13704

C:\Windows\System\cVPPhjG.exe
C:\Windows\System\cVPPhjG.exe
2⤵
PID:13772

C:\Windows\System\URRAyqI.exe
C:\Windows\System\URRAyqI.exe
2⤵
PID:13840

C:\Windows\System\EgnPEjX.exe
C:\Windows\System\EgnPEjX.exe
2⤵
PID:13900

C:\Windows\System\fHzDgYu.exe
C:\Windows\System\fHzDgYu.exe
2⤵
PID:2268

C:\Windows\System\MOjLjRm.exe
C:\Windows\System\MOjLjRm.exe
2⤵
PID:13956

C:\Windows\System\ArWDPFg.exe
C:\Windows\System\ArWDPFg.exe
2⤵
PID:14040

C:\Windows\System\AAwTedz.exe
C:\Windows\System\AAwTedz.exe
2⤵
PID:14096

C:\Windows\System\GkdqKIE.exe
C:\Windows\System\GkdqKIE.exe
2⤵
PID:14156

C:\Windows\System\kxYySas.exe
C:\Windows\System\kxYySas.exe
2⤵
PID:14212

C:\Windows\System\QhstvLZ.exe
C:\Windows\System\QhstvLZ.exe
2⤵
PID:14268

C:\Windows\System\eiFduVo.exe
C:\Windows\System\eiFduVo.exe
2⤵
PID:13356

C:\Windows\System\VdQheCf.exe
C:\Windows\System\VdQheCf.exe
2⤵
PID:13496

C:\Windows\System\TbMNBmX.exe
C:\Windows\System\TbMNBmX.exe
2⤵
PID:13640

C:\Windows\System\nKdvRHH.exe
C:\Windows\System\nKdvRHH.exe
2⤵
PID:13808

C:\Windows\System\YpKQzuG.exe
C:\Windows\System\YpKQzuG.exe
2⤵
PID:5272

C:\Windows\System\ACAXwsC.exe
C:\Windows\System\ACAXwsC.exe
2⤵
PID:14020

C:\Windows\System\vDyOzHo.exe
C:\Windows\System\vDyOzHo.exe
2⤵
PID:14000

C:\Windows\System\XNLAthe.exe
C:\Windows\System\XNLAthe.exe
2⤵
PID:14264

C:\Windows\System\dMRpvPN.exe
C:\Windows\System\dMRpvPN.exe
2⤵
PID:14328

C:\Windows\System\jpQOmxm.exe
C:\Windows\System\jpQOmxm.exe
2⤵
PID:13584

C:\Windows\System\MzkadQj.exe
C:\Windows\System\MzkadQj.exe
2⤵
PID:13988

C:\Windows\System\XfGpifz.exe
C:\Windows\System\XfGpifz.exe
2⤵
PID:14120

C:\Windows\System\YgsWEOR.exe
C:\Windows\System\YgsWEOR.exe
2⤵
PID:13620

C:\Windows\System\ppILFSI.exe
C:\Windows\System\ppILFSI.exe
2⤵
PID:14352

C:\Windows\System\LyLjeTS.exe
C:\Windows\System\LyLjeTS.exe
2⤵
PID:14380

C:\Windows\System\CNywmZY.exe
C:\Windows\System\CNywmZY.exe
2⤵
PID:14412

C:\Windows\System\eLQiBXX.exe
C:\Windows\System\eLQiBXX.exe
2⤵
PID:14440

C:\Windows\System\gfHLTmm.exe
C:\Windows\System\gfHLTmm.exe
2⤵
PID:14468

C:\Windows\System\eQdIrHO.exe
C:\Windows\System\eQdIrHO.exe
2⤵
PID:14496

C:\Windows\System\bDvCfqM.exe
C:\Windows\System\bDvCfqM.exe
2⤵
PID:14524

C:\Windows\System\pPUCYve.exe
C:\Windows\System\pPUCYve.exe
2⤵
PID:14552

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AcqIhBG.exe

Filesize
2.0MB

MD5
ba92b9c412fe714fa538c73b158f66dd

SHA1
ae2b43dee70a7c4700ce161cd3baa3b6dc3abbb4

SHA256
1d6d7f6dc100aea45047c020b6d4e205968ebfc55119a91533339be3c9db1e40

SHA512
31a82d24cfd4f1427380f06ed9c235ee7b5b803865b70a520599165eccc2fc83f8e6c33b838a63614c7d3222306f01c622fec905d8a26bafa0765479f049e329

