xmrig | d5b565fe22c94af84a537aba1a4303707a2262937eadec672f201d62779a5e4f

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
Size

1.7MB
MD5

1b38a54ec0159ff13e518375be2fab80
SHA1

d4eed7fe7abcf425272d35585fd11c6d9f082fcc
SHA256

d5b565fe22c94af84a537aba1a4303707a2262937eadec672f201d62779a5e4f
SHA512

eab0a60de865995ef51e1364c5592c2a9a2ee4dd52e997ef095bc051ec89c0405c86683c0104804fd013b07055a74b029dedfc2198c838ed80ed98a2a685bf52
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhMgQhCwbvj72hsuWBzHB1vLNku/sy:Lz071uv4BPMkHC0INFWEWBx9

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/3820-386-0x00007FF6BB6B0000-0x00007FF6BBAA2000-memory.dmp	xmrig
behavioral2/memory/4080-469-0x00007FF6C4330000-0x00007FF6C4722000-memory.dmp	xmrig
behavioral2/memory/4820-518-0x00007FF652630000-0x00007FF652A22000-memory.dmp	xmrig
behavioral2/memory/4048-520-0x00007FF6072C0000-0x00007FF6076B2000-memory.dmp	xmrig
behavioral2/memory/4988-523-0x00007FF69D1B0000-0x00007FF69D5A2000-memory.dmp	xmrig
behavioral2/memory/1696-526-0x00007FF7DBF40000-0x00007FF7DC332000-memory.dmp	xmrig
behavioral2/memory/2020-529-0x00007FF779E10000-0x00007FF77A202000-memory.dmp	xmrig
behavioral2/memory/1808-531-0x00007FF671210000-0x00007FF671602000-memory.dmp	xmrig
behavioral2/memory/2204-530-0x00007FF73D140000-0x00007FF73D532000-memory.dmp	xmrig
behavioral2/memory/4004-528-0x00007FF6C1A60000-0x00007FF6C1E52000-memory.dmp	xmrig
behavioral2/memory/1980-527-0x00007FF765EB0000-0x00007FF7662A2000-memory.dmp	xmrig
behavioral2/memory/4876-524-0x00007FF758650000-0x00007FF758A42000-memory.dmp	xmrig
behavioral2/memory/1032-522-0x00007FF7A16A0000-0x00007FF7A1A92000-memory.dmp	xmrig
behavioral2/memory/1544-521-0x00007FF6E3A70000-0x00007FF6E3E62000-memory.dmp	xmrig
behavioral2/memory/3000-519-0x00007FF6B0660000-0x00007FF6B0A52000-memory.dmp	xmrig
behavioral2/memory/4336-330-0x00007FF7F6990000-0x00007FF7F6D82000-memory.dmp	xmrig
behavioral2/memory/512-253-0x00007FF6F35F0000-0x00007FF6F39E2000-memory.dmp	xmrig
behavioral2/memory/872-199-0x00007FF7E82C0000-0x00007FF7E86B2000-memory.dmp	xmrig
behavioral2/memory/3116-140-0x00007FF7EBFA0000-0x00007FF7EC392000-memory.dmp	xmrig
behavioral2/memory/3060-38-0x00007FF7D7C60000-0x00007FF7D8052000-memory.dmp	xmrig
behavioral2/memory/3060-3055-0x00007FF7D7C60000-0x00007FF7D8052000-memory.dmp	xmrig
behavioral2/memory/2480-3053-0x00007FF78D630000-0x00007FF78DA22000-memory.dmp	xmrig
behavioral2/memory/2480-3057-0x00007FF78D630000-0x00007FF78DA22000-memory.dmp	xmrig
behavioral2/memory/4300-3059-0x00007FF7EABB0000-0x00007FF7EAFA2000-memory.dmp	xmrig
behavioral2/memory/1696-3061-0x00007FF7DBF40000-0x00007FF7DC332000-memory.dmp	xmrig
behavioral2/memory/2488-3063-0x00007FF798560000-0x00007FF798952000-memory.dmp	xmrig
behavioral2/memory/872-3065-0x00007FF7E82C0000-0x00007FF7E86B2000-memory.dmp	xmrig
behavioral2/memory/4080-3067-0x00007FF6C4330000-0x00007FF6C4722000-memory.dmp	xmrig
behavioral2/memory/4048-3080-0x00007FF6072C0000-0x00007FF6076B2000-memory.dmp	xmrig
behavioral2/memory/3116-3083-0x00007FF7EBFA0000-0x00007FF7EC392000-memory.dmp	xmrig
behavioral2/memory/2204-3087-0x00007FF73D140000-0x00007FF73D532000-memory.dmp	xmrig
behavioral2/memory/3000-3089-0x00007FF6B0660000-0x00007FF6B0A52000-memory.dmp	xmrig
behavioral2/memory/4336-3085-0x00007FF7F6990000-0x00007FF7F6D82000-memory.dmp	xmrig
behavioral2/memory/1032-3082-0x00007FF7A16A0000-0x00007FF7A1A92000-memory.dmp	xmrig
behavioral2/memory/3576-3078-0x00007FF6E9E00000-0x00007FF6EA1F2000-memory.dmp	xmrig
behavioral2/memory/512-3074-0x00007FF6F35F0000-0x00007FF6F39E2000-memory.dmp	xmrig
behavioral2/memory/3820-3072-0x00007FF6BB6B0000-0x00007FF6BBAA2000-memory.dmp	xmrig
behavioral2/memory/1980-3076-0x00007FF765EB0000-0x00007FF7662A2000-memory.dmp	xmrig
behavioral2/memory/4004-3070-0x00007FF6C1A60000-0x00007FF6C1E52000-memory.dmp	xmrig
behavioral2/memory/2020-3107-0x00007FF779E10000-0x00007FF77A202000-memory.dmp	xmrig
behavioral2/memory/1544-3112-0x00007FF6E3A70000-0x00007FF6E3E62000-memory.dmp	xmrig
behavioral2/memory/4820-3101-0x00007FF652630000-0x00007FF652A22000-memory.dmp	xmrig
behavioral2/memory/4876-3099-0x00007FF758650000-0x00007FF758A42000-memory.dmp	xmrig
behavioral2/memory/1808-3097-0x00007FF671210000-0x00007FF671602000-memory.dmp	xmrig
behavioral2/memory/4988-3094-0x00007FF69D1B0000-0x00007FF69D5A2000-memory.dmp	xmrig

