xmrig | b5a64ac06b885831c5bc3aa925f0d87aae9e1ebcd5b327bf8e2e20b9de145947

Analysis

max time kernel
126s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
Size

1.8MB
MD5

2d7601d9930ef3c7ae3e374799233410
SHA1

80924b0af8b9c307e1bbbfad66f40b3b6a696410
SHA256

b5a64ac06b885831c5bc3aa925f0d87aae9e1ebcd5b327bf8e2e20b9de145947
SHA512

7fd7cc562cc7fdd130b52025ad3598dcddd715c35298b84e7bef9e572e60843c1dc2c40a497a4e0837c3e923d0fd95dec697abeed7e1b01efebc499586d533a6
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjpbc8nJwbomvu2Nrlum7+a7EtLgCPimza:Lz071uv4BPMkHC0IBcAUNRSa7kj5za

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/5064-492-0x00007FF6AD790000-0x00007FF6ADB82000-memory.dmp	xmrig
behavioral2/memory/2520-556-0x00007FF6F20A0000-0x00007FF6F2492000-memory.dmp	xmrig
behavioral2/memory/3776-562-0x00007FF76B430000-0x00007FF76B822000-memory.dmp	xmrig
behavioral2/memory/3056-561-0x00007FF77B000000-0x00007FF77B3F2000-memory.dmp	xmrig
behavioral2/memory/4564-560-0x00007FF7E6B10000-0x00007FF7E6F02000-memory.dmp	xmrig
behavioral2/memory/2192-559-0x00007FF71F7C0000-0x00007FF71FBB2000-memory.dmp	xmrig
behavioral2/memory/3216-558-0x00007FF691830000-0x00007FF691C22000-memory.dmp	xmrig
behavioral2/memory/4220-557-0x00007FF766210000-0x00007FF766602000-memory.dmp	xmrig
behavioral2/memory/4688-555-0x00007FF7EE450000-0x00007FF7EE842000-memory.dmp	xmrig
behavioral2/memory/2972-554-0x00007FF6EBEC0000-0x00007FF6EC2B2000-memory.dmp	xmrig
behavioral2/memory/4216-553-0x00007FF6C5460000-0x00007FF6C5852000-memory.dmp	xmrig
behavioral2/memory/2236-552-0x00007FF65C1D0000-0x00007FF65C5C2000-memory.dmp	xmrig
behavioral2/memory/2980-567-0x00007FF7879C0000-0x00007FF787DB2000-memory.dmp	xmrig
behavioral2/memory/2472-566-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp	xmrig
behavioral2/memory/3168-565-0x00007FF62FFB0000-0x00007FF6303A2000-memory.dmp	xmrig
behavioral2/memory/1912-564-0x00007FF71F220000-0x00007FF71F612000-memory.dmp	xmrig
behavioral2/memory/5080-563-0x00007FF66D9F0000-0x00007FF66DDE2000-memory.dmp	xmrig
behavioral2/memory/1392-425-0x00007FF674830000-0x00007FF674C22000-memory.dmp	xmrig
behavioral2/memory/4992-421-0x00007FF7A6620000-0x00007FF7A6A12000-memory.dmp	xmrig
behavioral2/memory/1904-372-0x00007FF6D8B60000-0x00007FF6D8F52000-memory.dmp	xmrig
behavioral2/memory/1460-306-0x00007FF6D5B60000-0x00007FF6D5F52000-memory.dmp	xmrig
behavioral2/memory/4708-269-0x00007FF6E0520000-0x00007FF6E0912000-memory.dmp	xmrig
behavioral2/memory/4548-232-0x00007FF697050000-0x00007FF697442000-memory.dmp	xmrig
behavioral2/memory/2384-16-0x00007FF741900000-0x00007FF741CF2000-memory.dmp	xmrig
behavioral2/memory/2384-2776-0x00007FF741900000-0x00007FF741CF2000-memory.dmp	xmrig
behavioral2/memory/2384-2810-0x00007FF741900000-0x00007FF741CF2000-memory.dmp	xmrig
behavioral2/memory/3168-2815-0x00007FF62FFB0000-0x00007FF6303A2000-memory.dmp	xmrig
behavioral2/memory/2472-2821-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp	xmrig
behavioral2/memory/4708-2819-0x00007FF6E0520000-0x00007FF6E0912000-memory.dmp	xmrig
behavioral2/memory/5064-2827-0x00007FF6AD790000-0x00007FF6ADB82000-memory.dmp	xmrig
behavioral2/memory/2236-2831-0x00007FF65C1D0000-0x00007FF65C5C2000-memory.dmp	xmrig
behavioral2/memory/4216-2837-0x00007FF6C5460000-0x00007FF6C5852000-memory.dmp	xmrig
behavioral2/memory/4220-2839-0x00007FF766210000-0x00007FF766602000-memory.dmp	xmrig
behavioral2/memory/3216-2841-0x00007FF691830000-0x00007FF691C22000-memory.dmp	xmrig
behavioral2/memory/4564-2835-0x00007FF7E6B10000-0x00007FF7E6F02000-memory.dmp	xmrig
behavioral2/memory/1392-2833-0x00007FF674830000-0x00007FF674C22000-memory.dmp	xmrig
behavioral2/memory/4992-2829-0x00007FF7A6620000-0x00007FF7A6A12000-memory.dmp	xmrig
behavioral2/memory/4688-2846-0x00007FF7EE450000-0x00007FF7EE842000-memory.dmp	xmrig
behavioral2/memory/3776-2851-0x00007FF76B430000-0x00007FF76B822000-memory.dmp	xmrig
behavioral2/memory/1912-2853-0x00007FF71F220000-0x00007FF71F612000-memory.dmp	xmrig
behavioral2/memory/2192-2855-0x00007FF71F7C0000-0x00007FF71FBB2000-memory.dmp	xmrig
behavioral2/memory/2980-2849-0x00007FF7879C0000-0x00007FF787DB2000-memory.dmp	xmrig
behavioral2/memory/3056-2859-0x00007FF77B000000-0x00007FF77B3F2000-memory.dmp	xmrig
behavioral2/memory/5080-2863-0x00007FF66D9F0000-0x00007FF66DDE2000-memory.dmp	xmrig
behavioral2/memory/2520-2844-0x00007FF6F20A0000-0x00007FF6F2492000-memory.dmp	xmrig
behavioral2/memory/2972-2847-0x00007FF6EBEC0000-0x00007FF6EC2B2000-memory.dmp	xmrig
behavioral2/memory/1460-2826-0x00007FF6D5B60000-0x00007FF6D5F52000-memory.dmp	xmrig
behavioral2/memory/1904-2823-0x00007FF6D8B60000-0x00007FF6D8F52000-memory.dmp	xmrig
behavioral2/memory/4548-2817-0x00007FF697050000-0x00007FF697442000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
512	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2384	KgWvNjS.exe
3168	pufenvp.exe
4548	tyvcbHq.exe
4708	HAVbdVC.exe
2472	qfaCCRx.exe
1460	RHmvgnE.exe
1904	prSNimg.exe
4992	MOHwenF.exe
1392	WbPJXyW.exe
5064	TXNGJti.exe
2236	RnguMWx.exe
4216	WbQzVzl.exe
2972	lpAnsDo.exe
4688	NLvhKUW.exe
2520	RieEoVO.exe
4220	zOhmyhi.exe
3216	sSnUpFs.exe
2192	ZXUkZxO.exe
2980	foxFdPB.exe
4564	VzQeTgw.exe
3056	KQVTTpa.exe
3776	MEytpdq.exe
5080	oQdDzYI.exe
1912	bLMGNiy.exe
3528	wOPxxiw.exe
3040	lMqMWIA.exe
4912	dkNlqHq.exe
4632	YQPqIqq.exe
1100	QrYFhXJ.exe
4988	qFtywUA.exe
3724	wWqWJSx.exe
840	eqlUkQD.exe
3312	XizTcEl.exe
4728	HIcvtHd.exe
4128	KuIUDTy.exe
1396	hFQiREa.exe
3336	LzCxcAx.exe
4108	ApAlEDJ.exe
2440	HbQONHD.exe
3384	WvyWEwr.exe
1696	WprMzMe.exe
4100	tJIcGvA.exe
3908	ndfCOeM.exe
3944	irlZVxE.exe
3960	fOmnyjK.exe
440	kUQjUwi.exe
2368	nhjvICw.exe
3324	mRXWvGN.exe
1492	htFXnBO.exe
4012	LdyJSPv.exe
696	mzTmKBX.exe
1880	YZjpEvw.exe
5056	WTUmQGO.exe
3144	uebFgWl.exe
4148	NRYUnUF.exe
3888	UuHyktW.exe
4192	kzCwObo.exe
4440	hzaDZIb.exe
4696	gmHbGZq.exe
4416	jEiMUZh.exe
2400	UayDqun.exe
3596	ibNPwDM.exe
768	RBEoWkZ.exe
552	IrfRhfA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2608-0-0x00007FF777060000-0x00007FF777452000-memory.dmp	upx
behavioral2/files/0x00080000000233ea-5.dat	upx
behavioral2/files/0x00070000000233f1-19.dat	upx
behavioral2/files/0x00070000000233f2-25.dat	upx
behavioral2/files/0x00070000000233ee-37.dat	upx
behavioral2/files/0x0007000000023405-123.dat	upx
behavioral2/files/0x000700000002340d-168.dat	upx
behavioral2/memory/5064-492-0x00007FF6AD790000-0x00007FF6ADB82000-memory.dmp	upx
behavioral2/memory/2520-556-0x00007FF6F20A0000-0x00007FF6F2492000-memory.dmp	upx
behavioral2/memory/3776-562-0x00007FF76B430000-0x00007FF76B822000-memory.dmp	upx
behavioral2/memory/3056-561-0x00007FF77B000000-0x00007FF77B3F2000-memory.dmp	upx
behavioral2/memory/4564-560-0x00007FF7E6B10000-0x00007FF7E6F02000-memory.dmp	upx
behavioral2/memory/2192-559-0x00007FF71F7C0000-0x00007FF71FBB2000-memory.dmp	upx
behavioral2/memory/3216-558-0x00007FF691830000-0x00007FF691C22000-memory.dmp	upx
behavioral2/memory/4220-557-0x00007FF766210000-0x00007FF766602000-memory.dmp	upx
behavioral2/memory/4688-555-0x00007FF7EE450000-0x00007FF7EE842000-memory.dmp	upx
behavioral2/memory/2972-554-0x00007FF6EBEC0000-0x00007FF6EC2B2000-memory.dmp	upx
behavioral2/memory/4216-553-0x00007FF6C5460000-0x00007FF6C5852000-memory.dmp	upx
behavioral2/memory/2236-552-0x00007FF65C1D0000-0x00007FF65C5C2000-memory.dmp	upx
behavioral2/memory/2980-567-0x00007FF7879C0000-0x00007FF787DB2000-memory.dmp	upx
behavioral2/memory/2472-566-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp	upx
behavioral2/memory/3168-565-0x00007FF62FFB0000-0x00007FF6303A2000-memory.dmp	upx
behavioral2/memory/1912-564-0x00007FF71F220000-0x00007FF71F612000-memory.dmp	upx
behavioral2/memory/5080-563-0x00007FF66D9F0000-0x00007FF66DDE2000-memory.dmp	upx
behavioral2/memory/1392-425-0x00007FF674830000-0x00007FF674C22000-memory.dmp	upx
behavioral2/memory/4992-421-0x00007FF7A6620000-0x00007FF7A6A12000-memory.dmp	upx
behavioral2/memory/1904-372-0x00007FF6D8B60000-0x00007FF6D8F52000-memory.dmp	upx
behavioral2/memory/1460-306-0x00007FF6D5B60000-0x00007FF6D5F52000-memory.dmp	upx
behavioral2/memory/4708-269-0x00007FF6E0520000-0x00007FF6E0912000-memory.dmp	upx
behavioral2/memory/4548-232-0x00007FF697050000-0x00007FF697442000-memory.dmp	upx
behavioral2/files/0x0007000000023414-203.dat	upx
behavioral2/files/0x0007000000023403-198.dat	upx
behavioral2/files/0x0007000000023413-195.dat	upx
behavioral2/files/0x0007000000023408-190.dat	upx
behavioral2/files/0x0007000000023407-189.dat	upx
behavioral2/files/0x0007000000023412-188.dat	upx
behavioral2/files/0x0007000000023411-180.dat	upx
behavioral2/files/0x0007000000023410-178.dat	upx
behavioral2/files/0x0007000000023406-175.dat	upx
behavioral2/files/0x000700000002340f-174.dat	upx
behavioral2/files/0x0007000000023400-172.dat	upx
behavioral2/files/0x000700000002340e-171.dat	upx
behavioral2/files/0x000700000002340b-163.dat	upx
behavioral2/files/0x0007000000023404-160.dat	upx
behavioral2/files/0x000700000002340a-158.dat	upx
behavioral2/files/0x00080000000233ff-206.dat	upx
behavioral2/files/0x00070000000233f9-140.dat	upx
behavioral2/files/0x0007000000023401-136.dat	upx
behavioral2/files/0x000700000002340c-167.dat	upx
behavioral2/files/0x00070000000233fc-116.dat	upx
behavioral2/files/0x00070000000233fb-154.dat	upx
behavioral2/files/0x00070000000233fa-111.dat	upx
behavioral2/files/0x0007000000023409-143.dat	upx
behavioral2/files/0x00070000000233f5-104.dat	upx
behavioral2/files/0x0007000000023402-103.dat	upx
behavioral2/files/0x00070000000233fd-119.dat	upx
behavioral2/files/0x00070000000233f6-88.dat	upx
behavioral2/files/0x00070000000233f8-83.dat	upx
behavioral2/files/0x00070000000233f4-80.dat	upx
behavioral2/files/0x00070000000233f3-59.dat	upx
behavioral2/files/0x00070000000233f7-56.dat	upx
behavioral2/files/0x00070000000233f0-30.dat	upx
behavioral2/files/0x00070000000233ef-27.dat	upx
behavioral2/memory/2384-16-0x00007FF741900000-0x00007FF741CF2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BCedzYX.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\HKiAWQS.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\bggHzhu.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\gjTcLTJ.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\sHihAPM.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\EdKFVWb.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\DMdvcVt.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\erqglkw.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\OYDFfSj.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\hCyKQTM.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\YUNaVNJ.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\lIQUXGu.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\IHmXQXL.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\HoFtBqM.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\AtnXopg.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\caFTflz.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\juMdOve.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\lGNfKaJ.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\TrCCjbM.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\YHphxld.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\LcDMviz.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\LlvzVDW.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\ZFtCwfn.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\JqRlvRp.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\yFdurCJ.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\rGlXghz.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\ZvMttSY.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\tfVQpeA.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\LrNZwUQ.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\byPckFx.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\KAlqrNs.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\gstNofz.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\oTYXOKl.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\ZclLKLQ.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\IrfRhfA.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\dokrLtL.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\vNGCbtN.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\dTMtdeh.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\mXiCOyb.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\wFKFVOq.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\nKeQoKR.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\wQaWGSG.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\jPWcIGq.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\DarSHFc.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\auuXcLw.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\TJMlVvq.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\pRfRAJa.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\AoHdShL.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\uLcWBYa.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\pufenvp.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\svOUaCn.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\jgaGGSI.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\LzejvMj.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\TmrmLaz.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\nSftzTA.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\IHBdgiB.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\lAblYve.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\wqEnPBP.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\pDbyqaA.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\Ykektnc.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\wtgTOUx.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\SGwlerl.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\DDnhakR.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