Download Submit
C:\Windows\System\AmYLXQD.exe

Filesize
2.0MB

MD5
dcf574f8111db4c0a7f1dd64e3c62a71

SHA1
887f6a9eb36460701739df2497a705c0e5c81040

SHA256
99b7b8d78ecfd254d50c0f0526cdba560955c370c301cf71a05676861054d546

SHA512
93d16acffdf2cc0e29a5278982674f76d145d57e23398326d5c279136996173865ccf0091615622ec45cc455e63df588a3fc736079ad760156eaf52cbfec38e2

Download Submit
C:\Windows\System\ByYKfrK.exe

Filesize
2.0MB

MD5
c13624d36556870ba12eb06bb51d4730

SHA1
8714f02fb80922b9c44439fab666052aa1df3597

SHA256
610fdc9fea9d2d54d879e259510aad00bd8f17aa9f4c2bda4dd20dad6b91a767

SHA512
2c8ed8d18256c7eea757916905c63be8b58be379da11c5552e974f13ed0b2d968db5472fd7ddb99f473aa4cd6a223a601fe47c2536c21ee5ed31e7f40dc8b9ec

Download Submit
C:\Windows\System\CnbSSBw.exe

Filesize
1.9MB

MD5
16d4d74d86f3feff0c0ba190d6ed3444

SHA1
5b61f67cd3c5d594840cee45262c58656bbba319

SHA256
20c7a89a04214daa7cf561f309628ea8051935e3545437d16875734a64b8110e

SHA512
cfcc39090759920cdd3c9d4143863efddfc7de4b2abcd00e2c02fea880e3466feb1abbd711e6aca271ab89fa76d52af7075d1af161489995fc88c918fdab625b

Download Submit
C:\Windows\System\CvfyyvY.exe

Filesize
2.0MB

MD5
bca41a7d32a65138c6c7e4d85657dbf4

SHA1
703520909de7273660e15ce2dedca76ae4253c89

SHA256
caad9a5acaeb59323fc3c963f8ac8e4a83da6d205362c74b8c45363ec50fe2e0

SHA512
5e2e66edbad2962606300979c6a087617e670d8d5498c20bf7527a747632d46c192e55750dec72c34a376be43fac9c893bb3c4739a7da2a4cde106ab272fd02e

Download Submit
C:\Windows\System\Eyoqnpp.exe

Filesize
2.0MB

MD5
97f0ecdef065efcb0999cedc56d576f7

SHA1
167cefe469e129a7f410790a78c6cf1244f9b2f6

SHA256
006e171cb042d19fa837c78e7d750bd93b4acc6699dd8db76c8c41eed1ab2940

SHA512
b7f456cd1c1017868bad7f07ff466728f6c1bd0a140ed59bebf153f7580f9c19488b41957b2c6218163ae762f5920fea77418b08cee90b498305539506e169c0

Download Submit
C:\Windows\System\FuRwHzU.exe

Filesize
2.0MB

MD5
d3825d9b4c8687286564679a8db8871b

SHA1
df96692ca0cb0efe3b2e24e204ba41458a1bd278

SHA256
d19a468843af81f8d6327b5a5dd649aff67ec8e47d67a74858e10052a35adced

SHA512
d0fe5f6f8e701cfbf7baf766786e1d3f714afb0e821324a853a746377eeca8d8a20a70ccc6df436d0c9a468cdb23a1f1591e523e8b196b77e6f623eb6c26fa3a

Download Submit
C:\Windows\System\HnXrAzZ.exe

Filesize
2.0MB

MD5
736786ec492e1cd882769ebeba9713ef

SHA1
73225744cbd10c9803a1d2ce5b27d4a372c93cf2

SHA256
c7b4ef0402361fa88b5392d6bb72b4c034e17f1a2cb4f390ef08bdc5ba299bc8

SHA512
f125637eaac60908d99e3d438ecf3cb2bf9e0e39dc8deb733548e9f0d026b7d641ee2f9f75a20e9411c9cb32eb8598afe9f674787ed5d82209aef6037861b9b8

