xmrig | 3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894

Analysis

max time kernel
61s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
Size

2.4MB
MD5

4242912e21c1f51aa7d3aa10541a1b40
SHA1

574dc40724c6ef2b0845d35e9cb884e276d01dda
SHA256

3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894
SHA512

c1de268287e957f7d3244176bbada6eca72fb649bafd9af3e4215fcacccdca5db6f93049eddcd2b6a4c088e8858407111964c56b06eebf9fad1b9918adc11f2b
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMeb7FxUOqyGr:oemTLkNdfE0pZrV56utgG

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1816-0-0x00007FF704A60000-0x00007FF704DB4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ed-7.dat	xmrig
behavioral2/memory/632-8-0x00007FF624AE0000-0x00007FF624E34000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ec-18.dat	xmrig
behavioral2/files/0x00070000000233f3-51.dat	xmrig
behavioral2/files/0x00070000000233f5-61.dat	xmrig
behavioral2/files/0x00070000000233f7-71.dat	xmrig
behavioral2/files/0x00070000000233f9-81.dat	xmrig
behavioral2/files/0x0007000000023408-150.dat	xmrig
behavioral2/memory/3680-607-0x00007FF6D12A0000-0x00007FF6D15F4000-memory.dmp	xmrig
behavioral2/memory/3260-608-0x00007FF6B2880000-0x00007FF6B2BD4000-memory.dmp	xmrig
behavioral2/memory/2268-610-0x00007FF6FC180000-0x00007FF6FC4D4000-memory.dmp	xmrig
behavioral2/memory/1056-609-0x00007FF79A9A0000-0x00007FF79ACF4000-memory.dmp	xmrig
behavioral2/memory/2344-606-0x00007FF762E20000-0x00007FF763174000-memory.dmp	xmrig
behavioral2/memory/4176-614-0x00007FF68C410000-0x00007FF68C764000-memory.dmp	xmrig
behavioral2/memory/1584-613-0x00007FF7F8250000-0x00007FF7F85A4000-memory.dmp	xmrig
behavioral2/memory/4116-622-0x00007FF750D30000-0x00007FF751084000-memory.dmp	xmrig
behavioral2/memory/2304-628-0x00007FF74F390000-0x00007FF74F6E4000-memory.dmp	xmrig
behavioral2/memory/3204-639-0x00007FF757390000-0x00007FF7576E4000-memory.dmp	xmrig
behavioral2/memory/4024-651-0x00007FF7802D0000-0x00007FF780624000-memory.dmp	xmrig
behavioral2/memory/5084-669-0x00007FF756FC0000-0x00007FF757314000-memory.dmp	xmrig
behavioral2/memory/4544-676-0x00007FF7120E0000-0x00007FF712434000-memory.dmp	xmrig
behavioral2/memory/408-683-0x00007FF68A780000-0x00007FF68AAD4000-memory.dmp	xmrig
behavioral2/memory/1692-693-0x00007FF6C45F0000-0x00007FF6C4944000-memory.dmp	xmrig
behavioral2/memory/4956-695-0x00007FF636F90000-0x00007FF6372E4000-memory.dmp	xmrig
behavioral2/memory/3568-691-0x00007FF67B7D0000-0x00007FF67BB24000-memory.dmp	xmrig
behavioral2/memory/3768-679-0x00007FF737FA0000-0x00007FF7382F4000-memory.dmp	xmrig
behavioral2/memory/4724-674-0x00007FF6B1500000-0x00007FF6B1854000-memory.dmp	xmrig
behavioral2/memory/2760-666-0x00007FF60AD40000-0x00007FF60B094000-memory.dmp	xmrig
behavioral2/memory/1344-658-0x00007FF708F80000-0x00007FF7092D4000-memory.dmp	xmrig
behavioral2/memory/2188-645-0x00007FF664570000-0x00007FF6648C4000-memory.dmp	xmrig
behavioral2/memory/1812-635-0x00007FF6E8B60000-0x00007FF6E8EB4000-memory.dmp	xmrig
behavioral2/memory/1224-615-0x00007FF612A40000-0x00007FF612D94000-memory.dmp	xmrig
behavioral2/memory/4164-612-0x00007FF703690000-0x00007FF7039E4000-memory.dmp	xmrig
behavioral2/memory/1008-611-0x00007FF7849B0000-0x00007FF784D04000-memory.dmp	xmrig
behavioral2/memory/4264-605-0x00007FF7B3390000-0x00007FF7B36E4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-165.dat	xmrig
behavioral2/files/0x0007000000023409-163.dat	xmrig
behavioral2/files/0x000700000002340a-160.dat	xmrig
behavioral2/files/0x0007000000023407-153.dat	xmrig
behavioral2/files/0x0007000000023406-148.dat	xmrig
behavioral2/files/0x0007000000023405-143.dat	xmrig
behavioral2/files/0x0007000000023404-138.dat	xmrig
behavioral2/files/0x0007000000023403-131.dat	xmrig
behavioral2/files/0x0007000000023402-126.dat	xmrig
behavioral2/files/0x0007000000023401-118.dat	xmrig
behavioral2/files/0x0007000000023400-116.dat	xmrig
behavioral2/files/0x00070000000233ff-111.dat	xmrig
behavioral2/files/0x00070000000233fe-106.dat	xmrig
behavioral2/files/0x00070000000233fd-101.dat	xmrig
behavioral2/files/0x00070000000233fc-95.dat	xmrig
behavioral2/files/0x00070000000233fb-91.dat	xmrig
behavioral2/files/0x00070000000233fa-86.dat	xmrig
behavioral2/files/0x00070000000233f8-75.dat	xmrig
behavioral2/files/0x00070000000233f6-66.dat	xmrig
behavioral2/files/0x00070000000233f4-55.dat	xmrig
behavioral2/files/0x00070000000233f2-45.dat	xmrig
behavioral2/files/0x00070000000233f1-41.dat	xmrig
behavioral2/files/0x00070000000233f0-35.dat	xmrig
behavioral2/files/0x00070000000233ef-31.dat	xmrig
behavioral2/files/0x00070000000233ee-25.dat	xmrig
behavioral2/memory/404-24-0x00007FF62F7D0000-0x00007FF62FB24000-memory.dmp	xmrig
behavioral2/files/0x00080000000233e8-12.dat	xmrig
behavioral2/memory/632-2139-0x00007FF624AE0000-0x00007FF624E34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
632	ZEHIVDi.exe
404	HBlZPmT.exe
4264	ocMkMan.exe
4956	RqxVuJp.exe
2344	qBAhKuI.exe
3680	UAsyame.exe
3260	XFVAqsY.exe
1056	wGhbLXI.exe
2268	NZJGaxm.exe
1008	bmhRCYj.exe
4164	TxOGOTe.exe
1584	KaLBgCa.exe
4176	zpxKwzt.exe
1224	hiwDjIy.exe
4116	SaGYMoW.exe
2304	wjrlUEz.exe
1812	JEUsbVt.exe
3204	eWzvQLk.exe
2188	KvCXCMY.exe
4024	WdbPuoS.exe
1344	VgNWWNG.exe
2760	VPdWxZW.exe
5084	Sdnlrda.exe
4724	qrpwSHI.exe
4544	NwRDvBg.exe
3768	NGyiPkG.exe
408	nCAbnKL.exe
3568	YbZGyUr.exe
1692	FilrUHP.exe
4532	sgiuGuu.exe
64	unOFVuv.exe
4272	DufzWxC.exe
3504	dxLNgUV.exe
2588	xqiuXZy.exe
3248	nyxTrDB.exe
3836	fsZAQnt.exe
3764	NoaSQMX.exe
1548	YlptilQ.exe
2696	ceYWPuz.exe
3916	VQpCfbe.exe
4944	gekEayO.exe
1280	WizmvXE.exe
5072	MIXGfek.exe
1908	UbMxcKe.exe
2184	nisIyJi.exe
3148	FNOhMoZ.exe
4832	FxqAtjs.exe
3476	MrQSjAW.exe
3348	txEEUNs.exe
1220	XGcaHXh.exe
4224	dAFLcvs.exe
4268	iUjCpNU.exe
1832	TTyQhSC.exe
3296	dUAwUbR.exe
4240	vkNRIsC.exe
1444	ynhZtMr.exe
2968	nCJUQBn.exe
3176	OlnEcBv.exe
440	lRvjgrt.exe
228	tIDyYmW.exe
2076	MNZEJRe.exe
3212	IevNmDF.exe
952	kWApFAx.exe
2936	SyYgLXj.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1816-0-0x00007FF704A60000-0x00007FF704DB4000-memory.dmp	upx
behavioral2/files/0x00070000000233ed-7.dat	upx
behavioral2/memory/632-8-0x00007FF624AE0000-0x00007FF624E34000-memory.dmp	upx
behavioral2/files/0x00070000000233ec-18.dat	upx
behavioral2/files/0x00070000000233f3-51.dat	upx
behavioral2/files/0x00070000000233f5-61.dat	upx
behavioral2/files/0x00070000000233f7-71.dat	upx
behavioral2/files/0x00070000000233f9-81.dat	upx
behavioral2/files/0x0007000000023408-150.dat	upx
behavioral2/memory/3680-607-0x00007FF6D12A0000-0x00007FF6D15F4000-memory.dmp	upx
behavioral2/memory/3260-608-0x00007FF6B2880000-0x00007FF6B2BD4000-memory.dmp	upx
behavioral2/memory/2268-610-0x00007FF6FC180000-0x00007FF6FC4D4000-memory.dmp	upx
behavioral2/memory/1056-609-0x00007FF79A9A0000-0x00007FF79ACF4000-memory.dmp	upx
behavioral2/memory/2344-606-0x00007FF762E20000-0x00007FF763174000-memory.dmp	upx
behavioral2/memory/4176-614-0x00007FF68C410000-0x00007FF68C764000-memory.dmp	upx
behavioral2/memory/1584-613-0x00007FF7F8250000-0x00007FF7F85A4000-memory.dmp	upx
behavioral2/memory/4116-622-0x00007FF750D30000-0x00007FF751084000-memory.dmp	upx
behavioral2/memory/2304-628-0x00007FF74F390000-0x00007FF74F6E4000-memory.dmp	upx
behavioral2/memory/3204-639-0x00007FF757390000-0x00007FF7576E4000-memory.dmp	upx
behavioral2/memory/4024-651-0x00007FF7802D0000-0x00007FF780624000-memory.dmp	upx
behavioral2/memory/5084-669-0x00007FF756FC0000-0x00007FF757314000-memory.dmp	upx
behavioral2/memory/4544-676-0x00007FF7120E0000-0x00007FF712434000-memory.dmp	upx
behavioral2/memory/408-683-0x00007FF68A780000-0x00007FF68AAD4000-memory.dmp	upx
behavioral2/memory/1692-693-0x00007FF6C45F0000-0x00007FF6C4944000-memory.dmp	upx
behavioral2/memory/4956-695-0x00007FF636F90000-0x00007FF6372E4000-memory.dmp	upx
behavioral2/memory/3568-691-0x00007FF67B7D0000-0x00007FF67BB24000-memory.dmp	upx
behavioral2/memory/3768-679-0x00007FF737FA0000-0x00007FF7382F4000-memory.dmp	upx
behavioral2/memory/4724-674-0x00007FF6B1500000-0x00007FF6B1854000-memory.dmp	upx
behavioral2/memory/2760-666-0x00007FF60AD40000-0x00007FF60B094000-memory.dmp	upx
behavioral2/memory/1344-658-0x00007FF708F80000-0x00007FF7092D4000-memory.dmp	upx
behavioral2/memory/2188-645-0x00007FF664570000-0x00007FF6648C4000-memory.dmp	upx
behavioral2/memory/1812-635-0x00007FF6E8B60000-0x00007FF6E8EB4000-memory.dmp	upx
behavioral2/memory/1224-615-0x00007FF612A40000-0x00007FF612D94000-memory.dmp	upx
behavioral2/memory/4164-612-0x00007FF703690000-0x00007FF7039E4000-memory.dmp	upx
behavioral2/memory/1008-611-0x00007FF7849B0000-0x00007FF784D04000-memory.dmp	upx
behavioral2/memory/4264-605-0x00007FF7B3390000-0x00007FF7B36E4000-memory.dmp	upx
behavioral2/files/0x000700000002340b-165.dat	upx
behavioral2/files/0x0007000000023409-163.dat	upx
behavioral2/files/0x000700000002340a-160.dat	upx
behavioral2/files/0x0007000000023407-153.dat	upx
behavioral2/files/0x0007000000023406-148.dat	upx
behavioral2/files/0x0007000000023405-143.dat	upx
behavioral2/files/0x0007000000023404-138.dat	upx
behavioral2/files/0x0007000000023403-131.dat	upx
behavioral2/files/0x0007000000023402-126.dat	upx
behavioral2/files/0x0007000000023401-118.dat	upx
behavioral2/files/0x0007000000023400-116.dat	upx
behavioral2/files/0x00070000000233ff-111.dat	upx
behavioral2/files/0x00070000000233fe-106.dat	upx
behavioral2/files/0x00070000000233fd-101.dat	upx
behavioral2/files/0x00070000000233fc-95.dat	upx
behavioral2/files/0x00070000000233fb-91.dat	upx
behavioral2/files/0x00070000000233fa-86.dat	upx
behavioral2/files/0x00070000000233f8-75.dat	upx
behavioral2/files/0x00070000000233f6-66.dat	upx
behavioral2/files/0x00070000000233f4-55.dat	upx
behavioral2/files/0x00070000000233f2-45.dat	upx
behavioral2/files/0x00070000000233f1-41.dat	upx
behavioral2/files/0x00070000000233f0-35.dat	upx
behavioral2/files/0x00070000000233ef-31.dat	upx
behavioral2/files/0x00070000000233ee-25.dat	upx
behavioral2/memory/404-24-0x00007FF62F7D0000-0x00007FF62FB24000-memory.dmp	upx
behavioral2/files/0x00080000000233e8-12.dat	upx
behavioral2/memory/632-2139-0x00007FF624AE0000-0x00007FF624E34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bBHgBLB.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\TFxOaPY.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\UCOeEqd.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\FibJElJ.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\naULrRY.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\GafSqLt.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\KeazXpF.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\wVTxqzZ.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\CUonRqf.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\gOwUZPu.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\xTfFbXO.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\iNlNcYf.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\yyXguFV.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\MNUPxdO.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\eJldvuZ.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\xFVGdJL.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\cwjjINJ.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\pUzlDkc.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\HVlkXLi.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\PQVgVqc.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\xFIFOYD.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\JMbWlzG.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\vZNhtyI.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\BCUgKnq.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\jXdfNum.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\ysXpsty.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\kPsrbec.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\LTGjgQC.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\bXDthQM.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\tSMhRvv.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\ynhZtMr.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\OlnEcBv.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\gsDfniS.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\QVOqtUU.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\MoWvtTC.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\ifpkIhN.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\SuOafYG.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\TTyQhSC.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\kjrMzTc.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\vJxfJJc.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\zuRZWIo.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\rVOTDuy.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\EWAUWeM.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\QPybJLg.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\WvUayKH.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\rfUDdke.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\iZcgWiP.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\avhvill.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\xIYNrjF.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\THeYGWe.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\oSweDsS.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\fotdmat.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\UFcTjXe.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\ZgMmuNW.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\eBNNPED.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\MIonMZX.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\yckeFtR.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\vzdpQGX.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\pNoIFqH.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\ghehEkw.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\pBeQjsQ.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\duEWmiq.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\abuwveW.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