Blocklisted process makes network request 1 IoCs

flow	pid	Process
9	5068	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
5068	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2480	pRTrOgG.exe
1696	AwujMCh.exe
3060	LyuUnvv.exe
4300	urmeYXk.exe
1980	jBuhFPG.exe
4004	sUhDjpV.exe
2488	GMtinwK.exe
3576	EMTnfZd.exe
3116	rcGlqvF.exe
872	DRAykQE.exe
2020	MAGBpih.exe
512	SVJAAkJ.exe
4336	UeFAfyf.exe
3820	rRAjEGS.exe
4080	uEMqfEL.exe
2204	KjlARQW.exe
4820	LespJiJ.exe
3000	nGzJigL.exe
4048	DbUuumF.exe
1544	JMsUTgU.exe
1032	LLzTXWX.exe
4988	MuSCMpp.exe
4876	RSisIun.exe
1808	euhkqHn.exe
5048	tEFHnhK.exe
5084	JmYScUa.exe
3752	rYzPvUI.exe
2420	CDuTKQH.exe
908	xoiCBff.exe
2712	nITvDVZ.exe
2320	HSbyYIz.exe
3376	cUsDdRx.exe
3768	LPgXUwM.exe
3496	QolaWBy.exe
4484	mleocQy.exe
4644	leyCAuF.exe
632	LDNKIsR.exe
616	soFrXtZ.exe
2164	fQalQHO.exe
1408	pdrHacs.exe
1728	rLogIrh.exe
1100	uzwjTvH.exe
4624	aBTptVf.exe
3172	KFbMSdY.exe
4092	PJwnyEs.exe
2720	yopbFKV.exe
4068	edJuvrx.exe
4212	cJngjpR.exe
3276	myIActi.exe
408	ZcjxHNh.exe
2936	aTHoKoA.exe
4656	jgzWehN.exe
3616	oQKCuOu.exe
4704	jVylmGL.exe
4220	DKtwmYG.exe
4812	hneNAvT.exe
1948	kziNJVC.exe
4740	VDryIVR.exe
1080	LnMNdES.exe
3956	oLWohZm.exe
3320	bVdnOzI.exe
3268	bPyyvzx.exe
4388	RTyjCMD.exe
4316	nIhMlkU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1452-0-0x00007FF694EF0000-0x00007FF6952E2000-memory.dmp	upx
behavioral2/files/0x0008000000023445-5.dat	upx
behavioral2/memory/2480-11-0x00007FF78D630000-0x00007FF78DA22000-memory.dmp	upx
behavioral2/files/0x000700000002344b-19.dat	upx
behavioral2/files/0x000700000002344a-17.dat	upx
behavioral2/files/0x0007000000023449-33.dat	upx
behavioral2/memory/3820-386-0x00007FF6BB6B0000-0x00007FF6BBAA2000-memory.dmp	upx
behavioral2/memory/4080-469-0x00007FF6C4330000-0x00007FF6C4722000-memory.dmp	upx
behavioral2/memory/4820-518-0x00007FF652630000-0x00007FF652A22000-memory.dmp	upx
behavioral2/memory/4048-520-0x00007FF6072C0000-0x00007FF6076B2000-memory.dmp	upx
behavioral2/memory/4988-523-0x00007FF69D1B0000-0x00007FF69D5A2000-memory.dmp	upx
behavioral2/memory/1696-526-0x00007FF7DBF40000-0x00007FF7DC332000-memory.dmp	upx
behavioral2/memory/2020-529-0x00007FF779E10000-0x00007FF77A202000-memory.dmp	upx
behavioral2/memory/1808-531-0x00007FF671210000-0x00007FF671602000-memory.dmp	upx
behavioral2/memory/2204-530-0x00007FF73D140000-0x00007FF73D532000-memory.dmp	upx
behavioral2/memory/4004-528-0x00007FF6C1A60000-0x00007FF6C1E52000-memory.dmp	upx
behavioral2/memory/1980-527-0x00007FF765EB0000-0x00007FF7662A2000-memory.dmp	upx
behavioral2/memory/4876-524-0x00007FF758650000-0x00007FF758A42000-memory.dmp	upx
behavioral2/memory/1032-522-0x00007FF7A16A0000-0x00007FF7A1A92000-memory.dmp	upx
behavioral2/memory/1544-521-0x00007FF6E3A70000-0x00007FF6E3E62000-memory.dmp	upx
behavioral2/memory/3000-519-0x00007FF6B0660000-0x00007FF6B0A52000-memory.dmp	upx
behavioral2/memory/4336-330-0x00007FF7F6990000-0x00007FF7F6D82000-memory.dmp	upx
behavioral2/memory/512-253-0x00007FF6F35F0000-0x00007FF6F39E2000-memory.dmp	upx
behavioral2/files/0x0007000000023472-206.dat	upx
behavioral2/files/0x0007000000023458-204.dat	upx
behavioral2/files/0x0007000000023471-203.dat	upx
behavioral2/files/0x000700000002346f-200.dat	upx
behavioral2/memory/872-199-0x00007FF7E82C0000-0x00007FF7E86B2000-memory.dmp	upx
behavioral2/files/0x000700000002346b-190.dat	upx
behavioral2/files/0x0007000000023453-184.dat	upx
behavioral2/files/0x000700000002346a-178.dat	upx
behavioral2/files/0x0007000000023469-176.dat	upx
behavioral2/files/0x0007000000023468-162.dat	upx
behavioral2/files/0x0007000000023467-161.dat	upx
behavioral2/files/0x0007000000023466-160.dat	upx
behavioral2/files/0x0007000000023465-159.dat	upx
behavioral2/files/0x0007000000023464-158.dat	upx
behavioral2/files/0x0007000000023463-150.dat	upx
behavioral2/files/0x0007000000023462-149.dat	upx
behavioral2/files/0x0007000000023454-148.dat	upx
behavioral2/files/0x0007000000023461-147.dat	upx
behavioral2/files/0x0007000000023460-146.dat	upx
behavioral2/files/0x000700000002346e-194.dat	upx
behavioral2/files/0x000700000002345f-143.dat	upx
behavioral2/files/0x000700000002346c-191.dat	upx
behavioral2/files/0x000700000002345d-188.dat	upx
behavioral2/files/0x000700000002345e-181.dat	upx
behavioral2/files/0x0007000000023459-124.dat	upx
behavioral2/files/0x0007000000023450-118.dat	upx
behavioral2/files/0x0007000000023455-110.dat	upx
behavioral2/files/0x0007000000023451-103.dat	upx
behavioral2/memory/3116-140-0x00007FF7EBFA0000-0x00007FF7EC392000-memory.dmp	upx
behavioral2/files/0x0007000000023457-134.dat	upx
behavioral2/memory/3576-93-0x00007FF6E9E00000-0x00007FF6EA1F2000-memory.dmp	upx
behavioral2/files/0x000700000002345c-92.dat	upx
behavioral2/files/0x000700000002345a-127.dat	upx
behavioral2/files/0x000700000002344f-96.dat	upx
behavioral2/files/0x000700000002344d-76.dat	upx
behavioral2/memory/2488-73-0x00007FF798560000-0x00007FF798952000-memory.dmp	upx
behavioral2/files/0x0007000000023456-68.dat	upx
behavioral2/files/0x000700000002345b-88.dat	upx
behavioral2/files/0x0007000000023452-64.dat	upx
behavioral2/files/0x000700000002344e-57.dat	upx
behavioral2/memory/4300-53-0x00007FF7EABB0000-0x00007FF7EAFA2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JxANETn.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\BeZAaeX.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\gnMqjWP.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\AvyiaXF.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\vkVkeIm.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\wMiGNrM.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\baexJff.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\wNVbPXb.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\mZDfSrb.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\qGHLLbc.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\QaQQRPZ.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\hXXFLAQ.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\HPWDXgr.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\XDzWBXk.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\rpaopta.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\LqLAeeB.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\JmYScUa.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\hERXuYr.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\VUcklXd.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\fFQqnZk.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\pNoMXfn.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\ezubKxX.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\TUuAlVZ.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\tWEbCnf.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\ZcjxHNh.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\SaoiyVH.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\cMxCpKT.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\IxwyZGH.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\QLqTHKF.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\fDtmNOm.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\RlQDTwo.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\KIRcgaM.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\xNCxqRY.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\UTTekup.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\IUAnlME.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\HRMYKDG.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\geJFgFM.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\HSbyYIz.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\gHUWTAy.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\EDxhZFC.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\qDdFnPl.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\NFKgWeB.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\XpVvOuh.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\IRsKZvC.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\sfuMLei.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\pXdxhwd.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\GyCJKEm.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\FgmqlCN.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\LnMNdES.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\iptmTpM.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\KmvSnMZ.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\pqLEUZJ.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\ECkwuaC.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\pdNVbxT.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\oiUrJiN.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\ZQdRqSj.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\jQiugTF.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\bLptdxW.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\fSzSjWk.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\qqgrOcP.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\xmAJXKn.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\CZLDkws.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\OxwYMjw.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
File created	C:\Windows\System\pOSOERK.exe	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5068	powershell.exe
5068	powershell.exe
5068	powershell.exe
5068	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	5068	powershell.exe
Token: SeLockMemoryPrivilege	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
12036	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 5068	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	84
PID 1452 wrote to memory of 5068	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	84
PID 1452 wrote to memory of 2480	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	85
PID 1452 wrote to memory of 2480	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	85
PID 1452 wrote to memory of 1980	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	86
PID 1452 wrote to memory of 1980	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	86
PID 1452 wrote to memory of 1696	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	87
PID 1452 wrote to memory of 1696	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	87
PID 1452 wrote to memory of 3060	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	88
PID 1452 wrote to memory of 3060	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	88
PID 1452 wrote to memory of 4300	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	89
PID 1452 wrote to memory of 4300	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	89
PID 1452 wrote to memory of 4004	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	90
PID 1452 wrote to memory of 4004	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	90
PID 1452 wrote to memory of 2488	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	91
PID 1452 wrote to memory of 2488	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	91
PID 1452 wrote to memory of 3576	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	92
PID 1452 wrote to memory of 3576	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	92
PID 1452 wrote to memory of 3116	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	93
PID 1452 wrote to memory of 3116	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	93
PID 1452 wrote to memory of 512	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	94
PID 1452 wrote to memory of 512	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	94
PID 1452 wrote to memory of 872	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	95
PID 1452 wrote to memory of 872	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	95
PID 1452 wrote to memory of 2020	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	96
PID 1452 wrote to memory of 2020	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	96
PID 1452 wrote to memory of 4336	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	97
PID 1452 wrote to memory of 4336	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	97
PID 1452 wrote to memory of 3820	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	98
PID 1452 wrote to memory of 3820	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	98
PID 1452 wrote to memory of 4080	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	99
PID 1452 wrote to memory of 4080	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	99
PID 1452 wrote to memory of 2204	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	100
PID 1452 wrote to memory of 2204	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	100
PID 1452 wrote to memory of 4820	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	101
PID 1452 wrote to memory of 4820	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	101
PID 1452 wrote to memory of 3000	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	102
PID 1452 wrote to memory of 3000	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	102
PID 1452 wrote to memory of 4048	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	103
PID 1452 wrote to memory of 4048	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	103
PID 1452 wrote to memory of 1544	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	104
PID 1452 wrote to memory of 1544	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	104
PID 1452 wrote to memory of 1032	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	105
PID 1452 wrote to memory of 1032	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	105
PID 1452 wrote to memory of 4988	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	106
PID 1452 wrote to memory of 4988	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	106
PID 1452 wrote to memory of 4876	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	107
PID 1452 wrote to memory of 4876	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	107
PID 1452 wrote to memory of 1808	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	108
PID 1452 wrote to memory of 1808	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	108
PID 1452 wrote to memory of 5048	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	109
PID 1452 wrote to memory of 5048	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	109
PID 1452 wrote to memory of 5084	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	110
PID 1452 wrote to memory of 5084	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	110
PID 1452 wrote to memory of 3752	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	111
PID 1452 wrote to memory of 3752	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	111
PID 1452 wrote to memory of 2420	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	112
PID 1452 wrote to memory of 2420	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	112
PID 1452 wrote to memory of 908	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	113
PID 1452 wrote to memory of 908	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	113