Download Submit
C:\Windows\System\KdnlYDM.exe

Filesize
2.0MB

MD5
e91b834741accfd354e7b06113007b42

SHA1
9de75260bf34739aba470d6e0e5a7d39cbd292a1

SHA256
0f381ae6af4c25a26234d7ae3e257a9a2c99c50272d1a8f91ffd37a15c0e85cd

SHA512
c5af9623f0b1ab88cc89c9c9c9a80ee5388552228ee210bbd37626f96a0515448ab6447451c7d1f5d4bf57dd2f32557b6c0243de25315632919958d2199fffd0

Download Submit
C:\Windows\System\LjMHbcA.exe

Filesize
2.0MB

MD5
bb511c2c6e4c5a316b0003a332dc0b1f

SHA1
bbea1e3b489add841a3bb08c07a6b1e22f6d1d60

SHA256
f40b99fa31b2920b9e0a2c22b48b8d6513ca95328f7ce679a213500920c534ce

SHA512
5951926623ee323dbb6ea6a495450ef72da15e5bc4c36be20035fe64f5614e7ee9a4a1534c8429ff29accb58062427d6571cd9e817d86938ae45360b03e9c67b

Download Submit
C:\Windows\System\MdNzmXq.exe

Filesize
2.0MB

MD5
8fb512e96a9c23d1a5a286a844da7cd9

SHA1
3776b94f1a16a2b0d8958a5f511feacec8a465c6

SHA256
9f84e547a43606a4290276070b99df36e3529d938ce7d2be10e09ea2b4c5b943

SHA512
7fb0ce9101e0864c8216a959fbd9d7f64bf592569702ac5e58bbbbf2761fb3a342cee7108a54dfc3f7a4d2c7143f07691c77edd62e6f75002ddb6bd57c5ce763

Download Submit
C:\Windows\System\NDomaCv.exe

Filesize
2.0MB

MD5
2fd23433a5ec1964dea8686d6be20346

SHA1
179ed012c451b3bc3f23a44535fc53fc45b26cbb

SHA256
67573b0f549b114b53be2fe3186f64fb14c3200a5f3ce55bf11762e075873723

SHA512
7365c8ff040daaca2b69a40767e8435f0f5cd878c2eef93482ad12b227e6d79643fcf976878d5cb1c5abf98cdd7fcc67be8bfeb239173f7f6ed0859ba89da51a

Download Submit
C:\Windows\System\NTxFlhq.exe

Filesize
2.0MB

MD5
85e45f3e803e23736db7521507c6c124

SHA1
14d5f5613f75015f7505170bed29504cbb0c4b81

SHA256
0e3415e164ab5b583ee3ce4096c80389d28c0c91361e1eaae3e3bda628c181e7

SHA512
a0460f5580c3c64739b3970b0f933afb201f940656458aa32866b5e8a9d52aec15cef90a0ab221074b6857a030f5d0d46c3ba9220485e964b428f4b51a12bdbe

Download Submit
C:\Windows\System\OTWxhai.exe

Filesize
2.0MB

MD5
9f8244e40d9326670afd6ea450102e7a

SHA1
ac8c259220d8f7149491a47335f83694974dbc94

SHA256
9078e4b7328a006897a033faca303fc9173dc3a30f2c4de15319268fa9ffb071

SHA512
2c2f0e7b6d7e9fbea3ab929c5764a1030a3da12a373d2a362f8a34ee65c2472dcdd1737235e427069bacc1839480c441ecf08e6bcbc3ddd37740523c7b15f3eb

Download Submit
C:\Windows\System\OyAMkGb.exe

Filesize
2.0MB

MD5
6e670b989d26fc2bcd93de4df3249da3

SHA1
cc2cd743869f1b1ab2d5914fdd3ceb7cc962f4b9

SHA256
616afdce6d902fa103715be3085072a3e7661d2f6bed8ddea370d706a463fcea

SHA512
864d230fe3a897c9bb5b3ca04e69ad47d2c2067f7fb120610f8c9ea7e734aa5f7e31847329d53275c2a4a678417dd78e86f599c82fa13f8b4cbad4abac689ec2