File created	C:\Windows\System\xxAeFDj.exe	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
512	powershell.exe
512	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
Token: SeDebugPrivilege	512	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 512	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	84
PID 2608 wrote to memory of 512	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	84
PID 2608 wrote to memory of 2384	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	85
PID 2608 wrote to memory of 2384	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	85
PID 2608 wrote to memory of 2472	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	86
PID 2608 wrote to memory of 2472	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	86
PID 2608 wrote to memory of 3168	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	87
PID 2608 wrote to memory of 3168	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	87
PID 2608 wrote to memory of 4548	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	88
PID 2608 wrote to memory of 4548	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	88
PID 2608 wrote to memory of 4708	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	89
PID 2608 wrote to memory of 4708	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	89
PID 2608 wrote to memory of 1460	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	90
PID 2608 wrote to memory of 1460	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	90
PID 2608 wrote to memory of 1904	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	91
PID 2608 wrote to memory of 1904	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	91
PID 2608 wrote to memory of 4992	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	92
PID 2608 wrote to memory of 4992	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	92
PID 2608 wrote to memory of 4216	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	93
PID 2608 wrote to memory of 4216	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	93
PID 2608 wrote to memory of 1392	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	94
PID 2608 wrote to memory of 1392	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	94
PID 2608 wrote to memory of 5064	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	95
PID 2608 wrote to memory of 5064	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	95
PID 2608 wrote to memory of 2236	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	96
PID 2608 wrote to memory of 2236	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	96
PID 2608 wrote to memory of 2972	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	97
PID 2608 wrote to memory of 2972	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	97
PID 2608 wrote to memory of 4688	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	98
PID 2608 wrote to memory of 4688	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	98
PID 2608 wrote to memory of 2520	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	99
PID 2608 wrote to memory of 2520	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	99
PID 2608 wrote to memory of 4220	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	100
PID 2608 wrote to memory of 4220	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	100
PID 2608 wrote to memory of 3216	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	101
PID 2608 wrote to memory of 3216	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	101
PID 2608 wrote to memory of 2192	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	102
PID 2608 wrote to memory of 2192	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	102
PID 2608 wrote to memory of 2980	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	103
PID 2608 wrote to memory of 2980	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	103
PID 2608 wrote to memory of 4564	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	104
PID 2608 wrote to memory of 4564	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	104
PID 2608 wrote to memory of 3056	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	105
PID 2608 wrote to memory of 3056	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	105
PID 2608 wrote to memory of 3776	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	106
PID 2608 wrote to memory of 3776	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	106
PID 2608 wrote to memory of 5080	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	107
PID 2608 wrote to memory of 5080	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	107
PID 2608 wrote to memory of 1912	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	108
PID 2608 wrote to memory of 1912	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	108
PID 2608 wrote to memory of 3528	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	109
PID 2608 wrote to memory of 3528	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	109
PID 2608 wrote to memory of 3040	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	110
PID 2608 wrote to memory of 3040	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	110
PID 2608 wrote to memory of 4912	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	111
PID 2608 wrote to memory of 4912	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	111
PID 2608 wrote to memory of 4632	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	112
PID 2608 wrote to memory of 4632	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	112
PID 2608 wrote to memory of 1100	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	113
PID 2608 wrote to memory of 1100	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	113
PID 2608 wrote to memory of 4988	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	114
PID 2608 wrote to memory of 4988	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	114
PID 2608 wrote to memory of 3724	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	115
PID 2608 wrote to memory of 3724	2608	2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d7601d9930ef3c7ae3e374799233410_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:512
- C:\Windows\System\KgWvNjS.exe
  C:\Windows\System\KgWvNjS.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\qfaCCRx.exe
  C:\Windows\System\qfaCCRx.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\pufenvp.exe
  C:\Windows\System\pufenvp.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\tyvcbHq.exe
  C:\Windows\System\tyvcbHq.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\HAVbdVC.exe
  C:\Windows\System\HAVbdVC.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\RHmvgnE.exe
  C:\Windows\System\RHmvgnE.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\prSNimg.exe
  C:\Windows\System\prSNimg.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\MOHwenF.exe
  C:\Windows\System\MOHwenF.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\WbQzVzl.exe
  C:\Windows\System\WbQzVzl.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\WbPJXyW.exe
  C:\Windows\System\WbPJXyW.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\TXNGJti.exe
  C:\Windows\System\TXNGJti.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\RnguMWx.exe
  C:\Windows\System\RnguMWx.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\lpAnsDo.exe
  C:\Windows\System\lpAnsDo.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\NLvhKUW.exe
  C:\Windows\System\NLvhKUW.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\RieEoVO.exe
  C:\Windows\System\RieEoVO.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\zOhmyhi.exe
  C:\Windows\System\zOhmyhi.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\sSnUpFs.exe
  C:\Windows\System\sSnUpFs.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\ZXUkZxO.exe
  C:\Windows\System\ZXUkZxO.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\foxFdPB.exe
  C:\Windows\System\foxFdPB.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\VzQeTgw.exe
  C:\Windows\System\VzQeTgw.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\KQVTTpa.exe
  C:\Windows\System\KQVTTpa.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\MEytpdq.exe
  C:\Windows\System\MEytpdq.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\oQdDzYI.exe
  C:\Windows\System\oQdDzYI.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\bLMGNiy.exe
  C:\Windows\System\bLMGNiy.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\wOPxxiw.exe
  C:\Windows\System\wOPxxiw.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\lMqMWIA.exe
  C:\Windows\System\lMqMWIA.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\dkNlqHq.exe
  C:\Windows\System\dkNlqHq.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\YQPqIqq.exe
  C:\Windows\System\YQPqIqq.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\QrYFhXJ.exe
  C:\Windows\System\QrYFhXJ.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\qFtywUA.exe
  C:\Windows\System\qFtywUA.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\wWqWJSx.exe
  C:\Windows\System\wWqWJSx.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\eqlUkQD.exe
  C:\Windows\System\eqlUkQD.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\XizTcEl.exe
  C:\Windows\System\XizTcEl.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\HIcvtHd.exe
  C:\Windows\System\HIcvtHd.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\KuIUDTy.exe
  C:\Windows\System\KuIUDTy.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\hFQiREa.exe
  C:\Windows\System\hFQiREa.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\LzCxcAx.exe
  C:\Windows\System\LzCxcAx.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\ApAlEDJ.exe
  C:\Windows\System\ApAlEDJ.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\HbQONHD.exe
  C:\Windows\System\HbQONHD.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\WvyWEwr.exe
  C:\Windows\System\WvyWEwr.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\WprMzMe.exe
  C:\Windows\System\WprMzMe.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\tJIcGvA.exe
  C:\Windows\System\tJIcGvA.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\ndfCOeM.exe
  C:\Windows\System\ndfCOeM.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\irlZVxE.exe
  C:\Windows\System\irlZVxE.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\fOmnyjK.exe
  C:\Windows\System\fOmnyjK.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\uebFgWl.exe
  C:\Windows\System\uebFgWl.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\kUQjUwi.exe
  C:\Windows\System\kUQjUwi.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\gmHbGZq.exe
  C:\Windows\System\gmHbGZq.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\UayDqun.exe
  C:\Windows\System\UayDqun.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\nhjvICw.exe
  C:\Windows\System\nhjvICw.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\mRXWvGN.exe
  C:\Windows\System\mRXWvGN.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\htFXnBO.exe
  C:\Windows\System\htFXnBO.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\LdyJSPv.exe
  C:\Windows\System\LdyJSPv.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\mzTmKBX.exe
  C:\Windows\System\mzTmKBX.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\YZjpEvw.exe
  C:\Windows\System\YZjpEvw.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\WTUmQGO.exe
  C:\Windows\System\WTUmQGO.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\NRYUnUF.exe
  C:\Windows\System\NRYUnUF.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\UuHyktW.exe
  C:\Windows\System\UuHyktW.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\kzCwObo.exe
  C:\Windows\System\kzCwObo.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\hzaDZIb.exe
  C:\Windows\System\hzaDZIb.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\jEiMUZh.exe
  C:\Windows\System\jEiMUZh.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\ibNPwDM.exe
  C:\Windows\System\ibNPwDM.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\RBEoWkZ.exe
  C:\Windows\System\RBEoWkZ.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\IrfRhfA.exe
  C:\Windows\System\IrfRhfA.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\asqtniJ.exe
  C:\Windows\System\asqtniJ.exe
  2⤵
  PID:3320
- C:\Windows\System\LHZaWby.exe
  C:\Windows\System\LHZaWby.exe
  2⤵
  PID:3572
- C:\Windows\System\KbaAiUo.exe
  C:\Windows\System\KbaAiUo.exe
  2⤵
  PID:3948