PID 1452 wrote to memory of 2712	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	114
PID 1452 wrote to memory of 2712	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	114
PID 1452 wrote to memory of 2320	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	115
PID 1452 wrote to memory of 2320	1452	1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b38a54ec0159ff13e518375be2fab80_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5068
- C:\Windows\System\pRTrOgG.exe
  C:\Windows\System\pRTrOgG.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\jBuhFPG.exe
  C:\Windows\System\jBuhFPG.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\AwujMCh.exe
  C:\Windows\System\AwujMCh.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\LyuUnvv.exe
  C:\Windows\System\LyuUnvv.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\urmeYXk.exe
  C:\Windows\System\urmeYXk.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\sUhDjpV.exe
  C:\Windows\System\sUhDjpV.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\GMtinwK.exe
  C:\Windows\System\GMtinwK.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\EMTnfZd.exe
  C:\Windows\System\EMTnfZd.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\rcGlqvF.exe
  C:\Windows\System\rcGlqvF.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\SVJAAkJ.exe
  C:\Windows\System\SVJAAkJ.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\DRAykQE.exe
  C:\Windows\System\DRAykQE.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\MAGBpih.exe
  C:\Windows\System\MAGBpih.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\UeFAfyf.exe
  C:\Windows\System\UeFAfyf.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\rRAjEGS.exe
  C:\Windows\System\rRAjEGS.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\uEMqfEL.exe
  C:\Windows\System\uEMqfEL.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\KjlARQW.exe
  C:\Windows\System\KjlARQW.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\LespJiJ.exe
  C:\Windows\System\LespJiJ.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\nGzJigL.exe
  C:\Windows\System\nGzJigL.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\DbUuumF.exe
  C:\Windows\System\DbUuumF.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\JMsUTgU.exe
  C:\Windows\System\JMsUTgU.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\LLzTXWX.exe
  C:\Windows\System\LLzTXWX.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\MuSCMpp.exe
  C:\Windows\System\MuSCMpp.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\RSisIun.exe
  C:\Windows\System\RSisIun.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\euhkqHn.exe
  C:\Windows\System\euhkqHn.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\tEFHnhK.exe
  C:\Windows\System\tEFHnhK.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\JmYScUa.exe
  C:\Windows\System\JmYScUa.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\rYzPvUI.exe
  C:\Windows\System\rYzPvUI.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\CDuTKQH.exe
  C:\Windows\System\CDuTKQH.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\xoiCBff.exe
  C:\Windows\System\xoiCBff.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\nITvDVZ.exe
  C:\Windows\System\nITvDVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\HSbyYIz.exe
  C:\Windows\System\HSbyYIz.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\cUsDdRx.exe
  C:\Windows\System\cUsDdRx.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\LPgXUwM.exe
  C:\Windows\System\LPgXUwM.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\QolaWBy.exe
  C:\Windows\System\QolaWBy.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\mleocQy.exe
  C:\Windows\System\mleocQy.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\leyCAuF.exe
  C:\Windows\System\leyCAuF.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\LDNKIsR.exe
  C:\Windows\System\LDNKIsR.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\aTHoKoA.exe
  C:\Windows\System\aTHoKoA.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\soFrXtZ.exe
  C:\Windows\System\soFrXtZ.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\fQalQHO.exe
  C:\Windows\System\fQalQHO.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\DKtwmYG.exe
  C:\Windows\System\DKtwmYG.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\pdrHacs.exe
  C:\Windows\System\pdrHacs.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\rLogIrh.exe
  C:\Windows\System\rLogIrh.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\uzwjTvH.exe
  C:\Windows\System\uzwjTvH.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\kziNJVC.exe
  C:\Windows\System\kziNJVC.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\aBTptVf.exe
  C:\Windows\System\aBTptVf.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\KFbMSdY.exe
  C:\Windows\System\KFbMSdY.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\PJwnyEs.exe
  C:\Windows\System\PJwnyEs.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\yopbFKV.exe
  C:\Windows\System\yopbFKV.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\edJuvrx.exe
  C:\Windows\System\edJuvrx.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\cJngjpR.exe
  C:\Windows\System\cJngjpR.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\myIActi.exe
  C:\Windows\System\myIActi.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\ZcjxHNh.exe
  C:\Windows\System\ZcjxHNh.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\jgzWehN.exe
  C:\Windows\System\jgzWehN.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\oQKCuOu.exe
  C:\Windows\System\oQKCuOu.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\jVylmGL.exe
  C:\Windows\System\jVylmGL.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\hneNAvT.exe
  C:\Windows\System\hneNAvT.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\VDryIVR.exe
  C:\Windows\System\VDryIVR.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\LnMNdES.exe
  C:\Windows\System\LnMNdES.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\oLWohZm.exe
  C:\Windows\System\oLWohZm.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\bVdnOzI.exe
  C:\Windows\System\bVdnOzI.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\bPyyvzx.exe
  C:\Windows\System\bPyyvzx.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\RTyjCMD.exe
  C:\Windows\System\RTyjCMD.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\nIhMlkU.exe
  C:\Windows\System\nIhMlkU.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\FPkQgyI.exe
  C:\Windows\System\FPkQgyI.exe
  2⤵
  PID:4532
- C:\Windows\System\nILwnVf.exe
  C:\Windows\System\nILwnVf.exe
  2⤵
  PID:3128
- C:\Windows\System\aUkPhEM.exe
  C:\Windows\System\aUkPhEM.exe
  2⤵
  PID:2136
- C:\Windows\System\DEFAffR.exe
  C:\Windows\System\DEFAffR.exe
  2⤵
  PID:5020
- C:\Windows\System\hHwfPfy.exe
  C:\Windows\System\hHwfPfy.exe
  2⤵
  PID:2456
- C:\Windows\System\TjsbfCk.exe
  C:\Windows\System\TjsbfCk.exe
  2⤵
  PID:1904
- C:\Windows\System\HwkUnSS.exe
  C:\Windows\System\HwkUnSS.exe
  2⤵
  PID:1044
- C:\Windows\System\dfAanyz.exe
  C:\Windows\System\dfAanyz.exe
  2⤵
  PID:4852
- C:\Windows\System\DKMBdcu.exe
  C:\Windows\System\DKMBdcu.exe
  2⤵
  PID:1448
- C:\Windows\System\Lnlplnh.exe
  C:\Windows\System\Lnlplnh.exe
  2⤵
  PID:1076
- C:\Windows\System\fypBboG.exe
  C:\Windows\System\fypBboG.exe
  2⤵
  PID:8
- C:\Windows\System\XXpOWYG.exe
  C:\Windows\System\XXpOWYG.exe
  2⤵
  PID:364
- C:\Windows\System\WaEUoaC.exe
  C:\Windows\System\WaEUoaC.exe
  2⤵
  PID:1412
- C:\Windows\System\Bzuxkzr.exe
  C:\Windows\System\Bzuxkzr.exe
  2⤵
  PID:1096
- C:\Windows\System\ZelOilJ.exe
  C:\Windows\System\ZelOilJ.exe
  2⤵
  PID:1988
- C:\Windows\System\GFzYcoc.exe
  C:\Windows\System\GFzYcoc.exe
  2⤵
  PID:2424
- C:\Windows\System\TuzodmZ.exe
  C:\Windows\System\TuzodmZ.exe
  2⤵
  PID:808
- C:\Windows\System\WPHCLaa.exe
  C:\Windows\System\WPHCLaa.exe
  2⤵
  PID:3292
- C:\Windows\System\inDVPlc.exe
  C:\Windows\System\inDVPlc.exe
  2⤵
  PID:4760
- C:\Windows\System\seiLRew.exe
  C:\Windows\System\seiLRew.exe
  2⤵
  PID:5132
- C:\Windows\System\XIfNgsd.exe
  C:\Windows\System\XIfNgsd.exe
  2⤵
  PID:5184
- C:\Windows\System\wjGwzBC.exe
  C:\Windows\System\wjGwzBC.exe
  2⤵
  PID:5212
- C:\Windows\System\PpLOsFM.exe
  C:\Windows\System\PpLOsFM.exe
  2⤵
  PID:5232
- C:\Windows\System\mbFBTDP.exe
  C:\Windows\System\mbFBTDP.exe
  2⤵
  PID:5256
- C:\Windows\System\DKdriKG.exe
  C:\Windows\System\DKdriKG.exe
  2⤵
  PID:5280
- C:\Windows\System\yIEuHDN.exe
  C:\Windows\System\yIEuHDN.exe
  2⤵
  PID:5332
- C:\Windows\System\uBcppsF.exe
  C:\Windows\System\uBcppsF.exe
  2⤵
  PID:5364
- C:\Windows\System\bJXafak.exe
  C:\Windows\System\bJXafak.exe
  2⤵
  PID:5384
- C:\Windows\System\qPlkbTH.exe
  C:\Windows\System\qPlkbTH.exe
  2⤵
  PID:5404
- C:\Windows\System\LtjkAdi.exe
  C:\Windows\System\LtjkAdi.exe
  2⤵
  PID:5428
- C:\Windows\System\HtVsLjc.exe
  C:\Windows\System\HtVsLjc.exe
  2⤵
  PID:5452
- C:\Windows\System\mMcIJwM.exe
  C:\Windows\System\mMcIJwM.exe
  2⤵
  PID:5472
- C:\Windows\System\akZhKVe.exe
  C:\Windows\System\akZhKVe.exe
  2⤵
  PID:5492
- C:\Windows\System\YCDbRsx.exe
  C:\Windows\System\YCDbRsx.exe
  2⤵
  PID:5512
- C:\Windows\System\UoIKrmv.exe
  C:\Windows\System\UoIKrmv.exe
  2⤵
  PID:5532
- C:\Windows\System\kPRDYSo.exe
  C:\Windows\System\kPRDYSo.exe
  2⤵
  PID:5556
- C:\Windows\System\HohUiTO.exe
  C:\Windows\System\HohUiTO.exe
  2⤵
  PID:5572
- C:\Windows\System\QsueKib.exe
  C:\Windows\System\QsueKib.exe
  2⤵
  PID:5604
- C:\Windows\System\aEBBxhc.exe
  C:\Windows\System\aEBBxhc.exe
  2⤵
  PID:5632
- C:\Windows\System\UubGEwS.exe
  C:\Windows\System\UubGEwS.exe
  2⤵
  PID:5656
- C:\Windows\System\MVMgkDt.exe
  C:\Windows\System\MVMgkDt.exe
  2⤵
  PID:5676
- C:\Windows\System\xNCxqRY.exe
  C:\Windows\System\xNCxqRY.exe
  2⤵
  PID:5700
- C:\Windows\System\UyUfaCz.exe
  C:\Windows\System\UyUfaCz.exe
  2⤵
  PID:5736
- C:\Windows\System\bTtrCbv.exe
  C:\Windows\System\bTtrCbv.exe
  2⤵
  PID:5776
- C:\Windows\System\aDCYXSj.exe
  C:\Windows\System\aDCYXSj.exe
  2⤵
  PID:5796
- C:\Windows\System\BDzbDzf.exe
  C:\Windows\System\BDzbDzf.exe
  2⤵
  PID:5812
- C:\Windows\System\MhUiOSi.exe
  C:\Windows\System\MhUiOSi.exe
  2⤵
  PID:5840
- C:\Windows\System\gQBwcQO.exe
  C:\Windows\System\gQBwcQO.exe
  2⤵
  PID:5864
- C:\Windows\System\iUnbeum.exe
  C:\Windows\System\iUnbeum.exe
  2⤵
  PID:5884
- C:\Windows\System\pOSOERK.exe
  C:\Windows\System\pOSOERK.exe
  2⤵
  PID:5904
- C:\Windows\System\ERjShRy.exe
  C:\Windows\System\ERjShRy.exe
  2⤵
  PID:5924
- C:\Windows\System\wGKttGu.exe
  C:\Windows\System\wGKttGu.exe
  2⤵
  PID:5940
- C:\Windows\System\wbRYCOb.exe
  C:\Windows\System\wbRYCOb.exe
  2⤵
  PID:5964
- C:\Windows\System\TsjpVtw.exe
  C:\Windows\System\TsjpVtw.exe
  2⤵
  PID:6004
- C:\Windows\System\PoELEHd.exe
  C:\Windows\System\PoELEHd.exe
  2⤵
  PID:6024
- C:\Windows\System\TSrlAuJ.exe
  C:\Windows\System\TSrlAuJ.exe
  2⤵
  PID:6040
- C:\Windows\System\kdPUReL.exe
  C:\Windows\System\kdPUReL.exe
  2⤵
  PID:6064
- C:\Windows\System\sHauSnY.exe
  C:\Windows\System\sHauSnY.exe
  2⤵
  PID:6084
- C:\Windows\System\INUIvvu.exe
  C:\Windows\System\INUIvvu.exe
  2⤵
  PID:6120
- C:\Windows\System\SCUzIRJ.exe
  C:\Windows\System\SCUzIRJ.exe
  2⤵
  PID:3604
- C:\Windows\System\RYxImYe.exe
  C:\Windows\System\RYxImYe.exe
  2⤵
  PID:1468
- C:\Windows\System\ARzmNNE.exe
  C:\Windows\System\ARzmNNE.exe
  2⤵
  PID:4996
- C:\Windows\System\UNnnBgA.exe
  C:\Windows\System\UNnnBgA.exe
  2⤵
  PID:4640
- C:\Windows\System\TJAFAOj.exe
  C:\Windows\System\TJAFAOj.exe
  2⤵
  PID:2400
- C:\Windows\System\TvJjGSe.exe
  C:\Windows\System\TvJjGSe.exe
  2⤵
  PID:1304
- C:\Windows\System\TiVEAdk.exe
  C:\Windows\System\TiVEAdk.exe
  2⤵
  PID:812
- C:\Windows\System\cbLTlDj.exe
  C:\Windows\System\cbLTlDj.exe
  2⤵
  PID:3692
- C:\Windows\System\xjQOzTR.exe
  C:\Windows\System\xjQOzTR.exe
  2⤵
  PID:3436
- C:\Windows\System\zevBhID.exe
  C:\Windows\System\zevBhID.exe
  2⤵
  PID:5288
- C:\Windows\System\hXXFLAQ.exe
  C:\Windows\System\hXXFLAQ.exe
  2⤵
  PID:4100
- C:\Windows\System\iptmTpM.exe
  C:\Windows\System\iptmTpM.exe
  2⤵
  PID:1780
- C:\Windows\System\qsKFsUM.exe
  C:\Windows\System\qsKFsUM.exe
  2⤵
  PID:5552
- C:\Windows\System\iylURNI.exe
  C:\Windows\System\iylURNI.exe
  2⤵
  PID:5648
- C:\Windows\System\tRSGdXp.exe
  C:\Windows\System\tRSGdXp.exe
  2⤵
  PID:5672
- C:\Windows\System\OXkllNX.exe
  C:\Windows\System\OXkllNX.exe
  2⤵
  PID:5712
- C:\Windows\System\BLvdvKk.exe
  C:\Windows\System\BLvdvKk.exe
  2⤵
  PID:4372
- C:\Windows\System\gmlpixg.exe
  C:\Windows\System\gmlpixg.exe
  2⤵
  PID:5124
- C:\Windows\System\GeYatDl.exe
  C:\Windows\System\GeYatDl.exe
  2⤵
  PID:2996
- C:\Windows\System\ikYJFGc.exe
  C:\Windows\System\ikYJFGc.exe
  2⤵
  PID:1212
- C:\Windows\System\qLCZxat.exe
  C:\Windows\System\qLCZxat.exe
  2⤵
  PID:5804
- C:\Windows\System\ylVJKJj.exe
  C:\Windows\System\ylVJKJj.exe
  2⤵
  PID:6148
- C:\Windows\System\BEpQNRI.exe
  C:\Windows\System\BEpQNRI.exe
  2⤵
  PID:6180
- C:\Windows\System\uvwuqdr.exe
  C:\Windows\System\uvwuqdr.exe
  2⤵
  PID:6200
- C:\Windows\System\xKLJOXo.exe
  C:\Windows\System\xKLJOXo.exe
  2⤵
  PID:6224
- C:\Windows\System\fhAVqgX.exe
  C:\Windows\System\fhAVqgX.exe
  2⤵
  PID:6248
- C:\Windows\System\WtRsStV.exe
  C:\Windows\System\WtRsStV.exe
  2⤵
  PID:6264
- C:\Windows\System\cNKCAbS.exe
  C:\Windows\System\cNKCAbS.exe
  2⤵
  PID:6280
- C:\Windows\System\HAjadYD.exe
  C:\Windows\System\HAjadYD.exe
  2⤵
  PID:6300
- C:\Windows\System\TVUMivE.exe
  C:\Windows\System\TVUMivE.exe
  2⤵
  PID:6324
- C:\Windows\System\nqqfJwf.exe
  C:\Windows\System\nqqfJwf.exe
  2⤵
  PID:6344
- C:\Windows\System\ZtjUVGp.exe
  C:\Windows\System\ZtjUVGp.exe
  2⤵
  PID:6364
- C:\Windows\System\aZaYcbu.exe
  C:\Windows\System\aZaYcbu.exe
  2⤵
  PID:6400
- C:\Windows\System\HCJDbxP.exe
  C:\Windows\System\HCJDbxP.exe
  2⤵
  PID:6432
- C:\Windows\System\RwCQwqc.exe
  C:\Windows\System\RwCQwqc.exe
  2⤵
  PID:6452
- C:\Windows\System\Azphlvr.exe
  C:\Windows\System\Azphlvr.exe
  2⤵
  PID:6468
- C:\Windows\System\gohCCta.exe
  C:\Windows\System\gohCCta.exe
  2⤵
  PID:6496
- C:\Windows\System\PPqSUZo.exe
  C:\Windows\System\PPqSUZo.exe
  2⤵
  PID:6540
- C:\Windows\System\MLtRrMT.exe
  C:\Windows\System\MLtRrMT.exe
  2⤵
  PID:6560
- C:\Windows\System\PvglUCk.exe
  C:\Windows\System\PvglUCk.exe
  2⤵
  PID:6584
- C:\Windows\System\eRzKZGs.exe
  C:\Windows\System\eRzKZGs.exe
  2⤵
  PID:6600
- C:\Windows\System\ktOTHPP.exe
  C:\Windows\System\ktOTHPP.exe
  2⤵
  PID:6628
- C:\Windows\System\NMEhmHT.exe
  C:\Windows\System\NMEhmHT.exe
  2⤵
  PID:6656
- C:\Windows\System\eGYSvFA.exe
  C:\Windows\System\eGYSvFA.exe
  2⤵
  PID:6672
- C:\Windows\System\FPqMirN.exe
  C:\Windows\System\FPqMirN.exe
  2⤵
  PID:6688
- C:\Windows\System\HWfKpyt.exe
  C:\Windows\System\HWfKpyt.exe
  2⤵
  PID:6708
- C:\Windows\System\AxmSwwb.exe
  C:\Windows\System\AxmSwwb.exe
  2⤵
  PID:6728
- C:\Windows\System\dZZjjqH.exe
