xmrig | 890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
Size

1.4MB
MD5

3fed9072a544e574681122a129304a20
SHA1

13ace184ab122561117ab9ccc1ab30cfbee32b0a
SHA256

890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e
SHA512

71368eed3bba9c64ecaf5b6a127463198c46d4af4c923d4b5baa2b90d8e8562bfea47dda8e6a5453abfa0f3096f9bd7efccbcfe22e06c0052dbea7ba090c8e3c
SSDEEP

24576:oezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv3zqxG2Z9mILdsD6G:oezaTF8FcNkNdfE0pZ9ozt4wIlMmD

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4712-0-0x00007FF60C1C0000-0x00007FF60C514000-memory.dmp	xmrig
behavioral2/memory/1280-23-0x00007FF68C3F0000-0x00007FF68C744000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-39.dat	xmrig
behavioral2/files/0x000700000002340c-55.dat	xmrig
behavioral2/files/0x0007000000023411-57.dat	xmrig
behavioral2/files/0x0007000000023415-78.dat	xmrig
behavioral2/files/0x0007000000023418-103.dat	xmrig
behavioral2/memory/3456-118-0x00007FF7B2850000-0x00007FF7B2BA4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-147.dat	xmrig
behavioral2/files/0x0007000000023425-168.dat	xmrig
behavioral2/memory/5096-182-0x00007FF782210000-0x00007FF782564000-memory.dmp	xmrig
behavioral2/memory/1248-188-0x00007FF679030000-0x00007FF679384000-memory.dmp	xmrig
behavioral2/memory/1020-193-0x00007FF75E680000-0x00007FF75E9D4000-memory.dmp	xmrig
behavioral2/memory/3856-194-0x00007FF786930000-0x00007FF786C84000-memory.dmp	xmrig
behavioral2/memory/2124-192-0x00007FF71A710000-0x00007FF71AA64000-memory.dmp	xmrig
behavioral2/memory/3448-191-0x00007FF669D60000-0x00007FF66A0B4000-memory.dmp	xmrig
behavioral2/memory/2892-190-0x00007FF605E80000-0x00007FF6061D4000-memory.dmp	xmrig
behavioral2/memory/1180-189-0x00007FF69DAE0000-0x00007FF69DE34000-memory.dmp	xmrig
behavioral2/memory/2744-187-0x00007FF7FBFA0000-0x00007FF7FC2F4000-memory.dmp	xmrig
behavioral2/memory/3648-186-0x00007FF7F0350000-0x00007FF7F06A4000-memory.dmp	xmrig
behavioral2/memory/4560-185-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp	xmrig
behavioral2/memory/1472-184-0x00007FF7D7980000-0x00007FF7D7CD4000-memory.dmp	xmrig
behavioral2/memory/852-183-0x00007FF7B2310000-0x00007FF7B2664000-memory.dmp	xmrig
behavioral2/memory/4412-181-0x00007FF6E4CD0000-0x00007FF6E5024000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-177.dat	xmrig
behavioral2/files/0x0007000000023420-175.dat	xmrig
behavioral2/memory/1440-174-0x00007FF68CBD0000-0x00007FF68CF24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-172.dat	xmrig
behavioral2/files/0x000700000002341f-170.dat	xmrig
behavioral2/files/0x0007000000023424-166.dat	xmrig
behavioral2/files/0x000700000002341e-164.dat	xmrig
behavioral2/memory/1856-163-0x00007FF7BB740000-0x00007FF7BBA94000-memory.dmp	xmrig
behavioral2/memory/4204-162-0x00007FF7F4990000-0x00007FF7F4CE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-160.dat	xmrig
behavioral2/files/0x000700000002341b-154.dat	xmrig
behavioral2/memory/1736-153-0x00007FF6CADD0000-0x00007FF6CB124000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-152.dat	xmrig
behavioral2/files/0x0007000000023422-151.dat	xmrig
behavioral2/files/0x0007000000023419-143.dat	xmrig
behavioral2/files/0x0007000000023417-137.dat	xmrig
behavioral2/files/0x000700000002341c-133.dat	xmrig
behavioral2/files/0x0007000000023416-131.dat	xmrig
behavioral2/files/0x0007000000023413-113.dat	xmrig
behavioral2/memory/4592-106-0x00007FF7A9310000-0x00007FF7A9664000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-92.dat	xmrig
behavioral2/files/0x0007000000023414-90.dat	xmrig
behavioral2/files/0x0007000000023412-88.dat	xmrig
behavioral2/memory/2512-85-0x00007FF65FC50000-0x00007FF65FFA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-97.dat	xmrig
behavioral2/files/0x000700000002340e-71.dat	xmrig
behavioral2/memory/992-68-0x00007FF6CB860000-0x00007FF6CBBB4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-67.dat	xmrig
behavioral2/memory/1544-66-0x00007FF645B90000-0x00007FF645EE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-59.dat	xmrig
behavioral2/memory/3032-58-0x00007FF60AC50000-0x00007FF60AFA4000-memory.dmp	xmrig
behavioral2/memory/3676-47-0x00007FF60D390000-0x00007FF60D6E4000-memory.dmp	xmrig
behavioral2/memory/2424-33-0x00007FF767B40000-0x00007FF767E94000-memory.dmp	xmrig
behavioral2/files/0x000700000002340b-31.dat	xmrig
behavioral2/files/0x0007000000023408-22.dat	xmrig
behavioral2/memory/4016-19-0x00007FF7417B0000-0x00007FF741B04000-memory.dmp	xmrig
behavioral2/memory/4012-13-0x00007FF639A20000-0x00007FF639D74000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-11.dat	xmrig
behavioral2/files/0x0008000000023403-6.dat	xmrig
behavioral2/memory/1280-2293-0x00007FF68C3F0000-0x00007FF68C744000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4012	ZZvhCSQ.exe
4016	QmrCRkl.exe
1280	NpwzgNd.exe
2424	rcWqXTV.exe
2744	BqaXwXb.exe
3676	JBhiJaN.exe
1248	xDapzzI.exe
3032	bjggfAA.exe
1180	DhrhKcF.exe
1544	keMsMAl.exe
992	WWzNpOI.exe
2512	wKcuqBl.exe
2892	muTShDc.exe
3448	XxmfBmJ.exe
4592	yrjoLwm.exe
3456	KtDFoQS.exe
2124	AClBAzO.exe
1736	aXFogdc.exe
4204	itLgBdv.exe
1856	MMUamDg.exe
1440	nfJAeWO.exe
1020	XdqZGrt.exe
4412	wSLuqFv.exe
5096	fiCdPlW.exe
3856	wsrNJFz.exe
852	UagkADO.exe
1472	DdMRsyS.exe
4560	aabYaUz.exe
3648	NQBMnRU.exe
2800	IblnIKt.exe
4960	AtHECHP.exe
4232	SLaevIY.exe
4760	XFrTEXm.exe
2216	zjeLZBD.exe
2040	cEXICCA.exe
612	lvVnvRo.exe
1916	JldrrkH.exe
3572	twZgIFV.exe
4168	yCLnxXo.exe
2664	kWylQDD.exe
2016	JdUxJAV.exe
4964	brQabKl.exe
4984	VEFfdoq.exe
2632	LcKTFsc.exe
1584	RmGDFRi.exe
3740	IzUBZZD.exe
4480	OWtsBIs.exe
5036	dKlTMjU.exe
4452	nxugQji.exe
4524	jPHKGNc.exe
416	MsRwGok.exe
2992	meaFPeM.exe
4100	tDZrjhX.exe
2488	JSSWrvO.exe
3976	xxLpABA.exe
1924	WBbUKTS.exe
892	YyWMurm.exe
1364	zdWYIzS.exe
3704	BuqSDWi.exe
2948	AdEaFqF.exe
2204	uFhijwm.exe
1156	aZezJJb.exe
2960	UDKFOOD.exe
2036	tManyDA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4712-0-0x00007FF60C1C0000-0x00007FF60C514000-memory.dmp	upx
behavioral2/memory/1280-23-0x00007FF68C3F0000-0x00007FF68C744000-memory.dmp	upx
behavioral2/files/0x000700000002340a-39.dat	upx
behavioral2/files/0x000700000002340c-55.dat	upx
behavioral2/files/0x0007000000023411-57.dat	upx
behavioral2/files/0x0007000000023415-78.dat	upx
behavioral2/files/0x0007000000023418-103.dat	upx
behavioral2/memory/3456-118-0x00007FF7B2850000-0x00007FF7B2BA4000-memory.dmp	upx
behavioral2/files/0x000700000002341d-147.dat	upx
behavioral2/files/0x0007000000023425-168.dat	upx
behavioral2/memory/5096-182-0x00007FF782210000-0x00007FF782564000-memory.dmp	upx
behavioral2/memory/1248-188-0x00007FF679030000-0x00007FF679384000-memory.dmp	upx
behavioral2/memory/1020-193-0x00007FF75E680000-0x00007FF75E9D4000-memory.dmp	upx
behavioral2/memory/3856-194-0x00007FF786930000-0x00007FF786C84000-memory.dmp	upx
behavioral2/memory/2124-192-0x00007FF71A710000-0x00007FF71AA64000-memory.dmp	upx
behavioral2/memory/3448-191-0x00007FF669D60000-0x00007FF66A0B4000-memory.dmp	upx
behavioral2/memory/2892-190-0x00007FF605E80000-0x00007FF6061D4000-memory.dmp	upx
behavioral2/memory/1180-189-0x00007FF69DAE0000-0x00007FF69DE34000-memory.dmp	upx
behavioral2/memory/2744-187-0x00007FF7FBFA0000-0x00007FF7FC2F4000-memory.dmp	upx
behavioral2/memory/3648-186-0x00007FF7F0350000-0x00007FF7F06A4000-memory.dmp	upx
behavioral2/memory/4560-185-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp	upx
behavioral2/memory/1472-184-0x00007FF7D7980000-0x00007FF7D7CD4000-memory.dmp	upx
behavioral2/memory/852-183-0x00007FF7B2310000-0x00007FF7B2664000-memory.dmp	upx
behavioral2/memory/4412-181-0x00007FF6E4CD0000-0x00007FF6E5024000-memory.dmp	upx
behavioral2/files/0x0007000000023421-177.dat	upx
behavioral2/files/0x0007000000023420-175.dat	upx
behavioral2/memory/1440-174-0x00007FF68CBD0000-0x00007FF68CF24000-memory.dmp	upx
behavioral2/files/0x0007000000023426-172.dat	upx
behavioral2/files/0x000700000002341f-170.dat	upx
behavioral2/files/0x0007000000023424-166.dat	upx
behavioral2/files/0x000700000002341e-164.dat	upx
behavioral2/memory/1856-163-0x00007FF7BB740000-0x00007FF7BBA94000-memory.dmp	upx
behavioral2/memory/4204-162-0x00007FF7F4990000-0x00007FF7F4CE4000-memory.dmp	upx
behavioral2/files/0x000700000002341a-160.dat	upx
behavioral2/files/0x000700000002341b-154.dat	upx
behavioral2/memory/1736-153-0x00007FF6CADD0000-0x00007FF6CB124000-memory.dmp	upx
behavioral2/files/0x0007000000023423-152.dat	upx
behavioral2/files/0x0007000000023422-151.dat	upx
behavioral2/files/0x0007000000023419-143.dat	upx
behavioral2/files/0x0007000000023417-137.dat	upx
behavioral2/files/0x000700000002341c-133.dat	upx
behavioral2/files/0x0007000000023416-131.dat	upx
behavioral2/files/0x0007000000023413-113.dat	upx
behavioral2/memory/4592-106-0x00007FF7A9310000-0x00007FF7A9664000-memory.dmp	upx
behavioral2/files/0x000700000002340f-92.dat	upx
behavioral2/files/0x0007000000023414-90.dat	upx
behavioral2/files/0x0007000000023412-88.dat	upx
behavioral2/memory/2512-85-0x00007FF65FC50000-0x00007FF65FFA4000-memory.dmp	upx
behavioral2/files/0x0007000000023410-97.dat	upx
behavioral2/files/0x000700000002340e-71.dat	upx
behavioral2/memory/992-68-0x00007FF6CB860000-0x00007FF6CBBB4000-memory.dmp	upx
behavioral2/files/0x0007000000023409-67.dat	upx
behavioral2/memory/1544-66-0x00007FF645B90000-0x00007FF645EE4000-memory.dmp	upx
behavioral2/files/0x000700000002340d-59.dat	upx
behavioral2/memory/3032-58-0x00007FF60AC50000-0x00007FF60AFA4000-memory.dmp	upx
behavioral2/memory/3676-47-0x00007FF60D390000-0x00007FF60D6E4000-memory.dmp	upx
behavioral2/memory/2424-33-0x00007FF767B40000-0x00007FF767E94000-memory.dmp	upx
behavioral2/files/0x000700000002340b-31.dat	upx
behavioral2/files/0x0007000000023408-22.dat	upx
behavioral2/memory/4016-19-0x00007FF7417B0000-0x00007FF741B04000-memory.dmp	upx
behavioral2/memory/4012-13-0x00007FF639A20000-0x00007FF639D74000-memory.dmp	upx
behavioral2/files/0x0007000000023407-11.dat	upx
behavioral2/files/0x0008000000023403-6.dat	upx
behavioral2/memory/1280-2293-0x00007FF68C3F0000-0x00007FF68C744000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ENQQViM.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\vXdlmGQ.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\AkzsYFY.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\jMgfiEA.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\RLAwVqB.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\BilphpR.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\AXocjnw.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\pogZrAb.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\tLlxYJk.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\iFcXpHv.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\RgubUFj.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\CvibGCQ.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\EQYVIOz.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\WQRKoIo.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\dPFggJZ.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\KYhERUE.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\SMqCAYS.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\WZHfYLp.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\xAZDCVQ.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\BXeahUs.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\TddZVbM.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\vdAowJK.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\XGklPsg.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\ccRlhdD.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\soLkzzb.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\mkFLtRh.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\nFMLFUT.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\uTSmxiR.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\yjxVtAx.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\qpqGvMr.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\OOjFepF.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\pGbjliG.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\tiSHaYa.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\mHmYCGf.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\GGvvkad.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\rZdsMxr.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\OOJwpRZ.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\hNKWbeH.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\WWzNpOI.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\GOPKgqZ.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\cVKowPN.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\ZvYkOCO.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\BsKTSpV.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\sCofvip.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\jGRvqZW.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\HmxLppe.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\DDARRzD.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\MDzqjgr.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\kxRbfbh.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\oFTVyqP.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\LZyVrvs.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\nPMdIxi.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\ChmsnrN.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\twVCOEq.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\QQAsqoo.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\dNhxinq.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\WBbUKTS.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\UagkADO.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\oxdLPDv.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\byxCqxf.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\EjUgtjg.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\EVVXEpT.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\eBJELlJ.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
