xmrig | 87d23c457842e7409494fa01c045ea7891c8cdff1d782f78b4ce16a8418d3df8

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
Size

1.6MB
MD5

16fb8dd9b6bae18affa728ccd6f65660
SHA1

e27b2b8b330fec09cb0fb5c4bea77f22271d0ff5
SHA256

87d23c457842e7409494fa01c045ea7891c8cdff1d782f78b4ce16a8418d3df8
SHA512

8fa8b5dd9cb79698f33be97e13f73d7d86d1cdc0954d8209f5c72bbc8688817ca092bbf4216f5f1a0b3631424c81c9371858c08662cc52e4ef33c4ae68bb07e0
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkipBh8tGxHIBWGlTqTGzk+lOagppeTb2T4BZymGbF:Lz071uv4BPMkiFGlObx

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/2328-475-0x00007FF6475A0000-0x00007FF647992000-memory.dmp	xmrig
behavioral2/memory/3136-512-0x00007FF6449F0000-0x00007FF644DE2000-memory.dmp	xmrig
behavioral2/memory/1704-516-0x00007FF602C00000-0x00007FF602FF2000-memory.dmp	xmrig
behavioral2/memory/552-520-0x00007FF7E4610000-0x00007FF7E4A02000-memory.dmp	xmrig
behavioral2/memory/4956-1679-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp	xmrig
behavioral2/memory/1212-1645-0x00007FF6C53F0000-0x00007FF6C57E2000-memory.dmp	xmrig
behavioral2/memory/1296-1077-0x00007FF7004E0000-0x00007FF7008D2000-memory.dmp	xmrig
behavioral2/memory/3756-862-0x00007FF7CDF30000-0x00007FF7CE322000-memory.dmp	xmrig
behavioral2/memory/1492-817-0x00007FF6C9360000-0x00007FF6C9752000-memory.dmp	xmrig
behavioral2/memory/1792-690-0x00007FF733220000-0x00007FF733612000-memory.dmp	xmrig
behavioral2/memory/2696-580-0x00007FF7732C0000-0x00007FF7736B2000-memory.dmp	xmrig
behavioral2/memory/2076-521-0x00007FF671740000-0x00007FF671B32000-memory.dmp	xmrig
behavioral2/memory/1660-519-0x00007FF6745D0000-0x00007FF6749C2000-memory.dmp	xmrig
behavioral2/memory/2800-518-0x00007FF7009C0000-0x00007FF700DB2000-memory.dmp	xmrig
behavioral2/memory/3188-517-0x00007FF709700000-0x00007FF709AF2000-memory.dmp	xmrig
behavioral2/memory/1680-515-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp	xmrig
behavioral2/memory/3832-514-0x00007FF64A2C0000-0x00007FF64A6B2000-memory.dmp	xmrig
behavioral2/memory/660-513-0x00007FF725140000-0x00007FF725532000-memory.dmp	xmrig
behavioral2/memory/2368-399-0x00007FF63D260000-0x00007FF63D652000-memory.dmp	xmrig
behavioral2/memory/456-298-0x00007FF733D50000-0x00007FF734142000-memory.dmp	xmrig
behavioral2/memory/3980-297-0x00007FF6244D0000-0x00007FF6248C2000-memory.dmp	xmrig
behavioral2/memory/4624-260-0x00007FF788F50000-0x00007FF789342000-memory.dmp	xmrig
behavioral2/memory/4368-242-0x00007FF6BA580000-0x00007FF6BA972000-memory.dmp	xmrig
behavioral2/memory/532-3025-0x00007FF7FDB80000-0x00007FF7FDF72000-memory.dmp	xmrig
behavioral2/memory/1212-3027-0x00007FF6C53F0000-0x00007FF6C57E2000-memory.dmp	xmrig
behavioral2/memory/4368-3029-0x00007FF6BA580000-0x00007FF6BA972000-memory.dmp	xmrig
behavioral2/memory/660-3031-0x00007FF725140000-0x00007FF725532000-memory.dmp	xmrig
behavioral2/memory/3980-3033-0x00007FF6244D0000-0x00007FF6248C2000-memory.dmp	xmrig
behavioral2/memory/456-3066-0x00007FF733D50000-0x00007FF734142000-memory.dmp	xmrig
behavioral2/memory/552-3132-0x00007FF7E4610000-0x00007FF7E4A02000-memory.dmp	xmrig
behavioral2/memory/3136-3111-0x00007FF6449F0000-0x00007FF644DE2000-memory.dmp	xmrig
behavioral2/memory/4624-3129-0x00007FF788F50000-0x00007FF789342000-memory.dmp	xmrig
behavioral2/memory/4956-3109-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp	xmrig
behavioral2/memory/1680-3102-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp	xmrig
behavioral2/memory/2368-3078-0x00007FF63D260000-0x00007FF63D652000-memory.dmp	xmrig
behavioral2/memory/2328-3075-0x00007FF6475A0000-0x00007FF647992000-memory.dmp	xmrig
behavioral2/memory/3832-3080-0x00007FF64A2C0000-0x00007FF64A6B2000-memory.dmp	xmrig
behavioral2/memory/1492-3077-0x00007FF6C9360000-0x00007FF6C9752000-memory.dmp	xmrig
behavioral2/memory/1704-3138-0x00007FF602C00000-0x00007FF602FF2000-memory.dmp	xmrig
behavioral2/memory/2800-3185-0x00007FF7009C0000-0x00007FF700DB2000-memory.dmp	xmrig
behavioral2/memory/1296-3182-0x00007FF7004E0000-0x00007FF7008D2000-memory.dmp	xmrig
behavioral2/memory/2076-3178-0x00007FF671740000-0x00007FF671B32000-memory.dmp	xmrig
behavioral2/memory/3756-3172-0x00007FF7CDF30000-0x00007FF7CE322000-memory.dmp	xmrig
behavioral2/memory/3188-3169-0x00007FF709700000-0x00007FF709AF2000-memory.dmp	xmrig
behavioral2/memory/1792-3171-0x00007FF733220000-0x00007FF733612000-memory.dmp	xmrig
behavioral2/memory/2696-3137-0x00007FF7732C0000-0x00007FF7736B2000-memory.dmp	xmrig
behavioral2/memory/1660-3135-0x00007FF6745D0000-0x00007FF6749C2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1644	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
532	jjCBAdT.exe
1212	rwRIVCy.exe
4368	JkcFWyt.exe
4624	xZUJJYG.exe
3980	iVYFLxV.exe
456	dgZSNpA.exe
2368	NeLGmrJ.exe
2328	mUQLcgh.exe
3136	JPpHeaY.exe
660	yJEaHdy.exe
3832	DfEqCjS.exe
1680	jMWuQIZ.exe
4956	CrpOFmb.exe
1704	aGqElgG.exe
3188	KUUfELb.exe
2800	PQFnTLz.exe
1660	CNaTMVl.exe
552	CWbTphO.exe
2076	vPRIECO.exe
2696	teUFKso.exe
1792	ZrbVjVG.exe
1492	EoOlcRi.exe
3756	ThpopkO.exe
1296	Bsxmpxa.exe
3260	BIHNMFf.exe
3376	umYxktX.exe
4564	uQoQmwt.exe
4380	idPEpzh.exe
3696	nSFozse.exe
4472	uZHbdAE.exe
1772	oopqPfZ.exe
4664	PAelVMV.exe
4052	ZzjsMcX.exe
5072	FlbThYt.exe
3152	rvalNtc.exe
2016	tAdGxdD.exe
744	xHYrFZO.exe
2876	ltDqdLh.exe
4220	CWtoaas.exe
4684	inQERUv.exe
3096	VxuzSqB.exe
2904	HMeWbNl.exe
4056	OkiDXoR.exe
4448	SxoYrVS.exe
4700	BVeIZea.exe
3684	uaELUpP.exe
2024	fuDBLlb.exe
4604	JUqOTbY.exe
1472	oyNZZac.exe
4884	ECrwtUI.exe
3976	ohXWSdR.exe
3580	FqCXUag.exe
2948	RMoZeuS.exe
892	YqOqOik.exe
4140	tqlJnyk.exe
4504	sAfXLdu.exe
2028	kxgeUBX.exe
4344	ybXpBay.exe
1320	gzLUQuz.exe
2032	VzXKXfc.exe
1436	pJpkIFC.exe
3760	szNCSjt.exe
3148	kJcgEJw.exe
1756	mzSgwVn.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4796-0-0x00007FF7A7F10000-0x00007FF7A8302000-memory.dmp	upx
behavioral2/files/0x0006000000023278-6.dat	upx
behavioral2/memory/532-8-0x00007FF7FDB80000-0x00007FF7FDF72000-memory.dmp	upx
behavioral2/files/0x000800000002340b-20.dat	upx
behavioral2/files/0x0008000000023409-32.dat	upx
behavioral2/files/0x000800000002340a-43.dat	upx
behavioral2/files/0x0007000000023413-68.dat	upx
behavioral2/files/0x000700000002341c-103.dat	upx
behavioral2/files/0x0007000000023423-133.dat	upx
behavioral2/files/0x000700000002341b-185.dat	upx
behavioral2/memory/2328-475-0x00007FF6475A0000-0x00007FF647992000-memory.dmp	upx
behavioral2/memory/3136-512-0x00007FF6449F0000-0x00007FF644DE2000-memory.dmp	upx
behavioral2/memory/1704-516-0x00007FF602C00000-0x00007FF602FF2000-memory.dmp	upx
behavioral2/memory/552-520-0x00007FF7E4610000-0x00007FF7E4A02000-memory.dmp	upx
behavioral2/memory/4956-1679-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp	upx
behavioral2/memory/1212-1645-0x00007FF6C53F0000-0x00007FF6C57E2000-memory.dmp	upx
behavioral2/memory/1296-1077-0x00007FF7004E0000-0x00007FF7008D2000-memory.dmp	upx
behavioral2/memory/3756-862-0x00007FF7CDF30000-0x00007FF7CE322000-memory.dmp	upx
behavioral2/memory/1492-817-0x00007FF6C9360000-0x00007FF6C9752000-memory.dmp	upx
behavioral2/memory/1792-690-0x00007FF733220000-0x00007FF733612000-memory.dmp	upx
behavioral2/memory/2696-580-0x00007FF7732C0000-0x00007FF7736B2000-memory.dmp	upx
behavioral2/memory/2076-521-0x00007FF671740000-0x00007FF671B32000-memory.dmp	upx
behavioral2/memory/1660-519-0x00007FF6745D0000-0x00007FF6749C2000-memory.dmp	upx
behavioral2/memory/2800-518-0x00007FF7009C0000-0x00007FF700DB2000-memory.dmp	upx
behavioral2/memory/3188-517-0x00007FF709700000-0x00007FF709AF2000-memory.dmp	upx
behavioral2/memory/1680-515-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp	upx
behavioral2/memory/3832-514-0x00007FF64A2C0000-0x00007FF64A6B2000-memory.dmp	upx
behavioral2/memory/660-513-0x00007FF725140000-0x00007FF725532000-memory.dmp	upx
behavioral2/memory/2368-399-0x00007FF63D260000-0x00007FF63D652000-memory.dmp	upx
behavioral2/memory/456-298-0x00007FF733D50000-0x00007FF734142000-memory.dmp	upx
behavioral2/memory/3980-297-0x00007FF6244D0000-0x00007FF6248C2000-memory.dmp	upx
behavioral2/memory/4624-260-0x00007FF788F50000-0x00007FF789342000-memory.dmp	upx
behavioral2/memory/4368-242-0x00007FF6BA580000-0x00007FF6BA972000-memory.dmp	upx
behavioral2/files/0x000700000002342f-219.dat	upx
behavioral2/files/0x000700000002341e-216.dat	upx
behavioral2/files/0x000700000002342c-207.dat	upx
behavioral2/files/0x000700000002342b-206.dat	upx
behavioral2/files/0x000700000002342a-200.dat	upx
behavioral2/files/0x0007000000023426-198.dat	upx
behavioral2/files/0x0007000000023424-187.dat	upx
behavioral2/files/0x0007000000023429-184.dat	upx
behavioral2/files/0x0007000000023419-169.dat	upx
behavioral2/files/0x0007000000023418-167.dat	upx
behavioral2/files/0x0007000000023420-157.dat	upx
behavioral2/files/0x0007000000023415-156.dat	upx
behavioral2/files/0x0007000000023427-155.dat	upx
behavioral2/files/0x0007000000023416-151.dat	upx
behavioral2/files/0x000700000002342e-212.dat	upx
behavioral2/files/0x0007000000023410-148.dat	upx
behavioral2/files/0x0007000000023425-138.dat	upx
behavioral2/files/0x0007000000023422-176.dat	upx
behavioral2/files/0x0007000000023428-175.dat	upx
behavioral2/files/0x0007000000023421-128.dat	upx
behavioral2/files/0x0008000000023407-165.dat	upx
behavioral2/files/0x0007000000023412-122.dat	upx
behavioral2/files/0x000700000002341f-120.dat	upx
behavioral2/files/0x0007000000023426-139.dat	upx
behavioral2/files/0x000700000002341d-108.dat	upx
behavioral2/files/0x000700000002341a-101.dat	upx
behavioral2/files/0x000700000002340e-125.dat	upx
behavioral2/files/0x000700000002340c-121.dat	upx
behavioral2/files/0x000700000002340d-89.dat	upx
behavioral2/files/0x0007000000023411-80.dat	upx
behavioral2/files/0x0007000000023414-116.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Qayyznd.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\pZmxBgW.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\xoCjBag.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\VlqVxfu.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\gxVIplg.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\ksycNQj.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\wAUOkVA.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\hQUSLQz.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\ASYjTsE.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\tPLgDjv.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\VscZlPR.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\HnPlOCj.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\rwRIVCy.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\ERPTWtT.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\wumbmpr.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\hkeQxqc.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\xMJSOTl.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\fOpILgj.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\NhGnMUd.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\frdetiV.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\jahrOFi.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\mFzlrGf.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\MeaKAOp.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\ndpSxUC.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\BrZsNLl.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\mUVeQAK.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\GrWVvte.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\FUhhuUT.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\DjZSmfr.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\ZUptnKi.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\HzkUIzh.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\jybksqr.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\UlxsimA.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\HeehSnZ.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\vuxmzOe.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\BVeIZea.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\zllgOyz.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\xhkAIDn.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\OjJudzP.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\adWugbv.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\vjwxsbQ.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\NBbsYoN.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\sCpvooR.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\agmOFaf.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\aDfpXml.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\xTQCwEt.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\IzLznYk.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\tZYhUwq.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\YCXmGRT.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\wYUDMZF.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\AfnYSFq.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\PRIKfTB.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\dDMMIpz.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\ctPcDzv.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\hvzvXKh.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\YqOqOik.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\VIQGaQO.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\mTezyig.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\xpnmzWp.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\NHPcopG.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\OlwNDll.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\SWaWwvU.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\OQyaiZH.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