Download Submit
C:\Windows\System\PLqlMHM.exe

Filesize
2.0MB

MD5
0a0117dc5024e60c9e2760ad51ecfdd0

SHA1
cfecf48bd692266aef5095b14daa709e98d04469

SHA256
37c361f3738aba97ae19ced191e406ce829b524f7d2b63e674f60441060fa06a

SHA512
7dcb1b2cba61097d4ab90e5820c12976858bb0b519c26c330c37dbfe1ac2a4a077fc214c189ee092e431b66588fd76bf119509dbbfa16e67527de6013f2ccbb0

Download Submit
C:\Windows\System\RjAQovf.exe

Filesize
2.0MB

MD5
beda2a0d2d7e18094a4962b64cbb9316

SHA1
19a21fdffe69041525da2049715973faded01b57

SHA256
da0cd6cf45a7262cbb2e85210585bb224797f7c6de55453b47044df455390d73

SHA512
9c8b6f9dd03ec94ccb7037a260c2ac9b58064840edb06f2e15fff445a84ba9950913e49c0cb2b1ed57e99d62aed93e72797dc68320b6215768ea20c218e34d08

Download Submit
C:\Windows\System\SDgAQdD.exe

Filesize
2.0MB

MD5
c940abffa77ed27fb22440309e29475f

SHA1
c23f566fc3f38c9e0133036993b1f401a675b3c5

SHA256
8c8996ab8c1086ab6f46ccd7088a6ffee9efbb41e40f4dd96785f963a5e53dad

SHA512
988863fb311a47003ecb2bf9b1f81df1a4d354c574deaa4e7fdad6f2176ab3d7c8d6931ffdc1dcf61ff8aa5192d35440cd47642f8546530a616bc405aa998ec7

Download Submit
C:\Windows\System\TcgRbqd.exe

Filesize
2.0MB

MD5
8e1d87357f465b687d0a06bdd3ab4e3c

SHA1
1513dccfd55c98dbd9ee2ed33fabef9c47ef905d

SHA256
184d640d548b7bd163f2fa495bc0588743cc54c6d6040fa1fb9e7e6e04a233cd

SHA512
0206d42db6ad4c600339c8114fc515b0e760353483c10e56b7be5442ebf431828cb7242e3be70948fe271cb4d867542efd9eea4f80c5bd42b7b802246e3038b1

Download Submit
C:\Windows\System\WkvavqS.exe

Filesize
2.0MB

MD5
0ee488595643aaf3f5a3df04a3f8d868

SHA1
2fc1d196662ca861ddd7ec3d8de10fa1846f707e

SHA256
e18a906aeb5011bf0878f8237931261452d3c71b176c2c51570819a2bc028c9c

SHA512
8ec81ff0269e18df72c02ace69b99efb7a3a7ef313ebbe89e8c22ba096ef3581f4a7ae899bdfa6c0cd93f165b11d552a1a199d932883fd4b1bfb712c29dcd480

Download Submit
C:\Windows\System\YZapdlZ.exe

Filesize
2.0MB

MD5
191a32db8b9cb0659b4df9fd6208e746

SHA1
e936263af54bccedd47d05f64fcb07ad6ad83a13

SHA256
dd1f74b279e57f265054615918e0afcfdc56b34a72456c8561f16955d933d42a

SHA512
139c8e7fa3e0bc40aeebae17d94033f7576d90858885b739509721334fec0a7f8e630718681f0c01e149f95ed5dd2551032c90c64860cdc366b7ffafc2f4bb68

Download Submit
C:\Windows\System\btQufeA.exe

Filesize
2.0MB

MD5
fb664636d30d33f803d8bef992322ed1

SHA1
9d35bc612f442d210d6e2c164953e18cb0e88d21

SHA256
a6872312f5f638f6f56c1f2ec17cf91bd30c9ebedd629df38012ba1cec58f2a4

SHA512
0fdb393deb16dc1eed4cc41789a31e340a40a740693e77728c949a6717a344c14e84fe28896abd3c4fe1812a206b92a8328ab530b192fe7c43fa0f4313d5de75

Download Submit
C:\Windows\System\iTUrDIz.exe

Filesize
2.0MB

MD5
8650323802e81bae6d11cfbb8750f2cc

SHA1
f626f843704bbe79ac1f49cb337f0cda334c8a30

SHA256
a76725f6c71fee8176b4fb59c5468d3b9f21b21bd04c948a5599853fea90bc11

SHA512
9564159e1554c520ee933f4f53465a6b906559aab17f69628618f9040a6b2773c2c460f8815806d2b90f3ca0c3be42c37cb7e6cfb8b0f919f1d02211f817b879