  C:\Windows\System\dZZjjqH.exe
  2⤵
  PID:6748
- C:\Windows\System\xMdyOeL.exe
  C:\Windows\System\xMdyOeL.exe
  2⤵
  PID:6940
- C:\Windows\System\InbbuZu.exe
  C:\Windows\System\InbbuZu.exe
  2⤵
  PID:6964
- C:\Windows\System\DneTdaP.exe
  C:\Windows\System\DneTdaP.exe
  2⤵
  PID:6984
- C:\Windows\System\RfbHheW.exe
  C:\Windows\System\RfbHheW.exe
  2⤵
  PID:7004
- C:\Windows\System\HUWVUIj.exe
  C:\Windows\System\HUWVUIj.exe
  2⤵
  PID:7020
- C:\Windows\System\YtEhXJE.exe
  C:\Windows\System\YtEhXJE.exe
  2⤵
  PID:7044
- C:\Windows\System\kKYWsha.exe
  C:\Windows\System\kKYWsha.exe
  2⤵
  PID:7064
- C:\Windows\System\DxVVSOm.exe
  C:\Windows\System\DxVVSOm.exe
  2⤵
  PID:7084
- C:\Windows\System\vReYLPD.exe
  C:\Windows\System\vReYLPD.exe
  2⤵
  PID:7100
- C:\Windows\System\eOVsTpY.exe
  C:\Windows\System\eOVsTpY.exe
  2⤵
  PID:7124
- C:\Windows\System\wWFusFv.exe
  C:\Windows\System\wWFusFv.exe
  2⤵
  PID:7140
- C:\Windows\System\lZZyiTu.exe
  C:\Windows\System\lZZyiTu.exe
  2⤵
  PID:7164
- C:\Windows\System\UTlZfZB.exe
  C:\Windows\System\UTlZfZB.exe
  2⤵
  PID:5316
- C:\Windows\System\ANklzBf.exe
  C:\Windows\System\ANklzBf.exe
  2⤵
  PID:5348
- C:\Windows\System\TfXbzmB.exe
  C:\Windows\System\TfXbzmB.exe
  2⤵
  PID:3756
- C:\Windows\System\tcBvmkZ.exe
  C:\Windows\System\tcBvmkZ.exe
  2⤵
  PID:1020
- C:\Windows\System\bXRAfpC.exe
  C:\Windows\System\bXRAfpC.exe
  2⤵
  PID:5612
- C:\Windows\System\aDNlzKv.exe
  C:\Windows\System\aDNlzKv.exe
  2⤵
  PID:2580
- C:\Windows\System\sEQlEfB.exe
  C:\Windows\System\sEQlEfB.exe
  2⤵
  PID:1920
- C:\Windows\System\wRndrbT.exe
  C:\Windows\System\wRndrbT.exe
  2⤵
  PID:5248
- C:\Windows\System\bfXXtlN.exe
  C:\Windows\System\bfXXtlN.exe
  2⤵
  PID:5436
- C:\Windows\System\jQiugTF.exe
  C:\Windows\System\jQiugTF.exe
  2⤵
  PID:5668
- C:\Windows\System\TzIQXuM.exe
  C:\Windows\System\TzIQXuM.exe
  2⤵
  PID:5788
- C:\Windows\System\DpEEngx.exe
  C:\Windows\System\DpEEngx.exe
  2⤵
  PID:5292
- C:\Windows\System\NMJrIjB.exe
  C:\Windows\System\NMJrIjB.exe
  2⤵
  PID:5360
- C:\Windows\System\VhvIFHy.exe
  C:\Windows\System\VhvIFHy.exe
  2⤵
  PID:5448
- C:\Windows\System\Jtwizcg.exe
  C:\Windows\System\Jtwizcg.exe
  2⤵
  PID:5424
- C:\Windows\System\AbyqATi.exe
  C:\Windows\System\AbyqATi.exe
  2⤵
  PID:5524
- C:\Windows\System\wGVNnrh.exe
  C:\Windows\System\wGVNnrh.exe
  2⤵
  PID:6072
- C:\Windows\System\WLWeASK.exe
  C:\Windows\System\WLWeASK.exe
  2⤵
  PID:4292
- C:\Windows\System\mTpkmJX.exe
  C:\Windows\System\mTpkmJX.exe
  2⤵
  PID:4520
- C:\Windows\System\VUfNhYT.exe
  C:\Windows\System\VUfNhYT.exe
  2⤵
  PID:5732
- C:\Windows\System\lBcnRkb.exe
  C:\Windows\System\lBcnRkb.exe
  2⤵
  PID:5752
- C:\Windows\System\KmvSnMZ.exe
  C:\Windows\System\KmvSnMZ.exe
  2⤵
  PID:5860
- C:\Windows\System\VTomZzY.exe
  C:\Windows\System\VTomZzY.exe
  2⤵
  PID:5948
- C:\Windows\System\JZPnpqg.exe
  C:\Windows\System\JZPnpqg.exe
  2⤵
  PID:6016
- C:\Windows\System\eIKmxCm.exe
  C:\Windows\System\eIKmxCm.exe
  2⤵
  PID:6092
- C:\Windows\System\PYmBbVt.exe
  C:\Windows\System\PYmBbVt.exe
  2⤵
  PID:6136
- C:\Windows\System\kAbnFZa.exe
  C:\Windows\System\kAbnFZa.exe
  2⤵
  PID:1968
- C:\Windows\System\lDeLcwg.exe
  C:\Windows\System\lDeLcwg.exe
  2⤵
  PID:1648
- C:\Windows\System\zXTOsna.exe
  C:\Windows\System\zXTOsna.exe
  2⤵
  PID:5144
- C:\Windows\System\sGyJKFX.exe
  C:\Windows\System\sGyJKFX.exe
  2⤵
  PID:5624
- C:\Windows\System\LibTWhh.exe
  C:\Windows\System\LibTWhh.exe
  2⤵
  PID:6392
- C:\Windows\System\jvxhMJF.exe
  C:\Windows\System\jvxhMJF.exe
  2⤵
  PID:6568
- C:\Windows\System\TElACzp.exe
  C:\Windows\System\TElACzp.exe
  2⤵
  PID:6272
- C:\Windows\System\xquZRfb.exe
  C:\Windows\System\xquZRfb.exe
  2⤵
  PID:6580
- C:\Windows\System\YwxINCQ.exe
  C:\Windows\System\YwxINCQ.exe
  2⤵
  PID:6704
- C:\Windows\System\UFzzAdz.exe
  C:\Windows\System\UFzzAdz.exe
  2⤵
  PID:7180
- C:\Windows\System\bLptdxW.exe
  C:\Windows\System\bLptdxW.exe
  2⤵
  PID:7204
- C:\Windows\System\UACWVcy.exe
  C:\Windows\System\UACWVcy.exe
  2⤵
  PID:7220
- C:\Windows\System\FttWQWg.exe
  C:\Windows\System\FttWQWg.exe
  2⤵
  PID:7244
- C:\Windows\System\MppNXOq.exe
  C:\Windows\System\MppNXOq.exe
  2⤵
  PID:7268
- C:\Windows\System\SHrJybo.exe
  C:\Windows\System\SHrJybo.exe
  2⤵
  PID:7284
- C:\Windows\System\TvJeqKU.exe
  C:\Windows\System\TvJeqKU.exe
  2⤵
  PID:7308
- C:\Windows\System\kxZYTuF.exe
  C:\Windows\System\kxZYTuF.exe
  2⤵
  PID:7328
- C:\Windows\System\lKBgrcH.exe
  C:\Windows\System\lKBgrcH.exe
  2⤵
  PID:7348
- C:\Windows\System\FUcBdOs.exe
  C:\Windows\System\FUcBdOs.exe
  2⤵
  PID:7368
- C:\Windows\System\UWtaCom.exe
  C:\Windows\System\UWtaCom.exe
  2⤵
  PID:7388
- C:\Windows\System\EkJYKIU.exe
  C:\Windows\System\EkJYKIU.exe
  2⤵
  PID:7412
- C:\Windows\System\gdfiNZq.exe
  C:\Windows\System\gdfiNZq.exe
  2⤵
  PID:7432
- C:\Windows\System\bEJOaYX.exe
  C:\Windows\System\bEJOaYX.exe
  2⤵
  PID:7448
- C:\Windows\System\hERXuYr.exe
  C:\Windows\System\hERXuYr.exe
  2⤵
  PID:7468
- C:\Windows\System\foHRBBR.exe
  C:\Windows\System\foHRBBR.exe
  2⤵
  PID:7492
- C:\Windows\System\GDzbywD.exe
  C:\Windows\System\GDzbywD.exe
  2⤵
  PID:7512
- C:\Windows\System\ynjUpql.exe
  C:\Windows\System\ynjUpql.exe
  2⤵
  PID:7536
- C:\Windows\System\nSdqYmg.exe
  C:\Windows\System\nSdqYmg.exe
  2⤵
  PID:7916
- C:\Windows\System\TJUWgQN.exe
  C:\Windows\System\TJUWgQN.exe
  2⤵
  PID:7932
- C:\Windows\System\TKFSxaT.exe
  C:\Windows\System\TKFSxaT.exe
  2⤵
  PID:7948
- C:\Windows\System\tXpavTT.exe
  C:\Windows\System\tXpavTT.exe
  2⤵
  PID:7964
- C:\Windows\System\cERzIgP.exe
  C:\Windows\System\cERzIgP.exe
  2⤵
  PID:7980
- C:\Windows\System\bqvzZSJ.exe
  C:\Windows\System\bqvzZSJ.exe
  2⤵
  PID:7996
- C:\Windows\System\vcHAkpt.exe
  C:\Windows\System\vcHAkpt.exe
  2⤵
  PID:8012
- C:\Windows\System\pgOaFkt.exe
  C:\Windows\System\pgOaFkt.exe
  2⤵
  PID:8028
- C:\Windows\System\thOEfhM.exe
  C:\Windows\System\thOEfhM.exe
  2⤵
  PID:8044
- C:\Windows\System\zNDmXZQ.exe
  C:\Windows\System\zNDmXZQ.exe
  2⤵
  PID:8072
- C:\Windows\System\FgBhpCT.exe
  C:\Windows\System\FgBhpCT.exe
  2⤵
  PID:8092
- C:\Windows\System\YjUVpkR.exe
  C:\Windows\System\YjUVpkR.exe
  2⤵
  PID:8116
- C:\Windows\System\vrfYEfx.exe
  C:\Windows\System\vrfYEfx.exe
  2⤵
  PID:8136
- C:\Windows\System\vCMZKny.exe
  C:\Windows\System\vCMZKny.exe
  2⤵
  PID:8160
- C:\Windows\System\fSzSjWk.exe
  C:\Windows\System\fSzSjWk.exe
  2⤵
  PID:8176
- C:\Windows\System\VdqYDwE.exe
  C:\Windows\System\VdqYDwE.exe
  2⤵
  PID:2524
- C:\Windows\System\bhvOSKj.exe
  C:\Windows\System\bhvOSKj.exe
  2⤵
  PID:6164
- C:\Windows\System\NxQXSVP.exe
  C:\Windows\System\NxQXSVP.exe
  2⤵
  PID:5588
- C:\Windows\System\XTOpmOH.exe
  C:\Windows\System\XTOpmOH.exe
  2⤵
  PID:6312
- C:\Windows\System\HoQCTmS.exe
  C:\Windows\System\HoQCTmS.exe
  2⤵
  PID:1372
- C:\Windows\System\KopGGfO.exe
  C:\Windows\System\KopGGfO.exe
  2⤵
  PID:5912
- C:\Windows\System\DwUdIJn.exe
  C:\Windows\System\DwUdIJn.exe
  2⤵
  PID:5596
- C:\Windows\System\mQxBjWe.exe
  C:\Windows\System\mQxBjWe.exe
  2⤵
  PID:6480
- C:\Windows\System\QquHFiy.exe
  C:\Windows\System\QquHFiy.exe
  2⤵
  PID:5828
- C:\Windows\System\cwwAPzp.exe
  C:\Windows\System\cwwAPzp.exe
  2⤵
  PID:6620
- C:\Windows\System\PNJyXZS.exe
  C:\Windows\System\PNJyXZS.exe
  2⤵
  PID:6696
- C:\Windows\System\fXWlUwy.exe
  C:\Windows\System\fXWlUwy.exe
  2⤵
  PID:7444
- C:\Windows\System\hDWekJo.exe
  C:\Windows\System\hDWekJo.exe
  2⤵
  PID:7532
- C:\Windows\System\cuBSjii.exe
  C:\Windows\System\cuBSjii.exe
  2⤵
  PID:6160
- C:\Windows\System\XEgTJMk.exe
  C:\Windows\System\XEgTJMk.exe
  2⤵
  PID:1668
- C:\Windows\System\pfsGzQe.exe
  C:\Windows\System\pfsGzQe.exe
  2⤵
  PID:4072
- C:\Windows\System\DhxoGZQ.exe
  C:\Windows\System\DhxoGZQ.exe
  2⤵
  PID:5064
- C:\Windows\System\NFKgWeB.exe
  C:\Windows\System\NFKgWeB.exe
  2⤵
  PID:5264
- C:\Windows\System\eOgEKDV.exe
  C:\Windows\System\eOgEKDV.exe
  2⤵
  PID:5544
- C:\Windows\System\zbdfYWR.exe
  C:\Windows\System\zbdfYWR.exe
  2⤵
  PID:7728
- C:\Windows\System\GFTIejO.exe
  C:\Windows\System\GFTIejO.exe
  2⤵
  PID:8200
- C:\Windows\System\uueXhsF.exe
  C:\Windows\System\uueXhsF.exe
  2⤵
  PID:8228
- C:\Windows\System\vICqDsb.exe
  C:\Windows\System\vICqDsb.exe
  2⤵
  PID:8244
- C:\Windows\System\FalRrgl.exe
  C:\Windows\System\FalRrgl.exe
  2⤵
  PID:8268
- C:\Windows\System\QGzVlQY.exe
  C:\Windows\System\QGzVlQY.exe
  2⤵
  PID:8284
- C:\Windows\System\pLJSxYn.exe
  C:\Windows\System\pLJSxYn.exe
  2⤵
  PID:8308
- C:\Windows\System\FINwpxq.exe
  C:\Windows\System\FINwpxq.exe
  2⤵
  PID:8328
- C:\Windows\System\UTTekup.exe
  C:\Windows\System\UTTekup.exe
  2⤵
  PID:8344
- C:\Windows\System\XIdvFMK.exe
  C:\Windows\System\XIdvFMK.exe
  2⤵
  PID:8368
- C:\Windows\System\tJLEMjv.exe
  C:\Windows\System\tJLEMjv.exe
  2⤵
  PID:8392
- C:\Windows\System\SRFyvew.exe
  C:\Windows\System\SRFyvew.exe
  2⤵
  PID:8408
- C:\Windows\System\AtzTUyR.exe
  C:\Windows\System\AtzTUyR.exe
  2⤵
  PID:8440
- C:\Windows\System\DWHEHSO.exe
  C:\Windows\System\DWHEHSO.exe
  2⤵
  PID:8460
- C:\Windows\System\SaoiyVH.exe
  C:\Windows\System\SaoiyVH.exe
  2⤵
  PID:8480
- C:\Windows\System\MTyrJCo.exe
  C:\Windows\System\MTyrJCo.exe
  2⤵
  PID:8536
- C:\Windows\System\qqgrOcP.exe
  C:\Windows\System\qqgrOcP.exe
  2⤵
  PID:8552
- C:\Windows\System\ppDMseE.exe
  C:\Windows\System\ppDMseE.exe
  2⤵
  PID:8568
- C:\Windows\System\UpEocJp.exe
  C:\Windows\System\UpEocJp.exe
  2⤵
  PID:8584
- C:\Windows\System\cuebRyR.exe
  C:\Windows\System\cuebRyR.exe
  2⤵
  PID:8600
- C:\Windows\System\YYsUMzS.exe
  C:\Windows\System\YYsUMzS.exe
  2⤵
  PID:8616
- C:\Windows\System\ydwKKli.exe
  C:\Windows\System\ydwKKli.exe
  2⤵
  PID:8632
- C:\Windows\System\hWsGrQw.exe
  C:\Windows\System\hWsGrQw.exe
  2⤵
  PID:8684
- C:\Windows\System\NLFVvYz.exe
  C:\Windows\System\NLFVvYz.exe
  2⤵
  PID:8708
- C:\Windows\System\NWsUYUY.exe
  C:\Windows\System\NWsUYUY.exe
  2⤵
  PID:8732
- C:\Windows\System\MxGlpmQ.exe
  C:\Windows\System\MxGlpmQ.exe
  2⤵
  PID:8756
- C:\Windows\System\YwWPwqF.exe
  C:\Windows\System\YwWPwqF.exe
  2⤵
  PID:8772
- C:\Windows\System\bzlQTbe.exe
  C:\Windows\System\bzlQTbe.exe
  2⤵
  PID:8816
- C:\Windows\System\sFutfPJ.exe
  C:\Windows\System\sFutfPJ.exe
  2⤵
  PID:8836
- C:\Windows\System\JotsQFg.exe
  C:\Windows\System\JotsQFg.exe
  2⤵
  PID:8852
- C:\Windows\System\JGpeMoG.exe
  C:\Windows\System\JGpeMoG.exe
  2⤵
  PID:8876
- C:\Windows\System\VxhUThY.exe
  C:\Windows\System\VxhUThY.exe
  2⤵
  PID:8892
- C:\Windows\System\crXTsBU.exe
  C:\Windows\System\crXTsBU.exe
  2⤵
  PID:8916
- C:\Windows\System\fJYhPTW.exe
  C:\Windows\System\fJYhPTW.exe
  2⤵
  PID:8940
- C:\Windows\System\ikAudnj.exe
  C:\Windows\System\ikAudnj.exe
  2⤵
  PID:8956
- C:\Windows\System\zCHMwtf.exe
  C:\Windows\System\zCHMwtf.exe
  2⤵
  PID:8980
- C:\Windows\System\HnCgdOA.exe
  C:\Windows\System\HnCgdOA.exe
  2⤵
  PID:9004
- C:\Windows\System\NStyakM.exe
  C:\Windows\System\NStyakM.exe
  2⤵
  PID:9028
- C:\Windows\System\IXMVUrU.exe
  C:\Windows\System\IXMVUrU.exe
  2⤵
  PID:9044
- C:\Windows\System\FeYFvQZ.exe
  C:\Windows\System\FeYFvQZ.exe
  2⤵
  PID:9072
- C:\Windows\System\LgxhfFG.exe
  C:\Windows\System\LgxhfFG.exe
  2⤵
  PID:9088
- C:\Windows\System\ZbUWFWo.exe
  C:\Windows\System\ZbUWFWo.exe
  2⤵
  PID:9116
- C:\Windows\System\MaijCdf.exe
  C:\Windows\System\MaijCdf.exe
  2⤵
  PID:9136
- C:\Windows\System\ytmTXeC.exe
  C:\Windows\System\ytmTXeC.exe
  2⤵
  PID:9152
- C:\Windows\System\sUHLztB.exe
  C:\Windows\System\sUHLztB.exe
  2⤵
  PID:9168
- C:\Windows\System\hxSDSLD.exe
  C:\Windows\System\hxSDSLD.exe
  2⤵
  PID:9184
- C:\Windows\System\ljKFcML.exe
  C:\Windows\System\ljKFcML.exe
  2⤵
  PID:9204
- C:\Windows\System\FYHvpDu.exe
  C:\Windows\System\FYHvpDu.exe
  2⤵
  PID:3648
- C:\Windows\System\gChoshE.exe
  C:\Windows\System\gChoshE.exe
  2⤵
  PID:6428
- C:\Windows\System\rUqaAAW.exe
  C:\Windows\System\rUqaAAW.exe
  2⤵
  PID:7292
- C:\Windows\System\yQrqQKf.exe
  C:\Windows\System\yQrqQKf.exe
  2⤵
  PID:7384
- C:\Windows\System\LRWnbFJ.exe
  C:\Windows\System\LRWnbFJ.exe
  2⤵
  PID:7424
- C:\Windows\System\dqEbdqS.exe
  C:\Windows\System\dqEbdqS.exe
  2⤵
  PID:7488
- C:\Windows\System\sSqNelJ.exe
  C:\Windows\System\sSqNelJ.exe
  2⤵
  PID:7876
- C:\Windows\System\bauobSD.exe
  C:\Windows\System\bauobSD.exe
  2⤵
  PID:6952
- C:\Windows\System\HWBcsdJ.exe
  C:\Windows\System\HWBcsdJ.exe
  2⤵
  PID:6996
- C:\Windows\System\dFtWkJn.exe
  C:\Windows\System\dFtWkJn.exe
  2⤵
  PID:7036
- C:\Windows\System\XkLTEMj.exe
  C:\Windows\System\XkLTEMj.exe
  2⤵
  PID:7080
- C:\Windows\System\dzMxjej.exe
  C:\Windows\System\dzMxjej.exe
  2⤵
  PID:7132
- C:\Windows\System\FdBSftl.exe
  C:\Windows\System\FdBSftl.exe
  2⤵
  PID:5312
- C:\Windows\System\YLVDvTQ.exe
  C:\Windows\System\YLVDvTQ.exe
  2⤵
  PID:5320
- C:\Windows\System\rTATMJB.exe
  C:\Windows\System\rTATMJB.exe
  2⤵
  PID:7684
- C:\Windows\System\bEmuzlw.exe
  C:\Windows\System\bEmuzlw.exe
  2⤵
  PID:6332
- C:\Windows\System\lurFzuK.exe
  C:\Windows\System\lurFzuK.exe
  2⤵
  PID:6536
- C:\Windows\System\mjbqgJw.exe
  C:\Windows\System\mjbqgJw.exe
  2⤵
  PID:4964
- C:\Windows\System\XpVvOuh.exe
  C:\Windows\System\XpVvOuh.exe
  2⤵
  PID:6012
- C:\Windows\System\DJVMKiK.exe
  C:\Windows\System\DJVMKiK.exe
  2⤵
  PID:6360
- C:\Windows\System\GwfZcQW.exe
  C:\Windows\System\GwfZcQW.exe
  2⤵
  PID:6056
- C:\Windows\System\pBNzdVx.exe
  C:\Windows\System\pBNzdVx.exe
  2⤵
  PID:6140
- C:\Windows\System\PSVzbUY.exe
  C:\Windows\System\PSVzbUY.exe
  2⤵
  PID:8292
- C:\Windows\System\ezNvlBG.exe
  C:\Windows\System\ezNvlBG.exe
  2⤵
  PID:9224
- C:\Windows\System\qMxwZgZ.exe
  C:\Windows\System\qMxwZgZ.exe
  2⤵
  PID:9244
- C:\Windows\System\Doruhbu.exe
  C:\Windows\System\Doruhbu.exe
  2⤵
  PID:9268
- C:\Windows\System\koVbKOn.exe
  C:\Windows\System\koVbKOn.exe
  2⤵
  PID:9288
- C:\Windows\System\XRbBsfV.exe
  C:\Windows\System\XRbBsfV.exe
  2⤵
  PID:9312
- C:\Windows\System\TySkrPA.exe
  C:\Windows\System\TySkrPA.exe
  2⤵
  PID:9332
- C:\Windows\System\AxFIvUy.exe
  C:\Windows\System\AxFIvUy.exe
  2⤵
  PID:9352
- C:\Windows\System\YygiheQ.exe
  C:\Windows\System\YygiheQ.exe
  2⤵
  PID:9372
- C:\Windows\System\QgTjxUY.exe
  C:\Windows\System\QgTjxUY.exe
  2⤵
  PID:9392
- C:\Windows\System\gSLLepG.exe
  C:\Windows\System\gSLLepG.exe
  2⤵
  PID:9412
- C:\Windows\System\yAyXNnk.exe
  C:\Windows\System\yAyXNnk.exe
  2⤵
  PID:9432
- C:\Windows\System\XcjQIEA.exe
  C:\Windows\System\XcjQIEA.exe
  2⤵
  PID:9456
- C:\Windows\System\sVykOFc.exe
  C:\Windows\System\sVykOFc.exe
  2⤵
  PID:9668
- C:\Windows\System\YuUPNjl.exe
  C:\Windows\System\YuUPNjl.exe
  2⤵
  PID:9684
- C:\Windows\System\XRTQrUn.exe
  C:\Windows\System\XRTQrUn.exe
  2⤵
  PID:9700
- C:\Windows\System\iQXRnYp.exe
  C:\Windows\System\iQXRnYp.exe
  2⤵
  PID:9716
- C:\Windows\System\qKZKypO.exe
  C:\Windows\System\qKZKypO.exe