File created	C:\Windows\System\VtqKgeu.exe	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1644	powershell.exe
1644	powershell.exe
1644	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
Token: SeDebugPrivilege	1644	powershell.exe
Token: SeLockMemoryPrivilege	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 1644	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	83
PID 4796 wrote to memory of 1644	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	83
PID 4796 wrote to memory of 532	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	84
PID 4796 wrote to memory of 532	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	84
PID 4796 wrote to memory of 1212	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	85
PID 4796 wrote to memory of 1212	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	85
PID 4796 wrote to memory of 4368	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	86
PID 4796 wrote to memory of 4368	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	86
PID 4796 wrote to memory of 4624	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	87
PID 4796 wrote to memory of 4624	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	87
PID 4796 wrote to memory of 3980	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	88
PID 4796 wrote to memory of 3980	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	88
PID 4796 wrote to memory of 456	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	89
PID 4796 wrote to memory of 456	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	89
PID 4796 wrote to memory of 2368	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	90
PID 4796 wrote to memory of 2368	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	90
PID 4796 wrote to memory of 2328	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	91
PID 4796 wrote to memory of 2328	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	91
PID 4796 wrote to memory of 3136	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	92
PID 4796 wrote to memory of 3136	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	92
PID 4796 wrote to memory of 660	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	93
PID 4796 wrote to memory of 660	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	93
PID 4796 wrote to memory of 3832	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	94
PID 4796 wrote to memory of 3832	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	94
PID 4796 wrote to memory of 1680	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	95
PID 4796 wrote to memory of 1680	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	95
PID 4796 wrote to memory of 4956	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	96
PID 4796 wrote to memory of 4956	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	96
PID 4796 wrote to memory of 1704	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	97
PID 4796 wrote to memory of 1704	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	97
PID 4796 wrote to memory of 3188	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	98
PID 4796 wrote to memory of 3188	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	98
PID 4796 wrote to memory of 2800	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	99
PID 4796 wrote to memory of 2800	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	99
PID 4796 wrote to memory of 1660	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	100
PID 4796 wrote to memory of 1660	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	100
PID 4796 wrote to memory of 552	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	101
PID 4796 wrote to memory of 552	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	101
PID 4796 wrote to memory of 2076	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	102
PID 4796 wrote to memory of 2076	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	102
PID 4796 wrote to memory of 2696	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	103
PID 4796 wrote to memory of 2696	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	103
PID 4796 wrote to memory of 1792	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	104
PID 4796 wrote to memory of 1792	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	104
PID 4796 wrote to memory of 1492	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	105
PID 4796 wrote to memory of 1492	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	105
PID 4796 wrote to memory of 3756	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	106
PID 4796 wrote to memory of 3756	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	106
PID 4796 wrote to memory of 1296	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	107
PID 4796 wrote to memory of 1296	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	107
PID 4796 wrote to memory of 4664	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	108
PID 4796 wrote to memory of 4664	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	108
PID 4796 wrote to memory of 3260	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	109
PID 4796 wrote to memory of 3260	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	109
PID 4796 wrote to memory of 3376	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	110
PID 4796 wrote to memory of 3376	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	110
PID 4796 wrote to memory of 4564	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	111
PID 4796 wrote to memory of 4564	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	111
PID 4796 wrote to memory of 4380	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	112
PID 4796 wrote to memory of 4380	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	112
PID 4796 wrote to memory of 3696	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	113
PID 4796 wrote to memory of 3696	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	113
PID 4796 wrote to memory of 4472	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	114
PID 4796 wrote to memory of 4472	4796	16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\16fb8dd9b6bae18affa728ccd6f65660_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1644
- C:\Windows\System\jjCBAdT.exe
  C:\Windows\System\jjCBAdT.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\rwRIVCy.exe
  C:\Windows\System\rwRIVCy.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\JkcFWyt.exe
  C:\Windows\System\JkcFWyt.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\xZUJJYG.exe
  C:\Windows\System\xZUJJYG.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\iVYFLxV.exe
  C:\Windows\System\iVYFLxV.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\dgZSNpA.exe
  C:\Windows\System\dgZSNpA.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\NeLGmrJ.exe
  C:\Windows\System\NeLGmrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\mUQLcgh.exe
  C:\Windows\System\mUQLcgh.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\JPpHeaY.exe
  C:\Windows\System\JPpHeaY.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\yJEaHdy.exe
  C:\Windows\System\yJEaHdy.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\DfEqCjS.exe
  C:\Windows\System\DfEqCjS.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\jMWuQIZ.exe
  C:\Windows\System\jMWuQIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\CrpOFmb.exe
  C:\Windows\System\CrpOFmb.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\aGqElgG.exe
  C:\Windows\System\aGqElgG.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\KUUfELb.exe
  C:\Windows\System\KUUfELb.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\PQFnTLz.exe
  C:\Windows\System\PQFnTLz.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\CNaTMVl.exe
  C:\Windows\System\CNaTMVl.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\CWbTphO.exe
  C:\Windows\System\CWbTphO.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\vPRIECO.exe
  C:\Windows\System\vPRIECO.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\teUFKso.exe
  C:\Windows\System\teUFKso.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ZrbVjVG.exe
  C:\Windows\System\ZrbVjVG.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\EoOlcRi.exe
  C:\Windows\System\EoOlcRi.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\ThpopkO.exe
  C:\Windows\System\ThpopkO.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\Bsxmpxa.exe
  C:\Windows\System\Bsxmpxa.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\PAelVMV.exe
  C:\Windows\System\PAelVMV.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\BIHNMFf.exe
  C:\Windows\System\BIHNMFf.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\umYxktX.exe
  C:\Windows\System\umYxktX.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\uQoQmwt.exe
  C:\Windows\System\uQoQmwt.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\idPEpzh.exe
  C:\Windows\System\idPEpzh.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\nSFozse.exe
  C:\Windows\System\nSFozse.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\uZHbdAE.exe
  C:\Windows\System\uZHbdAE.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\oopqPfZ.exe
  C:\Windows\System\oopqPfZ.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\ZzjsMcX.exe
  C:\Windows\System\ZzjsMcX.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\FlbThYt.exe
  C:\Windows\System\FlbThYt.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\rvalNtc.exe
  C:\Windows\System\rvalNtc.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\tAdGxdD.exe
  C:\Windows\System\tAdGxdD.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\xHYrFZO.exe
  C:\Windows\System\xHYrFZO.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\ltDqdLh.exe
  C:\Windows\System\ltDqdLh.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\kxgeUBX.exe
  C:\Windows\System\kxgeUBX.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\CWtoaas.exe
  C:\Windows\System\CWtoaas.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\inQERUv.exe
  C:\Windows\System\inQERUv.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\VxuzSqB.exe
  C:\Windows\System\VxuzSqB.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\HMeWbNl.exe
  C:\Windows\System\HMeWbNl.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\OkiDXoR.exe
  C:\Windows\System\OkiDXoR.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\SxoYrVS.exe
  C:\Windows\System\SxoYrVS.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\BVeIZea.exe
  C:\Windows\System\BVeIZea.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\uaELUpP.exe
  C:\Windows\System\uaELUpP.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\fuDBLlb.exe
  C:\Windows\System\fuDBLlb.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\JUqOTbY.exe
  C:\Windows\System\JUqOTbY.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\oyNZZac.exe
  C:\Windows\System\oyNZZac.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\ECrwtUI.exe
  C:\Windows\System\ECrwtUI.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\ohXWSdR.exe
  C:\Windows\System\ohXWSdR.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\FqCXUag.exe
  C:\Windows\System\FqCXUag.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\RMoZeuS.exe
  C:\Windows\System\RMoZeuS.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\YqOqOik.exe
  C:\Windows\System\YqOqOik.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\tqlJnyk.exe
  C:\Windows\System\tqlJnyk.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\sAfXLdu.exe
  C:\Windows\System\sAfXLdu.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\ybXpBay.exe
  C:\Windows\System\ybXpBay.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\gzLUQuz.exe
  C:\Windows\System\gzLUQuz.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\VzXKXfc.exe
  C:\Windows\System\VzXKXfc.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\pJpkIFC.exe
  C:\Windows\System\pJpkIFC.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\szNCSjt.exe
  C:\Windows\System\szNCSjt.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\kJcgEJw.exe
  C:\Windows\System\kJcgEJw.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\mzSgwVn.exe
  C:\Windows\System\mzSgwVn.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\rVsMCpK.exe
  C:\Windows\System\rVsMCpK.exe
  2⤵
  PID:3484
- C:\Windows\System\zllgOyz.exe
  C:\Windows\System\zllgOyz.exe
  2⤵
  PID:1188
- C:\Windows\System\zlnYWiF.exe
  C:\Windows\System\zlnYWiF.exe
  2⤵
  PID:4524
- C:\Windows\System\NiIMNxG.exe
  C:\Windows\System\NiIMNxG.exe
  2⤵
  PID:2820
- C:\Windows\System\NorGngL.exe
  C:\Windows\System\NorGngL.exe
  2⤵
  PID:1412
- C:\Windows\System\CIigPEo.exe
  C:\Windows\System\CIigPEo.exe
  2⤵
  PID:3724
- C:\Windows\System\OeIWMAk.exe
  C:\Windows\System\OeIWMAk.exe
  2⤵
  PID:4792
- C:\Windows\System\blDRMxo.exe
  C:\Windows\System\blDRMxo.exe
  2⤵
  PID:1592
