xmrig | 8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c

Analysis

max time kernel
60s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
Size

1.4MB
MD5

1cf5fe952f15912388a04e8cf72755e0
SHA1

81097edee0ed224dff99b9de3e4b8b9ea2569866
SHA256

8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c
SHA512

b8c23c01382d41c8e76b7ef970dd45d92fc06bb25046f5c5e6c242567d1a6e81d57b29385466604db7ef3a3b5b8573981e1e040f7e71a8a9f88bd57b1d531827
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727ZvhwJWe9pYJh5MHHRDQxgSvy5na9LQY8bfz:ROdWCCi7/rahoyBcIK2ubfz

Score

10^/10

xmrig miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral2/memory/2888-73-0x00007FF73F230000-0x00007FF73F581000-memory.dmp	xmrig
behavioral2/memory/1188-422-0x00007FF685E00000-0x00007FF686151000-memory.dmp	xmrig
behavioral2/memory/2416-424-0x00007FF68A1A0000-0x00007FF68A4F1000-memory.dmp	xmrig
behavioral2/memory/1948-425-0x00007FF7263E0000-0x00007FF726731000-memory.dmp	xmrig
behavioral2/memory/5112-423-0x00007FF752820000-0x00007FF752B71000-memory.dmp	xmrig
behavioral2/memory/1656-85-0x00007FF6CB1C0000-0x00007FF6CB511000-memory.dmp	xmrig
behavioral2/memory/700-84-0x00007FF60F430000-0x00007FF60F781000-memory.dmp	xmrig
behavioral2/memory/3088-67-0x00007FF7F75C0000-0x00007FF7F7911000-memory.dmp	xmrig
behavioral2/memory/2036-427-0x00007FF6C8260000-0x00007FF6C85B1000-memory.dmp	xmrig
behavioral2/memory/4532-429-0x00007FF744360000-0x00007FF7446B1000-memory.dmp	xmrig
behavioral2/memory/5080-428-0x00007FF734470000-0x00007FF7347C1000-memory.dmp	xmrig
behavioral2/memory/3080-426-0x00007FF6172D0000-0x00007FF617621000-memory.dmp	xmrig
behavioral2/memory/2528-430-0x00007FF7EA900000-0x00007FF7EAC51000-memory.dmp	xmrig
behavioral2/memory/2228-438-0x00007FF732A90000-0x00007FF732DE1000-memory.dmp	xmrig
behavioral2/memory/4860-448-0x00007FF713C60000-0x00007FF713FB1000-memory.dmp	xmrig
behavioral2/memory/4516-445-0x00007FF7F3F90000-0x00007FF7F42E1000-memory.dmp	xmrig
behavioral2/memory/4352-440-0x00007FF7230A0000-0x00007FF7233F1000-memory.dmp	xmrig
behavioral2/memory/1440-469-0x00007FF720340000-0x00007FF720691000-memory.dmp	xmrig
behavioral2/memory/4652-475-0x00007FF6ECE30000-0x00007FF6ED181000-memory.dmp	xmrig
behavioral2/memory/2348-463-0x00007FF6E5FF0000-0x00007FF6E6341000-memory.dmp	xmrig
behavioral2/memory/4100-456-0x00007FF71EC30000-0x00007FF71EF81000-memory.dmp	xmrig
behavioral2/memory/1112-455-0x00007FF6D8B70000-0x00007FF6D8EC1000-memory.dmp	xmrig
behavioral2/memory/4884-452-0x00007FF6F2AE0000-0x00007FF6F2E31000-memory.dmp	xmrig
behavioral2/memory/3380-431-0x00007FF695E80000-0x00007FF6961D1000-memory.dmp	xmrig
behavioral2/memory/3520-2223-0x00007FF729800000-0x00007FF729B51000-memory.dmp	xmrig
behavioral2/memory/4660-2225-0x00007FF71D720000-0x00007FF71DA71000-memory.dmp	xmrig
behavioral2/memory/4908-2226-0x00007FF74CBC0000-0x00007FF74CF11000-memory.dmp	xmrig
behavioral2/memory/4816-2258-0x00007FF7E4D80000-0x00007FF7E50D1000-memory.dmp	xmrig
behavioral2/memory/4684-2259-0x00007FF73C3F0000-0x00007FF73C741000-memory.dmp	xmrig
behavioral2/memory/4660-2265-0x00007FF71D720000-0x00007FF71DA71000-memory.dmp	xmrig
behavioral2/memory/4816-2267-0x00007FF7E4D80000-0x00007FF7E50D1000-memory.dmp	xmrig
behavioral2/memory/4684-2272-0x00007FF73C3F0000-0x00007FF73C741000-memory.dmp	xmrig
behavioral2/memory/4908-2273-0x00007FF74CBC0000-0x00007FF74CF11000-memory.dmp	xmrig
behavioral2/memory/2888-2277-0x00007FF73F230000-0x00007FF73F581000-memory.dmp	xmrig
behavioral2/memory/2348-2279-0x00007FF6E5FF0000-0x00007FF6E6341000-memory.dmp	xmrig
behavioral2/memory/700-2281-0x00007FF60F430000-0x00007FF60F781000-memory.dmp	xmrig
behavioral2/memory/2924-2275-0x00007FF6C9270000-0x00007FF6C95C1000-memory.dmp	xmrig
behavioral2/memory/3088-2270-0x00007FF7F75C0000-0x00007FF7F7911000-memory.dmp	xmrig
behavioral2/memory/3080-2291-0x00007FF6172D0000-0x00007FF617621000-memory.dmp	xmrig
behavioral2/memory/2528-2305-0x00007FF7EA900000-0x00007FF7EAC51000-memory.dmp	xmrig
behavioral2/memory/2228-2309-0x00007FF732A90000-0x00007FF732DE1000-memory.dmp	xmrig
behavioral2/memory/4352-2311-0x00007FF7230A0000-0x00007FF7233F1000-memory.dmp	xmrig
behavioral2/memory/3380-2307-0x00007FF695E80000-0x00007FF6961D1000-memory.dmp	xmrig
behavioral2/memory/5080-2303-0x00007FF734470000-0x00007FF7347C1000-memory.dmp	xmrig
behavioral2/memory/4532-2301-0x00007FF744360000-0x00007FF7446B1000-memory.dmp	xmrig
behavioral2/memory/4652-2299-0x00007FF6ECE30000-0x00007FF6ED181000-memory.dmp	xmrig
behavioral2/memory/1440-2297-0x00007FF720340000-0x00007FF720691000-memory.dmp	xmrig
behavioral2/memory/2416-2296-0x00007FF68A1A0000-0x00007FF68A4F1000-memory.dmp	xmrig
behavioral2/memory/1656-2293-0x00007FF6CB1C0000-0x00007FF6CB511000-memory.dmp	xmrig
behavioral2/memory/2036-2290-0x00007FF6C8260000-0x00007FF6C85B1000-memory.dmp	xmrig
behavioral2/memory/1188-2285-0x00007FF685E00000-0x00007FF686151000-memory.dmp	xmrig
behavioral2/memory/5112-2284-0x00007FF752820000-0x00007FF752B71000-memory.dmp	xmrig
behavioral2/memory/1948-2288-0x00007FF7263E0000-0x00007FF726731000-memory.dmp	xmrig
behavioral2/memory/4100-2356-0x00007FF71EC30000-0x00007FF71EF81000-memory.dmp	xmrig
behavioral2/memory/1112-2361-0x00007FF6D8B70000-0x00007FF6D8EC1000-memory.dmp	xmrig
behavioral2/memory/4516-2345-0x00007FF7F3F90000-0x00007FF7F42E1000-memory.dmp	xmrig
behavioral2/memory/4860-2344-0x00007FF713C60000-0x00007FF713FB1000-memory.dmp	xmrig
behavioral2/memory/4884-2317-0x00007FF6F2AE0000-0x00007FF6F2E31000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4660	WmKHQTo.exe
4908	shpiInx.exe
4816	SzUQzCX.exe
3088	DQshZlw.exe
4684	NROYcfl.exe
2924	nDFDRBp.exe
2888	oZzjtcV.exe
2348	PwkQAnu.exe
700	bNJmknq.exe
1656	SmJQlFL.exe
1188	nZpjCiH.exe
5112	UTiSuAZ.exe
2416	EngTiMv.exe
1948	NYITqOE.exe
1440	RuWKfln.exe
4652	CIgcteK.exe
3080	qEdVNnU.exe
2036	EKrNimi.exe
5080	lTkFIML.exe
4532	xgnovHx.exe
2528	csBsLSo.exe
3380	luxHfHj.exe
2228	XsyepGK.exe
4352	BraXftP.exe
4516	qyOKRrq.exe
4860	ereVKLG.exe
4884	iBFTgew.exe
1112	fkeYJYS.exe
4100	mddTdZq.exe
4004	VRnUYGy.exe
4808	csOKWNa.exe
1556	AyXPBhN.exe
4348	qdXwnAB.exe
3464	FgEdAnv.exe
1748	oDOWMQm.exe
2296	XeExSvp.exe
1172	axrSsjP.exe
1756	mHJdgQe.exe
2192	nsGQTOY.exe
5000	fENRGjX.exe
1860	TIotVou.exe
3568	aUfLaRp.exe
3400	GkZvZUT.exe
3128	pAwUocT.exe
1864	Swvuddp.exe
1152	MkAhCvh.exe
2176	WYxiKIG.exe
3448	wbkIJaO.exe
4268	JmkPVSL.exe
752	KSkqJzS.exe
3064	uyYiVhG.exe
4636	JraorDc.exe
368	nMZxlTG.exe
632	eVXovSN.exe
836	grtTfJx.exe
2372	edVzIPj.exe
3356	BjDPIPL.exe
4244	EInyOnr.exe
3224	vvnkSvD.exe
3456	IgeVRoT.exe
3312	hiSJXIy.exe
1680	mSPjzsD.exe
4688	IULnOYH.exe
4368	huGJKbM.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3520-0-0x00007FF729800000-0x00007FF729B51000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/files/0x0007000000023413-7.dat	upx
behavioral2/files/0x0007000000023416-23.dat	upx
behavioral2/files/0x0007000000023417-32.dat	upx
behavioral2/memory/4816-30-0x00007FF7E4D80000-0x00007FF7E50D1000-memory.dmp	upx
behavioral2/memory/4684-31-0x00007FF73C3F0000-0x00007FF73C741000-memory.dmp	upx
behavioral2/memory/2924-47-0x00007FF6C9270000-0x00007FF6C95C1000-memory.dmp	upx
behavioral2/files/0x0007000000023418-64.dat	upx
behavioral2/memory/2888-73-0x00007FF73F230000-0x00007FF73F581000-memory.dmp	upx
behavioral2/files/0x0007000000023420-93.dat	upx
behavioral2/files/0x0007000000023425-120.dat	upx
behavioral2/files/0x0007000000023429-132.dat	upx
behavioral2/files/0x0007000000023430-167.dat	upx
behavioral2/memory/1188-422-0x00007FF685E00000-0x00007FF686151000-memory.dmp	upx
behavioral2/memory/2416-424-0x00007FF68A1A0000-0x00007FF68A4F1000-memory.dmp	upx
behavioral2/memory/1948-425-0x00007FF7263E0000-0x00007FF726731000-memory.dmp	upx
behavioral2/memory/5112-423-0x00007FF752820000-0x00007FF752B71000-memory.dmp	upx
behavioral2/files/0x0007000000023431-172.dat	upx
behavioral2/files/0x000700000002342f-170.dat	upx
behavioral2/files/0x000700000002342e-165.dat	upx
behavioral2/files/0x000700000002342d-160.dat	upx
behavioral2/files/0x000700000002342c-155.dat	upx
behavioral2/files/0x000700000002342b-150.dat	upx
behavioral2/files/0x000700000002342a-145.dat	upx
behavioral2/files/0x0007000000023428-135.dat	upx
behavioral2/files/0x0007000000023427-130.dat	upx
behavioral2/files/0x0007000000023426-125.dat	upx
behavioral2/files/0x0007000000023424-115.dat	upx
behavioral2/files/0x0007000000023423-110.dat	upx
behavioral2/files/0x0007000000023422-103.dat	upx
behavioral2/files/0x0007000000023421-98.dat	upx
behavioral2/files/0x000700000002341f-91.dat	upx
behavioral2/memory/1656-85-0x00007FF6CB1C0000-0x00007FF6CB511000-memory.dmp	upx
behavioral2/memory/700-84-0x00007FF60F430000-0x00007FF60F781000-memory.dmp	upx
behavioral2/files/0x000700000002341e-80.dat	upx
behavioral2/files/0x000700000002341d-78.dat	upx
behavioral2/files/0x000700000002341b-75.dat	upx
behavioral2/files/0x000700000002341a-69.dat	upx
behavioral2/memory/3088-67-0x00007FF7F75C0000-0x00007FF7F7911000-memory.dmp	upx
behavioral2/files/0x0007000000023419-66.dat	upx
behavioral2/files/0x000700000002341c-70.dat	upx
behavioral2/files/0x0007000000023415-37.dat	upx
behavioral2/files/0x0007000000023414-33.dat	upx
behavioral2/files/0x000900000002340a-27.dat	upx
behavioral2/memory/4908-26-0x00007FF74CBC0000-0x00007FF74CF11000-memory.dmp	upx
behavioral2/memory/4660-8-0x00007FF71D720000-0x00007FF71DA71000-memory.dmp	upx
behavioral2/memory/2036-427-0x00007FF6C8260000-0x00007FF6C85B1000-memory.dmp	upx
behavioral2/memory/4532-429-0x00007FF744360000-0x00007FF7446B1000-memory.dmp	upx
behavioral2/memory/5080-428-0x00007FF734470000-0x00007FF7347C1000-memory.dmp	upx
behavioral2/memory/3080-426-0x00007FF6172D0000-0x00007FF617621000-memory.dmp	upx
behavioral2/memory/2528-430-0x00007FF7EA900000-0x00007FF7EAC51000-memory.dmp	upx
behavioral2/memory/2228-438-0x00007FF732A90000-0x00007FF732DE1000-memory.dmp	upx
behavioral2/memory/4860-448-0x00007FF713C60000-0x00007FF713FB1000-memory.dmp	upx
behavioral2/memory/4516-445-0x00007FF7F3F90000-0x00007FF7F42E1000-memory.dmp	upx
behavioral2/memory/4352-440-0x00007FF7230A0000-0x00007FF7233F1000-memory.dmp	upx
behavioral2/memory/1440-469-0x00007FF720340000-0x00007FF720691000-memory.dmp	upx
behavioral2/memory/4652-475-0x00007FF6ECE30000-0x00007FF6ED181000-memory.dmp	upx
behavioral2/memory/2348-463-0x00007FF6E5FF0000-0x00007FF6E6341000-memory.dmp	upx
behavioral2/memory/4100-456-0x00007FF71EC30000-0x00007FF71EF81000-memory.dmp	upx
behavioral2/memory/1112-455-0x00007FF6D8B70000-0x00007FF6D8EC1000-memory.dmp	upx
behavioral2/memory/4884-452-0x00007FF6F2AE0000-0x00007FF6F2E31000-memory.dmp	upx
behavioral2/memory/3380-431-0x00007FF695E80000-0x00007FF6961D1000-memory.dmp	upx
behavioral2/memory/3520-2223-0x00007FF729800000-0x00007FF729B51000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NVoURUd.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\iDwaAPZ.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\tWcsPyN.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\zlrUOOW.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\TIotVou.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\GSpdPlm.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\rRoGZEP.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\XAwyYWY.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\Sxkslsb.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\xeiKoPN.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\WbPApto.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\qEdVNnU.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\xSgUSkO.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\MIPRMHU.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\eKvszKn.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\mNWQKwZ.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\ESQNcRa.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\UCCHxMP.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\wiSfEaV.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\FKuaArB.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\RMqrXku.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\EfnAllf.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\ezMwnIm.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\skUqvFA.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\cnrKUDH.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\gExtUhf.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\FPJxlan.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\hArCPru.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\DHXjRQn.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\oYoyZId.