File created	C:\Windows\System\PiamgSo.exe	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4012	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	81
PID 4712 wrote to memory of 4012	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	81
PID 4712 wrote to memory of 4016	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	82
PID 4712 wrote to memory of 4016	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	82
PID 4712 wrote to memory of 1280	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	83
PID 4712 wrote to memory of 1280	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	83
PID 4712 wrote to memory of 3676	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	84
PID 4712 wrote to memory of 3676	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	84
PID 4712 wrote to memory of 2424	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	85
PID 4712 wrote to memory of 2424	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	85
PID 4712 wrote to memory of 2744	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	86
PID 4712 wrote to memory of 2744	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	86
PID 4712 wrote to memory of 1248	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	87
PID 4712 wrote to memory of 1248	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	87
PID 4712 wrote to memory of 3032	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	88
PID 4712 wrote to memory of 3032	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	88
PID 4712 wrote to memory of 1180	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	89
PID 4712 wrote to memory of 1180	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	89
PID 4712 wrote to memory of 1544	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	90
PID 4712 wrote to memory of 1544	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	90
PID 4712 wrote to memory of 992	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	91
PID 4712 wrote to memory of 992	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	91
PID 4712 wrote to memory of 2512	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	92
PID 4712 wrote to memory of 2512	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	92
PID 4712 wrote to memory of 2892	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	93
PID 4712 wrote to memory of 2892	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	93
PID 4712 wrote to memory of 4592	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	94
PID 4712 wrote to memory of 4592	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	94
PID 4712 wrote to memory of 3448	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	95
PID 4712 wrote to memory of 3448	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	95
PID 4712 wrote to memory of 3456	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	96
PID 4712 wrote to memory of 3456	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	96
PID 4712 wrote to memory of 2124	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	97
PID 4712 wrote to memory of 2124	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	97
PID 4712 wrote to memory of 1736	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	98
PID 4712 wrote to memory of 1736	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	98
PID 4712 wrote to memory of 4204	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	99
PID 4712 wrote to memory of 4204	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	99
PID 4712 wrote to memory of 1856	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	100
PID 4712 wrote to memory of 1856	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	100
PID 4712 wrote to memory of 1440	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	101
PID 4712 wrote to memory of 1440	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	101
PID 4712 wrote to memory of 1020	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	102
PID 4712 wrote to memory of 1020	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	102
PID 4712 wrote to memory of 4412	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	103
PID 4712 wrote to memory of 4412	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	103
PID 4712 wrote to memory of 5096	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	104
PID 4712 wrote to memory of 5096	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	104
PID 4712 wrote to memory of 3856	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	105
PID 4712 wrote to memory of 3856	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	105
PID 4712 wrote to memory of 4232	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	106
PID 4712 wrote to memory of 4232	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	106
PID 4712 wrote to memory of 852	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	107
PID 4712 wrote to memory of 852	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	107
PID 4712 wrote to memory of 1472	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	108
PID 4712 wrote to memory of 1472	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	108
PID 4712 wrote to memory of 4560	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	109
PID 4712 wrote to memory of 4560	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	109
PID 4712 wrote to memory of 3648	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	110
PID 4712 wrote to memory of 3648	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	110
PID 4712 wrote to memory of 2800	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	111
PID 4712 wrote to memory of 2800	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	111
PID 4712 wrote to memory of 4960	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	112
PID 4712 wrote to memory of 4960	4712	890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\890c0bc58207ecd7a5ced6651cbfbeb2e7d31db36d5ea7256b3d884b9574c34e_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Windows\System\ZZvhCSQ.exe
  C:\Windows\System\ZZvhCSQ.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\QmrCRkl.exe
  C:\Windows\System\QmrCRkl.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\NpwzgNd.exe
  C:\Windows\System\NpwzgNd.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\JBhiJaN.exe
  C:\Windows\System\JBhiJaN.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\rcWqXTV.exe
  C:\Windows\System\rcWqXTV.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\BqaXwXb.exe
  C:\Windows\System\BqaXwXb.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\xDapzzI.exe
  C:\Windows\System\xDapzzI.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\bjggfAA.exe
  C:\Windows\System\bjggfAA.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\DhrhKcF.exe
  C:\Windows\System\DhrhKcF.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\keMsMAl.exe
  C:\Windows\System\keMsMAl.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\WWzNpOI.exe
  C:\Windows\System\WWzNpOI.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\wKcuqBl.exe
  C:\Windows\System\wKcuqBl.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\muTShDc.exe
  C:\Windows\System\muTShDc.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\yrjoLwm.exe
  C:\Windows\System\yrjoLwm.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\XxmfBmJ.exe
  C:\Windows\System\XxmfBmJ.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\KtDFoQS.exe
  C:\Windows\System\KtDFoQS.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\AClBAzO.exe
  C:\Windows\System\AClBAzO.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\aXFogdc.exe
  C:\Windows\System\aXFogdc.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\itLgBdv.exe
  C:\Windows\System\itLgBdv.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\MMUamDg.exe
  C:\Windows\System\MMUamDg.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\nfJAeWO.exe
  C:\Windows\System\nfJAeWO.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\XdqZGrt.exe
  C:\Windows\System\XdqZGrt.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\wSLuqFv.exe
  C:\Windows\System\wSLuqFv.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\fiCdPlW.exe
  C:\Windows\System\fiCdPlW.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\wsrNJFz.exe
  C:\Windows\System\wsrNJFz.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\SLaevIY.exe
  C:\Windows\System\SLaevIY.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\UagkADO.exe
  C:\Windows\System\UagkADO.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\DdMRsyS.exe
  C:\Windows\System\DdMRsyS.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\aabYaUz.exe
  C:\Windows\System\aabYaUz.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\NQBMnRU.exe
  C:\Windows\System\NQBMnRU.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\IblnIKt.exe
  C:\Windows\System\IblnIKt.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\AtHECHP.exe
  C:\Windows\System\AtHECHP.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\XFrTEXm.exe
  C:\Windows\System\XFrTEXm.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\zjeLZBD.exe
  C:\Windows\System\zjeLZBD.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\cEXICCA.exe
  C:\Windows\System\cEXICCA.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\lvVnvRo.exe
  C:\Windows\System\lvVnvRo.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\JldrrkH.exe
  C:\Windows\System\JldrrkH.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\twZgIFV.exe
  C:\Windows\System\twZgIFV.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\yCLnxXo.exe
  C:\Windows\System\yCLnxXo.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\kWylQDD.exe
  C:\Windows\System\kWylQDD.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\JdUxJAV.exe
  C:\Windows\System\JdUxJAV.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\brQabKl.exe
  C:\Windows\System\brQabKl.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\VEFfdoq.exe
  C:\Windows\System\VEFfdoq.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\LcKTFsc.exe
  C:\Windows\System\LcKTFsc.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\RmGDFRi.exe
  C:\Windows\System\RmGDFRi.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\IzUBZZD.exe
  C:\Windows\System\IzUBZZD.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\OWtsBIs.exe
  C:\Windows\System\OWtsBIs.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\dKlTMjU.exe
  C:\Windows\System\dKlTMjU.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\nxugQji.exe
  C:\Windows\System\nxugQji.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\jPHKGNc.exe
  C:\Windows\System\jPHKGNc.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\MsRwGok.exe
  C:\Windows\System\MsRwGok.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System\meaFPeM.exe
  C:\Windows\System\meaFPeM.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\tDZrjhX.exe
  C:\Windows\System\tDZrjhX.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\JSSWrvO.exe
  C:\Windows\System\JSSWrvO.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\xxLpABA.exe
  C:\Windows\System\xxLpABA.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\WBbUKTS.exe
  C:\Windows\System\WBbUKTS.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\YyWMurm.exe