- C:\Windows\System\BXvkVFD.exe
  C:\Windows\System\BXvkVFD.exe
  2⤵
  PID:436
- C:\Windows\System\MZhivHD.exe
  C:\Windows\System\MZhivHD.exe
  2⤵
  PID:2072
- C:\Windows\System\igijAcB.exe
  C:\Windows\System\igijAcB.exe
  2⤵
  PID:1700
- C:\Windows\System\MxSpxBE.exe
  C:\Windows\System\MxSpxBE.exe
  2⤵
  PID:4728
- C:\Windows\System\hCyLGcL.exe
  C:\Windows\System\hCyLGcL.exe
  2⤵
  PID:3560
- C:\Windows\System\KcrPYkW.exe
  C:\Windows\System\KcrPYkW.exe
  2⤵
  PID:4112
- C:\Windows\System\pIHziYE.exe
  C:\Windows\System\pIHziYE.exe
  2⤵
  PID:3312
- C:\Windows\System\DXCmiCS.exe
  C:\Windows\System\DXCmiCS.exe
  2⤵
  PID:4388
- C:\Windows\System\zjRsmWY.exe
  C:\Windows\System\zjRsmWY.exe
  2⤵
  PID:2464
- C:\Windows\System\bbguENq.exe
  C:\Windows\System\bbguENq.exe
  2⤵
  PID:4436
- C:\Windows\System\vCekIcP.exe
  C:\Windows\System\vCekIcP.exe
  2⤵
  PID:4704
- C:\Windows\System\xhkAIDn.exe
  C:\Windows\System\xhkAIDn.exe
  2⤵
  PID:3536
- C:\Windows\System\KxGUEzN.exe
  C:\Windows\System\KxGUEzN.exe
  2⤵
  PID:2900
- C:\Windows\System\FUhhuUT.exe
  C:\Windows\System\FUhhuUT.exe
  2⤵
  PID:4992
- C:\Windows\System\faVHUxC.exe
  C:\Windows\System\faVHUxC.exe
  2⤵
  PID:4592
- C:\Windows\System\bSxQSek.exe
  C:\Windows\System\bSxQSek.exe
  2⤵
  PID:1308
- C:\Windows\System\KFvJSsl.exe
  C:\Windows\System\KFvJSsl.exe
  2⤵
  PID:4412
- C:\Windows\System\UxBKjdn.exe
  C:\Windows\System\UxBKjdn.exe
  2⤵
  PID:2856
- C:\Windows\System\WEfuCDC.exe
  C:\Windows\System\WEfuCDC.exe
  2⤵
  PID:380
- C:\Windows\System\pWrecCu.exe
  C:\Windows\System\pWrecCu.exe
  2⤵
  PID:5132
- C:\Windows\System\JnRldxH.exe
  C:\Windows\System\JnRldxH.exe
  2⤵
  PID:5148
- C:\Windows\System\JdZKblG.exe
  C:\Windows\System\JdZKblG.exe
  2⤵
  PID:5172
- C:\Windows\System\ztRZLhO.exe
  C:\Windows\System\ztRZLhO.exe
  2⤵
  PID:5188
- C:\Windows\System\bTlrNhy.exe
  C:\Windows\System\bTlrNhy.exe
  2⤵
  PID:5212
- C:\Windows\System\SiWRUGB.exe
  C:\Windows\System\SiWRUGB.exe
  2⤵
  PID:5228
- C:\Windows\System\MILPUCG.exe
  C:\Windows\System\MILPUCG.exe
  2⤵
  PID:5252
- C:\Windows\System\LyDFEAM.exe
  C:\Windows\System\LyDFEAM.exe
  2⤵
  PID:5272
- C:\Windows\System\eOLrXAp.exe
  C:\Windows\System\eOLrXAp.exe
  2⤵
  PID:5292
- C:\Windows\System\zKwdWwN.exe
  C:\Windows\System\zKwdWwN.exe
  2⤵
  PID:5328
- C:\Windows\System\bOCjlnX.exe
  C:\Windows\System\bOCjlnX.exe
  2⤵
  PID:5348
- C:\Windows\System\YExHbpH.exe
  C:\Windows\System\YExHbpH.exe
  2⤵
  PID:5364
- C:\Windows\System\hxfTENv.exe
  C:\Windows\System\hxfTENv.exe
  2⤵
  PID:5384
- C:\Windows\System\OjJudzP.exe
  C:\Windows\System\OjJudzP.exe
  2⤵
  PID:5400
- C:\Windows\System\DNLhLFH.exe
  C:\Windows\System\DNLhLFH.exe
  2⤵
  PID:5416
- C:\Windows\System\jxdlSOK.exe
  C:\Windows\System\jxdlSOK.exe
  2⤵
  PID:5436
- C:\Windows\System\RgNbNpx.exe
  C:\Windows\System\RgNbNpx.exe
  2⤵
  PID:5460
- C:\Windows\System\PJQVrux.exe
  C:\Windows\System\PJQVrux.exe
  2⤵
  PID:5492
- C:\Windows\System\gqiAoqq.exe
  C:\Windows\System\gqiAoqq.exe
  2⤵
  PID:5512
- C:\Windows\System\LLtaYUe.exe
  C:\Windows\System\LLtaYUe.exe
  2⤵
  PID:5540
- C:\Windows\System\cRRKcIY.exe
  C:\Windows\System\cRRKcIY.exe
  2⤵
  PID:5572
- C:\Windows\System\gbXOXxR.exe
  C:\Windows\System\gbXOXxR.exe
  2⤵
  PID:5588
- C:\Windows\System\aMJYbNg.exe
  C:\Windows\System\aMJYbNg.exe
  2⤵
  PID:5616
- C:\Windows\System\GayEEul.exe
  C:\Windows\System\GayEEul.exe
  2⤵
  PID:5648
- C:\Windows\System\gtkNXmq.exe
  C:\Windows\System\gtkNXmq.exe
  2⤵
  PID:5668
- C:\Windows\System\vItjnMt.exe
  C:\Windows\System\vItjnMt.exe
  2⤵
  PID:5692
- C:\Windows\System\EocBLyl.exe
  C:\Windows\System\EocBLyl.exe
  2⤵
  PID:5712
- C:\Windows\System\vBxbSjp.exe
  C:\Windows\System\vBxbSjp.exe
  2⤵
  PID:5728
- C:\Windows\System\UNoAvNZ.exe
  C:\Windows\System\UNoAvNZ.exe
  2⤵
  PID:5752
- C:\Windows\System\yETIsRb.exe
  C:\Windows\System\yETIsRb.exe
  2⤵
  PID:5768
- C:\Windows\System\ZEhjaTw.exe
  C:\Windows\System\ZEhjaTw.exe
  2⤵
  PID:5792
- C:\Windows\System\ERPTWtT.exe
  C:\Windows\System\ERPTWtT.exe
  2⤵
  PID:5820
- C:\Windows\System\vgdhSpp.exe
  C:\Windows\System\vgdhSpp.exe
  2⤵
  PID:5840
- C:\Windows\System\eRGtvGI.exe
  C:\Windows\System\eRGtvGI.exe
  2⤵
  PID:5868
- C:\Windows\System\VIQGaQO.exe
  C:\Windows\System\VIQGaQO.exe
  2⤵
  PID:5892
- C:\Windows\System\SmHxUkf.exe
  C:\Windows\System\SmHxUkf.exe
  2⤵
  PID:5916
- C:\Windows\System\aJvvCLt.exe
  C:\Windows\System\aJvvCLt.exe
  2⤵
  PID:5936
- C:\Windows\System\uhhccWW.exe
  C:\Windows\System\uhhccWW.exe
  2⤵
  PID:5972
- C:\Windows\System\jKLggvn.exe
  C:\Windows\System\jKLggvn.exe
  2⤵
  PID:5996
- C:\Windows\System\FdPvfII.exe
  C:\Windows\System\FdPvfII.exe
  2⤵
  PID:6016
- C:\Windows\System\HhWdpGU.exe
  C:\Windows\System\HhWdpGU.exe
  2⤵
  PID:6036
- C:\Windows\System\YLUyNEL.exe
  C:\Windows\System\YLUyNEL.exe
  2⤵
  PID:6056
- C:\Windows\System\gfCUCWe.exe
  C:\Windows\System\gfCUCWe.exe
  2⤵
  PID:6080
- C:\Windows\System\VERQvgA.exe
  C:\Windows\System\VERQvgA.exe
  2⤵
  PID:6096
- C:\Windows\System\BasRVTx.exe
  C:\Windows\System\BasRVTx.exe
  2⤵
  PID:6120
- C:\Windows\System\oStPNkv.exe
  C:\Windows\System\oStPNkv.exe
  2⤵
  PID:6136
- C:\Windows\System\SUOHRAi.exe
  C:\Windows\System\SUOHRAi.exe
  2⤵
  PID:3084
- C:\Windows\System\lUJFMWr.exe
  C:\Windows\System\lUJFMWr.exe
  2⤵
  PID:1928
- C:\Windows\System\ywxluWx.exe
  C:\Windows\System\ywxluWx.exe
  2⤵
  PID:3772
- C:\Windows\System\IPdFCPZ.exe
  C:\Windows\System\IPdFCPZ.exe
  2⤵
  PID:4224
- C:\Windows\System\YIjgHgi.exe
  C:\Windows\System\YIjgHgi.exe
  2⤵
  PID:628
- C:\Windows\System\zyOlwZC.exe
  C:\Windows\System\zyOlwZC.exe
  2⤵
  PID:4496
- C:\Windows\System\Iaslwyo.exe
  C:\Windows\System\Iaslwyo.exe
  2⤵
  PID:2396
- C:\Windows\System\HvjHRaI.exe
  C:\Windows\System\HvjHRaI.exe
  2⤵
  PID:2444
- C:\Windows\System\jTORFWl.exe
  C:\Windows\System\jTORFWl.exe
  2⤵
  PID:2008
- C:\Windows\System\HsUoSlT.exe
  C:\Windows\System\HsUoSlT.exe
  2⤵
  PID:5164
- C:\Windows\System\rdexeqa.exe
  C:\Windows\System\rdexeqa.exe
  2⤵
  PID:5248
- C:\Windows\System\MXZiYCv.exe
  C:\Windows\System\MXZiYCv.exe
  2⤵
  PID:5300
- C:\Windows\System\hijUFec.exe
  C:\Windows\System\hijUFec.exe
  2⤵
  PID:5392
- C:\Windows\System\UMIFXOQ.exe
  C:\Windows\System\UMIFXOQ.exe
  2⤵
  PID:4012
- C:\Windows\System\QaSCSAk.exe
  C:\Windows\System\QaSCSAk.exe
  2⤵
  PID:5684
- C:\Windows\System\LQzsrQf.exe
  C:\Windows\System\LQzsrQf.exe
  2⤵
  PID:6164
- C:\Windows\System\vFMuVTe.exe
  C:\Windows\System\vFMuVTe.exe
  2⤵
  PID:6180
- C:\Windows\System\WdXrpnM.exe
  C:\Windows\System\WdXrpnM.exe
  2⤵
  PID:6212
- C:\Windows\System\yZMCXkQ.exe
  C:\Windows\System\yZMCXkQ.exe
  2⤵
  PID:6228
- C:\Windows\System\AooZQJs.exe
  C:\Windows\System\AooZQJs.exe
  2⤵
  PID:6268
- C:\Windows\System\xZwDLNk.exe
  C:\Windows\System\xZwDLNk.exe
  2⤵
  PID:6292
- C:\Windows\System\KWVOpac.exe
  C:\Windows\System\KWVOpac.exe
  2⤵
  PID:6312
- C:\Windows\System\DJvsYhm.exe
  C:\Windows\System\DJvsYhm.exe
  2⤵
  PID:6352
- C:\Windows\System\ZmghAkH.exe
  C:\Windows\System\ZmghAkH.exe
  2⤵
  PID:6372
- C:\Windows\System\GbTTuOe.exe
  C:\Windows\System\GbTTuOe.exe
  2⤵
  PID:6388
- C:\Windows\System\bwVBEkT.exe
  C:\Windows\System\bwVBEkT.exe
  2⤵
  PID:6412
- C:\Windows\System\NmzAGjV.exe
  C:\Windows\System\NmzAGjV.exe
  2⤵
  PID:6428
- C:\Windows\System\eRpUZpr.exe
  C:\Windows\System\eRpUZpr.exe
  2⤵
  PID:6444
- C:\Windows\System\ayIHqzb.exe
  C:\Windows\System\ayIHqzb.exe
  2⤵
  PID:6464
- C:\Windows\System\WsEyhho.exe
  C:\Windows\System\WsEyhho.exe
  2⤵
  PID:6484
- C:\Windows\System\xoCjBag.exe
  C:\Windows\System\xoCjBag.exe
  2⤵
  PID:6504
- C:\Windows\System\UsSOdRb.exe
  C:\Windows\System\UsSOdRb.exe
  2⤵
  PID:6528
- C:\Windows\System\hIeEmmg.exe
  C:\Windows\System\hIeEmmg.exe
  2⤵
  PID:6664
- C:\Windows\System\OlwNDll.exe
  C:\Windows\System\OlwNDll.exe
  2⤵
  PID:6680
- C:\Windows\System\GNgsKxD.exe
  C:\Windows\System\GNgsKxD.exe
  2⤵
  PID:6696
- C:\Windows\System\YpSXKkX.exe
  C:\Windows\System\YpSXKkX.exe
  2⤵
  PID:6712
- C:\Windows\System\JpanLxa.exe
  C:\Windows\System\JpanLxa.exe
  2⤵
  PID:6728
- C:\Windows\System\ZRGgULr.exe
  C:\Windows\System\ZRGgULr.exe
  2⤵
  PID:6744
- C:\Windows\System\dIUfLFc.exe
  C:\Windows\System\dIUfLFc.exe
  2⤵
  PID:6760
- C:\Windows\System\JHbFTbU.exe
  C:\Windows\System\JHbFTbU.exe
  2⤵
  PID:6776
- C:\Windows\System\VHVjnBm.exe
  C:\Windows\System\VHVjnBm.exe
  2⤵
  PID:6792
- C:\Windows\System\tKzVpFg.exe
  C:\Windows\System\tKzVpFg.exe
  2⤵
  PID:6808
- C:\Windows\System\nyQerGQ.exe
  C:\Windows\System\nyQerGQ.exe
  2⤵
  PID:6824
- C:\Windows\System\xtWFXpZ.exe
  C:\Windows\System\xtWFXpZ.exe
  2⤵
  PID:6840
- C:\Windows\System\FnkbXSt.exe
  C:\Windows\System\FnkbXSt.exe
  2⤵
  PID:6856
- C:\Windows\System\vakehkj.exe
  C:\Windows\System\vakehkj.exe
  2⤵
  PID:6872
- C:\Windows\System\knjbuWx.exe
  C:\Windows\System\knjbuWx.exe
  2⤵
  PID:6888
- C:\Windows\System\HtfotIR.exe
  C:\Windows\System\HtfotIR.exe
  2⤵
  PID:6908
- C:\Windows\System\UMdaUpU.exe
  C:\Windows\System\UMdaUpU.exe
  2⤵
  PID:6932
- C:\Windows\System\gCInXln.exe
  C:\Windows\System\gCInXln.exe
  2⤵
  PID:6948
- C:\Windows\System\SWaWwvU.exe
  C:\Windows\System\SWaWwvU.exe
  2⤵
  PID:6968
- C:\Windows\System\vtUaghQ.exe
  C:\Windows\System\vtUaghQ.exe
  2⤵
  PID:1996
- C:\Windows\System\ZjbJqEA.exe
  C:\Windows\System\ZjbJqEA.exe
  2⤵
  PID:2560
- C:\Windows\System\uwZJYfU.exe
  C:\Windows\System\uwZJYfU.exe
  2⤵
  PID:2644
- C:\Windows\System\yvpuWwP.exe
  C:\Windows\System\yvpuWwP.exe
  2⤵
  PID:2424
- C:\Windows\System\CKEkzlU.exe
  C:\Windows\System\CKEkzlU.exe
  2⤵
  PID:5468
- C:\Windows\System\QyyFVFy.exe
  C:\Windows\System\QyyFVFy.exe
  2⤵
  PID:3360
- C:\Windows\System\MVPwPAT.exe
  C:\Windows\System\MVPwPAT.exe
  2⤵
  PID:5004
- C:\Windows\System\AtUdZGy.exe
  C:\Windows\System\AtUdZGy.exe
  2⤵
  PID:5744
- C:\Windows\System\qNpgKhr.exe
  C:\Windows\System\qNpgKhr.exe
  2⤵
  PID:5476
- C:\Windows\System\JXizYDk.exe
  C:\Windows\System\JXizYDk.exe
  2⤵
  PID:5428
- C:\Windows\System\mjwtZoy.exe
  C:\Windows\System\mjwtZoy.exe
  2⤵
  PID:5344
- C:\Windows\System\CXuhYKa.exe
  C:\Windows\System\CXuhYKa.exe
  2⤵
  PID:5316
- C:\Windows\System\pGNARfY.exe
  C:\Windows\System\pGNARfY.exe
  2⤵
  PID:2892
- C:\Windows\System\UjtIBVc.exe
  C:\Windows\System\UjtIBVc.exe
  2⤵
  PID:3112
- C:\Windows\System\JEZjaCw.exe
  C:\Windows\System\JEZjaCw.exe
  2⤵
  PID:5552
- C:\Windows\System\KkfgAPz.exe
  C:\Windows\System\KkfgAPz.exe
  2⤵
  PID:5660
- C:\Windows\System\zJRvMsX.exe
  C:\Windows\System\zJRvMsX.exe
  2⤵
  PID:5724
- C:\Windows\System\MhWMDzD.exe
  C:\Windows\System\MhWMDzD.exe
  2⤵
  PID:5828
- C:\Windows\System\PxYyiOO.exe
  C:\Windows\System\PxYyiOO.exe
  2⤵
  PID:5884
- C:\Windows\System\dBzdogW.exe
  C:\Windows\System\dBzdogW.exe
  2⤵
  PID:5992
- C:\Windows\System\BchFPFS.exe
  C:\Windows\System\BchFPFS.exe
  2⤵
  PID:6088
- C:\Windows\System\rDqVVlb.exe
  C:\Windows\System\rDqVVlb.exe
  2⤵
  PID:2268
- C:\Windows\System\vOjWbyG.exe
  C:\Windows\System\vOjWbyG.exe
  2⤵
  PID:5184
- C:\Windows\System\iXQOVof.exe
  C:\Windows\System\iXQOVof.exe
  2⤵
  PID:6248
- C:\Windows\System\CEiSejh.exe
  C:\Windows\System\CEiSejh.exe
  2⤵
  PID:2980
- C:\Windows\System\zRISzPn.exe
  C:\Windows\System\zRISzPn.exe
  2⤵
  PID:4836
- C:\Windows\System\wjqyiGy.exe
  C:\Windows\System\wjqyiGy.exe
  2⤵
  PID:6172
- C:\Windows\System\WTkJAIU.exe
  C:\Windows\System\WTkJAIU.exe
  2⤵
  PID:6284
- C:\Windows\System\ekORAvl.exe
  C:\Windows\System\ekORAvl.exe
  2⤵
  PID:6420
- C:\Windows\System\TpoUUuU.exe
  C:\Windows\System\TpoUUuU.exe
  2⤵
  PID:6512
- C:\Windows\System\LWRCTkA.exe
  C:\Windows\System\LWRCTkA.exe
  2⤵
  PID:1984
- C:\Windows\System\NqZBiOb.exe
  C:\Windows\System\NqZBiOb.exe
  2⤵
  PID:6224
- C:\Windows\System\XKlHMSc.exe
  C:\Windows\System\XKlHMSc.exe
  2⤵
  PID:6380
- C:\Windows\System\oLuHzWn.exe
  C:\Windows\System\oLuHzWn.exe
  2⤵
  PID:6472
- C:\Windows\System\DdlaLmc.exe
  C:\Windows\System\DdlaLmc.exe
  2⤵
  PID:7172
- C:\Windows\System\frdetiV.exe
  C:\Windows\System\frdetiV.exe
  2⤵
  PID:7188
- C:\Windows\System\bZlcYmH.exe
  C:\Windows\System\bZlcYmH.exe
  2⤵
  PID:7212
- C:\Windows\System\MtoUSMp.exe
  C:\Windows\System\MtoUSMp.exe
  2⤵
  PID:7236
- C:\Windows\System\zGthnmN.exe
  C:\Windows\System\zGthnmN.exe
  2⤵
  PID:7252
- C:\Windows\System\TjOLMRG.exe
  C:\Windows\System\TjOLMRG.exe
  2⤵
  PID:7276
- C:\Windows\System\JHEYubw.exe
  C:\Windows\System\JHEYubw.exe
  2⤵
  PID:7308
- C:\Windows\System\UKBNmGZ.exe
  C:\Windows\System\UKBNmGZ.exe
  2⤵
  PID:7328
- C:\Windows\System\OuPcjIO.exe
  C:\Windows\System\OuPcjIO.exe
  2⤵
  PID:7344
- C:\Windows\System\JnrjnEY.exe
  C:\Windows\System\JnrjnEY.exe
  2⤵
  PID:7360
- C:\Windows\System\bDmRFYB.exe
  C:\Windows\System\bDmRFYB.exe
  2⤵
  PID:7380
- C:\Windows\System\TqRPXps.exe
  C:\Windows\System\TqRPXps.exe
  2⤵
  PID:7396
- C:\Windows\System\mxFOSeD.exe
  C:\Windows\System\mxFOSeD.exe
  2⤵
  PID:7452
- C:\Windows\System\OxxRwuZ.exe
  C:\Windows\System\OxxRwuZ.exe
  2⤵
  PID:7480
- C:\Windows\System\FssFTws.exe
  C:\Windows\System\FssFTws.exe
  2⤵
  PID:7504
- C:\Windows\System\EJAYzFx.exe