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\ZRcLRKW.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\DFcsfTg.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\MTURZOk.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\CPFipIS.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\TwSzoOA.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\wLXyzRp.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\oYAIBqe.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\QWXINzR.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\bjBUhRh.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\RGibxaY.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\wvHSiHK.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\hRlwjaC.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\EmewvJw.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\dAuXbPa.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\tcBfrhi.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\CYxNqsL.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\sBnhBjA.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\pQSfmHo.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\GaiGdTA.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\PxGircI.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\CIgcteK.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\iFnYVtW.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\GoSWGeY.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\CjkLVyb.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\tGVdYkZ.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\mmgzpgZ.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\SkneIOO.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\fMAZEXm.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\zvtDcvh.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\DQshZlw.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\NillLre.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\KZAxKOD.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\tLqzHkT.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
File created	C:\Windows\System\YHEgJBX.exe	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 4660	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	82
PID 3520 wrote to memory of 4660	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	82
PID 3520 wrote to memory of 4908	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	83
PID 3520 wrote to memory of 4908	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	83
PID 3520 wrote to memory of 4816	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	84
PID 3520 wrote to memory of 4816	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	84
PID 3520 wrote to memory of 3088	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	85
PID 3520 wrote to memory of 3088	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	85
PID 3520 wrote to memory of 4684	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	86
PID 3520 wrote to memory of 4684	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	86
PID 3520 wrote to memory of 2924	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	87
PID 3520 wrote to memory of 2924	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	87
PID 3520 wrote to memory of 2888	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	88
PID 3520 wrote to memory of 2888	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	88
PID 3520 wrote to memory of 2348	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	89
PID 3520 wrote to memory of 2348	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	89
PID 3520 wrote to memory of 700	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	90
PID 3520 wrote to memory of 700	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	90
PID 3520 wrote to memory of 1656	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	91
PID 3520 wrote to memory of 1656	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	91
PID 3520 wrote to memory of 1188	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	92
PID 3520 wrote to memory of 1188	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	92
PID 3520 wrote to memory of 5112	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	93
PID 3520 wrote to memory of 5112	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	93
PID 3520 wrote to memory of 2416	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	94
PID 3520 wrote to memory of 2416	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	94
PID 3520 wrote to memory of 1948	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	95
PID 3520 wrote to memory of 1948	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	95
PID 3520 wrote to memory of 1440	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	96
PID 3520 wrote to memory of 1440	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	96
PID 3520 wrote to memory of 4652	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	97
PID 3520 wrote to memory of 4652	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	97
PID 3520 wrote to memory of 3080	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	98
PID 3520 wrote to memory of 3080	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	98
PID 3520 wrote to memory of 2036	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	99
PID 3520 wrote to memory of 2036	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	99
PID 3520 wrote to memory of 5080	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	100
PID 3520 wrote to memory of 5080	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	100
PID 3520 wrote to memory of 4532	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	101
PID 3520 wrote to memory of 4532	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	101
PID 3520 wrote to memory of 2528	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	102
PID 3520 wrote to memory of 2528	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	102
PID 3520 wrote to memory of 3380	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	103
PID 3520 wrote to memory of 3380	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	103
PID 3520 wrote to memory of 2228	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	104
PID 3520 wrote to memory of 2228	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	104
PID 3520 wrote to memory of 4352	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	105
PID 3520 wrote to memory of 4352	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	105
PID 3520 wrote to memory of 4516	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	106
PID 3520 wrote to memory of 4516	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	106
PID 3520 wrote to memory of 4860	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	107
PID 3520 wrote to memory of 4860	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	107
PID 3520 wrote to memory of 4884	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	108
PID 3520 wrote to memory of 4884	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	108
PID 3520 wrote to memory of 1112	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	109
PID 3520 wrote to memory of 1112	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	109
PID 3520 wrote to memory of 4100	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	110
PID 3520 wrote to memory of 4100	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	110
PID 3520 wrote to memory of 4004	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	111
PID 3520 wrote to memory of 4004	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	111
PID 3520 wrote to memory of 4808	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	112
PID 3520 wrote to memory of 4808	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	112
PID 3520 wrote to memory of 1556	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	113
PID 3520 wrote to memory of 1556	3520	8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8bc3eaecda4afd30178c6f9c1a434f47c8bcc662daea47295f7139e664b4724c_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Windows\System\WmKHQTo.exe
  C:\Windows\System\WmKHQTo.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\shpiInx.exe
  C:\Windows\System\shpiInx.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\SzUQzCX.exe
  C:\Windows\System\SzUQzCX.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\DQshZlw.exe
  C:\Windows\System\DQshZlw.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\NROYcfl.exe
  C:\Windows\System\NROYcfl.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\nDFDRBp.exe
  C:\Windows\System\nDFDRBp.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\oZzjtcV.exe
  C:\Windows\System\oZzjtcV.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\PwkQAnu.exe
  C:\Windows\System\PwkQAnu.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\bNJmknq.exe
  C:\Windows\System\bNJmknq.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\SmJQlFL.exe
  C:\Windows\System\SmJQlFL.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\nZpjCiH.exe
  C:\Windows\System\nZpjCiH.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\UTiSuAZ.exe
  C:\Windows\System\UTiSuAZ.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\EngTiMv.exe
  C:\Windows\System\EngTiMv.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\NYITqOE.exe
  C:\Windows\System\NYITqOE.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\RuWKfln.exe
  C:\Windows\System\RuWKfln.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\CIgcteK.exe
  C:\Windows\System\CIgcteK.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\qEdVNnU.exe
  C:\Windows\System\qEdVNnU.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\EKrNimi.exe
  C:\Windows\System\EKrNimi.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\lTkFIML.exe
  C:\Windows\System\lTkFIML.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\xgnovHx.exe
  C:\Windows\System\xgnovHx.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\csBsLSo.exe
  C:\Windows\System\csBsLSo.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\luxHfHj.exe
  C:\Windows\System\luxHfHj.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\XsyepGK.exe
  C:\Windows\System\XsyepGK.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\BraXftP.exe
  C:\Windows\System\BraXftP.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\qyOKRrq.exe
  C:\Windows\System\qyOKRrq.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\ereVKLG.exe
  C:\Windows\System\ereVKLG.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\iBFTgew.exe
  C:\Windows\System\iBFTgew.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\fkeYJYS.exe
  C:\Windows\System\fkeYJYS.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\mddTdZq.exe
  C:\Windows\System\mddTdZq.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\VRnUYGy.exe
  C:\Windows\System\VRnUYGy.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\csOKWNa.exe
  C:\Windows\System\csOKWNa.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\AyXPBhN.exe
  C:\Windows\System\AyXPBhN.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\qdXwnAB.exe
  C:\Windows\System\qdXwnAB.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\FgEdAnv.exe
  C:\Windows\System\FgEdAnv.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\oDOWMQm.exe
  C:\Windows\System\oDOWMQm.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\XeExSvp.exe
  C:\Windows\System\XeExSvp.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\axrSsjP.exe
  C:\Windows\System\axrSsjP.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\mHJdgQe.exe
  C:\Windows\System\mHJdgQe.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\nsGQTOY.exe
  C:\Windows\System\nsGQTOY.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\fENRGjX.exe
  C:\Windows\System\fENRGjX.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\TIotVou.exe
  C:\Windows\System\TIotVou.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\aUfLaRp.exe
  C:\Windows\System\aUfLaRp.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\GkZvZUT.exe
  C:\Windows\System\GkZvZUT.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\pAwUocT.exe
  C:\Windows\System\pAwUocT.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\Swvuddp.exe
  C:\Windows\System\Swvuddp.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\MkAhCvh.exe
  C:\Windows\System\MkAhCvh.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\WYxiKIG.exe
  C:\Windows\System\WYxiKIG.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\wbkIJaO.exe
  C:\Windows\System\wbkIJaO.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\JmkPVSL.exe
