xmrig | 2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
Size

1.6MB
MD5

07648d54edfa27209492b64f414c98a0
SHA1

b0d0659de195fabf334fe3aad199cf988d511474
SHA256

2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363
SHA512

a5bfe36c4b458cbe71b45f33a4d65e929bde7eb0d99d13bb251e2ddd25b9b4ff0616cd80be34795e65b08f684a11c91f17dff86d1febed329c6b109907cff029
SSDEEP

49152:Lz071uv4BPMkHC0INx29L5KQ2uIbQHlGk:NABX

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/2424-295-0x00007FF6CF8F0000-0x00007FF6CFCE2000-memory.dmp	xmrig
behavioral2/memory/3592-300-0x00007FF74CD30000-0x00007FF74D122000-memory.dmp	xmrig
behavioral2/memory/980-306-0x00007FF63C790000-0x00007FF63CB82000-memory.dmp	xmrig
behavioral2/memory/1452-329-0x00007FF6ECC00000-0x00007FF6ECFF2000-memory.dmp	xmrig
behavioral2/memory/3236-309-0x00007FF6574B0000-0x00007FF6578A2000-memory.dmp	xmrig
behavioral2/memory/876-308-0x00007FF6E7A70000-0x00007FF6E7E62000-memory.dmp	xmrig
behavioral2/memory/4524-307-0x00007FF6F2240000-0x00007FF6F2632000-memory.dmp	xmrig
behavioral2/memory/4208-305-0x00007FF7EA680000-0x00007FF7EAA72000-memory.dmp	xmrig
behavioral2/memory/5100-304-0x00007FF676EC0000-0x00007FF6772B2000-memory.dmp	xmrig
behavioral2/memory/1740-303-0x00007FF6C6030000-0x00007FF6C6422000-memory.dmp	xmrig
behavioral2/memory/3640-302-0x00007FF658320000-0x00007FF658712000-memory.dmp	xmrig
behavioral2/memory/3700-301-0x00007FF77DAA0000-0x00007FF77DE92000-memory.dmp	xmrig
behavioral2/memory/2156-299-0x00007FF79E360000-0x00007FF79E752000-memory.dmp	xmrig
behavioral2/memory/5084-298-0x00007FF66D160000-0x00007FF66D552000-memory.dmp	xmrig
behavioral2/memory/2296-297-0x00007FF655320000-0x00007FF655712000-memory.dmp	xmrig
behavioral2/memory/1068-296-0x00007FF6AA450000-0x00007FF6AA842000-memory.dmp	xmrig
behavioral2/memory/904-294-0x00007FF6989D0000-0x00007FF698DC2000-memory.dmp	xmrig
behavioral2/memory/3720-293-0x00007FF742CA0000-0x00007FF743092000-memory.dmp	xmrig
behavioral2/memory/2636-291-0x00007FF799C60000-0x00007FF79A052000-memory.dmp	xmrig
behavioral2/memory/3384-289-0x00007FF71E010000-0x00007FF71E402000-memory.dmp	xmrig
behavioral2/memory/1880-194-0x00007FF6F0C00000-0x00007FF6F0FF2000-memory.dmp	xmrig
behavioral2/memory/1384-127-0x00007FF61BB20000-0x00007FF61BF12000-memory.dmp	xmrig
behavioral2/memory/3424-90-0x00007FF694CD0000-0x00007FF6950C2000-memory.dmp	xmrig
behavioral2/memory/1808-2936-0x00007FF67CE70000-0x00007FF67D262000-memory.dmp	xmrig
behavioral2/memory/1808-2938-0x00007FF67CE70000-0x00007FF67D262000-memory.dmp	xmrig
behavioral2/memory/3236-2940-0x00007FF6574B0000-0x00007FF6578A2000-memory.dmp	xmrig
behavioral2/memory/3424-2942-0x00007FF694CD0000-0x00007FF6950C2000-memory.dmp	xmrig
behavioral2/memory/3384-2948-0x00007FF71E010000-0x00007FF71E402000-memory.dmp	xmrig
behavioral2/memory/1068-2952-0x00007FF6AA450000-0x00007FF6AA842000-memory.dmp	xmrig
behavioral2/memory/2424-2956-0x00007FF6CF8F0000-0x00007FF6CFCE2000-memory.dmp	xmrig
behavioral2/memory/1880-2950-0x00007FF6F0C00000-0x00007FF6F0FF2000-memory.dmp	xmrig
behavioral2/memory/2636-2946-0x00007FF799C60000-0x00007FF79A052000-memory.dmp	xmrig
behavioral2/memory/1384-2944-0x00007FF61BB20000-0x00007FF61BF12000-memory.dmp	xmrig
behavioral2/memory/2296-2958-0x00007FF655320000-0x00007FF655712000-memory.dmp	xmrig
behavioral2/memory/3720-2954-0x00007FF742CA0000-0x00007FF743092000-memory.dmp	xmrig
behavioral2/memory/4208-2967-0x00007FF7EA680000-0x00007FF7EAA72000-memory.dmp	xmrig
behavioral2/memory/1740-2971-0x00007FF6C6030000-0x00007FF6C6422000-memory.dmp	xmrig
behavioral2/memory/2156-2975-0x00007FF79E360000-0x00007FF79E752000-memory.dmp	xmrig
behavioral2/memory/4524-2969-0x00007FF6F2240000-0x00007FF6F2632000-memory.dmp	xmrig
behavioral2/memory/3640-2965-0x00007FF658320000-0x00007FF658712000-memory.dmp	xmrig
behavioral2/memory/3700-2963-0x00007FF77DAA0000-0x00007FF77DE92000-memory.dmp	xmrig
behavioral2/memory/904-2960-0x00007FF6989D0000-0x00007FF698DC2000-memory.dmp	xmrig
behavioral2/memory/5084-2980-0x00007FF66D160000-0x00007FF66D552000-memory.dmp	xmrig
behavioral2/memory/3592-2977-0x00007FF74CD30000-0x00007FF74D122000-memory.dmp	xmrig
behavioral2/memory/980-2982-0x00007FF63C790000-0x00007FF63CB82000-memory.dmp	xmrig
behavioral2/memory/1452-2973-0x00007FF6ECC00000-0x00007FF6ECFF2000-memory.dmp	xmrig
behavioral2/memory/5100-2995-0x00007FF676EC0000-0x00007FF6772B2000-memory.dmp	xmrig
behavioral2/memory/876-2990-0x00007FF6E7A70000-0x00007FF6E7E62000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	3404	powershell.exe
11	3404	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3404	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1808	UsHvcLP.exe
3424	EOJsDmY.exe
3236	xrjAaLV.exe
1384	qnmjNbZ.exe
1880	EgwgGdS.exe
3384	dcSOsxA.exe
2636	IenkJEp.exe
3720	MHoNVgr.exe
904	wPPZbDb.exe
2424	osqTWUT.exe
1068	VHbytbQ.exe
2296	uTHSNJE.exe
5084	PGmrYmo.exe
2156	ESNThMk.exe
3592	yzOKMkZ.exe
3700	vQrHllT.exe
3640	jynITWm.exe
1740	hooqtZf.exe
1452	lMlRDqx.exe
5100	ZExpyCs.exe
4208	ytknGHD.exe
980	BZFPBKL.exe
4524	jRfwtoT.exe
876	ATMZyTR.exe
4796	PDAPXtT.exe
2256	lmlRxJv.exe
984	loVrEwl.exe
3676	soOQATp.exe
1180	qPWKsqy.exe
1552	XPmmTUZ.exe
3420	aFyVsXf.exe
1820	ocYIKsQ.exe
2772	JaFDwpY.exe
4804	MyIZWur.exe
1192	KoRAkiy.exe
3016	SWrmrxO.exe
3276	PBdRzAi.exe
3464	ZgsFLbx.exe
3432	OjRybip.exe
4952	TfwrGiS.exe
432	NDVnJwI.exe
3232	oMtfbwK.exe
2512	TWUoSlG.exe
5032	nsspAqJ.exe
2700	WMYbPxB.exe
1912	uQLWCIB.exe
4432	Qzthtfx.exe
4136	fHwUHyi.exe
1536	cliNreT.exe
2376	vEUivRY.exe
1248	hFiUpGA.exe
4152	XZFfUUu.exe
4836	MHgXJUf.exe
4956	OBPNcDI.exe
4060	IjaemWv.exe
2532	VfWDEuO.exe
4788	TAmaoMZ.exe
1600	AzFNNdv.exe
404	NkzByiI.exe
4932	YfjkGpU.exe
4376	qzSTRZL.exe
1884	rkktsRb.exe
4028	yINcjex.exe
524	nQoigRb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4424-0-0x00007FF6B6980000-0x00007FF6B6D72000-memory.dmp	upx
behavioral2/files/0x000700000002356a-7.dat	upx
behavioral2/files/0x0008000000023565-11.dat	upx
behavioral2/files/0x0007000000023569-10.dat	upx
behavioral2/files/0x000700000002356b-47.dat	upx
behavioral2/files/0x0007000000023575-126.dat	upx
behavioral2/files/0x0007000000023576-179.dat	upx
behavioral2/files/0x0007000000023589-177.dat	upx
behavioral2/memory/2424-295-0x00007FF6CF8F0000-0x00007FF6CFCE2000-memory.dmp	upx
behavioral2/memory/3592-300-0x00007FF74CD30000-0x00007FF74D122000-memory.dmp	upx
behavioral2/memory/980-306-0x00007FF63C790000-0x00007FF63CB82000-memory.dmp	upx
behavioral2/memory/1452-329-0x00007FF6ECC00000-0x00007FF6ECFF2000-memory.dmp	upx
behavioral2/memory/3236-309-0x00007FF6574B0000-0x00007FF6578A2000-memory.dmp	upx
behavioral2/memory/876-308-0x00007FF6E7A70000-0x00007FF6E7E62000-memory.dmp	upx
behavioral2/memory/4524-307-0x00007FF6F2240000-0x00007FF6F2632000-memory.dmp	upx
behavioral2/memory/4208-305-0x00007FF7EA680000-0x00007FF7EAA72000-memory.dmp	upx
behavioral2/memory/5100-304-0x00007FF676EC0000-0x00007FF6772B2000-memory.dmp	upx
behavioral2/memory/1740-303-0x00007FF6C6030000-0x00007FF6C6422000-memory.dmp	upx
behavioral2/memory/3640-302-0x00007FF658320000-0x00007FF658712000-memory.dmp	upx
behavioral2/memory/3700-301-0x00007FF77DAA0000-0x00007FF77DE92000-memory.dmp	upx
behavioral2/memory/2156-299-0x00007FF79E360000-0x00007FF79E752000-memory.dmp	upx
behavioral2/memory/5084-298-0x00007FF66D160000-0x00007FF66D552000-memory.dmp	upx
behavioral2/memory/2296-297-0x00007FF655320000-0x00007FF655712000-memory.dmp	upx
behavioral2/memory/1068-296-0x00007FF6AA450000-0x00007FF6AA842000-memory.dmp	upx
behavioral2/memory/904-294-0x00007FF6989D0000-0x00007FF698DC2000-memory.dmp	upx
behavioral2/memory/3720-293-0x00007FF742CA0000-0x00007FF743092000-memory.dmp	upx
behavioral2/memory/2636-291-0x00007FF799C60000-0x00007FF79A052000-memory.dmp	upx
behavioral2/memory/3384-289-0x00007FF71E010000-0x00007FF71E402000-memory.dmp	upx
behavioral2/files/0x000700000002358f-215.dat	upx
behavioral2/files/0x0007000000023586-209.dat	upx
behavioral2/files/0x000700000002358e-208.dat	upx
behavioral2/files/0x000700000002358d-206.dat	upx
behavioral2/files/0x000700000002357a-202.dat	upx
behavioral2/files/0x000700000002357d-197.dat	upx
behavioral2/memory/1880-194-0x00007FF6F0C00000-0x00007FF6F0FF2000-memory.dmp	upx
behavioral2/files/0x000700000002358a-191.dat	upx
behavioral2/files/0x0007000000023582-173.dat	upx
behavioral2/files/0x000700000002357c-163.dat	upx
behavioral2/files/0x000700000002357f-148.dat	upx
behavioral2/files/0x0007000000023585-143.dat	upx
behavioral2/files/0x0007000000023584-137.dat	upx
behavioral2/files/0x0007000000023579-138.dat	upx
behavioral2/files/0x000700000002357e-136.dat	upx
behavioral2/files/0x000700000002358b-200.dat	upx
behavioral2/files/0x0007000000023583-128.dat	upx
behavioral2/memory/1384-127-0x00007FF61BB20000-0x00007FF61BF12000-memory.dmp	upx
behavioral2/files/0x0007000000023574-166.dat	upx
behavioral2/files/0x0007000000023581-119.dat	upx
behavioral2/files/0x0007000000023588-160.dat	upx
behavioral2/files/0x000700000002357b-153.dat	upx
behavioral2/files/0x0007000000023573-105.dat	upx
behavioral2/files/0x0007000000023578-132.dat	upx
behavioral2/files/0x0007000000023577-102.dat	upx
behavioral2/files/0x0007000000023571-99.dat	upx
behavioral2/files/0x0007000000023570-98.dat	upx
behavioral2/files/0x000700000002356f-91.dat	upx
behavioral2/memory/3424-90-0x00007FF694CD0000-0x00007FF6950C2000-memory.dmp	upx
behavioral2/files/0x0007000000023580-116.dat	upx
behavioral2/files/0x0007000000023572-58.dat	upx
behavioral2/files/0x000700000002356c-76.dat	upx
behavioral2/files/0x000700000002356e-43.dat	upx
behavioral2/files/0x000700000002356d-40.dat	upx
behavioral2/memory/1808-15-0x00007FF67CE70000-0x00007FF67D262000-memory.dmp	upx
behavioral2/memory/1808-2936-0x00007FF67CE70000-0x00007FF67D262000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qzSTRZL.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\hkVqtJa.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\nTBJrBq.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\aDfBLTv.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\NGpyQYP.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\WMZkLiX.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\FitjTAh.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\xDjQUkD.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\NcRKVJj.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\oUWtGVG.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\MGEotpR.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\XGPgjRX.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\ilNdGuG.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\PPkupNT.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\XPmmTUZ.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\OBPNcDI.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\jjXrTRg.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\ZkUYDaV.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\ygtgOVs.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\ajUGZqa.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\bobUYSa.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\adXqdjv.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\LfHMxsW.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\NvIiFZw.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\DHIBNsX.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\hwFwZMF.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\OytwMVt.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\YKItRKu.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\MhnANAv.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\TwEmDBF.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\SiNWChv.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\AqyEpTB.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\OWPppSd.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\TWUoSlG.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\nQoigRb.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\yFEIbNt.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\YnpoHJu.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\yINcjex.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\dFraJTW.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\tTWdzJz.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\IRFMhDW.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\MiUmHAM.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\wpIiUBt.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\mLsyila.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\wCuxNUZ.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\xnrBTtp.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\aoGvFjC.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\wPENKZe.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\Aaljrtt.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\UTjaLeU.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\KSGzNBw.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\nDlIeTm.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\blMZhsD.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\kFdbRHz.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\XeeuBxf.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\alHnbqw.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\LxCcwtq.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\nJfiwoz.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\FWLvEgq.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\FsTLBKQ.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\kxyJflI.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\ixxkUzq.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\BROKwkw.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