  C:\Windows\System\YyWMurm.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\zdWYIzS.exe
  C:\Windows\System\zdWYIzS.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\BuqSDWi.exe
  C:\Windows\System\BuqSDWi.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\AdEaFqF.exe
  C:\Windows\System\AdEaFqF.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\uFhijwm.exe
  C:\Windows\System\uFhijwm.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\aZezJJb.exe
  C:\Windows\System\aZezJJb.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\UDKFOOD.exe
  C:\Windows\System\UDKFOOD.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\tManyDA.exe
  C:\Windows\System\tManyDA.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\QNiMjPe.exe
  C:\Windows\System\QNiMjPe.exe
  2⤵
  PID:876
- C:\Windows\System\mXQwqAG.exe
  C:\Windows\System\mXQwqAG.exe
  2⤵
  PID:4936
- C:\Windows\System\nFMLFUT.exe
  C:\Windows\System\nFMLFUT.exe
  2⤵
  PID:4624
- C:\Windows\System\oxdLPDv.exe
  C:\Windows\System\oxdLPDv.exe
  2⤵
  PID:4428
- C:\Windows\System\bBCckWd.exe
  C:\Windows\System\bBCckWd.exe
  2⤵
  PID:1516
- C:\Windows\System\VhyKMtS.exe
  C:\Windows\System\VhyKMtS.exe
  2⤵
  PID:2784
- C:\Windows\System\KwCqXiq.exe
  C:\Windows\System\KwCqXiq.exe
  2⤵
  PID:1084
- C:\Windows\System\cXFQhmb.exe
  C:\Windows\System\cXFQhmb.exe
  2⤵
  PID:644
- C:\Windows\System\rhlgtoQ.exe
  C:\Windows\System\rhlgtoQ.exe
  2⤵
  PID:632
- C:\Windows\System\fntifvi.exe
  C:\Windows\System\fntifvi.exe
  2⤵
  PID:2604
- C:\Windows\System\joilRHb.exe
  C:\Windows\System\joilRHb.exe
  2⤵
  PID:2468
- C:\Windows\System\FVfuDtK.exe
  C:\Windows\System\FVfuDtK.exe
  2⤵
  PID:4636
- C:\Windows\System\kddFhYU.exe
  C:\Windows\System\kddFhYU.exe
  2⤵
  PID:4844
- C:\Windows\System\qJZhwlx.exe
  C:\Windows\System\qJZhwlx.exe
  2⤵
  PID:1488
- C:\Windows\System\bMaWAjp.exe
  C:\Windows\System\bMaWAjp.exe
  2⤵
  PID:2856
- C:\Windows\System\tCdbrvX.exe
  C:\Windows\System\tCdbrvX.exe
  2⤵
  PID:3920
- C:\Windows\System\AXocjnw.exe
  C:\Windows\System\AXocjnw.exe
  2⤵
  PID:1552
- C:\Windows\System\moewTUi.exe
  C:\Windows\System\moewTUi.exe
  2⤵
  PID:216
- C:\Windows\System\fHpIFYQ.exe
  C:\Windows\System\fHpIFYQ.exe
  2⤵
  PID:5020
- C:\Windows\System\tKGsvFB.exe
  C:\Windows\System\tKGsvFB.exe
  2⤵
  PID:4388
- C:\Windows\System\MiRUFHJ.exe
  C:\Windows\System\MiRUFHJ.exe
  2⤵
  PID:1320
- C:\Windows\System\UxbDzRw.exe
  C:\Windows\System\UxbDzRw.exe
  2⤵
  PID:1384
- C:\Windows\System\vdAowJK.exe
  C:\Windows\System\vdAowJK.exe
  2⤵
  PID:2192
- C:\Windows\System\aKUbTKq.exe
  C:\Windows\System\aKUbTKq.exe
  2⤵
  PID:3624
- C:\Windows\System\mHmYCGf.exe
  C:\Windows\System\mHmYCGf.exe
  2⤵
  PID:1560
- C:\Windows\System\UdFzkiD.exe
  C:\Windows\System\UdFzkiD.exe
  2⤵
  PID:1668
- C:\Windows\System\XWobjvq.exe
  C:\Windows\System\XWobjvq.exe
  2⤵
  PID:4448
- C:\Windows\System\yXtuELx.exe
  C:\Windows\System\yXtuELx.exe
  2⤵
  PID:1804
- C:\Windows\System\psdQDvn.exe
  C:\Windows\System\psdQDvn.exe
  2⤵
  PID:1688
- C:\Windows\System\jpsaGTM.exe
  C:\Windows\System\jpsaGTM.exe
  2⤵
  PID:4912
- C:\Windows\System\dLqVcmu.exe
  C:\Windows\System\dLqVcmu.exe
  2⤵
  PID:348
- C:\Windows\System\iJsvqPR.exe
  C:\Windows\System\iJsvqPR.exe
  2⤵
  PID:2984
- C:\Windows\System\WdknPVT.exe
  C:\Windows\System\WdknPVT.exe
  2⤵
  PID:2968
- C:\Windows\System\pKaGcME.exe
  C:\Windows\System\pKaGcME.exe
  2⤵
  PID:3432
- C:\Windows\System\CleXJvy.exe
  C:\Windows\System\CleXJvy.exe
  2⤵
  PID:1252
- C:\Windows\System\jrjxKwa.exe
  C:\Windows\System\jrjxKwa.exe
  2⤵
  PID:5080
- C:\Windows\System\oWyOpRZ.exe
  C:\Windows\System\oWyOpRZ.exe
  2⤵
  PID:1588
- C:\Windows\System\NDjMBha.exe
  C:\Windows\System\NDjMBha.exe
  2⤵
  PID:2356
- C:\Windows\System\phfnXWv.exe
  C:\Windows\System\phfnXWv.exe
  2⤵
  PID:628
- C:\Windows\System\eoHnEkF.exe
  C:\Windows\System\eoHnEkF.exe
  2⤵
  PID:3280
- C:\Windows\System\TrLezMp.exe
  C:\Windows\System\TrLezMp.exe
  2⤵
  PID:1660
- C:\Windows\System\NwDkZmv.exe
  C:\Windows\System\NwDkZmv.exe
  2⤵
  PID:3924
- C:\Windows\System\kCdMBCn.exe
  C:\Windows\System\kCdMBCn.exe
  2⤵
  PID:2460
- C:\Windows\System\myqKhDr.exe
  C:\Windows\System\myqKhDr.exe
  2⤵
  PID:1144
- C:\Windows\System\fSbLCIu.exe
  C:\Windows\System\fSbLCIu.exe
  2⤵
  PID:5152
- C:\Windows\System\yIPxlhz.exe
  C:\Windows\System\yIPxlhz.exe
  2⤵
  PID:5184
- C:\Windows\System\WKosBqo.exe
  C:\Windows\System\WKosBqo.exe
  2⤵
  PID:5200
- C:\Windows\System\mDBFPWk.exe
  C:\Windows\System\mDBFPWk.exe
  2⤵
  PID:5228
- C:\Windows\System\XfUcgMk.exe
  C:\Windows\System\XfUcgMk.exe
  2⤵
  PID:5256
- C:\Windows\System\nmEwfqa.exe
  C:\Windows\System\nmEwfqa.exe
  2⤵
  PID:5280
- C:\Windows\System\GGvvkad.exe
  C:\Windows\System\GGvvkad.exe
  2⤵
  PID:5308
- C:\Windows\System\XByMGes.exe
  C:\Windows\System\XByMGes.exe
  2⤵
  PID:5332
- C:\Windows\System\wOCARSp.exe
  C:\Windows\System\wOCARSp.exe
  2⤵
  PID:5352
- C:\Windows\System\WLRdOHY.exe
  C:\Windows\System\WLRdOHY.exe
  2⤵
  PID:5384
- C:\Windows\System\SnYWBFY.exe
  C:\Windows\System\SnYWBFY.exe
  2⤵
  PID:5412
- C:\Windows\System\ZGsskGy.exe
  C:\Windows\System\ZGsskGy.exe
  2⤵
  PID:5444
- C:\Windows\System\AXtGqDQ.exe
  C:\Windows\System\AXtGqDQ.exe
  2⤵
  PID:5476
- C:\Windows\System\wzHORuT.exe
  C:\Windows\System\wzHORuT.exe
  2⤵
  PID:5500
- C:\Windows\System\XpzrhrV.exe
  C:\Windows\System\XpzrhrV.exe
  2⤵
  PID:5528
- C:\Windows\System\OdWWUPB.exe
  C:\Windows\System\OdWWUPB.exe
  2⤵
  PID:5556
- C:\Windows\System\vJDFeSL.exe
  C:\Windows\System\vJDFeSL.exe
  2⤵
  PID:5576
- C:\Windows\System\ndFMXaR.exe
  C:\Windows\System\ndFMXaR.exe
  2⤵
  PID:5600
- C:\Windows\System\pcpIewA.exe
  C:\Windows\System\pcpIewA.exe
  2⤵
  PID:5632
- C:\Windows\System\bMhXOsg.exe
  C:\Windows\System\bMhXOsg.exe
  2⤵
  PID:5660
- C:\Windows\System\jVBpOmH.exe
  C:\Windows\System\jVBpOmH.exe
  2⤵
  PID:5688
- C:\Windows\System\ZkDOPdv.exe
  C:\Windows\System\ZkDOPdv.exe
  2⤵
  PID:5720
- C:\Windows\System\ijzERAl.exe
  C:\Windows\System\ijzERAl.exe
  2⤵
  PID:5740
- C:\Windows\System\KxhePTp.exe
  C:\Windows\System\KxhePTp.exe
  2⤵
  PID:5776
- C:\Windows\System\kwRktHJ.exe
  C:\Windows\System\kwRktHJ.exe
  2⤵
  PID:5796
- C:\Windows\System\YBHLeXr.exe
  C:\Windows\System\YBHLeXr.exe
  2⤵
  PID:5824
- C:\Windows\System\rKqSrUG.exe
  C:\Windows\System\rKqSrUG.exe
  2⤵
  PID:5852
- C:\Windows\System\LCZIqRi.exe
  C:\Windows\System\LCZIqRi.exe
  2⤵
  PID:5884
- C:\Windows\System\THsoGfe.exe
  C:\Windows\System\THsoGfe.exe
  2⤵
  PID:5908
- C:\Windows\System\gEyESja.exe
  C:\Windows\System\gEyESja.exe
  2⤵
  PID:5936
- C:\Windows\System\pGbjliG.exe
  C:\Windows\System\pGbjliG.exe
  2⤵
  PID:5968
- C:\Windows\System\CtUAOwC.exe
  C:\Windows\System\CtUAOwC.exe
  2⤵
  PID:5996
- C:\Windows\System\PfFPEug.exe
  C:\Windows\System\PfFPEug.exe
  2⤵
  PID:6024
- C:\Windows\System\yFExnlW.exe
  C:\Windows\System\yFExnlW.exe
  2⤵
  PID:6052
- C:\Windows\System\bBLzIaV.exe
  C:\Windows\System\bBLzIaV.exe
  2⤵
  PID:6072
- C:\Windows\System\cvBtNPZ.exe
  C:\Windows\System\cvBtNPZ.exe
  2⤵
  PID:6104
- C:\Windows\System\wxMocmC.exe
  C:\Windows\System\wxMocmC.exe
  2⤵
  PID:6128
- C:\Windows\System\bJGXmzZ.exe
  C:\Windows\System\bJGXmzZ.exe
  2⤵
  PID:1368
- C:\Windows\System\yfndxYd.exe
  C:\Windows\System\yfndxYd.exe
  2⤵
  PID:5132
- C:\Windows\System\jKENWHN.exe
  C:\Windows\System\jKENWHN.exe
  2⤵
  PID:5168
- C:\Windows\System\mhYFzlJ.exe
  C:\Windows\System\mhYFzlJ.exe
  2⤵
  PID:640
- C:\Windows\System\BmYcbuG.exe
  C:\Windows\System\BmYcbuG.exe
  2⤵
  PID:5224
- C:\Windows\System\yldADcs.exe
  C:\Windows\System\yldADcs.exe
  2⤵
  PID:5344
- C:\Windows\System\OplNWIe.exe
  C:\Windows\System\OplNWIe.exe
  2⤵
  PID:5428
- C:\Windows\System\MSChVZv.exe
  C:\Windows\System\MSChVZv.exe
  2⤵
  PID:5456
- C:\Windows\System\LCDMWSK.exe
  C:\Windows\System\LCDMWSK.exe
  2⤵
  PID:5496
- C:\Windows\System\wIDcdtk.exe
  C:\Windows\System\wIDcdtk.exe
  2⤵
  PID:5568
- C:\Windows\System\FFKJRPa.exe
  C:\Windows\System\FFKJRPa.exe
  2⤵
  PID:5608
- C:\Windows\System\KePwdgo.exe
  C:\Windows\System\KePwdgo.exe
  2⤵
  PID:5644
- C:\Windows\System\lPAjLwf.exe
  C:\Windows\System\lPAjLwf.exe
  2⤵
  PID:5764
- C:\Windows\System\qdXtxtG.exe
  C:\Windows\System\qdXtxtG.exe
  2⤵
  PID:5848
- C:\Windows\System\mEQyRFT.exe
  C:\Windows\System\mEQyRFT.exe
  2⤵
  PID:5816
- C:\Windows\System\AWymGmL.exe
  C:\Windows\System\AWymGmL.exe
  2⤵
  PID:5924
- C:\Windows\System\qIImacW.exe
  C:\Windows\System\qIImacW.exe
  2⤵
  PID:6040
- C:\Windows\System\fBYOPqg.exe
  C:\Windows\System\fBYOPqg.exe
  2⤵
  PID:6012
- C:\Windows\System\BUhxzST.exe
  C:\Windows\System\BUhxzST.exe
  2⤵
  PID:4880
- C:\Windows\System\oFTVyqP.exe
  C:\Windows\System\oFTVyqP.exe
  2⤵
  PID:4804
- C:\Windows\System\gMqeIoH.exe
  C:\Windows\System\gMqeIoH.exe
  2⤵
  PID:1932
- C:\Windows\System\HWAeLrE.exe
  C:\Windows\System\HWAeLrE.exe
  2⤵
  PID:5324
- C:\Windows\System\uBSBHiZ.exe
  C:\Windows\System\uBSBHiZ.exe
  2⤵
  PID:5440
- C:\Windows\System\YDeeGiQ.exe
  C:\Windows\System\YDeeGiQ.exe
  2⤵
  PID:5704
- C:\Windows\System\FDlvAzX.exe
  C:\Windows\System\FDlvAzX.exe
  2⤵
  PID:5804
- C:\Windows\System\xYUNwVo.exe
  C:\Windows\System\xYUNwVo.exe
  2⤵
  PID:6004
- C:\Windows\System\lhnLWSc.exe
  C:\Windows\System\lhnLWSc.exe
  2⤵
  PID:3352
- C:\Windows\System\YGjIvVm.exe
  C:\Windows\System\YGjIvVm.exe
  2⤵
  PID:5564
- C:\Windows\System\TuycKVm.exe
  C:\Windows\System\TuycKVm.exe
  2⤵
  PID:5648
- C:\Windows\System\uLMaqTX.exe
  C:\Windows\System\uLMaqTX.exe
  2⤵
  PID:5840
- C:\Windows\System\IOWMFWo.exe
  C:\Windows\System\IOWMFWo.exe
  2⤵
  PID:5672
- C:\Windows\System\OyCexlh.exe
  C:\Windows\System\OyCexlh.exe
  2⤵
  PID:6160
- C:\Windows\System\hwjeHgm.exe
  C:\Windows\System\hwjeHgm.exe
  2⤵
  PID:6188
- C:\Windows\System\VMEqexT.exe
  C:\Windows\System\VMEqexT.exe
  2⤵
  PID:6212
- C:\Windows\System\IZfmWlf.exe
  C:\Windows\System\IZfmWlf.exe
  2⤵
  PID:6244
- C:\Windows\System\ZMOAPhn.exe
  C:\Windows\System\ZMOAPhn.exe
  2⤵
  PID:6276
- C:\Windows\System\uNAzuCS.exe
  C:\Windows\System\uNAzuCS.exe
  2⤵
  PID:6296
- C:\Windows\System\LZyVrvs.exe
  C:\Windows\System\LZyVrvs.exe
  2⤵
  PID:6324
- C:\Windows\System\OHssViu.exe
  C:\Windows\System\OHssViu.exe
  2⤵
  PID:6348
- C:\Windows\System\jVdSjeI.exe
  C:\Windows\System\jVdSjeI.exe
  2⤵
  PID:6372
- C:\Windows\System\KgyjCiE.exe
  C:\Windows\System\KgyjCiE.exe
  2⤵
  PID:6396
- C:\Windows\System\mrnXLZE.exe
  C:\Windows\System\mrnXLZE.exe
  2⤵
  PID:6424
- C:\Windows\System\OvnTAuw.exe
  C:\Windows\System\OvnTAuw.exe
  2⤵
  PID:6444
- C:\Windows\System\AsMHqlU.exe
  C:\Windows\System\AsMHqlU.exe
  2⤵
  PID:6480
- C:\Windows\System\ehZPfrJ.exe
  C:\Windows\System\ehZPfrJ.exe
  2⤵
  PID:6500
- C:\Windows\System\iehdFBn.exe
  C:\Windows\System\iehdFBn.exe
  2⤵
  PID:6528
- C:\Windows\System\uTSmxiR.exe
  C:\Windows\System\uTSmxiR.exe
  2⤵
  PID:6556
- C:\Windows\System\tDqJvQW.exe
  C:\Windows\System\tDqJvQW.exe
  2⤵
  PID:6584
- C:\Windows\System\LshHfYx.exe
  C:\Windows\System\LshHfYx.exe
  2⤵
  PID:6612
- C:\Windows\System\jBsdhVw.exe
  C:\Windows\System\jBsdhVw.exe
  2⤵
  PID:6636
- C:\Windows\System\AbBrMTR.exe
  C:\Windows\System\AbBrMTR.exe
  2⤵
  PID:6660
- C:\Windows\System\cTjTqBd.exe
  C:\Windows\System\cTjTqBd.exe
  2⤵
  PID:6684
- C:\Windows\System\ordHCbj.exe
  C:\Windows\System\ordHCbj.exe
  2⤵
  PID:6708
- C:\Windows\System\XtrDOpd.exe
  C:\Windows\System\XtrDOpd.exe
  2⤵
  PID:6736
- C:\Windows\System\joIAXWe.exe
  C:\Windows\System\joIAXWe.exe
  2⤵
  PID:6756
- C:\Windows\System\yJPPsNT.exe
  C:\Windows\System\yJPPsNT.exe
  2⤵
  PID:6788
- C:\Windows\System\zLZHkIM.exe
  C:\Windows\System\zLZHkIM.exe
  2⤵
  PID:6812
- C:\Windows\System\xXDoXRJ.exe
  C:\Windows\System\xXDoXRJ.exe
  2⤵
  PID:6844
- C:\Windows\System\fHxYKGo.exe
  C:\Windows\System\fHxYKGo.exe
  2⤵
  PID:6876
- C:\Windows\System\oYVRPlk.exe
  C:\Windows\System\oYVRPlk.exe
  2⤵
  PID:6908
- C:\Windows\System\mVTHnoC.exe
  C:\Windows\System\mVTHnoC.exe
  2⤵
  PID:6932
- C:\Windows\System\byxCqxf.exe
  C:\Windows\System\byxCqxf.exe
  2⤵
  PID:6960
- C:\Windows\System\imocQkE.exe
  C:\Windows\System\imocQkE.exe
  2⤵
  PID:6992
- C:\Windows\System\nwpvCsu.exe
  C:\Windows\System\nwpvCsu.exe
  2⤵
  PID:7012
- C:\Windows\System\BYRjQgY.exe
  C:\Windows\System\BYRjQgY.exe
  2⤵
  PID:7044
- C:\Windows\System\OfCalGL.exe
  C:\Windows\System\OfCalGL.exe
  2⤵
  PID:7076
- C:\Windows\System\LbzAbsQ.exe
  C:\Windows\System\LbzAbsQ.exe
  2⤵
  PID:7100
- C:\Windows\System\NiyhdIW.exe