File created	C:\Windows\System\nCJUQBn.exe	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 632	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	83
PID 1816 wrote to memory of 632	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	83
PID 1816 wrote to memory of 404	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	84
PID 1816 wrote to memory of 404	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	84
PID 1816 wrote to memory of 4264	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	85
PID 1816 wrote to memory of 4264	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	85
PID 1816 wrote to memory of 4956	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	86
PID 1816 wrote to memory of 4956	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	86
PID 1816 wrote to memory of 2344	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	87
PID 1816 wrote to memory of 2344	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	87
PID 1816 wrote to memory of 3680	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	88
PID 1816 wrote to memory of 3680	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	88
PID 1816 wrote to memory of 3260	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	89
PID 1816 wrote to memory of 3260	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	89
PID 1816 wrote to memory of 1056	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	90
PID 1816 wrote to memory of 1056	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	90
PID 1816 wrote to memory of 2268	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	91
PID 1816 wrote to memory of 2268	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	91
PID 1816 wrote to memory of 1008	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	92
PID 1816 wrote to memory of 1008	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	92
PID 1816 wrote to memory of 4164	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	93
PID 1816 wrote to memory of 4164	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	93
PID 1816 wrote to memory of 1584	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	94
PID 1816 wrote to memory of 1584	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	94
PID 1816 wrote to memory of 4176	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	95
PID 1816 wrote to memory of 4176	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	95
PID 1816 wrote to memory of 1224	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	96
PID 1816 wrote to memory of 1224	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	96
PID 1816 wrote to memory of 4116	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	97
PID 1816 wrote to memory of 4116	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	97
PID 1816 wrote to memory of 2304	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	98
PID 1816 wrote to memory of 2304	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	98
PID 1816 wrote to memory of 1812	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	99
PID 1816 wrote to memory of 1812	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	99
PID 1816 wrote to memory of 3204	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	100
PID 1816 wrote to memory of 3204	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	100
PID 1816 wrote to memory of 2188	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	101
PID 1816 wrote to memory of 2188	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	101
PID 1816 wrote to memory of 4024	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	102
PID 1816 wrote to memory of 4024	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	102
PID 1816 wrote to memory of 1344	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	103
PID 1816 wrote to memory of 1344	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	103
PID 1816 wrote to memory of 2760	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	104
PID 1816 wrote to memory of 2760	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	104
PID 1816 wrote to memory of 5084	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	105
PID 1816 wrote to memory of 5084	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	105
PID 1816 wrote to memory of 4724	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	106
PID 1816 wrote to memory of 4724	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	106
PID 1816 wrote to memory of 4544	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	107
PID 1816 wrote to memory of 4544	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	107
PID 1816 wrote to memory of 3768	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	108
PID 1816 wrote to memory of 3768	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	108
PID 1816 wrote to memory of 408	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	109
PID 1816 wrote to memory of 408	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	109
PID 1816 wrote to memory of 3568	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	110
PID 1816 wrote to memory of 3568	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	110
PID 1816 wrote to memory of 1692	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	111
PID 1816 wrote to memory of 1692	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	111
PID 1816 wrote to memory of 4532	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	112
PID 1816 wrote to memory of 4532	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	112
PID 1816 wrote to memory of 64	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	113
PID 1816 wrote to memory of 64	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	113
PID 1816 wrote to memory of 4272	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	114
PID 1816 wrote to memory of 4272	1816	3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3ecada2b98abd7f1a95e2d6f3cc7641d02d60d516cc83859ac4df7e1c0b68894_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\System\ZEHIVDi.exe
  C:\Windows\System\ZEHIVDi.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\HBlZPmT.exe
  C:\Windows\System\HBlZPmT.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\ocMkMan.exe
  C:\Windows\System\ocMkMan.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\RqxVuJp.exe
  C:\Windows\System\RqxVuJp.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\qBAhKuI.exe
  C:\Windows\System\qBAhKuI.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\UAsyame.exe
  C:\Windows\System\UAsyame.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\XFVAqsY.exe
  C:\Windows\System\XFVAqsY.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\wGhbLXI.exe
  C:\Windows\System\wGhbLXI.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\NZJGaxm.exe
  C:\Windows\System\NZJGaxm.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\bmhRCYj.exe
  C:\Windows\System\bmhRCYj.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\TxOGOTe.exe
  C:\Windows\System\TxOGOTe.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\KaLBgCa.exe
  C:\Windows\System\KaLBgCa.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\zpxKwzt.exe
  C:\Windows\System\zpxKwzt.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\hiwDjIy.exe
  C:\Windows\System\hiwDjIy.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\SaGYMoW.exe
  C:\Windows\System\SaGYMoW.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\wjrlUEz.exe
  C:\Windows\System\wjrlUEz.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\JEUsbVt.exe
  C:\Windows\System\JEUsbVt.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\eWzvQLk.exe
  C:\Windows\System\eWzvQLk.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\KvCXCMY.exe
  C:\Windows\System\KvCXCMY.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\WdbPuoS.exe
  C:\Windows\System\WdbPuoS.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\VgNWWNG.exe
  C:\Windows\System\VgNWWNG.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\VPdWxZW.exe
  C:\Windows\System\VPdWxZW.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\Sdnlrda.exe
  C:\Windows\System\Sdnlrda.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\qrpwSHI.exe
  C:\Windows\System\qrpwSHI.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\NwRDvBg.exe
  C:\Windows\System\NwRDvBg.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\NGyiPkG.exe
  C:\Windows\System\NGyiPkG.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\nCAbnKL.exe
  C:\Windows\System\nCAbnKL.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\YbZGyUr.exe
  C:\Windows\System\YbZGyUr.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\FilrUHP.exe
  C:\Windows\System\FilrUHP.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\sgiuGuu.exe
  C:\Windows\System\sgiuGuu.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\unOFVuv.exe
  C:\Windows\System\unOFVuv.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\DufzWxC.exe
  C:\Windows\System\DufzWxC.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\dxLNgUV.exe
  C:\Windows\System\dxLNgUV.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\xqiuXZy.exe
  C:\Windows\System\xqiuXZy.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\nyxTrDB.exe
  C:\Windows\System\nyxTrDB.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\fsZAQnt.exe
  C:\Windows\System\fsZAQnt.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\NoaSQMX.exe
  C:\Windows\System\NoaSQMX.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\YlptilQ.exe
  C:\Windows\System\YlptilQ.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ceYWPuz.exe
  C:\Windows\System\ceYWPuz.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\VQpCfbe.exe
  C:\Windows\System\VQpCfbe.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\gekEayO.exe
  C:\Windows\System\gekEayO.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\WizmvXE.exe
  C:\Windows\System\WizmvXE.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\MIXGfek.exe
  C:\Windows\System\MIXGfek.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\UbMxcKe.exe
  C:\Windows\System\UbMxcKe.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\nisIyJi.exe
  C:\Windows\System\nisIyJi.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\FNOhMoZ.exe
  C:\Windows\System\FNOhMoZ.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\FxqAtjs.exe
  C:\Windows\System\FxqAtjs.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\MrQSjAW.exe
  C:\Windows\System\MrQSjAW.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\txEEUNs.exe
  C:\Windows\System\txEEUNs.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\XGcaHXh.exe
  C:\Windows\System\XGcaHXh.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\dAFLcvs.exe