  C:\Windows\System\EJAYzFx.exe
  2⤵
  PID:7520
- C:\Windows\System\iyNkkNB.exe
  C:\Windows\System\iyNkkNB.exe
  2⤵
  PID:7544
- C:\Windows\System\eGfmcAv.exe
  C:\Windows\System\eGfmcAv.exe
  2⤵
  PID:7560
- C:\Windows\System\EJKyghY.exe
  C:\Windows\System\EJKyghY.exe
  2⤵
  PID:7588
- C:\Windows\System\rhDcWns.exe
  C:\Windows\System\rhDcWns.exe
  2⤵
  PID:7604
- C:\Windows\System\bWUfIdT.exe
  C:\Windows\System\bWUfIdT.exe
  2⤵
  PID:7624
- C:\Windows\System\ckfpfab.exe
  C:\Windows\System\ckfpfab.exe
  2⤵
  PID:7648
- C:\Windows\System\mqPLmSk.exe
  C:\Windows\System\mqPLmSk.exe
  2⤵
  PID:7668
- C:\Windows\System\kbTkMdL.exe
  C:\Windows\System\kbTkMdL.exe
  2⤵
  PID:7688
- C:\Windows\System\qwFkUNK.exe
  C:\Windows\System\qwFkUNK.exe
  2⤵
  PID:7708
- C:\Windows\System\nqMOrZV.exe
  C:\Windows\System\nqMOrZV.exe
  2⤵
  PID:7732
- C:\Windows\System\txtuycE.exe
  C:\Windows\System\txtuycE.exe
  2⤵
  PID:7752
- C:\Windows\System\fLJSZBw.exe
  C:\Windows\System\fLJSZBw.exe
  2⤵
  PID:7772
- C:\Windows\System\VnysGUl.exe
  C:\Windows\System\VnysGUl.exe
  2⤵
  PID:7792
- C:\Windows\System\MqWurAL.exe
  C:\Windows\System\MqWurAL.exe
  2⤵
  PID:7816
- C:\Windows\System\owDAYVw.exe
  C:\Windows\System\owDAYVw.exe
  2⤵
  PID:7836
- C:\Windows\System\bogavhn.exe
  C:\Windows\System\bogavhn.exe
  2⤵
  PID:7856
- C:\Windows\System\lwWUUBb.exe
  C:\Windows\System\lwWUUBb.exe
  2⤵
  PID:7884
- C:\Windows\System\yYkvBus.exe
  C:\Windows\System\yYkvBus.exe
  2⤵
  PID:7904
- C:\Windows\System\geHyJhK.exe
  C:\Windows\System\geHyJhK.exe
  2⤵
  PID:7924
- C:\Windows\System\EeaOkCB.exe
  C:\Windows\System\EeaOkCB.exe
  2⤵
  PID:7948
- C:\Windows\System\yJdFxBU.exe
  C:\Windows\System\yJdFxBU.exe
  2⤵
  PID:7964
- C:\Windows\System\akBfGqO.exe
  C:\Windows\System\akBfGqO.exe
  2⤵
  PID:7988
- C:\Windows\System\lnkyQoa.exe
  C:\Windows\System\lnkyQoa.exe
  2⤵
  PID:8016
- C:\Windows\System\bgZMPwc.exe
  C:\Windows\System\bgZMPwc.exe
  2⤵
  PID:8036
- C:\Windows\System\JLKEXjk.exe
  C:\Windows\System\JLKEXjk.exe
  2⤵
  PID:8056
- C:\Windows\System\cjBySrK.exe
  C:\Windows\System\cjBySrK.exe
  2⤵
  PID:8076
- C:\Windows\System\woZExhi.exe
  C:\Windows\System\woZExhi.exe
  2⤵
  PID:8100
- C:\Windows\System\vCJyfxC.exe
  C:\Windows\System\vCJyfxC.exe
  2⤵
  PID:8120
- C:\Windows\System\EgrtmYs.exe
  C:\Windows\System\EgrtmYs.exe
  2⤵
  PID:8144
- C:\Windows\System\tCEeuDq.exe
  C:\Windows\System\tCEeuDq.exe
  2⤵
  PID:8168
- C:\Windows\System\imjKEnb.exe
  C:\Windows\System\imjKEnb.exe
  2⤵
  PID:8188
- C:\Windows\System\qssXaai.exe
  C:\Windows\System\qssXaai.exe
  2⤵
  PID:4960
- C:\Windows\System\IPFusiS.exe
  C:\Windows\System\IPFusiS.exe
  2⤵
  PID:5140
- C:\Windows\System\GIARawj.exe
  C:\Windows\System\GIARawj.exe
  2⤵
  PID:6052
- C:\Windows\System\dCluJdA.exe
  C:\Windows\System\dCluJdA.exe
  2⤵
  PID:3080
- C:\Windows\System\gDeKqmM.exe
  C:\Windows\System\gDeKqmM.exe
  2⤵
  PID:5408
- C:\Windows\System\cLXgpuU.exe
  C:\Windows\System\cLXgpuU.exe
  2⤵
  PID:4588
- C:\Windows\System\AOxlrqd.exe
  C:\Windows\System\AOxlrqd.exe
  2⤵
  PID:4032
- C:\Windows\System\vhtmiqC.exe
  C:\Windows\System\vhtmiqC.exe
  2⤵
  PID:6476
- C:\Windows\System\XehaGET.exe
  C:\Windows\System\XehaGET.exe
  2⤵
  PID:7196
- C:\Windows\System\OUzpKjW.exe
  C:\Windows\System\OUzpKjW.exe
  2⤵
  PID:7268
- C:\Windows\System\cbPpUGj.exe
  C:\Windows\System\cbPpUGj.exe
  2⤵
  PID:8212
- C:\Windows\System\AuMVVGw.exe
  C:\Windows\System\AuMVVGw.exe
  2⤵
  PID:8228
- C:\Windows\System\agtiSqh.exe
  C:\Windows\System\agtiSqh.exe
  2⤵
  PID:8248
- C:\Windows\System\LjXtLXw.exe
  C:\Windows\System\LjXtLXw.exe
  2⤵
  PID:8276
- C:\Windows\System\GFBHkjk.exe
  C:\Windows\System\GFBHkjk.exe
  2⤵
  PID:8296
- C:\Windows\System\aPiVviU.exe
  C:\Windows\System\aPiVviU.exe
  2⤵
  PID:8316
- C:\Windows\System\dyzVINv.exe
  C:\Windows\System\dyzVINv.exe
  2⤵
  PID:8344
- C:\Windows\System\rJYUJqJ.exe
  C:\Windows\System\rJYUJqJ.exe
  2⤵
  PID:8360
- C:\Windows\System\vkRFVFU.exe
  C:\Windows\System\vkRFVFU.exe
  2⤵
  PID:8384
- C:\Windows\System\WZudhDI.exe
  C:\Windows\System\WZudhDI.exe
  2⤵
  PID:8408
- C:\Windows\System\TCveQfb.exe
  C:\Windows\System\TCveQfb.exe
  2⤵
  PID:8424
- C:\Windows\System\ALVWAiG.exe
  C:\Windows\System\ALVWAiG.exe
  2⤵
  PID:8440
- C:\Windows\System\OqBdDXA.exe
  C:\Windows\System\OqBdDXA.exe
  2⤵
  PID:8556
- C:\Windows\System\MdzcyfF.exe
  C:\Windows\System\MdzcyfF.exe
  2⤵
  PID:8576
- C:\Windows\System\jRJuzpr.exe
  C:\Windows\System\jRJuzpr.exe
  2⤵
  PID:8592
- C:\Windows\System\UCpNSLJ.exe
  C:\Windows\System\UCpNSLJ.exe
  2⤵
  PID:8612
- C:\Windows\System\ctYokIA.exe
  C:\Windows\System\ctYokIA.exe
  2⤵
  PID:8628
- C:\Windows\System\RoFemCY.exe
  C:\Windows\System\RoFemCY.exe
  2⤵
  PID:8644
- C:\Windows\System\yhFYiZf.exe
  C:\Windows\System\yhFYiZf.exe
  2⤵
  PID:8664
- C:\Windows\System\FFXHjcV.exe
  C:\Windows\System\FFXHjcV.exe
  2⤵
  PID:8704
- C:\Windows\System\HauIueo.exe
  C:\Windows\System\HauIueo.exe
  2⤵
  PID:8724
- C:\Windows\System\uLoxShY.exe
  C:\Windows\System\uLoxShY.exe
  2⤵
  PID:8744
- C:\Windows\System\NLWQuPQ.exe
  C:\Windows\System\NLWQuPQ.exe
  2⤵
  PID:8764
- C:\Windows\System\BIUrBLw.exe
  C:\Windows\System\BIUrBLw.exe
  2⤵
  PID:8784
- C:\Windows\System\TpAcrEt.exe
  C:\Windows\System\TpAcrEt.exe
  2⤵
  PID:8812
- C:\Windows\System\JQgyICW.exe
  C:\Windows\System\JQgyICW.exe
  2⤵
  PID:8832
- C:\Windows\System\iCWVrfF.exe
  C:\Windows\System\iCWVrfF.exe
  2⤵
  PID:8852
- C:\Windows\System\hNbxJUZ.exe
  C:\Windows\System\hNbxJUZ.exe
  2⤵
  PID:8872
- C:\Windows\System\DFdwgCI.exe
  C:\Windows\System\DFdwgCI.exe
  2⤵
  PID:8892
- C:\Windows\System\kzKVLSS.exe
  C:\Windows\System\kzKVLSS.exe
  2⤵
  PID:8920
- C:\Windows\System\VttIVId.exe
  C:\Windows\System\VttIVId.exe
  2⤵
  PID:8940
- C:\Windows\System\LAOgoNP.exe
  C:\Windows\System\LAOgoNP.exe
  2⤵
  PID:8960
- C:\Windows\System\HHWmWlv.exe
  C:\Windows\System\HHWmWlv.exe
  2⤵
  PID:8976
- C:\Windows\System\aaTwvOM.exe
  C:\Windows\System\aaTwvOM.exe
  2⤵
  PID:9000
- C:\Windows\System\LjHOHiP.exe
  C:\Windows\System\LjHOHiP.exe
  2⤵
  PID:9024
- C:\Windows\System\aHhxrzO.exe
  C:\Windows\System\aHhxrzO.exe
  2⤵
  PID:9040
- C:\Windows\System\gLyNyVo.exe
  C:\Windows\System\gLyNyVo.exe
  2⤵
  PID:9064
- C:\Windows\System\BrDqtbP.exe
  C:\Windows\System\BrDqtbP.exe
  2⤵
  PID:9080
- C:\Windows\System\uKNhnYU.exe
  C:\Windows\System\uKNhnYU.exe
  2⤵
  PID:9100
- C:\Windows\System\VlqVxfu.exe
  C:\Windows\System\VlqVxfu.exe
  2⤵
  PID:9124
- C:\Windows\System\iRcoViY.exe
  C:\Windows\System\iRcoViY.exe
  2⤵
  PID:9140
- C:\Windows\System\JTJrPEJ.exe
  C:\Windows\System\JTJrPEJ.exe
  2⤵
  PID:9168
- C:\Windows\System\BJDoSgK.exe
  C:\Windows\System\BJDoSgK.exe
  2⤵
  PID:9192
- C:\Windows\System\EssWpHZ.exe
  C:\Windows\System\EssWpHZ.exe
  2⤵
  PID:7340
- C:\Windows\System\fHSIayC.exe
  C:\Windows\System\fHSIayC.exe
  2⤵
  PID:6672
- C:\Windows\System\MsIcpdQ.exe
  C:\Windows\System\MsIcpdQ.exe
  2⤵
  PID:6704
- C:\Windows\System\gcOJmxR.exe
  C:\Windows\System\gcOJmxR.exe
  2⤵
  PID:6740
- C:\Windows\System\XKseamA.exe
  C:\Windows\System\XKseamA.exe
  2⤵
  PID:6784
- C:\Windows\System\CTZTxSS.exe
  C:\Windows\System\CTZTxSS.exe
  2⤵
  PID:6816
- C:\Windows\System\VvrLuKh.exe
  C:\Windows\System\VvrLuKh.exe
  2⤵
  PID:6852
- C:\Windows\System\lwqIndb.exe
  C:\Windows\System\lwqIndb.exe
  2⤵
  PID:6900
- C:\Windows\System\cspdZLT.exe
  C:\Windows\System\cspdZLT.exe
  2⤵
  PID:6944
- C:\Windows\System\pmIPoPS.exe
  C:\Windows\System\pmIPoPS.exe
  2⤵
  PID:5520
- C:\Windows\System\lHttinL.exe
  C:\Windows\System\lHttinL.exe
  2⤵
  PID:5748
- C:\Windows\System\OJawWZO.exe
  C:\Windows\System\OJawWZO.exe
  2⤵
  PID:8072
- C:\Windows\System\ohhYCZE.exe
  C:\Windows\System\ohhYCZE.exe
  2⤵
  PID:6008
- C:\Windows\System\jahrOFi.exe
  C:\Windows\System\jahrOFi.exe
  2⤵
  PID:728
- C:\Windows\System\zrBFsUk.exe
  C:\Windows\System\zrBFsUk.exe
  2⤵
  PID:7244
- C:\Windows\System\FObLilJ.exe
  C:\Windows\System\FObLilJ.exe
  2⤵
  PID:7296
- C:\Windows\System\oMwDpPB.exe
  C:\Windows\System\oMwDpPB.exe
  2⤵
  PID:9232
- C:\Windows\System\lEVaabE.exe
  C:\Windows\System\lEVaabE.exe
  2⤵
  PID:9252
- C:\Windows\System\JZUTYGS.exe
  C:\Windows\System\JZUTYGS.exe
  2⤵
  PID:9276
- C:\Windows\System\yNgFlZc.exe
  C:\Windows\System\yNgFlZc.exe
  2⤵
  PID:9292
- C:\Windows\System\ivTmZKT.exe
  C:\Windows\System\ivTmZKT.exe
  2⤵
  PID:9316
- C:\Windows\System\aDUSyFp.exe
  C:\Windows\System\aDUSyFp.exe
  2⤵
  PID:9340
- C:\Windows\System\LuKXDZR.exe
  C:\Windows\System\LuKXDZR.exe
  2⤵
  PID:9360
- C:\Windows\System\tfHklFe.exe
  C:\Windows\System\tfHklFe.exe
  2⤵
  PID:9380
- C:\Windows\System\UbLUhQX.exe
  C:\Windows\System\UbLUhQX.exe
  2⤵
  PID:9404
- C:\Windows\System\dlInDwJ.exe
  C:\Windows\System\dlInDwJ.exe
  2⤵
  PID:9420
- C:\Windows\System\lLFfTSi.exe
  C:\Windows\System\lLFfTSi.exe
  2⤵
  PID:9444
- C:\Windows\System\fkPqVBb.exe
  C:\Windows\System\fkPqVBb.exe
  2⤵
  PID:9476
- C:\Windows\System\YMeVDuz.exe
  C:\Windows\System\YMeVDuz.exe
  2⤵
  PID:9500
- C:\Windows\System\vRxsqGx.exe
  C:\Windows\System\vRxsqGx.exe
  2⤵
  PID:9528
- C:\Windows\System\knNNVMS.exe
  C:\Windows\System\knNNVMS.exe
  2⤵
  PID:9612
- C:\Windows\System\WjnMRsE.exe
  C:\Windows\System\WjnMRsE.exe
  2⤵
  PID:9636
- C:\Windows\System\cMHkvom.exe
  C:\Windows\System\cMHkvom.exe
  2⤵
  PID:9652
- C:\Windows\System\YLzFtks.exe
  C:\Windows\System\YLzFtks.exe
  2⤵
  PID:9676
- C:\Windows\System\vyvdAdV.exe
  C:\Windows\System\vyvdAdV.exe
  2⤵
  PID:9700
- C:\Windows\System\tZYhUwq.exe
  C:\Windows\System\tZYhUwq.exe
  2⤵
  PID:9720
- C:\Windows\System\VXuMAGR.exe
  C:\Windows\System\VXuMAGR.exe
  2⤵
  PID:9740
- C:\Windows\System\YCXmGRT.exe
  C:\Windows\System\YCXmGRT.exe
  2⤵
  PID:9760
- C:\Windows\System\KyDumrT.exe
  C:\Windows\System\KyDumrT.exe
  2⤵
  PID:9780
- C:\Windows\System\MXDMrvR.exe
  C:\Windows\System\MXDMrvR.exe
  2⤵
  PID:9804
- C:\Windows\System\xMqETgW.exe
  C:\Windows\System\xMqETgW.exe
  2⤵
  PID:9824
- C:\Windows\System\DsaCcdp.exe
  C:\Windows\System\DsaCcdp.exe
  2⤵
  PID:9844
- C:\Windows\System\LBxcfMj.exe
  C:\Windows\System\LBxcfMj.exe
  2⤵
  PID:9868
- C:\Windows\System\lmfTCic.exe
  C:\Windows\System\lmfTCic.exe
  2⤵
  PID:9884
- C:\Windows\System\WbmIREY.exe
  C:\Windows\System\WbmIREY.exe
  2⤵
  PID:9908
- C:\Windows\System\AqaQMDP.exe
  C:\Windows\System\AqaQMDP.exe
  2⤵
  PID:9924
- C:\Windows\System\kxFNhCY.exe
  C:\Windows\System\kxFNhCY.exe
  2⤵
  PID:9952
- C:\Windows\System\tDuaVIA.exe
  C:\Windows\System\tDuaVIA.exe
  2⤵
  PID:9968
- C:\Windows\System\McrkFDS.exe
  C:\Windows\System\McrkFDS.exe
  2⤵
  PID:9984
- C:\Windows\System\cLDdpVN.exe
  C:\Windows\System\cLDdpVN.exe
  2⤵
  PID:10000
- C:\Windows\System\fzmkjHU.exe
  C:\Windows\System\fzmkjHU.exe
  2⤵
  PID:10020
- C:\Windows\System\JRyOyLx.exe
  C:\Windows\System\JRyOyLx.exe
  2⤵
  PID:10036
- C:\Windows\System\SFuXPoc.exe
  C:\Windows\System\SFuXPoc.exe
  2⤵
  PID:10064
- C:\Windows\System\jtdDbvh.exe
  C:\Windows\System\jtdDbvh.exe
  2⤵
  PID:10084
- C:\Windows\System\wYUDMZF.exe
  C:\Windows\System\wYUDMZF.exe
  2⤵
  PID:10108
- C:\Windows\System\CiKvoxh.exe
  C:\Windows\System\CiKvoxh.exe
  2⤵
  PID:10132
- C:\Windows\System\yjFDWRH.exe
  C:\Windows\System\yjFDWRH.exe
  2⤵
  PID:10160
- C:\Windows\System\TaFfRGi.exe
  C:\Windows\System\TaFfRGi.exe
  2⤵
  PID:10180
- C:\Windows\System\aBkFBrR.exe
  C:\Windows\System\aBkFBrR.exe
  2⤵
  PID:10200
- C:\Windows\System\sCpvooR.exe
  C:\Windows\System\sCpvooR.exe
  2⤵
  PID:10228
- C:\Windows\System\QIOlxIS.exe
  C:\Windows\System\QIOlxIS.exe
  2⤵
  PID:5856
- C:\Windows\System\eGBdcUH.exe
  C:\Windows\System\eGBdcUH.exe
  2⤵
  PID:5064
- C:\Windows\System\bFOKumS.exe
  C:\Windows\System\bFOKumS.exe
  2⤵
  PID:5336
- C:\Windows\System\OIxDJHj.exe
  C:\Windows\System\OIxDJHj.exe
  2⤵
  PID:4652
- C:\Windows\System\bnAUDUw.exe
  C:\Windows\System\bnAUDUw.exe
  2⤵
  PID:5708
- C:\Windows\System\OJJbzJU.exe
  C:\Windows\System\OJJbzJU.exe
  2⤵
  PID:5860
- C:\Windows\System\fBhgnDe.exe
  C:\Windows\System\fBhgnDe.exe
  2⤵
  PID:6132
- C:\Windows\System\nErzxmv.exe
  C:\Windows\System\nErzxmv.exe
  2⤵
  PID:4856
- C:\Windows\System\uOIDUkp.exe
  C:\Windows\System\uOIDUkp.exe
  2⤵
  PID:1424
- C:\Windows\System\QOGBneM.exe
  C:\Windows\System\QOGBneM.exe
  2⤵
  PID:6196
- C:\Windows\System\EYVUyYu.exe
  C:\Windows\System\EYVUyYu.exe
  2⤵
  PID:6424
- C:\Windows\System\suIjtMC.exe
  C:\Windows\System\suIjtMC.exe
  2⤵
  PID:7024
- C:\Windows\System\kTVBWDp.exe
  C:\Windows\System\kTVBWDp.exe
  2⤵
  PID:6496
- C:\Windows\System\gHgeyan.exe
  C:\Windows\System\gHgeyan.exe
  2⤵
  PID:7208
- C:\Windows\System\NbQWSRi.exe
  C:\Windows\System\NbQWSRi.exe
  2⤵
  PID:7076
- C:\Windows\System\trSIuXS.exe
  C:\Windows\System\trSIuXS.exe
  2⤵
  PID:7368
- C:\Windows\System\aCdstQa.exe
  C:\Windows\System\aCdstQa.exe
  2⤵
  PID:7408
- C:\Windows\System\EzAkMsR.exe
  C:\Windows\System\EzAkMsR.exe
  2⤵
  PID:8904
- C:\Windows\System\fEQjiKx.exe
  C:\Windows\System\fEQjiKx.exe
  2⤵
  PID:8984
- C:\Windows\System\iVyVMFM.exe
  C:\Windows\System\iVyVMFM.exe
  2⤵
  PID:10256
- C:\Windows\System\BZDeYVa.exe
  C:\Windows\System\BZDeYVa.exe