- C:\Windows\System\DBfNqRt.exe
  C:\Windows\System\DBfNqRt.exe
  2⤵
  PID:4408
- C:\Windows\System\GiAbQqT.exe
  C:\Windows\System\GiAbQqT.exe
  2⤵
  PID:3180
- C:\Windows\System\gHKgDrj.exe
  C:\Windows\System\gHKgDrj.exe
  2⤵
  PID:4572
- C:\Windows\System\FfZPDPP.exe
  C:\Windows\System\FfZPDPP.exe
  2⤵
  PID:4724
- C:\Windows\System\FLdTDkA.exe
  C:\Windows\System\FLdTDkA.exe
  2⤵
  PID:1604
- C:\Windows\System\tXybuzf.exe
  C:\Windows\System\tXybuzf.exe
  2⤵
  PID:5100
- C:\Windows\System\dAhHcoU.exe
  C:\Windows\System\dAhHcoU.exe
  2⤵
  PID:4448
- C:\Windows\System\pHWfZnp.exe
  C:\Windows\System\pHWfZnp.exe
  2⤵
  PID:4364
- C:\Windows\System\OqxzInP.exe
  C:\Windows\System\OqxzInP.exe
  2⤵
  PID:4608
- C:\Windows\System\EoGCnEQ.exe
  C:\Windows\System\EoGCnEQ.exe
  2⤵
  PID:4184
- C:\Windows\System\ydUrmdY.exe
  C:\Windows\System\ydUrmdY.exe
  2⤵
  PID:2056
- C:\Windows\System\mQdyJql.exe
  C:\Windows\System\mQdyJql.exe
  2⤵
  PID:4852
- C:\Windows\System\XsQTWKD.exe
  C:\Windows\System\XsQTWKD.exe
  2⤵
  PID:1072
- C:\Windows\System\Ljbpgqy.exe
  C:\Windows\System\Ljbpgqy.exe
  2⤵
  PID:1112
- C:\Windows\System\LZGnAJc.exe
  C:\Windows\System\LZGnAJc.exe
  2⤵
  PID:5140
- C:\Windows\System\SstLJjI.exe
  C:\Windows\System\SstLJjI.exe
  2⤵
  PID:5164
- C:\Windows\System\IFbQdNo.exe
  C:\Windows\System\IFbQdNo.exe
  2⤵
  PID:5184
- C:\Windows\System\UjilcDF.exe
  C:\Windows\System\UjilcDF.exe
  2⤵
  PID:5200
- C:\Windows\System\CZWdRDk.exe
  C:\Windows\System\CZWdRDk.exe
  2⤵
  PID:5216
- C:\Windows\System\CbtlZvW.exe
  C:\Windows\System\CbtlZvW.exe
  2⤵
  PID:5232
- C:\Windows\System\wVZgeSG.exe
  C:\Windows\System\wVZgeSG.exe
  2⤵
  PID:5276
- C:\Windows\System\nEnUoli.exe
  C:\Windows\System\nEnUoli.exe
  2⤵
  PID:5296
- C:\Windows\System\NsoKnGg.exe
  C:\Windows\System\NsoKnGg.exe
  2⤵
  PID:5320
- C:\Windows\System\NjTGCok.exe
  C:\Windows\System\NjTGCok.exe
  2⤵
  PID:5336
- C:\Windows\System\waqjrJo.exe
  C:\Windows\System\waqjrJo.exe
  2⤵
  PID:5360
- C:\Windows\System\MgUXQrv.exe
  C:\Windows\System\MgUXQrv.exe
  2⤵
  PID:5376
- C:\Windows\System\eRXMKzC.exe
  C:\Windows\System\eRXMKzC.exe
  2⤵
  PID:5404
- C:\Windows\System\rNhjiws.exe
  C:\Windows\System\rNhjiws.exe
  2⤵
  PID:5420
- C:\Windows\System\BMWrvGp.exe
  C:\Windows\System\BMWrvGp.exe
  2⤵
  PID:5452
- C:\Windows\System\LiaMulQ.exe
  C:\Windows\System\LiaMulQ.exe
  2⤵
  PID:5468
- C:\Windows\System\riUvSEj.exe
  C:\Windows\System\riUvSEj.exe
  2⤵
  PID:5492
- C:\Windows\System\OYDFfSj.exe
  C:\Windows\System\OYDFfSj.exe
  2⤵
  PID:5516
- C:\Windows\System\uonqniu.exe
  C:\Windows\System\uonqniu.exe
  2⤵
  PID:5572
- C:\Windows\System\QYbjVZB.exe
  C:\Windows\System\QYbjVZB.exe
  2⤵
  PID:5588
- C:\Windows\System\qFfFKAY.exe
  C:\Windows\System\qFfFKAY.exe
  2⤵
  PID:5620
- C:\Windows\System\rWopQzY.exe
  C:\Windows\System\rWopQzY.exe
  2⤵
  PID:5652
- C:\Windows\System\GFYRaYj.exe
  C:\Windows\System\GFYRaYj.exe
  2⤵
  PID:5676
- C:\Windows\System\buiJRoD.exe
  C:\Windows\System\buiJRoD.exe
  2⤵
  PID:5704
- C:\Windows\System\ZSRYWqt.exe
  C:\Windows\System\ZSRYWqt.exe
  2⤵
  PID:5728
- C:\Windows\System\XEHxNMS.exe
  C:\Windows\System\XEHxNMS.exe
  2⤵
  PID:5752
- C:\Windows\System\zcIeDQE.exe
  C:\Windows\System\zcIeDQE.exe
  2⤵
  PID:5768
- C:\Windows\System\CfTuuKg.exe
  C:\Windows\System\CfTuuKg.exe
  2⤵
  PID:5784
- C:\Windows\System\wKFwmmp.exe
  C:\Windows\System\wKFwmmp.exe
  2⤵
  PID:5800
- C:\Windows\System\DqixIaZ.exe
  C:\Windows\System\DqixIaZ.exe
  2⤵
  PID:5816
- C:\Windows\System\KPPCZSO.exe
  C:\Windows\System\KPPCZSO.exe
  2⤵
  PID:5844
- C:\Windows\System\WjiadpB.exe
  C:\Windows\System\WjiadpB.exe
  2⤵
  PID:5860
- C:\Windows\System\UIJmMUb.exe
  C:\Windows\System\UIJmMUb.exe
  2⤵
  PID:5884
- C:\Windows\System\dizwocF.exe
  C:\Windows\System\dizwocF.exe
  2⤵
  PID:5908
- C:\Windows\System\uXiIUvu.exe
  C:\Windows\System\uXiIUvu.exe
  2⤵
  PID:5924
- C:\Windows\System\DaFVGhk.exe
  C:\Windows\System\DaFVGhk.exe
  2⤵
  PID:5948
- C:\Windows\System\eoTAOMm.exe
  C:\Windows\System\eoTAOMm.exe
  2⤵
  PID:6020
- C:\Windows\System\PWcsAxU.exe
  C:\Windows\System\PWcsAxU.exe
  2⤵
  PID:6060
- C:\Windows\System\anBUuYz.exe
  C:\Windows\System\anBUuYz.exe
  2⤵
  PID:6080
- C:\Windows\System\NtJEHrd.exe
  C:\Windows\System\NtJEHrd.exe
  2⤵
  PID:6108
- C:\Windows\System\iynigip.exe
  C:\Windows\System\iynigip.exe
  2⤵
  PID:6132
- C:\Windows\System\uYmzxAd.exe
  C:\Windows\System\uYmzxAd.exe
  2⤵
  PID:920
- C:\Windows\System\WqaUJHz.exe
  C:\Windows\System\WqaUJHz.exe
  2⤵
  PID:2292
- C:\Windows\System\TrCCjbM.exe
  C:\Windows\System\TrCCjbM.exe
  2⤵
  PID:3640
- C:\Windows\System\fuYdcas.exe
  C:\Windows\System\fuYdcas.exe
  2⤵
  PID:3012
- C:\Windows\System\ulmPDIo.exe
  C:\Windows\System\ulmPDIo.exe
  2⤵
  PID:4472
- C:\Windows\System\JJqWiVd.exe
  C:\Windows\System\JJqWiVd.exe
  2⤵
  PID:3936
- C:\Windows\System\gFhdNMI.exe
  C:\Windows\System\gFhdNMI.exe
  2⤵
  PID:412
- C:\Windows\System\DNQaXKp.exe
  C:\Windows\System\DNQaXKp.exe
  2⤵
  PID:3244
- C:\Windows\System\KaldbFF.exe
  C:\Windows\System\KaldbFF.exe
  2⤵
  PID:4532
- C:\Windows\System\rUdIUZp.exe
  C:\Windows\System\rUdIUZp.exe
  2⤵
  PID:4956
- C:\Windows\System\suPDowz.exe
  C:\Windows\System\suPDowz.exe
  2⤵
  PID:4516
- C:\Windows\System\YTgjNeH.exe
  C:\Windows\System\YTgjNeH.exe
  2⤵
  PID:796
- C:\Windows\System\NRasbap.exe
  C:\Windows\System\NRasbap.exe
  2⤵
  PID:5312
- C:\Windows\System\gKziZmx.exe
  C:\Windows\System\gKziZmx.exe
  2⤵
  PID:5356
- C:\Windows\System\mzHVlfV.exe
  C:\Windows\System\mzHVlfV.exe
  2⤵
  PID:392
- C:\Windows\System\nBQZjWo.exe
  C:\Windows\System\nBQZjWo.exe
  2⤵
  PID:4316
- C:\Windows\System\rVAAiln.exe
  C:\Windows\System\rVAAiln.exe
  2⤵
  PID:1000
- C:\Windows\System\UaNqYGR.exe
  C:\Windows\System\UaNqYGR.exe
  2⤵
  PID:5008
- C:\Windows\System\jDzRXaH.exe
  C:\Windows\System\jDzRXaH.exe
  2⤵
  PID:3304
- C:\Windows\System\EcboeEN.exe
  C:\Windows\System\EcboeEN.exe
  2⤵
  PID:5960
- C:\Windows\System\TvRWtlN.exe
  C:\Windows\System\TvRWtlN.exe
  2⤵
  PID:3752
- C:\Windows\System\ioOITAa.exe
  C:\Windows\System\ioOITAa.exe
  2⤵
  PID:2040
- C:\Windows\System\LBeXbug.exe
  C:\Windows\System\LBeXbug.exe
  2⤵
  PID:5152
- C:\Windows\System\LtdBwmp.exe
  C:\Windows\System\LtdBwmp.exe
  2⤵
  PID:5208
- C:\Windows\System\JXhJXtw.exe
  C:\Windows\System\JXhJXtw.exe
  2⤵
  PID:5172
- C:\Windows\System\rLvUpsU.exe
  C:\Windows\System\rLvUpsU.exe
  2⤵
  PID:6164
- C:\Windows\System\aEsPvlZ.exe
  C:\Windows\System\aEsPvlZ.exe
  2⤵
  PID:6180
- C:\Windows\System\JKtHAPT.exe
  C:\Windows\System\JKtHAPT.exe
  2⤵
  PID:6196
- C:\Windows\System\CiTlHdl.exe
  C:\Windows\System\CiTlHdl.exe
  2⤵
  PID:6216
- C:\Windows\System\cynSwKR.exe
  C:\Windows\System\cynSwKR.exe
  2⤵
  PID:6240
- C:\Windows\System\DaNFNkw.exe
  C:\Windows\System\DaNFNkw.exe
  2⤵
  PID:6268
- C:\Windows\System\BvHjSTW.exe
  C:\Windows\System\BvHjSTW.exe
  2⤵
  PID:6284
- C:\Windows\System\wkFncGr.exe
  C:\Windows\System\wkFncGr.exe
  2⤵
  PID:6312
- C:\Windows\System\lAblYve.exe
  C:\Windows\System\lAblYve.exe
  2⤵
  PID:6332
- C:\Windows\System\IQsdbTT.exe
  C:\Windows\System\IQsdbTT.exe
  2⤵
  PID:6348
- C:\Windows\System\wqEnPBP.exe
  C:\Windows\System\wqEnPBP.exe
  2⤵
  PID:6364
- C:\Windows\System\mRaxvYn.exe
  C:\Windows\System\mRaxvYn.exe
  2⤵
  PID:6404
- C:\Windows\System\kVPGedY.exe
  C:\Windows\System\kVPGedY.exe
  2⤵
  PID:6428
- C:\Windows\System\PPzjHEH.exe
  C:\Windows\System\PPzjHEH.exe
  2⤵
  PID:6448
- C:\Windows\System\uarWzxz.exe
  C:\Windows\System\uarWzxz.exe
  2⤵
  PID:6468
- C:\Windows\System\NwyLYFh.exe
  C:\Windows\System\NwyLYFh.exe
  2⤵
  PID:6488
- C:\Windows\System\EcYckIF.exe
  C:\Windows\System\EcYckIF.exe
  2⤵
  PID:6508
- C:\Windows\System\AgNtorE.exe
  C:\Windows\System\AgNtorE.exe
  2⤵
  PID:6536
- C:\Windows\System\tCgTIkI.exe
  C:\Windows\System\tCgTIkI.exe
  2⤵
  PID:6552
- C:\Windows\System\suCehhE.exe
  C:\Windows\System\suCehhE.exe
  2⤵
  PID:6576
- C:\Windows\System\FRiUBMx.exe
  C:\Windows\System\FRiUBMx.exe
  2⤵
  PID:6592
- C:\Windows\System\QRILCDD.exe
  C:\Windows\System\QRILCDD.exe
  2⤵
  PID:6616
- C:\Windows\System\ZdBwzNg.exe
  C:\Windows\System\ZdBwzNg.exe
  2⤵
  PID:6636
- C:\Windows\System\qunYhbz.exe
  C:\Windows\System\qunYhbz.exe
  2⤵
  PID:6660
- C:\Windows\System\pnoKcTI.exe
  C:\Windows\System\pnoKcTI.exe
  2⤵
  PID:6688
- C:\Windows\System\MTgxWan.exe
  C:\Windows\System\MTgxWan.exe
  2⤵
  PID:6704
- C:\Windows\System\fLOxzEB.exe
  C:\Windows\System\fLOxzEB.exe
  2⤵
  PID:6728
- C:\Windows\System\SdCsvWF.exe
  C:\Windows\System\SdCsvWF.exe
  2⤵
  PID:6756
- C:\Windows\System\LnwwVYo.exe
  C:\Windows\System\LnwwVYo.exe
  2⤵
  PID:6788
- C:\Windows\System\wdYnLxr.exe
  C:\Windows\System\wdYnLxr.exe
  2⤵
  PID:6816
- C:\Windows\System\EJIsFsJ.exe
  C:\Windows\System\EJIsFsJ.exe
  2⤵
  PID:6836
- C:\Windows\System\jLTaywL.exe
  C:\Windows\System\jLTaywL.exe
  2⤵
  PID:6856
- C:\Windows\System\QmyTwQX.exe
  C:\Windows\System\QmyTwQX.exe
  2⤵
  PID:6876
- C:\Windows\System\aPJNPgT.exe
  C:\Windows\System\aPJNPgT.exe
  2⤵
  PID:7052
- C:\Windows\System\PCEEUZQ.exe
  C:\Windows\System\PCEEUZQ.exe
  2⤵
  PID:7068
- C:\Windows\System\nAnkveh.exe
  C:\Windows\System\nAnkveh.exe
  2⤵
  PID:7084
- C:\Windows\System\eVWeAWH.exe
  C:\Windows\System\eVWeAWH.exe
  2⤵
  PID:7100
- C:\Windows\System\NqsaCEt.exe
  C:\Windows\System\NqsaCEt.exe
  2⤵
  PID:7116
- C:\Windows\System\HUwdNhe.exe
  C:\Windows\System\HUwdNhe.exe
  2⤵
  PID:7136
- C:\Windows\System\bViqqao.exe
  C:\Windows\System\bViqqao.exe
  2⤵
  PID:7152
- C:\Windows\System\DDILgso.exe
  C:\Windows\System\DDILgso.exe
  2⤵
  PID:6128
- C:\Windows\System\CkKAPBR.exe
  C:\Windows\System\CkKAPBR.exe
  2⤵
  PID:3700
- C:\Windows\System\lBCOWnI.exe
  C:\Windows\System\lBCOWnI.exe
  2⤵
  PID:3520
- C:\Windows\System\IRqRrpf.exe
  C:\Windows\System\IRqRrpf.exe
  2⤵
  PID:3116
- C:\Windows\System\aJZLcQP.exe
  C:\Windows\System\aJZLcQP.exe
  2⤵
  PID:5384
- C:\Windows\System\fWpmFFT.exe
  C:\Windows\System\fWpmFFT.exe
  2⤵
  PID:3792
- C:\Windows\System\FDcFZZm.exe
  C:\Windows\System\FDcFZZm.exe
  2⤵
  PID:2976
- C:\Windows\System\JgYGUDV.exe
  C:\Windows\System\JgYGUDV.exe
  2⤵
  PID:5484
- C:\Windows\System\nwShNPM.exe
  C:\Windows\System\nwShNPM.exe
  2⤵
  PID:5532
- C:\Windows\System\yljPqeF.exe
  C:\Windows\System\yljPqeF.exe
  2⤵
  PID:5580
- C:\Windows\System\mYsULjj.exe
  C:\Windows\System\mYsULjj.exe
  2⤵
  PID:5616
- C:\Windows\System\PnNJGIw.exe
  C:\Windows\System\PnNJGIw.exe
  2⤵
  PID:5944
- C:\Windows\System\jUlhNtI.exe
  C:\Windows\System\jUlhNtI.exe
  2⤵
  PID:5660
- C:\Windows\System\IwBgIBY.exe
  C:\Windows\System\IwBgIBY.exe
  2⤵
  PID:5688
- C:\Windows\System\QHeuKdB.exe
  C:\Windows\System\QHeuKdB.exe
  2⤵
  PID:5764
- C:\Windows\System\LmeZxga.exe
  C:\Windows\System\LmeZxga.exe
  2⤵
  PID:5796
- C:\Windows\System\nOXOaEE.exe
  C:\Windows\System\nOXOaEE.exe
  2⤵
  PID:5852
- C:\Windows\System\lYYfQAA.exe
  C:\Windows\System\lYYfQAA.exe
  2⤵
  PID:5900
- C:\Windows\System\ssMRUSr.exe
  C:\Windows\System\ssMRUSr.exe
  2⤵
  PID:6052
- C:\Windows\System\JaEwsyh.exe
  C:\Windows\System\JaEwsyh.exe
  2⤵
  PID:6092
- C:\Windows\System\svOUaCn.exe
  C:\Windows\System\svOUaCn.exe
  2⤵
  PID:672
- C:\Windows\System\hsTWgwz.exe
  C:\Windows\System\hsTWgwz.exe
  2⤵
  PID:1520
- C:\Windows\System\TMTHFAI.exe
  C:\Windows\System\TMTHFAI.exe
  2⤵
  PID:4932
- C:\Windows\System\TVtPGGP.exe
  C:\Windows\System\TVtPGGP.exe
  2⤵
  PID:4424
- C:\Windows\System\sGCFNzl.exe
  C:\Windows\System\sGCFNzl.exe
  2⤵
  PID:4496
- C:\Windows\System\fbZVPBn.exe
  C:\Windows\System\fbZVPBn.exe
  2⤵
  PID:5868
- C:\Windows\System\wQaWGSG.exe
  C:\Windows\System\wQaWGSG.exe
  2⤵
  PID:6252
- C:\Windows\System\LWoiXCs.exe
  C:\Windows\System\LWoiXCs.exe
  2⤵
  PID:6444
- C:\Windows\System\ohUMCDm.exe
  C:\Windows\System\ohUMCDm.exe
  2⤵
  PID:6672
- C:\Windows\System\EdpEecD.exe
  C:\Windows\System\EdpEecD.exe
  2⤵
  PID:6796
- C:\Windows\System\QJqciGK.exe
  C:\Windows\System\QJqciGK.exe
  2⤵
  PID:6032
- C:\Windows\System\CjrUvQF.exe
  C:\Windows\System\CjrUvQF.exe
  2⤵
  PID:6192
- C:\Windows\System\IbOsMzw.exe
  C:\Windows\System\IbOsMzw.exe
  2⤵
  PID:6276
- C:\Windows\System\OHNGEbW.exe
  C:\Windows\System\OHNGEbW.exe
  2⤵
  PID:6360
- C:\Windows\System\WHjgMtt.exe
  C:\Windows\System\WHjgMtt.exe
  2⤵
  PID:6464
- C:\Windows\System\vByCTTa.exe
  C:\Windows\System\vByCTTa.exe
  2⤵
  PID:6632
- C:\Windows\System\iscUrEW.exe
  C:\Windows\System\iscUrEW.exe
  2⤵
  PID:7180
- C:\Windows\System\hZLXnqm.exe
  C:\Windows\System\hZLXnqm.exe
  2⤵
  PID:7196
- C:\Windows\System\Ycydqfe.exe
  C:\Windows\System\Ycydqfe.exe
  2⤵
  PID:7216
- C:\Windows\System\cHpzvRR.exe
  C:\Windows\System\cHpzvRR.exe
  2⤵
  PID:7240
- C:\Windows\System\bsLoNYR.exe
  C:\Windows\System\bsLoNYR.exe
  2⤵
  PID:7260
- C:\Windows\System\eWaeExZ.exe
  C:\Windows\System\eWaeExZ.exe
  2⤵
  PID:7284
- C:\Windows\System\RvgGZfv.exe
  C:\Windows\System\RvgGZfv.exe
  2⤵
  PID:7300
- C:\Windows\System\qOWhRqN.exe
  C:\Windows\System\qOWhRqN.exe
  2⤵