  C:\Windows\System\NiyhdIW.exe
  2⤵
  PID:7124
- C:\Windows\System\FpNPIGn.exe
  C:\Windows\System\FpNPIGn.exe
  2⤵
  PID:7152
- C:\Windows\System\Urfusuk.exe
  C:\Windows\System\Urfusuk.exe
  2⤵
  PID:5900
- C:\Windows\System\kDcclSz.exe
  C:\Windows\System\kDcclSz.exe
  2⤵
  PID:6172
- C:\Windows\System\NXGxpAB.exe
  C:\Windows\System\NXGxpAB.exe
  2⤵
  PID:6228
- C:\Windows\System\onoCrKV.exe
  C:\Windows\System\onoCrKV.exe
  2⤵
  PID:6336
- C:\Windows\System\iaYoHwm.exe
  C:\Windows\System\iaYoHwm.exe
  2⤵
  PID:6452
- C:\Windows\System\cFRigia.exe
  C:\Windows\System\cFRigia.exe
  2⤵
  PID:6568
- C:\Windows\System\JPLJKdm.exe
  C:\Windows\System\JPLJKdm.exe
  2⤵
  PID:6648
- C:\Windows\System\aykxSwd.exe
  C:\Windows\System\aykxSwd.exe
  2⤵
  PID:6592
- C:\Windows\System\KYhERUE.exe
  C:\Windows\System\KYhERUE.exe
  2⤵
  PID:6732
- C:\Windows\System\IbHeVbu.exe
  C:\Windows\System\IbHeVbu.exe
  2⤵
  PID:6676
- C:\Windows\System\GxtKcOp.exe
  C:\Windows\System\GxtKcOp.exe
  2⤵
  PID:6920
- C:\Windows\System\giRitNp.exe
  C:\Windows\System\giRitNp.exe
  2⤵
  PID:6956
- C:\Windows\System\EQYVIOz.exe
  C:\Windows\System\EQYVIOz.exe
  2⤵
  PID:6984
- C:\Windows\System\TKwUtmS.exe
  C:\Windows\System\TKwUtmS.exe
  2⤵
  PID:7088
- C:\Windows\System\qTaYrsb.exe
  C:\Windows\System\qTaYrsb.exe
  2⤵
  PID:7004
- C:\Windows\System\TeWyIyG.exe
  C:\Windows\System\TeWyIyG.exe
  2⤵
  PID:7148
- C:\Windows\System\WQRKoIo.exe
  C:\Windows\System\WQRKoIo.exe
  2⤵
  PID:7136
- C:\Windows\System\bhXLGxJ.exe
  C:\Windows\System\bhXLGxJ.exe
  2⤵
  PID:6540
- C:\Windows\System\qwxUHUm.exe
  C:\Windows\System\qwxUHUm.exe
  2⤵
  PID:6520
- C:\Windows\System\mfNlyYr.exe
  C:\Windows\System\mfNlyYr.exe
  2⤵
  PID:6668
- C:\Windows\System\QgtCbFe.exe
  C:\Windows\System\QgtCbFe.exe
  2⤵
  PID:6548
- C:\Windows\System\jJRjCoM.exe
  C:\Windows\System\jJRjCoM.exe
  2⤵
  PID:6752
- C:\Windows\System\SYKoYjL.exe
  C:\Windows\System\SYKoYjL.exe
  2⤵
  PID:6208
- C:\Windows\System\ZupllPb.exe
  C:\Windows\System\ZupllPb.exe
  2⤵
  PID:7176
- C:\Windows\System\dRsGJwo.exe
  C:\Windows\System\dRsGJwo.exe
  2⤵
  PID:7212
- C:\Windows\System\MWHCPUl.exe
  C:\Windows\System\MWHCPUl.exe
  2⤵
  PID:7240
- C:\Windows\System\JddZYZs.exe
  C:\Windows\System\JddZYZs.exe
  2⤵
  PID:7268
- C:\Windows\System\kxRbfbh.exe
  C:\Windows\System\kxRbfbh.exe
  2⤵
  PID:7324
- C:\Windows\System\aBndLVp.exe
  C:\Windows\System\aBndLVp.exe
  2⤵
  PID:7356
- C:\Windows\System\pHMOXEN.exe
  C:\Windows\System\pHMOXEN.exe
  2⤵
  PID:7380
- C:\Windows\System\rZdsMxr.exe
  C:\Windows\System\rZdsMxr.exe
  2⤵
  PID:7412
- C:\Windows\System\CYsXwIy.exe
  C:\Windows\System\CYsXwIy.exe
  2⤵
  PID:7436
- C:\Windows\System\LtlyCRp.exe
  C:\Windows\System\LtlyCRp.exe
  2⤵
  PID:7460
- C:\Windows\System\hHLsNsv.exe
  C:\Windows\System\hHLsNsv.exe
  2⤵
  PID:7492
- C:\Windows\System\CAGlHAY.exe
  C:\Windows\System\CAGlHAY.exe
  2⤵
  PID:7516
- C:\Windows\System\ujAdHzG.exe
  C:\Windows\System\ujAdHzG.exe
  2⤵
  PID:7544
- C:\Windows\System\nNifxxo.exe
  C:\Windows\System\nNifxxo.exe
  2⤵
  PID:7568
- C:\Windows\System\HJOHVxB.exe
  C:\Windows\System\HJOHVxB.exe
  2⤵
  PID:7596
- C:\Windows\System\wTPacpa.exe
  C:\Windows\System\wTPacpa.exe
  2⤵
  PID:7624
- C:\Windows\System\azyQEKA.exe
  C:\Windows\System\azyQEKA.exe
  2⤵
  PID:7656
- C:\Windows\System\PeVxpCJ.exe
  C:\Windows\System\PeVxpCJ.exe
  2⤵
  PID:7688
- C:\Windows\System\SMqCAYS.exe
  C:\Windows\System\SMqCAYS.exe
  2⤵
  PID:7716
- C:\Windows\System\fPLiJKM.exe
  C:\Windows\System\fPLiJKM.exe
  2⤵
  PID:7748
- C:\Windows\System\tzeVHvo.exe
  C:\Windows\System\tzeVHvo.exe
  2⤵
  PID:7776
- C:\Windows\System\eOsykEb.exe
  C:\Windows\System\eOsykEb.exe
  2⤵
  PID:7800
- C:\Windows\System\WFbbPxv.exe
  C:\Windows\System\WFbbPxv.exe
  2⤵
  PID:7828
- C:\Windows\System\wtcmTMf.exe
  C:\Windows\System\wtcmTMf.exe
  2⤵
  PID:7856
- C:\Windows\System\TprMHrR.exe
  C:\Windows\System\TprMHrR.exe
  2⤵
  PID:7888
- C:\Windows\System\jGRvqZW.exe
  C:\Windows\System\jGRvqZW.exe
  2⤵
  PID:7916
- C:\Windows\System\petdnUq.exe
  C:\Windows\System\petdnUq.exe
  2⤵
  PID:7932
- C:\Windows\System\RVnkUaV.exe
  C:\Windows\System\RVnkUaV.exe
  2⤵
  PID:7964
- C:\Windows\System\zCOVxHW.exe
  C:\Windows\System\zCOVxHW.exe
  2⤵
  PID:7996
- C:\Windows\System\mrFleWC.exe
  C:\Windows\System\mrFleWC.exe
  2⤵
  PID:8020
- C:\Windows\System\fuSzYMp.exe
  C:\Windows\System\fuSzYMp.exe
  2⤵
  PID:8048
- C:\Windows\System\jwbICGJ.exe
  C:\Windows\System\jwbICGJ.exe
  2⤵
  PID:8080
- C:\Windows\System\ZDrKkOU.exe
  C:\Windows\System\ZDrKkOU.exe
  2⤵
  PID:8100
- C:\Windows\System\iFcXpHv.exe
  C:\Windows\System\iFcXpHv.exe
  2⤵
  PID:8124
- C:\Windows\System\BBSuVyL.exe
  C:\Windows\System\BBSuVyL.exe
  2⤵
  PID:8152
- C:\Windows\System\BpqMByU.exe
  C:\Windows\System\BpqMByU.exe
  2⤵
  PID:8188
- C:\Windows\System\CvibGCQ.exe
  C:\Windows\System\CvibGCQ.exe
  2⤵
  PID:7120
- C:\Windows\System\oJlPQQS.exe
  C:\Windows\System\oJlPQQS.exe
  2⤵
  PID:7220
- C:\Windows\System\clOJGcR.exe
  C:\Windows\System\clOJGcR.exe
  2⤵
  PID:6976
- C:\Windows\System\HruhSEQ.exe
  C:\Windows\System\HruhSEQ.exe
  2⤵
  PID:7248
- C:\Windows\System\VxDoKyS.exe
  C:\Windows\System\VxDoKyS.exe
  2⤵
  PID:7188
- C:\Windows\System\GZKWurz.exe
  C:\Windows\System\GZKWurz.exe
  2⤵
  PID:7292
- C:\Windows\System\XJJKXiE.exe
  C:\Windows\System\XJJKXiE.exe
  2⤵
  PID:7424
- C:\Windows\System\mJTOgGd.exe
  C:\Windows\System\mJTOgGd.exe
  2⤵
  PID:7400
- C:\Windows\System\DqPcHwe.exe
  C:\Windows\System\DqPcHwe.exe
  2⤵
  PID:7540
- C:\Windows\System\GfEwMYo.exe
  C:\Windows\System\GfEwMYo.exe
  2⤵
  PID:7512
- C:\Windows\System\SqfJAoJ.exe
  C:\Windows\System\SqfJAoJ.exe
  2⤵
  PID:7616
- C:\Windows\System\ZzpWuUV.exe
  C:\Windows\System\ZzpWuUV.exe
  2⤵
  PID:7680
- C:\Windows\System\omRFinN.exe
  C:\Windows\System\omRFinN.exe
  2⤵
  PID:7848
- C:\Windows\System\nwwYeiy.exe
  C:\Windows\System\nwwYeiy.exe
  2⤵
  PID:7796
- C:\Windows\System\HYICDCl.exe
  C:\Windows\System\HYICDCl.exe
  2⤵
  PID:7952
- C:\Windows\System\vtQQbFP.exe
  C:\Windows\System\vtQQbFP.exe
  2⤵
  PID:7928
- C:\Windows\System\zOJaOfc.exe
  C:\Windows\System\zOJaOfc.exe
  2⤵
  PID:8008
- C:\Windows\System\sPLUZnf.exe
  C:\Windows\System\sPLUZnf.exe
  2⤵
  PID:8116
- C:\Windows\System\UlIYtGg.exe
  C:\Windows\System\UlIYtGg.exe
  2⤵
  PID:8136
- C:\Windows\System\yJAMnwe.exe
  C:\Windows\System\yJAMnwe.exe
  2⤵
  PID:6724
- C:\Windows\System\OBKVCPk.exe
  C:\Windows\System\OBKVCPk.exe
  2⤵
  PID:6704
- C:\Windows\System\QrjhnQL.exe
  C:\Windows\System\QrjhnQL.exe
  2⤵
  PID:7504
- C:\Windows\System\KQAtwZF.exe
  C:\Windows\System\KQAtwZF.exe
  2⤵
  PID:7456
- C:\Windows\System\WypAORG.exe
  C:\Windows\System\WypAORG.exe
  2⤵
  PID:7728
- C:\Windows\System\xxcgDzf.exe
  C:\Windows\System\xxcgDzf.exe
  2⤵
  PID:7820
- C:\Windows\System\QskEZvt.exe
  C:\Windows\System\QskEZvt.exe
  2⤵
  PID:7940
- C:\Windows\System\CCzIaFm.exe
  C:\Windows\System\CCzIaFm.exe
  2⤵
  PID:7980
- C:\Windows\System\tqPRRak.exe
  C:\Windows\System\tqPRRak.exe
  2⤵
  PID:8092
- C:\Windows\System\midElRr.exe
  C:\Windows\System\midElRr.exe
  2⤵
  PID:8200
- C:\Windows\System\wkBcBjo.exe
  C:\Windows\System\wkBcBjo.exe
  2⤵
  PID:8224
- C:\Windows\System\yoCtVfW.exe
  C:\Windows\System\yoCtVfW.exe
  2⤵
  PID:8252
- C:\Windows\System\YygvlEi.exe
  C:\Windows\System\YygvlEi.exe
  2⤵
  PID:8280
- C:\Windows\System\VClhrLq.exe
  C:\Windows\System\VClhrLq.exe
  2⤵
  PID:8304
- C:\Windows\System\dWBsAOo.exe
  C:\Windows\System\dWBsAOo.exe
  2⤵
  PID:8328
- C:\Windows\System\VpaQLOa.exe
  C:\Windows\System\VpaQLOa.exe
  2⤵
  PID:8360
- C:\Windows\System\HJbciqW.exe
  C:\Windows\System\HJbciqW.exe
  2⤵
  PID:8384
- C:\Windows\System\iAwNnZk.exe
  C:\Windows\System\iAwNnZk.exe
  2⤵
  PID:8420
- C:\Windows\System\nPMdIxi.exe
  C:\Windows\System\nPMdIxi.exe
  2⤵
  PID:8444
- C:\Windows\System\ZdYBGKp.exe
  C:\Windows\System\ZdYBGKp.exe
  2⤵
  PID:8468
- C:\Windows\System\lpHVIiG.exe
  C:\Windows\System\lpHVIiG.exe
  2⤵
  PID:8496
- C:\Windows\System\oWhijxx.exe
  C:\Windows\System\oWhijxx.exe
  2⤵
  PID:8528
- C:\Windows\System\mFLzCdp.exe
  C:\Windows\System\mFLzCdp.exe
  2⤵
  PID:8660
- C:\Windows\System\fcdJhvd.exe
  C:\Windows\System\fcdJhvd.exe
  2⤵
  PID:8688
- C:\Windows\System\RsZsTWR.exe
  C:\Windows\System\RsZsTWR.exe
  2⤵
  PID:8712
- C:\Windows\System\clrMnJB.exe
  C:\Windows\System\clrMnJB.exe
  2⤵
  PID:8732
- C:\Windows\System\bamObNC.exe
  C:\Windows\System\bamObNC.exe
  2⤵
  PID:8748
- C:\Windows\System\IVtdWsP.exe
  C:\Windows\System\IVtdWsP.exe
  2⤵
  PID:8768
- C:\Windows\System\wrphFyh.exe
  C:\Windows\System\wrphFyh.exe
  2⤵
  PID:8800
- C:\Windows\System\yNNDnoo.exe
  C:\Windows\System\yNNDnoo.exe
  2⤵
  PID:8824
- C:\Windows\System\myqnTLT.exe
  C:\Windows\System\myqnTLT.exe
  2⤵
  PID:8840
- C:\Windows\System\LtJsYCw.exe
  C:\Windows\System\LtJsYCw.exe
  2⤵
  PID:8868
- C:\Windows\System\rKLajct.exe
  C:\Windows\System\rKLajct.exe
  2⤵
  PID:8892
- C:\Windows\System\RdhMOia.exe
  C:\Windows\System\RdhMOia.exe
  2⤵
  PID:8912
- C:\Windows\System\jjzQUlD.exe
  C:\Windows\System\jjzQUlD.exe
  2⤵
  PID:8932
- C:\Windows\System\hXpZcrP.exe
  C:\Windows\System\hXpZcrP.exe
  2⤵
  PID:8952
- C:\Windows\System\kdErVXP.exe
  C:\Windows\System\kdErVXP.exe
  2⤵
  PID:9004
- C:\Windows\System\VzDITSd.exe
  C:\Windows\System\VzDITSd.exe
  2⤵
  PID:9036
- C:\Windows\System\JKiqYUX.exe
  C:\Windows\System\JKiqYUX.exe
  2⤵
  PID:9064
- C:\Windows\System\jRhHgAp.exe
  C:\Windows\System\jRhHgAp.exe
  2⤵
  PID:9096
- C:\Windows\System\QznzMrH.exe
  C:\Windows\System\QznzMrH.exe
  2⤵
  PID:9116
- C:\Windows\System\MGEwwca.exe
  C:\Windows\System\MGEwwca.exe
  2⤵
  PID:9144
- C:\Windows\System\BlDmzki.exe
  C:\Windows\System\BlDmzki.exe
  2⤵
  PID:9176
- C:\Windows\System\hmiBfBn.exe
  C:\Windows\System\hmiBfBn.exe
  2⤵
  PID:9212
- C:\Windows\System\sCofvip.exe
  C:\Windows\System\sCofvip.exe
  2⤵
  PID:7580
- C:\Windows\System\cxevnVJ.exe
  C:\Windows\System\cxevnVJ.exe
  2⤵
  PID:8088
- C:\Windows\System\IPWkfcJ.exe
  C:\Windows\System\IPWkfcJ.exe
  2⤵
  PID:8300
- C:\Windows\System\IweoCwo.exe
  C:\Windows\System\IweoCwo.exe
  2⤵
  PID:7368
- C:\Windows\System\xrsKPSm.exe
  C:\Windows\System\xrsKPSm.exe
  2⤵
  PID:8288
- C:\Windows\System\FqazzYo.exe
  C:\Windows\System\FqazzYo.exe
  2⤵
  PID:8412
- C:\Windows\System\IZmcijd.exe
  C:\Windows\System\IZmcijd.exe
  2⤵
  PID:8456
- C:\Windows\System\MdqUhkC.exe
  C:\Windows\System\MdqUhkC.exe
  2⤵
  PID:8488
- C:\Windows\System\PQNaPPR.exe
  C:\Windows\System\PQNaPPR.exe
  2⤵
  PID:8696
- C:\Windows\System\zxtRzHv.exe
  C:\Windows\System\zxtRzHv.exe
  2⤵
  PID:8680
- C:\Windows\System\szftuNL.exe
  C:\Windows\System\szftuNL.exe
  2⤵
  PID:8708
- C:\Windows\System\koDCGhK.exe
  C:\Windows\System\koDCGhK.exe
  2⤵
  PID:8836
- C:\Windows\System\TyjSKQb.exe
  C:\Windows\System\TyjSKQb.exe
  2⤵
  PID:8968
- C:\Windows\System\AkzsYFY.exe
  C:\Windows\System\AkzsYFY.exe
  2⤵
  PID:8888
- C:\Windows\System\WZHfYLp.exe
  C:\Windows\System\WZHfYLp.exe
  2⤵
  PID:9052
- C:\Windows\System\cJgpuTV.exe
  C:\Windows\System\cJgpuTV.exe
  2⤵
  PID:9048
- C:\Windows\System\VxYlofi.exe
  C:\Windows\System\VxYlofi.exe
  2⤵
  PID:9124
- C:\Windows\System\VmIiEiM.exe
  C:\Windows\System\VmIiEiM.exe
  2⤵
  PID:9196
- C:\Windows\System\xAZDCVQ.exe
  C:\Windows\System\xAZDCVQ.exe
  2⤵
  PID:7988
- C:\Windows\System\ZGsbbBw.exe
  C:\Windows\System\ZGsbbBw.exe
  2⤵
  PID:8212
- C:\Windows\System\XicfHlC.exe
  C:\Windows\System\XicfHlC.exe
  2⤵
  PID:8672
- C:\Windows\System\lJLNWHk.exe
  C:\Windows\System\lJLNWHk.exe
  2⤵
  PID:8432
- C:\Windows\System\BzihMjN.exe
  C:\Windows\System\BzihMjN.exe
  2⤵
  PID:9108
- C:\Windows\System\mSncOPv.exe
  C:\Windows\System\mSncOPv.exe
  2⤵
  PID:8780
- C:\Windows\System\PJamiMJ.exe
  C:\Windows\System\PJamiMJ.exe
  2⤵
  PID:8856
- C:\Windows\System\GSyzwkY.exe
  C:\Windows\System\GSyzwkY.exe
  2⤵
  PID:7836
- C:\Windows\System\GKvRHFI.exe
  C:\Windows\System\GKvRHFI.exe
  2⤵
  PID:8404
- C:\Windows\System\LkhYZpv.exe
  C:\Windows\System\LkhYZpv.exe
  2⤵
  PID:7172
- C:\Windows\System\WfTutSy.exe
  C:\Windows\System\WfTutSy.exe
  2⤵
  PID:9232
- C:\Windows\System\vsiRIid.exe
  C:\Windows\System\vsiRIid.exe
  2⤵
  PID:9256
- C:\Windows\System\XECkHSa.exe
  C:\Windows\System\XECkHSa.exe
  2⤵
  PID:9284
- C:\Windows\System\qNDzqOx.exe
  C:\Windows\System\qNDzqOx.exe
  2⤵
  PID:9312
- C:\Windows\System\ixknfOK.exe
  C:\Windows\System\ixknfOK.exe
  2⤵
  PID:9340
- C:\Windows\System\AZoLvJT.exe
