kpot | bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff

Analysis

max time kernel
131s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
Size

1.9MB
MD5

110c461af11f74e249c59373ab453ff0
SHA1

56c03d201424f94077fc868d1876e8eebce43ca5
SHA256

bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff
SHA512

14b82ab326e6e5eb92c6cb404789e2a9bc9995bc4bc0e9ec9665ef3e829ca48acb0e7aa09fc821c39a185ca4955087beaccfd7737fe24cb95405758fd7d3b53e
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SNav:oemTLkNdfE0pZrw/

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 37 IoCs

resource	yara_rule
behavioral2/files/0x00080000000235b0-15.dat	family_kpot
behavioral2/files/0x00070000000235b7-28.dat	family_kpot
behavioral2/files/0x00070000000235bb-43.dat	family_kpot
behavioral2/files/0x00070000000235ba-68.dat	family_kpot
behavioral2/files/0x00070000000235c4-91.dat	family_kpot
behavioral2/files/0x00070000000235bc-92.dat	family_kpot
behavioral2/files/0x00070000000235c9-113.dat	family_kpot
behavioral2/files/0x00070000000235c3-111.dat	family_kpot
behavioral2/files/0x00070000000235bf-109.dat	family_kpot
behavioral2/files/0x00070000000235c8-108.dat	family_kpot
behavioral2/files/0x00070000000235c7-103.dat	family_kpot
behavioral2/files/0x00070000000235c1-147.dat	family_kpot
behavioral2/files/0x00070000000235ca-166.dat	family_kpot
behavioral2/files/0x00080000000235b1-180.dat	family_kpot
behavioral2/files/0x00070000000235cd-178.dat	family_kpot
behavioral2/files/0x00070000000235d6-175.dat	family_kpot
behavioral2/files/0x00070000000235cb-171.dat	family_kpot
behavioral2/files/0x00070000000235d5-165.dat	family_kpot
behavioral2/files/0x00070000000235d4-159.dat	family_kpot
behavioral2/files/0x00070000000235d3-158.dat	family_kpot
behavioral2/files/0x00070000000235d2-157.dat	family_kpot
behavioral2/files/0x00070000000235d1-156.dat	family_kpot
behavioral2/files/0x00070000000235c6-153.dat	family_kpot
behavioral2/files/0x00070000000235c2-151.dat	family_kpot
behavioral2/files/0x00070000000235c5-149.dat	family_kpot
behavioral2/files/0x00070000000235d0-146.dat	family_kpot
behavioral2/files/0x00070000000235cf-145.dat	family_kpot
behavioral2/files/0x00070000000235ce-144.dat	family_kpot
behavioral2/files/0x00070000000235cc-133.dat	family_kpot
behavioral2/files/0x00070000000235c0-121.dat	family_kpot
behavioral2/files/0x00070000000235be-96.dat	family_kpot
behavioral2/files/0x00070000000235bd-87.dat	family_kpot
behavioral2/files/0x00070000000235b9-61.dat	family_kpot
behavioral2/files/0x00070000000235b6-47.dat	family_kpot
behavioral2/files/0x00070000000235b8-31.dat	family_kpot
behavioral2/files/0x00070000000235b5-22.dat	family_kpot
behavioral2/files/0x00070000000235b4-8.dat	family_kpot

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 14148 created 4472	14148	WerFaultSecure.exe	86

