xmrig | aa8f0444a786e6b36c88b462815c8dc5b006b580e4b5bcc3efc28100eb25c4cd

Analysis

max time kernel
80s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
Size

1.3MB
MD5

80d2f0837fb7e0ecab303eadf833b8a0
SHA1

4ab249217790b63546eba2939808b331532e8d07
SHA256

aa8f0444a786e6b36c88b462815c8dc5b006b580e4b5bcc3efc28100eb25c4cd
SHA512

c75ce5b663108211cbd9ee41d9c4407186b92f30fcf51173e31e1322eb25866ed4bcde82e3342c7b34411f83be2c0b5a2d686c2d6b16a7e04c811ccc3f0cf897
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZrV5GgCzxcMf8kn1S:Lz071uv4BPMkyW10/w16BWgac2/U

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3240-366-0x00007FF7F8960000-0x00007FF7F8D52000-memory.dmp	xmrig
behavioral2/memory/3368-478-0x00007FF752A60000-0x00007FF752E52000-memory.dmp	xmrig
behavioral2/memory/2204-727-0x00007FF68EC20000-0x00007FF68F012000-memory.dmp	xmrig
behavioral2/memory/1464-730-0x00007FF639D40000-0x00007FF63A132000-memory.dmp	xmrig
behavioral2/memory/3420-733-0x00007FF680D40000-0x00007FF681132000-memory.dmp	xmrig
behavioral2/memory/4940-737-0x00007FF69B5B0000-0x00007FF69B9A2000-memory.dmp	xmrig
behavioral2/memory/884-740-0x00007FF70E2D0000-0x00007FF70E6C2000-memory.dmp	xmrig
behavioral2/memory/4712-752-0x00007FF7B8480000-0x00007FF7B8872000-memory.dmp	xmrig
behavioral2/memory/2948-741-0x00007FF722310000-0x00007FF722702000-memory.dmp	xmrig
behavioral2/memory/3100-739-0x00007FF694B30000-0x00007FF694F22000-memory.dmp	xmrig
behavioral2/memory/3216-738-0x00007FF6DE470000-0x00007FF6DE862000-memory.dmp	xmrig
behavioral2/memory/2816-736-0x00007FF690A40000-0x00007FF690E32000-memory.dmp	xmrig
behavioral2/memory/1640-735-0x00007FF6F9F30000-0x00007FF6FA322000-memory.dmp	xmrig
behavioral2/memory/2520-734-0x00007FF6AA6E0000-0x00007FF6AAAD2000-memory.dmp	xmrig
behavioral2/memory/4312-732-0x00007FF727130000-0x00007FF727522000-memory.dmp	xmrig
behavioral2/memory/3040-731-0x00007FF6EAC30000-0x00007FF6EB022000-memory.dmp	xmrig
behavioral2/memory/1932-729-0x00007FF650150000-0x00007FF650542000-memory.dmp	xmrig
behavioral2/memory/1784-728-0x00007FF612000000-0x00007FF6123F2000-memory.dmp	xmrig
behavioral2/memory/3276-305-0x00007FF7EE0E0000-0x00007FF7EE4D2000-memory.dmp	xmrig
behavioral2/memory/1968-241-0x00007FF70DDC0000-0x00007FF70E1B2000-memory.dmp	xmrig
behavioral2/memory/4472-196-0x00007FF76D990000-0x00007FF76DD82000-memory.dmp	xmrig
behavioral2/memory/2356-147-0x00007FF7AF750000-0x00007FF7AFB42000-memory.dmp	xmrig
behavioral2/memory/640-5541-0x00007FF797380000-0x00007FF797772000-memory.dmp	xmrig
behavioral2/memory/3628-5571-0x00007FF7F0050000-0x00007FF7F0442000-memory.dmp	xmrig
behavioral2/memory/640-5573-0x00007FF797380000-0x00007FF797772000-memory.dmp	xmrig
behavioral2/memory/2948-5575-0x00007FF722310000-0x00007FF722702000-memory.dmp	xmrig
behavioral2/memory/4712-5577-0x00007FF7B8480000-0x00007FF7B8872000-memory.dmp	xmrig
behavioral2/memory/2356-5579-0x00007FF7AF750000-0x00007FF7AFB42000-memory.dmp	xmrig
behavioral2/memory/3276-5581-0x00007FF7EE0E0000-0x00007FF7EE4D2000-memory.dmp	xmrig
behavioral2/memory/3240-5583-0x00007FF7F8960000-0x00007FF7F8D52000-memory.dmp	xmrig
behavioral2/memory/1968-5585-0x00007FF70DDC0000-0x00007FF70E1B2000-memory.dmp	xmrig
behavioral2/memory/3040-5589-0x00007FF6EAC30000-0x00007FF6EB022000-memory.dmp	xmrig
behavioral2/memory/3368-5588-0x00007FF752A60000-0x00007FF752E52000-memory.dmp	xmrig
behavioral2/memory/884-5592-0x00007FF70E2D0000-0x00007FF70E6C2000-memory.dmp	xmrig
behavioral2/memory/4472-5593-0x00007FF76D990000-0x00007FF76DD82000-memory.dmp	xmrig
behavioral2/memory/2204-5595-0x00007FF68EC20000-0x00007FF68F012000-memory.dmp	xmrig
behavioral2/memory/2816-5600-0x00007FF690A40000-0x00007FF690E32000-memory.dmp	xmrig
behavioral2/memory/4312-5604-0x00007FF727130000-0x00007FF727522000-memory.dmp	xmrig
behavioral2/memory/1932-5605-0x00007FF650150000-0x00007FF650542000-memory.dmp	xmrig
behavioral2/memory/3420-5602-0x00007FF680D40000-0x00007FF681132000-memory.dmp	xmrig
behavioral2/memory/1784-5607-0x00007FF612000000-0x00007FF6123F2000-memory.dmp	xmrig
behavioral2/memory/1464-5609-0x00007FF639D40000-0x00007FF63A132000-memory.dmp	xmrig
behavioral2/memory/3216-5696-0x00007FF6DE470000-0x00007FF6DE862000-memory.dmp	xmrig
behavioral2/memory/3100-5707-0x00007FF694B30000-0x00007FF694F22000-memory.dmp	xmrig
behavioral2/memory/4940-5679-0x00007FF69B5B0000-0x00007FF69B9A2000-memory.dmp	xmrig
behavioral2/memory/1640-5655-0x00007FF6F9F30000-0x00007FF6FA322000-memory.dmp	xmrig
behavioral2/memory/2520-5598-0x00007FF6AA6E0000-0x00007FF6AAAD2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

1492 powershell.exe

pid	process
1492	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

YXNeKAc.exeIVLblMF.exeDLJVWRq.exebjaQZmj.exePxETDAc.exenwlkPXn.exeKlmDZKV.exexhDGoMX.exegVCBfYl.exevOBnxNV.exesEtxPsv.exeuuOgGqn.exeVeBTXWJ.exeCkYZvSc.exezWCkkKm.exeEeRiGlk.exeiEFPgvB.exeuWcwYwv.exemfsuqTr.exeBYiUQBl.exeYrnkQGT.exelCYYRxP.exeQdYHDob.exesIBFEMw.exeNjPDvjQ.exeZPfzCNa.exeOIoVLZt.exeTMcNSbS.exewgtictE.exeJowrtQv.exeZSRaKJJ.exewNJrhvw.exewtgZtvC.exeDoTXCHW.exeeAxZryX.exeCVKwpWY.exeqTuGJAr.exefISFtzZ.exeYGtMBqq.exezjltNbE.exeGboLywI.exezHHnIVO.exeDcvWetw.exeGMrreLf.exemaTFQvJ.exeAwEfwoG.exevCYWHNl.exeRMIjdZD.exeQsOsghI.exeWjBcEmB.exexBjyTaq.exeBfEDwCC.exeQGTKhsi.exeaQAEdqj.exeKfZaRUy.exeMVFvREc.exeBRRgGQv.exewQDxjNW.exeROrvKpe.exekDOuVED.exesidCWSl.exeTTyaFyO.exeEOerIjp.exeVclLxWW.exe

pid	process
3628	YXNeKAc.exe
884	IVLblMF.exe
640	DLJVWRq.exe
2948	bjaQZmj.exe
4712	PxETDAc.exe
2356	nwlkPXn.exe
4472	KlmDZKV.exe
1968	xhDGoMX.exe
3276	gVCBfYl.exe
3240	vOBnxNV.exe
3368	sEtxPsv.exe
2204	uuOgGqn.exe
1784	VeBTXWJ.exe
1932	CkYZvSc.exe
1464	zWCkkKm.exe
3040	EeRiGlk.exe
4312	iEFPgvB.exe
3420	uWcwYwv.exe
2520	mfsuqTr.exe
1640	BYiUQBl.exe
2816	YrnkQGT.exe
4940	lCYYRxP.exe
3216	QdYHDob.exe
3100	sIBFEMw.exe
3160	NjPDvjQ.exe
1940	ZPfzCNa.exe
4488	OIoVLZt.exe
2220	TMcNSbS.exe
3424	wgtictE.exe
2328	JowrtQv.exe
4584	ZSRaKJJ.exe
436	wNJrhvw.exe
3180	wtgZtvC.exe
3716	DoTXCHW.exe
4672	eAxZryX.exe
4932	CVKwpWY.exe
404	qTuGJAr.exe
2132	fISFtzZ.exe
1952	YGtMBqq.exe
4484	zjltNbE.exe
1008	GboLywI.exe
3780	zHHnIVO.exe
1056	DcvWetw.exe
2444	GMrreLf.exe
2920	maTFQvJ.exe
4612	AwEfwoG.exe
2960	vCYWHNl.exe
736	RMIjdZD.exe
4404	QsOsghI.exe
3904	WjBcEmB.exe
2252	xBjyTaq.exe
3468	BfEDwCC.exe
1676	QGTKhsi.exe
2676	aQAEdqj.exe
4880	KfZaRUy.exe
864	MVFvREc.exe
740	BRRgGQv.exe
4556	wQDxjNW.exe
1780	ROrvKpe.exe
4536	kDOuVED.exe
3784	sidCWSl.exe
2096	TTyaFyO.exe
2532	EOerIjp.exe
1776	VclLxWW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3956-0-0x00007FF780890000-0x00007FF780C82000-memory.dmp	upx
C:\Windows\System\DLJVWRq.exe	upx
C:\Windows\System\PxETDAc.exe	upx
C:\Windows\System\uuOgGqn.exe	upx
C:\Windows\System\YGtMBqq.exe	upx
behavioral2/memory/3240-366-0x00007FF7F8960000-0x00007FF7F8D52000-memory.dmp	upx
behavioral2/memory/3368-478-0x00007FF752A60000-0x00007FF752E52000-memory.dmp	upx
behavioral2/memory/2204-727-0x00007FF68EC20000-0x00007FF68F012000-memory.dmp	upx
behavioral2/memory/1464-730-0x00007FF639D40000-0x00007FF63A132000-memory.dmp	upx
behavioral2/memory/3420-733-0x00007FF680D40000-0x00007FF681132000-memory.dmp	upx
behavioral2/memory/4940-737-0x00007FF69B5B0000-0x00007FF69B9A2000-memory.dmp	upx
behavioral2/memory/884-740-0x00007FF70E2D0000-0x00007FF70E6C2000-memory.dmp	upx
behavioral2/memory/4712-752-0x00007FF7B8480000-0x00007FF7B8872000-memory.dmp	upx
behavioral2/memory/2948-741-0x00007FF722310000-0x00007FF722702000-memory.dmp	upx
behavioral2/memory/3100-739-0x00007FF694B30000-0x00007FF694F22000-memory.dmp	upx
behavioral2/memory/3216-738-0x00007FF6DE470000-0x00007FF6DE862000-memory.dmp	upx
behavioral2/memory/2816-736-0x00007FF690A40000-0x00007FF690E32000-memory.dmp	upx
behavioral2/memory/1640-735-0x00007FF6F9F30000-0x00007FF6FA322000-memory.dmp	upx
behavioral2/memory/2520-734-0x00007FF6AA6E0000-0x00007FF6AAAD2000-memory.dmp	upx
behavioral2/memory/4312-732-0x00007FF727130000-0x00007FF727522000-memory.dmp	upx
behavioral2/memory/3040-731-0x00007FF6EAC30000-0x00007FF6EB022000-memory.dmp	upx
behavioral2/memory/1932-729-0x00007FF650150000-0x00007FF650542000-memory.dmp	upx
behavioral2/memory/1784-728-0x00007FF612000000-0x00007FF6123F2000-memory.dmp	upx
behavioral2/memory/3276-305-0x00007FF7EE0E0000-0x00007FF7EE4D2000-memory.dmp	upx
behavioral2/memory/1968-241-0x00007FF70DDC0000-0x00007FF70E1B2000-memory.dmp	upx
behavioral2/memory/4472-196-0x00007FF76D990000-0x00007FF76DD82000-memory.dmp	upx
C:\Windows\System\VeBTXWJ.exe	upx
C:\Windows\System\DcvWetw.exe	upx
C:\Windows\System\zHHnIVO.exe	upx
C:\Windows\System\GboLywI.exe	upx
C:\Windows\System\zjltNbE.exe	upx
C:\Windows\System\YrnkQGT.exe	upx
C:\Windows\System\fISFtzZ.exe	upx
C:\Windows\System\BYiUQBl.exe	upx
C:\Windows\System\qTuGJAr.exe	upx
C:\Windows\System\CVKwpWY.exe	upx
C:\Windows\System\mfsuqTr.exe	upx
C:\Windows\System\eAxZryX.exe	upx
C:\Windows\System\DoTXCHW.exe	upx
C:\Windows\System\wtgZtvC.exe	upx
C:\Windows\System\zWCkkKm.exe	upx
C:\Windows\System\CkYZvSc.exe	upx
C:\Windows\System\ZSRaKJJ.exe	upx
behavioral2/memory/2356-147-0x00007FF7AF750000-0x00007FF7AFB42000-memory.dmp	upx
C:\Windows\System\JowrtQv.exe	upx
C:\Windows\System\wgtictE.exe	upx
C:\Windows\System\TMcNSbS.exe	upx
C:\Windows\System\uWcwYwv.exe	upx
C:\Windows\System\iEFPgvB.exe	upx
C:\Windows\System\ZPfzCNa.exe	upx
C:\Windows\System\NjPDvjQ.exe	upx
C:\Windows\System\wNJrhvw.exe	upx
C:\Windows\System\QdYHDob.exe	upx
C:\Windows\System\lCYYRxP.exe	upx
C:\Windows\System\KlmDZKV.exe	upx
C:\Windows\System\OIoVLZt.exe	upx
C:\Windows\System\EeRiGlk.exe	upx
C:\Windows\System\sIBFEMw.exe	upx
C:\Windows\System\vOBnxNV.exe	upx
C:\Windows\System\gVCBfYl.exe	upx
C:\Windows\System\nwlkPXn.exe	upx
C:\Windows\System\sEtxPsv.exe	upx
C:\Windows\System\bjaQZmj.exe	upx
C:\Windows\System\IVLblMF.exe	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

4 raw.githubusercontent.com

flow	ioc
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\gfrhwMm.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\ssMuIIv.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\ifIAmmJ.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\EXQEwXn.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\llcgNCW.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\AzsdwYL.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\AVrEJyI.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\aYrPawk.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\dXVoUFk.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\pyQexQD.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\DihAosg.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\MbApoKI.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\fDFRKLu.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\sACgRnE.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\QupYpDE.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\eATEXba.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\HIRooZt.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\FUEUABI.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\FhZyCss.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\IZFwWEg.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\ccQXdCB.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\cyNQkzA.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\qoKQoWx.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\colMUQk.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\SKpuHwj.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\hOYqhHn.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\GtNRgJu.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\rEXJOIt.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\ONHOIpN.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\AswsnPv.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\XkZMwWN.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\tKfIhjL.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\yzYKOob.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\BLUvTBz.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\ApyJDdq.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\yJAlDsc.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\hoHWXWm.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\GWYnUAU.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\dZImZnW.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\PQJnKlW.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\BGgZBTY.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\AOaGbLK.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\czcjKSU.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\OTpXXbV.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\JEYYmMT.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\CRjvVbo.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\JaCIYVs.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\yLwuUNc.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\QSMneBn.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\CTgwXRo.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\IfrFLKX.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\InDHBVz.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\wWaGuxj.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\CMsZMgg.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\eohnvwq.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\tDtMngn.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\dHNTmxz.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\ZvbSZpi.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\qXTMzVa.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\StGLcLt.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\EHNBgUE.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\svlFgBk.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\RsYjgMm.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
File created	C:\Windows\System\OJdxiKx.exe	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

