xmrig | 3bc778a5e1f773f1340719b2cb8a67acf65d09f3285d1b6d39554daea4487816

Analysis

max time kernel
129s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
Size

1.5MB
MD5

5f5dc887de82576ccebf71a057c05aa0
SHA1

464af202d4d522e7c90be3cdb9dde9f72e8e1041
SHA256

3bc778a5e1f773f1340719b2cb8a67acf65d09f3285d1b6d39554daea4487816
SHA512

d3ae49e4578c950f4739a1d9944b6b2afacad4e696370bfc9e764f5fc78d9396568a96c30c87c9417847803ed922aea4fab78ad12dcc81df13c3dbee81a8b49e
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoY5VKGznc:Lz071uv4BPMkHC0IEFToCe

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral2/memory/3264-304-0x00007FF69AA80000-0x00007FF69AE72000-memory.dmp	xmrig
behavioral2/memory/4404-348-0x00007FF7C62B0000-0x00007FF7C66A2000-memory.dmp	xmrig
behavioral2/memory/4844-350-0x00007FF7C5DD0000-0x00007FF7C61C2000-memory.dmp	xmrig
behavioral2/memory/5048-354-0x00007FF727730000-0x00007FF727B22000-memory.dmp	xmrig
behavioral2/memory/3920-488-0x00007FF6E7140000-0x00007FF6E7532000-memory.dmp	xmrig
behavioral2/memory/1084-595-0x00007FF60FF20000-0x00007FF610312000-memory.dmp	xmrig
behavioral2/memory/2516-832-0x00007FF667D80000-0x00007FF668172000-memory.dmp	xmrig
behavioral2/memory/2716-1011-0x00007FF737090000-0x00007FF737482000-memory.dmp	xmrig
behavioral2/memory/3240-708-0x00007FF7ADA20000-0x00007FF7ADE12000-memory.dmp	xmrig
behavioral2/memory/1400-632-0x00007FF7ADAF0000-0x00007FF7ADEE2000-memory.dmp	xmrig
behavioral2/memory/3036-526-0x00007FF6DD120000-0x00007FF6DD512000-memory.dmp	xmrig
behavioral2/memory/1188-355-0x00007FF76D160000-0x00007FF76D552000-memory.dmp	xmrig
behavioral2/memory/5044-353-0x00007FF7BD010000-0x00007FF7BD402000-memory.dmp	xmrig
behavioral2/memory/3044-352-0x00007FF653D40000-0x00007FF654132000-memory.dmp	xmrig
behavioral2/memory/1544-351-0x00007FF758820000-0x00007FF758C12000-memory.dmp	xmrig
behavioral2/memory/1476-349-0x00007FF744570000-0x00007FF744962000-memory.dmp	xmrig
behavioral2/memory/4936-219-0x00007FF6E2F70000-0x00007FF6E3362000-memory.dmp	xmrig
behavioral2/memory/2728-132-0x00007FF79E760000-0x00007FF79EB52000-memory.dmp	xmrig
behavioral2/memory/1208-3229-0x00007FF6BEAC0000-0x00007FF6BEEB2000-memory.dmp	xmrig
behavioral2/memory/1084-3234-0x00007FF60FF20000-0x00007FF610312000-memory.dmp	xmrig
behavioral2/memory/3592-3236-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	xmrig
behavioral2/memory/1400-3238-0x00007FF7ADAF0000-0x00007FF7ADEE2000-memory.dmp	xmrig
behavioral2/memory/2428-3242-0x00007FF6D57F0000-0x00007FF6D5BE2000-memory.dmp	xmrig
behavioral2/memory/2516-3240-0x00007FF667D80000-0x00007FF668172000-memory.dmp	xmrig
behavioral2/memory/4560-3244-0x00007FF606D80000-0x00007FF607172000-memory.dmp	xmrig
behavioral2/memory/2728-3246-0x00007FF79E760000-0x00007FF79EB52000-memory.dmp	xmrig
behavioral2/memory/3240-3250-0x00007FF7ADA20000-0x00007FF7ADE12000-memory.dmp	xmrig
behavioral2/memory/4844-3248-0x00007FF7C5DD0000-0x00007FF7C61C2000-memory.dmp	xmrig
behavioral2/memory/4936-3257-0x00007FF6E2F70000-0x00007FF6E3362000-memory.dmp	xmrig
behavioral2/memory/2472-3255-0x00007FF7C2DB0000-0x00007FF7C31A2000-memory.dmp	xmrig
behavioral2/memory/5044-3260-0x00007FF7BD010000-0x00007FF7BD402000-memory.dmp	xmrig
behavioral2/memory/3264-3265-0x00007FF69AA80000-0x00007FF69AE72000-memory.dmp	xmrig
behavioral2/memory/1188-3263-0x00007FF76D160000-0x00007FF76D552000-memory.dmp	xmrig
behavioral2/memory/4404-3272-0x00007FF7C62B0000-0x00007FF7C66A2000-memory.dmp	xmrig
behavioral2/memory/3036-3269-0x00007FF6DD120000-0x00007FF6DD512000-memory.dmp	xmrig
behavioral2/memory/3920-3267-0x00007FF6E7140000-0x00007FF6E7532000-memory.dmp	xmrig
behavioral2/memory/4652-3292-0x00007FF62C0E0000-0x00007FF62C4D2000-memory.dmp	xmrig
behavioral2/memory/4976-3288-0x00007FF7D3870000-0x00007FF7D3C62000-memory.dmp	xmrig
behavioral2/memory/1476-3286-0x00007FF744570000-0x00007FF744962000-memory.dmp	xmrig
behavioral2/memory/3044-3282-0x00007FF653D40000-0x00007FF654132000-memory.dmp	xmrig
behavioral2/memory/1544-3277-0x00007FF758820000-0x00007FF758C12000-memory.dmp	xmrig
behavioral2/memory/5048-3275-0x00007FF727730000-0x00007FF727B22000-memory.dmp	xmrig
behavioral2/memory/2716-3279-0x00007FF737090000-0x00007FF737482000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3444	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3592	YsTGMZt.exe
1084	kuiyHDI.exe
2428	MGBKBPV.exe
4560	SBkKhok.exe
2472	tukkPaV.exe
2728	TFaiIBT.exe
1400	CotxVwy.exe
3240	kiBjrYL.exe
4652	PJdwIkt.exe
4936	rergVlT.exe
2516	OKHTZSR.exe
4976	emFnJOL.exe
3264	aiBgEHQ.exe
4404	cFHdgIQ.exe
1476	cIbDnRD.exe
4844	FrsevEO.exe
2716	FHAuQdb.exe
1544	EVmjLMJ.exe
3044	SHWeeYd.exe
5044	JqdLjof.exe
5048	zkIVSjV.exe
1188	wAjvTPI.exe
3920	jsSjKzu.exe
3036	TquulYB.exe
1352	aBPAGFy.exe
316	oiWiLMm.exe
2480	nmWgcmA.exe
2440	SAcqVln.exe
2120	caSEBuy.exe
856	CuYZnQI.exe
3884	vDFeDvh.exe
4504	CfvBrzC.exe
4188	vtJVTOM.exe
824	XBdfiLN.exe
3324	WdxcRCA.exe
1844	hxeBPNA.exe
2628	lBVNEQz.exe
3008	TdHBeqb.exe
3828	YsWaeYO.exe
3160	zqHsjHI.exe
1124	RyqYElf.exe
1704	lHHcnHP.exe
3220	SAaEHVm.exe
5068	JYUtGsi.exe
3536	jqiIHkF.exe
3228	EZYGfph.exe
1708	wwIKyQk.exe
2792	aMhHIKc.exe
4588	ixHsADS.exe
2392	BJayajq.exe
2500	lKWPxrT.exe
4584	amzcxjy.exe
4636	krthVWv.exe
4848	VqVfgbg.exe
2748	wKtuBux.exe
4836	UjMaLiC.exe
4776	tRykghB.exe
4336	zSyiXjA.exe
4824	iSYpWbQ.exe
4620	pRGNwhn.exe
3516	LtMTuwd.exe
3964	doZTVRV.exe
2980	kzraeIo.exe
3752	tppimvH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1208-0-0x00007FF6BEAC0000-0x00007FF6BEEB2000-memory.dmp	upx
behavioral2/files/0x000700000002341d-7.dat	upx
behavioral2/memory/3592-19-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp	upx
behavioral2/files/0x00090000000233ea-5.dat	upx
behavioral2/files/0x000800000002341c-14.dat	upx
behavioral2/files/0x0007000000023425-56.dat	upx
behavioral2/files/0x0007000000023422-54.dat	upx
behavioral2/memory/2472-97-0x00007FF7C2DB0000-0x00007FF7C31A2000-memory.dmp	upx
behavioral2/memory/4560-51-0x00007FF606D80000-0x00007FF607172000-memory.dmp	upx
behavioral2/files/0x0007000000023421-45.dat	upx
behavioral2/files/0x0007000000023424-44.dat	upx
behavioral2/files/0x0007000000023423-43.dat	upx
behavioral2/files/0x000700000002341e-65.dat	upx
behavioral2/memory/2428-35-0x00007FF6D57F0000-0x00007FF6D5BE2000-memory.dmp	upx
behavioral2/files/0x0007000000023420-29.dat	upx
behavioral2/files/0x0007000000023439-139.dat	upx
behavioral2/memory/4976-271-0x00007FF7D3870000-0x00007FF7D3C62000-memory.dmp	upx
behavioral2/memory/3264-304-0x00007FF69AA80000-0x00007FF69AE72000-memory.dmp	upx
behavioral2/memory/4404-348-0x00007FF7C62B0000-0x00007FF7C66A2000-memory.dmp	upx
behavioral2/memory/4844-350-0x00007FF7C5DD0000-0x00007FF7C61C2000-memory.dmp	upx
behavioral2/memory/5048-354-0x00007FF727730000-0x00007FF727B22000-memory.dmp	upx
behavioral2/memory/3920-488-0x00007FF6E7140000-0x00007FF6E7532000-memory.dmp	upx
behavioral2/memory/1084-595-0x00007FF60FF20000-0x00007FF610312000-memory.dmp	upx
behavioral2/memory/2516-832-0x00007FF667D80000-0x00007FF668172000-memory.dmp	upx
behavioral2/memory/2716-1011-0x00007FF737090000-0x00007FF737482000-memory.dmp	upx
behavioral2/memory/3240-708-0x00007FF7ADA20000-0x00007FF7ADE12000-memory.dmp	upx
behavioral2/memory/1400-632-0x00007FF7ADAF0000-0x00007FF7ADEE2000-memory.dmp	upx
behavioral2/memory/3036-526-0x00007FF6DD120000-0x00007FF6DD512000-memory.dmp	upx
behavioral2/memory/1188-355-0x00007FF76D160000-0x00007FF76D552000-memory.dmp	upx
behavioral2/memory/5044-353-0x00007FF7BD010000-0x00007FF7BD402000-memory.dmp	upx
behavioral2/memory/3044-352-0x00007FF653D40000-0x00007FF654132000-memory.dmp	upx
behavioral2/memory/1544-351-0x00007FF758820000-0x00007FF758C12000-memory.dmp	upx
behavioral2/memory/1476-349-0x00007FF744570000-0x00007FF744962000-memory.dmp	upx
behavioral2/memory/4936-219-0x00007FF6E2F70000-0x00007FF6E3362000-memory.dmp	upx
behavioral2/files/0x000700000002342d-168.dat	upx
behavioral2/files/0x0007000000023438-163.dat	upx
behavioral2/files/0x000700000002342c-162.dat	upx
behavioral2/files/0x000800000002341a-160.dat	upx
behavioral2/files/0x000700000002343f-159.dat	upx
behavioral2/files/0x0007000000023436-158.dat	upx
behavioral2/files/0x0007000000023435-157.dat	upx
behavioral2/files/0x0007000000023429-156.dat	upx
behavioral2/files/0x0007000000023428-155.dat	upx
behavioral2/files/0x000700000002343c-151.dat	upx
behavioral2/files/0x0007000000023433-150.dat	upx
behavioral2/files/0x000700000002343e-149.dat	upx
behavioral2/files/0x000700000002343d-148.dat	upx
behavioral2/files/0x0007000000023432-118.dat	upx
behavioral2/files/0x000700000002343b-146.dat	upx
behavioral2/files/0x000700000002343a-144.dat	upx
behavioral2/files/0x000700000002342e-169.dat	upx
behavioral2/files/0x0007000000023440-165.dat	upx
behavioral2/files/0x000700000002342b-161.dat	upx
behavioral2/memory/4652-142-0x00007FF62C0E0000-0x00007FF62C4D2000-memory.dmp	upx
behavioral2/memory/2728-132-0x00007FF79E760000-0x00007FF79EB52000-memory.dmp	upx
behavioral2/files/0x0007000000023437-129.dat	upx
behavioral2/files/0x0007000000023434-126.dat	upx
behavioral2/files/0x0007000000023431-113.dat	upx
behavioral2/files/0x0007000000023430-112.dat	upx
behavioral2/files/0x0007000000023426-111.dat	upx
behavioral2/files/0x000700000002342f-108.dat	upx
behavioral2/files/0x000700000002341f-106.dat	upx
behavioral2/files/0x000700000002342a-89.dat	upx
behavioral2/files/0x0007000000023427-73.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bjYYewN.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\wpNHpkA.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\fdpgRDZ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\DEQVBMR.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ZuvbCXO.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\jgxuQGu.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\pVdylJB.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\IGIPuLR.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\VydXWIZ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\WSJjQFB.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\vAgIWpJ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\QMfUYlY.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\UPdDYoU.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\SowPOcI.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\AraYAVV.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\mLQlGgo.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\SWJLyjP.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\CFLSgvX.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\yCrgVoW.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ljaImCt.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\sbzYWOf.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\tgDjNPv.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\gsIDIGs.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\upgHUWO.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\VQixLJb.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\VDiKcNY.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\FryvDgm.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\gsHdKLA.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\oqJljyq.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\UpxZlrV.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\CotxVwy.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\XuSzhjG.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\aSFMnHH.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\DLnPrKT.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\JEwiqIO.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\kELycSe.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\sltRbUU.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ymykBQj.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\bprjPme.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\mtxEbuB.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\vypFagn.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\AFmgabp.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\CyYFAPf.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\sEQwtkD.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\wPRZExV.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\oAgQDUz.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\sEtRewI.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\eMOHJjm.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\BnCPMDS.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\pZBkgXM.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\cKYAyJX.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\JIZsRml.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\yLepBDM.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\GorMjvE.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\xiFLMOs.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\kmkEkAv.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\iSYyoMO.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\FniCDoV.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\brVPHfF.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\yvkxMGY.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\nGVDZfD.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\DCWKGFS.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\FgooDkE.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\PXwydfD.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3444	powershell.exe