  C:\Windows\System\dAFLcvs.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\iUjCpNU.exe
  C:\Windows\System\iUjCpNU.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\TTyQhSC.exe
  C:\Windows\System\TTyQhSC.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\dUAwUbR.exe
  C:\Windows\System\dUAwUbR.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\vkNRIsC.exe
  C:\Windows\System\vkNRIsC.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\ynhZtMr.exe
  C:\Windows\System\ynhZtMr.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\nCJUQBn.exe
  C:\Windows\System\nCJUQBn.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\OlnEcBv.exe
  C:\Windows\System\OlnEcBv.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\lRvjgrt.exe
  C:\Windows\System\lRvjgrt.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\tIDyYmW.exe
  C:\Windows\System\tIDyYmW.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\MNZEJRe.exe
  C:\Windows\System\MNZEJRe.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\IevNmDF.exe
  C:\Windows\System\IevNmDF.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\kWApFAx.exe
  C:\Windows\System\kWApFAx.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\SyYgLXj.exe
  C:\Windows\System\SyYgLXj.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\RvukdoR.exe
  C:\Windows\System\RvukdoR.exe
  2⤵
  PID:840
- C:\Windows\System\SJNaEWR.exe
  C:\Windows\System\SJNaEWR.exe
  2⤵
  PID:4880
- C:\Windows\System\MHEjMSv.exe
  C:\Windows\System\MHEjMSv.exe
  2⤵
  PID:1768
- C:\Windows\System\CMoqevG.exe
  C:\Windows\System\CMoqevG.exe
  2⤵
  PID:2376
- C:\Windows\System\ycoRuod.exe
  C:\Windows\System\ycoRuod.exe
  2⤵
  PID:4008
- C:\Windows\System\OQUvljX.exe
  C:\Windows\System\OQUvljX.exe
  2⤵
  PID:3604
- C:\Windows\System\cfthKBz.exe
  C:\Windows\System\cfthKBz.exe
  2⤵
  PID:5004
- C:\Windows\System\nWkuvQR.exe
  C:\Windows\System\nWkuvQR.exe
  2⤵
  PID:968
- C:\Windows\System\ReOJNSU.exe
  C:\Windows\System\ReOJNSU.exe
  2⤵
  PID:1588
- C:\Windows\System\mywkPTZ.exe
  C:\Windows\System\mywkPTZ.exe
  2⤵
  PID:2848
- C:\Windows\System\nxIdMnp.exe
  C:\Windows\System\nxIdMnp.exe
  2⤵
  PID:4508
- C:\Windows\System\zQDvzGi.exe
  C:\Windows\System\zQDvzGi.exe
  2⤵
  PID:4540
- C:\Windows\System\KZGpqxA.exe
  C:\Windows\System\KZGpqxA.exe
  2⤵
  PID:4132
- C:\Windows\System\rfUDdke.exe
  C:\Windows\System\rfUDdke.exe
  2⤵
  PID:4732
- C:\Windows\System\uoumfbu.exe
  C:\Windows\System\uoumfbu.exe
  2⤵
  PID:4552
- C:\Windows\System\YWXuBfm.exe
  C:\Windows\System\YWXuBfm.exe
  2⤵
  PID:2644
- C:\Windows\System\XGocuZu.exe
  C:\Windows\System\XGocuZu.exe
  2⤵
  PID:4152
- C:\Windows\System\CJpkBzX.exe
  C:\Windows\System\CJpkBzX.exe
  2⤵
  PID:1516
- C:\Windows\System\trzcKSj.exe
  C:\Windows\System\trzcKSj.exe
  2⤵
  PID:2132
- C:\Windows\System\nfMmcHg.exe
  C:\Windows\System\nfMmcHg.exe
  2⤵
  PID:3280
- C:\Windows\System\xNWmAPD.exe
  C:\Windows\System\xNWmAPD.exe
  2⤵
  PID:5140
- C:\Windows\System\wZtLYNi.exe
  C:\Windows\System\wZtLYNi.exe
  2⤵
  PID:5168
- C:\Windows\System\VGgcxWI.exe
  C:\Windows\System\VGgcxWI.exe
  2⤵
  PID:5196
- C:\Windows\System\VeHKdbS.exe
  C:\Windows\System\VeHKdbS.exe
  2⤵
  PID:5224
- C:\Windows\System\gsDfniS.exe
  C:\Windows\System\gsDfniS.exe
  2⤵
  PID:5252
- C:\Windows\System\uaNXfnb.exe
  C:\Windows\System\uaNXfnb.exe
  2⤵
  PID:5280
- C:\Windows\System\MzifRzJ.exe
  C:\Windows\System\MzifRzJ.exe
  2⤵
  PID:5308
- C:\Windows\System\IYCVuAu.exe
  C:\Windows\System\IYCVuAu.exe
  2⤵
  PID:5332
- C:\Windows\System\HxdPhQX.exe
  C:\Windows\System\HxdPhQX.exe
  2⤵
  PID:5364
- C:\Windows\System\AQDGFuR.exe
  C:\Windows\System\AQDGFuR.exe
  2⤵
  PID:5392
- C:\Windows\System\bzOXUgY.exe
  C:\Windows\System\bzOXUgY.exe
  2⤵
  PID:5416
- C:\Windows\System\zAVbtPi.exe
  C:\Windows\System\zAVbtPi.exe
  2⤵
  PID:5448
- C:\Windows\System\qnxbdNH.exe
  C:\Windows\System\qnxbdNH.exe
  2⤵
  PID:5476
- C:\Windows\System\DKOlMLg.exe
  C:\Windows\System\DKOlMLg.exe
  2⤵
  PID:5504
- C:\Windows\System\dNwZGUt.exe
  C:\Windows\System\dNwZGUt.exe
  2⤵
  PID:5532
- C:\Windows\System\exmPLRN.exe
  C:\Windows\System\exmPLRN.exe
  2⤵
  PID:5560
- C:\Windows\System\FFCvZqq.exe
  C:\Windows\System\FFCvZqq.exe
  2⤵
  PID:5584
- C:\Windows\System\gpDkrqc.exe
  C:\Windows\System\gpDkrqc.exe
  2⤵
  PID:5616
- C:\Windows\System\MIonMZX.exe
  C:\Windows\System\MIonMZX.exe
  2⤵
  PID:5644
- C:\Windows\System\CgrrPhP.exe
  C:\Windows\System\CgrrPhP.exe
  2⤵
  PID:5672
- C:\Windows\System\wYRfllN.exe
  C:\Windows\System\wYRfllN.exe
  2⤵
  PID:5700
- C:\Windows\System\CJzDeGk.exe
  C:\Windows\System\CJzDeGk.exe
  2⤵
  PID:5728
- C:\Windows\System\sbafCNC.exe
  C:\Windows\System\sbafCNC.exe
  2⤵
  PID:5756
- C:\Windows\System\hhYGAUX.exe
  C:\Windows\System\hhYGAUX.exe
  2⤵
  PID:5784
- C:\Windows\System\oSweDsS.exe
  C:\Windows\System\oSweDsS.exe
  2⤵
  PID:5812
- C:\Windows\System\uXTQufF.exe
  C:\Windows\System\uXTQufF.exe
  2⤵
  PID:5840
- C:\Windows\System\BCUgKnq.exe
  C:\Windows\System\BCUgKnq.exe
  2⤵
  PID:5868
- C:\Windows\System\phhPtuc.exe
  C:\Windows\System\phhPtuc.exe
  2⤵
  PID:5896
- C:\Windows\System\kGxGSNI.exe
  C:\Windows\System\kGxGSNI.exe
  2⤵
  PID:5920
- C:\Windows\System\dNOCXQU.exe
  C:\Windows\System\dNOCXQU.exe
  2⤵
  PID:5952
- C:\Windows\System\qBsfsan.exe
  C:\Windows\System\qBsfsan.exe
  2⤵
  PID:5980
- C:\Windows\System\MiinppU.exe
  C:\Windows\System\MiinppU.exe
  2⤵
  PID:6008
- C:\Windows\System\PfMcFfp.exe
  C:\Windows\System\PfMcFfp.exe
  2⤵
  PID:6032
- C:\Windows\System\SmSDVzo.exe
  C:\Windows\System\SmSDVzo.exe
  2⤵
  PID:6060
- C:\Windows\System\xmTrufk.exe
  C:\Windows\System\xmTrufk.exe
  2⤵
  PID:6088
- C:\Windows\System\YGvHjZO.exe
  C:\Windows\System\YGvHjZO.exe
  2⤵
  PID:6120
- C:\Windows\System\xYIcBYV.exe
  C:\Windows\System\xYIcBYV.exe
  2⤵
  PID:852
- C:\Windows\System\jYzdbQq.exe
  C:\Windows\System\jYzdbQq.exe
  2⤵
  PID:1764
- C:\Windows\System\OgKJgnZ.exe
  C:\Windows\System\OgKJgnZ.exe
  2⤵
  PID:5028
- C:\Windows\System\pKUQlBK.exe
  C:\Windows\System\pKUQlBK.exe
  2⤵
  PID:1980
- C:\Windows\System\tEkTcQy.exe
  C:\Windows\System\tEkTcQy.exe
  2⤵
  PID:3208
- C:\Windows\System\ULZpGCp.exe
  C:\Windows\System\ULZpGCp.exe
  2⤵
  PID:5180
- C:\Windows\System\eVyAuSZ.exe
  C:\Windows\System\eVyAuSZ.exe
  2⤵
  PID:5244
- C:\Windows\System\DqyVzwQ.exe
  C:\Windows\System\DqyVzwQ.exe
  2⤵
  PID:5300
- C:\Windows\System\wRWUFpi.exe
  C:\Windows\System\wRWUFpi.exe
  2⤵
  PID:5376
- C:\Windows\System\ehcsltj.exe
  C:\Windows\System\ehcsltj.exe
  2⤵
  PID:5436
- C:\Windows\System\RqOrCpD.exe
  C:\Windows\System\RqOrCpD.exe
  2⤵
  PID:5492
- C:\Windows\System\iQPffKF.exe
  C:\Windows\System\iQPffKF.exe
  2⤵
  PID:5572
- C:\Windows\System\jXdfNum.exe
  C:\Windows\System\jXdfNum.exe
  2⤵
  PID:5632
- C:\Windows\System\HzNwFUD.exe
  C:\Windows\System\HzNwFUD.exe
  2⤵
  PID:5692
- C:\Windows\System\DvpSoSz.exe
  C:\Windows\System\DvpSoSz.exe
  2⤵
  PID:5768
- C:\Windows\System\LvOifHz.exe
  C:\Windows\System\LvOifHz.exe
  2⤵
  PID:5828
- C:\Windows\System\hxUMODc.exe
  C:\Windows\System\hxUMODc.exe
  2⤵
  PID:5888
- C:\Windows\System\KShuHcA.exe
  C:\Windows\System\KShuHcA.exe
  2⤵
  PID:5964
- C:\Windows\System\XTVaxWN.exe
  C:\Windows\System\XTVaxWN.exe
  2⤵
  PID:6024
- C:\Windows\System\kjrMzTc.exe
  C:\Windows\System\kjrMzTc.exe
  2⤵
  PID:6084
- C:\Windows\System\pdBaHtv.exe
  C:\Windows\System\pdBaHtv.exe
  2⤵
  PID:1096
- C:\Windows\System\HaNhAhL.exe
  C:\Windows\System\HaNhAhL.exe
  2⤵
  PID:2252
- C:\Windows\System\UcvHajr.exe
  C:\Windows\System\UcvHajr.exe
  2⤵
  PID:5156
- C:\Windows\System\ODKBlAq.exe
  C:\Windows\System\ODKBlAq.exe
  2⤵
  PID:5328
- C:\Windows\System\PWbIrpe.exe
  C:\Windows\System\PWbIrpe.exe
  2⤵
  PID:5464
- C:\Windows\System\mxOWwmH.exe
  C:\Windows\System\mxOWwmH.exe
  2⤵
  PID:4408
- C:\Windows\System\gzhfpre.exe
  C:\Windows\System\gzhfpre.exe
  2⤵
  PID:5720
- C:\Windows\System\gwNBPDA.exe
  C:\Windows\System\gwNBPDA.exe
  2⤵
  PID:5860
- C:\Windows\System\ljxroDr.exe
  C:\Windows\System\ljxroDr.exe
  2⤵
  PID:6000
- C:\Windows\System\zHhkAhg.exe
  C:\Windows\System\zHhkAhg.exe
  2⤵
  PID:6136
- C:\Windows\System\TpauosA.exe
  C:\Windows\System\TpauosA.exe
  2⤵
  PID:5236
- C:\Windows\System\CpjPLqR.exe
  C:\Windows\System\CpjPLqR.exe
  2⤵
  PID:5524
- C:\Windows\System\zgyzBsl.exe
  C:\Windows\System\zgyzBsl.exe
  2⤵
  PID:6164
- C:\Windows\System\bfaOLOv.exe
  C:\Windows\System\bfaOLOv.exe
  2⤵
  PID:6188
- C:\Windows\System\NUCaODW.exe
  C:\Windows\System\NUCaODW.exe
  2⤵
  PID:6220
- C:\Windows\System\gXjrwZU.exe
  C:\Windows\System\gXjrwZU.exe
  2⤵
  PID:6248
- C:\Windows\System\XsOhEcw.exe
  C:\Windows\System\XsOhEcw.exe
  2⤵
  PID:6276
- C:\Windows\System\LrJytPe.exe
  C:\Windows\System\LrJytPe.exe
  2⤵
  PID:6304
- C:\Windows\System\XeuVUbA.exe
  C:\Windows\System\XeuVUbA.exe
  2⤵
  PID:6332
- C:\Windows\System\YaZRrja.exe
  C:\Windows\System\YaZRrja.exe
  2⤵
  PID:6356
- C:\Windows\System\TIqdYvf.exe
  C:\Windows\System\TIqdYvf.exe
  2⤵
  PID:6388
- C:\Windows\System\hyTqcTC.exe
  C:\Windows\System\hyTqcTC.exe
  2⤵
  PID:6416
- C:\Windows\System\pZJNooV.exe
  C:\Windows\System\pZJNooV.exe
  2⤵
  PID:6444
- C:\Windows\System\IAHKiUn.exe
  C:\Windows\System\IAHKiUn.exe
  2⤵
  PID:6472
- C:\Windows\System\DPlluvd.exe
  C:\Windows\System\DPlluvd.exe
  2⤵
  PID:6500
- C:\Windows\System\iSJfuIT.exe
  C:\Windows\System\iSJfuIT.exe
  2⤵
  PID:6528
- C:\Windows\System\LCVsCIQ.exe
  C:\Windows\System\LCVsCIQ.exe
  2⤵
  PID:6552
- C:\Windows\System\tVwSGSJ.exe
  C:\Windows\System\tVwSGSJ.exe
  2⤵
  PID:6580
- C:\Windows\System\XZOBCRi.exe
  C:\Windows\System\XZOBCRi.exe
  2⤵
  PID:6612
- C:\Windows\System\LYalfDx.exe
  C:\Windows\System\LYalfDx.exe
  2⤵
  PID:6640
- C:\Windows\System\JbQZhkc.exe
  C:\Windows\System\JbQZhkc.exe
  2⤵
  PID:6668
- C:\Windows\System\imonFHd.exe
  C:\Windows\System\imonFHd.exe
  2⤵
  PID:6696
- C:\Windows\System\OqauMWd.exe
  C:\Windows\System\OqauMWd.exe
  2⤵
  PID:6724
- C:\Windows\System\mgcfmuI.exe
  C:\Windows\System\mgcfmuI.exe
  2⤵
  PID:6752
- C:\Windows\System\llKYQXb.exe
  C:\Windows\System\llKYQXb.exe
  2⤵
  PID:6780
- C:\Windows\System\bQBTbih.exe
  C:\Windows\System\bQBTbih.exe
  2⤵
  PID:6808
- C:\Windows\System\GCnQZdH.exe
  C:\Windows\System\GCnQZdH.exe
  2⤵
  PID:6836
- C:\Windows\System\NtKQmgn.exe
  C:\Windows\System\NtKQmgn.exe
  2⤵
  PID:6864
- C:\Windows\System\veadiAz.exe
  C:\Windows\System\veadiAz.exe
  2⤵
  PID:6892
- C:\Windows\System\uSdsLZf.exe
  C:\Windows\System\uSdsLZf.exe
  2⤵
  PID:6920
- C:\Windows\System\jjUGvCj.exe
  C:\Windows\System\jjUGvCj.exe
  2⤵
  PID:7040
- C:\Windows\System\jncWgUt.exe
  C:\Windows\System\jncWgUt.exe
  2⤵
  PID:7076
- C:\Windows\System\bXocSHF.exe
  C:\Windows\System\bXocSHF.exe
  2⤵
  PID:7112
- C:\Windows\System\HWeORFZ.exe
  C:\Windows\System\HWeORFZ.exe
  2⤵
  PID:7156
- C:\Windows\System\DdKDzAa.exe
  C:\Windows\System\DdKDzAa.exe
  2⤵
  PID:5800
- C:\Windows\System\BLNhQxg.exe
  C:\Windows\System\BLNhQxg.exe
  2⤵
  PID:5992
- C:\Windows\System\UgnkOeJ.exe
  C:\Windows\System\UgnkOeJ.exe
  2⤵
  PID:4140
- C:\Windows\System\UPCCDUo.exe
  C:\Windows\System\UPCCDUo.exe
  2⤵
  PID:5404
- C:\Windows\System\fwMkIFX.exe
  C:\Windows\System\fwMkIFX.exe
  2⤵
  PID:6176
- C:\Windows\System\TgLxDhf.exe
  C:\Windows\System\TgLxDhf.exe
  2⤵
  PID:6264
- C:\Windows\System\YvxEtyI.exe
  C:\Windows\System\YvxEtyI.exe
  2⤵
  PID:6344
- C:\Windows\System\EbXArPG.exe
  C:\Windows\System\EbXArPG.exe
  2⤵
  PID:6380
- C:\Windows\System\qpxsrLZ.exe
  C:\Windows\System\qpxsrLZ.exe
  2⤵
  PID:3824
- C:\Windows\System\gOwUZPu.exe
  C:\Windows\System\gOwUZPu.exe
  2⤵
  PID:6516
- C:\Windows\System\zOiGkGz.exe
  C:\Windows\System\zOiGkGz.exe
  2⤵
  PID:6572
- C:\Windows\System\CzCYllT.exe
  C:\Windows\System\CzCYllT.exe
  2⤵
  PID:6632
- C:\Windows\System\NQhuPZS.exe
  C:\Windows\System\NQhuPZS.exe
  2⤵
  PID:4004
- C:\Windows\System\fotdmat.exe
  C:\Windows\System\fotdmat.exe
  2⤵
  PID:6740
- C:\Windows\System\KZqvvUx.exe
  C:\Windows\System\KZqvvUx.exe
  2⤵
  PID:2240
- C:\Windows\System\FMyrpRt.exe
  C:\Windows\System\FMyrpRt.exe
  2⤵
  PID:6828
- C:\Windows\System\jQRLfdW.exe
  C:\Windows\System\jQRLfdW.exe
  2⤵
  PID:700
- C:\Windows\System\MYBwqsT.exe
  C:\Windows\System\MYBwqsT.exe