1492 powershell.exe
1492 powershell.exe
1492 powershell.exe

pid	process
1492	powershell.exe
1492	powershell.exe
1492	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

powershell.exe80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe

description	pid	process
Token: SeDebugPrivilege	1492	powershell.exe
Token: SeLockMemoryPrivilege	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe

description	pid	process	target process
PID 3956 wrote to memory of 1492	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	powershell.exe
PID 3956 wrote to memory of 1492	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	powershell.exe
PID 3956 wrote to memory of 3628	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	YXNeKAc.exe
PID 3956 wrote to memory of 3628	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	YXNeKAc.exe
PID 3956 wrote to memory of 884	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	IVLblMF.exe
PID 3956 wrote to memory of 884	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	IVLblMF.exe
PID 3956 wrote to memory of 640	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	DLJVWRq.exe
PID 3956 wrote to memory of 640	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	DLJVWRq.exe
PID 3956 wrote to memory of 2948	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	bjaQZmj.exe
PID 3956 wrote to memory of 2948	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	bjaQZmj.exe
PID 3956 wrote to memory of 4712	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	PxETDAc.exe
PID 3956 wrote to memory of 4712	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	PxETDAc.exe
PID 3956 wrote to memory of 1968	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	xhDGoMX.exe
PID 3956 wrote to memory of 1968	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	xhDGoMX.exe
PID 3956 wrote to memory of 3240	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	vOBnxNV.exe
PID 3956 wrote to memory of 3240	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	vOBnxNV.exe
PID 3956 wrote to memory of 2356	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	nwlkPXn.exe
PID 3956 wrote to memory of 2356	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	nwlkPXn.exe
PID 3956 wrote to memory of 4472	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	KlmDZKV.exe
PID 3956 wrote to memory of 4472	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	KlmDZKV.exe
PID 3956 wrote to memory of 3276	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	gVCBfYl.exe
PID 3956 wrote to memory of 3276	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	gVCBfYl.exe
PID 3956 wrote to memory of 3368	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	sEtxPsv.exe
PID 3956 wrote to memory of 3368	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	sEtxPsv.exe
PID 3956 wrote to memory of 2204	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	uuOgGqn.exe
PID 3956 wrote to memory of 2204	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	uuOgGqn.exe
PID 3956 wrote to memory of 1784	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	VeBTXWJ.exe
PID 3956 wrote to memory of 1784	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	VeBTXWJ.exe
PID 3956 wrote to memory of 3100	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	sIBFEMw.exe
PID 3956 wrote to memory of 3100	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	sIBFEMw.exe
PID 3956 wrote to memory of 1932	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	CkYZvSc.exe
PID 3956 wrote to memory of 1932	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	CkYZvSc.exe
PID 3956 wrote to memory of 1464	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	zWCkkKm.exe
PID 3956 wrote to memory of 1464	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	zWCkkKm.exe
PID 3956 wrote to memory of 3040	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	EeRiGlk.exe
PID 3956 wrote to memory of 3040	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	EeRiGlk.exe
PID 3956 wrote to memory of 4312	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	iEFPgvB.exe
PID 3956 wrote to memory of 4312	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	iEFPgvB.exe
PID 3956 wrote to memory of 3420	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	uWcwYwv.exe
PID 3956 wrote to memory of 3420	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	uWcwYwv.exe
PID 3956 wrote to memory of 2520	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	mfsuqTr.exe
PID 3956 wrote to memory of 2520	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	mfsuqTr.exe
PID 3956 wrote to memory of 1640	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	BYiUQBl.exe
PID 3956 wrote to memory of 1640	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	BYiUQBl.exe
PID 3956 wrote to memory of 2816	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	YrnkQGT.exe
PID 3956 wrote to memory of 2816	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	YrnkQGT.exe
PID 3956 wrote to memory of 4940	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	lCYYRxP.exe
PID 3956 wrote to memory of 4940	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	lCYYRxP.exe
PID 3956 wrote to memory of 4584	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	ZSRaKJJ.exe
PID 3956 wrote to memory of 4584	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	ZSRaKJJ.exe
PID 3956 wrote to memory of 3216	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	QdYHDob.exe
PID 3956 wrote to memory of 3216	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	QdYHDob.exe
PID 3956 wrote to memory of 3180	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	wtgZtvC.exe
PID 3956 wrote to memory of 3180	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	wtgZtvC.exe
PID 3956 wrote to memory of 3160	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	NjPDvjQ.exe
PID 3956 wrote to memory of 3160	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	NjPDvjQ.exe
PID 3956 wrote to memory of 3716	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	DoTXCHW.exe
PID 3956 wrote to memory of 3716	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	DoTXCHW.exe
PID 3956 wrote to memory of 1940	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	ZPfzCNa.exe
PID 3956 wrote to memory of 1940	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	ZPfzCNa.exe
PID 3956 wrote to memory of 4488	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	OIoVLZt.exe
PID 3956 wrote to memory of 4488	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	OIoVLZt.exe
PID 3956 wrote to memory of 2220	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	TMcNSbS.exe
PID 3956 wrote to memory of 2220	3956	80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe	TMcNSbS.exe

C:\Users\Admin\AppData\Local\Temp\80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\80d2f0837fb7e0ecab303eadf833b8a0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3956

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1492

C:\Windows\System\YXNeKAc.exe
C:\Windows\System\YXNeKAc.exe
2⤵
- Executes dropped EXE
PID:3628

C:\Windows\System\IVLblMF.exe
C:\Windows\System\IVLblMF.exe
2⤵
- Executes dropped EXE
PID:884

C:\Windows\System\DLJVWRq.exe
C:\Windows\System\DLJVWRq.exe
2⤵
- Executes dropped EXE
PID:640

C:\Windows\System\bjaQZmj.exe
C:\Windows\System\bjaQZmj.exe
2⤵
- Executes dropped EXE
PID:2948

C:\Windows\System\PxETDAc.exe
C:\Windows\System\PxETDAc.exe
2⤵
- Executes dropped EXE
PID:4712

C:\Windows\System\xhDGoMX.exe
C:\Windows\System\xhDGoMX.exe
2⤵
- Executes dropped EXE
PID:1968

C:\Windows\System\vOBnxNV.exe
C:\Windows\System\vOBnxNV.exe
2⤵
- Executes dropped EXE
PID:3240

C:\Windows\System\nwlkPXn.exe
C:\Windows\System\nwlkPXn.exe
2⤵
- Executes dropped EXE
PID:2356

C:\Windows\System\KlmDZKV.exe
C:\Windows\System\KlmDZKV.exe
2⤵
- Executes dropped EXE
PID:4472

C:\Windows\System\gVCBfYl.exe
C:\Windows\System\gVCBfYl.exe
2⤵
- Executes dropped EXE
PID:3276

C:\Windows\System\sEtxPsv.exe
C:\Windows\System\sEtxPsv.exe
2⤵
- Executes dropped EXE
PID:3368

C:\Windows\System\uuOgGqn.exe
C:\Windows\System\uuOgGqn.exe
2⤵
- Executes dropped EXE
PID:2204

C:\Windows\System\VeBTXWJ.exe
C:\Windows\System\VeBTXWJ.exe
2⤵
- Executes dropped EXE
PID:1784

C:\Windows\System\sIBFEMw.exe
C:\Windows\System\sIBFEMw.exe
2⤵
- Executes dropped EXE
PID:3100

C:\Windows\System\CkYZvSc.exe
C:\Windows\System\CkYZvSc.exe
2⤵
- Executes dropped EXE
PID:1932

C:\Windows\System\zWCkkKm.exe
C:\Windows\System\zWCkkKm.exe
2⤵
- Executes dropped EXE
PID:1464

C:\Windows\System\EeRiGlk.exe
C:\Windows\System\EeRiGlk.exe
2⤵
- Executes dropped EXE
PID:3040

C:\Windows\System\iEFPgvB.exe
C:\Windows\System\iEFPgvB.exe
2⤵
- Executes dropped EXE
PID:4312

C:\Windows\System\uWcwYwv.exe
C:\Windows\System\uWcwYwv.exe
2⤵
- Executes dropped EXE
PID:3420

C:\Windows\System\mfsuqTr.exe
C:\Windows\System\mfsuqTr.exe
2⤵
- Executes dropped EXE
PID:2520

C:\Windows\System\BYiUQBl.exe
C:\Windows\System\BYiUQBl.exe
2⤵
- Executes dropped EXE
PID:1640

C:\Windows\System\YrnkQGT.exe
C:\Windows\System\YrnkQGT.exe
2⤵
- Executes dropped EXE
PID:2816

C:\Windows\System\lCYYRxP.exe
C:\Windows\System\lCYYRxP.exe
2⤵
- Executes dropped EXE
PID:4940

C:\Windows\System\ZSRaKJJ.exe
C:\Windows\System\ZSRaKJJ.exe
2⤵
- Executes dropped EXE
PID:4584

C:\Windows\System\QdYHDob.exe
C:\Windows\System\QdYHDob.exe
2⤵
- Executes dropped EXE
PID:3216

C:\Windows\System\wtgZtvC.exe
C:\Windows\System\wtgZtvC.exe
2⤵
- Executes dropped EXE
PID:3180

C:\Windows\System\NjPDvjQ.exe
C:\Windows\System\NjPDvjQ.exe
2⤵
- Executes dropped EXE
PID:3160

C:\Windows\System\DoTXCHW.exe
C:\Windows\System\DoTXCHW.exe
2⤵
- Executes dropped EXE
PID:3716

C:\Windows\System\ZPfzCNa.exe
C:\Windows\System\ZPfzCNa.exe
2⤵
- Executes dropped EXE
PID:1940

C:\Windows\System\OIoVLZt.exe
C:\Windows\System\OIoVLZt.exe
2⤵
- Executes dropped EXE
PID:4488

C:\Windows\System\TMcNSbS.exe
C:\Windows\System\TMcNSbS.exe
2⤵
- Executes dropped EXE
PID:2220

C:\Windows\System\wgtictE.exe
C:\Windows\System\wgtictE.exe
2⤵
- Executes dropped EXE
PID:3424

C:\Windows\System\JowrtQv.exe
C:\Windows\System\JowrtQv.exe
2⤵
- Executes dropped EXE
PID:2328

C:\Windows\System\wNJrhvw.exe
C:\Windows\System\wNJrhvw.exe
2⤵
- Executes dropped EXE
PID:436

C:\Windows\System\eAxZryX.exe
C:\Windows\System\eAxZryX.exe
2⤵
- Executes dropped EXE
PID:4672

C:\Windows\System\CVKwpWY.exe
C:\Windows\System\CVKwpWY.exe
2⤵
- Executes dropped EXE
PID:4932

C:\Windows\System\qTuGJAr.exe
C:\Windows\System\qTuGJAr.exe
2⤵
- Executes dropped EXE
PID:404

C:\Windows\System\fISFtzZ.exe
C:\Windows\System\fISFtzZ.exe
2⤵
- Executes dropped EXE
PID:2132

C:\Windows\System\YGtMBqq.exe
C:\Windows\System\YGtMBqq.exe
2⤵
- Executes dropped EXE
PID:1952

C:\Windows\System\zjltNbE.exe
C:\Windows\System\zjltNbE.exe
2⤵
- Executes dropped EXE
PID:4484

C:\Windows\System\GboLywI.exe
C:\Windows\System\GboLywI.exe
2⤵
- Executes dropped EXE
PID:1008

C:\Windows\System\zHHnIVO.exe
C:\Windows\System\zHHnIVO.exe
2⤵
- Executes dropped EXE
PID:3780

C:\Windows\System\DcvWetw.exe
C:\Windows\System\DcvWetw.exe
2⤵
- Executes dropped EXE
PID:1056

C:\Windows\System\GMrreLf.exe
C:\Windows\System\GMrreLf.exe
2⤵
- Executes dropped EXE
PID:2444

C:\Windows\System\aQAEdqj.exe
C:\Windows\System\aQAEdqj.exe
2⤵
- Executes dropped EXE
PID:2676

C:\Windows\System\maTFQvJ.exe
C:\Windows\System\maTFQvJ.exe
2⤵
- Executes dropped EXE
PID:2920

C:\Windows\System\AwEfwoG.exe
C:\Windows\System\AwEfwoG.exe
2⤵
- Executes dropped EXE
PID:4612

C:\Windows\System\EOerIjp.exe
C:\Windows\System\EOerIjp.exe
2⤵
- Executes dropped EXE
PID:2532

C:\Windows\System\vCYWHNl.exe
C:\Windows\System\vCYWHNl.exe
2⤵
- Executes dropped EXE
PID:2960

C:\Windows\System\RMIjdZD.exe
C:\Windows\System\RMIjdZD.exe
2⤵
- Executes dropped EXE
PID:736

C:\Windows\System\QsOsghI.exe
C:\Windows\System\QsOsghI.exe
2⤵
- Executes dropped EXE
PID:4404

C:\Windows\System\yghLFdT.exe
C:\Windows\System\yghLFdT.exe
2⤵
PID:3120

C:\Windows\System\WjBcEmB.exe
C:\Windows\System\WjBcEmB.exe
2⤵
- Executes dropped EXE
PID:3904

C:\Windows\System\xBjyTaq.exe
C:\Windows\System\xBjyTaq.exe
2⤵
- Executes dropped EXE
PID:2252

C:\Windows\System\BfEDwCC.exe
C:\Windows\System\BfEDwCC.exe
2⤵
- Executes dropped EXE
PID:3468

C:\Windows\System\QGTKhsi.exe
C:\Windows\System\QGTKhsi.exe
2⤵
- Executes dropped EXE
PID:1676

C:\Windows\System\KfZaRUy.exe
C:\Windows\System\KfZaRUy.exe
2⤵
- Executes dropped EXE
PID:4880

C:\Windows\System\MVFvREc.exe
C:\Windows\System\MVFvREc.exe
2⤵
- Executes dropped EXE
PID:864

C:\Windows\System\BRRgGQv.exe
C:\Windows\System\BRRgGQv.exe
2⤵
- Executes dropped EXE
PID:740

C:\Windows\System\wQDxjNW.exe
C:\Windows\System\wQDxjNW.exe
2⤵
- Executes dropped EXE
PID:4556

C:\Windows\System\ROrvKpe.exe
C:\Windows\System\ROrvKpe.exe
2⤵
- Executes dropped EXE
PID:1780

C:\Windows\System\kDOuVED.exe
C:\Windows\System\kDOuVED.exe
2⤵
- Executes dropped EXE
PID:4536

C:\Windows\System\sidCWSl.exe
C:\Windows\System\sidCWSl.exe
2⤵
- Executes dropped EXE
PID:3784

C:\Windows\System\TTyaFyO.exe
C:\Windows\System\TTyaFyO.exe
2⤵
- Executes dropped EXE
PID:2096

C:\Windows\System\VclLxWW.exe
C:\Windows\System\VclLxWW.exe
2⤵
- Executes dropped EXE
PID:1776