  2⤵
  PID:9732
- C:\Windows\System\YjUIbkW.exe
  C:\Windows\System\YjUIbkW.exe
  2⤵
  PID:9748
- C:\Windows\System\fdJEKns.exe
  C:\Windows\System\fdJEKns.exe
  2⤵
  PID:9764
- C:\Windows\System\CSAdpmJ.exe
  C:\Windows\System\CSAdpmJ.exe
  2⤵
  PID:9788
- C:\Windows\System\qtONdEp.exe
  C:\Windows\System\qtONdEp.exe
  2⤵
  PID:9812
- C:\Windows\System\GeIXEGi.exe
  C:\Windows\System\GeIXEGi.exe
  2⤵
  PID:9828
- C:\Windows\System\GmmKiwL.exe
  C:\Windows\System\GmmKiwL.exe
  2⤵
  PID:9852
- C:\Windows\System\KCSeQvU.exe
  C:\Windows\System\KCSeQvU.exe
  2⤵
  PID:9868
- C:\Windows\System\UERXjIz.exe
  C:\Windows\System\UERXjIz.exe
  2⤵
  PID:9888
- C:\Windows\System\ByCIRCM.exe
  C:\Windows\System\ByCIRCM.exe
  2⤵
  PID:9916
- C:\Windows\System\aWYfQxL.exe
  C:\Windows\System\aWYfQxL.exe
  2⤵
  PID:9940
- C:\Windows\System\xYxkqpt.exe
  C:\Windows\System\xYxkqpt.exe
  2⤵
  PID:9960
- C:\Windows\System\SijVzRp.exe
  C:\Windows\System\SijVzRp.exe
  2⤵
  PID:9980
- C:\Windows\System\mKsSWas.exe
  C:\Windows\System\mKsSWas.exe
  2⤵
  PID:9996
- C:\Windows\System\TqHJvdh.exe
  C:\Windows\System\TqHJvdh.exe
  2⤵
  PID:10084
- C:\Windows\System\DhrCUbc.exe
  C:\Windows\System\DhrCUbc.exe
  2⤵
  PID:10100
- C:\Windows\System\rtTfoyS.exe
  C:\Windows\System\rtTfoyS.exe
  2⤵
  PID:10124
- C:\Windows\System\IBkyafA.exe
  C:\Windows\System\IBkyafA.exe
  2⤵
  PID:10148
- C:\Windows\System\ninlmAG.exe
  C:\Windows\System\ninlmAG.exe
  2⤵
  PID:10172
- C:\Windows\System\lCZAnxe.exe
  C:\Windows\System\lCZAnxe.exe
  2⤵
  PID:10196
- C:\Windows\System\QDUAbmj.exe
  C:\Windows\System\QDUAbmj.exe
  2⤵
  PID:10220
- C:\Windows\System\eMuaieF.exe
  C:\Windows\System\eMuaieF.exe
  2⤵
  PID:8524
- C:\Windows\System\SpDslLy.exe
  C:\Windows\System\SpDslLy.exe
  2⤵
  PID:2904
- C:\Windows\System\MSgQORo.exe
  C:\Windows\System\MSgQORo.exe
  2⤵
  PID:7644
- C:\Windows\System\aNBEEvd.exe
  C:\Windows\System\aNBEEvd.exe
  2⤵
  PID:8172
- C:\Windows\System\KlxCIoH.exe
  C:\Windows\System\KlxCIoH.exe
  2⤵
  PID:6256
- C:\Windows\System\MzuCbfO.exe
  C:\Windows\System\MzuCbfO.exe
  2⤵
  PID:2704
- C:\Windows\System\cQFiUIl.exe
  C:\Windows\System\cQFiUIl.exe
  2⤵
  PID:8212
- C:\Windows\System\JHRwvuS.exe
  C:\Windows\System\JHRwvuS.exe
  2⤵
  PID:8472
- C:\Windows\System\oFEhUXi.exe
  C:\Windows\System\oFEhUXi.exe
  2⤵
  PID:7928
- C:\Windows\System\cvUeFIN.exe
  C:\Windows\System\cvUeFIN.exe
  2⤵
  PID:7972
- C:\Windows\System\DHZeWoA.exe
  C:\Windows\System\DHZeWoA.exe
  2⤵
  PID:8004
- C:\Windows\System\ioppVNc.exe
  C:\Windows\System\ioppVNc.exe
  2⤵
  PID:8052
- C:\Windows\System\FFLJoNl.exe
  C:\Windows\System\FFLJoNl.exe
  2⤵
  PID:8088
- C:\Windows\System\oJbuByp.exe
  C:\Windows\System\oJbuByp.exe
  2⤵
  PID:8148
- C:\Windows\System\xYuRGoF.exe
  C:\Windows\System\xYuRGoF.exe
  2⤵
  PID:5468
- C:\Windows\System\YBVvLll.exe
  C:\Windows\System\YBVvLll.exe
  2⤵
  PID:4756
- C:\Windows\System\SujCqDZ.exe
  C:\Windows\System\SujCqDZ.exe
  2⤵
  PID:8240
- C:\Windows\System\AWUdtSm.exe
  C:\Windows\System\AWUdtSm.exe
  2⤵
  PID:8304
- C:\Windows\System\VCrxqyT.exe
  C:\Windows\System\VCrxqyT.exe
  2⤵
  PID:8336
- C:\Windows\System\GaLpjmW.exe
  C:\Windows\System\GaLpjmW.exe
  2⤵
  PID:8380
- C:\Windows\System\OINxDRx.exe
  C:\Windows\System\OINxDRx.exe
  2⤵
  PID:8544
- C:\Windows\System\sEfcokD.exe
  C:\Windows\System\sEfcokD.exe
  2⤵
  PID:8624
- C:\Windows\System\nRNqveb.exe
  C:\Windows\System\nRNqveb.exe
  2⤵
  PID:8580
- C:\Windows\System\uyTQPEI.exe
  C:\Windows\System\uyTQPEI.exe
  2⤵
  PID:624
- C:\Windows\System\unpWfll.exe
  C:\Windows\System\unpWfll.exe
  2⤵
  PID:10264
- C:\Windows\System\JfqqtsA.exe
  C:\Windows\System\JfqqtsA.exe
  2⤵
  PID:10288
- C:\Windows\System\FkbDprt.exe
  C:\Windows\System\FkbDprt.exe
  2⤵
  PID:10308
- C:\Windows\System\ayDFMTk.exe
  C:\Windows\System\ayDFMTk.exe
  2⤵
  PID:10328
- C:\Windows\System\pdFbsqo.exe
  C:\Windows\System\pdFbsqo.exe
  2⤵
  PID:10352
- C:\Windows\System\IHDhyoZ.exe
  C:\Windows\System\IHDhyoZ.exe
  2⤵
  PID:10372
- C:\Windows\System\FnzzZqz.exe
  C:\Windows\System\FnzzZqz.exe
  2⤵
  PID:10392
- C:\Windows\System\HabKcTH.exe
  C:\Windows\System\HabKcTH.exe
  2⤵
  PID:10416
- C:\Windows\System\NSEXtKG.exe
  C:\Windows\System\NSEXtKG.exe
  2⤵
  PID:10432
- C:\Windows\System\bQgpIQz.exe
  C:\Windows\System\bQgpIQz.exe
  2⤵
  PID:10448
- C:\Windows\System\gdxXCbD.exe
  C:\Windows\System\gdxXCbD.exe
  2⤵
  PID:10520
- C:\Windows\System\VNQwpgY.exe
  C:\Windows\System\VNQwpgY.exe
  2⤵
  PID:10536
- C:\Windows\System\PTbtPsR.exe
  C:\Windows\System\PTbtPsR.exe
  2⤵
  PID:10552
- C:\Windows\System\RMHqARf.exe
  C:\Windows\System\RMHqARf.exe
  2⤵
  PID:10576
- C:\Windows\System\BeZAaeX.exe
  C:\Windows\System\BeZAaeX.exe
  2⤵
  PID:10604
- C:\Windows\System\yeHYZcr.exe
  C:\Windows\System\yeHYZcr.exe
  2⤵
  PID:10628
- C:\Windows\System\xaDbPCv.exe
  C:\Windows\System\xaDbPCv.exe
  2⤵
  PID:10652
- C:\Windows\System\abcNYTU.exe
  C:\Windows\System\abcNYTU.exe
  2⤵
  PID:10672
- C:\Windows\System\UYufMKq.exe
  C:\Windows\System\UYufMKq.exe
  2⤵
  PID:10692
- C:\Windows\System\rCTzonn.exe
  C:\Windows\System\rCTzonn.exe
  2⤵
  PID:10716
- C:\Windows\System\htXHQIT.exe
  C:\Windows\System\htXHQIT.exe
  2⤵
  PID:10744
- C:\Windows\System\ERhElCo.exe
  C:\Windows\System\ERhElCo.exe
  2⤵
  PID:10776
- C:\Windows\System\MerJsHE.exe
  C:\Windows\System\MerJsHE.exe
  2⤵
  PID:10796
- C:\Windows\System\qwVCHlF.exe
  C:\Windows\System\qwVCHlF.exe
  2⤵
  PID:10820
- C:\Windows\System\GgtMvId.exe
  C:\Windows\System\GgtMvId.exe
  2⤵
  PID:10844
- C:\Windows\System\YDPFACU.exe
  C:\Windows\System\YDPFACU.exe
  2⤵
  PID:10868
- C:\Windows\System\CKuHQNp.exe
  C:\Windows\System\CKuHQNp.exe
  2⤵
  PID:10892
- C:\Windows\System\OWroTSe.exe
  C:\Windows\System\OWroTSe.exe
  2⤵
  PID:10916
- C:\Windows\System\IslfYPR.exe
  C:\Windows\System\IslfYPR.exe
  2⤵
  PID:10940
- C:\Windows\System\TuMiwzb.exe
  C:\Windows\System\TuMiwzb.exe
  2⤵
  PID:10960
- C:\Windows\System\cVXPKce.exe
  C:\Windows\System\cVXPKce.exe
  2⤵
  PID:10984
- C:\Windows\System\cxVigTf.exe
  C:\Windows\System\cxVigTf.exe
  2⤵
  PID:11008
- C:\Windows\System\dtmhapx.exe
  C:\Windows\System\dtmhapx.exe
  2⤵
  PID:11028
- C:\Windows\System\nQRGElC.exe
  C:\Windows\System\nQRGElC.exe
  2⤵
  PID:11048
- C:\Windows\System\oWxXmbW.exe
  C:\Windows\System\oWxXmbW.exe
  2⤵
  PID:11072
- C:\Windows\System\qrbxWzT.exe
  C:\Windows\System\qrbxWzT.exe
  2⤵
  PID:11096
- C:\Windows\System\qZnyWSI.exe
  C:\Windows\System\qZnyWSI.exe
  2⤵
  PID:11120
- C:\Windows\System\OmAWEjb.exe
  C:\Windows\System\OmAWEjb.exe
  2⤵
  PID:11140
- C:\Windows\System\uFMTkKg.exe
  C:\Windows\System\uFMTkKg.exe
  2⤵
  PID:11160
- C:\Windows\System\haxDRIU.exe
  C:\Windows\System\haxDRIU.exe
  2⤵
  PID:11188
- C:\Windows\System\tanBLgT.exe
  C:\Windows\System\tanBLgT.exe
  2⤵
  PID:11216
- C:\Windows\System\cyxptlZ.exe
  C:\Windows\System\cyxptlZ.exe
  2⤵
  PID:11236
- C:\Windows\System\ZOeUSTp.exe
  C:\Windows\System\ZOeUSTp.exe
  2⤵
  PID:11256
- C:\Windows\System\MeWTqon.exe
  C:\Windows\System\MeWTqon.exe
  2⤵
  PID:4832
- C:\Windows\System\KnbrDYE.exe
  C:\Windows\System\KnbrDYE.exe
  2⤵
  PID:8728
- C:\Windows\System\dWHvqgy.exe
  C:\Windows\System\dWHvqgy.exe
  2⤵
  PID:8764
- C:\Windows\System\kAGfxSU.exe
  C:\Windows\System\kAGfxSU.exe
  2⤵
  PID:8832
- C:\Windows\System\OvZwNUm.exe
  C:\Windows\System\OvZwNUm.exe
  2⤵
  PID:8924
- C:\Windows\System\UpgrvPm.exe
  C:\Windows\System\UpgrvPm.exe
  2⤵
  PID:8972
- C:\Windows\System\fwdJIYA.exe
  C:\Windows\System\fwdJIYA.exe
  2⤵
  PID:9024
- C:\Windows\System\kWPxAGt.exe
  C:\Windows\System\kWPxAGt.exe
  2⤵
  PID:9068
- C:\Windows\System\FVxKqPp.exe
  C:\Windows\System\FVxKqPp.exe
  2⤵
  PID:9108
- C:\Windows\System\xOdxpAf.exe
  C:\Windows\System\xOdxpAf.exe
  2⤵
  PID:9132
- C:\Windows\System\eKZxWjZ.exe
  C:\Windows\System\eKZxWjZ.exe
  2⤵
  PID:9164
- C:\Windows\System\mIhUtWW.exe
  C:\Windows\System\mIhUtWW.exe
  2⤵
  PID:9200
- C:\Windows\System\RxyTGoZ.exe
  C:\Windows\System\RxyTGoZ.exe
  2⤵
  PID:1424
- C:\Windows\System\wiSrYEw.exe
  C:\Windows\System\wiSrYEw.exe
  2⤵
  PID:7304
- C:\Windows\System\EBUwqMy.exe
  C:\Windows\System\EBUwqMy.exe
  2⤵
  PID:7464
- C:\Windows\System\xmAJXKn.exe
  C:\Windows\System\xmAJXKn.exe
  2⤵
  PID:6936
- C:\Windows\System\hERVQAw.exe
  C:\Windows\System\hERVQAw.exe
  2⤵
  PID:7028
- C:\Windows\System\ybKrEUo.exe
  C:\Windows\System\ybKrEUo.exe
  2⤵
  PID:7108
- C:\Windows\System\MnqkYno.exe
  C:\Windows\System\MnqkYno.exe
  2⤵
  PID:5340
- C:\Windows\System\ENdiflM.exe
  C:\Windows\System\ENdiflM.exe
  2⤵
  PID:7692
- C:\Windows\System\cMxCpKT.exe
  C:\Windows\System\cMxCpKT.exe
  2⤵
  PID:6276
- C:\Windows\System\dCgXLAT.exe
  C:\Windows\System\dCgXLAT.exe
  2⤵
  PID:6116
- C:\Windows\System\FtEFKFq.exe
  C:\Windows\System\FtEFKFq.exe
  2⤵
  PID:3544
- C:\Windows\System\gnMqjWP.exe
  C:\Windows\System\gnMqjWP.exe
  2⤵
  PID:9260
- C:\Windows\System\oKezZfx.exe
  C:\Windows\System\oKezZfx.exe
  2⤵
  PID:9304
- C:\Windows\System\JAowUVl.exe
  C:\Windows\System\JAowUVl.exe
  2⤵
  PID:9344
- C:\Windows\System\sfmqqAM.exe
  C:\Windows\System\sfmqqAM.exe
  2⤵
  PID:9404
- C:\Windows\System\SuacjcJ.exe
  C:\Windows\System\SuacjcJ.exe
  2⤵
  PID:9448
- C:\Windows\System\FqRZfSH.exe
  C:\Windows\System\FqRZfSH.exe
  2⤵
  PID:7864
- C:\Windows\System\vGHfpnA.exe
  C:\Windows\System\vGHfpnA.exe
  2⤵
  PID:9988
- C:\Windows\System\vfdfDiy.exe
  C:\Windows\System\vfdfDiy.exe
  2⤵
  PID:9388
- C:\Windows\System\eNIugmL.exe
  C:\Windows\System\eNIugmL.exe
  2⤵
  PID:11284
- C:\Windows\System\zypWQVw.exe
  C:\Windows\System\zypWQVw.exe
  2⤵
  PID:11312
- C:\Windows\System\MKaSQKV.exe
  C:\Windows\System\MKaSQKV.exe
  2⤵
  PID:11328
- C:\Windows\System\BhHcbeb.exe
  C:\Windows\System\BhHcbeb.exe
  2⤵
  PID:11352
- C:\Windows\System\EPkJLnh.exe
  C:\Windows\System\EPkJLnh.exe
  2⤵
  PID:11372
- C:\Windows\System\Klfecnn.exe
  C:\Windows\System\Klfecnn.exe
  2⤵
  PID:11396
- C:\Windows\System\VefsnzR.exe
  C:\Windows\System\VefsnzR.exe
  2⤵
  PID:11420
- C:\Windows\System\JYNTQfI.exe
  C:\Windows\System\JYNTQfI.exe
  2⤵
  PID:11440
- C:\Windows\System\fWTUlcL.exe
  C:\Windows\System\fWTUlcL.exe
  2⤵
  PID:11464
- C:\Windows\System\oJONDgG.exe
  C:\Windows\System\oJONDgG.exe
  2⤵
  PID:11484
- C:\Windows\System\VUcklXd.exe
  C:\Windows\System\VUcklXd.exe
  2⤵
  PID:11504
- C:\Windows\System\fPvWQsu.exe
  C:\Windows\System\fPvWQsu.exe
  2⤵
  PID:11524
- C:\Windows\System\NmACpyT.exe
  C:\Windows\System\NmACpyT.exe
  2⤵
  PID:11544
- C:\Windows\System\IxwyZGH.exe
  C:\Windows\System\IxwyZGH.exe
  2⤵
  PID:11564
- C:\Windows\System\iqWwjHY.exe
  C:\Windows\System\iqWwjHY.exe
  2⤵
  PID:11580
- C:\Windows\System\BwuofKI.exe
  C:\Windows\System\BwuofKI.exe
  2⤵
  PID:11604
- C:\Windows\System\XvFbQDH.exe
  C:\Windows\System\XvFbQDH.exe
  2⤵
  PID:11628
- C:\Windows\System\RAqGxpF.exe
  C:\Windows\System\RAqGxpF.exe
  2⤵
  PID:11644
- C:\Windows\System\UEIIDgj.exe
  C:\Windows\System\UEIIDgj.exe
  2⤵
  PID:11672
- C:\Windows\System\WIXwUqZ.exe
  C:\Windows\System\WIXwUqZ.exe
  2⤵
  PID:11692
- C:\Windows\System\zrqrdRP.exe
  C:\Windows\System\zrqrdRP.exe
  2⤵
  PID:11720
- C:\Windows\System\ZeWNiNb.exe
  C:\Windows\System\ZeWNiNb.exe
  2⤵
  PID:11740
- C:\Windows\System\xDNEAdk.exe
  C:\Windows\System\xDNEAdk.exe
  2⤵
  PID:11760
- C:\Windows\System\bCUojex.exe
  C:\Windows\System\bCUojex.exe
  2⤵
  PID:11784
- C:\Windows\System\yQBYIKw.exe
  C:\Windows\System\yQBYIKw.exe
  2⤵
  PID:11808
- C:\Windows\System\REgcmOg.exe
  C:\Windows\System\REgcmOg.exe
  2⤵
  PID:11824
- C:\Windows\System\meiZuUV.exe
  C:\Windows\System\meiZuUV.exe
  2⤵
  PID:11848
- C:\Windows\System\SrJDDNN.exe
  C:\Windows\System\SrJDDNN.exe
  2⤵
  PID:11872
- C:\Windows\System\zYfuGwY.exe
  C:\Windows\System\zYfuGwY.exe
  2⤵
  PID:11908
- C:\Windows\System\EKBZzca.exe
  C:\Windows\System\EKBZzca.exe
  2⤵
  PID:11924
- C:\Windows\System\hclNbLY.exe
  C:\Windows\System\hclNbLY.exe
  2⤵
  PID:11940
- C:\Windows\System\CCYPfGs.exe
  C:\Windows\System\CCYPfGs.exe
  2⤵
  PID:11956
- C:\Windows\System\ECfCKxf.exe
  C:\Windows\System\ECfCKxf.exe
  2⤵
  PID:11972
- C:\Windows\System\ubRbqbr.exe
  C:\Windows\System\ubRbqbr.exe
  2⤵
  PID:11988
- C:\Windows\System\sqvEmFi.exe
  C:\Windows\System\sqvEmFi.exe
  2⤵
  PID:12012
- C:\Windows\System\gqDORmG.exe
  C:\Windows\System\gqDORmG.exe
  2⤵
  PID:12028
- C:\Windows\System\pDbwAxJ.exe
  C:\Windows\System\pDbwAxJ.exe
  2⤵
  PID:12048
- C:\Windows\System\FMNQETr.exe
  C:\Windows\System\FMNQETr.exe
  2⤵
  PID:12064
- C:\Windows\System\ptQjkUZ.exe
  C:\Windows\System\ptQjkUZ.exe
  2⤵
  PID:12080
- C:\Windows\System\qpHRIpR.exe
  C:\Windows\System\qpHRIpR.exe
  2⤵
  PID:12104
- C:\Windows\System\XPgbFAH.exe
  C:\Windows\System\XPgbFAH.exe
  2⤵
  PID:12124
- C:\Windows\System\keLUsOM.exe
  C:\Windows\System\keLUsOM.exe
  2⤵
  PID:12144
- C:\Windows\System\sIPPWzl.exe
  C:\Windows\System\sIPPWzl.exe
  2⤵
  PID:12168
- C:\Windows\System\KktuDzh.exe
  C:\Windows\System\KktuDzh.exe
  2⤵
  PID:12188
- C:\Windows\System\ssWrPOO.exe
  C:\Windows\System\ssWrPOO.exe
  2⤵
  PID:12208
- C:\Windows\System\AvyiaXF.exe
  C:\Windows\System\AvyiaXF.exe
  2⤵
  PID:12232
- C:\Windows\System\OGSgIWq.exe
  C:\Windows\System\OGSgIWq.exe
  2⤵
  PID:12252
- C:\Windows\System\AMNXwny.exe
  C:\Windows\System\AMNXwny.exe
  2⤵
  PID:12272
- C:\Windows\System\swJVBxc.exe
  C:\Windows\System\swJVBxc.exe
  2⤵
  PID:7956
- C:\Windows\System\cGZpHMY.exe
  C:\Windows\System\cGZpHMY.exe
  2⤵
  PID:8084
- C:\Windows\System\HYGgJSt.exe
  C:\Windows\System\HYGgJSt.exe
  2⤵
  PID:2372
- C:\Windows\System\mMxykpS.exe
  C:\Windows\System\mMxykpS.exe
  2⤵
  PID:8360
- C:\Windows\System\ZMrDxMs.exe
  C:\Windows\System\ZMrDxMs.exe
  2⤵
  PID:8608
- C:\Windows\System\fExXHzj.exe
  C:\Windows\System\fExXHzj.exe
  2⤵
  PID:9588
- C:\Windows\System\JFYceVg.exe
  C:\Windows\System\JFYceVg.exe
  2⤵
  PID:9676
- C:\Windows\System\tbYZbUT.exe
  C:\Windows\System\tbYZbUT.exe
  2⤵
  PID:9712
- C:\Windows\System\BJMcWpq.exe
  C:\Windows\System\BJMcWpq.exe
  2⤵
  PID:9760
- C:\Windows\System\thRecMl.exe
  C:\Windows\System\thRecMl.exe
  2⤵
  PID:9840
- C:\Windows\System\cEJAULK.exe
  C:\Windows\System\cEJAULK.exe
  2⤵
  PID:9876
- C:\Windows\System\ZKhSnol.exe
  C:\Windows\System\ZKhSnol.exe
  2⤵
  PID:9904
- C:\Windows\System\XYapCvX.exe
  C:\Windows\System\XYapCvX.exe
  2⤵
  PID:9976
- C:\Windows\System\qvTizAT.exe
  C:\Windows\System\qvTizAT.exe
  2⤵
  PID:10624
- C:\Windows\System\pqLEUZJ.exe
  C:\Windows\System\pqLEUZJ.exe
  2⤵
  PID:10684
- C:\Windows\System\vZymAdM.exe
  C:\Windows\System\vZymAdM.exe
  2⤵
  PID:12300
- C:\Windows\System\aLbYKWs.exe
  C:\Windows\System\aLbYKWs.exe
  2⤵
  PID:12328
- C:\Windows\System\tnIMZtu.exe
  C:\Windows\System\tnIMZtu.exe
  2⤵
  PID:12352
- C:\Windows\System\LnUZBki.exe
  C:\Windows\System\LnUZBki.exe
  2⤵
  PID:12380