3444	powershell.exe
3444	powershell.exe
3444	powershell.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
Token: SeDebugPrivilege	3444	powershell.exe
Token: SeCreateGlobalPrivilege	13488	dwm.exe
Token: SeChangeNotifyPrivilege	13488	dwm.exe
Token: 33	13488	dwm.exe
Token: SeIncBasePriorityPrivilege	13488	dwm.exe
Token: SeCreateGlobalPrivilege	13932	dwm.exe
Token: SeChangeNotifyPrivilege	13932	dwm.exe
Token: 33	13932	dwm.exe
Token: SeIncBasePriorityPrivilege	13932	dwm.exe
Token: SeShutdownPrivilege	13932	dwm.exe
Token: SeCreatePagefilePrivilege	13932	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 3444	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	84
PID 1208 wrote to memory of 3444	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	84
PID 1208 wrote to memory of 3592	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	85
PID 1208 wrote to memory of 3592	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	85
PID 1208 wrote to memory of 1084	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	86
PID 1208 wrote to memory of 1084	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	86
PID 1208 wrote to memory of 2428	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	87
PID 1208 wrote to memory of 2428	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	87
PID 1208 wrote to memory of 4560	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	88
PID 1208 wrote to memory of 4560	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	88
PID 1208 wrote to memory of 2472	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	89
PID 1208 wrote to memory of 2472	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	89
PID 1208 wrote to memory of 2728	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	90
PID 1208 wrote to memory of 2728	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	90
PID 1208 wrote to memory of 1400	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	91
PID 1208 wrote to memory of 1400	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	91
PID 1208 wrote to memory of 3240	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	92
PID 1208 wrote to memory of 3240	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	92
PID 1208 wrote to memory of 4652	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	93
PID 1208 wrote to memory of 4652	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	93
PID 1208 wrote to memory of 4936	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	94
PID 1208 wrote to memory of 4936	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	94
PID 1208 wrote to memory of 2516	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	95
PID 1208 wrote to memory of 2516	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	95
PID 1208 wrote to memory of 4976	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	96
PID 1208 wrote to memory of 4976	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	96
PID 1208 wrote to memory of 3264	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	97
PID 1208 wrote to memory of 3264	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	97
PID 1208 wrote to memory of 4404	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	98
PID 1208 wrote to memory of 4404	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	98
PID 1208 wrote to memory of 1476	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	99
PID 1208 wrote to memory of 1476	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	99
PID 1208 wrote to memory of 4844	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	100
PID 1208 wrote to memory of 4844	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	100
PID 1208 wrote to memory of 2716	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	101
PID 1208 wrote to memory of 2716	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	101
PID 1208 wrote to memory of 1544	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	102
PID 1208 wrote to memory of 1544	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	102
PID 1208 wrote to memory of 3044	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	103
PID 1208 wrote to memory of 3044	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	103
PID 1208 wrote to memory of 5044	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	104
PID 1208 wrote to memory of 5044	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	104
PID 1208 wrote to memory of 5048	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	105
PID 1208 wrote to memory of 5048	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	105
PID 1208 wrote to memory of 1188	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	106
PID 1208 wrote to memory of 1188	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	106
PID 1208 wrote to memory of 3920	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	107
PID 1208 wrote to memory of 3920	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	107
PID 1208 wrote to memory of 3036	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	108
PID 1208 wrote to memory of 3036	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	108
PID 1208 wrote to memory of 1352	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	109
PID 1208 wrote to memory of 1352	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	109
PID 1208 wrote to memory of 316	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	110
PID 1208 wrote to memory of 316	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	110
PID 1208 wrote to memory of 2480	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	111
PID 1208 wrote to memory of 2480	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	111
PID 1208 wrote to memory of 2440	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	112
PID 1208 wrote to memory of 2440	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	112
PID 1208 wrote to memory of 2120	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	113
PID 1208 wrote to memory of 2120	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	113
PID 1208 wrote to memory of 856	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	114
PID 1208 wrote to memory of 856	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	114
PID 1208 wrote to memory of 3884	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	115
PID 1208 wrote to memory of 3884	1208	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3444
- C:\Windows\System\YsTGMZt.exe
  C:\Windows\System\YsTGMZt.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\kuiyHDI.exe
  C:\Windows\System\kuiyHDI.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\MGBKBPV.exe
  C:\Windows\System\MGBKBPV.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\SBkKhok.exe
  C:\Windows\System\SBkKhok.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\tukkPaV.exe
  C:\Windows\System\tukkPaV.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\TFaiIBT.exe
  C:\Windows\System\TFaiIBT.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\CotxVwy.exe
  C:\Windows\System\CotxVwy.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\kiBjrYL.exe
  C:\Windows\System\kiBjrYL.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\PJdwIkt.exe
  C:\Windows\System\PJdwIkt.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\rergVlT.exe
  C:\Windows\System\rergVlT.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\OKHTZSR.exe
  C:\Windows\System\OKHTZSR.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\emFnJOL.exe
  C:\Windows\System\emFnJOL.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\aiBgEHQ.exe
  C:\Windows\System\aiBgEHQ.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\cFHdgIQ.exe
  C:\Windows\System\cFHdgIQ.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\cIbDnRD.exe
  C:\Windows\System\cIbDnRD.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\FrsevEO.exe
  C:\Windows\System\FrsevEO.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\FHAuQdb.exe
  C:\Windows\System\FHAuQdb.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\EVmjLMJ.exe
  C:\Windows\System\EVmjLMJ.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\SHWeeYd.exe
  C:\Windows\System\SHWeeYd.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\JqdLjof.exe
  C:\Windows\System\JqdLjof.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\zkIVSjV.exe
  C:\Windows\System\zkIVSjV.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\wAjvTPI.exe
  C:\Windows\System\wAjvTPI.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\jsSjKzu.exe
  C:\Windows\System\jsSjKzu.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\TquulYB.exe
  C:\Windows\System\TquulYB.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\aBPAGFy.exe
  C:\Windows\System\aBPAGFy.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\oiWiLMm.exe
  C:\Windows\System\oiWiLMm.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\nmWgcmA.exe
  C:\Windows\System\nmWgcmA.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\SAcqVln.exe
  C:\Windows\System\SAcqVln.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\caSEBuy.exe
  C:\Windows\System\caSEBuy.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\CuYZnQI.exe
  C:\Windows\System\CuYZnQI.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\vDFeDvh.exe
  C:\Windows\System\vDFeDvh.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\CfvBrzC.exe
  C:\Windows\System\CfvBrzC.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\vtJVTOM.exe
  C:\Windows\System\vtJVTOM.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\XBdfiLN.exe
  C:\Windows\System\XBdfiLN.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\WdxcRCA.exe
  C:\Windows\System\WdxcRCA.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\hxeBPNA.exe
  C:\Windows\System\hxeBPNA.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\lBVNEQz.exe
  C:\Windows\System\lBVNEQz.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\TdHBeqb.exe
  C:\Windows\System\TdHBeqb.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\YsWaeYO.exe
  C:\Windows\System\YsWaeYO.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\aMhHIKc.exe
  C:\Windows\System\aMhHIKc.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\zqHsjHI.exe
  C:\Windows\System\zqHsjHI.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\RyqYElf.exe
  C:\Windows\System\RyqYElf.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\lHHcnHP.exe
  C:\Windows\System\lHHcnHP.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\SAaEHVm.exe
  C:\Windows\System\SAaEHVm.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\JYUtGsi.exe
  C:\Windows\System\JYUtGsi.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\YfLrVkk.exe
  C:\Windows\System\YfLrVkk.exe
  2⤵
  PID:2268
- C:\Windows\System\jqiIHkF.exe
  C:\Windows\System\jqiIHkF.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\EZYGfph.exe
  C:\Windows\System\EZYGfph.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\wwIKyQk.exe
  C:\Windows\System\wwIKyQk.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\ixHsADS.exe
  C:\Windows\System\ixHsADS.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\BJayajq.exe
  C:\Windows\System\BJayajq.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\lKWPxrT.exe
  C:\Windows\System\lKWPxrT.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\amzcxjy.exe
  C:\Windows\System\amzcxjy.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\krthVWv.exe
  C:\Windows\System\krthVWv.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\VqVfgbg.exe
  C:\Windows\System\VqVfgbg.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\wKtuBux.exe
  C:\Windows\System\wKtuBux.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\UjMaLiC.exe
  C:\Windows\System\UjMaLiC.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\tRykghB.exe
  C:\Windows\System\tRykghB.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\zSyiXjA.exe
  C:\Windows\System\zSyiXjA.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\tuoLRrQ.exe
  C:\Windows\System\tuoLRrQ.exe
  2⤵
  PID:4356
- C:\Windows\System\iSYpWbQ.exe
  C:\Windows\System\iSYpWbQ.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\pRGNwhn.exe
  C:\Windows\System\pRGNwhn.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\LtMTuwd.exe
  C:\Windows\System\LtMTuwd.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\doZTVRV.exe
  C:\Windows\System\doZTVRV.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\kzraeIo.exe
  C:\Windows\System\kzraeIo.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\tppimvH.exe
  C:\Windows\System\tppimvH.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\EgIgwSt.exe
  C:\Windows\System\EgIgwSt.exe
  2⤵
  PID:2908
- C:\Windows\System\FVcmsCW.exe
  C:\Windows\System\FVcmsCW.exe
  2⤵
  PID:3224
- C:\Windows\System\EDkyPDo.exe
  C:\Windows\System\EDkyPDo.exe