  2⤵
  PID:10276
- C:\Windows\System\zmYTRUU.exe
  C:\Windows\System\zmYTRUU.exe
  2⤵
  PID:10296
- C:\Windows\System\sJAgoQR.exe
  C:\Windows\System\sJAgoQR.exe
  2⤵
  PID:10320
- C:\Windows\System\WhHygOf.exe
  C:\Windows\System\WhHygOf.exe
  2⤵
  PID:10340
- C:\Windows\System\EnTWZOF.exe
  C:\Windows\System\EnTWZOF.exe
  2⤵
  PID:10368
- C:\Windows\System\kCxjqOa.exe
  C:\Windows\System\kCxjqOa.exe
  2⤵
  PID:10384
- C:\Windows\System\hvGAAnX.exe
  C:\Windows\System\hvGAAnX.exe
  2⤵
  PID:10408
- C:\Windows\System\RSvDPdx.exe
  C:\Windows\System\RSvDPdx.exe
  2⤵
  PID:10428
- C:\Windows\System\Nrgklqt.exe
  C:\Windows\System\Nrgklqt.exe
  2⤵
  PID:10448
- C:\Windows\System\mWDGecT.exe
  C:\Windows\System\mWDGecT.exe
  2⤵
  PID:10472
- C:\Windows\System\NMlXmcE.exe
  C:\Windows\System\NMlXmcE.exe
  2⤵
  PID:10492
- C:\Windows\System\oGKmhIu.exe
  C:\Windows\System\oGKmhIu.exe
  2⤵
  PID:10512
- C:\Windows\System\AfnYSFq.exe
  C:\Windows\System\AfnYSFq.exe
  2⤵
  PID:10532
- C:\Windows\System\UlvcWka.exe
  C:\Windows\System\UlvcWka.exe
  2⤵
  PID:10556
- C:\Windows\System\IaAoakd.exe
  C:\Windows\System\IaAoakd.exe
  2⤵
  PID:10580
- C:\Windows\System\FgLQjas.exe
  C:\Windows\System\FgLQjas.exe
  2⤵
  PID:10600
- C:\Windows\System\xVpnIfN.exe
  C:\Windows\System\xVpnIfN.exe
  2⤵
  PID:10628
- C:\Windows\System\sBMkYtc.exe
  C:\Windows\System\sBMkYtc.exe
  2⤵
  PID:10644
- C:\Windows\System\KTxTPYv.exe
  C:\Windows\System\KTxTPYv.exe
  2⤵
  PID:10668
- C:\Windows\System\xbvTtPf.exe
  C:\Windows\System\xbvTtPf.exe
  2⤵
  PID:10688
- C:\Windows\System\XqemXkv.exe
  C:\Windows\System\XqemXkv.exe
  2⤵
  PID:10704
- C:\Windows\System\snzcfVx.exe
  C:\Windows\System\snzcfVx.exe
  2⤵
  PID:10728
- C:\Windows\System\UVUdKAA.exe
  C:\Windows\System\UVUdKAA.exe
  2⤵
  PID:10752
- C:\Windows\System\jseaeGe.exe
  C:\Windows\System\jseaeGe.exe
  2⤵
  PID:10772
- C:\Windows\System\VjCuplC.exe
  C:\Windows\System\VjCuplC.exe
  2⤵
  PID:10788
- C:\Windows\System\FYNzmpX.exe
  C:\Windows\System\FYNzmpX.exe
  2⤵
  PID:10804
- C:\Windows\System\BYzhHli.exe
  C:\Windows\System\BYzhHli.exe
  2⤵
  PID:10824
- C:\Windows\System\GsbYegZ.exe
  C:\Windows\System\GsbYegZ.exe
  2⤵
  PID:10840
- C:\Windows\System\pJGIZxK.exe
  C:\Windows\System\pJGIZxK.exe
  2⤵
  PID:10860
- C:\Windows\System\pMhgDOX.exe
  C:\Windows\System\pMhgDOX.exe
  2⤵
  PID:10884
- C:\Windows\System\JkSyVDH.exe
  C:\Windows\System\JkSyVDH.exe
  2⤵
  PID:10904
- C:\Windows\System\MsbwiHj.exe
  C:\Windows\System\MsbwiHj.exe
  2⤵
  PID:10932
- C:\Windows\System\fTksrxO.exe
  C:\Windows\System\fTksrxO.exe
  2⤵
  PID:10952
- C:\Windows\System\gOoQpMM.exe
  C:\Windows\System\gOoQpMM.exe
  2⤵
  PID:10972
- C:\Windows\System\pnHMABY.exe
  C:\Windows\System\pnHMABY.exe
  2⤵
  PID:10996
- C:\Windows\System\WaKTbxy.exe
  C:\Windows\System\WaKTbxy.exe
  2⤵
  PID:11020
- C:\Windows\System\HphpLob.exe
  C:\Windows\System\HphpLob.exe
  2⤵
  PID:11044
- C:\Windows\System\naZpzrZ.exe
  C:\Windows\System\naZpzrZ.exe
  2⤵
  PID:11104
- C:\Windows\System\JUESWDz.exe
  C:\Windows\System\JUESWDz.exe
  2⤵
  PID:11120
- C:\Windows\System\yImJLCa.exe
  C:\Windows\System\yImJLCa.exe
  2⤵
  PID:11140
- C:\Windows\System\bfKBDLm.exe
  C:\Windows\System\bfKBDLm.exe
  2⤵
  PID:11156
- C:\Windows\System\jKynIKJ.exe
  C:\Windows\System\jKynIKJ.exe
  2⤵
  PID:11192
- C:\Windows\System\wneEfQC.exe
  C:\Windows\System\wneEfQC.exe
  2⤵
  PID:11248
- C:\Windows\System\kMwElSc.exe
  C:\Windows\System\kMwElSc.exe
  2⤵
  PID:9096
- C:\Windows\System\gxVIplg.exe
  C:\Windows\System\gxVIplg.exe
  2⤵
  PID:9160
- C:\Windows\System\XuYodjS.exe
  C:\Windows\System\XuYodjS.exe
  2⤵
  PID:6724
- C:\Windows\System\wtKQFRU.exe
  C:\Windows\System\wtKQFRU.exe
  2⤵
  PID:6772
- C:\Windows\System\nbRCaVb.exe
  C:\Windows\System\nbRCaVb.exe
  2⤵
  PID:5180
- C:\Windows\System\qtOHfZf.exe
  C:\Windows\System\qtOHfZf.exe
  2⤵
  PID:7092
- C:\Windows\System\qgLiMAv.exe
  C:\Windows\System\qgLiMAv.exe
  2⤵
  PID:9220
- C:\Windows\System\DSLEcIu.exe
  C:\Windows\System\DSLEcIu.exe
  2⤵
  PID:9348
- C:\Windows\System\YLbBwCO.exe
  C:\Windows\System\YLbBwCO.exe
  2⤵
  PID:8400
- C:\Windows\System\YPYOfjX.exe
  C:\Windows\System\YPYOfjX.exe
  2⤵
  PID:7460
- C:\Windows\System\eZcvrkl.exe
  C:\Windows\System\eZcvrkl.exe
  2⤵
  PID:7488
- C:\Windows\System\VySMrlr.exe
  C:\Windows\System\VySMrlr.exe
  2⤵
  PID:7528
- C:\Windows\System\CLfHyox.exe
  C:\Windows\System\CLfHyox.exe
  2⤵
  PID:7596
- C:\Windows\System\UltNsOr.exe
  C:\Windows\System\UltNsOr.exe
  2⤵
  PID:7620
- C:\Windows\System\JqCocJZ.exe
  C:\Windows\System\JqCocJZ.exe
  2⤵
  PID:7660
- C:\Windows\System\QjBSolY.exe
  C:\Windows\System\QjBSolY.exe
  2⤵
  PID:7684
- C:\Windows\System\lTmbmVs.exe
  C:\Windows\System\lTmbmVs.exe
  2⤵
  PID:7728
- C:\Windows\System\yQnYfja.exe
  C:\Windows\System\yQnYfja.exe
  2⤵
  PID:7768
- C:\Windows\System\mkbjUJc.exe
  C:\Windows\System\mkbjUJc.exe
  2⤵
  PID:7808
- C:\Windows\System\qIqIRQr.exe
  C:\Windows\System\qIqIRQr.exe
  2⤵
  PID:7900
- C:\Windows\System\rcdsoiL.exe
  C:\Windows\System\rcdsoiL.exe
  2⤵
  PID:7984
- C:\Windows\System\hZyeROF.exe
  C:\Windows\System\hZyeROF.exe
  2⤵
  PID:8152
- C:\Windows\System\TnuFnhl.exe
  C:\Windows\System\TnuFnhl.exe
  2⤵
  PID:9756
- C:\Windows\System\Ctmqurn.exe
  C:\Windows\System\Ctmqurn.exe
  2⤵
  PID:9840
- C:\Windows\System\lfZDjyO.exe
  C:\Windows\System\lfZDjyO.exe
  2⤵
  PID:9880
- C:\Windows\System\EJNBFJx.exe
  C:\Windows\System\EJNBFJx.exe
  2⤵
  PID:9996
- C:\Windows\System\qZEkVgK.exe
  C:\Windows\System\qZEkVgK.exe
  2⤵
  PID:10032
- C:\Windows\System\teCMFFi.exe
  C:\Windows\System\teCMFFi.exe
  2⤵
  PID:7248
- C:\Windows\System\BMbXHqE.exe
  C:\Windows\System\BMbXHqE.exe
  2⤵
  PID:8224
- C:\Windows\System\iTSlbyf.exe
  C:\Windows\System\iTSlbyf.exe
  2⤵
  PID:10236
- C:\Windows\System\JysLVYj.exe
  C:\Windows\System\JysLVYj.exe
  2⤵
  PID:8308
- C:\Windows\System\IMirvIF.exe
  C:\Windows\System\IMirvIF.exe
  2⤵
  PID:8356
- C:\Windows\System\zLlwafF.exe
  C:\Windows\System\zLlwafF.exe
  2⤵
  PID:8720
- C:\Windows\System\ZxzeIYa.exe
  C:\Windows\System\ZxzeIYa.exe
  2⤵
  PID:8760
- C:\Windows\System\oRycsYC.exe
  C:\Windows\System\oRycsYC.exe
  2⤵
  PID:11272
- C:\Windows\System\Fbhdjgq.exe
  C:\Windows\System\Fbhdjgq.exe
  2⤵
  PID:11288
- C:\Windows\System\wRpDzCD.exe
  C:\Windows\System\wRpDzCD.exe
  2⤵
  PID:11304
- C:\Windows\System\plNOfHL.exe
  C:\Windows\System\plNOfHL.exe
  2⤵
  PID:11324
- C:\Windows\System\uNMRjml.exe
  C:\Windows\System\uNMRjml.exe
  2⤵
  PID:11348
- C:\Windows\System\FnQJtZV.exe
  C:\Windows\System\FnQJtZV.exe
  2⤵
  PID:11368
- C:\Windows\System\XOEcuQY.exe
  C:\Windows\System\XOEcuQY.exe
  2⤵
  PID:11388
- C:\Windows\System\oOqfiqZ.exe
  C:\Windows\System\oOqfiqZ.exe
  2⤵
  PID:11412
- C:\Windows\System\ZUUfatu.exe
  C:\Windows\System\ZUUfatu.exe
  2⤵
  PID:11432
- C:\Windows\System\ADVCfNX.exe
  C:\Windows\System\ADVCfNX.exe
  2⤵
  PID:11456
- C:\Windows\System\CCNgYfP.exe
  C:\Windows\System\CCNgYfP.exe
  2⤵
  PID:11476
- C:\Windows\System\pRLhAtd.exe
  C:\Windows\System\pRLhAtd.exe
  2⤵
  PID:11500
- C:\Windows\System\cSfmEce.exe
  C:\Windows\System\cSfmEce.exe
  2⤵
  PID:11520
- C:\Windows\System\adWugbv.exe
  C:\Windows\System\adWugbv.exe
  2⤵
  PID:11540
- C:\Windows\System\emaMSFI.exe
  C:\Windows\System\emaMSFI.exe
  2⤵
  PID:11572
- C:\Windows\System\mTezyig.exe
  C:\Windows\System\mTezyig.exe
  2⤵
  PID:11600
- C:\Windows\System\bZSZsbf.exe
  C:\Windows\System\bZSZsbf.exe
  2⤵
  PID:11620
- C:\Windows\System\MkRWqzs.exe
  C:\Windows\System\MkRWqzs.exe
  2⤵
  PID:11640
- C:\Windows\System\jphXxPO.exe
  C:\Windows\System\jphXxPO.exe
  2⤵
  PID:11672
- C:\Windows\System\pVmoCkN.exe
  C:\Windows\System\pVmoCkN.exe
  2⤵
  PID:11700
- C:\Windows\System\ZATWGzQ.exe
  C:\Windows\System\ZATWGzQ.exe
  2⤵
  PID:11720
- C:\Windows\System\LTBwbac.exe
  C:\Windows\System\LTBwbac.exe
  2⤵
  PID:11744
- C:\Windows\System\uIqqkPk.exe
  C:\Windows\System\uIqqkPk.exe
  2⤵
  PID:11764
- C:\Windows\System\mFzlrGf.exe
  C:\Windows\System\mFzlrGf.exe
  2⤵
  PID:11788
- C:\Windows\System\wnajIAJ.exe
  C:\Windows\System\wnajIAJ.exe
  2⤵
  PID:11804
- C:\Windows\System\YGHvzdL.exe
  C:\Windows\System\YGHvzdL.exe
  2⤵
  PID:11824
- C:\Windows\System\OOPTEBb.exe
  C:\Windows\System\OOPTEBb.exe
  2⤵
  PID:11844
- C:\Windows\System\sKRAuId.exe
  C:\Windows\System\sKRAuId.exe
  2⤵
  PID:11864
- C:\Windows\System\xpnmzWp.exe
  C:\Windows\System\xpnmzWp.exe
  2⤵
  PID:11884
- C:\Windows\System\pNmVmOT.exe
  C:\Windows\System\pNmVmOT.exe
  2⤵
  PID:11908
- C:\Windows\System\ODaQeZo.exe
  C:\Windows\System\ODaQeZo.exe
  2⤵
  PID:11928
- C:\Windows\System\HfeBGWP.exe
  C:\Windows\System\HfeBGWP.exe
  2⤵
  PID:11952
- C:\Windows\System\fiLSMHf.exe
  C:\Windows\System\fiLSMHf.exe
  2⤵
  PID:11972
- C:\Windows\System\vzuksPP.exe
  C:\Windows\System\vzuksPP.exe
  2⤵
  PID:11992
- C:\Windows\System\UBxCODS.exe
  C:\Windows\System\UBxCODS.exe
  2⤵
  PID:12012
- C:\Windows\System\oTcSVtt.exe
  C:\Windows\System\oTcSVtt.exe
  2⤵
  PID:12040
- C:\Windows\System\FIBeVaL.exe
  C:\Windows\System\FIBeVaL.exe
  2⤵
  PID:12064
- C:\Windows\System\KDvoHxV.exe
  C:\Windows\System\KDvoHxV.exe
  2⤵
  PID:12084
- C:\Windows\System\zjCtvKK.exe
  C:\Windows\System\zjCtvKK.exe
  2⤵
  PID:12100
- C:\Windows\System\AObQyEy.exe
  C:\Windows\System\AObQyEy.exe
  2⤵
  PID:12124
- C:\Windows\System\oUYPRIW.exe
  C:\Windows\System\oUYPRIW.exe
  2⤵
  PID:12148
- C:\Windows\System\FjObztS.exe
  C:\Windows\System\FjObztS.exe
  2⤵
  PID:12172
- C:\Windows\System\NAgHgOD.exe
  C:\Windows\System\NAgHgOD.exe
  2⤵
  PID:12192
- C:\Windows\System\MTzrFGb.exe
  C:\Windows\System\MTzrFGb.exe
  2⤵
  PID:12220
- C:\Windows\System\wvoYqAl.exe
  C:\Windows\System\wvoYqAl.exe
  2⤵
  PID:12236
- C:\Windows\System\ITDoBOR.exe
  C:\Windows\System\ITDoBOR.exe
  2⤵
  PID:12260
- C:\Windows\System\UlxsimA.exe
  C:\Windows\System\UlxsimA.exe
  2⤵
  PID:12280
- C:\Windows\System\ZjYOqin.exe
  C:\Windows\System\ZjYOqin.exe
  2⤵
  PID:7392
- C:\Windows\System\PRIKfTB.exe
  C:\Windows\System\PRIKfTB.exe
  2⤵
  PID:9112
- C:\Windows\System\elzDgOu.exe
  C:\Windows\System\elzDgOu.exe
  2⤵
  PID:10396
- C:\Windows\System\wCWfSuM.exe
  C:\Windows\System\wCWfSuM.exe
  2⤵
  PID:10424
- C:\Windows\System\qNLWEgU.exe
  C:\Windows\System\qNLWEgU.exe
  2⤵
  PID:10460
- C:\Windows\System\yxPLniH.exe
  C:\Windows\System\yxPLniH.exe
  2⤵
  PID:7372
- C:\Windows\System\YAApfQo.exe
  C:\Windows\System\YAApfQo.exe
  2⤵
  PID:7056
- C:\Windows\System\RillyJi.exe
  C:\Windows\System\RillyJi.exe
  2⤵
  PID:4084
- C:\Windows\System\eVbjRQp.exe
  C:\Windows\System\eVbjRQp.exe
  2⤵
  PID:10852
- C:\Windows\System\wEXDJou.exe
  C:\Windows\System\wEXDJou.exe
  2⤵
  PID:9300
- C:\Windows\System\HDwWPSe.exe
  C:\Windows\System\HDwWPSe.exe
  2⤵
  PID:9456
- C:\Windows\System\VmpUxNS.exe
  C:\Windows\System\VmpUxNS.exe
  2⤵
  PID:5112
- C:\Windows\System\PapSwrb.exe
  C:\Windows\System\PapSwrb.exe
  2⤵
  PID:2952
- C:\Windows\System\DrMTpzI.exe
  C:\Windows\System\DrMTpzI.exe
  2⤵
  PID:8516
- C:\Windows\System\QDHLiuw.exe
  C:\Windows\System\QDHLiuw.exe
  2⤵
  PID:8568
- C:\Windows\System\BVqhjpZ.exe
  C:\Windows\System\BVqhjpZ.exe
  2⤵
  PID:6756
- C:\Windows\System\Vkmjviz.exe
  C:\Windows\System\Vkmjviz.exe
  2⤵
  PID:9812
- C:\Windows\System\VhyKchZ.exe
  C:\Windows\System\VhyKchZ.exe
  2⤵
  PID:9864
- C:\Windows\System\pxCVYUX.exe
  C:\Windows\System\pxCVYUX.exe
  2⤵
  PID:9960
- C:\Windows\System\LBYAKUC.exe
  C:\Windows\System\LBYAKUC.exe
  2⤵
  PID:10008
- C:\Windows\System\KxCVlSd.exe
  C:\Windows\System\KxCVlSd.exe
  2⤵
  PID:8640
- C:\Windows\System\KyfZOyA.exe
  C:\Windows\System\KyfZOyA.exe
  2⤵
  PID:7724
- C:\Windows\System\Rgoodoy.exe
  C:\Windows\System\Rgoodoy.exe
  2⤵
  PID:12296
- C:\Windows\System\zXhUYaL.exe
  C:\Windows\System\zXhUYaL.exe
  2⤵
  PID:12312
- C:\Windows\System\HMYmJAJ.exe
  C:\Windows\System\HMYmJAJ.exe
  2⤵
  PID:12328
- C:\Windows\System\VpmyTQq.exe
  C:\Windows\System\VpmyTQq.exe
  2⤵
  PID:12344
- C:\Windows\System\LOcekam.exe
  C:\Windows\System\LOcekam.exe
  2⤵
  PID:12360
- C:\Windows\System\dOmOseD.exe
  C:\Windows\System\dOmOseD.exe
  2⤵
  PID:12376
- C:\Windows\System\lvhxuhj.exe
  C:\Windows\System\lvhxuhj.exe
  2⤵
  PID:12392
- C:\Windows\System\CdInGKy.exe
  C:\Windows\System\CdInGKy.exe
  2⤵
  PID:12408
- C:\Windows\System\gffnvHI.exe
  C:\Windows\System\gffnvHI.exe
  2⤵
  PID:12424
- C:\Windows\System\DjZSmfr.exe
  C:\Windows\System\DjZSmfr.exe
  2⤵
  PID:12440
- C:\Windows\System\yElwLOw.exe
  C:\Windows\System\yElwLOw.exe
  2⤵
  PID:12488
- C:\Windows\System\QSHWgyB.exe
  C:\Windows\System\QSHWgyB.exe
  2⤵
  PID:12512
- C:\Windows\System\eSgkTGi.exe
  C:\Windows\System\eSgkTGi.exe
  2⤵
  PID:12544
- C:\Windows\System\OBFHilf.exe
  C:\Windows\System\OBFHilf.exe
  2⤵
  PID:12564
- C:\Windows\System\ozVtgRT.exe
  C:\Windows\System\ozVtgRT.exe
  2⤵
  PID:12588
- C:\Windows\System\RKOXYRU.exe
  C:\Windows\System\RKOXYRU.exe
  2⤵
  PID:12608
- C:\Windows\System\aaINdYj.exe
  C:\Windows\System\aaINdYj.exe
  2⤵
  PID:12628
- C:\Windows\System\nNEguZT.exe
  C:\Windows\System\nNEguZT.exe
  2⤵
  PID:12656
- C:\Windows\System\AIcUrJM.exe
