xmrig | 9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078

Analysis

max time kernel
121s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 14:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
Size

1.9MB
MD5

df077f7cdcbb32a9454e0a33f0eb5180
SHA1

155b50095803ce6833312ee92b9df6f72b35fbc7
SHA256

9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078
SHA512

4fe9fc57ba1fb1f95aa430eabc35936d028cbd65211d5e66803aadd021f08cb9dc5282ef9acb542cdd91b7d3336a4096fb35d8267c367891bb4c3cd0632495a5
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7fI+7RrTFl6hvVjB:Lz071uv4BPMkyW10/w16BvZX71Fq8+H

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/2044-225-0x00007FF758F40000-0x00007FF759332000-memory.dmp	xmrig
behavioral2/memory/3068-403-0x00007FF7DA350000-0x00007FF7DA742000-memory.dmp	xmrig
behavioral2/memory/5064-365-0x00007FF7C30D0000-0x00007FF7C34C2000-memory.dmp	xmrig
behavioral2/memory/4832-290-0x00007FF63BA50000-0x00007FF63BE42000-memory.dmp	xmrig
behavioral2/memory/2904-289-0x00007FF74CD40000-0x00007FF74D132000-memory.dmp	xmrig
behavioral2/memory/2216-356-0x00007FF66AF60000-0x00007FF66B352000-memory.dmp	xmrig
behavioral2/memory/2908-262-0x00007FF61B410000-0x00007FF61B802000-memory.dmp	xmrig
behavioral2/memory/3208-457-0x00007FF6E8310000-0x00007FF6E8702000-memory.dmp	xmrig
behavioral2/memory/4796-567-0x00007FF7C6790000-0x00007FF7C6B82000-memory.dmp	xmrig
behavioral2/memory/3184-629-0x00007FF7E2C90000-0x00007FF7E3082000-memory.dmp	xmrig
behavioral2/memory/3216-635-0x00007FF78DDB0000-0x00007FF78E1A2000-memory.dmp	xmrig
behavioral2/memory/508-637-0x00007FF6A0730000-0x00007FF6A0B22000-memory.dmp	xmrig
behavioral2/memory/3624-636-0x00007FF66F880000-0x00007FF66FC72000-memory.dmp	xmrig
behavioral2/memory/4800-634-0x00007FF658D70000-0x00007FF659162000-memory.dmp	xmrig
behavioral2/memory/2952-633-0x00007FF76B0E0000-0x00007FF76B4D2000-memory.dmp	xmrig
behavioral2/memory/5012-632-0x00007FF7A7930000-0x00007FF7A7D22000-memory.dmp	xmrig
behavioral2/memory/852-631-0x00007FF7F6BE0000-0x00007FF7F6FD2000-memory.dmp	xmrig
behavioral2/memory/4056-630-0x00007FF7DE270000-0x00007FF7DE662000-memory.dmp	xmrig
behavioral2/memory/5068-628-0x00007FF6DD3F0000-0x00007FF6DD7E2000-memory.dmp	xmrig
behavioral2/memory/1616-627-0x00007FF7EFF50000-0x00007FF7F0342000-memory.dmp	xmrig
behavioral2/memory/4628-564-0x00007FF694E50000-0x00007FF695242000-memory.dmp	xmrig
behavioral2/memory/3016-456-0x00007FF7C1BB0000-0x00007FF7C1FA2000-memory.dmp	xmrig
behavioral2/memory/4944-4544-0x00007FF6A1310000-0x00007FF6A1702000-memory.dmp	xmrig
behavioral2/memory/2840-4545-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp	xmrig
behavioral2/memory/4800-4580-0x00007FF658D70000-0x00007FF659162000-memory.dmp	xmrig
behavioral2/memory/4944-4581-0x00007FF6A1310000-0x00007FF6A1702000-memory.dmp	xmrig
behavioral2/memory/2840-4584-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp	xmrig
behavioral2/memory/2044-4585-0x00007FF758F40000-0x00007FF759332000-memory.dmp	xmrig
behavioral2/memory/2216-4590-0x00007FF66AF60000-0x00007FF66B352000-memory.dmp	xmrig
behavioral2/memory/3624-4597-0x00007FF66F880000-0x00007FF66FC72000-memory.dmp	xmrig
behavioral2/memory/5064-4599-0x00007FF7C30D0000-0x00007FF7C34C2000-memory.dmp	xmrig
behavioral2/memory/3016-4603-0x00007FF7C1BB0000-0x00007FF7C1FA2000-memory.dmp	xmrig
behavioral2/memory/4628-4605-0x00007FF694E50000-0x00007FF695242000-memory.dmp	xmrig
behavioral2/memory/3068-4601-0x00007FF7DA350000-0x00007FF7DA742000-memory.dmp	xmrig
behavioral2/memory/4796-4595-0x00007FF7C6790000-0x00007FF7C6B82000-memory.dmp	xmrig
behavioral2/memory/2904-4593-0x00007FF74CD40000-0x00007FF74D132000-memory.dmp	xmrig
behavioral2/memory/3216-4591-0x00007FF78DDB0000-0x00007FF78E1A2000-memory.dmp	xmrig
behavioral2/memory/4832-4588-0x00007FF63BA50000-0x00007FF63BE42000-memory.dmp	xmrig
behavioral2/memory/5012-4626-0x00007FF7A7930000-0x00007FF7A7D22000-memory.dmp	xmrig
behavioral2/memory/852-4635-0x00007FF7F6BE0000-0x00007FF7F6FD2000-memory.dmp	xmrig
behavioral2/memory/508-4627-0x00007FF6A0730000-0x00007FF6A0B22000-memory.dmp	xmrig
behavioral2/memory/5068-4620-0x00007FF6DD3F0000-0x00007FF6DD7E2000-memory.dmp	xmrig
behavioral2/memory/4056-4618-0x00007FF7DE270000-0x00007FF7DE662000-memory.dmp	xmrig
behavioral2/memory/2952-4616-0x00007FF76B0E0000-0x00007FF76B4D2000-memory.dmp	xmrig
behavioral2/memory/3208-4612-0x00007FF6E8310000-0x00007FF6E8702000-memory.dmp	xmrig
behavioral2/memory/2908-4610-0x00007FF61B410000-0x00007FF61B802000-memory.dmp	xmrig
behavioral2/memory/3184-4623-0x00007FF7E2C90000-0x00007FF7E3082000-memory.dmp	xmrig
behavioral2/memory/1616-4614-0x00007FF7EFF50000-0x00007FF7F0342000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4732	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4944	JcnBWzp.exe
2840	jXatziw.exe
2044	TfHDnFG.exe
4800	YNzNZmN.exe
3216	IgKbWFE.exe
3624	yxfiTbA.exe
2908	ybMYZSz.exe
2904	maAFfwi.exe
4832	YVWdmHq.exe
2216	oXDmuFl.exe
5064	kqUHPbw.exe
3068	hfEUUrc.exe
3016	qtVhGFA.exe
3208	iYfNFua.exe
4628	maQJlqs.exe
4796	QCfcSDh.exe
1616	AsOJVMX.exe
5068	nOKZpPC.exe
3184	rYcZLlM.exe
4056	NRNaest.exe
508	lvyCMoS.exe
852	KtmLJBw.exe
5012	yKDnfuP.exe
2952	uasiuKt.exe
4864	FpdHdnW.exe
5016	HfqNAYK.exe
4780	TEzHTxz.exe
2260	UXvYLuy.exe
4088	AKePjrQ.exe
5032	yURcJzn.exe
368	SHPnYUL.exe
4620	uuKtgak.exe
4060	JukpuHl.exe
5048	VRPxknM.exe
4860	kyseGTV.exe
4956	AtBJgzw.exe
4596	gpUcpPc.exe
3404	pZzXmXl.exe
4604	SpWyPOL.exe
4872	fYhjDPn.exe
1656	myUuSHM.exe
1212	NYyFHhd.exe
3980	gxdzcsT.exe
3120	yFjLeUW.exe
4360	llMXMcR.exe
2348	xpHsOfD.exe
2340	lEZxwaG.exe
2652	GuDZwLy.exe
400	VHGNOeY.exe
448	kjhVajJ.exe
4384	xxxxKFb.exe
624	NSwPIkU.exe
4504	RQjocsG.exe
464	veELkxo.exe
2460	pxvKdSl.exe
2796	uHoajOa.exe
4348	MEFdTwL.exe
3124	IawDsdP.exe
2636	SsgDwMA.exe
3268	ETuUJAz.exe
1516	KIOhFOD.exe
2328	CNxJrhf.exe
4656	nufEjQs.exe
1752	ffzGDvo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4220-0-0x00007FF762BF0000-0x00007FF762FE2000-memory.dmp	upx
behavioral2/files/0x0007000000023425-7.dat	upx
behavioral2/files/0x0008000000023420-5.dat	upx
behavioral2/memory/4944-8-0x00007FF6A1310000-0x00007FF6A1702000-memory.dmp	upx
behavioral2/files/0x0007000000023427-25.dat	upx
behavioral2/files/0x000700000002342a-49.dat	upx
behavioral2/files/0x0007000000023431-67.dat	upx
behavioral2/files/0x000700000002343d-135.dat	upx
behavioral2/files/0x000700000002343c-162.dat	upx
behavioral2/memory/2044-225-0x00007FF758F40000-0x00007FF759332000-memory.dmp	upx
behavioral2/memory/3068-403-0x00007FF7DA350000-0x00007FF7DA742000-memory.dmp	upx
behavioral2/memory/5064-365-0x00007FF7C30D0000-0x00007FF7C34C2000-memory.dmp	upx
behavioral2/memory/4832-290-0x00007FF63BA50000-0x00007FF63BE42000-memory.dmp	upx
behavioral2/memory/2904-289-0x00007FF74CD40000-0x00007FF74D132000-memory.dmp	upx
behavioral2/memory/2216-356-0x00007FF66AF60000-0x00007FF66B352000-memory.dmp	upx
behavioral2/memory/2908-262-0x00007FF61B410000-0x00007FF61B802000-memory.dmp	upx
behavioral2/files/0x0007000000023437-201.dat	upx
behavioral2/files/0x0007000000023447-194.dat	upx
behavioral2/files/0x0007000000023442-188.dat	upx
behavioral2/memory/3208-457-0x00007FF6E8310000-0x00007FF6E8702000-memory.dmp	upx
behavioral2/memory/4796-567-0x00007FF7C6790000-0x00007FF7C6B82000-memory.dmp	upx
behavioral2/memory/3184-629-0x00007FF7E2C90000-0x00007FF7E3082000-memory.dmp	upx
behavioral2/memory/3216-635-0x00007FF78DDB0000-0x00007FF78E1A2000-memory.dmp	upx
behavioral2/memory/508-637-0x00007FF6A0730000-0x00007FF6A0B22000-memory.dmp	upx
behavioral2/memory/3624-636-0x00007FF66F880000-0x00007FF66FC72000-memory.dmp	upx
behavioral2/memory/4800-634-0x00007FF658D70000-0x00007FF659162000-memory.dmp	upx
behavioral2/memory/2952-633-0x00007FF76B0E0000-0x00007FF76B4D2000-memory.dmp	upx
behavioral2/memory/5012-632-0x00007FF7A7930000-0x00007FF7A7D22000-memory.dmp	upx
behavioral2/memory/852-631-0x00007FF7F6BE0000-0x00007FF7F6FD2000-memory.dmp	upx
behavioral2/memory/4056-630-0x00007FF7DE270000-0x00007FF7DE662000-memory.dmp	upx
behavioral2/memory/5068-628-0x00007FF6DD3F0000-0x00007FF6DD7E2000-memory.dmp	upx
behavioral2/memory/1616-627-0x00007FF7EFF50000-0x00007FF7F0342000-memory.dmp	upx
behavioral2/memory/4628-564-0x00007FF694E50000-0x00007FF695242000-memory.dmp	upx
behavioral2/memory/3016-456-0x00007FF7C1BB0000-0x00007FF7C1FA2000-memory.dmp	upx
behavioral2/files/0x0007000000023446-179.dat	upx
behavioral2/files/0x0007000000023434-176.dat	upx
behavioral2/files/0x0007000000023445-172.dat	upx
behavioral2/files/0x0007000000023444-156.dat	upx
behavioral2/files/0x000700000002343b-155.dat	upx
behavioral2/files/0x0007000000023443-153.dat	upx
behavioral2/files/0x0007000000023441-146.dat	upx
behavioral2/files/0x0007000000023435-182.dat	upx
behavioral2/files/0x000700000002343f-143.dat	upx
behavioral2/files/0x000700000002343e-142.dat	upx
behavioral2/files/0x0007000000023430-137.dat	upx
behavioral2/files/0x000700000002343a-128.dat	upx
behavioral2/files/0x0007000000023433-127.dat	upx
behavioral2/files/0x0007000000023439-125.dat	upx
behavioral2/files/0x0007000000023438-124.dat	upx
behavioral2/files/0x0007000000023436-112.dat	upx
behavioral2/files/0x0007000000023440-145.dat	upx
behavioral2/files/0x000700000002342e-90.dat	upx
behavioral2/files/0x000700000002342d-86.dat	upx
behavioral2/files/0x0007000000023429-82.dat	upx
behavioral2/files/0x0007000000023432-77.dat	upx
behavioral2/files/0x000700000002342f-63.dat	upx
behavioral2/files/0x0007000000023428-57.dat	upx
behavioral2/files/0x000700000002342c-56.dat	upx
behavioral2/files/0x000700000002342b-70.dat	upx
behavioral2/memory/2840-34-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp	upx
behavioral2/files/0x0007000000023426-19.dat	upx
behavioral2/files/0x0007000000023424-26.dat	upx
behavioral2/memory/4944-4544-0x00007FF6A1310000-0x00007FF6A1702000-memory.dmp	upx
behavioral2/memory/2840-4545-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tbyGaKc.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\wIQNixM.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\nAuVBLP.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\WsZCSDj.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\ESVIlIh.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\kXtdaKV.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\vWmyMxV.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\OUViJMa.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\XEMQLPE.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\nDciJRv.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\wCVyqza.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\iVKwYcI.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\GDWFNCs.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\WVlWnrj.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\BCeAYoi.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\trensYB.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\hlCMmBx.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\pNKOYWK.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\gObsYqC.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\XoIRQcp.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\bTFkZLx.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\rasaWan.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\XLSHVky.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\FDLcGBE.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\YYJHWfS.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\tVTvmUK.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\jjEzFRt.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\rAEqcpL.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\PfgDcje.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\EydjIVn.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\mleWUCR.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\ZMwsFwc.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\NRNaest.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\CZPKGFx.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\OWZcALs.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\prAgGza.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\faRAxQW.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\muWbTzG.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\sSyTBDM.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\lSwznos.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\tEGNziI.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\ooUMrYb.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\xccwXKs.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\WzzlBFL.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\KgHKyQu.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\XwcssgO.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\nEBrnsn.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\jTDdeKF.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\juOArbX.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\iLNFRMm.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\rXqvIdk.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\SZkzjsn.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\vGyqJph.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\PTSrfNJ.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\XWXXuSk.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\UObkHlN.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\AalJYic.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\XeLeOxs.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\MjqLXVA.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\IgKbWFE.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\yRNqCVB.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\lfJusOW.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\HDxLPxB.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