  2⤵
  PID:4728
- C:\Windows\System\IRLVbDm.exe
  C:\Windows\System\IRLVbDm.exe
  2⤵
  PID:452
- C:\Windows\System\SndkjIr.exe
  C:\Windows\System\SndkjIr.exe
  2⤵
  PID:2152
- C:\Windows\System\KAkzFvD.exe
  C:\Windows\System\KAkzFvD.exe
  2⤵
  PID:1680
- C:\Windows\System\cpZjLTG.exe
  C:\Windows\System\cpZjLTG.exe
  2⤵
  PID:1248
- C:\Windows\System\IYkkfbJ.exe
  C:\Windows\System\IYkkfbJ.exe
  2⤵
  PID:4228
- C:\Windows\System\apXqrso.exe
  C:\Windows\System\apXqrso.exe
  2⤵
  PID:2372
- C:\Windows\System\udhhTAT.exe
  C:\Windows\System\udhhTAT.exe
  2⤵
  PID:2796
- C:\Windows\System\EINTyfc.exe
  C:\Windows\System\EINTyfc.exe
  2⤵
  PID:2156
- C:\Windows\System\VdPXqyf.exe
  C:\Windows\System\VdPXqyf.exe
  2⤵
  PID:3724
- C:\Windows\System\CaRFQWT.exe
  C:\Windows\System\CaRFQWT.exe
  2⤵
  PID:4364
- C:\Windows\System\BUboioe.exe
  C:\Windows\System\BUboioe.exe
  2⤵
  PID:1000
- C:\Windows\System\fTEkbhx.exe
  C:\Windows\System\fTEkbhx.exe
  2⤵
  PID:5140
- C:\Windows\System\BBUuVOC.exe
  C:\Windows\System\BBUuVOC.exe
  2⤵
  PID:5160
- C:\Windows\System\FdqtbCl.exe
  C:\Windows\System\FdqtbCl.exe
  2⤵
  PID:5180
- C:\Windows\System\ZhkPwND.exe
  C:\Windows\System\ZhkPwND.exe
  2⤵
  PID:5200
- C:\Windows\System\SKGpkuo.exe
  C:\Windows\System\SKGpkuo.exe
  2⤵
  PID:5216
- C:\Windows\System\jxMgMPe.exe
  C:\Windows\System\jxMgMPe.exe
  2⤵
  PID:5240
- C:\Windows\System\upMCKFy.exe
  C:\Windows\System\upMCKFy.exe
  2⤵
  PID:5260
- C:\Windows\System\OedUXJW.exe
  C:\Windows\System\OedUXJW.exe
  2⤵
  PID:5276
- C:\Windows\System\KjYHfXz.exe
  C:\Windows\System\KjYHfXz.exe
  2⤵
  PID:5324
- C:\Windows\System\vjHXSFD.exe
  C:\Windows\System\vjHXSFD.exe
  2⤵
  PID:5344
- C:\Windows\System\pIpLDHh.exe
  C:\Windows\System\pIpLDHh.exe
  2⤵
  PID:5380
- C:\Windows\System\xJtzZvn.exe
  C:\Windows\System\xJtzZvn.exe
  2⤵
  PID:5400
- C:\Windows\System\etZDrYM.exe
  C:\Windows\System\etZDrYM.exe
  2⤵
  PID:5420
- C:\Windows\System\lguifIz.exe
  C:\Windows\System\lguifIz.exe
  2⤵
  PID:5440
- C:\Windows\System\oCjmtOX.exe
  C:\Windows\System\oCjmtOX.exe
  2⤵
  PID:5456
- C:\Windows\System\OFHmAcC.exe
  C:\Windows\System\OFHmAcC.exe
  2⤵
  PID:5476
- C:\Windows\System\lAoLRaT.exe
  C:\Windows\System\lAoLRaT.exe
  2⤵
  PID:5496
- C:\Windows\System\HJAbxRG.exe
  C:\Windows\System\HJAbxRG.exe
  2⤵
  PID:5520
- C:\Windows\System\CcUmufu.exe
  C:\Windows\System\CcUmufu.exe
  2⤵
  PID:5536
- C:\Windows\System\jRpkdTD.exe
  C:\Windows\System\jRpkdTD.exe
  2⤵
  PID:5552
- C:\Windows\System\GqTlrKp.exe
  C:\Windows\System\GqTlrKp.exe
  2⤵
  PID:5568
- C:\Windows\System\yVfqhqv.exe
  C:\Windows\System\yVfqhqv.exe
  2⤵
  PID:5588
- C:\Windows\System\lJyHCjp.exe
  C:\Windows\System\lJyHCjp.exe
  2⤵
  PID:5632
- C:\Windows\System\gcAKzvk.exe
  C:\Windows\System\gcAKzvk.exe
  2⤵
  PID:5656
- C:\Windows\System\AVnwLda.exe
  C:\Windows\System\AVnwLda.exe
  2⤵
  PID:5680
- C:\Windows\System\UcgnyPY.exe
  C:\Windows\System\UcgnyPY.exe
  2⤵
  PID:5700
- C:\Windows\System\qmAdtxY.exe
  C:\Windows\System\qmAdtxY.exe
  2⤵
  PID:5720
- C:\Windows\System\GxzbzrU.exe
  C:\Windows\System\GxzbzrU.exe
  2⤵
  PID:5740
- C:\Windows\System\zjLgZbv.exe
  C:\Windows\System\zjLgZbv.exe
  2⤵
  PID:5764
- C:\Windows\System\ZRUpRVG.exe
  C:\Windows\System\ZRUpRVG.exe
  2⤵
  PID:5780
- C:\Windows\System\ZlCxWLx.exe
  C:\Windows\System\ZlCxWLx.exe
  2⤵
  PID:5880
- C:\Windows\System\mOYiMJs.exe
  C:\Windows\System\mOYiMJs.exe
  2⤵
  PID:5896
- C:\Windows\System\FsbGxqb.exe
  C:\Windows\System\FsbGxqb.exe
  2⤵
  PID:5912
- C:\Windows\System\brVPHfF.exe
  C:\Windows\System\brVPHfF.exe
  2⤵
  PID:5928
- C:\Windows\System\XkSgUpL.exe
  C:\Windows\System\XkSgUpL.exe
  2⤵
  PID:5944
- C:\Windows\System\jeYjySy.exe
  C:\Windows\System\jeYjySy.exe
  2⤵
  PID:5960
- C:\Windows\System\KDPGiut.exe
  C:\Windows\System\KDPGiut.exe
  2⤵
  PID:5976
- C:\Windows\System\egFBFnq.exe
  C:\Windows\System\egFBFnq.exe
  2⤵
  PID:5992
- C:\Windows\System\xyzHVRb.exe
  C:\Windows\System\xyzHVRb.exe
  2⤵
  PID:6008
- C:\Windows\System\vALAzVf.exe
  C:\Windows\System\vALAzVf.exe
  2⤵
  PID:6024
- C:\Windows\System\JXLJtfJ.exe
  C:\Windows\System\JXLJtfJ.exe
  2⤵
  PID:6040
- C:\Windows\System\tVNGWid.exe
  C:\Windows\System\tVNGWid.exe
  2⤵
  PID:6064
- C:\Windows\System\vLULJBA.exe
  C:\Windows\System\vLULJBA.exe
  2⤵
  PID:6080
- C:\Windows\System\clXJbEh.exe
  C:\Windows\System\clXJbEh.exe
  2⤵
  PID:6104
- C:\Windows\System\svOUEIX.exe
  C:\Windows\System\svOUEIX.exe
  2⤵
  PID:6120
- C:\Windows\System\yFIjOUt.exe
  C:\Windows\System\yFIjOUt.exe
  2⤵
  PID:6140
- C:\Windows\System\WIhCTkI.exe
  C:\Windows\System\WIhCTkI.exe
  2⤵
  PID:2104
- C:\Windows\System\SOTRdPI.exe
  C:\Windows\System\SOTRdPI.exe
  2⤵
  PID:1592
- C:\Windows\System\xqJfgeA.exe
  C:\Windows\System\xqJfgeA.exe
  2⤵
  PID:2940
- C:\Windows\System\pSVxHkF.exe
  C:\Windows\System\pSVxHkF.exe
  2⤵
  PID:908
- C:\Windows\System\sljdldf.exe
  C:\Windows\System\sljdldf.exe
  2⤵
  PID:5212
- C:\Windows\System\GxWoKKp.exe
  C:\Windows\System\GxWoKKp.exe
  2⤵
  PID:912
- C:\Windows\System\iMkFEml.exe
  C:\Windows\System\iMkFEml.exe
  2⤵
  PID:3496
- C:\Windows\System\BNWZaBa.exe
  C:\Windows\System\BNWZaBa.exe
  2⤵
  PID:2968
- C:\Windows\System\DyHlYmz.exe
  C:\Windows\System\DyHlYmz.exe
  2⤵
  PID:4080
- C:\Windows\System\UastVGA.exe
  C:\Windows\System\UastVGA.exe
  2⤵
  PID:2396
- C:\Windows\System\yCrgVoW.exe
  C:\Windows\System\yCrgVoW.exe
  2⤵
  PID:556
- C:\Windows\System\UNEUTRm.exe
  C:\Windows\System\UNEUTRm.exe
  2⤵
  PID:5112
- C:\Windows\System\FaXJHrg.exe
  C:\Windows\System\FaXJHrg.exe
  2⤵
  PID:628
- C:\Windows\System\rUDNZeu.exe
  C:\Windows\System\rUDNZeu.exe
  2⤵
  PID:4232
- C:\Windows\System\JEwiqIO.exe
  C:\Windows\System\JEwiqIO.exe
  2⤵
  PID:3524
- C:\Windows\System\TKhuAGn.exe
  C:\Windows\System\TKhuAGn.exe
  2⤵
  PID:2952
- C:\Windows\System\mNRsXKv.exe
  C:\Windows\System\mNRsXKv.exe
  2⤵
  PID:1480
- C:\Windows\System\ctxnWRP.exe
  C:\Windows\System\ctxnWRP.exe
  2⤵
  PID:2976
- C:\Windows\System\egvfVFA.exe
  C:\Windows\System\egvfVFA.exe
  2⤵
  PID:764
- C:\Windows\System\igeQpcS.exe
  C:\Windows\System\igeQpcS.exe
  2⤵
  PID:2384
- C:\Windows\System\LFGvhav.exe
  C:\Windows\System\LFGvhav.exe
  2⤵
  PID:4968
- C:\Windows\System\Rotqxlu.exe
  C:\Windows\System\Rotqxlu.exe
  2⤵
  PID:5128
- C:\Windows\System\czQSkRC.exe
  C:\Windows\System\czQSkRC.exe
  2⤵
  PID:5152
- C:\Windows\System\XKIqXWF.exe
  C:\Windows\System\XKIqXWF.exe
  2⤵
  PID:5192
- C:\Windows\System\STDKtGL.exe
  C:\Windows\System\STDKtGL.exe
  2⤵
  PID:5256
- C:\Windows\System\ctAGynh.exe
  C:\Windows\System\ctAGynh.exe
  2⤵
  PID:5308
- C:\Windows\System\YGALeDQ.exe
  C:\Windows\System\YGALeDQ.exe
  2⤵
  PID:5392
- C:\Windows\System\tPvfGfe.exe
  C:\Windows\System\tPvfGfe.exe
  2⤵
  PID:5640
- C:\Windows\System\RwhVDZQ.exe
  C:\Windows\System\RwhVDZQ.exe
  2⤵
  PID:5788
- C:\Windows\System\huxiJrS.exe
  C:\Windows\System\huxiJrS.exe
  2⤵
  PID:5412
- C:\Windows\System\gbMhFLw.exe
  C:\Windows\System\gbMhFLw.exe
  2⤵
  PID:5484
- C:\Windows\System\aSFMnHH.exe
  C:\Windows\System\aSFMnHH.exe
  2⤵
  PID:5548
- C:\Windows\System\OazPZQG.exe
  C:\Windows\System\OazPZQG.exe
  2⤵
  PID:6148
- C:\Windows\System\FaAqHmg.exe
  C:\Windows\System\FaAqHmg.exe
  2⤵
  PID:6164
- C:\Windows\System\xglzuxj.exe
  C:\Windows\System\xglzuxj.exe
  2⤵
  PID:6184
- C:\Windows\System\LEnOeId.exe
  C:\Windows\System\LEnOeId.exe
  2⤵
  PID:6200
- C:\Windows\System\RSHOTVt.exe
  C:\Windows\System\RSHOTVt.exe
  2⤵
  PID:6236
- C:\Windows\System\apHlaBq.exe
  C:\Windows\System\apHlaBq.exe
  2⤵
  PID:6264
- C:\Windows\System\xhRdjRJ.exe
  C:\Windows\System\xhRdjRJ.exe
  2⤵
  PID:6284
- C:\Windows\System\uRhpDoS.exe
  C:\Windows\System\uRhpDoS.exe
  2⤵
  PID:6300
- C:\Windows\System\KnhwZBn.exe
  C:\Windows\System\KnhwZBn.exe
  2⤵
  PID:6336
- C:\Windows\System\VusQzRb.exe
  C:\Windows\System\VusQzRb.exe
  2⤵
  PID:6356
- C:\Windows\System\mcqOHNl.exe
  C:\Windows\System\mcqOHNl.exe
  2⤵
  PID:6372
- C:\Windows\System\lYvokFU.exe
  C:\Windows\System\lYvokFU.exe
  2⤵
  PID:6388
- C:\Windows\System\PvOuzkg.exe
  C:\Windows\System\PvOuzkg.exe
  2⤵
  PID:6404
- C:\Windows\System\ESuzWQa.exe
  C:\Windows\System\ESuzWQa.exe
  2⤵
  PID:6420
- C:\Windows\System\zdnzFuy.exe
  C:\Windows\System\zdnzFuy.exe
  2⤵
  PID:6436
- C:\Windows\System\PELhcEY.exe
  C:\Windows\System\PELhcEY.exe
  2⤵
  PID:6572
- C:\Windows\System\nMtfpEd.exe
  C:\Windows\System\nMtfpEd.exe
  2⤵
  PID:6624
- C:\Windows\System\WhhOfOk.exe
  C:\Windows\System\WhhOfOk.exe
  2⤵
  PID:6640
- C:\Windows\System\GFUUnKt.exe
  C:\Windows\System\GFUUnKt.exe
  2⤵
  PID:6672
- C:\Windows\System\HAgtjYx.exe
  C:\Windows\System\HAgtjYx.exe
  2⤵
  PID:6696
- C:\Windows\System\ZlSuHma.exe
  C:\Windows\System\ZlSuHma.exe
  2⤵
  PID:6712
- C:\Windows\System\PhQUuni.exe
  C:\Windows\System\PhQUuni.exe
  2⤵
  PID:6732
- C:\Windows\System\arzApeJ.exe
  C:\Windows\System\arzApeJ.exe
  2⤵
  PID:6756
- C:\Windows\System\MmwfQkY.exe
  C:\Windows\System\MmwfQkY.exe
  2⤵
  PID:6772
- C:\Windows\System\iSXweai.exe
  C:\Windows\System\iSXweai.exe
  2⤵
  PID:6800
- C:\Windows\System\dImxaJn.exe
  C:\Windows\System\dImxaJn.exe
  2⤵
  PID:6816
- C:\Windows\System\jBXeyOw.exe
  C:\Windows\System\jBXeyOw.exe
  2⤵
  PID:6840
- C:\Windows\System\osfwEcL.exe
  C:\Windows\System\osfwEcL.exe
  2⤵
  PID:6860
- C:\Windows\System\BnCPMDS.exe
  C:\Windows\System\BnCPMDS.exe
  2⤵
  PID:6876
- C:\Windows\System\hpPRzDT.exe
  C:\Windows\System\hpPRzDT.exe
  2⤵
  PID:6900
- C:\Windows\System\RCJpfts.exe
  C:\Windows\System\RCJpfts.exe
  2⤵
  PID:6920
- C:\Windows\System\ratajuX.exe
  C:\Windows\System\ratajuX.exe
  2⤵
  PID:6940
- C:\Windows\System\XhBqbUr.exe
  C:\Windows\System\XhBqbUr.exe
  2⤵
  PID:6964
- C:\Windows\System\mmBXShx.exe
  C:\Windows\System\mmBXShx.exe
  2⤵
  PID:6980
- C:\Windows\System\HuBhUSY.exe
  C:\Windows\System\HuBhUSY.exe
  2⤵
  PID:7004
- C:\Windows\System\gqkVcBS.exe
  C:\Windows\System\gqkVcBS.exe
  2⤵
  PID:7020
- C:\Windows\System\iUOyIBM.exe
  C:\Windows\System\iUOyIBM.exe
  2⤵
  PID:7040
- C:\Windows\System\HKTDPBY.exe
  C:\Windows\System\HKTDPBY.exe
  2⤵
  PID:7056
- C:\Windows\System\rSIXXZV.exe
  C:\Windows\System\rSIXXZV.exe
  2⤵
  PID:7080
- C:\Windows\System\QRDXANh.exe
  C:\Windows\System\QRDXANh.exe
  2⤵
  PID:7096
- C:\Windows\System\dbrgFYQ.exe
  C:\Windows\System\dbrgFYQ.exe
  2⤵
  PID:7120
- C:\Windows\System\YGUMhyw.exe
  C:\Windows\System\YGUMhyw.exe
  2⤵
  PID:7152
- C:\Windows\System\tfjjFEz.exe
  C:\Windows\System\tfjjFEz.exe
  2⤵
  PID:5560
- C:\Windows\System\jBJAokQ.exe
  C:\Windows\System\jBJAokQ.exe
  2⤵
  PID:4448
- C:\Windows\System\jCDzEif.exe
  C:\Windows\System\jCDzEif.exe
  2⤵
  PID:7376
- C:\Windows\System\FogWBWi.exe
  C:\Windows\System\FogWBWi.exe
  2⤵
  PID:7408
- C:\Windows\System\pPsJuhL.exe
  C:\Windows\System\pPsJuhL.exe
  2⤵
  PID:7428
- C:\Windows\System\ejJbZkb.exe
  C:\Windows\System\ejJbZkb.exe
  2⤵
  PID:7444
- C:\Windows\System\fhTFOhz.exe
  C:\Windows\System\fhTFOhz.exe
  2⤵
  PID:7464
- C:\Windows\System\GUfpAuH.exe
  C:\Windows\System\GUfpAuH.exe
  2⤵
  PID:7480
- C:\Windows\System\KVXonPT.exe
  C:\Windows\System\KVXonPT.exe
  2⤵
  PID:7500
- C:\Windows\System\aOdauMX.exe
  C:\Windows\System\aOdauMX.exe
  2⤵
  PID:7520
- C:\Windows\System\ssesdaz.exe
  C:\Windows\System\ssesdaz.exe
  2⤵
  PID:7540
- C:\Windows\System\jNEWIEa.exe
  C:\Windows\System\jNEWIEa.exe
  2⤵
  PID:7560
- C:\Windows\System\xOeCpxu.exe
  C:\Windows\System\xOeCpxu.exe
  2⤵
  PID:7576
- C:\Windows\System\RUdDqog.exe
  C:\Windows\System\RUdDqog.exe
  2⤵
  PID:7624
- C:\Windows\System\Lxowfys.exe
  C:\Windows\System\Lxowfys.exe
  2⤵
  PID:7652
- C:\Windows\System\NfGfxBW.exe
  C:\Windows\System\NfGfxBW.exe
  2⤵
  PID:7672
- C:\Windows\System\CGlBxdF.exe
  C:\Windows\System\CGlBxdF.exe
  2⤵
  PID:7708
- C:\Windows\System\GZcmzpY.exe
  C:\Windows\System\GZcmzpY.exe
  2⤵
  PID:7728
- C:\Windows\System\JTpwQPR.exe
  C:\Windows\System\JTpwQPR.exe
  2⤵
  PID:7752
- C:\Windows\System\nwvinlm.exe
  C:\Windows\System\nwvinlm.exe
  2⤵
  PID:7772
- C:\Windows\System\QMfiVGS.exe
  C:\Windows\System\QMfiVGS.exe
  2⤵
  PID:7812
- C:\Windows\System\YNHRyof.exe
  C:\Windows\System\YNHRyof.exe
  2⤵
  PID:7828
- C:\Windows\System\tjOCgAe.exe
  C:\Windows\System\tjOCgAe.exe
  2⤵
  PID:7852
- C:\Windows\System\XiwuCYt.exe
  C:\Windows\System\XiwuCYt.exe
  2⤵
  PID:7868
- C:\Windows\System\SdIxvPb.exe
  C:\Windows\System\SdIxvPb.exe
  2⤵
  PID:7888
- C:\Windows\System\StftMHu.exe
  C:\Windows\System\StftMHu.exe
  2⤵
  PID:7904
- C:\Windows\System\rKPvqTn.exe
  C:\Windows\System\rKPvqTn.exe
  2⤵
  PID:7932
- C:\Windows\System\mXzTbBd.exe
  C:\Windows\System\mXzTbBd.exe
  2⤵
  PID:7956
- C:\Windows\System\ILUVsgQ.exe
  C:\Windows\System\ILUVsgQ.exe
  2⤵
  PID:7972
- C:\Windows\System\oKdukei.exe
  C:\Windows\System\oKdukei.exe
  2⤵
  PID:8000
- C:\Windows\System\FymMrGW.exe
  C:\Windows\System\FymMrGW.exe
  2⤵
  PID:8024
- C:\Windows\System\dETLAzM.exe
  C:\Windows\System\dETLAzM.exe
  2⤵
  PID:8148