  C:\Windows\System\AIcUrJM.exe
  2⤵
  PID:12672
- C:\Windows\System\EDktQHY.exe
  C:\Windows\System\EDktQHY.exe
  2⤵
  PID:12700
- C:\Windows\System\JxVSxaf.exe
  C:\Windows\System\JxVSxaf.exe
  2⤵
  PID:12720
- C:\Windows\System\usBGzly.exe
  C:\Windows\System\usBGzly.exe
  2⤵
  PID:12744
- C:\Windows\System\WdNcAir.exe
  C:\Windows\System\WdNcAir.exe
  2⤵
  PID:12760
- C:\Windows\System\OUHrmZS.exe
  C:\Windows\System\OUHrmZS.exe
  2⤵
  PID:12776
- C:\Windows\System\TaWJAby.exe
  C:\Windows\System\TaWJAby.exe
  2⤵
  PID:12792
- C:\Windows\System\rYHSDzd.exe
  C:\Windows\System\rYHSDzd.exe
  2⤵
  PID:12808
- C:\Windows\System\IrTdLqy.exe
  C:\Windows\System\IrTdLqy.exe
  2⤵
  PID:12824
- C:\Windows\System\YqoedCU.exe
  C:\Windows\System\YqoedCU.exe
  2⤵
  PID:12840
- C:\Windows\System\oQTjAHd.exe
  C:\Windows\System\oQTjAHd.exe
  2⤵
  PID:10736
- C:\Windows\System\bRmqsoE.exe
  C:\Windows\System\bRmqsoE.exe
  2⤵
  PID:9264
- C:\Windows\System\LAatHFX.exe
  C:\Windows\System\LAatHFX.exe
  2⤵
  PID:9392
- C:\Windows\System\sHfUZJj.exe
  C:\Windows\System\sHfUZJj.exe
  2⤵
  PID:9428
- C:\Windows\System\ZgKfSbp.exe
  C:\Windows\System\ZgKfSbp.exe
  2⤵
  PID:9544
- C:\Windows\System\GkGttkI.exe
  C:\Windows\System\GkGttkI.exe
  2⤵
  PID:9568
- C:\Windows\System\dQGixSe.exe
  C:\Windows\System\dQGixSe.exe
  2⤵
  PID:9632
- C:\Windows\System\ORFZRKM.exe
  C:\Windows\System\ORFZRKM.exe
  2⤵
  PID:9668
- C:\Windows\System\ahNakMr.exe
  C:\Windows\System\ahNakMr.exe
  2⤵
  PID:9708
- C:\Windows\System\ZmwTPJT.exe
  C:\Windows\System\ZmwTPJT.exe
  2⤵
  PID:9940
- C:\Windows\System\dPrcPgg.exe
  C:\Windows\System\dPrcPgg.exe
  2⤵
  PID:10076
- C:\Windows\System\NasSGgy.exe
  C:\Windows\System\NasSGgy.exe
  2⤵
  PID:5284
- C:\Windows\System\xUFwmBu.exe
  C:\Windows\System\xUFwmBu.exe
  2⤵
  PID:10148
- C:\Windows\System\KpAOOLS.exe
  C:\Windows\System\KpAOOLS.exe
  2⤵
  PID:10188
- C:\Windows\System\EHmqWxs.exe
  C:\Windows\System\EHmqWxs.exe
  2⤵
  PID:7704
- C:\Windows\System\FmOTSls.exe
  C:\Windows\System\FmOTSls.exe
  2⤵
  PID:6048
- C:\Windows\System\BFmMeov.exe
  C:\Windows\System\BFmMeov.exe
  2⤵
  PID:5928
- C:\Windows\System\ywwVLgO.exe
  C:\Windows\System\ywwVLgO.exe
  2⤵
  PID:12864
- C:\Windows\System\LgFYIRH.exe
  C:\Windows\System\LgFYIRH.exe
  2⤵
  PID:11404
- C:\Windows\System\IBArPFv.exe
  C:\Windows\System\IBArPFv.exe
  2⤵
  PID:7356
- C:\Windows\System\QRHdGJN.exe
  C:\Windows\System\QRHdGJN.exe
  2⤵
  PID:11684
- C:\Windows\System\zjWjwGF.exe
  C:\Windows\System\zjWjwGF.exe
  2⤵
  PID:10480
- C:\Windows\System\hOLiqgb.exe
  C:\Windows\System\hOLiqgb.exe
  2⤵
  PID:12188
- C:\Windows\System\rzzJNrY.exe
  C:\Windows\System\rzzJNrY.exe
  2⤵
  PID:7052
- C:\Windows\System\rJmaYrJ.exe
  C:\Windows\System\rJmaYrJ.exe
  2⤵
  PID:13088
- C:\Windows\System\IIyGHiL.exe
  C:\Windows\System\IIyGHiL.exe
  2⤵
  PID:3916
- C:\Windows\System\hQUSLQz.exe
  C:\Windows\System\hQUSLQz.exe
  2⤵
  PID:11016
- C:\Windows\System\drVHeTb.exe
  C:\Windows\System\drVHeTb.exe
  2⤵
  PID:10960
- C:\Windows\System\JOFgeIz.exe
  C:\Windows\System\JOFgeIz.exe
  2⤵
  PID:10812
- C:\Windows\System\ICEqUrr.exe
  C:\Windows\System\ICEqUrr.exe
  2⤵
  PID:12556
- C:\Windows\System\UQYgwvt.exe
  C:\Windows\System\UQYgwvt.exe
  2⤵
  PID:12640
- C:\Windows\System\TaCGeaC.exe
  C:\Windows\System\TaCGeaC.exe
  2⤵
  PID:12728
- C:\Windows\System\WCftMWk.exe
  C:\Windows\System\WCftMWk.exe
  2⤵
  PID:10196
- C:\Windows\System\MsoSmlc.exe
  C:\Windows\System\MsoSmlc.exe
  2⤵
  PID:2200
- C:\Windows\System\PgyvCbF.exe
  C:\Windows\System\PgyvCbF.exe
  2⤵
  PID:10576
- C:\Windows\System\enJtoKw.exe
  C:\Windows\System\enJtoKw.exe
  2⤵
  PID:10948
- C:\Windows\System\ZGxXnyZ.exe
  C:\Windows\System\ZGxXnyZ.exe
  2⤵
  PID:7784
- C:\Windows\System\qkpDgbT.exe
  C:\Windows\System\qkpDgbT.exe
  2⤵
  PID:11224
- C:\Windows\System\KKNoDlb.exe
  C:\Windows\System\KKNoDlb.exe
  2⤵
  PID:6660
- C:\Windows\System\WgUDUDj.exe
  C:\Windows\System\WgUDUDj.exe
  2⤵
  PID:7764
- C:\Windows\System\sOkrnWr.exe
  C:\Windows\System\sOkrnWr.exe
  2⤵
  PID:2796
- C:\Windows\System\dtjSvmV.exe
  C:\Windows\System\dtjSvmV.exe
  2⤵
  PID:8204
- C:\Windows\System\RdwwHUu.exe
  C:\Windows\System\RdwwHUu.exe
  2⤵
  PID:11420
- C:\Windows\System\RLZaiGA.exe
  C:\Windows\System\RLZaiGA.exe
  2⤵
  PID:8884
- C:\Windows\System\xmDEWot.exe
  C:\Windows\System\xmDEWot.exe
  2⤵
  PID:4300
- C:\Windows\System\agmOFaf.exe
  C:\Windows\System\agmOFaf.exe
  2⤵
  PID:13284
- C:\Windows\System\lFwxXmX.exe
  C:\Windows\System\lFwxXmX.exe
  2⤵
  PID:11320
- C:\Windows\System\GDOubXG.exe
  C:\Windows\System\GDOubXG.exe
  2⤵
  PID:8868
- C:\Windows\System\EDuyArJ.exe
  C:\Windows\System\EDuyArJ.exe
  2⤵
  PID:12860
- C:\Windows\System\RscwFlu.exe
  C:\Windows\System\RscwFlu.exe
  2⤵
  PID:632
- C:\Windows\System\AJgzUmL.exe
  C:\Windows\System\AJgzUmL.exe
  2⤵
  PID:2912
- C:\Windows\System\HZYWcvU.exe
  C:\Windows\System\HZYWcvU.exe
  2⤵
  PID:10640
- C:\Windows\System\iwNVkvY.exe
  C:\Windows\System\iwNVkvY.exe
  2⤵
  PID:8432
- C:\Windows\System\uIUTzfp.exe
  C:\Windows\System\uIUTzfp.exe
  2⤵
  PID:8068
- C:\Windows\System\oOEVHxB.exe
  C:\Windows\System\oOEVHxB.exe
  2⤵
  PID:7612
- C:\Windows\System\FIgOHtK.exe
  C:\Windows\System\FIgOHtK.exe
  2⤵
  PID:12420
- C:\Windows\System\tGQyyrz.exe
  C:\Windows\System\tGQyyrz.exe
  2⤵
  PID:12464
- C:\Windows\System\fEygupY.exe
  C:\Windows\System\fEygupY.exe
  2⤵
  PID:10552
- C:\Windows\System\tfTzSLa.exe
  C:\Windows\System\tfTzSLa.exe
  2⤵
  PID:12836
- C:\Windows\System\wGqRhpI.exe
  C:\Windows\System\wGqRhpI.exe
  2⤵
  PID:13040
- C:\Windows\System\yfmOBLF.exe
  C:\Windows\System\yfmOBLF.exe
  2⤵
  PID:9600
- C:\Windows\System\wDVajtN.exe
  C:\Windows\System\wDVajtN.exe
  2⤵
  PID:11280
- C:\Windows\System\ToIzECH.exe
  C:\Windows\System\ToIzECH.exe
  2⤵
  PID:11492
- C:\Windows\System\kbBHIDp.exe
  C:\Windows\System\kbBHIDp.exe
  2⤵
  PID:11260
- C:\Windows\System\GMBmPdz.exe
  C:\Windows\System\GMBmPdz.exe
  2⤵
  PID:11364
- C:\Windows\System\mfIPEtd.exe
  C:\Windows\System\mfIPEtd.exe
  2⤵
  PID:12924
- C:\Windows\System\QQCePyr.exe
  C:\Windows\System\QQCePyr.exe
  2⤵
  PID:10376
- C:\Windows\System\VuzMVmx.exe
  C:\Windows\System\VuzMVmx.exe
  2⤵
  PID:11560
- C:\Windows\System\azuaSxl.exe
  C:\Windows\System\azuaSxl.exe
  2⤵
  PID:4816
- C:\Windows\System\uToImOH.exe
  C:\Windows\System\uToImOH.exe
  2⤵
  PID:10288
- C:\Windows\System\xVRZOrm.exe
  C:\Windows\System\xVRZOrm.exe
  2⤵
  PID:6996
- C:\Windows\System\xbmyMia.exe
  C:\Windows\System\xbmyMia.exe
  2⤵
  PID:10832
- C:\Windows\System\YTRmcMa.exe
  C:\Windows\System\YTRmcMa.exe
  2⤵
  PID:12688
- C:\Windows\System\UEjsaWd.exe
  C:\Windows\System\UEjsaWd.exe
  2⤵
  PID:12852
- C:\Windows\System\cRtZVHT.exe
  C:\Windows\System\cRtZVHT.exe
  2⤵
  PID:12940
- C:\Windows\System\FPiFekz.exe
  C:\Windows\System\FPiFekz.exe
  2⤵
  PID:13004
- C:\Windows\System\rmcxbpR.exe
  C:\Windows\System\rmcxbpR.exe
  2⤵
  PID:3932
- C:\Windows\System\RQEoRUd.exe
  C:\Windows\System\RQEoRUd.exe
  2⤵
  PID:11268
- C:\Windows\System\XDyuoZS.exe
  C:\Windows\System\XDyuoZS.exe
  2⤵
  PID:7844
- C:\Windows\System\IEGgCLJ.exe
  C:\Windows\System\IEGgCLJ.exe
  2⤵
  PID:2704
- C:\Windows\System\hRYIWmz.exe
  C:\Windows\System\hRYIWmz.exe
  2⤵
  PID:2792
- C:\Windows\System\paTekRg.exe
  C:\Windows\System\paTekRg.exe
  2⤵
  PID:10988
- C:\Windows\System\fUXsDph.exe
  C:\Windows\System\fUXsDph.exe
  2⤵
  PID:4464
- C:\Windows\System\mLfAtUs.exe
  C:\Windows\System\mLfAtUs.exe
  2⤵
  PID:8828
- C:\Windows\System\lurcHsa.exe
  C:\Windows\System\lurcHsa.exe
  2⤵
  PID:4184
- C:\Windows\System\fknJRUM.exe
  C:\Windows\System\fknJRUM.exe
  2⤵
  PID:7920
- C:\Windows\System\CofMedy.exe
  C:\Windows\System\CofMedy.exe
  2⤵
  PID:12168
- C:\Windows\System\JlClgkQ.exe
  C:\Windows\System\JlClgkQ.exe
  2⤵
  PID:13156
- C:\Windows\System\NiOGkCb.exe
  C:\Windows\System\NiOGkCb.exe
  2⤵
  PID:2144
- C:\Windows\System\DXhPEGg.exe
  C:\Windows\System\DXhPEGg.exe
  2⤵
  PID:11360
- C:\Windows\System\Duogxfw.exe
  C:\Windows\System\Duogxfw.exe
  2⤵
  PID:7068
- C:\Windows\System\QiZIJpX.exe
  C:\Windows\System\QiZIJpX.exe
  2⤵
  PID:9692
- C:\Windows\System\APfwrMm.exe
  C:\Windows\System\APfwrMm.exe
  2⤵
  PID:9564
- C:\Windows\System\mvVSeyT.exe
  C:\Windows\System\mvVSeyT.exe
  2⤵
  PID:11112
- C:\Windows\System\JpEKtTH.exe
  C:\Windows\System\JpEKtTH.exe
  2⤵
  PID:6156
- C:\Windows\System\VgbniDw.exe
  C:\Windows\System\VgbniDw.exe
  2⤵
  PID:1836
- C:\Windows\System\rqjcYXz.exe
  C:\Windows\System\rqjcYXz.exe
  2⤵
  PID:2884
- C:\Windows\System\VZpYaGO.exe
  C:\Windows\System\VZpYaGO.exe
  2⤵
  PID:12460
- C:\Windows\System\nVwVGus.exe
  C:\Windows\System\nVwVGus.exe
  2⤵
  PID:4740
- C:\Windows\System\XFBMWMW.exe
  C:\Windows\System\XFBMWMW.exe
  2⤵
  PID:9860
- C:\Windows\System\irMeBDr.exe
  C:\Windows\System\irMeBDr.exe
  2⤵
  PID:12368
- C:\Windows\System\lImLwNA.exe
  C:\Windows\System\lImLwNA.exe
  2⤵
  PID:1272
- C:\Windows\System\JRgzujN.exe
  C:\Windows\System\JRgzujN.exe
  2⤵
  PID:3224
- C:\Windows\System\zmCLlga.exe
  C:\Windows\System\zmCLlga.exe
  2⤵
  PID:12596
- C:\Windows\System\NtweBSE.exe
  C:\Windows\System\NtweBSE.exe
  2⤵
  PID:13080
- C:\Windows\System\IMnsahj.exe
  C:\Windows\System\IMnsahj.exe
  2⤵
  PID:1080
- C:\Windows\System\ddEjQrA.exe
  C:\Windows\System\ddEjQrA.exe
  2⤵
  PID:10984
- C:\Windows\System\rpLKffY.exe
  C:\Windows\System\rpLKffY.exe
  2⤵
  PID:12532
- C:\Windows\System\VqjGbDR.exe
  C:\Windows\System\VqjGbDR.exe
  2⤵
  PID:6636
- C:\Windows\System\CnKeaHt.exe
  C:\Windows\System\CnKeaHt.exe
  2⤵
  PID:2616
- C:\Windows\System\vnDjRhF.exe
  C:\Windows\System\vnDjRhF.exe
  2⤵
  PID:5864
- C:\Windows\System\aWdIvjB.exe
  C:\Windows\System\aWdIvjB.exe
  2⤵
  PID:6644
- C:\Windows\System\RqgSVTN.exe
  C:\Windows\System\RqgSVTN.exe
  2⤵
  PID:6624
- C:\Windows\System\xTQCwEt.exe
  C:\Windows\System\xTQCwEt.exe
  2⤵
  PID:2132
- C:\Windows\System\YQguDyx.exe
  C:\Windows\System\YQguDyx.exe
  2⤵
  PID:9916
- C:\Windows\System\ZpVxnbt.exe
  C:\Windows\System\ZpVxnbt.exe
  2⤵
  PID:13200
- C:\Windows\System\VMMuVwg.exe
  C:\Windows\System\VMMuVwg.exe
  2⤵
  PID:12988
- C:\Windows\System\jRTOmUi.exe
  C:\Windows\System\jRTOmUi.exe
  2⤵
  PID:12624
- C:\Windows\System\WkPecPk.exe
  C:\Windows\System\WkPecPk.exe
  2⤵
  PID:8208
- C:\Windows\System\sKzXSIn.exe
  C:\Windows\System\sKzXSIn.exe
  2⤵
  PID:7132
- C:\Windows\System\Qayyznd.exe
  C:\Windows\System\Qayyznd.exe
  2⤵
  PID:13420
- C:\Windows\System\zVfaDCp.exe
  C:\Windows\System\zVfaDCp.exe
  2⤵
  PID:13456
- C:\Windows\System\FHwONMq.exe
  C:\Windows\System\FHwONMq.exe
  2⤵
  PID:13488
- C:\Windows\System\zlMRltr.exe
  C:\Windows\System\zlMRltr.exe
  2⤵
  PID:13508
- C:\Windows\System\JZdHluY.exe
  C:\Windows\System\JZdHluY.exe
  2⤵
  PID:13580
- C:\Windows\System\MmwgnXH.exe
  C:\Windows\System\MmwgnXH.exe
  2⤵
  PID:13612
- C:\Windows\System\GLdfxSq.exe
  C:\Windows\System\GLdfxSq.exe
  2⤵
  PID:13636
- C:\Windows\System\InWHUTj.exe
  C:\Windows\System\InWHUTj.exe
  2⤵
  PID:13664
- C:\Windows\System\aHHWnqJ.exe
  C:\Windows\System\aHHWnqJ.exe
  2⤵
  PID:13820
- C:\Windows\System\dVFqKgZ.exe
  C:\Windows\System\dVFqKgZ.exe
  2⤵
  PID:13860
- C:\Windows\System\zPVjSeg.exe
  C:\Windows\System\zPVjSeg.exe
  2⤵
  PID:13952
- C:\Windows\System\BjVFpag.exe
  C:\Windows\System\BjVFpag.exe
  2⤵
  PID:14040
- C:\Windows\System\CLvXLlt.exe
  C:\Windows\System\CLvXLlt.exe
  2⤵
  PID:14104
- C:\Windows\System\NBbsYoN.exe
  C:\Windows\System\NBbsYoN.exe
  2⤵
  PID:14148
- C:\Windows\System\NhfOHZu.exe
  C:\Windows\System\NhfOHZu.exe
  2⤵
  PID:14164
- C:\Windows\System\qJyfPvc.exe
  C:\Windows\System\qJyfPvc.exe
  2⤵
  PID:14188
- C:\Windows\System\WxUhjNx.exe
  C:\Windows\System\WxUhjNx.exe
  2⤵
  PID:12256
- C:\Windows\System\ZamxaDO.exe
  C:\Windows\System\ZamxaDO.exe
  2⤵
  PID:11316
- C:\Windows\System\mUVeQAK.exe
  C:\Windows\System\mUVeQAK.exe
  2⤵
  PID:13520
- C:\Windows\System\VscZlPR.exe
  C:\Windows\System\VscZlPR.exe
  2⤵
  PID:6652
- C:\Windows\System\aWkSfhC.exe
  C:\Windows\System\aWkSfhC.exe
  2⤵
  PID:13476
- C:\Windows\System\eApDoFO.exe
  C:\Windows\System\eApDoFO.exe
  2⤵
  PID:13724
- C:\Windows\System\fNYfjYZ.exe
  C:\Windows\System\fNYfjYZ.exe
  2⤵
  PID:13752
- C:\Windows\System\GiiSWEo.exe
  C:\Windows\System\GiiSWEo.exe
  2⤵
  PID:13768
- C:\Windows\System\ZGfEUAb.exe
  C:\Windows\System\ZGfEUAb.exe
  2⤵
  PID:13712
- C:\Windows\System\TxDQmzc.exe
  C:\Windows\System\TxDQmzc.exe
  2⤵
  PID:13232
- C:\Windows\System\qrVpIKN.exe
  C:\Windows\System\qrVpIKN.exe
  2⤵
  PID:13980
- C:\Windows\System\nyJIQCu.exe
  C:\Windows\System\nyJIQCu.exe
  2⤵
  PID:13840
- C:\Windows\System\AnCCzmN.exe
  C:\Windows\System\AnCCzmN.exe
  2⤵
  PID:14180
- C:\Windows\System\avdwmBd.exe
  C:\Windows\System\avdwmBd.exe
  2⤵
  PID:14200
- C:\Windows\System\xbscSNd.exe
  C:\Windows\System\xbscSNd.exe
  2⤵
  PID:14244
- C:\Windows\System\LKKuIHS.exe
  C:\Windows\System\LKKuIHS.exe
  2⤵
  PID:14156
- C:\Windows\System\AGpzBvZ.exe
  C:\Windows\System\AGpzBvZ.exe
  2⤵
  PID:14332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_brfubwdg.2z3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BIHNMFf.exe