  C:\Windows\System\AZoLvJT.exe
  2⤵
  PID:9368
- C:\Windows\System\xtZTVpc.exe
  C:\Windows\System\xtZTVpc.exe
  2⤵
  PID:9400
- C:\Windows\System\tBQcrSl.exe
  C:\Windows\System\tBQcrSl.exe
  2⤵
  PID:9424
- C:\Windows\System\htXxGEz.exe
  C:\Windows\System\htXxGEz.exe
  2⤵
  PID:9448
- C:\Windows\System\BilphpR.exe
  C:\Windows\System\BilphpR.exe
  2⤵
  PID:9476
- C:\Windows\System\StMunlp.exe
  C:\Windows\System\StMunlp.exe
  2⤵
  PID:9508
- C:\Windows\System\XbDJyWc.exe
  C:\Windows\System\XbDJyWc.exe
  2⤵
  PID:9532
- C:\Windows\System\rWJgqzC.exe
  C:\Windows\System\rWJgqzC.exe
  2⤵
  PID:9560
- C:\Windows\System\vAoQTRA.exe
  C:\Windows\System\vAoQTRA.exe
  2⤵
  PID:9592
- C:\Windows\System\icjgvjm.exe
  C:\Windows\System\icjgvjm.exe
  2⤵
  PID:9616
- C:\Windows\System\ShtGtYM.exe
  C:\Windows\System\ShtGtYM.exe
  2⤵
  PID:9648
- C:\Windows\System\jdCXhNk.exe
  C:\Windows\System\jdCXhNk.exe
  2⤵
  PID:9672
- C:\Windows\System\DtJqonl.exe
  C:\Windows\System\DtJqonl.exe
  2⤵
  PID:9704
- C:\Windows\System\aUQOGPl.exe
  C:\Windows\System\aUQOGPl.exe
  2⤵
  PID:9732
- C:\Windows\System\QJOVJZC.exe
  C:\Windows\System\QJOVJZC.exe
  2⤵
  PID:9760
- C:\Windows\System\JQLfniA.exe
  C:\Windows\System\JQLfniA.exe
  2⤵
  PID:9788
- C:\Windows\System\ACnVSmI.exe
  C:\Windows\System\ACnVSmI.exe
  2⤵
  PID:9816
- C:\Windows\System\olPIugA.exe
  C:\Windows\System\olPIugA.exe
  2⤵
  PID:9848
- C:\Windows\System\EGTEiXE.exe
  C:\Windows\System\EGTEiXE.exe
  2⤵
  PID:9864
- C:\Windows\System\vvEZrpz.exe
  C:\Windows\System\vvEZrpz.exe
  2⤵
  PID:9892
- C:\Windows\System\YSJlbgS.exe
  C:\Windows\System\YSJlbgS.exe
  2⤵
  PID:9920
- C:\Windows\System\ChmsnrN.exe
  C:\Windows\System\ChmsnrN.exe
  2⤵
  PID:9944
- C:\Windows\System\GOPKgqZ.exe
  C:\Windows\System\GOPKgqZ.exe
  2⤵
  PID:9972
- C:\Windows\System\aPtosqj.exe
  C:\Windows\System\aPtosqj.exe
  2⤵
  PID:10004
- C:\Windows\System\cUKPojF.exe
  C:\Windows\System\cUKPojF.exe
  2⤵
  PID:10036
- C:\Windows\System\ucOAGDk.exe
  C:\Windows\System\ucOAGDk.exe
  2⤵
  PID:10060
- C:\Windows\System\HCoyBET.exe
  C:\Windows\System\HCoyBET.exe
  2⤵
  PID:10088
- C:\Windows\System\yWreOuC.exe
  C:\Windows\System\yWreOuC.exe
  2⤵
  PID:10116
- C:\Windows\System\KiNFJAh.exe
  C:\Windows\System\KiNFJAh.exe
  2⤵
  PID:10140
- C:\Windows\System\fmLjJVU.exe
  C:\Windows\System\fmLjJVU.exe
  2⤵
  PID:10168
- C:\Windows\System\rTtIomH.exe
  C:\Windows\System\rTtIomH.exe
  2⤵
  PID:10192
- C:\Windows\System\ShGYOGh.exe
  C:\Windows\System\ShGYOGh.exe
  2⤵
  PID:10224
- C:\Windows\System\HmxLppe.exe
  C:\Windows\System\HmxLppe.exe
  2⤵
  PID:8900
- C:\Windows\System\touiiJx.exe
  C:\Windows\System\touiiJx.exe
  2⤵
  PID:9228
- C:\Windows\System\kczlsav.exe
  C:\Windows\System\kczlsav.exe
  2⤵
  PID:9224
- C:\Windows\System\GeOCckt.exe
  C:\Windows\System\GeOCckt.exe
  2⤵
  PID:9332
- C:\Windows\System\wIyIZaM.exe
  C:\Windows\System\wIyIZaM.exe
  2⤵
  PID:9304
- C:\Windows\System\FuiIQzB.exe
  C:\Windows\System\FuiIQzB.exe
  2⤵
  PID:9492
- C:\Windows\System\LohHXiV.exe
  C:\Windows\System\LohHXiV.exe
  2⤵
  PID:9436
- C:\Windows\System\nADTlcb.exe
  C:\Windows\System\nADTlcb.exe
  2⤵
  PID:9588
- C:\Windows\System\FClTfPw.exe
  C:\Windows\System\FClTfPw.exe
  2⤵
  PID:9664
- C:\Windows\System\PeElenf.exe
  C:\Windows\System\PeElenf.exe
  2⤵
  PID:9724
- C:\Windows\System\xTrhGWG.exe
  C:\Windows\System\xTrhGWG.exe
  2⤵
  PID:9776
- C:\Windows\System\CwCLWJb.exe
  C:\Windows\System\CwCLWJb.exe
  2⤵
  PID:9804
- C:\Windows\System\hKtdfGC.exe
  C:\Windows\System\hKtdfGC.exe
  2⤵
  PID:9900
- C:\Windows\System\OvTkoDo.exe
  C:\Windows\System\OvTkoDo.exe
  2⤵
  PID:10048
- C:\Windows\System\TAPVcwd.exe
  C:\Windows\System\TAPVcwd.exe
  2⤵
  PID:10100
- C:\Windows\System\ijREKkt.exe
  C:\Windows\System\ijREKkt.exe
  2⤵
  PID:10052
- C:\Windows\System\QVFiZew.exe
  C:\Windows\System\QVFiZew.exe
  2⤵
  PID:10208
- C:\Windows\System\vxBfTwh.exe
  C:\Windows\System\vxBfTwh.exe
  2⤵
  PID:8516
- C:\Windows\System\ObdYeHT.exe
  C:\Windows\System\ObdYeHT.exe
  2⤵
  PID:9388
- C:\Windows\System\quDTqLz.exe
  C:\Windows\System\quDTqLz.exe
  2⤵
  PID:9496
- C:\Windows\System\PuJAzLn.exe
  C:\Windows\System\PuJAzLn.exe
  2⤵
  PID:9504
- C:\Windows\System\qwJkGhN.exe
  C:\Windows\System\qwJkGhN.exe
  2⤵
  PID:9544
- C:\Windows\System\QHAnspt.exe
  C:\Windows\System\QHAnspt.exe
  2⤵
  PID:9660
- C:\Windows\System\jqfGQve.exe
  C:\Windows\System\jqfGQve.exe
  2⤵
  PID:10184
- C:\Windows\System\cmCJFFi.exe
  C:\Windows\System\cmCJFFi.exe
  2⤵
  PID:10020
- C:\Windows\System\qYQDRNs.exe
  C:\Windows\System\qYQDRNs.exe
  2⤵
  PID:9936
- C:\Windows\System\FPkChZL.exe
  C:\Windows\System\FPkChZL.exe
  2⤵
  PID:9252
- C:\Windows\System\dvevZXB.exe
  C:\Windows\System\dvevZXB.exe
  2⤵
  PID:10264
- C:\Windows\System\XeMcHKm.exe
  C:\Windows\System\XeMcHKm.exe
  2⤵
  PID:10284
- C:\Windows\System\dOICOMT.exe
  C:\Windows\System\dOICOMT.exe
  2⤵
  PID:10312
- C:\Windows\System\LBvGTnD.exe
  C:\Windows\System\LBvGTnD.exe
  2⤵
  PID:10332
- C:\Windows\System\bAlmXXe.exe
  C:\Windows\System\bAlmXXe.exe
  2⤵
  PID:10368
- C:\Windows\System\gcmKFcs.exe
  C:\Windows\System\gcmKFcs.exe
  2⤵
  PID:10396
- C:\Windows\System\jMgfiEA.exe
  C:\Windows\System\jMgfiEA.exe
  2⤵
  PID:10424
- C:\Windows\System\tinzOia.exe
  C:\Windows\System\tinzOia.exe
  2⤵
  PID:10452
- C:\Windows\System\UrdeXrU.exe
  C:\Windows\System\UrdeXrU.exe
  2⤵
  PID:10484
- C:\Windows\System\gQrXfsV.exe
  C:\Windows\System\gQrXfsV.exe
  2⤵
  PID:10524
- C:\Windows\System\pogZrAb.exe
  C:\Windows\System\pogZrAb.exe
  2⤵
  PID:10548
- C:\Windows\System\LACKxfL.exe
  C:\Windows\System\LACKxfL.exe
  2⤵
  PID:10572
- C:\Windows\System\xRgdnyp.exe
  C:\Windows\System\xRgdnyp.exe
  2⤵
  PID:10596
- C:\Windows\System\YyimHpg.exe
  C:\Windows\System\YyimHpg.exe
  2⤵
  PID:10620
- C:\Windows\System\IHOEfGw.exe
  C:\Windows\System\IHOEfGw.exe
  2⤵
  PID:10648
- C:\Windows\System\qfdoEEt.exe
  C:\Windows\System\qfdoEEt.exe
  2⤵
  PID:10676
- C:\Windows\System\gIpiyoY.exe
  C:\Windows\System\gIpiyoY.exe
  2⤵
  PID:10700
- C:\Windows\System\haIJGEI.exe
  C:\Windows\System\haIJGEI.exe
  2⤵
  PID:10724
- C:\Windows\System\xjWUzlj.exe
  C:\Windows\System\xjWUzlj.exe
  2⤵
  PID:10752
- C:\Windows\System\FpSpyYM.exe
  C:\Windows\System\FpSpyYM.exe
  2⤵
  PID:10776
- C:\Windows\System\KTGPmVa.exe
  C:\Windows\System\KTGPmVa.exe
  2⤵
  PID:10804
- C:\Windows\System\IeHLRtJ.exe
  C:\Windows\System\IeHLRtJ.exe
  2⤵
  PID:10832
- C:\Windows\System\njHGMdx.exe
  C:\Windows\System\njHGMdx.exe
  2⤵
  PID:10864
- C:\Windows\System\cAGyKfq.exe
  C:\Windows\System\cAGyKfq.exe
  2⤵
  PID:10892
- C:\Windows\System\tWoNeEj.exe
  C:\Windows\System\tWoNeEj.exe
  2⤵
  PID:10920
- C:\Windows\System\qsgRphw.exe
  C:\Windows\System\qsgRphw.exe
  2⤵
  PID:10936
- C:\Windows\System\xdGesdL.exe
  C:\Windows\System\xdGesdL.exe
  2⤵
  PID:10972
- C:\Windows\System\phQCrUn.exe
  C:\Windows\System\phQCrUn.exe
  2⤵
  PID:11000
- C:\Windows\System\gueTZFW.exe
  C:\Windows\System\gueTZFW.exe
  2⤵
  PID:11024
- C:\Windows\System\CgTiUJZ.exe
  C:\Windows\System\CgTiUJZ.exe
  2⤵
  PID:11044
- C:\Windows\System\MOwugbO.exe
  C:\Windows\System\MOwugbO.exe
  2⤵
  PID:11064
- C:\Windows\System\iwTfAnI.exe
  C:\Windows\System\iwTfAnI.exe
  2⤵
  PID:11084
- C:\Windows\System\Vnodsud.exe
  C:\Windows\System\Vnodsud.exe
  2⤵
  PID:11112
- C:\Windows\System\EkqbvYU.exe
  C:\Windows\System\EkqbvYU.exe
  2⤵
  PID:11136
- C:\Windows\System\BMfWiYw.exe
  C:\Windows\System\BMfWiYw.exe
  2⤵
  PID:11164
- C:\Windows\System\rHyLITk.exe
  C:\Windows\System\rHyLITk.exe
  2⤵
  PID:11196
- C:\Windows\System\LhZEqIw.exe
  C:\Windows\System\LhZEqIw.exe
  2⤵
  PID:11216
- C:\Windows\System\MSufZOM.exe
  C:\Windows\System\MSufZOM.exe
  2⤵
  PID:11244
- C:\Windows\System\YYgrsPO.exe
  C:\Windows\System\YYgrsPO.exe
  2⤵
  PID:9952
- C:\Windows\System\XGklPsg.exe
  C:\Windows\System\XGklPsg.exe
  2⤵
  PID:9280
- C:\Windows\System\kYZjMMU.exe
  C:\Windows\System\kYZjMMU.exe
  2⤵
  PID:10304
- C:\Windows\System\DLKvsvn.exe
  C:\Windows\System\DLKvsvn.exe
  2⤵
  PID:10384
- C:\Windows\System\qMSGzpM.exe
  C:\Windows\System\qMSGzpM.exe
  2⤵
  PID:10472
- C:\Windows\System\rPWOIJc.exe
  C:\Windows\System\rPWOIJc.exe
  2⤵
  PID:10496
- C:\Windows\System\CBWPUHz.exe
  C:\Windows\System\CBWPUHz.exe
  2⤵
  PID:10408
- C:\Windows\System\BfZBHgD.exe
  C:\Windows\System\BfZBHgD.exe
  2⤵
  PID:10612
- C:\Windows\System\bkoGTTz.exe
  C:\Windows\System\bkoGTTz.exe
  2⤵
  PID:10536
- C:\Windows\System\bTUODyd.exe
  C:\Windows\System\bTUODyd.exe
  2⤵
  PID:10712
- C:\Windows\System\jKBMeLn.exe
  C:\Windows\System\jKBMeLn.exe
  2⤵
  PID:10688
- C:\Windows\System\ROgHoHe.exe
  C:\Windows\System\ROgHoHe.exe
  2⤵
  PID:10824
- C:\Windows\System\FjQLyaZ.exe
  C:\Windows\System\FjQLyaZ.exe
  2⤵
  PID:8756
- C:\Windows\System\DDARRzD.exe
  C:\Windows\System\DDARRzD.exe
  2⤵
  PID:10932
- C:\Windows\System\GrKBGhy.exe
  C:\Windows\System\GrKBGhy.exe
  2⤵
  PID:10964
- C:\Windows\System\sDRSiEl.exe
  C:\Windows\System\sDRSiEl.exe
  2⤵
  PID:11100
- C:\Windows\System\jFIOfwi.exe
  C:\Windows\System\jFIOfwi.exe
  2⤵
  PID:11184
- C:\Windows\System\myHPKJJ.exe
  C:\Windows\System\myHPKJJ.exe
  2⤵
  PID:11236
- C:\Windows\System\LlJzNiB.exe
  C:\Windows\System\LlJzNiB.exe
  2⤵
  PID:10256
- C:\Windows\System\odzhChl.exe
  C:\Windows\System\odzhChl.exe
  2⤵
  PID:11260
- C:\Windows\System\vWlZtjn.exe
  C:\Windows\System\vWlZtjn.exe
  2⤵
  PID:11144
- C:\Windows\System\ccRlhdD.exe
  C:\Windows\System\ccRlhdD.exe
  2⤵
  PID:9928
- C:\Windows\System\yLyQHqj.exe
  C:\Windows\System\yLyQHqj.exe
  2⤵
  PID:10632
- C:\Windows\System\oWRElHU.exe
  C:\Windows\System\oWRElHU.exe
  2⤵
  PID:10860
- C:\Windows\System\LFPRCFI.exe
  C:\Windows\System\LFPRCFI.exe
  2⤵
  PID:10960
- C:\Windows\System\KAsaDfl.exe
  C:\Windows\System\KAsaDfl.exe
  2⤵
  PID:11192
- C:\Windows\System\OmnQQGc.exe
  C:\Windows\System\OmnQQGc.exe
  2⤵
  PID:11284
- C:\Windows\System\bGaZRmO.exe
  C:\Windows\System\bGaZRmO.exe
  2⤵
  PID:11308
- C:\Windows\System\XgbfwZH.exe
  C:\Windows\System\XgbfwZH.exe
  2⤵
  PID:11340
- C:\Windows\System\FtGdcpX.exe
  C:\Windows\System\FtGdcpX.exe
  2⤵
  PID:11364
- C:\Windows\System\lwPewbr.exe
  C:\Windows\System\lwPewbr.exe
  2⤵
  PID:11384
- C:\Windows\System\SdTQwrr.exe
  C:\Windows\System\SdTQwrr.exe
  2⤵
  PID:11412
- C:\Windows\System\jluymtN.exe
  C:\Windows\System\jluymtN.exe
  2⤵
  PID:11436
- C:\Windows\System\AwjrGpD.exe
  C:\Windows\System\AwjrGpD.exe
  2⤵
  PID:11456
- C:\Windows\System\NtiyPLy.exe
  C:\Windows\System\NtiyPLy.exe
  2⤵
  PID:11472
- C:\Windows\System\fMdMYnL.exe
  C:\Windows\System\fMdMYnL.exe
  2⤵
  PID:11488
- C:\Windows\System\gpdjdKf.exe
  C:\Windows\System\gpdjdKf.exe
  2⤵
  PID:11504
- C:\Windows\System\IhvDIVu.exe
  C:\Windows\System\IhvDIVu.exe
  2⤵
  PID:11520
- C:\Windows\System\ztXLpxL.exe
  C:\Windows\System\ztXLpxL.exe
  2⤵
  PID:11536
- C:\Windows\System\KimYSfF.exe
  C:\Windows\System\KimYSfF.exe
  2⤵
  PID:11552
- C:\Windows\System\wxDBcWj.exe
  C:\Windows\System\wxDBcWj.exe
  2⤵
  PID:11576
- C:\Windows\System\cVKowPN.exe
  C:\Windows\System\cVKowPN.exe
  2⤵
  PID:11600
- C:\Windows\System\RfndcRF.exe
  C:\Windows\System\RfndcRF.exe
  2⤵
  PID:11624
- C:\Windows\System\XULfaoa.exe
  C:\Windows\System\XULfaoa.exe
  2⤵
  PID:11640
- C:\Windows\System\cXRwqmX.exe
  C:\Windows\System\cXRwqmX.exe
  2⤵
  PID:11660
- C:\Windows\System\JLxRkXU.exe
  C:\Windows\System\JLxRkXU.exe
  2⤵
  PID:11680
- C:\Windows\System\SXxBTvO.exe
  C:\Windows\System\SXxBTvO.exe
  2⤵
  PID:11696
- C:\Windows\System\pCSmfJu.exe
  C:\Windows\System\pCSmfJu.exe
  2⤵
  PID:11720
- C:\Windows\System\AVVnCgX.exe
  C:\Windows\System\AVVnCgX.exe
  2⤵
  PID:11736
- C:\Windows\System\EMemTxf.exe
  C:\Windows\System\EMemTxf.exe
  2⤵
  PID:11752
- C:\Windows\System\AtXhZfG.exe
  C:\Windows\System\AtXhZfG.exe
  2⤵
  PID:11768
- C:\Windows\System\zDJnJxd.exe
  C:\Windows\System\zDJnJxd.exe
  2⤵
  PID:11784
- C:\Windows\System\MGeGGSP.exe
  C:\Windows\System\MGeGGSP.exe
  2⤵
  PID:11800
- C:\Windows\System\JPPHamK.exe
  C:\Windows\System\JPPHamK.exe
  2⤵
  PID:11816
- C:\Windows\System\GqRNzCI.exe
  C:\Windows\System\GqRNzCI.exe
  2⤵
  PID:11844
- C:\Windows\System\kfrVwgd.exe
  C:\Windows\System\kfrVwgd.exe
  2⤵
  PID:11868
- C:\Windows\System\sOBzRcR.exe
  C:\Windows\System\sOBzRcR.exe
  2⤵
  PID:11896
- C:\Windows\System\BLLmVZE.exe
  C:\Windows\System\BLLmVZE.exe
  2⤵
  PID:11928
- C:\Windows\System\noNkFbE.exe
  C:\Windows\System\noNkFbE.exe
  2⤵
  PID:11952
- C:\Windows\System\qSZPIPB.exe