- C:\Windows\System\GQrthcA.exe
  C:\Windows\System\GQrthcA.exe
  2⤵
  PID:8164
- C:\Windows\System\GHyWntC.exe
  C:\Windows\System\GHyWntC.exe
  2⤵
  PID:8188
- C:\Windows\System\jKQOTcx.exe
  C:\Windows\System\jKQOTcx.exe
  2⤵
  PID:6892
- C:\Windows\System\aAwxInP.exe
  C:\Windows\System\aAwxInP.exe
  2⤵
  PID:4388
- C:\Windows\System\ylnpitA.exe
  C:\Windows\System\ylnpitA.exe
  2⤵
  PID:5228
- C:\Windows\System\ObIzLSt.exe
  C:\Windows\System\ObIzLSt.exe
  2⤵
  PID:5752
- C:\Windows\System\zQCyUEl.exe
  C:\Windows\System\zQCyUEl.exe
  2⤵
  PID:7076
- C:\Windows\System\uoZqvsD.exe
  C:\Windows\System\uoZqvsD.exe
  2⤵
  PID:5544
- C:\Windows\System\ZDIcgqw.exe
  C:\Windows\System\ZDIcgqw.exe
  2⤵
  PID:6296
- C:\Windows\System\XvKzEao.exe
  C:\Windows\System\XvKzEao.exe
  2⤵
  PID:6384
- C:\Windows\System\GFaLHhb.exe
  C:\Windows\System\GFaLHhb.exe
  2⤵
  PID:6452
- C:\Windows\System\XuSzhjG.exe
  C:\Windows\System\XuSzhjG.exe
  2⤵
  PID:6344
- C:\Windows\System\YyIOwfZ.exe
  C:\Windows\System\YyIOwfZ.exe
  2⤵
  PID:6216
- C:\Windows\System\UABiCnX.exe
  C:\Windows\System\UABiCnX.exe
  2⤵
  PID:5396
- C:\Windows\System\nySnShF.exe
  C:\Windows\System\nySnShF.exe
  2⤵
  PID:5136
- C:\Windows\System\eTZePJO.exe
  C:\Windows\System\eTZePJO.exe
  2⤵
  PID:3196
- C:\Windows\System\tbGxKQr.exe
  C:\Windows\System\tbGxKQr.exe
  2⤵
  PID:2552
- C:\Windows\System\TCaxoeT.exe
  C:\Windows\System\TCaxoeT.exe
  2⤵
  PID:1236
- C:\Windows\System\upgHUWO.exe
  C:\Windows\System\upgHUWO.exe
  2⤵
  PID:2928
- C:\Windows\System\bpqOvRt.exe
  C:\Windows\System\bpqOvRt.exe
  2⤵
  PID:5908
- C:\Windows\System\NAQDDLL.exe
  C:\Windows\System\NAQDDLL.exe
  2⤵
  PID:6884
- C:\Windows\System\KsUjLeB.exe
  C:\Windows\System\KsUjLeB.exe
  2⤵
  PID:6952
- C:\Windows\System\RaGcNNO.exe
  C:\Windows\System\RaGcNNO.exe
  2⤵
  PID:7012
- C:\Windows\System\ClctkEQ.exe
  C:\Windows\System\ClctkEQ.exe
  2⤵
  PID:7052
- C:\Windows\System\ebLtAxH.exe
  C:\Windows\System\ebLtAxH.exe
  2⤵
  PID:7088
- C:\Windows\System\vlzYfDQ.exe
  C:\Windows\System\vlzYfDQ.exe
  2⤵
  PID:6564
- C:\Windows\System\wixyrSO.exe
  C:\Windows\System\wixyrSO.exe
  2⤵
  PID:6608
- C:\Windows\System\GjyZPen.exe
  C:\Windows\System\GjyZPen.exe
  2⤵
  PID:6668
- C:\Windows\System\oAgQDUz.exe
  C:\Windows\System\oAgQDUz.exe
  2⤵
  PID:6724
- C:\Windows\System\MrHrNDN.exe
  C:\Windows\System\MrHrNDN.exe
  2⤵
  PID:6764
- C:\Windows\System\xDNkYjl.exe
  C:\Windows\System\xDNkYjl.exe
  2⤵
  PID:6812
- C:\Windows\System\okzKLjq.exe
  C:\Windows\System\okzKLjq.exe
  2⤵
  PID:7548
- C:\Windows\System\NZBHdmc.exe
  C:\Windows\System\NZBHdmc.exe
  2⤵
  PID:7584
- C:\Windows\System\mzxfOUl.exe
  C:\Windows\System\mzxfOUl.exe
  2⤵
  PID:7660
- C:\Windows\System\NNbWfeH.exe
  C:\Windows\System\NNbWfeH.exe
  2⤵
  PID:7764
- C:\Windows\System\okekloO.exe
  C:\Windows\System\okekloO.exe
  2⤵
  PID:6836
- C:\Windows\System\kAYbQbu.exe
  C:\Windows\System\kAYbQbu.exe
  2⤵
  PID:6872
- C:\Windows\System\hIIqBln.exe
  C:\Windows\System\hIIqBln.exe
  2⤵
  PID:8208
- C:\Windows\System\FFTnfqH.exe
  C:\Windows\System\FFTnfqH.exe
  2⤵
  PID:8228
- C:\Windows\System\HFiyuAx.exe
  C:\Windows\System\HFiyuAx.exe
  2⤵
  PID:8248
- C:\Windows\System\YPiPDvx.exe
  C:\Windows\System\YPiPDvx.exe
  2⤵
  PID:8268
- C:\Windows\System\hiPYLIr.exe
  C:\Windows\System\hiPYLIr.exe
  2⤵
  PID:8288
- C:\Windows\System\Blrudzp.exe
  C:\Windows\System\Blrudzp.exe
  2⤵
  PID:8308
- C:\Windows\System\uZOTflD.exe
  C:\Windows\System\uZOTflD.exe
  2⤵
  PID:8328
- C:\Windows\System\JkwBDCA.exe
  C:\Windows\System\JkwBDCA.exe
  2⤵
  PID:8352
- C:\Windows\System\rvttAQy.exe
  C:\Windows\System\rvttAQy.exe
  2⤵
  PID:8400
- C:\Windows\System\GIAQZRJ.exe
  C:\Windows\System\GIAQZRJ.exe
  2⤵
  PID:8420
- C:\Windows\System\OLtUKzu.exe
  C:\Windows\System\OLtUKzu.exe
  2⤵
  PID:8436
- C:\Windows\System\BuNdLCW.exe
  C:\Windows\System\BuNdLCW.exe
  2⤵
  PID:8452
- C:\Windows\System\vypFagn.exe
  C:\Windows\System\vypFagn.exe
  2⤵
  PID:8468
- C:\Windows\System\QQhSHas.exe
  C:\Windows\System\QQhSHas.exe
  2⤵
  PID:8484
- C:\Windows\System\dDaMEGy.exe
  C:\Windows\System\dDaMEGy.exe
  2⤵
  PID:8500
- C:\Windows\System\YrezCGG.exe
  C:\Windows\System\YrezCGG.exe
  2⤵
  PID:8516
- C:\Windows\System\YNfigUv.exe
  C:\Windows\System\YNfigUv.exe
  2⤵
  PID:8532
- C:\Windows\System\yYyvHbx.exe
  C:\Windows\System\yYyvHbx.exe
  2⤵
  PID:8556
- C:\Windows\System\coNlXDX.exe
  C:\Windows\System\coNlXDX.exe
  2⤵
  PID:8580
- C:\Windows\System\TORkiTa.exe
  C:\Windows\System\TORkiTa.exe
  2⤵
  PID:8600
- C:\Windows\System\DBOEHfu.exe
  C:\Windows\System\DBOEHfu.exe
  2⤵
  PID:8624
- C:\Windows\System\glCfyGS.exe
  C:\Windows\System\glCfyGS.exe
  2⤵
  PID:8644
- C:\Windows\System\HdZTqkE.exe
  C:\Windows\System\HdZTqkE.exe
  2⤵
  PID:8668
- C:\Windows\System\WoGpKoR.exe
  C:\Windows\System\WoGpKoR.exe
  2⤵
  PID:8684
- C:\Windows\System\agUMBpi.exe
  C:\Windows\System\agUMBpi.exe
  2⤵
  PID:8700
- C:\Windows\System\JxJZsdl.exe
  C:\Windows\System\JxJZsdl.exe
  2⤵
  PID:8720
- C:\Windows\System\sbzYWOf.exe
  C:\Windows\System\sbzYWOf.exe
  2⤵
  PID:8744
- C:\Windows\System\DoySzuz.exe
  C:\Windows\System\DoySzuz.exe
  2⤵
  PID:8760
- C:\Windows\System\KhEPIBG.exe
  C:\Windows\System\KhEPIBG.exe
  2⤵
  PID:8780
- C:\Windows\System\lQLmYwl.exe
  C:\Windows\System\lQLmYwl.exe
  2⤵
  PID:8796
- C:\Windows\System\uHrstNp.exe
  C:\Windows\System\uHrstNp.exe
  2⤵
  PID:8816
- C:\Windows\System\BsjjoGg.exe
  C:\Windows\System\BsjjoGg.exe
  2⤵
  PID:8832
- C:\Windows\System\PXwydfD.exe
  C:\Windows\System\PXwydfD.exe
  2⤵
  PID:8848
- C:\Windows\System\vghnVXl.exe
  C:\Windows\System\vghnVXl.exe
  2⤵
  PID:8868
- C:\Windows\System\JJGGIKw.exe
  C:\Windows\System\JJGGIKw.exe
  2⤵
  PID:8888
- C:\Windows\System\BlGZQjf.exe
  C:\Windows\System\BlGZQjf.exe
  2⤵
  PID:8908
- C:\Windows\System\JkdVTsB.exe
  C:\Windows\System\JkdVTsB.exe
  2⤵
  PID:8928
- C:\Windows\System\eAHUQAW.exe
  C:\Windows\System\eAHUQAW.exe
  2⤵
  PID:8948
- C:\Windows\System\kfCTXFr.exe
  C:\Windows\System\kfCTXFr.exe
  2⤵
  PID:8972
- C:\Windows\System\yEcPoUy.exe
  C:\Windows\System\yEcPoUy.exe
  2⤵
  PID:8992
- C:\Windows\System\djgzLMa.exe
  C:\Windows\System\djgzLMa.exe
  2⤵
  PID:9016
- C:\Windows\System\zwDbEzk.exe
  C:\Windows\System\zwDbEzk.exe
  2⤵
  PID:9040
- C:\Windows\System\ycwXQyG.exe
  C:\Windows\System\ycwXQyG.exe
  2⤵
  PID:9068
- C:\Windows\System\hNGROoa.exe
  C:\Windows\System\hNGROoa.exe
  2⤵
  PID:9084
- C:\Windows\System\pqBGdZS.exe
  C:\Windows\System\pqBGdZS.exe
  2⤵
  PID:9108
- C:\Windows\System\raOnhNQ.exe
  C:\Windows\System\raOnhNQ.exe
  2⤵
  PID:9128
- C:\Windows\System\euLBGtv.exe
  C:\Windows\System\euLBGtv.exe
  2⤵
  PID:9152
- C:\Windows\System\lUbItNo.exe
  C:\Windows\System\lUbItNo.exe
  2⤵
  PID:9176
- C:\Windows\System\iilOXZr.exe
  C:\Windows\System\iilOXZr.exe
  2⤵
  PID:9200
- C:\Windows\System\QfynbOV.exe
  C:\Windows\System\QfynbOV.exe
  2⤵
  PID:6996
- C:\Windows\System\AzXPPbZ.exe
  C:\Windows\System\AzXPPbZ.exe
  2⤵
  PID:7224
- C:\Windows\System\CBLXbmr.exe
  C:\Windows\System\CBLXbmr.exe
  2⤵
  PID:7132
- C:\Windows\System\UWziyVo.exe
  C:\Windows\System\UWziyVo.exe
  2⤵
  PID:7160
- C:\Windows\System\EaRCXfH.exe
  C:\Windows\System\EaRCXfH.exe
  2⤵
  PID:5984
- C:\Windows\System\SmnDaWK.exe
  C:\Windows\System\SmnDaWK.exe
  2⤵
  PID:4524
- C:\Windows\System\jgFSLVy.exe
  C:\Windows\System\jgFSLVy.exe
  2⤵
  PID:8172
- C:\Windows\System\mlQIpUF.exe
  C:\Windows\System\mlQIpUF.exe
  2⤵
  PID:5624
- C:\Windows\System\JVNOrKG.exe
  C:\Windows\System\JVNOrKG.exe
  2⤵
  PID:5648
- C:\Windows\System\DJnDeIa.exe
  C:\Windows\System\DJnDeIa.exe
  2⤵
  PID:6176
- C:\Windows\System\qIZltLx.exe
  C:\Windows\System\qIZltLx.exe
  2⤵
  PID:5596
- C:\Windows\System\XcSaNgs.exe
  C:\Windows\System\XcSaNgs.exe
  2⤵
  PID:5776
- C:\Windows\System\hTTjGjm.exe
  C:\Windows\System\hTTjGjm.exe
  2⤵
  PID:7456
- C:\Windows\System\EZukEJO.exe
  C:\Windows\System\EZukEJO.exe
  2⤵
  PID:5468
- C:\Windows\System\mkFRCVK.exe
  C:\Windows\System\mkFRCVK.exe
  2⤵
  PID:6988
- C:\Windows\System\anACdxz.exe
  C:\Windows\System\anACdxz.exe
  2⤵
  PID:4616
- C:\Windows\System\RlpXoHz.exe
  C:\Windows\System\RlpXoHz.exe
  2⤵
  PID:2884
- C:\Windows\System\oGdMWGN.exe
  C:\Windows\System\oGdMWGN.exe
  2⤵
  PID:1772
- C:\Windows\System\aeTDjOA.exe
  C:\Windows\System\aeTDjOA.exe
  2⤵
  PID:7844
- C:\Windows\System\LlOemAx.exe
  C:\Windows\System\LlOemAx.exe
  2⤵
  PID:8260
- C:\Windows\System\QhjrLgZ.exe
  C:\Windows\System\QhjrLgZ.exe
  2⤵
  PID:9240
- C:\Windows\System\CHNeVBn.exe
  C:\Windows\System\CHNeVBn.exe
  2⤵
  PID:9260
- C:\Windows\System\QdLwyzh.exe
  C:\Windows\System\QdLwyzh.exe
  2⤵
  PID:9284
- C:\Windows\System\qSzwdrt.exe
  C:\Windows\System\qSzwdrt.exe
  2⤵
  PID:9300
- C:\Windows\System\qcOxROS.exe
  C:\Windows\System\qcOxROS.exe
  2⤵
  PID:9324
- C:\Windows\System\RWcoUfv.exe
  C:\Windows\System\RWcoUfv.exe
  2⤵
  PID:9344
- C:\Windows\System\SzySEmX.exe
  C:\Windows\System\SzySEmX.exe
  2⤵
  PID:9364
- C:\Windows\System\GNmQdPc.exe
  C:\Windows\System\GNmQdPc.exe
  2⤵
  PID:9388
- C:\Windows\System\GxqLKaq.exe
  C:\Windows\System\GxqLKaq.exe
  2⤵
  PID:9404
- C:\Windows\System\MygIZam.exe
  C:\Windows\System\MygIZam.exe
  2⤵
  PID:9428
- C:\Windows\System\fkRgEzV.exe
  C:\Windows\System\fkRgEzV.exe
  2⤵
  PID:9448
- C:\Windows\System\YKFKFub.exe
  C:\Windows\System\YKFKFub.exe
  2⤵
  PID:9504
- C:\Windows\System\DyhJsdE.exe
  C:\Windows\System\DyhJsdE.exe
  2⤵
  PID:9528
- C:\Windows\System\QZOdRLH.exe
  C:\Windows\System\QZOdRLH.exe
  2⤵
  PID:9548
- C:\Windows\System\iMNMASe.exe
  C:\Windows\System\iMNMASe.exe
  2⤵
  PID:9564
- C:\Windows\System\kkiuEIf.exe
  C:\Windows\System\kkiuEIf.exe
  2⤵
  PID:9580
- C:\Windows\System\AzqvXlc.exe
  C:\Windows\System\AzqvXlc.exe
  2⤵
  PID:9596
- C:\Windows\System\JXVhZxL.exe
  C:\Windows\System\JXVhZxL.exe
  2⤵
  PID:9612
- C:\Windows\System\TXYUqRn.exe
  C:\Windows\System\TXYUqRn.exe
  2⤵
  PID:9628
- C:\Windows\System\yGQYxAe.exe
  C:\Windows\System\yGQYxAe.exe
  2⤵
  PID:9672
- C:\Windows\System\KonkEjw.exe
  C:\Windows\System\KonkEjw.exe
  2⤵
  PID:9688
- C:\Windows\System\TqneqST.exe
  C:\Windows\System\TqneqST.exe
  2⤵
  PID:9704
- C:\Windows\System\YZgRDLn.exe
  C:\Windows\System\YZgRDLn.exe
  2⤵
  PID:9720
- C:\Windows\System\RJDDNNE.exe
  C:\Windows\System\RJDDNNE.exe
  2⤵
  PID:9736
- C:\Windows\System\nZFtVln.exe
  C:\Windows\System\nZFtVln.exe
  2⤵
  PID:9752
- C:\Windows\System\SyAFxZD.exe
  C:\Windows\System\SyAFxZD.exe
  2⤵
  PID:9776
- C:\Windows\System\fRAVbmx.exe
  C:\Windows\System\fRAVbmx.exe
  2⤵
  PID:9792
- C:\Windows\System\YcBLZGO.exe
  C:\Windows\System\YcBLZGO.exe
  2⤵
  PID:9812
- C:\Windows\System\hxrixJq.exe
  C:\Windows\System\hxrixJq.exe
  2⤵
  PID:9832
- C:\Windows\System\roDhHdb.exe
  C:\Windows\System\roDhHdb.exe
  2⤵
  PID:9852
- C:\Windows\System\fMZlwUu.exe
  C:\Windows\System\fMZlwUu.exe
  2⤵
  PID:9868
- C:\Windows\System\LlvqKLY.exe
  C:\Windows\System\LlvqKLY.exe
  2⤵
  PID:9888
- C:\Windows\System\pxzVywb.exe
  C:\Windows\System\pxzVywb.exe
  2⤵
  PID:9904
- C:\Windows\System\rkRBdGf.exe
  C:\Windows\System\rkRBdGf.exe
  2⤵
  PID:9928
- C:\Windows\System\fswEyVJ.exe
  C:\Windows\System\fswEyVJ.exe
  2⤵
  PID:9948
- C:\Windows\System\nXJlQch.exe
  C:\Windows\System\nXJlQch.exe
  2⤵
  PID:9964
- C:\Windows\System\HCduqbX.exe
  C:\Windows\System\HCduqbX.exe
  2⤵
  PID:7980
- C:\Windows\System\FQrHjQB.exe
  C:\Windows\System\FQrHjQB.exe
  2⤵
  PID:7528
- C:\Windows\System\zlhfcTJ.exe
  C:\Windows\System\zlhfcTJ.exe
  2⤵
  PID:8968
- C:\Windows\System\WlkOTNG.exe
  C:\Windows\System\WlkOTNG.exe
  2⤵
  PID:9092
- C:\Windows\System\PlIDDNZ.exe
  C:\Windows\System\PlIDDNZ.exe
  2⤵
  PID:6636
- C:\Windows\System\ujqxgtN.exe
  C:\Windows\System\ujqxgtN.exe
  2⤵
  PID:7664
- C:\Windows\System\rLrdnQX.exe
  C:\Windows\System\rLrdnQX.exe
  2⤵
  PID:7180
- C:\Windows\System\fNoeJvJ.exe
  C:\Windows\System\fNoeJvJ.exe
  2⤵
  PID:7172
- C:\Windows\System\EtMAlFd.exe
  C:\Windows\System\EtMAlFd.exe
  2⤵
  PID:8220
- C:\Windows\System\qrqQoPV.exe
  C:\Windows\System\qrqQoPV.exe
  2⤵
  PID:6744
- C:\Windows\System\sXWDtyD.exe
  C:\Windows\System\sXWDtyD.exe
  2⤵
  PID:9296
- C:\Windows\System\dufADMP.exe
  C:\Windows\System\dufADMP.exe
  2⤵
  PID:7964
- C:\Windows\System\YhsCFNO.exe
  C:\Windows\System\YhsCFNO.exe
  2⤵
  PID:9476
- C:\Windows\System\epCoody.exe
  C:\Windows\System\epCoody.exe
  2⤵
  PID:8096
- C:\Windows\System\eaVPRRk.exe
  C:\Windows\System\eaVPRRk.exe
  2⤵
  PID:8128
- C:\Windows\System\oTMigUJ.exe
  C:\Windows\System\oTMigUJ.exe
  2⤵
  PID:8636
- C:\Windows\System\GLDadLL.exe
  C:\Windows\System\GLDadLL.exe
  2⤵
  PID:8736
- C:\Windows\System\RlgEyWk.exe
  C:\Windows\System\RlgEyWk.exe
  2⤵
  PID:9848
- C:\Windows\System\VUDInDj.exe
  C:\Windows\System\VUDInDj.exe
  2⤵
  PID:8840
- C:\Windows\System\IfHgpBV.exe
  C:\Windows\System\IfHgpBV.exe
  2⤵
  PID:9944
- C:\Windows\System\YvYNCsf.exe
  C:\Windows\System\YvYNCsf.exe
  2⤵
  PID:6116
- C:\Windows\System\NnlCaRG.exe