File created	C:\Windows\System\BIzqzFo.exe	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4732	powershell.exe
4732	powershell.exe
4732	powershell.exe
4732	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4732	powershell.exe
Token: SeLockMemoryPrivilege	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 4732	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	83
PID 4220 wrote to memory of 4732	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	83
PID 4220 wrote to memory of 4944	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	84
PID 4220 wrote to memory of 4944	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	84
PID 4220 wrote to memory of 2840	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	85
PID 4220 wrote to memory of 2840	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	85
PID 4220 wrote to memory of 2044	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	86
PID 4220 wrote to memory of 2044	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	86
PID 4220 wrote to memory of 4800	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	87
PID 4220 wrote to memory of 4800	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	87
PID 4220 wrote to memory of 3216	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	88
PID 4220 wrote to memory of 3216	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	88
PID 4220 wrote to memory of 4832	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	89
PID 4220 wrote to memory of 4832	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	89
PID 4220 wrote to memory of 3624	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	90
PID 4220 wrote to memory of 3624	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	90
PID 4220 wrote to memory of 2908	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	91
PID 4220 wrote to memory of 2908	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	91
PID 4220 wrote to memory of 2904	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	92
PID 4220 wrote to memory of 2904	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	92
PID 4220 wrote to memory of 2216	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	93
PID 4220 wrote to memory of 2216	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	93
PID 4220 wrote to memory of 5064	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	94
PID 4220 wrote to memory of 5064	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	94
PID 4220 wrote to memory of 3068	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	95
PID 4220 wrote to memory of 3068	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	95
PID 4220 wrote to memory of 3016	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	96
PID 4220 wrote to memory of 3016	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	96
PID 4220 wrote to memory of 3208	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	97
PID 4220 wrote to memory of 3208	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	97
PID 4220 wrote to memory of 4628	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	98
PID 4220 wrote to memory of 4628	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	98
PID 4220 wrote to memory of 4796	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	99
PID 4220 wrote to memory of 4796	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	99
PID 4220 wrote to memory of 1616	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	100
PID 4220 wrote to memory of 1616	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	100
PID 4220 wrote to memory of 5068	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	101
PID 4220 wrote to memory of 5068	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	101
PID 4220 wrote to memory of 3184	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	102
PID 4220 wrote to memory of 3184	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	102
PID 4220 wrote to memory of 4056	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	103
PID 4220 wrote to memory of 4056	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	103
PID 4220 wrote to memory of 508	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	104
PID 4220 wrote to memory of 508	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	104
PID 4220 wrote to memory of 852	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	105
PID 4220 wrote to memory of 852	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	105
PID 4220 wrote to memory of 5012	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	106
PID 4220 wrote to memory of 5012	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	106
PID 4220 wrote to memory of 2952	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	107
PID 4220 wrote to memory of 2952	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	107
PID 4220 wrote to memory of 4864	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	108
PID 4220 wrote to memory of 4864	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	108
PID 4220 wrote to memory of 5016	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	109
PID 4220 wrote to memory of 5016	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	109
PID 4220 wrote to memory of 4780	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	110
PID 4220 wrote to memory of 4780	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	110
PID 4220 wrote to memory of 2260	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	111
PID 4220 wrote to memory of 2260	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	111
PID 4220 wrote to memory of 4088	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	112
PID 4220 wrote to memory of 4088	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	112
PID 4220 wrote to memory of 5032	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	113
PID 4220 wrote to memory of 5032	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	113
PID 4220 wrote to memory of 368	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	114
PID 4220 wrote to memory of 368	4220	9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9d028cfda10fd9072eb69f6b4899a2e2d600ae81a84c918fe7fb93231ed97078_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4732
- C:\Windows\System\JcnBWzp.exe
  C:\Windows\System\JcnBWzp.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\jXatziw.exe
  C:\Windows\System\jXatziw.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\TfHDnFG.exe
  C:\Windows\System\TfHDnFG.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\YNzNZmN.exe
  C:\Windows\System\YNzNZmN.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\IgKbWFE.exe
  C:\Windows\System\IgKbWFE.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\YVWdmHq.exe
  C:\Windows\System\YVWdmHq.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\yxfiTbA.exe
  C:\Windows\System\yxfiTbA.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\ybMYZSz.exe
  C:\Windows\System\ybMYZSz.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\maAFfwi.exe
  C:\Windows\System\maAFfwi.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\oXDmuFl.exe
  C:\Windows\System\oXDmuFl.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\kqUHPbw.exe
  C:\Windows\System\kqUHPbw.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\hfEUUrc.exe
  C:\Windows\System\hfEUUrc.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\qtVhGFA.exe
  C:\Windows\System\qtVhGFA.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\iYfNFua.exe
  C:\Windows\System\iYfNFua.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\maQJlqs.exe
  C:\Windows\System\maQJlqs.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\QCfcSDh.exe
  C:\Windows\System\QCfcSDh.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\AsOJVMX.exe
  C:\Windows\System\AsOJVMX.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\nOKZpPC.exe
  C:\Windows\System\nOKZpPC.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\rYcZLlM.exe
  C:\Windows\System\rYcZLlM.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\NRNaest.exe
  C:\Windows\System\NRNaest.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\lvyCMoS.exe
  C:\Windows\System\lvyCMoS.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\KtmLJBw.exe
  C:\Windows\System\KtmLJBw.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\yKDnfuP.exe
  C:\Windows\System\yKDnfuP.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\uasiuKt.exe
  C:\Windows\System\uasiuKt.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\FpdHdnW.exe
  C:\Windows\System\FpdHdnW.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\HfqNAYK.exe
  C:\Windows\System\HfqNAYK.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\TEzHTxz.exe
  C:\Windows\System\TEzHTxz.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\UXvYLuy.exe
  C:\Windows\System\UXvYLuy.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\AKePjrQ.exe
  C:\Windows\System\AKePjrQ.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\yURcJzn.exe
  C:\Windows\System\yURcJzn.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\SHPnYUL.exe
  C:\Windows\System\SHPnYUL.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\uuKtgak.exe
  C:\Windows\System\uuKtgak.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\JukpuHl.exe
  C:\Windows\System\JukpuHl.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\VRPxknM.exe
  C:\Windows\System\VRPxknM.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\kyseGTV.exe
  C:\Windows\System\kyseGTV.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\AtBJgzw.exe
  C:\Windows\System\AtBJgzw.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\gpUcpPc.exe
  C:\Windows\System\gpUcpPc.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\pZzXmXl.exe
  C:\Windows\System\pZzXmXl.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\SpWyPOL.exe
  C:\Windows\System\SpWyPOL.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\fYhjDPn.exe
  C:\Windows\System\fYhjDPn.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\myUuSHM.exe
  C:\Windows\System\myUuSHM.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\NYyFHhd.exe
  C:\Windows\System\NYyFHhd.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\gxdzcsT.exe
  C:\Windows\System\gxdzcsT.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\yFjLeUW.exe
  C:\Windows\System\yFjLeUW.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\pxvKdSl.exe
  C:\Windows\System\pxvKdSl.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\llMXMcR.exe
  C:\Windows\System\llMXMcR.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\xpHsOfD.exe
  C:\Windows\System\xpHsOfD.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\lEZxwaG.exe
  C:\Windows\System\lEZxwaG.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\GuDZwLy.exe
  C:\Windows\System\GuDZwLy.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\VHGNOeY.exe
  C:\Windows\System\VHGNOeY.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\kjhVajJ.exe
  C:\Windows\System\kjhVajJ.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\xxxxKFb.exe
  C:\Windows\System\xxxxKFb.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\NSwPIkU.exe
