xmrig | 24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db

Analysis

max time kernel
121s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
Size

1.7MB
MD5

00915893fe8492f4c182e4f4cdc011c0
SHA1

8e1ee2c4eb75160aeb50050c5a4a39956c411e34
SHA256

24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db
SHA512

88851009e2b626f978d3aeeb1fa4baae4ad4eac3e16074e0ead1d37998939cc7c2b8e2d5f04692047348037c41ad87ec7e2d3340bf29ca83bcb6bfa4739f9f3a
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Qk7SW7r+kQQ7dXQARBa5e0ag2K0hvL78:Lz071uv4BPMkyW10/wKV7hjSe05c2zr

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/4008-55-0x00007FF68F160000-0x00007FF68F552000-memory.dmp	xmrig
behavioral2/memory/1132-84-0x00007FF7774C0000-0x00007FF7778B2000-memory.dmp	xmrig
behavioral2/memory/1244-99-0x00007FF7645F0000-0x00007FF7649E2000-memory.dmp	xmrig
behavioral2/memory/1620-105-0x00007FF6133A0000-0x00007FF613792000-memory.dmp	xmrig
behavioral2/memory/2256-108-0x00007FF6440A0000-0x00007FF644492000-memory.dmp	xmrig
behavioral2/memory/2740-464-0x00007FF6B77A0000-0x00007FF6B7B92000-memory.dmp	xmrig
behavioral2/memory/4980-465-0x00007FF684DE0000-0x00007FF6851D2000-memory.dmp	xmrig
behavioral2/memory/4764-467-0x00007FF7583F0000-0x00007FF7587E2000-memory.dmp	xmrig
behavioral2/memory/1964-466-0x00007FF695FB0000-0x00007FF6963A2000-memory.dmp	xmrig
behavioral2/memory/4428-469-0x00007FF7F7D90000-0x00007FF7F8182000-memory.dmp	xmrig
behavioral2/memory/3168-471-0x00007FF7A10D0000-0x00007FF7A14C2000-memory.dmp	xmrig
behavioral2/memory/1084-470-0x00007FF61FA80000-0x00007FF61FE72000-memory.dmp	xmrig
behavioral2/memory/380-468-0x00007FF7BD940000-0x00007FF7BDD32000-memory.dmp	xmrig
behavioral2/memory/3160-107-0x00007FF6991D0000-0x00007FF6995C2000-memory.dmp	xmrig
behavioral2/memory/1172-100-0x00007FF6DF040000-0x00007FF6DF432000-memory.dmp	xmrig
behavioral2/memory/212-96-0x00007FF71B600000-0x00007FF71B9F2000-memory.dmp	xmrig
behavioral2/memory/3960-94-0x00007FF7CA310000-0x00007FF7CA702000-memory.dmp	xmrig
behavioral2/memory/2376-90-0x00007FF7483B0000-0x00007FF7487A2000-memory.dmp	xmrig
behavioral2/memory/1316-85-0x00007FF745F30000-0x00007FF746322000-memory.dmp	xmrig
behavioral2/memory/1656-80-0x00007FF6137F0000-0x00007FF613BE2000-memory.dmp	xmrig
behavioral2/memory/4540-62-0x00007FF7FCC30000-0x00007FF7FD022000-memory.dmp	xmrig
behavioral2/memory/4044-2651-0x00007FF6A4AB0000-0x00007FF6A4EA2000-memory.dmp	xmrig
behavioral2/memory/4940-2654-0x00007FF738590000-0x00007FF738982000-memory.dmp	xmrig
behavioral2/memory/1648-2655-0x00007FF65F0E0000-0x00007FF65F4D2000-memory.dmp	xmrig
behavioral2/memory/2928-2688-0x00007FF740130000-0x00007FF740522000-memory.dmp	xmrig
behavioral2/memory/4940-2690-0x00007FF738590000-0x00007FF738982000-memory.dmp	xmrig
behavioral2/memory/4008-2693-0x00007FF68F160000-0x00007FF68F552000-memory.dmp	xmrig
behavioral2/memory/1648-2694-0x00007FF65F0E0000-0x00007FF65F4D2000-memory.dmp	xmrig
behavioral2/memory/4540-2696-0x00007FF7FCC30000-0x00007FF7FD022000-memory.dmp	xmrig
behavioral2/memory/3960-2698-0x00007FF7CA310000-0x00007FF7CA702000-memory.dmp	xmrig
behavioral2/memory/1656-2700-0x00007FF6137F0000-0x00007FF613BE2000-memory.dmp	xmrig
behavioral2/memory/1316-2703-0x00007FF745F30000-0x00007FF746322000-memory.dmp	xmrig
behavioral2/memory/1172-2704-0x00007FF6DF040000-0x00007FF6DF432000-memory.dmp	xmrig
behavioral2/memory/1244-2712-0x00007FF7645F0000-0x00007FF7649E2000-memory.dmp	xmrig
behavioral2/memory/2376-2708-0x00007FF7483B0000-0x00007FF7487A2000-memory.dmp	xmrig
behavioral2/memory/1132-2707-0x00007FF7774C0000-0x00007FF7778B2000-memory.dmp	xmrig
behavioral2/memory/212-2711-0x00007FF71B600000-0x00007FF71B9F2000-memory.dmp	xmrig
behavioral2/memory/1620-2714-0x00007FF6133A0000-0x00007FF613792000-memory.dmp	xmrig
behavioral2/memory/3160-2728-0x00007FF6991D0000-0x00007FF6995C2000-memory.dmp	xmrig
behavioral2/memory/2928-2727-0x00007FF740130000-0x00007FF740522000-memory.dmp	xmrig
behavioral2/memory/2740-2725-0x00007FF6B77A0000-0x00007FF6B7B92000-memory.dmp	xmrig
behavioral2/memory/4980-2723-0x00007FF684DE0000-0x00007FF6851D2000-memory.dmp	xmrig
behavioral2/memory/380-2717-0x00007FF7BD940000-0x00007FF7BDD32000-memory.dmp	xmrig
behavioral2/memory/1964-2721-0x00007FF695FB0000-0x00007FF6963A2000-memory.dmp	xmrig
behavioral2/memory/4764-2719-0x00007FF7583F0000-0x00007FF7587E2000-memory.dmp	xmrig
behavioral2/memory/2256-2732-0x00007FF6440A0000-0x00007FF644492000-memory.dmp	xmrig
behavioral2/memory/1084-2736-0x00007FF61FA80000-0x00007FF61FE72000-memory.dmp	xmrig
behavioral2/memory/3168-2734-0x00007FF7A10D0000-0x00007FF7A14C2000-memory.dmp	xmrig
behavioral2/memory/4428-2730-0x00007FF7F7D90000-0x00007FF7F8182000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	3688	powershell.exe
10	3688	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3688	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4940	Whxotct.exe
1648	nxgBWPT.exe
4008	oFXGDVD.exe
3960	gyillFP.exe
4540	AZzcxDE.exe
1656	nAzyziz.exe
1132	KrgiBBE.exe
212	KJzJOBQ.exe
1244	cMKLNID.exe
1316	ZxjhjSn.exe
1172	cTPGNMU.exe
2376	UNLNxVT.exe
1620	viEVwaq.exe
3160	vGUDvvP.exe
2256	QxjkewC.exe
2928	AEzQWuR.exe
2740	ujElzmr.exe
4980	cDKBlkP.exe
1964	gOljREV.exe
4764	JnvJDPm.exe
380	MiPPJTs.exe
4428	QRfwTsh.exe
1084	XPfdDst.exe
3168	FjRmubj.exe
2268	kloBxIC.exe
1200	QFLmgSo.exe
4216	EgdyRpo.exe
5064	JgphnNB.exe
1272	SrrKZQL.exe
3628	YNEwmus.exe
4804	WdzlvFM.exe
2512	nuxgfAq.exe
4192	evaYoZH.exe
2832	vaWkgOC.exe
3188	BqnWCzl.exe
468	pWTwXAQ.exe
3816	kWkYLxw.exe
3460	EfHgVqA.exe
976	siSPnKT.exe
2148	yvkDtce.exe
1472	xcQueTP.exe
1360	LPMNSad.exe
4452	dFxnroJ.exe
2604	bqHxnuN.exe
3724	ApAAmAZ.exe
208	XOqvpgn.exe
2776	trLycSO.exe
3368	MAfRkCy.exe
3692	LSUcJJr.exe
2444	XGmHgGE.exe
4796	RCTpXiT.exe
4908	MuqNNLJ.exe
4912	ZcgPuuJ.exe
2212	nVRAxmg.exe
2436	kHRhDIR.exe
4640	YvLuOhT.exe
2308	SQwqSoB.exe
4004	xwyPsUR.exe
3564	xChIJgk.exe
1524	VwomxTF.exe
4432	LEZAQZZ.exe
1616	EOOHqut.exe
4444	IQxbZwy.exe
4448	sfkXwqH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4044-0-0x00007FF6A4AB0000-0x00007FF6A4EA2000-memory.dmp	upx
behavioral2/files/0x0004000000023078-5.dat	upx
behavioral2/files/0x0007000000023566-31.dat	upx
behavioral2/files/0x0007000000023568-30.dat	upx
behavioral2/files/0x0007000000023567-32.dat	upx
behavioral2/memory/4008-55-0x00007FF68F160000-0x00007FF68F552000-memory.dmp	upx
behavioral2/files/0x000700000002356b-61.dat	upx
behavioral2/files/0x000700000002356e-70.dat	upx
behavioral2/files/0x000700000002356f-76.dat	upx
behavioral2/memory/1132-84-0x00007FF7774C0000-0x00007FF7778B2000-memory.dmp	upx
behavioral2/files/0x0007000000023570-89.dat	upx
behavioral2/memory/1244-99-0x00007FF7645F0000-0x00007FF7649E2000-memory.dmp	upx
behavioral2/memory/1620-105-0x00007FF6133A0000-0x00007FF613792000-memory.dmp	upx
behavioral2/memory/2256-108-0x00007FF6440A0000-0x00007FF644492000-memory.dmp	upx
behavioral2/files/0x0007000000023575-127.dat	upx
behavioral2/files/0x0007000000023576-140.dat	upx
behavioral2/files/0x0007000000023579-155.dat	upx
behavioral2/files/0x000700000002357e-180.dat	upx
behavioral2/files/0x0007000000023582-192.dat	upx
behavioral2/memory/2740-464-0x00007FF6B77A0000-0x00007FF6B7B92000-memory.dmp	upx
behavioral2/memory/4980-465-0x00007FF684DE0000-0x00007FF6851D2000-memory.dmp	upx
behavioral2/memory/4764-467-0x00007FF7583F0000-0x00007FF7587E2000-memory.dmp	upx
behavioral2/memory/1964-466-0x00007FF695FB0000-0x00007FF6963A2000-memory.dmp	upx
behavioral2/memory/4428-469-0x00007FF7F7D90000-0x00007FF7F8182000-memory.dmp	upx
behavioral2/memory/3168-471-0x00007FF7A10D0000-0x00007FF7A14C2000-memory.dmp	upx
behavioral2/memory/1084-470-0x00007FF61FA80000-0x00007FF61FE72000-memory.dmp	upx
behavioral2/memory/380-468-0x00007FF7BD940000-0x00007FF7BDD32000-memory.dmp	upx
behavioral2/files/0x0007000000023580-190.dat	upx
behavioral2/files/0x0007000000023581-187.dat	upx
behavioral2/files/0x000700000002357f-185.dat	upx
behavioral2/files/0x000700000002357d-175.dat	upx
behavioral2/files/0x000700000002357c-170.dat	upx
behavioral2/files/0x000700000002357b-165.dat	upx
behavioral2/files/0x000700000002357a-160.dat	upx
behavioral2/files/0x0007000000023578-150.dat	upx
behavioral2/files/0x0007000000023577-145.dat	upx
behavioral2/files/0x0007000000023574-130.dat	upx
behavioral2/files/0x0007000000023573-125.dat	upx
behavioral2/files/0x0007000000023572-118.dat	upx
behavioral2/memory/2928-111-0x00007FF740130000-0x00007FF740522000-memory.dmp	upx
behavioral2/files/0x0008000000023562-109.dat	upx
behavioral2/memory/3160-107-0x00007FF6991D0000-0x00007FF6995C2000-memory.dmp	upx
behavioral2/files/0x0007000000023571-101.dat	upx
behavioral2/memory/1172-100-0x00007FF6DF040000-0x00007FF6DF432000-memory.dmp	upx
behavioral2/memory/212-96-0x00007FF71B600000-0x00007FF71B9F2000-memory.dmp	upx
behavioral2/memory/3960-94-0x00007FF7CA310000-0x00007FF7CA702000-memory.dmp	upx
behavioral2/memory/2376-90-0x00007FF7483B0000-0x00007FF7487A2000-memory.dmp	upx
behavioral2/files/0x000800000002356c-87.dat	upx
behavioral2/memory/1316-85-0x00007FF745F30000-0x00007FF746322000-memory.dmp	upx
behavioral2/memory/1656-80-0x00007FF6137F0000-0x00007FF613BE2000-memory.dmp	upx
behavioral2/files/0x000800000002356d-74.dat	upx
behavioral2/memory/4540-62-0x00007FF7FCC30000-0x00007FF7FD022000-memory.dmp	upx
behavioral2/files/0x000700000002356a-60.dat	upx
behavioral2/files/0x0007000000023569-57.dat	upx
behavioral2/files/0x000a000000023559-25.dat	upx
behavioral2/memory/1648-21-0x00007FF65F0E0000-0x00007FF65F4D2000-memory.dmp	upx
behavioral2/files/0x0007000000023565-20.dat	upx
behavioral2/memory/4940-9-0x00007FF738590000-0x00007FF738982000-memory.dmp	upx
behavioral2/memory/4044-2651-0x00007FF6A4AB0000-0x00007FF6A4EA2000-memory.dmp	upx
behavioral2/memory/4940-2654-0x00007FF738590000-0x00007FF738982000-memory.dmp	upx
behavioral2/memory/1648-2655-0x00007FF65F0E0000-0x00007FF65F4D2000-memory.dmp	upx
behavioral2/memory/2928-2688-0x00007FF740130000-0x00007FF740522000-memory.dmp	upx
behavioral2/memory/4940-2690-0x00007FF738590000-0x00007FF738982000-memory.dmp	upx
behavioral2/memory/4008-2693-0x00007FF68F160000-0x00007FF68F552000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JjeLgwS.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\eqgjHpL.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\EhtJWyI.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\JkMKQqu.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\adVqhkU.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\VmcbNdY.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\RHAhyZL.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\MtIQlpM.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\rzWvmWo.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\avFcUSX.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\yBVnKwp.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\flrABPT.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\iTggkIC.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\OyEgUVY.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\WtXAsSG.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\bHYNVKX.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\iYzdRJp.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\PJKawjU.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\EqoRewg.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\diHOwnb.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\vtujbLq.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\CYSZqgW.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\feeholT.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\cjGwayX.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\bnrQQTm.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\GTHPSuA.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\JmqmvhE.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\trLycSO.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\bbqFEWB.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\ORIEVoA.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\IrBSuoa.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\UtjOSKG.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\cYdscGN.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\UvpUkpO.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\RgcPcNT.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\RftvOMR.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\ukNMsFI.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\GmnDGwM.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\sutidTH.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\raDhgqJ.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\mDeHxAz.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\YPPlnLi.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\Dnlzgld.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\agqspeA.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\DBYbKKZ.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\igsbJVW.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\TXcYyvJ.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\LjSoogN.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\OEMrLIf.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\jXMbeYp.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\dOHUHQe.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\OSGBikN.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\ClJeOcB.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\qYdogSp.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\guBJyoE.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\VMYCGxE.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\bYvrjji.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\wirwAzG.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\oSsnUyl.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\RhReBfT.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\JEtuLDl.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\jhPUkaR.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\PozQToi.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