File created	C:\Windows\System\PITTiKo.exe	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3404	powershell.exe
3404	powershell.exe
3404	powershell.exe
3404	powershell.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
Token: SeDebugPrivilege	3404	powershell.exe
Token: SeCreateGlobalPrivilege	12128	dwm.exe
Token: SeChangeNotifyPrivilege	12128	dwm.exe
Token: 33	12128	dwm.exe
Token: SeIncBasePriorityPrivilege	12128	dwm.exe
Token: SeCreateGlobalPrivilege	9592	dwm.exe
Token: SeChangeNotifyPrivilege	9592	dwm.exe
Token: 33	9592	dwm.exe
Token: SeIncBasePriorityPrivilege	9592	dwm.exe
Token: SeShutdownPrivilege	9592	dwm.exe
Token: SeCreatePagefilePrivilege	9592	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 3404	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	83
PID 4424 wrote to memory of 3404	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	83
PID 4424 wrote to memory of 1808	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	84
PID 4424 wrote to memory of 1808	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	84
PID 4424 wrote to memory of 3424	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	85
PID 4424 wrote to memory of 3424	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	85
PID 4424 wrote to memory of 3236	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	86
PID 4424 wrote to memory of 3236	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	86
PID 4424 wrote to memory of 1384	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	87
PID 4424 wrote to memory of 1384	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	87
PID 4424 wrote to memory of 1880	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	88
PID 4424 wrote to memory of 1880	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	88
PID 4424 wrote to memory of 3384	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	89
PID 4424 wrote to memory of 3384	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	89
PID 4424 wrote to memory of 2636	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	90
PID 4424 wrote to memory of 2636	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	90
PID 4424 wrote to memory of 3720	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	91
PID 4424 wrote to memory of 3720	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	91
PID 4424 wrote to memory of 904	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	92
PID 4424 wrote to memory of 904	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	92
PID 4424 wrote to memory of 2424	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	93
PID 4424 wrote to memory of 2424	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	93
PID 4424 wrote to memory of 1068	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	94
PID 4424 wrote to memory of 1068	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	94
PID 4424 wrote to memory of 2296	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	95
PID 4424 wrote to memory of 2296	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	95
PID 4424 wrote to memory of 5084	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	96
PID 4424 wrote to memory of 5084	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	96
PID 4424 wrote to memory of 2156	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	97
PID 4424 wrote to memory of 2156	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	97
PID 4424 wrote to memory of 3592	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	98
PID 4424 wrote to memory of 3592	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	98
PID 4424 wrote to memory of 3700	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	99
PID 4424 wrote to memory of 3700	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	99
PID 4424 wrote to memory of 3640	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	100
PID 4424 wrote to memory of 3640	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	100
PID 4424 wrote to memory of 4208	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	101
PID 4424 wrote to memory of 4208	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	101
PID 4424 wrote to memory of 980	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	102
PID 4424 wrote to memory of 980	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	102
PID 4424 wrote to memory of 1740	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	103
PID 4424 wrote to memory of 1740	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	103
PID 4424 wrote to memory of 1452	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	104
PID 4424 wrote to memory of 1452	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	104
PID 4424 wrote to memory of 5100	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	105
PID 4424 wrote to memory of 5100	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	105
PID 4424 wrote to memory of 3676	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	106
PID 4424 wrote to memory of 3676	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	106
PID 4424 wrote to memory of 4524	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	107
PID 4424 wrote to memory of 4524	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	107
PID 4424 wrote to memory of 876	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	108
PID 4424 wrote to memory of 876	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	108
PID 4424 wrote to memory of 4796	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	109
PID 4424 wrote to memory of 4796	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	109
PID 4424 wrote to memory of 2256	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	110
PID 4424 wrote to memory of 2256	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	110
PID 4424 wrote to memory of 984	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	111
PID 4424 wrote to memory of 984	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	111
PID 4424 wrote to memory of 1180	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	112
PID 4424 wrote to memory of 1180	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	112
PID 4424 wrote to memory of 1552	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	113
PID 4424 wrote to memory of 1552	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	113
PID 4424 wrote to memory of 3420	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	114
PID 4424 wrote to memory of 3420	4424	2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2fc4753487ca48e4328f524fbc0277026ebdbf9b2172a0ef61f8dee2d0619363_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3404
- C:\Windows\System\UsHvcLP.exe
  C:\Windows\System\UsHvcLP.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\EOJsDmY.exe
  C:\Windows\System\EOJsDmY.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\xrjAaLV.exe
  C:\Windows\System\xrjAaLV.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\qnmjNbZ.exe
  C:\Windows\System\qnmjNbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\EgwgGdS.exe
  C:\Windows\System\EgwgGdS.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\dcSOsxA.exe
  C:\Windows\System\dcSOsxA.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\IenkJEp.exe
  C:\Windows\System\IenkJEp.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\MHoNVgr.exe
  C:\Windows\System\MHoNVgr.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\wPPZbDb.exe
  C:\Windows\System\wPPZbDb.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\osqTWUT.exe
  C:\Windows\System\osqTWUT.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\VHbytbQ.exe
  C:\Windows\System\VHbytbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\uTHSNJE.exe
  C:\Windows\System\uTHSNJE.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\PGmrYmo.exe
  C:\Windows\System\PGmrYmo.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\ESNThMk.exe
  C:\Windows\System\ESNThMk.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\yzOKMkZ.exe
  C:\Windows\System\yzOKMkZ.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\vQrHllT.exe
  C:\Windows\System\vQrHllT.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\jynITWm.exe
  C:\Windows\System\jynITWm.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\ytknGHD.exe
  C:\Windows\System\ytknGHD.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\BZFPBKL.exe
  C:\Windows\System\BZFPBKL.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\hooqtZf.exe
  C:\Windows\System\hooqtZf.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\lMlRDqx.exe
  C:\Windows\System\lMlRDqx.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\ZExpyCs.exe
  C:\Windows\System\ZExpyCs.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\soOQATp.exe
  C:\Windows\System\soOQATp.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\jRfwtoT.exe
  C:\Windows\System\jRfwtoT.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\ATMZyTR.exe
  C:\Windows\System\ATMZyTR.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\PDAPXtT.exe
  C:\Windows\System\PDAPXtT.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\lmlRxJv.exe
  C:\Windows\System\lmlRxJv.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\loVrEwl.exe
  C:\Windows\System\loVrEwl.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\qPWKsqy.exe
  C:\Windows\System\qPWKsqy.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\XPmmTUZ.exe
  C:\Windows\System\XPmmTUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\aFyVsXf.exe
  C:\Windows\System\aFyVsXf.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\NDVnJwI.exe
  C:\Windows\System\NDVnJwI.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\ocYIKsQ.exe
  C:\Windows\System\ocYIKsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\JaFDwpY.exe
  C:\Windows\System\JaFDwpY.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\MyIZWur.exe
  C:\Windows\System\MyIZWur.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\KoRAkiy.exe
  C:\Windows\System\KoRAkiy.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\MHgXJUf.exe
  C:\Windows\System\MHgXJUf.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\SWrmrxO.exe
  C:\Windows\System\SWrmrxO.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\PBdRzAi.exe
  C:\Windows\System\PBdRzAi.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\ZgsFLbx.exe
  C:\Windows\System\ZgsFLbx.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\OjRybip.exe
  C:\Windows\System\OjRybip.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\TfwrGiS.exe
  C:\Windows\System\TfwrGiS.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\oMtfbwK.exe
  C:\Windows\System\oMtfbwK.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\TWUoSlG.exe
  C:\Windows\System\TWUoSlG.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\nsspAqJ.exe
  C:\Windows\System\nsspAqJ.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\WMYbPxB.exe
  C:\Windows\System\WMYbPxB.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\uQLWCIB.exe
  C:\Windows\System\uQLWCIB.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\Qzthtfx.exe
  C:\Windows\System\Qzthtfx.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\nQoigRb.exe
  C:\Windows\System\nQoigRb.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\fHwUHyi.exe
  C:\Windows\System\fHwUHyi.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\cliNreT.exe
  C:\Windows\System\cliNreT.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\vEUivRY.exe
  C:\Windows\System\vEUivRY.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\hFiUpGA.exe
  C:\Windows\System\hFiUpGA.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\XZFfUUu.exe
  C:\Windows\System\XZFfUUu.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\ulGDreI.exe
  C:\Windows\System\ulGDreI.exe
  2⤵
  PID:4984
- C:\Windows\System\OBPNcDI.exe
  C:\Windows\System\OBPNcDI.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\IjaemWv.exe
  C:\Windows\System\IjaemWv.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\VfWDEuO.exe
  C:\Windows\System\VfWDEuO.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\TAmaoMZ.exe