  C:\Windows\System\NSwPIkU.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\RQjocsG.exe
  C:\Windows\System\RQjocsG.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\veELkxo.exe
  C:\Windows\System\veELkxo.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\uHoajOa.exe
  C:\Windows\System\uHoajOa.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\MEFdTwL.exe
  C:\Windows\System\MEFdTwL.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\IawDsdP.exe
  C:\Windows\System\IawDsdP.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\SsgDwMA.exe
  C:\Windows\System\SsgDwMA.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ETuUJAz.exe
  C:\Windows\System\ETuUJAz.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\KIOhFOD.exe
  C:\Windows\System\KIOhFOD.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\CNxJrhf.exe
  C:\Windows\System\CNxJrhf.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\nufEjQs.exe
  C:\Windows\System\nufEjQs.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\ffzGDvo.exe
  C:\Windows\System\ffzGDvo.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\nJqMFeX.exe
  C:\Windows\System\nJqMFeX.exe
  2⤵
  PID:1372
- C:\Windows\System\LKLWFNn.exe
  C:\Windows\System\LKLWFNn.exe
  2⤵
  PID:3308
- C:\Windows\System\EXcWYnH.exe
  C:\Windows\System\EXcWYnH.exe
  2⤵
  PID:4948
- C:\Windows\System\CxZTHyh.exe
  C:\Windows\System\CxZTHyh.exe
  2⤵
  PID:3272
- C:\Windows\System\afDFfqO.exe
  C:\Windows\System\afDFfqO.exe
  2⤵
  PID:3512
- C:\Windows\System\QJxksin.exe
  C:\Windows\System\QJxksin.exe
  2⤵
  PID:4268
- C:\Windows\System\rYRQpYA.exe
  C:\Windows\System\rYRQpYA.exe
  2⤵
  PID:2424
- C:\Windows\System\BvWxKND.exe
  C:\Windows\System\BvWxKND.exe
  2⤵
  PID:1384
- C:\Windows\System\pUlOxPp.exe
  C:\Windows\System\pUlOxPp.exe
  2⤵
  PID:3088
- C:\Windows\System\XWVCoQM.exe
  C:\Windows\System\XWVCoQM.exe
  2⤵
  PID:3328
- C:\Windows\System\WhwYYXd.exe
  C:\Windows\System\WhwYYXd.exe
  2⤵
  PID:4208
- C:\Windows\System\ULysqXy.exe
  C:\Windows\System\ULysqXy.exe
  2⤵
  PID:3020
- C:\Windows\System\HjztfIJ.exe
  C:\Windows\System\HjztfIJ.exe
  2⤵
  PID:3092
- C:\Windows\System\HnnpMvY.exe
  C:\Windows\System\HnnpMvY.exe
  2⤵
  PID:5128
- C:\Windows\System\fvavPtK.exe
  C:\Windows\System\fvavPtK.exe
  2⤵
  PID:5156
- C:\Windows\System\NPtWmDL.exe
  C:\Windows\System\NPtWmDL.exe
  2⤵
  PID:5172
- C:\Windows\System\ZDUFMjw.exe
  C:\Windows\System\ZDUFMjw.exe
  2⤵
  PID:5188
- C:\Windows\System\XFWJtpO.exe
  C:\Windows\System\XFWJtpO.exe
  2⤵
  PID:5216
- C:\Windows\System\iXTAOYr.exe
  C:\Windows\System\iXTAOYr.exe
  2⤵
  PID:5292
- C:\Windows\System\NUEmmrm.exe
  C:\Windows\System\NUEmmrm.exe
  2⤵
  PID:5316
- C:\Windows\System\iaBuMfL.exe
  C:\Windows\System\iaBuMfL.exe
  2⤵
  PID:5340
- C:\Windows\System\RWjyfgB.exe
  C:\Windows\System\RWjyfgB.exe
  2⤵
  PID:5360
- C:\Windows\System\fQJaRsD.exe
  C:\Windows\System\fQJaRsD.exe
  2⤵
  PID:5380
- C:\Windows\System\tuqawwu.exe
  C:\Windows\System\tuqawwu.exe
  2⤵
  PID:5400
- C:\Windows\System\taiVYfF.exe
  C:\Windows\System\taiVYfF.exe
  2⤵
  PID:5420
- C:\Windows\System\fwPpDCV.exe
  C:\Windows\System\fwPpDCV.exe
  2⤵
  PID:5444
- C:\Windows\System\BBDIKZk.exe
  C:\Windows\System\BBDIKZk.exe
  2⤵
  PID:5460
- C:\Windows\System\PZslHbA.exe
  C:\Windows\System\PZslHbA.exe
  2⤵
  PID:5484
- C:\Windows\System\RgPZcZq.exe
  C:\Windows\System\RgPZcZq.exe
  2⤵
  PID:5508
- C:\Windows\System\MqRYCRM.exe
  C:\Windows\System\MqRYCRM.exe
  2⤵
  PID:5528
- C:\Windows\System\mqoBiYM.exe
  C:\Windows\System\mqoBiYM.exe
  2⤵
  PID:5548
- C:\Windows\System\iWKwjQJ.exe
  C:\Windows\System\iWKwjQJ.exe
  2⤵
  PID:5568
- C:\Windows\System\TVOLHco.exe
  C:\Windows\System\TVOLHco.exe
  2⤵
  PID:5588
- C:\Windows\System\nTIhKal.exe
  C:\Windows\System\nTIhKal.exe
  2⤵
  PID:5612
- C:\Windows\System\nsPMFpL.exe
  C:\Windows\System\nsPMFpL.exe
  2⤵
  PID:5632
- C:\Windows\System\bWGtZWw.exe
  C:\Windows\System\bWGtZWw.exe
  2⤵
  PID:5652
- C:\Windows\System\ygbXrqm.exe
  C:\Windows\System\ygbXrqm.exe
  2⤵
  PID:5676
- C:\Windows\System\mutMlsQ.exe
  C:\Windows\System\mutMlsQ.exe
  2⤵
  PID:5692
- C:\Windows\System\trensYB.exe
  C:\Windows\System\trensYB.exe
  2⤵
  PID:5716
- C:\Windows\System\MrHTPup.exe
  C:\Windows\System\MrHTPup.exe
  2⤵
  PID:5740
- C:\Windows\System\wvWLDjd.exe
  C:\Windows\System\wvWLDjd.exe
  2⤵
  PID:5784
- C:\Windows\System\QgaeBFK.exe
  C:\Windows\System\QgaeBFK.exe
  2⤵
  PID:5800
- C:\Windows\System\OpzeumU.exe
  C:\Windows\System\OpzeumU.exe
  2⤵
  PID:5816
- C:\Windows\System\jhpvEgX.exe
  C:\Windows\System\jhpvEgX.exe
  2⤵
  PID:5832
- C:\Windows\System\UVVxYUk.exe
  C:\Windows\System\UVVxYUk.exe
  2⤵
  PID:5848
- C:\Windows\System\VUFHEOJ.exe
  C:\Windows\System\VUFHEOJ.exe
  2⤵
  PID:5868
- C:\Windows\System\TcRXuBZ.exe
  C:\Windows\System\TcRXuBZ.exe
  2⤵
  PID:5888
- C:\Windows\System\RKZENHc.exe
  C:\Windows\System\RKZENHc.exe
  2⤵
  PID:5908
- C:\Windows\System\TvMKpFL.exe
  C:\Windows\System\TvMKpFL.exe
  2⤵
  PID:5972
- C:\Windows\System\qszcsYM.exe
  C:\Windows\System\qszcsYM.exe
  2⤵
  PID:5992
- C:\Windows\System\tIRkAlF.exe
  C:\Windows\System\tIRkAlF.exe
  2⤵
  PID:6028
- C:\Windows\System\WKOYsqh.exe
  C:\Windows\System\WKOYsqh.exe
  2⤵
  PID:6044
- C:\Windows\System\uhlLVhV.exe
  C:\Windows\System\uhlLVhV.exe
  2⤵
  PID:6080
- C:\Windows\System\yrMNnpI.exe
  C:\Windows\System\yrMNnpI.exe
  2⤵
  PID:6132
- C:\Windows\System\CPkNism.exe
  C:\Windows\System\CPkNism.exe
  2⤵
  PID:4156
- C:\Windows\System\GxhdMfk.exe
  C:\Windows\System\GxhdMfk.exe
  2⤵
  PID:1872
- C:\Windows\System\zsvcWhY.exe
  C:\Windows\System\zsvcWhY.exe
  2⤵
  PID:4404
- C:\Windows\System\cbQvUBV.exe
  C:\Windows\System\cbQvUBV.exe
  2⤵
  PID:792
- C:\Windows\System\ZJStwmh.exe
  C:\Windows\System\ZJStwmh.exe
  2⤵
  PID:3116
- C:\Windows\System\aCAdoKE.exe
  C:\Windows\System\aCAdoKE.exe
  2⤵
  PID:4764
- C:\Windows\System\ppXJQMh.exe
  C:\Windows\System\ppXJQMh.exe
  2⤵
  PID:4340
- C:\Windows\System\nPqKvsK.exe
  C:\Windows\System\nPqKvsK.exe
  2⤵
  PID:3732
- C:\Windows\System\wnHoXqi.exe
  C:\Windows\System\wnHoXqi.exe
  2⤵
  PID:3112
- C:\Windows\System\TgmzDuw.exe
  C:\Windows\System\TgmzDuw.exe
  2⤵
  PID:3240
- C:\Windows\System\VFUMcum.exe
  C:\Windows\System\VFUMcum.exe
  2⤵
  PID:5468
- C:\Windows\System\jSodCYl.exe
  C:\Windows\System\jSodCYl.exe
  2⤵
  PID:5540
- C:\Windows\System\tVTvmUK.exe
  C:\Windows\System\tVTvmUK.exe
  2⤵
  PID:5608
- C:\Windows\System\uIRydwq.exe
  C:\Windows\System\uIRydwq.exe
  2⤵
  PID:5644
- C:\Windows\System\zksxKDf.exe
  C:\Windows\System\zksxKDf.exe
  2⤵
  PID:5672
- C:\Windows\System\yvjzdFK.exe
  C:\Windows\System\yvjzdFK.exe
  2⤵
  PID:5736
- C:\Windows\System\pGixdyc.exe
  C:\Windows\System\pGixdyc.exe
  2⤵
  PID:2408
- C:\Windows\System\HEAglTz.exe
  C:\Windows\System\HEAglTz.exe
  2⤵
  PID:5776
- C:\Windows\System\XllQWrA.exe
  C:\Windows\System\XllQWrA.exe
  2⤵
  PID:2748
- C:\Windows\System\tmignZs.exe
  C:\Windows\System\tmignZs.exe
  2⤵
  PID:4376
- C:\Windows\System\HSUkHjV.exe
  C:\Windows\System\HSUkHjV.exe
  2⤵
  PID:1180
- C:\Windows\System\kHBYcUN.exe
  C:\Windows\System\kHBYcUN.exe
  2⤵
  PID:5164
- C:\Windows\System\IuRWJSm.exe
  C:\Windows\System\IuRWJSm.exe
  2⤵
  PID:2536
- C:\Windows\System\WmSsfSl.exe
  C:\Windows\System\WmSsfSl.exe
  2⤵
  PID:5628
- C:\Windows\System\WMvtBJB.exe
  C:\Windows\System\WMvtBJB.exe
  2⤵
  PID:6092
- C:\Windows\System\tFEhkKt.exe
  C:\Windows\System\tFEhkKt.exe
  2⤵
  PID:6148
- C:\Windows\System\XFolfsT.exe
  C:\Windows\System\XFolfsT.exe
  2⤵
  PID:6164
- C:\Windows\System\TNHOZqT.exe
  C:\Windows\System\TNHOZqT.exe
  2⤵
  PID:6188
- C:\Windows\System\VmrWbqQ.exe
  C:\Windows\System\VmrWbqQ.exe
  2⤵
  PID:6208
- C:\Windows\System\bLpfGvQ.exe
  C:\Windows\System\bLpfGvQ.exe
  2⤵
  PID:6228
- C:\Windows\System\KtpLaKO.exe
  C:\Windows\System\KtpLaKO.exe
  2⤵
  PID:6252
- C:\Windows\System\iqgcAIz.exe
  C:\Windows\System\iqgcAIz.exe
  2⤵
  PID:6268
- C:\Windows\System\NEtJvHX.exe
  C:\Windows\System\NEtJvHX.exe
  2⤵
  PID:6288
- C:\Windows\System\jTzofVt.exe
  C:\Windows\System\jTzofVt.exe
  2⤵
  PID:6308
- C:\Windows\System\iKVMWcE.exe
  C:\Windows\System\iKVMWcE.exe
  2⤵
  PID:6336
- C:\Windows\System\qxxicwT.exe
  C:\Windows\System\qxxicwT.exe
  2⤵
  PID:6356
- C:\Windows\System\kXzgupZ.exe
  C:\Windows\System\kXzgupZ.exe
  2⤵
  PID:6376
- C:\Windows\System\LTfeWJX.exe
  C:\Windows\System\LTfeWJX.exe
  2⤵
  PID:6396
- C:\Windows\System\WrQROqh.exe
  C:\Windows\System\WrQROqh.exe
  2⤵
  PID:6416
- C:\Windows\System\PTTtpFG.exe
  C:\Windows\System\PTTtpFG.exe
  2⤵
  PID:6440
- C:\Windows\System\EcQizMy.exe
  C:\Windows\System\EcQizMy.exe
  2⤵
  PID:6464
- C:\Windows\System\NkzOkMB.exe
  C:\Windows\System\NkzOkMB.exe
  2⤵
  PID:6484
- C:\Windows\System\uHLtwfD.exe
  C:\Windows\System\uHLtwfD.exe
  2⤵
  PID:6508
- C:\Windows\System\dpqvtoY.exe
  C:\Windows\System\dpqvtoY.exe
  2⤵
  PID:6528
- C:\Windows\System\SMhszBM.exe
  C:\Windows\System\SMhszBM.exe
  2⤵
  PID:6548
- C:\Windows\System\czeWIuR.exe
  C:\Windows\System\czeWIuR.exe
  2⤵
  PID:6572
- C:\Windows\System\vdXAbkO.exe
  C:\Windows\System\vdXAbkO.exe
  2⤵
  PID:6588
- C:\Windows\System\YaiJcuK.exe
  C:\Windows\System\YaiJcuK.exe
  2⤵
  PID:6612
- C:\Windows\System\CkcpFuU.exe
  C:\Windows\System\CkcpFuU.exe
  2⤵
  PID:6636
- C:\Windows\System\ICWZdjt.exe
  C:\Windows\System\ICWZdjt.exe
  2⤵
  PID:6656
- C:\Windows\System\UcvpZXa.exe
  C:\Windows\System\UcvpZXa.exe
  2⤵
  PID:6672
- C:\Windows\System\mYexlsG.exe
  C:\Windows\System\mYexlsG.exe
  2⤵
  PID:6692
- C:\Windows\System\XSGvaUX.exe
  C:\Windows\System\XSGvaUX.exe
  2⤵
  PID:6712
- C:\Windows\System\yMirSqM.exe
  C:\Windows\System\yMirSqM.exe
  2⤵
  PID:6736
- C:\Windows\System\PGANhSm.exe
  C:\Windows\System\PGANhSm.exe
  2⤵
  PID:6752
- C:\Windows\System\vFhSiBx.exe
  C:\Windows\System\vFhSiBx.exe
  2⤵
  PID:6768
- C:\Windows\System\aqNzhXU.exe
  C:\Windows\System\aqNzhXU.exe
  2⤵
  PID:6784
- C:\Windows\System\hJKRnbh.exe
  C:\Windows\System\hJKRnbh.exe
  2⤵
  PID:6804
- C:\Windows\System\eWPklUa.exe
  C:\Windows\System\eWPklUa.exe
  2⤵
  PID:6824
- C:\Windows\System\wXEcwIL.exe
  C:\Windows\System\wXEcwIL.exe
  2⤵
  PID:6840
- C:\Windows\System\iKhpHaI.exe
  C:\Windows\System\iKhpHaI.exe
  2⤵
  PID:6864
- C:\Windows\System\kTbqFVD.exe
  C:\Windows\System\kTbqFVD.exe
  2⤵
  PID:6884
- C:\Windows\System\mOjqAxI.exe
  C:\Windows\System\mOjqAxI.exe
  2⤵
  PID:6904
- C:\Windows\System\AJLpePe.exe
  C:\Windows\System\AJLpePe.exe
  2⤵
  PID:6920
- C:\Windows\System\IjBcDYQ.exe
  C:\Windows\System\IjBcDYQ.exe
  2⤵
  PID:6940
- C:\Windows\System\GtIyKEE.exe
  C:\Windows\System\GtIyKEE.exe
  2⤵
  PID:6960
- C:\Windows\System\jfsSciu.exe
  C:\Windows\System\jfsSciu.exe
  2⤵
  PID:6976
- C:\Windows\System\TVwmmTC.exe
  C:\Windows\System\TVwmmTC.exe
  2⤵
  PID:7000
- C:\Windows\System\LgsVVvp.exe
  C:\Windows\System\LgsVVvp.exe
  2⤵
  PID:7016
- C:\Windows\System\BLpabJR.exe
  C:\Windows\System\BLpabJR.exe
  2⤵
  PID:7036
- C:\Windows\System\HKtlyQO.exe
  C:\Windows\System\HKtlyQO.exe
  2⤵
  PID:7056
- C:\Windows\System\RzlyOVT.exe
  C:\Windows\System\RzlyOVT.exe
  2⤵
  PID:7080
- C:\Windows\System\nDSECdc.exe
  C:\Windows\System\nDSECdc.exe
  2⤵
  PID:7096
- C:\Windows\System\qyZhZME.exe
  C:\Windows\System\qyZhZME.exe
  2⤵
  PID:7140
- C:\Windows\System\qpEcifa.exe
  C:\Windows\System\qpEcifa.exe
  2⤵
  PID:5280
- C:\Windows\System\mPSHEJi.exe
  C:\Windows\System\mPSHEJi.exe
  2⤵
  PID:5312
- C:\Windows\System\yLyDnwR.exe
  C:\Windows\System\yLyDnwR.exe
  2⤵
  PID:5352
- C:\Windows\System\sOsFzDH.exe
  C:\Windows\System\sOsFzDH.exe
  2⤵
  PID:5388
- C:\Windows\System\whuvWOj.exe
  C:\Windows\System\whuvWOj.exe
  2⤵
  PID:5428
- C:\Windows\System\tdPxKKJ.exe
  C:\Windows\System\tdPxKKJ.exe
  2⤵
  PID:6012
- C:\Windows\System\NfuPuFB.exe
  C:\Windows\System\NfuPuFB.exe
  2⤵
  PID:4472
- C:\Windows\System\pKUKCwR.exe
  C:\Windows\System\pKUKCwR.exe
  2⤵
  PID:2172
- C:\Windows\System\lhPinTE.exe
  C:\Windows\System\lhPinTE.exe
  2⤵
  PID:5824
- C:\Windows\System\vzlJMaw.exe
  C:\Windows\System\vzlJMaw.exe
  2⤵
  PID:5864
- C:\Windows\System\osRKMdD.exe
  C:\Windows\System\osRKMdD.exe
  2⤵
  PID:5904
- C:\Windows\System\KhQAmSk.exe
  C:\Windows\System\KhQAmSk.exe
  2⤵
  PID:6180
- C:\Windows\System\QSMyhbk.exe
  C:\Windows\System\QSMyhbk.exe
  2⤵
  PID:6264
- C:\Windows\System\XTfQeBc.exe
  C:\Windows\System\XTfQeBc.exe
  2⤵
  PID:6348
- C:\Windows\System\Ovzmqaw.exe
  C:\Windows\System\Ovzmqaw.exe