File created	C:\Windows\System\CvdHmoL.exe	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3688	powershell.exe
3688	powershell.exe
3688	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
Token: SeDebugPrivilege	3688	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 3688	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	83
PID 4044 wrote to memory of 3688	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	83
PID 4044 wrote to memory of 4940	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	84
PID 4044 wrote to memory of 4940	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	84
PID 4044 wrote to memory of 1648	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	85
PID 4044 wrote to memory of 1648	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	85
PID 4044 wrote to memory of 4008	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	86
PID 4044 wrote to memory of 4008	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	86
PID 4044 wrote to memory of 4540	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	87
PID 4044 wrote to memory of 4540	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	87
PID 4044 wrote to memory of 3960	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	88
PID 4044 wrote to memory of 3960	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	88
PID 4044 wrote to memory of 1656	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	89
PID 4044 wrote to memory of 1656	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	89
PID 4044 wrote to memory of 1132	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	90
PID 4044 wrote to memory of 1132	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	90
PID 4044 wrote to memory of 212	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	91
PID 4044 wrote to memory of 212	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	91
PID 4044 wrote to memory of 1244	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	92
PID 4044 wrote to memory of 1244	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	92
PID 4044 wrote to memory of 1316	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	93
PID 4044 wrote to memory of 1316	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	93
PID 4044 wrote to memory of 1172	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	94
PID 4044 wrote to memory of 1172	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	94
PID 4044 wrote to memory of 2376	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	95
PID 4044 wrote to memory of 2376	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	95
PID 4044 wrote to memory of 1620	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	96
PID 4044 wrote to memory of 1620	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	96
PID 4044 wrote to memory of 3160	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	97
PID 4044 wrote to memory of 3160	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	97
PID 4044 wrote to memory of 2256	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	98
PID 4044 wrote to memory of 2256	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	98
PID 4044 wrote to memory of 2928	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	99
PID 4044 wrote to memory of 2928	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	99
PID 4044 wrote to memory of 2740	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	100
PID 4044 wrote to memory of 2740	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	100
PID 4044 wrote to memory of 4980	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	101
PID 4044 wrote to memory of 4980	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	101
PID 4044 wrote to memory of 1964	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	102
PID 4044 wrote to memory of 1964	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	102
PID 4044 wrote to memory of 4764	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	103
PID 4044 wrote to memory of 4764	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	103
PID 4044 wrote to memory of 380	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	104
PID 4044 wrote to memory of 380	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	104
PID 4044 wrote to memory of 4428	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	105
PID 4044 wrote to memory of 4428	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	105
PID 4044 wrote to memory of 1084	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	106
PID 4044 wrote to memory of 1084	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	106
PID 4044 wrote to memory of 3168	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	107
PID 4044 wrote to memory of 3168	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	107
PID 4044 wrote to memory of 2268	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	108
PID 4044 wrote to memory of 2268	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	108
PID 4044 wrote to memory of 1200	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	109
PID 4044 wrote to memory of 1200	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	109
PID 4044 wrote to memory of 4216	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	110
PID 4044 wrote to memory of 4216	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	110
PID 4044 wrote to memory of 5064	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	111
PID 4044 wrote to memory of 5064	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	111
PID 4044 wrote to memory of 1272	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	112
PID 4044 wrote to memory of 1272	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	112
PID 4044 wrote to memory of 3628	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	113
PID 4044 wrote to memory of 3628	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	113
PID 4044 wrote to memory of 4804	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	114
PID 4044 wrote to memory of 4804	4044	24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\24c85a8088c4aaf151b40ca89f433323ef2f0f2367aee1baac35e38c899b28db_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3688
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3688" "2976" "2928" "2980" "0" "0" "2984" "0" "0" "0" "0" "0"
    3⤵
    PID:13184
- C:\Windows\System\Whxotct.exe
  C:\Windows\System\Whxotct.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\nxgBWPT.exe
  C:\Windows\System\nxgBWPT.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\oFXGDVD.exe
  C:\Windows\System\oFXGDVD.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\AZzcxDE.exe
  C:\Windows\System\AZzcxDE.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\gyillFP.exe
  C:\Windows\System\gyillFP.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\nAzyziz.exe
  C:\Windows\System\nAzyziz.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\KrgiBBE.exe
  C:\Windows\System\KrgiBBE.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\KJzJOBQ.exe
  C:\Windows\System\KJzJOBQ.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\cMKLNID.exe
  C:\Windows\System\cMKLNID.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\ZxjhjSn.exe
  C:\Windows\System\ZxjhjSn.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\cTPGNMU.exe
  C:\Windows\System\cTPGNMU.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\UNLNxVT.exe
  C:\Windows\System\UNLNxVT.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\viEVwaq.exe
  C:\Windows\System\viEVwaq.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\vGUDvvP.exe
  C:\Windows\System\vGUDvvP.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\QxjkewC.exe
  C:\Windows\System\QxjkewC.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\AEzQWuR.exe
  C:\Windows\System\AEzQWuR.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ujElzmr.exe
  C:\Windows\System\ujElzmr.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\cDKBlkP.exe
  C:\Windows\System\cDKBlkP.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\gOljREV.exe
  C:\Windows\System\gOljREV.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\JnvJDPm.exe
  C:\Windows\System\JnvJDPm.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\MiPPJTs.exe
  C:\Windows\System\MiPPJTs.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\QRfwTsh.exe
  C:\Windows\System\QRfwTsh.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\XPfdDst.exe
  C:\Windows\System\XPfdDst.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\FjRmubj.exe
  C:\Windows\System\FjRmubj.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\kloBxIC.exe
  C:\Windows\System\kloBxIC.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\QFLmgSo.exe
  C:\Windows\System\QFLmgSo.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\EgdyRpo.exe
  C:\Windows\System\EgdyRpo.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\JgphnNB.exe
  C:\Windows\System\JgphnNB.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\SrrKZQL.exe
  C:\Windows\System\SrrKZQL.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\YNEwmus.exe
  C:\Windows\System\YNEwmus.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\WdzlvFM.exe
  C:\Windows\System\WdzlvFM.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\nuxgfAq.exe
  C:\Windows\System\nuxgfAq.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\evaYoZH.exe
  C:\Windows\System\evaYoZH.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\vaWkgOC.exe
  C:\Windows\System\vaWkgOC.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\BqnWCzl.exe
  C:\Windows\System\BqnWCzl.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\pWTwXAQ.exe
  C:\Windows\System\pWTwXAQ.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\kWkYLxw.exe
  C:\Windows\System\kWkYLxw.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\EfHgVqA.exe
  C:\Windows\System\EfHgVqA.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\siSPnKT.exe
  C:\Windows\System\siSPnKT.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\yvkDtce.exe
  C:\Windows\System\yvkDtce.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\xcQueTP.exe
  C:\Windows\System\xcQueTP.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\LPMNSad.exe
  C:\Windows\System\LPMNSad.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\dFxnroJ.exe
  C:\Windows\System\dFxnroJ.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\bqHxnuN.exe
  C:\Windows\System\bqHxnuN.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ApAAmAZ.exe
  C:\Windows\System\ApAAmAZ.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\XOqvpgn.exe
  C:\Windows\System\XOqvpgn.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\trLycSO.exe
  C:\Windows\System\trLycSO.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\MAfRkCy.exe
  C:\Windows\System\MAfRkCy.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\LSUcJJr.exe
  C:\Windows\System\LSUcJJr.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\XGmHgGE.exe
  C:\Windows\System\XGmHgGE.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\RCTpXiT.exe
  C:\Windows\System\RCTpXiT.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\MuqNNLJ.exe
  C:\Windows\System\MuqNNLJ.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\ZcgPuuJ.exe
  C:\Windows\System\ZcgPuuJ.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\nVRAxmg.exe
  C:\Windows\System\nVRAxmg.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\kHRhDIR.exe
  C:\Windows\System\kHRhDIR.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\YvLuOhT.exe
  C:\Windows\System\YvLuOhT.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\SQwqSoB.exe