  C:\Windows\System\qSZPIPB.exe
  2⤵
  PID:11968
- C:\Windows\System\PfgMEuU.exe
  C:\Windows\System\PfgMEuU.exe
  2⤵
  PID:12000
- C:\Windows\System\dinyJiO.exe
  C:\Windows\System\dinyJiO.exe
  2⤵
  PID:12020
- C:\Windows\System\UyddNiF.exe
  C:\Windows\System\UyddNiF.exe
  2⤵
  PID:12132
- C:\Windows\System\fdVEOsr.exe
  C:\Windows\System\fdVEOsr.exe
  2⤵
  PID:12152
- C:\Windows\System\UHtxqSL.exe
  C:\Windows\System\UHtxqSL.exe
  2⤵
  PID:12184
- C:\Windows\System\qIuScgv.exe
  C:\Windows\System\qIuScgv.exe
  2⤵
  PID:12212
- C:\Windows\System\sWscklM.exe
  C:\Windows\System\sWscklM.exe
  2⤵
  PID:12236
- C:\Windows\System\hTGVpPp.exe
  C:\Windows\System\hTGVpPp.exe
  2⤵
  PID:12264
- C:\Windows\System\ebIbAHi.exe
  C:\Windows\System\ebIbAHi.exe
  2⤵
  PID:10432
- C:\Windows\System\BZTZBKY.exe
  C:\Windows\System\BZTZBKY.exe
  2⤵
  PID:10608
- C:\Windows\System\ycmlhFm.exe
  C:\Windows\System\ycmlhFm.exe
  2⤵
  PID:10420
- C:\Windows\System\yPCjaSC.exe
  C:\Windows\System\yPCjaSC.exe
  2⤵
  PID:11156
- C:\Windows\System\mtfHHHg.exe
  C:\Windows\System\mtfHHHg.exe
  2⤵
  PID:9808
- C:\Windows\System\LJxuuwy.exe
  C:\Windows\System\LJxuuwy.exe
  2⤵
  PID:11496
- C:\Windows\System\eyuhdyk.exe
  C:\Windows\System\eyuhdyk.exe
  2⤵
  PID:11636
- C:\Windows\System\IuYYzKo.exe
  C:\Windows\System\IuYYzKo.exe
  2⤵
  PID:11712
- C:\Windows\System\QzBAZYx.exe
  C:\Windows\System\QzBAZYx.exe
  2⤵
  PID:11748
- C:\Windows\System\VVYxujc.exe
  C:\Windows\System\VVYxujc.exe
  2⤵
  PID:11776
- C:\Windows\System\ijAvcAS.exe
  C:\Windows\System\ijAvcAS.exe
  2⤵
  PID:11856
- C:\Windows\System\akjKaDr.exe
  C:\Windows\System\akjKaDr.exe
  2⤵
  PID:11912
- C:\Windows\System\pUSSGuF.exe
  C:\Windows\System\pUSSGuF.exe
  2⤵
  PID:11652
- C:\Windows\System\OOJwpRZ.exe
  C:\Windows\System\OOJwpRZ.exe
  2⤵
  PID:12040
- C:\Windows\System\FflDESj.exe
  C:\Windows\System\FflDESj.exe
  2⤵
  PID:12144
- C:\Windows\System\ygmkHvt.exe
  C:\Windows\System\ygmkHvt.exe
  2⤵
  PID:11692
- C:\Windows\System\LVlUznl.exe
  C:\Windows\System\LVlUznl.exe
  2⤵
  PID:11796
- C:\Windows\System\ZvYkOCO.exe
  C:\Windows\System\ZvYkOCO.exe
  2⤵
  PID:11428
- C:\Windows\System\GqslgjB.exe
  C:\Windows\System\GqslgjB.exe
  2⤵
  PID:12140
- C:\Windows\System\ipuIRHo.exe
  C:\Windows\System\ipuIRHo.exe
  2⤵
  PID:12224
- C:\Windows\System\WRWirzJ.exe
  C:\Windows\System\WRWirzJ.exe
  2⤵
  PID:11764
- C:\Windows\System\qqxsiJi.exe
  C:\Windows\System\qqxsiJi.exe
  2⤵
  PID:12032
- C:\Windows\System\AQHdTFY.exe
  C:\Windows\System\AQHdTFY.exe
  2⤵
  PID:11612
- C:\Windows\System\ejYBcoA.exe
  C:\Windows\System\ejYBcoA.exe
  2⤵
  PID:11940
- C:\Windows\System\NkmVSBK.exe
  C:\Windows\System\NkmVSBK.exe
  2⤵
  PID:12300
- C:\Windows\System\SYQkEcT.exe
  C:\Windows\System\SYQkEcT.exe
  2⤵
  PID:12332
- C:\Windows\System\uiNRPOU.exe
  C:\Windows\System\uiNRPOU.exe
  2⤵
  PID:12356
- C:\Windows\System\mmuGSsx.exe
  C:\Windows\System\mmuGSsx.exe
  2⤵
  PID:12380
- C:\Windows\System\gqmelSu.exe
  C:\Windows\System\gqmelSu.exe
  2⤵
  PID:12404
- C:\Windows\System\fTnOEMW.exe
  C:\Windows\System\fTnOEMW.exe
  2⤵
  PID:12424
- C:\Windows\System\wyKjDlU.exe
  C:\Windows\System\wyKjDlU.exe
  2⤵
  PID:12464
- C:\Windows\System\xVMyOAs.exe
  C:\Windows\System\xVMyOAs.exe
  2⤵
  PID:12480
- C:\Windows\System\eGLmFXK.exe
  C:\Windows\System\eGLmFXK.exe
  2⤵
  PID:12500
- C:\Windows\System\eceITYP.exe
  C:\Windows\System\eceITYP.exe
  2⤵
  PID:12516
- C:\Windows\System\EGPcgfY.exe
  C:\Windows\System\EGPcgfY.exe
  2⤵
  PID:12548
- C:\Windows\System\ONFShaO.exe
  C:\Windows\System\ONFShaO.exe
  2⤵
  PID:12568
- C:\Windows\System\lGziHvq.exe
  C:\Windows\System\lGziHvq.exe
  2⤵
  PID:12584
- C:\Windows\System\fFMjGpI.exe
  C:\Windows\System\fFMjGpI.exe
  2⤵
  PID:12600
- C:\Windows\System\FVbNVPC.exe
  C:\Windows\System\FVbNVPC.exe
  2⤵
  PID:12616
- C:\Windows\System\owbznvi.exe
  C:\Windows\System\owbznvi.exe
  2⤵
  PID:12644
- C:\Windows\System\zoIeqau.exe
  C:\Windows\System\zoIeqau.exe
  2⤵
  PID:12668
- C:\Windows\System\dcGplDg.exe
  C:\Windows\System\dcGplDg.exe
  2⤵
  PID:12688
- C:\Windows\System\yjxVtAx.exe
  C:\Windows\System\yjxVtAx.exe
  2⤵
  PID:12724
- C:\Windows\System\ENQQViM.exe
  C:\Windows\System\ENQQViM.exe
  2⤵
  PID:12744
- C:\Windows\System\XpipIcm.exe
  C:\Windows\System\XpipIcm.exe
  2⤵
  PID:12760
- C:\Windows\System\soLkzzb.exe
  C:\Windows\System\soLkzzb.exe
  2⤵
  PID:12784
- C:\Windows\System\FapdcIj.exe
  C:\Windows\System\FapdcIj.exe
  2⤵
  PID:12812
- C:\Windows\System\YPmvOMB.exe
  C:\Windows\System\YPmvOMB.exe
  2⤵
  PID:12840
- C:\Windows\System\CgbQDqh.exe
  C:\Windows\System\CgbQDqh.exe
  2⤵
  PID:12868
- C:\Windows\System\oYikddV.exe
  C:\Windows\System\oYikddV.exe
  2⤵
  PID:12888
- C:\Windows\System\nDoMXzg.exe
  C:\Windows\System\nDoMXzg.exe
  2⤵
  PID:12916
- C:\Windows\System\BqiAsAb.exe
  C:\Windows\System\BqiAsAb.exe
  2⤵
  PID:12944
- C:\Windows\System\impRRGt.exe
  C:\Windows\System\impRRGt.exe
  2⤵
  PID:12964
- C:\Windows\System\rjkLnWS.exe
  C:\Windows\System\rjkLnWS.exe
  2⤵
  PID:13004
- C:\Windows\System\icwXaVx.exe
  C:\Windows\System\icwXaVx.exe
  2⤵
  PID:13020
- C:\Windows\System\vykKJth.exe
  C:\Windows\System\vykKJth.exe
  2⤵
  PID:13060
- C:\Windows\System\NjuXrUt.exe
  C:\Windows\System\NjuXrUt.exe
  2⤵
  PID:13096
- C:\Windows\System\sBpJptQ.exe
  C:\Windows\System\sBpJptQ.exe
  2⤵
  PID:13116
- C:\Windows\System\RUdJQXo.exe
  C:\Windows\System\RUdJQXo.exe
  2⤵
  PID:13144
- C:\Windows\System\HcMcGEW.exe
  C:\Windows\System\HcMcGEW.exe
  2⤵
  PID:13164
- C:\Windows\System\CpBODCU.exe
  C:\Windows\System\CpBODCU.exe
  2⤵
  PID:13192
- C:\Windows\System\twVCOEq.exe
  C:\Windows\System\twVCOEq.exe
  2⤵
  PID:13216
- C:\Windows\System\dSZFHDl.exe
  C:\Windows\System\dSZFHDl.exe
  2⤵
  PID:13252
- C:\Windows\System\jhUAIWR.exe
  C:\Windows\System\jhUAIWR.exe
  2⤵
  PID:13276
- C:\Windows\System\HvGOLIa.exe
  C:\Windows\System\HvGOLIa.exe
  2⤵
  PID:12128
- C:\Windows\System\ASpIOzB.exe
  C:\Windows\System\ASpIOzB.exe
  2⤵
  PID:11588
- C:\Windows\System\ZjSBnHE.exe
  C:\Windows\System\ZjSBnHE.exe
  2⤵
  PID:11760
- C:\Windows\System\VCDalpF.exe
  C:\Windows\System\VCDalpF.exe
  2⤵
  PID:10992
- C:\Windows\System\ySYAKNe.exe
  C:\Windows\System\ySYAKNe.exe
  2⤵
  PID:11572
- C:\Windows\System\ETnYnKO.exe
  C:\Windows\System\ETnYnKO.exe
  2⤵
  PID:12344
- C:\Windows\System\COKLXSS.exe
  C:\Windows\System\COKLXSS.exe
  2⤵
  PID:12392
- C:\Windows\System\TAcMnFq.exe
  C:\Windows\System\TAcMnFq.exe
  2⤵
  PID:12120
- C:\Windows\System\WFnPjuX.exe
  C:\Windows\System\WFnPjuX.exe
  2⤵
  PID:12312
- C:\Windows\System\pqGNHMj.exe
  C:\Windows\System\pqGNHMj.exe
  2⤵
  PID:11812
- C:\Windows\System\iUGFLfk.exe
  C:\Windows\System\iUGFLfk.exe
  2⤵
  PID:11948
- C:\Windows\System\qckzCyt.exe
  C:\Windows\System\qckzCyt.exe
  2⤵
  PID:12476
- C:\Windows\System\lmmBGQj.exe
  C:\Windows\System\lmmBGQj.exe
  2⤵
  PID:12576
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 12576 -s 248
    3⤵
    PID:13964
- C:\Windows\System\aGYnNBI.exe
  C:\Windows\System\aGYnNBI.exe
  2⤵
  PID:12780
- C:\Windows\System\McofDvS.exe
  C:\Windows\System\McofDvS.exe
  2⤵
  PID:12876
- C:\Windows\System\HVJpNwo.exe
  C:\Windows\System\HVJpNwo.exe
  2⤵
  PID:12448
- C:\Windows\System\jObtCzY.exe
  C:\Windows\System\jObtCzY.exe
  2⤵
  PID:12512
- C:\Windows\System\cyBXbgi.exe
  C:\Windows\System\cyBXbgi.exe
  2⤵
  PID:13072
- C:\Windows\System\dawzvbf.exe
  C:\Windows\System\dawzvbf.exe
  2⤵
  PID:12708
- C:\Windows\System\dmyjxvj.exe
  C:\Windows\System\dmyjxvj.exe
  2⤵
  PID:12736
- C:\Windows\System\qFCEkuz.exe
  C:\Windows\System\qFCEkuz.exe
  2⤵
  PID:13300
- C:\Windows\System\OdmkHhN.exe
  C:\Windows\System\OdmkHhN.exe
  2⤵
  PID:12012
- C:\Windows\System\MKBOmmh.exe
  C:\Windows\System\MKBOmmh.exe
  2⤵
  PID:12056
- C:\Windows\System\hxEbFKV.exe
  C:\Windows\System\hxEbFKV.exe
  2⤵
  PID:13328
- C:\Windows\System\qpqGvMr.exe
  C:\Windows\System\qpqGvMr.exe
  2⤵
  PID:13356
- C:\Windows\System\PloUwpb.exe
  C:\Windows\System\PloUwpb.exe
  2⤵
  PID:13384
- C:\Windows\System\yoPFkRL.exe
  C:\Windows\System\yoPFkRL.exe
  2⤵
  PID:13400
- C:\Windows\System\zCnZsuR.exe
  C:\Windows\System\zCnZsuR.exe
  2⤵
  PID:13432
- C:\Windows\System\XSRqQtV.exe
  C:\Windows\System\XSRqQtV.exe
  2⤵
  PID:13448
- C:\Windows\System\RvgCbFj.exe
  C:\Windows\System\RvgCbFj.exe
  2⤵
  PID:13468
- C:\Windows\System\ICVwCHf.exe
  C:\Windows\System\ICVwCHf.exe
  2⤵
  PID:13488
- C:\Windows\System\jjsnRxg.exe
  C:\Windows\System\jjsnRxg.exe
  2⤵
  PID:13508
- C:\Windows\System\YJdwGMD.exe
  C:\Windows\System\YJdwGMD.exe
  2⤵
  PID:13528
- C:\Windows\System\zCwBOQE.exe
  C:\Windows\System\zCwBOQE.exe
  2⤵
  PID:13552
- C:\Windows\System\FQfMloP.exe
  C:\Windows\System\FQfMloP.exe
  2⤵
  PID:13568
- C:\Windows\System\IoLdMiI.exe
  C:\Windows\System\IoLdMiI.exe
  2⤵
  PID:13604
- C:\Windows\System\gipbrli.exe
  C:\Windows\System\gipbrli.exe
  2⤵
  PID:13624
- C:\Windows\System\RTywNXZ.exe
  C:\Windows\System\RTywNXZ.exe
  2⤵
  PID:13640
- C:\Windows\System\mTugxps.exe
  C:\Windows\System\mTugxps.exe
  2⤵
  PID:13668
- C:\Windows\System\pwbZGtg.exe
  C:\Windows\System\pwbZGtg.exe
  2⤵
  PID:13700
- C:\Windows\System\haIGUQM.exe
  C:\Windows\System\haIGUQM.exe
  2⤵
  PID:13732
- C:\Windows\System\UhJqRlZ.exe
  C:\Windows\System\UhJqRlZ.exe
  2⤵
  PID:13748
- C:\Windows\System\CdSXBdX.exe
  C:\Windows\System\CdSXBdX.exe
  2⤵
  PID:13772
- C:\Windows\System\pWoHvMr.exe
  C:\Windows\System\pWoHvMr.exe
  2⤵
  PID:13796
- C:\Windows\System\DByHBxl.exe
  C:\Windows\System\DByHBxl.exe
  2⤵
  PID:13816
- C:\Windows\System\TJEEntp.exe
  C:\Windows\System\TJEEntp.exe
  2⤵
  PID:13844
- C:\Windows\System\vXdlmGQ.exe
  C:\Windows\System\vXdlmGQ.exe
  2⤵
  PID:13868
- C:\Windows\System\lIINtbH.exe
  C:\Windows\System\lIINtbH.exe
  2⤵
  PID:13892
- C:\Windows\System\EjUMEtS.exe
  C:\Windows\System\EjUMEtS.exe
  2⤵
  PID:13916
- C:\Windows\System\roWpniF.exe
  C:\Windows\System\roWpniF.exe
  2⤵
  PID:13956
- C:\Windows\System\bhfiYLC.exe
  C:\Windows\System\bhfiYLC.exe
  2⤵
  PID:13988
- C:\Windows\System\TfvEAdR.exe
  C:\Windows\System\TfvEAdR.exe
  2⤵
  PID:14012
- C:\Windows\System\FBnnKit.exe
  C:\Windows\System\FBnnKit.exe
  2⤵
  PID:14028
- C:\Windows\System\hNKWbeH.exe
  C:\Windows\System\hNKWbeH.exe
  2⤵
  PID:14044
- C:\Windows\System\ybCOGgO.exe
  C:\Windows\System\ybCOGgO.exe
  2⤵
  PID:14072
- C:\Windows\System\QerDBKT.exe
  C:\Windows\System\QerDBKT.exe
  2⤵
  PID:14096
- C:\Windows\System\KxQxBVt.exe
  C:\Windows\System\KxQxBVt.exe
  2⤵
  PID:14120
- C:\Windows\System\UKrYAOf.exe
  C:\Windows\System\UKrYAOf.exe
  2⤵
  PID:14144
- C:\Windows\System\ujquuDL.exe
  C:\Windows\System\ujquuDL.exe
  2⤵
  PID:14172
- C:\Windows\System\ZZBhNAe.exe
  C:\Windows\System\ZZBhNAe.exe
  2⤵
  PID:14196
- C:\Windows\System\OXPIggH.exe
  C:\Windows\System\OXPIggH.exe
  2⤵
  PID:14220
- C:\Windows\System\nhsEXHn.exe
  C:\Windows\System\nhsEXHn.exe
  2⤵
  PID:14256
- C:\Windows\System\gmZaiWa.exe
  C:\Windows\System\gmZaiWa.exe
  2⤵
  PID:14280
- C:\Windows\System\BXeahUs.exe
  C:\Windows\System\BXeahUs.exe
  2⤵
  PID:14304
- C:\Windows\System\WQMSPgF.exe
  C:\Windows\System\WQMSPgF.exe
  2⤵
  PID:12376
- C:\Windows\System\iGrreSW.exe
  C:\Windows\System\iGrreSW.exe
  2⤵
  PID:12472
- C:\Windows\System\rYXbHMo.exe
  C:\Windows\System\rYXbHMo.exe
  2⤵
  PID:12772
- C:\Windows\System\dgGwTiJ.exe
  C:\Windows\System\dgGwTiJ.exe
  2⤵
  PID:13232
- C:\Windows\System\DVIduUw.exe
  C:\Windows\System\DVIduUw.exe
  2⤵
  PID:12860
- C:\Windows\System\IvavBPt.exe
  C:\Windows\System\IvavBPt.exe
  2⤵
  PID:12904
- C:\Windows\System\nreMhwm.exe
  C:\Windows\System\nreMhwm.exe
  2⤵
  PID:12880
- C:\Windows\System\LDfSwZo.exe
  C:\Windows\System\LDfSwZo.exe
  2⤵
  PID:12752
- C:\Windows\System\NnnEAzx.exe
  C:\Windows\System\NnnEAzx.exe
  2⤵
  PID:13692
- C:\Windows\System\FrKkWDu.exe
  C:\Windows\System\FrKkWDu.exe
  2⤵
  PID:14192
- C:\Windows\System\OYYqatM.exe
  C:\Windows\System\OYYqatM.exe
  2⤵
  PID:14232
- C:\Windows\System\NQDKFVa.exe
  C:\Windows\System\NQDKFVa.exe
  2⤵
  PID:12048
- C:\Windows\System\bnYZMmi.exe
  C:\Windows\System\bnYZMmi.exe
  2⤵
  PID:13952
- C:\Windows\System\PMYaRDE.exe
  C:\Windows\System\PMYaRDE.exe
  2⤵
  PID:13588
- C:\Windows\System\RLAwVqB.exe
  C:\Windows\System\RLAwVqB.exe
  2⤵
  PID:12564
- C:\Windows\System\ipndGmE.exe
  C:\Windows\System\ipndGmE.exe
  2⤵
  PID:13632
- C:\Windows\System\gSJXmoS.exe
  C:\Windows\System\gSJXmoS.exe
  2⤵
  PID:13828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AClBAzO.exe