C:\Windows\System\pHagdpB.exe
C:\Windows\System\pHagdpB.exe
2⤵
PID:3816

C:\Windows\System\DLdexvm.exe
C:\Windows\System\DLdexvm.exe
2⤵
PID:4036

C:\Windows\System\FFzDLpy.exe
C:\Windows\System\FFzDLpy.exe
2⤵
PID:4048

C:\Windows\System\iOLEniO.exe
C:\Windows\System\iOLEniO.exe
2⤵
PID:4296

C:\Windows\System\ZZHjUhe.exe
C:\Windows\System\ZZHjUhe.exe
2⤵
PID:4280

C:\Windows\System\ikpTZJR.exe
C:\Windows\System\ikpTZJR.exe
2⤵
PID:3484

C:\Windows\System\fTkfQsO.exe
C:\Windows\System\fTkfQsO.exe
2⤵
PID:2448

C:\Windows\System\nBkfLmY.exe
C:\Windows\System\nBkfLmY.exe
2⤵
PID:2804

C:\Windows\System\IZRNaeL.exe
C:\Windows\System\IZRNaeL.exe
2⤵
PID:3076

C:\Windows\System\qPNKoMs.exe
C:\Windows\System\qPNKoMs.exe
2⤵
PID:2952

C:\Windows\System\MSRkHVL.exe
C:\Windows\System\MSRkHVL.exe
2⤵
PID:548

C:\Windows\System\OlvFUxL.exe
C:\Windows\System\OlvFUxL.exe
2⤵
PID:3952

C:\Windows\System\DrHMCzO.exe
C:\Windows\System\DrHMCzO.exe
2⤵
PID:1944

C:\Windows\System\DksiJfS.exe
C:\Windows\System\DksiJfS.exe
2⤵
PID:2232

C:\Windows\System\NePmxAs.exe
C:\Windows\System\NePmxAs.exe
2⤵
PID:4676

C:\Windows\System\sFbvgmz.exe
C:\Windows\System\sFbvgmz.exe
2⤵
PID:4812

C:\Windows\System\yRNVZhh.exe
C:\Windows\System\yRNVZhh.exe
2⤵
PID:4148

C:\Windows\System\CPHficJ.exe
C:\Windows\System\CPHficJ.exe
2⤵
PID:3108

C:\Windows\System\TWGMZDp.exe
C:\Windows\System\TWGMZDp.exe
2⤵
PID:4976

C:\Windows\System\SXJORCZ.exe
C:\Windows\System\SXJORCZ.exe
2⤵
PID:5032

C:\Windows\System\xGiBfLv.exe
C:\Windows\System\xGiBfLv.exe
2⤵
PID:1272

C:\Windows\System\JXXGeiF.exe
C:\Windows\System\JXXGeiF.exe
2⤵
PID:1556

C:\Windows\System\shZOoXs.exe
C:\Windows\System\shZOoXs.exe
2⤵
PID:2888

C:\Windows\System\uiaQwlE.exe
C:\Windows\System\uiaQwlE.exe
2⤵
PID:2540

C:\Windows\System\JOlUKKQ.exe
C:\Windows\System\JOlUKKQ.exe
2⤵
PID:5144

C:\Windows\System\TbIWuke.exe
C:\Windows\System\TbIWuke.exe
2⤵
PID:5172

C:\Windows\System\CIyQjfQ.exe
C:\Windows\System\CIyQjfQ.exe
2⤵
PID:5188

C:\Windows\System\VmlVYNH.exe
C:\Windows\System\VmlVYNH.exe
2⤵
PID:5208

C:\Windows\System\XjBhpIp.exe
C:\Windows\System\XjBhpIp.exe
2⤵
PID:5224

C:\Windows\System\QfsmHHh.exe
C:\Windows\System\QfsmHHh.exe
2⤵
PID:5252

C:\Windows\System\DgyQOhe.exe
C:\Windows\System\DgyQOhe.exe
2⤵
PID:5268

C:\Windows\System\QlnePHF.exe
C:\Windows\System\QlnePHF.exe
2⤵
PID:5284

C:\Windows\System\ZsMAOnV.exe
C:\Windows\System\ZsMAOnV.exe
2⤵
PID:5300

C:\Windows\System\GAYWPmI.exe
C:\Windows\System\GAYWPmI.exe
2⤵
PID:5320

C:\Windows\System\vwxGzug.exe
C:\Windows\System\vwxGzug.exe
2⤵
PID:5340

C:\Windows\System\TLbhgLz.exe
C:\Windows\System\TLbhgLz.exe
2⤵
PID:5356

C:\Windows\System\WExhhSg.exe
C:\Windows\System\WExhhSg.exe
2⤵
PID:5376

C:\Windows\System\HOpBPRc.exe
C:\Windows\System\HOpBPRc.exe
2⤵
PID:5392

C:\Windows\System\cThoHrF.exe
C:\Windows\System\cThoHrF.exe
2⤵
PID:5432

C:\Windows\System\XCnrSsF.exe
C:\Windows\System\XCnrSsF.exe
2⤵
PID:5452

C:\Windows\System\FzstxXH.exe
C:\Windows\System\FzstxXH.exe
2⤵
PID:5468

C:\Windows\System\bzZByhd.exe
C:\Windows\System\bzZByhd.exe
2⤵
PID:5484

C:\Windows\System\gKkXlRJ.exe
C:\Windows\System\gKkXlRJ.exe
2⤵
PID:5516

C:\Windows\System\HRShyse.exe
C:\Windows\System\HRShyse.exe
2⤵
PID:5532

C:\Windows\System\OLGIgOl.exe
C:\Windows\System\OLGIgOl.exe
2⤵
PID:5556

C:\Windows\System\clIGtKI.exe
C:\Windows\System\clIGtKI.exe
2⤵
PID:5572

C:\Windows\System\YCtDYZT.exe
C:\Windows\System\YCtDYZT.exe
2⤵
PID:5592

C:\Windows\System\HlRSUcM.exe
C:\Windows\System\HlRSUcM.exe
2⤵
PID:5608

C:\Windows\System\sCkFLFr.exe
C:\Windows\System\sCkFLFr.exe
2⤵
PID:5628

C:\Windows\System\wLZjDDS.exe
C:\Windows\System\wLZjDDS.exe
2⤵
PID:5656

C:\Windows\System\ZMmLsmO.exe
C:\Windows\System\ZMmLsmO.exe
2⤵
PID:5672

C:\Windows\System\RmjEDnE.exe
C:\Windows\System\RmjEDnE.exe
2⤵
PID:5688

C:\Windows\System\FoUCOde.exe
C:\Windows\System\FoUCOde.exe
2⤵
PID:5712

C:\Windows\System\CLMJaSe.exe
C:\Windows\System\CLMJaSe.exe
2⤵
PID:5728

C:\Windows\System\LqwWwQy.exe
C:\Windows\System\LqwWwQy.exe
2⤵
PID:5748

C:\Windows\System\QSsQYxo.exe
C:\Windows\System\QSsQYxo.exe
2⤵
PID:5764

C:\Windows\System\mVUPFfh.exe
C:\Windows\System\mVUPFfh.exe
2⤵
PID:5784

C:\Windows\System\dsBVnpI.exe
C:\Windows\System\dsBVnpI.exe
2⤵
PID:5800

C:\Windows\System\MXfzFEu.exe
C:\Windows\System\MXfzFEu.exe
2⤵
PID:5828

C:\Windows\System\dzCBtvd.exe
C:\Windows\System\dzCBtvd.exe
2⤵
PID:5844

C:\Windows\System\NghLFDW.exe
C:\Windows\System\NghLFDW.exe
2⤵
PID:5864

C:\Windows\System\HNTqCrt.exe
C:\Windows\System\HNTqCrt.exe
2⤵
PID:5884

C:\Windows\System\wmJVRzX.exe
C:\Windows\System\wmJVRzX.exe
2⤵
PID:5920

C:\Windows\System\iRqdDTt.exe
C:\Windows\System\iRqdDTt.exe
2⤵
PID:5948

C:\Windows\System\CnBJWDn.exe
C:\Windows\System\CnBJWDn.exe
2⤵
PID:5968

C:\Windows\System\mkAqJNU.exe
C:\Windows\System\mkAqJNU.exe
2⤵
PID:5984

C:\Windows\System\tMCYImC.exe
C:\Windows\System\tMCYImC.exe
2⤵
PID:6004

C:\Windows\System\RNixoRG.exe
C:\Windows\System\RNixoRG.exe
2⤵
PID:6024

C:\Windows\System\XdNmjBt.exe
C:\Windows\System\XdNmjBt.exe
2⤵
PID:6044

C:\Windows\System\SiWJlEZ.exe
C:\Windows\System\SiWJlEZ.exe
2⤵
PID:6064

C:\Windows\System\cMrCvSA.exe
C:\Windows\System\cMrCvSA.exe
2⤵
PID:6080

C:\Windows\System\sXJscdT.exe
C:\Windows\System\sXJscdT.exe
2⤵
PID:6104

C:\Windows\System\QEYxlhm.exe
C:\Windows\System\QEYxlhm.exe
2⤵
PID:6120

C:\Windows\System\AFMnaxr.exe
C:\Windows\System\AFMnaxr.exe
2⤵
PID:2944

C:\Windows\System\HTjpXqa.exe
C:\Windows\System\HTjpXqa.exe
2⤵
PID:1156

C:\Windows\System\qjRdSez.exe
C:\Windows\System\qjRdSez.exe
2⤵
PID:3456

C:\Windows\System\orwxgsJ.exe
C:\Windows\System\orwxgsJ.exe
2⤵
PID:1788

C:\Windows\System\pFvMmmo.exe
C:\Windows\System\pFvMmmo.exe
2⤵
PID:3620

C:\Windows\System\NKEEEeV.exe
C:\Windows\System\NKEEEeV.exe
2⤵
PID:4724

C:\Windows\System\bazeFDT.exe
C:\Windows\System\bazeFDT.exe
2⤵
PID:3356

C:\Windows\System\ipxLoPC.exe
C:\Windows\System\ipxLoPC.exe
2⤵
PID:2572

C:\Windows\System\qbtuCIA.exe
C:\Windows\System\qbtuCIA.exe
2⤵
PID:2168

C:\Windows\System\VCpPPSU.exe
C:\Windows\System\VCpPPSU.exe
2⤵
PID:5136

C:\Windows\System\aJBnuwj.exe
C:\Windows\System\aJBnuwj.exe
2⤵
PID:4756

C:\Windows\System\rKjRlLz.exe
C:\Windows\System\rKjRlLz.exe
2⤵
PID:5348

C:\Windows\System\LSswyyH.exe
C:\Windows\System\LSswyyH.exe
2⤵
PID:5088

C:\Windows\System\jSqugBS.exe
C:\Windows\System\jSqugBS.exe
2⤵
PID:776

C:\Windows\System\xLuCplo.exe
C:\Windows\System\xLuCplo.exe
2⤵
PID:220

C:\Windows\System\YqjNfiA.exe
C:\Windows\System\YqjNfiA.exe
2⤵
PID:5444

C:\Windows\System\JpKxuSx.exe
C:\Windows\System\JpKxuSx.exe
2⤵
PID:1304

C:\Windows\System\WhziKJx.exe
C:\Windows\System\WhziKJx.exe
2⤵
PID:1476

C:\Windows\System\AsELQtP.exe
C:\Windows\System\AsELQtP.exe
2⤵
PID:5460

C:\Windows\System\NXtnufx.exe
C:\Windows\System\NXtnufx.exe
2⤵
PID:6156

C:\Windows\System\OWBxzSM.exe
C:\Windows\System\OWBxzSM.exe
2⤵
PID:6180

C:\Windows\System\piYisbB.exe
C:\Windows\System\piYisbB.exe
2⤵
PID:6196

C:\Windows\System\MybvZBY.exe
C:\Windows\System\MybvZBY.exe
2⤵
PID:6220

C:\Windows\System\dRPNjTI.exe
C:\Windows\System\dRPNjTI.exe
2⤵
PID:6240

C:\Windows\System\YjMmgDn.exe
C:\Windows\System\YjMmgDn.exe
2⤵
PID:6256

C:\Windows\System\NvbJQxc.exe
C:\Windows\System\NvbJQxc.exe
2⤵
PID:6276

C:\Windows\System\DFUoDGe.exe
C:\Windows\System\DFUoDGe.exe
2⤵
PID:6300

C:\Windows\System\LxXuMHv.exe
C:\Windows\System\LxXuMHv.exe
2⤵
PID:6320

C:\Windows\System\QHUXgAy.exe
C:\Windows\System\QHUXgAy.exe
2⤵
PID:6484

C:\Windows\System\zeMbSTg.exe
C:\Windows\System\zeMbSTg.exe
2⤵
PID:6520

C:\Windows\System\eaVJZzu.exe
C:\Windows\System\eaVJZzu.exe
2⤵
PID:6536

C:\Windows\System\Ohleviq.exe
C:\Windows\System\Ohleviq.exe
2⤵
PID:6556

C:\Windows\System\akKMmij.exe
C:\Windows\System\akKMmij.exe
2⤵
PID:6576

C:\Windows\System\gpyFytK.exe
C:\Windows\System\gpyFytK.exe
2⤵
PID:6592

C:\Windows\System\aIIydyj.exe
C:\Windows\System\aIIydyj.exe
2⤵
PID:6612

C:\Windows\System\DlMaaLS.exe
C:\Windows\System\DlMaaLS.exe
2⤵
PID:6640

C:\Windows\System\kliMqDG.exe
C:\Windows\System\kliMqDG.exe
2⤵
PID:6656

C:\Windows\System\SlFSBYj.exe
C:\Windows\System\SlFSBYj.exe
2⤵
PID:6684

C:\Windows\System\USAPtSI.exe
C:\Windows\System\USAPtSI.exe
2⤵
PID:6700

C:\Windows\System\DkAGGhC.exe
C:\Windows\System\DkAGGhC.exe
2⤵
PID:6716

C:\Windows\System\sPLKDOT.exe
C:\Windows\System\sPLKDOT.exe
2⤵
PID:6732

C:\Windows\System\SEwJKfp.exe
C:\Windows\System\SEwJKfp.exe
2⤵
PID:6748

C:\Windows\System\anwSjCK.exe
C:\Windows\System\anwSjCK.exe
2⤵
PID:6768

C:\Windows\System\xsIoDGj.exe
C:\Windows\System\xsIoDGj.exe
2⤵
PID:6792

C:\Windows\System\IQDdgJq.exe
C:\Windows\System\IQDdgJq.exe
2⤵
PID:6812

C:\Windows\System\FIguVwg.exe
C:\Windows\System\FIguVwg.exe
2⤵
PID:6832

C:\Windows\System\IOlXTgb.exe
C:\Windows\System\IOlXTgb.exe
2⤵
PID:6848

C:\Windows\System\DQcfpTY.exe
C:\Windows\System\DQcfpTY.exe
2⤵
PID:6872

C:\Windows\System\TOUWmbb.exe
C:\Windows\System\TOUWmbb.exe
2⤵
PID:6896

C:\Windows\System\UudOLhR.exe
C:\Windows\System\UudOLhR.exe
2⤵
PID:6916

C:\Windows\System\nKVuNhV.exe
C:\Windows\System\nKVuNhV.exe
2⤵
PID:6936

C:\Windows\System\bvueIBk.exe
C:\Windows\System\bvueIBk.exe
2⤵
PID:6960

C:\Windows\System\QmwDBgM.exe
C:\Windows\System\QmwDBgM.exe
2⤵
PID:6988

C:\Windows\System\onlJDZJ.exe
C:\Windows\System\onlJDZJ.exe
2⤵
PID:7012

C:\Windows\System\ZaCNsGP.exe
C:\Windows\System\ZaCNsGP.exe
2⤵
PID:7028

C:\Windows\System\RaAhJhI.exe
C:\Windows\System\RaAhJhI.exe
2⤵
PID:7044

C:\Windows\System\QkcFWHs.exe
C:\Windows\System\QkcFWHs.exe
2⤵
PID:7068

C:\Windows\System\xYzmtSW.exe
C:\Windows\System\xYzmtSW.exe
2⤵
PID:7096

C:\Windows\System\uLNKaQk.exe
C:\Windows\System\uLNKaQk.exe
2⤵
PID:7112

C:\Windows\System\SPCqikR.exe
C:\Windows\System\SPCqikR.exe
2⤵
PID:7128

C:\Windows\System\wVyAglh.exe
C:\Windows\System\wVyAglh.exe
2⤵
PID:7156

C:\Windows\System\nsHVbNA.exe
C:\Windows\System\nsHVbNA.exe
2⤵
PID:5132

C:\Windows\System\TtrnMfm.exe
C:\Windows\System\TtrnMfm.exe
2⤵
PID:960

C:\Windows\System\LhvlmoU.exe
C:\Windows\System\LhvlmoU.exe
2⤵
PID:4372

C:\Windows\System\hNHASOM.exe
C:\Windows\System\hNHASOM.exe
2⤵
PID:2996

C:\Windows\System\XkufKOm.exe
C:\Windows\System\XkufKOm.exe
2⤵
PID:4368

C:\Windows\System\RcHOpSN.exe
C:\Windows\System\RcHOpSN.exe
2⤵
PID:5384

C:\Windows\System\WbGfEpf.exe
C:\Windows\System\WbGfEpf.exe
2⤵
PID:380

C:\Windows\System\siAQuAj.exe
C:\Windows\System\siAQuAj.exe
2⤵
PID:6020

C:\Windows\System\VMuRnRM.exe
C:\Windows\System\VMuRnRM.exe
2⤵
PID:6088

C:\Windows\System\GGNeIlL.exe
C:\Windows\System\GGNeIlL.exe
2⤵
PID:6128

C:\Windows\System\AzNILBq.exe
C:\Windows\System\AzNILBq.exe
2⤵
PID:4904

C:\Windows\System\dAsNmZe.exe
C:\Windows\System\dAsNmZe.exe
2⤵
PID:4688

C:\Windows\System\YPTkwsX.exe
C:\Windows\System\YPTkwsX.exe
2⤵
PID:2468

C:\Windows\System\GZYjNnQ.exe
C:\Windows\System\GZYjNnQ.exe
2⤵
PID:3140

C:\Windows\System\GeqFyik.exe
C:\Windows\System\GeqFyik.exe
2⤵
PID:6312

C:\Windows\System\hBcNMUO.exe
C:\Windows\System\hBcNMUO.exe
2⤵
PID:5152

C:\Windows\System\BBzGVby.exe
C:\Windows\System\BBzGVby.exe
2⤵
PID:6352

C:\Windows\System\FxEOJgu.exe
C:\Windows\System\FxEOJgu.exe
2⤵
PID:6372

C:\Windows\System\iMUvynK.exe
C:\Windows\System\iMUvynK.exe
2⤵
PID:6396

C:\Windows\System\VePXIEj.exe
C:\Windows\System\VePXIEj.exe
2⤵
PID:5180

C:\Windows\System\juaKNJn.exe
C:\Windows\System\juaKNJn.exe
2⤵
PID:6436

C:\Windows\System\GonkoiY.exe
C:\Windows\System\GonkoiY.exe
2⤵
PID:6452

C:\Windows\System\MPDPWsO.exe
C:\Windows\System\MPDPWsO.exe
2⤵
PID:6468

C:\Windows\System\yjINSwo.exe