  C:\Windows\System\TAmaoMZ.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\AzFNNdv.exe
  C:\Windows\System\AzFNNdv.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\NkzByiI.exe
  C:\Windows\System\NkzByiI.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\YfjkGpU.exe
  C:\Windows\System\YfjkGpU.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\qzSTRZL.exe
  C:\Windows\System\qzSTRZL.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\rkktsRb.exe
  C:\Windows\System\rkktsRb.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\yINcjex.exe
  C:\Windows\System\yINcjex.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\VNnNnVQ.exe
  C:\Windows\System\VNnNnVQ.exe
  2⤵
  PID:2516
- C:\Windows\System\GkdMiyL.exe
  C:\Windows\System\GkdMiyL.exe
  2⤵
  PID:696
- C:\Windows\System\ZxhdJwb.exe
  C:\Windows\System\ZxhdJwb.exe
  2⤵
  PID:4068
- C:\Windows\System\OXkfjgR.exe
  C:\Windows\System\OXkfjgR.exe
  2⤵
  PID:1788
- C:\Windows\System\DVjvhHt.exe
  C:\Windows\System\DVjvhHt.exe
  2⤵
  PID:3856
- C:\Windows\System\cUFiLhH.exe
  C:\Windows\System\cUFiLhH.exe
  2⤵
  PID:3504
- C:\Windows\System\WVDhDGl.exe
  C:\Windows\System\WVDhDGl.exe
  2⤵
  PID:3860
- C:\Windows\System\coglzMl.exe
  C:\Windows\System\coglzMl.exe
  2⤵
  PID:4516
- C:\Windows\System\XBXPmmL.exe
  C:\Windows\System\XBXPmmL.exe
  2⤵
  PID:2192
- C:\Windows\System\xSiymUX.exe
  C:\Windows\System\xSiymUX.exe
  2⤵
  PID:4364
- C:\Windows\System\ZpHSijP.exe
  C:\Windows\System\ZpHSijP.exe
  2⤵
  PID:3816
- C:\Windows\System\adXqdjv.exe
  C:\Windows\System\adXqdjv.exe
  2⤵
  PID:5144
- C:\Windows\System\cTYZViP.exe
  C:\Windows\System\cTYZViP.exe
  2⤵
  PID:5192
- C:\Windows\System\vfupYIs.exe
  C:\Windows\System\vfupYIs.exe
  2⤵
  PID:5208
- C:\Windows\System\ZWAuWTR.exe
  C:\Windows\System\ZWAuWTR.exe
  2⤵
  PID:5252
- C:\Windows\System\cHziusu.exe
  C:\Windows\System\cHziusu.exe
  2⤵
  PID:5624
- C:\Windows\System\grLlHAB.exe
  C:\Windows\System\grLlHAB.exe
  2⤵
  PID:5680
- C:\Windows\System\YlGsMBB.exe
  C:\Windows\System\YlGsMBB.exe
  2⤵
  PID:5704
- C:\Windows\System\SqyYycw.exe
  C:\Windows\System\SqyYycw.exe
  2⤵
  PID:5724
- C:\Windows\System\qqWzcrh.exe
  C:\Windows\System\qqWzcrh.exe
  2⤵
  PID:5744
- C:\Windows\System\GXaDLXW.exe
  C:\Windows\System\GXaDLXW.exe
  2⤵
  PID:5776
- C:\Windows\System\YfPcOYB.exe
  C:\Windows\System\YfPcOYB.exe
  2⤵
  PID:5820
- C:\Windows\System\YfzMszL.exe
  C:\Windows\System\YfzMszL.exe
  2⤵
  PID:5836
- C:\Windows\System\RKPbDvV.exe
  C:\Windows\System\RKPbDvV.exe
  2⤵
  PID:5860
- C:\Windows\System\ucnggKG.exe
  C:\Windows\System\ucnggKG.exe
  2⤵
  PID:5876
- C:\Windows\System\eFejoBF.exe
  C:\Windows\System\eFejoBF.exe
  2⤵
  PID:6040
- C:\Windows\System\tvzxfDe.exe
  C:\Windows\System\tvzxfDe.exe
  2⤵
  PID:6060
- C:\Windows\System\GqnIqdw.exe
  C:\Windows\System\GqnIqdw.exe
  2⤵
  PID:6076
- C:\Windows\System\HqnyoTu.exe
  C:\Windows\System\HqnyoTu.exe
  2⤵
  PID:6092
- C:\Windows\System\WaadUOH.exe
  C:\Windows\System\WaadUOH.exe
  2⤵
  PID:6108
- C:\Windows\System\aXjFGye.exe
  C:\Windows\System\aXjFGye.exe
  2⤵
  PID:6124
- C:\Windows\System\XwmlQfb.exe
  C:\Windows\System\XwmlQfb.exe
  2⤵
  PID:3380
- C:\Windows\System\xCMLzyu.exe
  C:\Windows\System\xCMLzyu.exe
  2⤵
  PID:3688
- C:\Windows\System\vxutOvD.exe
  C:\Windows\System\vxutOvD.exe
  2⤵
  PID:1532
- C:\Windows\System\fuMypds.exe
  C:\Windows\System\fuMypds.exe
  2⤵
  PID:3496
- C:\Windows\System\axsFkcG.exe
  C:\Windows\System\axsFkcG.exe
  2⤵
  PID:4928
- C:\Windows\System\CgDfGYT.exe
  C:\Windows\System\CgDfGYT.exe
  2⤵
  PID:4640
- C:\Windows\System\itxKxbW.exe
  C:\Windows\System\itxKxbW.exe
  2⤵
  PID:5184
- C:\Windows\System\VzAehzd.exe
  C:\Windows\System\VzAehzd.exe
  2⤵
  PID:5248
- C:\Windows\System\dxtQcJO.exe
  C:\Windows\System\dxtQcJO.exe
  2⤵
  PID:5348
- C:\Windows\System\myICSEx.exe
  C:\Windows\System\myICSEx.exe
  2⤵
  PID:644
- C:\Windows\System\YRnbphs.exe
  C:\Windows\System\YRnbphs.exe
  2⤵
  PID:5516
- C:\Windows\System\FypOEPv.exe
  C:\Windows\System\FypOEPv.exe
  2⤵
  PID:5132
- C:\Windows\System\EQiWFpq.exe
  C:\Windows\System\EQiWFpq.exe
  2⤵
  PID:4828
- C:\Windows\System\xTpbQjz.exe
  C:\Windows\System\xTpbQjz.exe
  2⤵
  PID:5440
- C:\Windows\System\ggWVkNV.exe
  C:\Windows\System\ggWVkNV.exe
  2⤵
  PID:5472
- C:\Windows\System\aUtrvom.exe
  C:\Windows\System\aUtrvom.exe
  2⤵
  PID:5508
- C:\Windows\System\ldDRiEL.exe
  C:\Windows\System\ldDRiEL.exe
  2⤵
  PID:5564
- C:\Windows\System\HLcXPta.exe
  C:\Windows\System\HLcXPta.exe
  2⤵
  PID:5664
- C:\Windows\System\FxAoCTW.exe
  C:\Windows\System\FxAoCTW.exe
  2⤵
  PID:5688
- C:\Windows\System\xJawrRi.exe
  C:\Windows\System\xJawrRi.exe
  2⤵
  PID:5752
- C:\Windows\System\LyCpkrI.exe
  C:\Windows\System\LyCpkrI.exe
  2⤵
  PID:5828
- C:\Windows\System\STOFzjZ.exe
  C:\Windows\System\STOFzjZ.exe
  2⤵
  PID:5920
- C:\Windows\System\eCoGGyL.exe
  C:\Windows\System\eCoGGyL.exe
  2⤵
  PID:5956
- C:\Windows\System\mLsyila.exe
  C:\Windows\System\mLsyila.exe
  2⤵
  PID:5988
- C:\Windows\System\ADDeriu.exe
  C:\Windows\System\ADDeriu.exe
  2⤵
  PID:6052
- C:\Windows\System\RPgijvB.exe
  C:\Windows\System\RPgijvB.exe
  2⤵
  PID:6088
- C:\Windows\System\oaCPogv.exe
  C:\Windows\System\oaCPogv.exe
  2⤵
  PID:6132
- C:\Windows\System\zZpWUHP.exe
  C:\Windows\System\zZpWUHP.exe
  2⤵
  PID:4444
- C:\Windows\System\bIyxzPT.exe
  C:\Windows\System\bIyxzPT.exe
  2⤵
  PID:3044
- C:\Windows\System\HgmbMfI.exe
  C:\Windows\System\HgmbMfI.exe
  2⤵
  PID:3200
- C:\Windows\System\sMuTjSg.exe
  C:\Windows\System\sMuTjSg.exe
  2⤵
  PID:2864
- C:\Windows\System\kftaefl.exe
  C:\Windows\System\kftaefl.exe
  2⤵
  PID:4752
- C:\Windows\System\msTyrHp.exe
  C:\Windows\System\msTyrHp.exe
  2⤵
  PID:3952
- C:\Windows\System\ERSeidY.exe
  C:\Windows\System\ERSeidY.exe
  2⤵
  PID:2140
- C:\Windows\System\bQQeJVk.exe
  C:\Windows\System\bQQeJVk.exe
  2⤵
  PID:796
- C:\Windows\System\LfHMxsW.exe
  C:\Windows\System\LfHMxsW.exe
  2⤵
  PID:4348
- C:\Windows\System\kUSZvoA.exe
  C:\Windows\System\kUSZvoA.exe
  2⤵
  PID:2612
- C:\Windows\System\fTkIaXS.exe
  C:\Windows\System\fTkIaXS.exe
  2⤵
  PID:4944
- C:\Windows\System\SNzRhHq.exe
  C:\Windows\System\SNzRhHq.exe
  2⤵
  PID:2372
- C:\Windows\System\wZTwgHT.exe
  C:\Windows\System\wZTwgHT.exe
  2⤵
  PID:392
- C:\Windows\System\aMGFQik.exe
  C:\Windows\System\aMGFQik.exe
  2⤵
  PID:4992
- C:\Windows\System\Cbalnkm.exe
  C:\Windows\System\Cbalnkm.exe
  2⤵
  PID:2012
- C:\Windows\System\BfKOyWB.exe
  C:\Windows\System\BfKOyWB.exe
  2⤵
  PID:2752
- C:\Windows\System\TvHzBIv.exe
  C:\Windows\System\TvHzBIv.exe
  2⤵
  PID:4452
- C:\Windows\System\aqlIpoK.exe
  C:\Windows\System\aqlIpoK.exe
  2⤵
  PID:1072
- C:\Windows\System\iMzDSXI.exe
  C:\Windows\System\iMzDSXI.exe
  2⤵
  PID:3864
- C:\Windows\System\RPNUZeE.exe
  C:\Windows\System\RPNUZeE.exe
  2⤵
  PID:5284
- C:\Windows\System\oRfcVcC.exe
  C:\Windows\System\oRfcVcC.exe
  2⤵
  PID:5396
- C:\Windows\System\zAWiuFT.exe
  C:\Windows\System\zAWiuFT.exe
  2⤵
  PID:5424
- C:\Windows\System\GLMKeJm.exe
  C:\Windows\System\GLMKeJm.exe
  2⤵
  PID:5584
- C:\Windows\System\EKlIqYe.exe
  C:\Windows\System\EKlIqYe.exe
  2⤵
  PID:5140
- C:\Windows\System\BHPuddW.exe
  C:\Windows\System\BHPuddW.exe
  2⤵
  PID:5240
- C:\Windows\System\XWMwwIp.exe
  C:\Windows\System\XWMwwIp.exe
  2⤵
  PID:5432
- C:\Windows\System\DtQCYLt.exe
  C:\Windows\System\DtQCYLt.exe
  2⤵
  PID:5580
- C:\Windows\System\znOVlba.exe
  C:\Windows\System\znOVlba.exe
  2⤵
  PID:5812
- C:\Windows\System\LzNDBjy.exe
  C:\Windows\System\LzNDBjy.exe
  2⤵
  PID:5928
- C:\Windows\System\kMamxCy.exe
  C:\Windows\System\kMamxCy.exe
  2⤵
  PID:6072
- C:\Windows\System\GTVbIjg.exe
  C:\Windows\System\GTVbIjg.exe
  2⤵
  PID:1084
- C:\Windows\System\PywbtVW.exe
  C:\Windows\System\PywbtVW.exe
  2⤵
  PID:4784
- C:\Windows\System\gLQcGMh.exe
  C:\Windows\System\gLQcGMh.exe
  2⤵
  PID:5972
- C:\Windows\System\BbbqyxZ.exe
  C:\Windows\System\BbbqyxZ.exe
  2⤵
  PID:3192
- C:\Windows\System\eJYniIZ.exe
  C:\Windows\System\eJYniIZ.exe
  2⤵
  PID:3552
- C:\Windows\System\wCuxNUZ.exe
  C:\Windows\System\wCuxNUZ.exe
  2⤵
  PID:4464
- C:\Windows\System\ItDusMk.exe
  C:\Windows\System\ItDusMk.exe
  2⤵
  PID:3532
- C:\Windows\System\wUAguZb.exe
  C:\Windows\System\wUAguZb.exe
  2⤵
  PID:232
- C:\Windows\System\uwQVtYX.exe
  C:\Windows\System\uwQVtYX.exe
  2⤵
  PID:1312
- C:\Windows\System\HuKVcgO.exe
  C:\Windows\System\HuKVcgO.exe
  2⤵
  PID:5412
- C:\Windows\System\asjCgpQ.exe
  C:\Windows\System\asjCgpQ.exe
  2⤵
  PID:3976
- C:\Windows\System\hOYHVop.exe
  C:\Windows\System\hOYHVop.exe
  2⤵
  PID:5672
- C:\Windows\System\QqoRedy.exe
  C:\Windows\System\QqoRedy.exe
  2⤵
  PID:6148
- C:\Windows\System\ABZTvVw.exe
  C:\Windows\System\ABZTvVw.exe
  2⤵
  PID:6164
- C:\Windows\System\lUdDZyI.exe
  C:\Windows\System\lUdDZyI.exe
  2⤵
  PID:6188
- C:\Windows\System\LAUQhbY.exe
  C:\Windows\System\LAUQhbY.exe
  2⤵
  PID:6208
- C:\Windows\System\KjqslKd.exe
  C:\Windows\System\KjqslKd.exe
  2⤵
  PID:6236
- C:\Windows\System\klGmieu.exe
  C:\Windows\System\klGmieu.exe
  2⤵
  PID:6252
- C:\Windows\System\yuDyXKW.exe
  C:\Windows\System\yuDyXKW.exe
  2⤵
  PID:6272
- C:\Windows\System\OPJCYIX.exe
  C:\Windows\System\OPJCYIX.exe
  2⤵
  PID:6288
- C:\Windows\System\TpxJpum.exe
  C:\Windows\System\TpxJpum.exe
  2⤵
  PID:6312
- C:\Windows\System\IMRVTUi.exe
  C:\Windows\System\IMRVTUi.exe
  2⤵
  PID:6332
- C:\Windows\System\tGvdAyL.exe
  C:\Windows\System\tGvdAyL.exe
  2⤵
  PID:6360
- C:\Windows\System\muuZQCt.exe
  C:\Windows\System\muuZQCt.exe
  2⤵
  PID:6384
- C:\Windows\System\vUaxSgG.exe
  C:\Windows\System\vUaxSgG.exe
  2⤵
  PID:6428
- C:\Windows\System\bXIdzll.exe
  C:\Windows\System\bXIdzll.exe
  2⤵
  PID:6448
- C:\Windows\System\GKjXPPV.exe
  C:\Windows\System\GKjXPPV.exe
  2⤵
  PID:6464
- C:\Windows\System\wNYGlMY.exe
  C:\Windows\System\wNYGlMY.exe
  2⤵
  PID:6484
- C:\Windows\System\USUsfbF.exe
  C:\Windows\System\USUsfbF.exe
  2⤵
  PID:6504
- C:\Windows\System\AUmVVcD.exe
  C:\Windows\System\AUmVVcD.exe
  2⤵
  PID:6524
- C:\Windows\System\LseCLqA.exe
  C:\Windows\System\LseCLqA.exe
  2⤵
  PID:6548
- C:\Windows\System\eEMEhEq.exe
  C:\Windows\System\eEMEhEq.exe
  2⤵
  PID:6564
- C:\Windows\System\uUoxPMz.exe
  C:\Windows\System\uUoxPMz.exe
  2⤵
  PID:6588
- C:\Windows\System\FWQPXJs.exe
  C:\Windows\System\FWQPXJs.exe
  2⤵
  PID:6608
- C:\Windows\System\FfEIojQ.exe
  C:\Windows\System\FfEIojQ.exe
  2⤵
  PID:6628
- C:\Windows\System\ZOepnJF.exe
  C:\Windows\System\ZOepnJF.exe
  2⤵
  PID:6648
- C:\Windows\System\mNkfbva.exe
  C:\Windows\System\mNkfbva.exe
  2⤵
  PID:6672
- C:\Windows\System\MxmwaYq.exe
  C:\Windows\System\MxmwaYq.exe
  2⤵
  PID:6688
- C:\Windows\System\ewQbWqX.exe
  C:\Windows\System\ewQbWqX.exe
  2⤵
  PID:6712
- C:\Windows\System\ZcpmPau.exe
  C:\Windows\System\ZcpmPau.exe
  2⤵
  PID:6728
- C:\Windows\System\rMfGIQn.exe
  C:\Windows\System\rMfGIQn.exe
  2⤵
  PID:6752
- C:\Windows\System\OKhwrJh.exe
  C:\Windows\System\OKhwrJh.exe
  2⤵
  PID:6780
- C:\Windows\System\fleUCdX.exe
  C:\Windows\System\fleUCdX.exe
  2⤵
  PID:6800
- C:\Windows\System\HoGmqka.exe
  C:\Windows\System\HoGmqka.exe
  2⤵
  PID:6824
- C:\Windows\System\TdkmMZa.exe
  C:\Windows\System\TdkmMZa.exe
  2⤵
  PID:6848
- C:\Windows\System\zjVlrgO.exe
  C:\Windows\System\zjVlrgO.exe
  2⤵
  PID:6868
- C:\Windows\System\vgpeTsw.exe
  C:\Windows\System\vgpeTsw.exe
  2⤵
  PID:6888
- C:\Windows\System\ERXLVXd.exe
  C:\Windows\System\ERXLVXd.exe
  2⤵
  PID:6908
- C:\Windows\System\efLnMSJ.exe
  C:\Windows\System\efLnMSJ.exe
  2⤵
  PID:6932
- C:\Windows\System\FxQxlDf.exe
  C:\Windows\System\FxQxlDf.exe
  2⤵
  PID:6948
- C:\Windows\System\UhOBUWB.exe
  C:\Windows\System\UhOBUWB.exe
  2⤵
  PID:6972
- C:\Windows\System\SadCnNl.exe
  C:\Windows\System\SadCnNl.exe
  2⤵
  PID:6988
- C:\Windows\System\npdXQtO.exe
  C:\Windows\System\npdXQtO.exe
  2⤵
  PID:7016
- C:\Windows\System\TvcInue.exe
  C:\Windows\System\TvcInue.exe
  2⤵
  PID:7032
- C:\Windows\System\zDMFDiO.exe
  C:\Windows\System\zDMFDiO.exe
  2⤵
  PID:7052
- C:\Windows\System\eiEXHfi.exe
  C:\Windows\System\eiEXHfi.exe
  2⤵
  PID:7072
- C:\Windows\System\yNPxofA.exe
  C:\Windows\System\yNPxofA.exe
  2⤵
  PID:7096
- C:\Windows\System\cxJvKwD.exe
  C:\Windows\System\cxJvKwD.exe
  2⤵
  PID:7124
- C:\Windows\System\XQtKnUr.exe
  C:\Windows\System\XQtKnUr.exe
  2⤵
  PID:7148
- C:\Windows\System\CgMIalw.exe
  C:\Windows\System\CgMIalw.exe
  2⤵
  PID:7164
- C:\Windows\System\xQBqWcm.exe
  C:\Windows\System\xQBqWcm.exe
  2⤵
  PID:2676
- C:\Windows\System\paGblBV.exe
  C:\Windows\System\paGblBV.exe
  2⤵
  PID:5232
- C:\Windows\System\iRkgtOq.exe
  C:\Windows\System\iRkgtOq.exe
  2⤵
  PID:5788
- C:\Windows\System\iHliAMO.exe
  C:\Windows\System\iHliAMO.exe
  2⤵
  PID:6160
- C:\Windows\System\XgUdWoa.exe
  C:\Windows\System\XgUdWoa.exe
  2⤵
  PID:5276
- C:\Windows\System\smxnpaH.exe