Filesize
1.6MB

MD5
9cd76cce729d5daadd0786061dbc9836

SHA1
56c8ec7f375ebb528cc21acf51c40d014f035072

SHA256
c8603af0f375730ab35885220592c6d720a386e0a6926fe69124e4962c4dfd89

SHA512
6e235ce415d22b5e579a551466152f44a7005a80906d14f985c807d7ede2dc494f2d0bb62a4248f8fd877a8afbc4386efd1f4626d1037a4a451b61d283c6ba5b

Download Submit
C:\Windows\System\Bsxmpxa.exe

Filesize
1.6MB

MD5
a587cb9edb28374e8852292589735d2c

SHA1
eb1db080c2b7a67cb1d5c35230dc39aa9118a2ec

SHA256
77fe335d7abfdd137fb5b3f4d682c1aadb5dfae151a182c7a6e1c07e2d866cc0

SHA512
0f12c42ef8884590da8a2fe52e5bd7b872772e0fd9b0120b7413bb83fb63c3c025ce8c863b877d294df027b2bb00703374822db1041d071ee0f00cd779cf8608

Download Submit
C:\Windows\System\CNaTMVl.exe

Filesize
1.6MB

MD5
240828ba3fe36edcd88fb5dd0114d6ff

SHA1
2fa48caf2bbe143809813e7af8d9b1217b963f07

SHA256
0857ea894a6739577b21b6ba6f46afb3b81201b36bf9b771e1af5c9b2c3d6a4f

SHA512
ea08e01257de4dbc77454c69036a5dff5d1f4ee62fc2884c759ada125af956fdbe52a523a4f484ecab4ebff5f8d72b54be290a1b0bd738f04afc975977dde51b

Download Submit
C:\Windows\System\CWbTphO.exe

Filesize
1.6MB

MD5
200f5053e9a351c9b1697f88a0d5c0b7

SHA1
400747a916fbb61c2a005e84a37332ca43a039ba

SHA256
2060e179a248f75153f47e3f0a98e4ffc4b77ba0d1398ad295ab54c5705d34ba

SHA512
7e5514a7a256d7d9bf643809f590f89318ba50ddafbae9f99dae2668e30bc908c1890d6d4eefc770c06b2b6d7382b1d6ba2aa808502e9702f281f22a8d0f6339

Download Submit
C:\Windows\System\CWtoaas.exe

Filesize
1.6MB

MD5
2aa6703c6fb754428ceac974afde64b6

SHA1
7e7f71d38642639382acb1d10ce68fdf3c4f3bce

SHA256
217c159e89ee0ef29ee093b98c077194a5792a8d01534a628468beffc65694e6

SHA512
df6a64ce0613833d0720577c30bf6907487b8a8951e30da637134560ac13150e31789d90398e5f02b04a66679fb616b05c8e15482ca0602775e1af5103d6e233

Download Submit
C:\Windows\System\CrpOFmb.exe

Filesize
1.6MB

MD5
c3f96192589da88b70482254e721c4ed

SHA1
a499d904487d7234a3038aa50482265972b97a98

SHA256
175497738627db22d61b27ae8a599f4ba9c7e086a8d02223678ffd3a8508209a

SHA512
27e64dd17c8392c68643f6e3a5de08f30e313406037ab22c1b8d252eb386eb0a3c354cce0306e6345ae85b14516646853657e1b64b74a1c38180849583cbbadc

Download Submit
C:\Windows\System\DfEqCjS.exe

Filesize
1.6MB

MD5
8c31d305b3e6c33db81f1de0827a79f3

SHA1
b4dadeab9964994b51fc3c07a3bce5f3c3f615df

SHA256
bd8e9701c151d516c2fa0a195dc682bbf744f87e57130d54f40ddb4d9cda8d84

SHA512
18390c5ba050031c273ce08737a8ecb36a33e4519e46758e26c13fe8600cdacb68cf09db18605df5ce5703e905dd021d51223e6a25c53fe5101803b3f7250677

Download Submit
C:\Windows\System\EoOlcRi.exe

Filesize
1.6MB

MD5
9ca3f8fe110b5bffaab7cb6030a8deee

SHA1
2d7b16f5b2ee9a16bd3c23909c0944d347020551

SHA256
7d2080993c4dc4dac03ebf5dbb9166a7b6faf959de3cb4149b7936f3606bcfc7

SHA512
adddc770e63ec9bf4c0ff269aa9c22774b268b4c2e56249938043b88e03e105258cdcbcff71a6d616b4cccdef30dcd5c7b8608082d478ecbf4dc3c89410b4f34

Download Submit
C:\Windows\System\FlbThYt.exe

Filesize
1.6MB

MD5
600c29697159a8208616a9ff0abe8607

SHA1
704821b4aa3df0a5f2be35e7a3936e98262b721c

SHA256
c23b508c838124ea9af2afbfdda730e160ac9fc5f596dc6fb93cd1bea8be2343

SHA512
3c20202bc0ae22cf910575adf6bdfc51cff20a704b7e7b39602c1fecd98d812fbacb3ee11ac8b67318a4d7a282dd7a3c08a68d2633b1cd54631e29e513564968

Download Submit
C:\Windows\System\JPpHeaY.exe

Filesize
1.6MB

MD5
b9a82e0dde02f3b02e8be7daff1d64ea

SHA1
316045979eec5157985de5b83f909d4a0251f4fb

SHA256
d7e889a0639f493e10e5e1ac45bf4b449011c3a7a2837a82f49d9efc337b3402

SHA512
ddd145db5cdd7dda5e3306059f6858de069b76a7e68e5f3480791fe0aeb66881885ca7e41416b73ca0e78440e3313a288a6438887bebd016cdddb8f2420b6672

Download Submit
C:\Windows\System\JkcFWyt.exe

Filesize
1.6MB

MD5
6ac35766fe66f034d1e493f048044657

SHA1
5a93e9a191d4c3912aca53c3fbd4c27e4c8c4b92

SHA256
122d18976e4ac9fe742ad269664bef8c6acdc3796f00658b3cae276a5ae74044

SHA512
675cfaab2c0d36566d7305c430bd2ad50a979f560d532f8732fe815db1e6cb02da971d91fddc0c32a05aaca60e4593180bf8950b87f5ad2c14a19bcc0b7a6b43

Download Submit
C:\Windows\System\KUUfELb.exe

Filesize
1.6MB

MD5
37033ccfdaeef186239f8f2f69615a4a

SHA1
0ec7af0e627ee26a892cad1d56c8356567b74564

SHA256
f8a2f84c56d658497c2cb2a3dda490f20f211b4d621c34bdd2b2ce0a4f9af3d5

SHA512
e9b0368fde72e55618f6bd30ba6a76b2324a3d42924d3e49216d334f86fe855dcbfd35eaf6d93aff96e783c8811295efee3c4a2d27661756f3630d083d74e406

Download Submit
C:\Windows\System\NeLGmrJ.exe

Filesize
1.6MB

MD5
ca68e78ecb3a0190f17b0026c708d1b0

SHA1
83e15f96cd99bfbf89b6ee3cc56aa1622fcf1a9f

SHA256
9117838a6bf1f4778261c5d5c7e3c17536b8028accadf7e62bea8693306fcd58

SHA512
444d1cc9a6ca5b83b3a2754ce2a982cac9b87f4ca8a9d45e53e1284c5f7b6da96557b1dee9800989a80671f4bdfdf0c978f0df9dfa634defaf900e1b8f0f223d

Download Submit
C:\Windows\System\PAelVMV.exe

Filesize
1.6MB

MD5
f190e37ec1aa87f113e176afaa1866cd

SHA1
eeb87332c172b32fa82090009bea3e0138395807

SHA256
1b383effb2813c87e24cf2933e166a0c42f0d9da8fd5f08e22bf199b24f7dd06

SHA512
7c75e26dc30144c1b90d85fae83688014071944776c12294d2d91ff77233a8cba0679a8975b734a924706f6a0af4f54c02422c93240f319fc9d1e3ec28a7f60c

Download Submit
C:\Windows\System\PQFnTLz.exe

Filesize
1.6MB

MD5
e5fb2ec54bcfa5774d71e8e9d0dd63e8

SHA1
6c98d2fefbf2dce7f8f7b1c8608f6c32ebdfb41f

SHA256
b12a56f3dc4d1d610e14317f3812545f950dd043aa96a5141b534336aff6c49d

SHA512
15059c4f0b58d0e008d32189606578067efd57f5e56ace525287fad6aabfb65a3670d0f8c515d67c42341dc75cc12c4500f8b27c68892ce9bee27477f6ea11dd

Download Submit
C:\Windows\System\ThpopkO.exe

Filesize
1.6MB

MD5
f019d6e846f13cda08acfcd78e8b82fb

SHA1
9dc2135adb6c0d5bd27b429e4f3e6f2410a86500

SHA256
7bce5a5499dd407711783b00b444e1c798d41d16a018baeb0b55b320d99b32dd

SHA512
218cd3c6d763b3d17738751f88a21ca0a8080cc437fbea46b7071b27db76c0e9dc5873b450015134634ba16c31d863b4972d9429433787a9e21f41536e151833

Download Submit
C:\Windows\System\ZrbVjVG.exe

Filesize
1.6MB

MD5
b5c0468c3651b62cb98a7bf347163c69

SHA1
438764acd1eabbebf5fff657163cad83f3818196

SHA256
8e99122f380b98e7424c24eabc3fb7cd4c483bdaeb5275b1be63de6787093bf5

SHA512
24a7594b67e9896c2fe678538ad37ceb5250834f05d5e4729ce6213e0365e69616ae5e7e9deb06501cedfa3ca11ff5d8bfee2086b896a280260e30e960770b20

Download Submit
C:\Windows\System\ZzjsMcX.exe

Filesize
1.6MB

MD5
c018bc079bca4ad7f332e4d4471aaa41

SHA1
c467775f644039131d6a65e76019dea27318a65e

SHA256
31e0a919dfae1d33686bdc954fdc9413c534e2441958aa93112e10ab3881d337

SHA512
f43aa49595145d03cdf1ce75431c37a9cf08087a806eff41245bba8bf9d02271493a4f8a854d7a0075e62dcc3a993edd08f6c531dbfe441e5fd4868948c3561b

Download Submit
C:\Windows\System\aGqElgG.exe

Filesize
1.6MB

MD5
0f69f8b0b749ce54a36a9c7b6dbacceb

SHA1
1d37e23165cf895b13440ed097dbcd36ff556419

SHA256
fdd59d3c18d3ce855c811f19b1658785e57a42b9c21e55bc75379bd9e1f26abe

SHA512
b223f4e56c858fedbefd9fbe27b270421c314d99397cd4bc24db63019050be0b9fa6d89691277cdcd2884db9329cc2e21bf06457b4b79c1946b08ff338274905

Download Submit
C:\Windows\System\cQMuaoE.exe

Filesize
8B

MD5
9962fa9c120fa4be5b0a3f7a74dbcadf

SHA1
b6f88aa1c093b2340de068ac2ff30cce108e3fc6

SHA256
945d12760562a76bb5610a082b9c7801a49c6c9de534141d0c528ee6828f8992

SHA512
b2eeefcd3c65dccb02eb4079fd8fe88b36ae6927cd8ddb4de7afd16b396b895522c8feb1cc1373ad7adcb7732e1d37129de60c1aaea95865a3c1e13ac02b6cac

Download Submit
C:\Windows\System\dgZSNpA.exe

Filesize
1.6MB

MD5
6639536dc49329a0f400fea2773779bf

SHA1
c54790c649e833d911f78a5e4633d586a9cdc830

SHA256
9b28604aa85d4bc1ea266d5c36c9f05ad68741b4da279b856fb9a126a14dbea0

SHA512
1ab8b3b94081e1d39ff67782047d15fda247cd8de1d41203686542b6aa10ca38a782ada80cf794906094c3482395b4bfa532c7127c5ad145f19aafd8dcc0f8b9

Download Submit
C:\Windows\System\iVYFLxV.exe

Filesize
1.6MB

MD5
a0c8647e4fc8715af453a5866613a0ec

SHA1
3b9e69006e4e5f4db1c6e8ef07f5ceae56ca4b82

SHA256
3e0c868e7fd69fe698652afc416a606a528332ab0669a25e068f7b3e4ca77fdc

SHA512
ac4e1398b26cacd6e0aab13a268a3b2b01e997019d9baf2c3c45d2890bba933290dc16822754426224b6ec5c3296b609123a6b1f1223f933021e7e8de7ca7bf4