C:\Windows\System\yjINSwo.exe
2⤵
PID:5220

C:\Windows\System\Hihfspj.exe
C:\Windows\System\Hihfspj.exe
2⤵
PID:7172

C:\Windows\System\akGORKL.exe
C:\Windows\System\akGORKL.exe
2⤵
PID:7196

C:\Windows\System\gRqpKDK.exe
C:\Windows\System\gRqpKDK.exe
2⤵
PID:7216

C:\Windows\System\eFXtlIg.exe
C:\Windows\System\eFXtlIg.exe
2⤵
PID:7240

C:\Windows\System\wnoLcOA.exe
C:\Windows\System\wnoLcOA.exe
2⤵
PID:7264

C:\Windows\System\uCOrkhw.exe
C:\Windows\System\uCOrkhw.exe
2⤵
PID:7284

C:\Windows\System\oaeutzi.exe
C:\Windows\System\oaeutzi.exe
2⤵
PID:7300

C:\Windows\System\WEdLhEc.exe
C:\Windows\System\WEdLhEc.exe
2⤵
PID:7316

C:\Windows\System\CTkBuIh.exe
C:\Windows\System\CTkBuIh.exe
2⤵
PID:7332

C:\Windows\System\FWANykT.exe
C:\Windows\System\FWANykT.exe
2⤵
PID:7348

C:\Windows\System\yVSMTee.exe
C:\Windows\System\yVSMTee.exe
2⤵
PID:7364

C:\Windows\System\AgjqYzf.exe
C:\Windows\System\AgjqYzf.exe
2⤵
PID:7392

C:\Windows\System\llDkrkY.exe
C:\Windows\System\llDkrkY.exe
2⤵
PID:7408

C:\Windows\System\VjGyBGq.exe
C:\Windows\System\VjGyBGq.exe
2⤵
PID:7428

C:\Windows\System\pkTRwCe.exe
C:\Windows\System\pkTRwCe.exe
2⤵
PID:7452

C:\Windows\System\WXqSWKh.exe
C:\Windows\System\WXqSWKh.exe
2⤵
PID:7468

C:\Windows\System\jGoVrnl.exe
C:\Windows\System\jGoVrnl.exe
2⤵
PID:7544

C:\Windows\System\NnNuEOY.exe
C:\Windows\System\NnNuEOY.exe
2⤵
PID:7564

C:\Windows\System\hnMzTWT.exe
C:\Windows\System\hnMzTWT.exe
2⤵
PID:7580

C:\Windows\System\eiaZcpu.exe
C:\Windows\System\eiaZcpu.exe
2⤵
PID:7596

C:\Windows\System\HBNkDpo.exe
C:\Windows\System\HBNkDpo.exe
2⤵
PID:7620

C:\Windows\System\HnRBgcC.exe
C:\Windows\System\HnRBgcC.exe
2⤵
PID:7636

C:\Windows\System\HkOAkaf.exe
C:\Windows\System\HkOAkaf.exe
2⤵
PID:7660

C:\Windows\System\nJzaIWW.exe
C:\Windows\System\nJzaIWW.exe
2⤵
PID:7688

C:\Windows\System\DBBZWJN.exe
C:\Windows\System\DBBZWJN.exe
2⤵
PID:7704

C:\Windows\System\wGsgUyT.exe
C:\Windows\System\wGsgUyT.exe
2⤵
PID:7732

C:\Windows\System\bJnOPgC.exe
C:\Windows\System\bJnOPgC.exe
2⤵
PID:7752

C:\Windows\System\SiTeidY.exe
C:\Windows\System\SiTeidY.exe
2⤵
PID:7772

C:\Windows\System\WOhPfNB.exe
C:\Windows\System\WOhPfNB.exe
2⤵
PID:7788

C:\Windows\System\VsYIOxE.exe
C:\Windows\System\VsYIOxE.exe
2⤵
PID:7816

C:\Windows\System\zlVrxVj.exe
C:\Windows\System\zlVrxVj.exe
2⤵
PID:7836

C:\Windows\System\CyOPMTk.exe
C:\Windows\System\CyOPMTk.exe
2⤵
PID:7852

C:\Windows\System\zLowxbm.exe
C:\Windows\System\zLowxbm.exe
2⤵
PID:7868

C:\Windows\System\NNXWkgO.exe
C:\Windows\System\NNXWkgO.exe
2⤵
PID:7888

C:\Windows\System\ITztsQa.exe
C:\Windows\System\ITztsQa.exe
2⤵
PID:7904

C:\Windows\System\VvnxlbP.exe
C:\Windows\System\VvnxlbP.exe
2⤵
PID:7928

C:\Windows\System\bguqIsS.exe
C:\Windows\System\bguqIsS.exe
2⤵
PID:7956

C:\Windows\System\PXZauxI.exe
C:\Windows\System\PXZauxI.exe
2⤵
PID:7976

C:\Windows\System\CQEIfNQ.exe
C:\Windows\System\CQEIfNQ.exe
2⤵
PID:7992

C:\Windows\System\mModHVq.exe
C:\Windows\System\mModHVq.exe
2⤵
PID:8016

C:\Windows\System\FTDDbML.exe
C:\Windows\System\FTDDbML.exe
2⤵
PID:8032

C:\Windows\System\rTQfUcF.exe
C:\Windows\System\rTQfUcF.exe
2⤵
PID:8060

C:\Windows\System\FZnokQc.exe
C:\Windows\System\FZnokQc.exe
2⤵
PID:8096

C:\Windows\System\JMfEqLo.exe
C:\Windows\System\JMfEqLo.exe
2⤵
PID:8120

C:\Windows\System\AyskNFJ.exe
C:\Windows\System\AyskNFJ.exe
2⤵
PID:8140

C:\Windows\System\DUBOZoR.exe
C:\Windows\System\DUBOZoR.exe
2⤵
PID:8156

C:\Windows\System\gYLzLIi.exe
C:\Windows\System\gYLzLIi.exe
2⤵
PID:8172

C:\Windows\System\wEDGxld.exe
C:\Windows\System\wEDGxld.exe
2⤵
PID:6904

C:\Windows\System\AxzuYsK.exe
C:\Windows\System\AxzuYsK.exe
2⤵
PID:6944

C:\Windows\System\OAxkfvb.exe
C:\Windows\System\OAxkfvb.exe
2⤵
PID:5976

C:\Windows\System\VgdZsAY.exe
C:\Windows\System\VgdZsAY.exe
2⤵
PID:1300

C:\Windows\System\bdWDQmK.exe
C:\Windows\System\bdWDQmK.exe
2⤵
PID:32

C:\Windows\System\QQuexgW.exe
C:\Windows\System\QQuexgW.exe
2⤵
PID:6284

C:\Windows\System\cgbfsev.exe
C:\Windows\System\cgbfsev.exe
2⤵
PID:6492

C:\Windows\System\mHfQqPA.exe
C:\Windows\System\mHfQqPA.exe
2⤵
PID:6264

C:\Windows\System\pxdLqwA.exe
C:\Windows\System\pxdLqwA.exe
2⤵
PID:6208

C:\Windows\System\ePrJvOD.exe
C:\Windows\System\ePrJvOD.exe
2⤵
PID:6172

C:\Windows\System\qIIIYVn.exe
C:\Windows\System\qIIIYVn.exe
2⤵
PID:7784

C:\Windows\System\kYlsbYH.exe
C:\Windows\System\kYlsbYH.exe
2⤵
PID:8012

C:\Windows\System\ValFODf.exe
C:\Windows\System\ValFODf.exe
2⤵
PID:8136

C:\Windows\System\uozQYwR.exe
C:\Windows\System\uozQYwR.exe
2⤵
PID:3212

C:\Windows\System\jDHJaMM.exe
C:\Windows\System\jDHJaMM.exe
2⤵
PID:7108

C:\Windows\System\Mlngxnb.exe
C:\Windows\System\Mlngxnb.exe
2⤵
PID:4376

C:\Windows\System\KQOgAAb.exe
C:\Windows\System\KQOgAAb.exe
2⤵
PID:8208

C:\Windows\System\UOjcNre.exe
C:\Windows\System\UOjcNre.exe
2⤵
PID:8232

C:\Windows\System\QTOaRpC.exe
C:\Windows\System\QTOaRpC.exe
2⤵
PID:8248

C:\Windows\System\SAVZyZp.exe
C:\Windows\System\SAVZyZp.exe
2⤵
PID:8264

C:\Windows\System\DBroERg.exe
C:\Windows\System\DBroERg.exe
2⤵
PID:8280

C:\Windows\System\NPyZXKE.exe
C:\Windows\System\NPyZXKE.exe
2⤵
PID:8296

C:\Windows\System\ZCbtemH.exe
C:\Windows\System\ZCbtemH.exe
2⤵
PID:8312

C:\Windows\System\eAEDOGS.exe
C:\Windows\System\eAEDOGS.exe
2⤵
PID:8328

C:\Windows\System\hKIJFIq.exe
C:\Windows\System\hKIJFIq.exe
2⤵
PID:8352

C:\Windows\System\QjQXjtk.exe
C:\Windows\System\QjQXjtk.exe
2⤵
PID:8368

C:\Windows\System\hXaGfbo.exe
C:\Windows\System\hXaGfbo.exe
2⤵
PID:8384

C:\Windows\System\KpsdjGp.exe
C:\Windows\System\KpsdjGp.exe
2⤵
PID:8400

C:\Windows\System\OulYDtO.exe
C:\Windows\System\OulYDtO.exe
2⤵
PID:8420

C:\Windows\System\SxaGzqi.exe
C:\Windows\System\SxaGzqi.exe
2⤵
PID:8444

C:\Windows\System\LbwmOdT.exe
C:\Windows\System\LbwmOdT.exe
2⤵
PID:8464

C:\Windows\System\YHZOhBL.exe
C:\Windows\System\YHZOhBL.exe
2⤵
PID:8484

C:\Windows\System\dxUTFws.exe
C:\Windows\System\dxUTFws.exe
2⤵
PID:8500

C:\Windows\System\AKIkauC.exe
C:\Windows\System\AKIkauC.exe
2⤵
PID:8520

C:\Windows\System\chUXndw.exe
C:\Windows\System\chUXndw.exe
2⤵
PID:8540

C:\Windows\System\qWQMsIi.exe
C:\Windows\System\qWQMsIi.exe
2⤵
PID:8556

C:\Windows\System\gQVLidr.exe
C:\Windows\System\gQVLidr.exe
2⤵
PID:8580

C:\Windows\System\KbYpvrX.exe
C:\Windows\System\KbYpvrX.exe
2⤵
PID:8604

C:\Windows\System\zZbHyAr.exe
C:\Windows\System\zZbHyAr.exe
2⤵
PID:8628

C:\Windows\System\eBaJzYf.exe
C:\Windows\System\eBaJzYf.exe
2⤵
PID:8648

C:\Windows\System\LbKJraj.exe
C:\Windows\System\LbKJraj.exe
2⤵
PID:8668

C:\Windows\System\bwigBvg.exe
C:\Windows\System\bwigBvg.exe
2⤵
PID:8692

C:\Windows\System\afpXpei.exe
C:\Windows\System\afpXpei.exe
2⤵
PID:8716

C:\Windows\System\ypnxKNN.exe
C:\Windows\System\ypnxKNN.exe
2⤵
PID:8740

C:\Windows\System\LpTCHIn.exe
C:\Windows\System\LpTCHIn.exe
2⤵
PID:8772

C:\Windows\System\lifmfsZ.exe
C:\Windows\System\lifmfsZ.exe
2⤵
PID:8792

C:\Windows\System\dUHcoMl.exe
C:\Windows\System\dUHcoMl.exe
2⤵
PID:8816

C:\Windows\System\kRGJuQR.exe
C:\Windows\System\kRGJuQR.exe
2⤵
PID:8836

C:\Windows\System\hwzYZMr.exe
C:\Windows\System\hwzYZMr.exe
2⤵
PID:8856

C:\Windows\System\NOYPoOJ.exe
C:\Windows\System\NOYPoOJ.exe
2⤵
PID:8884

C:\Windows\System\vIThQpV.exe
C:\Windows\System\vIThQpV.exe
2⤵
PID:8920

C:\Windows\System\uYbJFcP.exe
C:\Windows\System\uYbJFcP.exe
2⤵
PID:8948

C:\Windows\System\SRHQwzT.exe
C:\Windows\System\SRHQwzT.exe
2⤵
PID:8964

C:\Windows\System\mUfkPRS.exe
C:\Windows\System\mUfkPRS.exe
2⤵
PID:8984

C:\Windows\System\HCISWNT.exe
C:\Windows\System\HCISWNT.exe
2⤵
PID:9012

C:\Windows\System\PWpkYlf.exe
C:\Windows\System\PWpkYlf.exe
2⤵
PID:9052

C:\Windows\System\REobIoS.exe
C:\Windows\System\REobIoS.exe
2⤵
PID:9072

C:\Windows\System\qAftNTv.exe
C:\Windows\System\qAftNTv.exe
2⤵
PID:9096

C:\Windows\System\oTzFmDo.exe
C:\Windows\System\oTzFmDo.exe
2⤵
PID:9112

C:\Windows\System\OwCPbUm.exe
C:\Windows\System\OwCPbUm.exe
2⤵
PID:9132

C:\Windows\System\XKiLbyN.exe
C:\Windows\System\XKiLbyN.exe
2⤵
PID:9152

C:\Windows\System\TVcamWp.exe
C:\Windows\System\TVcamWp.exe
2⤵
PID:9172

C:\Windows\System\tKThnis.exe
C:\Windows\System\tKThnis.exe
2⤵
PID:9192

C:\Windows\System\QedJWdx.exe
C:\Windows\System\QedJWdx.exe
2⤵
PID:9212

C:\Windows\System\uykdIoE.exe
C:\Windows\System\uykdIoE.exe
2⤵
PID:6404

C:\Windows\System\OwdXWhZ.exe
C:\Windows\System\OwdXWhZ.exe
2⤵
PID:6460

C:\Windows\System\gyPXCvj.exe
C:\Windows\System\gyPXCvj.exe
2⤵
PID:2880

C:\Windows\System\yothuwQ.exe
C:\Windows\System\yothuwQ.exe
2⤵
PID:7592

C:\Windows\System\IwpprtY.exe
C:\Windows\System\IwpprtY.exe
2⤵
PID:7632

C:\Windows\System\FmsisTt.exe
C:\Windows\System\FmsisTt.exe
2⤵
PID:7796

C:\Windows\System\eSLzFes.exe
C:\Windows\System\eSLzFes.exe
2⤵
PID:9220

C:\Windows\System\PEWItap.exe
C:\Windows\System\PEWItap.exe
2⤵
PID:9236

C:\Windows\System\lNtzLsG.exe
C:\Windows\System\lNtzLsG.exe
2⤵
PID:9252

C:\Windows\System\qQYYaSb.exe
C:\Windows\System\qQYYaSb.exe
2⤵
PID:9268

C:\Windows\System\sYfTnlI.exe
C:\Windows\System\sYfTnlI.exe
2⤵
PID:9284

C:\Windows\System\BILlkFx.exe
C:\Windows\System\BILlkFx.exe
2⤵
PID:9300

C:\Windows\System\HoqXOOt.exe
C:\Windows\System\HoqXOOt.exe
2⤵
PID:9324

C:\Windows\System\ZfaQpie.exe
C:\Windows\System\ZfaQpie.exe
2⤵
PID:9348

C:\Windows\System\TxymkCG.exe
C:\Windows\System\TxymkCG.exe
2⤵
PID:9372

C:\Windows\System\VShfIGT.exe
C:\Windows\System\VShfIGT.exe
2⤵
PID:9388

C:\Windows\System\YFJDBTv.exe
C:\Windows\System\YFJDBTv.exe
2⤵
PID:9412

C:\Windows\System\wgkIHuA.exe
C:\Windows\System\wgkIHuA.exe
2⤵
PID:9432

C:\Windows\System\YedcMPt.exe
C:\Windows\System\YedcMPt.exe
2⤵
PID:9488

C:\Windows\System\zyscELn.exe
C:\Windows\System\zyscELn.exe
2⤵
PID:9544

C:\Windows\System\WwTndUK.exe
C:\Windows\System\WwTndUK.exe
2⤵
PID:9572

C:\Windows\System\ukiCJYw.exe
C:\Windows\System\ukiCJYw.exe
2⤵
PID:9592

C:\Windows\System\aspPmTE.exe
C:\Windows\System\aspPmTE.exe
2⤵
PID:9612

C:\Windows\System\GXXFGjB.exe
C:\Windows\System\GXXFGjB.exe
2⤵
PID:9632

C:\Windows\System\tklsMaR.exe
C:\Windows\System\tklsMaR.exe
2⤵
PID:9656

C:\Windows\System\BJwhezi.exe
C:\Windows\System\BJwhezi.exe
2⤵
PID:9672

C:\Windows\System\jJeFPax.exe
C:\Windows\System\jJeFPax.exe
2⤵
PID:9696

C:\Windows\System\AnmxFbT.exe
C:\Windows\System\AnmxFbT.exe
2⤵
PID:9768

C:\Windows\System\ezTqzMu.exe
C:\Windows\System\ezTqzMu.exe
2⤵
PID:9864

C:\Windows\System\ZiisOro.exe
C:\Windows\System\ZiisOro.exe
2⤵
PID:9916

C:\Windows\System\UTGxcef.exe
C:\Windows\System\UTGxcef.exe
2⤵
PID:9932

C:\Windows\System\xfscuik.exe
C:\Windows\System\xfscuik.exe
2⤵
PID:9948

C:\Windows\System\EUMNPNy.exe
C:\Windows\System\EUMNPNy.exe
2⤵
PID:9964

C:\Windows\System\LxHyvjI.exe
C:\Windows\System\LxHyvjI.exe
2⤵
PID:9980

C:\Windows\System\knuZMmE.exe
C:\Windows\System\knuZMmE.exe
2⤵
PID:9996

C:\Windows\System\SPYgWyT.exe
C:\Windows\System\SPYgWyT.exe
2⤵
PID:10016

C:\Windows\System\UpcRNxq.exe
C:\Windows\System\UpcRNxq.exe
2⤵
PID:10032

C:\Windows\System\FZMMCPi.exe
C:\Windows\System\FZMMCPi.exe
2⤵
PID:10056

C:\Windows\System\DeUNWAf.exe
C:\Windows\System\DeUNWAf.exe
2⤵
PID:10076

C:\Windows\System\KHxIyJc.exe
C:\Windows\System\KHxIyJc.exe
2⤵
PID:10096

C:\Windows\System\cKmuKBz.exe
C:\Windows\System\cKmuKBz.exe
2⤵
PID:10120

C:\Windows\System\PzDrFJR.exe
C:\Windows\System\PzDrFJR.exe
2⤵
PID:10136

C:\Windows\System\NNZbpxV.exe
C:\Windows\System\NNZbpxV.exe
2⤵
PID:10160

C:\Windows\System\QgavFbv.exe
C:\Windows\System\QgavFbv.exe
2⤵
PID:10180

C:\Windows\System\fXDFmEo.exe
C:\Windows\System\fXDFmEo.exe
2⤵
PID:10200

C:\Windows\System\qXAGiJR.exe