  C:\Windows\System\smxnpaH.exe
  2⤵
  PID:6232
- C:\Windows\System\pwNFmXt.exe
  C:\Windows\System\pwNFmXt.exe
  2⤵
  PID:6048
- C:\Windows\System\OqwopYZ.exe
  C:\Windows\System\OqwopYZ.exe
  2⤵
  PID:6372
- C:\Windows\System\bgoVljK.exe
  C:\Windows\System\bgoVljK.exe
  2⤵
  PID:6408
- C:\Windows\System\pbiHrQw.exe
  C:\Windows\System\pbiHrQw.exe
  2⤵
  PID:6492
- C:\Windows\System\bNkaybB.exe
  C:\Windows\System\bNkaybB.exe
  2⤵
  PID:6560
- C:\Windows\System\oACMkSy.exe
  C:\Windows\System\oACMkSy.exe
  2⤵
  PID:6600
- C:\Windows\System\nzajeZY.exe
  C:\Windows\System\nzajeZY.exe
  2⤵
  PID:6120
- C:\Windows\System\URQhhSc.exe
  C:\Windows\System\URQhhSc.exe
  2⤵
  PID:6708
- C:\Windows\System\vHlDfwG.exe
  C:\Windows\System\vHlDfwG.exe
  2⤵
  PID:6284
- C:\Windows\System\AEvcuAr.exe
  C:\Windows\System\AEvcuAr.exe
  2⤵
  PID:6368
- C:\Windows\System\YfgMCUG.exe
  C:\Windows\System\YfgMCUG.exe
  2⤵
  PID:7184
- C:\Windows\System\gEMemwP.exe
  C:\Windows\System\gEMemwP.exe
  2⤵
  PID:7204
- C:\Windows\System\fAjWAhP.exe
  C:\Windows\System\fAjWAhP.exe
  2⤵
  PID:7220
- C:\Windows\System\oOmcqLf.exe
  C:\Windows\System\oOmcqLf.exe
  2⤵
  PID:7244
- C:\Windows\System\GmNFvEn.exe
  C:\Windows\System\GmNFvEn.exe
  2⤵
  PID:7268
- C:\Windows\System\trmFGAc.exe
  C:\Windows\System\trmFGAc.exe
  2⤵
  PID:7296
- C:\Windows\System\yrAjuwj.exe
  C:\Windows\System\yrAjuwj.exe
  2⤵
  PID:7316
- C:\Windows\System\xQphKjP.exe
  C:\Windows\System\xQphKjP.exe
  2⤵
  PID:7336
- C:\Windows\System\zFqrDMr.exe
  C:\Windows\System\zFqrDMr.exe
  2⤵
  PID:7512
- C:\Windows\System\TwEmDBF.exe
  C:\Windows\System\TwEmDBF.exe
  2⤵
  PID:7552
- C:\Windows\System\VnDaLob.exe
  C:\Windows\System\VnDaLob.exe
  2⤵
  PID:7572
- C:\Windows\System\WHAePJp.exe
  C:\Windows\System\WHAePJp.exe
  2⤵
  PID:7608
- C:\Windows\System\xLRLbsN.exe
  C:\Windows\System\xLRLbsN.exe
  2⤵
  PID:7628
- C:\Windows\System\aMxevmH.exe
  C:\Windows\System\aMxevmH.exe
  2⤵
  PID:7652
- C:\Windows\System\NYYfhHy.exe
  C:\Windows\System\NYYfhHy.exe
  2⤵
  PID:7672
- C:\Windows\System\zbrVABD.exe
  C:\Windows\System\zbrVABD.exe
  2⤵
  PID:7692
- C:\Windows\System\chNdPen.exe
  C:\Windows\System\chNdPen.exe
  2⤵
  PID:7712
- C:\Windows\System\FWfSdVd.exe
  C:\Windows\System\FWfSdVd.exe
  2⤵
  PID:7732
- C:\Windows\System\skKROTV.exe
  C:\Windows\System\skKROTV.exe
  2⤵
  PID:7756
- C:\Windows\System\oANKYwA.exe
  C:\Windows\System\oANKYwA.exe
  2⤵
  PID:7780
- C:\Windows\System\HMOLDht.exe
  C:\Windows\System\HMOLDht.exe
  2⤵
  PID:7800
- C:\Windows\System\nFzWgZQ.exe
  C:\Windows\System\nFzWgZQ.exe
  2⤵
  PID:7824
- C:\Windows\System\ZxjPBSf.exe
  C:\Windows\System\ZxjPBSf.exe
  2⤵
  PID:7856
- C:\Windows\System\waIXJiM.exe
  C:\Windows\System\waIXJiM.exe
  2⤵
  PID:7872
- C:\Windows\System\SOPPGdh.exe
  C:\Windows\System\SOPPGdh.exe
  2⤵
  PID:7896
- C:\Windows\System\SiNWChv.exe
  C:\Windows\System\SiNWChv.exe
  2⤵
  PID:7924
- C:\Windows\System\NvIiFZw.exe
  C:\Windows\System\NvIiFZw.exe
  2⤵
  PID:7948
- C:\Windows\System\qweyJnV.exe
  C:\Windows\System\qweyJnV.exe
  2⤵
  PID:7968
- C:\Windows\System\GFKOYHO.exe
  C:\Windows\System\GFKOYHO.exe
  2⤵
  PID:7992
- C:\Windows\System\xmwYXEV.exe
  C:\Windows\System\xmwYXEV.exe
  2⤵
  PID:8028
- C:\Windows\System\mMQujBt.exe
  C:\Windows\System\mMQujBt.exe
  2⤵
  PID:8052
- C:\Windows\System\XmTLgEo.exe
  C:\Windows\System\XmTLgEo.exe
  2⤵
  PID:8076
- C:\Windows\System\FSUGCVf.exe
  C:\Windows\System\FSUGCVf.exe
  2⤵
  PID:8096
- C:\Windows\System\HxCezHs.exe
  C:\Windows\System\HxCezHs.exe
  2⤵
  PID:8124
- C:\Windows\System\DNArhGF.exe
  C:\Windows\System\DNArhGF.exe
  2⤵
  PID:8148
- C:\Windows\System\odXWbmz.exe
  C:\Windows\System\odXWbmz.exe
  2⤵
  PID:8168
- C:\Windows\System\aRdMjwk.exe
  C:\Windows\System\aRdMjwk.exe
  2⤵
  PID:8184
- C:\Windows\System\KWcuNdp.exe
  C:\Windows\System\KWcuNdp.exe
  2⤵
  PID:6944
- C:\Windows\System\TPcMXnc.exe
  C:\Windows\System\TPcMXnc.exe
  2⤵
  PID:5388
- C:\Windows\System\TUeCIvj.exe
  C:\Windows\System\TUeCIvj.exe
  2⤵
  PID:5492
- C:\Windows\System\qOrgCat.exe
  C:\Windows\System\qOrgCat.exe
  2⤵
  PID:6544
- C:\Windows\System\PzWWRNe.exe
  C:\Windows\System\PzWWRNe.exe
  2⤵
  PID:6684
- C:\Windows\System\DzqiIbG.exe
  C:\Windows\System\DzqiIbG.exe
  2⤵
  PID:6764
- C:\Windows\System\zTSAIwO.exe
  C:\Windows\System\zTSAIwO.exe
  2⤵
  PID:6324
- C:\Windows\System\xGXsBwQ.exe
  C:\Windows\System\xGXsBwQ.exe
  2⤵
  PID:7176
- C:\Windows\System\xPfWNfH.exe
  C:\Windows\System\xPfWNfH.exe
  2⤵
  PID:7260
- C:\Windows\System\kyqeDKI.exe
  C:\Windows\System\kyqeDKI.exe
  2⤵
  PID:7004
- C:\Windows\System\YEKHzWn.exe
  C:\Windows\System\YEKHzWn.exe
  2⤵
  PID:7332
- C:\Windows\System\XvuTdox.exe
  C:\Windows\System\XvuTdox.exe
  2⤵
  PID:7196
- C:\Windows\System\JyhaqMW.exe
  C:\Windows\System\JyhaqMW.exe
  2⤵
  PID:7092
- C:\Windows\System\qZFxUWR.exe
  C:\Windows\System\qZFxUWR.exe
  2⤵
  PID:6516
- C:\Windows\System\TdcrPXK.exe
  C:\Windows\System\TdcrPXK.exe
  2⤵
  PID:6636
- C:\Windows\System\lacrKez.exe
  C:\Windows\System\lacrKez.exe
  2⤵
  PID:6356
- C:\Windows\System\fvTBkTo.exe
  C:\Windows\System\fvTBkTo.exe
  2⤵
  PID:6836
- C:\Windows\System\RguqXIz.exe
  C:\Windows\System\RguqXIz.exe
  2⤵
  PID:6884
- C:\Windows\System\fbLcrLx.exe
  C:\Windows\System\fbLcrLx.exe
  2⤵
  PID:7044
- C:\Windows\System\zXIFVUE.exe
  C:\Windows\System\zXIFVUE.exe
  2⤵
  PID:6620
- C:\Windows\System\JMRqdhh.exe
  C:\Windows\System\JMRqdhh.exe
  2⤵
  PID:5532
- C:\Windows\System\OrLNyOS.exe
  C:\Windows\System\OrLNyOS.exe
  2⤵
  PID:7088
- C:\Windows\System\HprVIgx.exe
  C:\Windows\System\HprVIgx.exe
  2⤵
  PID:7360
- C:\Windows\System\BBmLVfZ.exe
  C:\Windows\System\BBmLVfZ.exe
  2⤵
  PID:3528
- C:\Windows\System\dykXhjv.exe
  C:\Windows\System\dykXhjv.exe
  2⤵
  PID:7772
- C:\Windows\System\sFDdOcl.exe
  C:\Windows\System\sFDdOcl.exe
  2⤵
  PID:8208
- C:\Windows\System\MljMYtN.exe
  C:\Windows\System\MljMYtN.exe
  2⤵
  PID:8232
- C:\Windows\System\vJoYWpx.exe
  C:\Windows\System\vJoYWpx.exe
  2⤵
  PID:8256
- C:\Windows\System\vgzJtWs.exe
  C:\Windows\System\vgzJtWs.exe
  2⤵
  PID:8276
- C:\Windows\System\NSIVxlW.exe
  C:\Windows\System\NSIVxlW.exe
  2⤵
  PID:8296
- C:\Windows\System\fdJZlcg.exe
  C:\Windows\System\fdJZlcg.exe
  2⤵
  PID:8320
- C:\Windows\System\mgGWQGy.exe
  C:\Windows\System\mgGWQGy.exe
  2⤵
  PID:8340
- C:\Windows\System\ufJqgyi.exe
  C:\Windows\System\ufJqgyi.exe
  2⤵
  PID:8364
- C:\Windows\System\pPANSIB.exe
  C:\Windows\System\pPANSIB.exe
  2⤵
  PID:8384
- C:\Windows\System\cmDnmXv.exe
  C:\Windows\System\cmDnmXv.exe
  2⤵
  PID:8404
- C:\Windows\System\mAmDazZ.exe
  C:\Windows\System\mAmDazZ.exe
  2⤵
  PID:8420
- C:\Windows\System\AkakbJl.exe
  C:\Windows\System\AkakbJl.exe
  2⤵
  PID:8448
- C:\Windows\System\hyUFtpH.exe
  C:\Windows\System\hyUFtpH.exe
  2⤵
  PID:8476
- C:\Windows\System\AxOZqXK.exe
  C:\Windows\System\AxOZqXK.exe
  2⤵
  PID:8496
- C:\Windows\System\LlunDAD.exe
  C:\Windows\System\LlunDAD.exe
  2⤵
  PID:8524
- C:\Windows\System\pCsytTe.exe
  C:\Windows\System\pCsytTe.exe
  2⤵
  PID:8548
- C:\Windows\System\jdxQWlF.exe
  C:\Windows\System\jdxQWlF.exe
  2⤵
  PID:8564
- C:\Windows\System\eWbIzuS.exe
  C:\Windows\System\eWbIzuS.exe
  2⤵
  PID:8592
- C:\Windows\System\DQpuwyW.exe
  C:\Windows\System\DQpuwyW.exe
  2⤵
  PID:8608
- C:\Windows\System\NUQouXc.exe
  C:\Windows\System\NUQouXc.exe
  2⤵
  PID:8632
- C:\Windows\System\iRUIQJa.exe
  C:\Windows\System\iRUIQJa.exe
  2⤵
  PID:8656
- C:\Windows\System\rFdefTk.exe
  C:\Windows\System\rFdefTk.exe
  2⤵
  PID:8680
- C:\Windows\System\RWyIBSe.exe
  C:\Windows\System\RWyIBSe.exe
  2⤵
  PID:8696
- C:\Windows\System\idQssSt.exe
  C:\Windows\System\idQssSt.exe
  2⤵
  PID:8728
- C:\Windows\System\wUBTCSQ.exe
  C:\Windows\System\wUBTCSQ.exe
  2⤵
  PID:8748
- C:\Windows\System\nYYFeQm.exe
  C:\Windows\System\nYYFeQm.exe
  2⤵
  PID:8768
- C:\Windows\System\WrlZGRS.exe
  C:\Windows\System\WrlZGRS.exe
  2⤵
  PID:8788
- C:\Windows\System\rzcKHIw.exe
  C:\Windows\System\rzcKHIw.exe
  2⤵
  PID:8816
- C:\Windows\System\AgJhKHt.exe
  C:\Windows\System\AgJhKHt.exe
  2⤵
  PID:8836
- C:\Windows\System\yJzwiDK.exe
  C:\Windows\System\yJzwiDK.exe
  2⤵
  PID:8852
- C:\Windows\System\ecWEajV.exe
  C:\Windows\System\ecWEajV.exe
  2⤵
  PID:8876
- C:\Windows\System\YUcASrp.exe
  C:\Windows\System\YUcASrp.exe
  2⤵
  PID:8896
- C:\Windows\System\AqyEpTB.exe
  C:\Windows\System\AqyEpTB.exe
  2⤵
  PID:8920
- C:\Windows\System\reyCMpu.exe
  C:\Windows\System\reyCMpu.exe
  2⤵
  PID:8936
- C:\Windows\System\hMgfyXi.exe
  C:\Windows\System\hMgfyXi.exe
  2⤵
  PID:8960
- C:\Windows\System\tXfsWYk.exe
  C:\Windows\System\tXfsWYk.exe
  2⤵
  PID:8980
- C:\Windows\System\nQtAini.exe
  C:\Windows\System\nQtAini.exe
  2⤵
  PID:9004
- C:\Windows\System\GefOaOr.exe
  C:\Windows\System\GefOaOr.exe
  2⤵
  PID:9020
- C:\Windows\System\jmBkhPC.exe
  C:\Windows\System\jmBkhPC.exe
  2⤵
  PID:9044
- C:\Windows\System\YdVrxfG.exe
  C:\Windows\System\YdVrxfG.exe
  2⤵
  PID:9072
- C:\Windows\System\oivNLGR.exe
  C:\Windows\System\oivNLGR.exe
  2⤵
  PID:9092
- C:\Windows\System\lgVuwgp.exe
  C:\Windows\System\lgVuwgp.exe
  2⤵
  PID:9116
- C:\Windows\System\JzFbVEb.exe
  C:\Windows\System\JzFbVEb.exe
  2⤵
  PID:9136
- C:\Windows\System\KzwYbJH.exe
  C:\Windows\System\KzwYbJH.exe
  2⤵
  PID:9156
- C:\Windows\System\zouRrdW.exe
  C:\Windows\System\zouRrdW.exe
  2⤵
  PID:9192
- C:\Windows\System\rVkbGLI.exe
  C:\Windows\System\rVkbGLI.exe
  2⤵
  PID:9208
- C:\Windows\System\OgFGQCJ.exe
  C:\Windows\System\OgFGQCJ.exe
  2⤵
  PID:7832
- C:\Windows\System\TqHsHjj.exe
  C:\Windows\System\TqHsHjj.exe
  2⤵
  PID:5356
- C:\Windows\System\PXyITBY.exe
  C:\Windows\System\PXyITBY.exe
  2⤵
  PID:7964
- C:\Windows\System\oTidnoW.exe
  C:\Windows\System\oTidnoW.exe
  2⤵
  PID:8040
- C:\Windows\System\DSPtUOV.exe
  C:\Windows\System\DSPtUOV.exe
  2⤵
  PID:8088
- C:\Windows\System\ECTPTVE.exe
  C:\Windows\System\ECTPTVE.exe
  2⤵
  PID:8120
- C:\Windows\System\CzTxpNf.exe
  C:\Windows\System\CzTxpNf.exe
  2⤵
  PID:8180
- C:\Windows\System\OYGhyAN.exe
  C:\Windows\System\OYGhyAN.exe
  2⤵
  PID:6900
- C:\Windows\System\TETYmHE.exe
  C:\Windows\System\TETYmHE.exe
  2⤵
  PID:6296
- C:\Windows\System\Srmzxvw.exe
  C:\Windows\System\Srmzxvw.exe
  2⤵
  PID:7508
- C:\Windows\System\rMStNTe.exe
  C:\Windows\System\rMStNTe.exe
  2⤵
  PID:7236
- C:\Windows\System\JebPrnJ.exe
  C:\Windows\System\JebPrnJ.exe
  2⤵
  PID:7532
- C:\Windows\System\WqwtNsD.exe
  C:\Windows\System\WqwtNsD.exe
  2⤵
  PID:6844
- C:\Windows\System\smAWsFo.exe
  C:\Windows\System\smAWsFo.exe
  2⤵
  PID:7636
- C:\Windows\System\RbbTBxH.exe
  C:\Windows\System\RbbTBxH.exe
  2⤵
  PID:6736
- C:\Windows\System\QhwjQQf.exe
  C:\Windows\System\QhwjQQf.exe
  2⤵
  PID:7752
- C:\Windows\System\HRrrLgS.exe
  C:\Windows\System\HRrrLgS.exe
  2⤵
  PID:8268
- C:\Windows\System\GNdQflN.exe
  C:\Windows\System\GNdQflN.exe
  2⤵
  PID:8000
- C:\Windows\System\LoUEmLa.exe
  C:\Windows\System\LoUEmLa.exe
  2⤵
  PID:8440
- C:\Windows\System\IsxTSxb.exe
  C:\Windows\System\IsxTSxb.exe
  2⤵
  PID:7448
- C:\Windows\System\xvvqIkY.exe
  C:\Windows\System\xvvqIkY.exe
  2⤵
  PID:8520
- C:\Windows\System\RAJaKqv.exe
  C:\Windows\System\RAJaKqv.exe
  2⤵
  PID:6964
- C:\Windows\System\fyJfZJJ.exe
  C:\Windows\System\fyJfZJJ.exe
  2⤵
  PID:1928
- C:\Windows\System\BkHYDwb.exe
  C:\Windows\System\BkHYDwb.exe
  2⤵
  PID:9220
- C:\Windows\System\sMhFXRg.exe
  C:\Windows\System\sMhFXRg.exe
  2⤵
  PID:9248
- C:\Windows\System\kFdbRHz.exe
  C:\Windows\System\kFdbRHz.exe
  2⤵
  PID:9268
- C:\Windows\System\aXAEvKN.exe
  C:\Windows\System\aXAEvKN.exe
  2⤵
  PID:9288
- C:\Windows\System\YHzMhuP.exe
  C:\Windows\System\YHzMhuP.exe
  2⤵
  PID:9312
- C:\Windows\System\frFsFlV.exe
  C:\Windows\System\frFsFlV.exe
  2⤵
  PID:9328
- C:\Windows\System\YEIDAKb.exe
  C:\Windows\System\YEIDAKb.exe
  2⤵
  PID:9356
- C:\Windows\System\aXPoNTr.exe
  C:\Windows\System\aXPoNTr.exe
  2⤵
  PID:9376
- C:\Windows\System\trEQTjk.exe
  C:\Windows\System\trEQTjk.exe
  2⤵
  PID:9396
- C:\Windows\System\lINjuPR.exe
  C:\Windows\System\lINjuPR.exe
  2⤵
  PID:9424
- C:\Windows\System\pbUWylP.exe
  C:\Windows\System\pbUWylP.exe
  2⤵
  PID:9448
- C:\Windows\System\IrNixpp.exe
  C:\Windows\System\IrNixpp.exe
  2⤵
  PID:9464
- C:\Windows\System\qLFOMbc.exe
  C:\Windows\System\qLFOMbc.exe
  2⤵
  PID:9488
- C:\Windows\System\gbeZlpP.exe
  C:\Windows\System\gbeZlpP.exe
  2⤵
  PID:9520
- C:\Windows\System\LWQzfjl.exe
  C:\Windows\System\LWQzfjl.exe
  2⤵
  PID:9536
- C:\Windows\System\VcPuZTi.exe
  C:\Windows\System\VcPuZTi.exe
  2⤵
  PID:9556
- C:\Windows\System\WKJbYPN.exe
  C:\Windows\System\WKJbYPN.exe
  2⤵
  PID:9584
- C:\Windows\System\bCDtxgj.exe
  C:\Windows\System\bCDtxgj.exe
  2⤵
  PID:9600
- C:\Windows\System\tEOqqPZ.exe
  C:\Windows\System\tEOqqPZ.exe
  2⤵
  PID:9620
- C:\Windows\System\aSXwEIG.exe