- C:\Windows\System\XoKJKLQ.exe
  C:\Windows\System\XoKJKLQ.exe
  2⤵
  PID:12404
- C:\Windows\System\zkovdpS.exe
  C:\Windows\System\zkovdpS.exe
  2⤵
  PID:12424
- C:\Windows\System\gVjuCxV.exe
  C:\Windows\System\gVjuCxV.exe
  2⤵
  PID:12444
- C:\Windows\System\GJMmOJm.exe
  C:\Windows\System\GJMmOJm.exe
  2⤵
  PID:12484
- C:\Windows\System\pMcRxVr.exe
  C:\Windows\System\pMcRxVr.exe
  2⤵
  PID:12508
- C:\Windows\System\ViEnKyx.exe
  C:\Windows\System\ViEnKyx.exe
  2⤵
  PID:12532
- C:\Windows\System\lsKjJhd.exe
  C:\Windows\System\lsKjJhd.exe
  2⤵
  PID:12556
- C:\Windows\System\eBBnteU.exe
  C:\Windows\System\eBBnteU.exe
  2⤵
  PID:12576
- C:\Windows\System\QiBGyiN.exe
  C:\Windows\System\QiBGyiN.exe
  2⤵
  PID:12600
- C:\Windows\System\PBRPgbY.exe
  C:\Windows\System\PBRPgbY.exe
  2⤵
  PID:12620
- C:\Windows\System\IjtYfTa.exe
  C:\Windows\System\IjtYfTa.exe
  2⤵
  PID:12644
- C:\Windows\System\CglWOMd.exe
  C:\Windows\System\CglWOMd.exe
  2⤵
  PID:12660
- C:\Windows\System\IMCXxQT.exe
  C:\Windows\System\IMCXxQT.exe
  2⤵
  PID:12676
- C:\Windows\System\zOomkEC.exe
  C:\Windows\System\zOomkEC.exe
  2⤵
  PID:12692
- C:\Windows\System\Aeuxeeg.exe
  C:\Windows\System\Aeuxeeg.exe
  2⤵
  PID:12708
- C:\Windows\System\nyOEzgq.exe
  C:\Windows\System\nyOEzgq.exe
  2⤵
  PID:12724
- C:\Windows\System\bzhsosb.exe
  C:\Windows\System\bzhsosb.exe
  2⤵
  PID:12740
- C:\Windows\System\VgXkSjf.exe
  C:\Windows\System\VgXkSjf.exe
  2⤵
  PID:12756
- C:\Windows\System\XJqIPCM.exe
  C:\Windows\System\XJqIPCM.exe
  2⤵
  PID:12772
- C:\Windows\System\FWOcTuv.exe
  C:\Windows\System\FWOcTuv.exe
  2⤵
  PID:12788
- C:\Windows\System\vXAewpE.exe
  C:\Windows\System\vXAewpE.exe
  2⤵
  PID:12804
- C:\Windows\System\CQkPbos.exe
  C:\Windows\System\CQkPbos.exe
  2⤵
  PID:12820
- C:\Windows\System\AISfMCQ.exe
  C:\Windows\System\AISfMCQ.exe
  2⤵
  PID:12836
- C:\Windows\System\IirGydk.exe
  C:\Windows\System\IirGydk.exe
  2⤵
  PID:12860
- C:\Windows\System\BqdCKLw.exe
  C:\Windows\System\BqdCKLw.exe
  2⤵
  PID:12876
- C:\Windows\System\kuItjsz.exe
  C:\Windows\System\kuItjsz.exe
  2⤵
  PID:12896
- C:\Windows\System\CEIaVVG.exe
  C:\Windows\System\CEIaVVG.exe
  2⤵
  PID:12916
- C:\Windows\System\pNfCkMl.exe
  C:\Windows\System\pNfCkMl.exe
  2⤵
  PID:12932
- C:\Windows\System\gHUWTAy.exe
  C:\Windows\System\gHUWTAy.exe
  2⤵
  PID:12956
- C:\Windows\System\JpfnCCT.exe
  C:\Windows\System\JpfnCCT.exe
  2⤵
  PID:12976
- C:\Windows\System\YvMYgPb.exe
  C:\Windows\System\YvMYgPb.exe
  2⤵
  PID:12992
- C:\Windows\System\ccjWlde.exe
  C:\Windows\System\ccjWlde.exe
  2⤵
  PID:13020
- C:\Windows\System\aMqIEnw.exe
  C:\Windows\System\aMqIEnw.exe
  2⤵
  PID:13040
- C:\Windows\System\GexaCKG.exe
  C:\Windows\System\GexaCKG.exe
  2⤵
  PID:13064
- C:\Windows\System\OvkWHJV.exe
  C:\Windows\System\OvkWHJV.exe
  2⤵
  PID:13080
- C:\Windows\System\NkKfcjM.exe
  C:\Windows\System\NkKfcjM.exe
  2⤵
  PID:13108
- C:\Windows\System\NtnmnHe.exe
  C:\Windows\System\NtnmnHe.exe
  2⤵
  PID:13128
- C:\Windows\System\ECkwuaC.exe
  C:\Windows\System\ECkwuaC.exe
  2⤵
  PID:13148
- C:\Windows\System\HvCzVaG.exe
  C:\Windows\System\HvCzVaG.exe
  2⤵
  PID:13172
- C:\Windows\System\QfvQHix.exe
  C:\Windows\System\QfvQHix.exe
  2⤵
  PID:13188
- C:\Windows\System\khdOXyP.exe
  C:\Windows\System\khdOXyP.exe
  2⤵
  PID:13216
- C:\Windows\System\fLQbHzB.exe
  C:\Windows\System\fLQbHzB.exe
  2⤵
  PID:13240
- C:\Windows\System\NmZUCRO.exe
  C:\Windows\System\NmZUCRO.exe
  2⤵
  PID:13256
- C:\Windows\System\sFjSytz.exe
  C:\Windows\System\sFjSytz.exe
  2⤵
  PID:13280
- C:\Windows\System\MKLPpjY.exe
  C:\Windows\System\MKLPpjY.exe
  2⤵
  PID:13296
- C:\Windows\System\EQxmzUO.exe
  C:\Windows\System\EQxmzUO.exe
  2⤵
  PID:10952
- C:\Windows\System\PTZGVeI.exe
  C:\Windows\System\PTZGVeI.exe
  2⤵
  PID:8848
- C:\Windows\System\HPWDXgr.exe
  C:\Windows\System\HPWDXgr.exe
  2⤵
  PID:7216
- C:\Windows\System\uKLQoPc.exe
  C:\Windows\System\uKLQoPc.exe
  2⤵
  PID:9148
- C:\Windows\System\JXOktuc.exe
  C:\Windows\System\JXOktuc.exe
  2⤵
  PID:6916
- C:\Windows\System\FOVbsAJ.exe
  C:\Windows\System\FOVbsAJ.exe
  2⤵
  PID:7156
- C:\Windows\System\BrxeHTN.exe
  C:\Windows\System\BrxeHTN.exe
  2⤵
  PID:8276
- C:\Windows\System\AXUqSeB.exe
  C:\Windows\System\AXUqSeB.exe
  2⤵
  PID:10752
- C:\Windows\System\pfZCZvE.exe
  C:\Windows\System\pfZCZvE.exe
  2⤵
  PID:10804
- C:\Windows\System\AzsQLLQ.exe
  C:\Windows\System\AzsQLLQ.exe
  2⤵
  PID:11224
- C:\Windows\System\CZLDkws.exe
  C:\Windows\System\CZLDkws.exe
  2⤵
  PID:972
- C:\Windows\System\kMnSzjC.exe
  C:\Windows\System\kMnSzjC.exe
  2⤵
  PID:7668
- C:\Windows\System\rgjAoYp.exe
  C:\Windows\System\rgjAoYp.exe
  2⤵
  PID:13100
- C:\Windows\System\AAlaQZm.exe
  C:\Windows\System\AAlaQZm.exe
  2⤵
  PID:8064
- C:\Windows\System\BmzXdco.exe
  C:\Windows\System\BmzXdco.exe
  2⤵
  PID:5372
- C:\Windows\System\GSTQhlL.exe
  C:\Windows\System\GSTQhlL.exe
  2⤵
  PID:12180
- C:\Windows\System\LsSkVfA.exe
  C:\Windows\System\LsSkVfA.exe
  2⤵
  PID:10584
- C:\Windows\System\XyGUtvS.exe
  C:\Windows\System\XyGUtvS.exe
  2⤵
  PID:10756
- C:\Windows\System\abzEXLR.exe
  C:\Windows\System\abzEXLR.exe
  2⤵
  PID:10864
- C:\Windows\System\zbQjnfo.exe
  C:\Windows\System\zbQjnfo.exe
  2⤵
  PID:10900
- C:\Windows\System\emUbdYC.exe
  C:\Windows\System\emUbdYC.exe
  2⤵
  PID:10976
- C:\Windows\System\jjzjaRi.exe
  C:\Windows\System\jjzjaRi.exe
  2⤵
  PID:11016
- C:\Windows\System\XkbYJFG.exe
  C:\Windows\System\XkbYJFG.exe
  2⤵
  PID:11044
- C:\Windows\System\XSixoYu.exe
  C:\Windows\System\XSixoYu.exe
  2⤵
  PID:11104
- C:\Windows\System\OaZAeCS.exe
  C:\Windows\System\OaZAeCS.exe
  2⤵
  PID:11180
- C:\Windows\System\CDaGqyl.exe
  C:\Windows\System\CDaGqyl.exe
  2⤵
  PID:11756
- C:\Windows\System\IBaYSyn.exe
  C:\Windows\System\IBaYSyn.exe
  2⤵
  PID:11916
- C:\Windows\System\fEgsrGa.exe
  C:\Windows\System\fEgsrGa.exe
  2⤵
  PID:12004
- C:\Windows\System\yxfIuZJ.exe
  C:\Windows\System\yxfIuZJ.exe
  2⤵
  PID:12056
- C:\Windows\System\dBeUjAK.exe
  C:\Windows\System\dBeUjAK.exe
  2⤵
  PID:12088
- C:\Windows\System\dGRsfYr.exe
  C:\Windows\System\dGRsfYr.exe
  2⤵
  PID:12848
- C:\Windows\System\wIfPrit.exe
  C:\Windows\System\wIfPrit.exe
  2⤵
  PID:13000
- C:\Windows\System\HhfUnsN.exe
  C:\Windows\System\HhfUnsN.exe
  2⤵
  PID:13116
- C:\Windows\System\NiBpQBH.exe
  C:\Windows\System\NiBpQBH.exe
  2⤵
  PID:7200
- C:\Windows\System\aXmIiwB.exe
  C:\Windows\System\aXmIiwB.exe
  2⤵
  PID:9084
- C:\Windows\System\CDfDFqF.exe
  C:\Windows\System\CDfDFqF.exe
  2⤵
  PID:11324
- C:\Windows\System\vhYftYs.exe
  C:\Windows\System\vhYftYs.exe
  2⤵
  PID:11496
- C:\Windows\System\EDZJzcg.exe
  C:\Windows\System\EDZJzcg.exe
  2⤵
  PID:2228
- C:\Windows\System\cSDYRyF.exe
  C:\Windows\System\cSDYRyF.exe
  2⤵
  PID:13356
- C:\Windows\System\ACZWuRe.exe
  C:\Windows\System\ACZWuRe.exe
  2⤵
  PID:13472
- C:\Windows\System\baexJff.exe
  C:\Windows\System\baexJff.exe
  2⤵
  PID:13400
- C:\Windows\System\SOhWALf.exe
  C:\Windows\System\SOhWALf.exe
  2⤵
  PID:13800
- C:\Windows\System\bNhUPIo.exe
  C:\Windows\System\bNhUPIo.exe
  2⤵
  PID:1172
- C:\Windows\System\EIwfSmX.exe
  C:\Windows\System\EIwfSmX.exe
  2⤵
  PID:464
- C:\Windows\System\WzLAxCp.exe
  C:\Windows\System\WzLAxCp.exe
  2⤵
  PID:14272
- C:\Windows\System\TnesbmP.exe
  C:\Windows\System\TnesbmP.exe
  2⤵
  PID:14000
- C:\Windows\System\BtrcynB.exe
  C:\Windows\System\BtrcynB.exe
  2⤵
  PID:14012
- C:\Windows\System\XDzWBXk.exe
  C:\Windows\System\XDzWBXk.exe
  2⤵
  PID:14040
- C:\Windows\System\nhjiAEc.exe
  C:\Windows\System\nhjiAEc.exe
  2⤵
  PID:14100
- C:\Windows\System\GTbFWrt.exe
  C:\Windows\System\GTbFWrt.exe
  2⤵
  PID:14160
- C:\Windows\System\VyaXaOj.exe
  C:\Windows\System\VyaXaOj.exe
  2⤵
  PID:11148
- C:\Windows\System\jaQDVzN.exe
  C:\Windows\System\jaQDVzN.exe
  2⤵
  PID:9000
- C:\Windows\System\EeiFXEl.exe
  C:\Windows\System\EeiFXEl.exe
  2⤵
  PID:3792
- C:\Windows\System\iLklCNh.exe
  C:\Windows\System\iLklCNh.exe
  2⤵
  PID:1056
- C:\Windows\System\uhvrmRV.exe
  C:\Windows\System\uhvrmRV.exe
  2⤵
  PID:12240
- C:\Windows\System\jKzScHs.exe
  C:\Windows\System\jKzScHs.exe
  2⤵
  PID:3560
- C:\Windows\System\tesJGmj.exe
  C:\Windows\System\tesJGmj.exe
  2⤵
  PID:11864
- C:\Windows\System\DvsERfB.exe
  C:\Windows\System\DvsERfB.exe
  2⤵
  PID:9952
- C:\Windows\System\RRilJwh.exe
  C:\Windows\System\RRilJwh.exe
  2⤵
  PID:3448
- C:\Windows\System\ESwTGEy.exe
  C:\Windows\System\ESwTGEy.exe
  2⤵
  PID:1752
- C:\Windows\System\QLqTHKF.exe
  C:\Windows\System\QLqTHKF.exe
  2⤵
  PID:10840
- C:\Windows\System\YjLsozr.exe
  C:\Windows\System\YjLsozr.exe
  2⤵
  PID:11092
- C:\Windows\System\coUtIFM.exe
  C:\Windows\System\coUtIFM.exe
  2⤵
  PID:11168
- C:\Windows\System\fDtmNOm.exe
  C:\Windows\System\fDtmNOm.exe
  2⤵
  PID:8700
- C:\Windows\System\EtIQxXb.exe
  C:\Windows\System\EtIQxXb.exe
  2⤵
  PID:1896
- C:\Windows\System\eyVZohM.exe
  C:\Windows\System\eyVZohM.exe
  2⤵
  PID:7400
- C:\Windows\System\cjJuOxY.exe
  C:\Windows\System\cjJuOxY.exe
  2⤵
  PID:11276
- C:\Windows\System\QeSTyhA.exe
  C:\Windows\System\QeSTyhA.exe
  2⤵
  PID:3300
- C:\Windows\System\pGGhPhY.exe
  C:\Windows\System\pGGhPhY.exe
  2⤵
  PID:12924
- C:\Windows\System\CJFidoA.exe
  C:\Windows\System\CJFidoA.exe
  2⤵
  PID:12164
- C:\Windows\System\PnqyJAP.exe
  C:\Windows\System\PnqyJAP.exe
  2⤵
  PID:12244
- C:\Windows\System\rbpZjJi.exe
  C:\Windows\System\rbpZjJi.exe
  2⤵
  PID:636
- C:\Windows\System\QcYOoqH.exe
  C:\Windows\System\QcYOoqH.exe
  2⤵
  PID:11636
- C:\Windows\System\YAwMpqv.exe
  C:\Windows\System\YAwMpqv.exe
  2⤵
  PID:11684
- C:\Windows\System\TLAdrCQ.exe
  C:\Windows\System\TLAdrCQ.exe
  2⤵
  PID:11268
- C:\Windows\System\vcCKSrP.exe
  C:\Windows\System\vcCKSrP.exe
  2⤵
  PID:11796
- C:\Windows\System\DNZOqQD.exe
  C:\Windows\System\DNZOqQD.exe
  2⤵
  PID:10272
- C:\Windows\System\zKSgAik.exe
  C:\Windows\System\zKSgAik.exe
  2⤵
  PID:3724
- C:\Windows\System\wLFwOUY.exe
  C:\Windows\System\wLFwOUY.exe
  2⤵
  PID:6336
- C:\Windows\System\kADFRhS.exe
  C:\Windows\System\kADFRhS.exe
  2⤵
  PID:10792
- C:\Windows\System\cIKNRVV.exe
  C:\Windows\System\cIKNRVV.exe
  2⤵
  PID:13700
- C:\Windows\System\OvlsRKU.exe
  C:\Windows\System\OvlsRKU.exe
  2⤵
  PID:10564
- C:\Windows\System\JxLymli.exe
  C:\Windows\System\JxLymli.exe
  2⤵
  PID:10884
- C:\Windows\System\pdNVbxT.exe
  C:\Windows\System\pdNVbxT.exe
  2⤵
  PID:10888
- C:\Windows\System\mJYuVkY.exe
  C:\Windows\System\mJYuVkY.exe
  2⤵
  PID:12988
- C:\Windows\System\YxMtLFS.exe
  C:\Windows\System\YxMtLFS.exe
  2⤵
  PID:4860
- C:\Windows\System\BEUUEmR.exe
  C:\Windows\System\BEUUEmR.exe
  2⤵
  PID:11572
- C:\Windows\System\zEsJUbt.exe
  C:\Windows\System\zEsJUbt.exe
  2⤵
  PID:13268
- C:\Windows\System\ejJTjgA.exe
  C:\Windows\System\ejJTjgA.exe
  2⤵
  PID:13824
- C:\Windows\System\PsYQuoX.exe
  C:\Windows\System\PsYQuoX.exe
  2⤵
  PID:8420
- C:\Windows\System\XZXoOqG.exe
  C:\Windows\System\XZXoOqG.exe
  2⤵
  PID:7908
- C:\Windows\System\YkjSzdZ.exe
  C:\Windows\System\YkjSzdZ.exe
  2⤵
  PID:13384
- C:\Windows\System\RjxxHxc.exe
  C:\Windows\System\RjxxHxc.exe
  2⤵
  PID:13628
- C:\Windows\System\VILaKXK.exe
  C:\Windows\System\VILaKXK.exe
  2⤵
  PID:12812
- C:\Windows\System\giNiUOH.exe
  C:\Windows\System\giNiUOH.exe
  2⤵
  PID:9452
- C:\Windows\System\hslAQYK.exe
  C:\Windows\System\hslAQYK.exe
  2⤵
  PID:11308
- C:\Windows\System\pWTmLKX.exe
  C:\Windows\System\pWTmLKX.exe
  2⤵
  PID:6872
- C:\Windows\System\melpPeC.exe
  C:\Windows\System\melpPeC.exe
  2⤵
  PID:1064
- C:\Windows\System\sUOZCqV.exe
  C:\Windows\System\sUOZCqV.exe
  2⤵
  PID:13448
- C:\Windows\System\SXHaAsa.exe
  C:\Windows\System\SXHaAsa.exe
  2⤵
  PID:2900
- C:\Windows\System\uXpoFRd.exe
  C:\Windows\System\uXpoFRd.exe
  2⤵
  PID:13476
- C:\Windows\System\AEKLLZw.exe
  C:\Windows\System\AEKLLZw.exe
  2⤵
  PID:10180
- C:\Windows\System\WChwPnh.exe
  C:\Windows\System\WChwPnh.exe
  2⤵
  PID:8080
- C:\Windows\System\xMldIMM.exe
  C:\Windows\System\xMldIMM.exe
  2⤵
  PID:4952
- C:\Windows\System\qxgBewF.exe
  C:\Windows\System\qxgBewF.exe
  2⤵
  PID:3432
- C:\Windows\System\cyPGACt.exe
  C:\Windows\System\cyPGACt.exe
  2⤵
  PID:14092
- C:\Windows\System\dwFxzRK.exe
  C:\Windows\System\dwFxzRK.exe
  2⤵
  PID:10852
- C:\Windows\System\NzGlezD.exe
  C:\Windows\System\NzGlezD.exe
  2⤵
  PID:8628
- C:\Windows\System\JDKKJze.exe
  C:\Windows\System\JDKKJze.exe
  2⤵
  PID:4536
- C:\Windows\System\RxWQIMf.exe
  C:\Windows\System\RxWQIMf.exe
  2⤵
  PID:13716
- C:\Windows\System\eQacMcP.exe
  C:\Windows\System\eQacMcP.exe
  2⤵
  PID:12140
- C:\Windows\System\GqqxYtg.exe
  C:\Windows\System\GqqxYtg.exe
  2⤵
  PID:13136
- C:\Windows\System\bJxlZLv.exe
  C:\Windows\System\bJxlZLv.exe
  2⤵
  PID:11576
- C:\Windows\System\bOKmctE.exe
  C:\Windows\System\bOKmctE.exe
  2⤵
  PID:11816
- C:\Windows\System\vJqpmQL.exe
  C:\Windows\System\vJqpmQL.exe
  2⤵
  PID:9784
- C:\Windows\System\NAsxoTw.exe
  C:\Windows\System\NAsxoTw.exe
  2⤵
  PID:11040
- C:\Windows\System\faCIUqJ.exe
  C:\Windows\System\faCIUqJ.exe
  2⤵
  PID:3224
- C:\Windows\System\JvAvUqH.exe
  C:\Windows\System\JvAvUqH.exe
  2⤵
  PID:6484
- C:\Windows\System\AlxXyrQ.exe
  C:\Windows\System\AlxXyrQ.exe
  2⤵
  PID:13228
- C:\Windows\System\RTaUalI.exe
  C:\Windows\System\RTaUalI.exe
  2⤵
  PID:11948
- C:\Windows\System\KfHgXiX.exe
  C:\Windows\System\KfHgXiX.exe
  2⤵
  PID:13264
- C:\Windows\System\sKefFIl.exe
  C:\Windows\System\sKefFIl.exe
  2⤵
  PID:13444
- C:\Windows\System\QzXQFaw.exe
  C:\Windows\System\QzXQFaw.exe
  2⤵
  PID:2040
- C:\Windows\System\HIENrdw.exe
  C:\Windows\System\HIENrdw.exe
  2⤵
  PID:10424
- C:\Windows\System\lYcxOPJ.exe
  C:\Windows\System\lYcxOPJ.exe
  2⤵
  PID:2084
- C:\Windows\System\CCwrehm.exe
  C:\Windows\System\CCwrehm.exe
  2⤵
  PID:4524
- C:\Windows\System\OXKmXeQ.exe
  C:\Windows\System\OXKmXeQ.exe
  2⤵
  PID:8748
- C:\Windows\System\grPcCrP.exe
  C:\Windows\System\grPcCrP.exe
  2⤵
  PID:12504
- C:\Windows\System\HcvZlxc.exe
  C:\Windows\System\HcvZlxc.exe
  2⤵
  PID:12116
- C:\Windows\System\BaykugT.exe
  C:\Windows\System\BaykugT.exe
  2⤵
  PID:13076
- C:\Windows\System\jWtxRsn.exe
  C:\Windows\System\jWtxRsn.exe
  2⤵
  PID:10388
- C:\Windows\System\uNePLTi.exe
  C:\Windows\System\uNePLTi.exe
  2⤵
  PID:10304
- C:\Windows\System\pitxlsP.exe
  C:\Windows\System\pitxlsP.exe
  2⤵
  PID:1240
- C:\Windows\System\AKXzOgd.exe
  C:\Windows\System\AKXzOgd.exe
  2⤵
  PID:11208
- C:\Windows\System\ZJUFius.exe
  C:\Windows\System\ZJUFius.exe
  2⤵
  PID:13832
- C:\Windows\System\xQLQrHT.exe
  C:\Windows\System\xQLQrHT.exe
  2⤵
  PID:14288
- C:\Windows\System\KciKwRL.exe
  C:\Windows\System\KciKwRL.exe
  2⤵
  PID:13308
- C:\Windows\System\ZGtsMnc.exe
  C:\Windows\System\ZGtsMnc.exe
  2⤵
  PID:13144
- C:\Windows\System\rtrbbfL.exe
  C:\Windows\System\rtrbbfL.exe
  2⤵
  PID:7176
- C:\Windows\System\RlQDTwo.exe
  C:\Windows\System\RlQDTwo.exe
  2⤵
  PID:13888

