xmrig | 01fab6af9a6c3ab85a4df7c8b7abda0de2c9501499e6c22289aac58c0de903f9

Analysis

max time kernel
126s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
Size

1.9MB
MD5

4a752f14d3b4f122bab8199fcdb115f0
SHA1

4db5ca0b24d224572d85e2b533364b8fa3a4f0f7
SHA256

01fab6af9a6c3ab85a4df7c8b7abda0de2c9501499e6c22289aac58c0de903f9
SHA512

30aae33ed4576204aa5acc9f2b77fca5b3895c60251f71f6f218deb2abaa0f5709e4f46711bb21c859be4450f1b4882aa70e818f48554a7b87feb9ef35bbe1e4
SSDEEP

49152:ROdWCCi7/raU56uL3pgrCEdMKPFo4BqwDAY:RWWBib356utgpPFog

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4396-31-0x00007FF699330000-0x00007FF699681000-memory.dmp	xmrig
behavioral2/memory/2040-325-0x00007FF6FBB70000-0x00007FF6FBEC1000-memory.dmp	xmrig
behavioral2/memory/3928-331-0x00007FF7F1CA0000-0x00007FF7F1FF1000-memory.dmp	xmrig
behavioral2/memory/2032-338-0x00007FF718CE0000-0x00007FF719031000-memory.dmp	xmrig
behavioral2/memory/4832-343-0x00007FF7A0B40000-0x00007FF7A0E91000-memory.dmp	xmrig
behavioral2/memory/940-347-0x00007FF6902E0000-0x00007FF690631000-memory.dmp	xmrig
behavioral2/memory/2620-353-0x00007FF6D08A0000-0x00007FF6D0BF1000-memory.dmp	xmrig
behavioral2/memory/872-352-0x00007FF7B09E0000-0x00007FF7B0D31000-memory.dmp	xmrig
behavioral2/memory/4924-351-0x00007FF681A10000-0x00007FF681D61000-memory.dmp	xmrig
behavioral2/memory/4812-350-0x00007FF78E7C0000-0x00007FF78EB11000-memory.dmp	xmrig
behavioral2/memory/3656-349-0x00007FF674500000-0x00007FF674851000-memory.dmp	xmrig
behavioral2/memory/3608-348-0x00007FF65E8D0000-0x00007FF65EC21000-memory.dmp	xmrig
behavioral2/memory/3984-346-0x00007FF756BF0000-0x00007FF756F41000-memory.dmp	xmrig
behavioral2/memory/2384-345-0x00007FF76E6A0000-0x00007FF76E9F1000-memory.dmp	xmrig
behavioral2/memory/2232-344-0x00007FF6183F0000-0x00007FF618741000-memory.dmp	xmrig
behavioral2/memory/4772-342-0x00007FF674CF0000-0x00007FF675041000-memory.dmp	xmrig
behavioral2/memory/5108-341-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp	xmrig
behavioral2/memory/3508-340-0x00007FF6DE3E0000-0x00007FF6DE731000-memory.dmp	xmrig
behavioral2/memory/2692-339-0x00007FF6AB850000-0x00007FF6ABBA1000-memory.dmp	xmrig
behavioral2/memory/2668-337-0x00007FF609070000-0x00007FF6093C1000-memory.dmp	xmrig
behavioral2/memory/2912-335-0x00007FF744EC0000-0x00007FF745211000-memory.dmp	xmrig
behavioral2/memory/652-322-0x00007FF7431A0000-0x00007FF7434F1000-memory.dmp	xmrig
behavioral2/memory/2756-33-0x00007FF66B830000-0x00007FF66BB81000-memory.dmp	xmrig
behavioral2/memory/2896-1889-0x00007FF77D620000-0x00007FF77D971000-memory.dmp	xmrig
behavioral2/memory/964-1903-0x00007FF6FCFF0000-0x00007FF6FD341000-memory.dmp	xmrig
behavioral2/memory/4716-2228-0x00007FF688260000-0x00007FF6885B1000-memory.dmp	xmrig
behavioral2/memory/4580-2230-0x00007FF6698C0000-0x00007FF669C11000-memory.dmp	xmrig
behavioral2/memory/1484-2231-0x00007FF7FB8E0000-0x00007FF7FBC31000-memory.dmp	xmrig
behavioral2/memory/964-2236-0x00007FF6FCFF0000-0x00007FF6FD341000-memory.dmp	xmrig
behavioral2/memory/2844-2238-0x00007FF62C010000-0x00007FF62C361000-memory.dmp	xmrig
behavioral2/memory/4396-2240-0x00007FF699330000-0x00007FF699681000-memory.dmp	xmrig
behavioral2/memory/2756-2242-0x00007FF66B830000-0x00007FF66BB81000-memory.dmp	xmrig
behavioral2/memory/3208-2244-0x00007FF7D0B50000-0x00007FF7D0EA1000-memory.dmp	xmrig
behavioral2/memory/4716-2246-0x00007FF688260000-0x00007FF6885B1000-memory.dmp	xmrig
behavioral2/memory/4580-2248-0x00007FF6698C0000-0x00007FF669C11000-memory.dmp	xmrig
behavioral2/memory/1484-2252-0x00007FF7FB8E0000-0x00007FF7FBC31000-memory.dmp	xmrig
behavioral2/memory/2620-2251-0x00007FF6D08A0000-0x00007FF6D0BF1000-memory.dmp	xmrig
behavioral2/memory/2040-2256-0x00007FF6FBB70000-0x00007FF6FBEC1000-memory.dmp	xmrig
behavioral2/memory/652-2254-0x00007FF7431A0000-0x00007FF7434F1000-memory.dmp	xmrig
behavioral2/memory/2912-2258-0x00007FF744EC0000-0x00007FF745211000-memory.dmp	xmrig
behavioral2/memory/3928-2260-0x00007FF7F1CA0000-0x00007FF7F1FF1000-memory.dmp	xmrig
behavioral2/memory/2668-2262-0x00007FF609070000-0x00007FF6093C1000-memory.dmp	xmrig
behavioral2/memory/2032-2264-0x00007FF718CE0000-0x00007FF719031000-memory.dmp	xmrig
behavioral2/memory/2692-2266-0x00007FF6AB850000-0x00007FF6ABBA1000-memory.dmp	xmrig
behavioral2/memory/5108-2270-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp	xmrig
behavioral2/memory/3508-2269-0x00007FF6DE3E0000-0x00007FF6DE731000-memory.dmp	xmrig
behavioral2/memory/3608-2316-0x00007FF65E8D0000-0x00007FF65EC21000-memory.dmp	xmrig
behavioral2/memory/4812-2320-0x00007FF78E7C0000-0x00007FF78EB11000-memory.dmp	xmrig
behavioral2/memory/4924-2322-0x00007FF681A10000-0x00007FF681D61000-memory.dmp	xmrig
behavioral2/memory/872-2324-0x00007FF7B09E0000-0x00007FF7B0D31000-memory.dmp	xmrig
behavioral2/memory/3656-2318-0x00007FF674500000-0x00007FF674851000-memory.dmp	xmrig
behavioral2/memory/940-2314-0x00007FF6902E0000-0x00007FF690631000-memory.dmp	xmrig
behavioral2/memory/2384-2310-0x00007FF76E6A0000-0x00007FF76E9F1000-memory.dmp	xmrig
behavioral2/memory/4832-2308-0x00007FF7A0B40000-0x00007FF7A0E91000-memory.dmp	xmrig
behavioral2/memory/2232-2294-0x00007FF6183F0000-0x00007FF618741000-memory.dmp	xmrig
behavioral2/memory/3984-2312-0x00007FF756BF0000-0x00007FF756F41000-memory.dmp	xmrig
behavioral2/memory/4772-2289-0x00007FF674CF0000-0x00007FF675041000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

hAMjVlK.exeGsINpos.exeoiuuPMD.exeqIOVSrT.exegOwSSlO.exebHaaGvx.exehZPdZoQ.exeRzFcWqr.exedSUGbOx.exeixTdDeA.exesVHjSBe.exeIoVprgL.exeCkyMIUR.exeBaKbTOs.exeHFgfonQ.exekAugmDs.exeLyyFEle.exeIuWQMXy.exeeXLxtmE.exeeYnGWTP.exeJoOYgbt.exeSPWxnPw.exeiomGrBJ.exeRCDijVb.exeZKXbcGY.exeFzUSzok.exeOsRZPEX.exejuaKbJv.exeBKUZCvJ.exeZKduMFA.exeZPlVawt.exewVdifAk.exexvTWwXb.exeOGCpboe.exeTeaYmAp.exeUnKZoIU.exeykWzQkR.exebxJbDlp.exeGqIyTrD.exeOzgWykt.exeLmBquhk.exepYrMVpC.exetSWlnvP.exemcUInRf.exexHVmQOD.exeyOjzLyB.exefhWXkkH.exekSeXXhj.exeYTpxhqP.exelbUFJpA.exejogsYqR.exeiDJVikV.exeNLvToTX.exevbygqYl.exeQiEznhH.exevBGQTRY.exeKtbtvNS.exegCfiPSc.exerkRMyji.exeJNofXqx.exeWMPLUoO.exefXTOauW.exeNFTPHcn.exeGGnvymT.exe

pid	process
964	hAMjVlK.exe
2844	GsINpos.exe
3208	oiuuPMD.exe
4396	qIOVSrT.exe
2756	gOwSSlO.exe
4580	bHaaGvx.exe
4716	hZPdZoQ.exe
1484	RzFcWqr.exe
2620	dSUGbOx.exe
652	ixTdDeA.exe
2040	sVHjSBe.exe
3928	IoVprgL.exe
2912	CkyMIUR.exe
2668	BaKbTOs.exe
2032	HFgfonQ.exe
2692	kAugmDs.exe
3508	LyyFEle.exe
5108	IuWQMXy.exe
4772	eXLxtmE.exe
4832	eYnGWTP.exe
2232	JoOYgbt.exe
2384	SPWxnPw.exe
3984	iomGrBJ.exe
940	RCDijVb.exe
3608	ZKXbcGY.exe
3656	FzUSzok.exe
4812	OsRZPEX.exe
4924	juaKbJv.exe
872	BKUZCvJ.exe
4240	ZKduMFA.exe
2328	ZPlVawt.exe
2944	wVdifAk.exe
1932	xvTWwXb.exe
3956	OGCpboe.exe
3256	TeaYmAp.exe
4288	UnKZoIU.exe
4952	ykWzQkR.exe
3788	bxJbDlp.exe
4100	GqIyTrD.exe
3932	OzgWykt.exe
2656	LmBquhk.exe
4260	pYrMVpC.exe
448	tSWlnvP.exe
228	mcUInRf.exe
2088	xHVmQOD.exe
2276	yOjzLyB.exe
4440	fhWXkkH.exe
552	kSeXXhj.exe
4336	YTpxhqP.exe
1712	lbUFJpA.exe
468	jogsYqR.exe
2776	iDJVikV.exe
1208	NLvToTX.exe
2652	vbygqYl.exe
4524	QiEznhH.exe
2320	vBGQTRY.exe
1840	KtbtvNS.exe
2420	gCfiPSc.exe
2948	rkRMyji.exe
3424	JNofXqx.exe
2864	WMPLUoO.exe
4960	fXTOauW.exe
432	NFTPHcn.exe
3192	GGnvymT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2896-0-0x00007FF77D620000-0x00007FF77D971000-memory.dmp	upx
C:\Windows\System\hAMjVlK.exe	upx
behavioral2/memory/964-11-0x00007FF6FCFF0000-0x00007FF6FD341000-memory.dmp	upx
C:\Windows\System\qIOVSrT.exe	upx
C:\Windows\System\oiuuPMD.exe	upx
C:\Windows\System\gOwSSlO.exe	upx
behavioral2/memory/4396-31-0x00007FF699330000-0x00007FF699681000-memory.dmp	upx
behavioral2/memory/4716-39-0x00007FF688260000-0x00007FF6885B1000-memory.dmp	upx
C:\Windows\System\RzFcWqr.exe	upx
C:\Windows\System\ixTdDeA.exe	upx
C:\Windows\System\sVHjSBe.exe	upx
C:\Windows\System\IoVprgL.exe	upx
C:\Windows\System\BaKbTOs.exe	upx
C:\Windows\System\LyyFEle.exe	upx
C:\Windows\System\IuWQMXy.exe	upx
C:\Windows\System\JoOYgbt.exe	upx
C:\Windows\System\ZKXbcGY.exe	upx
C:\Windows\System\BKUZCvJ.exe	upx
behavioral2/memory/2040-325-0x00007FF6FBB70000-0x00007FF6FBEC1000-memory.dmp	upx
behavioral2/memory/3928-331-0x00007FF7F1CA0000-0x00007FF7F1FF1000-memory.dmp	upx
behavioral2/memory/2032-338-0x00007FF718CE0000-0x00007FF719031000-memory.dmp	upx
behavioral2/memory/4832-343-0x00007FF7A0B40000-0x00007FF7A0E91000-memory.dmp	upx
behavioral2/memory/940-347-0x00007FF6902E0000-0x00007FF690631000-memory.dmp	upx
behavioral2/memory/2620-353-0x00007FF6D08A0000-0x00007FF6D0BF1000-memory.dmp	upx
behavioral2/memory/872-352-0x00007FF7B09E0000-0x00007FF7B0D31000-memory.dmp	upx
behavioral2/memory/4924-351-0x00007FF681A10000-0x00007FF681D61000-memory.dmp	upx
behavioral2/memory/4812-350-0x00007FF78E7C0000-0x00007FF78EB11000-memory.dmp	upx
behavioral2/memory/3656-349-0x00007FF674500000-0x00007FF674851000-memory.dmp	upx
behavioral2/memory/3608-348-0x00007FF65E8D0000-0x00007FF65EC21000-memory.dmp	upx
behavioral2/memory/3984-346-0x00007FF756BF0000-0x00007FF756F41000-memory.dmp	upx
behavioral2/memory/2384-345-0x00007FF76E6A0000-0x00007FF76E9F1000-memory.dmp	upx
behavioral2/memory/2232-344-0x00007FF6183F0000-0x00007FF618741000-memory.dmp	upx
behavioral2/memory/4772-342-0x00007FF674CF0000-0x00007FF675041000-memory.dmp	upx
behavioral2/memory/5108-341-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp	upx
behavioral2/memory/3508-340-0x00007FF6DE3E0000-0x00007FF6DE731000-memory.dmp	upx
behavioral2/memory/2692-339-0x00007FF6AB850000-0x00007FF6ABBA1000-memory.dmp	upx
behavioral2/memory/2668-337-0x00007FF609070000-0x00007FF6093C1000-memory.dmp	upx
behavioral2/memory/2912-335-0x00007FF744EC0000-0x00007FF745211000-memory.dmp	upx
behavioral2/memory/652-322-0x00007FF7431A0000-0x00007FF7434F1000-memory.dmp	upx
C:\Windows\System\xvTWwXb.exe	upx
C:\Windows\System\ZPlVawt.exe	upx
C:\Windows\System\wVdifAk.exe	upx
C:\Windows\System\ZKduMFA.exe	upx
C:\Windows\System\juaKbJv.exe	upx
C:\Windows\System\OsRZPEX.exe	upx
C:\Windows\System\FzUSzok.exe	upx
C:\Windows\System\RCDijVb.exe	upx
C:\Windows\System\iomGrBJ.exe	upx
C:\Windows\System\SPWxnPw.exe	upx
C:\Windows\System\eYnGWTP.exe	upx
C:\Windows\System\eXLxtmE.exe	upx
C:\Windows\System\kAugmDs.exe	upx
C:\Windows\System\HFgfonQ.exe	upx
C:\Windows\System\CkyMIUR.exe	upx
behavioral2/memory/1484-64-0x00007FF7FB8E0000-0x00007FF7FBC31000-memory.dmp	upx
C:\Windows\System\dSUGbOx.exe	upx
C:\Windows\System\hZPdZoQ.exe	upx
C:\Windows\System\bHaaGvx.exe	upx
behavioral2/memory/4580-42-0x00007FF6698C0000-0x00007FF669C11000-memory.dmp	upx
behavioral2/memory/2756-33-0x00007FF66B830000-0x00007FF66BB81000-memory.dmp	upx
behavioral2/memory/3208-29-0x00007FF7D0B50000-0x00007FF7D0EA1000-memory.dmp	upx
C:\Windows\System\GsINpos.exe	upx
behavioral2/memory/2844-14-0x00007FF62C010000-0x00007FF62C361000-memory.dmp	upx
behavioral2/memory/2896-1889-0x00007FF77D620000-0x00007FF77D971000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\OzgWykt.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\tSWlnvP.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\LmgtzAF.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\DStDHPf.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\IPzwGPW.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\eYERLuC.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\cfplORY.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\IEPxwJA.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\aCcFNlF.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\xdyuSKv.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\QDDkTUr.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\ZkGRtYw.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\gZpLhJc.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\OGCpboe.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\jogsYqR.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\CoYChhq.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\OzfnThU.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\HQiAHpU.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\tGWStSu.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\QmsEehc.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\iDJVikV.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\UGVoqls.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\wodYXcd.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\xNZzTlV.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\bVkcwuc.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\ixTdDeA.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\XMAsfse.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\fPiYnco.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\bHDKlBr.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\YfLHaTm.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\RBJhRVE.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\RsbJqDT.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\WMPLUoO.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\urooJtX.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\zqcKyJy.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\KtUmtky.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\fwxqRMZ.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\sAUQqba.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\qUPhnto.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\Hkftipp.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\wdBpAlV.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\reNmpBu.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\VprALRR.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\uvxXdVh.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\gCfiPSc.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\TkEgHxT.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\djyrFzV.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\RgpVBym.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\YMGtvIP.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\IBYJjrc.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\gtTHiOB.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\hZPdZoQ.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\xvTWwXb.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\NLvToTX.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\nWmdXZW.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\nwxcZMF.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\eyyzaJL.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\HRsUVvT.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\MKLkwUZ.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\bgkaAmQ.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\hjluzBG.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\kHYCrtv.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\dkrlVBv.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
File created	C:\Windows\System\HycQohF.exe	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

dwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

dwm.exe

description	pid	process
Token: SeCreateGlobalPrivilege	15324	dwm.exe
Token: SeChangeNotifyPrivilege	15324	dwm.exe
Token: 33	15324	dwm.exe
Token: SeIncBasePriorityPrivilege	15324	dwm.exe
Token: SeShutdownPrivilege	15324	dwm.exe
Token: SeCreatePagefilePrivilege	15324	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe

description	pid	process	target process
PID 2896 wrote to memory of 964	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	hAMjVlK.exe
PID 2896 wrote to memory of 964	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	hAMjVlK.exe
PID 2896 wrote to memory of 2844	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	GsINpos.exe
PID 2896 wrote to memory of 2844	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	GsINpos.exe
PID 2896 wrote to memory of 3208	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	oiuuPMD.exe
PID 2896 wrote to memory of 3208	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	oiuuPMD.exe
PID 2896 wrote to memory of 4396	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	qIOVSrT.exe
PID 2896 wrote to memory of 4396	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	qIOVSrT.exe
PID 2896 wrote to memory of 2756	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	gOwSSlO.exe
PID 2896 wrote to memory of 2756	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	gOwSSlO.exe
PID 2896 wrote to memory of 4580	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	bHaaGvx.exe
PID 2896 wrote to memory of 4580	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	bHaaGvx.exe
PID 2896 wrote to memory of 4716	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	hZPdZoQ.exe
PID 2896 wrote to memory of 4716	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	hZPdZoQ.exe
PID 2896 wrote to memory of 1484	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	RzFcWqr.exe
PID 2896 wrote to memory of 1484	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	RzFcWqr.exe
PID 2896 wrote to memory of 2620	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	dSUGbOx.exe
PID 2896 wrote to memory of 2620	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	dSUGbOx.exe
PID 2896 wrote to memory of 652	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	ixTdDeA.exe
PID 2896 wrote to memory of 652	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	ixTdDeA.exe
PID 2896 wrote to memory of 2040	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	sVHjSBe.exe
PID 2896 wrote to memory of 2040	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	sVHjSBe.exe
PID 2896 wrote to memory of 3928	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	IoVprgL.exe
PID 2896 wrote to memory of 3928	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	IoVprgL.exe
PID 2896 wrote to memory of 2912	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	CkyMIUR.exe
PID 2896 wrote to memory of 2912	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	CkyMIUR.exe
PID 2896 wrote to memory of 2668	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	BaKbTOs.exe
PID 2896 wrote to memory of 2668	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	BaKbTOs.exe
PID 2896 wrote to memory of 2032	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	HFgfonQ.exe
PID 2896 wrote to memory of 2032	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	HFgfonQ.exe
PID 2896 wrote to memory of 2692	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	kAugmDs.exe
PID 2896 wrote to memory of 2692	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	kAugmDs.exe
PID 2896 wrote to memory of 3508	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	LyyFEle.exe
PID 2896 wrote to memory of 3508	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	LyyFEle.exe
PID 2896 wrote to memory of 5108	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	IuWQMXy.exe
PID 2896 wrote to memory of 5108	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	IuWQMXy.exe
PID 2896 wrote to memory of 4772	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	eXLxtmE.exe
PID 2896 wrote to memory of 4772	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	eXLxtmE.exe
PID 2896 wrote to memory of 4832	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	eYnGWTP.exe
PID 2896 wrote to memory of 4832	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	eYnGWTP.exe
PID 2896 wrote to memory of 2232	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	JoOYgbt.exe
PID 2896 wrote to memory of 2232	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	JoOYgbt.exe
PID 2896 wrote to memory of 2384	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	SPWxnPw.exe
PID 2896 wrote to memory of 2384	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	SPWxnPw.exe
PID 2896 wrote to memory of 3984	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	iomGrBJ.exe
PID 2896 wrote to memory of 3984	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	iomGrBJ.exe
PID 2896 wrote to memory of 940	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	RCDijVb.exe
PID 2896 wrote to memory of 940	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	RCDijVb.exe
PID 2896 wrote to memory of 3608	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	ZKXbcGY.exe
PID 2896 wrote to memory of 3608	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	ZKXbcGY.exe
PID 2896 wrote to memory of 3656	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	FzUSzok.exe
PID 2896 wrote to memory of 3656	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	FzUSzok.exe
PID 2896 wrote to memory of 4812	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	OsRZPEX.exe
PID 2896 wrote to memory of 4812	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	OsRZPEX.exe
PID 2896 wrote to memory of 4924	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	juaKbJv.exe
PID 2896 wrote to memory of 4924	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	juaKbJv.exe
PID 2896 wrote to memory of 872	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	BKUZCvJ.exe
PID 2896 wrote to memory of 872	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	BKUZCvJ.exe
PID 2896 wrote to memory of 4240	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	ZKduMFA.exe
PID 2896 wrote to memory of 4240	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	ZKduMFA.exe
PID 2896 wrote to memory of 2328	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	ZPlVawt.exe
PID 2896 wrote to memory of 2328	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	ZPlVawt.exe
PID 2896 wrote to memory of 2944	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	wVdifAk.exe
PID 2896 wrote to memory of 2944	2896	4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe	wVdifAk.exe