  C:\Windows\System\JmkPVSL.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\KSkqJzS.exe
  C:\Windows\System\KSkqJzS.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\uyYiVhG.exe
  C:\Windows\System\uyYiVhG.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\JraorDc.exe
  C:\Windows\System\JraorDc.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\nMZxlTG.exe
  C:\Windows\System\nMZxlTG.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\eVXovSN.exe
  C:\Windows\System\eVXovSN.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\grtTfJx.exe
  C:\Windows\System\grtTfJx.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\edVzIPj.exe
  C:\Windows\System\edVzIPj.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\BjDPIPL.exe
  C:\Windows\System\BjDPIPL.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\EInyOnr.exe
  C:\Windows\System\EInyOnr.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\vvnkSvD.exe
  C:\Windows\System\vvnkSvD.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\IgeVRoT.exe
  C:\Windows\System\IgeVRoT.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\hiSJXIy.exe
  C:\Windows\System\hiSJXIy.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\mSPjzsD.exe
  C:\Windows\System\mSPjzsD.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\IULnOYH.exe
  C:\Windows\System\IULnOYH.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\huGJKbM.exe
  C:\Windows\System\huGJKbM.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\JscGtkO.exe
  C:\Windows\System\JscGtkO.exe
  2⤵
  PID:2992
- C:\Windows\System\imFWQsS.exe
  C:\Windows\System\imFWQsS.exe
  2⤵
  PID:1668
- C:\Windows\System\mmwiEAv.exe
  C:\Windows\System\mmwiEAv.exe
  2⤵
  PID:2344
- C:\Windows\System\tBbpKkC.exe
  C:\Windows\System\tBbpKkC.exe
  2⤵
  PID:2000
- C:\Windows\System\dnnKkqN.exe
  C:\Windows\System\dnnKkqN.exe
  2⤵
  PID:1836
- C:\Windows\System\bfxmXRM.exe
  C:\Windows\System\bfxmXRM.exe
  2⤵
  PID:864
- C:\Windows\System\ESQNcRa.exe
  C:\Windows\System\ESQNcRa.exe
  2⤵
  PID:556
- C:\Windows\System\haIfSzk.exe
  C:\Windows\System\haIfSzk.exe
  2⤵
  PID:3424
- C:\Windows\System\KQUmXca.exe
  C:\Windows\System\KQUmXca.exe
  2⤵
  PID:2332
- C:\Windows\System\PmjfCWO.exe
  C:\Windows\System\PmjfCWO.exe
  2⤵
  PID:2272
- C:\Windows\System\bgEkady.exe
  C:\Windows\System\bgEkady.exe
  2⤵
  PID:228
- C:\Windows\System\kdsiYix.exe
  C:\Windows\System\kdsiYix.exe
  2⤵
  PID:4456
- C:\Windows\System\frjbYHZ.exe
  C:\Windows\System\frjbYHZ.exe
  2⤵
  PID:2980
- C:\Windows\System\IZxVlQj.exe
  C:\Windows\System\IZxVlQj.exe
  2⤵
  PID:1544
- C:\Windows\System\bvuhfDI.exe
  C:\Windows\System\bvuhfDI.exe
  2⤵
  PID:5052
- C:\Windows\System\iKVsrcm.exe
  C:\Windows\System\iKVsrcm.exe
  2⤵
  PID:1116
- C:\Windows\System\oCkSisI.exe
  C:\Windows\System\oCkSisI.exe
  2⤵
  PID:4836
- C:\Windows\System\miQoqUZ.exe
  C:\Windows\System\miQoqUZ.exe
  2⤵
  PID:3708
- C:\Windows\System\vgOQLOv.exe
  C:\Windows\System\vgOQLOv.exe
  2⤵
  PID:1572
- C:\Windows\System\dAuXbPa.exe
  C:\Windows\System\dAuXbPa.exe
  2⤵
  PID:4792
- C:\Windows\System\PQiJDja.exe
  C:\Windows\System\PQiJDja.exe
  2⤵
  PID:1740
- C:\Windows\System\ATurICa.exe
  C:\Windows\System\ATurICa.exe
  2⤵
  PID:4024
- C:\Windows\System\kKlWpTV.exe
  C:\Windows\System\kKlWpTV.exe
  2⤵
  PID:4152
- C:\Windows\System\bxYFVTQ.exe
  C:\Windows\System\bxYFVTQ.exe
  2⤵
  PID:4644
- C:\Windows\System\SIXgWcE.exe
  C:\Windows\System\SIXgWcE.exe
  2⤵
  PID:2208
- C:\Windows\System\VrOFxjY.exe
  C:\Windows\System\VrOFxjY.exe
  2⤵
  PID:3248
- C:\Windows\System\oAaRlrL.exe
  C:\Windows\System\oAaRlrL.exe
  2⤵
  PID:3688
- C:\Windows\System\ogebUvd.exe
  C:\Windows\System\ogebUvd.exe
  2⤵
  PID:3084
- C:\Windows\System\tcBfrhi.exe
  C:\Windows\System\tcBfrhi.exe
  2⤵
  PID:3328
- C:\Windows\System\tVOFhYM.exe
  C:\Windows\System\tVOFhYM.exe
  2⤵
  PID:3468
- C:\Windows\System\TNjPZeY.exe
  C:\Windows\System\TNjPZeY.exe
  2⤵
  PID:1020
- C:\Windows\System\EXsxusW.exe
  C:\Windows\System\EXsxusW.exe
  2⤵
  PID:2292
- C:\Windows\System\eaIsjjs.exe
  C:\Windows\System\eaIsjjs.exe
  2⤵
  PID:5132
- C:\Windows\System\GSpdPlm.exe
  C:\Windows\System\GSpdPlm.exe
  2⤵
  PID:5160
- C:\Windows\System\HselUEY.exe
  C:\Windows\System\HselUEY.exe
  2⤵
  PID:5188
- C:\Windows\System\KfzRSrX.exe
  C:\Windows\System\KfzRSrX.exe
  2⤵
  PID:5216
- C:\Windows\System\mizoCOj.exe
  C:\Windows\System\mizoCOj.exe
  2⤵
  PID:5240
- C:\Windows\System\rktswsa.exe
  C:\Windows\System\rktswsa.exe
  2⤵
  PID:5272
- C:\Windows\System\DSBkOJU.exe
  C:\Windows\System\DSBkOJU.exe
  2⤵
  PID:5300
- C:\Windows\System\nnOJvRQ.exe
  C:\Windows\System\nnOJvRQ.exe
  2⤵
  PID:5324
- C:\Windows\System\dmJLygI.exe
  C:\Windows\System\dmJLygI.exe
  2⤵
  PID:5352
- C:\Windows\System\kvgmUmI.exe
  C:\Windows\System\kvgmUmI.exe
  2⤵
  PID:5380
- C:\Windows\System\Xuefmay.exe
  C:\Windows\System\Xuefmay.exe
  2⤵
  PID:5412
- C:\Windows\System\BdMjKtq.exe
  C:\Windows\System\BdMjKtq.exe
  2⤵
  PID:5440
- C:\Windows\System\zlrUOOW.exe
  C:\Windows\System\zlrUOOW.exe
  2⤵
  PID:5468
- C:\Windows\System\XEOSxgW.exe
  C:\Windows\System\XEOSxgW.exe
  2⤵
  PID:5492
- C:\Windows\System\qVtTMzc.exe
  C:\Windows\System\qVtTMzc.exe
  2⤵
  PID:5524
- C:\Windows\System\NVoURUd.exe
  C:\Windows\System\NVoURUd.exe
  2⤵
  PID:5552
- C:\Windows\System\AJmcFkP.exe
  C:\Windows\System\AJmcFkP.exe
  2⤵
  PID:5580
- C:\Windows\System\DHXjRQn.exe
  C:\Windows\System\DHXjRQn.exe
  2⤵
  PID:5608
- C:\Windows\System\WgojLes.exe
  C:\Windows\System\WgojLes.exe
  2⤵
  PID:5636
- C:\Windows\System\OqgUVcy.exe
  C:\Windows\System\OqgUVcy.exe
  2⤵
  PID:5660
- C:\Windows\System\CYxNqsL.exe
  C:\Windows\System\CYxNqsL.exe
  2⤵
  PID:5692
- C:\Windows\System\bfkIHuq.exe
  C:\Windows\System\bfkIHuq.exe
  2⤵
  PID:5768
- C:\Windows\System\gHORbRH.exe
  C:\Windows\System\gHORbRH.exe
  2⤵
  PID:5788
- C:\Windows\System\CbYjaLl.exe
  C:\Windows\System\CbYjaLl.exe
  2⤵
  PID:5804
- C:\Windows\System\YbKImzk.exe
  C:\Windows\System\YbKImzk.exe
  2⤵
  PID:5864
- C:\Windows\System\LEdVeHt.exe
  C:\Windows\System\LEdVeHt.exe
  2⤵
  PID:5884
- C:\Windows\System\RZmSZBR.exe
  C:\Windows\System\RZmSZBR.exe
  2⤵
  PID:5908
- C:\Windows\System\UCwKYZg.exe
  C:\Windows\System\UCwKYZg.exe
  2⤵
  PID:5972
- C:\Windows\System\iDjnZOF.exe
  C:\Windows\System\iDjnZOF.exe
  2⤵
  PID:5992
- C:\Windows\System\eXDqIqn.exe
  C:\Windows\System\eXDqIqn.exe
  2⤵
  PID:6028
- C:\Windows\System\MekYsHS.exe
  C:\Windows\System\MekYsHS.exe
  2⤵
  PID:6056
- C:\Windows\System\RGibxaY.exe
  C:\Windows\System\RGibxaY.exe
  2⤵
  PID:6076
- C:\Windows\System\KZxejgK.exe
  C:\Windows\System\KZxejgK.exe
  2⤵
  PID:6096
- C:\Windows\System\ZYOEOYb.exe
  C:\Windows\System\ZYOEOYb.exe
  2⤵
  PID:6128
- C:\Windows\System\rcRnvmz.exe
  C:\Windows\System\rcRnvmz.exe
  2⤵
  PID:2544
- C:\Windows\System\GhjKZll.exe
  C:\Windows\System\GhjKZll.exe
  2⤵
  PID:2884
- C:\Windows\System\pnykfyV.exe
  C:\Windows\System\pnykfyV.exe
  2⤵
  PID:4588
- C:\Windows\System\RodaEbM.exe
  C:\Windows\System\RodaEbM.exe
  2⤵
  PID:5176
- C:\Windows\System\vuFLzjh.exe
  C:\Windows\System\vuFLzjh.exe
  2⤵
  PID:5228
- C:\Windows\System\zNukOGr.exe
  C:\Windows\System\zNukOGr.exe
  2⤵
  PID:2688
- C:\Windows\System\swvuMDz.exe
  C:\Windows\System\swvuMDz.exe
  2⤵
  PID:4424
- C:\Windows\System\NgiBqTM.exe
  C:\Windows\System\NgiBqTM.exe
  2⤵
  PID:5340
- C:\Windows\System\dVYAMXS.exe
  C:\Windows\System\dVYAMXS.exe
  2⤵
  PID:5376
- C:\Windows\System\PsvLPaX.exe
  C:\Windows\System\PsvLPaX.exe
  2⤵
  PID:5432
- C:\Windows\System\GhfbsKY.exe
  C:\Windows\System\GhfbsKY.exe
  2⤵
  PID:5460
- C:\Windows\System\mjBshwL.exe
  C:\Windows\System\mjBshwL.exe
  2⤵
  PID:5508
- C:\Windows\System\xEiCfnC.exe
  C:\Windows\System\xEiCfnC.exe
  2⤵
  PID:5540
- C:\Windows\System\TLwLLia.exe
  C:\Windows\System\TLwLLia.exe
  2⤵
  PID:3696
- C:\Windows\System\JdWHInl.exe
  C:\Windows\System\JdWHInl.exe
  2⤵
  PID:3336
- C:\Windows\System\pJDWxyk.exe
  C:\Windows\System\pJDWxyk.exe
  2⤵
  PID:1424
- C:\Windows\System\ygXrRUL.exe
  C:\Windows\System\ygXrRUL.exe
  2⤵
  PID:540
- C:\Windows\System\ALYnbdo.exe
  C:\Windows\System\ALYnbdo.exe
  2⤵
  PID:4820
- C:\Windows\System\ajJBKLf.exe
  C:\Windows\System\ajJBKLf.exe
  2⤵
  PID:5028
- C:\Windows\System\yRDgKjI.exe
  C:\Windows\System\yRDgKjI.exe
  2⤵
  PID:8
- C:\Windows\System\rNEOpmK.exe
  C:\Windows\System\rNEOpmK.exe
  2⤵
  PID:4844
- C:\Windows\System\BILfeUw.exe
  C:\Windows\System\BILfeUw.exe
  2⤵
  PID:5780
- C:\Windows\System\UavHrYY.exe
  C:\Windows\System\UavHrYY.exe
  2⤵
  PID:5856
- C:\Windows\System\YCMsCjZ.exe
  C:\Windows\System\YCMsCjZ.exe
  2⤵
  PID:6004
- C:\Windows\System\vRYqlFB.exe
  C:\Windows\System\vRYqlFB.exe
  2⤵
  PID:5988
- C:\Windows\System\EBqukPx.exe
  C:\Windows\System\EBqukPx.exe
  2⤵
  PID:6044
- C:\Windows\System\EmTfweC.exe
  C:\Windows\System\EmTfweC.exe
  2⤵
  PID:6116
- C:\Windows\System\QtwKOtf.exe
  C:\Windows\System\QtwKOtf.exe
  2⤵
  PID:4408
- C:\Windows\System\MTURZOk.exe
  C:\Windows\System\MTURZOk.exe
  2⤵
  PID:3976
- C:\Windows\System\kGYHyPf.exe
  C:\Windows\System\kGYHyPf.exe
  2⤵
  PID:4664
- C:\Windows\System\cYKhnfE.exe
  C:\Windows\System\cYKhnfE.exe
  2⤵
  PID:5312
- C:\Windows\System\PtshZjl.exe
  C:\Windows\System\PtshZjl.exe
  2⤵
  PID:5424
- C:\Windows\System\ezMwnIm.exe
  C:\Windows\System\ezMwnIm.exe
  2⤵
  PID:5536
- C:\Windows\System\lInXOBr.exe
  C:\Windows\System\lInXOBr.exe
  2⤵
  PID:5620
- C:\Windows\System\KZAxKOD.exe
  C:\Windows\System\KZAxKOD.exe
  2⤵
  PID:412
- C:\Windows\System\Kodscvf.exe
  C:\Windows\System\Kodscvf.exe
  2⤵
  PID:2128
- C:\Windows\System\tdHpqTe.exe
  C:\Windows\System\tdHpqTe.exe
  2⤵
  PID:5204
- C:\Windows\System\MYwoCTM.exe
  C:\Windows\System\MYwoCTM.exe
  2⤵
  PID:6020
- C:\Windows\System\GoSWGeY.exe
  C:\Windows\System\GoSWGeY.exe
  2⤵
  PID:5984
- C:\Windows\System\mBOTZbC.exe
  C:\Windows\System\mBOTZbC.exe
  2⤵
  PID:860
- C:\Windows\System\ZGVbFIV.exe
  C:\Windows\System\ZGVbFIV.exe
  2⤵
  PID:5152
- C:\Windows\System\rRoGZEP.exe
  C:\Windows\System\rRoGZEP.exe
  2⤵
  PID:5264
- C:\Windows\System\hQYRaXy.exe
  C:\Windows\System\hQYRaXy.exe
  2⤵
  PID:2652
- C:\Windows\System\oXcEFIW.exe
  C:\Windows\System\oXcEFIW.exe
  2⤵
  PID:784
- C:\Windows\System\AdNYbwa.exe
  C:\Windows\System\AdNYbwa.exe
  2⤵
  PID:4540
- C:\Windows\System\ehNKqmN.exe
  C:\Windows\System\ehNKqmN.exe
  2⤵
  PID:3620
- C:\Windows\System\CPFipIS.exe
  C:\Windows\System\CPFipIS.exe
  2⤵
  PID:5932
- C:\Windows\System\teiWDQg.exe
  C:\Windows\System\teiWDQg.exe
  2⤵
  PID:2560
- C:\Windows\System\UEZEJWO.exe
  C:\Windows\System\UEZEJWO.exe
  2⤵
  PID:5452
- C:\Windows\System\mafdzvF.exe
  C:\Windows\System\mafdzvF.exe
  2⤵
  PID:6172
- C:\Windows\System\OVzFOwA.exe
  C:\Windows\System\OVzFOwA.exe
  2⤵
  PID:6188
- C:\Windows\System\iNoejdM.exe
  C:\Windows\System\iNoejdM.exe
  2⤵
  PID:6212
- C:\Windows\System\WgXJcHP.exe
  C:\Windows\System\WgXJcHP.exe
  2⤵
  PID:6256
- C:\Windows\System\bbouSHE.exe
  C:\Windows\System\bbouSHE.exe
  2⤵
  PID:6332
- C:\Windows\System\ZnUJoaD.exe
  C:\Windows\System\ZnUJoaD.exe
  2⤵
  PID:6352
- C:\Windows\System\aVSwIDa.exe
  C:\Windows\System\aVSwIDa.exe
  2⤵
  PID:6372
- C:\Windows\System\wRQWauv.exe
  C:\Windows\System\wRQWauv.exe
  2⤵
  PID:6392
- C:\Windows\System\nVCfANL.exe
  C:\Windows\System\nVCfANL.exe
  2⤵
  PID:6416
- C:\Windows\System\gqOXSRL.exe
  C:\Windows\System\gqOXSRL.exe
  2⤵
  PID:6440
- C:\Windows\System\QFLKNup.exe
  C:\Windows\System\QFLKNup.exe
  2⤵
  PID:6468
- C:\Windows\System\OQsfqLC.exe
  C:\Windows\System\OQsfqLC.exe
  2⤵
  PID:6500
- C:\Windows\System\RwwxjNx.exe
  C:\Windows\System\RwwxjNx.exe
  2⤵
  PID:6544
- C:\Windows\System\trKTpFL.exe
  C:\Windows\System\trKTpFL.exe
  2⤵
  PID:6568
- C:\Windows\System\ldWpbQE.exe
  C:\Windows\System\ldWpbQE.exe
  2⤵
  PID:6600
- C:\Windows\System\gEAnJYj.exe
  C:\Windows\System\gEAnJYj.exe
  2⤵
  PID:6616
- C:\Windows\System\qaSkPkN.exe
  C:\Windows\System\qaSkPkN.exe
  2⤵
  PID:6636
- C:\Windows\System\GVagpZR.exe
  C:\Windows\System\GVagpZR.exe
  2⤵
  PID:6688
- C:\Windows\System\CAhbHyi.exe
  C:\Windows\System\CAhbHyi.exe
  2⤵
  PID:6708
- C:\Windows\System\YzpHvcd.exe
  C:\Windows\System\YzpHvcd.exe
  2⤵
  PID:6728
- C:\Windows\System\yTVZkOx.exe
  C:\Windows\System\yTVZkOx.exe
  2⤵
  PID:6748
- C:\Windows\System\IdZwtEr.exe
  C:\Windows\System\IdZwtEr.exe
  2⤵
  PID:6776
- C:\Windows\System\HBrugcG.exe
  C:\Windows\System\HBrugcG.exe
  2⤵
  PID:6804