  C:\Windows\System\SQwqSoB.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\xwyPsUR.exe
  C:\Windows\System\xwyPsUR.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\xChIJgk.exe
  C:\Windows\System\xChIJgk.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\VwomxTF.exe
  C:\Windows\System\VwomxTF.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\LEZAQZZ.exe
  C:\Windows\System\LEZAQZZ.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\EOOHqut.exe
  C:\Windows\System\EOOHqut.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\IQxbZwy.exe
  C:\Windows\System\IQxbZwy.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\sfkXwqH.exe
  C:\Windows\System\sfkXwqH.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\lBozPnB.exe
  C:\Windows\System\lBozPnB.exe
  2⤵
  PID:560
- C:\Windows\System\OchJOMH.exe
  C:\Windows\System\OchJOMH.exe
  2⤵
  PID:2708
- C:\Windows\System\ioQSGkS.exe
  C:\Windows\System\ioQSGkS.exe
  2⤵
  PID:4588
- C:\Windows\System\sSECMqJ.exe
  C:\Windows\System\sSECMqJ.exe
  2⤵
  PID:4188
- C:\Windows\System\Iaavscm.exe
  C:\Windows\System\Iaavscm.exe
  2⤵
  PID:3596
- C:\Windows\System\NwQArSS.exe
  C:\Windows\System\NwQArSS.exe
  2⤵
  PID:1328
- C:\Windows\System\YjHxEvT.exe
  C:\Windows\System\YjHxEvT.exe
  2⤵
  PID:4180
- C:\Windows\System\sgHsJsj.exe
  C:\Windows\System\sgHsJsj.exe
  2⤵
  PID:2356
- C:\Windows\System\ukDRkcR.exe
  C:\Windows\System\ukDRkcR.exe
  2⤵
  PID:4760
- C:\Windows\System\ZIODeCO.exe
  C:\Windows\System\ZIODeCO.exe
  2⤵
  PID:4012
- C:\Windows\System\dHXIhIj.exe
  C:\Windows\System\dHXIhIj.exe
  2⤵
  PID:2348
- C:\Windows\System\lwunrgr.exe
  C:\Windows\System\lwunrgr.exe
  2⤵
  PID:4056
- C:\Windows\System\hhRZDqq.exe
  C:\Windows\System\hhRZDqq.exe
  2⤵
  PID:5148
- C:\Windows\System\DNFXIrS.exe
  C:\Windows\System\DNFXIrS.exe
  2⤵
  PID:5168
- C:\Windows\System\HWRlsKt.exe
  C:\Windows\System\HWRlsKt.exe
  2⤵
  PID:5196
- C:\Windows\System\eaFsvRy.exe
  C:\Windows\System\eaFsvRy.exe
  2⤵
  PID:5224
- C:\Windows\System\xKhfqvK.exe
  C:\Windows\System\xKhfqvK.exe
  2⤵
  PID:5252
- C:\Windows\System\bgprWSd.exe
  C:\Windows\System\bgprWSd.exe
  2⤵
  PID:5280
- C:\Windows\System\sxpTsBs.exe
  C:\Windows\System\sxpTsBs.exe
  2⤵
  PID:5308
- C:\Windows\System\HVHJdyK.exe
  C:\Windows\System\HVHJdyK.exe
  2⤵
  PID:5328
- C:\Windows\System\Enjewdo.exe
  C:\Windows\System\Enjewdo.exe
  2⤵
  PID:5364
- C:\Windows\System\DJdBlzK.exe
  C:\Windows\System\DJdBlzK.exe
  2⤵
  PID:5392
- C:\Windows\System\aPghISD.exe
  C:\Windows\System\aPghISD.exe
  2⤵
  PID:5424
- C:\Windows\System\PgzMKrt.exe
  C:\Windows\System\PgzMKrt.exe
  2⤵
  PID:5452
- C:\Windows\System\flrABPT.exe
  C:\Windows\System\flrABPT.exe
  2⤵
  PID:5480
- C:\Windows\System\lohUoUW.exe
  C:\Windows\System\lohUoUW.exe
  2⤵
  PID:5512
- C:\Windows\System\ejrEvvK.exe
  C:\Windows\System\ejrEvvK.exe
  2⤵
  PID:5540
- C:\Windows\System\GUvnzbQ.exe
  C:\Windows\System\GUvnzbQ.exe
  2⤵
  PID:5568
- C:\Windows\System\pgSBpga.exe
  C:\Windows\System\pgSBpga.exe
  2⤵
  PID:5596
- C:\Windows\System\KkcRkiq.exe
  C:\Windows\System\KkcRkiq.exe
  2⤵
  PID:5624
- C:\Windows\System\huPvugp.exe
  C:\Windows\System\huPvugp.exe
  2⤵
  PID:5652
- C:\Windows\System\UNvtpCJ.exe
  C:\Windows\System\UNvtpCJ.exe
  2⤵
  PID:5680
- C:\Windows\System\HIGRdyR.exe
  C:\Windows\System\HIGRdyR.exe
  2⤵
  PID:5712
- C:\Windows\System\pKFiPTx.exe
  C:\Windows\System\pKFiPTx.exe
  2⤵
  PID:5740
- C:\Windows\System\uwlYuYH.exe
  C:\Windows\System\uwlYuYH.exe
  2⤵
  PID:5768
- C:\Windows\System\bIEMtxv.exe
  C:\Windows\System\bIEMtxv.exe
  2⤵
  PID:5796
- C:\Windows\System\qijfUZT.exe
  C:\Windows\System\qijfUZT.exe
  2⤵
  PID:5824
- C:\Windows\System\VAtLRQU.exe
  C:\Windows\System\VAtLRQU.exe
  2⤵
  PID:5848
- C:\Windows\System\OdUaMZy.exe
  C:\Windows\System\OdUaMZy.exe
  2⤵
  PID:5876
- C:\Windows\System\LEVxUSw.exe
  C:\Windows\System\LEVxUSw.exe
  2⤵
  PID:5904
- C:\Windows\System\zjPQWbK.exe
  C:\Windows\System\zjPQWbK.exe
  2⤵
  PID:5932
- C:\Windows\System\cvHozaM.exe
  C:\Windows\System\cvHozaM.exe
  2⤵
  PID:5960
- C:\Windows\System\jpsSatt.exe
  C:\Windows\System\jpsSatt.exe
  2⤵
  PID:5988
- C:\Windows\System\EEFitCZ.exe
  C:\Windows\System\EEFitCZ.exe
  2⤵
  PID:6016
- C:\Windows\System\SSgihTN.exe
  C:\Windows\System\SSgihTN.exe
  2⤵
  PID:6044
- C:\Windows\System\YoKHAVn.exe
  C:\Windows\System\YoKHAVn.exe
  2⤵
  PID:6072
- C:\Windows\System\aOeNSRT.exe
  C:\Windows\System\aOeNSRT.exe
  2⤵
  PID:6104
- C:\Windows\System\AmUhAKw.exe
  C:\Windows\System\AmUhAKw.exe
  2⤵
  PID:6128
- C:\Windows\System\NzxUXFn.exe
  C:\Windows\System\NzxUXFn.exe
  2⤵
  PID:4476
- C:\Windows\System\BxzPRzu.exe
  C:\Windows\System\BxzPRzu.exe
  2⤵
  PID:2460
- C:\Windows\System\ZnFsaCZ.exe
  C:\Windows\System\ZnFsaCZ.exe
  2⤵
  PID:2956
- C:\Windows\System\UxqWGAL.exe
  C:\Windows\System\UxqWGAL.exe
  2⤵
  PID:5132
- C:\Windows\System\vhwzgBx.exe
  C:\Windows\System\vhwzgBx.exe
  2⤵
  PID:5208
- C:\Windows\System\UpIPurW.exe
  C:\Windows\System\UpIPurW.exe
  2⤵
  PID:5240
- C:\Windows\System\DzJxhKz.exe
  C:\Windows\System\DzJxhKz.exe
  2⤵
  PID:5296
- C:\Windows\System\GmnDGwM.exe
  C:\Windows\System\GmnDGwM.exe
  2⤵
  PID:5356
- C:\Windows\System\ljyxwPu.exe
  C:\Windows\System\ljyxwPu.exe
  2⤵
  PID:5408
- C:\Windows\System\AbrdDqb.exe
  C:\Windows\System\AbrdDqb.exe
  2⤵
  PID:5464
- C:\Windows\System\wpfSaan.exe
  C:\Windows\System\wpfSaan.exe
  2⤵
  PID:2916
- C:\Windows\System\nHsPhuY.exe
  C:\Windows\System\nHsPhuY.exe
  2⤵
  PID:5564
- C:\Windows\System\snyxYUf.exe
  C:\Windows\System\snyxYUf.exe
  2⤵
  PID:5724
- C:\Windows\System\mAJMmeT.exe
  C:\Windows\System\mAJMmeT.exe
  2⤵
  PID:5808
- C:\Windows\System\tmxJDZB.exe
  C:\Windows\System\tmxJDZB.exe
  2⤵
  PID:4208
- C:\Windows\System\feeholT.exe
  C:\Windows\System\feeholT.exe
  2⤵
  PID:2852
- C:\Windows\System\cnBRHaa.exe
  C:\Windows\System\cnBRHaa.exe
  2⤵
  PID:6004
- C:\Windows\System\TqqZNgp.exe
  C:\Windows\System\TqqZNgp.exe
  2⤵
  PID:4568
- C:\Windows\System\GYTrawD.exe
  C:\Windows\System\GYTrawD.exe
  2⤵
  PID:6096
- C:\Windows\System\hMiompJ.exe
  C:\Windows\System\hMiompJ.exe
  2⤵
  PID:1752
- C:\Windows\System\zeFrcRp.exe
  C:\Windows\System\zeFrcRp.exe
  2⤵
  PID:2932
- C:\Windows\System\AbeNHIY.exe
  C:\Windows\System\AbeNHIY.exe
  2⤵
  PID:2260
- C:\Windows\System\SBYwOyd.exe
  C:\Windows\System\SBYwOyd.exe
  2⤵
  PID:5184
- C:\Windows\System\sjvlYaA.exe
  C:\Windows\System\sjvlYaA.exe
  2⤵
  PID:2136
- C:\Windows\System\Adhnxcs.exe
  C:\Windows\System\Adhnxcs.exe
  2⤵
  PID:3860
- C:\Windows\System\sMFbhXO.exe
  C:\Windows\System\sMFbhXO.exe
  2⤵
  PID:5324
- C:\Windows\System\cjGwayX.exe
  C:\Windows\System\cjGwayX.exe
  2⤵
  PID:5380
- C:\Windows\System\xuLvzzj.exe
  C:\Windows\System\xuLvzzj.exe
  2⤵
  PID:2580
- C:\Windows\System\ekDKfPZ.exe
  C:\Windows\System\ekDKfPZ.exe
  2⤵
  PID:3388
- C:\Windows\System\gWQGUgZ.exe
  C:\Windows\System\gWQGUgZ.exe
  2⤵
  PID:5504
- C:\Windows\System\CKBeZDv.exe
  C:\Windows\System\CKBeZDv.exe
  2⤵
  PID:5620
- C:\Windows\System\ijlFtaQ.exe
  C:\Windows\System\ijlFtaQ.exe
  2⤵
  PID:4644
- C:\Windows\System\pEPVbVM.exe
  C:\Windows\System\pEPVbVM.exe
  2⤵
  PID:756
- C:\Windows\System\JsYmvOm.exe
  C:\Windows\System\JsYmvOm.exe
  2⤵
  PID:1204
- C:\Windows\System\XRZAbkd.exe
  C:\Windows\System\XRZAbkd.exe
  2⤵
  PID:5864
- C:\Windows\System\yxsUBhL.exe
  C:\Windows\System\yxsUBhL.exe
  2⤵
  PID:5948
- C:\Windows\System\eoTzwOd.exe
  C:\Windows\System\eoTzwOd.exe
  2⤵
  PID:6012
- C:\Windows\System\avZeJay.exe
  C:\Windows\System\avZeJay.exe
  2⤵
  PID:6088
- C:\Windows\System\ZSPBrUV.exe
  C:\Windows\System\ZSPBrUV.exe
  2⤵
  PID:5672
- C:\Windows\System\sxITOVU.exe
  C:\Windows\System\sxITOVU.exe
  2⤵
  PID:2316
- C:\Windows\System\mOkPJaZ.exe
  C:\Windows\System\mOkPJaZ.exe
  2⤵
  PID:5216
- C:\Windows\System\euGumbZ.exe
  C:\Windows\System\euGumbZ.exe
  2⤵
  PID:5272
- C:\Windows\System\jxlymCW.exe
  C:\Windows\System\jxlymCW.exe
  2⤵
  PID:5500
- C:\Windows\System\sinwQWK.exe
  C:\Windows\System\sinwQWK.exe
  2⤵
  PID:4988
- C:\Windows\System\yFlYeeX.exe
  C:\Windows\System\yFlYeeX.exe
  2⤵
  PID:5700
- C:\Windows\System\EhtJWyI.exe
  C:\Windows\System\EhtJWyI.exe
  2⤵
  PID:2188
- C:\Windows\System\AFwPUwV.exe
  C:\Windows\System\AFwPUwV.exe
  2⤵
  PID:5560
- C:\Windows\System\xTtUfvZ.exe
  C:\Windows\System\xTtUfvZ.exe
  2⤵
  PID:5920
- C:\Windows\System\prQoRoQ.exe
  C:\Windows\System\prQoRoQ.exe
  2⤵
  PID:6036
- C:\Windows\System\aXYNche.exe
  C:\Windows\System\aXYNche.exe
  2⤵
  PID:6148
- C:\Windows\System\SJTPOMb.exe
  C:\Windows\System\SJTPOMb.exe
  2⤵
  PID:6212
- C:\Windows\System\VXPbOih.exe
  C:\Windows\System\VXPbOih.exe
  2⤵
  PID:6228
- C:\Windows\System\qKmHeDg.exe
  C:\Windows\System\qKmHeDg.exe
  2⤵
  PID:6248
- C:\Windows\System\qIUxAEl.exe
  C:\Windows\System\qIUxAEl.exe
  2⤵
  PID:6272
- C:\Windows\System\gqDsnfQ.exe
  C:\Windows\System\gqDsnfQ.exe
  2⤵
  PID:6292
- C:\Windows\System\SafAbTk.exe
  C:\Windows\System\SafAbTk.exe
  2⤵
  PID:6308
- C:\Windows\System\WrExpzs.exe
  C:\Windows\System\WrExpzs.exe
  2⤵
  PID:6332
- C:\Windows\System\QbBogNZ.exe
  C:\Windows\System\QbBogNZ.exe
  2⤵
  PID:6372
- C:\Windows\System\fVfadMy.exe
  C:\Windows\System\fVfadMy.exe
  2⤵
  PID:6392
- C:\Windows\System\lxdWndI.exe
  C:\Windows\System\lxdWndI.exe
  2⤵
  PID:6428
- C:\Windows\System\lnXqhfu.exe
  C:\Windows\System\lnXqhfu.exe
  2⤵
  PID:6460
- C:\Windows\System\JkMKQqu.exe
  C:\Windows\System\JkMKQqu.exe
  2⤵
  PID:6480
- C:\Windows\System\TWjvywr.exe
  C:\Windows\System\TWjvywr.exe
  2⤵
  PID:6504
- C:\Windows\System\qDpbAQL.exe
  C:\Windows\System\qDpbAQL.exe
  2⤵
  PID:6520
- C:\Windows\System\PRgfcYr.exe
  C:\Windows\System\PRgfcYr.exe
  2⤵
  PID:6556
- C:\Windows\System\TXcYyvJ.exe
  C:\Windows\System\TXcYyvJ.exe
  2⤵
  PID:6628
- C:\Windows\System\vpjAiwZ.exe
  C:\Windows\System\vpjAiwZ.exe
  2⤵
  PID:6644
- C:\Windows\System\lmJjZpN.exe
  C:\Windows\System\lmJjZpN.exe
  2⤵
  PID:6676
- C:\Windows\System\XRwFeLj.exe
  C:\Windows\System\XRwFeLj.exe
  2⤵
  PID:6692
- C:\Windows\System\xowFxEN.exe
  C:\Windows\System\xowFxEN.exe
  2⤵
  PID:6712
- C:\Windows\System\DczUCrk.exe
  C:\Windows\System\DczUCrk.exe
  2⤵
  PID:6732
- C:\Windows\System\uyOULhK.exe
  C:\Windows\System\uyOULhK.exe
  2⤵
  PID:6748
- C:\Windows\System\ZYtnQun.exe
  C:\Windows\System\ZYtnQun.exe
  2⤵
  PID:6764
- C:\Windows\System\eydkrfs.exe
  C:\Windows\System\eydkrfs.exe
  2⤵
  PID:6780
- C:\Windows\System\KIhBLvA.exe
  C:\Windows\System\KIhBLvA.exe
  2⤵
  PID:6800
- C:\Windows\System\ddSoQMC.exe
  C:\Windows\System\ddSoQMC.exe
  2⤵
  PID:6884
- C:\Windows\System\pmfCBNa.exe
  C:\Windows\System\pmfCBNa.exe
  2⤵
  PID:6900
- C:\Windows\System\cYdscGN.exe
  C:\Windows\System\cYdscGN.exe
  2⤵
  PID:6924
- C:\Windows\System\OHIfQXn.exe
  C:\Windows\System\OHIfQXn.exe
  2⤵
  PID:6964
- C:\Windows\System\hVQrdbv.exe
  C:\Windows\System\hVQrdbv.exe
  2⤵
  PID:7000
- C:\Windows\System\hXrSGqm.exe
  C:\Windows\System\hXrSGqm.exe
  2⤵
  PID:7052
- C:\Windows\System\kFTfuOJ.exe
  C:\Windows\System\kFTfuOJ.exe
  2⤵
  PID:7068
- C:\Windows\System\xEvlHvp.exe
  C:\Windows\System\xEvlHvp.exe
  2⤵
  PID:7104
- C:\Windows\System\dBlkOEF.exe
  C:\Windows\System\dBlkOEF.exe
  2⤵
  PID:7132
- C:\Windows\System\cWDnAwv.exe
  C:\Windows\System\cWDnAwv.exe
  2⤵
  PID:7156
- C:\Windows\System\QvyBhti.exe
  C:\Windows\System\QvyBhti.exe
  2⤵
  PID:4196
- C:\Windows\System\xheyfZn.exe
  C:\Windows\System\xheyfZn.exe
  2⤵
  PID:6220
- C:\Windows\System\iHyXcdv.exe
  C:\Windows\System\iHyXcdv.exe
  2⤵
  PID:6268
- C:\Windows\System\DNpYdcF.exe
  C:\Windows\System\DNpYdcF.exe
  2⤵
  PID:6328
- C:\Windows\System\ZUXnlLv.exe
  C:\Windows\System\ZUXnlLv.exe
  2⤵
  PID:6476
- C:\Windows\System\lPpsbGZ.exe
  C:\Windows\System\lPpsbGZ.exe
  2⤵
  PID:6452
- C:\Windows\System\GNKfene.exe
  C:\Windows\System\GNKfene.exe
  2⤵
  PID:6492
- C:\Windows\System\BPPsDrR.exe
  C:\Windows\System\BPPsDrR.exe
  2⤵
  PID:6580
- C:\Windows\System\etdViZI.exe
  C:\Windows\System\etdViZI.exe
  2⤵
  PID:6640
- C:\Windows\System\BnrtRRF.exe
  C:\Windows\System\BnrtRRF.exe
  2⤵
  PID:6660
- C:\Windows\System\SxiDQJo.exe
  C:\Windows\System\SxiDQJo.exe
  2⤵
  PID:6772
- C:\Windows\System\lvHGauC.exe
  C:\Windows\System\lvHGauC.exe
  2⤵
  PID:6944
- C:\Windows\System\CZvSwFw.exe
  C:\Windows\System\CZvSwFw.exe
  2⤵
  PID:6908
- C:\Windows\System\RQQKrtc.exe
  C:\Windows\System\RQQKrtc.exe
  2⤵
  PID:6992
- C:\Windows\System\VvbmEBz.exe
  C:\Windows\System\VvbmEBz.exe
  2⤵
  PID:7064
- C:\Windows\System\blmVVMU.exe
  C:\Windows\System\blmVVMU.exe
  2⤵
  PID:7116
- C:\Windows\System\qrexIVm.exe
  C:\Windows\System\qrexIVm.exe
  2⤵
  PID:7148
- C:\Windows\System\JyQoSFC.exe
  C:\Windows\System\JyQoSFC.exe
  2⤵