C:\Users\Admin\AppData\Local\Temp\4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a752f14d3b4f122bab8199fcdb115f0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\System\hAMjVlK.exe
  C:\Windows\System\hAMjVlK.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\GsINpos.exe
  C:\Windows\System\GsINpos.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\oiuuPMD.exe
  C:\Windows\System\oiuuPMD.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\qIOVSrT.exe
  C:\Windows\System\qIOVSrT.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\gOwSSlO.exe
  C:\Windows\System\gOwSSlO.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\bHaaGvx.exe
  C:\Windows\System\bHaaGvx.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\hZPdZoQ.exe
  C:\Windows\System\hZPdZoQ.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\RzFcWqr.exe
  C:\Windows\System\RzFcWqr.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\dSUGbOx.exe
  C:\Windows\System\dSUGbOx.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\ixTdDeA.exe
  C:\Windows\System\ixTdDeA.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\sVHjSBe.exe
  C:\Windows\System\sVHjSBe.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\IoVprgL.exe
  C:\Windows\System\IoVprgL.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\CkyMIUR.exe
  C:\Windows\System\CkyMIUR.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\BaKbTOs.exe
  C:\Windows\System\BaKbTOs.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\HFgfonQ.exe
  C:\Windows\System\HFgfonQ.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\kAugmDs.exe
  C:\Windows\System\kAugmDs.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\LyyFEle.exe
  C:\Windows\System\LyyFEle.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\IuWQMXy.exe
  C:\Windows\System\IuWQMXy.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\eXLxtmE.exe
  C:\Windows\System\eXLxtmE.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\eYnGWTP.exe
  C:\Windows\System\eYnGWTP.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\JoOYgbt.exe
  C:\Windows\System\JoOYgbt.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\SPWxnPw.exe
  C:\Windows\System\SPWxnPw.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\iomGrBJ.exe
  C:\Windows\System\iomGrBJ.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\RCDijVb.exe
  C:\Windows\System\RCDijVb.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\ZKXbcGY.exe
  C:\Windows\System\ZKXbcGY.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\FzUSzok.exe
  C:\Windows\System\FzUSzok.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\OsRZPEX.exe
  C:\Windows\System\OsRZPEX.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\juaKbJv.exe
  C:\Windows\System\juaKbJv.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\BKUZCvJ.exe
  C:\Windows\System\BKUZCvJ.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\ZKduMFA.exe
  C:\Windows\System\ZKduMFA.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\ZPlVawt.exe
  C:\Windows\System\ZPlVawt.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\wVdifAk.exe
  C:\Windows\System\wVdifAk.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\xvTWwXb.exe
  C:\Windows\System\xvTWwXb.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\OGCpboe.exe
  C:\Windows\System\OGCpboe.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\TeaYmAp.exe
  C:\Windows\System\TeaYmAp.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\UnKZoIU.exe
  C:\Windows\System\UnKZoIU.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\ykWzQkR.exe
  C:\Windows\System\ykWzQkR.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\bxJbDlp.exe
  C:\Windows\System\bxJbDlp.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\GqIyTrD.exe
  C:\Windows\System\GqIyTrD.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\OzgWykt.exe
  C:\Windows\System\OzgWykt.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\LmBquhk.exe
  C:\Windows\System\LmBquhk.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\pYrMVpC.exe
  C:\Windows\System\pYrMVpC.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\tSWlnvP.exe
  C:\Windows\System\tSWlnvP.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\mcUInRf.exe
  C:\Windows\System\mcUInRf.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\xHVmQOD.exe
  C:\Windows\System\xHVmQOD.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\yOjzLyB.exe
  C:\Windows\System\yOjzLyB.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\fhWXkkH.exe
  C:\Windows\System\fhWXkkH.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\kSeXXhj.exe
  C:\Windows\System\kSeXXhj.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\YTpxhqP.exe
  C:\Windows\System\YTpxhqP.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\lbUFJpA.exe
  C:\Windows\System\lbUFJpA.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\jogsYqR.exe
  C:\Windows\System\jogsYqR.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\iDJVikV.exe
  C:\Windows\System\iDJVikV.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\NLvToTX.exe
  C:\Windows\System\NLvToTX.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\vbygqYl.exe
  C:\Windows\System\vbygqYl.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\QiEznhH.exe
  C:\Windows\System\QiEznhH.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\vBGQTRY.exe
  C:\Windows\System\vBGQTRY.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\KtbtvNS.exe
  C:\Windows\System\KtbtvNS.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\gCfiPSc.exe
  C:\Windows\System\gCfiPSc.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\rkRMyji.exe
  C:\Windows\System\rkRMyji.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\JNofXqx.exe
  C:\Windows\System\JNofXqx.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\WMPLUoO.exe
  C:\Windows\System\WMPLUoO.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\fXTOauW.exe
  C:\Windows\System\fXTOauW.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\NFTPHcn.exe
  C:\Windows\System\NFTPHcn.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\GGnvymT.exe
  C:\Windows\System\GGnvymT.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\okNRwoJ.exe
  C:\Windows\System\okNRwoJ.exe
  2⤵
  PID:1508
- C:\Windows\System\GzhIPyM.exe
  C:\Windows\System\GzhIPyM.exe
  2⤵
  PID:2052
- C:\Windows\System\xSCQrQe.exe
  C:\Windows\System\xSCQrQe.exe
  2⤵
  PID:2764
- C:\Windows\System\ZdlPHQV.exe
  C:\Windows\System\ZdlPHQV.exe
  2⤵
  PID:244
- C:\Windows\System\kEMpgxf.exe
  C:\Windows\System\kEMpgxf.exe
  2⤵
  PID:4528
- C:\Windows\System\ONPhJFe.exe
  C:\Windows\System\ONPhJFe.exe
  2⤵
  PID:4348
- C:\Windows\System\zJLDgrh.exe
  C:\Windows\System\zJLDgrh.exe
  2⤵
  PID:452
- C:\Windows\System\WYPnjXh.exe
  C:\Windows\System\WYPnjXh.exe
  2⤵
  PID:3668
- C:\Windows\System\gZOsnbt.exe
  C:\Windows\System\gZOsnbt.exe
  2⤵
  PID:5044
- C:\Windows\System\iPkSXXI.exe
  C:\Windows\System\iPkSXXI.exe
  2⤵
  PID:4344
- C:\Windows\System\ZZwInsX.exe
  C:\Windows\System\ZZwInsX.exe
  2⤵
  PID:5112
- C:\Windows\System\CpdQnAm.exe
  C:\Windows\System\CpdQnAm.exe
  2⤵
  PID:4028
- C:\Windows\System\ZVNGCDZ.exe
  C:\Windows\System\ZVNGCDZ.exe
  2⤵
  PID:904
- C:\Windows\System\DdvxNRZ.exe
  C:\Windows\System\DdvxNRZ.exe
  2⤵
  PID:1528
- C:\Windows\System\yCcbhug.exe
  C:\Windows\System\yCcbhug.exe
  2⤵
  PID:4480
- C:\Windows\System\GXDhfuf.exe
  C:\Windows\System\GXDhfuf.exe
  2⤵
  PID:1176
- C:\Windows\System\ppFcJLr.exe
  C:\Windows\System\ppFcJLr.exe
  2⤵
  PID:4920
- C:\Windows\System\xVRpvZj.exe
  C:\Windows\System\xVRpvZj.exe
  2⤵
  PID:3348
- C:\Windows\System\GhLzHrY.exe
  C:\Windows\System\GhLzHrY.exe
  2⤵
  PID:3992
- C:\Windows\System\tLDXRJx.exe
  C:\Windows\System\tLDXRJx.exe
  2⤵
  PID:3368
- C:\Windows\System\GwHtdit.exe
  C:\Windows\System\GwHtdit.exe
  2⤵
  PID:1592
- C:\Windows\System\MkmGTJE.exe
  C:\Windows\System\MkmGTJE.exe
  2⤵
  PID:5124
- C:\Windows\System\pEunYcs.exe
  C:\Windows\System\pEunYcs.exe
  2⤵
  PID:5144
- C:\Windows\System\viHMtdh.exe
  C:\Windows\System\viHMtdh.exe
  2⤵
  PID:5180
- C:\Windows\System\YQpczgH.exe
  C:\Windows\System\YQpczgH.exe
  2⤵
  PID:5284
- C:\Windows\System\zKxbxOi.exe
  C:\Windows\System\zKxbxOi.exe
  2⤵
  PID:5312
- C:\Windows\System\CoYChhq.exe
  C:\Windows\System\CoYChhq.exe
  2⤵
  PID:5456
- C:\Windows\System\RvuTqis.exe
  C:\Windows\System\RvuTqis.exe
  2⤵
  PID:5476
- C:\Windows\System\OydpwWR.exe
  C:\Windows\System\OydpwWR.exe
  2⤵
  PID:5492
- C:\Windows\System\LRrnAkY.exe
  C:\Windows\System\LRrnAkY.exe
  2⤵
  PID:5512
- C:\Windows\System\sOMCxuK.exe
  C:\Windows\System\sOMCxuK.exe
  2⤵
  PID:5532
- C:\Windows\System\bmuwnCn.exe
  C:\Windows\System\bmuwnCn.exe
  2⤵
  PID:5568
- C:\Windows\System\VjUqtbE.exe
  C:\Windows\System\VjUqtbE.exe
  2⤵
  PID:5604
- C:\Windows\System\eaEsnYK.exe
  C:\Windows\System\eaEsnYK.exe
  2⤵
  PID:5640
- C:\Windows\System\ZTrtsGG.exe
  C:\Windows\System\ZTrtsGG.exe
  2⤵
  PID:5660
- C:\Windows\System\XpWhuFz.exe
  C:\Windows\System\XpWhuFz.exe
  2⤵
  PID:5680
- C:\Windows\System\uRyUWHz.exe
  C:\Windows\System\uRyUWHz.exe
  2⤵
  PID:5704
- C:\Windows\System\fPiYnco.exe
  C:\Windows\System\fPiYnco.exe
  2⤵
  PID:5732
- C:\Windows\System\mAzMsQr.exe
  C:\Windows\System\mAzMsQr.exe
  2⤵
  PID:5760
- C:\Windows\System\sAUQqba.exe
  C:\Windows\System\sAUQqba.exe
  2⤵
  PID:5788
- C:\Windows\System\UGVoqls.exe
  C:\Windows\System\UGVoqls.exe
  2⤵
  PID:5840
- C:\Windows\System\EpcXRRn.exe
  C:\Windows\System\EpcXRRn.exe
  2⤵
  PID:5872
- C:\Windows\System\NpSwYna.exe
  C:\Windows\System\NpSwYna.exe
  2⤵
  PID:5904
- C:\Windows\System\OzfnThU.exe
  C:\Windows\System\OzfnThU.exe
  2⤵
  PID:5924
- C:\Windows\System\uIBHYDF.exe
  C:\Windows\System\uIBHYDF.exe
  2⤵
  PID:5960
- C:\Windows\System\arvZEEC.exe
  C:\Windows\System\arvZEEC.exe
  2⤵
  PID:5988
- C:\Windows\System\ieqZKkc.exe
  C:\Windows\System\ieqZKkc.exe
  2⤵
  PID:6008
- C:\Windows\System\pLtJPPT.exe
  C:\Windows\System\pLtJPPT.exe
  2⤵
  PID:6036
- C:\Windows\System\vOhjAlx.exe
  C:\Windows\System\vOhjAlx.exe
  2⤵
  PID:6064
- C:\Windows\System\PLMSFRg.exe
  C:\Windows\System\PLMSFRg.exe
  2⤵
  PID:6084
- C:\Windows\System\kmepktx.exe
  C:\Windows\System\kmepktx.exe
  2⤵
  PID:6108
- C:\Windows\System\lGppLWk.exe
  C:\Windows\System\lGppLWk.exe
  2⤵
  PID:3412
- C:\Windows\System\dljuuZU.exe
  C:\Windows\System\dljuuZU.exe
  2⤵
  PID:5008
- C:\Windows\System\mICrHWV.exe
  C:\Windows\System\mICrHWV.exe
  2⤵
  PID:3464
- C:\Windows\System\sIPUXjX.exe
  C:\Windows\System\sIPUXjX.exe
  2⤵
  PID:2196
- C:\Windows\System\OCYReQx.exe
  C:\Windows\System\OCYReQx.exe
  2⤵
  PID:4420
- C:\Windows\System\XBoWhhA.exe
  C:\Windows\System\XBoWhhA.exe
  2⤵
  PID:884
- C:\Windows\System\mzuAcsj.exe
  C:\Windows\System\mzuAcsj.exe
  2⤵
  PID:4296
- C:\Windows\System\ioEiQry.exe
  C:\Windows\System\ioEiQry.exe
  2⤵
  PID:3600
- C:\Windows\System\YwbZJih.exe
  C:\Windows\System\YwbZJih.exe
  2⤵
  PID:5092
- C:\Windows\System\oRVfNJh.exe
  C:\Windows\System\oRVfNJh.exe
  2⤵
  PID:2916
- C:\Windows\System\AMnnytm.exe
  C:\Windows\System\AMnnytm.exe
  2⤵
  PID:3200
- C:\Windows\System\wQfvTbq.exe
  C:\Windows\System\wQfvTbq.exe
  2⤵
  PID:4600
- C:\Windows\System\DSIzmzK.exe
  C:\Windows\System\DSIzmzK.exe
  2⤵
  PID:2456
- C:\Windows\System\UcijuBj.exe
  C:\Windows\System\UcijuBj.exe
  2⤵
  PID:5552
- C:\Windows\System\nkttSgu.exe
  C:\Windows\System\nkttSgu.exe
  2⤵
  PID:5596
- C:\Windows\System\cDCoTjt.exe
  C:\Windows\System\cDCoTjt.exe
  2⤵
  PID:5668
- C:\Windows\System\MSVYBqS.exe
  C:\Windows\System\MSVYBqS.exe
  2⤵
  PID:5696
- C:\Windows\System\yfPXiox.exe
  C:\Windows\System\yfPXiox.exe
  2⤵
  PID:5752
- C:\Windows\System\urooJtX.exe
  C:\Windows\System\urooJtX.exe
  2⤵
  PID:5772
- C:\Windows\System\VcQmlrN.exe
  C:\Windows\System\VcQmlrN.exe
  2⤵
  PID:5812
- C:\Windows\System\wWgZpTw.exe
  C:\Windows\System\wWgZpTw.exe
  2⤵
  PID:5376
- C:\Windows\System\PbMqCDc.exe
  C:\Windows\System\PbMqCDc.exe
  2⤵
  PID:5900
- C:\Windows\System\YDpqPUW.exe
  C:\Windows\System\YDpqPUW.exe
  2⤵
  PID:6052
- C:\Windows\System\IWfYEzy.exe
  C:\Windows\System\IWfYEzy.exe
  2⤵
  PID:6032
- C:\Windows\System\zKKvuqz.exe
  C:\Windows\System\zKKvuqz.exe
  2⤵
  PID:4252
- C:\Windows\System\XbPexFJ.exe
  C:\Windows\System\XbPexFJ.exe
  2⤵
  PID:5056
- C:\Windows\System\xEqvFCF.exe
  C:\Windows\System\xEqvFCF.exe
  2⤵
  PID:2688
- C:\Windows\System\yGwnteK.exe
  C:\Windows\System\yGwnteK.exe
  2⤵
  PID:2220
- C:\Windows\System\mnuEUlU.exe
  C:\Windows\System\mnuEUlU.exe
  2⤵
  PID:1988
- C:\Windows\System\cfaBJIH.exe
  C:\Windows\System\cfaBJIH.exe
  2⤵
  PID:5468
- C:\Windows\System\ItSiVHe.exe
  C:\Windows\System\ItSiVHe.exe
  2⤵
  PID:4736
- C:\Windows\System\hEzoJMm.exe
  C:\Windows\System\hEzoJMm.exe
  2⤵
  PID:5860
- C:\Windows\System\dtURHIe.exe
  C:\Windows\System\dtURHIe.exe
  2⤵
  PID:5848
- C:\Windows\System\pOyVTAP.exe
  C:\Windows\System\pOyVTAP.exe
  2⤵
  PID:6024
- C:\Windows\System\DJzgdQG.exe
  C:\Windows\System\DJzgdQG.exe
  2⤵
  PID:6096
- C:\Windows\System\TkEgHxT.exe
  C:\Windows\System\TkEgHxT.exe
  2⤵
  PID:4808
- C:\Windows\System\HQiAHpU.exe
  C:\Windows\System\HQiAHpU.exe
  2⤵
  PID:2184
- C:\Windows\System\LmgtzAF.exe
  C:\Windows\System\LmgtzAF.exe
  2⤵
  PID:5980
- C:\Windows\System\AOEiizG.exe
  C:\Windows\System\AOEiizG.exe
  2⤵
  PID:5744
- C:\Windows\System\nWmdXZW.exe
  C:\Windows\System\nWmdXZW.exe
  2⤵
  PID:2908
- C:\Windows\System\qUPhnto.exe
  C:\Windows\System\qUPhnto.exe
  2⤵
  PID:3236
- C:\Windows\System\VTJZnxG.exe
  C:\Windows\System\VTJZnxG.exe
  2⤵
  PID:2920