  PID:7324
- C:\Windows\System\bEkWthZ.exe
  C:\Windows\System\bEkWthZ.exe
  2⤵
  PID:7344
- C:\Windows\System\KEzHzYX.exe
  C:\Windows\System\KEzHzYX.exe
  2⤵
  PID:7364
- C:\Windows\System\TzOblYE.exe
  C:\Windows\System\TzOblYE.exe
  2⤵
  PID:7392
- C:\Windows\System\UeTXyit.exe
  C:\Windows\System\UeTXyit.exe
  2⤵
  PID:7408
- C:\Windows\System\NFHjkww.exe
  C:\Windows\System\NFHjkww.exe
  2⤵
  PID:7424
- C:\Windows\System\tRSbcHh.exe
  C:\Windows\System\tRSbcHh.exe
  2⤵
  PID:7444
- C:\Windows\System\jhcEDVV.exe
  C:\Windows\System\jhcEDVV.exe
  2⤵
  PID:7460
- C:\Windows\System\zpgwCtB.exe
  C:\Windows\System\zpgwCtB.exe
  2⤵
  PID:7524
- C:\Windows\System\WpCvCyg.exe
  C:\Windows\System\WpCvCyg.exe
  2⤵
  PID:7908
- C:\Windows\System\UoMtIVa.exe
  C:\Windows\System\UoMtIVa.exe
  2⤵
  PID:7924
- C:\Windows\System\bOSaaYJ.exe
  C:\Windows\System\bOSaaYJ.exe
  2⤵
  PID:7948
- C:\Windows\System\otPomUj.exe
  C:\Windows\System\otPomUj.exe
  2⤵
  PID:7964
- C:\Windows\System\spEbYAn.exe
  C:\Windows\System\spEbYAn.exe
  2⤵
  PID:7984
- C:\Windows\System\tqZwJUd.exe
  C:\Windows\System\tqZwJUd.exe
  2⤵
  PID:8004
- C:\Windows\System\ZNgWyaj.exe
  C:\Windows\System\ZNgWyaj.exe
  2⤵
  PID:8032
- C:\Windows\System\lKpqhOm.exe
  C:\Windows\System\lKpqhOm.exe
  2⤵
  PID:8060
- C:\Windows\System\heIrruR.exe
  C:\Windows\System\heIrruR.exe
  2⤵
  PID:8076
- C:\Windows\System\XThGoIC.exe
  C:\Windows\System\XThGoIC.exe
  2⤵
  PID:8096
- C:\Windows\System\vFNofzZ.exe
  C:\Windows\System\vFNofzZ.exe
  2⤵
  PID:8132
- C:\Windows\System\zrSMzwJ.exe
  C:\Windows\System\zrSMzwJ.exe
  2⤵
  PID:8148
- C:\Windows\System\aQRoRgM.exe
  C:\Windows\System\aQRoRgM.exe
  2⤵
  PID:8172
- C:\Windows\System\McTNcsd.exe
  C:\Windows\System\McTNcsd.exe
  2⤵
  PID:6680
- C:\Windows\System\ktaXwnU.exe
  C:\Windows\System\ktaXwnU.exe
  2⤵
  PID:6804
- C:\Windows\System\bxtkOae.exe
  C:\Windows\System\bxtkOae.exe
  2⤵
  PID:5000
- C:\Windows\System\KEoDrsw.exe
  C:\Windows\System\KEoDrsw.exe
  2⤵
  PID:6356
- C:\Windows\System\TMYltMG.exe
  C:\Windows\System\TMYltMG.exe
  2⤵
  PID:6548
- C:\Windows\System\vzPkQpl.exe
  C:\Windows\System\vzPkQpl.exe
  2⤵
  PID:7236
- C:\Windows\System\bggHzhu.exe
  C:\Windows\System\bggHzhu.exe
  2⤵
  PID:7280
- C:\Windows\System\RUUQdhE.exe
  C:\Windows\System\RUUQdhE.exe
  2⤵
  PID:6852
- C:\Windows\System\yzbiYZF.exe
  C:\Windows\System\yzbiYZF.exe
  2⤵
  PID:7376
- C:\Windows\System\NGPObfm.exe
  C:\Windows\System\NGPObfm.exe
  2⤵
  PID:5192
- C:\Windows\System\RVOJcRT.exe
  C:\Windows\System\RVOJcRT.exe
  2⤵
  PID:6340
- C:\Windows\System\YAnziAN.exe
  C:\Windows\System\YAnziAN.exe
  2⤵
  PID:4272
- C:\Windows\System\XxydCGi.exe
  C:\Windows\System\XxydCGi.exe
  2⤵
  PID:7568
- C:\Windows\System\ElxjWZN.exe
  C:\Windows\System\ElxjWZN.exe
  2⤵
  PID:6400
- C:\Windows\System\rdMNVYo.exe
  C:\Windows\System\rdMNVYo.exe
  2⤵
  PID:6528
- C:\Windows\System\foSUkgq.exe
  C:\Windows\System\foSUkgq.exe
  2⤵
  PID:3316
- C:\Windows\System\SUOhjjb.exe
  C:\Windows\System\SUOhjjb.exe
  2⤵
  PID:6568
- C:\Windows\System\MoIQCSV.exe
  C:\Windows\System\MoIQCSV.exe
  2⤵
  PID:6648
- C:\Windows\System\NGxEeuB.exe
  C:\Windows\System\NGxEeuB.exe
  2⤵
  PID:8196
- C:\Windows\System\REtkxUH.exe
  C:\Windows\System\REtkxUH.exe
  2⤵
  PID:8216
- C:\Windows\System\fDycVBh.exe
  C:\Windows\System\fDycVBh.exe
  2⤵
  PID:8240
- C:\Windows\System\dKCZcCw.exe
  C:\Windows\System\dKCZcCw.exe
  2⤵
  PID:8264
- C:\Windows\System\HdJxChE.exe
  C:\Windows\System\HdJxChE.exe
  2⤵
  PID:8280
- C:\Windows\System\yCrgwgu.exe
  C:\Windows\System\yCrgwgu.exe
  2⤵
  PID:8328
- C:\Windows\System\DarSHFc.exe
  C:\Windows\System\DarSHFc.exe
  2⤵
  PID:8400
- C:\Windows\System\FbFOIcA.exe
  C:\Windows\System\FbFOIcA.exe
  2⤵
  PID:8416
- C:\Windows\System\xzGJvJD.exe
  C:\Windows\System\xzGJvJD.exe
  2⤵
  PID:8448
- C:\Windows\System\anNxahl.exe
  C:\Windows\System\anNxahl.exe
  2⤵
  PID:8464
- C:\Windows\System\DkHcVQl.exe
  C:\Windows\System\DkHcVQl.exe
  2⤵
  PID:8484
- C:\Windows\System\httNihI.exe
  C:\Windows\System\httNihI.exe
  2⤵
  PID:8504
- C:\Windows\System\YVxEGDR.exe
  C:\Windows\System\YVxEGDR.exe
  2⤵
  PID:8528
- C:\Windows\System\LWUqsun.exe
  C:\Windows\System\LWUqsun.exe
  2⤵
  PID:8544
- C:\Windows\System\QwpfJdn.exe
  C:\Windows\System\QwpfJdn.exe
  2⤵
  PID:8564
- C:\Windows\System\uOUDnQb.exe
  C:\Windows\System\uOUDnQb.exe
  2⤵
  PID:8588
- C:\Windows\System\RqbMaFB.exe
  C:\Windows\System\RqbMaFB.exe
  2⤵
  PID:8612
- C:\Windows\System\jjNehsS.exe
  C:\Windows\System\jjNehsS.exe
  2⤵
  PID:8628
- C:\Windows\System\PvMMLGd.exe
  C:\Windows\System\PvMMLGd.exe
  2⤵
  PID:8652
- C:\Windows\System\GKKoRlC.exe
  C:\Windows\System\GKKoRlC.exe
  2⤵
  PID:8676
- C:\Windows\System\lpQUyeY.exe
  C:\Windows\System\lpQUyeY.exe
  2⤵
  PID:8708
- C:\Windows\System\AQApZat.exe
  C:\Windows\System\AQApZat.exe
  2⤵
  PID:8724
- C:\Windows\System\sHQbdII.exe
  C:\Windows\System\sHQbdII.exe
  2⤵
  PID:8748
- C:\Windows\System\ShpQdQz.exe
  C:\Windows\System\ShpQdQz.exe
  2⤵
  PID:8772
- C:\Windows\System\FfMFFOi.exe
  C:\Windows\System\FfMFFOi.exe
  2⤵
  PID:8796
- C:\Windows\System\gSfYXXs.exe
  C:\Windows\System\gSfYXXs.exe
  2⤵
  PID:8824
- C:\Windows\System\OnZNSsk.exe
  C:\Windows\System\OnZNSsk.exe
  2⤵
  PID:8844
- C:\Windows\System\REHeotP.exe
  C:\Windows\System\REHeotP.exe
  2⤵
  PID:8864
- C:\Windows\System\ZRvREeO.exe
  C:\Windows\System\ZRvREeO.exe
  2⤵
  PID:8884
- C:\Windows\System\ZJkGfAl.exe
  C:\Windows\System\ZJkGfAl.exe
  2⤵
  PID:8912
- C:\Windows\System\miTFftq.exe
  C:\Windows\System\miTFftq.exe
  2⤵
  PID:8928
- C:\Windows\System\MLQoGVd.exe
  C:\Windows\System\MLQoGVd.exe
  2⤵
  PID:8964
- C:\Windows\System\SRoXweC.exe
  C:\Windows\System\SRoXweC.exe
  2⤵
  PID:8988
- C:\Windows\System\VyvYsBX.exe
  C:\Windows\System\VyvYsBX.exe
  2⤵
  PID:9080
- C:\Windows\System\FcWCoPU.exe
  C:\Windows\System\FcWCoPU.exe
  2⤵
  PID:9104
- C:\Windows\System\ZxJbpYr.exe
  C:\Windows\System\ZxJbpYr.exe
  2⤵
  PID:9124
- C:\Windows\System\MHwlqFZ.exe
  C:\Windows\System\MHwlqFZ.exe
  2⤵
  PID:9144
- C:\Windows\System\cBAIuKI.exe
  C:\Windows\System\cBAIuKI.exe
  2⤵
  PID:9164
- C:\Windows\System\DjBPdcR.exe
  C:\Windows\System\DjBPdcR.exe
  2⤵
  PID:9188
- C:\Windows\System\NQGyjRy.exe
  C:\Windows\System\NQGyjRy.exe
  2⤵
  PID:9208
- C:\Windows\System\vhYqapD.exe
  C:\Windows\System\vhYqapD.exe
  2⤵
  PID:7060
- C:\Windows\System\fJdcQBJ.exe
  C:\Windows\System\fJdcQBJ.exe
  2⤵
  PID:7108
- C:\Windows\System\yxMvBby.exe
  C:\Windows\System\yxMvBby.exe
  2⤵
  PID:7148
- C:\Windows\System\GJyPLHz.exe
  C:\Windows\System\GJyPLHz.exe
  2⤵
  PID:4420
- C:\Windows\System\WNSuRLI.exe
  C:\Windows\System\WNSuRLI.exe
  2⤵
  PID:5352
- C:\Windows\System\qaLyTCU.exe
  C:\Windows\System\qaLyTCU.exe
  2⤵
  PID:5464
- C:\Windows\System\GznqTET.exe
  C:\Windows\System\GznqTET.exe
  2⤵
  PID:5560
- C:\Windows\System\UxoTxhk.exe
  C:\Windows\System\UxoTxhk.exe
  2⤵
  PID:5612
- C:\Windows\System\YHphxld.exe
  C:\Windows\System\YHphxld.exe
  2⤵
  PID:5672
- C:\Windows\System\whryIYv.exe
  C:\Windows\System\whryIYv.exe
  2⤵
  PID:5780
- C:\Windows\System\lDMBgpS.exe
  C:\Windows\System\lDMBgpS.exe
  2⤵
  PID:5896
- C:\Windows\System\khvSxqr.exe
  C:\Windows\System\khvSxqr.exe
  2⤵
  PID:6088
- C:\Windows\System\kHXHHkq.exe
  C:\Windows\System\kHXHHkq.exe
  2⤵
  PID:2496
- C:\Windows\System\sdwYAob.exe
  C:\Windows\System\sdwYAob.exe
  2⤵
  PID:2248
- C:\Windows\System\BXfpQkD.exe
  C:\Windows\System\BXfpQkD.exe
  2⤵
  PID:7252
- C:\Windows\System\ogjKruC.exe
  C:\Windows\System\ogjKruC.exe
  2⤵
  PID:2744
- C:\Windows\System\lotOhYa.exe
  C:\Windows\System\lotOhYa.exe
  2⤵
  PID:5132
- C:\Windows\System\djGJwgd.exe
  C:\Windows\System\djGJwgd.exe
  2⤵
  PID:6560
- C:\Windows\System\vPsPfdJ.exe
  C:\Windows\System\vPsPfdJ.exe
  2⤵
  PID:6176
- C:\Windows\System\XRIMcSr.exe
  C:\Windows\System\XRIMcSr.exe
  2⤵
  PID:7340
- C:\Windows\System\mDCRdUr.exe
  C:\Windows\System\mDCRdUr.exe
  2⤵
  PID:7672
- C:\Windows\System\sBEsNfx.exe
  C:\Windows\System\sBEsNfx.exe
  2⤵
  PID:9228
- C:\Windows\System\yeDTeHY.exe
  C:\Windows\System\yeDTeHY.exe
  2⤵
  PID:9256
- C:\Windows\System\WsxJjif.exe
  C:\Windows\System\WsxJjif.exe
  2⤵
  PID:9272
- C:\Windows\System\VqsJzJG.exe
  C:\Windows\System\VqsJzJG.exe
  2⤵
  PID:9292
- C:\Windows\System\uMYsycM.exe
  C:\Windows\System\uMYsycM.exe
  2⤵
  PID:9316
- C:\Windows\System\PDTXIcX.exe
  C:\Windows\System\PDTXIcX.exe
  2⤵
  PID:9344
- C:\Windows\System\fSsazxD.exe
  C:\Windows\System\fSsazxD.exe
  2⤵
  PID:9364
- C:\Windows\System\PPOWfMQ.exe
  C:\Windows\System\PPOWfMQ.exe
  2⤵
  PID:9388
- C:\Windows\System\xKiYaTa.exe
  C:\Windows\System\xKiYaTa.exe
  2⤵
  PID:9412
- C:\Windows\System\rnhLlpX.exe
  C:\Windows\System\rnhLlpX.exe
  2⤵
  PID:9432
- C:\Windows\System\nXiVQoj.exe
  C:\Windows\System\nXiVQoj.exe
  2⤵
  PID:9452
- C:\Windows\System\wcDBiPO.exe
  C:\Windows\System\wcDBiPO.exe
  2⤵
  PID:9484
- C:\Windows\System\QkXKnjq.exe
  C:\Windows\System\QkXKnjq.exe
  2⤵
  PID:9504
- C:\Windows\System\KcHOoew.exe
  C:\Windows\System\KcHOoew.exe
  2⤵
  PID:9524
- C:\Windows\System\WgkqgNd.exe
  C:\Windows\System\WgkqgNd.exe
  2⤵
  PID:9556
- C:\Windows\System\MafAfSI.exe
  C:\Windows\System\MafAfSI.exe
  2⤵
  PID:9572
- C:\Windows\System\nKjVyUN.exe
  C:\Windows\System\nKjVyUN.exe
  2⤵
  PID:9600
- C:\Windows\System\JUeYQTd.exe
  C:\Windows\System\JUeYQTd.exe
  2⤵
  PID:9620
- C:\Windows\System\rQvPieG.exe
  C:\Windows\System\rQvPieG.exe
  2⤵
  PID:9644
- C:\Windows\System\YXTrElo.exe
  C:\Windows\System\YXTrElo.exe
  2⤵
  PID:9668
- C:\Windows\System\szSYoMM.exe
  C:\Windows\System\szSYoMM.exe
  2⤵
  PID:9708
- C:\Windows\System\necgRVZ.exe
  C:\Windows\System\necgRVZ.exe
  2⤵
  PID:9724
- C:\Windows\System\WGCyasw.exe
  C:\Windows\System\WGCyasw.exe
  2⤵
  PID:9768
- C:\Windows\System\OVociTd.exe
  C:\Windows\System\OVociTd.exe
  2⤵
  PID:9784
- C:\Windows\System\hKgQzzc.exe
  C:\Windows\System\hKgQzzc.exe
  2⤵
  PID:9804
- C:\Windows\System\ZTqccIa.exe
  C:\Windows\System\ZTqccIa.exe
  2⤵
  PID:9832
- C:\Windows\System\sEpakkr.exe
  C:\Windows\System\sEpakkr.exe
  2⤵
  PID:9852
- C:\Windows\System\dokrLtL.exe
  C:\Windows\System\dokrLtL.exe
  2⤵
  PID:9876
- C:\Windows\System\AiByhhc.exe
  C:\Windows\System\AiByhhc.exe
  2⤵
  PID:9896
- C:\Windows\System\fIZwdTR.exe
  C:\Windows\System\fIZwdTR.exe
  2⤵
  PID:9924
- C:\Windows\System\RYUksZs.exe
  C:\Windows\System\RYUksZs.exe
  2⤵
  PID:9948
- C:\Windows\System\FWLjACk.exe
  C:\Windows\System\FWLjACk.exe
  2⤵
  PID:9972
- C:\Windows\System\LlbaSCy.exe
  C:\Windows\System\LlbaSCy.exe
  2⤵
  PID:9992
- C:\Windows\System\KeNubrg.exe
  C:\Windows\System\KeNubrg.exe
  2⤵
  PID:10020
- C:\Windows\System\aGnhYcF.exe
  C:\Windows\System\aGnhYcF.exe
  2⤵
  PID:10044
- C:\Windows\System\FSOukme.exe
  C:\Windows\System\FSOukme.exe
  2⤵
  PID:10064
- C:\Windows\System\ntMqbdb.exe
  C:\Windows\System\ntMqbdb.exe
  2⤵
  PID:10088
- C:\Windows\System\LUenzMi.exe
  C:\Windows\System\LUenzMi.exe
  2⤵
  PID:10108
- C:\Windows\System\GmYlhpT.exe
  C:\Windows\System\GmYlhpT.exe
  2⤵
  PID:10128
- C:\Windows\System\MfUqMmx.exe
  C:\Windows\System\MfUqMmx.exe
  2⤵
  PID:10156
- C:\Windows\System\uxyUAXl.exe
  C:\Windows\System\uxyUAXl.exe
  2⤵
  PID:10176
- C:\Windows\System\TLECNtq.exe
  C:\Windows\System\TLECNtq.exe
  2⤵
  PID:10212
- C:\Windows\System\ZceHjCV.exe
  C:\Windows\System\ZceHjCV.exe
  2⤵
  PID:10232
- C:\Windows\System\zBuzHyw.exe
  C:\Windows\System\zBuzHyw.exe
  2⤵
  PID:7740
- C:\Windows\System\oTDJNKH.exe
  C:\Windows\System\oTDJNKH.exe
  2⤵
  PID:7784
- C:\Windows\System\qjhViwD.exe
  C:\Windows\System\qjhViwD.exe
  2⤵
  PID:8436
- C:\Windows\System\hLDZPza.exe
  C:\Windows\System\hLDZPza.exe
  2⤵
  PID:8584
- C:\Windows\System\kdropHN.exe
  C:\Windows\System\kdropHN.exe
  2⤵
  PID:8688
- C:\Windows\System\vskiLLR.exe
  C:\Windows\System\vskiLLR.exe
  2⤵
  PID:8720
- C:\Windows\System\KggmeIS.exe
  C:\Windows\System\KggmeIS.exe
  2⤵
  PID:8840
- C:\Windows\System\eCIoNDg.exe
  C:\Windows\System\eCIoNDg.exe
  2⤵
  PID:8900
- C:\Windows\System\FhgTGXZ.exe
  C:\Windows\System\FhgTGXZ.exe
  2⤵
  PID:7540
- C:\Windows\System\idbyVZg.exe
  C:\Windows\System\idbyVZg.exe
  2⤵
  PID:6668
- C:\Windows\System\LSzoeeJ.exe
  C:\Windows\System\LSzoeeJ.exe
  2⤵
  PID:7076
- C:\Windows\System\ETfQKDm.exe
  C:\Windows\System\ETfQKDm.exe
  2⤵
  PID:9200
- C:\Windows\System\MhXfYXA.exe
  C:\Windows\System\MhXfYXA.exe
  2⤵
  PID:6864
- C:\Windows\System\obPKeTf.exe
  C:\Windows\System\obPKeTf.exe
  2⤵
  PID:7296
- C:\Windows\System\kmPEpUM.exe
  C:\Windows\System\kmPEpUM.exe
  2⤵
  PID:5824
- C:\Windows\System\FTKciby.exe
  C:\Windows\System\FTKciby.exe
  2⤵
  PID:8204
- C:\Windows\System\aMaBdSF.exe
  C:\Windows\System\aMaBdSF.exe
  2⤵
  PID:8292
- C:\Windows\System\ddRbDdi.exe
  C:\Windows\System\ddRbDdi.exe
  2⤵
  PID:8232
- C:\Windows\System\NFlIvzn.exe
  C:\Windows\System\NFlIvzn.exe
  2⤵
  PID:7764
- C:\Windows\System\lIfAfPX.exe
  C:\Windows\System\lIfAfPX.exe
  2⤵
  PID:9268
- C:\Windows\System\kMlhPpp.exe