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:12632

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:12036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t42afsyf.3mt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AwujMCh.exe

Filesize
1.7MB

MD5
20b5715522b1869dd5e399dd7c49335b

SHA1
84cd407bac9e4c9472c287737c44f716bdfb0793

SHA256
3011c4209076f0be8db6758708f4300bd9ea38f45b63a842832e425aba867ea3

SHA512
96f0b9d7dfe15e347565aadaf8eee723e4a7773f80b01c7437bc4af2ec932a4e2b204bda1fa8d33746063c76206ad44cb9947c0a7ac91a2c3a14d4a93bf817df

Download Submit
C:\Windows\System\CDuTKQH.exe

Filesize
1.7MB

MD5
f85400eda65615ed8563246768dfe8c2

SHA1
99b2b2561862dd106ddf27cbbbccf4af9d12d312

SHA256
037a8de9c990b5d87c904b5d21e054469d76dd9c72a6388bba87e1c24e964603

SHA512
7afa138ea310ca3f6cd3996d8bd293eed6049e22d5239508ec00052ba841e885f4e80cdf2690349f08a632e6149fd1f13fc68d9ce07b1c1a44675b35a725a788

Download Submit
C:\Windows\System\DRAykQE.exe

Filesize
1.7MB

MD5
acb8358100f729bf752929a95a928eef

SHA1
ae02dcb5a67d3439ff28e8def1f8106d8981ead5

SHA256
3129efae0c0cd5b7c051cc20692fceb88d7f10aac9abc7662a7d62738fc09fe3

SHA512
516cde3c29e7c6b7f47d145e2823b4c47a80cc4f3775a55c98f50f785bd8cf9f490fecc5786b17bea8f978241c9238bd8d2cf3893e46d784de388820f8d352bb

Download Submit
C:\Windows\System\DbUuumF.exe

Filesize
1.7MB

MD5
f2160cacbddbb1fffb4053ac7a5e70bc

SHA1
aa55fd9ce518b3a1d3d8a5ecff709f81d2fe2fb1

SHA256
7e630f8c961c81c50cb5dd4e055d2d1d27c072ed40b98e4bf6424d948f729ee6

SHA512
5f71f4606851b68d325c8d907068f61ad0907db60cfe3e050d970fa1aba631d57ed2f8ccbc6dce35ed13e88b10bd71a0a0f3d468a410e894ffc6062a3c1c2efb

Download Submit
C:\Windows\System\EMTnfZd.exe

Filesize
1.7MB

MD5
bf8e96039ce4726146578789d14ae5a5

SHA1
0193e70fe04ef446a5169dc5758575cdd821c6eb

SHA256
25ccff68f817a4251477e92db5a5d878a1d6ba4c097a7ebdb5ca2ffa31ee6a96

SHA512
7d7f8b747b86c888248eb046df542a0b4217846de802e2b5232dd637ef5900d16b5cd4af2fbca137d84721880c453bfda6d2256944123426964cbb507e3ab30f

Download Submit
C:\Windows\System\GMtinwK.exe

Filesize
1.7MB

MD5
cdb0a048d06029776a9e49962d73d1de

SHA1
576c945afd08756b5a6b2a107775a7e1cdf4691a

SHA256
50c363d8c691ac2be40b77f1cf2719beab2dd4a28e4c860ef188042b1b82aa24

SHA512
2d80ecb80ba032b5830e6c9f9a4a57e0247ad45ff9cf0a386851957a43dfee2fcf03084a5e4faf85ff6677707980e4b74d39e61e006b9835a3f5154687fdf333

Download Submit
C:\Windows\System\HSbyYIz.exe

Filesize
1.7MB

MD5
5c490155c02ae2643a0c9d5ce0643f45

SHA1
eb2f6dc9f7501cbf804ed986454a32a282c3be52

SHA256
1e8a2b77c54ad226ce0642eaf236e95b19dae89b41323dc5e9cbf8ab5c2c8db9

SHA512
bdfdd6c85b789cf340fd68a431af82f94b0fc482ff33e30cd05a753e6e54b933d86a66bec5ebcd6859ec356783e7598dfaf754ec8802d4cf7503799d6d10e2b7

Download Submit
C:\Windows\System\JMsUTgU.exe

Filesize
1.7MB

MD5
48e9c845f78ccca9e0df7aa7b4a93293

SHA1
298c93b592905bcaa1cf6ad77d6cace7d6482c5f

SHA256
c14a44d371372f9e0d985c6bec10e5e2feacf016aa290138a7fbcff1165bd11d

SHA512
9110075815c9fd5a282e4f62abc8c61f2f84e29e5ae0ff84d286c41cd80037244b4a94fd9fab47c1dfc14c27f0f2e57b2895a290ea6d65d72a31fa1ca6e6abd2

Download Submit
C:\Windows\System\JmYScUa.exe

Filesize
1.7MB

MD5
c4badca57669070dd4943b23604f091b

SHA1
8cc437d896af4c57eb55113606921a9c3b363b95

SHA256
0e9ea3457cecbabee69d8d0a6b63b92517731b659e365dc1f3ba0a4c518a6fd5

SHA512
c871552bd31ffffb858f092d31d6577183c0458aec0686622113fbd46afd85d254bd1718df660576451c03b7ca0c634a412e9b5194e2a0f89064dcb882e9e003

Download Submit
C:\Windows\System\KjlARQW.exe

Filesize
1.7MB

MD5
df18b6c3c84c23862ebe145f54afa2b0

SHA1
441856c693f336885807dde39f19bf20c24e29a8

SHA256
b20a23de31654c90dd1efc2674c06ca5fbf1649f3c2794ba459ff01b53a45231

SHA512
73f352f6c6c5cb951b4c8a50d95119072250bda640c3c15b15ed194cbe659fe4329cef34488d3dd28a6723dbcfc1e88e757868396f48fc37e890bd84b18b82be

Download Submit
C:\Windows\System\LDNKIsR.exe

Filesize
1.7MB

MD5
9f1f65d9fd36578feeb6d07e2887cad3

SHA1
e80d550d89285faedb9d81112e0104ced4912af1

SHA256
54a6a346a0575c2b2f6267f3598c3adc5a9b51b6842a6c00d0bcd74733067380

SHA512
e6d1957b898e62001d54019e23b8d8a0541d271fb24664b1274a366d8d882a7812aa6b8ec88656c4afd03612c1ba4efb43accc81adfce9d5ebbaa68edb76b90e

Download Submit
C:\Windows\System\LLzTXWX.exe

Filesize
1.7MB

MD5
348484dfaf5d4507b434d5e16e339f49

SHA1
73014561754ef662b7f0905f34a2b039d5c75ead

SHA256
666f67ea897b7778e34453d2eee9c1f67f36950cb5a8a156437f97ae045bb86e

SHA512
5e11f79010cf2479f77ad2ce0cb28a0cccb505ac55dfb6a34f41c04599481499177553e0c6fee4fde81f59d5c45ee7a745a987315c1aeaf71579731c06c4db99

Download Submit
C:\Windows\System\LPgXUwM.exe

Filesize
1.7MB

MD5
cbe27049af6a7dc09f7da729ae358434

SHA1
51558057dcb2d4096469d7c188a7de37cf443a41

SHA256
86f6f5af84f45508de89712d2a19572d71331d3d0053083542c8faee3d8fbbee

SHA512
5d04fa8e22192115f508b6d070aaf70e401dbae4d4ad37be196324b8effb5f890922b07899043972adce80816c69e5234d6c77d655d4654a89eecc4c318087e6

Download Submit
C:\Windows\System\LespJiJ.exe

Filesize
1.7MB

MD5
b2558a520196c8f5bef7aec882357f2b

SHA1
6bfaf35188d4e8adb3583bf1a4535ec589c1df12

SHA256
daf339ed6be3831dacf4eb71dec358d700e75ea86220a0bbaf1141174c7159d1

SHA512
0cc5ce5a61152ea4a0afeaa5c5fd4e3f2e3086c576fd13cc2ac23896c1a4915541219b1c4e6798355135eaee7a80667083d1461d6b0e65f89d03758e30b5ee1b

Download Submit
C:\Windows\System\LyuUnvv.exe

Filesize
1.7MB

MD5
310a677580a52b801199d7daba1429cc

SHA1
15516d24a561b1cb6cf59d5bb156d3d8f2fe2d8e

SHA256
f43abce745004f0243c639c2532d33577a9eec4b6097701d4b7c3fc5f60d34a1

SHA512
eee3005057efba23bc2aee023973a2a0b1c7dc346fc8676c4ee9f72082d38e3ffa06b4c1db17c6d0429a766334e851278e71bdf4b3707541a226ac6aec4bdd7f

Download Submit
C:\Windows\System\MAGBpih.exe

Filesize
1.7MB

MD5
0428fad776a079add81e0962d2f30a0b

SHA1
439305483e63cdf92f5cdc23336a037461f6cb1a

SHA256
bf9a930cd0a3214a0c9b163460a2c6ea154b79e45674d5495d748e3cf76573fd

SHA512
1f0325aedaa5dfcf79fee49dc3bfe717f09e3643f90129200fa8413fe3f7e10a206aacc0704413d8a0a1b04af7d2b1556e317f098ec7b0d7f4b6232d03d52256

Download Submit
C:\Windows\System\MuSCMpp.exe

Filesize
1.7MB

MD5
bf7aaae190928c2813d69da522fdae68

SHA1
53329173c56d7ff0a1fa91e31b9b7e95e4f136ed

SHA256
e4a141da62b589324ea218e8c0c02986c5a56c43c2b1d344ef1ea0a7c6c76067

SHA512
cfea9a28da7c2454486b12ecba2662085be1de4e42c87c39e2ff4ff3a9a62fd0214daea74317211bea612333e3e4eea2eb9f0029d338ca299562c46915f4eff8

Download Submit
C:\Windows\System\QolaWBy.exe

Filesize
1.7MB

MD5
53983597b098845e102639c8c32f078d

SHA1
149397d5f50226ffe9b9ea3769555b22143470f5

SHA256
ead2e7541392bff036927e1be153d87d9d581f3997f27fc2f86fef5c3712a9d6

SHA512
187d8a2182a5405da1fa8a6fa399b510d92fcab9aa801074f9fce4ebed70d5eb4f5c29880de71f2400b10e0ddd2ecc28e32de6446bc215eb2595ce76be0490a7

Download Submit
C:\Windows\System\RSisIun.exe

Filesize
1.7MB

MD5
ac55b2babbd7adfa1fc50933d9d58143

SHA1
9d8f666a736cb00afa6e4c22b55fef9713f98a7f

SHA256
d9256cf3e30fb3588414b302df426329ac78e7d376e6da3cb80387c17efbb3a7

SHA512
1e83ff7701deacfb6b97e78c9e0b5271f12c4120672e4e311f1ba72ec69b82d1e8c46cc2c322a911e562265cdf2cf30d92d32010bbd68bed185b287ff8a670a8

Download Submit
C:\Windows\System\SVJAAkJ.exe

Filesize
1.7MB

MD5
201f5c87d7e2a3269480d69e6b10ac10

SHA1
db736f71368838863de365e81004735211df571d

SHA256
4e2365e8bfd59008b0500e4f1289ce4473f8dbddbae7dcdee16ec0a071a36b22

SHA512
09b782b7cef050ccae3b6587349327cbf2265c61d9cd4d749947f9603893961e267c8749f5fb2af72139a9ac85776c136b5d858f92a53cfdad6e998a768de595

Download Submit
C:\Windows\System\UeFAfyf.exe

Filesize
1.7MB

MD5
4e0a8e95c657e9da1c628fa3f189871f

SHA1
5223940d35e8fc573a27591e0a03402e3ba5743b

SHA256
ae3c7f32604491534793c9340867d5aaaa3bef0fbfaff3b92b7d891e3c4ebec2

SHA512
32866b497ac299fc13dbc6850dc8e4b6da5fdbbb016aa8a9bf2706d0c67daa3fb84a66ac3c36230040bb21d489e56c71be354220ffa23e8e95c44d69322d351e

Download Submit
C:\Windows\System\cUsDdRx.exe

Filesize
1.7MB

MD5
db4da50e79f2c07a9b407d542079ce41

SHA1
08929b08e705ab923e19cc6728a450c1b067a506

SHA256
5832ae4553155b06648b4f24e2b7db22a503b65ce15c8d5372bacfe0812b7cf4

SHA512
9da1ff6d2a2b5ba0524e36428689706446e6518935a1b85369608280757c5878effab621495bdf0d4c7e750d0623e677289a9b45b274edfbe5e987a84b4fe0c3

Download Submit
C:\Windows\System\euhkqHn.exe

Filesize
1.7MB

MD5
c2a522ee9311e41c2981e6dc457d8f16

SHA1
30352b899e74869c994450ae1d93295f8781c8de

SHA256
b3c615ba5f9e195d0c573bb4eaa62782e6dac66176cb0a5cbfc9dfb71c23e3b0

SHA512
ccb206533e25e0859fef66d83adf4ada0f4a4acdbfd9d2920d177df03c94b84c4fd23b008ec169d13d10244ce0650eabf8d077274068138d7d3ea052b3d4fa1a