  PID:6196
- C:\Windows\System\Dnlzgld.exe
  C:\Windows\System\Dnlzgld.exe
  2⤵
  PID:6300
- C:\Windows\System\WbysGep.exe
  C:\Windows\System\WbysGep.exe
  2⤵
  PID:6512
- C:\Windows\System\JNLCUpW.exe
  C:\Windows\System\JNLCUpW.exe
  2⤵
  PID:6624
- C:\Windows\System\GQvmeoL.exe
  C:\Windows\System\GQvmeoL.exe
  2⤵
  PID:6704
- C:\Windows\System\SyEkhMU.exe
  C:\Windows\System\SyEkhMU.exe
  2⤵
  PID:6940
- C:\Windows\System\KKMYnKl.exe
  C:\Windows\System\KKMYnKl.exe
  2⤵
  PID:7096
- C:\Windows\System\GVgguaO.exe
  C:\Windows\System\GVgguaO.exe
  2⤵
  PID:6316
- C:\Windows\System\MSLmsvR.exe
  C:\Windows\System\MSLmsvR.exe
  2⤵
  PID:6412
- C:\Windows\System\wiavOpe.exe
  C:\Windows\System\wiavOpe.exe
  2⤵
  PID:6864
- C:\Windows\System\LYnXbRV.exe
  C:\Windows\System\LYnXbRV.exe
  2⤵
  PID:7192
- C:\Windows\System\FYCugep.exe
  C:\Windows\System\FYCugep.exe
  2⤵
  PID:7264
- C:\Windows\System\UfcEXqs.exe
  C:\Windows\System\UfcEXqs.exe
  2⤵
  PID:7284
- C:\Windows\System\tlctNDz.exe
  C:\Windows\System\tlctNDz.exe
  2⤵
  PID:7308
- C:\Windows\System\tKBkhzK.exe
  C:\Windows\System\tKBkhzK.exe
  2⤵
  PID:7328
- C:\Windows\System\YlFTSrF.exe
  C:\Windows\System\YlFTSrF.exe
  2⤵
  PID:7348
- C:\Windows\System\fhsKBee.exe
  C:\Windows\System\fhsKBee.exe
  2⤵
  PID:7372
- C:\Windows\System\YfgRMGd.exe
  C:\Windows\System\YfgRMGd.exe
  2⤵
  PID:7420
- C:\Windows\System\xmfGajh.exe
  C:\Windows\System\xmfGajh.exe
  2⤵
  PID:7440
- C:\Windows\System\XanlueY.exe
  C:\Windows\System\XanlueY.exe
  2⤵
  PID:7484
- C:\Windows\System\ydKiFmw.exe
  C:\Windows\System\ydKiFmw.exe
  2⤵
  PID:7516
- C:\Windows\System\qzGNrUL.exe
  C:\Windows\System\qzGNrUL.exe
  2⤵
  PID:7560
- C:\Windows\System\cRJzqyh.exe
  C:\Windows\System\cRJzqyh.exe
  2⤵
  PID:7580
- C:\Windows\System\TCvcMfU.exe
  C:\Windows\System\TCvcMfU.exe
  2⤵
  PID:7600
- C:\Windows\System\BVhoVQH.exe
  C:\Windows\System\BVhoVQH.exe
  2⤵
  PID:7620
- C:\Windows\System\mlheJQU.exe
  C:\Windows\System\mlheJQU.exe
  2⤵
  PID:7644
- C:\Windows\System\hupSDQv.exe
  C:\Windows\System\hupSDQv.exe
  2⤵
  PID:7664
- C:\Windows\System\nPAvIYi.exe
  C:\Windows\System\nPAvIYi.exe
  2⤵
  PID:7704
- C:\Windows\System\YPQZuMn.exe
  C:\Windows\System\YPQZuMn.exe
  2⤵
  PID:7744
- C:\Windows\System\WBkrUvH.exe
  C:\Windows\System\WBkrUvH.exe
  2⤵
  PID:7768
- C:\Windows\System\VnbzZvL.exe
  C:\Windows\System\VnbzZvL.exe
  2⤵
  PID:7788
- C:\Windows\System\rSyuHxy.exe
  C:\Windows\System\rSyuHxy.exe
  2⤵
  PID:7816
- C:\Windows\System\DsObuVV.exe
  C:\Windows\System\DsObuVV.exe
  2⤵
  PID:7832
- C:\Windows\System\AxpPksG.exe
  C:\Windows\System\AxpPksG.exe
  2⤵
  PID:7884
- C:\Windows\System\aTSEvVn.exe
  C:\Windows\System\aTSEvVn.exe
  2⤵
  PID:7904
- C:\Windows\System\GIaZjhR.exe
  C:\Windows\System\GIaZjhR.exe
  2⤵
  PID:7940
- C:\Windows\System\jXjhtmq.exe
  C:\Windows\System\jXjhtmq.exe
  2⤵
  PID:7964
- C:\Windows\System\MQqUGvw.exe
  C:\Windows\System\MQqUGvw.exe
  2⤵
  PID:7984
- C:\Windows\System\EZMZPAz.exe
  C:\Windows\System\EZMZPAz.exe
  2⤵
  PID:8004
- C:\Windows\System\rvGqhCr.exe
  C:\Windows\System\rvGqhCr.exe
  2⤵
  PID:8024
- C:\Windows\System\AJfsAgV.exe
  C:\Windows\System\AJfsAgV.exe
  2⤵
  PID:8072
- C:\Windows\System\JTxQeeG.exe
  C:\Windows\System\JTxQeeG.exe
  2⤵
  PID:8088
- C:\Windows\System\NRnXoOe.exe
  C:\Windows\System\NRnXoOe.exe
  2⤵
  PID:8156
- C:\Windows\System\asPCviS.exe
  C:\Windows\System\asPCviS.exe
  2⤵
  PID:8176
- C:\Windows\System\LjSoogN.exe
  C:\Windows\System\LjSoogN.exe
  2⤵
  PID:6180
- C:\Windows\System\jfTsADd.exe
  C:\Windows\System\jfTsADd.exe
  2⤵
  PID:6976
- C:\Windows\System\MyKFlZm.exe
  C:\Windows\System\MyKFlZm.exe
  2⤵
  PID:7128
- C:\Windows\System\ICELmuM.exe
  C:\Windows\System\ICELmuM.exe
  2⤵
  PID:7208
- C:\Windows\System\MbiniAR.exe
  C:\Windows\System\MbiniAR.exe
  2⤵
  PID:7280
- C:\Windows\System\sutidTH.exe
  C:\Windows\System\sutidTH.exe
  2⤵
  PID:7344
- C:\Windows\System\jumoccH.exe
  C:\Windows\System\jumoccH.exe
  2⤵
  PID:7480
- C:\Windows\System\RPdFZWy.exe
  C:\Windows\System\RPdFZWy.exe
  2⤵
  PID:7508
- C:\Windows\System\BvbNNck.exe
  C:\Windows\System\BvbNNck.exe
  2⤵
  PID:7568
- C:\Windows\System\kbKhDKJ.exe
  C:\Windows\System\kbKhDKJ.exe
  2⤵
  PID:7636
- C:\Windows\System\Gfojwka.exe
  C:\Windows\System\Gfojwka.exe
  2⤵
  PID:7700
- C:\Windows\System\AKrurCa.exe
  C:\Windows\System\AKrurCa.exe
  2⤵
  PID:7780
- C:\Windows\System\SLikjeD.exe
  C:\Windows\System\SLikjeD.exe
  2⤵
  PID:7812
- C:\Windows\System\EvirAHC.exe
  C:\Windows\System\EvirAHC.exe
  2⤵
  PID:7876
- C:\Windows\System\adVqhkU.exe
  C:\Windows\System\adVqhkU.exe
  2⤵
  PID:7932
- C:\Windows\System\aDJvvdM.exe
  C:\Windows\System\aDJvvdM.exe
  2⤵
  PID:7956
- C:\Windows\System\lIzyDRV.exe
  C:\Windows\System\lIzyDRV.exe
  2⤵
  PID:8060
- C:\Windows\System\tPsYNMO.exe
  C:\Windows\System\tPsYNMO.exe
  2⤵
  PID:8164
- C:\Windows\System\neFkiFM.exe
  C:\Windows\System\neFkiFM.exe
  2⤵
  PID:7188
- C:\Windows\System\eZNQxYO.exe
  C:\Windows\System\eZNQxYO.exe
  2⤵
  PID:7212
- C:\Windows\System\OFCGajr.exe
  C:\Windows\System\OFCGajr.exe
  2⤵
  PID:7476
- C:\Windows\System\RMGsJDY.exe
  C:\Windows\System\RMGsJDY.exe
  2⤵
  PID:7680
- C:\Windows\System\PVypXlK.exe
  C:\Windows\System\PVypXlK.exe
  2⤵
  PID:7828
- C:\Windows\System\yokfKIN.exe
  C:\Windows\System\yokfKIN.exe
  2⤵
  PID:7916
- C:\Windows\System\MUkruMu.exe
  C:\Windows\System\MUkruMu.exe
  2⤵
  PID:8112
- C:\Windows\System\NFCQEzG.exe
  C:\Windows\System\NFCQEzG.exe
  2⤵
  PID:8188
- C:\Windows\System\QcuGtYh.exe
  C:\Windows\System\QcuGtYh.exe
  2⤵
  PID:7448
- C:\Windows\System\GLsqIKT.exe
  C:\Windows\System\GLsqIKT.exe
  2⤵
  PID:7992
- C:\Windows\System\QukVTfh.exe
  C:\Windows\System\QukVTfh.exe
  2⤵
  PID:7368
- C:\Windows\System\NhrIlyF.exe
  C:\Windows\System\NhrIlyF.exe
  2⤵
  PID:8200
- C:\Windows\System\CYAhUnH.exe
  C:\Windows\System\CYAhUnH.exe
  2⤵
  PID:8224
- C:\Windows\System\PWQraad.exe
  C:\Windows\System\PWQraad.exe
  2⤵
  PID:8252
- C:\Windows\System\JhJhBeD.exe
  C:\Windows\System\JhJhBeD.exe
  2⤵
  PID:8280
- C:\Windows\System\tVCKbYY.exe
  C:\Windows\System\tVCKbYY.exe
  2⤵
  PID:8304
- C:\Windows\System\SiLzxFy.exe
  C:\Windows\System\SiLzxFy.exe
  2⤵
  PID:8344
- C:\Windows\System\PZTXaek.exe
  C:\Windows\System\PZTXaek.exe
  2⤵
  PID:8364
- C:\Windows\System\bbfTKhw.exe
  C:\Windows\System\bbfTKhw.exe
  2⤵
  PID:8392
- C:\Windows\System\tRguZGc.exe
  C:\Windows\System\tRguZGc.exe
  2⤵
  PID:8416
- C:\Windows\System\NGbheIy.exe
  C:\Windows\System\NGbheIy.exe
  2⤵
  PID:8436
- C:\Windows\System\UeFXNpk.exe
  C:\Windows\System\UeFXNpk.exe
  2⤵
  PID:8468
- C:\Windows\System\HJEVVRh.exe
  C:\Windows\System\HJEVVRh.exe
  2⤵
  PID:8484
- C:\Windows\System\pQFrdUG.exe
  C:\Windows\System\pQFrdUG.exe
  2⤵
  PID:8512
- C:\Windows\System\VCjEnDl.exe
  C:\Windows\System\VCjEnDl.exe
  2⤵
  PID:8532
- C:\Windows\System\VKwNyMS.exe
  C:\Windows\System\VKwNyMS.exe
  2⤵
  PID:8556
- C:\Windows\System\DGZQXMK.exe
  C:\Windows\System\DGZQXMK.exe
  2⤵
  PID:8596
- C:\Windows\System\qfFCTyf.exe
  C:\Windows\System\qfFCTyf.exe
  2⤵
  PID:8616
- C:\Windows\System\UlvDEjT.exe
  C:\Windows\System\UlvDEjT.exe
  2⤵
  PID:8668
- C:\Windows\System\qSIuPEE.exe
  C:\Windows\System\qSIuPEE.exe
  2⤵
  PID:8684
- C:\Windows\System\AdpuiKW.exe
  C:\Windows\System\AdpuiKW.exe
  2⤵
  PID:8712
- C:\Windows\System\wSGmMws.exe
  C:\Windows\System\wSGmMws.exe
  2⤵
  PID:8732
- C:\Windows\System\awyHVkQ.exe
  C:\Windows\System\awyHVkQ.exe
  2⤵
  PID:8752
- C:\Windows\System\SdeDEOw.exe
  C:\Windows\System\SdeDEOw.exe
  2⤵
  PID:8784
- C:\Windows\System\EWfUUfK.exe
  C:\Windows\System\EWfUUfK.exe
  2⤵
  PID:8848
- C:\Windows\System\ihwnyGz.exe
  C:\Windows\System\ihwnyGz.exe
  2⤵
  PID:8876
- C:\Windows\System\PcBAVxY.exe
  C:\Windows\System\PcBAVxY.exe
  2⤵
  PID:8904
- C:\Windows\System\pTaCQSB.exe
  C:\Windows\System\pTaCQSB.exe
  2⤵
  PID:8936
- C:\Windows\System\aWsqIDh.exe
  C:\Windows\System\aWsqIDh.exe
  2⤵
  PID:8952
- C:\Windows\System\PRIbKhK.exe
  C:\Windows\System\PRIbKhK.exe
  2⤵
  PID:8976
- C:\Windows\System\ChQlGWm.exe
  C:\Windows\System\ChQlGWm.exe
  2⤵
  PID:8992
- C:\Windows\System\rQpEpqE.exe
  C:\Windows\System\rQpEpqE.exe
  2⤵
  PID:9020
- C:\Windows\System\vFxQqiC.exe
  C:\Windows\System\vFxQqiC.exe
  2⤵
  PID:9040
- C:\Windows\System\kiuJUsO.exe
  C:\Windows\System\kiuJUsO.exe
  2⤵
  PID:9072
- C:\Windows\System\DBlqMNN.exe
  C:\Windows\System\DBlqMNN.exe
  2⤵
  PID:9132
- C:\Windows\System\IIjSpkB.exe
  C:\Windows\System\IIjSpkB.exe
  2⤵
  PID:9152
- C:\Windows\System\bzhQKXX.exe
  C:\Windows\System\bzhQKXX.exe
  2⤵
  PID:8320
- C:\Windows\System\xsSCWTA.exe
  C:\Windows\System\xsSCWTA.exe
  2⤵
  PID:8428
- C:\Windows\System\PyAczkO.exe
  C:\Windows\System\PyAczkO.exe
  2⤵
  PID:8456
- C:\Windows\System\ljLFtrl.exe
  C:\Windows\System\ljLFtrl.exe
  2⤵
  PID:8552
- C:\Windows\System\AojYIfL.exe
  C:\Windows\System\AojYIfL.exe
  2⤵
  PID:8760
- C:\Windows\System\oWvWqvx.exe
  C:\Windows\System\oWvWqvx.exe
  2⤵
  PID:8664
- C:\Windows\System\neWLJxM.exe
  C:\Windows\System\neWLJxM.exe
  2⤵
  PID:8780
- C:\Windows\System\sjnoSWH.exe
  C:\Windows\System\sjnoSWH.exe
  2⤵
  PID:8860
- C:\Windows\System\UvpUkpO.exe
  C:\Windows\System\UvpUkpO.exe
  2⤵
  PID:8912
- C:\Windows\System\XrIvLCf.exe
  C:\Windows\System\XrIvLCf.exe
  2⤵
  PID:8960
- C:\Windows\System\zWYbSgh.exe
  C:\Windows\System\zWYbSgh.exe
  2⤵
  PID:9028
- C:\Windows\System\DmirSPs.exe
  C:\Windows\System\DmirSPs.exe
  2⤵
  PID:9080
- C:\Windows\System\btfeMkc.exe
  C:\Windows\System\btfeMkc.exe
  2⤵
  PID:9160
- C:\Windows\System\IVeDcqW.exe
  C:\Windows\System\IVeDcqW.exe
  2⤵
  PID:8260
- C:\Windows\System\UhEtBCd.exe
  C:\Windows\System\UhEtBCd.exe
  2⤵
  PID:8408
- C:\Windows\System\wkjpeMp.exe
  C:\Windows\System\wkjpeMp.exe
  2⤵
  PID:7800
- C:\Windows\System\EcWSMCj.exe
  C:\Windows\System\EcWSMCj.exe
  2⤵
  PID:8244
- C:\Windows\System\Bumsprd.exe
  C:\Windows\System\Bumsprd.exe
  2⤵
  PID:8660
- C:\Windows\System\iTggkIC.exe
  C:\Windows\System\iTggkIC.exe
  2⤵
  PID:8720
- C:\Windows\System\jpuipYd.exe
  C:\Windows\System\jpuipYd.exe
  2⤵
  PID:8776
- C:\Windows\System\TmKvWZD.exe
  C:\Windows\System\TmKvWZD.exe
  2⤵
  PID:9012
- C:\Windows\System\uiGaMoQ.exe
  C:\Windows\System\uiGaMoQ.exe
  2⤵
  PID:8944
- C:\Windows\System\VdEpOMe.exe
  C:\Windows\System\VdEpOMe.exe
  2⤵
  PID:8324
- C:\Windows\System\qXpNqOF.exe
  C:\Windows\System\qXpNqOF.exe
  2⤵
  PID:8504
- C:\Windows\System\gDhxPev.exe
  C:\Windows\System\gDhxPev.exe
  2⤵
  PID:8608
- C:\Windows\System\JVbzFyj.exe
  C:\Windows\System\JVbzFyj.exe
  2⤵
  PID:8844
- C:\Windows\System\VVQkoNq.exe
  C:\Windows\System\VVQkoNq.exe
  2⤵
  PID:8208
- C:\Windows\System\uXyUFKc.exe
  C:\Windows\System\uXyUFKc.exe
  2⤵
  PID:8240
- C:\Windows\System\RPauMzc.exe
  C:\Windows\System\RPauMzc.exe
  2⤵
  PID:9168
- C:\Windows\System\NEYmWZa.exe
  C:\Windows\System\NEYmWZa.exe
  2⤵
  PID:9228
- C:\Windows\System\mZaSzBQ.exe
  C:\Windows\System\mZaSzBQ.exe
  2⤵
  PID:9292
- C:\Windows\System\QPqFAXX.exe
  C:\Windows\System\QPqFAXX.exe
  2⤵
  PID:9320
- C:\Windows\System\NDiEnAA.exe
  C:\Windows\System\NDiEnAA.exe
  2⤵
  PID:9360
- C:\Windows\System\lfyGYqR.exe
  C:\Windows\System\lfyGYqR.exe
  2⤵
  PID:9408
- C:\Windows\System\uOEGFmL.exe
  C:\Windows\System\uOEGFmL.exe
  2⤵
  PID:9436
- C:\Windows\System\OfXjUeb.exe
  C:\Windows\System\OfXjUeb.exe
  2⤵
  PID:9456
- C:\Windows\System\wmzaJcK.exe
  C:\Windows\System\wmzaJcK.exe
  2⤵
  PID:9492
- C:\Windows\System\kGFRGRN.exe
  C:\Windows\System\kGFRGRN.exe
  2⤵
  PID:9520
- C:\Windows\System\SddUhAP.exe
  C:\Windows\System\SddUhAP.exe
  2⤵
  PID:9536
- C:\Windows\System\EmmDZTR.exe
  C:\Windows\System\EmmDZTR.exe
  2⤵
  PID:9572
- C:\Windows\System\nFywOjb.exe
  C:\Windows\System\nFywOjb.exe
  2⤵
  PID:9588
- C:\Windows\System\nTmtTIs.exe
  C:\Windows\System\nTmtTIs.exe
  2⤵
  PID:9616
- C:\Windows\System\QoxLtxj.exe
  C:\Windows\System\QoxLtxj.exe
  2⤵
  PID:9656
- C:\Windows\System\wFidbNA.exe
  C:\Windows\System\wFidbNA.exe
  2⤵
  PID:9704
- C:\Windows\System\fdnADPR.exe
  C:\Windows\System\fdnADPR.exe
  2⤵
  PID:9720
- C:\Windows\System\jFwbhvz.exe
  C:\Windows\System\jFwbhvz.exe
  2⤵
  PID:9744
- C:\Windows\System\wirwAzG.exe
  C:\Windows\System\wirwAzG.exe
  2⤵
  PID:9764
- C:\Windows\System\btYzyyd.exe
  C:\Windows\System\btYzyyd.exe
  2⤵
  PID:9784
- C:\Windows\System\KraOIbP.exe
  C:\Windows\System\KraOIbP.exe
  2⤵
  PID:9812
- C:\Windows\System\DKtMsmt.exe
  C:\Windows\System\DKtMsmt.exe
  2⤵
  PID:9852
- C:\Windows\System\ihgYxwn.exe
  C:\Windows\System\ihgYxwn.exe
  2⤵
  PID:9868
- C:\Windows\System\WCvifId.exe
  C:\Windows\System\WCvifId.exe
  2⤵
  PID:9904
- C:\Windows\System\aKaJJZy.exe
  C:\Windows\System\aKaJJZy.exe
  2⤵