  2⤵
  PID:6880
- C:\Windows\System\stPJqvl.exe
  C:\Windows\System\stPJqvl.exe
  2⤵
  PID:3500
- C:\Windows\System\fafINkc.exe
  C:\Windows\System\fafINkc.exe
  2⤵
  PID:2104
- C:\Windows\System\lqiZWcz.exe
  C:\Windows\System\lqiZWcz.exe
  2⤵
  PID:1468
- C:\Windows\System\rAWQkOL.exe
  C:\Windows\System\rAWQkOL.exe
  2⤵
  PID:5660
- C:\Windows\System\xTfFbXO.exe
  C:\Windows\System\xTfFbXO.exe
  2⤵
  PID:3700
- C:\Windows\System\JECNooG.exe
  C:\Windows\System\JECNooG.exe
  2⤵
  PID:3264
- C:\Windows\System\fZHgher.exe
  C:\Windows\System\fZHgher.exe
  2⤵
  PID:5936
- C:\Windows\System\QlOOnjK.exe
  C:\Windows\System\QlOOnjK.exe
  2⤵
  PID:6236
- C:\Windows\System\gFOYACt.exe
  C:\Windows\System\gFOYACt.exe
  2⤵
  PID:6464
- C:\Windows\System\fcurMrO.exe
  C:\Windows\System\fcurMrO.exe
  2⤵
  PID:396
- C:\Windows\System\SGCGgFI.exe
  C:\Windows\System\SGCGgFI.exe
  2⤵
  PID:6800
- C:\Windows\System\xmhlOet.exe
  C:\Windows\System\xmhlOet.exe
  2⤵
  PID:1340
- C:\Windows\System\VgzPweK.exe
  C:\Windows\System\VgzPweK.exe
  2⤵
  PID:1384
- C:\Windows\System\XOCRlIE.exe
  C:\Windows\System\XOCRlIE.exe
  2⤵
  PID:4404
- C:\Windows\System\MygGkyv.exe
  C:\Windows\System\MygGkyv.exe
  2⤵
  PID:7000
- C:\Windows\System\ikdGKrE.exe
  C:\Windows\System\ikdGKrE.exe
  2⤵
  PID:6408
- C:\Windows\System\cDcaOFc.exe
  C:\Windows\System\cDcaOFc.exe
  2⤵
  PID:7140
- C:\Windows\System\iZcgWiP.exe
  C:\Windows\System\iZcgWiP.exe
  2⤵
  PID:7028
- C:\Windows\System\cUCIzzQ.exe
  C:\Windows\System\cUCIzzQ.exe
  2⤵
  PID:8
- C:\Windows\System\mdbFDgN.exe
  C:\Windows\System\mdbFDgN.exe
  2⤵
  PID:7016
- C:\Windows\System\qbHGdGC.exe
  C:\Windows\System\qbHGdGC.exe
  2⤵
  PID:6852
- C:\Windows\System\GhHtQZK.exe
  C:\Windows\System\GhHtQZK.exe
  2⤵
  PID:7176
- C:\Windows\System\yckeFtR.exe
  C:\Windows\System\yckeFtR.exe
  2⤵
  PID:7220
- C:\Windows\System\ecLdUOF.exe
  C:\Windows\System\ecLdUOF.exe
  2⤵
  PID:7244
- C:\Windows\System\VicyRXB.exe
  C:\Windows\System\VicyRXB.exe
  2⤵
  PID:7272
- C:\Windows\System\pvsAfoc.exe
  C:\Windows\System\pvsAfoc.exe
  2⤵
  PID:7300
- C:\Windows\System\lFdVBKH.exe
  C:\Windows\System\lFdVBKH.exe
  2⤵
  PID:7328
- C:\Windows\System\IPjiueo.exe
  C:\Windows\System\IPjiueo.exe
  2⤵
  PID:7356
- C:\Windows\System\VKRcidz.exe
  C:\Windows\System\VKRcidz.exe
  2⤵
  PID:7376
- C:\Windows\System\tLfqwZP.exe
  C:\Windows\System\tLfqwZP.exe
  2⤵
  PID:7400
- C:\Windows\System\NRQIYJR.exe
  C:\Windows\System\NRQIYJR.exe
  2⤵
  PID:7440
- C:\Windows\System\ZHGwYyN.exe
  C:\Windows\System\ZHGwYyN.exe
  2⤵
  PID:7468
- C:\Windows\System\HDMwrhG.exe
  C:\Windows\System\HDMwrhG.exe
  2⤵
  PID:7500
- C:\Windows\System\dWoPTOj.exe
  C:\Windows\System\dWoPTOj.exe
  2⤵
  PID:7528
- C:\Windows\System\tcbQnGV.exe
  C:\Windows\System\tcbQnGV.exe
  2⤵
  PID:7548
- C:\Windows\System\KPNJqdt.exe
  C:\Windows\System\KPNJqdt.exe
  2⤵
  PID:7572
- C:\Windows\System\IrJDnjZ.exe
  C:\Windows\System\IrJDnjZ.exe
  2⤵
  PID:7588
- C:\Windows\System\nzWjsSf.exe
  C:\Windows\System\nzWjsSf.exe
  2⤵
  PID:7640
- C:\Windows\System\LMAZGOc.exe
  C:\Windows\System\LMAZGOc.exe
  2⤵
  PID:7672
- C:\Windows\System\dxQrULD.exe
  C:\Windows\System\dxQrULD.exe
  2⤵
  PID:7708
- C:\Windows\System\yTVQssO.exe
  C:\Windows\System\yTVQssO.exe
  2⤵
  PID:7732
- C:\Windows\System\PlAoyqQ.exe
  C:\Windows\System\PlAoyqQ.exe
  2⤵
  PID:7760
- C:\Windows\System\pYGeZgK.exe
  C:\Windows\System\pYGeZgK.exe
  2⤵
  PID:7776
- C:\Windows\System\GWbsQVs.exe
  C:\Windows\System\GWbsQVs.exe
  2⤵
  PID:7792
- C:\Windows\System\wLGyKcA.exe
  C:\Windows\System\wLGyKcA.exe
  2⤵
  PID:7824
- C:\Windows\System\PfDXqkg.exe
  C:\Windows\System\PfDXqkg.exe
  2⤵
  PID:7844
- C:\Windows\System\AUouWxZ.exe
  C:\Windows\System\AUouWxZ.exe
  2⤵
  PID:7864
- C:\Windows\System\JjFyYOH.exe
  C:\Windows\System\JjFyYOH.exe
  2⤵
  PID:7892
- C:\Windows\System\QAvtgHR.exe
  C:\Windows\System\QAvtgHR.exe
  2⤵
  PID:7944
- C:\Windows\System\ierfivZ.exe
  C:\Windows\System\ierfivZ.exe
  2⤵
  PID:7988
- C:\Windows\System\KhvuqZo.exe
  C:\Windows\System\KhvuqZo.exe
  2⤵
  PID:8016
- C:\Windows\System\tbJgNNQ.exe
  C:\Windows\System\tbJgNNQ.exe
  2⤵
  PID:8040
- C:\Windows\System\cwjjINJ.exe
  C:\Windows\System\cwjjINJ.exe
  2⤵
  PID:8072
- C:\Windows\System\jxKQdpM.exe
  C:\Windows\System\jxKQdpM.exe
  2⤵
  PID:8100
- C:\Windows\System\HoZniBn.exe
  C:\Windows\System\HoZniBn.exe
  2⤵
  PID:8136
- C:\Windows\System\XQPuEXA.exe
  C:\Windows\System\XQPuEXA.exe
  2⤵
  PID:8164
- C:\Windows\System\PrUtFqP.exe
  C:\Windows\System\PrUtFqP.exe
  2⤵
  PID:6212
- C:\Windows\System\VYJYMhm.exe
  C:\Windows\System\VYJYMhm.exe
  2⤵
  PID:7188
- C:\Windows\System\oYvPpIH.exe
  C:\Windows\System\oYvPpIH.exe
  2⤵
  PID:6960
- C:\Windows\System\yrlRIUc.exe
  C:\Windows\System\yrlRIUc.exe
  2⤵
  PID:7100
- C:\Windows\System\AvXTXDu.exe
  C:\Windows\System\AvXTXDu.exe
  2⤵
  PID:7368
- C:\Windows\System\naULrRY.exe
  C:\Windows\System\naULrRY.exe
  2⤵
  PID:7432
- C:\Windows\System\BRnMaYD.exe
  C:\Windows\System\BRnMaYD.exe
  2⤵
  PID:7460
- C:\Windows\System\uyHlMPB.exe
  C:\Windows\System\uyHlMPB.exe
  2⤵
  PID:7564
- C:\Windows\System\nfYKBrV.exe
  C:\Windows\System\nfYKBrV.exe
  2⤵
  PID:7632
- C:\Windows\System\SrUBvai.exe
  C:\Windows\System\SrUBvai.exe
  2⤵
  PID:7700
- C:\Windows\System\zUBChOP.exe
  C:\Windows\System\zUBChOP.exe
  2⤵
  PID:7768
- C:\Windows\System\GtbqFId.exe
  C:\Windows\System\GtbqFId.exe
  2⤵
  PID:7784
- C:\Windows\System\pMMyRIo.exe
  C:\Windows\System\pMMyRIo.exe
  2⤵
  PID:7860
- C:\Windows\System\dFtvinW.exe
  C:\Windows\System\dFtvinW.exe
  2⤵
  PID:7924
- C:\Windows\System\uDfjQvz.exe
  C:\Windows\System\uDfjQvz.exe
  2⤵
  PID:8000
- C:\Windows\System\vSTQNvm.exe
  C:\Windows\System\vSTQNvm.exe
  2⤵
  PID:8068
- C:\Windows\System\eakCRjl.exe
  C:\Windows\System\eakCRjl.exe
  2⤵
  PID:8132
- C:\Windows\System\ZmDFlUW.exe
  C:\Windows\System\ZmDFlUW.exe
  2⤵
  PID:7196
- C:\Windows\System\lRNywKd.exe
  C:\Windows\System\lRNywKd.exe
  2⤵
  PID:6660
- C:\Windows\System\iNlNcYf.exe
  C:\Windows\System\iNlNcYf.exe
  2⤵
  PID:372
- C:\Windows\System\xtVoRlm.exe
  C:\Windows\System\xtVoRlm.exe
  2⤵
  PID:7416
- C:\Windows\System\qvrpBgw.exe
  C:\Windows\System\qvrpBgw.exe
  2⤵
  PID:7584
- C:\Windows\System\ZXDFDlL.exe
  C:\Windows\System\ZXDFDlL.exe
  2⤵
  PID:2628
- C:\Windows\System\GeKIQmF.exe
  C:\Windows\System\GeKIQmF.exe
  2⤵
  PID:7916
- C:\Windows\System\AlkkNSD.exe
  C:\Windows\System\AlkkNSD.exe
  2⤵
  PID:8024
- C:\Windows\System\YmKqSQV.exe
  C:\Windows\System\YmKqSQV.exe
  2⤵
  PID:6988
- C:\Windows\System\exchpUd.exe
  C:\Windows\System\exchpUd.exe
  2⤵
  PID:7296
- C:\Windows\System\YytEJen.exe
  C:\Windows\System\YytEJen.exe
  2⤵
  PID:7688
- C:\Windows\System\wnTXbfC.exe
  C:\Windows\System\wnTXbfC.exe
  2⤵
  PID:7984
- C:\Windows\System\ytrCUGh.exe
  C:\Windows\System\ytrCUGh.exe
  2⤵
  PID:7728
- C:\Windows\System\dmunuIK.exe
  C:\Windows\System\dmunuIK.exe
  2⤵
  PID:8160
- C:\Windows\System\fGEVGow.exe
  C:\Windows\System\fGEVGow.exe
  2⤵
  PID:7604
- C:\Windows\System\znalmwJ.exe
  C:\Windows\System\znalmwJ.exe
  2⤵
  PID:8212
- C:\Windows\System\NDZmRgj.exe
  C:\Windows\System\NDZmRgj.exe
  2⤵
  PID:8240
- C:\Windows\System\hpkbEwb.exe
  C:\Windows\System\hpkbEwb.exe
  2⤵
  PID:8268
- C:\Windows\System\xeakbJP.exe
  C:\Windows\System\xeakbJP.exe
  2⤵
  PID:8304
- C:\Windows\System\uMOcqeF.exe
  C:\Windows\System\uMOcqeF.exe
  2⤵
  PID:8332
- C:\Windows\System\GxcEqzy.exe
  C:\Windows\System\GxcEqzy.exe
  2⤵
  PID:8372
- C:\Windows\System\vzdpQGX.exe
  C:\Windows\System\vzdpQGX.exe
  2⤵
  PID:8404
- C:\Windows\System\MjBCDsG.exe
  C:\Windows\System\MjBCDsG.exe
  2⤵
  PID:8432
- C:\Windows\System\KgxVQAA.exe
  C:\Windows\System\KgxVQAA.exe
  2⤵
  PID:8460
- C:\Windows\System\rQtQeXK.exe
  C:\Windows\System\rQtQeXK.exe
  2⤵
  PID:8492
- C:\Windows\System\pStbeJN.exe
  C:\Windows\System\pStbeJN.exe
  2⤵
  PID:8528
- C:\Windows\System\wVqXcZs.exe
  C:\Windows\System\wVqXcZs.exe
  2⤵
  PID:8552
- C:\Windows\System\ysXpsty.exe
  C:\Windows\System\ysXpsty.exe
  2⤵
  PID:8580
- C:\Windows\System\PLmmAIF.exe
  C:\Windows\System\PLmmAIF.exe
  2⤵
  PID:8608
- C:\Windows\System\YdmKTEv.exe
  C:\Windows\System\YdmKTEv.exe
  2⤵
  PID:8640
- C:\Windows\System\WaFvJUG.exe
  C:\Windows\System\WaFvJUG.exe
  2⤵
  PID:8664
- C:\Windows\System\GafSqLt.exe
  C:\Windows\System\GafSqLt.exe
  2⤵
  PID:8692
- C:\Windows\System\zGDMGrn.exe
  C:\Windows\System\zGDMGrn.exe
  2⤵
  PID:8720
- C:\Windows\System\oZjndEh.exe
  C:\Windows\System\oZjndEh.exe
  2⤵
  PID:8736
- C:\Windows\System\ZHRTafi.exe
  C:\Windows\System\ZHRTafi.exe
  2⤵
  PID:8752
- C:\Windows\System\glEygRJ.exe
  C:\Windows\System\glEygRJ.exe
  2⤵
  PID:8792
- C:\Windows\System\JonSeyr.exe
  C:\Windows\System\JonSeyr.exe
  2⤵
  PID:8832
- C:\Windows\System\lizZzSW.exe
  C:\Windows\System\lizZzSW.exe
  2⤵
  PID:8860
- C:\Windows\System\pTwocce.exe
  C:\Windows\System\pTwocce.exe
  2⤵
  PID:8888
- C:\Windows\System\wZUvZkF.exe
  C:\Windows\System\wZUvZkF.exe
  2⤵
  PID:8916
- C:\Windows\System\XUcAiYc.exe
  C:\Windows\System\XUcAiYc.exe
  2⤵
  PID:8944
- C:\Windows\System\bOYZHsd.exe
  C:\Windows\System\bOYZHsd.exe
  2⤵
  PID:8972
- C:\Windows\System\WxkHYhK.exe
  C:\Windows\System\WxkHYhK.exe
  2⤵
  PID:9000
- C:\Windows\System\czChleI.exe
  C:\Windows\System\czChleI.exe
  2⤵
  PID:9036
- C:\Windows\System\HPbeLSC.exe
  C:\Windows\System\HPbeLSC.exe
  2⤵
  PID:9056
- C:\Windows\System\QSxCBMy.exe
  C:\Windows\System\QSxCBMy.exe
  2⤵
  PID:9084
- C:\Windows\System\myYtOWX.exe
  C:\Windows\System\myYtOWX.exe
  2⤵
  PID:9120
- C:\Windows\System\vJxfJJc.exe
  C:\Windows\System\vJxfJJc.exe
  2⤵
  PID:9148
- C:\Windows\System\eQwLweU.exe
  C:\Windows\System\eQwLweU.exe
  2⤵
  PID:9180
- C:\Windows\System\pyPKdZR.exe
  C:\Windows\System\pyPKdZR.exe
  2⤵
  PID:9204
- C:\Windows\System\YyShUUK.exe
  C:\Windows\System\YyShUUK.exe
  2⤵
  PID:8232
- C:\Windows\System\dWwDUmt.exe
  C:\Windows\System\dWwDUmt.exe
  2⤵
  PID:8296
- C:\Windows\System\rQscMsi.exe
  C:\Windows\System\rQscMsi.exe
  2⤵
  PID:8388
- C:\Windows\System\eQACCrR.exe
  C:\Windows\System\eQACCrR.exe
  2⤵
  PID:8452
- C:\Windows\System\WMybOVY.exe
  C:\Windows\System\WMybOVY.exe
  2⤵
  PID:8520
- C:\Windows\System\PGbXwGm.exe
  C:\Windows\System\PGbXwGm.exe
  2⤵
  PID:8592
- C:\Windows\System\MWElzYq.exe
  C:\Windows\System\MWElzYq.exe
  2⤵
  PID:8656
- C:\Windows\System\SSjEsuD.exe
  C:\Windows\System\SSjEsuD.exe
  2⤵
  PID:8732
- C:\Windows\System\YcNgjeR.exe
  C:\Windows\System\YcNgjeR.exe
  2⤵
  PID:8812
- C:\Windows\System\ZMsycuL.exe
  C:\Windows\System\ZMsycuL.exe
  2⤵
  PID:8852
- C:\Windows\System\GQJuEAS.exe
  C:\Windows\System\GQJuEAS.exe
  2⤵
  PID:8928
- C:\Windows\System\ALjSQhp.exe
  C:\Windows\System\ALjSQhp.exe
  2⤵
  PID:8984
- C:\Windows\System\vjCMCCN.exe
  C:\Windows\System\vjCMCCN.exe
  2⤵
  PID:9048
- C:\Windows\System\EZxumkM.exe
  C:\Windows\System\EZxumkM.exe
  2⤵
  PID:9108
- C:\Windows\System\fHgHUaE.exe
  C:\Windows\System\fHgHUaE.exe
  2⤵
  PID:9188
- C:\Windows\System\UoHcSif.exe
  C:\Windows\System\UoHcSif.exe
  2⤵
  PID:8284
- C:\Windows\System\OuWRICQ.exe
  C:\Windows\System\OuWRICQ.exe
  2⤵
  PID:8444
- C:\Windows\System\pUzlDkc.exe
  C:\Windows\System\pUzlDkc.exe
  2⤵
  PID:8620
- C:\Windows\System\eMBudqj.exe
  C:\Windows\System\eMBudqj.exe
  2⤵
  PID:8760
- C:\Windows\System\IutfAMh.exe
  C:\Windows\System\IutfAMh.exe
  2⤵
  PID:8912
- C:\Windows\System\zdKnNIC.exe
  C:\Windows\System\zdKnNIC.exe
  2⤵
  PID:9080
- C:\Windows\System\VRaDMJF.exe
  C:\Windows\System\VRaDMJF.exe
  2⤵
  PID:8208
- C:\Windows\System\dFfCDuN.exe
  C:\Windows\System\dFfCDuN.exe
  2⤵
  PID:8576
- C:\Windows\System\ZHYjdUy.exe
  C:\Windows\System\ZHYjdUy.exe
  2⤵
  PID:9012
- C:\Windows\System\MNUPxdO.exe
  C:\Windows\System\MNUPxdO.exe
  2⤵
  PID:8428
- C:\Windows\System\VFcnCXY.exe
  C:\Windows\System\VFcnCXY.exe
  2⤵
  PID:8880
- C:\Windows\System\eJldvuZ.exe
  C:\Windows\System\eJldvuZ.exe
  2⤵
  PID:9236
- C:\Windows\System\fnEMgDk.exe
  C:\Windows\System\fnEMgDk.exe
  2⤵
  PID:9264
- C:\Windows\System\tEAHUky.exe
  C:\Windows\System\tEAHUky.exe
  2⤵
  PID:9292
- C:\Windows\System\yYhJFQK.exe
  C:\Windows\System\yYhJFQK.exe
  2⤵
  PID:9320
- C:\Windows\System\kPmQYtz.exe
  C:\Windows\System\kPmQYtz.exe
  2⤵