Download Submit
C:\Windows\System\fQalQHO.exe

Filesize
1.7MB

MD5
79977eb48e2b0483ddd9b5f1c1bd422d

SHA1
66688d41ec83d64866e482caf48e2b75075d3527

SHA256
fd08367522a8123667398aaaccd727e4464fb4050859dd9506f9be8022755f97

SHA512
47bc0001c9ff8c36d909a34d3238bfaa5d8da43f1d3c1cd67538b57594ee25fc7151921317743e2b22fd7d7e5219a366087c6808751d1c40c28a5e86945a8a48

Download Submit
C:\Windows\System\jBuhFPG.exe

Filesize
1.7MB

MD5
2ac15029da6b986e686b8a8a45807154

SHA1
fdf0a5bec66d1e3cc2d67f24ba9ad74ce68dd932

SHA256
5a48e2282b162b80068d16553f11ca110c7f9eb4898d0eac69cfb2d1c79f0c0f

SHA512
e1f4c7119732cdd0db5d2dbef69a23eb24063e0540f08f6a3e0805170e5f91b4735ba262335b49912083f48fab6d5c467fdd72b313b61ba273b3788662c65600

Download Submit
C:\Windows\System\leyCAuF.exe

Filesize
1.7MB

MD5
8d6eededff68c0379e91c970b0781445

SHA1
1411cf48c0a5390185e2c9d1b31ccbdadba9e47a

SHA256
6c52fb332ecbf828232523ac5f68a4add7c451da2bf1ba576e251cd197be71a0

SHA512
82e2db658019d68c1ca00d226406a93f9c785c91c05b501ce94967d79dffd0ecb55f431ba197e72b3167d88c0049da1df85d9f62021a2fb75686ca865bbe874e

Download Submit
C:\Windows\System\mleocQy.exe

Filesize
1.7MB

MD5
e89fdced398bd3e664d4bb5995fa33e8

SHA1
f83e15af912fce4cbdf636cbf1ec50555683947d

SHA256
44279b24ad380150e14b0403212a4fcd20c3b7d0a6f7a08488d3050e0e985b81

SHA512
bd9a756c7159a541b3baac9c6e90f263d38cfe8e7b95c25ecb76df5f4ddff972c8b91118ce694a37d1b7c42799d6a834c308b303f092bafd89f23ca3d83f2687

Download Submit
C:\Windows\System\nGzJigL.exe

Filesize
1.7MB

MD5
c7d80eb3dbc4311413f7ba4d1ea9abd7

SHA1
7f3b39623a1bbc9e104f8ff3e1b186340e299eea

SHA256
295ed195786f89763c2a7283951d8f09fe11d7171162bc5556132cd89b4e0f9a

SHA512
a103421e04cc5910ed5b5f48cf1227c102234f04d2303c9ff14622e99e9f038fa9235d3b7fc94ccb7ee50ad5c7452efc30f1d3fa4b4f6e5d2122211781946656

Download Submit
C:\Windows\System\nITvDVZ.exe

Filesize
1.7MB

MD5
fe50b310e0da943e53f741e1b43d229a

SHA1
44152758026c124b8f117556848d19075631853c

SHA256
8bbb099e1452ebb881899d70e1011537609c0e08e1a7b6bd999ee2d862da0d8b

SHA512
e06632f77e00813360dca18e6980d3ea44b8d5060cacf593356130577503340822c0ccc9b2596154b93dd2282b5f4d9ee7c4c3291644537306717f7816d7ef49

Download Submit
C:\Windows\System\pRTrOgG.exe

Filesize
1.7MB

MD5
26a4ac06285393a054fee3bab2ae952b

SHA1
5ded5981e5c30cd09341b2313dc3bb89358dbae4

SHA256
0a8e6fe003464fa45cd5da83f4e737b05ed3c084d3b2762e8d1a6108d4dc1b19

SHA512
455bb06ca681f8c31937eb6951e60f19a55b2d6bef7d0567499eeb4ca3cb0a5bd42d3e394f65468f0988febfcfef27686849ed1d8020acd1e6684b28839ab97c

Download Submit
C:\Windows\System\pdrHacs.exe

Filesize
1.7MB

MD5
bf1950c53b2f75c983a567a79867ec03

SHA1
afa52e6ad962088901017a47d936297bdafd0ba2

SHA256
d6ecc0f43b12d37b5db95e2bc753916d1336e50baa74444b38d432da99a06e83

SHA512
0aa91b9d42574c3492e0b21161fe206dee797c46c79b566ce89248215eb182a879917fafb35ea03ffc739379d35629974887dae70b632e9ec2b1e87bc972fd85

Download Submit
C:\Windows\System\rLogIrh.exe

Filesize
1.7MB

MD5
af2ddb455e1379bd7a378f8f6c6d3e93

SHA1
780513d1b02cc47bb25af40bb2a0b09606fb0342

SHA256
ac91bd4522712d7b657c6f53a664e134dfedc979665bcd729ac5bd51b7d4d941

SHA512
075251a1502acbcea38add8a294dc4c80946cbefc077be5030d8cd7826e5a8903dd160a683511ff4152d9189fe3b6926dd89832873c72cd4ebb78e1a850714cc

Download Submit
C:\Windows\System\rRAjEGS.exe

Filesize
1.7MB

MD5
e6b0e08c16fdd8e761c4b281affe74d1

SHA1
42183e57a3fd26f9f599f49d0ec97ef07637b3a3

SHA256
f7bfefc507215c91a385b17548a904b0882d0db8d076a8d182f6c5114de379ee

SHA512
c8266b7f9115b3fc1bb0bd8b7ac121f73f3553936a13c5fb4929ddbd7522f309ee66bf08b30ae360ccfab82864b061d9259983118ad30c7b6aa4e4ca70786225

Download Submit
C:\Windows\System\rYzPvUI.exe

Filesize
1.7MB

MD5
6e2b1e99378d9aea4e6e261336bd85cf

SHA1
16d0e206d0d3eb8e6b53f0b7fede2349bf4843e4

SHA256
d38834e3b046f90871598ad5a275f24dab891cf94c9411c4f5e2e8c292802a5d

SHA512
c06fb42b68d0b83491c50d7503c63b7dfa1c3b1fb51bcea3d6c03d7e1d1507016c73a077ccfb0defc16fe19621e1337ebcaf491f56ee4d77684d69d52177dfa4

Download Submit
C:\Windows\System\rcGlqvF.exe

Filesize
1.7MB

MD5
9385beeb4a020682ddb7420160bee805

SHA1
6e3eff8816389d0f63e2df29eeb638b191957e38

SHA256
0ec3073b22b6588e77d143a17353fabb082ce23b63e8ac445edd65021633adb2

SHA512
15181862684a1631a45a555ba0a8eea15261480e6dfae3078543655f5d741658c52feff351e0fd42baefda33abcdfdc835aed572ad041e3bb67b0d6a9833b0ce

Download Submit
C:\Windows\System\sUhDjpV.exe

Filesize
1.7MB

MD5
02944952099c06003eef16e7ebeacded

SHA1
d3a17e095eb1847fd0b61ab12cd5e71245b6ce43

SHA256
65141602d4ed2e9fb41ca04c962ee8a431d2d7033f2a8ac186ea2fe28e36e4d8

SHA512
4b2f6d3b9fb0353dcb709359571e839cca4e9c4a5590671e71360ae1534d94765eadab610e969d16dcab94741eb565dc2a4159592d16ae8b6ba56292ded3ca58

Download Submit
C:\Windows\System\soFrXtZ.exe

Filesize
1.7MB

MD5
f8c230f35466da6ca9d179bbad7a9789

SHA1
302fcd97bc369b7dadf50012d374341d97ec1746

SHA256
5a7d72ac42be78eb97c3d61a8d24b055e0bb7a2a765a36e9b16e08fe163df06a

SHA512
2c64898cda75756ad2cc1e5c91a901dd6f9da41290e0e97d1f49e7c34091af1f294775d9166e59e6daafcf273a704d8d9285f3b15435394729e3e32192992643

Download Submit
C:\Windows\System\tEFHnhK.exe

Filesize
1.7MB

MD5
1bb29e7209c4172a2b996bee4d0b91cf

SHA1
6d47fb1659fc5bf01a0ea333054c0a06c6b92231

SHA256
40d3ea7d288a2336f63824d2deb054813c921286d4b20269160384a4cd900f41

SHA512
7c2403849ee279bec5ac82e370a83f072c1c3669708690c7aaf88fa5ed3e8029f25f6eb313d8c8cff9779257395f3c7a72fba2770e52b2015a5e863d1afd1361

Download Submit
C:\Windows\System\uEMqfEL.exe

Filesize
1.7MB

MD5
d15d99bf2d8e1690b69e487aeb5560ed

SHA1
ace3571cf1bdc6ff2b0fe04879be119bc7ca98bb

SHA256
d9a3c44f882ee827def1070232accfabcca752af18a7cdf652b1d0af4cdc9cbd

SHA512
f309b66d3d502b0f3c2ba9efb5a03f1d6bd622df5d6b001d9a1261c91080ac262a89461903d1271e8875508681e7ade6db81af0aaf1663e9c926df3bf6e3baf2

Download Submit
C:\Windows\System\urmeYXk.exe

Filesize
1.7MB

MD5
c358a0aac0b4845dd214a4f31cdb6639

SHA1
1c042332f4a7863089afc78f38e1346a833e0a15

SHA256
641a3e68761e9ae6cbc93b17704363bf04669c009e1abc391b3f789261371c16

SHA512
700e0bdd2a61d560be307a667f558fb786b13f2cbb32a4cc368b30eda2cf3aec681cfb4826499c6854472f479849a4afdc8dbe40fba89d87ccd665028069b361

Download Submit
C:\Windows\System\xoiCBff.exe

Filesize
1.7MB

MD5
d231c46949b6d8195bda457bc256fdd2

SHA1
04d0fc1c93dc47ee1e6e9303ff4e3eef7a68203c

SHA256
d2c44d0ef1c8fb5bb5b7309451ab894a941d953005f9f5d6a87cdbdd1b4427fa

SHA512
bad54130eaf259d3661ccea9f3c87a80932fd5c8f5df8fc3af3e85cd42321e363ac6d8d893811bf81852ffeb6e0c55093056b4167116fea6d7848c8ba4be36e3

Download Submit
C:\Windows\System\ymSwhfF.exe

Filesize
8B

MD5
67d893d1a2095d39d451d08ee1cc05e9

SHA1
dad7ef4487e41ff3c3e600250e691ed16832dc94

SHA256
cc871666e89dd430f5e3dc9cc361cd1a4ecf7214b4b8daeb86cca2257079f3ce

SHA512
7799e4db272ac6c136cb55f2e50c1582a5027767dc6d148dbf159fdb6f776a047cf2ac573fbb2f2ca5a994173cf0465c93ef3f6e6c86e8981136e854def9801d

Download Submit
memory/512-253-0x00007FF6F35F0000-0x00007FF6F39E2000-memory.dmp

Filesize
3.9MB

Download
memory/512-3074-0x00007FF6F35F0000-0x00007FF6F39E2000-memory.dmp

Filesize
3.9MB

Download
memory/872-3065-0x00007FF7E82C0000-0x00007FF7E86B2000-memory.dmp

Filesize
3.9MB

Download
memory/872-199-0x00007FF7E82C0000-0x00007FF7E86B2000-memory.dmp

Filesize
3.9MB

Download
memory/1032-522-0x00007FF7A16A0000-0x00007FF7A1A92000-memory.dmp

Filesize
3.9MB

Download
memory/1032-3082-0x00007FF7A16A0000-0x00007FF7A1A92000-memory.dmp

Filesize
3.9MB

Download
memory/1452-0-0x00007FF694EF0000-0x00007FF6952E2000-memory.dmp

Filesize
3.9MB

Download
memory/1452-1-0x0000024FD4220000-0x0000024FD4230000-memory.dmp

Filesize
64KB

Download
memory/1544-521-0x00007FF6E3A70000-0x00007FF6E3E62000-memory.dmp

Filesize
3.9MB

Download
memory/1544-3112-0x00007FF6E3A70000-0x00007FF6E3E62000-memory.dmp

Filesize
3.9MB

Download
memory/1696-526-0x00007FF7DBF40000-0x00007FF7DC332000-memory.dmp

Filesize
3.9MB

Download
memory/1696-3061-0x00007FF7DBF40000-0x00007FF7DC332000-memory.dmp

Filesize
3.9MB

Download
memory/1808-3097-0x00007FF671210000-0x00007FF671602000-memory.dmp

Filesize
3.9MB

Download
memory/1808-531-0x00007FF671210000-0x00007FF671602000-memory.dmp

Filesize
3.9MB

Download
memory/1980-527-0x00007FF765EB0000-0x00007FF7662A2000-memory.dmp

Filesize
3.9MB

Download
memory/1980-3076-0x00007FF765EB0000-0x00007FF7662A2000-memory.dmp

Filesize
3.9MB

Download
memory/2020-3107-0x00007FF779E10000-0x00007FF77A202000-memory.dmp

Filesize
3.9MB

Download
memory/2020-529-0x00007FF779E10000-0x00007FF77A202000-memory.dmp

Filesize
3.9MB

Download
memory/2204-530-0x00007FF73D140000-0x00007FF73D532000-memory.dmp

Filesize
3.9MB

Download
memory/2204-3087-0x00007FF73D140000-0x00007FF73D532000-memory.dmp

Filesize
3.9MB

Download
memory/2480-3053-0x00007FF78D630000-0x00007FF78DA22000-memory.dmp

Filesize
3.9MB

Download
memory/2480-3057-0x00007FF78D630000-0x00007FF78DA22000-memory.dmp

Filesize
3.9MB

Download
memory/2480-11-0x00007FF78D630000-0x00007FF78DA22000-memory.dmp

Filesize
3.9MB

Download
memory/2488-73-0x00007FF798560000-0x00007FF798952000-memory.dmp

Filesize
3.9MB

Download
memory/2488-3063-0x00007FF798560000-0x00007FF798952000-memory.dmp

Filesize
3.9MB

Download
memory/3000-519-0x00007FF6B0660000-0x00007FF6B0A52000-memory.dmp

Filesize
3.9MB

Download
memory/3000-3089-0x00007FF6B0660000-0x00007FF6B0A52000-memory.dmp

Filesize
3.9MB

Download
memory/3060-38-0x00007FF7D7C60000-0x00007FF7D8052000-memory.dmp

Filesize
3.9MB

Download
memory/3060-3055-0x00007FF7D7C60000-0x00007FF7D8052000-memory.dmp

Filesize
3.9MB

Download
memory/3116-140-0x00007FF7EBFA0000-0x00007FF7EC392000-memory.dmp

Filesize
3.9MB

Download
memory/3116-3083-0x00007FF7EBFA0000-0x00007FF7EC392000-memory.dmp

Filesize
3.9MB

Download
memory/3576-93-0x00007FF6E9E00000-0x00007FF6EA1F2000-memory.dmp

Filesize
3.9MB

Download
memory/3576-3078-0x00007FF6E9E00000-0x00007FF6EA1F2000-memory.dmp

Filesize
3.9MB

Download
memory/3820-3072-0x00007FF6BB6B0000-0x00007FF6BBAA2000-memory.dmp

Filesize
3.9MB

Download
memory/3820-386-0x00007FF6BB6B0000-0x00007FF6BBAA2000-memory.dmp

Filesize
3.9MB

Download
memory/4004-3070-0x00007FF6C1A60000-0x00007FF6C1E52000-memory.dmp

Filesize
3.9MB

Download
memory/4004-528-0x00007FF6C1A60000-0x00007FF6C1E52000-memory.dmp

Filesize
3.9MB

Download
memory/4048-520-0x00007FF6072C0000-0x00007FF6076B2000-memory.dmp

Filesize
3.9MB

Download
memory/4048-3080-0x00007FF6072C0000-0x00007FF6076B2000-memory.dmp

Filesize
3.9MB

Download
memory/4080-3067-0x00007FF6C4330000-0x00007FF6C4722000-memory.dmp

Filesize
3.9MB

Download
memory/4080-469-0x00007FF6C4330000-0x00007FF6C4722000-memory.dmp

Filesize
3.9MB

Download
memory/4300-3059-0x00007FF7EABB0000-0x00007FF7EAFA2000-memory.dmp

Filesize
3.9MB

Download
memory/4300-53-0x00007FF7EABB0000-0x00007FF7EAFA2000-memory.dmp

Filesize
3.9MB

Download
memory/4336-3085-0x00007FF7F6990000-0x00007FF7F6D82000-memory.dmp

Filesize
3.9MB

Download
memory/4336-330-0x00007FF7F6990000-0x00007FF7F6D82000-memory.dmp

Filesize
3.9MB

Download
memory/4820-518-0x00007FF652630000-0x00007FF652A22000-memory.dmp

Filesize
3.9MB

Download
memory/4820-3101-0x00007FF652630000-0x00007FF652A22000-memory.dmp

Filesize
3.9MB

Download
memory/4876-3099-0x00007FF758650000-0x00007FF758A42000-memory.dmp

Filesize
3.9MB

Download
memory/4876-524-0x00007FF758650000-0x00007FF758A42000-memory.dmp

Filesize
3.9MB

Download
memory/4988-523-0x00007FF69D1B0000-0x00007FF69D5A2000-memory.dmp

Filesize
3.9MB

Download
memory/4988-3094-0x00007FF69D1B0000-0x00007FF69D5A2000-memory.dmp

Filesize
3.9MB

Download
memory/5068-303-0x0000016B417E0000-0x0000016B41802000-memory.dmp

Filesize
136KB

Download
memory/5068-525-0x00007FFB9CE23000-0x00007FFB9CE25000-memory.dmp

Filesize
8KB

Download
memory/5068-16-0x0000016B41820000-0x0000016B41830000-memory.dmp

Filesize
64KB

Download
memory/5068-29-0x0000016B41820000-0x0000016B41830000-memory.dmp

Filesize
64KB

Download