  PID:9924
- C:\Windows\System\SEuAFZf.exe
  C:\Windows\System\SEuAFZf.exe
  2⤵
  PID:9944
- C:\Windows\System\RbJwxAX.exe
  C:\Windows\System\RbJwxAX.exe
  2⤵
  PID:9964
- C:\Windows\System\mebpONG.exe
  C:\Windows\System\mebpONG.exe
  2⤵
  PID:9992
- C:\Windows\System\Htwhfen.exe
  C:\Windows\System\Htwhfen.exe
  2⤵
  PID:10008
- C:\Windows\System\npbOJYz.exe
  C:\Windows\System\npbOJYz.exe
  2⤵
  PID:10028
- C:\Windows\System\qYgeVdO.exe
  C:\Windows\System\qYgeVdO.exe
  2⤵
  PID:10052
- C:\Windows\System\bbqFEWB.exe
  C:\Windows\System\bbqFEWB.exe
  2⤵
  PID:10116
- C:\Windows\System\OEMrLIf.exe
  C:\Windows\System\OEMrLIf.exe
  2⤵
  PID:10172
- C:\Windows\System\RdibDkf.exe
  C:\Windows\System\RdibDkf.exe
  2⤵
  PID:10208
- C:\Windows\System\hnstHlc.exe
  C:\Windows\System\hnstHlc.exe
  2⤵
  PID:10236
- C:\Windows\System\wTKjbJp.exe
  C:\Windows\System\wTKjbJp.exe
  2⤵
  PID:9220
- C:\Windows\System\yzLaAAC.exe
  C:\Windows\System\yzLaAAC.exe
  2⤵
  PID:9200
- C:\Windows\System\kTyIOSX.exe
  C:\Windows\System\kTyIOSX.exe
  2⤵
  PID:9380
- C:\Windows\System\ISBIteB.exe
  C:\Windows\System\ISBIteB.exe
  2⤵
  PID:9416
- C:\Windows\System\aiMDftW.exe
  C:\Windows\System\aiMDftW.exe
  2⤵
  PID:9472
- C:\Windows\System\FOSbsWA.exe
  C:\Windows\System\FOSbsWA.exe
  2⤵
  PID:9528
- C:\Windows\System\uKlTMps.exe
  C:\Windows\System\uKlTMps.exe
  2⤵
  PID:9596
- C:\Windows\System\sYixFNl.exe
  C:\Windows\System\sYixFNl.exe
  2⤵
  PID:9636
- C:\Windows\System\xHEsAEK.exe
  C:\Windows\System\xHEsAEK.exe
  2⤵
  PID:9716
- C:\Windows\System\erSQnDM.exe
  C:\Windows\System\erSQnDM.exe
  2⤵
  PID:9752
- C:\Windows\System\OZDodyd.exe
  C:\Windows\System\OZDodyd.exe
  2⤵
  PID:9832
- C:\Windows\System\aqkRsOS.exe
  C:\Windows\System\aqkRsOS.exe
  2⤵
  PID:9892
- C:\Windows\System\Srffwhu.exe
  C:\Windows\System\Srffwhu.exe
  2⤵
  PID:9888
- C:\Windows\System\glxbAWt.exe
  C:\Windows\System\glxbAWt.exe
  2⤵
  PID:9920
- C:\Windows\System\bvhdoAT.exe
  C:\Windows\System\bvhdoAT.exe
  2⤵
  PID:10040
- C:\Windows\System\ejAUZTq.exe
  C:\Windows\System\ejAUZTq.exe
  2⤵
  PID:10100
- C:\Windows\System\MtIQlpM.exe
  C:\Windows\System\MtIQlpM.exe
  2⤵
  PID:10168
- C:\Windows\System\KgYIaWz.exe
  C:\Windows\System\KgYIaWz.exe
  2⤵
  PID:10196
- C:\Windows\System\CqiIsjU.exe
  C:\Windows\System\CqiIsjU.exe
  2⤵
  PID:8376
- C:\Windows\System\HpTmfte.exe
  C:\Windows\System\HpTmfte.exe
  2⤵
  PID:9312
- C:\Windows\System\lwkvkLU.exe
  C:\Windows\System\lwkvkLU.exe
  2⤵
  PID:9732
- C:\Windows\System\BVjzgHP.exe
  C:\Windows\System\BVjzgHP.exe
  2⤵
  PID:9860
- C:\Windows\System\toyWTqy.exe
  C:\Windows\System\toyWTqy.exe
  2⤵
  PID:9936
- C:\Windows\System\PrbwnUl.exe
  C:\Windows\System\PrbwnUl.exe
  2⤵
  PID:10148
- C:\Windows\System\BqpEiCT.exe
  C:\Windows\System\BqpEiCT.exe
  2⤵
  PID:9236
- C:\Windows\System\XeCYMuN.exe
  C:\Windows\System\XeCYMuN.exe
  2⤵
  PID:9388
- C:\Windows\System\hMMghcM.exe
  C:\Windows\System\hMMghcM.exe
  2⤵
  PID:9504
- C:\Windows\System\NHWIvvK.exe
  C:\Windows\System\NHWIvvK.exe
  2⤵
  PID:10036
- C:\Windows\System\mMmchal.exe
  C:\Windows\System\mMmchal.exe
  2⤵
  PID:10260
- C:\Windows\System\PDCPVqz.exe
  C:\Windows\System\PDCPVqz.exe
  2⤵
  PID:10284
- C:\Windows\System\gbIBDWJ.exe
  C:\Windows\System\gbIBDWJ.exe
  2⤵
  PID:10320
- C:\Windows\System\bIGuCDZ.exe
  C:\Windows\System\bIGuCDZ.exe
  2⤵
  PID:10348
- C:\Windows\System\LkjxniW.exe
  C:\Windows\System\LkjxniW.exe
  2⤵
  PID:10368
- C:\Windows\System\PxeAGEO.exe
  C:\Windows\System\PxeAGEO.exe
  2⤵
  PID:10420
- C:\Windows\System\uXPVTvm.exe
  C:\Windows\System\uXPVTvm.exe
  2⤵
  PID:10460
- C:\Windows\System\pvejFMX.exe
  C:\Windows\System\pvejFMX.exe
  2⤵
  PID:10484
- C:\Windows\System\CDVhelO.exe
  C:\Windows\System\CDVhelO.exe
  2⤵
  PID:10524
- C:\Windows\System\hUJVHPK.exe
  C:\Windows\System\hUJVHPK.exe
  2⤵
  PID:10548
- C:\Windows\System\uQpZwqP.exe
  C:\Windows\System\uQpZwqP.exe
  2⤵
  PID:10568
- C:\Windows\System\rSJKWZQ.exe
  C:\Windows\System\rSJKWZQ.exe
  2⤵
  PID:10608
- C:\Windows\System\qnrPdSZ.exe
  C:\Windows\System\qnrPdSZ.exe
  2⤵
  PID:10628
- C:\Windows\System\WtXAsSG.exe
  C:\Windows\System\WtXAsSG.exe
  2⤵
  PID:10656
- C:\Windows\System\nwwlXUi.exe
  C:\Windows\System\nwwlXUi.exe
  2⤵
  PID:10680
- C:\Windows\System\jRfrbyi.exe
  C:\Windows\System\jRfrbyi.exe
  2⤵
  PID:10720
- C:\Windows\System\sBqAymO.exe
  C:\Windows\System\sBqAymO.exe
  2⤵
  PID:10736
- C:\Windows\System\uOOCCTI.exe
  C:\Windows\System\uOOCCTI.exe
  2⤵
  PID:10764
- C:\Windows\System\YHnpYNZ.exe
  C:\Windows\System\YHnpYNZ.exe
  2⤵
  PID:10792
- C:\Windows\System\pxEEjHR.exe
  C:\Windows\System\pxEEjHR.exe
  2⤵
  PID:10808
- C:\Windows\System\LkjdyGi.exe
  C:\Windows\System\LkjdyGi.exe
  2⤵
  PID:10828
- C:\Windows\System\fJWqCSa.exe
  C:\Windows\System\fJWqCSa.exe
  2⤵
  PID:10860
- C:\Windows\System\GfOBOnq.exe
  C:\Windows\System\GfOBOnq.exe
  2⤵
  PID:10880
- C:\Windows\System\gSrOOCf.exe
  C:\Windows\System\gSrOOCf.exe
  2⤵
  PID:10900
- C:\Windows\System\SyyBlRJ.exe
  C:\Windows\System\SyyBlRJ.exe
  2⤵
  PID:10916
- C:\Windows\System\sQuAQLa.exe
  C:\Windows\System\sQuAQLa.exe
  2⤵
  PID:10948
- C:\Windows\System\QUwecDj.exe
  C:\Windows\System\QUwecDj.exe
  2⤵
  PID:11012
- C:\Windows\System\DJbKsUL.exe
  C:\Windows\System\DJbKsUL.exe
  2⤵
  PID:11036
- C:\Windows\System\raDhgqJ.exe
  C:\Windows\System\raDhgqJ.exe
  2⤵
  PID:11080
- C:\Windows\System\oZhIXPG.exe
  C:\Windows\System\oZhIXPG.exe
  2⤵
  PID:11104
- C:\Windows\System\MGwTGHs.exe
  C:\Windows\System\MGwTGHs.exe
  2⤵
  PID:11120
- C:\Windows\System\RYLVgnw.exe
  C:\Windows\System\RYLVgnw.exe
  2⤵
  PID:11156
- C:\Windows\System\IgpdxPh.exe
  C:\Windows\System\IgpdxPh.exe
  2⤵
  PID:11184
- C:\Windows\System\iwpmmiP.exe
  C:\Windows\System\iwpmmiP.exe
  2⤵
  PID:11216
- C:\Windows\System\KpODCmK.exe
  C:\Windows\System\KpODCmK.exe
  2⤵
  PID:11244
- C:\Windows\System\jcBKMdX.exe
  C:\Windows\System\jcBKMdX.exe
  2⤵
  PID:9336
- C:\Windows\System\zSZRenU.exe
  C:\Windows\System\zSZRenU.exe
  2⤵
  PID:10224
- C:\Windows\System\jzlUjnn.exe
  C:\Windows\System\jzlUjnn.exe
  2⤵
  PID:10256
- C:\Windows\System\Acgdwaq.exe
  C:\Windows\System\Acgdwaq.exe
  2⤵
  PID:10360
- C:\Windows\System\cneZIxt.exe
  C:\Windows\System\cneZIxt.exe
  2⤵
  PID:10376
- C:\Windows\System\lTWLwTv.exe
  C:\Windows\System\lTWLwTv.exe
  2⤵
  PID:10408
- C:\Windows\System\GLbtAZp.exe
  C:\Windows\System\GLbtAZp.exe
  2⤵
  PID:10456
- C:\Windows\System\DiTOvdK.exe
  C:\Windows\System\DiTOvdK.exe
  2⤵
  PID:10624
- C:\Windows\System\SQBSUmN.exe
  C:\Windows\System\SQBSUmN.exe
  2⤵
  PID:10696
- C:\Windows\System\oINRadi.exe
  C:\Windows\System\oINRadi.exe
  2⤵
  PID:10752
- C:\Windows\System\SkMJHsJ.exe
  C:\Windows\System\SkMJHsJ.exe
  2⤵
  PID:10872
- C:\Windows\System\uJQobSz.exe
  C:\Windows\System\uJQobSz.exe
  2⤵
  PID:10868
- C:\Windows\System\jWTnDSA.exe
  C:\Windows\System\jWTnDSA.exe
  2⤵
  PID:10908
- C:\Windows\System\ufuKtif.exe
  C:\Windows\System\ufuKtif.exe
  2⤵
  PID:11004
- C:\Windows\System\KjhrKsR.exe
  C:\Windows\System\KjhrKsR.exe
  2⤵
  PID:11032
- C:\Windows\System\xFYzyzp.exe
  C:\Windows\System\xFYzyzp.exe
  2⤵
  PID:11172
- C:\Windows\System\VrzVDZu.exe
  C:\Windows\System\VrzVDZu.exe
  2⤵
  PID:11200
- C:\Windows\System\sbtJxEc.exe
  C:\Windows\System\sbtJxEc.exe
  2⤵
  PID:10272
- C:\Windows\System\akuTsvU.exe
  C:\Windows\System\akuTsvU.exe
  2⤵
  PID:10252
- C:\Windows\System\EdYbtzb.exe
  C:\Windows\System\EdYbtzb.exe
  2⤵
  PID:10432
- C:\Windows\System\KSNgGcb.exe
  C:\Windows\System\KSNgGcb.exe
  2⤵
  PID:10584
- C:\Windows\System\vcQzVzm.exe
  C:\Windows\System\vcQzVzm.exe
  2⤵
  PID:10776
- C:\Windows\System\bKDGtqb.exe
  C:\Windows\System\bKDGtqb.exe
  2⤵
  PID:10940
- C:\Windows\System\HaKreTe.exe
  C:\Windows\System\HaKreTe.exe
  2⤵
  PID:11132
- C:\Windows\System\ZsQOcIQ.exe
  C:\Windows\System\ZsQOcIQ.exe
  2⤵
  PID:10300
- C:\Windows\System\PJotmcb.exe
  C:\Windows\System\PJotmcb.exe
  2⤵
  PID:10364
- C:\Windows\System\laqsCMN.exe
  C:\Windows\System\laqsCMN.exe
  2⤵
  PID:11076
- C:\Windows\System\CokRwDt.exe
  C:\Windows\System\CokRwDt.exe
  2⤵
  PID:10588
- C:\Windows\System\bAnhfYq.exe
  C:\Windows\System\bAnhfYq.exe
  2⤵
  PID:10396
- C:\Windows\System\LRDsPvh.exe
  C:\Windows\System\LRDsPvh.exe
  2⤵
  PID:11280
- C:\Windows\System\xMAzjWl.exe
  C:\Windows\System\xMAzjWl.exe
  2⤵
  PID:11320
- C:\Windows\System\GWIJcdZ.exe
  C:\Windows\System\GWIJcdZ.exe
  2⤵
  PID:11344
- C:\Windows\System\oCMNqdx.exe
  C:\Windows\System\oCMNqdx.exe
  2⤵
  PID:11368
- C:\Windows\System\FeIymsX.exe
  C:\Windows\System\FeIymsX.exe
  2⤵
  PID:11388
- C:\Windows\System\jzSFVuW.exe
  C:\Windows\System\jzSFVuW.exe
  2⤵
  PID:11432
- C:\Windows\System\gtGcddq.exe
  C:\Windows\System\gtGcddq.exe
  2⤵
  PID:11456
- C:\Windows\System\ODvojZj.exe
  C:\Windows\System\ODvojZj.exe
  2⤵
  PID:11480
- C:\Windows\System\eZAfyBY.exe
  C:\Windows\System\eZAfyBY.exe
  2⤵
  PID:11504
- C:\Windows\System\CbczjPb.exe
  C:\Windows\System\CbczjPb.exe
  2⤵
  PID:11520
- C:\Windows\System\KKwybhD.exe
  C:\Windows\System\KKwybhD.exe
  2⤵
  PID:11548
- C:\Windows\System\ptiWKuM.exe
  C:\Windows\System\ptiWKuM.exe
  2⤵
  PID:11572
- C:\Windows\System\DTEtpIx.exe
  C:\Windows\System\DTEtpIx.exe
  2⤵
  PID:11612
- C:\Windows\System\EqoRewg.exe
  C:\Windows\System\EqoRewg.exe
  2⤵
  PID:11652
- C:\Windows\System\jHAxhcA.exe
  C:\Windows\System\jHAxhcA.exe
  2⤵
  PID:11688
- C:\Windows\System\MfsADBH.exe
  C:\Windows\System\MfsADBH.exe
  2⤵
  PID:11708
- C:\Windows\System\gMYvAAf.exe
  C:\Windows\System\gMYvAAf.exe
  2⤵
  PID:11732
- C:\Windows\System\vtPAnbq.exe
  C:\Windows\System\vtPAnbq.exe
  2⤵
  PID:11752
- C:\Windows\System\PhOIsaA.exe
  C:\Windows\System\PhOIsaA.exe
  2⤵
  PID:11776
- C:\Windows\System\GyIbFTT.exe
  C:\Windows\System\GyIbFTT.exe
  2⤵
  PID:11792
- C:\Windows\System\esqonAa.exe
  C:\Windows\System\esqonAa.exe
  2⤵
  PID:11812
- C:\Windows\System\mHxPYya.exe
  C:\Windows\System\mHxPYya.exe
  2⤵
  PID:11828
- C:\Windows\System\evcRCdK.exe
  C:\Windows\System\evcRCdK.exe
  2⤵
  PID:11852
- C:\Windows\System\xskJPud.exe
  C:\Windows\System\xskJPud.exe
  2⤵
  PID:11876
- C:\Windows\System\mbnyOby.exe
  C:\Windows\System\mbnyOby.exe
  2⤵
  PID:11896
- C:\Windows\System\DgIjqyV.exe
  C:\Windows\System\DgIjqyV.exe
  2⤵
  PID:11940
- C:\Windows\System\BAldkma.exe
  C:\Windows\System\BAldkma.exe
  2⤵
  PID:11960
- C:\Windows\System\mdzoCYO.exe
  C:\Windows\System\mdzoCYO.exe
  2⤵
  PID:11980
- C:\Windows\System\BtmBnBp.exe
  C:\Windows\System\BtmBnBp.exe
  2⤵
  PID:12008
- C:\Windows\System\bwVlvSr.exe
  C:\Windows\System\bwVlvSr.exe
  2⤵
  PID:12068
- C:\Windows\System\RKODnak.exe
  C:\Windows\System\RKODnak.exe
  2⤵
  PID:12088
- C:\Windows\System\agqspeA.exe
  C:\Windows\System\agqspeA.exe
  2⤵
  PID:12104
- C:\Windows\System\VnplIHp.exe
  C:\Windows\System\VnplIHp.exe
  2⤵
  PID:12136
- C:\Windows\System\TvDXkMg.exe
  C:\Windows\System\TvDXkMg.exe
  2⤵
  PID:12156
- C:\Windows\System\IYSbtvv.exe
  C:\Windows\System\IYSbtvv.exe
  2⤵
  PID:12184
- C:\Windows\System\fPILwFB.exe
  C:\Windows\System\fPILwFB.exe
  2⤵
  PID:12212
- C:\Windows\System\IWMcqQD.exe
  C:\Windows\System\IWMcqQD.exe
  2⤵
  PID:12228
- C:\Windows\System\PozQToi.exe
  C:\Windows\System\PozQToi.exe
  2⤵
  PID:11376
- C:\Windows\System\oswxyuc.exe
  C:\Windows\System\oswxyuc.exe
  2⤵
  PID:11424
- C:\Windows\System\bnrQQTm.exe
  C:\Windows\System\bnrQQTm.exe
  2⤵
  PID:11476
- C:\Windows\System\TeimnEj.exe
  C:\Windows\System\TeimnEj.exe
  2⤵
  PID:11532
- C:\Windows\System\gxtftAB.exe
  C:\Windows\System\gxtftAB.exe
  2⤵
  PID:11564
- C:\Windows\System\jywNaTw.exe
  C:\Windows\System\jywNaTw.exe
  2⤵
  PID:11632
- C:\Windows\System\kqNHVfp.exe
  C:\Windows\System\kqNHVfp.exe
  2⤵
  PID:11684
- C:\Windows\System\jwJDxXs.exe
  C:\Windows\System\jwJDxXs.exe
  2⤵
  PID:11768
- C:\Windows\System\IEQjwXH.exe
  C:\Windows\System\IEQjwXH.exe
  2⤵
  PID:11800
- C:\Windows\System\GTHPSuA.exe
  C:\Windows\System\GTHPSuA.exe
  2⤵
  PID:11860
- C:\Windows\System\EqeXGMI.exe
  C:\Windows\System\EqeXGMI.exe
  2⤵
  PID:12032
- C:\Windows\System\yAvocUc.exe
  C:\Windows\System\yAvocUc.exe
  2⤵
  PID:12004
- C:\Windows\System\dLrGqaV.exe
  C:\Windows\System\dLrGqaV.exe
  2⤵
  PID:12076
- C:\Windows\System\drKjkpF.exe
  C:\Windows\System\drKjkpF.exe
  2⤵
  PID:12148
- C:\Windows\System\sRXmsUW.exe
  C:\Windows\System\sRXmsUW.exe
  2⤵
  PID:9864
- C:\Windows\System\asGemlK.exe
  C:\Windows\System\asGemlK.exe
  2⤵
  PID:11268
- C:\Windows\System\YtETHHL.exe
  C:\Windows\System\YtETHHL.exe
  2⤵
  PID:4668
- C:\Windows\System\CyTcJWd.exe
  C:\Windows\System\CyTcJWd.exe
  2⤵
  PID:4080
- C:\Windows\System\VgGUGBO.exe
  C:\Windows\System\VgGUGBO.exe
  2⤵
  PID:11464
- C:\Windows\System\mvxOxTg.exe