  PID:9348
- C:\Windows\System\yslfWki.exe
  C:\Windows\System\yslfWki.exe
  2⤵
  PID:9376
- C:\Windows\System\RfoqFgc.exe
  C:\Windows\System\RfoqFgc.exe
  2⤵
  PID:9404
- C:\Windows\System\vJjUwLh.exe
  C:\Windows\System\vJjUwLh.exe
  2⤵
  PID:9432
- C:\Windows\System\hgsAeXw.exe
  C:\Windows\System\hgsAeXw.exe
  2⤵
  PID:9460
- C:\Windows\System\foHTUYS.exe
  C:\Windows\System\foHTUYS.exe
  2⤵
  PID:9492
- C:\Windows\System\wMWwiVX.exe
  C:\Windows\System\wMWwiVX.exe
  2⤵
  PID:9520
- C:\Windows\System\SGhoQmm.exe
  C:\Windows\System\SGhoQmm.exe
  2⤵
  PID:9548
- C:\Windows\System\xpRrOTj.exe
  C:\Windows\System\xpRrOTj.exe
  2⤵
  PID:9576
- C:\Windows\System\aJCUbet.exe
  C:\Windows\System\aJCUbet.exe
  2⤵
  PID:9604
- C:\Windows\System\GCnEXWp.exe
  C:\Windows\System\GCnEXWp.exe
  2⤵
  PID:9632
- C:\Windows\System\DXmoBnd.exe
  C:\Windows\System\DXmoBnd.exe
  2⤵
  PID:9660
- C:\Windows\System\ZYYeDAr.exe
  C:\Windows\System\ZYYeDAr.exe
  2⤵
  PID:9688
- C:\Windows\System\ggIvObU.exe
  C:\Windows\System\ggIvObU.exe
  2⤵
  PID:9716
- C:\Windows\System\BwfGGkm.exe
  C:\Windows\System\BwfGGkm.exe
  2⤵
  PID:9744
- C:\Windows\System\wZTcyVJ.exe
  C:\Windows\System\wZTcyVJ.exe
  2⤵
  PID:9772
- C:\Windows\System\KeazXpF.exe
  C:\Windows\System\KeazXpF.exe
  2⤵
  PID:9800
- C:\Windows\System\lzNiNHh.exe
  C:\Windows\System\lzNiNHh.exe
  2⤵
  PID:9828
- C:\Windows\System\GgsowiV.exe
  C:\Windows\System\GgsowiV.exe
  2⤵
  PID:9856
- C:\Windows\System\jSuDvfJ.exe
  C:\Windows\System\jSuDvfJ.exe
  2⤵
  PID:9884
- C:\Windows\System\vaBGZWz.exe
  C:\Windows\System\vaBGZWz.exe
  2⤵
  PID:9912
- C:\Windows\System\wSGbAYh.exe
  C:\Windows\System\wSGbAYh.exe
  2⤵
  PID:9940
- C:\Windows\System\qMAhHyR.exe
  C:\Windows\System\qMAhHyR.exe
  2⤵
  PID:9968
- C:\Windows\System\OnXQRWS.exe
  C:\Windows\System\OnXQRWS.exe
  2⤵
  PID:9996
- C:\Windows\System\ghehEkw.exe
  C:\Windows\System\ghehEkw.exe
  2⤵
  PID:10024
- C:\Windows\System\AYTbIlW.exe
  C:\Windows\System\AYTbIlW.exe
  2⤵
  PID:10052
- C:\Windows\System\uZupYKH.exe
  C:\Windows\System\uZupYKH.exe
  2⤵
  PID:10080
- C:\Windows\System\HVlkXLi.exe
  C:\Windows\System\HVlkXLi.exe
  2⤵
  PID:10108
- C:\Windows\System\cJfSYxE.exe
  C:\Windows\System\cJfSYxE.exe
  2⤵
  PID:10136
- C:\Windows\System\zuRZWIo.exe
  C:\Windows\System\zuRZWIo.exe
  2⤵
  PID:10164
- C:\Windows\System\fhDFssm.exe
  C:\Windows\System\fhDFssm.exe
  2⤵
  PID:10192
- C:\Windows\System\dzDqoCU.exe
  C:\Windows\System\dzDqoCU.exe
  2⤵
  PID:10220
- C:\Windows\System\jbQfOHs.exe
  C:\Windows\System\jbQfOHs.exe
  2⤵
  PID:9232
- C:\Windows\System\SoNWFpO.exe
  C:\Windows\System\SoNWFpO.exe
  2⤵
  PID:9308
- C:\Windows\System\aralcbP.exe
  C:\Windows\System\aralcbP.exe
  2⤵
  PID:9364
- C:\Windows\System\lJtmSup.exe
  C:\Windows\System\lJtmSup.exe
  2⤵
  PID:9428
- C:\Windows\System\kjbCQGg.exe
  C:\Windows\System\kjbCQGg.exe
  2⤵
  PID:9504
- C:\Windows\System\unWrqDy.exe
  C:\Windows\System\unWrqDy.exe
  2⤵
  PID:9568
- C:\Windows\System\ybcKWtL.exe
  C:\Windows\System\ybcKWtL.exe
  2⤵
  PID:9628
- C:\Windows\System\syIPJkS.exe
  C:\Windows\System\syIPJkS.exe
  2⤵
  PID:9700
- C:\Windows\System\VtdIgfs.exe
  C:\Windows\System\VtdIgfs.exe
  2⤵
  PID:9768
- C:\Windows\System\qxOsZBD.exe
  C:\Windows\System\qxOsZBD.exe
  2⤵
  PID:9824
- C:\Windows\System\tiyBThH.exe
  C:\Windows\System\tiyBThH.exe
  2⤵
  PID:9900
- C:\Windows\System\PKhSgYZ.exe
  C:\Windows\System\PKhSgYZ.exe
  2⤵
  PID:9960
- C:\Windows\System\wDsPgsS.exe
  C:\Windows\System\wDsPgsS.exe
  2⤵
  PID:10020
- C:\Windows\System\SSnsRox.exe
  C:\Windows\System\SSnsRox.exe
  2⤵
  PID:10092
- C:\Windows\System\wVTxqzZ.exe
  C:\Windows\System\wVTxqzZ.exe
  2⤵
  PID:10156
- C:\Windows\System\gUgoaHU.exe
  C:\Windows\System\gUgoaHU.exe
  2⤵
  PID:10216
- C:\Windows\System\EGSoYsh.exe
  C:\Windows\System\EGSoYsh.exe
  2⤵
  PID:9344
- C:\Windows\System\pBeQjsQ.exe
  C:\Windows\System\pBeQjsQ.exe
  2⤵
  PID:9484
- C:\Windows\System\NFTgBdi.exe
  C:\Windows\System\NFTgBdi.exe
  2⤵
  PID:9624
- C:\Windows\System\QKhhroU.exe
  C:\Windows\System\QKhhroU.exe
  2⤵
  PID:9760
- C:\Windows\System\XiOlHES.exe
  C:\Windows\System\XiOlHES.exe
  2⤵
  PID:9932
- C:\Windows\System\LQoBTJh.exe
  C:\Windows\System\LQoBTJh.exe
  2⤵
  PID:10072
- C:\Windows\System\tgnUVVv.exe
  C:\Windows\System\tgnUVVv.exe
  2⤵
  PID:10212
- C:\Windows\System\PBfMBjH.exe
  C:\Windows\System\PBfMBjH.exe
  2⤵
  PID:9596
- C:\Windows\System\hTdXRiX.exe
  C:\Windows\System\hTdXRiX.exe
  2⤵
  PID:9880
- C:\Windows\System\dNSkZzz.exe
  C:\Windows\System\dNSkZzz.exe
  2⤵
  PID:9392
- C:\Windows\System\omeNSEI.exe
  C:\Windows\System\omeNSEI.exe
  2⤵
  PID:10188
- C:\Windows\System\avhvill.exe
  C:\Windows\System\avhvill.exe
  2⤵
  PID:10248
- C:\Windows\System\jrpphhC.exe
  C:\Windows\System\jrpphhC.exe
  2⤵
  PID:10276
- C:\Windows\System\caGwoLd.exe
  C:\Windows\System\caGwoLd.exe
  2⤵
  PID:10304
- C:\Windows\System\FbuvRnR.exe
  C:\Windows\System\FbuvRnR.exe
  2⤵
  PID:10332
- C:\Windows\System\ibDPQjz.exe
  C:\Windows\System\ibDPQjz.exe
  2⤵
  PID:10360
- C:\Windows\System\fpwZIfW.exe
  C:\Windows\System\fpwZIfW.exe
  2⤵
  PID:10400
- C:\Windows\System\wRMYwLB.exe
  C:\Windows\System\wRMYwLB.exe
  2⤵
  PID:10416
- C:\Windows\System\ocLTwNr.exe
  C:\Windows\System\ocLTwNr.exe
  2⤵
  PID:10444
- C:\Windows\System\OZIXjWi.exe
  C:\Windows\System\OZIXjWi.exe
  2⤵
  PID:10472
- C:\Windows\System\IDdBBuK.exe
  C:\Windows\System\IDdBBuK.exe
  2⤵
  PID:10500
- C:\Windows\System\PQVgVqc.exe
  C:\Windows\System\PQVgVqc.exe
  2⤵
  PID:10528
- C:\Windows\System\VOlhwJY.exe
  C:\Windows\System\VOlhwJY.exe
  2⤵
  PID:10544
- C:\Windows\System\UAnYzPh.exe
  C:\Windows\System\UAnYzPh.exe
  2⤵
  PID:10584
- C:\Windows\System\tVevwZG.exe
  C:\Windows\System\tVevwZG.exe
  2⤵
  PID:10600
- C:\Windows\System\EggjcaR.exe
  C:\Windows\System\EggjcaR.exe
  2⤵
  PID:10620
- C:\Windows\System\KpBKzoE.exe
  C:\Windows\System\KpBKzoE.exe
  2⤵
  PID:10656
- C:\Windows\System\TpxuMVx.exe
  C:\Windows\System\TpxuMVx.exe
  2⤵
  PID:10684
- C:\Windows\System\bBHgBLB.exe
  C:\Windows\System\bBHgBLB.exe
  2⤵
  PID:10716
- C:\Windows\System\qnOfiKL.exe
  C:\Windows\System\qnOfiKL.exe
  2⤵
  PID:10752
- C:\Windows\System\duEWmiq.exe
  C:\Windows\System\duEWmiq.exe
  2⤵
  PID:10780
- C:\Windows\System\WERFZNZ.exe
  C:\Windows\System\WERFZNZ.exe
  2⤵
  PID:10808
- C:\Windows\System\QVOqtUU.exe
  C:\Windows\System\QVOqtUU.exe
  2⤵
  PID:10836
- C:\Windows\System\WyGCABI.exe
  C:\Windows\System\WyGCABI.exe
  2⤵
  PID:10852
- C:\Windows\System\vnearRb.exe
  C:\Windows\System\vnearRb.exe
  2⤵
  PID:10892
- C:\Windows\System\ihsbrlK.exe
  C:\Windows\System\ihsbrlK.exe
  2⤵
  PID:10920
- C:\Windows\System\fdxTrsu.exe
  C:\Windows\System\fdxTrsu.exe
  2⤵
  PID:10948
- C:\Windows\System\GyxxrGu.exe
  C:\Windows\System\GyxxrGu.exe
  2⤵
  PID:10976
- C:\Windows\System\dqrPwic.exe
  C:\Windows\System\dqrPwic.exe
  2⤵
  PID:11004
- C:\Windows\System\lRhVwYG.exe
  C:\Windows\System\lRhVwYG.exe
  2⤵
  PID:11032
- C:\Windows\System\bcUFnGv.exe
  C:\Windows\System\bcUFnGv.exe
  2⤵
  PID:11060
- C:\Windows\System\DmMmzdb.exe
  C:\Windows\System\DmMmzdb.exe
  2⤵
  PID:11076
- C:\Windows\System\WskDZMB.exe
  C:\Windows\System\WskDZMB.exe
  2⤵
  PID:11116
- C:\Windows\System\pyQJCBB.exe
  C:\Windows\System\pyQJCBB.exe
  2⤵
  PID:11144
- C:\Windows\System\CZcfIWu.exe
  C:\Windows\System\CZcfIWu.exe
  2⤵
  PID:11172
- C:\Windows\System\eNVvYsk.exe
  C:\Windows\System\eNVvYsk.exe
  2⤵
  PID:11188
- C:\Windows\System\RUAsQgB.exe
  C:\Windows\System\RUAsQgB.exe
  2⤵
  PID:11220
- C:\Windows\System\zxQbGmd.exe
  C:\Windows\System\zxQbGmd.exe
  2⤵
  PID:11248
- C:\Windows\System\DcTqMBO.exe
  C:\Windows\System\DcTqMBO.exe
  2⤵
  PID:10260
- C:\Windows\System\BrtQvnL.exe
  C:\Windows\System\BrtQvnL.exe
  2⤵
  PID:10324
- C:\Windows\System\uCbgWAx.exe
  C:\Windows\System\uCbgWAx.exe
  2⤵
  PID:10372
- C:\Windows\System\IOqVNuc.exe
  C:\Windows\System\IOqVNuc.exe
  2⤵
  PID:10456
- C:\Windows\System\ijbOHej.exe
  C:\Windows\System\ijbOHej.exe
  2⤵
  PID:10512
- C:\Windows\System\ekEoosk.exe
  C:\Windows\System\ekEoosk.exe
  2⤵
  PID:10572
- C:\Windows\System\EDYwiUS.exe
  C:\Windows\System\EDYwiUS.exe
  2⤵
  PID:10608
- C:\Windows\System\SjvYCse.exe
  C:\Windows\System\SjvYCse.exe
  2⤵
  PID:10728
- C:\Windows\System\tqWTSTV.exe
  C:\Windows\System\tqWTSTV.exe
  2⤵
  PID:10776
- C:\Windows\System\rBEtxWL.exe
  C:\Windows\System\rBEtxWL.exe
  2⤵
  PID:10820
- C:\Windows\System\NLASbRr.exe
  C:\Windows\System\NLASbRr.exe
  2⤵
  PID:10916
- C:\Windows\System\Vweupjd.exe
  C:\Windows\System\Vweupjd.exe
  2⤵
  PID:11000
- C:\Windows\System\bGNpcWu.exe
  C:\Windows\System\bGNpcWu.exe
  2⤵
  PID:11044
- C:\Windows\System\WfPyUoM.exe
  C:\Windows\System\WfPyUoM.exe
  2⤵
  PID:11088
- C:\Windows\System\WwDshTl.exe
  C:\Windows\System\WwDshTl.exe
  2⤵
  PID:11128
- C:\Windows\System\tAZvRED.exe
  C:\Windows\System\tAZvRED.exe
  2⤵
  PID:11216
- C:\Windows\System\UovxMXj.exe
  C:\Windows\System\UovxMXj.exe
  2⤵
  PID:10356
- C:\Windows\System\Lystwtx.exe
  C:\Windows\System\Lystwtx.exe
  2⤵
  PID:10492
- C:\Windows\System\cPrcTJL.exe
  C:\Windows\System\cPrcTJL.exe
  2⤵
  PID:10592
- C:\Windows\System\urrxXxr.exe
  C:\Windows\System\urrxXxr.exe
  2⤵
  PID:10876
- C:\Windows\System\mxVFlYq.exe
  C:\Windows\System\mxVFlYq.exe
  2⤵
  PID:10940
- C:\Windows\System\pQvXqNX.exe
  C:\Windows\System\pQvXqNX.exe
  2⤵
  PID:11016
- C:\Windows\System\wEXrcJc.exe
  C:\Windows\System\wEXrcJc.exe
  2⤵
  PID:10048
- C:\Windows\System\uVVvWMy.exe
  C:\Windows\System\uVVvWMy.exe
  2⤵
  PID:10628
- C:\Windows\System\bwLPENS.exe
  C:\Windows\System\bwLPENS.exe
  2⤵
  PID:11024
- C:\Windows\System\OseZRMw.exe
  C:\Windows\System\OseZRMw.exe
  2⤵
  PID:11164
- C:\Windows\System\TTdDjEE.exe
  C:\Windows\System\TTdDjEE.exe
  2⤵
  PID:11272
- C:\Windows\System\lzCPoXj.exe
  C:\Windows\System\lzCPoXj.exe
  2⤵
  PID:11300
- C:\Windows\System\WcELzmm.exe
  C:\Windows\System\WcELzmm.exe
  2⤵
  PID:11328
- C:\Windows\System\kpcYYbk.exe
  C:\Windows\System\kpcYYbk.exe
  2⤵
  PID:11356
- C:\Windows\System\RTaYRYE.exe
  C:\Windows\System\RTaYRYE.exe
  2⤵
  PID:11372
- C:\Windows\System\XWGmOof.exe
  C:\Windows\System\XWGmOof.exe
  2⤵
  PID:11404
- C:\Windows\System\xFVGdJL.exe
  C:\Windows\System\xFVGdJL.exe
  2⤵
  PID:11428
- C:\Windows\System\bSCfYBg.exe
  C:\Windows\System\bSCfYBg.exe
  2⤵
  PID:11456
- C:\Windows\System\aXeIwts.exe
  C:\Windows\System\aXeIwts.exe
  2⤵
  PID:11496
- C:\Windows\System\RkyOLIO.exe
  C:\Windows\System\RkyOLIO.exe
  2⤵
  PID:11524
- C:\Windows\System\ULFMcMN.exe
  C:\Windows\System\ULFMcMN.exe
  2⤵
  PID:11544
- C:\Windows\System\KyPkMxv.exe
  C:\Windows\System\KyPkMxv.exe
  2⤵
  PID:11568
- C:\Windows\System\MoWvtTC.exe
  C:\Windows\System\MoWvtTC.exe
  2⤵
  PID:11588
- C:\Windows\System\CXLDSWr.exe
  C:\Windows\System\CXLDSWr.exe
  2⤵
  PID:11624
- C:\Windows\System\hzniePw.exe
  C:\Windows\System\hzniePw.exe
  2⤵
  PID:11652
- C:\Windows\System\ccxrIdF.exe
  C:\Windows\System\ccxrIdF.exe
  2⤵
  PID:11684
- C:\Windows\System\WvuqYOR.exe
  C:\Windows\System\WvuqYOR.exe
  2⤵
  PID:11708
- C:\Windows\System\eGUTcQc.exe
  C:\Windows\System\eGUTcQc.exe
  2⤵
  PID:11740
- C:\Windows\System\fPRjqBM.exe
  C:\Windows\System\fPRjqBM.exe
  2⤵
  PID:11764
- C:\Windows\System\kPsrbec.exe
  C:\Windows\System\kPsrbec.exe
  2⤵
  PID:11804
- C:\Windows\System\yxCvoIu.exe
  C:\Windows\System\yxCvoIu.exe
  2⤵
  PID:11832
- C:\Windows\System\xkdngow.exe
  C:\Windows\System\xkdngow.exe
  2⤵
  PID:11860
- C:\Windows\System\eKhNBfS.exe
  C:\Windows\System\eKhNBfS.exe
  2⤵
  PID:11888
- C:\Windows\System\sNRtCRc.exe
  C:\Windows\System\sNRtCRc.exe
  2⤵
  PID:11904
- C:\Windows\System\rURTYZL.exe
  C:\Windows\System\rURTYZL.exe
  2⤵
  PID:11944
- C:\Windows\System\LTGjgQC.exe
  C:\Windows\System\LTGjgQC.exe
  2⤵
  PID:11972
- C:\Windows\System\MkfnlWO.exe
  C:\Windows\System\MkfnlWO.exe
  2⤵
  PID:12000
- C:\Windows\System\gvYbbRB.exe
  C:\Windows\System\gvYbbRB.exe
  2⤵
  PID:12028
- C:\Windows\System\dIzWhRL.exe
  C:\Windows\System\dIzWhRL.exe
  2⤵
  PID:12056
- C:\Windows\System\YYENasD.exe
  C:\Windows\System\YYENasD.exe
  2⤵
  PID:12084
- C:\Windows\System\maSdSYI.exe
  C:\Windows\System\maSdSYI.exe
  2⤵
  PID:12112
- C:\Windows\System\jZbuCDI.exe