  C:\Windows\System\NnlCaRG.exe
  2⤵
  PID:9012
- C:\Windows\System\rLRjmll.exe
  C:\Windows\System\rLRjmll.exe
  2⤵
  PID:9056
- C:\Windows\System\VenTXMz.exe
  C:\Windows\System\VenTXMz.exe
  2⤵
  PID:9136
- C:\Windows\System\ZjigwJs.exe
  C:\Windows\System\ZjigwJs.exe
  2⤵
  PID:8980
- C:\Windows\System\LJQNzdv.exe
  C:\Windows\System\LJQNzdv.exe
  2⤵
  PID:9572
- C:\Windows\System\uVKFGkz.exe
  C:\Windows\System\uVKFGkz.exe
  2⤵
  PID:7568
- C:\Windows\System\xrxjHpd.exe
  C:\Windows\System\xrxjHpd.exe
  2⤵
  PID:6256
- C:\Windows\System\jMAreSA.exe
  C:\Windows\System\jMAreSA.exe
  2⤵
  PID:2044
- C:\Windows\System\DVrnmPP.exe
  C:\Windows\System\DVrnmPP.exe
  2⤵
  PID:7760
- C:\Windows\System\iMFjOlz.exe
  C:\Windows\System\iMFjOlz.exe
  2⤵
  PID:6888
- C:\Windows\System\fpLRZIw.exe
  C:\Windows\System\fpLRZIw.exe
  2⤵
  PID:9380
- C:\Windows\System\aMxYRCf.exe
  C:\Windows\System\aMxYRCf.exe
  2⤵
  PID:9440
- C:\Windows\System\sXvEIPr.exe
  C:\Windows\System\sXvEIPr.exe
  2⤵
  PID:8348
- C:\Windows\System\gxaRwYo.exe
  C:\Windows\System\gxaRwYo.exe
  2⤵
  PID:9540
- C:\Windows\System\ooLOqXU.exe
  C:\Windows\System\ooLOqXU.exe
  2⤵
  PID:8416
- C:\Windows\System\EvWdXDx.exe
  C:\Windows\System\EvWdXDx.exe
  2⤵
  PID:8464
- C:\Windows\System\FSsdZBi.exe
  C:\Windows\System\FSsdZBi.exe
  2⤵
  PID:10256
- C:\Windows\System\BpUhbcJ.exe
  C:\Windows\System\BpUhbcJ.exe
  2⤵
  PID:10272
- C:\Windows\System\xrZblQv.exe
  C:\Windows\System\xrZblQv.exe
  2⤵
  PID:10288
- C:\Windows\System\ChiZdNE.exe
  C:\Windows\System\ChiZdNE.exe
  2⤵
  PID:10308
- C:\Windows\System\jhyLYjS.exe
  C:\Windows\System\jhyLYjS.exe
  2⤵
  PID:10332
- C:\Windows\System\KaqHiAv.exe
  C:\Windows\System\KaqHiAv.exe
  2⤵
  PID:10352
- C:\Windows\System\UBGwlhf.exe
  C:\Windows\System\UBGwlhf.exe
  2⤵
  PID:10372
- C:\Windows\System\AftbFSY.exe
  C:\Windows\System\AftbFSY.exe
  2⤵
  PID:10400
- C:\Windows\System\ZenYfte.exe
  C:\Windows\System\ZenYfte.exe
  2⤵
  PID:10416
- C:\Windows\System\DFLKKug.exe
  C:\Windows\System\DFLKKug.exe
  2⤵
  PID:10444
- C:\Windows\System\rZrujpS.exe
  C:\Windows\System\rZrujpS.exe
  2⤵
  PID:10472
- C:\Windows\System\kpOIMvg.exe
  C:\Windows\System\kpOIMvg.exe
  2⤵
  PID:10488
- C:\Windows\System\srgvCuL.exe
  C:\Windows\System\srgvCuL.exe
  2⤵
  PID:10504
- C:\Windows\System\rfnRzCO.exe
  C:\Windows\System\rfnRzCO.exe
  2⤵
  PID:10520
- C:\Windows\System\nkOEsWc.exe
  C:\Windows\System\nkOEsWc.exe
  2⤵
  PID:10540
- C:\Windows\System\IMrNQvL.exe
  C:\Windows\System\IMrNQvL.exe
  2⤵
  PID:10556
- C:\Windows\System\wioYppF.exe
  C:\Windows\System\wioYppF.exe
  2⤵
  PID:10572
- C:\Windows\System\vZsTLsB.exe
  C:\Windows\System\vZsTLsB.exe
  2⤵
  PID:10592
- C:\Windows\System\XFxWlHo.exe
  C:\Windows\System\XFxWlHo.exe
  2⤵
  PID:10616
- C:\Windows\System\cjqClRK.exe
  C:\Windows\System\cjqClRK.exe
  2⤵
  PID:10636
- C:\Windows\System\QuEzask.exe
  C:\Windows\System\QuEzask.exe
  2⤵
  PID:10660
- C:\Windows\System\JUPBCPl.exe
  C:\Windows\System\JUPBCPl.exe
  2⤵
  PID:10680
- C:\Windows\System\wnWbvzt.exe
  C:\Windows\System\wnWbvzt.exe
  2⤵
  PID:10704
- C:\Windows\System\nhABqQn.exe
  C:\Windows\System\nhABqQn.exe
  2⤵
  PID:10724
- C:\Windows\System\nniRtyf.exe
  C:\Windows\System\nniRtyf.exe
  2⤵
  PID:10748
- C:\Windows\System\LKpZJEL.exe
  C:\Windows\System\LKpZJEL.exe
  2⤵
  PID:10772
- C:\Windows\System\WvcRzrc.exe
  C:\Windows\System\WvcRzrc.exe
  2⤵
  PID:10800
- C:\Windows\System\AwCVASG.exe
  C:\Windows\System\AwCVASG.exe
  2⤵
  PID:10816
- C:\Windows\System\HbiHTKZ.exe
  C:\Windows\System\HbiHTKZ.exe
  2⤵
  PID:10836
- C:\Windows\System\FMOXWxQ.exe
  C:\Windows\System\FMOXWxQ.exe
  2⤵
  PID:10860
- C:\Windows\System\KGDvKlp.exe
  C:\Windows\System\KGDvKlp.exe
  2⤵
  PID:10876
- C:\Windows\System\SHDmWmn.exe
  C:\Windows\System\SHDmWmn.exe
  2⤵
  PID:10900
- C:\Windows\System\TNjjOmT.exe
  C:\Windows\System\TNjjOmT.exe
  2⤵
  PID:10928
- C:\Windows\System\NBuBPgh.exe
  C:\Windows\System\NBuBPgh.exe
  2⤵
  PID:10952
- C:\Windows\System\dcBkXMD.exe
  C:\Windows\System\dcBkXMD.exe
  2⤵
  PID:10976
- C:\Windows\System\xAcrZqk.exe
  C:\Windows\System\xAcrZqk.exe
  2⤵
  PID:10992
- C:\Windows\System\LqksaEH.exe
  C:\Windows\System\LqksaEH.exe
  2⤵
  PID:11016
- C:\Windows\System\OtWEjRY.exe
  C:\Windows\System\OtWEjRY.exe
  2⤵
  PID:11044
- C:\Windows\System\wRnuRkb.exe
  C:\Windows\System\wRnuRkb.exe
  2⤵
  PID:11064
- C:\Windows\System\XewNMvr.exe
  C:\Windows\System\XewNMvr.exe
  2⤵
  PID:11092
- C:\Windows\System\BobWFOx.exe
  C:\Windows\System\BobWFOx.exe
  2⤵
  PID:11120
- C:\Windows\System\LEqTcvU.exe
  C:\Windows\System\LEqTcvU.exe
  2⤵
  PID:11136
- C:\Windows\System\DbZnKrl.exe
  C:\Windows\System\DbZnKrl.exe
  2⤵
  PID:11160
- C:\Windows\System\liQTqvd.exe
  C:\Windows\System\liQTqvd.exe
  2⤵
  PID:11192
- C:\Windows\System\aIQRbAE.exe
  C:\Windows\System\aIQRbAE.exe
  2⤵
  PID:11208
- C:\Windows\System\cEwFQSU.exe
  C:\Windows\System\cEwFQSU.exe
  2⤵
  PID:11240
- C:\Windows\System\UylijaM.exe
  C:\Windows\System\UylijaM.exe
  2⤵
  PID:8496
- C:\Windows\System\DpMmYKq.exe
  C:\Windows\System\DpMmYKq.exe
  2⤵
  PID:8552
- C:\Windows\System\UdiyLUK.exe
  C:\Windows\System\UdiyLUK.exe
  2⤵
  PID:8592
- C:\Windows\System\UwBwDgK.exe
  C:\Windows\System\UwBwDgK.exe
  2⤵
  PID:8680
- C:\Windows\System\IdfzkJw.exe
  C:\Windows\System\IdfzkJw.exe
  2⤵
  PID:8712
- C:\Windows\System\WtAfzjU.exe
  C:\Windows\System\WtAfzjU.exe
  2⤵
  PID:9880
- C:\Windows\System\aGLBlBH.exe
  C:\Windows\System\aGLBlBH.exe
  2⤵
  PID:9784
- C:\Windows\System\ntbhUVH.exe
  C:\Windows\System\ntbhUVH.exe
  2⤵
  PID:9712
- C:\Windows\System\dnccMvD.exe
  C:\Windows\System\dnccMvD.exe
  2⤵
  PID:9420
- C:\Windows\System\ZFxPyFE.exe
  C:\Windows\System\ZFxPyFE.exe
  2⤵
  PID:9356
- C:\Windows\System\ujSOOso.exe
  C:\Windows\System\ujSOOso.exe
  2⤵
  PID:5224
- C:\Windows\System\QSApzcQ.exe
  C:\Windows\System\QSApzcQ.exe
  2⤵
  PID:11280
- C:\Windows\System\hWyIUwX.exe
  C:\Windows\System\hWyIUwX.exe
  2⤵
  PID:11312
- C:\Windows\System\whLRDEV.exe
  C:\Windows\System\whLRDEV.exe
  2⤵
  PID:11328
- C:\Windows\System\eoPUkvU.exe
  C:\Windows\System\eoPUkvU.exe
  2⤵
  PID:11356
- C:\Windows\System\WTwhzFO.exe
  C:\Windows\System\WTwhzFO.exe
  2⤵
  PID:11380
- C:\Windows\System\WAwQvrN.exe
  C:\Windows\System\WAwQvrN.exe
  2⤵
  PID:11404
- C:\Windows\System\gxfuRwr.exe
  C:\Windows\System\gxfuRwr.exe
  2⤵
  PID:11420
- C:\Windows\System\zKfkvWP.exe
  C:\Windows\System\zKfkvWP.exe
  2⤵
  PID:11436
- C:\Windows\System\GwYpPSf.exe
  C:\Windows\System\GwYpPSf.exe
  2⤵
  PID:11452
- C:\Windows\System\klrGgbQ.exe
  C:\Windows\System\klrGgbQ.exe
  2⤵
  PID:11468
- C:\Windows\System\CchPJAT.exe
  C:\Windows\System\CchPJAT.exe
  2⤵
  PID:11484
- C:\Windows\System\OncmAEb.exe
  C:\Windows\System\OncmAEb.exe
  2⤵
  PID:11504
- C:\Windows\System\gheGXMT.exe
  C:\Windows\System\gheGXMT.exe
  2⤵
  PID:11532
- C:\Windows\System\ctymgLk.exe
  C:\Windows\System\ctymgLk.exe
  2⤵
  PID:11552
- C:\Windows\System\SCNaAmm.exe
  C:\Windows\System\SCNaAmm.exe
  2⤵
  PID:11572
- C:\Windows\System\BSXdwsm.exe
  C:\Windows\System\BSXdwsm.exe
  2⤵
  PID:11600
- C:\Windows\System\HyilIoX.exe
  C:\Windows\System\HyilIoX.exe
  2⤵
  PID:11620
- C:\Windows\System\FpnhhNi.exe
  C:\Windows\System\FpnhhNi.exe
  2⤵
  PID:11644
- C:\Windows\System\DeIeOGr.exe
  C:\Windows\System\DeIeOGr.exe
  2⤵
  PID:11660
- C:\Windows\System\NLYjcWU.exe
  C:\Windows\System\NLYjcWU.exe
  2⤵
  PID:11688
- C:\Windows\System\vNZXKna.exe
  C:\Windows\System\vNZXKna.exe
  2⤵
  PID:11704
- C:\Windows\System\hpGjwEW.exe
  C:\Windows\System\hpGjwEW.exe
  2⤵
  PID:11732
- C:\Windows\System\AaKHNRt.exe
  C:\Windows\System\AaKHNRt.exe
  2⤵
  PID:11748
- C:\Windows\System\XTacXOk.exe
  C:\Windows\System\XTacXOk.exe
  2⤵
  PID:11768
- C:\Windows\System\jgVEFCr.exe
  C:\Windows\System\jgVEFCr.exe
  2⤵
  PID:11792
- C:\Windows\System\rjjCMce.exe
  C:\Windows\System\rjjCMce.exe
  2⤵
  PID:11812
- C:\Windows\System\gFsIjvv.exe
  C:\Windows\System\gFsIjvv.exe
  2⤵
  PID:11832
- C:\Windows\System\QLNWCMb.exe
  C:\Windows\System\QLNWCMb.exe
  2⤵
  PID:11856
- C:\Windows\System\QMfUYlY.exe
  C:\Windows\System\QMfUYlY.exe
  2⤵
  PID:11880
- C:\Windows\System\EBFoFzE.exe
  C:\Windows\System\EBFoFzE.exe
  2⤵
  PID:11896
- C:\Windows\System\IglpuVQ.exe
  C:\Windows\System\IglpuVQ.exe
  2⤵
  PID:11924
- C:\Windows\System\UGoiBIM.exe
  C:\Windows\System\UGoiBIM.exe
  2⤵
  PID:11948
- C:\Windows\System\OvuVVfO.exe
  C:\Windows\System\OvuVVfO.exe
  2⤵
  PID:11964
- C:\Windows\System\SfNjaJr.exe
  C:\Windows\System\SfNjaJr.exe
  2⤵
  PID:11988
- C:\Windows\System\LXdXMQC.exe
  C:\Windows\System\LXdXMQC.exe
  2⤵
  PID:12004
- C:\Windows\System\kNVjzJE.exe
  C:\Windows\System\kNVjzJE.exe
  2⤵
  PID:12028
- C:\Windows\System\AxlwPhA.exe
  C:\Windows\System\AxlwPhA.exe
  2⤵
  PID:12052
- C:\Windows\System\VOeieWO.exe
  C:\Windows\System\VOeieWO.exe
  2⤵
  PID:12068
- C:\Windows\System\vYKUDLE.exe
  C:\Windows\System\vYKUDLE.exe
  2⤵
  PID:12092
- C:\Windows\System\FsqjmvB.exe
  C:\Windows\System\FsqjmvB.exe
  2⤵
  PID:12112
- C:\Windows\System\plGxXkF.exe
  C:\Windows\System\plGxXkF.exe
  2⤵
  PID:12144
- C:\Windows\System\cAQoAvW.exe
  C:\Windows\System\cAQoAvW.exe
  2⤵
  PID:12160
- C:\Windows\System\LgKXIro.exe
  C:\Windows\System\LgKXIro.exe
  2⤵
  PID:12176
- C:\Windows\System\vPEIopW.exe
  C:\Windows\System\vPEIopW.exe
  2⤵
  PID:12192
- C:\Windows\System\StBiTXU.exe
  C:\Windows\System\StBiTXU.exe
  2⤵
  PID:12212
- C:\Windows\System\fSjAEoS.exe
  C:\Windows\System\fSjAEoS.exe
  2⤵
  PID:12240
- C:\Windows\System\pnMMrvm.exe
  C:\Windows\System\pnMMrvm.exe
  2⤵
  PID:12264
- C:\Windows\System\EoCeKKZ.exe
  C:\Windows\System\EoCeKKZ.exe
  2⤵
  PID:7532
- C:\Windows\System\IEHXolu.exe
  C:\Windows\System\IEHXolu.exe
  2⤵
  PID:7116
- C:\Windows\System\MvZRQkZ.exe
  C:\Windows\System\MvZRQkZ.exe
  2⤵
  PID:9048
- C:\Windows\System\VVOmmZe.exe
  C:\Windows\System\VVOmmZe.exe
  2⤵
  PID:6596
- C:\Windows\System\ydESZsm.exe
  C:\Windows\System\ydESZsm.exe
  2⤵
  PID:8008
- C:\Windows\System\pEeMJLW.exe
  C:\Windows\System\pEeMJLW.exe
  2⤵
  PID:10052
- C:\Windows\System\jKCcNcZ.exe
  C:\Windows\System\jKCcNcZ.exe
  2⤵
  PID:8304
- C:\Windows\System\FXZGzQL.exe
  C:\Windows\System\FXZGzQL.exe
  2⤵
  PID:8140
- C:\Windows\System\DYUbPFq.exe
  C:\Windows\System\DYUbPFq.exe
  2⤵
  PID:8944
- C:\Windows\System\zYaphJl.exe
  C:\Windows\System\zYaphJl.exe
  2⤵
  PID:9336
- C:\Windows\System\wOScZQI.exe
  C:\Windows\System\wOScZQI.exe
  2⤵
  PID:9464
- C:\Windows\System\JIZsRml.exe
  C:\Windows\System\JIZsRml.exe
  2⤵
  PID:8940
- C:\Windows\System\cSqtcGJ.exe
  C:\Windows\System\cSqtcGJ.exe
  2⤵
  PID:10164
- C:\Windows\System\RBymtYe.exe
  C:\Windows\System\RBymtYe.exe
  2⤵
  PID:9624
- C:\Windows\System\tWPsilH.exe
  C:\Windows\System\tWPsilH.exe
  2⤵
  PID:3128
- C:\Windows\System\FtFDDoX.exe
  C:\Windows\System\FtFDDoX.exe
  2⤵
  PID:10320
- C:\Windows\System\FyICCYk.exe
  C:\Windows\System\FyICCYk.exe
  2⤵
  PID:10412
- C:\Windows\System\NLXstza.exe
  C:\Windows\System\NLXstza.exe
  2⤵
  PID:10548
- C:\Windows\System\AHWouby.exe
  C:\Windows\System\AHWouby.exe
  2⤵
  PID:10588
- C:\Windows\System\vXMzRxC.exe
  C:\Windows\System\vXMzRxC.exe
  2⤵
  PID:10692
- C:\Windows\System\naynRlw.exe
  C:\Windows\System\naynRlw.exe
  2⤵
  PID:12304
- C:\Windows\System\OmdAhVb.exe
  C:\Windows\System\OmdAhVb.exe
  2⤵
  PID:12328
- C:\Windows\System\PEZKGFh.exe
  C:\Windows\System\PEZKGFh.exe
  2⤵
  PID:12356
- C:\Windows\System\IlrKcJW.exe
  C:\Windows\System\IlrKcJW.exe
  2⤵
  PID:12372
- C:\Windows\System\dPXZZFT.exe
  C:\Windows\System\dPXZZFT.exe
  2⤵
  PID:12392
- C:\Windows\System\DiDhEtc.exe
  C:\Windows\System\DiDhEtc.exe
  2⤵
  PID:12596
- C:\Windows\System\oXgWmGg.exe
  C:\Windows\System\oXgWmGg.exe
  2⤵
  PID:12616
- C:\Windows\System\zsOmEij.exe
  C:\Windows\System\zsOmEij.exe
  2⤵
  PID:12636
- C:\Windows\System\rPhcmGu.exe
  C:\Windows\System\rPhcmGu.exe
  2⤵
  PID:12652
- C:\Windows\System\mQPEfWz.exe
  C:\Windows\System\mQPEfWz.exe
  2⤵
  PID:12672
- C:\Windows\System\mLanLuE.exe
  C:\Windows\System\mLanLuE.exe
  2⤵
  PID:12692
- C:\Windows\System\AotkpMW.exe
  C:\Windows\System\AotkpMW.exe
  2⤵
  PID:12708
- C:\Windows\System\PytIElG.exe
  C:\Windows\System\PytIElG.exe
  2⤵
  PID:12724
- C:\Windows\System\hZNzCah.exe
  C:\Windows\System\hZNzCah.exe
  2⤵
  PID:12744
- C:\Windows\System\cZqeqjC.exe
  C:\Windows\System\cZqeqjC.exe
  2⤵
  PID:12760
- C:\Windows\System\nrHGsov.exe
  C:\Windows\System\nrHGsov.exe
  2⤵
  PID:12788
- C:\Windows\System\kRooCQj.exe
  C:\Windows\System\kRooCQj.exe
  2⤵
  PID:12804
- C:\Windows\System\BMYHgcV.exe
  C:\Windows\System\BMYHgcV.exe
  2⤵
  PID:12824
- C:\Windows\System\xNVDJuO.exe
  C:\Windows\System\xNVDJuO.exe
  2⤵
  PID:12840
- C:\Windows\System\obpGCcR.exe
  C:\Windows\System\obpGCcR.exe
  2⤵
  PID:12860
- C:\Windows\System\nkSeBnS.exe
  C:\Windows\System\nkSeBnS.exe
  2⤵
  PID:12876
- C:\Windows\System\ypZczhU.exe
  C:\Windows\System\ypZczhU.exe
  2⤵
  PID:12900