- C:\Windows\System\TwSzoOA.exe
  C:\Windows\System\TwSzoOA.exe
  2⤵
  PID:6836
- C:\Windows\System\pugNGsX.exe
  C:\Windows\System\pugNGsX.exe
  2⤵
  PID:6864
- C:\Windows\System\mlFxzUN.exe
  C:\Windows\System\mlFxzUN.exe
  2⤵
  PID:6908
- C:\Windows\System\WpsoWDO.exe
  C:\Windows\System\WpsoWDO.exe
  2⤵
  PID:6936
- C:\Windows\System\MpCQEFy.exe
  C:\Windows\System\MpCQEFy.exe
  2⤵
  PID:6952
- C:\Windows\System\BOwRWsd.exe
  C:\Windows\System\BOwRWsd.exe
  2⤵
  PID:6972
- C:\Windows\System\skUqvFA.exe
  C:\Windows\System\skUqvFA.exe
  2⤵
  PID:6992
- C:\Windows\System\RFkjHdy.exe
  C:\Windows\System\RFkjHdy.exe
  2⤵
  PID:7028
- C:\Windows\System\iZttmrj.exe
  C:\Windows\System\iZttmrj.exe
  2⤵
  PID:7068
- C:\Windows\System\NHyNYic.exe
  C:\Windows\System\NHyNYic.exe
  2⤵
  PID:7084
- C:\Windows\System\WjCAnUX.exe
  C:\Windows\System\WjCAnUX.exe
  2⤵
  PID:7108
- C:\Windows\System\zyjiNDr.exe
  C:\Windows\System\zyjiNDr.exe
  2⤵
  PID:7124
- C:\Windows\System\NUKcmEt.exe
  C:\Windows\System\NUKcmEt.exe
  2⤵
  PID:7152
- C:\Windows\System\ZdMUdqY.exe
  C:\Windows\System\ZdMUdqY.exe
  2⤵
  PID:4412
- C:\Windows\System\UgzfWCp.exe
  C:\Windows\System\UgzfWCp.exe
  2⤵
  PID:4272
- C:\Windows\System\TDruaTe.exe
  C:\Windows\System\TDruaTe.exe
  2⤵
  PID:5920
- C:\Windows\System\mlEOzGj.exe
  C:\Windows\System\mlEOzGj.exe
  2⤵
  PID:5720
- C:\Windows\System\mNKaAqv.exe
  C:\Windows\System\mNKaAqv.exe
  2⤵
  PID:6168
- C:\Windows\System\herNcXC.exe
  C:\Windows\System\herNcXC.exe
  2⤵
  PID:6200
- C:\Windows\System\BdZRfIz.exe
  C:\Windows\System\BdZRfIz.exe
  2⤵
  PID:6328
- C:\Windows\System\LJNhGox.exe
  C:\Windows\System\LJNhGox.exe
  2⤵
  PID:5928
- C:\Windows\System\YwBYdOL.exe
  C:\Windows\System\YwBYdOL.exe
  2⤵
  PID:6412
- C:\Windows\System\BSCyjKz.exe
  C:\Windows\System\BSCyjKz.exe
  2⤵
  PID:6584
- C:\Windows\System\RTkYRen.exe
  C:\Windows\System\RTkYRen.exe
  2⤵
  PID:6596
- C:\Windows\System\WIktEBs.exe
  C:\Windows\System\WIktEBs.exe
  2⤵
  PID:6716
- C:\Windows\System\utROIRE.exe
  C:\Windows\System\utROIRE.exe
  2⤵
  PID:6764
- C:\Windows\System\zaHptZb.exe
  C:\Windows\System\zaHptZb.exe
  2⤵
  PID:6816
- C:\Windows\System\BFMKlcF.exe
  C:\Windows\System\BFMKlcF.exe
  2⤵
  PID:6920
- C:\Windows\System\VICjGjx.exe
  C:\Windows\System\VICjGjx.exe
  2⤵
  PID:6896
- C:\Windows\System\aPBHERU.exe
  C:\Windows\System\aPBHERU.exe
  2⤵
  PID:6984
- C:\Windows\System\BGejsuq.exe
  C:\Windows\System\BGejsuq.exe
  2⤵
  PID:7040
- C:\Windows\System\hUlMEos.exe
  C:\Windows\System\hUlMEos.exe
  2⤵
  PID:7064
- C:\Windows\System\jsyGzPY.exe
  C:\Windows\System\jsyGzPY.exe
  2⤵
  PID:6184
- C:\Windows\System\QyEnRpJ.exe
  C:\Windows\System\QyEnRpJ.exe
  2⤵
  PID:6400
- C:\Windows\System\ntLhJLi.exe
  C:\Windows\System\ntLhJLi.exe
  2⤵
  PID:6432
- C:\Windows\System\EPuGiJH.exe
  C:\Windows\System\EPuGiJH.exe
  2⤵
  PID:6612
- C:\Windows\System\RjMKajb.exe
  C:\Windows\System\RjMKajb.exe
  2⤵
  PID:6628
- C:\Windows\System\wrVUvUo.exe
  C:\Windows\System\wrVUvUo.exe
  2⤵
  PID:6944
- C:\Windows\System\byqZimx.exe
  C:\Windows\System\byqZimx.exe
  2⤵
  PID:7052
- C:\Windows\System\bwkFcAw.exe
  C:\Windows\System\bwkFcAw.exe
  2⤵
  PID:7056
- C:\Windows\System\CjkLVyb.exe
  C:\Windows\System\CjkLVyb.exe
  2⤵
  PID:6112
- C:\Windows\System\FCgbXVW.exe
  C:\Windows\System\FCgbXVW.exe
  2⤵
  PID:6744
- C:\Windows\System\WlSPFNw.exe
  C:\Windows\System\WlSPFNw.exe
  2⤵
  PID:5828
- C:\Windows\System\sSoZYBM.exe
  C:\Windows\System\sSoZYBM.exe
  2⤵
  PID:7176
- C:\Windows\System\sBnhBjA.exe
  C:\Windows\System\sBnhBjA.exe
  2⤵
  PID:7196
- C:\Windows\System\heJMEfZ.exe
  C:\Windows\System\heJMEfZ.exe
  2⤵
  PID:7220
- C:\Windows\System\BkSsKvD.exe
  C:\Windows\System\BkSsKvD.exe
  2⤵
  PID:7240
- C:\Windows\System\GloRCzL.exe
  C:\Windows\System\GloRCzL.exe
  2⤵
  PID:7268
- C:\Windows\System\zczKpYY.exe
  C:\Windows\System\zczKpYY.exe
  2⤵
  PID:7320
- C:\Windows\System\ofTSZis.exe
  C:\Windows\System\ofTSZis.exe
  2⤵
  PID:7348
- C:\Windows\System\HyGHpQt.exe
  C:\Windows\System\HyGHpQt.exe
  2⤵
  PID:7368
- C:\Windows\System\wjqPHsV.exe
  C:\Windows\System\wjqPHsV.exe
  2⤵
  PID:7404
- C:\Windows\System\HKlLeCo.exe
  C:\Windows\System\HKlLeCo.exe
  2⤵
  PID:7424
- C:\Windows\System\epMVLcZ.exe
  C:\Windows\System\epMVLcZ.exe
  2⤵
  PID:7440
- C:\Windows\System\nFfuwNX.exe
  C:\Windows\System\nFfuwNX.exe
  2⤵
  PID:7468
- C:\Windows\System\BIzqfVs.exe
  C:\Windows\System\BIzqfVs.exe
  2⤵
  PID:7488
- C:\Windows\System\HSwCOKu.exe
  C:\Windows\System\HSwCOKu.exe
  2⤵
  PID:7512
- C:\Windows\System\EjJYblT.exe
  C:\Windows\System\EjJYblT.exe
  2⤵
  PID:7536
- C:\Windows\System\ThnzZJY.exe
  C:\Windows\System\ThnzZJY.exe
  2⤵
  PID:7576
- C:\Windows\System\ypAJyQh.exe
  C:\Windows\System\ypAJyQh.exe
  2⤵
  PID:7600
- C:\Windows\System\wINjvTn.exe
  C:\Windows\System\wINjvTn.exe
  2⤵
  PID:7620
- C:\Windows\System\esWVFyb.exe
  C:\Windows\System\esWVFyb.exe
  2⤵
  PID:7644
- C:\Windows\System\XVPnDQn.exe
  C:\Windows\System\XVPnDQn.exe
  2⤵
  PID:7664
- C:\Windows\System\CHpSZJk.exe
  C:\Windows\System\CHpSZJk.exe
  2⤵
  PID:7684
- C:\Windows\System\RRZekUr.exe
  C:\Windows\System\RRZekUr.exe
  2⤵
  PID:7736
- C:\Windows\System\lBqseUw.exe
  C:\Windows\System\lBqseUw.exe
  2⤵
  PID:7764
- C:\Windows\System\XQZDNHH.exe
  C:\Windows\System\XQZDNHH.exe
  2⤵
  PID:7784
- C:\Windows\System\qToGTzB.exe
  C:\Windows\System\qToGTzB.exe
  2⤵
  PID:7816
- C:\Windows\System\DatHtaX.exe
  C:\Windows\System\DatHtaX.exe
  2⤵
  PID:7852
- C:\Windows\System\TfqKkKY.exe
  C:\Windows\System\TfqKkKY.exe
  2⤵
  PID:7872
- C:\Windows\System\mPeCmoh.exe
  C:\Windows\System\mPeCmoh.exe
  2⤵
  PID:7940
- C:\Windows\System\yrewHLQ.exe
  C:\Windows\System\yrewHLQ.exe
  2⤵
  PID:7956
- C:\Windows\System\OldaFlm.exe
  C:\Windows\System\OldaFlm.exe
  2⤵
  PID:7992
- C:\Windows\System\hbgXKBG.exe
  C:\Windows\System\hbgXKBG.exe
  2⤵
  PID:8028
- C:\Windows\System\jaIaPkY.exe
  C:\Windows\System\jaIaPkY.exe
  2⤵
  PID:8052
- C:\Windows\System\aMrWgEY.exe
  C:\Windows\System\aMrWgEY.exe
  2⤵
  PID:8088
- C:\Windows\System\WTELMvN.exe
  C:\Windows\System\WTELMvN.exe
  2⤵
  PID:8108
- C:\Windows\System\BVfkrIA.exe
  C:\Windows\System\BVfkrIA.exe
  2⤵
  PID:8136
- C:\Windows\System\YmDwRyw.exe
  C:\Windows\System\YmDwRyw.exe
  2⤵
  PID:8152
- C:\Windows\System\bNkrsbX.exe
  C:\Windows\System\bNkrsbX.exe
  2⤵
  PID:8172
- C:\Windows\System\RGiFQsE.exe
  C:\Windows\System\RGiFQsE.exe
  2⤵
  PID:6488
- C:\Windows\System\fyBQFiu.exe
  C:\Windows\System\fyBQFiu.exe
  2⤵
  PID:7192
- C:\Windows\System\yEgKLUa.exe
  C:\Windows\System\yEgKLUa.exe
  2⤵
  PID:7280
- C:\Windows\System\BtqBxVK.exe
  C:\Windows\System\BtqBxVK.exe
  2⤵
  PID:7332
- C:\Windows\System\pDFdQnk.exe
  C:\Windows\System\pDFdQnk.exe
  2⤵
  PID:7412
- C:\Windows\System\GsHovJn.exe
  C:\Windows\System\GsHovJn.exe
  2⤵
  PID:7480
- C:\Windows\System\okjGALP.exe
  C:\Windows\System\okjGALP.exe
  2⤵
  PID:7532
- C:\Windows\System\QjCHwot.exe
  C:\Windows\System\QjCHwot.exe
  2⤵
  PID:7596
- C:\Windows\System\SjhicVR.exe
  C:\Windows\System\SjhicVR.exe
  2⤵
  PID:7680
- C:\Windows\System\VOsiNbv.exe
  C:\Windows\System\VOsiNbv.exe
  2⤵
  PID:7724
- C:\Windows\System\dansrBm.exe
  C:\Windows\System\dansrBm.exe
  2⤵
  PID:7752
- C:\Windows\System\SWPFSTp.exe
  C:\Windows\System\SWPFSTp.exe
  2⤵
  PID:7864
- C:\Windows\System\wLXyzRp.exe
  C:\Windows\System\wLXyzRp.exe
  2⤵
  PID:7900
- C:\Windows\System\MIPRMHU.exe
  C:\Windows\System\MIPRMHU.exe
  2⤵
  PID:7984
- C:\Windows\System\gUBMKlm.exe
  C:\Windows\System\gUBMKlm.exe
  2⤵
  PID:8024
- C:\Windows\System\ERTMaVu.exe
  C:\Windows\System\ERTMaVu.exe
  2⤵
  PID:8104
- C:\Windows\System\RQAgvmC.exe
  C:\Windows\System\RQAgvmC.exe
  2⤵
  PID:8116
- C:\Windows\System\kXfldIp.exe
  C:\Windows\System\kXfldIp.exe
  2⤵
  PID:8168
- C:\Windows\System\itHgOkd.exe
  C:\Windows\System\itHgOkd.exe
  2⤵
  PID:6552
- C:\Windows\System\Hsjbjha.exe
  C:\Windows\System\Hsjbjha.exe
  2⤵
  PID:7392
- C:\Windows\System\VMzOpht.exe
  C:\Windows\System\VMzOpht.exe
  2⤵
  PID:7628
- C:\Windows\System\ODWhKKv.exe
  C:\Windows\System\ODWhKKv.exe
  2⤵
  PID:7808
- C:\Windows\System\WZABHCH.exe
  C:\Windows\System\WZABHCH.exe
  2⤵
  PID:7952
- C:\Windows\System\hHHDglQ.exe
  C:\Windows\System\hHHDglQ.exe
  2⤵
  PID:8148
- C:\Windows\System\AHFeTzc.exe
  C:\Windows\System\AHFeTzc.exe
  2⤵
  PID:6348
- C:\Windows\System\eyeqfJo.exe
  C:\Windows\System\eyeqfJo.exe
  2⤵
  PID:7792
- C:\Windows\System\XbrpSOp.exe
  C:\Windows\System\XbrpSOp.exe
  2⤵
  PID:8124
- C:\Windows\System\JoEZSwi.exe
  C:\Windows\System\JoEZSwi.exe
  2⤵
  PID:7312
- C:\Windows\System\zqyzDqs.exe
  C:\Windows\System\zqyzDqs.exe
  2⤵
  PID:8196
- C:\Windows\System\TjduRfv.exe
  C:\Windows\System\TjduRfv.exe
  2⤵
  PID:8216
- C:\Windows\System\AEXYVCR.exe
  C:\Windows\System\AEXYVCR.exe
  2⤵
  PID:8244
- C:\Windows\System\DnDSdzT.exe
  C:\Windows\System\DnDSdzT.exe
  2⤵
  PID:8260
- C:\Windows\System\jIThHqa.exe
  C:\Windows\System\jIThHqa.exe
  2⤵
  PID:8344
- C:\Windows\System\piMuKGK.exe
  C:\Windows\System\piMuKGK.exe
  2⤵
  PID:8360
- C:\Windows\System\ipkWzLu.exe
  C:\Windows\System\ipkWzLu.exe
  2⤵
  PID:8384
- C:\Windows\System\bGNGlMu.exe
  C:\Windows\System\bGNGlMu.exe
  2⤵
  PID:8404
- C:\Windows\System\WlZcNPo.exe
  C:\Windows\System\WlZcNPo.exe
  2⤵
  PID:8444
- C:\Windows\System\rIhJZzg.exe
  C:\Windows\System\rIhJZzg.exe
  2⤵
  PID:8468
- C:\Windows\System\cnrKUDH.exe
  C:\Windows\System\cnrKUDH.exe
  2⤵
  PID:8492
- C:\Windows\System\SFBmZZz.exe
  C:\Windows\System\SFBmZZz.exe
  2⤵
  PID:8508
- C:\Windows\System\RSKldxJ.exe
  C:\Windows\System\RSKldxJ.exe
  2⤵
  PID:8528
- C:\Windows\System\BIfIDMn.exe
  C:\Windows\System\BIfIDMn.exe
  2⤵
  PID:8548
- C:\Windows\System\ZMPCIRn.exe
  C:\Windows\System\ZMPCIRn.exe
  2⤵
  PID:8580
- C:\Windows\System\waDcWdm.exe
  C:\Windows\System\waDcWdm.exe
  2⤵
  PID:8596
- C:\Windows\System\alZRUIj.exe
  C:\Windows\System\alZRUIj.exe
  2⤵
  PID:8640
- C:\Windows\System\TiNBtyQ.exe
  C:\Windows\System\TiNBtyQ.exe
  2⤵
  PID:8656
- C:\Windows\System\QpsvlZF.exe
  C:\Windows\System\QpsvlZF.exe
  2⤵
  PID:8700
- C:\Windows\System\uTNZsji.exe
  C:\Windows\System\uTNZsji.exe
  2⤵
  PID:8720
- C:\Windows\System\cwiDSrV.exe
  C:\Windows\System\cwiDSrV.exe
  2⤵
  PID:8764
- C:\Windows\System\QIDwCyH.exe
  C:\Windows\System\QIDwCyH.exe
  2⤵
  PID:8784
- C:\Windows\System\pQSfmHo.exe
  C:\Windows\System\pQSfmHo.exe
  2⤵
  PID:8804
- C:\Windows\System\rxDcIWX.exe
  C:\Windows\System\rxDcIWX.exe
  2⤵
  PID:8828
- C:\Windows\System\QLgLzkm.exe
  C:\Windows\System\QLgLzkm.exe
  2⤵
  PID:8868
- C:\Windows\System\JjqLQJL.exe
  C:\Windows\System\JjqLQJL.exe
  2⤵
  PID:8908
- C:\Windows\System\uGTzdNz.exe
  C:\Windows\System\uGTzdNz.exe
  2⤵
  PID:8936
- C:\Windows\System\fMubuaG.exe
  C:\Windows\System\fMubuaG.exe
  2⤵
  PID:8956
- C:\Windows\System\HSDmbEx.exe
  C:\Windows\System\HSDmbEx.exe
  2⤵
  PID:8988
- C:\Windows\System\DLhXkBB.exe
  C:\Windows\System\DLhXkBB.exe
  2⤵
  PID:9008
- C:\Windows\System\EfnAllf.exe
  C:\Windows\System\EfnAllf.exe
  2⤵
  PID:9032
- C:\Windows\System\gmfqUEa.exe
  C:\Windows\System\gmfqUEa.exe
  2⤵
  PID:9052
- C:\Windows\System\BKmnSsL.exe
  C:\Windows\System\BKmnSsL.exe
  2⤵
  PID:9072
- C:\Windows\System\ZXbrfOv.exe
  C:\Windows\System\ZXbrfOv.exe
  2⤵
  PID:9096
- C:\Windows\System\aZLTITx.exe
  C:\Windows\System\aZLTITx.exe
  2⤵
  PID:9120
- C:\Windows\System\UCCHxMP.exe
  C:\Windows\System\UCCHxMP.exe
  2⤵
  PID:9136
- C:\Windows\System\yCGcgaF.exe
  C:\Windows\System\yCGcgaF.exe
  2⤵
  PID:9160
- C:\Windows\System\yrAaTdU.exe
  C:\Windows\System\yrAaTdU.exe
  2⤵
  PID:8016
- C:\Windows\System\LjGbUNV.exe
  C:\Windows\System\LjGbUNV.exe
  2⤵
  PID:8228
- C:\Windows\System\XVTakwZ.exe
  C:\Windows\System\XVTakwZ.exe
  2⤵
  PID:8324
- C:\Windows\System\uGISWZE.exe
  C:\Windows\System\uGISWZE.exe
  2⤵
  PID:8356
- C:\Windows\System\zRDDvBG.exe
  C:\Windows\System\zRDDvBG.exe
  2⤵
  PID:8424
- C:\Windows\System\LGTWKmI.exe
  C:\Windows\System\LGTWKmI.exe
  2⤵
  PID:8516
- C:\Windows\System\fNZwuzH.exe
  C:\Windows\System\fNZwuzH.exe
  2⤵
  PID:8624
- C:\Windows\System\cscuXmC.exe
  C:\Windows\System\cscuXmC.exe
  2⤵
  PID:8676
- C:\Windows\System\zzaPcQE.exe
  C:\Windows\System\zzaPcQE.exe
  2⤵
  PID:8696
- C:\Windows\System\fDembVt.exe
  C:\Windows\System\fDembVt.exe
  2⤵
  PID:8824
- C:\Windows\System\BnWEdxH.exe
  C:\Windows\System\BnWEdxH.exe
  2⤵
  PID:8924
- C:\Windows\System\KmJLUxg.exe
  C:\Windows\System\KmJLUxg.exe
  2⤵
  PID:8952