  C:\Windows\System\jZbuCDI.exe
  2⤵
  PID:12140
- C:\Windows\System\RavpMyi.exe
  C:\Windows\System\RavpMyi.exe
  2⤵
  PID:12168
- C:\Windows\System\OhHbCXD.exe
  C:\Windows\System\OhHbCXD.exe
  2⤵
  PID:12196
- C:\Windows\System\VtEabXt.exe
  C:\Windows\System\VtEabXt.exe
  2⤵
  PID:12224
- C:\Windows\System\PWVVQdt.exe
  C:\Windows\System\PWVVQdt.exe
  2⤵
  PID:12252
- C:\Windows\System\Qsbcwvw.exe
  C:\Windows\System\Qsbcwvw.exe
  2⤵
  PID:12280
- C:\Windows\System\LQCFzxy.exe
  C:\Windows\System\LQCFzxy.exe
  2⤵
  PID:10764
- C:\Windows\System\rsrYAXe.exe
  C:\Windows\System\rsrYAXe.exe
  2⤵
  PID:11288
- C:\Windows\System\EmHQRQN.exe
  C:\Windows\System\EmHQRQN.exe
  2⤵
  PID:11352
- C:\Windows\System\qtMPFdN.exe
  C:\Windows\System\qtMPFdN.exe
  2⤵
  PID:11400
- C:\Windows\System\aaXkKEh.exe
  C:\Windows\System\aaXkKEh.exe
  2⤵
  PID:11552
- C:\Windows\System\hLCMtVx.exe
  C:\Windows\System\hLCMtVx.exe
  2⤵
  PID:11612
- C:\Windows\System\sLOtbZx.exe
  C:\Windows\System\sLOtbZx.exe
  2⤵
  PID:11636
- C:\Windows\System\rorDEBC.exe
  C:\Windows\System\rorDEBC.exe
  2⤵
  PID:11760
- C:\Windows\System\xQgzyKL.exe
  C:\Windows\System\xQgzyKL.exe
  2⤵
  PID:11824
- C:\Windows\System\hdCeJbz.exe
  C:\Windows\System\hdCeJbz.exe
  2⤵
  PID:11856
- C:\Windows\System\pNoIFqH.exe
  C:\Windows\System\pNoIFqH.exe
  2⤵
  PID:11956
- C:\Windows\System\lihftdq.exe
  C:\Windows\System\lihftdq.exe
  2⤵
  PID:12024
- C:\Windows\System\eEPZXKL.exe
  C:\Windows\System\eEPZXKL.exe
  2⤵
  PID:12080
- C:\Windows\System\cqoyHjG.exe
  C:\Windows\System\cqoyHjG.exe
  2⤵
  PID:12160
- C:\Windows\System\RrjkHcI.exe
  C:\Windows\System\RrjkHcI.exe
  2⤵
  PID:12208
- C:\Windows\System\ifpkIhN.exe
  C:\Windows\System\ifpkIhN.exe
  2⤵
  PID:12236
- C:\Windows\System\vUpoPYz.exe
  C:\Windows\System\vUpoPYz.exe
  2⤵
  PID:11384
- C:\Windows\System\TFxOaPY.exe
  C:\Windows\System\TFxOaPY.exe
  2⤵
  PID:11508
- C:\Windows\System\CDsYLtn.exe
  C:\Windows\System\CDsYLtn.exe
  2⤵
  PID:11596
- C:\Windows\System\ZgMmuNW.exe
  C:\Windows\System\ZgMmuNW.exe
  2⤵
  PID:3396
- C:\Windows\System\bWqldGL.exe
  C:\Windows\System\bWqldGL.exe
  2⤵
  PID:11752
- C:\Windows\System\xpeMyCV.exe
  C:\Windows\System\xpeMyCV.exe
  2⤵
  PID:3192
- C:\Windows\System\ajikuvM.exe
  C:\Windows\System\ajikuvM.exe
  2⤵
  PID:11940
- C:\Windows\System\UFcTjXe.exe
  C:\Windows\System\UFcTjXe.exe
  2⤵
  PID:12132
- C:\Windows\System\zrKrtXg.exe
  C:\Windows\System\zrKrtXg.exe
  2⤵
  PID:11068
- C:\Windows\System\SXRfxWJ.exe
  C:\Windows\System\SXRfxWJ.exe
  2⤵
  PID:11324
- C:\Windows\System\YjkFvny.exe
  C:\Windows\System\YjkFvny.exe
  2⤵
  PID:3144
- C:\Windows\System\yyXguFV.exe
  C:\Windows\System\yyXguFV.exe
  2⤵
  PID:8392
- C:\Windows\System\oZzOjZs.exe
  C:\Windows\System\oZzOjZs.exe
  2⤵
  PID:11420
- C:\Windows\System\aacHcZu.exe
  C:\Windows\System\aacHcZu.exe
  2⤵
  PID:6428
- C:\Windows\System\bpKkKlx.exe
  C:\Windows\System\bpKkKlx.exe
  2⤵
  PID:4328
- C:\Windows\System\nUVjYMv.exe
  C:\Windows\System\nUVjYMv.exe
  2⤵
  PID:12312
- C:\Windows\System\OVkAOkw.exe
  C:\Windows\System\OVkAOkw.exe
  2⤵
  PID:12340
- C:\Windows\System\tNbezQO.exe
  C:\Windows\System\tNbezQO.exe
  2⤵
  PID:12368
- C:\Windows\System\sANnnlg.exe
  C:\Windows\System\sANnnlg.exe
  2⤵
  PID:12396
- C:\Windows\System\fIZNJjU.exe
  C:\Windows\System\fIZNJjU.exe
  2⤵
  PID:12424
- C:\Windows\System\bFHgsgR.exe
  C:\Windows\System\bFHgsgR.exe
  2⤵
  PID:12452
- C:\Windows\System\yUSVmcE.exe
  C:\Windows\System\yUSVmcE.exe
  2⤵
  PID:12480
- C:\Windows\System\oHJtLVZ.exe
  C:\Windows\System\oHJtLVZ.exe
  2⤵
  PID:12508
- C:\Windows\System\jnlfyjP.exe
  C:\Windows\System\jnlfyjP.exe
  2⤵
  PID:12536
- C:\Windows\System\SuOafYG.exe
  C:\Windows\System\SuOafYG.exe
  2⤵
  PID:12564
- C:\Windows\System\MIYAmxn.exe
  C:\Windows\System\MIYAmxn.exe
  2⤵
  PID:12580
- C:\Windows\System\xIYNrjF.exe
  C:\Windows\System\xIYNrjF.exe
  2⤵
  PID:12616
- C:\Windows\System\lcoLqAV.exe
  C:\Windows\System\lcoLqAV.exe
  2⤵
  PID:12636
- C:\Windows\System\tdvkhcy.exe
  C:\Windows\System\tdvkhcy.exe
  2⤵
  PID:12664
- C:\Windows\System\oZGgqpa.exe
  C:\Windows\System\oZGgqpa.exe
  2⤵
  PID:12704
- C:\Windows\System\NTnKNeP.exe
  C:\Windows\System\NTnKNeP.exe
  2⤵
  PID:12732
- C:\Windows\System\bRjmObi.exe
  C:\Windows\System\bRjmObi.exe
  2⤵
  PID:12760
- C:\Windows\System\CpgKOiI.exe
  C:\Windows\System\CpgKOiI.exe
  2⤵
  PID:12788
- C:\Windows\System\euNbRvl.exe
  C:\Windows\System\euNbRvl.exe
  2⤵
  PID:12804
- C:\Windows\System\UhaYDUf.exe
  C:\Windows\System\UhaYDUf.exe
  2⤵
  PID:12832
- C:\Windows\System\aAMXhmh.exe
  C:\Windows\System\aAMXhmh.exe
  2⤵
  PID:12860
- C:\Windows\System\UEpqqob.exe
  C:\Windows\System\UEpqqob.exe
  2⤵
  PID:12904
- C:\Windows\System\OIvwdSp.exe
  C:\Windows\System\OIvwdSp.exe
  2⤵
  PID:12920
- C:\Windows\System\tYPgMVj.exe
  C:\Windows\System\tYPgMVj.exe
  2⤵
  PID:12960
- C:\Windows\System\uvmLtqH.exe
  C:\Windows\System\uvmLtqH.exe
  2⤵
  PID:12976
- C:\Windows\System\dcGmXSj.exe
  C:\Windows\System\dcGmXSj.exe
  2⤵
  PID:13016
- C:\Windows\System\faYcnrP.exe
  C:\Windows\System\faYcnrP.exe
  2⤵
  PID:13044
- C:\Windows\System\URVNgwR.exe
  C:\Windows\System\URVNgwR.exe
  2⤵
  PID:13072
- C:\Windows\System\aiiObNd.exe
  C:\Windows\System\aiiObNd.exe
  2⤵
  PID:13100
- C:\Windows\System\abuwveW.exe
  C:\Windows\System\abuwveW.exe
  2⤵
  PID:13128
- C:\Windows\System\RxByVOv.exe
  C:\Windows\System\RxByVOv.exe
  2⤵
  PID:13156
- C:\Windows\System\UCOeEqd.exe
  C:\Windows\System\UCOeEqd.exe
  2⤵
  PID:13172
- C:\Windows\System\xFIFOYD.exe
  C:\Windows\System\xFIFOYD.exe
  2⤵
  PID:13192
- C:\Windows\System\wgXFUSv.exe
  C:\Windows\System\wgXFUSv.exe
  2⤵
  PID:13220
- C:\Windows\System\lzPfdmw.exe
  C:\Windows\System\lzPfdmw.exe
  2⤵
  PID:13252
- C:\Windows\System\NakJeoW.exe
  C:\Windows\System\NakJeoW.exe
  2⤵
  PID:13280
- C:\Windows\System\BldqpLs.exe
  C:\Windows\System\BldqpLs.exe
  2⤵
  PID:12304
- C:\Windows\System\bkxWzJs.exe
  C:\Windows\System\bkxWzJs.exe
  2⤵
  PID:12352
- C:\Windows\System\hImTGrY.exe
  C:\Windows\System\hImTGrY.exe
  2⤵
  PID:12416
- C:\Windows\System\ZJoRcXQ.exe
  C:\Windows\System\ZJoRcXQ.exe
  2⤵
  PID:12472
- C:\Windows\System\clbnORd.exe
  C:\Windows\System\clbnORd.exe
  2⤵
  PID:12556
- C:\Windows\System\ROEgxLA.exe
  C:\Windows\System\ROEgxLA.exe
  2⤵
  PID:12608
- C:\Windows\System\bXDthQM.exe
  C:\Windows\System\bXDthQM.exe
  2⤵
  PID:12656
- C:\Windows\System\QeWJrFY.exe
  C:\Windows\System\QeWJrFY.exe
  2⤵
  PID:12720
- C:\Windows\System\nsHfUKi.exe
  C:\Windows\System\nsHfUKi.exe
  2⤵
  PID:12800
- C:\Windows\System\KOcwPif.exe
  C:\Windows\System\KOcwPif.exe
  2⤵
  PID:12876
- C:\Windows\System\hjhchbb.exe
  C:\Windows\System\hjhchbb.exe
  2⤵
  PID:12940
- C:\Windows\System\QyDdIAC.exe
  C:\Windows\System\QyDdIAC.exe
  2⤵
  PID:13008
- C:\Windows\System\ijluByR.exe
  C:\Windows\System\ijluByR.exe
  2⤵
  PID:13068
- C:\Windows\System\uJCWsfz.exe
  C:\Windows\System\uJCWsfz.exe
  2⤵
  PID:13152
- C:\Windows\System\JMbWlzG.exe
  C:\Windows\System\JMbWlzG.exe
  2⤵
  PID:13212
- C:\Windows\System\OlSpWrQ.exe
  C:\Windows\System\OlSpWrQ.exe
  2⤵
  PID:13260
- C:\Windows\System\iIRZeiH.exe
  C:\Windows\System\iIRZeiH.exe
  2⤵
  PID:12324
- C:\Windows\System\jogQoAK.exe
  C:\Windows\System\jogQoAK.exe
  2⤵
  PID:12464
- C:\Windows\System\NBZTast.exe
  C:\Windows\System\NBZTast.exe
  2⤵
  PID:11516
- C:\Windows\System\bxJZQZa.exe
  C:\Windows\System\bxJZQZa.exe
  2⤵
  PID:12700
- C:\Windows\System\tSMhRvv.exe
  C:\Windows\System\tSMhRvv.exe
  2⤵
  PID:12944
- C:\Windows\System\UUhNENr.exe
  C:\Windows\System\UUhNENr.exe
  2⤵
  PID:13088
- C:\Windows\System\XNPOaXN.exe
  C:\Windows\System\XNPOaXN.exe
  2⤵
  PID:13180
- C:\Windows\System\oLhqAeL.exe
  C:\Windows\System\oLhqAeL.exe
  2⤵
  PID:784
- C:\Windows\System\XXyKDmZ.exe
  C:\Windows\System\XXyKDmZ.exe
  2⤵
  PID:12520
- C:\Windows\System\OiYxahm.exe
  C:\Windows\System\OiYxahm.exe
  2⤵
  PID:12968
- C:\Windows\System\nxnYjwb.exe
  C:\Windows\System\nxnYjwb.exe
  2⤵
  PID:13148
- C:\Windows\System\uVIHhOw.exe
  C:\Windows\System\uVIHhOw.exe
  2⤵
  PID:13200
- C:\Windows\System\Shdrmfq.exe
  C:\Windows\System\Shdrmfq.exe
  2⤵
  PID:13340
- C:\Windows\System\VCMWSnp.exe
  C:\Windows\System\VCMWSnp.exe
  2⤵
  PID:13368
- C:\Windows\System\NTZSGXs.exe
  C:\Windows\System\NTZSGXs.exe
  2⤵
  PID:13384
- C:\Windows\System\dmbBeIk.exe
  C:\Windows\System\dmbBeIk.exe
  2⤵
  PID:13424
- C:\Windows\System\EYgdctl.exe
  C:\Windows\System\EYgdctl.exe
  2⤵
  PID:13444
- C:\Windows\System\oEsCioR.exe
  C:\Windows\System\oEsCioR.exe
  2⤵
  PID:13480
- C:\Windows\System\FVqTzbi.exe
  C:\Windows\System\FVqTzbi.exe
  2⤵
  PID:13508
- C:\Windows\System\FibJElJ.exe
  C:\Windows\System\FibJElJ.exe
  2⤵
  PID:13524
- C:\Windows\System\MuLQpvU.exe
  C:\Windows\System\MuLQpvU.exe
  2⤵
  PID:13552
- C:\Windows\System\TaWDMdt.exe
  C:\Windows\System\TaWDMdt.exe
  2⤵
  PID:13584
- C:\Windows\System\KTtfHht.exe
  C:\Windows\System\KTtfHht.exe
  2⤵
  PID:13624
- C:\Windows\System\yFJQxLa.exe
  C:\Windows\System\yFJQxLa.exe
  2⤵
  PID:13652
- C:\Windows\System\DfCPWYq.exe
  C:\Windows\System\DfCPWYq.exe
  2⤵
  PID:13672
- C:\Windows\System\SDehbxJ.exe
  C:\Windows\System\SDehbxJ.exe
  2⤵
  PID:13696
- C:\Windows\System\DgAvyUx.exe
  C:\Windows\System\DgAvyUx.exe
  2⤵
  PID:13736
- C:\Windows\System\qxdBcnR.exe
  C:\Windows\System\qxdBcnR.exe
  2⤵
  PID:13764
- C:\Windows\System\rVOTDuy.exe
  C:\Windows\System\rVOTDuy.exe
  2⤵
  PID:13792
- C:\Windows\System\EWAUWeM.exe
  C:\Windows\System\EWAUWeM.exe
  2⤵
  PID:13820
- C:\Windows\System\eBNNPED.exe
  C:\Windows\System\eBNNPED.exe
  2⤵
  PID:13844
- C:\Windows\System\olteAOL.exe
  C:\Windows\System\olteAOL.exe
  2⤵
  PID:13876
- C:\Windows\System\VHzPcPZ.exe
  C:\Windows\System\VHzPcPZ.exe
  2⤵
  PID:13904
- C:\Windows\System\oTnhWEv.exe
  C:\Windows\System\oTnhWEv.exe
  2⤵
  PID:13932
- C:\Windows\System\lQhGZct.exe
  C:\Windows\System\lQhGZct.exe
  2⤵
  PID:13956
- C:\Windows\System\szGxmNi.exe
  C:\Windows\System\szGxmNi.exe
  2⤵
  PID:13992
- C:\Windows\System\sHnKgqS.exe
  C:\Windows\System\sHnKgqS.exe
  2⤵
  PID:14012
- C:\Windows\System\kQKtwvk.exe
  C:\Windows\System\kQKtwvk.exe
  2⤵
  PID:14040
- C:\Windows\System\cBGsRet.exe
  C:\Windows\System\cBGsRet.exe
  2⤵
  PID:14068
- C:\Windows\System\uFAYpYL.exe
  C:\Windows\System\uFAYpYL.exe
  2⤵
  PID:14096
- C:\Windows\System\TZJLkIy.exe
  C:\Windows\System\TZJLkIy.exe
  2⤵
  PID:14124
- C:\Windows\System\urJpFCs.exe
  C:\Windows\System\urJpFCs.exe
  2⤵
  PID:14164
- C:\Windows\System\WnxoefW.exe
  C:\Windows\System\WnxoefW.exe
  2⤵
  PID:14192
- C:\Windows\System\oBufhhn.exe
  C:\Windows\System\oBufhhn.exe
  2⤵
  PID:14220
- C:\Windows\System\aewdMIi.exe
  C:\Windows\System\aewdMIi.exe
  2⤵
  PID:14248
- C:\Windows\System\Cxqnziw.exe
  C:\Windows\System\Cxqnziw.exe
  2⤵
  PID:14276
- C:\Windows\System\qAOcvCw.exe
  C:\Windows\System\qAOcvCw.exe
  2⤵
  PID:14296
- C:\Windows\System\bDqYqqM.exe
  C:\Windows\System\bDqYqqM.exe
  2⤵
  PID:14320
- C:\Windows\System\HBqgSNs.exe
  C:\Windows\System\HBqgSNs.exe
  2⤵
  PID:13352
- C:\Windows\System\IZmoicK.exe
  C:\Windows\System\IZmoicK.exe
  2⤵
  PID:13416
- C:\Windows\System\mCZQvXT.exe
  C:\Windows\System\mCZQvXT.exe
  2⤵
  PID:13472
- C:\Windows\System\qeWYFZB.exe
  C:\Windows\System\qeWYFZB.exe
  2⤵
  PID:13520
- C:\Windows\System\BSdxPMN.exe
  C:\Windows\System\BSdxPMN.exe
  2⤵
  PID:13576
- C:\Windows\System\XgtevvJ.exe
  C:\Windows\System\XgtevvJ.exe
  2⤵
  PID:13644
- C:\Windows\System\VclTOWL.exe
  C:\Windows\System\VclTOWL.exe
  2⤵
  PID:13688
- C:\Windows\System\QPybJLg.exe
  C:\Windows\System\QPybJLg.exe
  2⤵
  PID:13752
- C:\Windows\System\FxFbkkd.exe
  C:\Windows\System\FxFbkkd.exe
  2⤵
  PID:13852
- C:\Windows\System\hnCrffm.exe
  C:\Windows\System\hnCrffm.exe
  2⤵
  PID:13888
- C:\Windows\System\Agxrupg.exe
  C:\Windows\System\Agxrupg.exe
  2⤵
  PID:13924
- C:\Windows\System\WvUayKH.exe
  C:\Windows\System\WvUayKH.exe
  2⤵
  PID:14056
- C:\Windows\System\obXWiyC.exe
  C:\Windows\System\obXWiyC.exe
  2⤵
  PID:14092
- C:\Windows\System\jXVCkVT.exe
  C:\Windows\System\jXVCkVT.exe
  2⤵
  PID:14156
- C:\Windows\System\KyFpSgf.exe
  C:\Windows\System\KyFpSgf.exe
  2⤵
  PID:14244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DufzWxC.exe