Download Submit
C:\Windows\System\kaKvaaR.exe

Filesize
2.0MB

MD5
07caf399d32b53c375dfd679c9af2970

SHA1
1cea955709aa0aa0cd6f20712599fee235dd5959

SHA256
f0bc4aac5cd426ca13727942010e04126a887a8966b502f76862ea97218bdfee

SHA512
8432b6b1994d84c7eb6c2f3eab7846e1d74204ea5dc40ca4a5dfede320f8393be58540e8b1901c06c54659801741aaf75b325f3f57a94754da8528da1c6546cf

Download Submit
C:\Windows\System\nDyAOSE.exe

Filesize
2.0MB

MD5
f0209a570d5cb1e11d0e6459573c779b

SHA1
94f78be5249da5c1f8a7065cc013586bdad1713b

SHA256
bb1d394bef0258f68e99a42508eed8136af813b53df39943955f20e2ce5ad1e7

SHA512
9ccf642f1737a6c0af1ababe87fd2352ea73886c04d274799e7701c3ffb8745fb537decd4cab5faa6012610ad36cd295e579c51fdab219106c8ce8d75ef7722d

Download Submit
C:\Windows\System\nEUpzGi.exe

Filesize
2.0MB

MD5
17972cee6635de0c43209e66d3ca5745

SHA1
da511497b517df84af081fdad84996541bb70d21

SHA256
7fbac36423d4a4d437b805666ce56f770ec649863c7aa0213eca8cfe2bb7e351

SHA512
f18886c66759b7812ae12b0db5a9f737aaf075710c63d37cb1eed6fe2075c9a15a38157452e25c3dbe603fb1f11aff0395e4cc516c219235f8dff35e4d56b7d3

Download Submit
C:\Windows\System\oAPYtLC.exe

Filesize
2.0MB

MD5
0e8429448f80d51c778b5cdb4908c4e6

SHA1
0fb33297f39f3a6bc5bac67f3a36f922b9aed14c

SHA256
e20b6470f2f318f1f97edb439ec6c4de29d81c5c2baaa981b813e0b3ce62bac0

SHA512
4bf581410c8486ecbd3796704b44c1e1c312a93672c48b47003fea89732f623b1c79dbeb785dfef4db69aa75855c6b1bcc7ba00ecd4d259541fd110a7a33df5d

Download Submit
C:\Windows\System\oprRADb.exe

Filesize
2.0MB

MD5
f4aea9cfbd623a0b05ff385008a52ec7

SHA1
f82a9555c7057a6cfa95fd011f8d45706fa1b5a4

SHA256
a0e9868cd3e4e602880042cceec4e7ca9983e093a9245b9f064cf330bbea76f6

SHA512
ac8c2766a03b6c7566fd737076a61a620b00038cadb01b491c3d7913f05241c3df5b41daa3e22cc7ff9226c19872491b69a143819ce9f7363330f94bc080f45c

Download Submit
C:\Windows\System\orvfKuD.exe

Filesize
2.0MB

MD5
8b156f129c9ac3c805928dceb308b83a

SHA1
33086fce9801ac6304cc220856807d73d5dd1119

SHA256
090a6e4c98dbf7bf530a9e1b120ada8deb6a576c2d711a539c17f215a9694c48

SHA512
24424ae6c4eccf4e8bfc4ebb15a3543f35dc9f7ca81738954503e459a3461ef8318baec1031a919fea18d132161c18f52390eea142d038b976f512fd45a0ef0e

Download Submit
C:\Windows\System\pFMrifr.exe

Filesize
2.0MB

MD5
0536e6fbf2c604374204149c8ba62798

SHA1
863d2aeca92a3af3f116554fe39d341d588dc833

SHA256
e9f6502dd171aeecf611c5866d0ceed4b463504590422a1b83dccdafb239d1d9

SHA512
18617e9df27c75aa86c4b0c566153ceb8f2301a8c299b99e9caeba74f54140358088a4c9d00aba336e64c24ee627b08d1054068c7ba21280110504a1470aacfe