- C:\Windows\System\TIWJktz.exe
  C:\Windows\System\TIWJktz.exe
  2⤵
  PID:8984
- C:\Windows\System\wHxPtxz.exe
  C:\Windows\System\wHxPtxz.exe
  2⤵
  PID:9092
- C:\Windows\System\EhBDDXD.exe
  C:\Windows\System\EhBDDXD.exe
  2⤵
  PID:9132
- C:\Windows\System\hmMFXZQ.exe
  C:\Windows\System\hmMFXZQ.exe
  2⤵
  PID:9168
- C:\Windows\System\yMikqqX.exe
  C:\Windows\System\yMikqqX.exe
  2⤵
  PID:8224
- C:\Windows\System\OGNmJmU.exe
  C:\Windows\System\OGNmJmU.exe
  2⤵
  PID:8460
- C:\Windows\System\oYAIBqe.exe
  C:\Windows\System\oYAIBqe.exe
  2⤵
  PID:8712
- C:\Windows\System\LlSjWEB.exe
  C:\Windows\System\LlSjWEB.exe
  2⤵
  PID:8800
- C:\Windows\System\dyQcAlV.exe
  C:\Windows\System\dyQcAlV.exe
  2⤵
  PID:8948
- C:\Windows\System\wFhztZW.exe
  C:\Windows\System\wFhztZW.exe
  2⤵
  PID:9104
- C:\Windows\System\BFAEyaf.exe
  C:\Windows\System\BFAEyaf.exe
  2⤵
  PID:9288
- C:\Windows\System\QWXINzR.exe
  C:\Windows\System\QWXINzR.exe
  2⤵
  PID:9304
- C:\Windows\System\SOPivzk.exe
  C:\Windows\System\SOPivzk.exe
  2⤵
  PID:9320
- C:\Windows\System\NHxmaPg.exe
  C:\Windows\System\NHxmaPg.exe
  2⤵
  PID:9340
- C:\Windows\System\AWQqoVR.exe
  C:\Windows\System\AWQqoVR.exe
  2⤵
  PID:9356
- C:\Windows\System\ijCduno.exe
  C:\Windows\System\ijCduno.exe
  2⤵
  PID:9372
- C:\Windows\System\GaiGdTA.exe
  C:\Windows\System\GaiGdTA.exe
  2⤵
  PID:9388
- C:\Windows\System\xgZtNrV.exe
  C:\Windows\System\xgZtNrV.exe
  2⤵
  PID:9404
- C:\Windows\System\sHpWoAX.exe
  C:\Windows\System\sHpWoAX.exe
  2⤵
  PID:9420
- C:\Windows\System\YfBmYgK.exe
  C:\Windows\System\YfBmYgK.exe
  2⤵
  PID:9436
- C:\Windows\System\wZBggEu.exe
  C:\Windows\System\wZBggEu.exe
  2⤵
  PID:9452
- C:\Windows\System\eKvszKn.exe
  C:\Windows\System\eKvszKn.exe
  2⤵
  PID:9468
- C:\Windows\System\xsglVGJ.exe
  C:\Windows\System\xsglVGJ.exe
  2⤵
  PID:9484
- C:\Windows\System\cDsGqmV.exe
  C:\Windows\System\cDsGqmV.exe
  2⤵
  PID:9500
- C:\Windows\System\qJkozKc.exe
  C:\Windows\System\qJkozKc.exe
  2⤵
  PID:9516
- C:\Windows\System\AlbqIHS.exe
  C:\Windows\System\AlbqIHS.exe
  2⤵
  PID:9532
- C:\Windows\System\vYdtCKD.exe
  C:\Windows\System\vYdtCKD.exe
  2⤵
  PID:9548
- C:\Windows\System\xIquzAP.exe
  C:\Windows\System\xIquzAP.exe
  2⤵
  PID:9564
- C:\Windows\System\MtdakKd.exe
  C:\Windows\System\MtdakKd.exe
  2⤵
  PID:9580
- C:\Windows\System\EwMnpFG.exe
  C:\Windows\System\EwMnpFG.exe
  2⤵
  PID:9596
- C:\Windows\System\FnJROTp.exe
  C:\Windows\System\FnJROTp.exe
  2⤵
  PID:9612
- C:\Windows\System\MGQUaHo.exe
  C:\Windows\System\MGQUaHo.exe
  2⤵
  PID:9640
- C:\Windows\System\wiSfEaV.exe
  C:\Windows\System\wiSfEaV.exe
  2⤵
  PID:9656
- C:\Windows\System\AaWIQBN.exe
  C:\Windows\System\AaWIQBN.exe
  2⤵
  PID:9744
- C:\Windows\System\GmjwesX.exe
  C:\Windows\System\GmjwesX.exe
  2⤵
  PID:9764
- C:\Windows\System\UBRsGeX.exe
  C:\Windows\System\UBRsGeX.exe
  2⤵
  PID:9780
- C:\Windows\System\tnwGDHj.exe
  C:\Windows\System\tnwGDHj.exe
  2⤵
  PID:9876
- C:\Windows\System\HHRjVmt.exe
  C:\Windows\System\HHRjVmt.exe
  2⤵
  PID:9896
- C:\Windows\System\oHdoyHm.exe
  C:\Windows\System\oHdoyHm.exe
  2⤵
  PID:10036
- C:\Windows\System\gRyAyRD.exe
  C:\Windows\System\gRyAyRD.exe
  2⤵
  PID:10056
- C:\Windows\System\tUTSQTp.exe
  C:\Windows\System\tUTSQTp.exe
  2⤵
  PID:10116
- C:\Windows\System\lRkBaJf.exe
  C:\Windows\System\lRkBaJf.exe
  2⤵
  PID:10160
- C:\Windows\System\keAqAkL.exe
  C:\Windows\System\keAqAkL.exe
  2⤵
  PID:10192
- C:\Windows\System\laSeMaX.exe
  C:\Windows\System\laSeMaX.exe
  2⤵
  PID:10220
- C:\Windows\System\ZbCYfQK.exe
  C:\Windows\System\ZbCYfQK.exe
  2⤵
  PID:9248
- C:\Windows\System\uGFcDaD.exe
  C:\Windows\System\uGFcDaD.exe
  2⤵
  PID:9208
- C:\Windows\System\YAmMdCm.exe
  C:\Windows\System\YAmMdCm.exe
  2⤵
  PID:8276
- C:\Windows\System\nNjoxwv.exe
  C:\Windows\System\nNjoxwv.exe
  2⤵
  PID:8564
- C:\Windows\System\yXdtrMu.exe
  C:\Windows\System\yXdtrMu.exe
  2⤵
  PID:9412
- C:\Windows\System\LvmykcH.exe
  C:\Windows\System\LvmykcH.exe
  2⤵
  PID:8980
- C:\Windows\System\mWCuJsj.exe
  C:\Windows\System\mWCuJsj.exe
  2⤵
  PID:9224
- C:\Windows\System\ywPtiEq.exe
  C:\Windows\System\ywPtiEq.exe
  2⤵
  PID:9240
- C:\Windows\System\QsLeRem.exe
  C:\Windows\System\QsLeRem.exe
  2⤵
  PID:9720
- C:\Windows\System\hGbuMCc.exe
  C:\Windows\System\hGbuMCc.exe
  2⤵
  PID:9332
- C:\Windows\System\sBAMjmr.exe
  C:\Windows\System\sBAMjmr.exe
  2⤵
  PID:9380
- C:\Windows\System\RQsJFuW.exe
  C:\Windows\System\RQsJFuW.exe
  2⤵
  PID:9496
- C:\Windows\System\udRudIt.exe
  C:\Windows\System\udRudIt.exe
  2⤵
  PID:9540
- C:\Windows\System\bAbrlDA.exe
  C:\Windows\System\bAbrlDA.exe
  2⤵
  PID:9592
- C:\Windows\System\zJWcySM.exe
  C:\Windows\System\zJWcySM.exe
  2⤵
  PID:9624
- C:\Windows\System\RfodEjC.exe
  C:\Windows\System\RfodEjC.exe
  2⤵
  PID:9952
- C:\Windows\System\EwAtDOm.exe
  C:\Windows\System\EwAtDOm.exe
  2⤵
  PID:10052
- C:\Windows\System\SHlrStT.exe
  C:\Windows\System\SHlrStT.exe
  2⤵
  PID:10020
- C:\Windows\System\HwsBvQv.exe
  C:\Windows\System\HwsBvQv.exe
  2⤵
  PID:10212
- C:\Windows\System\ftGEqDk.exe
  C:\Windows\System\ftGEqDk.exe
  2⤵
  PID:10208
- C:\Windows\System\alzZxfe.exe
  C:\Windows\System\alzZxfe.exe
  2⤵
  PID:8780
- C:\Windows\System\wxnrIgB.exe
  C:\Windows\System\wxnrIgB.exe
  2⤵
  PID:9652
- C:\Windows\System\JLiFWcc.exe
  C:\Windows\System\JLiFWcc.exe
  2⤵
  PID:9428
- C:\Windows\System\tGVdYkZ.exe
  C:\Windows\System\tGVdYkZ.exe
  2⤵
  PID:9232
- C:\Windows\System\HBQcrFC.exe
  C:\Windows\System\HBQcrFC.exe
  2⤵
  PID:9740
- C:\Windows\System\SqVzITX.exe
  C:\Windows\System\SqVzITX.exe
  2⤵
  PID:9776
- C:\Windows\System\XAwyYWY.exe
  C:\Windows\System\XAwyYWY.exe
  2⤵
  PID:9984
- C:\Windows\System\VWQJzSG.exe
  C:\Windows\System\VWQJzSG.exe
  2⤵
  PID:10144
- C:\Windows\System\VOMskfz.exe
  C:\Windows\System\VOMskfz.exe
  2⤵
  PID:10108
- C:\Windows\System\gExtUhf.exe
  C:\Windows\System\gExtUhf.exe
  2⤵
  PID:9296
- C:\Windows\System\FUeQHOG.exe
  C:\Windows\System\FUeQHOG.exe
  2⤵
  PID:8848
- C:\Windows\System\TLHAJsR.exe
  C:\Windows\System\TLHAJsR.exe
  2⤵
  PID:9772
- C:\Windows\System\cukAAqS.exe
  C:\Windows\System\cukAAqS.exe
  2⤵
  PID:9524
- C:\Windows\System\jlWWsQs.exe
  C:\Windows\System\jlWWsQs.exe
  2⤵
  PID:10252
- C:\Windows\System\yobAXki.exe
  C:\Windows\System\yobAXki.exe
  2⤵
  PID:10272
- C:\Windows\System\LslVFVr.exe
  C:\Windows\System\LslVFVr.exe
  2⤵
  PID:10292
- C:\Windows\System\iDwaAPZ.exe
  C:\Windows\System\iDwaAPZ.exe
  2⤵
  PID:10312
- C:\Windows\System\NNGLmia.exe
  C:\Windows\System\NNGLmia.exe
  2⤵
  PID:10332
- C:\Windows\System\Sxkslsb.exe
  C:\Windows\System\Sxkslsb.exe
  2⤵
  PID:10384
- C:\Windows\System\BAFfMmn.exe
  C:\Windows\System\BAFfMmn.exe
  2⤵
  PID:10404
- C:\Windows\System\xoJaiwM.exe
  C:\Windows\System\xoJaiwM.exe
  2⤵
  PID:10440
- C:\Windows\System\OVstmyv.exe
  C:\Windows\System\OVstmyv.exe
  2⤵
  PID:10480
- C:\Windows\System\xeiKoPN.exe
  C:\Windows\System\xeiKoPN.exe
  2⤵
  PID:10500
- C:\Windows\System\xJLNLcg.exe
  C:\Windows\System\xJLNLcg.exe
  2⤵
  PID:10528
- C:\Windows\System\BsFFbqq.exe
  C:\Windows\System\BsFFbqq.exe
  2⤵
  PID:10552
- C:\Windows\System\WkGcZJq.exe
  C:\Windows\System\WkGcZJq.exe
  2⤵
  PID:10572
- C:\Windows\System\hBLnZDC.exe
  C:\Windows\System\hBLnZDC.exe
  2⤵
  PID:10596
- C:\Windows\System\hdTHwWh.exe
  C:\Windows\System\hdTHwWh.exe
  2⤵
  PID:10612
- C:\Windows\System\WbPApto.exe
  C:\Windows\System\WbPApto.exe
  2⤵
  PID:10648
- C:\Windows\System\jLmMhhU.exe
  C:\Windows\System\jLmMhhU.exe
  2⤵
  PID:10700
- C:\Windows\System\kAvqbbJ.exe
  C:\Windows\System\kAvqbbJ.exe
  2⤵
  PID:10728
- C:\Windows\System\jfPEZoD.exe
  C:\Windows\System\jfPEZoD.exe
  2⤵
  PID:10752
- C:\Windows\System\NVgUBLK.exe
  C:\Windows\System\NVgUBLK.exe
  2⤵
  PID:10772
- C:\Windows\System\faGeUSP.exe
  C:\Windows\System\faGeUSP.exe
  2⤵
  PID:10800
- C:\Windows\System\jTOxrmX.exe
  C:\Windows\System\jTOxrmX.exe
  2⤵
  PID:10828
- C:\Windows\System\gtdsFNM.exe
  C:\Windows\System\gtdsFNM.exe
  2⤵
  PID:10848
- C:\Windows\System\deYRpdd.exe
  C:\Windows\System\deYRpdd.exe
  2⤵
  PID:10868
- C:\Windows\System\RTxWrBd.exe
  C:\Windows\System\RTxWrBd.exe
  2⤵
  PID:10892
- C:\Windows\System\nyHNBer.exe
  C:\Windows\System\nyHNBer.exe
  2⤵
  PID:10940
- C:\Windows\System\mmgzpgZ.exe
  C:\Windows\System\mmgzpgZ.exe
  2⤵
  PID:10988
- C:\Windows\System\xEadlWz.exe
  C:\Windows\System\xEadlWz.exe
  2⤵
  PID:11012
- C:\Windows\System\DFcsfTg.exe
  C:\Windows\System\DFcsfTg.exe
  2⤵
  PID:11028
- C:\Windows\System\ejvYwrk.exe
  C:\Windows\System\ejvYwrk.exe
  2⤵
  PID:11048
- C:\Windows\System\zISgPxh.exe
  C:\Windows\System\zISgPxh.exe
  2⤵
  PID:11096
- C:\Windows\System\cIjezFo.exe
  C:\Windows\System\cIjezFo.exe
  2⤵
  PID:11124
- C:\Windows\System\svgYOHm.exe
  C:\Windows\System\svgYOHm.exe
  2⤵
  PID:11152
- C:\Windows\System\IGRLSuo.exe
  C:\Windows\System\IGRLSuo.exe
  2⤵
  PID:11168
- C:\Windows\System\zInDpas.exe
  C:\Windows\System\zInDpas.exe
  2⤵
  PID:11192
- C:\Windows\System\oJsigfo.exe
  C:\Windows\System\oJsigfo.exe
  2⤵
  PID:11212
- C:\Windows\System\mKQjZWT.exe
  C:\Windows\System\mKQjZWT.exe
  2⤵
  PID:11232
- C:\Windows\System\QjoIDNT.exe
  C:\Windows\System\QjoIDNT.exe
  2⤵
  PID:10324
- C:\Windows\System\AAxyLWW.exe
  C:\Windows\System\AAxyLWW.exe
  2⤵
  PID:10288
- C:\Windows\System\dVNPYVn.exe
  C:\Windows\System\dVNPYVn.exe
  2⤵
  PID:10400
- C:\Windows\System\saEdGQS.exe
  C:\Windows\System\saEdGQS.exe
  2⤵
  PID:10456
- C:\Windows\System\MOcDzBK.exe
  C:\Windows\System\MOcDzBK.exe
  2⤵
  PID:10516
- C:\Windows\System\DLjBcYe.exe
  C:\Windows\System\DLjBcYe.exe
  2⤵
  PID:10604
- C:\Windows\System\RbETfAk.exe
  C:\Windows\System\RbETfAk.exe
  2⤵
  PID:10680
- C:\Windows\System\fzSWgGl.exe
  C:\Windows\System\fzSWgGl.exe
  2⤵
  PID:10748
- C:\Windows\System\bjBUhRh.exe
  C:\Windows\System\bjBUhRh.exe
  2⤵
  PID:10796
- C:\Windows\System\gRavILS.exe
  C:\Windows\System\gRavILS.exe
  2⤵
  PID:10836
- C:\Windows\System\zdBwSrm.exe
  C:\Windows\System\zdBwSrm.exe
  2⤵
  PID:10924
- C:\Windows\System\GAznLZl.exe
  C:\Windows\System\GAznLZl.exe
  2⤵
  PID:10948
- C:\Windows\System\MdqTLNc.exe
  C:\Windows\System\MdqTLNc.exe
  2⤵
  PID:11020
- C:\Windows\System\WkuvxTJ.exe
  C:\Windows\System\WkuvxTJ.exe
  2⤵
  PID:11084
- C:\Windows\System\SpGwWxs.exe
  C:\Windows\System\SpGwWxs.exe
  2⤵
  PID:11164
- C:\Windows\System\OMykEYW.exe
  C:\Windows\System\OMykEYW.exe
  2⤵
  PID:11160
- C:\Windows\System\ueEygKF.exe
  C:\Windows\System\ueEygKF.exe
  2⤵
  PID:11260
- C:\Windows\System\mZoAVHH.exe
  C:\Windows\System\mZoAVHH.exe
  2⤵
  PID:10372
- C:\Windows\System\qGqpBjj.exe
  C:\Windows\System\qGqpBjj.exe
  2⤵
  PID:10536
- C:\Windows\System\DnCkJsB.exe
  C:\Windows\System\DnCkJsB.exe
  2⤵
  PID:10640
- C:\Windows\System\ehERbcD.exe
  C:\Windows\System\ehERbcD.exe
  2⤵
  PID:10788
- C:\Windows\System\YgWMAau.exe
  C:\Windows\System\YgWMAau.exe
  2⤵
  PID:10860
- C:\Windows\System\ZRaiLGR.exe
  C:\Windows\System\ZRaiLGR.exe
  2⤵
  PID:11204
- C:\Windows\System\fTuFvgp.exe
  C:\Windows\System\fTuFvgp.exe
  2⤵
  PID:10304
- C:\Windows\System\RqnIjvN.exe
  C:\Windows\System\RqnIjvN.exe
  2⤵
  PID:10660
- C:\Windows\System\MSoMHVN.exe
  C:\Windows\System\MSoMHVN.exe
  2⤵
  PID:11008
- C:\Windows\System\FrwuGJJ.exe
  C:\Windows\System\FrwuGJJ.exe
  2⤵
  PID:10436
- C:\Windows\System\xxbdRhW.exe
  C:\Windows\System\xxbdRhW.exe
  2⤵
  PID:11268
- C:\Windows\System\WbJnaBJ.exe
  C:\Windows\System\WbJnaBJ.exe
  2⤵
  PID:11300
- C:\Windows\System\PZXaxyL.exe
  C:\Windows\System\PZXaxyL.exe
  2⤵
  PID:11316
- C:\Windows\System\GuxZtfh.exe
  C:\Windows\System\GuxZtfh.exe
  2⤵
  PID:11344
- C:\Windows\System\cKCKXHE.exe
  C:\Windows\System\cKCKXHE.exe
  2⤵
  PID:11380
- C:\Windows\System\omASEdn.exe
  C:\Windows\System\omASEdn.exe
  2⤵
  PID:11404
- C:\Windows\System\bTzcKQT.exe
  C:\Windows\System\bTzcKQT.exe
  2⤵
  PID:11436
- C:\Windows\System\FPJxlan.exe
  C:\Windows\System\FPJxlan.exe
  2⤵
  PID:11468
- C:\Windows\System\vDLlMBX.exe
  C:\Windows\System\vDLlMBX.exe
  2⤵
  PID:11504
- C:\Windows\System\MNYDFdf.exe
  C:\Windows\System\MNYDFdf.exe
  2⤵
  PID:11524
- C:\Windows\System\kUaFFjY.exe
  C:\Windows\System\kUaFFjY.exe
  2⤵
  PID:11572
- C:\Windows\System\ERrmRGV.exe
  C:\Windows\System\ERrmRGV.exe
  2⤵
  PID:11592
- C:\Windows\System\KeafGhY.exe
  C:\Windows\System\KeafGhY.exe
  2⤵
  PID:11612
- C:\Windows\System\YQzscYA.exe
  C:\Windows\System\YQzscYA.exe
  2⤵
  PID:11636
- C:\Windows\System\yLmjzZT.exe
  C:\Windows\System\yLmjzZT.exe