  2⤵
  PID:6392
- C:\Windows\System\htzYfTV.exe
  C:\Windows\System\htzYfTV.exe
  2⤵
  PID:6452
- C:\Windows\System\eeTNBZF.exe
  C:\Windows\System\eeTNBZF.exe
  2⤵
  PID:6504
- C:\Windows\System\izwqQqo.exe
  C:\Windows\System\izwqQqo.exe
  2⤵
  PID:7188
- C:\Windows\System\sfziROY.exe
  C:\Windows\System\sfziROY.exe
  2⤵
  PID:7212
- C:\Windows\System\upwnycf.exe
  C:\Windows\System\upwnycf.exe
  2⤵
  PID:7384
- C:\Windows\System\KWNLCfV.exe
  C:\Windows\System\KWNLCfV.exe
  2⤵
  PID:7400
- C:\Windows\System\VeivlpB.exe
  C:\Windows\System\VeivlpB.exe
  2⤵
  PID:7416
- C:\Windows\System\mwMUsYZ.exe
  C:\Windows\System\mwMUsYZ.exe
  2⤵
  PID:7432
- C:\Windows\System\UOCwhVK.exe
  C:\Windows\System\UOCwhVK.exe
  2⤵
  PID:7448
- C:\Windows\System\hNjzIKM.exe
  C:\Windows\System\hNjzIKM.exe
  2⤵
  PID:7464
- C:\Windows\System\JfIamgj.exe
  C:\Windows\System\JfIamgj.exe
  2⤵
  PID:7480
- C:\Windows\System\RWMNInw.exe
  C:\Windows\System\RWMNInw.exe
  2⤵
  PID:7496
- C:\Windows\System\mZtDVYa.exe
  C:\Windows\System\mZtDVYa.exe
  2⤵
  PID:7512
- C:\Windows\System\ujOPTyk.exe
  C:\Windows\System\ujOPTyk.exe
  2⤵
  PID:7528
- C:\Windows\System\AfQOpqw.exe
  C:\Windows\System\AfQOpqw.exe
  2⤵
  PID:7544
- C:\Windows\System\cCWUANA.exe
  C:\Windows\System\cCWUANA.exe
  2⤵
  PID:7560
- C:\Windows\System\MGItzkY.exe
  C:\Windows\System\MGItzkY.exe
  2⤵
  PID:7576
- C:\Windows\System\LgiDgav.exe
  C:\Windows\System\LgiDgav.exe
  2⤵
  PID:7592
- C:\Windows\System\yhUfOBH.exe
  C:\Windows\System\yhUfOBH.exe
  2⤵
  PID:7608
- C:\Windows\System\BFhjOJc.exe
  C:\Windows\System\BFhjOJc.exe
  2⤵
  PID:7624
- C:\Windows\System\zjoSUTr.exe
  C:\Windows\System\zjoSUTr.exe
  2⤵
  PID:7640
- C:\Windows\System\ALDvEpZ.exe
  C:\Windows\System\ALDvEpZ.exe
  2⤵
  PID:7664
- C:\Windows\System\cJKVLde.exe
  C:\Windows\System\cJKVLde.exe
  2⤵
  PID:7680
- C:\Windows\System\FdBwNmH.exe
  C:\Windows\System\FdBwNmH.exe
  2⤵
  PID:7752
- C:\Windows\System\zHWyZUN.exe
  C:\Windows\System\zHWyZUN.exe
  2⤵
  PID:7852
- C:\Windows\System\ObqPacV.exe
  C:\Windows\System\ObqPacV.exe
  2⤵
  PID:7900
- C:\Windows\System\wSfqnKh.exe
  C:\Windows\System\wSfqnKh.exe
  2⤵
  PID:7924
- C:\Windows\System\oUlungB.exe
  C:\Windows\System\oUlungB.exe
  2⤵
  PID:7948
- C:\Windows\System\TuGzgkJ.exe
  C:\Windows\System\TuGzgkJ.exe
  2⤵
  PID:7964
- C:\Windows\System\xknUozO.exe
  C:\Windows\System\xknUozO.exe
  2⤵
  PID:7980
- C:\Windows\System\yuAaBSK.exe
  C:\Windows\System\yuAaBSK.exe
  2⤵
  PID:7996
- C:\Windows\System\bzIngXE.exe
  C:\Windows\System\bzIngXE.exe
  2⤵
  PID:8012
- C:\Windows\System\ZhHwQfw.exe
  C:\Windows\System\ZhHwQfw.exe
  2⤵
  PID:8028
- C:\Windows\System\XdOjKHR.exe
  C:\Windows\System\XdOjKHR.exe
  2⤵
  PID:8044
- C:\Windows\System\ZvtLZUJ.exe
  C:\Windows\System\ZvtLZUJ.exe
  2⤵
  PID:8060
- C:\Windows\System\WWZgdyJ.exe
  C:\Windows\System\WWZgdyJ.exe
  2⤵
  PID:8076
- C:\Windows\System\QiFJjga.exe
  C:\Windows\System\QiFJjga.exe
  2⤵
  PID:8092
- C:\Windows\System\WvWCowS.exe
  C:\Windows\System\WvWCowS.exe
  2⤵
  PID:8112
- C:\Windows\System\PWVOojk.exe
  C:\Windows\System\PWVOojk.exe
  2⤵
  PID:8136
- C:\Windows\System\znuMwRk.exe
  C:\Windows\System\znuMwRk.exe
  2⤵
  PID:8160
- C:\Windows\System\GWWxCvb.exe
  C:\Windows\System\GWWxCvb.exe
  2⤵
  PID:8188
- C:\Windows\System\NKfpGVM.exe
  C:\Windows\System\NKfpGVM.exe
  2⤵
  PID:180
- C:\Windows\System\OopLhFF.exe
  C:\Windows\System\OopLhFF.exe
  2⤵
  PID:2004
- C:\Windows\System\MEcUkHT.exe
  C:\Windows\System\MEcUkHT.exe
  2⤵
  PID:3448
- C:\Windows\System\qYgXWZj.exe
  C:\Windows\System\qYgXWZj.exe
  2⤵
  PID:2792
- C:\Windows\System\ZxcClAC.exe
  C:\Windows\System\ZxcClAC.exe
  2⤵
  PID:5584
- C:\Windows\System\hLLLKuT.exe
  C:\Windows\System\hLLLKuT.exe
  2⤵
  PID:6448
- C:\Windows\System\fmMABdH.exe
  C:\Windows\System\fmMABdH.exe
  2⤵
  PID:6688
- C:\Windows\System\IVQqoJO.exe
  C:\Windows\System\IVQqoJO.exe
  2⤵
  PID:6052
- C:\Windows\System\obHggxu.exe
  C:\Windows\System\obHggxu.exe
  2⤵
  PID:6204
- C:\Windows\System\dipWPWy.exe
  C:\Windows\System\dipWPWy.exe
  2⤵
  PID:6280
- C:\Windows\System\CvBUsHK.exe
  C:\Windows\System\CvBUsHK.exe
  2⤵
  PID:6460
- C:\Windows\System\jUyfIKR.exe
  C:\Windows\System\jUyfIKR.exe
  2⤵
  PID:6564
- C:\Windows\System\VAVTsdS.exe
  C:\Windows\System\VAVTsdS.exe
  2⤵
  PID:7064
- C:\Windows\System\aSyEmod.exe
  C:\Windows\System\aSyEmod.exe
  2⤵
  PID:6196
- C:\Windows\System\GTweCFW.exe
  C:\Windows\System\GTweCFW.exe
  2⤵
  PID:8528
- C:\Windows\System\CRYylwx.exe
  C:\Windows\System\CRYylwx.exe
  2⤵
  PID:8544
- C:\Windows\System\OAgMUhV.exe
  C:\Windows\System\OAgMUhV.exe
  2⤵
  PID:8564
- C:\Windows\System\RRAbbeu.exe
  C:\Windows\System\RRAbbeu.exe
  2⤵
  PID:8728
- C:\Windows\System\JPiOmPA.exe
  C:\Windows\System\JPiOmPA.exe
  2⤵
  PID:8744
- C:\Windows\System\tepkwJE.exe
  C:\Windows\System\tepkwJE.exe
  2⤵
  PID:8760
- C:\Windows\System\ETgnmEK.exe
  C:\Windows\System\ETgnmEK.exe
  2⤵
  PID:8780
- C:\Windows\System\xknwECv.exe
  C:\Windows\System\xknwECv.exe
  2⤵
  PID:8800
- C:\Windows\System\Eudondg.exe
  C:\Windows\System\Eudondg.exe
  2⤵
  PID:8820
- C:\Windows\System\xRncYML.exe
  C:\Windows\System\xRncYML.exe
  2⤵
  PID:8840
- C:\Windows\System\gTMBfLB.exe
  C:\Windows\System\gTMBfLB.exe
  2⤵
  PID:8860
- C:\Windows\System\VBGskuz.exe
  C:\Windows\System\VBGskuz.exe
  2⤵
  PID:8876
- C:\Windows\System\aNfoKOT.exe
  C:\Windows\System\aNfoKOT.exe
  2⤵
  PID:8896
- C:\Windows\System\nOCcVam.exe
  C:\Windows\System\nOCcVam.exe
  2⤵
  PID:8916
- C:\Windows\System\SIysHDy.exe
  C:\Windows\System\SIysHDy.exe
  2⤵
  PID:8936
- C:\Windows\System\NREihPY.exe
  C:\Windows\System\NREihPY.exe
  2⤵
  PID:8956
- C:\Windows\System\frebNOu.exe
  C:\Windows\System\frebNOu.exe
  2⤵
  PID:8972
- C:\Windows\System\eFpjzor.exe
  C:\Windows\System\eFpjzor.exe
  2⤵
  PID:8996
- C:\Windows\System\aLAyKKB.exe
  C:\Windows\System\aLAyKKB.exe
  2⤵
  PID:9020
- C:\Windows\System\MSrUWcN.exe
  C:\Windows\System\MSrUWcN.exe
  2⤵
  PID:9040
- C:\Windows\System\LeyRYlW.exe
  C:\Windows\System\LeyRYlW.exe
  2⤵
  PID:9064
- C:\Windows\System\VRKonRS.exe
  C:\Windows\System\VRKonRS.exe
  2⤵
  PID:9096
- C:\Windows\System\hwBsAlx.exe
  C:\Windows\System\hwBsAlx.exe
  2⤵
  PID:9116
- C:\Windows\System\rvMKIAQ.exe
  C:\Windows\System\rvMKIAQ.exe
  2⤵
  PID:9140
- C:\Windows\System\Fyfqxcb.exe
  C:\Windows\System\Fyfqxcb.exe
  2⤵
  PID:9160
- C:\Windows\System\DiufjHF.exe
  C:\Windows\System\DiufjHF.exe
  2⤵
  PID:9180
- C:\Windows\System\uwxtYbg.exe
  C:\Windows\System\uwxtYbg.exe
  2⤵
  PID:9204
- C:\Windows\System\vWoSIVP.exe
  C:\Windows\System\vWoSIVP.exe
  2⤵
  PID:7976
- C:\Windows\System\Dwhjuru.exe
  C:\Windows\System\Dwhjuru.exe
  2⤵
  PID:3080
- C:\Windows\System\filjjBy.exe
  C:\Windows\System\filjjBy.exe
  2⤵
  PID:5660
- C:\Windows\System\MuccLtL.exe
  C:\Windows\System\MuccLtL.exe
  2⤵
  PID:6748
- C:\Windows\System\CccLlCq.exe
  C:\Windows\System\CccLlCq.exe
  2⤵
  PID:6900
- C:\Windows\System\VJIulXv.exe
  C:\Windows\System\VJIulXv.exe
  2⤵
  PID:4676
- C:\Windows\System\HMetWIb.exe
  C:\Windows\System\HMetWIb.exe
  2⤵
  PID:6912
- C:\Windows\System\xuxRfHM.exe
  C:\Windows\System\xuxRfHM.exe
  2⤵
  PID:8556
- C:\Windows\System\mEQWKIK.exe
  C:\Windows\System\mEQWKIK.exe
  2⤵
  PID:7012
- C:\Windows\System\QwhnHrl.exe
  C:\Windows\System\QwhnHrl.exe
  2⤵
  PID:9224
- C:\Windows\System\hPZPVEg.exe
  C:\Windows\System\hPZPVEg.exe
  2⤵
  PID:9244
- C:\Windows\System\GQzdAjV.exe
  C:\Windows\System\GQzdAjV.exe
  2⤵
  PID:9264
- C:\Windows\System\DDVCHDD.exe
  C:\Windows\System\DDVCHDD.exe
  2⤵
  PID:9280
- C:\Windows\System\OMJfWMY.exe
  C:\Windows\System\OMJfWMY.exe
  2⤵
  PID:9308
- C:\Windows\System\RSFWttK.exe
  C:\Windows\System\RSFWttK.exe
  2⤵
  PID:9328
- C:\Windows\System\tbetlAB.exe
  C:\Windows\System\tbetlAB.exe
  2⤵
  PID:9360
- C:\Windows\System\uAjIYbV.exe
  C:\Windows\System\uAjIYbV.exe
  2⤵
  PID:9376
- C:\Windows\System\CSqtMKt.exe
  C:\Windows\System\CSqtMKt.exe
  2⤵
  PID:9392
- C:\Windows\System\aJPIwpm.exe
  C:\Windows\System\aJPIwpm.exe
  2⤵
  PID:9428
- C:\Windows\System\RRppTSm.exe
  C:\Windows\System\RRppTSm.exe
  2⤵
  PID:9452
- C:\Windows\System\YGSDbsT.exe
  C:\Windows\System\YGSDbsT.exe
  2⤵
  PID:9468
- C:\Windows\System\zRhLtjU.exe
  C:\Windows\System\zRhLtjU.exe
  2⤵
  PID:9492
- C:\Windows\System\NkSOQOd.exe
  C:\Windows\System\NkSOQOd.exe
  2⤵
  PID:9508
- C:\Windows\System\tbJsMVL.exe
  C:\Windows\System\tbJsMVL.exe
  2⤵
  PID:9528
- C:\Windows\System\YgmiSvL.exe
  C:\Windows\System\YgmiSvL.exe
  2⤵
  PID:9552
- C:\Windows\System\RlgFsaI.exe
  C:\Windows\System\RlgFsaI.exe
  2⤵
  PID:9572
- C:\Windows\System\MsikAit.exe
  C:\Windows\System\MsikAit.exe
  2⤵
  PID:9588
- C:\Windows\System\DtPFtSN.exe
  C:\Windows\System\DtPFtSN.exe
  2⤵
  PID:9608
- C:\Windows\System\HiYslNB.exe
  C:\Windows\System\HiYslNB.exe
  2⤵
  PID:9628
- C:\Windows\System\FkkUfya.exe
  C:\Windows\System\FkkUfya.exe
  2⤵
  PID:9644
- C:\Windows\System\jiRZdVi.exe
  C:\Windows\System\jiRZdVi.exe
  2⤵
  PID:9660
- C:\Windows\System\jZwJGsT.exe
  C:\Windows\System\jZwJGsT.exe
  2⤵
  PID:9684
- C:\Windows\System\klgvJmI.exe
  C:\Windows\System\klgvJmI.exe
  2⤵
  PID:9712
- C:\Windows\System\CIiowSp.exe
  C:\Windows\System\CIiowSp.exe
  2⤵
  PID:9728
- C:\Windows\System\sUmyFbM.exe
  C:\Windows\System\sUmyFbM.exe
  2⤵
  PID:9748
- C:\Windows\System\RvhmYby.exe
  C:\Windows\System\RvhmYby.exe
  2⤵
  PID:9768
- C:\Windows\System\siLcvXF.exe
  C:\Windows\System\siLcvXF.exe
  2⤵
  PID:9792
- C:\Windows\System\qKRcSTJ.exe
  C:\Windows\System\qKRcSTJ.exe
  2⤵
  PID:9808
- C:\Windows\System\IhwoZQU.exe
  C:\Windows\System\IhwoZQU.exe
  2⤵
  PID:9836
- C:\Windows\System\UiYChAS.exe
  C:\Windows\System\UiYChAS.exe
  2⤵
  PID:9852
- C:\Windows\System\iAEzjJu.exe
  C:\Windows\System\iAEzjJu.exe
  2⤵
  PID:9888
- C:\Windows\System\NLENGIc.exe
  C:\Windows\System\NLENGIc.exe
  2⤵
  PID:9912
- C:\Windows\System\OjFIdVp.exe
  C:\Windows\System\OjFIdVp.exe
  2⤵
  PID:9936
- C:\Windows\System\DZIrBrC.exe
  C:\Windows\System\DZIrBrC.exe
  2⤵
  PID:9960
- C:\Windows\System\FHmQKYO.exe
  C:\Windows\System\FHmQKYO.exe
  2⤵
  PID:9980
- C:\Windows\System\wEyGXAA.exe
  C:\Windows\System\wEyGXAA.exe
  2⤵
  PID:10004
- C:\Windows\System\IDLqftx.exe
  C:\Windows\System\IDLqftx.exe
  2⤵
  PID:10024
- C:\Windows\System\jCwVprN.exe
  C:\Windows\System\jCwVprN.exe
  2⤵
  PID:10056
- C:\Windows\System\wxBYxMd.exe
  C:\Windows\System\wxBYxMd.exe
  2⤵
  PID:10088
- C:\Windows\System\IAZhHxg.exe
  C:\Windows\System\IAZhHxg.exe
  2⤵
  PID:10108
- C:\Windows\System\tinhoNa.exe
  C:\Windows\System\tinhoNa.exe
  2⤵
  PID:10132
- C:\Windows\System\FPTAGDe.exe
  C:\Windows\System\FPTAGDe.exe
  2⤵
  PID:10160
- C:\Windows\System\risihmL.exe
  C:\Windows\System\risihmL.exe
  2⤵
  PID:10180
- C:\Windows\System\jNjaJQl.exe
  C:\Windows\System\jNjaJQl.exe
  2⤵
  PID:10196
- C:\Windows\System\LuxzYGt.exe
  C:\Windows\System\LuxzYGt.exe
  2⤵
  PID:10216
- C:\Windows\System\BIzVkyu.exe
  C:\Windows\System\BIzVkyu.exe
  2⤵
  PID:10236
- C:\Windows\System\vnnkgqD.exe
  C:\Windows\System\vnnkgqD.exe
  2⤵
  PID:7428
- C:\Windows\System\YvQLRae.exe
  C:\Windows\System\YvQLRae.exe
  2⤵
  PID:7476
- C:\Windows\System\nAuVBLP.exe
  C:\Windows\System\nAuVBLP.exe
  2⤵
  PID:7572
- C:\Windows\System\dzgyggJ.exe
  C:\Windows\System\dzgyggJ.exe
  2⤵
  PID:7616
- C:\Windows\System\fliXfIv.exe
  C:\Windows\System\fliXfIv.exe
  2⤵
  PID:7676
- C:\Windows\System\oaucJbH.exe
  C:\Windows\System\oaucJbH.exe
  2⤵
  PID:7860
- C:\Windows\System\BvUztFx.exe
  C:\Windows\System\BvUztFx.exe
  2⤵
  PID:7888
- C:\Windows\System\zPhzntF.exe
  C:\Windows\System\zPhzntF.exe
  2⤵
  PID:8052
- C:\Windows\System\EofmMkz.exe
  C:\Windows\System\EofmMkz.exe
  2⤵
  PID:8108
- C:\Windows\System\lzBColv.exe
  C:\Windows\System\lzBColv.exe
  2⤵
  PID:8168
- C:\Windows\System\dgtoqlB.exe
  C:\Windows\System\dgtoqlB.exe
  2⤵
  PID:6128
- C:\Windows\System\ELeIDZL.exe
  C:\Windows\System\ELeIDZL.exe
  2⤵
  PID:1244
- C:\Windows\System\BJVYvwK.exe
  C:\Windows\System\BJVYvwK.exe
  2⤵
  PID:5936
- C:\Windows\System\vPKAcpD.exe
  C:\Windows\System\vPKAcpD.exe
  2⤵
  PID:6296
- C:\Windows\System\xDfqpjb.exe
  C:\Windows\System\xDfqpjb.exe
  2⤵
  PID:6984
- C:\Windows\System\KYtznqv.exe
  C:\Windows\System\KYtznqv.exe
  2⤵
  PID:4484
- C:\Windows\System\TgaHXEG.exe
  C:\Windows\System\TgaHXEG.exe
  2⤵
  PID:7380
- C:\Windows\System\ctRKjKc.exe