Filesize
1.4MB

MD5
4dc817724027ab408bdbba6a07df5776

SHA1
ee1ccdc7c0c9b78ac790eca1b25a16cff9ed4381

SHA256
41de88873bf248d27ef2d0efd77a1a52967571542bd03e0e6fd100bab95bc691

SHA512
45865de24be443629f5d11793f5595ee42e9b43a0d3ac7c10bf35e0b238fc77eff09fe02d707edab36be369a10ac17cf17b4a8612f4e68b3f21e93af15aa8df2

Download Submit
C:\Windows\System\AtHECHP.exe

Filesize
1.4MB

MD5
9127e1a8af1bb5bfa0004140880bf82a

SHA1
e89ee02042fd6dc5989fbcd93219c50d979513e5

SHA256
b678e55d77fda6ebfe5635a80f673ec04caa26fd2fc15a1dad22d7f64eabfec6

SHA512
ce10517d5657590f6cae27484f3b11673450981a5dd71b2e559e919837ff2c733c7c211ee870118b04039e8d0871ed27c721cd34d2a895a0bf4be2caeb7eb9dc

Download Submit
C:\Windows\System\BqaXwXb.exe

Filesize
1.4MB

MD5
ef83bc634263c4c9a17457317f4d97d2

SHA1
4eb6de99e6437f95bde482385bc67db1be20606b

SHA256
d62f48d8f33d3d3b8ab7f3846960850db3498d63b9588f1b041b05c2ea3e86b0

SHA512
32c9f3f0b55f939f45fffc7d32998aac8913553de7296880c74e1e00aceb6c6251f40d68075e59c619d83bbef80788341661797b9662d586439d2aedafd80fba

Download Submit
C:\Windows\System\DdMRsyS.exe

Filesize
1.4MB

MD5
907a3e936d04f2d0cd944893a4194b8e

SHA1
23ab610c80736b3a41f2ef424ac966a94b45f2f7

SHA256
3e0cfa4bf45ee1928c420eaea5777c9d5f850cd2fea339bf4abc4aebda441c54

SHA512
09b99e2590583c43242e585c35bd2486eff23c8b7a42921e01c79e228262a8017753cabee89e5549c29bc118885e8c0731084c12c02c62eda7ffac8265ebea3b

Download Submit
C:\Windows\System\DhrhKcF.exe

Filesize
1.4MB

MD5
c19c0878c0725a479cb5179e6873557d

SHA1
b8d219fb39c0722fc9fa2986e354b7c74b010fee

SHA256
caba74659a79a1e18c21d5ac60b4cdf6f3219429cee967863ec0c6985e89cc55

SHA512
6e4f69fac1883d2d285a7dc7bac6d512b50bc643063df7f3f7721c08699ac2759adc45686d44ac6594c0a00d14117c350ef4e87f3163c9e9f9b3c1ab87c2cceb

Download Submit
C:\Windows\System\IblnIKt.exe

Filesize
1.4MB

MD5
d589381be12c692d439c31a2e8e35711

SHA1
ccbd834004ae6b395fc6bbacbcbf9a5197c20fa7

SHA256
169c36ca4bdb8c71e934ad1d17d8b9b72151fbb66d98d5e5b48fcd7c77b6cb8d

SHA512
66a7b360c4623b4501d5e02777a5011b52d7a13484205f6c895997bf23b9fbd40336fc2e1dc5a9ce9922ebe5e32dbd83dc868458c2dc573e355aff57624463c4

Download Submit
C:\Windows\System\JBhiJaN.exe

Filesize
1.4MB

MD5
930f9ddc2c3d22855b6c9efe05f7e1d6

SHA1
4648a52643da809543d9c83441ea7ef962397e94

SHA256
a16025253588f3861a8ba3bba53dce999d166649a5ccf0c33ac554b165c400c5

SHA512
e3b68f2ef9b288b3897d1db500ba0eeb52997d8c063b6992427885b7fad7e307115411f1cb5c2db328afcce92b5ed58123b064d70f62e012b086b246e34730be

Download Submit
C:\Windows\System\KtDFoQS.exe

Filesize
1.4MB

MD5
82a8849fdcb5bf6e1bb8209ca6e4a5a9

SHA1
0c3f3955bed63de6aa6c35694a291f29e5fd8af1

SHA256
d53c022981ba8240844774ada34574da256afa655f211040d6f61cd3e2761a66

SHA512
5b10ae354b5db1333a5245f9bc6641f5e2bf19a5c801b6c3aa70755c881d0ff82ddb75ea332e2442341cc427aec65cefa2c198d86692032e9cadf6d1270bb129

Download Submit
C:\Windows\System\MMUamDg.exe

Filesize
1.4MB

MD5
0ad763ab12d14156ba3481e74e813879

SHA1
da361fd154ad3b4329a90836dc86a5b028eaa8c5

SHA256
59fe113e6b22e8532e12c2d4806d81123ac580fa3c043590c4e2f862a6940242

SHA512
107fc9cc57cbb2ab4df061bd5f7f9f4582bde8f56f6c785bac7340fed4be30006e304bd1918a61608111509422125dc4953edf9609c7f80cb6d74f99550b3f10

Download Submit
C:\Windows\System\NQBMnRU.exe

Filesize
1.4MB

MD5
75e2a30c4ee790a1747d691e85ecf1b8

SHA1
21ac65cbab29b4b548483dadab3204719283b8ab

SHA256
5ea962613dc6866e1284cc09ab3e1d30e9b0a93b3f75bbc4fb90fcf61ca5259f

SHA512
1fe8f469828a0335e00c14cb5c9421a34c5069e3aac84aeb8c1ed3d09afda4ef2c7a2c9cf2174c42a69fb35711b62a36bf55d90d96bfe8b25e2f116ba02d61bd

Download Submit
C:\Windows\System\NpwzgNd.exe

Filesize
1.4MB

MD5
771e369bfed299c433149cd7228ccfc5

SHA1
ecd97581e8c9b6098daaa867f26477e3256e2c77

SHA256
0b9bbf0189e5dc0763257d52abeefb51db65788e35c64dc10cbc77ad87a3cabc

SHA512
617d69716c305dfe6b418a3b13bf8b3a13acd7784cc1b3bfb1e1a4c91976e8749c9da8b218c4479e92e5fc6b3e5f57d8426e2910fab1d66ea47ca0c444fe8ece

Download Submit
C:\Windows\System\QmrCRkl.exe

Filesize
1.4MB

MD5
8acef70deecca212348a64b8f602f781

SHA1
cba58f55b3370188ef8bf267fd1628fd4ae56add

SHA256
7cbfe9788cdef86c3f091201412830f41c18c606babafa9b95421b2de4dc656c

SHA512
0681a69f5747019f48db7fbd845ee49bccaad91d1289628821469c4fe1145d45d721c66a570ba346e5c9c2c7257b2979060f4403607f403f7dbeed80f94a1dff

Download Submit
C:\Windows\System\SLaevIY.exe

Filesize
1.4MB

MD5
917f1e4435303459c838befc75551f25

SHA1
fc5b48dc7889ab3299a17094df5768a7fd5da86c

SHA256
c9366c0517c18aeabb0ad9d2ecd57379433a68bc3be9c6bbb4deb2d5a059ecdc

SHA512
596fac1afa1d12d83da882124789b6ecfa7fd99ca6a89505828e58a89b1dc8a4945bbd839c3e0ad74e3d903b015329fb5c57a1c16b79fbd139aaaf108c1513ca

Download Submit
C:\Windows\System\UagkADO.exe

Filesize
1.4MB

MD5
26f5247f6717a0a4d906ea3a226c0a44

SHA1
53200f71d87e1dbd7c0005ec1b06a00fd2994b90

SHA256
bb199a4a8aa25bd9baac5639677771dc9d36b671374341ebd204f0b9e4235659

SHA512
a3f272fde985bee4f3c5f9b6daf1eb9446f9c63a0860d88de11feb175238ee3527af498146d79b86bddf362dc6d2900ea8d4aceac0209721551f8b0c3216309c

Download Submit
C:\Windows\System\WWzNpOI.exe

Filesize
1.4MB

MD5
dbaf62241c1003b3cdf4db0d1e54a45a

SHA1
589728e40228693444054fade7ed61c56355a172

SHA256
ac6d91e08c7276719535a65b220565c215c4a251b0883b4a1d2f6ab0f8479d52

SHA512
ba4f15f4e2dee6d850f0c3d28f45a63b7639048f82c2bb16220452be42cd96bfbb2ac28f3e962771e7f235af641f8a5751e5958c30df7c7af3440ca5576633b0

Download Submit
C:\Windows\System\XFrTEXm.exe

Filesize
1.4MB

MD5
a7ff0e9be7e320cead12563e8507a417

SHA1
1126159a6683a84aebd4918a473b21f698551743

SHA256
2061277aab46dd7ddacbed342d8de942dfbfcbad60f8ecaeb3adc26b7f17debb

SHA512
9a618f5c164a032ee99aac45c0a4dbc3ebd0cc4b87b089d26ee2080d9d6af8e5dc84af5a3435e5b8a02c9db12e9dc78311dd045c91f262ee0bb7d32c58d7dc33