  2⤵
  PID:11664
- C:\Windows\System\PkoEvnE.exe
  C:\Windows\System\PkoEvnE.exe
  2⤵
  PID:11692
- C:\Windows\System\rcmIYNW.exe
  C:\Windows\System\rcmIYNW.exe
  2⤵
  PID:11712
- C:\Windows\System\CyJZZCX.exe
  C:\Windows\System\CyJZZCX.exe
  2⤵
  PID:11732
- C:\Windows\System\uwNZQEr.exe
  C:\Windows\System\uwNZQEr.exe
  2⤵
  PID:11760
- C:\Windows\System\EdfVkza.exe
  C:\Windows\System\EdfVkza.exe
  2⤵
  PID:11808
- C:\Windows\System\wfjGQWS.exe
  C:\Windows\System\wfjGQWS.exe
  2⤵
  PID:11840
- C:\Windows\System\lmLiOEI.exe
  C:\Windows\System\lmLiOEI.exe
  2⤵
  PID:11868
- C:\Windows\System\RqvbTYJ.exe
  C:\Windows\System\RqvbTYJ.exe
  2⤵
  PID:11888
- C:\Windows\System\IZYsTKJ.exe
  C:\Windows\System\IZYsTKJ.exe
  2⤵
  PID:11912
- C:\Windows\System\cGooLFq.exe
  C:\Windows\System\cGooLFq.exe
  2⤵
  PID:11940
- C:\Windows\System\UwpXhXR.exe
  C:\Windows\System\UwpXhXR.exe
  2⤵
  PID:11996
- C:\Windows\System\zIWKVxx.exe
  C:\Windows\System\zIWKVxx.exe
  2⤵
  PID:12016
- C:\Windows\System\dRzaJYs.exe
  C:\Windows\System\dRzaJYs.exe
  2⤵
  PID:12052
- C:\Windows\System\nMgkAuM.exe
  C:\Windows\System\nMgkAuM.exe
  2⤵
  PID:12080
- C:\Windows\System\tWcsPyN.exe
  C:\Windows\System\tWcsPyN.exe
  2⤵
  PID:12104
- C:\Windows\System\GANaRoT.exe
  C:\Windows\System\GANaRoT.exe
  2⤵
  PID:12124
- C:\Windows\System\HUXlvMo.exe
  C:\Windows\System\HUXlvMo.exe
  2⤵
  PID:12140
- C:\Windows\System\zqIiJld.exe
  C:\Windows\System\zqIiJld.exe
  2⤵
  PID:12164
- C:\Windows\System\RdkCYMv.exe
  C:\Windows\System\RdkCYMv.exe
  2⤵
  PID:12184
- C:\Windows\System\eTcWtaX.exe
  C:\Windows\System\eTcWtaX.exe
  2⤵
  PID:12208
- C:\Windows\System\vFlqldC.exe
  C:\Windows\System\vFlqldC.exe
  2⤵
  PID:12228
- C:\Windows\System\EUvMCOB.exe
  C:\Windows\System\EUvMCOB.exe
  2⤵
  PID:11288
- C:\Windows\System\OmDOsWm.exe
  C:\Windows\System\OmDOsWm.exe
  2⤵
  PID:11356
- C:\Windows\System\GiaBWQm.exe
  C:\Windows\System\GiaBWQm.exe
  2⤵
  PID:11312
- C:\Windows\System\NSrFDal.exe
  C:\Windows\System\NSrFDal.exe
  2⤵
  PID:11396
- C:\Windows\System\zMovrtU.exe
  C:\Windows\System\zMovrtU.exe
  2⤵
  PID:11484
- C:\Windows\System\qnsDQPv.exe
  C:\Windows\System\qnsDQPv.exe
  2⤵
  PID:11536
- C:\Windows\System\otdREEj.exe
  C:\Windows\System\otdREEj.exe
  2⤵
  PID:11620
- C:\Windows\System\JERgnEe.exe
  C:\Windows\System\JERgnEe.exe
  2⤵
  PID:11672
- C:\Windows\System\BFBFQvX.exe
  C:\Windows\System\BFBFQvX.exe
  2⤵
  PID:11728
- C:\Windows\System\AIhmKkB.exe
  C:\Windows\System\AIhmKkB.exe
  2⤵
  PID:11788
- C:\Windows\System\fcqtikd.exe
  C:\Windows\System\fcqtikd.exe
  2⤵
  PID:11824
- C:\Windows\System\xralPVH.exe
  C:\Windows\System\xralPVH.exe
  2⤵
  PID:11884
- C:\Windows\System\uIOXgBP.exe
  C:\Windows\System\uIOXgBP.exe
  2⤵
  PID:11980
- C:\Windows\System\vGTfvhT.exe
  C:\Windows\System\vGTfvhT.exe
  2⤵
  PID:12072
- C:\Windows\System\vczHVSF.exe
  C:\Windows\System\vczHVSF.exe
  2⤵
  PID:12136
- C:\Windows\System\zqXHVci.exe
  C:\Windows\System\zqXHVci.exe
  2⤵
  PID:12196
- C:\Windows\System\qrgekLE.exe
  C:\Windows\System\qrgekLE.exe
  2⤵
  PID:11240
- C:\Windows\System\oYoyZId.exe
  C:\Windows\System\oYoyZId.exe
  2⤵
  PID:11464
- C:\Windows\System\LdpLAuz.exe
  C:\Windows\System\LdpLAuz.exe
  2⤵
  PID:11500
- C:\Windows\System\onszgeJ.exe
  C:\Windows\System\onszgeJ.exe
  2⤵
  PID:11708
- C:\Windows\System\pbNbFOn.exe
  C:\Windows\System\pbNbFOn.exe
  2⤵
  PID:11704
- C:\Windows\System\XNUWzYs.exe
  C:\Windows\System\XNUWzYs.exe
  2⤵
  PID:11880
- C:\Windows\System\mKbEzQW.exe
  C:\Windows\System\mKbEzQW.exe
  2⤵
  PID:12156
- C:\Windows\System\CdRTlZu.exe
  C:\Windows\System\CdRTlZu.exe
  2⤵
  PID:11280
- C:\Windows\System\NHtKndl.exe
  C:\Windows\System\NHtKndl.exe
  2⤵
  PID:11628
- C:\Windows\System\uWgaFwH.exe
  C:\Windows\System\uWgaFwH.exe
  2⤵
  PID:10740
- C:\Windows\System\drnbsek.exe
  C:\Windows\System\drnbsek.exe
  2⤵
  PID:12192
- C:\Windows\System\FrAGhdO.exe
  C:\Windows\System\FrAGhdO.exe
  2⤵
  PID:11552
- C:\Windows\System\trnftyd.exe
  C:\Windows\System\trnftyd.exe
  2⤵
  PID:12304
- C:\Windows\System\ltMcaMF.exe
  C:\Windows\System\ltMcaMF.exe
  2⤵
  PID:12328
- C:\Windows\System\Vnlgdpo.exe
  C:\Windows\System\Vnlgdpo.exe
  2⤵
  PID:12384
- C:\Windows\System\vTKPQkF.exe
  C:\Windows\System\vTKPQkF.exe
  2⤵
  PID:12412
- C:\Windows\System\FKuaArB.exe
  C:\Windows\System\FKuaArB.exe
  2⤵
  PID:12432
- C:\Windows\System\jQKjyGK.exe
  C:\Windows\System\jQKjyGK.exe
  2⤵
  PID:12492
- C:\Windows\System\hgSbrOD.exe
  C:\Windows\System\hgSbrOD.exe
  2⤵
  PID:12508
- C:\Windows\System\oPVSJKM.exe
  C:\Windows\System\oPVSJKM.exe
  2⤵
  PID:12536
- C:\Windows\System\RmrdAFD.exe
  C:\Windows\System\RmrdAFD.exe
  2⤵
  PID:12552
- C:\Windows\System\WPSKqCa.exe
  C:\Windows\System\WPSKqCa.exe
  2⤵
  PID:12588
- C:\Windows\System\GTwePEu.exe
  C:\Windows\System\GTwePEu.exe
  2⤵
  PID:12608
- C:\Windows\System\AIbGDNb.exe
  C:\Windows\System\AIbGDNb.exe
  2⤵
  PID:12640
- C:\Windows\System\eFUXwoz.exe
  C:\Windows\System\eFUXwoz.exe
  2⤵
  PID:12668
- C:\Windows\System\zSIoclz.exe
  C:\Windows\System\zSIoclz.exe
  2⤵
  PID:12696
- C:\Windows\System\PsSpFct.exe
  C:\Windows\System\PsSpFct.exe
  2⤵
  PID:12720
- C:\Windows\System\yqdFayz.exe
  C:\Windows\System\yqdFayz.exe
  2⤵
  PID:12772
- C:\Windows\System\sKIzOSk.exe
  C:\Windows\System\sKIzOSk.exe
  2⤵
  PID:12792
- C:\Windows\System\DTKxjfj.exe
  C:\Windows\System\DTKxjfj.exe
  2⤵
  PID:12828
- C:\Windows\System\HWPPnVx.exe
  C:\Windows\System\HWPPnVx.exe
  2⤵
  PID:12848
- C:\Windows\System\zkclDYi.exe
  C:\Windows\System\zkclDYi.exe
  2⤵
  PID:12884
- C:\Windows\System\IQPCFkX.exe
  C:\Windows\System\IQPCFkX.exe
  2⤵
  PID:12916
- C:\Windows\System\rvuygpg.exe
  C:\Windows\System\rvuygpg.exe
  2⤵
  PID:12940
- C:\Windows\System\HWedswW.exe
  C:\Windows\System\HWedswW.exe
  2⤵
  PID:12960
- C:\Windows\System\uMXJmtO.exe
  C:\Windows\System\uMXJmtO.exe
  2⤵
  PID:12992
- C:\Windows\System\sjnteQR.exe
  C:\Windows\System\sjnteQR.exe
  2⤵
  PID:13016
- C:\Windows\System\dbLedGt.exe
  C:\Windows\System\dbLedGt.exe
  2⤵
  PID:13040
- C:\Windows\System\rWvvhYK.exe
  C:\Windows\System\rWvvhYK.exe
  2⤵
  PID:13056
- C:\Windows\System\vZBHcrp.exe
  C:\Windows\System\vZBHcrp.exe
  2⤵
  PID:13100
- C:\Windows\System\uwcGWAQ.exe
  C:\Windows\System\uwcGWAQ.exe
  2⤵
  PID:13116
- C:\Windows\System\dLnhMBZ.exe
  C:\Windows\System\dLnhMBZ.exe
  2⤵
  PID:13144
- C:\Windows\System\haZuVbc.exe
  C:\Windows\System\haZuVbc.exe
  2⤵
  PID:13172
- C:\Windows\System\URjZDqy.exe
  C:\Windows\System\URjZDqy.exe
  2⤵
  PID:13200
- C:\Windows\System\jsrICyv.exe
  C:\Windows\System\jsrICyv.exe
  2⤵
  PID:13224
- C:\Windows\System\qzeDaMI.exe
  C:\Windows\System\qzeDaMI.exe
  2⤵
  PID:13244
- C:\Windows\System\YPMXaET.exe
  C:\Windows\System\YPMXaET.exe
  2⤵
  PID:13268
- C:\Windows\System\WjwSAMo.exe
  C:\Windows\System\WjwSAMo.exe
  2⤵
  PID:13288
- C:\Windows\System\IDMHUYM.exe
  C:\Windows\System\IDMHUYM.exe
  2⤵
  PID:11720
- C:\Windows\System\GMsnoyN.exe
  C:\Windows\System\GMsnoyN.exe
  2⤵
  PID:12336
- C:\Windows\System\xurcESF.exe
  C:\Windows\System\xurcESF.exe
  2⤵
  PID:12408
- C:\Windows\System\nwAYnVI.exe
  C:\Windows\System\nwAYnVI.exe
  2⤵
  PID:12464
- C:\Windows\System\fQhsjzB.exe
  C:\Windows\System\fQhsjzB.exe
  2⤵
  PID:12548
- C:\Windows\System\ffXRNaF.exe
  C:\Windows\System\ffXRNaF.exe
  2⤵
  PID:12600
- C:\Windows\System\DgXbpDO.exe
  C:\Windows\System\DgXbpDO.exe
  2⤵
  PID:12652
- C:\Windows\System\tCAPRPI.exe
  C:\Windows\System\tCAPRPI.exe
  2⤵
  PID:12688
- C:\Windows\System\FUciYLn.exe
  C:\Windows\System\FUciYLn.exe
  2⤵
  PID:12812
- C:\Windows\System\CmHoybd.exe
  C:\Windows\System\CmHoybd.exe
  2⤵
  PID:12908
- C:\Windows\System\iWrVPJd.exe
  C:\Windows\System\iWrVPJd.exe
  2⤵
  PID:13000
- C:\Windows\System\SkneIOO.exe
  C:\Windows\System\SkneIOO.exe
  2⤵
  PID:13008
- C:\Windows\System\veaJSeg.exe
  C:\Windows\System\veaJSeg.exe
  2⤵
  PID:13152
- C:\Windows\System\dIgvfbj.exe
  C:\Windows\System\dIgvfbj.exe
  2⤵
  PID:13192
- C:\Windows\System\oLrbMGG.exe
  C:\Windows\System\oLrbMGG.exe
  2⤵
  PID:13216
- C:\Windows\System\AydQeGY.exe
  C:\Windows\System\AydQeGY.exe
  2⤵
  PID:11896
- C:\Windows\System\BGaJGQf.exe
  C:\Windows\System\BGaJGQf.exe
  2⤵
  PID:13284
- C:\Windows\System\mIVaUhU.exe
  C:\Windows\System\mIVaUhU.exe
  2⤵
  PID:12476
- C:\Windows\System\lIbgKZw.exe
  C:\Windows\System\lIbgKZw.exe
  2⤵
  PID:12528
- C:\Windows\System\dMVbnQO.exe
  C:\Windows\System\dMVbnQO.exe
  2⤵
  PID:12868
- C:\Windows\System\PxGircI.exe
  C:\Windows\System\PxGircI.exe
  2⤵
  PID:12984
- C:\Windows\System\GSXEDDX.exe
  C:\Windows\System\GSXEDDX.exe
  2⤵
  PID:11480
- C:\Windows\System\XHBVFoZ.exe
  C:\Windows\System\XHBVFoZ.exe
  2⤵
  PID:11520
- C:\Windows\System\kQqzBEr.exe
  C:\Windows\System\kQqzBEr.exe
  2⤵
  PID:12320
- C:\Windows\System\FqRUvcG.exe
  C:\Windows\System\FqRUvcG.exe
  2⤵
  PID:12684
- C:\Windows\System\EwYsRyt.exe
  C:\Windows\System\EwYsRyt.exe
  2⤵
  PID:12680
- C:\Windows\System\TWEWIrn.exe
  C:\Windows\System\TWEWIrn.exe
  2⤵
  PID:13140
- C:\Windows\System\nYrXUfd.exe
  C:\Windows\System\nYrXUfd.exe
  2⤵
  PID:13212
- C:\Windows\System\lEspXIr.exe
  C:\Windows\System\lEspXIr.exe
  2⤵
  PID:12596
- C:\Windows\System\DHqpPRi.exe
  C:\Windows\System\DHqpPRi.exe
  2⤵
  PID:13376
- C:\Windows\System\mkrrvqg.exe
  C:\Windows\System\mkrrvqg.exe
  2⤵
  PID:13416
- C:\Windows\System\EmewvJw.exe
  C:\Windows\System\EmewvJw.exe
  2⤵
  PID:13440
- C:\Windows\System\tLqzHkT.exe
  C:\Windows\System\tLqzHkT.exe
  2⤵
  PID:13456
- C:\Windows\System\PBiQPfU.exe
  C:\Windows\System\PBiQPfU.exe
  2⤵
  PID:13476
- C:\Windows\System\EbWpOcW.exe
  C:\Windows\System\EbWpOcW.exe
  2⤵
  PID:13500
- C:\Windows\System\xSgUSkO.exe
  C:\Windows\System\xSgUSkO.exe
  2⤵
  PID:13520
- C:\Windows\System\fLBXHUH.exe
  C:\Windows\System\fLBXHUH.exe
  2⤵
  PID:13544
- C:\Windows\System\meLCrhk.exe
  C:\Windows\System\meLCrhk.exe
  2⤵
  PID:13560
- C:\Windows\System\PJWxGEa.exe
  C:\Windows\System\PJWxGEa.exe
  2⤵
  PID:13584
- C:\Windows\System\RREiidt.exe
  C:\Windows\System\RREiidt.exe
  2⤵
  PID:13604
- C:\Windows\System\UbXJnsg.exe
  C:\Windows\System\UbXJnsg.exe
  2⤵
  PID:13624
- C:\Windows\System\zxXvgys.exe
  C:\Windows\System\zxXvgys.exe
  2⤵
  PID:13652
- C:\Windows\System\lnpUtoy.exe
  C:\Windows\System\lnpUtoy.exe
  2⤵
  PID:13732
- C:\Windows\System\EPlPdAW.exe
  C:\Windows\System\EPlPdAW.exe
  2⤵
  PID:13748
- C:\Windows\System\tLcdOCp.exe
  C:\Windows\System\tLcdOCp.exe
  2⤵
  PID:13784
- C:\Windows\System\mlnVeNE.exe
  C:\Windows\System\mlnVeNE.exe
  2⤵
  PID:13828
- C:\Windows\System\OgxrkdV.exe
  C:\Windows\System\OgxrkdV.exe
  2⤵
  PID:13852
- C:\Windows\System\OtvAkwN.exe
  C:\Windows\System\OtvAkwN.exe
  2⤵
  PID:13896
- C:\Windows\System\mNWQKwZ.exe
  C:\Windows\System\mNWQKwZ.exe
  2⤵
  PID:13916
- C:\Windows\System\COqJUHz.exe
  C:\Windows\System\COqJUHz.exe
  2⤵
  PID:13936
- C:\Windows\System\hArCPru.exe
  C:\Windows\System\hArCPru.exe
  2⤵
  PID:13952
- C:\Windows\System\yUrnyJB.exe
  C:\Windows\System\yUrnyJB.exe
  2⤵
  PID:13984
- C:\Windows\System\VqdKvIl.exe
  C:\Windows\System\VqdKvIl.exe
  2⤵
  PID:14028
- C:\Windows\System\kKgninv.exe
  C:\Windows\System\kKgninv.exe
  2⤵
  PID:14056
- C:\Windows\System\NPYFeJJ.exe
  C:\Windows\System\NPYFeJJ.exe
  2⤵
  PID:14080
- C:\Windows\System\JbBzCaS.exe
  C:\Windows\System\JbBzCaS.exe
  2⤵
  PID:14096
- C:\Windows\System\wbvApIr.exe
  C:\Windows\System\wbvApIr.exe
  2⤵
  PID:14116
- C:\Windows\System\pmzYwVx.exe
  C:\Windows\System\pmzYwVx.exe
  2⤵
  PID:14152
- C:\Windows\System\VnuuBat.exe
  C:\Windows\System\VnuuBat.exe
  2⤵
  PID:14204
- C:\Windows\System\DFSjppx.exe
  C:\Windows\System\DFSjppx.exe
  2⤵
  PID:14224
- C:\Windows\System\jTidtrp.exe
  C:\Windows\System\jTidtrp.exe
  2⤵
  PID:14248
- C:\Windows\System\NyQCBqz.exe
  C:\Windows\System\NyQCBqz.exe
  2⤵
  PID:14272
- C:\Windows\System\IjLMTol.exe
  C:\Windows\System\IjLMTol.exe
  2⤵
  PID:14292
- C:\Windows\System\xEklxLt.exe
  C:\Windows\System\xEklxLt.exe
  2⤵
  PID:2532
- C:\Windows\System\MOuHHxJ.exe
  C:\Windows\System\MOuHHxJ.exe
  2⤵
  PID:13168
- C:\Windows\System\yzjierI.exe
  C:\Windows\System\yzjierI.exe
  2⤵
  PID:13348
- C:\Windows\System\EkvSJxk.exe
  C:\Windows\System\EkvSJxk.exe
  2⤵
  PID:13428
- C:\Windows\System\LhlUEfK.exe
  C:\Windows\System\LhlUEfK.exe
  2⤵
  PID:13488
- C:\Windows\System\YHEgJBX.exe
  C:\Windows\System\YHEgJBX.exe
  2⤵
  PID:13556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AyXPBhN.exe