  C:\Windows\System\kMlhPpp.exe
  2⤵
  PID:8660
- C:\Windows\System\XYAdVwf.exe
  C:\Windows\System\XYAdVwf.exe
  2⤵
  PID:9684
- C:\Windows\System\FTdADMs.exe
  C:\Windows\System\FTdADMs.exe
  2⤵
  PID:7936
- C:\Windows\System\BVBULne.exe
  C:\Windows\System\BVBULne.exe
  2⤵
  PID:7980
- C:\Windows\System\jPWcIGq.exe
  C:\Windows\System\jPWcIGq.exe
  2⤵
  PID:8068
- C:\Windows\System\RjrLUYM.exe
  C:\Windows\System\RjrLUYM.exe
  2⤵
  PID:8104
- C:\Windows\System\zbbbvSC.exe
  C:\Windows\System\zbbbvSC.exe
  2⤵
  PID:8156
- C:\Windows\System\AtnXopg.exe
  C:\Windows\System\AtnXopg.exe
  2⤵
  PID:7144
- C:\Windows\System\ORSjVwV.exe
  C:\Windows\System\ORSjVwV.exe
  2⤵
  PID:10260
- C:\Windows\System\mfzHzBP.exe
  C:\Windows\System\mfzHzBP.exe
  2⤵
  PID:10276
- C:\Windows\System\FizDhSM.exe
  C:\Windows\System\FizDhSM.exe
  2⤵
  PID:10300
- C:\Windows\System\WfBJkTW.exe
  C:\Windows\System\WfBJkTW.exe
  2⤵
  PID:10328
- C:\Windows\System\IyWMonR.exe
  C:\Windows\System\IyWMonR.exe
  2⤵
  PID:10352
- C:\Windows\System\JbJOuKV.exe
  C:\Windows\System\JbJOuKV.exe
  2⤵
  PID:10372
- C:\Windows\System\XRVdKWn.exe
  C:\Windows\System\XRVdKWn.exe
  2⤵
  PID:10392
- C:\Windows\System\iRHKzFL.exe
  C:\Windows\System\iRHKzFL.exe
  2⤵
  PID:10420
- C:\Windows\System\klxbyuQ.exe
  C:\Windows\System\klxbyuQ.exe
  2⤵
  PID:10444
- C:\Windows\System\pPZFIsM.exe
  C:\Windows\System\pPZFIsM.exe
  2⤵
  PID:10464
- C:\Windows\System\dnzQsFe.exe
  C:\Windows\System\dnzQsFe.exe
  2⤵
  PID:10488
- C:\Windows\System\hcYFQjA.exe
  C:\Windows\System\hcYFQjA.exe
  2⤵
  PID:10512
- C:\Windows\System\oOpQhNo.exe
  C:\Windows\System\oOpQhNo.exe
  2⤵
  PID:10536
- C:\Windows\System\zjgdEtE.exe
  C:\Windows\System\zjgdEtE.exe
  2⤵
  PID:10552
- C:\Windows\System\oiCBXjY.exe
  C:\Windows\System\oiCBXjY.exe
  2⤵
  PID:10580
- C:\Windows\System\CUSAIUx.exe
  C:\Windows\System\CUSAIUx.exe
  2⤵
  PID:10608
- C:\Windows\System\ecHwcxQ.exe
  C:\Windows\System\ecHwcxQ.exe
  2⤵
  PID:10628
- C:\Windows\System\Ykektnc.exe
  C:\Windows\System\Ykektnc.exe
  2⤵
  PID:10648
- C:\Windows\System\NFsEvsV.exe
  C:\Windows\System\NFsEvsV.exe
  2⤵
  PID:10672
- C:\Windows\System\nrGTLiP.exe
  C:\Windows\System\nrGTLiP.exe
  2⤵
  PID:10700
- C:\Windows\System\LTWrJCM.exe
  C:\Windows\System\LTWrJCM.exe
  2⤵
  PID:10720
- C:\Windows\System\Ypkrswz.exe
  C:\Windows\System\Ypkrswz.exe
  2⤵
  PID:10740
- C:\Windows\System\NYGVbgh.exe
  C:\Windows\System\NYGVbgh.exe
  2⤵
  PID:10764
- C:\Windows\System\pGdWBXj.exe
  C:\Windows\System\pGdWBXj.exe
  2⤵
  PID:10780
- C:\Windows\System\herYwsJ.exe
  C:\Windows\System\herYwsJ.exe
  2⤵
  PID:10808
- C:\Windows\System\WuwsPja.exe
  C:\Windows\System\WuwsPja.exe
  2⤵
  PID:10836
- C:\Windows\System\kIbXdeg.exe
  C:\Windows\System\kIbXdeg.exe
  2⤵
  PID:10860
- C:\Windows\System\RyAJKJd.exe
  C:\Windows\System\RyAJKJd.exe
  2⤵
  PID:10880
- C:\Windows\System\tLncAFS.exe
  C:\Windows\System\tLncAFS.exe
  2⤵
  PID:10900
- C:\Windows\System\UjCbkRS.exe
  C:\Windows\System\UjCbkRS.exe
  2⤵
  PID:10920
- C:\Windows\System\vRBPtHN.exe
  C:\Windows\System\vRBPtHN.exe
  2⤵
  PID:10944
- C:\Windows\System\HuLlzTB.exe
  C:\Windows\System\HuLlzTB.exe
  2⤵
  PID:10968
- C:\Windows\System\ndpfTYj.exe
  C:\Windows\System\ndpfTYj.exe
  2⤵
  PID:10988
- C:\Windows\System\xeqpUmm.exe
  C:\Windows\System\xeqpUmm.exe
  2⤵
  PID:11012
- C:\Windows\System\XiFELCy.exe
  C:\Windows\System\XiFELCy.exe
  2⤵
  PID:11172
- C:\Windows\System\TsFeeOE.exe
  C:\Windows\System\TsFeeOE.exe
  2⤵
  PID:11188
- C:\Windows\System\Ahiyuul.exe
  C:\Windows\System\Ahiyuul.exe
  2⤵
  PID:11224
- C:\Windows\System\hAslQLj.exe
  C:\Windows\System\hAslQLj.exe
  2⤵
  PID:11240
- C:\Windows\System\rewWBQw.exe
  C:\Windows\System\rewWBQw.exe
  2⤵
  PID:11256
- C:\Windows\System\asUvtvI.exe
  C:\Windows\System\asUvtvI.exe
  2⤵
  PID:7228
- C:\Windows\System\JETByXZ.exe
  C:\Windows\System\JETByXZ.exe
  2⤵
  PID:9940
- C:\Windows\System\dDqjeTm.exe
  C:\Windows\System\dDqjeTm.exe
  2⤵
  PID:5812
- C:\Windows\System\KAlqrNs.exe
  C:\Windows\System\KAlqrNs.exe
  2⤵
  PID:6504
- C:\Windows\System\scandaV.exe
  C:\Windows\System\scandaV.exe
  2⤵
  PID:6644
- C:\Windows\System\cjBPHzE.exe
  C:\Windows\System\cjBPHzE.exe
  2⤵
  PID:10072
- C:\Windows\System\XcapEGD.exe
  C:\Windows\System\XcapEGD.exe
  2⤵
  PID:10104
- C:\Windows\System\bOIDjpx.exe
  C:\Windows\System\bOIDjpx.exe
  2⤵
  PID:8312
- C:\Windows\System\vOHCkxQ.exe
  C:\Windows\System\vOHCkxQ.exe
  2⤵
  PID:10164
- C:\Windows\System\kVamWAw.exe
  C:\Windows\System\kVamWAw.exe
  2⤵
  PID:9308
- C:\Windows\System\xNUNAYL.exe
  C:\Windows\System\xNUNAYL.exe
  2⤵
  PID:8476
- C:\Windows\System\pLvmfVS.exe
  C:\Windows\System\pLvmfVS.exe
  2⤵
  PID:8516
- C:\Windows\System\fTSHUvG.exe
  C:\Windows\System\fTSHUvG.exe
  2⤵
  PID:8556
- C:\Windows\System\owFVUWR.exe
  C:\Windows\System\owFVUWR.exe
  2⤵
  PID:8648
- C:\Windows\System\IBLUzKC.exe
  C:\Windows\System\IBLUzKC.exe
  2⤵
  PID:8428
- C:\Windows\System\XBIZDzO.exe
  C:\Windows\System\XBIZDzO.exe
  2⤵
  PID:8644
- C:\Windows\System\KRqobJF.exe
  C:\Windows\System\KRqobJF.exe
  2⤵
  PID:9548
- C:\Windows\System\lUjkCjd.exe
  C:\Windows\System\lUjkCjd.exe
  2⤵
  PID:8804
- C:\Windows\System\yDnsEdu.exe
  C:\Windows\System\yDnsEdu.exe
  2⤵
  PID:9636
- C:\Windows\System\zyHNJBN.exe
  C:\Windows\System\zyHNJBN.exe
  2⤵
  PID:8856
- C:\Windows\System\ojbUewc.exe
  C:\Windows\System\ojbUewc.exe
  2⤵
  PID:9024
- C:\Windows\System\iRpQnyf.exe
  C:\Windows\System\iRpQnyf.exe
  2⤵
  PID:9060
- C:\Windows\System\gMniPUe.exe
  C:\Windows\System\gMniPUe.exe
  2⤵
  PID:9092
- C:\Windows\System\lYMdhfw.exe
  C:\Windows\System\lYMdhfw.exe
  2⤵
  PID:8600
- C:\Windows\System\QCGYmJI.exe
  C:\Windows\System\QCGYmJI.exe
  2⤵
  PID:9776
- C:\Windows\System\ZlfzpMI.exe
  C:\Windows\System\ZlfzpMI.exe
  2⤵
  PID:9160
- C:\Windows\System\nUCuvSA.exe
  C:\Windows\System\nUCuvSA.exe
  2⤵
  PID:9840
- C:\Windows\System\KYZXpMv.exe
  C:\Windows\System\KYZXpMv.exe
  2⤵
  PID:7840
- C:\Windows\System\HQiOGwh.exe
  C:\Windows\System\HQiOGwh.exe
  2⤵
  PID:7164
- C:\Windows\System\pZOLhmg.exe
  C:\Windows\System\pZOLhmg.exe
  2⤵
  PID:10268
- C:\Windows\System\oNqqJBC.exe
  C:\Windows\System\oNqqJBC.exe
  2⤵
  PID:11276
- C:\Windows\System\cWaiLNS.exe
  C:\Windows\System\cWaiLNS.exe
  2⤵
  PID:11292
- C:\Windows\System\ZaiGEuQ.exe
  C:\Windows\System\ZaiGEuQ.exe
  2⤵
  PID:11324
- C:\Windows\System\zTgKhTD.exe
  C:\Windows\System\zTgKhTD.exe
  2⤵
  PID:11356
- C:\Windows\System\AgJLNbn.exe
  C:\Windows\System\AgJLNbn.exe
  2⤵
  PID:11380
- C:\Windows\System\wIXsxQt.exe
  C:\Windows\System\wIXsxQt.exe
  2⤵
  PID:11396
- C:\Windows\System\ggLNEyG.exe
  C:\Windows\System\ggLNEyG.exe
  2⤵
  PID:11432
- C:\Windows\System\RBtbluD.exe
  C:\Windows\System\RBtbluD.exe
  2⤵
  PID:11456
- C:\Windows\System\apFdJvG.exe
  C:\Windows\System\apFdJvG.exe
  2⤵
  PID:11480
- C:\Windows\System\auuXcLw.exe
  C:\Windows\System\auuXcLw.exe
  2⤵
  PID:11528
- C:\Windows\System\JVupPkM.exe
  C:\Windows\System\JVupPkM.exe
  2⤵
  PID:11556
- C:\Windows\System\dOXbajZ.exe
  C:\Windows\System\dOXbajZ.exe
  2⤵
  PID:11576
- C:\Windows\System\nqhzOyM.exe
  C:\Windows\System\nqhzOyM.exe
  2⤵
  PID:11604
- C:\Windows\System\ktOoUdi.exe
  C:\Windows\System\ktOoUdi.exe
  2⤵
  PID:11624
- C:\Windows\System\gnCJAgo.exe
  C:\Windows\System\gnCJAgo.exe
  2⤵
  PID:11652
- C:\Windows\System\RFfoeSe.exe
  C:\Windows\System\RFfoeSe.exe
  2⤵
  PID:11668
- C:\Windows\System\zfXQNMU.exe
  C:\Windows\System\zfXQNMU.exe
  2⤵
  PID:11684
- C:\Windows\System\sOisYcm.exe
  C:\Windows\System\sOisYcm.exe
  2⤵
  PID:11700
- C:\Windows\System\IDbcYZB.exe
  C:\Windows\System\IDbcYZB.exe
  2⤵
  PID:11720
- C:\Windows\System\rFMFCOs.exe
  C:\Windows\System\rFMFCOs.exe
  2⤵
  PID:11740
- C:\Windows\System\qvswUOj.exe
  C:\Windows\System\qvswUOj.exe
  2⤵
  PID:11756
- C:\Windows\System\adVoPBv.exe
  C:\Windows\System\adVoPBv.exe
  2⤵
  PID:11776
- C:\Windows\System\mOOSLwC.exe
  C:\Windows\System\mOOSLwC.exe
  2⤵
  PID:11804
- C:\Windows\System\zFlPPCX.exe
  C:\Windows\System\zFlPPCX.exe
  2⤵
  PID:11824
- C:\Windows\System\xgzLdSn.exe
  C:\Windows\System\xgzLdSn.exe
  2⤵
  PID:11852
- C:\Windows\System\jSxgTdQ.exe
  C:\Windows\System\jSxgTdQ.exe
  2⤵
  PID:11872
- C:\Windows\System\GZuuVFh.exe
  C:\Windows\System\GZuuVFh.exe
  2⤵
  PID:11896
- C:\Windows\System\ATSjzjY.exe
  C:\Windows\System\ATSjzjY.exe
  2⤵
  PID:11920
- C:\Windows\System\tcADsVH.exe
  C:\Windows\System\tcADsVH.exe
  2⤵
  PID:11944
- C:\Windows\System\ygJmqZg.exe
  C:\Windows\System\ygJmqZg.exe
  2⤵
  PID:11968
- C:\Windows\System\eFNmQVr.exe
  C:\Windows\System\eFNmQVr.exe
  2⤵
  PID:11988
- C:\Windows\System\qConBwy.exe
  C:\Windows\System\qConBwy.exe
  2⤵
  PID:12012
- C:\Windows\System\AjuFQhp.exe
  C:\Windows\System\AjuFQhp.exe
  2⤵
  PID:12036
- C:\Windows\System\ueGEsaF.exe
  C:\Windows\System\ueGEsaF.exe
  2⤵
  PID:12056
- C:\Windows\System\LrNZwUQ.exe
  C:\Windows\System\LrNZwUQ.exe
  2⤵
  PID:12080
- C:\Windows\System\CNoKjgW.exe
  C:\Windows\System\CNoKjgW.exe
  2⤵
  PID:12104
- C:\Windows\System\NWHasZj.exe
  C:\Windows\System\NWHasZj.exe
  2⤵
  PID:12124
- C:\Windows\System\YCGmoPA.exe
  C:\Windows\System\YCGmoPA.exe
  2⤵
  PID:12148
- C:\Windows\System\ofvDjhZ.exe
  C:\Windows\System\ofvDjhZ.exe
  2⤵
  PID:12168
- C:\Windows\System\suEIDmw.exe
  C:\Windows\System\suEIDmw.exe
  2⤵
  PID:12284
- C:\Windows\System\DJiTMIh.exe
  C:\Windows\System\DJiTMIh.exe
  2⤵
  PID:5604
- C:\Windows\System\nmHpkap.exe
  C:\Windows\System\nmHpkap.exe
  2⤵
  PID:6392
- C:\Windows\System\WtTfokk.exe
  C:\Windows\System\WtTfokk.exe
  2⤵
  PID:10616
- C:\Windows\System\SoulVsu.exe
  C:\Windows\System\SoulVsu.exe
  2⤵
  PID:9288
- C:\Windows\System\jgTGYYw.exe
  C:\Windows\System\jgTGYYw.exe
  2⤵
  PID:9360
- C:\Windows\System\WPbwuiL.exe
  C:\Windows\System\WPbwuiL.exe
  2⤵
  PID:10208
- C:\Windows\System\yrFwJlb.exe
  C:\Windows\System\yrFwJlb.exe
  2⤵
  PID:9564
- C:\Windows\System\TxvznJU.exe
  C:\Windows\System\TxvznJU.exe
  2⤵
  PID:9612
- C:\Windows\System\bASIkAc.exe
  C:\Windows\System\bASIkAc.exe
  2⤵
  PID:10936
- C:\Windows\System\TYBlNrR.exe
  C:\Windows\System\TYBlNrR.exe
  2⤵
  PID:3436
- C:\Windows\System\ztqrQzO.exe
  C:\Windows\System\ztqrQzO.exe
  2⤵
  PID:10964
- C:\Windows\System\JuGHGNj.exe
  C:\Windows\System\JuGHGNj.exe
  2⤵
  PID:8980
- C:\Windows\System\LjrUSkp.exe
  C:\Windows\System\LjrUSkp.exe
  2⤵
  PID:9732
- C:\Windows\System\BhBNgWt.exe
  C:\Windows\System\BhBNgWt.exe
  2⤵
  PID:9680
- C:\Windows\System\NSvCIjX.exe
  C:\Windows\System\NSvCIjX.exe
  2⤵
  PID:11132
- C:\Windows\System\yXLaqlP.exe
  C:\Windows\System\yXLaqlP.exe
  2⤵
  PID:9236
- C:\Windows\System\WAzATxx.exe
  C:\Windows\System\WAzATxx.exe
  2⤵
  PID:12312
- C:\Windows\System\AaIduuX.exe
  C:\Windows\System\AaIduuX.exe
  2⤵
  PID:12336
- C:\Windows\System\HLpIpBR.exe
  C:\Windows\System\HLpIpBR.exe
  2⤵
  PID:12360
- C:\Windows\System\qjYrxBq.exe
  C:\Windows\System\qjYrxBq.exe
  2⤵
  PID:12380
- C:\Windows\System\aSIQjSu.exe
  C:\Windows\System\aSIQjSu.exe
  2⤵
  PID:12396
- C:\Windows\System\LZLbKXE.exe
  C:\Windows\System\LZLbKXE.exe
  2⤵
  PID:12424
- C:\Windows\System\spuqgQN.exe
  C:\Windows\System\spuqgQN.exe
  2⤵
  PID:12448
- C:\Windows\System\ogdBhQE.exe
  C:\Windows\System\ogdBhQE.exe
  2⤵
  PID:12932
- C:\Windows\System\rtQmeph.exe
  C:\Windows\System\rtQmeph.exe
  2⤵
  PID:12948
- C:\Windows\System\HskZcfR.exe
  C:\Windows\System\HskZcfR.exe
  2⤵
  PID:12976
- C:\Windows\System\Acddxff.exe
  C:\Windows\System\Acddxff.exe
  2⤵
  PID:13036
- C:\Windows\System\BwqNtAD.exe
  C:\Windows\System\BwqNtAD.exe
  2⤵
  PID:13056
- C:\Windows\System\oWeHJkG.exe
  C:\Windows\System\oWeHJkG.exe
  2⤵
  PID:13072
- C:\Windows\System\iQEXcEa.exe
  C:\Windows\System\iQEXcEa.exe
  2⤵
  PID:13088
- C:\Windows\System\wJBaIHR.exe
  C:\Windows\System\wJBaIHR.exe
  2⤵
  PID:13112
- C:\Windows\System\ccTfZCP.exe
  C:\Windows\System\ccTfZCP.exe
  2⤵
  PID:13132
- C:\Windows\System\vpHqgtT.exe
  C:\Windows\System\vpHqgtT.exe
  2⤵
  PID:13152
- C:\Windows\System\eTsYAas.exe
  C:\Windows\System\eTsYAas.exe
  2⤵
  PID:13176
- C:\Windows\System\vNGCbtN.exe
  C:\Windows\System\vNGCbtN.exe
  2⤵
  PID:13200
- C:\Windows\System\TyHqCbk.exe
  C:\Windows\System\TyHqCbk.exe
  2⤵
  PID:13232
- C:\Windows\System\UlvWyDx.exe
  C:\Windows\System\UlvWyDx.exe
  2⤵
  PID:13256
- C:\Windows\System\HZZktHC.exe
  C:\Windows\System\HZZktHC.exe
  2⤵
  PID:13288
- C:\Windows\System\GzQEJzA.exe
  C:\Windows\System\GzQEJzA.exe
  2⤵
  PID:10200
- C:\Windows\System\BddLyoP.exe
  C:\Windows\System\BddLyoP.exe
  2⤵
  PID:7440
- C:\Windows\System\YvaxTkz.exe
  C:\Windows\System\YvaxTkz.exe
  2⤵
  PID:8000
- C:\Windows\System\IUEwQTv.exe
  C:\Windows\System\IUEwQTv.exe
  2⤵
  PID:8144
- C:\Windows\System\mOcVzkc.exe
  C:\Windows\System\mOcVzkc.exe
  2⤵
  PID:10344
- C:\Windows\System\daJeQEa.exe
  C:\Windows\System\daJeQEa.exe
  2⤵
  PID:11316
- C:\Windows\System\fJxBEFI.exe
  C:\Windows\System\fJxBEFI.exe
  2⤵
  PID:10436
- C:\Windows\System\fRXszZT.exe