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4056-0-0x00007FF76D670000-0x00007FF76D9C4000-memory.dmp	xmrig
behavioral2/files/0x00080000000235b0-15.dat	xmrig
behavioral2/files/0x00070000000235b7-28.dat	xmrig
behavioral2/files/0x00070000000235bb-43.dat	xmrig
behavioral2/files/0x00070000000235ba-68.dat	xmrig
behavioral2/files/0x00070000000235c4-91.dat	xmrig
behavioral2/files/0x00070000000235bc-92.dat	xmrig
behavioral2/files/0x00070000000235c9-113.dat	xmrig
behavioral2/files/0x00070000000235c3-111.dat	xmrig
behavioral2/files/0x00070000000235bf-109.dat	xmrig
behavioral2/files/0x00070000000235c8-108.dat	xmrig
behavioral2/files/0x00070000000235c7-103.dat	xmrig
behavioral2/memory/4376-100-0x00007FF6A1D10000-0x00007FF6A2064000-memory.dmp	xmrig
behavioral2/files/0x00070000000235c1-147.dat	xmrig
behavioral2/files/0x00070000000235ca-166.dat	xmrig
behavioral2/files/0x00080000000235b1-180.dat	xmrig
behavioral2/memory/3604-195-0x00007FF6C30E0000-0x00007FF6C3434000-memory.dmp	xmrig
behavioral2/memory/636-201-0x00007FF6E2740000-0x00007FF6E2A94000-memory.dmp	xmrig
behavioral2/memory/1648-208-0x00007FF7AC8B0000-0x00007FF7ACC04000-memory.dmp	xmrig
behavioral2/memory/3100-207-0x00007FF64C4F0000-0x00007FF64C844000-memory.dmp	xmrig
behavioral2/memory/2912-206-0x00007FF7E9DE0000-0x00007FF7EA134000-memory.dmp	xmrig
behavioral2/memory/3704-205-0x00007FF68F870000-0x00007FF68FBC4000-memory.dmp	xmrig
behavioral2/memory/1256-204-0x00007FF775410000-0x00007FF775764000-memory.dmp	xmrig
behavioral2/memory/4908-203-0x00007FF65F0A0000-0x00007FF65F3F4000-memory.dmp	xmrig
behavioral2/memory/536-202-0x00007FF71B8F0000-0x00007FF71BC44000-memory.dmp	xmrig
behavioral2/memory/2532-200-0x00007FF7BB4C0000-0x00007FF7BB814000-memory.dmp	xmrig
behavioral2/memory/1240-199-0x00007FF75CB70000-0x00007FF75CEC4000-memory.dmp	xmrig
behavioral2/memory/1580-198-0x00007FF728B50000-0x00007FF728EA4000-memory.dmp	xmrig
behavioral2/memory/1280-197-0x00007FF685110000-0x00007FF685464000-memory.dmp	xmrig
behavioral2/memory/3768-196-0x00007FF6A99B0000-0x00007FF6A9D04000-memory.dmp	xmrig
behavioral2/memory/3248-194-0x00007FF6CB2E0000-0x00007FF6CB634000-memory.dmp	xmrig
behavioral2/memory/3892-190-0x00007FF6AB600000-0x00007FF6AB954000-memory.dmp	xmrig
behavioral2/memory/4580-187-0x00007FF746180000-0x00007FF7464D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235cd-178.dat	xmrig
behavioral2/files/0x00070000000235d6-175.dat	xmrig
behavioral2/memory/1032-174-0x00007FF778D90000-0x00007FF7790E4000-memory.dmp	xmrig
behavioral2/memory/4192-173-0x00007FF753820000-0x00007FF753B74000-memory.dmp	xmrig
behavioral2/files/0x00070000000235cb-171.dat	xmrig
behavioral2/files/0x00070000000235d5-165.dat	xmrig
behavioral2/memory/652-160-0x00007FF712B20000-0x00007FF712E74000-memory.dmp	xmrig
behavioral2/files/0x00070000000235d4-159.dat	xmrig
behavioral2/files/0x00070000000235d3-158.dat	xmrig
behavioral2/files/0x00070000000235d2-157.dat	xmrig
behavioral2/files/0x00070000000235d1-156.dat	xmrig
behavioral2/files/0x00070000000235c6-153.dat	xmrig
behavioral2/files/0x00070000000235c2-151.dat	xmrig
behavioral2/files/0x00070000000235c5-149.dat	xmrig
behavioral2/files/0x00070000000235d0-146.dat	xmrig
behavioral2/files/0x00070000000235cf-145.dat	xmrig
behavioral2/files/0x00070000000235ce-144.dat	xmrig
behavioral2/memory/3960-137-0x00007FF711840000-0x00007FF711B94000-memory.dmp	xmrig
behavioral2/files/0x00070000000235cc-133.dat	xmrig
behavioral2/memory/5068-129-0x00007FF7243B0000-0x00007FF724704000-memory.dmp	xmrig
behavioral2/files/0x00070000000235c0-121.dat	xmrig
behavioral2/files/0x00070000000235be-96.dat	xmrig