- C:\Windows\System\BEhEfqb.exe
  C:\Windows\System\BEhEfqb.exe
  2⤵
  PID:6148
- C:\Windows\System\WRExJeq.exe
  C:\Windows\System\WRExJeq.exe
  2⤵
  PID:6188
- C:\Windows\System\UQSmbLH.exe
  C:\Windows\System\UQSmbLH.exe
  2⤵
  PID:6212
- C:\Windows\System\BzyGEJM.exe
  C:\Windows\System\BzyGEJM.exe
  2⤵
  PID:6232
- C:\Windows\System\tYmVMHu.exe
  C:\Windows\System\tYmVMHu.exe
  2⤵
  PID:6252
- C:\Windows\System\AGYtNyo.exe
  C:\Windows\System\AGYtNyo.exe
  2⤵
  PID:6280
- C:\Windows\System\GGmptIq.exe
  C:\Windows\System\GGmptIq.exe
  2⤵
  PID:6308
- C:\Windows\System\bHIDtbS.exe
  C:\Windows\System\bHIDtbS.exe
  2⤵
  PID:6332
- C:\Windows\System\fhRKFwK.exe
  C:\Windows\System\fhRKFwK.exe
  2⤵
  PID:6356
- C:\Windows\System\GufTwXu.exe
  C:\Windows\System\GufTwXu.exe
  2⤵
  PID:6380
- C:\Windows\System\bHDKlBr.exe
  C:\Windows\System\bHDKlBr.exe
  2⤵
  PID:6400
- C:\Windows\System\dufqjLq.exe
  C:\Windows\System\dufqjLq.exe
  2⤵
  PID:6428
- C:\Windows\System\VgUUNeG.exe
  C:\Windows\System\VgUUNeG.exe
  2⤵
  PID:6452
- C:\Windows\System\XBNNxmR.exe
  C:\Windows\System\XBNNxmR.exe
  2⤵
  PID:6476
- C:\Windows\System\KGGeMaV.exe
  C:\Windows\System\KGGeMaV.exe
  2⤵
  PID:6500
- C:\Windows\System\gXFzdjp.exe
  C:\Windows\System\gXFzdjp.exe
  2⤵
  PID:6548
- C:\Windows\System\XMAsfse.exe
  C:\Windows\System\XMAsfse.exe
  2⤵
  PID:6564
- C:\Windows\System\CVjgyJk.exe
  C:\Windows\System\CVjgyJk.exe
  2⤵
  PID:6584
- C:\Windows\System\xeYilGA.exe
  C:\Windows\System\xeYilGA.exe
  2⤵
  PID:6608
- C:\Windows\System\FFfGoSL.exe
  C:\Windows\System\FFfGoSL.exe
  2⤵
  PID:6632
- C:\Windows\System\Hkftipp.exe
  C:\Windows\System\Hkftipp.exe
  2⤵
  PID:6652
- C:\Windows\System\sauekEx.exe
  C:\Windows\System\sauekEx.exe
  2⤵
  PID:6716
- C:\Windows\System\toTdivO.exe
  C:\Windows\System\toTdivO.exe
  2⤵
  PID:6740
- C:\Windows\System\DKvLTHe.exe
  C:\Windows\System\DKvLTHe.exe
  2⤵
  PID:6756
- C:\Windows\System\NlYHeeJ.exe
  C:\Windows\System\NlYHeeJ.exe
  2⤵
  PID:6800
- C:\Windows\System\hefulSt.exe
  C:\Windows\System\hefulSt.exe
  2⤵
  PID:6820
- C:\Windows\System\jkshCVD.exe
  C:\Windows\System\jkshCVD.exe
  2⤵
  PID:6856
- C:\Windows\System\MIpwRsF.exe
  C:\Windows\System\MIpwRsF.exe
  2⤵
  PID:6908
- C:\Windows\System\ZSxxWVX.exe
  C:\Windows\System\ZSxxWVX.exe
  2⤵
  PID:6924
- C:\Windows\System\igqnGDy.exe
  C:\Windows\System\igqnGDy.exe
  2⤵
  PID:6992
- C:\Windows\System\QmewxXB.exe
  C:\Windows\System\QmewxXB.exe
  2⤵
  PID:7020
- C:\Windows\System\InjyetY.exe
  C:\Windows\System\InjyetY.exe
  2⤵
  PID:7044
- C:\Windows\System\oRApAVI.exe
  C:\Windows\System\oRApAVI.exe
  2⤵
  PID:7072
- C:\Windows\System\ijrclUk.exe
  C:\Windows\System\ijrclUk.exe
  2⤵
  PID:7092
- C:\Windows\System\kDjZWMy.exe
  C:\Windows\System\kDjZWMy.exe
  2⤵
  PID:7112
- C:\Windows\System\vvlyWnR.exe
  C:\Windows\System\vvlyWnR.exe
  2⤵
  PID:7144
- C:\Windows\System\vXUOoGC.exe
  C:\Windows\System\vXUOoGC.exe
  2⤵
  PID:5264
- C:\Windows\System\ZPojzll.exe
  C:\Windows\System\ZPojzll.exe
  2⤵
  PID:5896
- C:\Windows\System\uzOHKZW.exe
  C:\Windows\System\uzOHKZW.exe
  2⤵
  PID:6224
- C:\Windows\System\ToFMFbx.exe
  C:\Windows\System\ToFMFbx.exe
  2⤵
  PID:6244
- C:\Windows\System\ylkoUGe.exe
  C:\Windows\System\ylkoUGe.exe
  2⤵
  PID:6272
- C:\Windows\System\IEPxwJA.exe
  C:\Windows\System\IEPxwJA.exe
  2⤵
  PID:6288
- C:\Windows\System\VloKTTI.exe
  C:\Windows\System\VloKTTI.exe
  2⤵
  PID:6388
- C:\Windows\System\GUAIiDG.exe
  C:\Windows\System\GUAIiDG.exe
  2⤵
  PID:5224
- C:\Windows\System\wodYXcd.exe
  C:\Windows\System\wodYXcd.exe
  2⤵
  PID:6512
- C:\Windows\System\tGWStSu.exe
  C:\Windows\System\tGWStSu.exe
  2⤵
  PID:6600
- C:\Windows\System\RjEOWqz.exe
  C:\Windows\System\RjEOWqz.exe
  2⤵
  PID:6732
- C:\Windows\System\CHAFgkj.exe
  C:\Windows\System\CHAFgkj.exe
  2⤵
  PID:6768
- C:\Windows\System\TLhOXZl.exe
  C:\Windows\System\TLhOXZl.exe
  2⤵
  PID:6816
- C:\Windows\System\KJGkuNc.exe
  C:\Windows\System\KJGkuNc.exe
  2⤵
  PID:6876
- C:\Windows\System\pkkOZPJ.exe
  C:\Windows\System\pkkOZPJ.exe
  2⤵
  PID:6904
- C:\Windows\System\zqcKyJy.exe
  C:\Windows\System\zqcKyJy.exe
  2⤵
  PID:7032
- C:\Windows\System\JsLwAcl.exe
  C:\Windows\System\JsLwAcl.exe
  2⤵
  PID:7060
- C:\Windows\System\xNZzTlV.exe
  C:\Windows\System\xNZzTlV.exe
  2⤵
  PID:7128
- C:\Windows\System\RSWYcKK.exe
  C:\Windows\System\RSWYcKK.exe
  2⤵
  PID:5228
- C:\Windows\System\idRHMyh.exe
  C:\Windows\System\idRHMyh.exe
  2⤵
  PID:5252
- C:\Windows\System\uNGSJoE.exe
  C:\Windows\System\uNGSJoE.exe
  2⤵
  PID:6376
- C:\Windows\System\djyrFzV.exe
  C:\Windows\System\djyrFzV.exe
  2⤵
  PID:6576
- C:\Windows\System\RvEPdZc.exe
  C:\Windows\System\RvEPdZc.exe
  2⤵
  PID:6648
- C:\Windows\System\WooHfle.exe
  C:\Windows\System\WooHfle.exe
  2⤵
  PID:6848
- C:\Windows\System\OgakrJG.exe
  C:\Windows\System\OgakrJG.exe
  2⤵
  PID:7052
- C:\Windows\System\nSYbxxT.exe
  C:\Windows\System\nSYbxxT.exe
  2⤵
  PID:7108
- C:\Windows\System\IUZseRT.exe
  C:\Windows\System\IUZseRT.exe
  2⤵
  PID:6340
- C:\Windows\System\infzmTU.exe
  C:\Windows\System\infzmTU.exe
  2⤵
  PID:6448
- C:\Windows\System\jPFCYld.exe
  C:\Windows\System\jPFCYld.exe
  2⤵
  PID:6868
- C:\Windows\System\djNccYO.exe
  C:\Windows\System\djNccYO.exe
  2⤵
  PID:6444
- C:\Windows\System\HQZhvMP.exe
  C:\Windows\System\HQZhvMP.exe
  2⤵
  PID:6932
- C:\Windows\System\sWtfFUL.exe
  C:\Windows\System\sWtfFUL.exe
  2⤵
  PID:7208
- C:\Windows\System\NUCUQrA.exe
  C:\Windows\System\NUCUQrA.exe
  2⤵
  PID:7240
- C:\Windows\System\DStDHPf.exe
  C:\Windows\System\DStDHPf.exe
  2⤵
  PID:7264
- C:\Windows\System\VGwpPlQ.exe
  C:\Windows\System\VGwpPlQ.exe
  2⤵
  PID:7284
- C:\Windows\System\baBpzZa.exe
  C:\Windows\System\baBpzZa.exe
  2⤵
  PID:7316
- C:\Windows\System\DydQAeD.exe
  C:\Windows\System\DydQAeD.exe
  2⤵
  PID:7340
- C:\Windows\System\vHgvKYN.exe
  C:\Windows\System\vHgvKYN.exe
  2⤵
  PID:7368
- C:\Windows\System\RgpVBym.exe
  C:\Windows\System\RgpVBym.exe
  2⤵
  PID:7412
- C:\Windows\System\yZJpXrg.exe
  C:\Windows\System\yZJpXrg.exe
  2⤵
  PID:7436
- C:\Windows\System\AEvfKuN.exe
  C:\Windows\System\AEvfKuN.exe
  2⤵
  PID:7464
- C:\Windows\System\bDrQvBV.exe
  C:\Windows\System\bDrQvBV.exe
  2⤵
  PID:7492
- C:\Windows\System\tgaOgIh.exe
  C:\Windows\System\tgaOgIh.exe
  2⤵
  PID:7512
- C:\Windows\System\dAsqKXZ.exe
  C:\Windows\System\dAsqKXZ.exe
  2⤵
  PID:7548
- C:\Windows\System\jFijxJZ.exe
  C:\Windows\System\jFijxJZ.exe
  2⤵
  PID:7568
- C:\Windows\System\VZantZz.exe
  C:\Windows\System\VZantZz.exe
  2⤵
  PID:7608
- C:\Windows\System\jailave.exe
  C:\Windows\System\jailave.exe
  2⤵
  PID:7632
- C:\Windows\System\wHBVzdY.exe
  C:\Windows\System\wHBVzdY.exe
  2⤵
  PID:7660
- C:\Windows\System\hDuTXEb.exe
  C:\Windows\System\hDuTXEb.exe
  2⤵
  PID:7688
- C:\Windows\System\hwOwgiq.exe
  C:\Windows\System\hwOwgiq.exe
  2⤵
  PID:7716
- C:\Windows\System\NJuOfhU.exe
  C:\Windows\System\NJuOfhU.exe
  2⤵
  PID:7744
- C:\Windows\System\bsReVNd.exe
  C:\Windows\System\bsReVNd.exe
  2⤵
  PID:7772
- C:\Windows\System\wdXcLDF.exe
  C:\Windows\System\wdXcLDF.exe
  2⤵
  PID:7788
- C:\Windows\System\hnpBOnG.exe
  C:\Windows\System\hnpBOnG.exe
  2⤵
  PID:7812
- C:\Windows\System\TIUHSLp.exe
  C:\Windows\System\TIUHSLp.exe
  2⤵
  PID:7864
- C:\Windows\System\NIMKXwK.exe
  C:\Windows\System\NIMKXwK.exe
  2⤵
  PID:7888
- C:\Windows\System\fzLwnaX.exe
  C:\Windows\System\fzLwnaX.exe
  2⤵
  PID:7916
- C:\Windows\System\NPXroLo.exe
  C:\Windows\System\NPXroLo.exe
  2⤵
  PID:7936
- C:\Windows\System\UJTzQKn.exe
  C:\Windows\System\UJTzQKn.exe
  2⤵
  PID:7976
- C:\Windows\System\KLXLfpR.exe
  C:\Windows\System\KLXLfpR.exe
  2⤵
  PID:7992
- C:\Windows\System\kRzUkrG.exe
  C:\Windows\System\kRzUkrG.exe
  2⤵
  PID:8008
- C:\Windows\System\dlpSRuB.exe
  C:\Windows\System\dlpSRuB.exe
  2⤵
  PID:8024
- C:\Windows\System\WOeeqlf.exe
  C:\Windows\System\WOeeqlf.exe
  2⤵
  PID:8064
- C:\Windows\System\LuAlEHV.exe
  C:\Windows\System\LuAlEHV.exe
  2⤵
  PID:8088
- C:\Windows\System\AAqRbve.exe
  C:\Windows\System\AAqRbve.exe
  2⤵
  PID:8124
- C:\Windows\System\YMGtvIP.exe
  C:\Windows\System\YMGtvIP.exe
  2⤵
  PID:8172
- C:\Windows\System\VIgdlrm.exe
  C:\Windows\System\VIgdlrm.exe
  2⤵
  PID:7252
- C:\Windows\System\aWmnEyx.exe
  C:\Windows\System\aWmnEyx.exe
  2⤵
  PID:7324
- C:\Windows\System\aCcFNlF.exe
  C:\Windows\System\aCcFNlF.exe
  2⤵
  PID:7456
- C:\Windows\System\ajylFwS.exe
  C:\Windows\System\ajylFwS.exe
  2⤵
  PID:7500
- C:\Windows\System\vzsldKF.exe
  C:\Windows\System\vzsldKF.exe
  2⤵
  PID:7556
- C:\Windows\System\tFVQdaY.exe
  C:\Windows\System\tFVQdaY.exe
  2⤵
  PID:7684
- C:\Windows\System\ivQNkUV.exe
  C:\Windows\System\ivQNkUV.exe
  2⤵
  PID:7736
- C:\Windows\System\EGcPGFj.exe
  C:\Windows\System\EGcPGFj.exe
  2⤵
  PID:7140
- C:\Windows\System\zfzfFsu.exe
  C:\Windows\System\zfzfFsu.exe
  2⤵
  PID:7808
- C:\Windows\System\goYbjxe.exe
  C:\Windows\System\goYbjxe.exe
  2⤵
  PID:7856
- C:\Windows\System\qRSGkFP.exe
  C:\Windows\System\qRSGkFP.exe
  2⤵
  PID:7896
- C:\Windows\System\lElaOpN.exe
  C:\Windows\System\lElaOpN.exe
  2⤵
  PID:7932
- C:\Windows\System\CECvicQ.exe
  C:\Windows\System\CECvicQ.exe
  2⤵
  PID:7972
- C:\Windows\System\WPnTqtg.exe
  C:\Windows\System\WPnTqtg.exe
  2⤵
  PID:8104
- C:\Windows\System\AnrWLxu.exe
  C:\Windows\System\AnrWLxu.exe
  2⤵
  PID:8164
- C:\Windows\System\ErOJxxl.exe
  C:\Windows\System\ErOJxxl.exe
  2⤵
  PID:7356
- C:\Windows\System\pgaragF.exe
  C:\Windows\System\pgaragF.exe
  2⤵
  PID:7704
- C:\Windows\System\BCrQmkF.exe
  C:\Windows\System\BCrQmkF.exe
  2⤵
  PID:7304
- C:\Windows\System\phhtszE.exe
  C:\Windows\System\phhtszE.exe
  2⤵
  PID:7532
- C:\Windows\System\cSWKofi.exe
  C:\Windows\System\cSWKofi.exe
  2⤵
  PID:7444
- C:\Windows\System\ZspxnsS.exe
  C:\Windows\System\ZspxnsS.exe
  2⤵
  PID:8004
- C:\Windows\System\tpqdkAO.exe
  C:\Windows\System\tpqdkAO.exe
  2⤵
  PID:7272
- C:\Windows\System\PbINhhr.exe
  C:\Windows\System\PbINhhr.exe
  2⤵
  PID:7300
- C:\Windows\System\IbkwcwV.exe
  C:\Windows\System\IbkwcwV.exe
  2⤵
  PID:7180
- C:\Windows\System\uMErjGt.exe
  C:\Windows\System\uMErjGt.exe
  2⤵
  PID:7560
- C:\Windows\System\Fclrpgf.exe
  C:\Windows\System\Fclrpgf.exe
  2⤵
  PID:7784
- C:\Windows\System\SZyxnWz.exe
  C:\Windows\System\SZyxnWz.exe
  2⤵
  PID:7200
- C:\Windows\System\glvMBLc.exe
  C:\Windows\System\glvMBLc.exe
  2⤵
  PID:8232
- C:\Windows\System\MKLkwUZ.exe
  C:\Windows\System\MKLkwUZ.exe
  2⤵
  PID:8252
- C:\Windows\System\wdBpAlV.exe
  C:\Windows\System\wdBpAlV.exe
  2⤵
  PID:8276
- C:\Windows\System\ctSedOn.exe
  C:\Windows\System\ctSedOn.exe
  2⤵
  PID:8300
- C:\Windows\System\fIsoqTL.exe
  C:\Windows\System\fIsoqTL.exe
  2⤵
  PID:8328
- C:\Windows\System\kPXXXTI.exe
  C:\Windows\System\kPXXXTI.exe
  2⤵
  PID:8348
- C:\Windows\System\oIuuKEP.exe
  C:\Windows\System\oIuuKEP.exe
  2⤵
  PID:8404
- C:\Windows\System\PHRIiek.exe
  C:\Windows\System\PHRIiek.exe
  2⤵
  PID:8440
- C:\Windows\System\bYOXGej.exe
  C:\Windows\System\bYOXGej.exe
  2⤵
  PID:8468
- C:\Windows\System\lGGQRYZ.exe
  C:\Windows\System\lGGQRYZ.exe
  2⤵
  PID:8492
- C:\Windows\System\nwxcZMF.exe
  C:\Windows\System\nwxcZMF.exe
  2⤵
  PID:8512
- C:\Windows\System\eFKCuVu.exe
  C:\Windows\System\eFKCuVu.exe
  2⤵
  PID:8532
- C:\Windows\System\ZzADYHX.exe
  C:\Windows\System\ZzADYHX.exe
  2⤵
  PID:8576
- C:\Windows\System\FGQTGkM.exe
  C:\Windows\System\FGQTGkM.exe
  2⤵
  PID:8596
- C:\Windows\System\gupnrzv.exe
  C:\Windows\System\gupnrzv.exe
  2⤵
  PID:8636
- C:\Windows\System\jJJTMdD.exe
  C:\Windows\System\jJJTMdD.exe
  2⤵
  PID:8660
- C:\Windows\System\RIRPVVd.exe
  C:\Windows\System\RIRPVVd.exe
  2⤵
  PID:8688
- C:\Windows\System\eoDDjtR.exe
  C:\Windows\System\eoDDjtR.exe
  2⤵
  PID:8708
- C:\Windows\System\PwBtAFw.exe
  C:\Windows\System\PwBtAFw.exe
  2⤵
  PID:8744
- C:\Windows\System\FArkEnu.exe
  C:\Windows\System\FArkEnu.exe
  2⤵
  PID:8764
- C:\Windows\System\dDxCEYN.exe
  C:\Windows\System\dDxCEYN.exe
  2⤵
  PID:8784
- C:\Windows\System\peSTvko.exe
  C:\Windows\System\peSTvko.exe
  2⤵
  PID:8812
- C:\Windows\System\xwGZPuy.exe
  C:\Windows\System\xwGZPuy.exe
  2⤵
  PID:8836
- C:\Windows\System\zVjNjCj.exe
  C:\Windows\System\zVjNjCj.exe
  2⤵
  PID:8856
- C:\Windows\System\WUDEIST.exe
  C:\Windows\System\WUDEIST.exe
  2⤵
  PID:8880
- C:\Windows\System\UanRWMp.exe
  C:\Windows\System\UanRWMp.exe
  2⤵
  PID:8920
- C:\Windows\System\aCUUEtZ.exe
  C:\Windows\System\aCUUEtZ.exe
  2⤵
  PID:8964
- C:\Windows\System\fhVmtKd.exe
  C:\Windows\System\fhVmtKd.exe
  2⤵
  PID:8980
- C:\Windows\System\ODrtHWj.exe
  C:\Windows\System\ODrtHWj.exe
  2⤵
  PID:9008
- C:\Windows\System\XjluMmF.exe
  C:\Windows\System\XjluMmF.exe
  2⤵
  PID:9032
- C:\Windows\System\eVbjERT.exe
  C:\Windows\System\eVbjERT.exe
  2⤵
  PID:9052
- C:\Windows\System\RtyviGn.exe
  C:\Windows\System\RtyviGn.exe
  2⤵
  PID:9084
- C:\Windows\System\wTEoDOB.exe
  C:\Windows\System\wTEoDOB.exe
  2⤵
  PID:9140
- C:\Windows\System\evkGHxp.exe
  C:\Windows\System\evkGHxp.exe
  2⤵
  PID:9164
- C:\Windows\System\nNZqtFp.exe
  C:\Windows\System\nNZqtFp.exe
  2⤵
  PID:9184
- C:\Windows\System\siPeCTT.exe
  C:\Windows\System\siPeCTT.exe
  2⤵
  PID:9204
- C:\Windows\System\SCndzBO.exe
  C:\Windows\System\SCndzBO.exe
  2⤵
  PID:8220
- C:\Windows\System\RMEVNWQ.exe
  C:\Windows\System\RMEVNWQ.exe
  2⤵
  PID:8244
- C:\Windows\System\PWaBCgX.exe
  C:\Windows\System\PWaBCgX.exe
  2⤵
  PID:8268
- C:\Windows\System\vqhrwxT.exe
  C:\Windows\System\vqhrwxT.exe
  2⤵
  PID:8436
- C:\Windows\System\ZpjFARL.exe
  C:\Windows\System\ZpjFARL.exe
  2⤵
  PID:8484