  C:\Windows\System\fRXszZT.exe
  2⤵
  PID:10036
- C:\Windows\System\XbDYafG.exe
  C:\Windows\System\XbDYafG.exe
  2⤵
  PID:10480
- C:\Windows\System\ZoyEyaA.exe
  C:\Windows\System\ZoyEyaA.exe
  2⤵
  PID:10520
- C:\Windows\System\QXhYQru.exe
  C:\Windows\System\QXhYQru.exe
  2⤵
  PID:10056
- C:\Windows\System\lUUuMBW.exe
  C:\Windows\System\lUUuMBW.exe
  2⤵
  PID:11444
- C:\Windows\System\tndChQv.exe
  C:\Windows\System\tndChQv.exe
  2⤵
  PID:10656
- C:\Windows\System\pGWHEKz.exe
  C:\Windows\System\pGWHEKz.exe
  2⤵
  PID:10684
- C:\Windows\System\OXdYbJw.exe
  C:\Windows\System\OXdYbJw.exe
  2⤵
  PID:11488
- C:\Windows\System\sUtbifU.exe
  C:\Windows\System\sUtbifU.exe
  2⤵
  PID:10752
- C:\Windows\System\mnwoGWS.exe
  C:\Windows\System\mnwoGWS.exe
  2⤵
  PID:10224
- C:\Windows\System\xTYZLls.exe
  C:\Windows\System\xTYZLls.exe
  2⤵
  PID:10804
- C:\Windows\System\TJMlVvq.exe
  C:\Windows\System\TJMlVvq.exe
  2⤵
  PID:10832
- C:\Windows\System\ZmyvaUm.exe
  C:\Windows\System\ZmyvaUm.exe
  2⤵
  PID:7756
- C:\Windows\System\nRfuMai.exe
  C:\Windows\System\nRfuMai.exe
  2⤵
  PID:10872
- C:\Windows\System\dNUnuGm.exe
  C:\Windows\System\dNUnuGm.exe
  2⤵
  PID:11536
- C:\Windows\System\lXOnGWc.exe
  C:\Windows\System\lXOnGWc.exe
  2⤵
  PID:11592
- C:\Windows\System\baMOZZo.exe
  C:\Windows\System\baMOZZo.exe
  2⤵
  PID:5432
- C:\Windows\System\BJQxmcj.exe
  C:\Windows\System\BJQxmcj.exe
  2⤵
  PID:6320
- C:\Windows\System\nNWNjPt.exe
  C:\Windows\System\nNWNjPt.exe
  2⤵
  PID:6208
- C:\Windows\System\QLAIpsz.exe
  C:\Windows\System\QLAIpsz.exe
  2⤵
  PID:11000
- C:\Windows\System\ghamSCQ.exe
  C:\Windows\System\ghamSCQ.exe
  2⤵
  PID:11072
- C:\Windows\System\zgqeSCL.exe
  C:\Windows\System\zgqeSCL.exe
  2⤵
  PID:12828
- C:\Windows\System\WbUerMs.exe
  C:\Windows\System\WbUerMs.exe
  2⤵
  PID:168
- C:\Windows\System\UUmcvaL.exe
  C:\Windows\System\UUmcvaL.exe
  2⤵
  PID:13120
- C:\Windows\System\DITQKTf.exe
  C:\Windows\System\DITQKTf.exe
  2⤵
  PID:13148
- C:\Windows\System\oYKtfCT.exe
  C:\Windows\System\oYKtfCT.exe
  2⤵
  PID:7188
- C:\Windows\System\uWCxkpY.exe
  C:\Windows\System\uWCxkpY.exe
  2⤵
  PID:2388
- C:\Windows\System\PQFmebR.exe
  C:\Windows\System\PQFmebR.exe
  2⤵
  PID:10984
- C:\Windows\System\wNfoHpr.exe
  C:\Windows\System\wNfoHpr.exe
  2⤵
  PID:9336
- C:\Windows\System\CClHbGf.exe
  C:\Windows\System\CClHbGf.exe
  2⤵
  PID:11128
- C:\Windows\System\HhkGrRv.exe
  C:\Windows\System\HhkGrRv.exe
  2⤵
  PID:9888
- C:\Windows\System\sNFWGlZ.exe
  C:\Windows\System\sNFWGlZ.exe
  2⤵
  PID:4396
- C:\Windows\System\ArEbkhF.exe
  C:\Windows\System\ArEbkhF.exe
  2⤵
  PID:11272
- C:\Windows\System\hoOBMma.exe
  C:\Windows\System\hoOBMma.exe
  2⤵
  PID:6424
- C:\Windows\System\ZAexGNg.exe
  C:\Windows\System\ZAexGNg.exe
  2⤵
  PID:9632
- C:\Windows\System\POSWqpv.exe
  C:\Windows\System\POSWqpv.exe
  2⤵
  PID:10008
- C:\Windows\System\NgwusSW.exe
  C:\Windows\System\NgwusSW.exe
  2⤵
  PID:11424
- C:\Windows\System\VeVlGCK.exe
  C:\Windows\System\VeVlGCK.exe
  2⤵
  PID:10680
- C:\Windows\System\JduRVNJ.exe
  C:\Windows\System\JduRVNJ.exe
  2⤵
  PID:2364
- C:\Windows\System\HoFtBqM.exe
  C:\Windows\System\HoFtBqM.exe
  2⤵
  PID:11788
- C:\Windows\System\jGOIRmB.exe
  C:\Windows\System\jGOIRmB.exe
  2⤵
  PID:11864
- C:\Windows\System\XBfrcls.exe
  C:\Windows\System\XBfrcls.exe
  2⤵
  PID:11964
- C:\Windows\System\FwecqPD.exe
  C:\Windows\System\FwecqPD.exe
  2⤵
  PID:7996
- C:\Windows\System\hCyKQTM.exe
  C:\Windows\System\hCyKQTM.exe
  2⤵
  PID:12120
- C:\Windows\System\ALWYKRP.exe
  C:\Windows\System\ALWYKRP.exe
  2⤵
  PID:9152
- C:\Windows\System\uNIBMGg.exe
  C:\Windows\System\uNIBMGg.exe
  2⤵
  PID:11268
- C:\Windows\System\gXBfuDV.exe
  C:\Windows\System\gXBfuDV.exe
  2⤵
  PID:11416
- C:\Windows\System\HBKTSHe.exe
  C:\Windows\System\HBKTSHe.exe
  2⤵
  PID:5508
- C:\Windows\System\XcKFtPl.exe
  C:\Windows\System\XcKFtPl.exe
  2⤵
  PID:12068
- C:\Windows\System\YUNaVNJ.exe
  C:\Windows\System\YUNaVNJ.exe
  2⤵
  PID:11952
- C:\Windows\System\RrmeNWa.exe
  C:\Windows\System\RrmeNWa.exe
  2⤵
  PID:11728
- C:\Windows\System\bJMSNud.exe
  C:\Windows\System\bJMSNud.exe
  2⤵
  PID:11612
- C:\Windows\System\wtgTOUx.exe
  C:\Windows\System\wtgTOUx.exe
  2⤵
  PID:8852
- C:\Windows\System\FCZAxdh.exe
  C:\Windows\System\FCZAxdh.exe
  2⤵
  PID:9356
- C:\Windows\System\bXJNKcd.exe
  C:\Windows\System\bXJNKcd.exe
  2⤵
  PID:9588
- C:\Windows\System\pDbyqaA.exe
  C:\Windows\System\pDbyqaA.exe
  2⤵
  PID:13216
- C:\Windows\System\xEqhBvR.exe
  C:\Windows\System\xEqhBvR.exe
  2⤵
  PID:13264
- C:\Windows\System\aQGCQnb.exe
  C:\Windows\System\aQGCQnb.exe
  2⤵
  PID:12304
- C:\Windows\System\TxlbnkC.exe
  C:\Windows\System\TxlbnkC.exe
  2⤵
  PID:12392
- C:\Windows\System\HQBsyur.exe
  C:\Windows\System\HQBsyur.exe
  2⤵
  PID:12440
- C:\Windows\System\SOQteCJ.exe
  C:\Windows\System\SOQteCJ.exe
  2⤵
  PID:12500
- C:\Windows\System\HyXPXaL.exe
  C:\Windows\System\HyXPXaL.exe
  2⤵
  PID:7096
- C:\Windows\System\QwhtnHj.exe
  C:\Windows\System\QwhtnHj.exe
  2⤵
  PID:10400
- C:\Windows\System\wCpaIUY.exe
  C:\Windows\System\wCpaIUY.exe
  2⤵
  PID:10504
- C:\Windows\System\doPDCSC.exe
  C:\Windows\System\doPDCSC.exe
  2⤵
  PID:10776
- C:\Windows\System\tFdqRWO.exe
  C:\Windows\System\tFdqRWO.exe
  2⤵
  PID:12612
- C:\Windows\System\WWojMYV.exe
  C:\Windows\System\WWojMYV.exe
  2⤵
  PID:12696
- C:\Windows\System\TojXJHe.exe
  C:\Windows\System\TojXJHe.exe
  2⤵
  PID:11784
- C:\Windows\System\TmrmLaz.exe
  C:\Windows\System\TmrmLaz.exe
  2⤵
  PID:12900
- C:\Windows\System\lbJCkxY.exe
  C:\Windows\System\lbJCkxY.exe
  2⤵
  PID:12944
- C:\Windows\System\RtmfcDc.exe
  C:\Windows\System\RtmfcDc.exe
  2⤵
  PID:13044
- C:\Windows\System\cNfqBHi.exe
  C:\Windows\System\cNfqBHi.exe
  2⤵
  PID:13080
- C:\Windows\System\OYcKMFV.exe
  C:\Windows\System\OYcKMFV.exe
  2⤵
  PID:9872
- C:\Windows\System\kIhUiYl.exe
  C:\Windows\System\kIhUiYl.exe
  2⤵
  PID:12552
- C:\Windows\System\uvoSGtH.exe
  C:\Windows\System\uvoSGtH.exe
  2⤵
  PID:7704
- C:\Windows\System\wxhuEWU.exe
  C:\Windows\System\wxhuEWU.exe
  2⤵
  PID:10848
- C:\Windows\System\NQNpAcm.exe
  C:\Windows\System\NQNpAcm.exe
  2⤵
  PID:12320
- C:\Windows\System\xQjhoIL.exe
  C:\Windows\System\xQjhoIL.exe
  2⤵
  PID:11692
- C:\Windows\System\SGwlerl.exe
  C:\Windows\System\SGwlerl.exe
  2⤵
  PID:12100
- C:\Windows\System\qSPxXsQ.exe
  C:\Windows\System\qSPxXsQ.exe
  2⤵
  PID:12888
- C:\Windows\System\FJMxNtm.exe
  C:\Windows\System\FJMxNtm.exe
  2⤵
  PID:12988
- C:\Windows\System\AoHdShL.exe
  C:\Windows\System\AoHdShL.exe
  2⤵
  PID:9516
- C:\Windows\System\oQkuCUB.exe
  C:\Windows\System\oQkuCUB.exe
  2⤵
  PID:10892
- C:\Windows\System\OInDxUx.exe
  C:\Windows\System\OInDxUx.exe
  2⤵
  PID:3872
- C:\Windows\System\CvudAAd.exe
  C:\Windows\System\CvudAAd.exe
  2⤵
  PID:4384
- C:\Windows\System\hVNOSFw.exe
  C:\Windows\System\hVNOSFw.exe
  2⤵
  PID:1664
- C:\Windows\System\piLlQcI.exe
  C:\Windows\System\piLlQcI.exe
  2⤵
  PID:2196
- C:\Windows\System\CWOqUPf.exe
  C:\Windows\System\CWOqUPf.exe
  2⤵
  PID:11664
- C:\Windows\System\aumqKLw.exe
  C:\Windows\System\aumqKLw.exe
  2⤵
  PID:13296
- C:\Windows\System\PDytJEU.exe
  C:\Windows\System\PDytJEU.exe
  2⤵
  PID:9284
- C:\Windows\System\oWapHba.exe
  C:\Windows\System\oWapHba.exe
  2⤵
  PID:8412
- C:\Windows\System\ahIsUto.exe
  C:\Windows\System\ahIsUto.exe
  2⤵
  PID:4940
- C:\Windows\System\BCedzYX.exe
  C:\Windows\System\BCedzYX.exe
  2⤵
  PID:12764
- C:\Windows\System\unTwqMN.exe
  C:\Windows\System\unTwqMN.exe
  2⤵
  PID:13016
- C:\Windows\System\ozltoee.exe
  C:\Windows\System\ozltoee.exe
  2⤵
  PID:2988
- C:\Windows\System\ASPXRjv.exe
  C:\Windows\System\ASPXRjv.exe
  2⤵
  PID:13032
- C:\Windows\System\XIKXBwB.exe
  C:\Windows\System\XIKXBwB.exe
  2⤵
  PID:11636
- C:\Windows\System\zrtOwjE.exe
  C:\Windows\System\zrtOwjE.exe
  2⤵
  PID:9400
- C:\Windows\System\UhMUqqK.exe
  C:\Windows\System\UhMUqqK.exe
  2⤵
  PID:8984
- C:\Windows\System\tVAMGip.exe
  C:\Windows\System\tVAMGip.exe
  2⤵
  PID:4820
- C:\Windows\System\MydjoTx.exe
  C:\Windows\System\MydjoTx.exe
  2⤵
  PID:628
- C:\Windows\System\WpPtfxm.exe
  C:\Windows\System\WpPtfxm.exe
  2⤵
  PID:2324
- C:\Windows\System\gfAHzSu.exe
  C:\Windows\System\gfAHzSu.exe
  2⤵
  PID:3228
- C:\Windows\System\NgEPWkt.exe
  C:\Windows\System\NgEPWkt.exe
  2⤵
  PID:1576
- C:\Windows\System\qJRPFSy.exe
  C:\Windows\System\qJRPFSy.exe
  2⤵
  PID:7920
- C:\Windows\System\etNcHFa.exe
  C:\Windows\System\etNcHFa.exe
  2⤵
  PID:5344
- C:\Windows\System\iSYydMW.exe
  C:\Windows\System\iSYydMW.exe
  2⤵
  PID:3176
- C:\Windows\System\QvyemZE.exe
  C:\Windows\System\QvyemZE.exe
  2⤵
  PID:13000
- C:\Windows\System\jAUkYFJ.exe
  C:\Windows\System\jAUkYFJ.exe
  2⤵
  PID:12588
- C:\Windows\System\awBABcv.exe
  C:\Windows\System\awBABcv.exe
  2⤵
  PID:11004
- C:\Windows\System\hTGMHdT.exe
  C:\Windows\System\hTGMHdT.exe
  2⤵
  PID:10560
- C:\Windows\System\jpnGSps.exe
  C:\Windows\System\jpnGSps.exe
  2⤵
  PID:10184
- C:\Windows\System\LKGPvAA.exe
  C:\Windows\System\LKGPvAA.exe
  2⤵
  PID:9824
- C:\Windows\System\TOveTbM.exe
  C:\Windows\System\TOveTbM.exe
  2⤵
  PID:13052
- C:\Windows\System\XPcHxop.exe
  C:\Windows\System\XPcHxop.exe
  2⤵
  PID:13328
- C:\Windows\System\ljHiymf.exe
  C:\Windows\System\ljHiymf.exe
  2⤵
  PID:13348
- C:\Windows\System\CzkWXhe.exe
  C:\Windows\System\CzkWXhe.exe
  2⤵
  PID:13624
- C:\Windows\System\VcbXHAA.exe
  C:\Windows\System\VcbXHAA.exe
  2⤵
  PID:13808
- C:\Windows\System\dGlwGdJ.exe
  C:\Windows\System\dGlwGdJ.exe
  2⤵
  PID:13852
- C:\Windows\System\wBaLLwK.exe
  C:\Windows\System\wBaLLwK.exe
  2⤵
  PID:13868
- C:\Windows\System\LMVwGJH.exe
  C:\Windows\System\LMVwGJH.exe
  2⤵
  PID:13888
- C:\Windows\System\QULexdH.exe
  C:\Windows\System\QULexdH.exe
  2⤵
  PID:13912
- C:\Windows\System\ygaqlyO.exe
  C:\Windows\System\ygaqlyO.exe
  2⤵
  PID:13932
- C:\Windows\System\HKiAWQS.exe
  C:\Windows\System\HKiAWQS.exe
  2⤵
  PID:13960
- C:\Windows\System\WByECGY.exe
  C:\Windows\System\WByECGY.exe
  2⤵
  PID:14092
- C:\Windows\System\NcJgeVI.exe
  C:\Windows\System\NcJgeVI.exe
  2⤵
  PID:14176
- C:\Windows\System\HlpGrxX.exe
  C:\Windows\System\HlpGrxX.exe
  2⤵
  PID:14208
- C:\Windows\System\EmqKmYE.exe
  C:\Windows\System\EmqKmYE.exe
  2⤵
  PID:14224
- C:\Windows\System\gYUSeHq.exe
  C:\Windows\System\gYUSeHq.exe
  2⤵
  PID:14240
- C:\Windows\System\xNWvQWC.exe
  C:\Windows\System\xNWvQWC.exe
  2⤵
  PID:14260
- C:\Windows\System\fTFclMJ.exe
  C:\Windows\System\fTFclMJ.exe
  2⤵
  PID:14284
- C:\Windows\System\gstNofz.exe
  C:\Windows\System\gstNofz.exe
  2⤵
  PID:14308
- C:\Windows\System\xaEKtFs.exe
  C:\Windows\System\xaEKtFs.exe
  2⤵
  PID:14328
- C:\Windows\System\tBjfCXC.exe
  C:\Windows\System\tBjfCXC.exe
  2⤵
  PID:13268
- C:\Windows\System\uaQXOFd.exe
  C:\Windows\System\uaQXOFd.exe
  2⤵
  PID:11716
- C:\Windows\System\gYqcoSO.exe
  C:\Windows\System\gYqcoSO.exe
  2⤵
  PID:13396
- C:\Windows\System\KVTgTIF.exe
  C:\Windows\System\KVTgTIF.exe
  2⤵
  PID:11752
- C:\Windows\System\bhVZnzW.exe
  C:\Windows\System\bhVZnzW.exe
  2⤵
  PID:13436
- C:\Windows\System\ApPhilp.exe
  C:\Windows\System\ApPhilp.exe
  2⤵
  PID:13356
- C:\Windows\System\yKwXvFb.exe
  C:\Windows\System\yKwXvFb.exe
  2⤵
  PID:11524
- C:\Windows\System\jRcdfmz.exe
  C:\Windows\System\jRcdfmz.exe
  2⤵
  PID:1608
- C:\Windows\System\QBrhrzk.exe
  C:\Windows\System\QBrhrzk.exe
  2⤵
  PID:13464
- C:\Windows\System\JNfxLlv.exe
  C:\Windows\System\JNfxLlv.exe
  2⤵
  PID:13460
- C:\Windows\System\SHRAKoT.exe
  C:\Windows\System\SHRAKoT.exe
  2⤵
  PID:13360
- C:\Windows\System\FHMNtAZ.exe
  C:\Windows\System\FHMNtAZ.exe
  2⤵
  PID:13680
- C:\Windows\System\oJEvyyP.exe
  C:\Windows\System\oJEvyyP.exe
  2⤵
  PID:13592
- C:\Windows\System\kQZHqMq.exe
  C:\Windows\System\kQZHqMq.exe
  2⤵
  PID:13580
- C:\Windows\System\dVCvncS.exe
  C:\Windows\System\dVCvncS.exe
  2⤵
  PID:5240
- C:\Windows\System\eQgtCZO.exe
  C:\Windows\System\eQgtCZO.exe
  2⤵
  PID:13924
- C:\Windows\System\BDsGiuF.exe
  C:\Windows\System\BDsGiuF.exe
  2⤵
  PID:13952
- C:\Windows\System\BaREPxf.exe
  C:\Windows\System\BaREPxf.exe
  2⤵
  PID:14076
- C:\Windows\System\MlUYOhz.exe
  C:\Windows\System\MlUYOhz.exe
  2⤵
  PID:14196
- C:\Windows\System\DDnhakR.exe
  C:\Windows\System\DDnhakR.exe
  2⤵
  PID:228
- C:\Windows\System\zjPpSvE.exe
  C:\Windows\System\zjPpSvE.exe
  2⤵
  PID:3980
- C:\Windows\System\oABIMsg.exe
  C:\Windows\System\oABIMsg.exe
  2⤵
  PID:14296
- C:\Windows\System\vZBRFhT.exe
  C:\Windows\System\vZBRFhT.exe
  2⤵
  PID:14324
- C:\Windows\System\JMMwuLs.exe
  C:\Windows\System\JMMwuLs.exe
  2⤵
  PID:2796
- C:\Windows\System\DfQrhbm.exe
  C:\Windows\System\DfQrhbm.exe
  2⤵
  PID:7488
- C:\Windows\System\qmTkXQo.exe
  C:\Windows\System\qmTkXQo.exe
  2⤵
  PID:11680
- C:\Windows\System\OoFhuJT.exe
  C:\Windows\System\OoFhuJT.exe
  2⤵
  PID:13376
- C:\Windows\System\bSUBeLp.exe
  C:\Windows\System\bSUBeLp.exe
  2⤵
  PID:8
- C:\Windows\System\rGlXghz.exe
  C:\Windows\System\rGlXghz.exe
  2⤵
  PID:13620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:11604