  C:\Windows\System\ctRKjKc.exe
  2⤵
  PID:8736
- C:\Windows\System\YXaXCVj.exe
  C:\Windows\System\YXaXCVj.exe
  2⤵
  PID:8776
- C:\Windows\System\olEzGuK.exe
  C:\Windows\System\olEzGuK.exe
  2⤵
  PID:8816
- C:\Windows\System\iKtGBip.exe
  C:\Windows\System\iKtGBip.exe
  2⤵
  PID:8908
- C:\Windows\System\ebNntFl.exe
  C:\Windows\System\ebNntFl.exe
  2⤵
  PID:6952
- C:\Windows\System\gQUlozv.exe
  C:\Windows\System\gQUlozv.exe
  2⤵
  PID:8988
- C:\Windows\System\BUKzlOl.exe
  C:\Windows\System\BUKzlOl.exe
  2⤵
  PID:9108
- C:\Windows\System\erqLktF.exe
  C:\Windows\System\erqLktF.exe
  2⤵
  PID:9188
- C:\Windows\System\mEUEgJw.exe
  C:\Windows\System\mEUEgJw.exe
  2⤵
  PID:7884
- C:\Windows\System\VjPvISS.exe
  C:\Windows\System\VjPvISS.exe
  2⤵
  PID:6704
- C:\Windows\System\sxhuKDx.exe
  C:\Windows\System\sxhuKDx.exe
  2⤵
  PID:4024
- C:\Windows\System\LxSZNuD.exe
  C:\Windows\System\LxSZNuD.exe
  2⤵
  PID:6916
- C:\Windows\System\qTvWWac.exe
  C:\Windows\System\qTvWWac.exe
  2⤵
  PID:9232
- C:\Windows\System\LDyljEN.exe
  C:\Windows\System\LDyljEN.exe
  2⤵
  PID:7160
- C:\Windows\System\CACztKb.exe
  C:\Windows\System\CACztKb.exe
  2⤵
  PID:8304
- C:\Windows\System\PJgbYrQ.exe
  C:\Windows\System\PJgbYrQ.exe
  2⤵
  PID:8400
- C:\Windows\System\mLIXWYD.exe
  C:\Windows\System\mLIXWYD.exe
  2⤵
  PID:8856
- C:\Windows\System\dCLBKUo.exe
  C:\Windows\System\dCLBKUo.exe
  2⤵
  PID:8904
- C:\Windows\System\UCuGEkO.exe
  C:\Windows\System\UCuGEkO.exe
  2⤵
  PID:8928
- C:\Windows\System\SgARXtX.exe
  C:\Windows\System\SgARXtX.exe
  2⤵
  PID:8952
- C:\Windows\System\ZRPAtUG.exe
  C:\Windows\System\ZRPAtUG.exe
  2⤵
  PID:9744
- C:\Windows\System\JPRKotq.exe
  C:\Windows\System\JPRKotq.exe
  2⤵
  PID:9908
- C:\Windows\System\AiYRMUR.exe
  C:\Windows\System\AiYRMUR.exe
  2⤵
  PID:9976
- C:\Windows\System\OmArXJQ.exe
  C:\Windows\System\OmArXJQ.exe
  2⤵
  PID:9172
- C:\Windows\System\iuLqlnb.exe
  C:\Windows\System\iuLqlnb.exe
  2⤵
  PID:6368
- C:\Windows\System\DMdtBtX.exe
  C:\Windows\System\DMdtBtX.exe
  2⤵
  PID:10204
- C:\Windows\System\dodCdwa.exe
  C:\Windows\System\dodCdwa.exe
  2⤵
  PID:9260
- C:\Windows\System\wZEjiza.exe
  C:\Windows\System\wZEjiza.exe
  2⤵
  PID:8600
- C:\Windows\System\KRsCZRv.exe
  C:\Windows\System\KRsCZRv.exe
  2⤵
  PID:8648
- C:\Windows\System\wvZQqmO.exe
  C:\Windows\System\wvZQqmO.exe
  2⤵
  PID:8708
- C:\Windows\System\YIeAJtg.exe
  C:\Windows\System\YIeAJtg.exe
  2⤵
  PID:8752
- C:\Windows\System\ThEKlPO.exe
  C:\Windows\System\ThEKlPO.exe
  2⤵
  PID:9696
- C:\Windows\System\llLtDEy.exe
  C:\Windows\System\llLtDEy.exe
  2⤵
  PID:5560
- C:\Windows\System\AvzgNfK.exe
  C:\Windows\System\AvzgNfK.exe
  2⤵
  PID:6236
- C:\Windows\System\rsVhKmF.exe
  C:\Windows\System\rsVhKmF.exe
  2⤵
  PID:9008
- C:\Windows\System\bifsjTj.exe
  C:\Windows\System\bifsjTj.exe
  2⤵
  PID:9036
- C:\Windows\System\lJtoTIB.exe
  C:\Windows\System\lJtoTIB.exe
  2⤵
  PID:2732
- C:\Windows\System\HKAbXEV.exe
  C:\Windows\System\HKAbXEV.exe
  2⤵
  PID:8512
- C:\Windows\System\DJfOWnW.exe
  C:\Windows\System\DJfOWnW.exe
  2⤵
  PID:9136
- C:\Windows\System\iGgaZCV.exe
  C:\Windows\System\iGgaZCV.exe
  2⤵
  PID:10260
- C:\Windows\System\BkbDLQk.exe
  C:\Windows\System\BkbDLQk.exe
  2⤵
  PID:10284
- C:\Windows\System\NiTCqFi.exe
  C:\Windows\System\NiTCqFi.exe
  2⤵
  PID:10300
- C:\Windows\System\wrqKnyU.exe
  C:\Windows\System\wrqKnyU.exe
  2⤵
  PID:10324
- C:\Windows\System\bbnNRLP.exe
  C:\Windows\System\bbnNRLP.exe
  2⤵
  PID:10344
- C:\Windows\System\MiiimkT.exe
  C:\Windows\System\MiiimkT.exe
  2⤵
  PID:10364
- C:\Windows\System\fkxVarn.exe
  C:\Windows\System\fkxVarn.exe
  2⤵
  PID:10392
- C:\Windows\System\ZQNQZsw.exe
  C:\Windows\System\ZQNQZsw.exe
  2⤵
  PID:10412
- C:\Windows\System\sBrODQT.exe
  C:\Windows\System\sBrODQT.exe
  2⤵
  PID:10432
- C:\Windows\System\siPvEBJ.exe
  C:\Windows\System\siPvEBJ.exe
  2⤵
  PID:10456
- C:\Windows\System\GDEWTVo.exe
  C:\Windows\System\GDEWTVo.exe
  2⤵
  PID:10472
- C:\Windows\System\IesyBNj.exe
  C:\Windows\System\IesyBNj.exe
  2⤵
  PID:10496
- C:\Windows\System\BTTsNcE.exe
  C:\Windows\System\BTTsNcE.exe
  2⤵
  PID:10520
- C:\Windows\System\NVgyhAj.exe
  C:\Windows\System\NVgyhAj.exe
  2⤵
  PID:10540
- C:\Windows\System\TpgdxlE.exe
  C:\Windows\System\TpgdxlE.exe
  2⤵
  PID:10560
- C:\Windows\System\ZZtSvHX.exe
  C:\Windows\System\ZZtSvHX.exe
  2⤵
  PID:10588
- C:\Windows\System\wrYJGzh.exe
  C:\Windows\System\wrYJGzh.exe
  2⤵
  PID:10604
- C:\Windows\System\GHmLcmC.exe
  C:\Windows\System\GHmLcmC.exe
  2⤵
  PID:10632
- C:\Windows\System\EdjRgVg.exe
  C:\Windows\System\EdjRgVg.exe
  2⤵
  PID:10648
- C:\Windows\System\YsEpNTO.exe
  C:\Windows\System\YsEpNTO.exe
  2⤵
  PID:10668
- C:\Windows\System\WKUBRGz.exe
  C:\Windows\System\WKUBRGz.exe
  2⤵
  PID:10692
- C:\Windows\System\bRXzTAM.exe
  C:\Windows\System\bRXzTAM.exe
  2⤵
  PID:10712
- C:\Windows\System\Qvcdlxy.exe
  C:\Windows\System\Qvcdlxy.exe
  2⤵
  PID:10736
- C:\Windows\System\shBlDvT.exe
  C:\Windows\System\shBlDvT.exe
  2⤵
  PID:10756
- C:\Windows\System\cVNrygF.exe
  C:\Windows\System\cVNrygF.exe
  2⤵
  PID:10772
- C:\Windows\System\bPiMVzp.exe
  C:\Windows\System\bPiMVzp.exe
  2⤵
  PID:10792
- C:\Windows\System\muWbTzG.exe
  C:\Windows\System\muWbTzG.exe
  2⤵
  PID:10808
- C:\Windows\System\MWFhlAq.exe
  C:\Windows\System\MWFhlAq.exe
  2⤵
  PID:10824
- C:\Windows\System\DcHOaVT.exe
  C:\Windows\System\DcHOaVT.exe
  2⤵
  PID:10840
- C:\Windows\System\gyMTSMe.exe
  C:\Windows\System\gyMTSMe.exe
  2⤵
  PID:10856
- C:\Windows\System\mIjvNPm.exe
  C:\Windows\System\mIjvNPm.exe
  2⤵
  PID:10872
- C:\Windows\System\eMsigdS.exe
  C:\Windows\System\eMsigdS.exe
  2⤵
  PID:10896
- C:\Windows\System\OCOoqfi.exe
  C:\Windows\System\OCOoqfi.exe
  2⤵
  PID:10936
- C:\Windows\System\JKqVXOB.exe
  C:\Windows\System\JKqVXOB.exe
  2⤵
  PID:10956
- C:\Windows\System\moqCcpf.exe
  C:\Windows\System\moqCcpf.exe
  2⤵
  PID:10980
- C:\Windows\System\jSNtUza.exe
  C:\Windows\System\jSNtUza.exe
  2⤵
  PID:11004
- C:\Windows\System\jMwaGhr.exe
  C:\Windows\System\jMwaGhr.exe
  2⤵
  PID:11024
- C:\Windows\System\uXvuuGW.exe
  C:\Windows\System\uXvuuGW.exe
  2⤵
  PID:11048
- C:\Windows\System\qHevAZY.exe
  C:\Windows\System\qHevAZY.exe
  2⤵
  PID:11072
- C:\Windows\System\BkxneIP.exe
  C:\Windows\System\BkxneIP.exe
  2⤵
  PID:11096
- C:\Windows\System\oTPuwar.exe
  C:\Windows\System\oTPuwar.exe
  2⤵
  PID:11116
- C:\Windows\System\naxMSue.exe
  C:\Windows\System\naxMSue.exe
  2⤵
  PID:11136
- C:\Windows\System\elnnzDw.exe
  C:\Windows\System\elnnzDw.exe
  2⤵
  PID:11160
- C:\Windows\System\hYjCbpZ.exe
  C:\Windows\System\hYjCbpZ.exe
  2⤵
  PID:11188
- C:\Windows\System\PlaSZWO.exe
  C:\Windows\System\PlaSZWO.exe
  2⤵
  PID:11224
- C:\Windows\System\LhgQvvu.exe
  C:\Windows\System\LhgQvvu.exe
  2⤵
  PID:11248
- C:\Windows\System\yCDZELv.exe
  C:\Windows\System\yCDZELv.exe
  2⤵
  PID:8572
- C:\Windows\System\DCDaFaj.exe
  C:\Windows\System\DCDaFaj.exe
  2⤵
  PID:9540
- C:\Windows\System\MXBVIvk.exe
  C:\Windows\System\MXBVIvk.exe
  2⤵
  PID:9580
- C:\Windows\System\RVoOvQE.exe
  C:\Windows\System\RVoOvQE.exe
  2⤵
  PID:9616
- C:\Windows\System\baWgtFX.exe
  C:\Windows\System\baWgtFX.exe
  2⤵
  PID:6116
- C:\Windows\System\xetlowg.exe
  C:\Windows\System\xetlowg.exe
  2⤵
  PID:8696
- C:\Windows\System\mQmOeZL.exe
  C:\Windows\System\mQmOeZL.exe
  2⤵
  PID:9896
- C:\Windows\System\xyCZgBX.exe
  C:\Windows\System\xyCZgBX.exe
  2⤵
  PID:8836
- C:\Windows\System\NhnOGsf.exe
  C:\Windows\System\NhnOGsf.exe
  2⤵
  PID:8560
- C:\Windows\System\FArihey.exe
  C:\Windows\System\FArihey.exe
  2⤵
  PID:10464
- C:\Windows\System\ciNDkQs.exe
  C:\Windows\System\ciNDkQs.exe
  2⤵
  PID:10516
- C:\Windows\System\ALOTurP.exe
  C:\Windows\System\ALOTurP.exe
  2⤵
  PID:232
- C:\Windows\System\NpsMOxI.exe
  C:\Windows\System\NpsMOxI.exe
  2⤵
  PID:1736
- C:\Windows\System\tcjlUIy.exe
  C:\Windows\System\tcjlUIy.exe
  2⤵
  PID:10680
- C:\Windows\System\SQzoQEL.exe
  C:\Windows\System\SQzoQEL.exe
  2⤵
  PID:7552
- C:\Windows\System\wBPrPSX.exe
  C:\Windows\System\wBPrPSX.exe
  2⤵
  PID:11272
- C:\Windows\System\KGmlUyH.exe
  C:\Windows\System\KGmlUyH.exe
  2⤵
  PID:11288
- C:\Windows\System\CvkavRX.exe
  C:\Windows\System\CvkavRX.exe
  2⤵
  PID:11312
- C:\Windows\System\oXMaVjo.exe
  C:\Windows\System\oXMaVjo.exe
  2⤵
  PID:11336
- C:\Windows\System\eWKTQVK.exe
  C:\Windows\System\eWKTQVK.exe
  2⤵
  PID:11360
- C:\Windows\System\PEpzYLf.exe
  C:\Windows\System\PEpzYLf.exe
  2⤵
  PID:11388
- C:\Windows\System\KcgylEx.exe
  C:\Windows\System\KcgylEx.exe
  2⤵
  PID:11416
- C:\Windows\System\wPowckQ.exe
  C:\Windows\System\wPowckQ.exe
  2⤵
  PID:11440
- C:\Windows\System\fWHxiFf.exe
  C:\Windows\System\fWHxiFf.exe
  2⤵
  PID:11464
- C:\Windows\System\LiyqZMb.exe
  C:\Windows\System\LiyqZMb.exe
  2⤵
  PID:11500
- C:\Windows\System\nXlfNGT.exe
  C:\Windows\System\nXlfNGT.exe
  2⤵
  PID:11520
- C:\Windows\System\eXkyQNp.exe
  C:\Windows\System\eXkyQNp.exe
  2⤵
  PID:11544
- C:\Windows\System\NWDlwwi.exe
  C:\Windows\System\NWDlwwi.exe
  2⤵
  PID:11564
- C:\Windows\System\mEALodu.exe
  C:\Windows\System\mEALodu.exe
  2⤵
  PID:11580
- C:\Windows\System\mrtVbBQ.exe
  C:\Windows\System\mrtVbBQ.exe
  2⤵
  PID:11600
- C:\Windows\System\xXuGjOB.exe
  C:\Windows\System\xXuGjOB.exe
  2⤵
  PID:11624
- C:\Windows\System\LndJMKY.exe
  C:\Windows\System\LndJMKY.exe
  2⤵
  PID:11648
- C:\Windows\System\QJrJOGd.exe
  C:\Windows\System\QJrJOGd.exe
  2⤵
  PID:11668
- C:\Windows\System\cfzYNXJ.exe
  C:\Windows\System\cfzYNXJ.exe
  2⤵
  PID:11688
- C:\Windows\System\QHsKloV.exe
  C:\Windows\System\QHsKloV.exe
  2⤵
  PID:11716
- C:\Windows\System\LJAOOix.exe
  C:\Windows\System\LJAOOix.exe
  2⤵
  PID:11744
- C:\Windows\System\FBLWijl.exe
  C:\Windows\System\FBLWijl.exe
  2⤵
  PID:11768
- C:\Windows\System\HWLlVxo.exe
  C:\Windows\System\HWLlVxo.exe
  2⤵
  PID:11800
- C:\Windows\System\JGCWiut.exe
  C:\Windows\System\JGCWiut.exe
  2⤵
  PID:11832
- C:\Windows\System\AyitWoa.exe
  C:\Windows\System\AyitWoa.exe
  2⤵
  PID:11852
- C:\Windows\System\ikCuTCQ.exe
  C:\Windows\System\ikCuTCQ.exe
  2⤵
  PID:11876
- C:\Windows\System\xpvfGdI.exe
  C:\Windows\System\xpvfGdI.exe
  2⤵
  PID:11900
- C:\Windows\System\APkhyfW.exe
  C:\Windows\System\APkhyfW.exe
  2⤵
  PID:11920
- C:\Windows\System\OCYzNYa.exe
  C:\Windows\System\OCYzNYa.exe
  2⤵
  PID:11944
- C:\Windows\System\JIgofOK.exe
  C:\Windows\System\JIgofOK.exe
  2⤵
  PID:11968
- C:\Windows\System\dNbcKtp.exe
  C:\Windows\System\dNbcKtp.exe
  2⤵
  PID:11988
- C:\Windows\System\dSFyPeD.exe
  C:\Windows\System\dSFyPeD.exe
  2⤵
  PID:12008
- C:\Windows\System\gfmfclw.exe
  C:\Windows\System\gfmfclw.exe
  2⤵
  PID:12036
- C:\Windows\System\psDCMPo.exe
  C:\Windows\System\psDCMPo.exe
  2⤵
  PID:12060
- C:\Windows\System\xccwXKs.exe
  C:\Windows\System\xccwXKs.exe
  2⤵
  PID:12084
- C:\Windows\System\qCCQavy.exe
  C:\Windows\System\qCCQavy.exe
  2⤵
  PID:12100
- C:\Windows\System\IedhrfN.exe
  C:\Windows\System\IedhrfN.exe
  2⤵
  PID:12128
- C:\Windows\System\sUPFIxA.exe
  C:\Windows\System\sUPFIxA.exe
  2⤵
  PID:12156
- C:\Windows\System\NfHOfjr.exe
  C:\Windows\System\NfHOfjr.exe
  2⤵
  PID:12188
- C:\Windows\System\dmUbzhI.exe
  C:\Windows\System\dmUbzhI.exe
  2⤵
  PID:12208
- C:\Windows\System\LrqxpIA.exe
  C:\Windows\System\LrqxpIA.exe
  2⤵
  PID:12228
- C:\Windows\System\gRUXuFB.exe
  C:\Windows\System\gRUXuFB.exe
  2⤵
  PID:12244
- C:\Windows\System\xbWOWDI.exe
  C:\Windows\System\xbWOWDI.exe
  2⤵
  PID:12268
- C:\Windows\System\qaHzuhF.exe
  C:\Windows\System\qaHzuhF.exe
  2⤵
  PID:1348
- C:\Windows\System\vKLPHyP.exe
  C:\Windows\System\vKLPHyP.exe
  2⤵
  PID:11084
- C:\Windows\System\aKZYEvg.exe
  C:\Windows\System\aKZYEvg.exe
  2⤵
  PID:11152
- C:\Windows\System\xvYwRhM.exe
  C:\Windows\System\xvYwRhM.exe
  2⤵
  PID:8040
- C:\Windows\System\ZBTHPMZ.exe
  C:\Windows\System\ZBTHPMZ.exe
  2⤵
  PID:10228
- C:\Windows\System\ChEsZos.exe
  C:\Windows\System\ChEsZos.exe
  2⤵
  PID:5008
- C:\Windows\System\UCNmSpY.exe
  C:\Windows\System\UCNmSpY.exe
  2⤵
  PID:8740
- C:\Windows\System\wJIalwd.exe
  C:\Windows\System\wJIalwd.exe
  2⤵
  PID:1748
- C:\Windows\System\eKSYKYS.exe
  C:\Windows\System\eKSYKYS.exe
  2⤵
  PID:9848
- C:\Windows\System\gNGEQPk.exe
  C:\Windows\System\gNGEQPk.exe
  2⤵
  PID:5416
- C:\Windows\System\VsSghdo.exe
  C:\Windows\System\VsSghdo.exe
  2⤵
  PID:10296
- C:\Windows\System\odbZAHJ.exe
  C:\Windows\System\odbZAHJ.exe