  C:\Windows\System\aSXwEIG.exe
  2⤵
  PID:9640
- C:\Windows\System\rZdKiJb.exe
  C:\Windows\System\rZdKiJb.exe
  2⤵
  PID:9660
- C:\Windows\System\EgaAKAU.exe
  C:\Windows\System\EgaAKAU.exe
  2⤵
  PID:9680
- C:\Windows\System\vcHiclI.exe
  C:\Windows\System\vcHiclI.exe
  2⤵
  PID:9704
- C:\Windows\System\cAgDvKF.exe
  C:\Windows\System\cAgDvKF.exe
  2⤵
  PID:9720
- C:\Windows\System\hpszZII.exe
  C:\Windows\System\hpszZII.exe
  2⤵
  PID:9744
- C:\Windows\System\jZMtbPv.exe
  C:\Windows\System\jZMtbPv.exe
  2⤵
  PID:9760
- C:\Windows\System\AQOTMnt.exe
  C:\Windows\System\AQOTMnt.exe
  2⤵
  PID:9784
- C:\Windows\System\MNzcbaH.exe
  C:\Windows\System\MNzcbaH.exe
  2⤵
  PID:9812
- C:\Windows\System\EsLhiBD.exe
  C:\Windows\System\EsLhiBD.exe
  2⤵
  PID:9828
- C:\Windows\System\YiLVZEj.exe
  C:\Windows\System\YiLVZEj.exe
  2⤵
  PID:9848
- C:\Windows\System\CxnnvXF.exe
  C:\Windows\System\CxnnvXF.exe
  2⤵
  PID:9872
- C:\Windows\System\IMkHJpK.exe
  C:\Windows\System\IMkHJpK.exe
  2⤵
  PID:9892
- C:\Windows\System\nPbHRpd.exe
  C:\Windows\System\nPbHRpd.exe
  2⤵
  PID:9916
- C:\Windows\System\NpmLRNE.exe
  C:\Windows\System\NpmLRNE.exe
  2⤵
  PID:9936
- C:\Windows\System\nzIznsn.exe
  C:\Windows\System\nzIznsn.exe
  2⤵
  PID:9960
- C:\Windows\System\FspiIfg.exe
  C:\Windows\System\FspiIfg.exe
  2⤵
  PID:9976
- C:\Windows\System\PiOJimS.exe
  C:\Windows\System\PiOJimS.exe
  2⤵
  PID:10000
- C:\Windows\System\BwbStxN.exe
  C:\Windows\System\BwbStxN.exe
  2⤵
  PID:10024
- C:\Windows\System\DTdkXEC.exe
  C:\Windows\System\DTdkXEC.exe
  2⤵
  PID:10044
- C:\Windows\System\ZsAopHC.exe
  C:\Windows\System\ZsAopHC.exe
  2⤵
  PID:10068
- C:\Windows\System\VWWrAAv.exe
  C:\Windows\System\VWWrAAv.exe
  2⤵
  PID:10088
- C:\Windows\System\WVckiEh.exe
  C:\Windows\System\WVckiEh.exe
  2⤵
  PID:10112
- C:\Windows\System\loUUrWn.exe
  C:\Windows\System\loUUrWn.exe
  2⤵
  PID:10132
- C:\Windows\System\FNOrMSl.exe
  C:\Windows\System\FNOrMSl.exe
  2⤵
  PID:10152
- C:\Windows\System\grfCFJk.exe
  C:\Windows\System\grfCFJk.exe
  2⤵
  PID:10176
- C:\Windows\System\GdXwMNL.exe
  C:\Windows\System\GdXwMNL.exe
  2⤵
  PID:10192
- C:\Windows\System\ZmCNgZL.exe
  C:\Windows\System\ZmCNgZL.exe
  2⤵
  PID:10216
- C:\Windows\System\XcvZdFJ.exe
  C:\Windows\System\XcvZdFJ.exe
  2⤵
  PID:8956
- C:\Windows\System\IvPYDgF.exe
  C:\Windows\System\IvPYDgF.exe
  2⤵
  PID:6224
- C:\Windows\System\GXKYYRt.exe
  C:\Windows\System\GXKYYRt.exe
  2⤵
  PID:7592
- C:\Windows\System\phzwNsQ.exe
  C:\Windows\System\phzwNsQ.exe
  2⤵
  PID:7228
- C:\Windows\System\kxyJflI.exe
  C:\Windows\System\kxyJflI.exe
  2⤵
  PID:7708
- C:\Windows\System\jkBWGrp.exe
  C:\Windows\System\jkBWGrp.exe
  2⤵
  PID:6500
- C:\Windows\System\rpLrVNp.exe
  C:\Windows\System\rpLrVNp.exe
  2⤵
  PID:7648
- C:\Windows\System\ZvuXrTA.exe
  C:\Windows\System\ZvuXrTA.exe
  2⤵
  PID:7796
- C:\Windows\System\CelkHsg.exe
  C:\Windows\System\CelkHsg.exe
  2⤵
  PID:8284
- C:\Windows\System\MOMWZXh.exe
  C:\Windows\System\MOMWZXh.exe
  2⤵
  PID:7936
- C:\Windows\System\OQWKIKy.exe
  C:\Windows\System\OQWKIKy.exe
  2⤵
  PID:8004
- C:\Windows\System\dqvxIqO.exe
  C:\Windows\System\dqvxIqO.exe
  2⤵
  PID:8400
- C:\Windows\System\gThAHEl.exe
  C:\Windows\System\gThAHEl.exe
  2⤵
  PID:8012
- C:\Windows\System\aZANidw.exe
  C:\Windows\System\aZANidw.exe
  2⤵
  PID:8136
- C:\Windows\System\SWegydZ.exe
  C:\Windows\System\SWegydZ.exe
  2⤵
  PID:8580
- C:\Windows\System\xUQQysX.exe
  C:\Windows\System\xUQQysX.exe
  2⤵
  PID:8648
- C:\Windows\System\qcJsrkn.exe
  C:\Windows\System\qcJsrkn.exe
  2⤵
  PID:8780
- C:\Windows\System\SPgnPSA.exe
  C:\Windows\System\SPgnPSA.exe
  2⤵
  PID:7344
- C:\Windows\System\ixxkUzq.exe
  C:\Windows\System\ixxkUzq.exe
  2⤵
  PID:8828
- C:\Windows\System\DCmKwtU.exe
  C:\Windows\System\DCmKwtU.exe
  2⤵
  PID:2488
- C:\Windows\System\dsIAEeS.exe
  C:\Windows\System\dsIAEeS.exe
  2⤵
  PID:6920
- C:\Windows\System\pesIPiu.exe
  C:\Windows\System\pesIPiu.exe
  2⤵
  PID:7476
- C:\Windows\System\bGBSFRj.exe
  C:\Windows\System\bGBSFRj.exe
  2⤵
  PID:8468
- C:\Windows\System\LdtDOeb.exe
  C:\Windows\System\LdtDOeb.exe
  2⤵
  PID:8824
- C:\Windows\System\zOvjIpy.exe
  C:\Windows\System\zOvjIpy.exe
  2⤵
  PID:9284
- C:\Windows\System\BMJxDRR.exe
  C:\Windows\System\BMJxDRR.exe
  2⤵
  PID:8972
- C:\Windows\System\JSVVnzn.exe
  C:\Windows\System\JSVVnzn.exe
  2⤵
  PID:10244
- C:\Windows\System\OumIyPt.exe
  C:\Windows\System\OumIyPt.exe
  2⤵
  PID:10264
- C:\Windows\System\nlNecoX.exe
  C:\Windows\System\nlNecoX.exe
  2⤵
  PID:10280
- C:\Windows\System\qXdnUJK.exe
  C:\Windows\System\qXdnUJK.exe
  2⤵
  PID:10300
- C:\Windows\System\IyaxEqC.exe
  C:\Windows\System\IyaxEqC.exe
  2⤵
  PID:10324
- C:\Windows\System\EcEftyP.exe
  C:\Windows\System\EcEftyP.exe
  2⤵
  PID:10348
- C:\Windows\System\AakykEW.exe
  C:\Windows\System\AakykEW.exe
  2⤵
  PID:10364
- C:\Windows\System\fTRREms.exe
  C:\Windows\System\fTRREms.exe
  2⤵
  PID:10388
- C:\Windows\System\aZOoZWX.exe
  C:\Windows\System\aZOoZWX.exe
  2⤵
  PID:10408
- C:\Windows\System\BROKwkw.exe
  C:\Windows\System\BROKwkw.exe
  2⤵
  PID:10428
- C:\Windows\System\ulZjidy.exe
  C:\Windows\System\ulZjidy.exe
  2⤵
  PID:10444
- C:\Windows\System\MjkeIDF.exe
  C:\Windows\System\MjkeIDF.exe
  2⤵
  PID:10468
- C:\Windows\System\VOnJHwd.exe
  C:\Windows\System\VOnJHwd.exe
  2⤵
  PID:10488
- C:\Windows\System\VmpQqUR.exe
  C:\Windows\System\VmpQqUR.exe
  2⤵
  PID:10512
- C:\Windows\System\FxBYJtq.exe
  C:\Windows\System\FxBYJtq.exe
  2⤵
  PID:10532
- C:\Windows\System\iqsigUo.exe
  C:\Windows\System\iqsigUo.exe
  2⤵
  PID:10556
- C:\Windows\System\UJEizLJ.exe
  C:\Windows\System\UJEizLJ.exe
  2⤵
  PID:10576
- C:\Windows\System\JWpNwXo.exe
  C:\Windows\System\JWpNwXo.exe
  2⤵
  PID:10604
- C:\Windows\System\fgwYeJr.exe
  C:\Windows\System\fgwYeJr.exe
  2⤵
  PID:10624
- C:\Windows\System\JklHoaY.exe
  C:\Windows\System\JklHoaY.exe
  2⤵
  PID:10644
- C:\Windows\System\OtWoKmJ.exe
  C:\Windows\System\OtWoKmJ.exe
  2⤵
  PID:10676
- C:\Windows\System\pfnIYQw.exe
  C:\Windows\System\pfnIYQw.exe
  2⤵
  PID:10704
- C:\Windows\System\OkMGTXG.exe
  C:\Windows\System\OkMGTXG.exe
  2⤵
  PID:10724
- C:\Windows\System\PAfFhvg.exe
  C:\Windows\System\PAfFhvg.exe
  2⤵
  PID:10748
- C:\Windows\System\DxCpIYV.exe
  C:\Windows\System\DxCpIYV.exe
  2⤵
  PID:10768
- C:\Windows\System\uWQXcqw.exe
  C:\Windows\System\uWQXcqw.exe
  2⤵
  PID:10792
- C:\Windows\System\cTSxueY.exe
  C:\Windows\System\cTSxueY.exe
  2⤵
  PID:10816
- C:\Windows\System\CakyDAj.exe
  C:\Windows\System\CakyDAj.exe
  2⤵
  PID:10832
- C:\Windows\System\BiUixoS.exe
  C:\Windows\System\BiUixoS.exe
  2⤵
  PID:10864
- C:\Windows\System\jUvJfwK.exe
  C:\Windows\System\jUvJfwK.exe
  2⤵
  PID:10884
- C:\Windows\System\OWPppSd.exe
  C:\Windows\System\OWPppSd.exe
  2⤵
  PID:10900
- C:\Windows\System\GkfwgHF.exe
  C:\Windows\System\GkfwgHF.exe
  2⤵
  PID:10920
- C:\Windows\System\gUJUeit.exe
  C:\Windows\System\gUJUeit.exe
  2⤵
  PID:10944
- C:\Windows\System\MMTAuiK.exe
  C:\Windows\System\MMTAuiK.exe
  2⤵
  PID:10968
- C:\Windows\System\eXKLBqk.exe
  C:\Windows\System\eXKLBqk.exe
  2⤵
  PID:10992
- C:\Windows\System\wmBrCHK.exe
  C:\Windows\System\wmBrCHK.exe
  2⤵
  PID:11012
- C:\Windows\System\rkGYILH.exe
  C:\Windows\System\rkGYILH.exe
  2⤵
  PID:11036
- C:\Windows\System\RusTanx.exe
  C:\Windows\System\RusTanx.exe
  2⤵
  PID:11060
- C:\Windows\System\tadzrxn.exe
  C:\Windows\System\tadzrxn.exe
  2⤵
  PID:9552
- C:\Windows\System\MalVIVi.exe
  C:\Windows\System\MalVIVi.exe
  2⤵
  PID:9616
- C:\Windows\System\hEkvIGS.exe
  C:\Windows\System\hEkvIGS.exe
  2⤵
  PID:9180
- C:\Windows\System\xdaMrlD.exe
  C:\Windows\System\xdaMrlD.exe
  2⤵
  PID:9696
- C:\Windows\System\oaZuVcK.exe
  C:\Windows\System\oaZuVcK.exe
  2⤵
  PID:8252
- C:\Windows\System\unJDkiA.exe
  C:\Windows\System\unJDkiA.exe
  2⤵
  PID:9204
- C:\Windows\System\LBSqPws.exe
  C:\Windows\System\LBSqPws.exe
  2⤵
  PID:8288
- C:\Windows\System\cEwxnwS.exe
  C:\Windows\System\cEwxnwS.exe
  2⤵
  PID:9836
- C:\Windows\System\LOxZrHI.exe
  C:\Windows\System\LOxZrHI.exe
  2⤵
  PID:8332
- C:\Windows\System\jHwnaTW.exe
  C:\Windows\System\jHwnaTW.exe
  2⤵
  PID:9888
- C:\Windows\System\mYvAnoZ.exe
  C:\Windows\System\mYvAnoZ.exe
  2⤵
  PID:9932
- C:\Windows\System\QdsUMsn.exe
  C:\Windows\System\QdsUMsn.exe
  2⤵
  PID:9984
- C:\Windows\System\odGVpTp.exe
  C:\Windows\System\odGVpTp.exe
  2⤵
  PID:10040
- C:\Windows\System\jYqmQSs.exe
  C:\Windows\System\jYqmQSs.exe
  2⤵
  PID:8108
- C:\Windows\System\VIJINFo.exe
  C:\Windows\System\VIJINFo.exe
  2⤵
  PID:10160
- C:\Windows\System\nwpDgdJ.exe
  C:\Windows\System\nwpDgdJ.exe
  2⤵
  PID:10236
- C:\Windows\System\OYGIFkF.exe
  C:\Windows\System\OYGIFkF.exe
  2⤵
  PID:8704
- C:\Windows\System\RCmUvKq.exe
  C:\Windows\System\RCmUvKq.exe
  2⤵
  PID:8744
- C:\Windows\System\gZrOUez.exe
  C:\Windows\System\gZrOUez.exe
  2⤵
  PID:7308
- C:\Windows\System\uEWVXXg.exe
  C:\Windows\System\uEWVXXg.exe
  2⤵
  PID:8864
- C:\Windows\System\chzxuIm.exe
  C:\Windows\System\chzxuIm.exe
  2⤵
  PID:7728
- C:\Windows\System\iHfMHSJ.exe
  C:\Windows\System\iHfMHSJ.exe
  2⤵
  PID:6816
- C:\Windows\System\CqjZJPK.exe
  C:\Windows\System\CqjZJPK.exe
  2⤵
  PID:8512
- C:\Windows\System\QduNUoU.exe
  C:\Windows\System\QduNUoU.exe
  2⤵
  PID:7960
- C:\Windows\System\yrNAaUp.exe
  C:\Windows\System\yrNAaUp.exe
  2⤵
  PID:5856
- C:\Windows\System\XeeuBxf.exe
  C:\Windows\System\XeeuBxf.exe
  2⤵
  PID:8948
- C:\Windows\System\FKzjXvF.exe
  C:\Windows\System\FKzjXvF.exe
  2⤵
  PID:9348
- C:\Windows\System\zrOZQwu.exe
  C:\Windows\System\zrOZQwu.exe
  2⤵
  PID:9456
- C:\Windows\System\BvJbLEr.exe
  C:\Windows\System\BvJbLEr.exe
  2⤵
  PID:10276
- C:\Windows\System\PITTiKo.exe
  C:\Windows\System\PITTiKo.exe
  2⤵
  PID:10296
- C:\Windows\System\TdhauRS.exe
  C:\Windows\System\TdhauRS.exe
  2⤵
  PID:10336
- C:\Windows\System\PGEdwns.exe
  C:\Windows\System\PGEdwns.exe
  2⤵
  PID:10384
- C:\Windows\System\AxTSCSi.exe
  C:\Windows\System\AxTSCSi.exe
  2⤵
  PID:10420
- C:\Windows\System\vQYsZWI.exe
  C:\Windows\System\vQYsZWI.exe
  2⤵
  PID:9752
- C:\Windows\System\uVSfLDQ.exe
  C:\Windows\System\uVSfLDQ.exe
  2⤵
  PID:9840
- C:\Windows\System\uQISbtM.exe
  C:\Windows\System\uQISbtM.exe
  2⤵
  PID:10540
- C:\Windows\System\xXCiFbI.exe
  C:\Windows\System\xXCiFbI.exe
  2⤵
  PID:11284
- C:\Windows\System\dEAtdJx.exe
  C:\Windows\System\dEAtdJx.exe
  2⤵
  PID:11304
- C:\Windows\System\ELcChjW.exe
  C:\Windows\System\ELcChjW.exe
  2⤵
  PID:11324
- C:\Windows\System\mnnaciD.exe
  C:\Windows\System\mnnaciD.exe
  2⤵
  PID:11348
- C:\Windows\System\yFEIbNt.exe
  C:\Windows\System\yFEIbNt.exe
  2⤵
  PID:11368
- C:\Windows\System\SHELbCl.exe
  C:\Windows\System\SHELbCl.exe
  2⤵
  PID:11388
- C:\Windows\System\uOlCqfS.exe
  C:\Windows\System\uOlCqfS.exe
  2⤵
  PID:11416
- C:\Windows\System\OrOGHrn.exe
  C:\Windows\System\OrOGHrn.exe
  2⤵
  PID:11432
- C:\Windows\System\djUyeFU.exe
  C:\Windows\System\djUyeFU.exe
  2⤵
  PID:11456
- C:\Windows\System\jaVfIOx.exe
  C:\Windows\System\jaVfIOx.exe
  2⤵
  PID:11476
- C:\Windows\System\SnEUHjA.exe
  C:\Windows\System\SnEUHjA.exe
  2⤵
  PID:11496
- C:\Windows\System\HFzByzB.exe
  C:\Windows\System\HFzByzB.exe
  2⤵
  PID:11512
- C:\Windows\System\QhWroNq.exe
  C:\Windows\System\QhWroNq.exe
  2⤵
  PID:11536
- C:\Windows\System\ahuVByV.exe
  C:\Windows\System\ahuVByV.exe
  2⤵
  PID:11560
- C:\Windows\System\qAWWube.exe
  C:\Windows\System\qAWWube.exe
  2⤵
  PID:11576
- C:\Windows\System\NAitAxo.exe
  C:\Windows\System\NAitAxo.exe
  2⤵
  PID:11596
- C:\Windows\System\hlUNYru.exe
  C:\Windows\System\hlUNYru.exe
  2⤵
  PID:11616
- C:\Windows\System\hQcvams.exe
  C:\Windows\System\hQcvams.exe
  2⤵
  PID:11640
- C:\Windows\System\vPsIyRs.exe
  C:\Windows\System\vPsIyRs.exe
  2⤵
  PID:11660
- C:\Windows\System\mEPnvvU.exe
  C:\Windows\System\mEPnvvU.exe
  2⤵
  PID:11692
- C:\Windows\System\lvMmIMY.exe
  C:\Windows\System\lvMmIMY.exe
  2⤵
  PID:11708
- C:\Windows\System\RmQDzkv.exe
  C:\Windows\System\RmQDzkv.exe
  2⤵
  PID:11736
- C:\Windows\System\CpQnxkE.exe
  C:\Windows\System\CpQnxkE.exe
  2⤵
  PID:11760
- C:\Windows\System\LSjjHGF.exe
  C:\Windows\System\LSjjHGF.exe
  2⤵
  PID:11784
- C:\Windows\System\JJOMvcA.exe
  C:\Windows\System\JJOMvcA.exe
  2⤵
  PID:11804
- C:\Windows\System\uPmTioX.exe
  C:\Windows\System\uPmTioX.exe
  2⤵
  PID:11844
- C:\Windows\System\ToemSsY.exe
  C:\Windows\System\ToemSsY.exe
  2⤵
  PID:11880
- C:\Windows\System\AHBrVXo.exe
  C:\Windows\System\AHBrVXo.exe
  2⤵
  PID:11912
- C:\Windows\System\HHRQBhZ.exe
  C:\Windows\System\HHRQBhZ.exe
  2⤵
  PID:11968
- C:\Windows\System\LRqbBhV.exe
  C:\Windows\System\LRqbBhV.exe
  2⤵
  PID:12008
- C:\Windows\System\xwfNYsG.exe
  C:\Windows\System\xwfNYsG.exe
  2⤵
  PID:12040
- C:\Windows\System\Sbfrwym.exe
  C:\Windows\System\Sbfrwym.exe
  2⤵