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:11920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ahtsjfyn.vdn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ApAlEDJ.exe

Filesize
1.8MB

MD5
525c7daed64e6464439361ca948c0ec9

SHA1
27c016db66d97074a7a6272246c730099e390d0c

SHA256
ca9d2a0571eb8147ad0d2fb041c40f9d9e8b7ddee4657bdd8c021a7743fd1079

SHA512
23087136bbf49ec291c3edf5a0b3eddcf45e4bc07030e94a13dad7eb38630e81884ac56bb760f025ec4384d608c3bb694d05715e2e4b8c78c2caf543ab169243

Download Submit
C:\Windows\System\HAVbdVC.exe

Filesize
1.8MB

MD5
330583a92abf6bb97914f9c66577f09a

SHA1
bcb1cffb1a9ec4bce90477c9328392afe6837074

SHA256
0370366cc4198b7efacd0551661cf63590de208d69d1e1f94c47e84c65aee4ad

SHA512
3631fb1f938a4c78f04bf7d9e8ad503647452baa421bcbad88dd02c0802a8df5cf9f81db2260e9924308bdf1f8178bf7def471a5fa36580d0e480ea1c7b97055

Download Submit
C:\Windows\System\HIcvtHd.exe

Filesize
1.8MB

MD5
3ba2cd683902e3f20f91892f47df6444

SHA1
2f2812790f96c1b309518c72949fd81e249725a1

SHA256
782287e7d8e8f776379fb33f82320e0f09d2b33c74ae521b9280f9385809a882

SHA512
ce598672bb4233fac6e5fc41bf685e1cccb231673a674c5ae704873ee05b33bd7094aa1ae354e6643e9ecf082a6064c85ebadea800f56008f061651e5b516ac4

Download Submit
C:\Windows\System\HbQONHD.exe

Filesize
1.8MB

MD5
932658192219040628d36f850485dd21

SHA1
4111a45faba381642bf5a0d2222074f1d3a9b46b

SHA256
1a859adfc255c2f228a3dff279b46645211b40fe6877ef963d3e5ae93ba4d882

SHA512
27079c7cd0d9d1e6ebac571aa303ed9aa42b2601c471a3860023bbff69866a28ff3f2c97e02178f92299b65768b5bcd4ee6297dbd325cd4051a8bcefbad42fbf

Download Submit
C:\Windows\System\KQVTTpa.exe

Filesize
1.8MB

MD5
599cb03f23543e59de53bdcfe6f4d6ef

SHA1
6a70145ea07ea8980c1332ed07b2a92da0209d3f

SHA256
e6ea5e8bbc10745b8142b6bdac7d0b480e1567737ea063a238661de475a50c8b

SHA512
c8976f10c1e418e7c77cb4fb158e97b89a5a0e567d53f5f0f8fc2a7f84d0407d57f1917154b194424d174018b3d31ee0b35935678ff47cb98132abd8b70b1010

Download Submit
C:\Windows\System\KgWvNjS.exe

Filesize
1.8MB

MD5
e6dcbbb74d72d72e5568c3aed98f9809

SHA1
875317ed5544c387c6421d6f34d66c92a5c73665

SHA256
200aa32e2c3d238f13ab0341c058fcbaa3ab6fce7592696a61131a08495bfa7e

SHA512
7ebee5d82692e722f9a6aab174c1f93958bbc1d16323a545e08568f23a80311c26b8154a0893f955df711a4624fc8961d366c843768702ec45ab8905e82bc08d

Download Submit
C:\Windows\System\KuIUDTy.exe

Filesize
1.8MB

MD5
526555ac72b84d51d579dd6cdf3898a5

SHA1
5fb01644acf5ce2180a0e2e86a23881003f347d2

SHA256
7760b08a8b62ed15de3ccb74ea8c5807493619536c8d19591260a2454dc17ae6

SHA512
d36a1624302acfbccee95f0207b413195f0773b47b867f8340071ee515360e615db74b3ac86c281256ed17f46003f5d179a6e62298f3ecc93842d3d33720c572

Download Submit
C:\Windows\System\LzCxcAx.exe

Filesize
1.8MB

MD5
de5638af19e180e1bf504dcd83a33bdb

SHA1
cd466352624b1add48057434e1cafcae6a7d4fbb

SHA256
ab5e1ad113fcf84bf8bd7763132b2b44ddae1b97f21a8e11a07a520d56b71d0a

SHA512
f3579dc89be1428fc8209e655e64311757de83e120c8de85838edcfd5a0e59ac8a5e1198beb2886fd387aad090a4e8d49cfc104b6eeb45f927c9b2646c8fb337

Download Submit
C:\Windows\System\MEytpdq.exe

Filesize
1.8MB

MD5
4635a5eabe7dfe956d8c260fb2bbf40f

SHA1
611b866bd48024dbe258b6ae3af99c390f2b370a

SHA256
870b59732a819b5a1ef1e2a97ede097e89547a634dd6177ee8518c9880f41a1a

SHA512
bcc93d7b3da8ac358993af707336d598de8c4c67cf89312f042c0b92b590b8d017dae7d0ee821b94998001c710b6cab8b9da092de65d9ee1b1b4e65d10aaa90a

Download Submit
C:\Windows\System\MOHwenF.exe

Filesize
1.8MB

MD5
db63437b756dcabafcdce18180869bba

SHA1
cf42cedaa67399e817de8170bf421656af41e9e8

SHA256
d2d7d5bc67b38be219831984fe82d13f26f836077badc3f1d6223db289546c19

SHA512
d5f9a1a42db360eae0dbd8ec00c08a27a502196abdc85a4cab60794c313b7fa87aaca5203244e7344bddbf55821606eba7e1d661eca5777df10836510a2caaea

Download Submit
C:\Windows\System\MzQbynn.exe

Filesize
8B

MD5
03f6c06cbca2116586dcb830cb1e7df2

SHA1
21959527eb4bdd4f1722864fa3a0565158da0f4e

SHA256
7c68cc08ed1401c0caafd3e73d5d856fc875748ed5e62a3ad679b5b0fee4938f

SHA512
39de7a17d12a7e9cc23a1b27c4c49944527213fbd572a6002483088201aba931dcd3d50b2479479e5c47888eeed5c23ce039cc4e68daaf253fbac40894ca1f2b

Download Submit
C:\Windows\System\NLvhKUW.exe

Filesize
1.8MB

MD5
d95834351fbcef46a1a5c4e54d6cc959

SHA1
470395562a2e493494aa3428ada053223438bf04

SHA256
6dd1eecc9d0bfbe24d80fe02d0cd4d328bba24032fa6e9936afa1281ed02fbb6

SHA512
8ac57e2b0b0da133d6214cac69d064531b3baa5a42339a90f2a11c70f033cb22f33eab4bd07dd1af3707797f53ab7cc7d6218e4d96b1ae73d39568d43f0553a2

Download Submit
C:\Windows\System\QrYFhXJ.exe

Filesize
1.8MB

MD5
abb21ffde49c5b7ffa98b8ec10c51597

SHA1
e335858f5b373dcb47ad5e546dcb479927e6dbcb

SHA256
ac41b16b129a2c3e50bb66d8406aba3f76a439fab7e816246b959b1c48b399b9

SHA512
e0e8124d31eacfeca473a71f559f8e24270301e6f4536fc6d06b7e18e2adb3a017bf45b3eb872cdfde52951fddaf3d844b248663f63f5a8c668874b6d8130e07

Download Submit
C:\Windows\System\RHmvgnE.exe

Filesize
1.8MB

MD5
08f212d9c27286517cb9a28ca083564f

SHA1
4eefc63eb021ca044d6d552a9eb71eb44e07d690

SHA256
43fc70d7b5c5ab7e553fd7457e418ab0f0da71a0d06d329ad582a0c4adbd6664

SHA512
fcdaa17cdc33235d38377c9fbad7b2e2eb7189467e7319bfc16cbb4b694ef7dca948cffd471e75db546037ef546c796cd64a918406ad6e07242aed692ce585fc

Download Submit
C:\Windows\System\RieEoVO.exe

Filesize
1.8MB

MD5
4ce8e75ee241774fe3400ae9c0f91b1e

SHA1
93ea0ce68d672a255606e1ea139bfe1e6d13063a

SHA256
973094b06e653551e5950db4e5b5dd39ddbb46b062cf8c47b4189dd9cd44df33

SHA512
5091866524c646f9078b8a34c2ff2196a8e4c7edda79f5c12ee28d534e935267c81912aa174c116c4387866424e95aa30a7956ae5c406c796e8cb109951d3632

Download Submit
C:\Windows\System\RnguMWx.exe

Filesize
1.8MB

MD5
ac26f58356b43aef88f386b6ca7d9e92

SHA1
fcd8d18e91a01b8d062646314fb8ae5831333540

SHA256
eb2ceb01827264f6543f1842a1aa2284510432782a5d77ec7089756e0da8ff23

SHA512
ea991d6c168a1a4c21eca22db4474f72ff8aed60c3db260a75842d491bdd9ed6aadd3e5e346ff913d87d1ff5aead211fe493d2bc82d9d47b3231f0e73e7f32e3

Download Submit
C:\Windows\System\TXNGJti.exe

Filesize
1.8MB

MD5
a5bcb4758814750580a18da3fb1004e5

SHA1
35725a7a9a9e7545fb9161665f06229c5828a3f1

SHA256
15455b9f5002140a4462a62fef6cf43c5c185a3590438f7616b09c6a681dd844

SHA512
551dc70309e8ef7049343ea02e62fcc41860098010dd209c91e4a8547db5d76b8ac4fe220ffb39a6e89cc86428ec982db0382ad31fdf1e2a7ad596a0312aa203

Download Submit
C:\Windows\System\VzQeTgw.exe

Filesize
1.8MB

MD5
470a41346c516d331c869ab25b375506

SHA1
65f856602a4af76c9825e12b98c178c63a2771fd

SHA256
2a6409b60f2aa7d6d4c0cf623069971d50b671c07f57e122d3dbfec98733b641

SHA512
3d0a55ee90585da127889a345ec18c2ec7416ea52f5e35d546c2b019cf72a80dd73f8745630f008c65cf3fc0e0652a4cd0b522e567609b0e8f8db6c45f4ca110

Download Submit
C:\Windows\System\WbPJXyW.exe

Filesize
1.8MB

MD5
4d7813d9b1f776f3e9a1c7ba07ce67cc

SHA1
04829bd412f74abb8fb041fcc04c8782425e9d62

SHA256
fcd7aaafda120b75515ca2a2af4796f5462c5dcd48516f89e9d3af7c448d9584

SHA512
91d2bd02de2ca72f3d43d030d5fe2cbf7cbca8e23e4dec65a06a4ba53a4450b480d6d6deff562c2c158a695ee0b0d06c367a630445e32ca33aa7026d66eea8ff

Download Submit
C:\Windows\System\WbQzVzl.exe

Filesize
1.8MB

MD5
676bb69882c0ba13d8ada887373cde29

SHA1
952c26dbd4b54627cd4bbc016c6c7352132930e3

SHA256
ea3682012849f66bcb2f61aa5feec932b7dbf65be872ce2be8a63193018bf887

SHA512
95b65e8746af31e703cc8d9c700b9f98da8535b3e481fabb3973ac31975dc38f59c2449d5b666cf338058eff550e54605bd0551838106edf5fc52f957f0cdd72

Download Submit
C:\Windows\System\XizTcEl.exe

Filesize
1.8MB

MD5
5e6792c41360c007e2604ca4b507171c

SHA1
791a4d85489b2689666e6ab9900b572817de2cd6

SHA256
60c9e49f597baa5ddb8df09c25c2e88fdbd8f1f829ff3ddc3e2fa3aa14de57fe

SHA512
031d12adb110aa93d1d24a26a4ab8e3df0b59d11078f938bdeb22f13b4fa0d35222795f8e3a8886f2c0570cf0812642e5529a246d7d66f48d087465c678fe2b0