- C:\Windows\System\kyCXjWv.exe
  C:\Windows\System\kyCXjWv.exe
  2⤵
  PID:8548
- C:\Windows\System\EKsHuKM.exe
  C:\Windows\System\EKsHuKM.exe
  2⤵
  PID:8592
- C:\Windows\System\mHlNZfb.exe
  C:\Windows\System\mHlNZfb.exe
  2⤵
  PID:8652
- C:\Windows\System\tdFvYrl.exe
  C:\Windows\System\tdFvYrl.exe
  2⤵
  PID:8732
- C:\Windows\System\hHbryWN.exe
  C:\Windows\System\hHbryWN.exe
  2⤵
  PID:8792
- C:\Windows\System\IPzwGPW.exe
  C:\Windows\System\IPzwGPW.exe
  2⤵
  PID:8912
- C:\Windows\System\cHYOGTJ.exe
  C:\Windows\System\cHYOGTJ.exe
  2⤵
  PID:8916
- C:\Windows\System\djhMLWd.exe
  C:\Windows\System\djhMLWd.exe
  2⤵
  PID:8952
- C:\Windows\System\dxTKAKX.exe
  C:\Windows\System\dxTKAKX.exe
  2⤵
  PID:9016
- C:\Windows\System\xVLuYqO.exe
  C:\Windows\System\xVLuYqO.exe
  2⤵
  PID:9072
- C:\Windows\System\xdyuSKv.exe
  C:\Windows\System\xdyuSKv.exe
  2⤵
  PID:9180
- C:\Windows\System\pPPmndq.exe
  C:\Windows\System\pPPmndq.exe
  2⤵
  PID:7528
- C:\Windows\System\BhfWGFz.exe
  C:\Windows\System\BhfWGFz.exe
  2⤵
  PID:8376
- C:\Windows\System\vVUEvRm.exe
  C:\Windows\System\vVUEvRm.exe
  2⤵
  PID:8400
- C:\Windows\System\xdOFsHw.exe
  C:\Windows\System\xdOFsHw.exe
  2⤵
  PID:8528
- C:\Windows\System\KYLZuEm.exe
  C:\Windows\System\KYLZuEm.exe
  2⤵
  PID:8776
- C:\Windows\System\nONChLo.exe
  C:\Windows\System\nONChLo.exe
  2⤵
  PID:7908
- C:\Windows\System\cVEczoN.exe
  C:\Windows\System\cVEczoN.exe
  2⤵
  PID:9076
- C:\Windows\System\yMpoTCG.exe
  C:\Windows\System\yMpoTCG.exe
  2⤵
  PID:8212
- C:\Windows\System\cKMoSnF.exe
  C:\Windows\System\cKMoSnF.exe
  2⤵
  PID:8312
- C:\Windows\System\swlTyWb.exe
  C:\Windows\System\swlTyWb.exe
  2⤵
  PID:9000
- C:\Windows\System\qqnGkGg.exe
  C:\Windows\System\qqnGkGg.exe
  2⤵
  PID:8464
- C:\Windows\System\kTwhswD.exe
  C:\Windows\System\kTwhswD.exe
  2⤵
  PID:7204
- C:\Windows\System\jbjQJAq.exe
  C:\Windows\System\jbjQJAq.exe
  2⤵
  PID:9228
- C:\Windows\System\AtFVUJI.exe
  C:\Windows\System\AtFVUJI.exe
  2⤵
  PID:9260
- C:\Windows\System\YfLHaTm.exe
  C:\Windows\System\YfLHaTm.exe
  2⤵
  PID:9284
- C:\Windows\System\RYhfGYn.exe
  C:\Windows\System\RYhfGYn.exe
  2⤵
  PID:9332
- C:\Windows\System\pviXYfw.exe
  C:\Windows\System\pviXYfw.exe
  2⤵
  PID:9352
- C:\Windows\System\zHnZtHU.exe
  C:\Windows\System\zHnZtHU.exe
  2⤵
  PID:9392
- C:\Windows\System\wLWBtmZ.exe
  C:\Windows\System\wLWBtmZ.exe
  2⤵
  PID:9408
- C:\Windows\System\gIPPmrA.exe
  C:\Windows\System\gIPPmrA.exe
  2⤵
  PID:9428
- C:\Windows\System\UUxcVmn.exe
  C:\Windows\System\UUxcVmn.exe
  2⤵
  PID:9456
- C:\Windows\System\TieJiAq.exe
  C:\Windows\System\TieJiAq.exe
  2⤵
  PID:9484
- C:\Windows\System\kPStEvx.exe
  C:\Windows\System\kPStEvx.exe
  2⤵
  PID:9512
- C:\Windows\System\FtLnPFM.exe
  C:\Windows\System\FtLnPFM.exe
  2⤵
  PID:9548
- C:\Windows\System\JYVgNNy.exe
  C:\Windows\System\JYVgNNy.exe
  2⤵
  PID:9572
- C:\Windows\System\pwLExqe.exe
  C:\Windows\System\pwLExqe.exe
  2⤵
  PID:9592
- C:\Windows\System\suuzgap.exe
  C:\Windows\System\suuzgap.exe
  2⤵
  PID:9624
- C:\Windows\System\QoBweNw.exe
  C:\Windows\System\QoBweNw.exe
  2⤵
  PID:9652
- C:\Windows\System\dGGkEAn.exe
  C:\Windows\System\dGGkEAn.exe
  2⤵
  PID:9676
- C:\Windows\System\ookAxuO.exe
  C:\Windows\System\ookAxuO.exe
  2⤵
  PID:9696
- C:\Windows\System\CWpxTXT.exe
  C:\Windows\System\CWpxTXT.exe
  2⤵
  PID:9728
- C:\Windows\System\AyocpNa.exe
  C:\Windows\System\AyocpNa.exe
  2⤵
  PID:9748
- C:\Windows\System\bgkaAmQ.exe
  C:\Windows\System\bgkaAmQ.exe
  2⤵
  PID:9812
- C:\Windows\System\CfXBIWc.exe
  C:\Windows\System\CfXBIWc.exe
  2⤵
  PID:9840
- C:\Windows\System\aNnlYPX.exe
  C:\Windows\System\aNnlYPX.exe
  2⤵
  PID:9860
- C:\Windows\System\SgIXEjo.exe
  C:\Windows\System\SgIXEjo.exe
  2⤵
  PID:9880
- C:\Windows\System\uszIBeC.exe
  C:\Windows\System\uszIBeC.exe
  2⤵
  PID:9908
- C:\Windows\System\jZtIDhv.exe
  C:\Windows\System\jZtIDhv.exe
  2⤵
  PID:9940
- C:\Windows\System\URBIidM.exe
  C:\Windows\System\URBIidM.exe
  2⤵
  PID:9960
- C:\Windows\System\gAlzLrZ.exe
  C:\Windows\System\gAlzLrZ.exe
  2⤵
  PID:10004
- C:\Windows\System\kpLlRdD.exe
  C:\Windows\System\kpLlRdD.exe
  2⤵
  PID:10028
- C:\Windows\System\vgATqtO.exe
  C:\Windows\System\vgATqtO.exe
  2⤵
  PID:10068
- C:\Windows\System\ZYNJpIS.exe
  C:\Windows\System\ZYNJpIS.exe
  2⤵
  PID:10088
- C:\Windows\System\BdfDCHL.exe
  C:\Windows\System\BdfDCHL.exe
  2⤵
  PID:10112
- C:\Windows\System\HtQqjIw.exe
  C:\Windows\System\HtQqjIw.exe
  2⤵
  PID:10136
- C:\Windows\System\pdVQrZR.exe
  C:\Windows\System\pdVQrZR.exe
  2⤵
  PID:10160
- C:\Windows\System\vTfiPkg.exe
  C:\Windows\System\vTfiPkg.exe
  2⤵
  PID:10188
- C:\Windows\System\KtUmtky.exe
  C:\Windows\System\KtUmtky.exe
  2⤵
  PID:10208
- C:\Windows\System\difHMnW.exe
  C:\Windows\System\difHMnW.exe
  2⤵
  PID:10228
- C:\Windows\System\wjwloGy.exe
  C:\Windows\System\wjwloGy.exe
  2⤵
  PID:9220
- C:\Windows\System\BEBOJma.exe
  C:\Windows\System\BEBOJma.exe
  2⤵
  PID:9280
- C:\Windows\System\vnoVZzk.exe
  C:\Windows\System\vnoVZzk.exe
  2⤵
  PID:9340
- C:\Windows\System\AEBGFQT.exe
  C:\Windows\System\AEBGFQT.exe
  2⤵
  PID:9388
- C:\Windows\System\bmArtkT.exe
  C:\Windows\System\bmArtkT.exe
  2⤵
  PID:9476
- C:\Windows\System\DersdkP.exe
  C:\Windows\System\DersdkP.exe
  2⤵
  PID:9532
- C:\Windows\System\FhnbCaZ.exe
  C:\Windows\System\FhnbCaZ.exe
  2⤵
  PID:9612
- C:\Windows\System\RBJhRVE.exe
  C:\Windows\System\RBJhRVE.exe
  2⤵
  PID:9660
- C:\Windows\System\LOANlTv.exe
  C:\Windows\System\LOANlTv.exe
  2⤵
  PID:9800
- C:\Windows\System\aAivVgL.exe
  C:\Windows\System\aAivVgL.exe
  2⤵
  PID:9888
- C:\Windows\System\PBiTfnW.exe
  C:\Windows\System\PBiTfnW.exe
  2⤵
  PID:9976
- C:\Windows\System\FKWfvhs.exe
  C:\Windows\System\FKWfvhs.exe
  2⤵
  PID:10020
- C:\Windows\System\OrnQpKo.exe
  C:\Windows\System\OrnQpKo.exe
  2⤵
  PID:10064
- C:\Windows\System\AqsoIkm.exe
  C:\Windows\System\AqsoIkm.exe
  2⤵
  PID:10128
- C:\Windows\System\hcIhVSC.exe
  C:\Windows\System\hcIhVSC.exe
  2⤵
  PID:10200
- C:\Windows\System\AdrtGok.exe
  C:\Windows\System\AdrtGok.exe
  2⤵
  PID:9384
- C:\Windows\System\ahMLVnA.exe
  C:\Windows\System\ahMLVnA.exe
  2⤵
  PID:9464
- C:\Windows\System\OhQGJac.exe
  C:\Windows\System\OhQGJac.exe
  2⤵
  PID:9540
- C:\Windows\System\AUPFLAj.exe
  C:\Windows\System\AUPFLAj.exe
  2⤵
  PID:9668
- C:\Windows\System\BSpOqvN.exe
  C:\Windows\System\BSpOqvN.exe
  2⤵
  PID:9916
- C:\Windows\System\IadtjmM.exe
  C:\Windows\System\IadtjmM.exe
  2⤵
  PID:10172
- C:\Windows\System\wGQopif.exe
  C:\Windows\System\wGQopif.exe
  2⤵
  PID:10152
- C:\Windows\System\reNmpBu.exe
  C:\Windows\System\reNmpBu.exe
  2⤵
  PID:9324
- C:\Windows\System\iLDttCN.exe
  C:\Windows\System\iLDttCN.exe
  2⤵
  PID:9984
- C:\Windows\System\GbrEcfj.exe
  C:\Windows\System\GbrEcfj.exe
  2⤵
  PID:10244
- C:\Windows\System\eGTQLrt.exe
  C:\Windows\System\eGTQLrt.exe
  2⤵
  PID:10264
- C:\Windows\System\LIrNLMP.exe
  C:\Windows\System\LIrNLMP.exe
  2⤵
  PID:10316
- C:\Windows\System\KQXmmbj.exe
  C:\Windows\System\KQXmmbj.exe
  2⤵
  PID:10336
- C:\Windows\System\tWNUtoE.exe
  C:\Windows\System\tWNUtoE.exe
  2⤵
  PID:10392
- C:\Windows\System\IBdqBjW.exe
  C:\Windows\System\IBdqBjW.exe
  2⤵
  PID:10408
- C:\Windows\System\sRrDXuQ.exe
  C:\Windows\System\sRrDXuQ.exe
  2⤵
  PID:10444
- C:\Windows\System\yMwVKyW.exe
  C:\Windows\System\yMwVKyW.exe
  2⤵
  PID:10468
- C:\Windows\System\DSsHlck.exe
  C:\Windows\System\DSsHlck.exe
  2⤵
  PID:10496
- C:\Windows\System\OXprgMp.exe
  C:\Windows\System\OXprgMp.exe
  2⤵
  PID:10516
- C:\Windows\System\UkCYRmu.exe
  C:\Windows\System\UkCYRmu.exe
  2⤵
  PID:10540
- C:\Windows\System\NIiRxzD.exe
  C:\Windows\System\NIiRxzD.exe
  2⤵
  PID:10632
- C:\Windows\System\PTdxyhs.exe
  C:\Windows\System\PTdxyhs.exe
  2⤵
  PID:10648
- C:\Windows\System\iBchiQs.exe
  C:\Windows\System\iBchiQs.exe
  2⤵
  PID:10664
- C:\Windows\System\uqAiwnX.exe
  C:\Windows\System\uqAiwnX.exe
  2⤵
  PID:10692
- C:\Windows\System\EPAXTWl.exe
  C:\Windows\System\EPAXTWl.exe
  2⤵
  PID:10728
- C:\Windows\System\NVfWfKj.exe
  C:\Windows\System\NVfWfKj.exe
  2⤵
  PID:10748
- C:\Windows\System\vkillNB.exe
  C:\Windows\System\vkillNB.exe
  2⤵
  PID:10792
- C:\Windows\System\xUPtVgJ.exe
  C:\Windows\System\xUPtVgJ.exe
  2⤵
  PID:10816
- C:\Windows\System\NpbZBwH.exe
  C:\Windows\System\NpbZBwH.exe
  2⤵
  PID:10836
- C:\Windows\System\sZHzyDr.exe
  C:\Windows\System\sZHzyDr.exe
  2⤵
  PID:10864
- C:\Windows\System\SKPDIGJ.exe
  C:\Windows\System\SKPDIGJ.exe
  2⤵
  PID:10884
- C:\Windows\System\wqwGGrT.exe
  C:\Windows\System\wqwGGrT.exe
  2⤵
  PID:10920
- C:\Windows\System\XSBREPZ.exe
  C:\Windows\System\XSBREPZ.exe
  2⤵
  PID:10976
- C:\Windows\System\CbKYghP.exe
  C:\Windows\System\CbKYghP.exe
  2⤵
  PID:11000
- C:\Windows\System\AAvtioa.exe
  C:\Windows\System\AAvtioa.exe
  2⤵
  PID:11016
- C:\Windows\System\aHLmkyl.exe
  C:\Windows\System\aHLmkyl.exe
  2⤵
  PID:11040
- C:\Windows\System\DUjVkEN.exe
  C:\Windows\System\DUjVkEN.exe
  2⤵
  PID:11060
- C:\Windows\System\JiGXTBV.exe
  C:\Windows\System\JiGXTBV.exe
  2⤵
  PID:11088
- C:\Windows\System\tHXkHmS.exe
  C:\Windows\System\tHXkHmS.exe
  2⤵
  PID:11116
- C:\Windows\System\Reoiteh.exe
  C:\Windows\System\Reoiteh.exe
  2⤵
  PID:11136
- C:\Windows\System\SoZMAvI.exe
  C:\Windows\System\SoZMAvI.exe
  2⤵
  PID:11160
- C:\Windows\System\wpYUvsa.exe
  C:\Windows\System\wpYUvsa.exe
  2⤵
  PID:11188
- C:\Windows\System\lBrqiHO.exe
  C:\Windows\System\lBrqiHO.exe
  2⤵
  PID:11204
- C:\Windows\System\OcEvMmG.exe
  C:\Windows\System\OcEvMmG.exe
  2⤵
  PID:11228
- C:\Windows\System\eOlqpYn.exe
  C:\Windows\System\eOlqpYn.exe
  2⤵
  PID:11244
- C:\Windows\System\JxNZche.exe
  C:\Windows\System\JxNZche.exe
  2⤵
  PID:9836
- C:\Windows\System\ApioEpC.exe
  C:\Windows\System\ApioEpC.exe
  2⤵
  PID:10292
- C:\Windows\System\erjJkwF.exe
  C:\Windows\System\erjJkwF.exe
  2⤵
  PID:10432
- C:\Windows\System\nEqlEEL.exe
  C:\Windows\System\nEqlEEL.exe
  2⤵
  PID:10524
- C:\Windows\System\nbKuplO.exe
  C:\Windows\System\nbKuplO.exe
  2⤵
  PID:10604
- C:\Windows\System\SQQNQXW.exe
  C:\Windows\System\SQQNQXW.exe
  2⤵
  PID:10640
- C:\Windows\System\UjrwsbF.exe
  C:\Windows\System\UjrwsbF.exe
  2⤵
  PID:10760
- C:\Windows\System\zZUUwgT.exe
  C:\Windows\System\zZUUwgT.exe
  2⤵
  PID:10832
- C:\Windows\System\QAxCADX.exe
  C:\Windows\System\QAxCADX.exe
  2⤵
  PID:10964
- C:\Windows\System\DOfNyvu.exe
  C:\Windows\System\DOfNyvu.exe
  2⤵
  PID:10996
- C:\Windows\System\VprALRR.exe
  C:\Windows\System\VprALRR.exe
  2⤵
  PID:11132
- C:\Windows\System\GPUyHGN.exe
  C:\Windows\System\GPUyHGN.exe
  2⤵
  PID:11124
- C:\Windows\System\NNffGhU.exe
  C:\Windows\System\NNffGhU.exe
  2⤵
  PID:9252
- C:\Windows\System\aanhkhC.exe
  C:\Windows\System\aanhkhC.exe
  2⤵
  PID:11260
- C:\Windows\System\iKGNZcN.exe
  C:\Windows\System\iKGNZcN.exe
  2⤵
  PID:10400
- C:\Windows\System\NQhTJaW.exe
  C:\Windows\System\NQhTJaW.exe
  2⤵
  PID:10492
- C:\Windows\System\pDKNHfi.exe
  C:\Windows\System\pDKNHfi.exe
  2⤵
  PID:10744
- C:\Windows\System\TXeICNK.exe
  C:\Windows\System\TXeICNK.exe
  2⤵
  PID:10720
- C:\Windows\System\yZqOQOu.exe
  C:\Windows\System\yZqOQOu.exe
  2⤵
  PID:10948
- C:\Windows\System\pwOjYvP.exe
  C:\Windows\System\pwOjYvP.exe
  2⤵
  PID:11184
- C:\Windows\System\ydHENHd.exe
  C:\Windows\System\ydHENHd.exe
  2⤵
  PID:11240
- C:\Windows\System\ImTLPWQ.exe
  C:\Windows\System\ImTLPWQ.exe
  2⤵
  PID:10480
- C:\Windows\System\oTSacjd.exe
  C:\Windows\System\oTSacjd.exe
  2⤵
  PID:11128
- C:\Windows\System\IIVyscH.exe
  C:\Windows\System\IIVyscH.exe
  2⤵
  PID:10828
- C:\Windows\System\KsjeSsV.exe
  C:\Windows\System\KsjeSsV.exe
  2⤵
  PID:10260
- C:\Windows\System\bVkcwuc.exe
  C:\Windows\System\bVkcwuc.exe
  2⤵
  PID:11288
- C:\Windows\System\WqgXHFu.exe
  C:\Windows\System\WqgXHFu.exe
  2⤵
  PID:11308
- C:\Windows\System\ihVGboL.exe
  C:\Windows\System\ihVGboL.exe
  2⤵
  PID:11336
- C:\Windows\System\MqNJzCX.exe
  C:\Windows\System\MqNJzCX.exe
  2⤵
  PID:11380
- C:\Windows\System\PAaMyDY.exe
  C:\Windows\System\PAaMyDY.exe
  2⤵
  PID:11400
- C:\Windows\System\aNjSIuN.exe
  C:\Windows\System\aNjSIuN.exe
  2⤵
  PID:11420
- C:\Windows\System\ldhXlfL.exe
  C:\Windows\System\ldhXlfL.exe
  2⤵
  PID:11452
- C:\Windows\System\tVFrtYV.exe
  C:\Windows\System\tVFrtYV.exe
  2⤵
  PID:11468
- C:\Windows\System\hjluzBG.exe
  C:\Windows\System\hjluzBG.exe
  2⤵
  PID:11492
- C:\Windows\System\xjkFREy.exe
  C:\Windows\System\xjkFREy.exe
  2⤵
  PID:11536
- C:\Windows\System\ATYqlVi.exe
  C:\Windows\System\ATYqlVi.exe
  2⤵
  PID:11560
- C:\Windows\System\uNCGvMC.exe
  C:\Windows\System\uNCGvMC.exe
  2⤵
  PID:11580
- C:\Windows\System\OpLDrZx.exe
  C:\Windows\System\OpLDrZx.exe
  2⤵
  PID:11596
- C:\Windows\System\VYqFlnE.exe
  C:\Windows\System\VYqFlnE.exe
  2⤵
  PID:11624
- C:\Windows\System\OIbLLzO.exe
  C:\Windows\System\OIbLLzO.exe
  2⤵
  PID:11644
- C:\Windows\System\RSXbGZj.exe
  C:\Windows\System\RSXbGZj.exe
  2⤵
  PID:11668
- C:\Windows\System\bzzzTiu.exe
  C:\Windows\System\bzzzTiu.exe
  2⤵
  PID:11704
- C:\Windows\System\CogURCj.exe
  C:\Windows\System\CogURCj.exe
  2⤵
  PID:11748
- C:\Windows\System\xAvmBsW.exe
  C:\Windows\System\xAvmBsW.exe
  2⤵
  PID:11772
- C:\Windows\System\dqUskfo.exe
  C:\Windows\System\dqUskfo.exe
  2⤵
  PID:11828
- C:\Windows\System\tHdWWLu.exe
  C:\Windows\System\tHdWWLu.exe
  2⤵
  PID:11852
- C:\Windows\System\uPJvnEI.exe
  C:\Windows\System\uPJvnEI.exe
  2⤵
  PID:11872
- C:\Windows\System\GqWbgtz.exe
  C:\Windows\System\GqWbgtz.exe
  2⤵
  PID:11920
- C:\Windows\System\fEiVIft.exe
  C:\Windows\System\fEiVIft.exe
  2⤵
  PID:11956