Download Submit
C:\Windows\System\qbwFKgT.exe

Filesize
2.0MB

MD5
5986eefd8717e03df9cccc5722b3d0f7

SHA1
51a176541a27def71a19d0dd54f7ca7dfa426651

SHA256
57e5b4f0fb47c6a5ddda35f722547751fa926db3f6e0d2ca4fd1aa3281a99ef1

SHA512
f966aaae5baf2bd030c924933d18761721b3102f5b94764d43a56154a113a12597c0c038b89ac0cb678838769924be361e326af03f91a82e6f8491f2c5f7c1c9

Download Submit
C:\Windows\System\xREcJhd.exe

Filesize
2.0MB

MD5
b2c813367e5138ecce19b87b0dac799d

SHA1
d25109989051372c9b089c9f0f3a7db6f86934f2

SHA256
b5dea975c852fe4e4117356a55131f022335a0a41010541b53b951c9d3ebf5e5

SHA512
ef6afd5ed2c6ae6cd6d46a6f30ac0922ff12cefc196e5d2c896ec093fbedd84df3c04a8f9e15fc16a8062d7aeee327a84a1bd74bad469fcec6b3bd65d8bb4682

Download Submit
C:\Windows\System\zBykdLD.exe

Filesize
2.0MB

MD5
27933b097dbebd85df0e960fc3d551d7

SHA1
a822822e81279b47dd9b9322923def741d8a05a9

SHA256
26f2f7e3d5c32febd1dea65d2fcc99b3c7b53e08a258591d405c6908a08dd740

SHA512
ea911e890940a77e0ca55e34c9b9c4392fdddfb8ba686a471a5b9df9d76cae367573e43ad95bef94b4bf01e38b1c2f03f71430a69d513cdccdf4f5949aa51f1b

Download Submit
memory/372-523-0x00007FF6428F0000-0x00007FF642C44000-memory.dmp

Filesize
3.3MB

Download
memory/372-2150-0x00007FF6428F0000-0x00007FF642C44000-memory.dmp

Filesize
3.3MB

Download
memory/432-608-0x00007FF68DA40000-0x00007FF68DD94000-memory.dmp

Filesize
3.3MB

Download
memory/432-2163-0x00007FF68DA40000-0x00007FF68DD94000-memory.dmp

Filesize
3.3MB

Download
memory/532-577-0x00007FF7687E0000-0x00007FF768B34000-memory.dmp

Filesize
3.3MB

Download
memory/532-2155-0x00007FF7687E0000-0x00007FF768B34000-memory.dmp

Filesize
3.3MB

Download
memory/632-620-0x00007FF664CF0000-0x00007FF665044000-memory.dmp

Filesize
3.3MB

Download
memory/632-2159-0x00007FF664CF0000-0x00007FF665044000-memory.dmp

Filesize
3.3MB

Download
memory/1288-2142-0x00007FF7198A0000-0x00007FF719BF4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-496-0x00007FF7198A0000-0x00007FF719BF4000-memory.dmp

Filesize
3.3MB

Download
memory/1324-2161-0x00007FF61EE00000-0x00007FF61F154000-memory.dmp

Filesize
3.3MB

Download
memory/1324-596-0x00007FF61EE00000-0x00007FF61F154000-memory.dmp

Filesize
3.3MB

Download
memory/1564-2141-0x00007FF75E220000-0x00007FF75E574000-memory.dmp

Filesize
3.3MB

Download
memory/1564-495-0x00007FF75E220000-0x00007FF75E574000-memory.dmp

Filesize
3.3MB

Download
memory/2024-494-0x00007FF6CD5F0000-0x00007FF6CD944000-memory.dmp

Filesize
3.3MB

Download
memory/2024-2140-0x00007FF6CD5F0000-0x00007FF6CD944000-memory.dmp

Filesize
3.3MB

Download
memory/2044-509-0x00007FF60D3A0000-0x00007FF60D6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-2145-0x00007FF60D3A0000-0x00007FF60D6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2157-0x00007FF78E030000-0x00007FF78E384000-memory.dmp

Filesize
3.3MB

Download
memory/2228-570-0x00007FF78E030000-0x00007FF78E384000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2160-0x00007FF652C70000-0x00007FF652FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-628-0x00007FF652C70000-0x00007FF652FC4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2162-0x00007FF6B4AC0000-0x00007FF6B4E14000-memory.dmp