  C:\Windows\System\mvxOxTg.exe
  2⤵
  PID:10988
- C:\Windows\System\GVLocAy.exe
  C:\Windows\System\GVLocAy.exe
  2⤵
  PID:11760
- C:\Windows\System\nYpAOyP.exe
  C:\Windows\System\nYpAOyP.exe
  2⤵
  PID:11836
- C:\Windows\System\ZzOviQf.exe
  C:\Windows\System\ZzOviQf.exe
  2⤵
  PID:12128
- C:\Windows\System\fZoeTYY.exe
  C:\Windows\System\fZoeTYY.exe
  2⤵
  PID:12192
- C:\Windows\System\lpNFlBW.exe
  C:\Windows\System\lpNFlBW.exe
  2⤵
  PID:11496
- C:\Windows\System\ULllamR.exe
  C:\Windows\System\ULllamR.exe
  2⤵
  PID:11536
- C:\Windows\System\oSsnUyl.exe
  C:\Windows\System\oSsnUyl.exe
  2⤵
  PID:11824
- C:\Windows\System\hnerUrx.exe
  C:\Windows\System\hnerUrx.exe
  2⤵
  PID:12276
- C:\Windows\System\Iwnilzb.exe
  C:\Windows\System\Iwnilzb.exe
  2⤵
  PID:11412
- C:\Windows\System\StzmSiW.exe
  C:\Windows\System\StzmSiW.exe
  2⤵
  PID:12296
- C:\Windows\System\henQiHJ.exe
  C:\Windows\System\henQiHJ.exe
  2⤵
  PID:12320
- C:\Windows\System\mXFIyHJ.exe
  C:\Windows\System\mXFIyHJ.exe
  2⤵
  PID:12348
- C:\Windows\System\rtNnxiv.exe
  C:\Windows\System\rtNnxiv.exe
  2⤵
  PID:12388
- C:\Windows\System\GlDGiPa.exe
  C:\Windows\System\GlDGiPa.exe
  2⤵
  PID:12420
- C:\Windows\System\OAfbVIS.exe
  C:\Windows\System\OAfbVIS.exe
  2⤵
  PID:12452
- C:\Windows\System\LZZwoty.exe
  C:\Windows\System\LZZwoty.exe
  2⤵
  PID:12496
- C:\Windows\System\AJqwqWz.exe
  C:\Windows\System\AJqwqWz.exe
  2⤵
  PID:12520
- C:\Windows\System\SEnAOfx.exe
  C:\Windows\System\SEnAOfx.exe
  2⤵
  PID:12544
- C:\Windows\System\PPdipOA.exe
  C:\Windows\System\PPdipOA.exe
  2⤵
  PID:12560
- C:\Windows\System\zjgIbXs.exe
  C:\Windows\System\zjgIbXs.exe
  2⤵
  PID:12616
- C:\Windows\System\zbNQRwD.exe
  C:\Windows\System\zbNQRwD.exe
  2⤵
  PID:12632
- C:\Windows\System\ghSoWAt.exe
  C:\Windows\System\ghSoWAt.exe
  2⤵
  PID:12668
- C:\Windows\System\PxhvWPm.exe
  C:\Windows\System\PxhvWPm.exe
  2⤵
  PID:12688
- C:\Windows\System\JxzVlBD.exe
  C:\Windows\System\JxzVlBD.exe
  2⤵
  PID:12708
- C:\Windows\System\oiadrkY.exe
  C:\Windows\System\oiadrkY.exe
  2⤵
  PID:12740
- C:\Windows\System\RUsVApN.exe
  C:\Windows\System\RUsVApN.exe
  2⤵
  PID:12756
- C:\Windows\System\cpIptPR.exe
  C:\Windows\System\cpIptPR.exe
  2⤵
  PID:12784
- C:\Windows\System\nYQowEL.exe
  C:\Windows\System\nYQowEL.exe
  2⤵
  PID:12800
- C:\Windows\System\sthtIRI.exe
  C:\Windows\System\sthtIRI.exe
  2⤵
  PID:12836
- C:\Windows\System\jJwsJPy.exe
  C:\Windows\System\jJwsJPy.exe
  2⤵
  PID:12868
- C:\Windows\System\BWKBphh.exe
  C:\Windows\System\BWKBphh.exe
  2⤵
  PID:12920
- C:\Windows\System\fTFPNNC.exe
  C:\Windows\System\fTFPNNC.exe
  2⤵
  PID:12944
- C:\Windows\System\quMFfgJ.exe
  C:\Windows\System\quMFfgJ.exe
  2⤵
  PID:12960
- C:\Windows\System\BdWZpIm.exe
  C:\Windows\System\BdWZpIm.exe
  2⤵
  PID:12992
- C:\Windows\System\VisdmkV.exe
  C:\Windows\System\VisdmkV.exe
  2⤵
  PID:13040
- C:\Windows\System\vYFbeyr.exe
  C:\Windows\System\vYFbeyr.exe
  2⤵
  PID:13060
- C:\Windows\System\McwrMkl.exe
  C:\Windows\System\McwrMkl.exe
  2⤵
  PID:13084
- C:\Windows\System\PYurdBA.exe
  C:\Windows\System\PYurdBA.exe
  2⤵
  PID:13104
- C:\Windows\System\LENxGUV.exe
  C:\Windows\System\LENxGUV.exe
  2⤵
  PID:13136
- C:\Windows\System\DoOrDAt.exe
  C:\Windows\System\DoOrDAt.exe
  2⤵
  PID:13172
- C:\Windows\System\YgjwJaH.exe
  C:\Windows\System\YgjwJaH.exe
  2⤵
  PID:13196
- C:\Windows\System\WHRpyhm.exe
  C:\Windows\System\WHRpyhm.exe
  2⤵
  PID:13212
- C:\Windows\System\bHkTnVT.exe
  C:\Windows\System\bHkTnVT.exe
  2⤵
  PID:13232
- C:\Windows\System\QmvoKHF.exe
  C:\Windows\System\QmvoKHF.exe
  2⤵
  PID:13256
- C:\Windows\System\NDYbRqB.exe
  C:\Windows\System\NDYbRqB.exe
  2⤵
  PID:12440
- C:\Windows\System\RYxTeuK.exe
  C:\Windows\System\RYxTeuK.exe
  2⤵
  PID:12368
- C:\Windows\System\dOJazYj.exe
  C:\Windows\System\dOJazYj.exe
  2⤵
  PID:3432
- C:\Windows\System\sKxUGjh.exe
  C:\Windows\System\sKxUGjh.exe
  2⤵
  PID:12716
- C:\Windows\System\pOFwPGm.exe
  C:\Windows\System\pOFwPGm.exe
  2⤵
  PID:2184
- C:\Windows\System\SALADyz.exe
  C:\Windows\System\SALADyz.exe
  2⤵
  PID:12856
- C:\Windows\System\eAqOMGG.exe
  C:\Windows\System\eAqOMGG.exe
  2⤵
  PID:12904
- C:\Windows\System\iqVTEAt.exe
  C:\Windows\System\iqVTEAt.exe
  2⤵
  PID:12972
- C:\Windows\System\fWeQBpn.exe
  C:\Windows\System\fWeQBpn.exe
  2⤵
  PID:13020
- C:\Windows\System\mvcJmWX.exe
  C:\Windows\System\mvcJmWX.exe
  2⤵
  PID:13096
- C:\Windows\System\jIkysSW.exe
  C:\Windows\System\jIkysSW.exe
  2⤵
  PID:13156
- C:\Windows\System\dOHUHQe.exe
  C:\Windows\System\dOHUHQe.exe
  2⤵
  PID:13164
- C:\Windows\System\fqTwRwB.exe
  C:\Windows\System\fqTwRwB.exe
  2⤵
  PID:1060
- C:\Windows\System\uZggsrU.exe
  C:\Windows\System\uZggsrU.exe
  2⤵
  PID:13272
- C:\Windows\System\sYOIdZl.exe
  C:\Windows\System\sYOIdZl.exe
  2⤵
  PID:13228
- C:\Windows\System\GtyITKq.exe
  C:\Windows\System\GtyITKq.exe
  2⤵
  PID:12336
- C:\Windows\System\IGHyfGR.exe
  C:\Windows\System\IGHyfGR.exe
  2⤵
  PID:4492
- C:\Windows\System\ImsZTMS.exe
  C:\Windows\System\ImsZTMS.exe
  2⤵
  PID:2340
- C:\Windows\System\AMHYXqL.exe
  C:\Windows\System\AMHYXqL.exe
  2⤵
  PID:12080
- C:\Windows\System\kFBFKGp.exe
  C:\Windows\System\kFBFKGp.exe
  2⤵
  PID:13248
- C:\Windows\System\dzUidQX.exe
  C:\Windows\System\dzUidQX.exe
  2⤵
  PID:13280
- C:\Windows\System\qgAnKWy.exe
  C:\Windows\System\qgAnKWy.exe
  2⤵
  PID:12308
- C:\Windows\System\JDBzlEy.exe
  C:\Windows\System\JDBzlEy.exe
  2⤵
  PID:3220
- C:\Windows\System\CTAQcyG.exe
  C:\Windows\System\CTAQcyG.exe
  2⤵
  PID:964
- C:\Windows\System\aPZKUmg.exe
  C:\Windows\System\aPZKUmg.exe
  2⤵
  PID:4612
- C:\Windows\System\LwULPXW.exe
  C:\Windows\System\LwULPXW.exe
  2⤵
  PID:4616
- C:\Windows\System\chLQDbM.exe
  C:\Windows\System\chLQDbM.exe
  2⤵
  PID:4284
- C:\Windows\System\jyntipw.exe
  C:\Windows\System\jyntipw.exe
  2⤵
  PID:12464
- C:\Windows\System\yJpdbzz.exe
  C:\Windows\System\yJpdbzz.exe
  2⤵
  PID:2392
- C:\Windows\System\AuAukSD.exe
  C:\Windows\System\AuAukSD.exe
  2⤵
  PID:436
- C:\Windows\System\JLDtAuq.exe
  C:\Windows\System\JLDtAuq.exe
  2⤵
  PID:3364
- C:\Windows\System\ZKbaYtn.exe
  C:\Windows\System\ZKbaYtn.exe
  2⤵
  PID:12896
- C:\Windows\System\zjQOMdV.exe
  C:\Windows\System\zjQOMdV.exe
  2⤵
  PID:12432
- C:\Windows\System\SpIsJMj.exe
  C:\Windows\System\SpIsJMj.exe
  2⤵
  PID:12880
- C:\Windows\System\UzmiFdZ.exe
  C:\Windows\System\UzmiFdZ.exe
  2⤵
  PID:12956
- C:\Windows\System\BNipLhj.exe
  C:\Windows\System\BNipLhj.exe
  2⤵
  PID:12984
- C:\Windows\System\GOAWFiz.exe
  C:\Windows\System\GOAWFiz.exe
  2⤵
  PID:12680
- C:\Windows\System\mdIESKb.exe
  C:\Windows\System\mdIESKb.exe
  2⤵
  PID:12776
- C:\Windows\System\HFFXVQM.exe
  C:\Windows\System\HFFXVQM.exe
  2⤵
  PID:12400
- C:\Windows\System\ONocBlb.exe
  C:\Windows\System\ONocBlb.exe
  2⤵
  PID:3272
- C:\Windows\System\yKISJar.exe
  C:\Windows\System\yKISJar.exe
  2⤵
  PID:3064
- C:\Windows\System\RHCfFYu.exe
  C:\Windows\System\RHCfFYu.exe
  2⤵
  PID:13112
- C:\Windows\System\YPPlnLi.exe
  C:\Windows\System\YPPlnLi.exe
  2⤵
  PID:12792
- C:\Windows\System\UUUZjDv.exe
  C:\Windows\System\UUUZjDv.exe
  2⤵
  PID:13132
- C:\Windows\System\jGBIGEe.exe
  C:\Windows\System\jGBIGEe.exe
  2⤵
  PID:1796
- C:\Windows\System\EuhqXgY.exe
  C:\Windows\System\EuhqXgY.exe
  2⤵
  PID:2372
- C:\Windows\System\WTwmOMJ.exe
  C:\Windows\System\WTwmOMJ.exe
  2⤵
  PID:13300
- C:\Windows\System\JNsanLs.exe
  C:\Windows\System\JNsanLs.exe
  2⤵
  PID:11364
- C:\Windows\System\BuvRnRK.exe
  C:\Windows\System\BuvRnRK.exe
  2⤵
  PID:13304
- C:\Windows\System\zBMiTbz.exe
  C:\Windows\System\zBMiTbz.exe
  2⤵
  PID:12312
- C:\Windows\System\DYSPEWk.exe
  C:\Windows\System\DYSPEWk.exe
  2⤵
  PID:1740
- C:\Windows\System\CigPcZn.exe
  C:\Windows\System\CigPcZn.exe
  2⤵
  PID:4784
- C:\Windows\System\oXgFdYP.exe
  C:\Windows\System\oXgFdYP.exe
  2⤵
  PID:4532
- C:\Windows\System\xTWrBee.exe
  C:\Windows\System\xTWrBee.exe
  2⤵
  PID:12328
- C:\Windows\System\rEyTIiV.exe
  C:\Windows\System\rEyTIiV.exe
  2⤵
  PID:12764
- C:\Windows\System\RRFZUVw.exe
  C:\Windows\System\RRFZUVw.exe
  2⤵
  PID:12828
- C:\Windows\System\TPGRysW.exe
  C:\Windows\System\TPGRysW.exe
  2⤵
  PID:4204
- C:\Windows\System\YtojlsJ.exe
  C:\Windows\System\YtojlsJ.exe
  2⤵
  PID:12936
- C:\Windows\System\Wknkcaj.exe
  C:\Windows\System\Wknkcaj.exe
  2⤵
  PID:4124
- C:\Windows\System\sYcKcTC.exe
  C:\Windows\System\sYcKcTC.exe
  2⤵
  PID:13056
- C:\Windows\System\diHOwnb.exe
  C:\Windows\System\diHOwnb.exe
  2⤵
  PID:13292
- C:\Windows\System\IAEIGPE.exe
  C:\Windows\System\IAEIGPE.exe
  2⤵
  PID:12372
- C:\Windows\System\uzuaIol.exe
  C:\Windows\System\uzuaIol.exe
  2⤵
  PID:2504
- C:\Windows\System\EgZowAE.exe
  C:\Windows\System\EgZowAE.exe
  2⤵
  PID:3244
- C:\Windows\System\kPUIDoh.exe
  C:\Windows\System\kPUIDoh.exe
  2⤵
  PID:13264
- C:\Windows\System\demmkat.exe
  C:\Windows\System\demmkat.exe
  2⤵
  PID:12580
- C:\Windows\System\TYGOjhK.exe
  C:\Windows\System\TYGOjhK.exe
  2⤵
  PID:12628
- C:\Windows\System\Ewfvedx.exe
  C:\Windows\System\Ewfvedx.exe
  2⤵
  PID:2804
- C:\Windows\System\zzyTwiY.exe
  C:\Windows\System\zzyTwiY.exe
  2⤵
  PID:2628
- C:\Windows\System\CqFuOQs.exe
  C:\Windows\System\CqFuOQs.exe
  2⤵
  PID:12952
- C:\Windows\System\oSQGlhr.exe
  C:\Windows\System\oSQGlhr.exe
  2⤵
  PID:13204
- C:\Windows\System\jhPUkaR.exe
  C:\Windows\System\jhPUkaR.exe
  2⤵
  PID:12704
- C:\Windows\System\rRCCbRs.exe
  C:\Windows\System\rRCCbRs.exe
  2⤵
  PID:3652
- C:\Windows\System\OCBWqGG.exe
  C:\Windows\System\OCBWqGG.exe
  2⤵
  PID:13320
- C:\Windows\System\ORIEVoA.exe
  C:\Windows\System\ORIEVoA.exe
  2⤵
  PID:13336
- C:\Windows\System\ICLkVwu.exe
  C:\Windows\System\ICLkVwu.exe
  2⤵
  PID:13352
- C:\Windows\System\wcHANRF.exe
  C:\Windows\System\wcHANRF.exe
  2⤵
  PID:13368
- C:\Windows\System\nqmSUzk.exe
  C:\Windows\System\nqmSUzk.exe
  2⤵
  PID:13384
- C:\Windows\System\lGmBUoO.exe
  C:\Windows\System\lGmBUoO.exe
  2⤵
  PID:13400
- C:\Windows\System\vtujbLq.exe
  C:\Windows\System\vtujbLq.exe
  2⤵
  PID:13416
- C:\Windows\System\RftvOMR.exe
  C:\Windows\System\RftvOMR.exe
  2⤵
  PID:13432
- C:\Windows\System\eiJCGMv.exe
  C:\Windows\System\eiJCGMv.exe
  2⤵
  PID:13448
- C:\Windows\System\KcKcOmL.exe
  C:\Windows\System\KcKcOmL.exe
  2⤵
  PID:13468
- C:\Windows\System\NtCRKsk.exe
  C:\Windows\System\NtCRKsk.exe
  2⤵
  PID:13488
- C:\Windows\System\ZdZknIF.exe
  C:\Windows\System\ZdZknIF.exe
  2⤵
  PID:13504
- C:\Windows\System\IKSvPGB.exe
  C:\Windows\System\IKSvPGB.exe
  2⤵
  PID:13520
- C:\Windows\System\MPqfHED.exe
  C:\Windows\System\MPqfHED.exe
  2⤵
  PID:13536
- C:\Windows\System\zTxDkeB.exe
  C:\Windows\System\zTxDkeB.exe
  2⤵
  PID:13552
- C:\Windows\System\UCOPYmH.exe
  C:\Windows\System\UCOPYmH.exe
  2⤵
  PID:13568
- C:\Windows\System\eWfNeUk.exe
  C:\Windows\System\eWfNeUk.exe
  2⤵
  PID:13592
- C:\Windows\System\dzzWKcb.exe
  C:\Windows\System\dzzWKcb.exe
  2⤵
  PID:13608
- C:\Windows\System\TdzONtc.exe
  C:\Windows\System\TdzONtc.exe
  2⤵
  PID:13636
- C:\Windows\System\QGTtJsx.exe
  C:\Windows\System\QGTtJsx.exe
  2⤵
  PID:13652
- C:\Windows\System\rsXrrpd.exe
  C:\Windows\System\rsXrrpd.exe
  2⤵
  PID:13668
- C:\Windows\System\hHKKDJS.exe
  C:\Windows\System\hHKKDJS.exe
  2⤵
  PID:13684
- C:\Windows\System\VUFebLO.exe
  C:\Windows\System\VUFebLO.exe
  2⤵
  PID:13700
- C:\Windows\System\ECwzfHJ.exe
  C:\Windows\System\ECwzfHJ.exe
  2⤵
  PID:13716
- C:\Windows\System\xxwXUnQ.exe
  C:\Windows\System\xxwXUnQ.exe
  2⤵
  PID:13732
- C:\Windows\System\RYcEcnx.exe
  C:\Windows\System\RYcEcnx.exe
  2⤵
  PID:13748
- C:\Windows\System\qbGdbjh.exe
  C:\Windows\System\qbGdbjh.exe
  2⤵
  PID:13764
- C:\Windows\System\Qcrzbcc.exe
  C:\Windows\System\Qcrzbcc.exe
  2⤵
  PID:13796
- C:\Windows\System\rGNFOLx.exe
  C:\Windows\System\rGNFOLx.exe
  2⤵
  PID:13824
- C:\Windows\System\YSouyMT.exe
  C:\Windows\System\YSouyMT.exe
  2⤵
  PID:13840
- C:\Windows\System\BjicXDc.exe
  C:\Windows\System\BjicXDc.exe
  2⤵
  PID:13856
- C:\Windows\System\xcVUSrC.exe
  C:\Windows\System\xcVUSrC.exe
  2⤵
  PID:13872
- C:\Windows\System\BiJdBdM.exe
  C:\Windows\System\BiJdBdM.exe
  2⤵
  PID:13888
- C:\Windows\System\jdVgZKk.exe
  C:\Windows\System\jdVgZKk.exe
  2⤵
  PID:13916
- C:\Windows\System\qsSYlnu.exe
  C:\Windows\System\qsSYlnu.exe
  2⤵
  PID:13948
- C:\Windows\System\CHtXdBT.exe
  C:\Windows\System\CHtXdBT.exe
  2⤵
  PID:13964
- C:\Windows\System\cDwkjde.exe
  C:\Windows\System\cDwkjde.exe
  2⤵
  PID:13980
- C:\Windows\System\NQwCBjL.exe
  C:\Windows\System\NQwCBjL.exe
  2⤵
  PID:14076
- C:\Windows\System\tGULqwY.exe
  C:\Windows\System\tGULqwY.exe
  2⤵
  PID:14196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ye1lqoui.hf0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AEzQWuR.exe