- C:\Windows\System\tjOcnTq.exe
  C:\Windows\System\tjOcnTq.exe
  2⤵
  PID:11972
- C:\Windows\System\PcLzDxu.exe
  C:\Windows\System\PcLzDxu.exe
  2⤵
  PID:11996
- C:\Windows\System\tyhqlgf.exe
  C:\Windows\System\tyhqlgf.exe
  2⤵
  PID:12024
- C:\Windows\System\uvxXdVh.exe
  C:\Windows\System\uvxXdVh.exe
  2⤵
  PID:12052
- C:\Windows\System\RgtbAIK.exe
  C:\Windows\System\RgtbAIK.exe
  2⤵
  PID:12076
- C:\Windows\System\pKeFOWo.exe
  C:\Windows\System\pKeFOWo.exe
  2⤵
  PID:12100
- C:\Windows\System\gTZmVjD.exe
  C:\Windows\System\gTZmVjD.exe
  2⤵
  PID:12128
- C:\Windows\System\ZsGwzBs.exe
  C:\Windows\System\ZsGwzBs.exe
  2⤵
  PID:12144
- C:\Windows\System\vVjEJkv.exe
  C:\Windows\System\vVjEJkv.exe
  2⤵
  PID:12188
- C:\Windows\System\fdPEDSa.exe
  C:\Windows\System\fdPEDSa.exe
  2⤵
  PID:12216
- C:\Windows\System\xNaOvVO.exe
  C:\Windows\System\xNaOvVO.exe
  2⤵
  PID:12244
- C:\Windows\System\IiaNOWd.exe
  C:\Windows\System\IiaNOWd.exe
  2⤵
  PID:12272
- C:\Windows\System\kHYCrtv.exe
  C:\Windows\System\kHYCrtv.exe
  2⤵
  PID:11280
- C:\Windows\System\LHbAIfU.exe
  C:\Windows\System\LHbAIfU.exe
  2⤵
  PID:11372
- C:\Windows\System\NDrOGhg.exe
  C:\Windows\System\NDrOGhg.exe
  2⤵
  PID:11428
- C:\Windows\System\gmBRBsr.exe
  C:\Windows\System\gmBRBsr.exe
  2⤵
  PID:11512
- C:\Windows\System\EqGSyff.exe
  C:\Windows\System\EqGSyff.exe
  2⤵
  PID:11568
- C:\Windows\System\spiGUvG.exe
  C:\Windows\System\spiGUvG.exe
  2⤵
  PID:11572
- C:\Windows\System\qMMZZdJ.exe
  C:\Windows\System\qMMZZdJ.exe
  2⤵
  PID:11688
- C:\Windows\System\zyIvxpC.exe
  C:\Windows\System\zyIvxpC.exe
  2⤵
  PID:11760
- C:\Windows\System\WIprXEP.exe
  C:\Windows\System\WIprXEP.exe
  2⤵
  PID:11868
- C:\Windows\System\IywTuVQ.exe
  C:\Windows\System\IywTuVQ.exe
  2⤵
  PID:11908
- C:\Windows\System\ybsWuKS.exe
  C:\Windows\System\ybsWuKS.exe
  2⤵
  PID:11988
- C:\Windows\System\soJQuoZ.exe
  C:\Windows\System\soJQuoZ.exe
  2⤵
  PID:12048
- C:\Windows\System\KOdrBAk.exe
  C:\Windows\System\KOdrBAk.exe
  2⤵
  PID:11096
- C:\Windows\System\kXizkTl.exe
  C:\Windows\System\kXizkTl.exe
  2⤵
  PID:12116
- C:\Windows\System\GqeeVjm.exe
  C:\Windows\System\GqeeVjm.exe
  2⤵
  PID:12212
- C:\Windows\System\DcmeVpE.exe
  C:\Windows\System\DcmeVpE.exe
  2⤵
  PID:12264
- C:\Windows\System\kCwRARJ.exe
  C:\Windows\System\kCwRARJ.exe
  2⤵
  PID:11436
- C:\Windows\System\EnQDOvM.exe
  C:\Windows\System\EnQDOvM.exe
  2⤵
  PID:11544
- C:\Windows\System\KFkTNJH.exe
  C:\Windows\System\KFkTNJH.exe
  2⤵
  PID:11860
- C:\Windows\System\epoEBHN.exe
  C:\Windows\System\epoEBHN.exe
  2⤵
  PID:12096
- C:\Windows\System\vnSsKuJ.exe
  C:\Windows\System\vnSsKuJ.exe
  2⤵
  PID:12200
- C:\Windows\System\aLKzzVX.exe
  C:\Windows\System\aLKzzVX.exe
  2⤵
  PID:11356
- C:\Windows\System\AZsUvKU.exe
  C:\Windows\System\AZsUvKU.exe
  2⤵
  PID:11740
- C:\Windows\System\flrdUkI.exe
  C:\Windows\System\flrdUkI.exe
  2⤵
  PID:12176
- C:\Windows\System\LqtGCSs.exe
  C:\Windows\System\LqtGCSs.exe
  2⤵
  PID:12172
- C:\Windows\System\jNKTfoe.exe
  C:\Windows\System\jNKTfoe.exe
  2⤵
  PID:12312
- C:\Windows\System\jSlAIGE.exe
  C:\Windows\System\jSlAIGE.exe
  2⤵
  PID:12336
- C:\Windows\System\njdPwyT.exe
  C:\Windows\System\njdPwyT.exe
  2⤵
  PID:12364
- C:\Windows\System\bFKZWrd.exe
  C:\Windows\System\bFKZWrd.exe
  2⤵
  PID:12384
- C:\Windows\System\nYaCxwc.exe
  C:\Windows\System\nYaCxwc.exe
  2⤵
  PID:12412
- C:\Windows\System\VJSJmWG.exe
  C:\Windows\System\VJSJmWG.exe
  2⤵
  PID:12508
- C:\Windows\System\HZhTVmW.exe
  C:\Windows\System\HZhTVmW.exe
  2⤵
  PID:12532
- C:\Windows\System\PfdHWQr.exe
  C:\Windows\System\PfdHWQr.exe
  2⤵
  PID:12548
- C:\Windows\System\xeVDEVb.exe
  C:\Windows\System\xeVDEVb.exe
  2⤵
  PID:12564
- C:\Windows\System\QavObZi.exe
  C:\Windows\System\QavObZi.exe
  2⤵
  PID:12592
- C:\Windows\System\ypwMqnw.exe
  C:\Windows\System\ypwMqnw.exe
  2⤵
  PID:12620
- C:\Windows\System\doqWjwl.exe
  C:\Windows\System\doqWjwl.exe
  2⤵
  PID:12652
- C:\Windows\System\QTwKGRZ.exe
  C:\Windows\System\QTwKGRZ.exe
  2⤵
  PID:12668
- C:\Windows\System\RXkRzwv.exe
  C:\Windows\System\RXkRzwv.exe
  2⤵
  PID:12692
- C:\Windows\System\GIRefYb.exe
  C:\Windows\System\GIRefYb.exe
  2⤵
  PID:12708
- C:\Windows\System\NRAOGSD.exe
  C:\Windows\System\NRAOGSD.exe
  2⤵
  PID:12728
- C:\Windows\System\qrInfhV.exe
  C:\Windows\System\qrInfhV.exe
  2⤵
  PID:12764
- C:\Windows\System\XPaCwPN.exe
  C:\Windows\System\XPaCwPN.exe
  2⤵
  PID:12792
- C:\Windows\System\BbBEHRg.exe
  C:\Windows\System\BbBEHRg.exe
  2⤵
  PID:12812
- C:\Windows\System\dkrlVBv.exe
  C:\Windows\System\dkrlVBv.exe
  2⤵
  PID:12836
- C:\Windows\System\QESdiok.exe
  C:\Windows\System\QESdiok.exe
  2⤵
  PID:12856
- C:\Windows\System\zKtmDMg.exe
  C:\Windows\System\zKtmDMg.exe
  2⤵
  PID:12908
- C:\Windows\System\eyyzaJL.exe
  C:\Windows\System\eyyzaJL.exe
  2⤵
  PID:12992
- C:\Windows\System\ALkWYeE.exe
  C:\Windows\System\ALkWYeE.exe
  2⤵
  PID:13012
- C:\Windows\System\WRdFrZn.exe
  C:\Windows\System\WRdFrZn.exe
  2⤵
  PID:13036
- C:\Windows\System\uIOKxUi.exe
  C:\Windows\System\uIOKxUi.exe
  2⤵
  PID:13068
- C:\Windows\System\PtrCKjt.exe
  C:\Windows\System\PtrCKjt.exe
  2⤵
  PID:13112
- C:\Windows\System\wviHoaK.exe
  C:\Windows\System\wviHoaK.exe
  2⤵
  PID:13144
- C:\Windows\System\gjFSwSq.exe
  C:\Windows\System\gjFSwSq.exe
  2⤵
  PID:13164
- C:\Windows\System\hgBiScu.exe
  C:\Windows\System\hgBiScu.exe
  2⤵
  PID:13220
- C:\Windows\System\DLNzNLK.exe
  C:\Windows\System\DLNzNLK.exe
  2⤵
  PID:13240
- C:\Windows\System\QDDkTUr.exe
  C:\Windows\System\QDDkTUr.exe
  2⤵
  PID:13276
- C:\Windows\System\RsbJqDT.exe
  C:\Windows\System\RsbJqDT.exe
  2⤵
  PID:12308
- C:\Windows\System\ZvIswtQ.exe
  C:\Windows\System\ZvIswtQ.exe
  2⤵
  PID:12380
- C:\Windows\System\SMNfMRV.exe
  C:\Windows\System\SMNfMRV.exe
  2⤵
  PID:12404
- C:\Windows\System\IuzSeYb.exe
  C:\Windows\System\IuzSeYb.exe
  2⤵
  PID:12528
- C:\Windows\System\bVxchtR.exe
  C:\Windows\System\bVxchtR.exe
  2⤵
  PID:12544
- C:\Windows\System\mcHLWTG.exe
  C:\Windows\System\mcHLWTG.exe
  2⤵
  PID:12604
- C:\Windows\System\QmsEehc.exe
  C:\Windows\System\QmsEehc.exe
  2⤵
  PID:12680
- C:\Windows\System\NnQspHx.exe
  C:\Windows\System\NnQspHx.exe
  2⤵
  PID:12700
- C:\Windows\System\oKvGjFe.exe
  C:\Windows\System\oKvGjFe.exe
  2⤵
  PID:12828
- C:\Windows\System\JPaKsPB.exe
  C:\Windows\System\JPaKsPB.exe
  2⤵
  PID:12928
- C:\Windows\System\NFTTOLi.exe
  C:\Windows\System\NFTTOLi.exe
  2⤵
  PID:13080
- C:\Windows\System\QXQgHLz.exe
  C:\Windows\System\QXQgHLz.exe
  2⤵
  PID:13100
- C:\Windows\System\RKsGTWU.exe
  C:\Windows\System\RKsGTWU.exe
  2⤵
  PID:13228
- C:\Windows\System\gZpLhJc.exe
  C:\Windows\System\gZpLhJc.exe
  2⤵
  PID:12292
- C:\Windows\System\igcyeKd.exe
  C:\Windows\System\igcyeKd.exe
  2⤵
  PID:1444
- C:\Windows\System\bDKbXNh.exe
  C:\Windows\System\bDKbXNh.exe
  2⤵
  PID:12748
- C:\Windows\System\tCKbNQX.exe
  C:\Windows\System\tCKbNQX.exe
  2⤵
  PID:12724
- C:\Windows\System\hAdBFSP.exe
  C:\Windows\System\hAdBFSP.exe
  2⤵
  PID:13156
- C:\Windows\System\VCgcdGI.exe
  C:\Windows\System\VCgcdGI.exe
  2⤵
  PID:12808
- C:\Windows\System\eJYZGSo.exe
  C:\Windows\System\eJYZGSo.exe
  2⤵
  PID:12676
- C:\Windows\System\NiZWxdX.exe
  C:\Windows\System\NiZWxdX.exe
  2⤵
  PID:13336
- C:\Windows\System\wDAwrEp.exe
  C:\Windows\System\wDAwrEp.exe
  2⤵
  PID:13352
- C:\Windows\System\JWHtCvb.exe
  C:\Windows\System\JWHtCvb.exe
  2⤵
  PID:13368
- C:\Windows\System\orIgHBG.exe
  C:\Windows\System\orIgHBG.exe
  2⤵
  PID:13384
- C:\Windows\System\HDGKNjL.exe
  C:\Windows\System\HDGKNjL.exe
  2⤵
  PID:13400
- C:\Windows\System\ezpoXVv.exe
  C:\Windows\System\ezpoXVv.exe
  2⤵
  PID:13456
- C:\Windows\System\FoJWDnR.exe
  C:\Windows\System\FoJWDnR.exe
  2⤵
  PID:13472
- C:\Windows\System\aXflhGL.exe
  C:\Windows\System\aXflhGL.exe
  2⤵
  PID:13524
- C:\Windows\System\wTiBPYN.exe
  C:\Windows\System\wTiBPYN.exe
  2⤵
  PID:13548
- C:\Windows\System\hvtnagp.exe
  C:\Windows\System\hvtnagp.exe
  2⤵
  PID:13564
- C:\Windows\System\HRsUVvT.exe
  C:\Windows\System\HRsUVvT.exe
  2⤵
  PID:13584
- C:\Windows\System\BnHMQOZ.exe
  C:\Windows\System\BnHMQOZ.exe
  2⤵
  PID:13624
- C:\Windows\System\PzLewDf.exe
  C:\Windows\System\PzLewDf.exe
  2⤵
  PID:13648
- C:\Windows\System\Sfmiyah.exe
  C:\Windows\System\Sfmiyah.exe
  2⤵
  PID:13676
- C:\Windows\System\SMKWXXi.exe
  C:\Windows\System\SMKWXXi.exe
  2⤵
  PID:13704
- C:\Windows\System\XoBSaql.exe
  C:\Windows\System\XoBSaql.exe
  2⤵
  PID:13752
- C:\Windows\System\WQDbDTb.exe
  C:\Windows\System\WQDbDTb.exe
  2⤵
  PID:13776
- C:\Windows\System\ZOuPtka.exe
  C:\Windows\System\ZOuPtka.exe
  2⤵
  PID:13824
- C:\Windows\System\RviiFkb.exe
  C:\Windows\System\RviiFkb.exe
  2⤵
  PID:13848
- C:\Windows\System\ZkGRtYw.exe
  C:\Windows\System\ZkGRtYw.exe
  2⤵
  PID:13892
- C:\Windows\System\gKvRtiQ.exe
  C:\Windows\System\gKvRtiQ.exe
  2⤵
  PID:13912
- C:\Windows\System\XWXADkA.exe
  C:\Windows\System\XWXADkA.exe
  2⤵
  PID:13932
- C:\Windows\System\SvijLFP.exe
  C:\Windows\System\SvijLFP.exe
  2⤵
  PID:13948
- C:\Windows\System\WFIHYdi.exe
  C:\Windows\System\WFIHYdi.exe
  2⤵
  PID:13980
- C:\Windows\System\eYERLuC.exe
  C:\Windows\System\eYERLuC.exe
  2⤵
  PID:14000
- C:\Windows\System\gtTHiOB.exe
  C:\Windows\System\gtTHiOB.exe
  2⤵
  PID:14072
- C:\Windows\System\FGdiVjs.exe
  C:\Windows\System\FGdiVjs.exe
  2⤵
  PID:14108
- C:\Windows\System\JmwcNam.exe
  C:\Windows\System\JmwcNam.exe
  2⤵
  PID:14132
- C:\Windows\System\GSudUBB.exe
  C:\Windows\System\GSudUBB.exe
  2⤵
  PID:14168
- C:\Windows\System\UqKtXmW.exe
  C:\Windows\System\UqKtXmW.exe
  2⤵
  PID:14204
- C:\Windows\System\ndqsUMN.exe
  C:\Windows\System\ndqsUMN.exe
  2⤵
  PID:14228
- C:\Windows\System\TpwsRfk.exe
  C:\Windows\System\TpwsRfk.exe
  2⤵
  PID:14252
- C:\Windows\System\cWExjOW.exe
  C:\Windows\System\cWExjOW.exe
  2⤵
  PID:14268
- C:\Windows\System\wyuKRRM.exe
  C:\Windows\System\wyuKRRM.exe
  2⤵
  PID:14296
- C:\Windows\System\CCFviZe.exe
  C:\Windows\System\CCFviZe.exe
  2⤵
  PID:14320
- C:\Windows\System\xuhwpnf.exe
  C:\Windows\System\xuhwpnf.exe
  2⤵
  PID:4312
- C:\Windows\System\kkWIdtE.exe
  C:\Windows\System\kkWIdtE.exe
  2⤵
  PID:5408
- C:\Windows\System\CtbBslA.exe
  C:\Windows\System\CtbBslA.exe
  2⤵
  PID:13416
- C:\Windows\System\VDwRAHK.exe
  C:\Windows\System\VDwRAHK.exe
  2⤵
  PID:13448
- C:\Windows\System\gjnGfSq.exe
  C:\Windows\System\gjnGfSq.exe
  2⤵
  PID:13516
- C:\Windows\System\vMGQKTG.exe
  C:\Windows\System\vMGQKTG.exe
  2⤵
  PID:13632
- C:\Windows\System\wrPsOdy.exe
  C:\Windows\System\wrPsOdy.exe
  2⤵
  PID:13540
- C:\Windows\System\ECbvjvP.exe
  C:\Windows\System\ECbvjvP.exe
  2⤵
  PID:13644
- C:\Windows\System\QignFMR.exe
  C:\Windows\System\QignFMR.exe
  2⤵
  PID:13692
- C:\Windows\System\duUJAOV.exe
  C:\Windows\System\duUJAOV.exe
  2⤵
  PID:3444
- C:\Windows\System\HtgaxPk.exe
  C:\Windows\System\HtgaxPk.exe
  2⤵
  PID:13820
- C:\Windows\System\OekeFAO.exe
  C:\Windows\System\OekeFAO.exe
  2⤵
  PID:13844
- C:\Windows\System\OnNXJyG.exe
  C:\Windows\System\OnNXJyG.exe
  2⤵
  PID:13944
- C:\Windows\System\pwBnfrI.exe
  C:\Windows\System\pwBnfrI.exe
  2⤵
  PID:13968
- C:\Windows\System\VcrmVkC.exe
  C:\Windows\System\VcrmVkC.exe
  2⤵
  PID:14020
- C:\Windows\System\pGoeRqt.exe
  C:\Windows\System\pGoeRqt.exe
  2⤵
  PID:14124
- C:\Windows\System\oBPJGtt.exe
  C:\Windows\System\oBPJGtt.exe
  2⤵
  PID:14220
- C:\Windows\System\BsUoXwS.exe
  C:\Windows\System\BsUoXwS.exe
  2⤵
  PID:14200
- C:\Windows\System\UPLIhns.exe
  C:\Windows\System\UPLIhns.exe
  2⤵
  PID:4796
- C:\Windows\System\oahwnqu.exe
  C:\Windows\System\oahwnqu.exe
  2⤵
  PID:13324
- C:\Windows\System\ZEuXmhu.exe
  C:\Windows\System\ZEuXmhu.exe
  2⤵
  PID:13452
- C:\Windows\System\PgJpXRH.exe
  C:\Windows\System\PgJpXRH.exe
  2⤵
  PID:13556
- C:\Windows\System\cfplORY.exe
  C:\Windows\System\cfplORY.exe
  2⤵
  PID:13608
- C:\Windows\System\qqRgtRP.exe
  C:\Windows\System\qqRgtRP.exe
  2⤵
  PID:13788
- C:\Windows\System\azyOiCc.exe
  C:\Windows\System\azyOiCc.exe
  2⤵
  PID:13920
- C:\Windows\System\iMREngs.exe
  C:\Windows\System\iMREngs.exe
  2⤵
  PID:13972
- C:\Windows\System\QxbVfjs.exe
  C:\Windows\System\QxbVfjs.exe
  2⤵
  PID:14156
- C:\Windows\System\YtevMzg.exe
  C:\Windows\System\YtevMzg.exe
  2⤵
  PID:14244
- C:\Windows\System\uYUYWLU.exe
  C:\Windows\System\uYUYWLU.exe
  2⤵
  PID:13140
- C:\Windows\System\sOmWeuq.exe
  C:\Windows\System\sOmWeuq.exe
  2⤵
  PID:13812
- C:\Windows\System\IKcttkl.exe
  C:\Windows\System\IKcttkl.exe
  2⤵
  PID:14068
- C:\Windows\System\gIFxOGp.exe
  C:\Windows\System\gIFxOGp.exe
  2⤵
  PID:13620
- C:\Windows\System\znnirps.exe
  C:\Windows\System\znnirps.exe
  2⤵
  PID:13672
- C:\Windows\System\vnhFblo.exe
  C:\Windows\System\vnhFblo.exe
  2⤵
  PID:14352
- C:\Windows\System\bkqFvSj.exe
  C:\Windows\System\bkqFvSj.exe
  2⤵
  PID:14372
- C:\Windows\System\bGJHVyv.exe
  C:\Windows\System\bGJHVyv.exe
  2⤵
  PID:14416
- C:\Windows\System\evEKNHI.exe
  C:\Windows\System\evEKNHI.exe
  2⤵
  PID:14440
- C:\Windows\System\UhNOmnF.exe
  C:\Windows\System\UhNOmnF.exe
  2⤵
  PID:14464
- C:\Windows\System\BHtVEGg.exe
  C:\Windows\System\BHtVEGg.exe
  2⤵
  PID:14500
- C:\Windows\System\IYOisPd.exe
  C:\Windows\System\IYOisPd.exe
  2⤵
  PID:14520
- C:\Windows\System\VFzxmJE.exe
  C:\Windows\System\VFzxmJE.exe
  2⤵
  PID:14548
- C:\Windows\System\rhGQvja.exe
  C:\Windows\System\rhGQvja.exe
  2⤵
  PID:14568
- C:\Windows\System\KDZBusV.exe
  C:\Windows\System\KDZBusV.exe
  2⤵
  PID:14588
- C:\Windows\System\LSCHSsu.exe
  C:\Windows\System\LSCHSsu.exe
  2⤵
  PID:14628