- C:\Windows\System\AFmgabp.exe
  C:\Windows\System\AFmgabp.exe
  2⤵
  PID:12920
- C:\Windows\System\JYvMZcv.exe
  C:\Windows\System\JYvMZcv.exe
  2⤵
  PID:12936
- C:\Windows\System\AraYAVV.exe
  C:\Windows\System\AraYAVV.exe
  2⤵
  PID:12956
- C:\Windows\System\VtGTgFE.exe
  C:\Windows\System\VtGTgFE.exe
  2⤵
  PID:12976
- C:\Windows\System\bJkkIPp.exe
  C:\Windows\System\bJkkIPp.exe
  2⤵
  PID:12996
- C:\Windows\System\ZNyhUjw.exe
  C:\Windows\System\ZNyhUjw.exe
  2⤵
  PID:13016
- C:\Windows\System\KxdRodZ.exe
  C:\Windows\System\KxdRodZ.exe
  2⤵
  PID:13044
- C:\Windows\System\AjTZBOI.exe
  C:\Windows\System\AjTZBOI.exe
  2⤵
  PID:13064
- C:\Windows\System\wJhuQNy.exe
  C:\Windows\System\wJhuQNy.exe
  2⤵
  PID:13084
- C:\Windows\System\ynmWnQt.exe
  C:\Windows\System\ynmWnQt.exe
  2⤵
  PID:13104
- C:\Windows\System\pVdylJB.exe
  C:\Windows\System\pVdylJB.exe
  2⤵
  PID:13120
- C:\Windows\System\pquDKUU.exe
  C:\Windows\System\pquDKUU.exe
  2⤵
  PID:13144
- C:\Windows\System\fNdCPwM.exe
  C:\Windows\System\fNdCPwM.exe
  2⤵
  PID:13160
- C:\Windows\System\JLwnAVS.exe
  C:\Windows\System\JLwnAVS.exe
  2⤵
  PID:13180
- C:\Windows\System\sQABdOU.exe
  C:\Windows\System\sQABdOU.exe
  2⤵
  PID:13200
- C:\Windows\System\FIRspde.exe
  C:\Windows\System\FIRspde.exe
  2⤵
  PID:13220
- C:\Windows\System\sNuNgsA.exe
  C:\Windows\System\sNuNgsA.exe
  2⤵
  PID:13240
- C:\Windows\System\rEuxvec.exe
  C:\Windows\System\rEuxvec.exe
  2⤵
  PID:13264
- C:\Windows\System\KPjosvE.exe
  C:\Windows\System\KPjosvE.exe
  2⤵
  PID:13284
- C:\Windows\System\DdZrffI.exe
  C:\Windows\System\DdZrffI.exe
  2⤵
  PID:13300
- C:\Windows\System\BBDVcJL.exe
  C:\Windows\System\BBDVcJL.exe
  2⤵
  PID:10756
- C:\Windows\System\rpQPAaT.exe
  C:\Windows\System\rpQPAaT.exe
  2⤵
  PID:10824
- C:\Windows\System\opsrlVR.exe
  C:\Windows\System\opsrlVR.exe
  2⤵
  PID:10896
- C:\Windows\System\QyYTKMW.exe
  C:\Windows\System\QyYTKMW.exe
  2⤵
  PID:11036
- C:\Windows\System\BLPZtQh.exe
  C:\Windows\System\BLPZtQh.exe
  2⤵
  PID:11076
- C:\Windows\System\mRDexqY.exe
  C:\Windows\System\mRDexqY.exe
  2⤵
  PID:11108
- C:\Windows\System\RMFWkvL.exe
  C:\Windows\System\RMFWkvL.exe
  2⤵
  PID:6380
- C:\Windows\System\jNbowqH.exe
  C:\Windows\System\jNbowqH.exe
  2⤵
  PID:9976
- C:\Windows\System\BOzpxfh.exe
  C:\Windows\System\BOzpxfh.exe
  2⤵
  PID:9804
- C:\Windows\System\anGKOry.exe
  C:\Windows\System\anGKOry.exe
  2⤵
  PID:7440
- C:\Windows\System\MPlKqcD.exe
  C:\Windows\System\MPlKqcD.exe
  2⤵
  PID:11416
- C:\Windows\System\mjnlsSv.exe
  C:\Windows\System\mjnlsSv.exe
  2⤵
  PID:11480
- C:\Windows\System\uezKFrp.exe
  C:\Windows\System\uezKFrp.exe
  2⤵
  PID:7516
- C:\Windows\System\BHvTThy.exe
  C:\Windows\System\BHvTThy.exe
  2⤵
  PID:11544
- C:\Windows\System\thFNYPW.exe
  C:\Windows\System\thFNYPW.exe
  2⤵
  PID:9076
- C:\Windows\System\IWfVylN.exe
  C:\Windows\System\IWfVylN.exe
  2⤵
  PID:11612
- C:\Windows\System\LfKUmoi.exe
  C:\Windows\System\LfKUmoi.exe
  2⤵
  PID:7716
- C:\Windows\System\veWqIHW.exe
  C:\Windows\System\veWqIHW.exe
  2⤵
  PID:10868
- C:\Windows\System\JBMsgef.exe
  C:\Windows\System\JBMsgef.exe
  2⤵
  PID:10940
- C:\Windows\System\mqkZILG.exe
  C:\Windows\System\mqkZILG.exe
  2⤵
  PID:11216
- C:\Windows\System\ZBkjlqh.exe
  C:\Windows\System\ZBkjlqh.exe
  2⤵
  PID:12280
- C:\Windows\System\AXAYvFm.exe
  C:\Windows\System\AXAYvFm.exe
  2⤵
  PID:12632
- C:\Windows\System\oVAcNWP.exe
  C:\Windows\System\oVAcNWP.exe
  2⤵
  PID:12668
- C:\Windows\System\DQRJJFd.exe
  C:\Windows\System\DQRJJFd.exe
  2⤵
  PID:12716
- C:\Windows\System\HICmdZe.exe
  C:\Windows\System\HICmdZe.exe
  2⤵
  PID:8120
- C:\Windows\System\spmsTAe.exe
  C:\Windows\System\spmsTAe.exe
  2⤵
  PID:4260
- C:\Windows\System\QbFmwEa.exe
  C:\Windows\System\QbFmwEa.exe
  2⤵
  PID:13192
- C:\Windows\System\faQSXTY.exe
  C:\Windows\System\faQSXTY.exe
  2⤵
  PID:13236
- C:\Windows\System\sOyMLcK.exe
  C:\Windows\System\sOyMLcK.exe
  2⤵
  PID:9788
- C:\Windows\System\SXEDpGv.exe
  C:\Windows\System\SXEDpGv.exe
  2⤵
  PID:9028
- C:\Windows\System\mQABHsr.exe
  C:\Windows\System\mQABHsr.exe
  2⤵
  PID:11496
- C:\Windows\System\ttXGVuK.exe
  C:\Windows\System\ttXGVuK.exe
  2⤵
  PID:6752
- C:\Windows\System\sQDJSOH.exe
  C:\Windows\System\sQDJSOH.exe
  2⤵
  PID:12000
- C:\Windows\System\aGRejEC.exe
  C:\Windows\System\aGRejEC.exe
  2⤵
  PID:12368
- C:\Windows\System\pFkisUQ.exe
  C:\Windows\System\pFkisUQ.exe
  2⤵
  PID:4664
- C:\Windows\System\UCyMalR.exe
  C:\Windows\System\UCyMalR.exe
  2⤵
  PID:12344
- C:\Windows\System\foFVqcP.exe
  C:\Windows\System\foFVqcP.exe
  2⤵
  PID:10720
- C:\Windows\System\EsEPlBF.exe
  C:\Windows\System\EsEPlBF.exe
  2⤵
  PID:8
- C:\Windows\System\qimjOry.exe
  C:\Windows\System\qimjOry.exe
  2⤵
  PID:4964
- C:\Windows\System\DphnNgC.exe
  C:\Windows\System\DphnNgC.exe
  2⤵
  PID:1156
- C:\Windows\System\iSYyoMO.exe
  C:\Windows\System\iSYyoMO.exe
  2⤵
  PID:11500
- C:\Windows\System\msczBja.exe
  C:\Windows\System\msczBja.exe
  2⤵
  PID:12832
- C:\Windows\System\RfimWtK.exe
  C:\Windows\System\RfimWtK.exe
  2⤵
  PID:10316
- C:\Windows\System\xnrWdcB.exe
  C:\Windows\System\xnrWdcB.exe
  2⤵
  PID:12948
- C:\Windows\System\IguXybI.exe
  C:\Windows\System\IguXybI.exe
  2⤵
  PID:12952
- C:\Windows\System\tgDjNPv.exe
  C:\Windows\System\tgDjNPv.exe
  2⤵
  PID:10812
- C:\Windows\System\nEusaPB.exe
  C:\Windows\System\nEusaPB.exe
  2⤵
  PID:13060
- C:\Windows\System\eiiqWeL.exe
  C:\Windows\System\eiiqWeL.exe
  2⤵
  PID:11828
- C:\Windows\System\EfhhoqQ.exe
  C:\Windows\System\EfhhoqQ.exe
  2⤵
  PID:13716
- C:\Windows\System\tOmsspM.exe
  C:\Windows\System\tOmsspM.exe
  2⤵
  PID:13732
- C:\Windows\System\eoebQYm.exe
  C:\Windows\System\eoebQYm.exe
  2⤵
  PID:13768
- C:\Windows\System\pZBkgXM.exe
  C:\Windows\System\pZBkgXM.exe
  2⤵
  PID:13784
- C:\Windows\System\ltmLTMp.exe
  C:\Windows\System\ltmLTMp.exe
  2⤵
  PID:13800
- C:\Windows\System\oURRXfB.exe
  C:\Windows\System\oURRXfB.exe
  2⤵
  PID:13816
- C:\Windows\System\bcraNbi.exe
  C:\Windows\System\bcraNbi.exe
  2⤵
  PID:13844
- C:\Windows\System\vEQLLyG.exe
  C:\Windows\System\vEQLLyG.exe
  2⤵
  PID:13880
- C:\Windows\System\mLQlGgo.exe
  C:\Windows\System\mLQlGgo.exe
  2⤵
  PID:13900
- C:\Windows\System\MaAxXiG.exe
  C:\Windows\System\MaAxXiG.exe
  2⤵
  PID:13920
- C:\Windows\System\ieKXAWJ.exe
  C:\Windows\System\ieKXAWJ.exe
  2⤵
  PID:13960
- C:\Windows\System\QCXIsdi.exe
  C:\Windows\System\QCXIsdi.exe
  2⤵
  PID:13976
- C:\Windows\System\obBuvhx.exe
  C:\Windows\System\obBuvhx.exe
  2⤵
  PID:14004
- C:\Windows\System\AdVZvEW.exe
  C:\Windows\System\AdVZvEW.exe
  2⤵
  PID:14020
- C:\Windows\System\fdpgRDZ.exe
  C:\Windows\System\fdpgRDZ.exe
  2⤵
  PID:14036
- C:\Windows\System\EKSJUqO.exe
  C:\Windows\System\EKSJUqO.exe
  2⤵
  PID:14056
- C:\Windows\System\KfvvyCK.exe
  C:\Windows\System\KfvvyCK.exe
  2⤵
  PID:14072
- C:\Windows\System\SEjsEeK.exe
  C:\Windows\System\SEjsEeK.exe
  2⤵
  PID:14092
- C:\Windows\System\IttLRzv.exe
  C:\Windows\System\IttLRzv.exe
  2⤵
  PID:14112
- C:\Windows\System\bRodsYl.exe
  C:\Windows\System\bRodsYl.exe
  2⤵
  PID:14132
- C:\Windows\System\rIOsPka.exe
  C:\Windows\System\rIOsPka.exe
  2⤵
  PID:14148
- C:\Windows\System\rnmbQlk.exe
  C:\Windows\System\rnmbQlk.exe
  2⤵
  PID:9100
- C:\Windows\System\khsdZTT.exe
  C:\Windows\System\khsdZTT.exe
  2⤵
  PID:1448
- C:\Windows\System\tjANfqo.exe
  C:\Windows\System\tjANfqo.exe
  2⤵
  PID:10920
- C:\Windows\System\DEQVBMR.exe
  C:\Windows\System\DEQVBMR.exe
  2⤵
  PID:11148
- C:\Windows\System\UAavnSo.exe
  C:\Windows\System\UAavnSo.exe
  2⤵
  PID:11684
- C:\Windows\System\QTwDCgc.exe
  C:\Windows\System\QTwDCgc.exe
  2⤵
  PID:12464
- C:\Windows\System\xWKlVNK.exe
  C:\Windows\System\xWKlVNK.exe
  2⤵
  PID:13888
- C:\Windows\System\boEkUIS.exe
  C:\Windows\System\boEkUIS.exe
  2⤵
  PID:13504
- C:\Windows\System\MUklZcY.exe
  C:\Windows\System\MUklZcY.exe
  2⤵
  PID:13600
- C:\Windows\System\TPzIpmW.exe
  C:\Windows\System\TPzIpmW.exe
  2⤵
  PID:13856
- C:\Windows\System\tdpuepb.exe
  C:\Windows\System\tdpuepb.exe
  2⤵
  PID:13704
- C:\Windows\System\luJEgxg.exe
  C:\Windows\System\luJEgxg.exe
  2⤵
  PID:13792
- C:\Windows\System\WRhocVY.exe
  C:\Windows\System\WRhocVY.exe
  2⤵
  PID:13824
- C:\Windows\System\WPOAFiG.exe
  C:\Windows\System\WPOAFiG.exe
  2⤵
  PID:13968
- C:\Windows\System\ewvkXvo.exe
  C:\Windows\System\ewvkXvo.exe
  2⤵
  PID:14012
- C:\Windows\System\CUsjwpw.exe
  C:\Windows\System\CUsjwpw.exe
  2⤵
  PID:14044
- C:\Windows\System\jbuTcFP.exe
  C:\Windows\System\jbuTcFP.exe
  2⤵
  PID:14084
- C:\Windows\System\bsovzpF.exe
  C:\Windows\System\bsovzpF.exe
  2⤵
  PID:14276
- C:\Windows\System\FcSMyzi.exe
  C:\Windows\System\FcSMyzi.exe
  2⤵
  PID:14328
- C:\Windows\System\FMcYQkA.exe
  C:\Windows\System\FMcYQkA.exe
  2⤵
  PID:12188
- C:\Windows\System\tGrPeEi.exe
  C:\Windows\System\tGrPeEi.exe
  2⤵
  PID:3428
- C:\Windows\System\sltRbUU.exe
  C:\Windows\System\sltRbUU.exe
  2⤵
  PID:6428
- C:\Windows\System\cQWZvmb.exe
  C:\Windows\System\cQWZvmb.exe
  2⤵
  PID:13168
- C:\Windows\System\vOCMmgJ.exe
  C:\Windows\System\vOCMmgJ.exe
  2⤵
  PID:9636
- C:\Windows\System\yiMirCj.exe
  C:\Windows\System\yiMirCj.exe
  2⤵
  PID:8924
- C:\Windows\System\hcwBkLr.exe
  C:\Windows\System\hcwBkLr.exe
  2⤵
  PID:5096
- C:\Windows\System\MjCvMAj.exe
  C:\Windows\System\MjCvMAj.exe
  2⤵
  PID:12152
- C:\Windows\System\AwYzvoE.exe
  C:\Windows\System\AwYzvoE.exe
  2⤵
  PID:10160
- C:\Windows\System\mhoVgmC.exe
  C:\Windows\System\mhoVgmC.exe
  2⤵
  PID:8204
- C:\Windows\System\cXzYmYT.exe
  C:\Windows\System\cXzYmYT.exe
  2⤵
  PID:8524
- C:\Windows\System\LpuUImY.exe
  C:\Windows\System\LpuUImY.exe
  2⤵
  PID:9424
- C:\Windows\System\nKtQwvO.exe
  C:\Windows\System\nKtQwvO.exe
  2⤵
  PID:2164
- C:\Windows\System\COHVfWd.exe
  C:\Windows\System\COHVfWd.exe
  2⤵
  PID:7404
- C:\Windows\System\vCvTbtF.exe
  C:\Windows\System\vCvTbtF.exe
  2⤵
  PID:13464
- C:\Windows\System\VLnNyJD.exe
  C:\Windows\System\VLnNyJD.exe
  2⤵
  PID:3644
- C:\Windows\System\ymykBQj.exe
  C:\Windows\System\ymykBQj.exe
  2⤵
  PID:3260
- C:\Windows\System\bhblmYt.exe
  C:\Windows\System\bhblmYt.exe
  2⤵
  PID:8572
- C:\Windows\System\wiKUogO.exe
  C:\Windows\System\wiKUogO.exe
  2⤵
  PID:876
- C:\Windows\System\qdheCjl.exe
  C:\Windows\System\qdheCjl.exe
  2⤵
  PID:5004
- C:\Windows\System\yvkxMGY.exe
  C:\Windows\System\yvkxMGY.exe
  2⤵
  PID:14312
- C:\Windows\System\CfhauSS.exe
  C:\Windows\System\CfhauSS.exe
  2⤵
  PID:14120
- C:\Windows\System\BjCTBLY.exe
  C:\Windows\System\BjCTBLY.exe
  2⤵
  PID:11256
- C:\Windows\System\IawKrna.exe
  C:\Windows\System\IawKrna.exe
  2⤵
  PID:7616
- C:\Windows\System\FkeDQlc.exe
  C:\Windows\System\FkeDQlc.exe
  2⤵
  PID:1428
- C:\Windows\System\VydXWIZ.exe
  C:\Windows\System\VydXWIZ.exe
  2⤵
  PID:12872
- C:\Windows\System\ayYELGP.exe
  C:\Windows\System\ayYELGP.exe
  2⤵
  PID:13316
- C:\Windows\System\kybRoIc.exe
  C:\Windows\System\kybRoIc.exe
  2⤵
  PID:1912
- C:\Windows\System\YtFmCiL.exe
  C:\Windows\System\YtFmCiL.exe
  2⤵
  PID:2320
- C:\Windows\System\fHCAoxa.exe
  C:\Windows\System\fHCAoxa.exe
  2⤵
  PID:2488
- C:\Windows\System\uDgDWiA.exe
  C:\Windows\System\uDgDWiA.exe
  2⤵
  PID:5808
- C:\Windows\System\jviMaVf.exe
  C:\Windows\System\jviMaVf.exe
  2⤵
  PID:9220
- C:\Windows\System\mIGhkAo.exe
  C:\Windows\System\mIGhkAo.exe
  2⤵
  PID:1672
- C:\Windows\System\OPBJaFD.exe
  C:\Windows\System\OPBJaFD.exe
  2⤵
  PID:3688
- C:\Windows\System\SRifzNV.exe
  C:\Windows\System\SRifzNV.exe
  2⤵
  PID:7272
- C:\Windows\System\iXuLBHl.exe
  C:\Windows\System\iXuLBHl.exe
  2⤵
  PID:5852
- C:\Windows\System\apQhQkZ.exe
  C:\Windows\System\apQhQkZ.exe
  2⤵
  PID:4920
- C:\Windows\System\yjBLWLg.exe
  C:\Windows\System\yjBLWLg.exe
  2⤵
  PID:8088
- C:\Windows\System\KyBsSxN.exe
  C:\Windows\System\KyBsSxN.exe
  2⤵
  PID:5148
- C:\Windows\System\WvzhYqy.exe
  C:\Windows\System\WvzhYqy.exe
  2⤵
  PID:6856
- C:\Windows\System\QwGqBqB.exe
  C:\Windows\System\QwGqBqB.exe
  2⤵
  PID:13152
- C:\Windows\System\dDxRgeV.exe
  C:\Windows\System\dDxRgeV.exe
  2⤵
  PID:13328
- C:\Windows\System\odtTyYr.exe
  C:\Windows\System\odtTyYr.exe
  2⤵
  PID:9096
- C:\Windows\System\TcWGmrd.exe
  C:\Windows\System\TcWGmrd.exe
  2⤵
  PID:9292
- C:\Windows\System\dTwisnz.exe
  C:\Windows\System\dTwisnz.exe
  2⤵
  PID:14196
- C:\Windows\System\mFbOMwQ.exe
  C:\Windows\System\mFbOMwQ.exe
  2⤵
  PID:11700
- C:\Windows\System\oPGamtE.exe
  C:\Windows\System\oPGamtE.exe
  2⤵
  PID:13404
- C:\Windows\System\sUNOTXh.exe
  C:\Windows\System\sUNOTXh.exe
  2⤵
  PID:14304
- C:\Windows\System\UVmLUFM.exe
  C:\Windows\System\UVmLUFM.exe
  2⤵
  PID:6680
- C:\Windows\System\JSRfhjP.exe
  C:\Windows\System\JSRfhjP.exe
  2⤵
  PID:14180
- C:\Windows\System\MfQRBWb.exe
  C:\Windows\System\MfQRBWb.exe
  2⤵
  PID:1068
- C:\Windows\System\qWyhRYs.exe
  C:\Windows\System\qWyhRYs.exe
  2⤵
  PID:8608
- C:\Windows\System\vAgIWpJ.exe
  C:\Windows\System\vAgIWpJ.exe
  2⤵
  PID:10068
- C:\Windows\System\uYBmRQo.exe
  C:\Windows\System\uYBmRQo.exe
  2⤵
  PID:4544