Filesize
1.7MB

MD5
a81c0fb2551abfbc12b196b5fbc3dfc4

SHA1
65df21653aba3e05ca31aa5ff18fb8abb3f4de68

SHA256
cb72028de16ba2bd9dc17ba5657750cfa4f4bfc1b053f342ff3f3dbc60c3679c

SHA512
3b2dca277ff468737bc2b43a9129bd8dd8d2ffd30cc1500757481da81840ea69aaa4f26f171f13ff8004d4e09c7de8ca459b48084c361db11ec3b4abf6f54ff3

Download Submit
C:\Windows\System\AZzcxDE.exe

Filesize
1.7MB

MD5
26c1564bb7a0e9d9aa68be8278dd5598

SHA1
a4ece440d730264f1180858d4b0b393134611052

SHA256
c6698ac502d97d511cef4bb75b9f0d65da91ead9522a52b59758dbf0fed75ad5

SHA512
82031b7ab04d3296478b313ada7b722805d29c66b6ff6180876f7bb40d74f6a43459ff0cf7574b0c628cec4895b7369d833e92765003af04b086946b5c53e18d

Download Submit
C:\Windows\System\EgdyRpo.exe

Filesize
1.7MB

MD5
b3968671ff3c05ea267212fa2414c53a

SHA1
0ebcef380aa3fac2ef3d34df8d3e2c7df678079f

SHA256
20bf217a1a58ac92f7b562e613cde6875cc3593381d806d97d453530890f606a

SHA512
d9e8bd12c07962982c66b90b317affdef2a0eb41058958bb040fcd4c35a34224528772c8fa5f68a803d3108c7edec912ff5a35e6c2bab8339c5af9153bea85c2

Download Submit
C:\Windows\System\FjRmubj.exe

Filesize
1.7MB

MD5
f580a6fcc0f89202bf4b32d866843339

SHA1
0ed4da57c310e2f595ee6e64a857999988b57d6f

SHA256
05421888b17fc518aaa8d9df841215db2910688a3ad9a482da6cf3c80bbc1b07

SHA512
b4063c32a7ebde35d17e11454fe093da021b896f3d0a454f78b50a57bbeae796a48aa7daf48cd10c1a1358b91800d24bc5348a2bd754589b3d6f669373eb014e

Download Submit
C:\Windows\System\JgphnNB.exe

Filesize
1.7MB

MD5
0ed52e09bea2679a4b66e7456a52cc1c

SHA1
ddbc15129402eb6c843192373e144caa59a93fbc

SHA256
acf935fe97ff34a6d63e3cb12e90ca70b9aa196b27485bda2362acae03e203a9

SHA512
e134761a267c652b09924344d33fc0523245e5a49ddf1b55f16c06ff6105a875623ebc76bdc876424308cbb41f7d97ffaf94eefccd32729c72a9b37a87d48fab

Download Submit
C:\Windows\System\JnvJDPm.exe

Filesize
1.7MB

MD5
6e7acf52c5ca437320211a7b390c6e40

SHA1
3279962670111a6caeacc107732224ed419b550d

SHA256
42499fd98ce37e707ecfb5530b4a1e61054d45913c5d68838d28c10f67125b67

SHA512
e1c6a989dcabcf9add29364cb6819dc9dbf27cea0ba01ce6cf4d1af6fd0f5e74ac74f4faba5639aba744c4129565e770116daba9db20b13e78cef9295306375d

Download Submit
C:\Windows\System\KJzJOBQ.exe

Filesize
1.7MB

MD5
b62c30e27d2430be5102792349dac9b6

SHA1
016d20d6271e2dcea17b0fcd9595e50786df9aa7

SHA256
9785033f6d802881915d3cb4a6b1f7b59410be11f21b800893756bd2dce8d859

SHA512
8c312fd15d6f51bfed90ef975c6895140a2b1445c43c5dff5981da5a07a9343272086813892bf9960f15e715e5a55de00d6d62f06b2f06efcb285355ca15af76

Download Submit
C:\Windows\System\KrgiBBE.exe

Filesize
1.7MB

MD5
1eb30e02dc6a6893d6b023691da6ac89

SHA1
87fd5c9f47cf4ebb8d059156c3aef43918ac71c3

SHA256
987f00da5b95f47b75b64426940e81db5a1c8d4c5ac3eb1b7f77aa2189dac36d

SHA512
8b84ffb3c1e7d5fb1dd85bb769661e1a285a92ca8d16cafb1b4c9991205aab0864f237b9c907c65c4f3648f60109e936d1b1f09c680c5c58b2daa3fb63cab27e

Download Submit
C:\Windows\System\MiPPJTs.exe

Filesize
1.7MB

MD5
3878866ecdc7f59ac8fccf8d8c47ba48

SHA1
18a04c4263ee42a8f0abb488b74cdaeded7d23cc

SHA256
9b5a3092e795396e39645f795a62289467e6ebc7fbbbce9c2987bd779ce926c0

SHA512
7e5c567257d9264c64b9f2373df2581ca87240cb3bf6464d79a40c8d45668c8122564a6b66fbe83944ea79766a529e5e0360fa89478d2dc649fa81e536f2902b

Download Submit
C:\Windows\System\QFLmgSo.exe

Filesize
1.7MB

MD5
44d332172ac5ca2bcb2d3dbe997d3e65

SHA1
11052744589a12026886c408dafaaed5ee0dcf08

SHA256
9517fcabe0a0082467acabd240289a0704e9efd53e6232fd0deaeabcb4395fc4

SHA512
703dab55c853f2b925f36e575fdf41a8c7fb78baaede2cdb83d6f72427132bb635d54e2b238191f763eb439f26825237f62b35282a8fbdecadab071e4fd32703

Download Submit
C:\Windows\System\QRfwTsh.exe

Filesize
1.7MB

MD5
85836e83b152a149e2fe3d7fd4a73a50

SHA1
8cd86260e1d751eb232e6ff6c9de9298f8c62ab0

SHA256
be03cf061a667980986c99e2d2ae91690d7098464dd8edfa2d9c7b13e188c2fc

SHA512
8c8636434ee80ad52ae1855e7e76e0206cd0d323b10ed7a6916c49b7eba571bdfa1a32b8d231e061147c86b6706e192eb67580c86ba7ea94f1db61c56e5bc96b

Download Submit
C:\Windows\System\QxjkewC.exe

Filesize
1.7MB

MD5
502efcc27f2bc749ed3e3a75548dd6b4

SHA1
d2297298406ec4912a355ea6cd4c10652c9d33e9

SHA256
317c6406c1a5039546ca17f4940b6cf6cccc91848c266c8d3acff9a3a4fe8827

SHA512
3ca9e4ef73e4b55f6817599f73f3fb451bfebc1de224ab7f308c9461d2179457cf414f7c1f2e835f538893d4964be6eeb43ca66671c25f91c1b7cf8b16bdae1d

Download Submit
C:\Windows\System\SrrKZQL.exe

Filesize
1.7MB

MD5
39f3f2c32be79d934c711b69a6af0e60

SHA1
7f025154af1f52453e1a17e0c61cb1706ec1b02f

SHA256
2cdba3e1f2b9900c3c5a7e9f95a37170c6f3868f92e2628095745bb60ed3a5f0

SHA512
159445cf8c52e939f675dc1b91a2044d48ec1e98144d809c88f5d1afdb3a94cd81adfecbd449cfb2e913e23e0f634ca81ffe0646ca34ea3ec5299557e74b99cf

Download Submit
C:\Windows\System\UNLNxVT.exe

Filesize
1.7MB

MD5
ab9291a974d80cefbe87fda3af3235f3

SHA1
5291e2c30bf1968a6dc24d4c6aa774a23c170bd9

SHA256
e81fd030f9e4a5d1f6223023b85eb5a08b9c3029b8725baaf055fbdbd0813cc8

SHA512
917203074d10540acee13a3a9ad67728b82896ab6f8e97dda6f8b3ec398556b411bf9ab3bbe79399e04f47dd105692a56d18b7852083101886edc43d0b36f678

Download Submit
C:\Windows\System\WdzlvFM.exe

Filesize
1.7MB

MD5
fd4da9079bc5a95394448ca9687bd251

SHA1
586c41238b734ecf8fa735a24eb5a1702f71fcc5

SHA256
c520adc30114a453c95be38cb94e38011b55e09475d9e171182a0de9f1c160bf

SHA512
0983b74a0065ac013f582fb041c4b86a01a281469d6c8fe2070f5ad4d808bd61954c0613b6d3f108fe949cd43a6e6a970429ca005f833d45c4fdf173b13566f5

Download Submit
C:\Windows\System\Whxotct.exe

Filesize
1.7MB

MD5
c229dd31192a837da6e2e70050979521

SHA1
759ba8c62b7183cfa65ed6e8708f2046ea3cd7f5

SHA256
d241b6cd2d7726a24efc4d9bf520a2e170e063a8829cad335086259a885b4590

SHA512
b1a433571792369893ed59ddea1fd04a88e1434924a8e98500d393284e46aa747e1e41c1cb29108cbe5851927721e38f282b306496c6aca050f79fecc51d68e0

Download Submit
C:\Windows\System\XPfdDst.exe

Filesize
1.7MB

MD5
6209e4ad80e35dab5b023bd1fa05fb7c

SHA1
acd794fc8eff8705058188a6b161f0efda144d62

SHA256
924b9f1f6974d2de04aa2ee5b383f880b4538679cdf74092eeec3d31ea136da9

SHA512
92c3a0498e28aa15f312b258b697d04eb0eecaad138e4aa3001719b3bc837c47b857eb95fba31c12802bafa667f9574dd64e1e3e19619e20e13c22a8305d409f