Download Submit
C:\Windows\System\XdqZGrt.exe

Filesize
1.4MB

MD5
cfd7fa880e1f24a0c2410da932ab7597

SHA1
6d29cd34172c3a3e9b36d628db80b9c56747ca21

SHA256
3371a9e5883592ba662e84edb59e163c983911b4f9e38707c0cad8a731c9f4a0

SHA512
10a6f74bb672deaa10044db3df0533b28cae975da284558d24bb680989defb738c3b7c5a62f20bafd0c7e108650c0a37fe8062d1988cccbc96e8d019130f097f

Download Submit
C:\Windows\System\XxmfBmJ.exe

Filesize
1.4MB

MD5
cb2abc5c4831b45724b7bb186de7c279

SHA1
220e476c16859bb28d50811192f461a61e89a7dc

SHA256
995eaf3585e635347f650cae48de5cfb4bd4334f452f370f9a9857e8a34adbcb

SHA512
8c108b05cd6f5a59a7c9d768ded244d12570e1ffcecb177015bbd37011b7b6bbe7a3f1d57e51997080164a52d90d47e0454631f92d9e9498cb08554fc8b6e444

Download Submit
C:\Windows\System\ZZvhCSQ.exe

Filesize
1.4MB

MD5
193f4320a315dc1c38a007b644d0f373

SHA1
0d5a4bf16c17c00d0ccba5ee3ec0c9300a7e02c1

SHA256
13200a49d67d5bb97edda558cef69d0dccc0c3a14f67204f95a07a4204545d6f

SHA512
4fa336ae95b5db1c125104a6489a8d517ed449d922ac8fa6fe47cd44a622df73a986561c3f7b48d8d199ff3064ddecc092575123a177c43898c4fb23b87df452

Download Submit
C:\Windows\System\aXFogdc.exe

Filesize
1.4MB

MD5
9e5d736d8b18b786602d2669ad945e81

SHA1
6ff26f0d337cbeca0170fc7f1958747a88b8fef0

SHA256
8829d64fb626337900d360d91996dd08ed2c2ecc5f78d54186ecb4b58f359e46

SHA512
0fc77de98e829d9c6d5791c9c51b06be6326e853619f2b28bfa300f354604a4dad7694198487370740dbef7f982807164e4aa4b4b9f6703d9247c95732fc3f60

Download Submit
C:\Windows\System\aabYaUz.exe

Filesize
1.4MB

MD5
83d6393f258ff0128f8dd5cc914d2af0

SHA1
b08e2ea50f73bd59ed19790735dd72747f61f0f6

SHA256
414aa95d50031f0ae0a16767c5d5636af3d1bd41a6aa1aea5e40e16c24dd473a

SHA512
4bb5039f8c1b1236eb8601d6ec1c828b43b8a15a6a80190044b747d2f90df63b335a75635ce2e335bd1ee212214e0cbf16e7ef937a8644b18cae3f305e6862a4

Download Submit
C:\Windows\System\bjggfAA.exe

Filesize
1.4MB

MD5
efc18256967c07f0831621e75625c7e7

SHA1
e2fded3975ee738c2a4c37bd54637126e9ea8b55

SHA256
99b75796b7397d9855f252e6727d4e250e01e9f3dec28cebeb899fd73931a9c3

SHA512
2fecfaa04f5e819aa955512073b7802d0f1b1e0f74eea49e298dd882c748b084eeb790c756c5aa63b61b7049f5e45574e6ea1745f76ff3b91f7baa82ddaf9c42

Download Submit
C:\Windows\System\fiCdPlW.exe

Filesize
1.4MB

MD5
1fdef08c335d4905fa109e33c66724ff

SHA1
852ae820fa50ecd29d4cde099501573cebe56dc9

SHA256
2ebed9a7f1560d4677d091ab78e502a270ff1c2c86ca16f764e435baf3eea3eb

SHA512
42e3f04cb6c3d11205d296b4f3df48e8f89dc89b31197c9c1bce75a534c49c7c56bf5ea75d1720717626bd9cad2ad6449dad59be3e65eb4ed6c7211a7de0e136

Download Submit
C:\Windows\System\itLgBdv.exe

Filesize
1.4MB

MD5
4cc368b6c7478f5475f2c3059949d8af

SHA1
11fef7b285bc6bd10b1d57a5bf9097fff09dc924

SHA256
3229ffec278ffaf31fa89e313ee7748e1cb1e2903573bdb5c657aaae69d2ed67

SHA512
1427ed717d21b578f2bb0ae96821c97cd246255dc3e8b6ecffc5a2dd6842d3a2422bf19ff81ff18c82863194150df8f029cce185d3d39cb7f8499b571d0bb3c7

Download Submit
C:\Windows\System\keMsMAl.exe

Filesize
1.4MB

MD5
131ad9644d2568b6749fb887e0fe8aa4

SHA1
0cdd9597949502fcaf133408b03ce9160e4b0d85

SHA256
dff61480ef27d2f4b05a638c5089ca3f43942a647e2d51900ac18b7e9fb55c42

SHA512
b91e76454cf1a5e1106ef73336721f26832b29a5ff7c2a60988990fbf8951039d8f962fe269ef4d85a667b1b2fc8edd96cd9abad1dd1d72aeb1901829fce7781

Download Submit
C:\Windows\System\muTShDc.exe

Filesize
1.4MB

MD5
79e58c27b20ee3bf186c4ad3110e5211

SHA1
e0cb9e39e92c7ef0d3c2028a6983cae944f7c875

SHA256
1d570a733247d9250cb5ce687743179e09bbd6b02edc63b4460b9596e2a78ccb

SHA512
fabb0b55fa57978efdbf0c2c83b10d2dbfa19b09c266024495635f0c36571032de252901d0066468358683d51306a0436449a0030904345a5ed907e28db6048d

Download Submit
C:\Windows\System\nfJAeWO.exe

Filesize
1.4MB

MD5
6afc102d325be1d7688d1d907ea04616

SHA1
131fb28d02002f01d7cd0c62f3ef2a1ecf64572d

SHA256
4e87cc9f3103d5dedfe70edceed08ef7ddf1685cefbdb259b3207525cbf9947b

SHA512
b9bbafdd46747b1c93d9a8cc0c386e814837ffedfe3ed71d1806c16d4739f28b12a313a71f4ba035007e0ae28e31c20aa617622c5143e285447a0b12c6e6e656

Download Submit
C:\Windows\System\rcWqXTV.exe

Filesize
1.4MB

MD5
a3ade3baaf49727d2e4c9d7dafb5eeb6

SHA1
0ff80feabb36ad478b8a4364b27f670406bb24d1

SHA256
8f1444df64c6de8c0d1295036c95b79f3b69bdd00aeefdb4426695a23b099339

SHA512
31469859a77df57df3e60259d6e86725654030f9f3edcba7ccfb5e49a6000d6ec3dfda4485d33610cf7ddd490f445ded58ee457806d215f4ff1a33a9522c1fc1

Download Submit
C:\Windows\System\wKcuqBl.exe

Filesize
1.4MB

MD5
759a40d064f68c811eb7d85594f3715d

SHA1
9dd9dcc6515cdc5348b522dcd089d6d2a4c36565

SHA256
43a1b51a35c9be746f72d6340cf041a89b30404b5a3690e599b513ce935a90b6

SHA512
221a3923dcb2f0505071d42da1849f4c7cad271b90046983091b37337b8f92e3f52d4338b6caf37b976c7367932d4ca0c90d3c1a16bc16ff7109e331b176d494

Download Submit
C:\Windows\System\wSLuqFv.exe

Filesize
1.4MB

MD5
97044c0d20661796ca504879eadb2fdd

SHA1
9ad0f7a386139541600c7810b5a48366d1912b2e

SHA256
d648205c39bb3f7849250b3af79393fc91db82840204e548b8c05afdcf11fa68

SHA512
df066dc619eafcdf5ed378e0b0bdf400dd4a05eb7b6ca88558f659d982e837a418beb332bdcc374108ae3a21a108fe404ca9a7ce4d31cd80081f68cfb1e49092

Download Submit
C:\Windows\System\wsrNJFz.exe

Filesize
1.4MB

MD5
01c408a6799a12357ce16b1e8640324a

SHA1
12d16d8e44dc15540ff5befb938d0cfd77f46a18

SHA256
6be37d59c60e78a1fa1dcee934b0cc98b63a7e77f6fcd26a0d54aa9d0ab55de1

SHA512
1aa15fbf14f881b8653ca180006f5083d04367b7ce474f22ae2c0847620029b15f305e2c500b2c8182f4687bc302aad0eb77809b914442519063315a8b33db16

Download Submit
C:\Windows\System\xDapzzI.exe

Filesize
1.4MB

MD5
3ccd5ac94023e25d6a103d005f27b9e1

SHA1
2f42bff7bdb28bdaee60dc042e52b2c83d6c1a35

SHA256
b4e493e272986e1b6cdd6c0fe19399aba1f73e0378ea391ef17d9f4d38a5dac8

SHA512
52da4636c557fd3c5bc4ce6b6781915b4ecc57a308f1b2ceedcb19f8c874d573df8144514001712e92d129ef03cbcce99fa97586498515baf40230538943f92a

Download Submit
C:\Windows\System\yrjoLwm.exe

Filesize
1.4MB

MD5
ff935cd6afc78a1c89bbc48541467905

SHA1
ccfc8c5ec69cf6650d1537950a98c1ff7d128152

SHA256
9affd8f3271816994c06a331058bc776746cc136d985553778b542b3c21be132

SHA512
fa52db700196703ee07b989dbbb0e4156f27c49fa9851728f11dfc01607cab7bc864a10521bd7d8ce53715a09f709c201d4ab3ebbcfe6f2bd87cc26d794572f2

Download Submit
memory/852-183-0x00007FF7B2310000-0x00007FF7B2664000-memory.dmp

Filesize
3.3MB

Download
memory/852-2331-0x00007FF7B2310000-0x00007FF7B2664000-memory.dmp

Filesize
3.3MB

Download
memory/992-2297-0x00007FF6CB860000-0x00007FF6CBBB4000-memory.dmp

Filesize
3.3MB

Download
memory/992-68-0x00007FF6CB860000-0x00007FF6CBBB4000-memory.dmp

Filesize
3.3MB

Download
memory/992-2314-0x00007FF6CB860000-0x00007FF6CBBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-193-0x00007FF75E680000-0x00007FF75E9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-2321-0x00007FF75E680000-0x00007FF75E9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1180-2310-0x00007FF69DAE0000-0x00007FF69DE34000-memory.dmp

Filesize
3.3MB

Download
memory/1180-189-0x00007FF69DAE0000-0x00007FF69DE34000-memory.dmp

Filesize
3.3MB

Download
memory/1248-188-0x00007FF679030000-0x00007FF679384000-memory.dmp

Filesize
3.3MB

Download
memory/1248-2308-0x00007FF679030000-0x00007FF679384000-memory.dmp

Filesize
3.3MB

Download
memory/1280-23-0x00007FF68C3F0000-0x00007FF68C744000-memory.dmp

Filesize
3.3MB

Download
memory/1280-2305-0x00007FF68C3F0000-0x00007FF68C744000-memory.dmp

Filesize
3.3MB

Download
memory/1280-2293-0x00007FF68C3F0000-0x00007FF68C744000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2316-0x00007FF68CBD0000-0x00007FF68CF24000-memory.dmp

Filesize
3.3MB

Download
memory/1440-174-0x00007FF68CBD0000-0x00007FF68CF24000-memory.dmp

Filesize
3.3MB

Download
memory/1472-184-0x00007FF7D7980000-0x00007FF7D7CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2330-0x00007FF7D7980000-0x00007FF7D7CD4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2296-0x00007FF645B90000-0x00007FF645EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-66-0x00007FF645B90000-0x00007FF645EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-2313-0x00007FF645B90000-0x00007FF645EE4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-153-0x00007FF6CADD0000-0x00007FF6CB124000-memory.dmp

Filesize
3.3MB

Download
memory/1736-2300-0x00007FF6CADD0000-0x00007FF6CB124000-memory.dmp

Filesize
3.3MB

Download
memory/1736-2322-0x00007FF6CADD0000-0x00007FF6CB124000-memory.dmp

Filesize
3.3MB

Download
memory/1856-2319-0x00007FF7BB740000-0x00007FF7BBA94000-memory.dmp

Filesize
3.3MB

Download
memory/1856-163-0x00007FF7BB740000-0x00007FF7BBA94000-memory.dmp

Filesize
3.3MB

Download
memory/2124-192-0x00007FF71A710000-0x00007FF71AA64000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2327-0x00007FF71A710000-0x00007FF71AA64000-memory.dmp

Filesize
3.3MB

Download
memory/2424-33-0x00007FF767B40000-0x00007FF767E94000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2306-0x00007FF767B40000-0x00007FF767E94000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2294-0x00007FF767B40000-0x00007FF767E94000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2315-0x00007FF65FC50000-0x00007FF65FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2302-0x00007FF65FC50000-0x00007FF65FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-85-0x00007FF65FC50000-0x00007FF65FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2307-0x00007FF7FBFA0000-0x00007FF7FC2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-187-0x00007FF7FBFA0000-0x00007FF7FC2F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-190-0x00007FF605E80000-0x00007FF6061D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2323-0x00007FF605E80000-0x00007FF6061D4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-58-0x00007FF60AC50000-0x00007FF60AFA4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2309-0x00007FF60AC50000-0x00007FF60AFA4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2295-0x00007FF60AC50000-0x00007FF60AFA4000-memory.dmp

Filesize
3.3MB

Download
memory/3448-2312-0x00007FF669D60000-0x00007FF66A0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3448-191-0x00007FF669D60000-0x00007FF66A0B4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-118-0x00007FF7B2850000-0x00007FF7B2BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2324-0x00007FF7B2850000-0x00007FF7B2BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2299-0x00007FF7B2850000-0x00007FF7B2BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2328-0x00007FF7F0350000-0x00007FF7F06A4000-memory.dmp

Filesize
3.3MB

Download
memory/3648-186-0x00007FF7F0350000-0x00007FF7F06A4000-memory.dmp

Filesize
3.3MB

Download
memory/3676-47-0x00007FF60D390000-0x00007FF60D6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3676-2301-0x00007FF60D390000-0x00007FF60D6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3676-2311-0x00007FF60D390000-0x00007FF60D6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-194-0x00007FF786930000-0x00007FF786C84000-memory.dmp

Filesize
3.3MB

Download
memory/3856-2326-0x00007FF786930000-0x00007FF786C84000-memory.dmp

Filesize
3.3MB

Download
memory/4012-13-0x00007FF639A20000-0x00007FF639D74000-memory.dmp

Filesize
3.3MB

Download
memory/4012-2303-0x00007FF639A20000-0x00007FF639D74000-memory.dmp

Filesize
3.3MB

Download
memory/4016-2304-0x00007FF7417B0000-0x00007FF741B04000-memory.dmp

Filesize
3.3MB

Download
memory/4016-19-0x00007FF7417B0000-0x00007FF741B04000-memory.dmp

Filesize
3.3MB

Download
memory/4204-162-0x00007FF7F4990000-0x00007FF7F4CE4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-2317-0x00007FF7F4990000-0x00007FF7F4CE4000-memory.dmp

Filesize
3.3MB

Download
memory/4412-2325-0x00007FF6E4CD0000-0x00007FF6E5024000-memory.dmp

Filesize
3.3MB

Download
memory/4412-181-0x00007FF6E4CD0000-0x00007FF6E5024000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2329-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp

Filesize
3.3MB

Download
memory/4560-185-0x00007FF66A910000-0x00007FF66AC64000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2298-0x00007FF7A9310000-0x00007FF7A9664000-memory.dmp

Filesize
3.3MB

Download
memory/4592-106-0x00007FF7A9310000-0x00007FF7A9664000-memory.dmp

Filesize
3.3MB

Download
memory/4592-2320-0x00007FF7A9310000-0x00007FF7A9664000-memory.dmp

Filesize
3.3MB

Download
memory/4712-1-0x000002292ED20000-0x000002292ED30000-memory.dmp

Filesize
64KB

Download
memory/4712-0-0x00007FF60C1C0000-0x00007FF60C514000-memory.dmp

Filesize
3.3MB

Download
memory/5096-2318-0x00007FF782210000-0x00007FF782564000-memory.dmp

Filesize
3.3MB

Download
memory/5096-182-0x00007FF782210000-0x00007FF782564000-memory.dmp

Filesize
3.3MB

Download