C:\Windows\System\qXAGiJR.exe
2⤵
PID:10224

C:\Windows\System\VbTtbdo.exe
C:\Windows\System\VbTtbdo.exe
2⤵
PID:7988

C:\Windows\System\JlJBGJU.exe
C:\Windows\System\JlJBGJU.exe
2⤵
PID:8080

C:\Windows\System\dCdOqhH.exe
C:\Windows\System\dCdOqhH.exe
2⤵
PID:6856

C:\Windows\System\jnAtxdV.exe
C:\Windows\System\jnAtxdV.exe
2⤵
PID:7916

C:\Windows\System\pPtiCYh.exe
C:\Windows\System\pPtiCYh.exe
2⤵
PID:5600

C:\Windows\System\fyKEvgd.exe
C:\Windows\System\fyKEvgd.exe
2⤵
PID:2012

C:\Windows\System\RRDSdzu.exe
C:\Windows\System\RRDSdzu.exe
2⤵
PID:5196

C:\Windows\System\GOvvxpC.exe
C:\Windows\System\GOvvxpC.exe
2⤵
PID:8092

C:\Windows\System\awACgDP.exe
C:\Windows\System\awACgDP.exe
2⤵
PID:4840

C:\Windows\System\dRMZHUL.exe
C:\Windows\System\dRMZHUL.exe
2⤵
PID:7696

C:\Windows\System\mFyfEhT.exe
C:\Windows\System\mFyfEhT.exe
2⤵
PID:7760

C:\Windows\System\PkXOEQB.exe
C:\Windows\System\PkXOEQB.exe
2⤵
PID:7884

C:\Windows\System\eqAhgZI.exe
C:\Windows\System\eqAhgZI.exe
2⤵
PID:7844

C:\Windows\System\mNaZPBO.exe
C:\Windows\System\mNaZPBO.exe
2⤵
PID:7944

C:\Windows\System\meeXSQJ.exe
C:\Windows\System\meeXSQJ.exe
2⤵
PID:9248

C:\Windows\System\CciRDCN.exe
C:\Windows\System\CciRDCN.exe
2⤵
PID:9312

C:\Windows\System\ZaBFRVw.exe
C:\Windows\System\ZaBFRVw.exe
2⤵
PID:8052

C:\Windows\System\KcewEdI.exe
C:\Windows\System\KcewEdI.exe
2⤵
PID:5724

C:\Windows\System\kmXmtaL.exe
C:\Windows\System\kmXmtaL.exe
2⤵
PID:7504

C:\Windows\System\vSXjhtq.exe
C:\Windows\System\vSXjhtq.exe
2⤵
PID:8416

C:\Windows\System\exgFvSb.exe
C:\Windows\System\exgFvSb.exe
2⤵
PID:2140

C:\Windows\System\iyiVFpq.exe
C:\Windows\System\iyiVFpq.exe
2⤵
PID:4936

C:\Windows\System\ImEaXnR.exe
C:\Windows\System\ImEaXnR.exe
2⤵
PID:6216

C:\Windows\System\PoIkDoF.exe
C:\Windows\System\PoIkDoF.exe
2⤵
PID:3856

C:\Windows\System\OqTXzHj.exe
C:\Windows\System\OqTXzHj.exe
2⤵
PID:2360

C:\Windows\System\iGPebhh.exe
C:\Windows\System\iGPebhh.exe
2⤵
PID:6932

C:\Windows\System\LWOcYyp.exe
C:\Windows\System\LWOcYyp.exe
2⤵
PID:8760

C:\Windows\System\WwdyjzB.exe
C:\Windows\System\WwdyjzB.exe
2⤵
PID:8872

C:\Windows\System\MozswHZ.exe
C:\Windows\System\MozswHZ.exe
2⤵
PID:8940

C:\Windows\System\RCRlybi.exe
C:\Windows\System\RCRlybi.exe
2⤵
PID:9064

C:\Windows\System\VlogbOq.exe
C:\Windows\System\VlogbOq.exe
2⤵
PID:10264

C:\Windows\System\qGMRtXs.exe
C:\Windows\System\qGMRtXs.exe
2⤵
PID:10284

C:\Windows\System\blZechK.exe
C:\Windows\System\blZechK.exe
2⤵
PID:10300

C:\Windows\System\MNhIJXE.exe
C:\Windows\System\MNhIJXE.exe
2⤵
PID:10324

C:\Windows\System\agzdpdP.exe
C:\Windows\System\agzdpdP.exe
2⤵
PID:10348

C:\Windows\System\vomQSOk.exe
C:\Windows\System\vomQSOk.exe
2⤵
PID:10364

C:\Windows\System\RmeHKXU.exe
C:\Windows\System\RmeHKXU.exe
2⤵
PID:10388

C:\Windows\System\QKsbyVG.exe
C:\Windows\System\QKsbyVG.exe
2⤵
PID:10404

C:\Windows\System\xlbeKex.exe
C:\Windows\System\xlbeKex.exe
2⤵
PID:10428

C:\Windows\System\teBELBY.exe
C:\Windows\System\teBELBY.exe
2⤵
PID:10456

C:\Windows\System\nxqgCpo.exe
C:\Windows\System\nxqgCpo.exe
2⤵
PID:10480

C:\Windows\System\PKRBmnp.exe
C:\Windows\System\PKRBmnp.exe
2⤵
PID:10500

C:\Windows\System\SDApmSD.exe
C:\Windows\System\SDApmSD.exe
2⤵
PID:10520

C:\Windows\System\RfUKBqt.exe
C:\Windows\System\RfUKBqt.exe
2⤵
PID:10556

C:\Windows\System\SrIBTLL.exe
C:\Windows\System\SrIBTLL.exe
2⤵
PID:10576

C:\Windows\System\SXbKvUq.exe
C:\Windows\System\SXbKvUq.exe
2⤵
PID:10596

C:\Windows\System\GnITwjB.exe
C:\Windows\System\GnITwjB.exe
2⤵
PID:10620

C:\Windows\System\NvyVcaa.exe
C:\Windows\System\NvyVcaa.exe
2⤵
PID:10652

C:\Windows\System\IZFIPTs.exe
C:\Windows\System\IZFIPTs.exe
2⤵
PID:10672

C:\Windows\System\PwKxhBN.exe
C:\Windows\System\PwKxhBN.exe
2⤵
PID:10696

C:\Windows\System\JLutYIp.exe
C:\Windows\System\JLutYIp.exe
2⤵
PID:10716

C:\Windows\System\WSjYgUQ.exe
C:\Windows\System\WSjYgUQ.exe
2⤵
PID:10736

C:\Windows\System\KedhNaE.exe
C:\Windows\System\KedhNaE.exe
2⤵
PID:10756

C:\Windows\System\pSpkilG.exe
C:\Windows\System\pSpkilG.exe
2⤵
PID:10776

C:\Windows\System\QoniGeM.exe
C:\Windows\System\QoniGeM.exe
2⤵
PID:10796

C:\Windows\System\CAoxweB.exe
C:\Windows\System\CAoxweB.exe
2⤵
PID:10816

C:\Windows\System\NWmCWBF.exe
C:\Windows\System\NWmCWBF.exe
2⤵
PID:10836

C:\Windows\System\jeVxENN.exe
C:\Windows\System\jeVxENN.exe
2⤵
PID:10856

C:\Windows\System\vddIkKE.exe
C:\Windows\System\vddIkKE.exe
2⤵
PID:10876

C:\Windows\System\SzYVZQA.exe
C:\Windows\System\SzYVZQA.exe
2⤵
PID:10896

C:\Windows\System\NTyNQPV.exe
C:\Windows\System\NTyNQPV.exe
2⤵
PID:10916

C:\Windows\System\SNiqeKb.exe
C:\Windows\System\SNiqeKb.exe
2⤵
PID:10932

C:\Windows\System\KTeohFD.exe
C:\Windows\System\KTeohFD.exe
2⤵
PID:10952

C:\Windows\System\LhOovFN.exe
C:\Windows\System\LhOovFN.exe
2⤵
PID:10968

C:\Windows\System\IJupwOV.exe
C:\Windows\System\IJupwOV.exe
2⤵
PID:10988

C:\Windows\System\saOmppv.exe
C:\Windows\System\saOmppv.exe
2⤵
PID:11004

C:\Windows\System\vUynGkP.exe
C:\Windows\System\vUynGkP.exe
2⤵
PID:11020

C:\Windows\System\nfQvfJV.exe
C:\Windows\System\nfQvfJV.exe
2⤵
PID:11040

C:\Windows\System\UDxgYZU.exe
C:\Windows\System\UDxgYZU.exe
2⤵
PID:11060

C:\Windows\System\PQJnKlW.exe
C:\Windows\System\PQJnKlW.exe
2⤵
PID:11080

C:\Windows\System\QgDhntP.exe
C:\Windows\System\QgDhntP.exe
2⤵
PID:11108

C:\Windows\System\jQgcKUz.exe
C:\Windows\System\jQgcKUz.exe
2⤵
PID:11124

C:\Windows\System\EwkZrZq.exe
C:\Windows\System\EwkZrZq.exe
2⤵
PID:11144

C:\Windows\System\MpkYSFr.exe
C:\Windows\System\MpkYSFr.exe
2⤵
PID:11164

C:\Windows\System\Uvutwhr.exe
C:\Windows\System\Uvutwhr.exe
2⤵
PID:8684

C:\Windows\System\XGfvtlu.exe
C:\Windows\System\XGfvtlu.exe
2⤵
PID:8548

C:\Windows\System\aLfagVD.exe
C:\Windows\System\aLfagVD.exe
2⤵
PID:4056

C:\Windows\System\BJGTsvh.exe
C:\Windows\System\BJGTsvh.exe
2⤵
PID:10280

C:\Windows\System\fNCaxAH.exe
C:\Windows\System\fNCaxAH.exe
2⤵
PID:10508

C:\Windows\System\PUCfKAR.exe
C:\Windows\System\PUCfKAR.exe
2⤵
PID:10540

C:\Windows\System\pGowNYv.exe
C:\Windows\System\pGowNYv.exe
2⤵
PID:9168

C:\Windows\System\wrdJJIj.exe
C:\Windows\System\wrdJJIj.exe
2⤵
PID:10908

C:\Windows\System\IZUFaTq.exe
C:\Windows\System\IZUFaTq.exe
2⤵
PID:11204

C:\Windows\System\AOpvZbW.exe
C:\Windows\System\AOpvZbW.exe
2⤵
PID:8764

C:\Windows\System\asGLTPz.exe
C:\Windows\System\asGLTPz.exe
2⤵
PID:11280

C:\Windows\System\JHaxhOn.exe
C:\Windows\System\JHaxhOn.exe
2⤵
PID:11320

C:\Windows\System\wPvbAbP.exe
C:\Windows\System\wPvbAbP.exe
2⤵
PID:11356

C:\Windows\System\TbqrpQQ.exe
C:\Windows\System\TbqrpQQ.exe
2⤵
PID:11384

C:\Windows\System\yNSumIg.exe
C:\Windows\System\yNSumIg.exe
2⤵
PID:11400

C:\Windows\System\BJuJRtK.exe
C:\Windows\System\BJuJRtK.exe
2⤵
PID:11428

C:\Windows\System\yHCwzSU.exe
C:\Windows\System\yHCwzSU.exe
2⤵
PID:11444

C:\Windows\System\cmSsoIh.exe
C:\Windows\System\cmSsoIh.exe
2⤵
PID:11460

C:\Windows\System\MgavNMT.exe
C:\Windows\System\MgavNMT.exe
2⤵
PID:11484

C:\Windows\System\AWTBOWt.exe
C:\Windows\System\AWTBOWt.exe
2⤵
PID:11504

C:\Windows\System\yNulpDQ.exe
C:\Windows\System\yNulpDQ.exe
2⤵
PID:11520

C:\Windows\System\IOvfdGn.exe
C:\Windows\System\IOvfdGn.exe
2⤵
PID:11544

C:\Windows\System\pEJWxok.exe
C:\Windows\System\pEJWxok.exe
2⤵
PID:11564

C:\Windows\System\fEoaaKV.exe
C:\Windows\System\fEoaaKV.exe
2⤵
PID:11584

C:\Windows\System\eXHkBRb.exe
C:\Windows\System\eXHkBRb.exe
2⤵
PID:11604

C:\Windows\System\VbYgbjO.exe
C:\Windows\System\VbYgbjO.exe
2⤵
PID:11624

C:\Windows\System\TSdJjKT.exe
C:\Windows\System\TSdJjKT.exe
2⤵
PID:11648

C:\Windows\System\PADSZMg.exe
C:\Windows\System\PADSZMg.exe
2⤵
PID:11668

C:\Windows\System\MdnEoWr.exe
C:\Windows\System\MdnEoWr.exe
2⤵
PID:11688

C:\Windows\System\lAFDjFB.exe
C:\Windows\System\lAFDjFB.exe
2⤵
PID:11712

C:\Windows\System\OJUJLnl.exe
C:\Windows\System\OJUJLnl.exe
2⤵
PID:11732

C:\Windows\System\ZOlrASh.exe
C:\Windows\System\ZOlrASh.exe
2⤵
PID:11752

C:\Windows\System\YjZLfmK.exe
C:\Windows\System\YjZLfmK.exe
2⤵
PID:11772

C:\Windows\System\QSMneBn.exe
C:\Windows\System\QSMneBn.exe
2⤵
PID:11788

C:\Windows\System\yqgHNOV.exe
C:\Windows\System\yqgHNOV.exe
2⤵
PID:11808

C:\Windows\System\Dnlirqb.exe
C:\Windows\System\Dnlirqb.exe
2⤵
PID:11896

C:\Windows\System\NhGIyHa.exe
C:\Windows\System\NhGIyHa.exe
2⤵
PID:11912

C:\Windows\System\yhHLBUk.exe
C:\Windows\System\yhHLBUk.exe
2⤵
PID:11928

C:\Windows\System\kdvrnEM.exe
C:\Windows\System\kdvrnEM.exe
2⤵
PID:11944

C:\Windows\System\NJumvrG.exe
C:\Windows\System\NJumvrG.exe
2⤵
PID:11960

C:\Windows\System\ofyucCo.exe
C:\Windows\System\ofyucCo.exe
2⤵
PID:11988

C:\Windows\System\ESreDdn.exe
C:\Windows\System\ESreDdn.exe
2⤵
PID:12008

C:\Windows\System\QaLTlJh.exe
C:\Windows\System\QaLTlJh.exe
2⤵
PID:12024

C:\Windows\System\shdgPgA.exe
C:\Windows\System\shdgPgA.exe
2⤵
PID:12048

C:\Windows\System\HSmTsUX.exe
C:\Windows\System\HSmTsUX.exe
2⤵
PID:12064

C:\Windows\System\QnlndnN.exe
C:\Windows\System\QnlndnN.exe
2⤵
PID:12088

C:\Windows\System\yUIjUXu.exe
C:\Windows\System\yUIjUXu.exe
2⤵
PID:12112

C:\Windows\System\tRXvxbh.exe
C:\Windows\System\tRXvxbh.exe
2⤵
PID:12132

C:\Windows\System\KZaIpiQ.exe
C:\Windows\System\KZaIpiQ.exe
2⤵
PID:12152

C:\Windows\System\grFbrXp.exe
C:\Windows\System\grFbrXp.exe
2⤵
PID:12176

C:\Windows\System\meusOjY.exe
C:\Windows\System\meusOjY.exe
2⤵
PID:12196

C:\Windows\System\eRqztBo.exe
C:\Windows\System\eRqztBo.exe
2⤵
PID:12220

C:\Windows\System\NmWbBqp.exe
C:\Windows\System\NmWbBqp.exe
2⤵
PID:12240

C:\Windows\System\BTzzMPV.exe
C:\Windows\System\BTzzMPV.exe
2⤵
PID:12260

C:\Windows\System\ShiIdso.exe
C:\Windows\System\ShiIdso.exe
2⤵
PID:12280

C:\Windows\System\ATKVrIu.exe
C:\Windows\System\ATKVrIu.exe
2⤵
PID:5772

C:\Windows\System\trtUJRD.exe
C:\Windows\System\trtUJRD.exe
2⤵
PID:9888

C:\Windows\System\HOAMGum.exe
C:\Windows\System\HOAMGum.exe
2⤵
PID:9912

C:\Windows\System\pILEpKf.exe
C:\Windows\System\pILEpKf.exe
2⤵
PID:9992

C:\Windows\System\yLtNmzd.exe
C:\Windows\System\yLtNmzd.exe
2⤵
PID:10084

C:\Windows\System\VVHXWCG.exe
C:\Windows\System\VVHXWCG.exe
2⤵
PID:10132

C:\Windows\System\FOUmOlP.exe
C:\Windows\System\FOUmOlP.exe
2⤵
PID:10220

C:\Windows\System\xvEwvvf.exe
C:\Windows\System\xvEwvvf.exe
2⤵
PID:6052

C:\Windows\System\llLFoBD.exe
C:\Windows\System\llLFoBD.exe
2⤵
PID:7276

C:\Windows\System\DRZsaQQ.exe
C:\Windows\System\DRZsaQQ.exe
2⤵
PID:10168

C:\Windows\System\Zzfkayx.exe
C:\Windows\System\Zzfkayx.exe
2⤵
PID:10064

C:\Windows\System\eAwlEov.exe
C:\Windows\System\eAwlEov.exe
2⤵
PID:9972

C:\Windows\System\nkKlfld.exe
C:\Windows\System\nkKlfld.exe
2⤵
PID:9684

C:\Windows\System\LSKEqkT.exe
C:\Windows\System\LSKEqkT.exe
2⤵
PID:9600

C:\Windows\System\QMECVte.exe
C:\Windows\System\QMECVte.exe
2⤵
PID:9364

C:\Windows\System\EYPWGAf.exe
C:\Windows\System\EYPWGAf.exe
2⤵
PID:9244

C:\Windows\System\rqKEBWG.exe
C:\Windows\System\rqKEBWG.exe
2⤵
PID:7292

C:\Windows\System\BqAVaKR.exe
C:\Windows\System\BqAVaKR.exe
2⤵
PID:9180

C:\Windows\System\LhHCaAU.exe
C:\Windows\System\LhHCaAU.exe
2⤵
PID:9060

C:\Windows\System\borkvHo.exe
C:\Windows\System\borkvHo.exe
2⤵
PID:8892

C:\Windows\System\fLTBCDh.exe
C:\Windows\System\fLTBCDh.exe
2⤵
PID:8808

C:\Windows\System\mKTgevE.exe
C:\Windows\System\mKTgevE.exe
2⤵
PID:7512

C:\Windows\System\zrPoOXb.exe
C:\Windows\System\zrPoOXb.exe
2⤵
PID:10568

C:\Windows\System\leClDxn.exe
C:\Windows\System\leClDxn.exe
2⤵
PID:12304

C:\Windows\System\CgouWVz.exe
C:\Windows\System\CgouWVz.exe
2⤵
PID:12324

C:\Windows\System\qmModWG.exe
C:\Windows\System\qmModWG.exe
2⤵
PID:12344

C:\Windows\System\eDwmjOv.exe