Download Submit
C:\Windows\System\idPEpzh.exe

Filesize
1.6MB

MD5
1a6b5a4302f66558bbd6eae2c572c349

SHA1
23347c0ed413f7d9c2c0df61ba6d51e299f10174

SHA256
89db3348dec1435c0001ce095ec9e7864955b45b00d9b10b3c2008f5818c4da7

SHA512
4809a1627e6b4a3115baf56aaac2529597605e1d92d7778902a442ebd3abc3e03903d5aaa57f34927788046f6ec8fa5584d20877b29b1a5eebdf9039603cee5d

Download Submit
C:\Windows\System\inQERUv.exe

Filesize
1.6MB

MD5
8b820aebda81e3f060fac6b88643a44d

SHA1
d2643ae9e48a7e25ea4b0504898a9218cd66722a

SHA256
5da8fe11dd1d114e9ef7d0aa24eddcde2041ee79ede11b022cf5dd3b54a551f6

SHA512
598381163c7db9313a47a3560d2323111e0d2318ef907310d5a11c3deaf2136a340d599c9890ec0407369e0bdb5906df3985d104c2c25cd145cae7bf966d82e6

Download Submit
C:\Windows\System\jMWuQIZ.exe

Filesize
1.6MB

MD5
f7538bc8bb2e5bdc9125adde3f6ee7b3

SHA1
9a6ac2c4609b001c0dcaa4ab00da6c1f2cb28d53

SHA256
c603ded4d7eb4b98ce0b4803c5440f0dd34843917512989588b2d9be494b9d0c

SHA512
557995ffbcf54061e19f6e7f78b44b4c3ca4657dd49686b55fd4d3d1efc841a797dc8d9e06f61ee2133247fee88a4ebed7676c0671931982cd48bd3899cbbbbd

Download Submit
C:\Windows\System\jjCBAdT.exe

Filesize
1.6MB

MD5
6226952153717fda55269b83eb027eb3

SHA1
c72441cbf81dee846538d2d2741ec68321bb20fa

SHA256
5f5ec3cd8235faff1245a029e081072be5df3a5bcb3274fe01a96578b55ccaee

SHA512
8109716fd05689cbd645c3a103f11464d9710324f2f6d205026a17e2785e60b39b6cf55c31af2cc48cd1ac9fd8089a7caa393425c194c56cf5b838eb12c174cf

Download Submit
C:\Windows\System\ltDqdLh.exe

Filesize
1.6MB

MD5
e36dc9c028f75fb0328ade5d7d8b303c

SHA1
6781de6f59ffbf2927e90e8f8ff33f8e876dc296

SHA256
56632aa268aa3e7fe617f28f80b5cce415cbbe65bc8ef88205420a045caeb1f2

SHA512
9549bd40d90fe6bd219836cee804cf2e6e8ec1bcd2c3adce7ea9c9e29fd6ceeead060b681fb7591a1fbc4a91d9818e4184b95c2d69ffa02a8cb435079cc35409

Download Submit
C:\Windows\System\mUQLcgh.exe

Filesize
1.6MB

MD5
682b8300c0a319c5cf12d17a82d226b3

SHA1
42808996f4893922449485f296524a94ea66b5c9

SHA256
3624d7968e03580fd88d56df60b12c2580075e653c3d52140b4a80dc3d5d7ba6

SHA512
4f35f72096fd5940d8a3686004efe49f3fa0236f620706498fb3d321be5eb393d875d42d4b80890460340423b8c04f8ac6827bc23288f31ae8bf742188060983

Download Submit
C:\Windows\System\nSFozse.exe

Filesize
1.6MB

MD5
941e89367336094abf82725e31ffb149

SHA1
c78f6dfd8d03ef9e03a3348ebcba0a8ac287087f

SHA256
160aafbc45a85e04b00483e268a44cb1f067dada4564b993af955d494228850c

SHA512
e7c4faec65d04fefa54e9c2655ee9b3269ed3611562ef248e22ca905b601b882bb1ea906e8d8f469b7ff00b210654f4fd298889b32fd6c82fb3961a954cb7832

Download Submit
C:\Windows\System\oopqPfZ.exe

Filesize
1.6MB

MD5
4235ebd893fd0fd15827b2d60f4ca5e9

SHA1
15d61eb767dd2fe9c7adf4f9dd97b67a3d9464c4

SHA256
102510b81a80654e42fa44dc08a1f174fc32f7ff57f7c7a7b2e8e54bb796f218

SHA512
1ca70f8d5c506c7a2b4b6c85339d8a60ae1d3a97e69f8aa4d4cdbd01a23ff3f94f9ab8187f53ca09bf7ff3a5dd0bb597d23fd8a29f51255d4849d84bad6d6a24

Download Submit
C:\Windows\System\rvalNtc.exe

Filesize
1.6MB

MD5
4bf5793044e90b584a6ef4f2c8506673

SHA1
bb98cc65e9031f8d5328c34cb5cceb5467c475b3

SHA256
26ac23096e47640e7308885ca1851097aade7997c57b91d9dffd0935f9a833c4

SHA512
5c495189abc047f90cb0bfa9a9c52e67bbb2ac88e386989c14e2e1fec5cad456711f79e53c4f93e6363f2eb4e1060f708878e01117b9d859e837bd580d9ea73e

Download Submit
C:\Windows\System\rwRIVCy.exe

Filesize
1.6MB

MD5
bb64c18780102c16e1fa349dc223963e

SHA1
024824d83a2d88ceb19cbda29a978045051d3511

SHA256
b2f09c64bbea6f0b0827e6e405e306a24cd9380a8b92e1956067db67c2495fab

SHA512
b8ef6655ab4b470987c162b4b9ba6e0ed892815715dbbcc4c1bcbfcbb5a4014a0342a9534305a6096ea6be62ba3df282a17cd11c0c7a9e56a3dee8569da4398b

Download Submit
C:\Windows\System\tAdGxdD.exe

Filesize
1.6MB

MD5
1dc0f2a339a8e04a49ee71bd3a55de6b

SHA1
aa03e4425837ea146e3b9950d1df7e0ce56235c7

SHA256
f8b92d5478c93b0d2348ac8b081b259cfb64352bed562048009e463019b6af0e

SHA512
773c6030f58eed24357f8a1f48ef1ec8fec9ef280948ccde6b34c71c3f22d1f436c0b4aba508110087c91f7f123b455126b4025e52105623b8f6a1b43296d23b

Download Submit
C:\Windows\System\teUFKso.exe

Filesize
1.6MB

MD5
29f7dcb2157a7e7760df504b7ed5fd3e

SHA1
f12b26c5db1bd088892690e3de35e0f2914177aa

SHA256
fd388b380badeccda81f04043ef42f5ea1f0dca2bf2e80ebef89ce0eaff84c90

SHA512
62552ca949b017f337d948d18ee0f7dac1e40e661088742802894b60531f0cf61fae866525f997bddaa4585d323960d95456289a1f31cdc1ce19627e5034bc6c

Download Submit
C:\Windows\System\uQoQmwt.exe

Filesize
1.6MB

MD5
ea4d8bdd5343f385c2d2f1c21e5dc485

SHA1
19f649223a6a4052a0e7eb9cc0fd15a509490d90

SHA256
ebba187d9468884316a76d912d47c638d98470e6673dca6d1f934355a4fc8442

SHA512
7c038ad24ff7bc9780d23a58426d315cfdf85433fa3613041f2c8dc80a3fd2ff25f9c3584f10c34cb5d39d2e96b03f5ff74b759d88831416eee8f6765d6f8049

Download Submit
C:\Windows\System\uZHbdAE.exe

Filesize
1.1MB

MD5
fb4f7474bd41291b156180bfcc3d9d6c

SHA1
5bea453a7f57f029add0840a616b198eb2020638

SHA256
ab1db5aa2f1a1fc14e043ec2da674770687d8cfd3d5c5b6a4e39cea572d278a4

SHA512
21027c6b82d0d3c71fb8400348cb23b8727651e381b77cf05cb06cfc71229deb6ea16db39e059ec4046a7abbad14f1d6a96c21b77433a913e4681547b952208f

Download Submit
C:\Windows\System\uZHbdAE.exe

Filesize
1.6MB

MD5
6ea987e41bc02b8bb53afd3a6fee6cc6

SHA1
7cb4cabba84aa0037c66c0aa3a31ff723fe9058c

SHA256
59f82d6124c2470b1c74c23a77feac7884514098440aa70aa0a5714aa4e155f5

SHA512
9261a627bee037e3ac7aaa5e80a6bb7f63396daa7d2676ba621205c0cf72a593e43a16fd7c94e41edf10db30ac8dcae72661c1b69c88b364929e4f3c1377926a

Download Submit
C:\Windows\System\umYxktX.exe

Filesize
1.6MB

MD5
d1b108210f97a8f8ec2e27024a391b30

SHA1
8d67010833dacd4895607d6a068c5d65ff19a86b

SHA256
ce58f0bdf8de244c65b00445d020b8b5db5a16a2d9ffaa33d95fc283a4fc85b8

SHA512
3248360967511ebae95fd95698a02f69a3ff758a668e75b9f42b1a0ca2861a4a2c912e7853621401f421cf7519834c7022fe644a6a3eb0755533b869b2b72701

Download Submit
C:\Windows\System\vPRIECO.exe

Filesize
1.6MB

MD5
ff3e000369cc09024368bebe8bf5c9f9

SHA1
80f72d754138d6c3383388f073234e9e3308a921

SHA256
e7f60505bbd9e78c5e087ce9d674df165eadd76ceffefb67c86d657e6e70ff6b

SHA512
ce14cbe7d25109cfde48548e80f27cb4bbb75be184c5abdf2dde360a7a049cba52d964effb23cfe39306b43995c6853c1cdfa5faf175bcf7e9691f1fa7af73dc

Download Submit
C:\Windows\System\xHYrFZO.exe

Filesize
1.6MB

MD5
1e23ee0392b7a68036a478ad47466b93

SHA1
fb503063760c6c6eb307b12d3a7285da06dd7ecd

SHA256
4510da7da8e529b0f5b50b760153e951205af7147f7f48c79a166353138c3ac5

SHA512
90f9dd52e31d360c56d0317f59da9538fb1941f1ce2758e580f6537d93e4ae6d467c4b7858b6fc96a283be854e46a65b2108b4c4e46c6258bd98c16de0f41577

Download Submit
C:\Windows\System\xZUJJYG.exe

Filesize
1.6MB

MD5
3526545afd3a49c1227e1dca1998ad26

SHA1
10ee1a8eec52e8423a48fe9abf0996e268bfb890

SHA256
65849302ca77376d2ea15014f4fabe209706ccde83d4c58a514f700c6de37a8b

SHA512
855180bb8b2b8fc397933fb59757036c13c9fedb7ce0573bf3c011f1557bd0c798d26882971276fb92ae956f8c571e9c4a294d173f0d769ec340d20685890b8a

Download Submit
C:\Windows\System\yJEaHdy.exe

Filesize
1.6MB

MD5
fe711318e279c623ec2051140d798784

SHA1
0ced455ca4652cf8029fc2ae7822d5f132387344

SHA256
4a60eaf0256ace0675092d4e3121ee7ae2c745bec76660ac25daeeb76861c5d5

SHA512
2bb504ca13230b845ff744cb932b7d211b8794b84b7244df39fa726c0c5e74845fd29c614c20a780cdb2710183e48ed60d511a7d8608d01daeb7e017e7207734

Download Submit
memory/456-298-0x00007FF733D50000-0x00007FF734142000-memory.dmp

Filesize
3.9MB

Download
memory/456-3066-0x00007FF733D50000-0x00007FF734142000-memory.dmp

Filesize
3.9MB

Download
memory/532-8-0x00007FF7FDB80000-0x00007FF7FDF72000-memory.dmp

Filesize
3.9MB

Download
memory/532-3025-0x00007FF7FDB80000-0x00007FF7FDF72000-memory.dmp

Filesize
3.9MB

Download
memory/552-3132-0x00007FF7E4610000-0x00007FF7E4A02000-memory.dmp

Filesize
3.9MB

Download
memory/552-520-0x00007FF7E4610000-0x00007FF7E4A02000-memory.dmp

Filesize
3.9MB

Download
memory/660-3031-0x00007FF725140000-0x00007FF725532000-memory.dmp

Filesize
3.9MB

Download
memory/660-513-0x00007FF725140000-0x00007FF725532000-memory.dmp

Filesize
3.9MB

Download
memory/1212-1645-0x00007FF6C53F0000-0x00007FF6C57E2000-memory.dmp

Filesize
3.9MB

Download
memory/1212-3027-0x00007FF6C53F0000-0x00007FF6C57E2000-memory.dmp

Filesize
3.9MB

Download
memory/1296-3182-0x00007FF7004E0000-0x00007FF7008D2000-memory.dmp

Filesize
3.9MB

Download
memory/1296-1077-0x00007FF7004E0000-0x00007FF7008D2000-memory.dmp

Filesize
3.9MB

Download
memory/1492-817-0x00007FF6C9360000-0x00007FF6C9752000-memory.dmp

Filesize
3.9MB

Download
memory/1492-3077-0x00007FF6C9360000-0x00007FF6C9752000-memory.dmp

Filesize
3.9MB

Download
memory/1644-22-0x00000276F71F0000-0x00000276F7212000-memory.dmp

Filesize
136KB

Download
memory/1644-5-0x00007FFF5E733000-0x00007FFF5E735000-memory.dmp

Filesize
8KB

Download
memory/1644-69-0x00007FFF5E730000-0x00007FFF5F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/1644-2153-0x00007FFF5E730000-0x00007FFF5F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/1644-144-0x00007FFF5E730000-0x00007FFF5F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/1660-519-0x00007FF6745D0000-0x00007FF6749C2000-memory.dmp

Filesize
3.9MB

Download
memory/1660-3135-0x00007FF6745D0000-0x00007FF6749C2000-memory.dmp

Filesize
3.9MB

Download
memory/1680-515-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp

Filesize
3.9MB

Download
memory/1680-3102-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp

Filesize
3.9MB

Download
memory/1704-516-0x00007FF602C00000-0x00007FF602FF2000-memory.dmp

Filesize
3.9MB

Download
memory/1704-3138-0x00007FF602C00000-0x00007FF602FF2000-memory.dmp

Filesize
3.9MB

Download
memory/1792-3171-0x00007FF733220000-0x00007FF733612000-memory.dmp

Filesize
3.9MB

Download
memory/1792-690-0x00007FF733220000-0x00007FF733612000-memory.dmp

Filesize
3.9MB

Download
memory/2076-521-0x00007FF671740000-0x00007FF671B32000-memory.dmp

Filesize
3.9MB

Download
memory/2076-3178-0x00007FF671740000-0x00007FF671B32000-memory.dmp

Filesize
3.9MB

Download
memory/2328-475-0x00007FF6475A0000-0x00007FF647992000-memory.dmp

Filesize
3.9MB

Download
memory/2328-3075-0x00007FF6475A0000-0x00007FF647992000-memory.dmp

Filesize
3.9MB

Download
memory/2368-3078-0x00007FF63D260000-0x00007FF63D652000-memory.dmp

Filesize
3.9MB

Download
memory/2368-399-0x00007FF63D260000-0x00007FF63D652000-memory.dmp

Filesize
3.9MB

Download
memory/2696-3137-0x00007FF7732C0000-0x00007FF7736B2000-memory.dmp

Filesize
3.9MB

Download
memory/2696-580-0x00007FF7732C0000-0x00007FF7736B2000-memory.dmp

Filesize
3.9MB

Download
memory/2800-3185-0x00007FF7009C0000-0x00007FF700DB2000-memory.dmp

Filesize
3.9MB

Download
memory/2800-518-0x00007FF7009C0000-0x00007FF700DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3136-512-0x00007FF6449F0000-0x00007FF644DE2000-memory.dmp

Filesize
3.9MB

Download
memory/3136-3111-0x00007FF6449F0000-0x00007FF644DE2000-memory.dmp

Filesize
3.9MB

Download
memory/3188-517-0x00007FF709700000-0x00007FF709AF2000-memory.dmp

Filesize
3.9MB

Download
memory/3188-3169-0x00007FF709700000-0x00007FF709AF2000-memory.dmp

Filesize
3.9MB

Download
memory/3756-3172-0x00007FF7CDF30000-0x00007FF7CE322000-memory.dmp

Filesize
3.9MB

Download
memory/3756-862-0x00007FF7CDF30000-0x00007FF7CE322000-memory.dmp

Filesize
3.9MB

Download
memory/3832-514-0x00007FF64A2C0000-0x00007FF64A6B2000-memory.dmp

Filesize
3.9MB

Download
memory/3832-3080-0x00007FF64A2C0000-0x00007FF64A6B2000-memory.dmp

Filesize
3.9MB

Download
memory/3980-3033-0x00007FF6244D0000-0x00007FF6248C2000-memory.dmp

Filesize
3.9MB

Download
memory/3980-297-0x00007FF6244D0000-0x00007FF6248C2000-memory.dmp

Filesize
3.9MB

Download
memory/4368-3029-0x00007FF6BA580000-0x00007FF6BA972000-memory.dmp

Filesize
3.9MB

Download
memory/4368-242-0x00007FF6BA580000-0x00007FF6BA972000-memory.dmp

Filesize
3.9MB

Download
memory/4624-3129-0x00007FF788F50000-0x00007FF789342000-memory.dmp

Filesize
3.9MB

Download
memory/4624-260-0x00007FF788F50000-0x00007FF789342000-memory.dmp

Filesize
3.9MB

Download
memory/4796-0-0x00007FF7A7F10000-0x00007FF7A8302000-memory.dmp

Filesize
3.9MB

Download
memory/4796-1-0x0000021A64240000-0x0000021A64250000-memory.dmp

Filesize
64KB

Download
memory/4956-3109-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp

Filesize
3.9MB

Download
memory/4956-1679-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp

Filesize
3.9MB

Download