Filesize
2.4MB

MD5
417580b71031ac7c812a8b5f8a6ca9c9

SHA1
fa14fb7bbef13cf9d5921c7fa1de3990ee54d39f

SHA256
e54c5e530b5cecb1ecaa3358d0081ba282f6bab6a8f0f31e6e31d211cf7e07e2

SHA512
066d1e76725a9c93513b265c9fbe2f2f21abf6969237c7f5d114f6f083e0774ab3932e4713b9d1919f95556b9c5d7c9a698128890e1fc7e3a4f36db3da4bc653

Download Submit
C:\Windows\System\FilrUHP.exe

Filesize
2.4MB

MD5
05dc6ad52a1f53d3b293fbebada8bf25

SHA1
5372c2c9d7944df6879a1d3eba9e521864d6135b

SHA256
c80445a9d9927231f18948abdc2b49e64e1140ff6d24aa9f1367296c074eb7c9

SHA512
8d41f00d162fad27f4a263fa5554268fa38bcdf829772572553c5adc3a36d57aa488de95bd79fc05abf0df2d1fca996050ad8bd3cabf0ab2c173c73b51bb69b5

Download Submit
C:\Windows\System\HBlZPmT.exe

Filesize
2.4MB

MD5
ae0a2b93d02468eab2b20d02afcd9b94

SHA1
923caeb5dd914d4e15dfde11f8824d58f9707b85

SHA256
853344f58e377d5b1b2264fb2d805d9330db5f1fa6fac8d10b44a069c5721aad

SHA512
b22b567f395edd7d5bf61c84008f5213e8d7113d4a02ee0decdc542daa08bfd3e64397266dd97c83ad9faf1b718c9494029c76f958f4b858ca3cb963be64adb2

Download Submit
C:\Windows\System\JEUsbVt.exe

Filesize
2.4MB

MD5
a752920c8783fd8637ad6bb77bd83400

SHA1
ab8058f03041d32b5f4e282c9a7fa620594a748b

SHA256
815149101f63719bab3de076e0498d583f14e0f06ee5387b877ec4b2a2a09c06

SHA512
7fb4ee972291bdabefc3e24945fadc1f70bc58a6f9f798250a97315b6fedec8e751bd41fbfe3fd5a8f9a40af250dd5d79ef4d523e7507cf6599dce184dd277f2

Download Submit
C:\Windows\System\KaLBgCa.exe

Filesize
2.4MB

MD5
4a1b2907071f0ba990d5a950f3a3723f

SHA1
6f72f35740c1993fac2c775174d229363c4161dd

SHA256
19528b1399217a63e92ecfa51ccdc34b6349c5e5e9872a548a8a41cecb1b273b

SHA512
2de9b0b948bfd173196fbff170442569b908c6a3722f0a0618c71056aaa9f10ec1e6562a32de928ad4ca1f50210a7fbe6004e3311af9aba8c75e460725961c9c

Download Submit
C:\Windows\System\KvCXCMY.exe

Filesize
2.4MB

MD5
991e5bf239fbdcc108dcd81b00e0ec50

SHA1
53572ce0f0eeda3e2a4d5e2eaf47604849679448

SHA256
0b336a3610b07aaf1e467ec94e93f7ae8ac34af8238a45ec3ae8c9eed0f480c1

SHA512
3e6cbfde25a3cd9a77ecd10241ba19b6827adf57123b4381fcddf352af94acc4194db385e84b55a235096d5d3a32988cf9a038777f237ca8426b4c3ac14cf608

Download Submit
C:\Windows\System\NGyiPkG.exe

Filesize
2.4MB

MD5
d9142afee33ef83f26d9344a3d6a921f

SHA1
96753d2105482f5fff5d152639c0df9e6731a6a5

SHA256
b6a7327ad1915684a6419f122c0b149230fd3497b17b84f21e38fd1eb21a8fa5

SHA512
153616d5b123947960c237888409829262f8c0be05845c7566be2cb7bdd0e3dda774379ae9b2e2095393aad9c2767dddc048ccc82678200843dc793defa61867

Download Submit
C:\Windows\System\NZJGaxm.exe

Filesize
2.4MB

MD5
3b339acc28f49558cba2243939998dba

SHA1
ac0e453a96854b8c76edf8b03ed256d309e00b72

SHA256
b4f8ae02449fe760a8cdac8c6beeee5767bb7ebc6e6c159810ad58d4414cc5de

SHA512
92793ecbd1cdaa35e3cc6f489e52184597bca35780a15f8d69a66b07306ee5b29da2cd1917970e5c53e9cb2b75e717f95bfa0dff3879b4ff1ddaf5cdda383032

Download Submit
C:\Windows\System\NwRDvBg.exe

Filesize
2.4MB

MD5
fc78180e1ebc26adddad1f530d03b01a

SHA1
a57117f6fd29528089516a027f9cc467813ddba7

SHA256
66cec0d8e3e105c1c9e8deb1283fa97dd22f60f8c499951b6ed658ac33533b43

SHA512
cd4de54159d28f29e0420f5da3545000106d7983bb50563cc04ca4baa597c00dd863e7dc39e68722c5ad09dcf7382f3ab9ee493db0ff69789b8ec32d797d8054

Download Submit
C:\Windows\System\RqxVuJp.exe

Filesize
2.4MB

MD5
bc5da2fca8f4a5e197f92b7743ff2968

SHA1
d31864c6a7ba7606db48fe5c5584a6acd94f6733

SHA256
4c94d0669576e87e3d67a58d19ed378b893d1978aa7eae80d8446a49da51adb3

SHA512
7d8714f958565b6160c210eeee995ba54588b3a5a18f4ff6543d607a864d19960b36e5d5e6aefeaf1e0182280e4dd6351ee2030115aef8b2f2737290f8e43467

Download Submit
C:\Windows\System\SaGYMoW.exe

Filesize
2.4MB

MD5
e313b28d65eeea5595a026b807c0472b

SHA1
342c0ba0c14846eaf0047c6bb686e8d1647d6b50

SHA256
399cd38243771d4e31107f3071262fb5a7eed3d23ecf7d862e685981b94a4937

SHA512
d2d8a143bb9130b9c96a20fbac3c5b63ac4d2e53669614a1f27e5aaa7ea56c9cc02dcab91647471cfe4741f84bfe210782be04cd7a9acfd3ecfd3eee564827de

Download Submit
C:\Windows\System\Sdnlrda.exe

Filesize
2.4MB

MD5
1b18b5d995d6429198042361244099e5

SHA1
0e364dcce6c85ce88ee3efec09f2b097ab44026e

SHA256
c9a63a338dae95e2e173b705effd522eefa72c7ebf720c4e30d206bb48f0f7ee

SHA512
18b88d163490d67eac692802e9e77a5faf1ee9ef966107cd2a05902cc98981d0596204eae6474e9b0174845e22064528e0b33cf74ddd924390ed3ca89351a0f7

Download Submit
C:\Windows\System\TxOGOTe.exe

Filesize
2.4MB

MD5
84638fe548b8270690f7765d44748f2e

SHA1
5565f62329cc572057874af168abdf36d3538ef2

SHA256
6dc36aea18691e2b1aae594aa58349424256edd286aa4255a64a137586eb1811

SHA512
2f6ed61142399af18009bd06cb982f733e09b8d77643e561b096c13ff6e45200839edff720a5ed4dd9fbf06739c7ae75209da83c23c71000f0dc1f382ba9bd60

Download Submit
C:\Windows\System\UAsyame.exe

Filesize
2.4MB

MD5
47304aa56cf5f3bcf87e9023d209f4a1

SHA1
24c80d098c50a2d8714baa37a7e937c476f5639c

SHA256
646264c898c512856da4e729bea5628b398e5772485f9bca9743472845f6f789

SHA512
6c6acbef1d6164b564e8e7cb6749fc0ff5a2a02dbac8d5b2ecade8a17133bbda610823e3c6bd4e990e16abd1b660c0e573eba5a58ecbc89890635b8462b61ea9

Download Submit
C:\Windows\System\VPdWxZW.exe

Filesize
2.4MB

MD5
4a2884250ef883883955b40ce479e89f

SHA1
0776d64f72508a3962e7f29e82874a106d9e427e

SHA256
f1f5568d38e016833b7e2543c995a085fafcf0e6ff81dbd51d0c01af7f1e90bd

SHA512
33083edac9064ca32f1f0009af28641fdc69d623c01106c34a1f45a4df73f62d7f9e30c701061172220b62c90038abd78f197b121db0da3dcf81a3a3b095a099

Download Submit
C:\Windows\System\VgNWWNG.exe

Filesize
2.4MB

MD5
0a46c232d6d0a10c4ce9b8f823650d77

SHA1
68223a69ad60500438a5f88d0325dd85fc955cd2

SHA256
e06f390c55aefd011a9d85d6b8e6a85210916f51d77994f26484e0382c99a0a0

SHA512
6fa173a5ff9b28b1c65de20c4ec9f97ce0edb2244fa6b8d3414b541404752839743528b71ae4bffc19a955403a4ccc60d3e5cead153d05b0b4fe5f624d2260d8