C:\Windows\System\eDwmjOv.exe
2⤵
PID:12364

C:\Windows\System\KlnTIUl.exe
C:\Windows\System\KlnTIUl.exe
2⤵
PID:12380

C:\Windows\System\ipdljia.exe
C:\Windows\System\ipdljia.exe
2⤵
PID:12400

C:\Windows\System\SbglMIh.exe
C:\Windows\System\SbglMIh.exe
2⤵
PID:12428

C:\Windows\System\zXNgrkN.exe
C:\Windows\System\zXNgrkN.exe
2⤵
PID:12444

C:\Windows\System\TGpFwFc.exe
C:\Windows\System\TGpFwFc.exe
2⤵
PID:12464

C:\Windows\System\wbAmKgS.exe
C:\Windows\System\wbAmKgS.exe
2⤵
PID:12480

C:\Windows\System\LyJMzEf.exe
C:\Windows\System\LyJMzEf.exe
2⤵
PID:12504

C:\Windows\System\eJujYQj.exe
C:\Windows\System\eJujYQj.exe
2⤵
PID:12524

C:\Windows\System\SIrrkMD.exe
C:\Windows\System\SIrrkMD.exe
2⤵
PID:12540

C:\Windows\System\CFjUSko.exe
C:\Windows\System\CFjUSko.exe
2⤵
PID:12560

C:\Windows\System\xoIJzKD.exe
C:\Windows\System\xoIJzKD.exe
2⤵
PID:12580

C:\Windows\System\GLwBvbB.exe
C:\Windows\System\GLwBvbB.exe
2⤵
PID:12604

C:\Windows\System\dfyOuWp.exe
C:\Windows\System\dfyOuWp.exe
2⤵
PID:12620

C:\Windows\System\cOPmBLF.exe
C:\Windows\System\cOPmBLF.exe
2⤵
PID:12636

C:\Windows\System\bTlTzTF.exe
C:\Windows\System\bTlTzTF.exe
2⤵
PID:12652

C:\Windows\System\zpYrcNb.exe
C:\Windows\System\zpYrcNb.exe
2⤵
PID:12668

C:\Windows\System\bxevGNy.exe
C:\Windows\System\bxevGNy.exe
2⤵
PID:12684

C:\Windows\System\agnhwVj.exe
C:\Windows\System\agnhwVj.exe
2⤵
PID:12704

C:\Windows\System\WKUcdLh.exe
C:\Windows\System\WKUcdLh.exe
2⤵
PID:12724

C:\Windows\System\xUejeAW.exe
C:\Windows\System\xUejeAW.exe
2⤵
PID:12748

C:\Windows\System\CVylxXZ.exe
C:\Windows\System\CVylxXZ.exe
2⤵
PID:12764

C:\Windows\System\VLMuJcf.exe
C:\Windows\System\VLMuJcf.exe
2⤵
PID:12780

C:\Windows\System\DAptnKP.exe
C:\Windows\System\DAptnKP.exe
2⤵
PID:12800

C:\Windows\System\NUDPiAk.exe
C:\Windows\System\NUDPiAk.exe
2⤵
PID:12816

C:\Windows\System\LmDSsSd.exe
C:\Windows\System\LmDSsSd.exe
2⤵
PID:12832

C:\Windows\System\FGiDQkb.exe
C:\Windows\System\FGiDQkb.exe
2⤵
PID:12848

C:\Windows\System\JChHGGp.exe
C:\Windows\System\JChHGGp.exe
2⤵
PID:12864

C:\Windows\System\gXMCOro.exe
C:\Windows\System\gXMCOro.exe
2⤵
PID:12884

C:\Windows\System\rxGnDZA.exe
C:\Windows\System\rxGnDZA.exe
2⤵
PID:12900

C:\Windows\System\UgsCqQS.exe
C:\Windows\System\UgsCqQS.exe
2⤵
PID:12916

C:\Windows\System\TtFVVRR.exe
C:\Windows\System\TtFVVRR.exe
2⤵
PID:12936

C:\Windows\System\hdCFzrA.exe
C:\Windows\System\hdCFzrA.exe
2⤵
PID:12952

C:\Windows\System\hqIhPGM.exe
C:\Windows\System\hqIhPGM.exe
2⤵
PID:12968

C:\Windows\System\erCVMpA.exe
C:\Windows\System\erCVMpA.exe
2⤵
PID:12984

C:\Windows\System\TQilDrM.exe
C:\Windows\System\TQilDrM.exe
2⤵
PID:13008

C:\Windows\System\ZGGspEK.exe
C:\Windows\System\ZGGspEK.exe
2⤵
PID:13032

C:\Windows\System\nEFQkWd.exe
C:\Windows\System\nEFQkWd.exe
2⤵
PID:13052

C:\Windows\System\GFbqBCJ.exe
C:\Windows\System\GFbqBCJ.exe
2⤵
PID:13076

C:\Windows\System\RPGwbVv.exe
C:\Windows\System\RPGwbVv.exe
2⤵
PID:13092

C:\Windows\System\QeFbCry.exe
C:\Windows\System\QeFbCry.exe
2⤵
PID:13144

C:\Windows\System\KubuUBv.exe
C:\Windows\System\KubuUBv.exe
2⤵
PID:9424

C:\Windows\System\fvGfgLb.exe
C:\Windows\System\fvGfgLb.exe
2⤵
PID:6724

C:\Windows\System\yGMaiHJ.exe
C:\Windows\System\yGMaiHJ.exe
2⤵
PID:6804

C:\Windows\System\ZKZRTim.exe
C:\Windows\System\ZKZRTim.exe
2⤵
PID:8288

C:\Windows\System\vQYKoTb.exe
C:\Windows\System\vQYKoTb.exe
2⤵
PID:8800

C:\Windows\System\doElkkZ.exe
C:\Windows\System\doElkkZ.exe
2⤵
PID:13304

C:\Windows\System\ZNBFqlc.exe
C:\Windows\System\ZNBFqlc.exe
2⤵
PID:10488

C:\Windows\System\zHewqET.exe
C:\Windows\System\zHewqET.exe
2⤵
PID:10748

C:\Windows\System\UMPnlFi.exe
C:\Windows\System\UMPnlFi.exe
2⤵
PID:11072

C:\Windows\System\pyQexQD.exe
C:\Windows\System\pyQexQD.exe
2⤵
PID:9680

C:\Windows\System\oudYjvg.exe
C:\Windows\System\oudYjvg.exe
2⤵
PID:11316

C:\Windows\System\DKspalD.exe
C:\Windows\System\DKspalD.exe
2⤵
PID:11436

C:\Windows\System\ZGodmEy.exe
C:\Windows\System\ZGodmEy.exe
2⤵
PID:11480

C:\Windows\System\asZxabW.exe
C:\Windows\System\asZxabW.exe
2⤵
PID:11532

C:\Windows\System\CTgwXRo.exe
C:\Windows\System\CTgwXRo.exe
2⤵
PID:11632

C:\Windows\System\mhlkiIY.exe
C:\Windows\System\mhlkiIY.exe
2⤵
PID:11660

C:\Windows\System\ofZBivi.exe
C:\Windows\System\ofZBivi.exe
2⤵
PID:11700

C:\Windows\System\VMhLeYx.exe
C:\Windows\System\VMhLeYx.exe
2⤵
PID:11744

C:\Windows\System\nWAmsgo.exe
C:\Windows\System\nWAmsgo.exe
2⤵
PID:11780

C:\Windows\System\skHJZUP.exe
C:\Windows\System\skHJZUP.exe
2⤵
PID:11832

C:\Windows\System\kUfEqGD.exe
C:\Windows\System\kUfEqGD.exe
2⤵
PID:11868

C:\Windows\System\SWejLjF.exe
C:\Windows\System\SWejLjF.exe
2⤵
PID:11920

C:\Windows\System\JXIOrRp.exe
C:\Windows\System\JXIOrRp.exe
2⤵
PID:11980

C:\Windows\System\MwmcffS.exe
C:\Windows\System\MwmcffS.exe
2⤵
PID:12044

C:\Windows\System\VDmvytl.exe
C:\Windows\System\VDmvytl.exe
2⤵
PID:12080

C:\Windows\System\IYRHUpM.exe
C:\Windows\System\IYRHUpM.exe
2⤵
PID:12140

C:\Windows\System\xYvYMHS.exe
C:\Windows\System\xYvYMHS.exe
2⤵
PID:12204

C:\Windows\System\LtmezFg.exe
C:\Windows\System\LtmezFg.exe
2⤵
PID:12232

C:\Windows\System\HuIwxAO.exe
C:\Windows\System\HuIwxAO.exe
2⤵
PID:12268

C:\Windows\System\wMxpovz.exe
C:\Windows\System\wMxpovz.exe
2⤵
PID:5744

C:\Windows\System\jnMDMWG.exe
C:\Windows\System\jnMDMWG.exe
2⤵
PID:9960

C:\Windows\System\zqUHYKV.exe
C:\Windows\System\zqUHYKV.exe
2⤵
PID:10024

C:\Windows\System\bvRfIod.exe
C:\Windows\System\bvRfIod.exe
2⤵
PID:9924

C:\Windows\System\YAFMJwU.exe
C:\Windows\System\YAFMJwU.exe
2⤵
PID:9448

C:\Windows\System\lOtSBhN.exe
C:\Windows\System\lOtSBhN.exe
2⤵
PID:7848

C:\Windows\System\lMEmHTi.exe
C:\Windows\System\lMEmHTi.exe
2⤵
PID:9140

C:\Windows\System\iZeRldo.exe
C:\Windows\System\iZeRldo.exe
2⤵
PID:9848

C:\Windows\System\tnXMqvc.exe
C:\Windows\System\tnXMqvc.exe
2⤵
PID:12312

C:\Windows\System\ehDnilv.exe
C:\Windows\System\ehDnilv.exe
2⤵
PID:12340

C:\Windows\System\TTClXtY.exe
C:\Windows\System\TTClXtY.exe
2⤵
PID:12372

C:\Windows\System\jUGjuzI.exe
C:\Windows\System\jUGjuzI.exe
2⤵
PID:12416

C:\Windows\System\oKiZvhU.exe
C:\Windows\System\oKiZvhU.exe
2⤵
PID:12452

C:\Windows\System\yxAjGgO.exe
C:\Windows\System\yxAjGgO.exe
2⤵
PID:12492

C:\Windows\System\iDYzZnB.exe
C:\Windows\System\iDYzZnB.exe
2⤵
PID:12588

C:\Windows\System\WTDgusH.exe
C:\Windows\System\WTDgusH.exe
2⤵
PID:12616

C:\Windows\System\BHpmwcV.exe
C:\Windows\System\BHpmwcV.exe
2⤵
PID:12648

C:\Windows\System\FOifjzy.exe
C:\Windows\System\FOifjzy.exe
2⤵
PID:12772

C:\Windows\System\JSYJfUN.exe
C:\Windows\System\JSYJfUN.exe
2⤵
PID:11132

C:\Windows\System\WviBJyM.exe
C:\Windows\System\WviBJyM.exe
2⤵
PID:11740

C:\Windows\System\wtVDEob.exe
C:\Windows\System\wtVDEob.exe
2⤵
PID:11848

C:\Windows\System\uHJoEcM.exe
C:\Windows\System\uHJoEcM.exe
2⤵
PID:7524

C:\Windows\System\PakCOOI.exe
C:\Windows\System\PakCOOI.exe
2⤵
PID:10356

C:\Windows\System\YpnJusU.exe
C:\Windows\System\YpnJusU.exe
2⤵
PID:12392

C:\Windows\System\ygqdwxa.exe
C:\Windows\System\ygqdwxa.exe
2⤵
PID:12576

C:\Windows\System\yQuCJZS.exe
C:\Windows\System\yQuCJZS.exe
2⤵
PID:13164

C:\Windows\System\iTNyhDv.exe
C:\Windows\System\iTNyhDv.exe
2⤵
PID:7508

C:\Windows\System\XaFORcx.exe
C:\Windows\System\XaFORcx.exe
2⤵
PID:11696

C:\Windows\System\mxQOmUC.exe
C:\Windows\System\mxQOmUC.exe
2⤵
PID:13000

C:\Windows\System\PVdOHTg.exe
C:\Windows\System\PVdOHTg.exe
2⤵
PID:8364

C:\Windows\System\uNogMlJ.exe
C:\Windows\System\uNogMlJ.exe
2⤵
PID:4304

C:\Windows\System\sQhQdPz.exe
C:\Windows\System\sQhQdPz.exe
2⤵
PID:12120

C:\Windows\System\Osmmxgq.exe
C:\Windows\System\Osmmxgq.exe
2⤵
PID:10068

C:\Windows\System\eGjBMST.exe
C:\Windows\System\eGjBMST.exe
2⤵
PID:11140

C:\Windows\System\eXAzqPf.exe
C:\Windows\System\eXAzqPf.exe
2⤵
PID:1228

C:\Windows\System\gKETMEs.exe
C:\Windows\System\gKETMEs.exe
2⤵
PID:11768

C:\Windows\System\dxJxzhw.exe
C:\Windows\System\dxJxzhw.exe
2⤵
PID:6652

C:\Windows\System\RLHiKdq.exe
C:\Windows\System\RLHiKdq.exe
2⤵
PID:1752

C:\Windows\System\CHTFuZk.exe
C:\Windows\System\CHTFuZk.exe
2⤵
PID:7416

C:\Windows\System\VdScoba.exe
C:\Windows\System\VdScoba.exe
2⤵
PID:7920

C:\Windows\System\MgAYfga.exe
C:\Windows\System\MgAYfga.exe
2⤵
PID:9668

C:\Windows\System\zNFxRap.exe
C:\Windows\System\zNFxRap.exe
2⤵
PID:11680

C:\Windows\System\wREIzmB.exe
C:\Windows\System\wREIzmB.exe
2⤵
PID:13204

C:\Windows\System\qEdVUhm.exe
C:\Windows\System\qEdVUhm.exe
2⤵
PID:388

C:\Windows\System\RIocaJC.exe
C:\Windows\System\RIocaJC.exe
2⤵
PID:10292

C:\Windows\System\CUbkNus.exe
C:\Windows\System\CUbkNus.exe
2⤵
PID:11580

C:\Windows\System\aWVrkBe.exe
C:\Windows\System\aWVrkBe.exe
2⤵
PID:7900

C:\Windows\System\PxIGpkz.exe
C:\Windows\System\PxIGpkz.exe
2⤵
PID:3472

C:\Windows\System\MdyypEQ.exe
C:\Windows\System\MdyypEQ.exe
2⤵
PID:9552

C:\Windows\System\Lmxvjuw.exe
C:\Windows\System\Lmxvjuw.exe
2⤵
PID:3860

C:\Windows\System\rtdAZby.exe
C:\Windows\System\rtdAZby.exe
2⤵
PID:13184

C:\Windows\System\mGLRqIc.exe
C:\Windows\System\mGLRqIc.exe
2⤵
PID:10976

C:\Windows\System\nqZaSYB.exe
C:\Windows\System\nqZaSYB.exe
2⤵
PID:10864

C:\Windows\System\dNzxCpR.exe
C:\Windows\System\dNzxCpR.exe
2⤵
PID:4116

C:\Windows\System\genQMHH.exe
C:\Windows\System\genQMHH.exe
2⤵
PID:12880

C:\Windows\System\aNXRfRN.exe
C:\Windows\System\aNXRfRN.exe
2⤵
PID:13316

C:\Windows\System\lJNZbMH.exe
C:\Windows\System\lJNZbMH.exe
2⤵
PID:13460

C:\Windows\System\WPrdXyx.exe
C:\Windows\System\WPrdXyx.exe
2⤵
PID:13580

C:\Windows\System\BLuWyvw.exe
C:\Windows\System\BLuWyvw.exe
2⤵
PID:13804

C:\Windows\System\WkFLtBJ.exe
C:\Windows\System\WkFLtBJ.exe
2⤵
PID:13860

C:\Windows\System\eFdkyMU.exe
C:\Windows\System\eFdkyMU.exe
2⤵
PID:13896

C:\Windows\System\KwsIaSd.exe
C:\Windows\System\KwsIaSd.exe
2⤵
PID:13936

C:\Windows\System\qJtSTkS.exe
C:\Windows\System\qJtSTkS.exe
2⤵
PID:14068

C:\Windows\System\EXQEwXn.exe
C:\Windows\System\EXQEwXn.exe
2⤵
PID:14096

C:\Windows\System\ftWRxPK.exe
C:\Windows\System\ftWRxPK.exe
2⤵
PID:14116

C:\Windows\System\SzDKAxx.exe
C:\Windows\System\SzDKAxx.exe
2⤵
PID:14172

C:\Windows\System\JYJJMJJ.exe
C:\Windows\System\JYJJMJJ.exe
2⤵
PID:14220

C:\Windows\System\tWkzBuT.exe
C:\Windows\System\tWkzBuT.exe
2⤵
PID:14284

C:\Windows\System\qcTkMOZ.exe
C:\Windows\System\qcTkMOZ.exe
2⤵
PID:9896

C:\Windows\System\nKdUWpY.exe
C:\Windows\System\nKdUWpY.exe
2⤵
PID:12948

C:\Windows\System\bDTbkXe.exe
C:\Windows\System\bDTbkXe.exe
2⤵
PID:12004

C:\Windows\System\sJEXGOf.exe
C:\Windows\System\sJEXGOf.exe
2⤵
PID:13180

C:\Windows\System\qUublgy.exe
C:\Windows\System\qUublgy.exe
2⤵
PID:13220

C:\Windows\System\SgXNJqF.exe
C:\Windows\System\SgXNJqF.exe
2⤵
PID:13028

C:\Windows\System\NfPElWd.exe
C:\Windows\System\NfPElWd.exe
2⤵
PID:10764

C:\Windows\System\wkYtqXW.exe
C:\Windows\System\wkYtqXW.exe
2⤵
PID:9128

C:\Windows\System\oxzgZnn.exe
C:\Windows\System\oxzgZnn.exe
2⤵
PID:12472

C:\Windows\System\AiYpyUM.exe
C:\Windows\System\AiYpyUM.exe
2⤵
PID:13100

C:\Windows\System\ZHLOXcW.exe
C:\Windows\System\ZHLOXcW.exe
2⤵
PID:13120

C:\Windows\System\MsqVALM.exe
C:\Windows\System\MsqVALM.exe
2⤵
PID:4944

C:\Windows\System\jhfbVwv.exe
C:\Windows\System\jhfbVwv.exe
2⤵
PID:12876

C:\Windows\System\kfuSmEB.exe
C:\Windows\System\kfuSmEB.exe
2⤵
PID:10192

C:\Windows\System\NXdeUaS.exe
C:\Windows\System\NXdeUaS.exe
2⤵
PID:11816

C:\Windows\System\AaeMEZa.exe
C:\Windows\System\AaeMEZa.exe
2⤵
PID:13604

C:\Windows\System\CIUaZjJ.exe
C:\Windows\System\CIUaZjJ.exe
2⤵
PID:12944

C:\Windows\System\BAamPZD.exe
C:\Windows\System\BAamPZD.exe
2⤵
PID:13484