Filesize
1.4MB

MD5
b0f065bcf893294b82d7746cace52009

SHA1
94a03ba45b2eb65614e6938c6572b3c5579a7039

SHA256
0cf68108100a4faa48ca0838c9c2b602b56286f6feb49ca432da2ac984165bc6

SHA512
9e402d97148b8bcdddc0ddd0a79813f17c6716829a6eff9cf3543c1e4422c97fc321ee23d2928e3dd3c169ce9c0a90ee40c123c3f61d89bb8361e9361f49b2e0

Download Submit
C:\Windows\System\BraXftP.exe

Filesize
1.4MB

MD5
1c32b84610d10a39ae69815da0bae7ff

SHA1
9977bd5a72fed847c972e78d69035b4be6daff78

SHA256
3805968832d034533155702755e91aba7632795b7435072fa95601297931b773

SHA512
4a2bb0c909e2fede89e6628f72b883d747ed12a7aebef338a3e0c3da8dc02fc4f0c19d9c8bd2eb540773eb22d458b8724a28400044f773071cabdb7235b3c37b

Download Submit
C:\Windows\System\CIgcteK.exe

Filesize
1.4MB

MD5
09ea144c9d178d04e93334cdb6053707

SHA1
cad9f304f08fdddc8bad9cde46292d783d319345

SHA256
a399b0cb8ec80bc2c64c8efc0c1746976aca59cd6c5de66fd79137de027cb0c2

SHA512
8601eb69fbe60ab5978df44abc42ada61151b6e54f36b45bef954c73eb9b00de54a3f0881211e1f0a6b73f84bf700e48031996a91b2c97baf5bd53a10b24bd53

Download Submit
C:\Windows\System\DQshZlw.exe

Filesize
1.4MB

MD5
523f5f2587bca525632dc3c873b6e146

SHA1
e240a3d53bafa1ee17c6d3877a6632f773c1da70

SHA256
9ee9bb22ce5df3802a3cec75a2393c5c4b576909e5842a350914cbbadc22bfae

SHA512
7053f3a0f1a173b40a390e09c2bde5a8bd7c024af7d5d22f5a4452e814ef59152f867e0cd8663961a4b9235676b8c6e3aabd233366c72e46d2b033b2f78ea5c8

Download Submit
C:\Windows\System\EKrNimi.exe

Filesize
1.4MB

MD5
a056b0f516b2499badf0dea8f3680e35

SHA1
4aa258813fbf0e242a307cd98d2d7df64dff0e99

SHA256
71107e02faf80023f0639537db80448293ec4c5fa71ca443811d58213b887f16

SHA512
accefda742511114b0dec0da227562b83154bd4b7a8010767a135b20705db9186bcf4c12434d8925b0ad9a70843afff8119f60b6943a81b4ebf9a57d2884194b

Download Submit
C:\Windows\System\EngTiMv.exe

Filesize
1.4MB

MD5
ce984fc7546eb7aa38b639c4304465b0

SHA1
403cf10ab9da37083ecae555de93e35e92b67960

SHA256
61fbb749f7670081044b9c69a9f2cdae5f19148eb367a1ace9dad7c0cdaf8db3

SHA512
7fe149a7378725a4db06a2b6f232cfbcdf0a4b055997d84d47e0e9792e41742e5b7f87c0b1af9cf05a7a0df6e448d010fb2450ebe9fb2d682e552ade53aaa28e

Download Submit
C:\Windows\System\NROYcfl.exe

Filesize
1.4MB

MD5
af778f0364d5798fd42d51ab011ac1ff

SHA1
4d2112ef20c9fc93fa92c84f40026c54b4214c1b

SHA256
4b6d1f450f3fe063313521765343c0921b6b610f8fd0157d307a2873e1cd2d28

SHA512
fd259012a289fb75b1f57ea8ed983dbf40856f46c04ee3d3ada431c593fdcd18a55f3a869c148d4aedc5ae7000f4ef757326273f8c9470c381c267d640c11d34

Download Submit
C:\Windows\System\NYITqOE.exe

Filesize
1.4MB

MD5
1bb8839780cc25241c495ad35423397f

SHA1
e755dd46e3913e872a200c952d0fe63785131a68

SHA256
a4a66814e427f6d216f9929cc100e02c4051b37744b1112978a9d6cad66da4b7

SHA512
c4548adcd177e82cc59007ca0d83a559924e5f8b7b193dc45168caf8a52492477b8b293c3198977ef7af6d5b78a8b8770f4977be42d5e5ab0ed72539e7455293

Download Submit
C:\Windows\System\PwkQAnu.exe

Filesize
1.4MB

MD5
23296578eccb5344a5465fba198de618

SHA1
c4a4b781002804b22b28eaa5613f0ea2606d4d8f

SHA256
ae711359eaea276c498875c9df19eeec4970be35aa0774a5e53641c1087e143a

SHA512
2ca5c7ebeca13127174d45f35e71fec02804e17c152208545edd582c0c1edb76a086c7b1e33e8b6f2d3dd03cee900c51260d6651ce24c63577a9093f9fb60105

Download Submit
C:\Windows\System\RuWKfln.exe

Filesize
1.4MB

MD5
df64f677adc5c0a5bcb95912177c8cb6

SHA1
37bd0d5b3a7d1fc3da04eb10548c288639791d05

SHA256
496932b7045866e2e67d51740535c146a25e4d985daee3698a7578f926aa7d52

SHA512
14d1d9c66ed4cbf44b4e7ca7588b9603a635794dd26d603127edf3e2d8f734bafef7266e4e5fb63b7d929b47090e0951e272437fc8daae38e6e13ad5b1f5241c

Download Submit
C:\Windows\System\SmJQlFL.exe

Filesize
1.4MB

MD5
3478cb6d3a7944ad9db58218704591ba

SHA1
4cc061970b177fed0e240b9132e6fc5921c15991

SHA256
ecd06b039686a7f5df78e7ceba95862ff3deb4767a7ee87cfc3cffdb39fe53ac

SHA512
8e62f1776fd924151fd972a6bf9994dad4a804110af8da0a2d2e99a58e2b66d39f40fc6f80d0a1a681716056e44712fb4c2fdccad189315a8216aabcc6b5467d

Download Submit
C:\Windows\System\SzUQzCX.exe

Filesize
1.4MB

MD5
6f6639a2e0d9260eb442ce6292db57ea

SHA1
bf78aad91a42e0f03c3f1639879b5895b058722f

SHA256
38d37b362fbc0d9fb4880ac25ec229b15aeaab0c76d52cd2acaa3ba8b10b3206

SHA512
f2f0f70b9f35f10d0d5baabb566b2f69a9183524fba0523ca3f6db67362d522b6ae526307445daff92a95daa54f06ad9743930faadc99bec92ffbbc57c09b1b9

Download Submit
C:\Windows\System\UTiSuAZ.exe

Filesize
1.4MB

MD5
15676449fdcecf1d1301296c1b4668aa

SHA1
e2d47c41ba9d9c3812efc95e60a37b5be6d18852

SHA256
34211e074f05e77c37cc0db4b46194693458df7d9e89444eda8308e53d86efac

SHA512
226b1efc3aba26d8dfc313c995b6fc0ced4ad390747370c3e0bad61ac8cb3b50e8502c818f1a7e6528fca10ab1b1858567d726aa216121e08f8cdeba76099750

Download Submit
C:\Windows\System\VRnUYGy.exe

Filesize
1.4MB

MD5
a976effd2741cb01ca524d5ce60eccaa

SHA1
8dfba2373510da1059e5920fd98a3a5a391523cb

SHA256
c7aa4a5eae48e882f0ca207ef114961a085a606e65d828671bd0e3416f85a6c0

SHA512
07fa32a23a354fde0318db49a9144ffd00a7eb3226929f0982c1188d9b6e7aa31d66efe9c6ec87f2f427e7bcdd9d27c7e97d7623e4f32c0b2bb63446c70cf2de

Download Submit
C:\Windows\System\WmKHQTo.exe

Filesize
1.4MB

MD5
3e249f42fb33575df80b20350bedd449

SHA1
ffe1053b88f3a571777dddf35dd7b8b9a856ade9

SHA256
2762852d91e9e9ad0583508d977383f5c2f9c636398a563c66270351f4a5742b

SHA512
7f6ed6f7a570b0735ae16d7e5ae36a959c631ace98e041569b973a4b01818b4e0f2c1f48c9ae1d792debd0a6683f0bb6bbc1919e304cb4620d95786d83914a01

Download Submit
C:\Windows\System\XsyepGK.exe

Filesize
1.4MB

MD5
57c4a0ae63e5f896728f15f143fa6aef

SHA1
f6eceefdbda030b2bfeb99dd1cf53da358c48c13

SHA256
5c2d52a672eedab8bb9993a911bdee9af22d459521a31a9dfff5a13e07add7ef

SHA512
05201e6e250c3ee1e671b624cb6aa29c68e73710867f9a1214805e59a45ef170b5ef18443b30bd42b03252c51cea3812d4fe3f09a7f75f2a81769617415edcaa

Download Submit
C:\Windows\System\bNJmknq.exe

Filesize
1.4MB

MD5
a4c97e5b19c1057fbd013b0c61568d55

SHA1
952e7986ae3a1ea57f8056590bb84d87299fda83

SHA256
fe2bd8523083b287c9663d0783362909c4fa115027dcecb9b5d80fbf53513c76

SHA512
14a0af67668b1fde4894aa0b8827b41cca1b347f734aca871792a0af7e8fb8f68822cbf2fff5981e6074d3c565315ae3b092f0b735e4d2c709e1d22754128a72