  2⤵
  PID:9084
- C:\Windows\System\ylEatPp.exe
  C:\Windows\System\ylEatPp.exe
  2⤵
  PID:10372
- C:\Windows\System\xPbnWSn.exe
  C:\Windows\System\xPbnWSn.exe
  2⤵
  PID:10424
- C:\Windows\System\spCKeJu.exe
  C:\Windows\System\spCKeJu.exe
  2⤵
  PID:10444
- C:\Windows\System\oomggEd.exe
  C:\Windows\System\oomggEd.exe
  2⤵
  PID:10600
- C:\Windows\System\YRWNRAY.exe
  C:\Windows\System\YRWNRAY.exe
  2⤵
  PID:5040
- C:\Windows\System\bOCQPWi.exe
  C:\Windows\System\bOCQPWi.exe
  2⤵
  PID:9560
- C:\Windows\System\bXUFitO.exe
  C:\Windows\System\bXUFitO.exe
  2⤵
  PID:10664
- C:\Windows\System\MeVUwAG.exe
  C:\Windows\System\MeVUwAG.exe
  2⤵
  PID:10124
- C:\Windows\System\nxxclVh.exe
  C:\Windows\System\nxxclVh.exe
  2⤵
  PID:10536
- C:\Windows\System\QoglapK.exe
  C:\Windows\System\QoglapK.exe
  2⤵
  PID:7600
- C:\Windows\System\ErEKkDg.exe
  C:\Windows\System\ErEKkDg.exe
  2⤵
  PID:9652
- C:\Windows\System\SDkHbkl.exe
  C:\Windows\System\SDkHbkl.exe
  2⤵
  PID:4448
- C:\Windows\System\tjUNkbm.exe
  C:\Windows\System\tjUNkbm.exe
  2⤵
  PID:9760
- C:\Windows\System\nopaXlX.exe
  C:\Windows\System\nopaXlX.exe
  2⤵
  PID:11080
- C:\Windows\System\mSeYWtJ.exe
  C:\Windows\System\mSeYWtJ.exe
  2⤵
  PID:12312
- C:\Windows\System\APoBNRk.exe
  C:\Windows\System\APoBNRk.exe
  2⤵
  PID:12336
- C:\Windows\System\rickPLp.exe
  C:\Windows\System\rickPLp.exe
  2⤵
  PID:12352
- C:\Windows\System\vqkRlDj.exe
  C:\Windows\System\vqkRlDj.exe
  2⤵
  PID:12372
- C:\Windows\System\XWsdzja.exe
  C:\Windows\System\XWsdzja.exe
  2⤵
  PID:12396
- C:\Windows\System\eqgHJqK.exe
  C:\Windows\System\eqgHJqK.exe
  2⤵
  PID:12416
- C:\Windows\System\PDicqNi.exe
  C:\Windows\System\PDicqNi.exe
  2⤵
  PID:12436
- C:\Windows\System\NaHNmva.exe
  C:\Windows\System\NaHNmva.exe
  2⤵
  PID:12460
- C:\Windows\System\pRoxZaJ.exe
  C:\Windows\System\pRoxZaJ.exe
  2⤵
  PID:12484
- C:\Windows\System\xsuWYVQ.exe
  C:\Windows\System\xsuWYVQ.exe
  2⤵
  PID:12504
- C:\Windows\System\CbcjNUm.exe
  C:\Windows\System\CbcjNUm.exe
  2⤵
  PID:12524
- C:\Windows\System\LotfoZB.exe
  C:\Windows\System\LotfoZB.exe
  2⤵
  PID:12548
- C:\Windows\System\lpQnBFN.exe
  C:\Windows\System\lpQnBFN.exe
  2⤵
  PID:12572
- C:\Windows\System\yMzzIdQ.exe
  C:\Windows\System\yMzzIdQ.exe
  2⤵
  PID:12596
- C:\Windows\System\LgKZipB.exe
  C:\Windows\System\LgKZipB.exe
  2⤵
  PID:12616
- C:\Windows\System\zcfXxSl.exe
  C:\Windows\System\zcfXxSl.exe
  2⤵
  PID:12636
- C:\Windows\System\okDojCh.exe
  C:\Windows\System\okDojCh.exe
  2⤵
  PID:12656
- C:\Windows\System\ySrrCKM.exe
  C:\Windows\System\ySrrCKM.exe
  2⤵
  PID:12680
- C:\Windows\System\BxjoPLw.exe
  C:\Windows\System\BxjoPLw.exe
  2⤵
  PID:12704
- C:\Windows\System\zLkQBqJ.exe
  C:\Windows\System\zLkQBqJ.exe
  2⤵
  PID:12728
- C:\Windows\System\YnhxTzs.exe
  C:\Windows\System\YnhxTzs.exe
  2⤵
  PID:12744
- C:\Windows\System\ugkqFwO.exe
  C:\Windows\System\ugkqFwO.exe
  2⤵
  PID:12772
- C:\Windows\System\YLgRwli.exe
  C:\Windows\System\YLgRwli.exe
  2⤵
  PID:12792
- C:\Windows\System\dSWVvUZ.exe
  C:\Windows\System\dSWVvUZ.exe
  2⤵
  PID:12816
- C:\Windows\System\qapoTWH.exe
  C:\Windows\System\qapoTWH.exe
  2⤵
  PID:12836
- C:\Windows\System\lVBZNmK.exe
  C:\Windows\System\lVBZNmK.exe
  2⤵
  PID:12852
- C:\Windows\System\IWQanca.exe
  C:\Windows\System\IWQanca.exe
  2⤵
  PID:12876
- C:\Windows\System\FkWkVOL.exe
  C:\Windows\System\FkWkVOL.exe
  2⤵
  PID:12900
- C:\Windows\System\vmkoUCQ.exe
  C:\Windows\System\vmkoUCQ.exe
  2⤵
  PID:12924
- C:\Windows\System\GSsHNHu.exe
  C:\Windows\System\GSsHNHu.exe
  2⤵
  PID:12948
- C:\Windows\System\VgqFDfB.exe
  C:\Windows\System\VgqFDfB.exe
  2⤵
  PID:12968
- C:\Windows\System\LHxbAPH.exe
  C:\Windows\System\LHxbAPH.exe
  2⤵
  PID:12992
- C:\Windows\System\ErDdgHW.exe
  C:\Windows\System\ErDdgHW.exe
  2⤵
  PID:13016
- C:\Windows\System\DCoaTdJ.exe
  C:\Windows\System\DCoaTdJ.exe
  2⤵
  PID:13040
- C:\Windows\System\VCcRsaq.exe
  C:\Windows\System\VCcRsaq.exe
  2⤵
  PID:13060
- C:\Windows\System\OSAVlru.exe
  C:\Windows\System\OSAVlru.exe
  2⤵
  PID:13088
- C:\Windows\System\KvGorgt.exe
  C:\Windows\System\KvGorgt.exe
  2⤵
  PID:13108
- C:\Windows\System\cNnFuHK.exe
  C:\Windows\System\cNnFuHK.exe
  2⤵
  PID:13124
- C:\Windows\System\HjjaFfV.exe
  C:\Windows\System\HjjaFfV.exe
  2⤵
  PID:13148
- C:\Windows\System\urWRWCi.exe
  C:\Windows\System\urWRWCi.exe
  2⤵
  PID:13172
- C:\Windows\System\DGpmVth.exe
  C:\Windows\System\DGpmVth.exe
  2⤵
  PID:13196
- C:\Windows\System\BAvySIw.exe
  C:\Windows\System\BAvySIw.exe
  2⤵
  PID:11260
- C:\Windows\System\NKcCLNQ.exe
  C:\Windows\System\NKcCLNQ.exe
  2⤵
  PID:9676
- C:\Windows\System\xUHmFzS.exe
  C:\Windows\System\xUHmFzS.exe
  2⤵
  PID:12584
- C:\Windows\System\pbwjyHD.exe
  C:\Windows\System\pbwjyHD.exe
  2⤵
  PID:12652
- C:\Windows\System\dLiHeNq.exe
  C:\Windows\System\dLiHeNq.exe
  2⤵
  PID:11592
- C:\Windows\System\PZnvRMc.exe
  C:\Windows\System\PZnvRMc.exe
  2⤵
  PID:12780
- C:\Windows\System\mleWUCR.exe
  C:\Windows\System\mleWUCR.exe
  2⤵
  PID:9288
- C:\Windows\System\UQPzabR.exe
  C:\Windows\System\UQPzabR.exe
  2⤵
  PID:12920
- C:\Windows\System\IvuLjMZ.exe
  C:\Windows\System\IvuLjMZ.exe
  2⤵
  PID:13004
- C:\Windows\System\DAWwrBj.exe
  C:\Windows\System\DAWwrBj.exe
  2⤵
  PID:11984
- C:\Windows\System\XdCBGcM.exe
  C:\Windows\System\XdCBGcM.exe
  2⤵
  PID:13120
- C:\Windows\System\WMJNgUH.exe
  C:\Windows\System\WMJNgUH.exe
  2⤵
  PID:12120
- C:\Windows\System\ZqBjBnP.exe
  C:\Windows\System\ZqBjBnP.exe
  2⤵
  PID:13236
- C:\Windows\System\YVMngmV.exe
  C:\Windows\System\YVMngmV.exe
  2⤵
  PID:13256
- C:\Windows\System\VIluFzc.exe
  C:\Windows\System\VIluFzc.exe
  2⤵
  PID:13292
- C:\Windows\System\RODoHwR.exe
  C:\Windows\System\RODoHwR.exe
  2⤵
  PID:12276
- C:\Windows\System\HOodvvN.exe
  C:\Windows\System\HOodvvN.exe
  2⤵
  PID:2156
- C:\Windows\System\rHBZtDx.exe
  C:\Windows\System\rHBZtDx.exe
  2⤵
  PID:11112
- C:\Windows\System\QUDtxzr.exe
  C:\Windows\System\QUDtxzr.exe
  2⤵
  PID:13304
- C:\Windows\System\YkwhBDo.exe
  C:\Windows\System\YkwhBDo.exe
  2⤵
  PID:11144
- C:\Windows\System\XlrlivL.exe
  C:\Windows\System\XlrlivL.exe
  2⤵
  PID:11448
- C:\Windows\System\OtZnlEF.exe
  C:\Windows\System\OtZnlEF.exe
  2⤵
  PID:11540
- C:\Windows\System\CHVnBES.exe
  C:\Windows\System\CHVnBES.exe
  2⤵
  PID:9724
- C:\Windows\System\syiXevK.exe
  C:\Windows\System\syiXevK.exe
  2⤵
  PID:12432
- C:\Windows\System\vMgdpMm.exe
  C:\Windows\System\vMgdpMm.exe
  2⤵
  PID:12496
- C:\Windows\System\hfqclJe.exe
  C:\Windows\System\hfqclJe.exe
  2⤵
  PID:12544
- C:\Windows\System\nTXkeRn.exe
  C:\Windows\System\nTXkeRn.exe
  2⤵
  PID:12664
- C:\Windows\System\HNPJFNt.exe
  C:\Windows\System\HNPJFNt.exe
  2⤵
  PID:12932
- C:\Windows\System\tbOENJF.exe
  C:\Windows\System\tbOENJF.exe
  2⤵
  PID:12116
- C:\Windows\System\Kzxlcbb.exe
  C:\Windows\System\Kzxlcbb.exe
  2⤵
  PID:13276
- C:\Windows\System\VZpvxeH.exe
  C:\Windows\System\VZpvxeH.exe
  2⤵
  PID:13264
- C:\Windows\System\OeCegUJ.exe
  C:\Windows\System\OeCegUJ.exe
  2⤵
  PID:3660
- C:\Windows\System\MlLKQBX.exe
  C:\Windows\System\MlLKQBX.exe
  2⤵
  PID:11536
- C:\Windows\System\qcrcKyX.exe
  C:\Windows\System\qcrcKyX.exe
  2⤵
  PID:11708
- C:\Windows\System\DaGYHgF.exe
  C:\Windows\System\DaGYHgF.exe
  2⤵
  PID:3252
- C:\Windows\System\AMbKWUc.exe
  C:\Windows\System\AMbKWUc.exe
  2⤵
  PID:13052
- C:\Windows\System\wuuyNJY.exe
  C:\Windows\System\wuuyNJY.exe
  2⤵
  PID:12984
- C:\Windows\System\CgsGNMH.exe
  C:\Windows\System\CgsGNMH.exe
  2⤵
  PID:12700
- C:\Windows\System\ngzjaYL.exe
  C:\Windows\System\ngzjaYL.exe
  2⤵
  PID:9052
- C:\Windows\System\RbRjsQJ.exe
  C:\Windows\System\RbRjsQJ.exe
  2⤵
  PID:12752
- C:\Windows\System\PcHzAsJ.exe
  C:\Windows\System\PcHzAsJ.exe
  2⤵
  PID:13028
- C:\Windows\System\sBISlUq.exe
  C:\Windows\System\sBISlUq.exe
  2⤵
  PID:10616
- C:\Windows\System\KXyMInY.exe
  C:\Windows\System\KXyMInY.exe
  2⤵
  PID:5072
- C:\Windows\System\aaMzyzb.exe
  C:\Windows\System\aaMzyzb.exe
  2⤵
  PID:10504
- C:\Windows\System\pCminlb.exe
  C:\Windows\System\pCminlb.exe
  2⤵
  PID:4624
- C:\Windows\System\HemWFMN.exe
  C:\Windows\System\HemWFMN.exe
  2⤵
  PID:10832
- C:\Windows\System\wIZaazd.exe
  C:\Windows\System\wIZaazd.exe
  2⤵
  PID:3276
- C:\Windows\System\WiuKFry.exe
  C:\Windows\System\WiuKFry.exe
  2⤵
  PID:9212
- C:\Windows\System\XloLBZC.exe
  C:\Windows\System\XloLBZC.exe
  2⤵
  PID:2964
- C:\Windows\System\XcVBmVE.exe
  C:\Windows\System\XcVBmVE.exe
  2⤵
  PID:12456
- C:\Windows\System\clmkPoK.exe
  C:\Windows\System\clmkPoK.exe
  2⤵
  PID:10336
- C:\Windows\System\ApltcTW.exe
  C:\Windows\System\ApltcTW.exe
  2⤵
  PID:12560
- C:\Windows\System\AHRssXd.exe
  C:\Windows\System\AHRssXd.exe
  2⤵
  PID:4068
- C:\Windows\System\UpgFFFr.exe
  C:\Windows\System\UpgFFFr.exe
  2⤵
  PID:11572
- C:\Windows\System\jFQBpjb.exe
  C:\Windows\System\jFQBpjb.exe
  2⤵
  PID:12428
- C:\Windows\System\YdVcYWQ.exe
  C:\Windows\System\YdVcYWQ.exe
  2⤵
  PID:888
- C:\Windows\System\oSjNZqA.exe
  C:\Windows\System\oSjNZqA.exe
  2⤵
  PID:4972
- C:\Windows\System\UrqFkmB.exe
  C:\Windows\System\UrqFkmB.exe
  2⤵
  PID:11596
- C:\Windows\System\MIFFitN.exe
  C:\Windows\System\MIFFitN.exe
  2⤵
  PID:11952
- C:\Windows\System\iruUggF.exe
  C:\Windows\System\iruUggF.exe
  2⤵
  PID:10916
- C:\Windows\System\PnzzwHV.exe
  C:\Windows\System\PnzzwHV.exe
  2⤵
  PID:10408
- C:\Windows\System\ITiYMAw.exe
  C:\Windows\System\ITiYMAw.exe
  2⤵
  PID:11056
- C:\Windows\System\rvKjDoP.exe
  C:\Windows\System\rvKjDoP.exe
  2⤵
  PID:3648
- C:\Windows\System\CGfvdRx.exe
  C:\Windows\System\CGfvdRx.exe
  2⤵
  PID:4688
- C:\Windows\System\ucjhoZP.exe
  C:\Windows\System\ucjhoZP.exe
  2⤵
  PID:6972
- C:\Windows\System\wJldNOM.exe
  C:\Windows\System\wJldNOM.exe
  2⤵
  PID:5200
- C:\Windows\System\TTakwyN.exe
  C:\Windows\System\TTakwyN.exe
  2⤵
  PID:2936
- C:\Windows\System\hgmZulc.exe
  C:\Windows\System\hgmZulc.exe
  2⤵
  PID:10868
- C:\Windows\System\odEjVDA.exe
  C:\Windows\System\odEjVDA.exe
  2⤵
  PID:13252
- C:\Windows\System\HwclkXZ.exe
  C:\Windows\System\HwclkXZ.exe
  2⤵
  PID:4968
- C:\Windows\System\jKKcgSr.exe
  C:\Windows\System\jKKcgSr.exe
  2⤵
  PID:2780
- C:\Windows\System\yJgesbA.exe
  C:\Windows\System\yJgesbA.exe
  2⤵
  PID:11784
- C:\Windows\System\zQLgAzL.exe
  C:\Windows\System\zQLgAzL.exe
  2⤵
  PID:13328
- C:\Windows\System\EFkoUTq.exe
  C:\Windows\System\EFkoUTq.exe
  2⤵
  PID:13392
- C:\Windows\System\XornqKF.exe
  C:\Windows\System\XornqKF.exe
  2⤵
  PID:13412
- C:\Windows\System\nmjaJAv.exe
  C:\Windows\System\nmjaJAv.exe
  2⤵
  PID:13432
- C:\Windows\System\rgEHyih.exe
  C:\Windows\System\rgEHyih.exe
  2⤵
  PID:13460
- C:\Windows\System\BjpAuXT.exe
  C:\Windows\System\BjpAuXT.exe
  2⤵
  PID:13620
- C:\Windows\System\kNzvLde.exe
  C:\Windows\System\kNzvLde.exe
  2⤵
  PID:13640
- C:\Windows\System\JOnSYNn.exe
  C:\Windows\System\JOnSYNn.exe
  2⤵
  PID:13824
- C:\Windows\System\gFipFTX.exe
  C:\Windows\System\gFipFTX.exe
  2⤵
  PID:13864
- C:\Windows\System\veLjhjN.exe
  C:\Windows\System\veLjhjN.exe
  2⤵
  PID:13920
- C:\Windows\System\bvHvRaf.exe
  C:\Windows\System\bvHvRaf.exe
  2⤵
  PID:13948
- C:\Windows\System\cVcAeQc.exe
  C:\Windows\System\cVcAeQc.exe
  2⤵
  PID:13964
- C:\Windows\System\poYPQvD.exe
  C:\Windows\System\poYPQvD.exe
  2⤵
  PID:13984
- C:\Windows\System\vdIneHZ.exe
  C:\Windows\System\vdIneHZ.exe
  2⤵
  PID:14004
- C:\Windows\System\yUPWKAY.exe
  C:\Windows\System\yUPWKAY.exe
  2⤵
  PID:14020
- C:\Windows\System\ReblgLy.exe
  C:\Windows\System\ReblgLy.exe
  2⤵
  PID:14040
- C:\Windows\System\AXIsFho.exe
  C:\Windows\System\AXIsFho.exe
  2⤵
  PID:14164
- C:\Windows\System\vHaJvRS.exe
  C:\Windows\System\vHaJvRS.exe
  2⤵
  PID:14200
- C:\Windows\System\opXOPDt.exe
  C:\Windows\System\opXOPDt.exe
  2⤵
  PID:8120
- C:\Windows\System\BmfIWyD.exe
  C:\Windows\System\BmfIWyD.exe
  2⤵
  PID:8272
- C:\Windows\System\RoneZOl.exe
  C:\Windows\System\RoneZOl.exe
  2⤵
  PID:13356
- C:\Windows\System\LDFjFby.exe
  C:\Windows\System\LDFjFby.exe
  2⤵
  PID:11368
- C:\Windows\System\xmCpbDN.exe
  C:\Windows\System\xmCpbDN.exe
  2⤵
  PID:13536
- C:\Windows\System\tFhTYnM.exe
  C:\Windows\System\tFhTYnM.exe
  2⤵
  PID:13404
- C:\Windows\System\njznswD.exe
  C:\Windows\System\njznswD.exe
  2⤵
  PID:13512
- C:\Windows\System\awdRAOs.exe
  C:\Windows\System\awdRAOs.exe
  2⤵
  PID:13376
- C:\Windows\System\mTiixaw.exe
  C:\Windows\System\mTiixaw.exe
  2⤵
  PID:10192