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BKUZCvJ.exe

Filesize
1.9MB

MD5
2c4c13faddf29a1468a5ae8ad4460af3

SHA1
88564aa3cc7d961b646a80b1e26bb59182c4500a

SHA256
03b77fea9840c6fce2bfc27897e8b59eeb8f499f86ec3104f362f8cee50b1b5f

SHA512
b06078a8e127729be1050a663093791c1b30a2da7eb81c74818ac932f504ae7a30ca76af4389028ebcda1cf83fed6238107e206a0fd2092c4587cb8e6ab3c39e

Download Submit
C:\Windows\System\BaKbTOs.exe

Filesize
1.9MB

MD5
44173d21c4c167b17cc6312f65477c58

SHA1
87ed38f467ebfb19018f07858bd2e8cdbdfc24e8

SHA256
a170050356005f1690c052a2e0f2fbd0357cf03ddf6aae1665e6fad69e3670a8

SHA512
a4e84ece56488123c56146de2cafc37a23c5f013f23a92222939ec10c9484c5862511d53316950303d1c9d30910a6348ee25db806e82a01a98ee53031c576071

Download Submit
C:\Windows\System\CkyMIUR.exe

Filesize
1.9MB

MD5
e249bc4c5ed30ef140c7371afdd410e8

SHA1
ddbfb6ac7c7a6927ab29d7b4a3f65ecb998e74f7

SHA256
20884657f89e7c7e3ec8b03dbb21caf79c2041b19af38528a2b61b49c5c6c751

SHA512
a2df49a25d02adb6e8397a84ff2ea1ad23d76a100259a9a2778b00dd438057b417ea462afbd9ce156752e5e4095f06946ecc252f3b3e7c3e91e028da19b7e3da

Download Submit
C:\Windows\System\FzUSzok.exe

Filesize
1.9MB

MD5
4bf7c9bd83f6823c41069578687f0876

SHA1
f30cea3245a4f534bcc6885f8c2511b37a5dcf65

SHA256
fde1b13b30e40004ac20fb3d4d77be7224971c32268266fe3517f7bb96e4d910

SHA512
35e91e7a7414297fa8fcfd9201d4ba24f10358a16ebeeb046669e8225b14a9b51c13596599e1e49aac6c3f14a1174a155a8505049010f749824834af54556551

Download Submit
C:\Windows\System\GsINpos.exe

Filesize
1.9MB

MD5
bbfb21aba40d181fcc0629806c39debe

SHA1
a9973568c60eab253d6ef5412534d5dee7b7d928

SHA256
d2f995835aa8bd9444b0733115fb1d99e68960d84764f2ffbeec0773ae73861c

SHA512
d2c8b8b5f597ab60e024e998b296efd9871cbb78a3ca93f276b68aa854de89928fc8d161913a588ef8108e9c403f624af074fde1364279f9f79d3c25484d4627

Download Submit
C:\Windows\System\HFgfonQ.exe

Filesize
1.9MB

MD5
d62d14d941a50335262266259ac76554

SHA1
1a8b29158291f947642a4944f761922099f0f8a6

SHA256
5dffb545635d27988193bf25653e33a69d3696873b5bae22fea87b7d6257426f

SHA512
dfdbebed88a5dbf6d80b5354b26111335772b57928674e24add7db147bd5f4b1a85676baa9f26d181628fe5734011bbd82580dfae918d3ff568ef5ef29bfc7fc

Download Submit
C:\Windows\System\IoVprgL.exe

Filesize
1.9MB

MD5
adf84401ddfcb13e14ec7781bc336bec

SHA1
1db78ce2c2fb19680413fc7ed37304431fbe1956

SHA256
ab9fc3b644469f0b830e0773ebf55c905e9f1f408332683b49da1049800ef0ba

SHA512
66d4db7c1e9f7bfe572e1a5fc5a38921f723d7b3b125374f8ec7f2ef6f3b2bf47e5763bbd9558075c62ccff5fb7a444819308df18722553d2f7902abedcd3715

Download Submit
C:\Windows\System\IuWQMXy.exe

Filesize
1.9MB

MD5
479a985a671cbdce96e8800e15315789

SHA1
950558825e8775bc2e1bbbbda02fc63359c341b1

SHA256
17a7f0c9699322391c4a9d5d09fa320c295e826e0cb4f621524072d1da4dfb2c

SHA512
8b1f31eb15f2cc26d42bbe3ec6a46a7b6015480bde8f4d03dd691ede1c83cd89cccc635715d2d27ddcea5e1bc9da0e99415c95e9245f233dc342832f960f5bb0

Download Submit
C:\Windows\System\JoOYgbt.exe

Filesize
1.9MB

MD5
ec52ae254754eb025ae2c8eccaff5f10

SHA1
485ccd7203e90524a17af00e5572b3d1e4f805cc

SHA256
49c998d06156c0194b4bcc6e9a1bed657fd3d586b9d845b0c90a8e677556c1d4

SHA512
e32c6f7ff86fc648cb1776ffbbb667812151f0f44aabc2ba3ad761b980970157a1eb9c9504f3d46864f0de3efe42adcb20c0b08719d5e50a1be55b91934489d7

Download Submit
C:\Windows\System\LyyFEle.exe

Filesize
1.9MB

MD5
b0b6609c1fa344ab5fc4d604d091acde

SHA1
9390b295e4ccc6d1e8dd77ad08e9d6bb35411292

SHA256
8f4ab296ed742697c531be2a7ee8c3a848c95422271ffced80d1b774416b9547

SHA512
e7ca4fa278d0a33a037aa6fcf7470057841a6704e4958eff0f119eecd1fad59c5437433e8b7e5e1948496cbc28b6c8ac3f48aaad67898095bd223c7c1e9a7077

Download Submit
C:\Windows\System\OsRZPEX.exe

Filesize
1.9MB

MD5
c33bb1ac90b7dc61400971b42ac50d01

SHA1
39294feebf4296eb1c4a3cc53d459bc81e879025

SHA256
32ed7faba21e089f81f2f25f0f792923c2b2ad9c51764f9b4a6201cbeb0fe312

SHA512
c9168a8530faba8c6747a0c279b39048dda4a3a352c4c32dbb740e4a7e98499536842fa6bee6d4e923f8414b204cea321db53c9c98a979c14a6f89b8d8ec06e5

Download Submit
C:\Windows\System\RCDijVb.exe

Filesize
1.9MB

MD5
d9ca0591903e03f80a5bb35bb7ee9f49

SHA1
c27e79b6e11f94dee47cef16bcf27a6fe827ec0e

SHA256
e77c76d3a21763383eb048788700ebd6e222e0412fd1b06bcb4485b63be28576

SHA512
e7614065a08e768343d8eea6511075e52e7269eba3e8531858f60f120efdac9e5308da3f501c947215ee663b162e17cff10ab7962eb45768df3dc2d5dc17fe0f

Download Submit
C:\Windows\System\RzFcWqr.exe

Filesize
1.9MB

MD5
603fe6e642cddc081ad72ed014fa0613

SHA1
31b70e10e6f93bdd2e029889307acef7bbafbdaf

SHA256
a913aa4aee86b7af1aeb2e4a75bd6977541b8f658c31fcd0ad89f2c419b2f598

SHA512
14ae3dc3e03bae3b11ee1848ad760e0ca2f58e808a8df05d18955de3766a288c8dea1b904ed51e6b3980e36da3fd3a714288a8a1ff521a55c7452fa2670b1f6e

Download Submit
C:\Windows\System\SPWxnPw.exe

Filesize
1.9MB

MD5
62f86c11a63493c9db9c915636ab2066

SHA1
b1f1e74a1a323bd81d0a84a5dad2194e65784fa4

SHA256
587d1fd7d23ef8299b4537c5639b576687f9a496b20724e1a849400e0de165de

SHA512
105c6b4178341b96b77aa046db2cb1400e9faded85146a73a6b5609c9d47db7504580c5a56014b21b16bfe50cf5b611f572d9018395d72cde12a911b92ad4220

Download Submit
C:\Windows\System\ZKXbcGY.exe

Filesize
1.9MB

MD5
592406a4dc9672347a0ae0b617fe3ec8

SHA1
82c4e7f315e45715b307842268889fac1b39bc11

SHA256
9224fc342c53d51376470781d234195978ff827128776aeecfd169736c15017c

SHA512
f886df2884232466cbd8a688343c4ab72ed990ac0d68bb59a79f11356e6e98f1e97817427e9548319ba23f5b962b12188eaa86ff731296ace76154fd150527e9

Download Submit
C:\Windows\System\ZKduMFA.exe

Filesize
1.9MB

MD5
9d3c9febd4a8d4159cbefdeb1cd1b57e

SHA1
f9b3be5170f8dde5834e4235ff0fe3c4742794d9

SHA256
f88aa373f0be7288c5b326b231bc07e460028aaf32e66f6fe28e035fd98273ed

SHA512
142eec9212325656cc8aee908442745ed498aa202ee01dc3f70cb366cbe124c925c5998fe9cbf6ccac8ef42f89bcf9d2aad78e552743a1aff884152c42510f1b

Download Submit
C:\Windows\System\ZPlVawt.exe

Filesize
1.9MB

MD5
ee5a9a1593b6f13205a42cdeb8cf1ae4

SHA1
fec5b1b888d584e285fb15566e5e89badcd1a38f

SHA256
a4e988149d9c90b35f5f67c28d9fcf57484933378b0293aee45ad54802cae319

SHA512
13188cc2e25246ef00d2d0803de3553a8b3d47b47f79c2d6de762036e16db4cbc5579bacae9ca865d2c9e96f712097cd03146cd88d1b569f4d57b956fc334fda