C:\Windows\System\XVNlXoB.exe
C:\Windows\System\XVNlXoB.exe
2⤵
PID:13640

C:\Windows\System\qWUqCou.exe
C:\Windows\System\qWUqCou.exe
2⤵
PID:13660

C:\Windows\System\nbzJVuM.exe
C:\Windows\System\nbzJVuM.exe
2⤵
PID:11216

C:\Windows\System\GpBpjBi.exe
C:\Windows\System\GpBpjBi.exe
2⤵
PID:13324

C:\Windows\System\BgetGrd.exe
C:\Windows\System\BgetGrd.exe
2⤵
PID:13624

C:\Windows\System\LRECKgl.exe
C:\Windows\System\LRECKgl.exe
2⤵
PID:13532

C:\Windows\System\AKRfTDZ.exe
C:\Windows\System\AKRfTDZ.exe
2⤵
PID:13708

C:\Windows\System\haCCkHL.exe
C:\Windows\System\haCCkHL.exe
2⤵
PID:13704

C:\Windows\System\jimscQr.exe
C:\Windows\System\jimscQr.exe
2⤵
PID:1692

C:\Windows\System\hLfjXAg.exe
C:\Windows\System\hLfjXAg.exe
2⤵
PID:13920

C:\Windows\System\STfygkj.exe
C:\Windows\System\STfygkj.exe
2⤵
PID:13668

C:\Windows\System\BtCdcbR.exe
C:\Windows\System\BtCdcbR.exe
2⤵
PID:14124

C:\Windows\System\lHdtGDy.exe
C:\Windows\System\lHdtGDy.exe
2⤵
PID:2900

C:\Windows\System\UgaKIOZ.exe
C:\Windows\System\UgaKIOZ.exe
2⤵
PID:13452

C:\Windows\System\GMywhBf.exe
C:\Windows\System\GMywhBf.exe
2⤵
PID:13728

C:\Windows\System\VDWULzE.exe
C:\Windows\System\VDWULzE.exe
2⤵
PID:8412

C:\Windows\System\LwAuLWt.exe
C:\Windows\System\LwAuLWt.exe
2⤵
PID:13696

C:\Windows\System\NRXMRdM.exe
C:\Windows\System\NRXMRdM.exe
2⤵
PID:10804

C:\Windows\System\FjTrbUS.exe
C:\Windows\System\FjTrbUS.exe
2⤵
PID:13736

C:\Windows\System\haqvEKs.exe
C:\Windows\System\haqvEKs.exe
2⤵
PID:2452

C:\Windows\System\BsCrfWH.exe
C:\Windows\System\BsCrfWH.exe
2⤵
PID:13812

C:\Windows\System\ZswQbNb.exe
C:\Windows\System\ZswQbNb.exe
2⤵
PID:14008

C:\Windows\System\wpyjnnO.exe
C:\Windows\System\wpyjnnO.exe
2⤵
PID:13820

C:\Windows\System\ICHOktm.exe
C:\Windows\System\ICHOktm.exe
2⤵
PID:12360

C:\Windows\System\jMNnYaJ.exe
C:\Windows\System\jMNnYaJ.exe
2⤵
PID:13768

C:\Windows\System\oAHwWaP.exe
C:\Windows\System\oAHwWaP.exe
2⤵
PID:2368

C:\Windows\System\MuCaeVG.exe
C:\Windows\System\MuCaeVG.exe
2⤵
PID:2064

C:\Windows\System\UOvTlhN.exe
C:\Windows\System\UOvTlhN.exe
2⤵
PID:2576

C:\Windows\System\BAUGGmk.exe
C:\Windows\System\BAUGGmk.exe
2⤵
PID:14108

C:\Windows\System\JZLzWMc.exe
C:\Windows\System\JZLzWMc.exe
2⤵
PID:644

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 776 -p 11688 -ip 11688
1⤵
PID:9552

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 824 -p 11660 -ip 11660
1⤵
PID:3860

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 896 -p 12312 -ip 12312
1⤵
PID:13184

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vm1kpxpp.zid.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BYiUQBl.exe
Filesize
1.3MB

MD5
32bf2a2b9915666de4bbb1257cac0b2b

SHA1
9380de53f8f5b817390b379f5735302656e0d920

SHA256
0a4389f970d1d1467800b513301bb448b046fed87a311669a1bfb89ef5fe5c7c

SHA512
48687af596b0a463c23754163d336e76e63ce34f7a493524c9d5c1f78ead7ac36bf20604152364cbfbb82b1c2cc0177bfb1d97a09c0aeafa2cd5bb7036c59972

Download Submit
C:\Windows\System\CVKwpWY.exe
Filesize
1.3MB

MD5
5c60de4d53f342c351f6b364385b65fa

SHA1
dd5f3125fd3fc6e20dd5ec8e227a7d2341859544

SHA256
560ada467f52e2abcb967bf0176e462db38752b5921dfc24b9fc9c10bac9d9a7

SHA512
620320a9553897e68ff8e211afd32fd3bb5c4561038b46a825d0d522b8f48730a0dbd73ff4971263f89a9d8787a892a1b65aa574840293ff004e97a41b7b8c9c

Download Submit
C:\Windows\System\CkYZvSc.exe
Filesize
1.3MB

MD5
fca3d9ecfb61e9dc322955a151125a5a

SHA1
07dbb9d02d3e96f0ba854cb05069d23a30fc2315

SHA256
fd3ac308a9d795c78f2036034ab58f6ae6aaed886aabee13be4a1d0b8c708986

SHA512
58766ba64bb27ff3a0b49c400701c374c2736b4907dd5631120290e634fb0ea8076c5b0d3ac44ef4779f48d4c7b692ac2dc43b72a0abddd250d20d832868e7d8

Download Submit
C:\Windows\System\DLJVWRq.exe
Filesize
1.3MB

MD5
95fb81096248516ae774b8d9d0b94f56

SHA1
9fb305ea70179132e9e7fc3990488f75bf696afb

SHA256
f25858b7cfa02806ecc7046f7a79b566b5fbe0ca604c8c9b8b0e8039dcb415f0

SHA512
0a25a280d2a2ba8175015accccd86f4cee86750acd48ac5618809b6dd096b44f000b65a7a3bfe75db4a641a7275c3468f17d149bc5a0063387a06bb41d881696

Download Submit
C:\Windows\System\DcvWetw.exe
Filesize
1.3MB

MD5
128a6385667d51437cf7550741fc6604

SHA1
ea52be4be268ff01cf0bc011680a16f25603b76f

SHA256
36eeff640abd5fd5e5cdb4a1124a9943b2e78a442915b21c7f4506fe3e0cfcbf

SHA512
214fbc498fdbc053d49675f865b9d92fc599cf708e93edf8aef891f9395115bba345e290476cdbbe0ba24eef11e8227cb6f1dbf2513d6e04d75cc2fabe8e82b3

Download Submit
C:\Windows\System\DoTXCHW.exe
Filesize
1.3MB

MD5
7cefb67bca7b819c5b8bc78dd655e605

SHA1
3929539af349d762b63f1936a3ed98d3d2b7e49b

SHA256
bcb913c1dcb6377ab642cd40fed12850cef2a90eb57d512a87c97ddeb9461b29

SHA512
bd3202104655db568c227cbcc3bce24b83dd2100de1f79d06ed9fbf2a0de83e359e7eaafef8ed8b6f7a9ce31e3503b33a4f6173821e7a66c276e28417bc8340b

Download Submit
C:\Windows\System\EeRiGlk.exe
Filesize
1.3MB

MD5
b7af58cfc2184ca0076c0ec711887656

SHA1
2b5e745418a86362d4103b7daa504031f0f6dd1a

SHA256
8313c1c452bc27cdd187f3327bcdaf216e9404c165c76647b8b6fdafea81f53e

SHA512
fcf36efb38627401a99b5c0aaa22f7d5773f889fc7f7d4fbe60741c9600a6af5ec34048653736a260adef91df21c8f7299e124507634bd32b03193b97f2794fc

Download Submit
C:\Windows\System\GboLywI.exe
Filesize
1.3MB

MD5
7b9aec6f84ab4adf6831007fd4389197

SHA1
f4d908569eff90f11c014034f2b47c6a5997f04e

SHA256
8b18b6047773f9ea81d89b3283dd94c379fa66c80445b8926f30a480951b86d4

SHA512
39ad0400f0d310a23f5015cec3c97d797493c0fa44c9bf67e222e826737b8dd4971fe63116ec08942dde76ad198bcc73ff99de6823c5d096a1da3f10001acd46

Download Submit
C:\Windows\System\IVLblMF.exe
Filesize
1.3MB

MD5
a6c94cac036a2c1e4b151405eb2518df

SHA1
264c71c83e4176f34e2d3e0f83970b1ba6e9e848

SHA256
09e6899d916fbbde1d846d281347e3bbb9e403c45026bcc662944b5000f2495a

SHA512
f60b663dbfba0c59b9555b8afa6fd5dd4df75ec1ce302a5e63953e05acd6875291903c9b6fd90f517653c059f3ff5726fc9b44c825bf25fa94726f38b06125d9

Download Submit
C:\Windows\System\JowrtQv.exe
Filesize
1.3MB

MD5
b48f78aedca7ac9e85fa38c6ed3282f0

SHA1
b8d5be1db3bb3832565c8db639f3350bdd0205c6

SHA256
01c1dd44f0b457b5461ad2c4b6c4dc899e7ff725cfc25e2abee2f8fb0725fae7

SHA512
35251a74499806404bfed81a59622c8392db7dc62f5885991c3c4bc77134b65b7297fe5aa0fe77f388d0a3dc9a6c369d820a45b63dd63961934f0be3f8c0d160

Download Submit
C:\Windows\System\KlmDZKV.exe
Filesize
1.3MB

MD5
1ca1ee80122eec36b6481449e3b426b7

SHA1
fb9aef96199f1df57ea065b3e00e792728e0e262

SHA256
a94265b7881394fa8c5e0aad6a666d048a39be52441dc606975807e0d55a8356

SHA512
1ff757d7c87e9d6a28e95e265a3bbecace02d057165aa200304c6330e1a58c0aefdbe4142a13b591fd935ab5a932241e89547215f9cc9d7fa2659a9bce13d9be

Download Submit
C:\Windows\System\NjPDvjQ.exe
Filesize
1.3MB

MD5
26afb3b4d3189c41b24229ced2791445

SHA1
e874557b034fb2e50e68e05afa65bb5214490e29

SHA256
7637712fbae11df251476f4f94ee4e9dd334fe82337f0c94e87ca3b3ea7a97bd

SHA512
79f82c56ec126ee77a94e36b640fc6cc59bb8e17847dbf7661c188252067fe4e8fc3ff1a0fdc5a6e4e598cff3b17ac65c10a48e699c2f5b07ebd70bd47314876

Download Submit
C:\Windows\System\OIoVLZt.exe
Filesize
1.3MB

MD5
2f182dcce03ac4e140475bded6ccb6b9

SHA1
49da1f7c67093b02c54fa6a4ef1c8926d4fa6794

SHA256
a7fb0898d96afc3da457f6113e98d9d542511371199151d95acff734785f79eb

SHA512
d85a8299e3f0561417fcb699db2d89b4cb7a5015180e5d66b3444f16fcabe8972c20dd70494ac5c79cd324e575195189af282d83b6e1bc0e0c16f1d4c695ad17

Download Submit
C:\Windows\System\PxETDAc.exe
Filesize
1.3MB

MD5
4918e1c39c0ccf200fad0325ee899a73

SHA1
c923fcd2a139b9d8197fc23d74430120844cabaa

SHA256
91d3acb4209556e031a7f1ae3fcd5c19bc57484a3dcde99d4017a752d256ea09

SHA512
185bde384c40ea3a4ae508eeced40323945fba121224f3645cc7e98eb56fdb963416d1704d77a6cb947e7e89263b90dbe95c0da83ea0f1c42516a619a4c0b6db

Download Submit
C:\Windows\System\QJjMZmc.exe
Filesize
8B

MD5
4c329dabe7e828c395eeb2e5a50fbbe7

SHA1
85b8304d0e8671eb6d0af76a2a446025d429a002

SHA256
0273bd4ea1012877e7b400db030d2a52116d78216fe44051f4de39b23dbcdc12

SHA512
26e2bc581b42ae7552c40da8f1a83178cbc8cac3272949c13faf1128fe4e2a26f3d612187dd300f3ea69f4977387012c2783f1d9f5bd76d58d0187fb3ac96e0a

Download Submit
C:\Windows\System\QdYHDob.exe
Filesize
1.3MB

MD5
c10f10d30544ab78a6e6b5ca541e542b

SHA1
47072d58e48196a02164b01c72e348e4166c6f5a

SHA256
511a50e24b410b8a7e7da75f363efc173758704565165b04e61dfa79026b273c

SHA512
15462828b6c4b636031515dbab7adf8659dd670e9ef7a031f6217a373bea1066decf3668279e9aa1bcc50f57b496842c4ec99131905b66b480816c3111d0867e

Download Submit
C:\Windows\System\TMcNSbS.exe
Filesize
1.3MB

MD5
453924a70778205d8aeca351786f00af

SHA1
810057a2b6bae536edb3b4cdc1cdbaa6bc34e5a1

SHA256
913933a4efbdb5426ae29c820acca2a76526b6fd3af53c3239c0fa9d0284952d

SHA512
0130c551bb94fa3fcb5375f5ad86e381a61836e205cf928af22b91d3c02488f86c9a6e874b5fdd08d6eb45a646125dad767a88dbf08e626dc73f227596f2b5d3

Download Submit
C:\Windows\System\VeBTXWJ.exe
Filesize
1.3MB

MD5
24bae6b57ae5d630ace035d70e67872a

SHA1
07de99676c2e831a7a9d2e986973c6f7aee9a138

SHA256
4c17f5ecf35e5637d8e070fa8e19487d36f9ba0a8fe40ecda572ff23ada2cde3

SHA512
684d4689d7d8d700785058ad08a92511eef08b51d72d3e19ddac31debbaea9574ac1b23926e9393ae2027879e631bed5e8beb08589da586bea930e309aac1232

Download Submit
C:\Windows\System\YGtMBqq.exe
Filesize
1.3MB

MD5
ca611598c167ea7756f8dfb3c95ed3c2

SHA1
37bc66df3828de8a961f65b20f2f382b8ad3b7a6

SHA256
a55eb642035f1524a29f35a996e6fc1621b1169d06a96fceeae77127297cfbbe

SHA512
dae0a3d037d7119c55cf8d2e63c9e6c73c6e71977495e9a3ea7b1b8848ab6e57cb87d66a426c2cd3cb2e619153228ef8b58b63b1f821736c15cca185cdb55ffd

Download Submit
C:\Windows\System\YXNeKAc.exe
Filesize
1.3MB

MD5
cfa629b207804d3e47b6b23a4caca19f

SHA1
612358149e84b67b9dae8bbed84e95e20461b44e

SHA256
e49e37549c012967adccceb0949b06304240b082778ef4b6af5ac638830ffca8

SHA512
bc5295d0deb49c779c8cb2659236de3947a9d4c8cc6bb37e57b867cf781c9e7e565004099c5a1242ef66808cf36fdeacd51e8bfb50ee719368f532b1f33015ac

Download Submit
C:\Windows\System\YrnkQGT.exe
Filesize
1.3MB

MD5
68a24d63fddfa6ceb6c2326ece765f70

SHA1
f8645fdb68028c03a3661be09c7bab0b101beaa8

SHA256
2f101a0ab3f8596929121fab6626b85b95d5ff512411a1c032ddac558e5ae77a

SHA512
bd8c5f0c891d5bc91fe3da555dc60265677377b7dc93267ba2ab09bab1b74ad19e4589bc9152b00bbee486d1c631275ee89e42ad9a505a7137c3622bd16a7ede

Download Submit
C:\Windows\System\ZPfzCNa.exe
Filesize
1.3MB

MD5
323725f0c17f08ea87c5b4b0a39e1efa

SHA1
17f1e42077af42c958a517ec46cc1cc2b44a3551

SHA256
c937a0e391fd3eb81bbcf6856c260e23b0e4f5d4b155483376ad76ab23cd137d

SHA512
86991909f5a51fd8c38e931e6cc72db23cf92d8a99bf1be8e558eaeb923386f3ac609d028db6b8b8b6967ce1145cac07a1c874cbe0337ad3afe49c15f69c8b53

Download Submit
C:\Windows\System\ZSRaKJJ.exe
Filesize
1.3MB

MD5
0fc096a12973344eaf246663f749d6b2

SHA1
9b0e9e3a96663d5df1a344b78f36643c589488ef

SHA256
ea4f1343d1cd0d6f94cd6b9f6de22941c401db253fe3ca8117166c08c72520a5

SHA512
77e759385dfa57b28e4e86f485d66b64524db80809aef3cec5b0c297f7d5f74b5d1939380c00ce451861d6a70421c34b0266e8ab9d9926c965c32e5bce6ef953

Download Submit
C:\Windows\System\bjaQZmj.exe
Filesize
1.3MB

MD5
887a290fa8a0d8075b7a77e5cad7b13a

SHA1
0d37175a3802b783fe284844c95ec28a1b2e12ba

SHA256
9a24ed368b5d74e9d90ec72312b328ad05e308494cfe40de4146bfe3189c8cb7

SHA512
0d64e5e2506079a633dfe2814c39ad4cb392bd8f2c134874039c447fbbfbc4bbfbd1a3913d294adb4ac8d83956a38d1bde921e5a5ee5f7d7da403f22924d30bf

Download Submit
C:\Windows\System\eAxZryX.exe
Filesize
1.3MB

MD5
d3a4e01c03c62e12a3ad4a7e6eb44151

SHA1
2eb7b51ab2093f52f665dbc9d608f6e158c785a0

SHA256
59cee6bffdb1bd9606fc721989efd6e89f463fd1305b7a18b6e6c358f0731da3

SHA512
ff97f455e0be9f1287212160e0dd2512db809a4e7d24f53f69705fa88079e78e197bb0e609600a8cb87ceffc8fb4cc7c8780bf981d69afaf100bc451afa681db