Download Submit
C:\Windows\System\WdbPuoS.exe

Filesize
2.4MB

MD5
7db020c00d7d282e36bffa3af3f5ed48

SHA1
c8dfb31e31968c3daa21eaf2021904d9ebb7fd20

SHA256
12cdf1be4a53238278cfcf0205403005e921b971e8d55447d1e8c51159f24d18

SHA512
c1a4056bb364d38de4b8b08b8fdc6bc70fd20ecf822c53613b2ace148a60db43deeede941aef4f7313bcd0b1388b0ce0c83b268def21c367f249a9d1c6dd3ccc

Download Submit
C:\Windows\System\XFVAqsY.exe

Filesize
2.4MB

MD5
3115d92728ad714e28ff492ee273d325

SHA1
435717eee786926a81368f59eb666fc142df9531

SHA256
0c94b17b990e4893695577351e65878bce3a55c7d629a7cd5d2b82a0e8a6cec5

SHA512
cd9912d05e37d66f42a516f22f32ffc73bcee1b669bb1a6747d139b71a9ef2b85bcdbe32e7a609fc652463b74be99fb4480a9fea251710b5a9f97a4ffbbad414

Download Submit
C:\Windows\System\YbZGyUr.exe

Filesize
2.4MB

MD5
19b6993671f8823f20eed768732a79a2

SHA1
0798581c7e347426bffadc61c16d0dd1e7b3fc18

SHA256
3b94d13cda4cf7d83878623cb7d2fccf09dc2477813fb180ae98de9085bdb295

SHA512
e7c53c97d16ea493e33e0f4bf7e9ba2f467923f85d157f481601cb2b5e5533bc6449a4035ec5a27e45d569d9ef81258cf80217bb2653f041ca2129bb1f249a2d

Download Submit
C:\Windows\System\ZEHIVDi.exe

Filesize
2.4MB

MD5
effc0ed054589b6370282f4ca24c8810

SHA1
448c9277ae8710dbce375c59c5fe3a0dceed594d

SHA256
8577857fb29c12c16498814deb640d751fac7a9e9a693bad3e77ba957bda294e

SHA512
83fde735e25eaa0f9564ce3770cb2630fd935a9176ccebb4f1c00dd7037e9b88e519416ba335b7407b07fefa1ccc0511a3dd7c4d00ec91596d70f36b21e6ca2d

Download Submit
C:\Windows\System\bmhRCYj.exe

Filesize
2.4MB

MD5
b85ad8395286df4d740db19373ffbe2b

SHA1
42a1d5bee8701c5436b024ea6864856aaec37c01

SHA256
a3b6ed917e5f9f0148e2b66ca53d32c42be788c35ca6862207650b698c1ae4a2

SHA512
00313519086abcd36e60298efcff0c5a8e78373cdd9ecb423003a1eabf28f332bb34ff265668e02a7436896e3d63601cc90e243a1a060a00636ee20e70c88c51

Download Submit
C:\Windows\System\dxLNgUV.exe

Filesize
2.4MB

MD5
5353ed4cb507725dea8599423628d53e

SHA1
d52e38f3f0b1a0c5d028bee21df2030ce1983a58

SHA256
ea272cd77fd35e5dcbacba95f4fc0c6dab04bb2901ea48ac7f6f016a3bb49c30

SHA512
a490bd0adaedaeab99f380e06d8fb3943125f964fee07e7426e17b46135277cbd3239048a6237b647f32bf32a5a7bf07e8004458b7070a2056b6a77789b62983

Download Submit
C:\Windows\System\eWzvQLk.exe

Filesize
2.4MB

MD5
8d054babba0cc0e6dc3a3efdf3b4dfcd

SHA1
e7b0fc83cc6f874d9b54a16b9efa4e5b70c4c3a8

SHA256
0bf27bf36d5adfee272d4975b564ab66deae9f8f62664fdb54cdb3fd8c10ed9d

SHA512
1159ee5ffe83f9c2b6607152a6f8bf3a4b7e9c0437c96054907b6bc0414116776026fbe5a7cc8e32a1bfa16f8dd55e215169d850223cc0ded53d65414d1f6035

Download Submit
C:\Windows\System\hiwDjIy.exe

Filesize
2.4MB

MD5
38c7ce05420095701636410022235649

SHA1
d3267fcd4df855af3bfe8c0461abda678e5bb535

SHA256
2d3987ed74d75a6fb3a3cc74c700362019f2ea07c87d1c20e199a4c7817fca77

SHA512
a4a61bc5a11277e8a20ab655ad9bc7768067f007f060e4b9ff70c9c4fd441b4d82294505f7bf8afd10429ca7045f5380aaf3abc206b4aa091b818642cd2b6ef8

Download Submit
C:\Windows\System\nCAbnKL.exe

Filesize
2.4MB

MD5
14ac9680476fc8788434d80455f07a5f

SHA1
51fb17bd978a8af91b0ea528aa9072dbccdfbc46

SHA256
c8cb024de205d457c8b1f8dbfe0afdb42d25886ef92d73b4b0ea1e550a8c2486

SHA512
00899ee968055715bfa26abc0ba75dece0d10a2a51c817212806ea5372d401567ee28e90974c9c917564e7789e20f79875e7a6b46c78f0074a90977cd8c15284

Download Submit
C:\Windows\System\ocMkMan.exe

Filesize
2.4MB

MD5
0d40143ed9fd54efd0ea3e733bbab764

SHA1
78bb398b2ab75d60e1b740f46cfa0d33717ec4e3

SHA256
a0c1b519ae741d85a384c6b42a7304123fe33d1a1e505031273183e5d6849763

SHA512
c0429c306056a6e5e0c9a2ba6776332deb28c1d517b45d4e9d727426b782f7fae1fb8a5da69727cc5009e675467cd0d2b383a04a0c79eec479e872fdf4444c96

Download Submit
C:\Windows\System\qBAhKuI.exe

Filesize
2.4MB

MD5
0c78836264018cd669724f9ff1760714

SHA1
371b8efd3134d2dc47b25bbe55dce64954cd53a0

SHA256
217a7a1254271c2b60bcbabf1db4842233dea66a2c7e9d0a6397c854c97550cf

SHA512
597cd6fc84810f8d53f919a5cd2e80956bb35278040cef3db094fa5b690592ec18bc2664e42d0c75df6b745899d418e683fdd6191f48a314c0dfde5db54d5f60

Download Submit
C:\Windows\System\qrpwSHI.exe

Filesize
2.4MB

MD5
b30a2c8396b388b44856a554e0b70464

SHA1
8028c8361443c8d6927d0841f699bafd133f4594

SHA256
572dbda55dc1de6fd06237cdd02a85e431f26e35eb717a01edc866b841462487

SHA512
12e8f5c5e86b772ba9e7cdb453fcc40e93a114ba461dd3aa9293c49ba6ccf29159a0a22eac9ab865b7f518b17f2de50206d18b6742599adf78a6f7b47cba71a3

Download Submit
C:\Windows\System\sgiuGuu.exe

Filesize
2.4MB

MD5
ba4fc3d674ee98a649d6112361f13391

SHA1
a9d7c7492cf4f917bc2d3b15f0805ad1616f7b6b

SHA256
81be9b6b3eea52331351922758cc3004ba72b899d3683d7de539dc62d5465706

SHA512
eab8087911f6524a3e7b1bd9ed63c8c45f6cb539360e70418e08a729b131a22f0eac25258e1d804a27e248515ba5c7ad0bdbfdf43f7e80f5fdda19bbc6387f46

Download Submit
C:\Windows\System\unOFVuv.exe

Filesize
2.4MB

MD5
801a70838906a6947efc73884f33a3a6

SHA1
f78b12ad49b9bd4f0c35f6be0f75b048de53d1c8

SHA256
f09fe5bd19a60c6c2444a71e8bd25d41f07f3d927032d6e98907af4ccf5b98e9

SHA512
bd5728300506e86a7f06fc533848bb17c1cf053b1cf2476a9af724585672252a93404905000d5c31d37487e8425d0c63d16af991b140ded69f5241ae2511c733

Download Submit
C:\Windows\System\wGhbLXI.exe

Filesize
2.4MB

MD5
ffe0d5424d0778e249a648901cae77f7

SHA1
73f67164933ca68d709ecdb663e266a59d665bc9

SHA256
fb8e8bdf837d49971b28c5c3b0568e6a30d1ecf7832eef0ce23d9492b800c433

SHA512
82457fb001686440c550534363f23a01e5bec2c4cd416bf5a25ca18b85fb64d632f3f1ef1713a5a6610586e3e1c552525a8696ceaa5e4bcdc954879b94528c1e

Download Submit
C:\Windows\System\wjrlUEz.exe

Filesize
2.4MB

MD5
701bb3298a2563415b0c66b1ab0bfb6d

SHA1
fb9b548d4d43eba0036e2eefbe70ab41ad8ec68c

SHA256
0c139f1bd5bec1d7c654296bcc952b6d2fd01a2343eb9ae03c3e57d46d8a2bfd

SHA512
ec32dcefd76ab131757eb2a88fc39c3a89ebdc33000f808fe92c2dbb3fd04210f4902b75fcd21cc90492f4d201beb7b050f43383d72e3559fb80d81808253884

Download Submit
C:\Windows\System\zpxKwzt.exe

Filesize
2.4MB

MD5
12af635b6a439b22bebb0e50cce31fd2

SHA1
bd8ae0172bbe29effa8b5d800469e2a196cadffa

SHA256
6615d6755016b40720ed3e80bae6ae767024446eda22357b8ef11779136c02a9

SHA512
01e3bc418034535ba02e94ceff50f9424e8a36ee9349f026a13711c0780cd0bd2db547f5852984c15d651561dd5987bb2eb0f23b3b58c727f110749d480e47c2

Download Submit
memory/404-24-0x00007FF62F7D0000-0x00007FF62FB24000-memory.dmp

Filesize
3.3MB

Download
memory/404-2141-0x00007FF62F7D0000-0x00007FF62FB24000-memory.dmp

Filesize
3.3MB

Download
memory/404-2143-0x00007FF62F7D0000-0x00007FF62FB24000-memory.dmp

Filesize
3.3MB

Download
memory/408-2164-0x00007FF68A780000-0x00007FF68AAD4000-memory.dmp

Filesize
3.3MB

Download
memory/408-683-0x00007FF68A780000-0x00007FF68AAD4000-memory.dmp

Filesize
3.3MB

Download
memory/632-8-0x00007FF624AE0000-0x00007FF624E34000-memory.dmp

Filesize
3.3MB

Download
memory/632-2142-0x00007FF624AE0000-0x00007FF624E34000-memory.dmp

Filesize
3.3MB

Download
memory/632-2139-0x00007FF624AE0000-0x00007FF624E34000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2149-0x00007FF7849B0000-0x00007FF784D04000-memory.dmp

Filesize
3.3MB

Download
memory/1008-611-0x00007FF7849B0000-0x00007FF784D04000-memory.dmp

Filesize
3.3MB

Download
memory/1056-2155-0x00007FF79A9A0000-0x00007FF79ACF4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-609-0x00007FF79A9A0000-0x00007FF79ACF4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-615-0x00007FF612A40000-0x00007FF612D94000-memory.dmp

Filesize
3.3MB

Download
memory/1224-2154-0x00007FF612A40000-0x00007FF612D94000-memory.dmp

Filesize
3.3MB

Download
memory/1344-2169-0x00007FF708F80000-0x00007FF7092D4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-658-0x00007FF708F80000-0x00007FF7092D4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2151-0x00007FF7F8250000-0x00007FF7F85A4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-613-0x00007FF7F8250000-0x00007FF7F85A4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-693-0x00007FF6C45F0000-0x00007FF6C4944000-memory.dmp

Filesize
3.3MB

Download
memory/1692-2162-0x00007FF6C45F0000-0x00007FF6C4944000-memory.dmp

Filesize
3.3MB

Download
memory/1812-635-0x00007FF6E8B60000-0x00007FF6E8EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-2158-0x00007FF6E8B60000-0x00007FF6E8EB4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-1-0x0000024709670000-0x0000024709680000-memory.dmp

Filesize
64KB

Download
memory/1816-0-0x00007FF704A60000-0x00007FF704DB4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-645-0x00007FF664570000-0x00007FF6648C4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-2159-0x00007FF664570000-0x00007FF6648C4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-610-0x00007FF6FC180000-0x00007FF6FC4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2153-0x00007FF6FC180000-0x00007FF6FC4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-628-0x00007FF74F390000-0x00007FF74F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-2157-0x00007FF74F390000-0x00007FF74F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-606-0x00007FF762E20000-0x00007FF763174000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2146-0x00007FF762E20000-0x00007FF763174000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2160-0x00007FF60AD40000-0x00007FF60B094000-memory.dmp

Filesize
3.3MB

Download
memory/2760-666-0x00007FF60AD40000-0x00007FF60B094000-memory.dmp

Filesize
3.3MB

Download
memory/3204-2170-0x00007FF757390000-0x00007FF7576E4000-memory.dmp

Filesize
3.3MB

Download
memory/3204-639-0x00007FF757390000-0x00007FF7576E4000-memory.dmp

Filesize
3.3MB

Download
memory/3260-608-0x00007FF6B2880000-0x00007FF6B2BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3260-2148-0x00007FF6B2880000-0x00007FF6B2BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3568-2163-0x00007FF67B7D0000-0x00007FF67BB24000-memory.dmp

Filesize
3.3MB

Download
memory/3568-691-0x00007FF67B7D0000-0x00007FF67BB24000-memory.dmp

Filesize
3.3MB

Download
memory/3680-607-0x00007FF6D12A0000-0x00007FF6D15F4000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2147-0x00007FF6D12A0000-0x00007FF6D15F4000-memory.dmp

Filesize
3.3MB

Download
memory/3768-679-0x00007FF737FA0000-0x00007FF7382F4000-memory.dmp

Filesize
3.3MB

Download
memory/3768-2165-0x00007FF737FA0000-0x00007FF7382F4000-memory.dmp

Filesize
3.3MB

Download
memory/4024-2168-0x00007FF7802D0000-0x00007FF780624000-memory.dmp

Filesize
3.3MB

Download
memory/4024-651-0x00007FF7802D0000-0x00007FF780624000-memory.dmp

Filesize
3.3MB

Download
memory/4116-2156-0x00007FF750D30000-0x00007FF751084000-memory.dmp

Filesize
3.3MB

Download
memory/4116-622-0x00007FF750D30000-0x00007FF751084000-memory.dmp

Filesize
3.3MB

Download
memory/4164-2152-0x00007FF703690000-0x00007FF7039E4000-memory.dmp

Filesize
3.3MB

Download
memory/4164-612-0x00007FF703690000-0x00007FF7039E4000-memory.dmp

Filesize
3.3MB

Download
memory/4176-2150-0x00007FF68C410000-0x00007FF68C764000-memory.dmp

Filesize
3.3MB

Download
memory/4176-614-0x00007FF68C410000-0x00007FF68C764000-memory.dmp

Filesize
3.3MB

Download
memory/4264-2144-0x00007FF7B3390000-0x00007FF7B36E4000-memory.dmp

Filesize
3.3MB

Download
memory/4264-605-0x00007FF7B3390000-0x00007FF7B36E4000-memory.dmp

Filesize
3.3MB

Download
memory/4544-2166-0x00007FF7120E0000-0x00007FF712434000-memory.dmp

Filesize
3.3MB

Download
memory/4544-676-0x00007FF7120E0000-0x00007FF712434000-memory.dmp

Filesize
3.3MB

Download
memory/4724-674-0x00007FF6B1500000-0x00007FF6B1854000-memory.dmp

Filesize
3.3MB

Download
memory/4724-2167-0x00007FF6B1500000-0x00007FF6B1854000-memory.dmp

Filesize
3.3MB

Download
memory/4956-695-0x00007FF636F90000-0x00007FF6372E4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-2145-0x00007FF636F90000-0x00007FF6372E4000-memory.dmp

Filesize
3.3MB

Download
memory/5084-2161-0x00007FF756FC0000-0x00007FF757314000-memory.dmp

Filesize
3.3MB

Download
memory/5084-669-0x00007FF756FC0000-0x00007FF757314000-memory.dmp

Filesize
3.3MB

Download