  PID:12060
- C:\Windows\System\uCkQoKj.exe
  C:\Windows\System\uCkQoKj.exe
  2⤵
  PID:12084
- C:\Windows\System\OlKIICK.exe
  C:\Windows\System\OlKIICK.exe
  2⤵
  PID:12108
- C:\Windows\System\OZRhtuk.exe
  C:\Windows\System\OZRhtuk.exe
  2⤵
  PID:12132
- C:\Windows\System\fGKAYCR.exe
  C:\Windows\System\fGKAYCR.exe
  2⤵
  PID:12148
- C:\Windows\System\wluEWyn.exe
  C:\Windows\System\wluEWyn.exe
  2⤵
  PID:12176
- C:\Windows\System\gossQWI.exe
  C:\Windows\System\gossQWI.exe
  2⤵
  PID:12200
- C:\Windows\System\aStClek.exe
  C:\Windows\System\aStClek.exe
  2⤵
  PID:12228
- C:\Windows\System\UvCHOGw.exe
  C:\Windows\System\UvCHOGw.exe
  2⤵
  PID:12244
- C:\Windows\System\LZKkHNP.exe
  C:\Windows\System\LZKkHNP.exe
  2⤵
  PID:12260
- C:\Windows\System\CRcPOPd.exe
  C:\Windows\System\CRcPOPd.exe
  2⤵
  PID:12276
- C:\Windows\System\faLdITp.exe
  C:\Windows\System\faLdITp.exe
  2⤵
  PID:7988
- C:\Windows\System\ltrPGXE.exe
  C:\Windows\System\ltrPGXE.exe
  2⤵
  PID:9952
- C:\Windows\System\KqRvMca.exe
  C:\Windows\System\KqRvMca.exe
  2⤵
  PID:10652
- C:\Windows\System\SVSiMBN.exe
  C:\Windows\System\SVSiMBN.exe
  2⤵
  PID:10012
- C:\Windows\System\jjXrTRg.exe
  C:\Windows\System\jjXrTRg.exe
  2⤵
  PID:10692
- C:\Windows\System\alHnbqw.exe
  C:\Windows\System\alHnbqw.exe
  2⤵
  PID:10124
- C:\Windows\System\ElPXYQO.exe
  C:\Windows\System\ElPXYQO.exe
  2⤵
  PID:10224
- C:\Windows\System\nvASCyM.exe
  C:\Windows\System\nvASCyM.exe
  2⤵
  PID:2556
- C:\Windows\System\nSCJGzD.exe
  C:\Windows\System\nSCJGzD.exe
  2⤵
  PID:10872
- C:\Windows\System\Minfjrr.exe
  C:\Windows\System\Minfjrr.exe
  2⤵
  PID:10892
- C:\Windows\System\ACNwPqY.exe
  C:\Windows\System\ACNwPqY.exe
  2⤵
  PID:11028
- C:\Windows\System\wkrBPAO.exe
  C:\Windows\System\wkrBPAO.exe
  2⤵
  PID:11120
- C:\Windows\System\BMbklTW.exe
  C:\Windows\System\BMbklTW.exe
  2⤵
  PID:11168
- C:\Windows\System\lKrGxyO.exe
  C:\Windows\System\lKrGxyO.exe
  2⤵
  PID:11192
- C:\Windows\System\ZJIMQzo.exe
  C:\Windows\System\ZJIMQzo.exe
  2⤵
  PID:11244
- C:\Windows\System\AYWiHkV.exe
  C:\Windows\System\AYWiHkV.exe
  2⤵
  PID:8488
- C:\Windows\System\kxgkWmo.exe
  C:\Windows\System\kxgkWmo.exe
  2⤵
  PID:9228
- C:\Windows\System\FYPLfaW.exe
  C:\Windows\System\FYPLfaW.exe
  2⤵
  PID:9260
- C:\Windows\System\xnrBTtp.exe
  C:\Windows\System\xnrBTtp.exe
  2⤵
  PID:7620
- C:\Windows\System\tpnUjxe.exe
  C:\Windows\System\tpnUjxe.exe
  2⤵
  PID:7920
- C:\Windows\System\eAscntc.exe
  C:\Windows\System\eAscntc.exe
  2⤵
  PID:10080
- C:\Windows\System\nZbwmOz.exe
  C:\Windows\System\nZbwmOz.exe
  2⤵
  PID:10144
- C:\Windows\System\iGPPcsL.exe
  C:\Windows\System\iGPPcsL.exe
  2⤵
  PID:8740
- C:\Windows\System\HbaYcPq.exe
  C:\Windows\System\HbaYcPq.exe
  2⤵
  PID:9432
- C:\Windows\System\KRwkHTK.exe
  C:\Windows\System\KRwkHTK.exe
  2⤵
  PID:12312
- C:\Windows\System\WphqHJA.exe
  C:\Windows\System\WphqHJA.exe
  2⤵
  PID:12340
- C:\Windows\System\sDMLjMN.exe
  C:\Windows\System\sDMLjMN.exe
  2⤵
  PID:12360
- C:\Windows\System\YwbVzxM.exe
  C:\Windows\System\YwbVzxM.exe
  2⤵
  PID:12380
- C:\Windows\System\JxAwfXr.exe
  C:\Windows\System\JxAwfXr.exe
  2⤵
  PID:12404
- C:\Windows\System\QSFPdHi.exe
  C:\Windows\System\QSFPdHi.exe
  2⤵
  PID:12420
- C:\Windows\System\JaIVPbC.exe
  C:\Windows\System\JaIVPbC.exe
  2⤵
  PID:12444
- C:\Windows\System\ayjnOfV.exe
  C:\Windows\System\ayjnOfV.exe
  2⤵
  PID:12468
- C:\Windows\System\FZGVApm.exe
  C:\Windows\System\FZGVApm.exe
  2⤵
  PID:12488
- C:\Windows\System\ELqssYv.exe
  C:\Windows\System\ELqssYv.exe
  2⤵
  PID:12516
- C:\Windows\System\uUqAPnV.exe
  C:\Windows\System\uUqAPnV.exe
  2⤵
  PID:12540
- C:\Windows\System\nKkhuXH.exe
  C:\Windows\System\nKkhuXH.exe
  2⤵
  PID:12564
- C:\Windows\System\BRFvepL.exe
  C:\Windows\System\BRFvepL.exe
  2⤵
  PID:12584
- C:\Windows\System\WDmryXw.exe
  C:\Windows\System\WDmryXw.exe
  2⤵
  PID:12604
- C:\Windows\System\NkwtnCW.exe
  C:\Windows\System\NkwtnCW.exe
  2⤵
  PID:12624
- C:\Windows\System\hwFwZMF.exe
  C:\Windows\System\hwFwZMF.exe
  2⤵
  PID:12640
- C:\Windows\System\zRgPzFc.exe
  C:\Windows\System\zRgPzFc.exe
  2⤵
  PID:12660
- C:\Windows\System\zZIeEoM.exe
  C:\Windows\System\zZIeEoM.exe
  2⤵
  PID:12684
- C:\Windows\System\QBnOmCG.exe
  C:\Windows\System\QBnOmCG.exe
  2⤵
  PID:12708
- C:\Windows\System\fQcKUUs.exe
  C:\Windows\System\fQcKUUs.exe
  2⤵
  PID:12728
- C:\Windows\System\aSlayet.exe
  C:\Windows\System\aSlayet.exe
  2⤵
  PID:10404
- C:\Windows\System\dhbmkpx.exe
  C:\Windows\System\dhbmkpx.exe
  2⤵
  PID:11160
- C:\Windows\System\ZkUYDaV.exe
  C:\Windows\System\ZkUYDaV.exe
  2⤵
  PID:12836
- C:\Windows\System\nulNGEN.exe
  C:\Windows\System\nulNGEN.exe
  2⤵
  PID:8716
- C:\Windows\System\bAxgocl.exe
  C:\Windows\System\bAxgocl.exe
  2⤵
  PID:12652
- C:\Windows\System\rHmHQkp.exe
  C:\Windows\System\rHmHQkp.exe
  2⤵
  PID:13212
- C:\Windows\System\cVBaLNK.exe
  C:\Windows\System\cVBaLNK.exe
  2⤵
  PID:12804
- C:\Windows\System\sdnpIpR.exe
  C:\Windows\System\sdnpIpR.exe
  2⤵
  PID:11504
- C:\Windows\System\gGYZBtu.exe
  C:\Windows\System\gGYZBtu.exe
  2⤵
  PID:10812
- C:\Windows\System\IwGEbZq.exe
  C:\Windows\System\IwGEbZq.exe
  2⤵
  PID:5416
- C:\Windows\System\jhxSQIp.exe
  C:\Windows\System\jhxSQIp.exe
  2⤵
  PID:13092
- C:\Windows\System\AEZTwMF.exe
  C:\Windows\System\AEZTwMF.exe
  2⤵
  PID:13104
- C:\Windows\System\bcmrjXj.exe
  C:\Windows\System\bcmrjXj.exe
  2⤵
  PID:13156
- C:\Windows\System\qchKelK.exe
  C:\Windows\System\qchKelK.exe
  2⤵
  PID:13204
- C:\Windows\System\UDgWyGp.exe
  C:\Windows\System\UDgWyGp.exe
  2⤵
  PID:12852
- C:\Windows\System\tmABoMn.exe
  C:\Windows\System\tmABoMn.exe
  2⤵
  PID:12536
- C:\Windows\System\KXtNjKb.exe
  C:\Windows\System\KXtNjKb.exe
  2⤵
  PID:12692
- C:\Windows\System\tcvrMEp.exe
  C:\Windows\System\tcvrMEp.exe
  2⤵
  PID:12776
- C:\Windows\System\jLYrVpA.exe
  C:\Windows\System\jLYrVpA.exe
  2⤵
  PID:10852
- C:\Windows\System\UXzWZwJ.exe
  C:\Windows\System\UXzWZwJ.exe
  2⤵
  PID:11668
- C:\Windows\System\bpiwXDk.exe
  C:\Windows\System\bpiwXDk.exe
  2⤵
  PID:11680
- C:\Windows\System\eJkwVEP.exe
  C:\Windows\System\eJkwVEP.exe
  2⤵
  PID:10964
- C:\Windows\System\KOpvArZ.exe
  C:\Windows\System\KOpvArZ.exe
  2⤵
  PID:11004
- C:\Windows\System\DCWHiRQ.exe
  C:\Windows\System\DCWHiRQ.exe
  2⤵
  PID:11056
- C:\Windows\System\uNUYZQe.exe
  C:\Windows\System\uNUYZQe.exe
  2⤵
  PID:11864
- C:\Windows\System\kXKnekD.exe
  C:\Windows\System\kXKnekD.exe
  2⤵
  PID:10584
- C:\Windows\System\xmDewJa.exe
  C:\Windows\System\xmDewJa.exe
  2⤵
  PID:12888
- C:\Windows\System\hjhFCxe.exe
  C:\Windows\System\hjhFCxe.exe
  2⤵
  PID:8204
- C:\Windows\System\XGPgjRX.exe
  C:\Windows\System\XGPgjRX.exe
  2⤵
  PID:12240
- C:\Windows\System\JIgtNLC.exe
  C:\Windows\System\JIgtNLC.exe
  2⤵
  PID:8860
- C:\Windows\System\suLBdfs.exe
  C:\Windows\System\suLBdfs.exe
  2⤵
  PID:10456
- C:\Windows\System\EAsWNZx.exe
  C:\Windows\System\EAsWNZx.exe
  2⤵
  PID:9996
- C:\Windows\System\qAALVEP.exe
  C:\Windows\System\qAALVEP.exe
  2⤵
  PID:8536
- C:\Windows\System\WuqgwSm.exe
  C:\Windows\System\WuqgwSm.exe
  2⤵
  PID:12416
- C:\Windows\System\HgbCXCN.exe
  C:\Windows\System\HgbCXCN.exe
  2⤵
  PID:2444
- C:\Windows\System\KbiHBWM.exe
  C:\Windows\System\KbiHBWM.exe
  2⤵
  PID:11356
- C:\Windows\System\zCPfeaa.exe
  C:\Windows\System\zCPfeaa.exe
  2⤵
  PID:10208
- C:\Windows\System\HRFAXVz.exe
  C:\Windows\System\HRFAXVz.exe
  2⤵
  PID:4620
- C:\Windows\System\NGpyQYP.exe
  C:\Windows\System\NGpyQYP.exe
  2⤵
  PID:8676
- C:\Windows\System\OGkUoxH.exe
  C:\Windows\System\OGkUoxH.exe
  2⤵
  PID:9824
- C:\Windows\System\tTaNQlY.exe
  C:\Windows\System\tTaNQlY.exe
  2⤵
  PID:7064
- C:\Windows\System\ygtgOVs.exe
  C:\Windows\System\ygtgOVs.exe
  2⤵
  PID:13032
- C:\Windows\System\MtqiLiw.exe
  C:\Windows\System\MtqiLiw.exe
  2⤵
  PID:12376
- C:\Windows\System\VcjvVpv.exe
  C:\Windows\System\VcjvVpv.exe
  2⤵
  PID:8460
- C:\Windows\System\plRqqfj.exe
  C:\Windows\System\plRqqfj.exe
  2⤵
  PID:12576
- C:\Windows\System\iBUmaeE.exe
  C:\Windows\System\iBUmaeE.exe
  2⤵
  PID:12828
- C:\Windows\System\DJxeCbA.exe
  C:\Windows\System\DJxeCbA.exe
  2⤵
  PID:13116
- C:\Windows\System\LYTbKRj.exe
  C:\Windows\System\LYTbKRj.exe
  2⤵
  PID:11552
- C:\Windows\System\KAjzriK.exe
  C:\Windows\System\KAjzriK.exe
  2⤵
  PID:10312
- C:\Windows\System\wptdYPG.exe
  C:\Windows\System\wptdYPG.exe
  2⤵
  PID:13236
- C:\Windows\System\zsmHNen.exe
  C:\Windows\System\zsmHNen.exe
  2⤵
  PID:13920
- C:\Windows\System\CmKtxIJ.exe
  C:\Windows\System\CmKtxIJ.exe
  2⤵
  PID:13956
- C:\Windows\System\UuLmTaE.exe
  C:\Windows\System\UuLmTaE.exe
  2⤵
  PID:14068
- C:\Windows\System\DBoOaUq.exe
  C:\Windows\System\DBoOaUq.exe
  2⤵
  PID:14088
- C:\Windows\System\sOlDTWU.exe
  C:\Windows\System\sOlDTWU.exe
  2⤵
  PID:14104
- C:\Windows\System\EvfEclD.exe
  C:\Windows\System\EvfEclD.exe
  2⤵
  PID:14128
- C:\Windows\System\YnpoHJu.exe
  C:\Windows\System\YnpoHJu.exe
  2⤵
  PID:14156
- C:\Windows\System\TyysWBN.exe
  C:\Windows\System\TyysWBN.exe
  2⤵
  PID:14176
- C:\Windows\System\XQNcdsk.exe
  C:\Windows\System\XQNcdsk.exe
  2⤵
  PID:14200
- C:\Windows\System\jQZoZPP.exe
  C:\Windows\System\jQZoZPP.exe
  2⤵
  PID:14232
- C:\Windows\System\blMZhsD.exe
  C:\Windows\System\blMZhsD.exe
  2⤵
  PID:14248
- C:\Windows\System\gGwLYwX.exe
  C:\Windows\System\gGwLYwX.exe
  2⤵
  PID:14284
- C:\Windows\System\GnBEujx.exe
  C:\Windows\System\GnBEujx.exe
  2⤵
  PID:12616
- C:\Windows\System\aOCpWBw.exe
  C:\Windows\System\aOCpWBw.exe
  2⤵
  PID:3936
- C:\Windows\System\ubzxggf.exe
  C:\Windows\System\ubzxggf.exe
  2⤵
  PID:11048
- C:\Windows\System\KYXAfMl.exe
  C:\Windows\System\KYXAfMl.exe
  2⤵
  PID:13292
- C:\Windows\System\mHooKor.exe
  C:\Windows\System\mHooKor.exe
  2⤵
  PID:13280
- C:\Windows\System\OgqBWuI.exe
  C:\Windows\System\OgqBWuI.exe
  2⤵
  PID:12256
- C:\Windows\System\sQVTSRj.exe
  C:\Windows\System\sQVTSRj.exe
  2⤵
  PID:3000
- C:\Windows\System\mYhlRmI.exe
  C:\Windows\System\mYhlRmI.exe
  2⤵
  PID:11380
- C:\Windows\System\CIfUQTY.exe
  C:\Windows\System\CIfUQTY.exe
  2⤵
  PID:3340
- C:\Windows\System\uZiWITs.exe
  C:\Windows\System\uZiWITs.exe
  2⤵
  PID:14096
- C:\Windows\System\uoYSOJC.exe
  C:\Windows\System\uoYSOJC.exe
  2⤵
  PID:14136
- C:\Windows\System\IDykZxn.exe
  C:\Windows\System\IDykZxn.exe
  2⤵
  PID:14196
- C:\Windows\System\tpMiytB.exe
  C:\Windows\System\tpMiytB.exe
  2⤵
  PID:14292
- C:\Windows\System\GAYuPYP.exe
  C:\Windows\System\GAYuPYP.exe
  2⤵
  PID:14024
- C:\Windows\System\RfyLTTb.exe
  C:\Windows\System\RfyLTTb.exe
  2⤵
  PID:14144
- C:\Windows\System\ACxuAGZ.exe
  C:\Windows\System\ACxuAGZ.exe
  2⤵
  PID:14216
- C:\Windows\System\vERbxKO.exe
  C:\Windows\System\vERbxKO.exe
  2⤵
  PID:11772
- C:\Windows\System\EXBpZKM.exe
  C:\Windows\System\EXBpZKM.exe
  2⤵
  PID:14308
- C:\Windows\System\nNQEOuz.exe
  C:\Windows\System\nNQEOuz.exe
  2⤵
  PID:13872
- C:\Windows\System\vnxRDMV.exe
  C:\Windows\System\vnxRDMV.exe
  2⤵
  PID:14324
- C:\Windows\System\QEVCmRp.exe
  C:\Windows\System\QEVCmRp.exe
  2⤵
  PID:13692
- C:\Windows\System\GPuZaDE.exe
  C:\Windows\System\GPuZaDE.exe
  2⤵
  PID:13948
- C:\Windows\System\sgUAuqC.exe
  C:\Windows\System\sgUAuqC.exe
  2⤵
  PID:14112
- C:\Windows\System\AblmeUM.exe
  C:\Windows\System\AblmeUM.exe
  2⤵
  PID:13444
- C:\Windows\System\QqLUIHY.exe
  C:\Windows\System\QqLUIHY.exe
  2⤵
  PID:12784
- C:\Windows\System\zFDIvcB.exe
  C:\Windows\System\zFDIvcB.exe
  2⤵
  PID:14028
- C:\Windows\System\FnTXfnR.exe
  C:\Windows\System\FnTXfnR.exe
  2⤵
  PID:13832
- C:\Windows\System\CozCylh.exe
  C:\Windows\System\CozCylh.exe
  2⤵
  PID:13800
- C:\Windows\System\ubIuMQl.exe
  C:\Windows\System\ubIuMQl.exe
  2⤵
  PID:10440
- C:\Windows\System\xaYdYvA.exe
  C:\Windows\System\xaYdYvA.exe
  2⤵
  PID:13160
- C:\Windows\System\agqxQrU.exe
  C:\Windows\System\agqxQrU.exe
  2⤵
  PID:13496
- C:\Windows\System\zKcvbRh.exe
  C:\Windows\System\zKcvbRh.exe
  2⤵
  PID:10804
- C:\Windows\System\YdPFkjS.exe
  C:\Windows\System\YdPFkjS.exe
  2⤵
  PID:13536
- C:\Windows\System\HODsIpW.exe
  C:\Windows\System\HODsIpW.exe
  2⤵
  PID:12808
- C:\Windows\System\kQdolZe.exe
  C:\Windows\System\kQdolZe.exe
  2⤵
  PID:13332
- C:\Windows\System\AwxfrVv.exe
  C:\Windows\System\AwxfrVv.exe
  2⤵
  PID:4148
- C:\Windows\System\uMZwsia.exe
  C:\Windows\System\uMZwsia.exe
  2⤵
  PID:14148
- C:\Windows\System\XwbaMvl.exe
  C:\Windows\System\XwbaMvl.exe
  2⤵
  PID:14244
- C:\Windows\System\Tqbbais.exe
  C:\Windows\System\Tqbbais.exe
  2⤵
  PID:14056
- C:\Windows\System\xvVbDDk.exe
  C:\Windows\System\xvVbDDk.exe
  2⤵
  PID:14172
- C:\Windows\System\euqWPNV.exe
  C:\Windows\System\euqWPNV.exe
  2⤵
  PID:14264
- C:\Windows\System\ddTKwQt.exe
  C:\Windows\System\ddTKwQt.exe
  2⤵
  PID:13736
- C:\Windows\System\gLGSVzn.exe
  C:\Windows\System\gLGSVzn.exe
  2⤵
  PID:13656