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 684 -p 10324 -ip 10324
1⤵
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o4dcz5yo.r5a.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AKePjrQ.exe

Filesize
1.9MB

MD5
6871771b3376e17745dc58a5e7d9f0ed

SHA1
9b9c561dc51d323e014d1630c27bb6b04e3bff0d

SHA256
c14fb1e5282a85b7e51bb90ea56b0edfb92dfb206a3bf907500f667e71a2f880

SHA512
dd2c9d69a4446d25648240ff381d388e5ab07b07f5fa195f32b324015f92199cdbc36fc5732211eeda3dd5f723f893895173143d061877bc4f6a8deb51cdb882

Download Submit
C:\Windows\System\AsOJVMX.exe

Filesize
1.9MB

MD5
2e0c3a4ceeb46f64dc658d86a27e0aef

SHA1
47b4876494bc22d6343b333b492d8a3f4117fa5e

SHA256
205c704bc0c3f3e2e17e3a320e5d6d469358e255356d3f259fa850a22cdc6aaf

SHA512
b158b9db339376f861d4033e1f154fb1e0db0cc0cf6c29f78f2e106616f318fce8f70cbc119e729f8ada334439d036cfb79539a02d3a2b08ce01848e78e1a7b6

Download Submit
C:\Windows\System\AtBJgzw.exe

Filesize
1.9MB

MD5
6bc707052b8a99604c5e2931ca72f1b6

SHA1
a2c4503deab0efaecedfa0b22c49bede296a4503

SHA256
ea0668f485a6192ffa94b20c895be6c712b98bcc1cb1dbb1b26ecfacfe269907

SHA512
653f9bd17d51a2f5e993e541bbcf0832790ee22be13428d350a39d04fcbb8da3f0f64ce0df96efe37cf54109e85e27863849272b2f1a4d6ce5f1cb3988d4a4da

Download Submit
C:\Windows\System\BTvfLNQ.exe

Filesize
8B

MD5
03f6c06cbca2116586dcb830cb1e7df2

SHA1
21959527eb4bdd4f1722864fa3a0565158da0f4e

SHA256
7c68cc08ed1401c0caafd3e73d5d856fc875748ed5e62a3ad679b5b0fee4938f

SHA512
39de7a17d12a7e9cc23a1b27c4c49944527213fbd572a6002483088201aba931dcd3d50b2479479e5c47888eeed5c23ce039cc4e68daaf253fbac40894ca1f2b

Download Submit
C:\Windows\System\FpdHdnW.exe

Filesize
1.9MB

MD5
8d74e5a736b25a0251c232ea9a706054

SHA1
c2412d50b666ddddbf409526bee58b792222cbfc

SHA256
143f6b9e83340d252331b1526b492e52f525ad0106b168189b683bc73c356dcd

SHA512
fa92701156f91d746e98593ecd255f7bdae47011da367318191aee95090498dd3df25d7e178665ef9e96aa55e01688186cb887e3862a3bc565ef806ed477ae71

Download Submit
C:\Windows\System\HfqNAYK.exe

Filesize
1.9MB

MD5
4ab48fb08f13d47bc23061c4dbd8a5c6

SHA1
a8156f5a55b8e3dc22adf73197891350a66471c1

SHA256
9b05e500f006b2beb4a454642deec69e1074f4dfad1559d7914e8f4292795ebd

SHA512
ad2bff47ed540afdc08e08a25e93480edc17aa40a71bfef7a7bb037a499b63d4cd9f3caa8b0719c7a1beea94fc9eba650d935a0a322c864886454841e8b4ab1f

Download Submit
C:\Windows\System\IgKbWFE.exe

Filesize
1.9MB

MD5
a48c0b6013a6c444cee4330bd8bdc453

SHA1
141f0923a9bacbd4098b6f3cca5bcf7038095bcd

SHA256
726e77e9ab9734e50f5648261335458299d3585a04c86e26e08315d2f91baf69

SHA512
d0a2ee0030e7363fc75ca6ad7de63c05535bd8c01e0d2f592e47963a65a724898d6c72f0baac09acb8684ccbefe366dd75ca6cd53cf3efaf23379048cb405c02

Download Submit
C:\Windows\System\JcnBWzp.exe

Filesize
1.9MB

MD5
8107ee0eb6b84388ba6027262cbc19e1

SHA1
86a4d4d7cdaa22af35289610042a225632afb4ae

SHA256
91f2d53278a5cbe57111da246a87713633a2294792ba1814d9af1b746e6db52f

SHA512
7c91c37a3b166da5be167591a169d8077f2fed81e6846f81529db6e6dab99f2dc4d22195734e6b88f5b912710f3e05ee2432002c414624dae79031d97184ed58

Download Submit
C:\Windows\System\JukpuHl.exe

Filesize
1.9MB

MD5
6fda54e5092fb5bcc1c75acdfb3652c5

SHA1
1b884a84fa5c7d5c31ce0533b05fca4f194412fe

SHA256
fcd21930cb785027593543525c4660d328fd67ab2e18d1551a745acbfa9660a6

SHA512
08357eb310ca622d84e9d36519f413a86e0af1653e8fad0959c5ba008612e98ad1f707595f7c3c88cc701a555ebd8ff5718868e24010fa6330985f0cb8dc9c3d

Download Submit
C:\Windows\System\KtmLJBw.exe

Filesize
1.9MB

MD5
675045b37fd055f7ea48bd3336cd5d51

SHA1
44c913ef1cad31b71d1ebd97a340dcfedd9ad89b

SHA256
f9f064ef1e2bdef0c619f881e8e3394eb3457874c05e2f6125713f68be5cc5db

SHA512
1241e97796126d199cf05919ee74a647e3b622df035533b89324bc3d76d4dc035e8e298c3fd0838d04f68c6c16131f85b5bc13fcd0c7316b3b7ed73e663aa2c2

Download Submit
C:\Windows\System\NRNaest.exe

Filesize
1.9MB

MD5
e41876628d979f2b31757c7a0d6798ac

SHA1
c15a4f3c6d3a835f40eef544a8efba3c683439eb

SHA256
271d41bc304c82dab571b4b70395f7720310bfb6aa4cc33fcf012e0ed7387be7

SHA512
e0c30818e6b0d66ab25288a18f8921b21c1798555d4efce75d1926d72171734a1dcbbeaf04f9ebdee0ab931f9840fbf973acb31b650b0f7655e414f10a7fb995

Download Submit
C:\Windows\System\QCfcSDh.exe

Filesize
1.9MB

MD5
c338668f2c3342db0cdcd56695f5dcab

SHA1
2eadebd435c9f5e2c20fa06f43985d9fae844ad4

SHA256
9f0fc2f94eb2f5d45a45438776e5f33e9d3031de60060d74455fc39583b2e77c

SHA512
50cab71cc185527515320c42878d033f25a168a250110f155b43b8b93ffd36b04d6fa680e6d9b434dfdfc4fde58a6cc3793382b6df7717300e4aeebf320a79e9

Download Submit
C:\Windows\System\SHPnYUL.exe

Filesize
1.9MB

MD5
f435b70ba1946b1f8f8959716eb37be0

SHA1
aa8dc7510251834f0ab67332ec9ffeec50f2c42e

SHA256
90fd90a5ae0b8f15de1e5073f45e5488e173ac29a7e33bb1570a3ff200c0ab73

SHA512
b347a4c5a5bce66d8bf74c3db863e28cf26f30b687a28fd3cec2abb9d95b401c310e7a3bbe1ee1e97e5c1b19634605d904a19474ea0f7e34656ad90f2ed0a788

Download Submit
C:\Windows\System\TEzHTxz.exe

Filesize
1.9MB

MD5
da2792f9753f97bd78b527da5d0467aa

SHA1
f0bf84af8d8c1a96f08a48cf1a4b2c0d6c9896ef

SHA256
a23da0c999c6c7ede46b93ff782b781a8951b43acae8e1d6267f056655a9e91f

SHA512
39c5746eabbe6ca3ee1875abcd3039c8d478f18a885b465e25c0c30186e7600f83140670a738f2e7abad947b4bb8c61d8b65b53833a9dc374c3fbdab2dfb363a

Download Submit
C:\Windows\System\TfHDnFG.exe

Filesize
1.9MB

MD5
d6433e68c151d1dda2149b12199ddaf4

SHA1
4032f63c4aedd4819bd00965b81e36178d88cf33

SHA256
ad03344f3151b7f359c607e1e6a8e333cd8454b27adb1636729370b9a46773ea

SHA512
bec6e2f344dd0b7044e4ddbcdb93f8e8df4d74a1bddbd8f20d73fab52a27686b63f51ec5aaabf30d019e1ddde66b67ec5ff989a2d738c3893fa989452a97e439

Download Submit
C:\Windows\System\UXvYLuy.exe

Filesize
1.9MB

MD5
092a2b37c35039338cdb959c8ea4f7a3

SHA1
b9ad5f410d3243cb7239466c1060493aeb8e735b

SHA256
3abe08527a64c97d952853c2d933238ca9a88a78c8b022655d2093f371bdf8d5

SHA512
0a60cd8078784e66645b1a8b2cd1d5eb8321d503ebb450891f54fcbf77edd40b07260e94889a4619e2ec40c6546f6c447c2ef168fffc23c7484f7050c814b511

Download Submit
C:\Windows\System\VRPxknM.exe

Filesize
1.9MB

MD5
19e476bbfe78d2976692db6099399822

SHA1
39c4a5f37273c4dd6645f97396c4eb23a1f3d3e6

SHA256
3c78d0b7621802d26a19864364d496972e8d4e7f66782032e0fa04cab0e42975

SHA512
9541ebe271aba619add4b1c3dd2b3508c4bf35c3c48c74bb6b8488b587f674756496df0e9f1c885dd150b15f8a4335df2dcda66a1832dfb418e4a2a385e23b6e

Download Submit
C:\Windows\System\YNzNZmN.exe

Filesize
1.9MB

MD5
fe4fdb5a2f59e0599f21be2b41cb1846

SHA1
2bdb4c1487f893e8d6380873cfdb7b18e5d112c2

SHA256
58e3af9db0e0885bd680245811c05151b1767b478c92bd9c226e8e370f89c562

SHA512
29534f8c0470d7f69ecc0e17a7d72add4a9f55fc6333476b6e23556c429b03debfa6230b23ba43805038eb8a3e7d69a844eb5a2ec3f2194ea07c2417fd4ca2ba

Download Submit
C:\Windows\System\YVWdmHq.exe

Filesize
1.9MB

MD5
cd7f664546219f132a3e0ee5f626f127

SHA1
db6f64ee7f268df12f473c90c1b9de798311fc34

SHA256
8ad23300fc5e6a6962a1abc26cb02ae0c5438e8c938e2c04ad418207cad233ff

SHA512
7430babfa65eb00af74256b57de504bf272303c4d58997bff2dccc76ef801ffe37c7658b74761daaf5ef542c2c463202c916ffcb3c8bc903c50cd8f7ecae3dd3

Download Submit
C:\Windows\System\gpUcpPc.exe

Filesize
1.9MB

MD5
fce151067def5013dbca6ffdcb4ac07e

SHA1
420a2c62ebbdd814260768c4643d4902f53ac69c

SHA256
16690dd1b9732d3a97fcaefe80cf1aaf6da0380bb402608f0f3604b737449a82

SHA512
4969af1b474d96b79e5895c6c979c3be8770700cee29e7af2ea66baac68d9d8bce5b737afe3f5286cd5fcc418a69e7fcd6cf6eb6d81b1667d0a4002777f4ea43

Download Submit
C:\Windows\System\hfEUUrc.exe

Filesize
1.9MB

MD5
c33be96ef60bb934b1c30c0d567a49c3

SHA1
6870d4ff24c19b6716f6c609fc6837f688f91f03

SHA256
2456014ba1230caf77a18c2a23867901c4de9e72e4d73129c31e951873457415

SHA512
dfb12758ed19599291d7bde256f1e3bb811074e374985e5d69ec27e80c4132adf53f1df75175e590180ccdf5a5f5dfb0f0846dc5d0990e8e8e18c091a4d9e7f3