Download Submit
C:\Windows\System\bHaaGvx.exe

Filesize
1.9MB

MD5
94b66e7c8d8dc9ba54455e053683cfa2

SHA1
c587adf681a128afa47fe0ae319e8296fed4741a

SHA256
878ccfa8fc7b17329f35e5999dd1fce518075aa36d3710ece88976f36b776390

SHA512
40e53747cfeb8bda36ca7c27c85d1a54e7fedc83b608160262bd6b25de73b35ef13f25a12e669f9eb055dfe45984ff26d37c6b7b155f352d74c7ff0397e45032

Download Submit
C:\Windows\System\dSUGbOx.exe

Filesize
1.9MB

MD5
3664e65227eaa171a829620a044b38a3

SHA1
e2e79e197dbfe864684fa55b583d08a4d248491f

SHA256
0cbe47ac22b09a8430d765adab8604e823af39a3ec5b57be57d722cfd0667b1e

SHA512
1dccfc60e63062016a13b6561fc56ac1a9bd6bc32da89410705fb5eed972b89d493fea83f26222dcfd6562b8020d47d662ff54f163b9e83c64365f4975f8717e

Download Submit
C:\Windows\System\eXLxtmE.exe

Filesize
1.9MB

MD5
5456698e692315b0ad9b923b824e8619

SHA1
ad461f3b5489facc165e730b9a5ce8472aa53432

SHA256
6b14e551c1bd1cfc35d83973f1f9d990a06bd84757d17607521a34cda6ef37d5

SHA512
197a44e45c8894b79498b295eca12354b72619803176442d942b9a24e215a0a37b61d9ff336633bafcafcd187389676af9559825817e2a0f1cf62630d8a92187

Download Submit
C:\Windows\System\eYnGWTP.exe

Filesize
1.9MB

MD5
605204d303ff6c81a3ed4e691378ad71

SHA1
9c67d7d3a7737ababf01a62c146c2fbc23731e09

SHA256
6c7f227e70aea7ed5241741c0de4ef23f8df750693e0a443e12851dbe8a994ee

SHA512
2889c946150dc2fad280ca07f4208115f63cb39a83fa3cd8e5fb6498588511a4315561ff9ba950fd6a786de19b602b7f94deff6251fb576c6bb5d95fbbb90b32

Download Submit
C:\Windows\System\gOwSSlO.exe

Filesize
1.9MB

MD5
d6674357f2b94d7a93d9419df1743ee2

SHA1
053b0f63993ee29ac0790d01172ce4d5b122ad26

SHA256
0dce159ff24b001321b8e668bc1ced2ec46862517cc652285cef7be9e1ddabe6

SHA512
59fdc7923369a308a35596079b2278789e99b125c00e39b70a226a553c56efe57d60a865ec126421c91bd58c051b0ff23533ef244792f2a818e7ddd33620acbb

Download Submit
C:\Windows\System\hAMjVlK.exe

Filesize
1.9MB

MD5
43be46e8e478b6a0041944259a143563

SHA1
d9a668e83180d6946f2502e34683b00d70dc0110

SHA256
5b7c8c64d29cf2b1ee6d74ec9e5946cec39d754f9aee363fbe6ee29b4439810a

SHA512
d1f4f3451318ab72c345026bd2507032a1340d03f70058fa9d19e65b5eeef96587bcad047845cfd5507540eed1e878c665f1ec77951fb1cdc603e0b537ea6eca

Download Submit
C:\Windows\System\hZPdZoQ.exe

Filesize
1.9MB

MD5
a3f314caf2c5ef1bdb3f56357e7f40be

SHA1
8333d1342c74ab17555b5eca58306da52c53a6fa

SHA256
d940e18eaa0d25e7e50c1ed2776479eecd35451e3fef83dc2875bf17ede837c4

SHA512
e31ae0dc5e0e9d5499d09f94d5056fc2e2cb2bb796c8646750dd8ada314ed774bbd92def557f628a0f04e77f3fd644aa966a833e853f5dd5b8b480ba49892681

Download Submit
C:\Windows\System\iomGrBJ.exe

Filesize
1.9MB

MD5
0f4e8d7ca8b35b144a236bd9e50050a0

SHA1
634cf66975afdcceeacb265ca2277a1f8b5562e2

SHA256
9705b881eedc32669c662ccea7876f4a8ed2f72bec49d8e320ddc2cb8b28fa9f

SHA512
791fecc957be849401e2b72ad8a1b06417e2405bb610eed98be9f7f736fc52a1fc6e72772876b93beddcf9073d6811f678a5ac0dc4d4e18e2fc5d3e739d3e8b2

Download Submit
C:\Windows\System\ixTdDeA.exe

Filesize
1.9MB

MD5
7193c8eb8dc67cc222412ad4e47f94e6

SHA1
05b87fc9ad6f038860687925c904699f5bceafcc

SHA256
81211daf013f71a2acd9364021097e87fdb742eb68c23b9b9c9c69af3aefba8e

SHA512
d7f590c8be525463f19ab49cf89f133d849e6327f1a980d20013f2d1e015c753538c14e000c584d63bb4da1200e12ca91a46f427e249212ce0f26fbee59878e0

Download Submit
C:\Windows\System\juaKbJv.exe

Filesize
1.9MB

MD5
577e7b753d17c63403bfc8178c72287d

SHA1
fd2baaca716d439e2286ec4f87bf64f67d000ff6

SHA256
b7f866372e864bc73405a5bc6630b695ca20471b932476e0cc31c511dea57dd0

SHA512
308941ee665f3dd38d9609de2aaa969cb4f553d99846eb367389d0cf4a62b85e861bb694177596d9dd7b927efa26d66cd227f520313a3605c7ab179482dec0d0

Download Submit
C:\Windows\System\kAugmDs.exe

Filesize
1.9MB

MD5
37483e520d264705c127c8d7a17654f8

SHA1
eec4610fc0bbe064aa8a3a330a665a893a1a9e5b

SHA256
8c93e0b31e824331e4549d1029c1cfba61b4070a60c1e9249bf779ce4c839667

SHA512
f473c10144525db293f26b29262598f85a2e3ca58ff213a5e735710a855e60816364ebbb78486b94cbbc8f78b626c24bd670f0d3d4fc044b2371f87c51ff72d7

Download Submit
C:\Windows\System\oiuuPMD.exe

Filesize
1.9MB

MD5
0104eb11b413b48889155b7f1deb163c

SHA1
3802e7d7d649703419d11187f68c4d5724f72158

SHA256
da2f0a34f56411cc0a7997f1466d0957ce854d8098d9a9ffd47a8d1524c58ede

SHA512
beed9c2a33e28a4ff3d133980ad4dfa5fae6739489a18bf4946c262915e0e78f489b36ba3a0feec705fcaef6aff4f4b4d2d13fd306be8815ef64b498643af75a

Download Submit
C:\Windows\System\qIOVSrT.exe

Filesize
1.9MB

MD5
dc97c47780de98aa315d2713e1a39a70

SHA1
d1e6f723e9c1f7f0e89e06b92feb15dd1e2d0fd7

SHA256
8753968cdcfa6a7d6e8fb4d3b1a9e3f9b316bcf9ff64a33c393577087556a4d7

SHA512
80dfc53dfc12e4074d80175890db33b6d730da5034ef273d4bcd5461e62f97285a2bd37ca9a2dd7e6a23f1bc84c7540efc29e77cf0fc058c5141f0e6f7bcb2ab

Download Submit
C:\Windows\System\sVHjSBe.exe

Filesize
1.9MB

MD5
6e223aa72488e5b870a1a06d0432810d

SHA1
7594d28fad39c449c98d3861d6963dd6690c527a

SHA256
91325a67c9a1b8f1ca8cdaa30349919af93768858fb60de12d0ba12872c26246

SHA512
bc944d4c0621691c1933dffd21971560a885c2e428bb1fbfdbacb0469c15310ca256545e9c7ff7ec9c068278c41ccc16681e731bd92930d71e4d3d1c2fecdfd7

Download Submit
C:\Windows\System\wVdifAk.exe

Filesize
1.9MB

MD5
6acd02e912be926112c9392d2cbdbab7

SHA1
4621e9f12d8c1e06e01044d7fbd4282e5f011475

SHA256
57451c1ee223d449671dbea5171f0d4079aad50aa16cc9a9bfda92c5a7a0e79f

SHA512
35163267f4d1441536eb35c25c2c0c04ad9d20a04269187a6da775bf736326cb737b680c3a2c0461b20fa8f086ce0dc204938c900e24e0ee6911cbfe292665a4

Download Submit
C:\Windows\System\xvTWwXb.exe

Filesize
1.9MB

MD5
36dacb415125305b938ee48e006a9c27

SHA1
b2f3cae25cea0a8463e76a3071185770eef3082d

SHA256
f35301ef6b1f31c61a021b423b6ecc3a7cf245a0235f6b6efa051517d365bff9

SHA512
d1c002b7f9d5f81e69ad3b5a629975f0bd1ca1c5bc82d826e52e1f37115b1e0c1964d218f996dc71a451de101add79460f98ada8a027c704fa70680bdc7c8481

Download Submit
memory/652-2254-0x00007FF7431A0000-0x00007FF7434F1000-memory.dmp

Filesize
3.3MB

Download
memory/652-322-0x00007FF7431A0000-0x00007FF7434F1000-memory.dmp

Filesize
3.3MB

Download
memory/872-352-0x00007FF7B09E0000-0x00007FF7B0D31000-memory.dmp

Filesize
3.3MB

Download
memory/872-2324-0x00007FF7B09E0000-0x00007FF7B0D31000-memory.dmp

Filesize
3.3MB

Download
memory/940-347-0x00007FF6902E0000-0x00007FF690631000-memory.dmp

Filesize
3.3MB

Download
memory/940-2314-0x00007FF6902E0000-0x00007FF690631000-memory.dmp

Filesize
3.3MB

Download
memory/964-1903-0x00007FF6FCFF0000-0x00007FF6FD341000-memory.dmp

Filesize
3.3MB

Download
memory/964-11-0x00007FF6FCFF0000-0x00007FF6FD341000-memory.dmp

Filesize
3.3MB

Download
memory/964-2236-0x00007FF6FCFF0000-0x00007FF6FD341000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2252-0x00007FF7FB8E0000-0x00007FF7FBC31000-memory.dmp

Filesize
3.3MB

Download
memory/1484-2231-0x00007FF7FB8E0000-0x00007FF7FBC31000-memory.dmp

Filesize
3.3MB

Download
memory/1484-64-0x00007FF7FB8E0000-0x00007FF7FBC31000-memory.dmp

Filesize
3.3MB

Download
memory/2032-2264-0x00007FF718CE0000-0x00007FF719031000-memory.dmp

Filesize
3.3MB

Download
memory/2032-338-0x00007FF718CE0000-0x00007FF719031000-memory.dmp

Filesize
3.3MB

Download
memory/2040-2256-0x00007FF6FBB70000-0x00007FF6FBEC1000-memory.dmp

Filesize
3.3MB

Download
memory/2040-325-0x00007FF6FBB70000-0x00007FF6FBEC1000-memory.dmp

Filesize
3.3MB

Download
memory/2232-344-0x00007FF6183F0000-0x00007FF618741000-memory.dmp

Filesize
3.3MB

Download
memory/2232-2294-0x00007FF6183F0000-0x00007FF618741000-memory.dmp

Filesize
3.3MB

Download
memory/2384-345-0x00007FF76E6A0000-0x00007FF76E9F1000-memory.dmp

Filesize
3.3MB

Download
memory/2384-2310-0x00007FF76E6A0000-0x00007FF76E9F1000-memory.dmp

Filesize
3.3MB

Download
memory/2620-2251-0x00007FF6D08A0000-0x00007FF6D0BF1000-memory.dmp

Filesize
3.3MB

Download
memory/2620-353-0x00007FF6D08A0000-0x00007FF6D0BF1000-memory.dmp

Filesize
3.3MB

Download
memory/2668-2262-0x00007FF609070000-0x00007FF6093C1000-memory.dmp

Filesize
3.3MB

Download
memory/2668-337-0x00007FF609070000-0x00007FF6093C1000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2266-0x00007FF6AB850000-0x00007FF6ABBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2692-339-0x00007FF6AB850000-0x00007FF6ABBA1000-memory.dmp

Filesize
3.3MB

Download
memory/2756-33-0x00007FF66B830000-0x00007FF66BB81000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2242-0x00007FF66B830000-0x00007FF66BB81000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2238-0x00007FF62C010000-0x00007FF62C361000-memory.dmp

Filesize
3.3MB

Download
memory/2844-14-0x00007FF62C010000-0x00007FF62C361000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1-0x0000025CD9BF0000-0x0000025CD9C00000-memory.dmp

Filesize
64KB

Download
memory/2896-1889-0x00007FF77D620000-0x00007FF77D971000-memory.dmp

Filesize
3.3MB

Download
memory/2896-0-0x00007FF77D620000-0x00007FF77D971000-memory.dmp

Filesize
3.3MB

Download
memory/2912-335-0x00007FF744EC0000-0x00007FF745211000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2258-0x00007FF744EC0000-0x00007FF745211000-memory.dmp

Filesize
3.3MB

Download
memory/3208-29-0x00007FF7D0B50000-0x00007FF7D0EA1000-memory.dmp

Filesize
3.3MB

Download
memory/3208-2244-0x00007FF7D0B50000-0x00007FF7D0EA1000-memory.dmp

Filesize
3.3MB

Download
memory/3508-2269-0x00007FF6DE3E0000-0x00007FF6DE731000-memory.dmp

Filesize
3.3MB

Download
memory/3508-340-0x00007FF6DE3E0000-0x00007FF6DE731000-memory.dmp

Filesize
3.3MB

Download
memory/3608-348-0x00007FF65E8D0000-0x00007FF65EC21000-memory.dmp

Filesize
3.3MB

Download
memory/3608-2316-0x00007FF65E8D0000-0x00007FF65EC21000-memory.dmp

Filesize
3.3MB

Download
memory/3656-349-0x00007FF674500000-0x00007FF674851000-memory.dmp

Filesize
3.3MB

Download
memory/3656-2318-0x00007FF674500000-0x00007FF674851000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2260-0x00007FF7F1CA0000-0x00007FF7F1FF1000-memory.dmp

Filesize
3.3MB

Download
memory/3928-331-0x00007FF7F1CA0000-0x00007FF7F1FF1000-memory.dmp

Filesize
3.3MB

Download
memory/3984-2312-0x00007FF756BF0000-0x00007FF756F41000-memory.dmp

Filesize
3.3MB

Download
memory/3984-346-0x00007FF756BF0000-0x00007FF756F41000-memory.dmp

Filesize
3.3MB

Download
memory/4396-31-0x00007FF699330000-0x00007FF699681000-memory.dmp

Filesize
3.3MB

Download
memory/4396-2240-0x00007FF699330000-0x00007FF699681000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2230-0x00007FF6698C0000-0x00007FF669C11000-memory.dmp

Filesize
3.3MB

Download
memory/4580-42-0x00007FF6698C0000-0x00007FF669C11000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2248-0x00007FF6698C0000-0x00007FF669C11000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2246-0x00007FF688260000-0x00007FF6885B1000-memory.dmp

Filesize
3.3MB

Download
memory/4716-2228-0x00007FF688260000-0x00007FF6885B1000-memory.dmp

Filesize
3.3MB

Download
memory/4716-39-0x00007FF688260000-0x00007FF6885B1000-memory.dmp

Filesize
3.3MB

Download
memory/4772-2289-0x00007FF674CF0000-0x00007FF675041000-memory.dmp

Filesize
3.3MB

Download
memory/4772-342-0x00007FF674CF0000-0x00007FF675041000-memory.dmp

Filesize
3.3MB

Download
memory/4812-2320-0x00007FF78E7C0000-0x00007FF78EB11000-memory.dmp

Filesize
3.3MB

Download
memory/4812-350-0x00007FF78E7C0000-0x00007FF78EB11000-memory.dmp

Filesize
3.3MB

Download
memory/4832-343-0x00007FF7A0B40000-0x00007FF7A0E91000-memory.dmp

Filesize
3.3MB

Download
memory/4832-2308-0x00007FF7A0B40000-0x00007FF7A0E91000-memory.dmp

Filesize
3.3MB

Download
memory/4924-2322-0x00007FF681A10000-0x00007FF681D61000-memory.dmp

Filesize
3.3MB

Download
memory/4924-351-0x00007FF681A10000-0x00007FF681D61000-memory.dmp

Filesize
3.3MB

Download
memory/5108-2270-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp

Filesize
3.3MB

Download
memory/5108-341-0x00007FF7F8340000-0x00007FF7F8691000-memory.dmp

Filesize
3.3MB

Download