Download Submit
C:\Windows\System\csBsLSo.exe

Filesize
1.4MB

MD5
35233efad6524f4297031403538563af

SHA1
03c18f401b2da070c9050914f5e41effcc458753

SHA256
02fd8e834a085d01dd88e4dec022540c38dade23d4ad01c087d927e119227cd7

SHA512
f40136c6d741686dee8d52a383da5bb720b2b1831e3128ab9cef3dae4f58add2f4d245c20626454e9084beec33eee266fb56c557a57e8af5c491f3461a3fa69d

Download Submit
C:\Windows\System\csOKWNa.exe

Filesize
1.4MB

MD5
b297ece3a2969a9baf5ceb80e428426d

SHA1
e5db051c420e6368d1d4ec72d785c0e960cd4589

SHA256
04e9db979ea5c499bf1bc6dcd27c14b96e0e28a07b9090ae194cda8540ca212d

SHA512
60ccd899cb1d4d9792f1222a5722dc641c946b7f5d74bfd2e791f483f35499a4afa0b914aae03f9e9e8f9684c958967517dc5547bb19d7eab7ae67952e2ed121

Download Submit
C:\Windows\System\ereVKLG.exe

Filesize
1.4MB

MD5
4719c7fbc8be75165112f50cc7bcfaff

SHA1
6b280dfd4eb1b7b20497da867e8e22cae589a3ad

SHA256
24de3fae33f85426b34e523d2e490a8cd0007f25ca8fead9d0d8cd41ddffaeb8

SHA512
c715eab1d56f822563c657f5dc698ca242e0e638f53ceafacadbe287b05560095a4b0b7f0174055f0e730e2c045ec96b1de96506881926f109552ded110214d7

Download Submit
C:\Windows\System\fkeYJYS.exe

Filesize
1.4MB

MD5
52f014071da81b216e28da834978affa

SHA1
38449ceddb9e33a5c021bfe74f83cae764c0147c

SHA256
66803bcbac21c9afe4e6a2765b6a64359fa4416a3f0779e0d40846301c39e7ee

SHA512
3ae6c1d39f977a6f5521ff6a618fa4aff409acdebd6210c3600e33d4bcc96aa3e91105234d8eb3e480439db0d6e99941cf198ef3d1c5ab34a0798d717f4408e3

Download Submit
C:\Windows\System\iBFTgew.exe

Filesize
1.4MB

MD5
3cb6827df9566adda939c77fbb4702ef

SHA1
616dbeb6c5d7ec7541e12016d20c23cff8d5c2be

SHA256
1d0d17aab546e11900496f9c954c32f429ea5161cd073db3b932c72be4e038d3

SHA512
c4b7c717dc380f39de50a1268371d2399f96e4cd38bdbce5165cc2bcc6a4fec7bd466f36789a3070fa9a874509fdc04698503bfa2c47a53dfe72902f322f6aeb

Download Submit
C:\Windows\System\lTkFIML.exe

Filesize
1.4MB

MD5
6a71b9dd01390de39da34dcbe5202462

SHA1
c9437caa0045945c24aa13538d3d5c70b28d17df

SHA256
1343fb02494a0e67da81ab765a6a2fbbc4cae0fc222966506e05ca8f14f15d7b

SHA512
9d1cfe4cadc0a79550b981fa0820b495194fba7ca1517f8ceadcc5be6107067f08163005b46f02c241463dd0ab6fae8b9ba09ffa47ac98888a80338771ff968e

Download Submit
C:\Windows\System\luxHfHj.exe

Filesize
1.4MB

MD5
de9269ef7feaa8cb6c6460f983ace7c4

SHA1
d0168684c9c151939662becf02fca808ba06755b

SHA256
1cbdc184c93c195b239fd481cf6e1fbacd9070de38a11b87c0df7ab4524cf0c7

SHA512
560a349d1952ac009a3c8cc4eb64adc8254df91d8af0eac7df203370b3f1f78cda521871c990fee66ac44cffc0e9a6b7660c4bd7eee50b70e668e6bbbcf35f0b

Download Submit
C:\Windows\System\mddTdZq.exe

Filesize
1.4MB

MD5
8c5a29212d3377966b690cd007b06784

SHA1
09125b943038761dea3a1e2cca6562f9b8aea799

SHA256
3de16ced1ac467817d9f4522459bf83e2152e6c974a157c236df89a82694c092

SHA512
2b195f9d479509d11a357fb1fcf0630aade3eb87c0dde9cbbcc605600540b16bbe2bee38a8cae0b0cc046d6394c205db5de4d4805dba481c9ee46d2cbbb68ae6

Download Submit
C:\Windows\System\nDFDRBp.exe

Filesize
1.4MB

MD5
47405d2c477f1f936c72a6a094e2a048

SHA1
8cd872be9f140986f8ede5ddbedbc40b47770474

SHA256
a80daae5165a8b143e5f6b444338a2f9c84a036eff3c4b2bcdc3ae6d4e665aa9

SHA512
ad5c2f6b90193ef7e470bca0588868246b9cee17d7ad1d49d5e0cb5bf21f0710193b1df764bf017a6bcc0d1ee0f58d0b08ae458dd2a87fe5a9bf9e926d406511

Download Submit
C:\Windows\System\nZpjCiH.exe

Filesize
1.4MB

MD5
321f62f066f1c338e668d96c23e42904

SHA1
9b0ec15e7d3f523a11cf04480ccda27000eb3d0e

SHA256
2960165b2eaae6436e04e65bf0ccdc729ffb080bd38bc51451433d06a269052a

SHA512
dbd0bc14ead2a84e6fdd0041f4217f91edfe906ed092b8f40d85e87d00c23a06feb4a613b4cc6719340a74ac6a4ffbf92383be32b953d10170e308dbd8325d3d

Download Submit
C:\Windows\System\oZzjtcV.exe

Filesize
1.4MB

MD5
c9121a669e3c9c4774bdb579ff1270a7

SHA1
4ecd835f2c0e5d86b4cf0a4c53eee097beee131a

SHA256
2f6949175c25d8ad3accc5fc0ffe0d80bde29e6c7c6deb1d12e28dca309ad814

SHA512
8bb429c468142d53c935968e16525921d3d257929c5773dcbde4c9e4950c4cba27acb1684854af720c05c75825b60f8dd30884970c05fde59ab8e1e79d7eb3db

Download Submit
C:\Windows\System\qEdVNnU.exe

Filesize
1.4MB

MD5
b3272f4f9eb316dba4330420b84bdd8f

SHA1
eabc6bd75d9abcb3d306d758a5aba0cc0e204f6e

SHA256
eae047603c7ec80a7a7e8e8dbc451faec906c8074597595b4f3b7ea7c0b2384d

SHA512
891797283f486cbbbb97016e118de802f29b717500fbe49a6fe972017cf775e72d8a6e3dce6d3fa4dd63bdfd0995eeced9f932848c08f054bab3bf232e104a52

Download Submit
C:\Windows\System\qdXwnAB.exe

Filesize
1.4MB

MD5
a18da578fd03597fff27a4ec4d25c35a

SHA1
2afa25b202b5b5a27b8d9e65420952e9f97230ff

SHA256
0cf36a22fcb7efd73aee0418aef1141852ce9003dc628d307ee5389a9edfe389

SHA512
736a33248f48b95640cecf6d01a987cb2024c5b91ab81e3190a9b3065e9589394a9e66869fcb57c760cf7e0348b40950826482a65d2eeebf29983f680ebee3ce

Download Submit
C:\Windows\System\qyOKRrq.exe

Filesize
1.4MB

MD5
87523e1a15a8302b95d4ebe0e1b2c432

SHA1
c50f22e18a88bb6540414d4bccbbf30ff0596e37

SHA256
1fdbfe3d63f681d539c494215a52eb0950520e41ae50978939bd8bbea6492d80

SHA512
ffaa2daa86824f98a5a2487383319ccea7c66827c7a609ffde65229682a8794661e6d3f34a104b036914c20637a33ccf2b817731e2e7cb531cb42d55ab08e7fa

Download Submit
C:\Windows\System\shpiInx.exe

Filesize
1.4MB

MD5
8e21d29f9981c83864d7cb5da9d83480

SHA1
871227c83b5c5b04e0a4dc8ff4ea3da291d35d8d

SHA256
45fd92bfc58b8421b857c32c418bd110d8b8b24a024cb11f7347c3f94950f99d

SHA512
a09e35a62bc87c0c4d17c3da9b9a82d23e104ad1ca433c975dbcd29a0bec6d31ed7775068b7f978391c28bc751850f7e471a99b04936084e295c61b89b9341d3

Download Submit
C:\Windows\System\xgnovHx.exe

Filesize
1.4MB

MD5
4b3cd00c6321125b0aef1ffee783334f

SHA1
99bb4f6723891f2603978d6f1eb90c16a3a55ee6

SHA256
7e147cf807009acfbc7e329da7c4a47e360e810af66f7244a443fe79bd4ffd0e

SHA512
09b98d5810ebc00b58c2d48d008ba63a07c0e2147577ad68b830306398785310325e959675ea665ec928b6c00212a6265bc03aa3dc470764a9d7068e55285fc0

Download Submit
memory/700-84-0x00007FF60F430000-0x00007FF60F781000-memory.dmp

Filesize
3.3MB

Download
memory/700-2281-0x00007FF60F430000-0x00007FF60F781000-memory.dmp

Filesize
3.3MB

Download
memory/1112-455-0x00007FF6D8B70000-0x00007FF6D8EC1000-memory.dmp

Filesize
3.3MB

Download
memory/1112-2361-0x00007FF6D8B70000-0x00007FF6D8EC1000-memory.dmp

Filesize
3.3MB

Download
memory/1188-422-0x00007FF685E00000-0x00007FF686151000-memory.dmp

Filesize
3.3MB

Download
memory/1188-2285-0x00007FF685E00000-0x00007FF686151000-memory.dmp

Filesize
3.3MB

Download
memory/1440-469-0x00007FF720340000-0x00007FF720691000-memory.dmp

Filesize
3.3MB

Download
memory/1440-2297-0x00007FF720340000-0x00007FF720691000-memory.dmp

Filesize
3.3MB

Download
memory/1656-85-0x00007FF6CB1C0000-0x00007FF6CB511000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2293-0x00007FF6CB1C0000-0x00007FF6CB511000-memory.dmp

Filesize
3.3MB

Download
memory/1948-425-0x00007FF7263E0000-0x00007FF726731000-memory.dmp

Filesize
3.3MB

Download
memory/1948-2288-0x00007FF7263E0000-0x00007FF726731000-memory.dmp

Filesize
3.3MB

Download
memory/2036-427-0x00007FF6C8260000-0x00007FF6C85B1000-memory.dmp

Filesize
3.3MB

Download
memory/2036-2290-0x00007FF6C8260000-0x00007FF6C85B1000-memory.dmp

Filesize
3.3MB

Download
memory/2228-438-0x00007FF732A90000-0x00007FF732DE1000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2309-0x00007FF732A90000-0x00007FF732DE1000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2279-0x00007FF6E5FF0000-0x00007FF6E6341000-memory.dmp

Filesize
3.3MB

Download
memory/2348-463-0x00007FF6E5FF0000-0x00007FF6E6341000-memory.dmp

Filesize
3.3MB

Download
memory/2416-424-0x00007FF68A1A0000-0x00007FF68A4F1000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2296-0x00007FF68A1A0000-0x00007FF68A4F1000-memory.dmp

Filesize
3.3MB

Download
memory/2528-2305-0x00007FF7EA900000-0x00007FF7EAC51000-memory.dmp

Filesize
3.3MB

Download
memory/2528-430-0x00007FF7EA900000-0x00007FF7EAC51000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2277-0x00007FF73F230000-0x00007FF73F581000-memory.dmp

Filesize
3.3MB

Download
memory/2888-73-0x00007FF73F230000-0x00007FF73F581000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2275-0x00007FF6C9270000-0x00007FF6C95C1000-memory.dmp

Filesize
3.3MB

Download
memory/2924-47-0x00007FF6C9270000-0x00007FF6C95C1000-memory.dmp

Filesize
3.3MB

Download
memory/3080-426-0x00007FF6172D0000-0x00007FF617621000-memory.dmp

Filesize
3.3MB

Download
memory/3080-2291-0x00007FF6172D0000-0x00007FF617621000-memory.dmp

Filesize
3.3MB

Download
memory/3088-67-0x00007FF7F75C0000-0x00007FF7F7911000-memory.dmp

Filesize
3.3MB

Download
memory/3088-2270-0x00007FF7F75C0000-0x00007FF7F7911000-memory.dmp

Filesize
3.3MB

Download
memory/3380-431-0x00007FF695E80000-0x00007FF6961D1000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2307-0x00007FF695E80000-0x00007FF6961D1000-memory.dmp

Filesize
3.3MB

Download
memory/3520-2223-0x00007FF729800000-0x00007FF729B51000-memory.dmp

Filesize
3.3MB

Download
memory/3520-0-0x00007FF729800000-0x00007FF729B51000-memory.dmp

Filesize
3.3MB

Download
memory/3520-1-0x0000021940C30000-0x0000021940C40000-memory.dmp

Filesize
64KB

Download
memory/4100-456-0x00007FF71EC30000-0x00007FF71EF81000-memory.dmp

Filesize
3.3MB

Download
memory/4100-2356-0x00007FF71EC30000-0x00007FF71EF81000-memory.dmp

Filesize
3.3MB

Download
memory/4352-2311-0x00007FF7230A0000-0x00007FF7233F1000-memory.dmp

Filesize
3.3MB

Download
memory/4352-440-0x00007FF7230A0000-0x00007FF7233F1000-memory.dmp

Filesize
3.3MB

Download
memory/4516-445-0x00007FF7F3F90000-0x00007FF7F42E1000-memory.dmp

Filesize
3.3MB

Download
memory/4516-2345-0x00007FF7F3F90000-0x00007FF7F42E1000-memory.dmp

Filesize
3.3MB

Download
memory/4532-429-0x00007FF744360000-0x00007FF7446B1000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2301-0x00007FF744360000-0x00007FF7446B1000-memory.dmp

Filesize
3.3MB

Download
memory/4652-475-0x00007FF6ECE30000-0x00007FF6ED181000-memory.dmp

Filesize
3.3MB

Download
memory/4652-2299-0x00007FF6ECE30000-0x00007FF6ED181000-memory.dmp

Filesize
3.3MB

Download
memory/4660-8-0x00007FF71D720000-0x00007FF71DA71000-memory.dmp

Filesize
3.3MB

Download
memory/4660-2265-0x00007FF71D720000-0x00007FF71DA71000-memory.dmp

Filesize
3.3MB

Download
memory/4660-2225-0x00007FF71D720000-0x00007FF71DA71000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2272-0x00007FF73C3F0000-0x00007FF73C741000-memory.dmp

Filesize
3.3MB

Download
memory/4684-31-0x00007FF73C3F0000-0x00007FF73C741000-memory.dmp

Filesize
3.3MB

Download
memory/4684-2259-0x00007FF73C3F0000-0x00007FF73C741000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2267-0x00007FF7E4D80000-0x00007FF7E50D1000-memory.dmp

Filesize
3.3MB

Download
memory/4816-2258-0x00007FF7E4D80000-0x00007FF7E50D1000-memory.dmp

Filesize
3.3MB

Download
memory/4816-30-0x00007FF7E4D80000-0x00007FF7E50D1000-memory.dmp

Filesize
3.3MB

Download
memory/4860-448-0x00007FF713C60000-0x00007FF713FB1000-memory.dmp

Filesize
3.3MB

Download
memory/4860-2344-0x00007FF713C60000-0x00007FF713FB1000-memory.dmp

Filesize
3.3MB

Download
memory/4884-452-0x00007FF6F2AE0000-0x00007FF6F2E31000-memory.dmp

Filesize
3.3MB

Download
memory/4884-2317-0x00007FF6F2AE0000-0x00007FF6F2E31000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2226-0x00007FF74CBC0000-0x00007FF74CF11000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2273-0x00007FF74CBC0000-0x00007FF74CF11000-memory.dmp

Filesize
3.3MB

Download
memory/4908-26-0x00007FF74CBC0000-0x00007FF74CF11000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2303-0x00007FF734470000-0x00007FF7347C1000-memory.dmp

Filesize
3.3MB

Download
memory/5080-428-0x00007FF734470000-0x00007FF7347C1000-memory.dmp

Filesize
3.3MB

Download
memory/5112-423-0x00007FF752820000-0x00007FF752B71000-memory.dmp

Filesize
3.3MB

Download
memory/5112-2284-0x00007FF752820000-0x00007FF752B71000-memory.dmp

Filesize
3.3MB

Download