Filesize
3.3MB

Download
memory/2372-611-0x00007FF6B4AC0000-0x00007FF6B4E14000-memory.dmp

Filesize
3.3MB

Download
memory/2392-556-0x00007FF73E7C0000-0x00007FF73EB14000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2154-0x00007FF73E7C0000-0x00007FF73EB14000-memory.dmp

Filesize
3.3MB

Download
memory/2420-502-0x00007FF702870000-0x00007FF702BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2146-0x00007FF702870000-0x00007FF702BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2152-0x00007FF6F7080000-0x00007FF6F73D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-562-0x00007FF6F7080000-0x00007FF6F73D4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-2139-0x00007FF6D5AA0000-0x00007FF6D5DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-634-0x00007FF6D5AA0000-0x00007FF6D5DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-2138-0x00007FF642120000-0x00007FF642474000-memory.dmp

Filesize
3.3MB

Download
memory/2928-493-0x00007FF642120000-0x00007FF642474000-memory.dmp

Filesize
3.3MB

Download
memory/3388-550-0x00007FF6F1910000-0x00007FF6F1C64000-memory.dmp

Filesize
3.3MB

Download
memory/3388-2153-0x00007FF6F1910000-0x00007FF6F1C64000-memory.dmp

Filesize
3.3MB

Download
memory/3392-12-0x00007FF7D7960000-0x00007FF7D7CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2133-0x00007FF7D7960000-0x00007FF7D7CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3392-2135-0x00007FF7D7960000-0x00007FF7D7CB4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-2149-0x00007FF7FDB70000-0x00007FF7FDEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3712-528-0x00007FF7FDB70000-0x00007FF7FDEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2137-0x00007FF75FF40000-0x00007FF760294000-memory.dmp

Filesize
3.3MB

Download
memory/3820-13-0x00007FF75FF40000-0x00007FF760294000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2134-0x00007FF75FF40000-0x00007FF760294000-memory.dmp

Filesize
3.3MB

Download
memory/3992-0-0x00007FF6BD9F0000-0x00007FF6BDD44000-memory.dmp

Filesize
3.3MB

Download
memory/3992-1-0x000002C323990000-0x000002C3239A0000-memory.dmp

Filesize
64KB

Download
memory/4424-45-0x00007FF7AF850000-0x00007FF7AFBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4424-2136-0x00007FF7AF850000-0x00007FF7AFBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2147-0x00007FF690120000-0x00007FF690474000-memory.dmp

Filesize
3.3MB

Download
memory/4624-516-0x00007FF690120000-0x00007FF690474000-memory.dmp

Filesize
3.3MB

Download
memory/4868-537-0x00007FF653DC0000-0x00007FF654114000-memory.dmp

Filesize
3.3MB

Download
memory/4868-2151-0x00007FF653DC0000-0x00007FF654114000-memory.dmp

Filesize
3.3MB

Download
memory/4880-589-0x00007FF679370000-0x00007FF6796C4000-memory.dmp

Filesize
3.3MB

Download
memory/4880-2158-0x00007FF679370000-0x00007FF6796C4000-memory.dmp

Filesize
3.3MB

Download
memory/4888-2148-0x00007FF60A340000-0x00007FF60A694000-memory.dmp

Filesize
3.3MB

Download
memory/4888-531-0x00007FF60A340000-0x00007FF60A694000-memory.dmp

Filesize
3.3MB

Download
memory/4920-2143-0x00007FF6F0040000-0x00007FF6F0394000-memory.dmp

Filesize
3.3MB

Download
memory/4920-497-0x00007FF6F0040000-0x00007FF6F0394000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2144-0x00007FF7AEBE0000-0x00007FF7AEF34000-memory.dmp

Filesize
3.3MB

Download
memory/4988-498-0x00007FF7AEBE0000-0x00007FF7AEF34000-memory.dmp

Filesize
3.3MB

Download
memory/5020-586-0x00007FF776D10000-0x00007FF777064000-memory.dmp

Filesize
3.3MB

Download
memory/5020-2156-0x00007FF776D10000-0x00007FF777064000-memory.dmp

Filesize
3.3MB

Download