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12128

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:9592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oywuscgn.ub2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ATMZyTR.exe

Filesize
1.6MB

MD5
24e5af02d31951b123bd69a102913ffe

SHA1
6c440439de7463686d95dbae1478599d7844d3f3

SHA256
ad2f6e97e63cfab65f78eb6ebc23cbddeadb9192b398a976e7ab7a4d1b7707a7

SHA512
deb9b26b086152e3826cc6bd0ef0f72b5fa1aa44642dec6888500d112bda8bfd8a81e9a23d8d261d3427d9bb44faaa61d57b5924c27adde7a464201a7b2eb329

Download Submit
C:\Windows\System\BZFPBKL.exe

Filesize
1.6MB

MD5
ef602387ff1ac087404b38dc44c83bc0

SHA1
d23907e73719152a50c3e5827bf9a41f414ff32a

SHA256
e0ed81f7292d59426e048dd77686793a1c129b473c41f49167a3be94a1897c60

SHA512
462477d181cc0d8a069f59b3bb582a1d733bcad2a4286574e2cce69e656550beafba7214dd75fd009bda48a9d64c089eb46425cb2c81adf4740d6dd3f468add2

Download Submit
C:\Windows\System\EOJsDmY.exe

Filesize
1.6MB

MD5
8a6a8fa0149d24642e4cd39aaa6ceed6

SHA1
a7b4ba27f981a0121ad0351a797685c19c952098

SHA256
404da12d34824bd0008cd402c093eabedda31e10432757578c0ff6febce84a84

SHA512
4a689c0276257c94a0ea71768dfc0854f699929033ba3dedb3bae3d5d3a3083944621b7bf94656bd1172534edf7b0cead0f333132b85ca2229d6a861b724e93d

Download Submit
C:\Windows\System\ESNThMk.exe

Filesize
1.6MB

MD5
69a8a3e2e3f9c1ce16693090aebed153

SHA1
2d29a59a848ab25f9c51c4e80fff487faae38e05

SHA256
15a21843a025ed5b11addd8f6abfe01d864f79300196ccbb4e39f6b9d390e629

SHA512
7ff207c625ab53d0b056e0abb72e518e9f8246a59394372a3001e42cd0acc095f2bd9fb51fba79074122b9f02f9d11e5cfd6286d74ccc7a8310b35b70a318860

Download Submit
C:\Windows\System\EgwgGdS.exe

Filesize
1.6MB

MD5
b2d6f6b77725d29874679388b140c912

SHA1
9d69b5ee36c94bc88024f0c9a50feb7ee8060b34

SHA256
5e8a068fef12ecc190b61a06fe360be4fa6942917e90f01d30195d28a1cf9f10

SHA512
0ee42a8e4dc53c7cbebbe047ce9470d7390c5b4fa5d614a246ad1c8c42a95b889ff9f8fb87d2eb5fc69cf04cf37fa28d6342445be01061ca4290add651344a62

Download Submit
C:\Windows\System\IenkJEp.exe

Filesize
1.6MB

MD5
00892c921d1fc1406b06b489f9eac948

SHA1
eb36fda186ca52e0e6ce51143b8bb20007b89912

SHA256
82640c657d591f14129941cde07a24794a185a793a75eb5c711735c6dcf4a58d

SHA512
642a30fbe8db5f657324a98076d9e5c9d87ada794af89fa51069e61382730bcc678a41fee2e4597c88fc603b8fb6d9609f79d0b7bf1680f371212f6476af2532

Download Submit
C:\Windows\System\JaFDwpY.exe

Filesize
1.6MB

MD5
cf8f05357e84133640503eb8cba8c88e

SHA1
eca2538e05a08d369e158db6bdce0b1befa8ef2f

SHA256
7a6fc5a8128a51bf855317928559f6e11a1ec4c4fadbab6a3885ccdacde1d695

SHA512
c4f415b12129b814857b017fe4daa23b3b93543b71adab8fb05932fa69a1514fd6a7c844ee31a608faf891c3d5b368057e7092431f2f64f5eded202347ac6bec

Download Submit
C:\Windows\System\KoRAkiy.exe

Filesize
1.6MB

MD5
551fc97a3cadfca250d99f7380f5be2f

SHA1
5f2e67941a2349b3bcaea956f0f761e079597e28

SHA256
b2b9b5baa4123631b469b3dee0648f8ad99bdf95feeb87b46219cf5230c8f4b1

SHA512
e40aca48664949da661402465ce83858b42737d40058c3b0101fefa15f3f556b54f1a37e234c009eb186ef76f30d675daee1f5467647bb0925452426dc2fbfa8

Download Submit
C:\Windows\System\MHoNVgr.exe

Filesize
1.6MB

MD5
57af0d7e57027cf755ed1901e9803648

SHA1
52245f95b9263fc6e2234518d07023819006a4cf

SHA256
a5a3366249a0dc29bc841e60e0b7798bfaa178041d21b2d8440e70546c09bcab

SHA512
662e9d0ea9ede6986b3347bbe059f5aa412b07bc105c3d4744a3af3548615d62d23868f0ff36770ef19bcb8560045db00aa1af2d0b3feb43993e46cc201e699e

Download Submit
C:\Windows\System\MyIZWur.exe

Filesize
1.6MB

MD5
a24691fef88b4e3c8e07c4bdd655e790

SHA1
91ec6103a8616d3ef2a05325083921df46dc27b3

SHA256
79362011e3b842360de37642002ba5d7a65d30ee4dd4db9a7872f631f386d381

SHA512
b35079a16d8557b70957c627c15f08f810f3fca990d5c7dc6adde069006b3903863c8b28e440569fdc1f22eb9aacec9ca664476f660570e5e949f6027c7c756c

Download Submit
C:\Windows\System\PBdRzAi.exe

Filesize
1.6MB

MD5
53682df2681d6f2d00951a6b607e28f3

SHA1
ae7c0b2f900c601365ac282429008ef84573fc66

SHA256
19c43e1f8df204d4055f8e7261f20d1b1027fa976a40cb115029e1217319b2e5

SHA512
8fecd5ee58a492b3713f673bc74d19fd0ad081e22912cc20593d4b2743f2a1b6e428afab2fb9475b003dcfc6cf66808ff1791cea5998e83bb5bb9b2978a604c7

Download Submit
C:\Windows\System\PDAPXtT.exe

Filesize
1.6MB

MD5
7e182ff3f13abbb19a5b654c487edf0c

SHA1
62d1277e66324442f612c2ae4d00c2d6e4d8d1d7

SHA256
64bc04cec37c53218abd4017f0a816ab5ca144693f2cc07a75b2d9eeabd782b9

SHA512
60a39d083324b5f0754d6a12015dee709bc7ca3fda7a59a88df37891f46866225ef23d041a852d6db5bbc7604991f75b6ad9e90f706dc6675642b77b3c819258

Download Submit
C:\Windows\System\PGmrYmo.exe

Filesize
1.6MB

MD5
b22a397db690be9a2627e8883c4c2848

SHA1
a33bd1b7ff1bcb4db6178d89594cc2fdb72c407c

SHA256
c024f02d1a8ca7836bfca4641f2e726467371e3a0926ccc3701825aac48363d3

SHA512
1da63248f4b273821f5b6c16daa28b22678586b28113f365b447db3d8c2a168d4d4cd58a7e014db0faff4a0e7df26cd4db05bfb80b9c6a37d5d16b3eac0178c4

Download Submit
C:\Windows\System\SWrmrxO.exe

Filesize
1.6MB

MD5
057d4cac4651376e523fb219eda1c2f3

SHA1
4904852b9258cfb7898e136f02e2af9b1415e0c6

SHA256
7f069baec1a9f0cdd4b58209b8e7846d38de3e1a268b380a038d2a0ffa16f3c5

SHA512
0b56303fedd331b6b3c3de2a22a7deaed44e37e11f5c85af1f9f8c98fb67507dc13d71a6c2c30734bac046777f891e61d0be91389bdbe74ebec958e3292070a7

Download Submit
C:\Windows\System\UsHvcLP.exe

Filesize
1.6MB

MD5
6eb9837257111b4f79617563f8643453

SHA1
c2cc9a89db553a521e0551854bf3d8d693640b60

SHA256
6c548b7499e950eb688c72ce717c7d26b7aa0708b1ab7581ca7130f3fb90bb88

SHA512
34be008c46209a049a252a0e4b4b232b39b3083c59ec98a28daf45495b302a73efa717d2419de68c702b8112fab94bd38bb5e90250fe613f4c48d68c7bde65a7

Download Submit
C:\Windows\System\VHbytbQ.exe

Filesize
1.6MB

MD5
d90b467d6d1a4c4d6a02d82dc7f75dce

SHA1
fe63bdfad837c98d22a21c71b8a333531696e50c

SHA256
ba46e8e07d4084240721859df493b28b5a9a8ff14e946b2e07b149b7867d6527

SHA512
97118f751fbb599694377df394955f47d24f3945771e03df398c0af6e44001f73506cf0f76a07e0e1b280d2656f2f36d37ac4c6799f83c4f8e9f3492c0d52f55

Download Submit
C:\Windows\System\XPmmTUZ.exe

Filesize
1.6MB

MD5
de7a84618b9987315b4f7e5d8da55ca3

SHA1
a787daa292265011ae8474a0859b85f4aab5f373

SHA256
52b9d7a6df9716406b964208ab367be5ecba9118c32d9c7186cfc508291293ab

SHA512
d4eb5bbd788ab6d5b1ba5bc443ce5d2f4d518b4a24b9a7ebc95949b78a28ac12ad44e71f31a0e98ed59b670ddd61db9e25c2f9a6f7d69323f24688782565151b

Download Submit
C:\Windows\System\ZExpyCs.exe

Filesize
1.6MB

MD5
7cc62e6a3acdece47560e4c2e8ff3e31

SHA1
db79f9a5296191897efef6c2ff6d642d4d1ac83e

SHA256
da9e473e95d08a1cc647a1fd7e6e61090a586287512e2b6173e1b96f4e5cb27d

SHA512
09ae3040e273c936aac7a09ff2ddafc8928f4a0f6785f5acf68e33e1f9a3a82f83cc7987662b9eae4c02df5664fe29b08428fdbe3dca043b6e892fbbe0925543

Download Submit
C:\Windows\System\ZgsFLbx.exe

Filesize
1.6MB

MD5
00db4d86f5e11d34211e48528bf32176

SHA1
0813544bf7705e384e6aa4de6232ffe3ad4d62b5

SHA256
6a57464893fca80fd5c029c1159e52181ee4c35391383b5bf809ef30c9d4a7e2

SHA512
52bcf2760b3067c891ab3ada090fc4ecc52877ead563ee2b95b1eab685ee91904ef9e133dcc3cb485edd362098f756b9f93cf5a72470bf814cc965bf8657552c

Download Submit
C:\Windows\System\aFyVsXf.exe

Filesize
1.6MB

MD5
555e36e56bca5a8d3e763ba8b59c5f86

SHA1
1e5c1e7fb0b7c978de46333692a31b19febda5df

SHA256
10a821bfa4b06f51e89b490adf2080c63d93835491e4bd8c75c3dade0ba6600c

SHA512
6933d910da3e4c5a743fa4b99ae6ca4c40b99fd16af491260b870e92b575c0bd63a37dbe966616dfd9106858e6d99f527924739b51c6f5d4ddc1b7195971386c

Download Submit
C:\Windows\System\dcSOsxA.exe

Filesize
1.6MB

MD5
4b1569bd3711da91e84d7b8423aa9cae

SHA1
fc250ba310da7970cdd26d243cd2144b803e4ec8

SHA256
dcaf715093e9c9c7cb3c4f91e21e5e07fc6669579e703d181d042d8822ae619c

SHA512
92017d6214e1e17609e1e7b8361dab059887738a4ef7c2194a3cc8010a92d1837aa2c2cc516c07ee3ad32a8054eae6838b94615a8860d22ba3495c4517be19b1