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14316

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:12388

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13488

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jivqjmua.gxw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CfvBrzC.exe

Filesize
1.1MB

MD5
a00bf60f2613eb5805b10c4a7124cbe0

SHA1
29499f7cfdf7bf57d7196b61e2e62ab4786fc8b8

SHA256
b8fd62b0d6eadf33d49866ecba431c9322a6b4849a091b72dc04a47577c2830f

SHA512
3cc2e85df08e22261a940536f09a79ab6ce320c4e630120df711f3e77595c9ca50fe55d527978ae6e68d41d341a990abce7a2a80e58a2228295d1afcc131e92c

Download Submit
C:\Windows\System\CotxVwy.exe

Filesize
1.5MB

MD5
f3066a1bbc9a5cc6e11ee685598ff634

SHA1
bae5953fc0fc0725a4291af891768b2a2ac31216

SHA256
704a33e5a86d7591c84caf8c20f93241235c9104c6dacf8dea4ac1a125a1e7ce

SHA512
173b86eb47d4835245051147e7e679e318853e9f7ed9dfd875829d25283608d7ec4cd264d3bc5b43ec480012c080b8344c766449d00da403d6c9ed193bdb8ef6

Download Submit
C:\Windows\System\CuYZnQI.exe

Filesize
1.5MB

MD5
7567d4fb3f9aa6084db439d63d3a00d4

SHA1
0f06c19c7038d7c8217388576e11ddb9a87ad374

SHA256
c14d026a155f4d914b8bf8756d5e7808ec12c7ce4327194d759a8f8ac691eda1

SHA512
494d965583b0d6a8f37d251e5b9d7cd5750810a8ba12f84ebba0d66719bf192ae63ebc428b831b54be1490d3c224cab4ae9499b757d3b03573cb3a70dcbe67fe

Download Submit
C:\Windows\System\EVmjLMJ.exe

Filesize
1.5MB

MD5
6ad81ee956832ca28f65d689551953fb

SHA1
356a2d77aecfe6b6536303f3a6dee6eeeadb62a6

SHA256
75bb7490f751b65424087f23272d2e5023ebabff7a6d971d31edb0c1b3b9952d

SHA512
275e02ec3ddb2697768ff6a44b4cd6ffd04ce30f391739b8c4d9bd3e609417d510c47de19a76071f4f5857c38233989b400951fe6082b272b9c662bd048300cc

Download Submit
C:\Windows\System\FHAuQdb.exe

Filesize
1.5MB

MD5
fa53163539c768b284269693555e1d84

SHA1
7d378216751fd16851881585494c0c4b0a0511cb

SHA256
5bc0310cc8a82117ba0ea8d265b01d2f6e061e89ff92a9d103efeb91b9334441

SHA512
e9a20cb4ef33fa042d10d64a3da6ba29760a49890e927b5aac3a6c7af611aff1ffef2ad5c45601094c775db53ed61e1f8aa86fe2355605dbdf9b55ba013c548f

Download Submit
C:\Windows\System\FrsevEO.exe

Filesize
1.5MB

MD5
d8f49fa7fc5ee49ad6524e0705b53a1d

SHA1
a56245a6c05484de4feb4332ae30a5dd7c0a614f

SHA256
9f3286f36924b62b9e55d198fef397e1906c0510adfc0ae31dd326289f58f3da

SHA512
de4e9af1b7c67c4db0a26f3ee46664853a6f0986cf177bd20538da39b2da0aea8f9521411ec096f26c48a041620d678ce09fa60a18de95b6c704a746723f3fc7

Download Submit
C:\Windows\System\JqdLjof.exe

Filesize
1.5MB

MD5
df5fdeb62f700dfde46e9763b258011d

SHA1
7376b5a38287e200001c7440e3b552593550352c

SHA256
deed1c8c8584252a6126088d78aa305a998a65b2a22add8896dca89d16ace260

SHA512
9c72bbe2774956d2e9a2b93dd57b9367f3c5a87efdc158422185c1dc3b3bc7c37902f3f5db174fa84e4a2ebefb9ec859c9222d8ca8f76fe8bf4c8ffe6676848d

Download Submit
C:\Windows\System\MGBKBPV.exe

Filesize
1.5MB

MD5
f9ce63defb4b61c9d2f71dc1c0f41866

SHA1
d13d14a566e469c9b57e2ed9b042718476a5de82

SHA256
359405edbd224feace95cb11fc21b6b9bc04a912580983797a60785fb81a0e79

SHA512
85875559b9bfae1ff7b21e51507a59aadcad305f0eee15d8f9bd39d663f9ef0d8559f21000a65626cfc87a26a7a8c5d10988750d4d98c3b8f84e15927d9b9e12

Download Submit
C:\Windows\System\MiIQfZP.exe

Filesize
8B

MD5
66bd487d69202ef8b2b1bb2e1931ebf3

SHA1
6297e827d2cc12ba96555851f82fc059665704b0

SHA256
4443ea8760d035c6b4f05df6df4c7e7ad9c5afa8dead954bce57dab5a5afcf1e

SHA512
9e09fc0a19c454ee0cecdc74d2823aed9c4a94ebbcd2ca5a3004beafcda66afd0bc9b7ffcaee69b05991566849eedce2fe3d3b28ecd596511f3194e8d04c5acc

Download Submit
C:\Windows\System\OKHTZSR.exe

Filesize
1.5MB

MD5
2ea5f402f8a2b0156f39b69632f1add6

SHA1
d3900013b4b75761ee6c92d0e04e62ee0f320442

SHA256
7db112009aa3330116967f625f8f065655aac2868903fba8c33b87409d5fe4e6

SHA512
0eb15837594e8d3d92497df29f05da6aadc00c462ef0dc3bcf16e658e65879cf630a76859cbe72d5f285a137f8f0c2dd5658881d768f0b5ecdfbc728fd35a1d2

Download Submit
C:\Windows\System\PJdwIkt.exe

Filesize
1.5MB

MD5
3a80e7b6ff6d731f4a489352f51c5f57

SHA1
d69ebe246a1f9993a79bba75495e875c5b6fb15b

SHA256
4d7d0169312f4a19e81d87ea320fa3593961df10a3bea43511c6c1fea2481028

SHA512
c3d2ab17139a94450f10b88310eb05737c2cb642c5427da728c3cc251be83385957c8fc9d2b3933278b739a075ac8f046a8cb0d695cbaca78828cebae24f8e37

Download Submit
C:\Windows\System\SAcqVln.exe

Filesize
1.5MB

MD5
6374cb21a8419a43c3671b2a463613c8

SHA1
17e0d87fdecf0cad00221effa76c067b0dab07cf

SHA256
79479cb0fc7f7e482d10339a9f082a9a856e0fc9b8782047ff5c1cd90d4944aa

SHA512
c9bb9cd39b8aa4aef67c91b5e37c51c559979415dd603bd6f0fb96a10b3e06e34db01ad3688ac500b1b26d2fd700b006620844f5f1c2f5f7bad33ddf9c638222

Download Submit
C:\Windows\System\SBkKhok.exe

Filesize
1.5MB

MD5
16addefbc755def0df5424f76827189a

SHA1
95ed45c5b99fb1ef986f6d88be61a2b54b1ef467

SHA256
81e45105ad0328879305ac938ad5bcf5e86d72e6ddd7adecc59d732f0312dbc3

SHA512
622fd77a9b3e35045639a32a0c3a0988bf41a03a7e5bb65b2a66baa3a7e60e88fd5e2efa43864385a93308425b6aaacc56c678f1d6d195c6fe8db03ac3f960cd

Download Submit
C:\Windows\System\SHWeeYd.exe

Filesize
1.5MB

MD5
8fc2abae96a5635f8c6d44fa1f38d789

SHA1
72b32a46376fcfe311e449da56af8d07a8a6f1bc

SHA256
a612d2b9d767b78e486d85bebb9064e11be2d9106e82d90c62529ea45f5466a7

SHA512
b6056976286d88e647cab2fb66cb4eff947dd30630a1a224d8df6d243dcd1366cacb50ffd6996d31d6a85bebf095e05f2b29befc1c30ae6e2c5e2d2287cbb04f

Download Submit
C:\Windows\System\TFaiIBT.exe

Filesize
1.5MB

MD5
503f3c3549b00ba037f7b8ba653c983b

SHA1
5fe37dad5e188a5d37aa8b9bff8f993fdf9b6859

SHA256
7f130a572384cc14a2baaab7a1fad179650b29e308a8c35cc86d0a02274dee35

SHA512
7544038feebabfaeeb017b0acdb0fb78e5792075fdfffe1003e163e686fb147d5aeab1f3f3c47c555749fc2c9b559c119400770ab8a7384c112e9741a2751024

Download Submit
C:\Windows\System\TdHBeqb.exe

Filesize
1.5MB

MD5
2bda5dc9111a19bc1580aed728c5182c

SHA1
1a65d530bf8e7a7909cf2fa638ae2780d89cbd18

SHA256
7f5c0964cf547c23b4c8065d93a7604a1ef1e1e25f945e263a3ad7421e00db2a

SHA512
4eb3961f78120e9fa356fbf4ee5f3fa1dfd7b70eb9086c9e97100133c2dbdf950325e556cff1e9e09dcaa39e8475d845f79e9eb628c5b0cc2599cff62ae65b11

Download Submit
C:\Windows\System\TquulYB.exe

Filesize
1.5MB

MD5
f3f91ba5ba211750dbaf394680a9cc08

SHA1
148687f4e33fdaf86aefab88b2530f03c61b3867

SHA256
e137dfe2280cbd7f959d4d825cede80738cc8703711d812e814de52f4a61b05f

SHA512
957ede2af57e72249e27a0ad0e2b12610268646e41f03dbf0cb3f38350b704e33f63737e7eb0e41fc7a5796bb1b9e971ff4ce377b82a8eacd314b784189cb81f

Download Submit
C:\Windows\System\WdxcRCA.exe

Filesize
1.5MB

MD5
7590f52576f61e7b35d8bccfc14b58ac

SHA1
d15a9cb9edf27a603af772f548f5ad99cb8b13f8

SHA256
ea615eecbda20700d7ea54af0f16b8315a9ce4c435cff91a2e47fb1ad1773ca3

SHA512
1a7cd0e0a95e6ad321be642ba7eaddbb50279cc42d3709f69d6bf8ff3392fdf4aebfcd9806980cd38dd9295ba576618ef433fd9199912ee58d75a34b914eae5b

Download Submit
C:\Windows\System\XBdfiLN.exe

Filesize
1.5MB

MD5
3732d89399e68e26a65d0224050fa324

SHA1
beeee226760e283dcd16be62e961cae940b3956f

SHA256
8f703fb41d35ff4b1090d0cb15b89b7794f68c44d07cbffd500799029accc449

SHA512
ddf474b261d11483572eed24bcd673f6e01e7a0a76cb9bcbd07b3797e501c0a7bee6ab3e26b63e13e52f9b973ee702d1786c3ea1cfd88cd4c2da5ab372e159ae

Download Submit
C:\Windows\System\YsTGMZt.exe

Filesize
1.5MB

MD5
df30d84be034a44348d80e958bdf54fd

SHA1
62560a206c952b1eb7fb17c67789a6ab596062f0

SHA256
b6bc2fed1abe731b828bf1f5d717fce08a0112599894cf65d414470f7372495d

SHA512
448575b50c1a1e55184c7173e3bab30c073f65e7cc86ea40096ebcacd58df3bfcc73e4dfecb12b4cf2a895faff039d2bc8e600f62c21b2141494d495884ab3d2

Download Submit
C:\Windows\System\YsWaeYO.exe

Filesize
1.5MB

MD5
b4cd1726be0482238eca5bfc37af77c6

SHA1
a34df67f4ac0c70daca53d522c0d28d912164738

SHA256
86cc473acb2cf5ae8292b1374aff3f141d8a43a51a219f7d3ffb8d38d9357d3d

SHA512
12558d90feab02932eaea0a7af385a2f1a7ae1969926b8827b787b8e39d0fe3f13fb022fd27820c624d041d35fea5a0e1bdd5d0907c4080b1fb0daf9cbb827ce

Download Submit
C:\Windows\System\aBPAGFy.exe

Filesize
1.5MB

MD5
891bbb2671284ee7fa856b76dbd77248

SHA1
ca557d723475406deaeb4561daf162f685357634

SHA256
3d54964c38af6879f76c116da854e99047a32056935a7eacd86a237060c01742

SHA512
6f0e48af1f60a8f593cedb31d0df3c773bf83db6886e4432db6b40d7759456e7da422fa9bda193cf0bfdd73e2b1a2ae3970ccfa17c957a886d545781aa22b72a