Download Submit
C:\Windows\System\fISFtzZ.exe
Filesize
1.3MB

MD5
a16bba299807e52f44b8996c814e33ff

SHA1
37804f77f2fd1252ae303ac79a9531e2068df03b

SHA256
18789ceacca75048c01d9a9546cb012af302c565e2182d30a0a9c91eac9640a7

SHA512
c3ae86afd3ae1b377946f1e8f2a0df25454e89fdf8ffad6b57c0447b9dcca1e3445d948fb153bbad1f9f538dbef0691ff645a9261accad1bdb75c58c87634b03

Download Submit
C:\Windows\System\gVCBfYl.exe
Filesize
1.3MB

MD5
14983d84aa13fb7bcc9a19486bf0e7da

SHA1
02efa4e5dbd3d55122277ad16a135560bdd27bef

SHA256
607b6c6269f5594d8685e905016747439fa57198546656b153c60833eb148152

SHA512
d1c7a266d423eb10437c1feb885d0c76b952e4b8e6c583c48cdb950053efb70e4c3a97aec11befacc38ddefdfe406ad9d3075879a45f5ffe9516d36d16d4be49

Download Submit
C:\Windows\System\iEFPgvB.exe
Filesize
1.3MB

MD5
ee3e6319380cd7407814dd3b53deb0ad

SHA1
a5f596e8964b681bf66e5842678d0b99b828a916

SHA256
c31363cb10e28364efa136720faf215ec1c79e6060de79a2018136a40be3691a

SHA512
37289acd7ea676f0a897fb65f84613f73c363777ae3c128b18125fdca9f45fc4666685d69b78e0822ce0b30ad969cc95c043fa6f739413957a577e4d89ca3732

Download Submit
C:\Windows\System\lCYYRxP.exe
Filesize
1.3MB

MD5
2cddafbcb07eb0c7110afe4872d27de6

SHA1
9921a9e39ae530056d39e22e3f808f80104c548a

SHA256
a436f2e84022510adc1f20168efbbcb172f0fe04bce4c72d062919563876216e

SHA512
5e2c5169ed00e4056d51b38a9ca376e9de5fa3d58e08664b41c9435cdf1fc644a326fccfb8778227f41d9bc0096bf5cbf31f7562c07c3a63da7efb49086a0bd3

Download Submit
C:\Windows\System\mfsuqTr.exe
Filesize
1.3MB

MD5
3e883cd013ac30854b54d599fa636a84

SHA1
339f4a19fda758908eb28ec25586b5f440eff714

SHA256
67ed81d8a5af366d68cfc50a7ff52a474c24484b8231f94ce981fe3a0aa0ccfe

SHA512
fc4d98303f359b198299fad984a871ac3668bb48f3844f312f7ffc8062d58478f8831b18473edaf6b054a8cf68128610b27ff58f8695ddf56fda6e381e8afbca

Download Submit
C:\Windows\System\nwlkPXn.exe
Filesize
1.3MB

MD5
199bc4772730efc66116a515c7da764b

SHA1
5beaa5b8060989ae7ab15b0f8473b817cb2c3c69

SHA256
328b0509d79b23ddf7bf798965993d72ba1218ccd8f9598ff8e1abbb05c9d79b

SHA512
e35c830457ee48ecaef1deac6f88c9c2afd8c7d1b831eb087ccd8c87162ab6f1c2ec4a7a38808ca0470b7b34ecb473b5b694cebd7153742990f8f4cbf9acd44c

Download Submit
C:\Windows\System\qTuGJAr.exe
Filesize
1.3MB

MD5
99de01a501d7ae049b6f6711cd5f5d80

SHA1
a35b9c6ef63251e3c27c6575f1a232dbabf4ebf7

SHA256
f7f6a44ecb559bdce6bba4f20b7fa501af0b1a71c56344760e3b1635276817e2

SHA512
4a25613a5e3c78bbea10496492177127d35d034c3023a741f6512bb04e80009e76ec090cbbf622d3dc272fe47f0811c07c3db884f6c9ffe52c31af6bf6e3a670

Download Submit
C:\Windows\System\sEtxPsv.exe
Filesize
1.3MB

MD5
42e9d37539d4f864a43649b61a62979f

SHA1
6eaaaa7194a9056fc978851f406aab2f86abb382

SHA256
5ebd162ab07bbaae71dc1db9290f620288ded97a2e92e939123cb9e5cab2d96b

SHA512
d9db713b5c77de83238bc3288a30655a225e30991f56ca2ef6db5cf4df56b6328730931e6a39a42f67217265ec66c9951713f104e9cd449b4111876e130f507c

Download Submit
C:\Windows\System\sIBFEMw.exe
Filesize
1.3MB

MD5
2bb7ac355be5bb8af9a7ca61ececa7dc

SHA1
925929836b94f60ea04efbc4e7394879e861cb1d

SHA256
b9921d3f757b13a3372917bbc039d943527f5308e1e1a0a91fc49bbc13618e5a

SHA512
bae0cae12baa311594efee45054a1f95299c4929c83c05553f129cdcb9c54d24b499e26aff00a592c6863cd6f0386935104ed211e4259e3199b716545efcd718

Download Submit
C:\Windows\System\uWcwYwv.exe
Filesize
1.3MB

MD5
1befa3be36e7c9f4279c7fff10b00171

SHA1
0b0274b8b274202a829fca1f14c69b30d16d1ace

SHA256
c13fd1187dd3f9846701071829460385119fefb723615614d6c355d99fcc0943

SHA512
9d6b67b811e34c313a8d9d1df335b2460d15193740f8bb9d009b1d3b4f18663ba1977fdd226b0b3b9afee2716061e48bcc456838a7f12b3b23b5e0b77a306913

Download Submit
C:\Windows\System\uuOgGqn.exe
Filesize
1.3MB

MD5
316cd2b65b1404b348d07cdd89bafe14

SHA1
a6e23cf2c75b208fb5bc23612f4879b2b98514f9

SHA256
f3f436718f8d6a64ac2933f73a2057e9acefa9f827c88c9e195f53219b2db856

SHA512
6e5d5dbe48424742109cd3ce38e1410a764b601321433865609cf56b71a84778337109da5bc2af897fe109920fe8d9bd531c7fe5eb5c015bf4f38a73e55129e7

Download Submit
C:\Windows\System\vOBnxNV.exe
Filesize
1.3MB

MD5
31742880e2f8254857558bb4aa90628c

SHA1
dfa71c6a6d0a1c9bea8434d52d2d0abe299f0e0b

SHA256
08a82d7a6b3548ae0ebfe8cac8d7b6b65929585adb307bd00719c580e30b69c3

SHA512
742f08c7655a74acbe9059b0e216ec8970c1852150387f7ea512b7cf8c7d61f37e2a58c9238f00174be04aac5517d8e3e341ea4323071a3f991a9827faef6e6a

Download Submit
C:\Windows\System\wNJrhvw.exe
Filesize
1.3MB

MD5
cd22ddfea57682d87d1ed9d4fb45df76

SHA1
ed0db01d454c3e7e58e1b88c84e70a7a4536d820

SHA256
e31d35872e7d617553432d1fe23f58a711160d1652fc14584237b5d52b03bf53

SHA512
f28af5f1a7f970477a3487b525b900aa3fcc0e27ac0e782017f6463e84464676a45c35c67af2c53b8d500663ed0ba36179c35422bc22c018ba04e0ad977da04c

Download Submit
C:\Windows\System\wgtictE.exe
Filesize
1.3MB

MD5
57ffd926f26711d696fd919f98b49fc2

SHA1
331779e8ff1eecc95d5e7829f4418d6574f7723f

SHA256
02d8842c2cb79115bada58f8eff06d89049e34f6fcbab7b0afa5dd8c794158d7

SHA512
4ad7d18aa7bc52663f534b1352034e2f897ab4bd8c84d271fbefb9b29d2d07dc8ada629501530d1ff8ad981900792673be94e3d59cf2a85b9fa85052b7816e06

Download Submit
C:\Windows\System\wtgZtvC.exe
Filesize
1.3MB

MD5
3c6bb9759c24b7f94f857b16fbaf9c10

SHA1
55b3431695420bbec1b6de3a27629aefadcfa666

SHA256
fb2eb6e0df5826a48fa221515b6271552a510dadac25839a963bf18167baebba

SHA512
2f39ef5dec350f415dfa36565616a2dee8981a226621fe5b8a85d294c08df8498033be98a78a7c6174257c358f31dfabeb375ef73c84d245f067b5800e8e00d2

Download Submit
C:\Windows\System\xhDGoMX.exe
Filesize
1.3MB

MD5
ffae40f9f4fdcd968695637bf08f596a

SHA1
8465a8b9a8c007e88c54b95e4d0cde5a0d1ce1ec

SHA256
91c4b7541968694d44f10d15613ab76590458abf3923249e3064a42688faaea6

SHA512
4e4dfa3a42c24c526eab4dfe8a696ed86cc09c5b3a937ba5fc8452e88bf2a3173e0c5530af3d8c04493948788e154f564a8083fe312719c824f44245abea8ae6

Download Submit
C:\Windows\System\zHHnIVO.exe
Filesize
1.3MB

MD5
4ccc2dc0e1d08d52fdb5e6bfa80caf6c

SHA1
4ad106e0fe96faeb4b2a54716b8446714db84c8d

SHA256
ff7b425ed9a0d147656492d2b4cb0091ac49068ee5da86bcbf8bdd6244eaaeab

SHA512
d9d7454e2c2b49bc9f2d14c402bfdbf087850374a387aef9f33a756d1286d90dabd18c2a286f6c68f72f66e36fe9620529c7c01841af726007016495cca54f97

Download Submit
C:\Windows\System\zWCkkKm.exe
Filesize
1.3MB

MD5
31ba00d8709ad62cf062793f46844a85

SHA1
6c3732f5391cfab3d315beaba51ef4ec6a75d4b9

SHA256
3f503f19f2a9feaae69cd52677bc14d9c7e24c74a9d7abd48f49b1ae67309cd5

SHA512
b376e1118579765dd3a7e154990cb055039b9b67a8c6032046d9cd56bfa730c8bc978db010c37be62581bee2707415bd95dbb5b4efc9c9ca86eaac2a35e329a3

Download Submit
C:\Windows\System\zjltNbE.exe
Filesize
1.3MB

MD5
30dd9b765a2abed7ff030ff085193d1c

SHA1
230209c9e3f22e7026e5389c1218179647bf3d5c

SHA256
7fc85192301e501dd0423243f99ba88c340a5fd77d11013d785ea0361e4dbca8

SHA512
340315cd96e59ca48e6560ba58256a5c084b719ba4193a6ac708a767d2a7f64fc450628a51627db1fa824f0ec503faa543908cf68da8e299f07e168a9e8b915d

Download Submit
memory/640-5541-0x00007FF797380000-0x00007FF797772000-memory.dmp

Filesize
3.9MB

Download
memory/640-5573-0x00007FF797380000-0x00007FF797772000-memory.dmp

Filesize
3.9MB

Download
memory/640-26-0x00007FF797380000-0x00007FF797772000-memory.dmp

Filesize
3.9MB

Download
memory/884-5592-0x00007FF70E2D0000-0x00007FF70E6C2000-memory.dmp

Filesize
3.9MB

Download
memory/884-740-0x00007FF70E2D0000-0x00007FF70E6C2000-memory.dmp

Filesize
3.9MB

Download
memory/1464-730-0x00007FF639D40000-0x00007FF63A132000-memory.dmp

Filesize
3.9MB

Download
memory/1464-5609-0x00007FF639D40000-0x00007FF63A132000-memory.dmp

Filesize
3.9MB

Download
memory/1492-27-0x00007FFE31143000-0x00007FFE31145000-memory.dmp

Filesize
8KB

Download
memory/1492-726-0x00007FFE31140000-0x00007FFE31C01000-memory.dmp

Filesize
10.8MB

Download
memory/1492-718-0x0000017C1D9F0000-0x0000017C1DA12000-memory.dmp

Filesize
136KB

Download
memory/1492-143-0x00007FFE31140000-0x00007FFE31C01000-memory.dmp

Filesize
10.8MB

Download
memory/1640-5655-0x00007FF6F9F30000-0x00007FF6FA322000-memory.dmp

Filesize
3.9MB

Download
memory/1640-735-0x00007FF6F9F30000-0x00007FF6FA322000-memory.dmp

Filesize
3.9MB

Download
memory/1784-728-0x00007FF612000000-0x00007FF6123F2000-memory.dmp

Filesize
3.9MB

Download
memory/1784-5607-0x00007FF612000000-0x00007FF6123F2000-memory.dmp

Filesize
3.9MB

Download
memory/1932-729-0x00007FF650150000-0x00007FF650542000-memory.dmp

Filesize
3.9MB

Download
memory/1932-5605-0x00007FF650150000-0x00007FF650542000-memory.dmp

Filesize
3.9MB

Download
memory/1968-241-0x00007FF70DDC0000-0x00007FF70E1B2000-memory.dmp

Filesize
3.9MB

Download
memory/1968-5585-0x00007FF70DDC0000-0x00007FF70E1B2000-memory.dmp

Filesize
3.9MB

Download
memory/2204-727-0x00007FF68EC20000-0x00007FF68F012000-memory.dmp

Filesize
3.9MB

Download
memory/2204-5595-0x00007FF68EC20000-0x00007FF68F012000-memory.dmp

Filesize
3.9MB

Download
memory/2356-147-0x00007FF7AF750000-0x00007FF7AFB42000-memory.dmp

Filesize
3.9MB

Download
memory/2356-5579-0x00007FF7AF750000-0x00007FF7AFB42000-memory.dmp

Filesize
3.9MB

Download
memory/2520-734-0x00007FF6AA6E0000-0x00007FF6AAAD2000-memory.dmp

Filesize
3.9MB

Download
memory/2520-5598-0x00007FF6AA6E0000-0x00007FF6AAAD2000-memory.dmp

Filesize
3.9MB

Download
memory/2816-5600-0x00007FF690A40000-0x00007FF690E32000-memory.dmp

Filesize
3.9MB

Download
memory/2816-736-0x00007FF690A40000-0x00007FF690E32000-memory.dmp

Filesize
3.9MB

Download
memory/2948-741-0x00007FF722310000-0x00007FF722702000-memory.dmp

Filesize
3.9MB

Download
memory/2948-5575-0x00007FF722310000-0x00007FF722702000-memory.dmp

Filesize
3.9MB

Download
memory/3040-731-0x00007FF6EAC30000-0x00007FF6EB022000-memory.dmp

Filesize
3.9MB

Download
memory/3040-5589-0x00007FF6EAC30000-0x00007FF6EB022000-memory.dmp

Filesize
3.9MB

Download
memory/3100-739-0x00007FF694B30000-0x00007FF694F22000-memory.dmp

Filesize
3.9MB

Download
memory/3100-5707-0x00007FF694B30000-0x00007FF694F22000-memory.dmp

Filesize
3.9MB

Download
memory/3216-738-0x00007FF6DE470000-0x00007FF6DE862000-memory.dmp

Filesize
3.9MB

Download
memory/3216-5696-0x00007FF6DE470000-0x00007FF6DE862000-memory.dmp

Filesize
3.9MB

Download
memory/3240-366-0x00007FF7F8960000-0x00007FF7F8D52000-memory.dmp

Filesize
3.9MB

Download
memory/3240-5583-0x00007FF7F8960000-0x00007FF7F8D52000-memory.dmp

Filesize
3.9MB

Download
memory/3276-305-0x00007FF7EE0E0000-0x00007FF7EE4D2000-memory.dmp

Filesize
3.9MB

Download
memory/3276-5581-0x00007FF7EE0E0000-0x00007FF7EE4D2000-memory.dmp

Filesize
3.9MB

Download
memory/3368-478-0x00007FF752A60000-0x00007FF752E52000-memory.dmp

Filesize
3.9MB

Download
memory/3368-5588-0x00007FF752A60000-0x00007FF752E52000-memory.dmp

Filesize
3.9MB

Download
memory/3420-5602-0x00007FF680D40000-0x00007FF681132000-memory.dmp

Filesize
3.9MB

Download
memory/3420-733-0x00007FF680D40000-0x00007FF681132000-memory.dmp

Filesize
3.9MB

Download
memory/3628-5571-0x00007FF7F0050000-0x00007FF7F0442000-memory.dmp

Filesize
3.9MB

Download
memory/3628-21-0x00007FF7F0050000-0x00007FF7F0442000-memory.dmp

Filesize
3.9MB

Download
memory/3956-0-0x00007FF780890000-0x00007FF780C82000-memory.dmp

Filesize
3.9MB

Download
memory/3956-1-0x00000175E7480000-0x00000175E7490000-memory.dmp

Filesize
64KB

Download
memory/4312-5604-0x00007FF727130000-0x00007FF727522000-memory.dmp

Filesize
3.9MB

Download
memory/4312-732-0x00007FF727130000-0x00007FF727522000-memory.dmp

Filesize
3.9MB

Download
memory/4472-5593-0x00007FF76D990000-0x00007FF76DD82000-memory.dmp

Filesize
3.9MB

Download
memory/4472-196-0x00007FF76D990000-0x00007FF76DD82000-memory.dmp

Filesize
3.9MB

Download
memory/4712-752-0x00007FF7B8480000-0x00007FF7B8872000-memory.dmp

Filesize
3.9MB

Download
memory/4712-5577-0x00007FF7B8480000-0x00007FF7B8872000-memory.dmp

Filesize
3.9MB

Download
memory/4940-5679-0x00007FF69B5B0000-0x00007FF69B9A2000-memory.dmp

Filesize
3.9MB

Download
memory/4940-737-0x00007FF69B5B0000-0x00007FF69B9A2000-memory.dmp

Filesize
3.9MB

Download