Download Submit
C:\Windows\System\hooqtZf.exe

Filesize
1.6MB

MD5
f719380f3c2eecbf21ee0bdcae4c51bf

SHA1
2e53d3c51186ac2bc8f00e1e95e398bfe59993e0

SHA256
902da093d1133ed0712195873033c47779c9536af1742d0cc96d41f0da77560a

SHA512
dc776d15e1187c561cdb7974b6e98f8039e5058b09e5da358f77fd3190ce72a7cb47e333b1835cf105b91da7eaa1c1cab9042d5df382512c97bd575c7280f976

Download Submit
C:\Windows\System\jRfwtoT.exe

Filesize
1.6MB

MD5
9df92f4b6cefb77cc7eaca9c69a10c8d

SHA1
be9e0635f1e333c3f05980e9f3801e0df43f98ca

SHA256
f31cd2a6ef60d4a718ccc075d772816ba00fa379fabdfb262ad2f8f2a2b396d6

SHA512
b5faf7575db929857b89dc6ce3cc060a29f1a2e6409d675f9cf21fb81b4003110ff949d7cf1fb274895e310ad06df4368a945420632f78d7f4e3dbf3fe1014c9

Download Submit
C:\Windows\System\jynITWm.exe

Filesize
1.6MB

MD5
297bd8ed63aeadb295b32d6fe117363c

SHA1
7662f06ba08ac3875ecdfa912c29fe36510c7644

SHA256
7dc8d8c7fb82831572886156aba1d1379e880ca9b57c3119fae84234de8582e8

SHA512
198ea6acd239a90c5c3258ce2babbc4a69a906790c6bf493917ea2893259bbd12e003ab6cb9c208a5d20070d62bb87f06e6ee9d057f9cfa86ca6d3318de3004c

Download Submit
C:\Windows\System\lMlRDqx.exe

Filesize
1.6MB

MD5
06cb114da7290d255f67b78de6cb68a6

SHA1
6f2c3943469ddf4f8c046b542cae28f2fe385112

SHA256
d5c4005deb9e0a9b2973e7067eb7daf8aa286eaad8ca7584099a0a34e4c0c306

SHA512
bc18561c21c85f7a3fdef9998e38387382dbf42da2ee5e6b6e427aac4e581bb58619fbdaa07704d96aaecf4f6ea116214cb6350500506e416ffd0318a7c53fde

Download Submit
C:\Windows\System\lmlRxJv.exe

Filesize
1.6MB

MD5
015bcf7e417a36e4aadce81a2f063fa2

SHA1
889de7fa7a935e07f9120962e7f01dda7c985938

SHA256
150e4f271cc93fc653a45bf3c0861deb216168ed592017ed0758bfb6f837bb6a

SHA512
f990757ff488b53ecbb41593c020f8ca1cf7b3028502e1f6aaf381af86c3fc257555a7d0112622c950af67513e9799b232ea8847f15834b3aea37b89fb70b8fd

Download Submit
C:\Windows\System\loVrEwl.exe

Filesize
1.6MB

MD5
c530559cb2a957a5d07b9380c38f775d

SHA1
efb2fce78c2fd798915b03d5659076343fcc964c

SHA256
ba1e34be3c7710a6dd33efdda37dd0812e83cc1b715176acb2a7eeaee6b9c17f

SHA512
0c45f3eb7887782fee4548859009e2bdb711a5f2cd4cebbe97d7d80d32ab1f43a40fc13964b3e3973250f128fa3f9cfc614c8e05c544b909bced844f16b4e688

Download Submit
C:\Windows\System\ocYIKsQ.exe

Filesize
1.6MB

MD5
96d3b61e103b40a10e8edfbd2db22bd3

SHA1
5f7b1ebe6ad708bfae117716250abdc2c75dd43d

SHA256
86a8fa8dc281dd4fcb86e8cdf9a0d5d008128a97b96ffbf3c1d6ac19cfeadff4

SHA512
bc2259f564c3ea35efe14fb0dbb5048c5448950bf575c61f406077d968dd7e8c46c5f663486fb2ef3673108f4c1d448b06ffad02092f85387f7426bce4893cb1

Download Submit
C:\Windows\System\osqTWUT.exe

Filesize
1.6MB

MD5
2387c5be29f62c299bbaef1ef9b1d52c

SHA1
83e64a17f231802cd35dbc8e4a8199f06b962dbc

SHA256
1f9536669698549bab26a93e814a4bcfe7f0321dd15b6d9ebdaaac5239c33c29

SHA512
0d81af8d5ff62532d56fdcc81cae320d97db1a537f3843f31f768a10521b11220b1267e52e47d42c384bed52fe073ecacbfa6797f9856d1f55d29b5bbdf16035

Download Submit
C:\Windows\System\qPWKsqy.exe

Filesize
1.6MB

MD5
48b1eaadd8fb02f67676da634b08a246

SHA1
c9c988592c57c365118fe7c2b623e8d3d36145fd

SHA256
a53a08d67089f984b7b0ae7a19e6dc924d9dfaa8e295addc2a6666032808dd9f

SHA512
ba785621dd7421d3f064ad69232e20e05ad72fddb277f8f5e4fa5b1bc9f782b7bca85405851ff7aa61a5d10bb6fbbf5dd8d04f46de4a6ff46330ed0e30b2146b

Download Submit
C:\Windows\System\qnmjNbZ.exe

Filesize
1.6MB

MD5
f38b879f1cad68bbf31a07fe9bbaa31b

SHA1
b0ceb496c5df04c00bb870243030bfecb3d77137

SHA256
40b251b49c37f33814a55834b452e824422a282cbc2f722f2d8e04727b7d2342

SHA512
f8bbb79ee77637230f9d8c95b0407f620f2f21a36462a82bb9eaf0eeaaf7110f7164a22b3b70fde2ca18bca8a0c21aacdb18ef66512cfd3ff2aa5636bbcf1b6c

Download Submit
C:\Windows\System\soOQATp.exe

Filesize
1.6MB

MD5
ba4a8a08ca4bdadcb17db9f9087000d0

SHA1
589417dd72b6e51d577936a602ab3f68db798cb1

SHA256
e409b2c7cdde6f92038f1a32b23c09238f6a52c68621f12293139bf88b56caf0

SHA512
e8a542776610c88485919162c35fa882d4f3d93c16083040796d0f32a888da4d6682a458888543ea3af5db32f0be5974df2e991dd5572471efd8b6ed69ffd261

Download Submit
C:\Windows\System\tkLvQKR.exe

Filesize
8B

MD5
fdc4c27bca1c20a0e64fc0cdcc562b48

SHA1
5ed01ded26f48ad3840abcbfe08aa7592f0eb652

SHA256
a31bc27493871b0687e9fdb4a85e71b078b7c9331772238be2462243354bc3f0

SHA512
62217f7360150d768e82d119311b3682b2f1d7e6ee41711a90653ab5d2b492daa842614c4882d9b2872989e5567e388057f015c167e1f5efeffdfddbe4324f88

Download Submit
C:\Windows\System\uTHSNJE.exe

Filesize
1.6MB

MD5
8af9b969a3c3b478584dbfc197a36f41

SHA1
d9f44354d98e3377431f65bc000cebbf3785e9de

SHA256
bfed8dd3c37e3d58a2b746a90ee34ccd8c2b1edfad520f07fd54dbb7cffd5323

SHA512
7bf04c2d90d5085c162dafb5c22d96bb9ae33066c79a74f7319d90090710260a6cae9a221d2eec72534f7f59a8eb3e7792cf7646f4de472bd9173810e914e2c7

Download Submit
C:\Windows\System\vQrHllT.exe

Filesize
1.6MB

MD5
d2188a84d37cd7aca402eafc8867a2f0

SHA1
35d8793ca800d6475c961a209d3e8e2f8cc10ea4

SHA256
b40a88b14328f5b4897334a2df06551deeb0649f134524b7292525479ab2eaba

SHA512
76408ab14505d744ed339da1c74d536e686b66cca46ac1bd0ead691905d68e893ceb08b90d409bb0024bea82fb0d1a5ad24c3a5390e630a5d7640ab06228ea39

Download Submit
C:\Windows\System\wPPZbDb.exe

Filesize
1.6MB

MD5
08b1fa5706a8cd694f1a98bf6f4d3fa1

SHA1
cc8ac1b3d55044cb40e4bb97da62914bed7ec7b5

SHA256
19781735ca27329dfa9097e296630a867eaae777efa62d1ce32c6d51c30dcc9a

SHA512
36534f39c1549c9a23916b19f397d5d424d784bfcf25bfa16199015e5b4658c09df8c227e224df083fb8f9a2132f16f029547b3cfbd03b1e9b2a912d77fee308

Download Submit
C:\Windows\System\xrjAaLV.exe

Filesize
1.6MB

MD5
05b7652a0c7cd8a0d25c1146f58dcaac

SHA1
667eec647ce307703ea7ace141488902e8870477

SHA256
a49a0ff96c43afba3b6c944fe6085933ba7f87b49830da8ad87d32dedf07b76d

SHA512
ddbd08e21c34a77846f3cb222577c43c88616fc221e93bb1f98dce93e43f69d66ee055086e3d5cf9b54d84492274ef3ea681395e2c413a339e4b5fa13ee1bbeb

Download Submit
C:\Windows\System\ytknGHD.exe

Filesize
1.6MB

MD5
e03973e03200ac7944ba04f8c2956fec

SHA1
05908e97d1e4577ba1bf31b943e1816ef400f9b0

SHA256
1597b2320a53e9b7002baefb282b25fe85d466e71f8e89ec7c1a43bd89701690

SHA512
68f96b4f6270c720691cff4a9c84d52b62740e190122b35f48585e052ecd1c3d72f4656a7ff1ca312717d0a4d530c98129b9fc47c8976a5b1fa2d7c99742507f

Download Submit
C:\Windows\System\yzOKMkZ.exe

Filesize
1.6MB

MD5
58092cfc2e63f9c51f0bc9da71797545

SHA1
fca936c0bec74b66d536e7d2dd4c4aaac37c9e89

SHA256
180c479e1a4af140ccab6a8dde0fefb2b0e7adf3e947729d0b457c05ff98e30c

SHA512
8215c363a6651a074effb3a62bc33383a655e98325451f42e0fc366e60c8049a113c712b75e4e78bbe3f15673be452cf932b415479550aee0c7e0243fa7488b7

Download Submit
memory/876-308-0x00007FF6E7A70000-0x00007FF6E7E62000-memory.dmp

Filesize
3.9MB

Download
memory/876-2990-0x00007FF6E7A70000-0x00007FF6E7E62000-memory.dmp

Filesize
3.9MB

Download
memory/904-2960-0x00007FF6989D0000-0x00007FF698DC2000-memory.dmp

Filesize
3.9MB

Download
memory/904-294-0x00007FF6989D0000-0x00007FF698DC2000-memory.dmp

Filesize
3.9MB

Download
memory/980-2982-0x00007FF63C790000-0x00007FF63CB82000-memory.dmp

Filesize
3.9MB

Download
memory/980-306-0x00007FF63C790000-0x00007FF63CB82000-memory.dmp

Filesize
3.9MB

Download
memory/1068-296-0x00007FF6AA450000-0x00007FF6AA842000-memory.dmp

Filesize
3.9MB

Download
memory/1068-2952-0x00007FF6AA450000-0x00007FF6AA842000-memory.dmp

Filesize
3.9MB

Download
memory/1384-127-0x00007FF61BB20000-0x00007FF61BF12000-memory.dmp

Filesize
3.9MB

Download
memory/1384-2944-0x00007FF61BB20000-0x00007FF61BF12000-memory.dmp

Filesize
3.9MB

Download
memory/1452-2973-0x00007FF6ECC00000-0x00007FF6ECFF2000-memory.dmp

Filesize
3.9MB

Download
memory/1452-329-0x00007FF6ECC00000-0x00007FF6ECFF2000-memory.dmp

Filesize
3.9MB

Download
memory/1740-2971-0x00007FF6C6030000-0x00007FF6C6422000-memory.dmp

Filesize
3.9MB

Download
memory/1740-303-0x00007FF6C6030000-0x00007FF6C6422000-memory.dmp

Filesize
3.9MB

Download
memory/1808-2938-0x00007FF67CE70000-0x00007FF67D262000-memory.dmp

Filesize
3.9MB

Download
memory/1808-15-0x00007FF67CE70000-0x00007FF67D262000-memory.dmp

Filesize
3.9MB

Download
memory/1808-2936-0x00007FF67CE70000-0x00007FF67D262000-memory.dmp

Filesize
3.9MB

Download
memory/1880-194-0x00007FF6F0C00000-0x00007FF6F0FF2000-memory.dmp

Filesize
3.9MB

Download
memory/1880-2950-0x00007FF6F0C00000-0x00007FF6F0FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2156-2975-0x00007FF79E360000-0x00007FF79E752000-memory.dmp

Filesize
3.9MB

Download
memory/2156-299-0x00007FF79E360000-0x00007FF79E752000-memory.dmp

Filesize
3.9MB

Download
memory/2296-297-0x00007FF655320000-0x00007FF655712000-memory.dmp

Filesize
3.9MB

Download
memory/2296-2958-0x00007FF655320000-0x00007FF655712000-memory.dmp

Filesize
3.9MB

Download
memory/2424-295-0x00007FF6CF8F0000-0x00007FF6CFCE2000-memory.dmp

Filesize
3.9MB

Download
memory/2424-2956-0x00007FF6CF8F0000-0x00007FF6CFCE2000-memory.dmp

Filesize
3.9MB

Download
memory/2636-291-0x00007FF799C60000-0x00007FF79A052000-memory.dmp

Filesize
3.9MB

Download
memory/2636-2946-0x00007FF799C60000-0x00007FF79A052000-memory.dmp

Filesize
3.9MB

Download
memory/3236-309-0x00007FF6574B0000-0x00007FF6578A2000-memory.dmp

Filesize
3.9MB

Download
memory/3236-2940-0x00007FF6574B0000-0x00007FF6578A2000-memory.dmp

Filesize
3.9MB

Download
memory/3384-2948-0x00007FF71E010000-0x00007FF71E402000-memory.dmp

Filesize
3.9MB

Download
memory/3384-289-0x00007FF71E010000-0x00007FF71E402000-memory.dmp

Filesize
3.9MB

Download
memory/3404-355-0x00000245CB1F0000-0x00000245CB212000-memory.dmp

Filesize
136KB

Download
memory/3404-16-0x00007FFB079B3000-0x00007FFB079B5000-memory.dmp

Filesize
8KB

Download
memory/3404-84-0x00007FFB079B0000-0x00007FFB08471000-memory.dmp

Filesize
10.8MB

Download
memory/3404-239-0x00007FFB079B0000-0x00007FFB08471000-memory.dmp

Filesize
10.8MB

Download
memory/3404-406-0x00000245CBE30000-0x00000245CC5D6000-memory.dmp

Filesize
7.6MB

Download
memory/3424-2942-0x00007FF694CD0000-0x00007FF6950C2000-memory.dmp

Filesize
3.9MB

Download
memory/3424-90-0x00007FF694CD0000-0x00007FF6950C2000-memory.dmp

Filesize
3.9MB

Download
memory/3592-2977-0x00007FF74CD30000-0x00007FF74D122000-memory.dmp

Filesize
3.9MB

Download
memory/3592-300-0x00007FF74CD30000-0x00007FF74D122000-memory.dmp

Filesize
3.9MB

Download
memory/3640-2965-0x00007FF658320000-0x00007FF658712000-memory.dmp

Filesize
3.9MB

Download
memory/3640-302-0x00007FF658320000-0x00007FF658712000-memory.dmp

Filesize
3.9MB

Download
memory/3700-2963-0x00007FF77DAA0000-0x00007FF77DE92000-memory.dmp

Filesize
3.9MB

Download
memory/3700-301-0x00007FF77DAA0000-0x00007FF77DE92000-memory.dmp

Filesize
3.9MB

Download
memory/3720-2954-0x00007FF742CA0000-0x00007FF743092000-memory.dmp

Filesize
3.9MB

Download
memory/3720-293-0x00007FF742CA0000-0x00007FF743092000-memory.dmp

Filesize
3.9MB

Download
memory/4208-2967-0x00007FF7EA680000-0x00007FF7EAA72000-memory.dmp

Filesize
3.9MB

Download
memory/4208-305-0x00007FF7EA680000-0x00007FF7EAA72000-memory.dmp

Filesize
3.9MB

Download
memory/4424-0-0x00007FF6B6980000-0x00007FF6B6D72000-memory.dmp

Filesize
3.9MB

Download
memory/4424-1-0x0000020A1B830000-0x0000020A1B840000-memory.dmp

Filesize
64KB

Download
memory/4524-307-0x00007FF6F2240000-0x00007FF6F2632000-memory.dmp

Filesize
3.9MB

Download
memory/4524-2969-0x00007FF6F2240000-0x00007FF6F2632000-memory.dmp

Filesize
3.9MB

Download
memory/5084-298-0x00007FF66D160000-0x00007FF66D552000-memory.dmp

Filesize
3.9MB

Download
memory/5084-2980-0x00007FF66D160000-0x00007FF66D552000-memory.dmp

Filesize
3.9MB

Download
memory/5100-2995-0x00007FF676EC0000-0x00007FF6772B2000-memory.dmp

Filesize
3.9MB

Download
memory/5100-304-0x00007FF676EC0000-0x00007FF6772B2000-memory.dmp

Filesize
3.9MB

Download