Download Submit
C:\Windows\System\iYfNFua.exe

Filesize
1.9MB

MD5
c078aee3cf88328761234813ae3a41b1

SHA1
1aab8aee267f18dff53f24c17226522e84d92c93

SHA256
9f2472116eaa0dd4e4473bf3b0ffaef1edabd4c310900e00a58a32abe03f2eeb

SHA512
14b7c2db0d18cd3e0d92203c14067c3cacc088097de221115f4921ac813d6c4ea5c1913df7688b5f840291711b16022672fb0352f6d003951343490c0b1b666d

Download Submit
C:\Windows\System\jXatziw.exe

Filesize
1.9MB

MD5
101c10dc71fd8822bc1b98e08edae575

SHA1
6d038adce7486299b6fb0830e4d6a27a01e14cfa

SHA256
73417f69e9cb1b73e5fbef4992e4ce16f5a4a11c18e5c9cdb4498109fcf772b3

SHA512
e9e19c90cb323f8562d2a69c3e608f05bc9cd8b9d360da63aca9ad61087637e4c89ffcd430d783d0367ab648b27ed2e254c5fb4ec54a70cf26fdfc1047b72d6e

Download Submit
C:\Windows\System\kqUHPbw.exe

Filesize
1.9MB

MD5
6c250cbaccf0dabbbd2c679c63ce239c

SHA1
29f0c00af86da225e9854665bf8edb67ab376a43

SHA256
21dbc92b2767a908659ce1cb61ca873f5e4a48ef3680c29e9264ff1cf8fb1536

SHA512
fe335411f253942a14eb6972aae6ed0c45f583512423dd141759eca301edd4fc94d0abb1e09cbfe6cbca3bdf353bb0dcac77319ea27538324105e9c1043dce4e

Download Submit
C:\Windows\System\kyseGTV.exe

Filesize
1.9MB

MD5
b6e0ab9f82f322939e7f36b2751b3fba

SHA1
b557ab5eb0e407af6d401ae83bdf40a2f23b6794

SHA256
07080ec39867810af6e3ab82362f0a0820d913a68a46e05fc9d4105977cb2875

SHA512
336da0cdec39b273a44c267100cb79067cb05bc547b917aac518351b4ac55b42920fc139a5e7a769a6ffbf1db1eb1e634860a299621c2c0a740a34de1b5e1967

Download Submit
C:\Windows\System\lvyCMoS.exe

Filesize
1.9MB

MD5
d5f54f30c0a50e7fef380994c1d80050

SHA1
a544fb4d281e40ee29fffcb89a5be1a089727328

SHA256
be75bd1b89b5e701bc07bdb35e3385494692baa3e68b405effd40afefa815f9c

SHA512
952e171151c21a8e413e184a807345b078741d2f4800cb023fee783334f179f0ce2a1d6e6ca5f43e0882ff682a5cde8793e60884552cac353eaf3e9674725918

Download Submit
C:\Windows\System\maAFfwi.exe

Filesize
1.9MB

MD5
9548c54dda8eee5d960187fc567e6f34

SHA1
8608ddfe4bd5b30675b673a0a6e7158aef8a01e3

SHA256
a23cda8cb1f464b1e14a1621fdcc00bf93d6346622a88d157981ca24e9dc49f0

SHA512
cbe5cf724a696aaea7f504ca43f23cbdc5a5a36644e1cd5f343b2172475c28ccc9d94d84581cb5d3e430100e72fab005db7c59f9971dcffe27b836cd907ea0f0

Download Submit
C:\Windows\System\maQJlqs.exe

Filesize
1.9MB

MD5
50d78d84f1d332d17fec8d0db6929016

SHA1
44b2c6d72655d1ecf9a2b3bca582fecc510e3974

SHA256
e49620845820d062a993be8d0cca7d62742eca859b419c10b92da06796276fdf

SHA512
636c28030c9b8132c1645837b633c2b56e80e9f72cb524c504e465db85c6b5f2cb053872c9a52e7fa7ed42afd8bb63d3e51625b7655fec57e5e6b48dcba3e6f5

Download Submit
C:\Windows\System\nOKZpPC.exe

Filesize
1.9MB

MD5
a614a5036a2361de1ac66c129b86c15f

SHA1
0a828818b53de1f6e841ea2581a33b41696ed501

SHA256
d74517b886a23ed593eee6a85234264ccd6fc444892c576f578d358ac305104a

SHA512
97e486e55d8bdd69ed65313a06695ed661a9389865bb86abbf070f9861a8fe4b8e6c96ed6815f685bf3ef16ab31e512fcd4b533bbc89c16d9849501f4732b854

Download Submit
C:\Windows\System\oXDmuFl.exe

Filesize
1.9MB

MD5
8e7ad9e39acf0ff5df7f23d014f100f4

SHA1
5dc4b95952818c1cf0d44d4363c118df105f44cd

SHA256
aa4505ca88f9af27d6cef0eed4da160c1fc67a3bc938560f840e8c13cb865472

SHA512
269c138a8f3abeae0838e0ce1e951a339b9def46dc95f087d1d50268d014b9aae4da1fc56b01a00c941069e449fb1d3cb725f414939b9d9996516876dbb4a5c7

Download Submit
C:\Windows\System\qtVhGFA.exe

Filesize
1.9MB

MD5
db61a5822d9d301b8dc34e093348405c

SHA1
f5aa4bbc5fc3c698eb4b42ebbca0907eb002754a

SHA256
e5a17ed078baad6db5b644e92abe12614c12ed2545b97de018d4cb2383d0d92d

SHA512
2e760307d85b43f0730c50d9a72b50bceb6ea4a72bfb1d79be705bf9be20e93d0dba1b00fb9c722f8a5d6a95a2a8c3345a1e1c01cad97b91287e23b289cacd8c

Download Submit
C:\Windows\System\rYcZLlM.exe

Filesize
1.9MB

MD5
5b20018f5e20235fe3b1cb08da6e18f6

SHA1
a1cddf8518e6e0afa9cc6cb55abb28728108d35e

SHA256
ee7af5da197b306dc40ab6e869b9e4d8a01ac1ae39b3d36aedd83586152f5f27

SHA512
d2afa0be2584203c1f9358ffdffe72a0e1aba73e44bb05a61873ca318afcd040bf8213616dfc90427fc60d5640319ed98e8ea98cc0d651021c8030655eae92bc

Download Submit
C:\Windows\System\uasiuKt.exe

Filesize
1.9MB

MD5
2f5c3b1b9808c9a85b1d6951f0e11ebc

SHA1
49a8d0e2ea051c0f4251feccb25473337aaa5086

SHA256
7ae351fb425b0f214e088ce426e65e0992b72e6475bf7f0a709bcc32a7363b00

SHA512
b53267f82c30443d6f53b29ae4df903c3d634d261f863059f073cd4aab20eec83caa1168d1fa3a86935c4d48da6ba91fae877cfb8a7b5b2ee4cd33cc8c649a1c

Download Submit
C:\Windows\System\uuKtgak.exe

Filesize
1.9MB

MD5
de727b50ccc61de77140069d3ce973c5

SHA1
b9481d39cb7d30b2bcd204d8b562986b341e3d79

SHA256
1382d612bc702c1df04c7f772ab9657b8411c6e9000ed7829f45160e1cda50d2

SHA512
e5abdf3b3aee6eb247d5ff272126aa44896f90a42acecd3a2f41f074bd3949a6f7e16fc20d697c95702a67a4aeb03765a6921815445191153e1b3ea4cc903f7e

Download Submit
C:\Windows\System\yKDnfuP.exe

Filesize
1.9MB

MD5
bec4f626062b280a144677b10473f686

SHA1
c71a73c3ee4da2feb27a8ad12f3690dc65243ee8

SHA256
75f3a4947b04ff006d0066383d7e0f6439bb80cc4509569ae14042d46dde0803

SHA512
afc78388d75a029ae35ee4db421bafe304684bd47e9c7f02b516d3629e4454ec0d4b673734dae87a4f9be483fb7ab0f6695ed4c3addce230a18f7d9c64656809

Download Submit
C:\Windows\System\yURcJzn.exe

Filesize
1.9MB

MD5
03029a438714d98cba9f77ee771f79fa

SHA1
07bfe3d0eca391c376d6a97888de6c84c2722b34

SHA256
5cfde19763e7c5e74ee032fb60ca11bc81d6efc930e9a8842093af0a1dfc0c9a

SHA512
15ac9a124f5636c78e4fc567daf94fc2fb749e9ce80094fb26e7879fe8d9597e437f163a2a2ff269ac19ffbcb2bcca929e3693855f4accb1ecc11ffb9b455f89

Download Submit
C:\Windows\System\ybMYZSz.exe

Filesize
1.9MB

MD5
39e877f03108d5544ce18c1c9f5f8013

SHA1
b521a0c8fed2ca372e398243b1dd72dcec72aaf7

SHA256
0d3dc8520844b6972a9d5ca2ab5fa1895daacd6715ad3bd7fb00a8866e08245b

SHA512
b6248995941a4b921813ee325df3b93ba413c6f8fd574201a4d8d5ef1f671ae723638663958c41591875541fc9d5edf80135eb9ab117c240e10c2f25c024a47b

Download Submit
C:\Windows\System\yxfiTbA.exe

Filesize
1.9MB

MD5
ea30f164533d33d6d7a2bca910f4c8a8

SHA1
c5f4ca91e60aac8820a9c9af206c55be7683fc08

SHA256
c143a078560402409787bf03b07bd729d8a55fb3807ffc71dbffffac53fbf0c1

SHA512
ca6ada5945327770420ca8ffb50c243ce2a5d6f43b8d5fb7fe8914872ba89d84bc6130d022443d0044d9b99c516e57f97336fc2db1883c089043a42089d6cdc8

Download Submit
memory/508-637-0x00007FF6A0730000-0x00007FF6A0B22000-memory.dmp

Filesize
3.9MB

Download
memory/508-4627-0x00007FF6A0730000-0x00007FF6A0B22000-memory.dmp

Filesize
3.9MB

Download
memory/852-631-0x00007FF7F6BE0000-0x00007FF7F6FD2000-memory.dmp

Filesize
3.9MB

Download
memory/852-4635-0x00007FF7F6BE0000-0x00007FF7F6FD2000-memory.dmp

Filesize
3.9MB

Download
memory/1616-4614-0x00007FF7EFF50000-0x00007FF7F0342000-memory.dmp

Filesize
3.9MB

Download
memory/1616-627-0x00007FF7EFF50000-0x00007FF7F0342000-memory.dmp

Filesize
3.9MB

Download
memory/2044-4585-0x00007FF758F40000-0x00007FF759332000-memory.dmp

Filesize
3.9MB

Download
memory/2044-225-0x00007FF758F40000-0x00007FF759332000-memory.dmp

Filesize
3.9MB

Download
memory/2216-4590-0x00007FF66AF60000-0x00007FF66B352000-memory.dmp

Filesize
3.9MB

Download
memory/2216-356-0x00007FF66AF60000-0x00007FF66B352000-memory.dmp

Filesize
3.9MB

Download
memory/2840-4545-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp

Filesize
3.9MB

Download
memory/2840-34-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp

Filesize
3.9MB

Download
memory/2840-4584-0x00007FF7E1720000-0x00007FF7E1B12000-memory.dmp

Filesize
3.9MB

Download
memory/2904-4593-0x00007FF74CD40000-0x00007FF74D132000-memory.dmp

Filesize
3.9MB

Download
memory/2904-289-0x00007FF74CD40000-0x00007FF74D132000-memory.dmp

Filesize
3.9MB

Download
memory/2908-4610-0x00007FF61B410000-0x00007FF61B802000-memory.dmp

Filesize
3.9MB

Download
memory/2908-262-0x00007FF61B410000-0x00007FF61B802000-memory.dmp

Filesize
3.9MB

Download
memory/2952-633-0x00007FF76B0E0000-0x00007FF76B4D2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-4616-0x00007FF76B0E0000-0x00007FF76B4D2000-memory.dmp

Filesize
3.9MB

Download
memory/3016-456-0x00007FF7C1BB0000-0x00007FF7C1FA2000-memory.dmp

Filesize
3.9MB

Download
memory/3016-4603-0x00007FF7C1BB0000-0x00007FF7C1FA2000-memory.dmp

Filesize
3.9MB

Download
memory/3068-4601-0x00007FF7DA350000-0x00007FF7DA742000-memory.dmp

Filesize
3.9MB

Download
memory/3068-403-0x00007FF7DA350000-0x00007FF7DA742000-memory.dmp

Filesize
3.9MB

Download
memory/3184-629-0x00007FF7E2C90000-0x00007FF7E3082000-memory.dmp

Filesize
3.9MB

Download
memory/3184-4623-0x00007FF7E2C90000-0x00007FF7E3082000-memory.dmp

Filesize
3.9MB

Download
memory/3208-4612-0x00007FF6E8310000-0x00007FF6E8702000-memory.dmp

Filesize
3.9MB

Download
memory/3208-457-0x00007FF6E8310000-0x00007FF6E8702000-memory.dmp

Filesize
3.9MB

Download
memory/3216-635-0x00007FF78DDB0000-0x00007FF78E1A2000-memory.dmp

Filesize
3.9MB

Download
memory/3216-4591-0x00007FF78DDB0000-0x00007FF78E1A2000-memory.dmp

Filesize
3.9MB

Download
memory/3624-4597-0x00007FF66F880000-0x00007FF66FC72000-memory.dmp

Filesize
3.9MB

Download
memory/3624-636-0x00007FF66F880000-0x00007FF66FC72000-memory.dmp

Filesize
3.9MB

Download
memory/4056-630-0x00007FF7DE270000-0x00007FF7DE662000-memory.dmp

Filesize
3.9MB

Download
memory/4056-4618-0x00007FF7DE270000-0x00007FF7DE662000-memory.dmp

Filesize
3.9MB

Download
memory/4220-0-0x00007FF762BF0000-0x00007FF762FE2000-memory.dmp

Filesize
3.9MB

Download
memory/4220-1-0x00000199EBB70000-0x00000199EBB80000-memory.dmp

Filesize
64KB

Download
memory/4628-4605-0x00007FF694E50000-0x00007FF695242000-memory.dmp

Filesize
3.9MB

Download
memory/4628-564-0x00007FF694E50000-0x00007FF695242000-memory.dmp

Filesize
3.9MB

Download
memory/4732-115-0x00007FFFD1720000-0x00007FFFD21E1000-memory.dmp

Filesize
10.8MB

Download
memory/4732-200-0x00007FFFD1720000-0x00007FFFD21E1000-memory.dmp

Filesize
10.8MB

Download
memory/4732-242-0x000001DA4FEB0000-0x000001DA4FED2000-memory.dmp

Filesize
136KB

Download
memory/4732-18-0x00007FFFD1723000-0x00007FFFD1725000-memory.dmp

Filesize
8KB

Download
memory/4796-567-0x00007FF7C6790000-0x00007FF7C6B82000-memory.dmp

Filesize
3.9MB

Download
memory/4796-4595-0x00007FF7C6790000-0x00007FF7C6B82000-memory.dmp

Filesize
3.9MB

Download
memory/4800-634-0x00007FF658D70000-0x00007FF659162000-memory.dmp

Filesize
3.9MB

Download
memory/4800-4580-0x00007FF658D70000-0x00007FF659162000-memory.dmp

Filesize
3.9MB

Download
memory/4832-4588-0x00007FF63BA50000-0x00007FF63BE42000-memory.dmp

Filesize
3.9MB

Download
memory/4832-290-0x00007FF63BA50000-0x00007FF63BE42000-memory.dmp

Filesize
3.9MB

Download
memory/4944-8-0x00007FF6A1310000-0x00007FF6A1702000-memory.dmp

Filesize
3.9MB

Download
memory/4944-4581-0x00007FF6A1310000-0x00007FF6A1702000-memory.dmp

Filesize
3.9MB

Download
memory/4944-4544-0x00007FF6A1310000-0x00007FF6A1702000-memory.dmp

Filesize
3.9MB

Download
memory/5012-4626-0x00007FF7A7930000-0x00007FF7A7D22000-memory.dmp

Filesize
3.9MB

Download
memory/5012-632-0x00007FF7A7930000-0x00007FF7A7D22000-memory.dmp

Filesize
3.9MB

Download
memory/5064-365-0x00007FF7C30D0000-0x00007FF7C34C2000-memory.dmp

Filesize
3.9MB

Download
memory/5064-4599-0x00007FF7C30D0000-0x00007FF7C34C2000-memory.dmp

Filesize
3.9MB

Download
memory/5068-4620-0x00007FF6DD3F0000-0x00007FF6DD7E2000-memory.dmp

Filesize
3.9MB

Download
memory/5068-628-0x00007FF6DD3F0000-0x00007FF6DD7E2000-memory.dmp

Filesize
3.9MB

Download