Download Submit
C:\Windows\System\aiBgEHQ.exe

Filesize
1.5MB

MD5
4801461ec226282a3a60b03db26c3f41

SHA1
c6ba9c3a00695c76d2152b8840460625c6a4361e

SHA256
e158d1f02ea0acab6e42cbcb220e22c0cceca84ce1052c81f4ea50b4e9ddb5f8

SHA512
521d0542f92de33368c908c48d79b389cd0f430ff7e70de9f75b954c2c36af5dfdcda63fe63cf77af829c7061919a42920104b192ff4af7ed470bd5e737ce7c9

Download Submit
C:\Windows\System\cFHdgIQ.exe

Filesize
1.5MB

MD5
02414f06681f0093ce17be0e29d653a8

SHA1
54290a15785159d9fa9d5303708b8731d06fc64a

SHA256
1191dc6ba44b2a00d062a4430d28932d6275e1b2fcc26395cac37df0fa9bdf81

SHA512
ae3879d6f4c6da88bf20f1f6511066c3cc0f70b3289c0fd273ee44fae2f956246dc803fcf6cd85b6f3ab001568dd6e0e402d268086475640eb7d36024f4f3b22

Download Submit
C:\Windows\System\cIbDnRD.exe

Filesize
1.5MB

MD5
a68de69667f05b837bbdb14db9683e92

SHA1
801c469eeac3e4097610e41c7dafe12bcdcb6c96

SHA256
6e4be3c2c4c3d0aca20f11b4adf4cf69497ae7c00e59f147a0afb443b3b9c782

SHA512
55b6a4813db122183be40c2f2d765cb4e60c64af49e5fc98f52b6e94d29f6aaf5162099e0147d7c7fa3bdab10ba7cd6f0815cae961d961558dcb509ce8d7b77a

Download Submit
C:\Windows\System\caSEBuy.exe

Filesize
1.5MB

MD5
b35bd2b2354a6f0698e2ad2538885ed9

SHA1
3d1487d2668dc65dcb4ab78816efbc9b47857b6f

SHA256
68fd015998f1995f1d9e1b43eb534291886b3ee057ba3ea4a82adaf973a18402

SHA512
316e4e409b46bbee352ce2531d6162dcea6330ed7d5477cf3bcde11f0c63471be9023f3567889fb66278a0859121aa30828e02b564fab55f9b9eabae4d91a367

Download Submit
C:\Windows\System\emFnJOL.exe

Filesize
1.5MB

MD5
d0ce3cd267d727f48968e0b361141392

SHA1
60eb796d08d4e4c4f3dd7653f98b212e1ac36f1b

SHA256
a05ff2862981403e9347fc04eab687e749a574f58ac72c86e7eede67b59aec8b

SHA512
17ee5228549edd40bf7fba05a91e8c73405913ee82c03416f65a2d0d7714fbcde066128baa859178dafe0ff309a107204aaf3c614fd8a2d779c96e1a91bcb18e

Download Submit
C:\Windows\System\hxeBPNA.exe

Filesize
1.5MB

MD5
28963301f364a20e776ddb06ef1723cb

SHA1
f7e6a934ac2d10e63be10640c7f68dc055bcb4ea

SHA256
8a74e00b71a5fb0e55adf023324e00ffdce85d8959196ac2e6960921be46b6ec

SHA512
f14e5793c0b82077c522475d8293a10703ba0f38c28aaabb59a127da9dc76c0048cff0c675528a126998e17d59a2da71d85b81d294b6e6402b8ed2c451d9b0d1

Download Submit
C:\Windows\System\jsSjKzu.exe

Filesize
1.5MB

MD5
d03bcaa49dfa58b5b4c9ca0f536b4843

SHA1
d44f52e990c85c016047af6124aeb716256b1c8e

SHA256
b2f766cf7a4c676f153f98ea476cadd0f6050a4a187b00a302ce49c4507cfcad

SHA512
0ee85ce82018f50e3cdf54a5d205d55ea537eab456c29ccd8ee3905f342192255d0a5a70e0de7534c856902f02b760010a84d060c7616053a73b2003e94384ec

Download Submit
C:\Windows\System\kiBjrYL.exe

Filesize
1.5MB

MD5
4e4854099e61a89a23e8596e39f06e86

SHA1
6b7fe230db40bc733363186b4167161c49e984f5

SHA256
38fd58119671de7e0a27dc3b83adc3c5cacd45d866dd122c9ac80982d1b9ea14

SHA512
265c540d1bb177b47adfc0c1d205424302e598be964ae16aaf172456c4fd285d6506c978258371ed56eb6aaa7f6939393fecaea04fae381d64e025bd6900e1b2

Download Submit
C:\Windows\System\kuiyHDI.exe

Filesize
1.5MB

MD5
856bb9acccf6c2b78ffa0a77d67effbe

SHA1
51ed293ca2520bc3f860bea714d3d9bd625c44d0

SHA256
c81c1bf8be2492fd3ed93a3b831a35e484540be0f96141869bd6ff5e41895d7b

SHA512
41fe53d390530a5e2e128a51fc831617b95716c82a6f22a33459cb7e2ae55120acea382d7bb2d12ea6091cbfd21ff3da4a41b4c313c09f7fe8f0524d1cda8d54

Download Submit
C:\Windows\System\lBVNEQz.exe

Filesize
1.5MB

MD5
d154adbe892aa35f85e345d23038f362

SHA1
8fb5845a0ce427c58f051a524fc0c2db32cecd4c

SHA256
e43759b23c01ca465e5440616072fb2d7a1f92d157e39c0cb540b6aa7f2911fa

SHA512
dcf21a13d10677b927631493acc132d9756a9b945433b4990cf5ab6c221d1df25a9d551ee080edd68215f603a25977cb9097e1bd13d261850a409d613abcb781

Download Submit
C:\Windows\System\nmWgcmA.exe

Filesize
1.5MB

MD5
2fe1bab552f0a952cda49ec1eb76da95

SHA1
7740c37493e82c5b7eac012a34e0cbc1dcbb1e6e

SHA256
a671d8b0d669ad9bebb315925f4c82ecd619dc4304308ee742cb9a023bf2d225

SHA512
e9b62739ee00af085a99a6e850bfceca29d6e83de3e1f56161498ade901ea95d9de37ff2468cbfc957d938dcfd7222498ead63d3b3862d168d4723953dd919c8

Download Submit
C:\Windows\System\oiWiLMm.exe

Filesize
1.5MB

MD5
3f5d6f02f67aae162af5988e15f2d17c

SHA1
bb875dfa25ac2cae70bb8e3bd5e0346a0edc7658

SHA256
32dc051edc0342b12ca080c6ddab1dac39a318f9ed380ad127718e65976bf7c9

SHA512
25da2a84c592ee6115337507600d8a6265f88d68cc645c829fb416d8ac5759851caa8e22711325c2d9af352b9f6fbd7473a7eb7fa396909d44e397259bbb0b8e

Download Submit
C:\Windows\System\rergVlT.exe

Filesize
1.5MB

MD5
49f3cf949318d98a025f68f10986d4dd

SHA1
f47de0b752543ca561873bc1531c932543247f6b

SHA256
a8b5d54a8e1c63726bac0fe542cacc86d674e1eb909da8efd0ceaa1a0d8b1411

SHA512
a6e2bcbc4ee518ea52f0816d6c49255ae7b4b9c1d69ac299374d080c866ed8b6a36ba1dbc9435116f7757f83b892eb6d4508fd6774eb3c57cccde4daecab8b46

Download Submit
C:\Windows\System\tukkPaV.exe

Filesize
1.5MB

MD5
c28a4f8a83a5046a63352b5774cfb540

SHA1
c7dbcbf8576b67f1e747b0ea3ba6355a3dd2a03d

SHA256
a8fa8052152edec47ca961a9a929864900eadbd952e10020f3494e7d69f6ffe8

SHA512
612eb0adbabb6b00d1fdf117504d73243415ddb7eb27e16529ad69ec21ce144ec2e57f4de033d36759f643b83723620a1540588a015ab8e058de1de28121bc31

Download Submit
C:\Windows\System\vDFeDvh.exe

Filesize
1.5MB

MD5
e848e3c0d6f69ff9d9b08deb096c7e57

SHA1
c147adabf29e2410d28e4c70ed6ee9fb8b2cb09f

SHA256
473d5bcc3ac01e9fb33149d330f60169c8da6e88c28df8e2c7e1526322a12b60

SHA512
7328cf41c3a6aacfbebdf574d6a0642ba7be1772ff40d4a939809f09cbc716b2ee8f76e2f18b461fc10496f1148f956dc1153ac6c09187358834a7f55a8bd393

Download Submit
C:\Windows\System\vtJVTOM.exe

Filesize
1.5MB

MD5
09b49bb9414c31b4a773a94f9e94d253

SHA1
9b7fa98aa8d739d2263cc383c38852fd1ce389b1

SHA256
9c3638ed326185936ce413538f92a3095d857632425b81554c9a5178a35f417a

SHA512
4d6f379dd05f788b22785c142eacfe0fb7e46343bbce050f0244796b10f30fae9c676b6fe0ab50b598ed58c22c47ecaf9c840d5705764c4b55a1410cdae236a8

Download Submit
C:\Windows\System\wAjvTPI.exe

Filesize
1.5MB

MD5
00372631e2fc40375106bd55ea0a382d

SHA1
0685af6b7fd6ae85cb7bcc5b03aa6ffe238298f4

SHA256
ba33317e4e044d41fbc11d7fd2800a281ded99c9630c74526d464e5203f398ab

SHA512
e8f557eb2dc4326b6c8b6082fdf20659e76d99061891c2b07662f69e3dae518014a0c29427d00d7c24d30a7ad80fdcbcbaf8113303c1dcf25ec039d4ca8937b6

Download Submit
C:\Windows\System\zkIVSjV.exe

Filesize
1.5MB

MD5
94836da7fcf186f439d6e8976715581f

SHA1
1dc33ed0de9bfd6a2eae089d402a7145cf3a9f55

SHA256
6467e4525611c27608c901a6a180cedff2c5c0109be4fc2e671a792af69a3163

SHA512
f94e1d19aa112d19e323e085bb24b093ffa72e83c5516299dd26a2883235a584857dd6b7304b85c7dc16a46ba8a9669dab8bff92139276924e8124aefa399eff

Download Submit
memory/1084-595-0x00007FF60FF20000-0x00007FF610312000-memory.dmp

Filesize
3.9MB

Download
memory/1084-3234-0x00007FF60FF20000-0x00007FF610312000-memory.dmp

Filesize
3.9MB

Download
memory/1188-355-0x00007FF76D160000-0x00007FF76D552000-memory.dmp

Filesize
3.9MB

Download
memory/1188-3263-0x00007FF76D160000-0x00007FF76D552000-memory.dmp

Filesize
3.9MB

Download
memory/1208-3229-0x00007FF6BEAC0000-0x00007FF6BEEB2000-memory.dmp

Filesize
3.9MB

Download
memory/1208-0-0x00007FF6BEAC0000-0x00007FF6BEEB2000-memory.dmp

Filesize
3.9MB

Download
memory/1208-1-0x0000020A12070000-0x0000020A12080000-memory.dmp

Filesize
64KB

Download
memory/1400-632-0x00007FF7ADAF0000-0x00007FF7ADEE2000-memory.dmp

Filesize
3.9MB

Download
memory/1400-3238-0x00007FF7ADAF0000-0x00007FF7ADEE2000-memory.dmp

Filesize
3.9MB

Download
memory/1476-349-0x00007FF744570000-0x00007FF744962000-memory.dmp

Filesize
3.9MB

Download
memory/1476-3286-0x00007FF744570000-0x00007FF744962000-memory.dmp

Filesize
3.9MB

Download
memory/1544-351-0x00007FF758820000-0x00007FF758C12000-memory.dmp

Filesize
3.9MB

Download
memory/1544-3277-0x00007FF758820000-0x00007FF758C12000-memory.dmp

Filesize
3.9MB

Download
memory/2428-35-0x00007FF6D57F0000-0x00007FF6D5BE2000-memory.dmp

Filesize
3.9MB

Download
memory/2428-3242-0x00007FF6D57F0000-0x00007FF6D5BE2000-memory.dmp

Filesize
3.9MB

Download
memory/2472-97-0x00007FF7C2DB0000-0x00007FF7C31A2000-memory.dmp

Filesize
3.9MB

Download
memory/2472-3255-0x00007FF7C2DB0000-0x00007FF7C31A2000-memory.dmp

Filesize
3.9MB

Download
memory/2516-832-0x00007FF667D80000-0x00007FF668172000-memory.dmp

Filesize
3.9MB

Download
memory/2516-3240-0x00007FF667D80000-0x00007FF668172000-memory.dmp

Filesize
3.9MB

Download
memory/2716-1011-0x00007FF737090000-0x00007FF737482000-memory.dmp

Filesize
3.9MB

Download
memory/2716-3279-0x00007FF737090000-0x00007FF737482000-memory.dmp

Filesize
3.9MB

Download
memory/2728-3246-0x00007FF79E760000-0x00007FF79EB52000-memory.dmp

Filesize
3.9MB

Download
memory/2728-132-0x00007FF79E760000-0x00007FF79EB52000-memory.dmp

Filesize
3.9MB

Download
memory/3036-526-0x00007FF6DD120000-0x00007FF6DD512000-memory.dmp

Filesize
3.9MB

Download
memory/3036-3269-0x00007FF6DD120000-0x00007FF6DD512000-memory.dmp

Filesize
3.9MB

Download
memory/3044-3282-0x00007FF653D40000-0x00007FF654132000-memory.dmp

Filesize
3.9MB

Download
memory/3044-352-0x00007FF653D40000-0x00007FF654132000-memory.dmp

Filesize
3.9MB

Download
memory/3240-3250-0x00007FF7ADA20000-0x00007FF7ADE12000-memory.dmp

Filesize
3.9MB

Download
memory/3240-708-0x00007FF7ADA20000-0x00007FF7ADE12000-memory.dmp

Filesize
3.9MB

Download
memory/3264-304-0x00007FF69AA80000-0x00007FF69AE72000-memory.dmp

Filesize
3.9MB

Download
memory/3264-3265-0x00007FF69AA80000-0x00007FF69AE72000-memory.dmp

Filesize
3.9MB

Download
memory/3444-133-0x00000273548C0000-0x00000273548D0000-memory.dmp

Filesize
64KB

Download
memory/3444-487-0x0000027354800000-0x0000027354822000-memory.dmp

Filesize
136KB

Download
memory/3444-134-0x00000273548C0000-0x00000273548D0000-memory.dmp

Filesize
64KB

Download
memory/3444-528-0x00007FFA19513000-0x00007FFA19515000-memory.dmp

Filesize
8KB

Download
memory/3592-3236-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp

Filesize
3.9MB

Download
memory/3592-19-0x00007FF7FCA20000-0x00007FF7FCE12000-memory.dmp

Filesize
3.9MB

Download
memory/3920-488-0x00007FF6E7140000-0x00007FF6E7532000-memory.dmp

Filesize
3.9MB

Download
memory/3920-3267-0x00007FF6E7140000-0x00007FF6E7532000-memory.dmp

Filesize
3.9MB

Download
memory/4404-3272-0x00007FF7C62B0000-0x00007FF7C66A2000-memory.dmp

Filesize
3.9MB

Download
memory/4404-348-0x00007FF7C62B0000-0x00007FF7C66A2000-memory.dmp

Filesize
3.9MB

Download
memory/4560-3244-0x00007FF606D80000-0x00007FF607172000-memory.dmp

Filesize
3.9MB

Download
memory/4560-51-0x00007FF606D80000-0x00007FF607172000-memory.dmp

Filesize
3.9MB

Download
memory/4652-142-0x00007FF62C0E0000-0x00007FF62C4D2000-memory.dmp

Filesize
3.9MB

Download
memory/4652-3292-0x00007FF62C0E0000-0x00007FF62C4D2000-memory.dmp

Filesize
3.9MB

Download
memory/4844-350-0x00007FF7C5DD0000-0x00007FF7C61C2000-memory.dmp

Filesize
3.9MB

Download
memory/4844-3248-0x00007FF7C5DD0000-0x00007FF7C61C2000-memory.dmp

Filesize
3.9MB

Download
memory/4936-219-0x00007FF6E2F70000-0x00007FF6E3362000-memory.dmp

Filesize
3.9MB

Download
memory/4936-3257-0x00007FF6E2F70000-0x00007FF6E3362000-memory.dmp

Filesize
3.9MB

Download
memory/4976-3288-0x00007FF7D3870000-0x00007FF7D3C62000-memory.dmp

Filesize
3.9MB

Download
memory/4976-271-0x00007FF7D3870000-0x00007FF7D3C62000-memory.dmp

Filesize
3.9MB

Download
memory/5044-3260-0x00007FF7BD010000-0x00007FF7BD402000-memory.dmp

Filesize
3.9MB

Download
memory/5044-353-0x00007FF7BD010000-0x00007FF7BD402000-memory.dmp

Filesize
3.9MB

Download
memory/5048-354-0x00007FF727730000-0x00007FF727B22000-memory.dmp

Filesize
3.9MB

Download
memory/5048-3275-0x00007FF727730000-0x00007FF727B22000-memory.dmp

Filesize
3.9MB

Download