Download Submit
C:\Windows\System\YNEwmus.exe

Filesize
1.7MB

MD5
520cda740999b9434332e0ed076fbf69

SHA1
3f1d603aaaf8971420a2ab68404f2447956f6df9

SHA256
ebb2361b213ba6209ddfa2d84dfa1b26c5e37e379b1319b84de57daa69987d38

SHA512
e499820b84290048ae1a7aeea3c34fbc100e4768ce140f9101efc239ba7440ecd342d5191bc682992dfb57a7b717e58c4095302007184d0f983c2ac221936a8f

Download Submit
C:\Windows\System\ZxjhjSn.exe

Filesize
1.7MB

MD5
a45f2857ad974eeaa42f0b5eece03f11

SHA1
1ad7281c2940352b0555e7a442a440bd4f70ce31

SHA256
cd37b2f051ae05cf6763e203baae806b4e6b5c8d12c9d83bd8178ad0e6459002

SHA512
13369dab0cfc31f8bf7cf82220c4e0cab2519579306a2e9d84f34ac926a7f65469a616caf4f35dc26ad5f8c85d6a3b72db8eb8ed704f5261b20c7a141ffe7b3f

Download Submit
C:\Windows\System\cDKBlkP.exe

Filesize
1.7MB

MD5
5c4652f863ef62028cac394dc81c58b8

SHA1
dc942bf54604bd1855c34f13f3814d59e521f30d

SHA256
d92b9e10d20fa1f05141e73fc0461c3344258b01171f54f1a026bc3bcf2481ae

SHA512
4f81f390fefb56c4af59a7cd275996b3e03de2736054268e1c65382d1d684834f327a848eadaf3560cdfc48f3ebf17c88e58ea2471786ba99541bff46d7ff2c5

Download Submit
C:\Windows\System\cMKLNID.exe

Filesize
1.7MB

MD5
6b2a5b8d1b53b3a97b0ba3d19c61f103

SHA1
4671bc3e2f74d4066e8592577f3843f1f7ede30a

SHA256
551a3f0a5b2d3c0727ddf787815acc1b73cb6f0ce442ee6cff441b0985eaac03

SHA512
c05d1b83634bcea3f7aa1321b45fd4fc5455496ae429a2a0fbd3662d90332407207c4b1f4de8fde24b9bfce2d435a10f9f637bbc1e545f9dd3431aa55f390076

Download Submit
C:\Windows\System\cTPGNMU.exe

Filesize
1.7MB

MD5
b62d3e3c5f7d5eb7c2527c89c3a56a4d

SHA1
75dd8ec272422b848d1343d9b67a22f5abddbbba

SHA256
3bae75a48dde8a4ca848101d336688255044caf9414873385a7f1f146a581461

SHA512
2025bf3c38dda5fae868a8b034249971c005831b1641633c97e09735ab03767262fc41208e193cdb373242fee8c307f8aa7c8a13e1bdbe3644cbcdf525a632a9

Download Submit
C:\Windows\System\evaYoZH.exe

Filesize
1.7MB

MD5
6851447aedabcf78c04a64ce2fec7882

SHA1
c73528c11204722840fb4c5986c0dbc89ea20269

SHA256
db0e5b018f80212942d0a0adceb5326dde6008aebe7606d6ebfe3715c28e91fe

SHA512
4def232c78ae9bdd5a6cf73bb8bf0a2843be70f26b91ff20f6653326ea649b037d01a3aa65908f4e62f5b6056c0151d119aafdfa750c32256972d511a834977c

Download Submit
C:\Windows\System\gOljREV.exe

Filesize
1.7MB

MD5
a540c5bb0437e003ccc53a1ccf405b11

SHA1
8500733f564383395296171cbba5f290e2d794a0

SHA256
9e0b1648daefc88265c1bfe59f39c4a4968947c01e90aa26f7e67f2a0acee3cb

SHA512
06f40767292d3ce82c7a22ee5aa0c4b151005996d3f9bb54aafaf3118c7f4ae650a5d0be7a33297afada1d21bd91a22803f3301af89bbfb159b256bb752a7276

Download Submit
C:\Windows\System\gyillFP.exe

Filesize
1.7MB

MD5
61645f304822b046921c5c216b078681

SHA1
b756e96308a5a4c9e3efdc982bba48de4103eb10

SHA256
57779e9da82096c4c45a5686662f171150ce1180559c55bc332a144f1f16e5fe

SHA512
f4e7fa56a2b06fd4a77b289c038b0c60cfedeb6363feaf752baeb3fd973e8653bf9af581a9123798442bc7014dff43014541589272cedeca3aa4b93a729f54a7

Download Submit
C:\Windows\System\kloBxIC.exe

Filesize
1.7MB

MD5
b312ea971aafe48213d7f0ecd69a797b

SHA1
1d05c2273b83817068a5dab47f589ad63eea2af6

SHA256
54851458614ac3a73ed660048c159b8c1acdd6a23b5ee99634a3e1a277fdf111

SHA512
b08818a944a849c9248532ef6d9c132743171eb58eec71077d8274fa5179fb4a5ce3f3b1566cb46ff29e24c995de5b5e4c497e9a321ba699db75d38cfec6eda2

Download Submit
C:\Windows\System\nAzyziz.exe

Filesize
1.7MB

MD5
07bbc542b6e1318f3fd38a85390798e1

SHA1
406ffdfe9b9722aaa8cbbf55c795bf4908ee7e24

SHA256
58c3ac0d0727afbdacc8709bd9ad05c660a4c03c6b0af52eaa3c4b999acf29ba

SHA512
a68be3cdf4927b4d6ceeb5303e0d9a607edf3321d48c849567760d49d5a107cfa1a91319a743f118d9dc7cebff0d416641a815323ff2bdbf44a26f9012d0868b

Download Submit
C:\Windows\System\nuxgfAq.exe

Filesize
1.7MB

MD5
73ea3d3ec3c31e489ea04a3f557c2bcb

SHA1
d8c45031931a4b72706c52e6c993e7472b7614d1

SHA256
cbd8fa07842a65b1ffeff63e95d74bf6db442ad509246ddf3c29619d5abaee31

SHA512
24dd11b9655d2bcfec7708e5ec7e845bdfe2061ac0f112e73ca0d0d306d3d44d2dcf5d01bac0773f97f4e5ab4dfddcba3fcf84a4cfe8b31e336bc9c2466c2103

Download Submit
C:\Windows\System\nxgBWPT.exe

Filesize
1.7MB

MD5
30c4658c2e3123f2ac3ec04165c37b3e

SHA1
ab6224aba4811ee7c605f6719f2aa2dc58646604

SHA256
a35d849c39bbb019189ed81695531d9ddd7f6619d180b2f1f9c4eb226d1cf2da

SHA512
176ec0c995cb381113c0c5cb8b9afceff2dd523f6a3197e5c205544e80c33f09f7f65e7eb84a9bbf23afa9b2e7943ae987947ee077ac0f2c00067705e10078a3

Download Submit
C:\Windows\System\oFXGDVD.exe

Filesize
1.7MB

MD5
119d6c3a0a226c3ae4cec16eb468a8d8

SHA1
1b041752721880b933a9f28bf625e31c83e8e3c2

SHA256
211c0a37906bb30af1499054d2a1f5ece651c0ae7043408c6ab81ba671340840

SHA512
6fccd96aa0333cbd7fd81f62fd4fbc52c422bfaee758a17a83ab4499aea112c65f7ebd2b44eec8e6522d34e122ac2242315576ebe4a66c4b63e3074ba0ef025d

Download Submit
C:\Windows\System\ujElzmr.exe

Filesize
1.7MB

MD5
dd62feafa8177c15b5b2ef790de44469

SHA1
cb2de0f2ed7e13b50e9a947299219f29ab08c339

SHA256
e7c582ea0ef754890f47810095a440eb688d68a2027a3ef20d766e766e9f370d

SHA512
503eb2501cfd647a5e5feb238c3bb2e13a03dad5eb856eaed911a23c927a1d561e4ec831fa504fb46b5f5830f89658bf8d2b4db1420409b42f8d39e7d52e618b

Download Submit
C:\Windows\System\vGUDvvP.exe

Filesize
1.7MB

MD5
9436d7ba69ab6f4cb5a8d35cb97242f4

SHA1
f8b81a887f6e290b4c20fb3cca396c85b8fd3829

SHA256
6ae8bb5a766864c359cfa53b31472869850fb3311f53dafee70f8ebb23d37804

SHA512
c065560e742f333309dfc14010f60faa824e40bc5809af782b42430f2d8f3f591965d3773cb7816bf345aae2d994fa46b6002675ce1dd5d7c57070c0b8d067c9

Download Submit
C:\Windows\System\viEVwaq.exe

Filesize
1.7MB

MD5
e4965ee10fc2bb1c3c3fca91e80c71c4

SHA1
847556e4e200b9ab14c3b266c182d1490a5b29aa

SHA256
bb8b4ed629d51d5426348f2baa733747052a8bbc5edfda2616a1326f188c9d5a

SHA512
d1292520781f16400d0f62812a9b2b286da5043e5c4779cc6b80c32fc0becf7689175913f4710781133980d766e34b529afd10a806fda670f4a3e4a0c8534ce2

Download Submit
memory/212-2711-0x00007FF71B600000-0x00007FF71B9F2000-memory.dmp

Filesize
3.9MB

Download
memory/212-96-0x00007FF71B600000-0x00007FF71B9F2000-memory.dmp

Filesize
3.9MB

Download
memory/380-468-0x00007FF7BD940000-0x00007FF7BDD32000-memory.dmp

Filesize
3.9MB

Download
memory/380-2717-0x00007FF7BD940000-0x00007FF7BDD32000-memory.dmp

Filesize
3.9MB

Download
memory/1084-2736-0x00007FF61FA80000-0x00007FF61FE72000-memory.dmp

Filesize
3.9MB

Download
memory/1084-470-0x00007FF61FA80000-0x00007FF61FE72000-memory.dmp

Filesize
3.9MB

Download
memory/1132-84-0x00007FF7774C0000-0x00007FF7778B2000-memory.dmp

Filesize
3.9MB

Download
memory/1132-2707-0x00007FF7774C0000-0x00007FF7778B2000-memory.dmp

Filesize
3.9MB

Download
memory/1172-2704-0x00007FF6DF040000-0x00007FF6DF432000-memory.dmp

Filesize
3.9MB

Download
memory/1172-100-0x00007FF6DF040000-0x00007FF6DF432000-memory.dmp

Filesize
3.9MB

Download
memory/1244-2712-0x00007FF7645F0000-0x00007FF7649E2000-memory.dmp

Filesize
3.9MB

Download
memory/1244-99-0x00007FF7645F0000-0x00007FF7649E2000-memory.dmp

Filesize
3.9MB

Download
memory/1316-2703-0x00007FF745F30000-0x00007FF746322000-memory.dmp

Filesize
3.9MB

Download
memory/1316-85-0x00007FF745F30000-0x00007FF746322000-memory.dmp

Filesize
3.9MB

Download
memory/1620-105-0x00007FF6133A0000-0x00007FF613792000-memory.dmp

Filesize
3.9MB

Download
memory/1620-2714-0x00007FF6133A0000-0x00007FF613792000-memory.dmp

Filesize
3.9MB

Download
memory/1648-21-0x00007FF65F0E0000-0x00007FF65F4D2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-2694-0x00007FF65F0E0000-0x00007FF65F4D2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-2655-0x00007FF65F0E0000-0x00007FF65F4D2000-memory.dmp

Filesize
3.9MB

Download
memory/1656-2700-0x00007FF6137F0000-0x00007FF613BE2000-memory.dmp

Filesize
3.9MB

Download
memory/1656-80-0x00007FF6137F0000-0x00007FF613BE2000-memory.dmp

Filesize
3.9MB

Download
memory/1964-466-0x00007FF695FB0000-0x00007FF6963A2000-memory.dmp

Filesize
3.9MB

Download
memory/1964-2721-0x00007FF695FB0000-0x00007FF6963A2000-memory.dmp

Filesize
3.9MB

Download
memory/2256-108-0x00007FF6440A0000-0x00007FF644492000-memory.dmp

Filesize
3.9MB

Download
memory/2256-2732-0x00007FF6440A0000-0x00007FF644492000-memory.dmp

Filesize
3.9MB

Download
memory/2376-90-0x00007FF7483B0000-0x00007FF7487A2000-memory.dmp

Filesize
3.9MB

Download
memory/2376-2708-0x00007FF7483B0000-0x00007FF7487A2000-memory.dmp

Filesize
3.9MB

Download
memory/2740-2725-0x00007FF6B77A0000-0x00007FF6B7B92000-memory.dmp

Filesize
3.9MB

Download
memory/2740-464-0x00007FF6B77A0000-0x00007FF6B7B92000-memory.dmp

Filesize
3.9MB

Download
memory/2928-111-0x00007FF740130000-0x00007FF740522000-memory.dmp

Filesize
3.9MB

Download
memory/2928-2727-0x00007FF740130000-0x00007FF740522000-memory.dmp

Filesize
3.9MB

Download
memory/2928-2688-0x00007FF740130000-0x00007FF740522000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2728-0x00007FF6991D0000-0x00007FF6995C2000-memory.dmp

Filesize
3.9MB

Download
memory/3160-107-0x00007FF6991D0000-0x00007FF6995C2000-memory.dmp

Filesize
3.9MB

Download
memory/3168-471-0x00007FF7A10D0000-0x00007FF7A14C2000-memory.dmp

Filesize
3.9MB

Download
memory/3168-2734-0x00007FF7A10D0000-0x00007FF7A14C2000-memory.dmp

Filesize
3.9MB

Download
memory/3688-41-0x00007FFDE86B0000-0x00007FFDE9171000-memory.dmp

Filesize
10.8MB

Download
memory/3688-22-0x00007FFDE86B3000-0x00007FFDE86B5000-memory.dmp

Filesize
8KB

Download
memory/3688-342-0x000001D4B2DA0000-0x000001D4B3546000-memory.dmp

Filesize
7.6MB

Download
memory/3688-79-0x000001D4B1EB0000-0x000001D4B1ED2000-memory.dmp

Filesize
136KB

Download
memory/3688-15-0x000001D4B1F30000-0x000001D4B1F40000-memory.dmp

Filesize
64KB

Download
memory/3960-94-0x00007FF7CA310000-0x00007FF7CA702000-memory.dmp

Filesize
3.9MB

Download
memory/3960-2698-0x00007FF7CA310000-0x00007FF7CA702000-memory.dmp

Filesize
3.9MB

Download
memory/4008-2693-0x00007FF68F160000-0x00007FF68F552000-memory.dmp

Filesize
3.9MB

Download
memory/4008-55-0x00007FF68F160000-0x00007FF68F552000-memory.dmp

Filesize
3.9MB

Download
memory/4044-0-0x00007FF6A4AB0000-0x00007FF6A4EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4044-1-0x000001FA0D450000-0x000001FA0D460000-memory.dmp

Filesize
64KB

Download
memory/4044-2651-0x00007FF6A4AB0000-0x00007FF6A4EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4428-469-0x00007FF7F7D90000-0x00007FF7F8182000-memory.dmp

Filesize
3.9MB

Download
memory/4428-2730-0x00007FF7F7D90000-0x00007FF7F8182000-memory.dmp

Filesize
3.9MB

Download
memory/4540-62-0x00007FF7FCC30000-0x00007FF7FD022000-memory.dmp

Filesize
3.9MB

Download
memory/4540-2696-0x00007FF7FCC30000-0x00007FF7FD022000-memory.dmp

Filesize
3.9MB

Download
memory/4764-467-0x00007FF7583F0000-0x00007FF7587E2000-memory.dmp

Filesize
3.9MB

Download
memory/4764-2719-0x00007FF7583F0000-0x00007FF7587E2000-memory.dmp

Filesize
3.9MB

Download
memory/4940-9-0x00007FF738590000-0x00007FF738982000-memory.dmp

Filesize
3.9MB

Download
memory/4940-2654-0x00007FF738590000-0x00007FF738982000-memory.dmp

Filesize
3.9MB

Download
memory/4940-2690-0x00007FF738590000-0x00007FF738982000-memory.dmp

Filesize
3.9MB

Download
memory/4980-2723-0x00007FF684DE0000-0x00007FF6851D2000-memory.dmp

Filesize
3.9MB

Download
memory/4980-465-0x00007FF684DE0000-0x00007FF6851D2000-memory.dmp

Filesize
3.9MB

Download