Download Submit
C:\Windows\System\YQPqIqq.exe

Filesize
1.8MB

MD5
ca987e1f16032d085f4229f80121b391

SHA1
b334eb2b2cf48138f951dbe9d4a4a855a87de56d

SHA256
e8315eb5886773232681393c663e37b00f269f683aff4765863edd8de61acebc

SHA512
d0626276cb16f54b3b40843e12ef9381ba90bd14d66bf01b94666678093487214f6f3aefca7c9f5f5cbdc6ac63df12e395385431ca752a2708ed35f5407dc365

Download Submit
C:\Windows\System\ZXUkZxO.exe

Filesize
1.8MB

MD5
c38e8c7c1fc52c5869b4ee18abd8c9ad

SHA1
4260473052fac57786a0651ef655325c54703c14

SHA256
ff36039b7b0d4ee21f9115cbf3be09c98c52060e27940eb70e68b51b8ea9b874

SHA512
038ee6a56579de8c05998a88742075ea0e50c10123c015df903065c0abecf5441cac4c8c4a5b24f878d7144c8af6ede6446da65ae0080b5010a7910c97ee7666

Download Submit
C:\Windows\System\bLMGNiy.exe

Filesize
1.8MB

MD5
a1788ad91da31b43008785d31b6f9bfe

SHA1
ca501c44bc991ea6cdeadc764b36a4e3eaae21a5

SHA256
c302bbe9f004bc3c6eed707f65142c7c3f5ff652846dd52f106d5c19c7fb1433

SHA512
598f293c4e26ee70f8c54ac293ac1b0dfe1492c637eb81fe09fce5e740b580174d0211a1befc49c884db71388ba254551a05ee53ad69b895f6d15b80f1db2320

Download Submit
C:\Windows\System\dkNlqHq.exe

Filesize
1.8MB

MD5
97c843a4a1d9e1f9f06c277c0b5a7b48

SHA1
161e1abf02548e5618f6174d1bc9d788123abe3a

SHA256
fe273b809579edb2dd04565209f07a0f124713628eca67f8ea09ff9483adb1c1

SHA512
ae4e19674a08199005d8a93c1b1af63620882ad135c6b5183e400264c61dc7c6fb1b42bfabdce312259960c5f485b602c8b5243290121e737ede2d1017513675

Download Submit
C:\Windows\System\eqlUkQD.exe

Filesize
1.8MB

MD5
41ac1a57dc7d82d3daf4843c0824aef0

SHA1
bf17052db78d3bbafa689c8adeeab4afdd25d05f

SHA256
d12673aa4afa8704ff7a6f2e3b7740919f9cd43593c7ce3f72308598b5149c71

SHA512
50b049e3475f815d7d248381917ea514af016254b3220ead80f4ebbedd8576f3a0f892d26c8e099852a389f0c58f10612ef8499603098a3acdd5c375a12c85c3

Download Submit
C:\Windows\System\foxFdPB.exe

Filesize
1.8MB

MD5
e65006a952f37c51b8ad0e54baeb0288

SHA1
eea3d6e1d64c17ea1126e9f4b22ec939806757bf

SHA256
99820d4a9df1c0b8d70338d3e829aa002b3835ca96b79c5ba5d13270565ed36b

SHA512
1597776e233882ab47ccf8e122704b5e846cd5cf3b282ebb1826bffa7b63dde4d311c5f4ad000807cc9d3ceb85efad65325283440b3f589d3b81c865c32aeedc

Download Submit
C:\Windows\System\hFQiREa.exe

Filesize
1.8MB

MD5
a559060449d9f73110ec81e7404c6fbf

SHA1
d9f09c57ef1290dcac2653e7e23ecde837ec61c8

SHA256
0b8dba30ffa13ff493333f6853e28b2c53527d96c11caf30eb162b263060a4b8

SHA512
336c17d2a17e8e71d582dc3caa0219dc0d7793619180cf04835a7c05cc09bb4704fc8f53afc7260f980cc35d83b0fdb0b35a8abce9ebf08065472880422a50d0

Download Submit
C:\Windows\System\lMqMWIA.exe

Filesize
1.8MB

MD5
31c11fff108524245e34c14c1ff6ad31

SHA1
959183b8d662845fa37e9c1c7c7b48f7e9cd56bb

SHA256
4059ed95e6e6d0064da728a1404fd011768b1216e302a3f9e8d8415bfe1c77e3

SHA512
3101eda9f04c13140f459e5d2650365549ee40c6efc21ae11009882dc231ef460b532a817d5ce3eeac37197f90d50b58d1506c9d4317995138843199d1b151c3

Download Submit
C:\Windows\System\lpAnsDo.exe

Filesize
1.8MB

MD5
556bc83b26e0b47e0126bcf8a67f2a91

SHA1
e87f297a4c6afa75308ceaecae5cf6a35e935030

SHA256
cc53468c6efd676bd4d7319530c582eec9e8f11fac0d93ea8b655d707496b2d4

SHA512
961ac2a803b737d480dbe6bc2610afb329162904d08610ce3217efaba3513642a0e62b5acb4ec3c5a1ba72924ff0dbe24564c958a704f2f5d42e6d877e75d98e

Download Submit
C:\Windows\System\oQdDzYI.exe

Filesize
1.8MB

MD5
c13917d08f44e303fdc2d5443e9cbf91

SHA1
0bc28faba0828c2fb6de3e1ad1ecf8c5f733938d

SHA256
db8ee5eaa2315f681cfa57834781d0cb5be7cb30ee928d27c2830c41d2c1682b

SHA512
6f8394fdf0b16dfcf7db1e956218e8158a31e5bf186b9ade0682ab65c05009411c2782e7bd03c5e36a0330fb4f063434f7da1d2ac16821e1763d65b3db6302f4

Download Submit
C:\Windows\System\prSNimg.exe

Filesize
1.8MB

MD5
acfdbdfb990ec455ebdaf60bf8edc8a9

SHA1
b181aebadffb0dc7ec284c43ad63b235e7f858f2

SHA256
05b6e7c406e649ed899a7d9da51a256f7c7390afd293bb03c9fffae7418629ea

SHA512
2c1d66ae68b1ed56e6a9d1b0b69f3ca4fc745ab0246e9ce20d8144a13f6f3c0c48a0c47e7aa3e6f3a43afbb4d89d7bfaa8460bc86e39e8170dc71aa3144a78bc

Download Submit
C:\Windows\System\pufenvp.exe

Filesize
1.8MB

MD5
183d362aa5b3d56028a837f2389d9325

SHA1
d72e40c5a0c6386cbc5bc556e8878dc373774157

SHA256
802892d841134028380de8ba1129f19248a72651adcda979cc71f99a7dd3720e

SHA512
e27a61c2383d23ac82cfe6ccc702ae211809cb5c2a3a2dd3b3ccbad26c39934987c8fc7b55e53cf31c6b542d246821e78302d858373dde69de887354b23ca58c

Download Submit
C:\Windows\System\qFtywUA.exe

Filesize
1.8MB

MD5
bc9db0c4cdf842e7cc11ab05fde959d6

SHA1
c6b9f63992375a375a47ff062bc696941afce6ff

SHA256
6122bf12a5c6adbfc9aed7a3257a2021fb6c8c2e48a476c46c2e03a8a3c82982

SHA512
282c58df7abd1806989a2a1d1869626d9da20baa11311a2ed9369a8597b74c0b1f35576544dccdf60c250f87dea86371c6cbc7f599708e1ec37cc23d693ebf5f

Download Submit
C:\Windows\System\qfaCCRx.exe

Filesize
1.8MB

MD5
4dc4d4e68644ab887769cba17d741afa

SHA1
b2ab40ab3a4f5b446139fbf45d45bb6b13a74cc0

SHA256
19c9ca7e09741dcc01ecf9d2fa386eb06142127a6ab60254a2c3a061ebb55a00

SHA512
0be5558872494345f4a8258b4ea96afdb3c4e2f28ec772023cb6e25a55154737404ccb90eead17b526916307a189f6c7be060e63116db92b08703e99d3876d93

Download Submit
C:\Windows\System\sSnUpFs.exe

Filesize
1.8MB

MD5
6c98081ae980d11063e5fc3a3d490111

SHA1
3df796830ef6109f512c7636c733da9bb0db0da8

SHA256
d5421609651a1b9184609044bf04b3e5626c07c4bfa04242123580b549414d2c

SHA512
6ef94ad8b3890fdc884c7b1e9637f7d849ea552f8e28e13416a55001ed522393af82696166195d63e8dd3494581c6c5a573d0fac15b8c223e066e0d85b7c22f5

Download Submit
C:\Windows\System\tyvcbHq.exe

Filesize
1.8MB

MD5
40903b8520aa7ab07fa6632062e0bfbf

SHA1
c813cf20c7f1e73edcae8feb3dbfcf3205646646

SHA256
02ae4d245d72365fa3b8a1ee150a6518180945feb36f2a1794e4cc62d45ba648

SHA512
a783f9f0d7af0414ac9e39ca9b3982492bc9dc55a659ae2c427b5dc57275d8dfe0291619532f12f4d7527634d2d554c48edcdb5b9d546ed8d399dfece17fe496

Download Submit
C:\Windows\System\wOPxxiw.exe

Filesize
1.8MB

MD5
2435d7838c269740797885759df2154b

SHA1
c8904b088cb513a30bdcce2025189ec1c39c9fae

SHA256
1b5549b353bd75f0bba7e2a2aa15eb100c1a9ca30773a06c75b529f6ed850f88

SHA512
c75a163337d44ff99f36908c774fad03219bda78de7df714e6db5a0d66f9a9497547818cb1c464792e9c9c3d1899df6aa233015d7e6999e5145a0aad1c5b8781

Download Submit
C:\Windows\System\wWqWJSx.exe

Filesize
1.8MB

MD5
f7fbd86b5e5e1fa57aa8c5c190339de8

SHA1
30e6d11087b9edfc56ff30ef5dae3dd4101d76a4

SHA256
8271e8fa2bf1b041b289e019e438dfcdaafd3db145de3501d8c10f7a643d0ac2

SHA512
25785444cb7cf80aa2a743889017846c0d482154f4d3afc998256fe7fbe7bed13b01f2f9423b488983533068bf759b175fc5b738a9cb20d6b6beaa346a42920e

Download Submit
C:\Windows\System\zOhmyhi.exe

Filesize
1.8MB

MD5
326e46d3d7c17f441db50df064998296

SHA1
4568dc0253050e2c00b07eb7c78863845b53ace0

SHA256
e67c2585418c3da5d5f8b554db40da9159703c66e8c6460b4a634f5a81218aa2

SHA512
bce270cef08de7ee5789e3edf1bbf0744fff9d50cd7924762ce7d13ae5578e745a286c7e56d7a4c29e1e6abb625a5ec1472a814ab75f418ac5a6d53c2801699c

Download Submit
memory/512-20-0x00007FF8AF063000-0x00007FF8AF065000-memory.dmp

Filesize
8KB

Download
memory/512-183-0x00007FF8AF060000-0x00007FF8AFB21000-memory.dmp

Filesize
10.8MB

Download
memory/512-155-0x0000021EFFD20000-0x0000021EFFD42000-memory.dmp

Filesize
136KB

Download
memory/512-79-0x00007FF8AF060000-0x00007FF8AFB21000-memory.dmp

Filesize
10.8MB

Download
memory/1392-425-0x00007FF674830000-0x00007FF674C22000-memory.dmp

Filesize
3.9MB

Download
memory/1392-2833-0x00007FF674830000-0x00007FF674C22000-memory.dmp

Filesize
3.9MB

Download
memory/1460-306-0x00007FF6D5B60000-0x00007FF6D5F52000-memory.dmp

Filesize
3.9MB

Download
memory/1460-2826-0x00007FF6D5B60000-0x00007FF6D5F52000-memory.dmp

Filesize
3.9MB

Download
memory/1904-372-0x00007FF6D8B60000-0x00007FF6D8F52000-memory.dmp

Filesize
3.9MB

Download
memory/1904-2823-0x00007FF6D8B60000-0x00007FF6D8F52000-memory.dmp

Filesize
3.9MB

Download
memory/1912-564-0x00007FF71F220000-0x00007FF71F612000-memory.dmp

Filesize
3.9MB

Download
memory/1912-2853-0x00007FF71F220000-0x00007FF71F612000-memory.dmp

Filesize
3.9MB

Download
memory/2192-559-0x00007FF71F7C0000-0x00007FF71FBB2000-memory.dmp

Filesize
3.9MB

Download
memory/2192-2855-0x00007FF71F7C0000-0x00007FF71FBB2000-memory.dmp

Filesize
3.9MB

Download
memory/2236-552-0x00007FF65C1D0000-0x00007FF65C5C2000-memory.dmp

Filesize
3.9MB

Download
memory/2236-2831-0x00007FF65C1D0000-0x00007FF65C5C2000-memory.dmp

Filesize
3.9MB

Download
memory/2384-2810-0x00007FF741900000-0x00007FF741CF2000-memory.dmp

Filesize
3.9MB

Download
memory/2384-16-0x00007FF741900000-0x00007FF741CF2000-memory.dmp

Filesize
3.9MB

Download
memory/2384-2776-0x00007FF741900000-0x00007FF741CF2000-memory.dmp

Filesize
3.9MB

Download
memory/2472-2821-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp

Filesize
3.9MB

Download
memory/2472-566-0x00007FF6BE2E0000-0x00007FF6BE6D2000-memory.dmp

Filesize
3.9MB

Download
memory/2520-2844-0x00007FF6F20A0000-0x00007FF6F2492000-memory.dmp

Filesize
3.9MB

Download
memory/2520-556-0x00007FF6F20A0000-0x00007FF6F2492000-memory.dmp

Filesize
3.9MB

Download
memory/2608-1-0x000001F661160000-0x000001F661170000-memory.dmp

Filesize
64KB

Download
memory/2608-0-0x00007FF777060000-0x00007FF777452000-memory.dmp

Filesize
3.9MB

Download
memory/2972-2847-0x00007FF6EBEC0000-0x00007FF6EC2B2000-memory.dmp

Filesize
3.9MB

Download
memory/2972-554-0x00007FF6EBEC0000-0x00007FF6EC2B2000-memory.dmp

Filesize
3.9MB

Download
memory/2980-2849-0x00007FF7879C0000-0x00007FF787DB2000-memory.dmp

Filesize
3.9MB

Download
memory/2980-567-0x00007FF7879C0000-0x00007FF787DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-2859-0x00007FF77B000000-0x00007FF77B3F2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-561-0x00007FF77B000000-0x00007FF77B3F2000-memory.dmp

Filesize
3.9MB

Download
memory/3168-2815-0x00007FF62FFB0000-0x00007FF6303A2000-memory.dmp

Filesize
3.9MB

Download
memory/3168-565-0x00007FF62FFB0000-0x00007FF6303A2000-memory.dmp

Filesize
3.9MB

Download
memory/3216-558-0x00007FF691830000-0x00007FF691C22000-memory.dmp

Filesize
3.9MB

Download
memory/3216-2841-0x00007FF691830000-0x00007FF691C22000-memory.dmp

Filesize
3.9MB

Download
memory/3776-562-0x00007FF76B430000-0x00007FF76B822000-memory.dmp

Filesize
3.9MB

Download
memory/3776-2851-0x00007FF76B430000-0x00007FF76B822000-memory.dmp

Filesize
3.9MB

Download
memory/4216-553-0x00007FF6C5460000-0x00007FF6C5852000-memory.dmp

Filesize
3.9MB

Download
memory/4216-2837-0x00007FF6C5460000-0x00007FF6C5852000-memory.dmp

Filesize
3.9MB

Download
memory/4220-2839-0x00007FF766210000-0x00007FF766602000-memory.dmp

Filesize
3.9MB

Download
memory/4220-557-0x00007FF766210000-0x00007FF766602000-memory.dmp

Filesize
3.9MB

Download
memory/4548-232-0x00007FF697050000-0x00007FF697442000-memory.dmp

Filesize
3.9MB

Download
memory/4548-2817-0x00007FF697050000-0x00007FF697442000-memory.dmp

Filesize
3.9MB

Download
memory/4564-2835-0x00007FF7E6B10000-0x00007FF7E6F02000-memory.dmp

Filesize
3.9MB

Download
memory/4564-560-0x00007FF7E6B10000-0x00007FF7E6F02000-memory.dmp

Filesize
3.9MB

Download
memory/4688-555-0x00007FF7EE450000-0x00007FF7EE842000-memory.dmp

Filesize
3.9MB

Download
memory/4688-2846-0x00007FF7EE450000-0x00007FF7EE842000-memory.dmp

Filesize
3.9MB

Download
memory/4708-2819-0x00007FF6E0520000-0x00007FF6E0912000-memory.dmp

Filesize
3.9MB

Download
memory/4708-269-0x00007FF6E0520000-0x00007FF6E0912000-memory.dmp

Filesize
3.9MB

Download
memory/4992-2829-0x00007FF7A6620000-0x00007FF7A6A12000-memory.dmp

Filesize
3.9MB

Download
memory/4992-421-0x00007FF7A6620000-0x00007FF7A6A12000-memory.dmp

Filesize
3.9MB

Download
memory/5064-2827-0x00007FF6AD790000-0x00007FF6ADB82000-memory.dmp

Filesize
3.9MB

Download
memory/5064-492-0x00007FF6AD790000-0x00007FF6ADB82000-memory.dmp

Filesize
3.9MB

Download
memory/5080-2863-0x00007FF66D9F0000-0x00007FF66DDE2000-memory.dmp

Filesize
3.9MB

Download
memory/5080-563-0x00007FF66D9F0000-0x00007FF66DDE2000-memory.dmp

Filesize
3.9MB

Download