behavioral2/files/0x00070000000235bd-87.dat	xmrig
behavioral2/memory/4320-75-0x00007FF70A030000-0x00007FF70A384000-memory.dmp	xmrig
behavioral2/memory/5044-55-0x00007FF74BB20000-0x00007FF74BE74000-memory.dmp	xmrig
behavioral2/files/0x00070000000235b9-61.dat	xmrig
behavioral2/files/0x00070000000235b6-47.dat	xmrig
behavioral2/memory/2228-44-0x00007FF6762B0000-0x00007FF676604000-memory.dmp	xmrig
behavioral2/memory/1004-35-0x00007FF7D6190000-0x00007FF7D64E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000235b8-31.dat	xmrig
behavioral2/memory/1492-30-0x00007FF7D8BD0000-0x00007FF7D8F24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1420	ChtXkvd.exe
1492	UHAQNvx.exe
536	tcdBzKs.exe
1004	hWUCXXA.exe
2228	qcWudyG.exe
5044	GcmaUtY.exe
4908	ykjdpgT.exe
4320	jEbgWef.exe
4376	qKmbhFt.exe
1256	ZCEMLCR.exe
5068	cGcNBWt.exe
3960	QpAhpJP.exe
3704	LyTdrpt.exe
652	akgqiXF.exe
4192	gOcGobL.exe
1032	MEGaMrS.exe
2912	IlrBmyH.exe
4580	zrLMteG.exe
3892	beBxnih.exe
3248	IjCxrEJ.exe
3100	isOLjuA.exe
3604	StjfxWD.exe
3768	UPdgrDR.exe
1280	VPblMBp.exe
1580	fbvoBfL.exe
1240	arsSgEu.exe
1648	xiNsUAF.exe
2532	hzwcMnC.exe
636	RKZkPOZ.exe
1792	ROqTdaO.exe
3720	IrljQBu.exe
1512	kBlPibq.exe
3272	sEFGzVF.exe
4968	Wtfdkuo.exe
468	ERUmsGm.exe
3776	dyXyKNa.exe
2240	IlDzDPy.exe
2940	jdXLwTl.exe
4816	mBhgLib.exe
4156	gHTBZEs.exe
776	ksziDaB.exe
4032	dwIszYm.exe
2612	ivsgrkq.exe
2140	wpNXWzr.exe
3560	ULEaWQr.exe
2984	ffmFAij.exe
1632	ZldsLOu.exe
696	IQlPCTr.exe
1060	IkiEQIZ.exe
1620	hesYZfy.exe
3284	XVeZCMd.exe
2908	oUtCffa.exe
512	mssMbuE.exe
3308	tvktIAu.exe
4708	mUGnRco.exe
4180	GghJfIv.exe
1084	aKqvZVo.exe
4264	xakAOfK.exe
3564	NPirDba.exe
544	tUWevmq.exe
3532	PjvzvSo.exe
4500	UPjxnoK.exe
2804	znVhiRb.exe
4720	fDYoBLE.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4056-0-0x00007FF76D670000-0x00007FF76D9C4000-memory.dmp	upx
behavioral2/files/0x00080000000235b0-15.dat	upx
behavioral2/files/0x00070000000235b7-28.dat	upx
behavioral2/files/0x00070000000235bb-43.dat	upx
behavioral2/files/0x00070000000235ba-68.dat	upx
behavioral2/files/0x00070000000235c4-91.dat	upx
behavioral2/files/0x00070000000235bc-92.dat	upx
behavioral2/files/0x00070000000235c9-113.dat	upx
behavioral2/files/0x00070000000235c3-111.dat	upx
behavioral2/files/0x00070000000235bf-109.dat	upx
behavioral2/files/0x00070000000235c8-108.dat	upx
behavioral2/files/0x00070000000235c7-103.dat	upx
behavioral2/memory/4376-100-0x00007FF6A1D10000-0x00007FF6A2064000-memory.dmp	upx
behavioral2/files/0x00070000000235c1-147.dat	upx
behavioral2/files/0x00070000000235ca-166.dat	upx
behavioral2/files/0x00080000000235b1-180.dat	upx
behavioral2/memory/3604-195-0x00007FF6C30E0000-0x00007FF6C3434000-memory.dmp	upx
behavioral2/memory/636-201-0x00007FF6E2740000-0x00007FF6E2A94000-memory.dmp	upx
behavioral2/memory/1648-208-0x00007FF7AC8B0000-0x00007FF7ACC04000-memory.dmp	upx
behavioral2/memory/3100-207-0x00007FF64C4F0000-0x00007FF64C844000-memory.dmp	upx
behavioral2/memory/2912-206-0x00007FF7E9DE0000-0x00007FF7EA134000-memory.dmp	upx
behavioral2/memory/3704-205-0x00007FF68F870000-0x00007FF68FBC4000-memory.dmp	upx
behavioral2/memory/1256-204-0x00007FF775410000-0x00007FF775764000-memory.dmp	upx
behavioral2/memory/4908-203-0x00007FF65F0A0000-0x00007FF65F3F4000-memory.dmp	upx
behavioral2/memory/536-202-0x00007FF71B8F0000-0x00007FF71BC44000-memory.dmp	upx
behavioral2/memory/2532-200-0x00007FF7BB4C0000-0x00007FF7BB814000-memory.dmp	upx
behavioral2/memory/1240-199-0x00007FF75CB70000-0x00007FF75CEC4000-memory.dmp	upx
behavioral2/memory/1580-198-0x00007FF728B50000-0x00007FF728EA4000-memory.dmp	upx
behavioral2/memory/1280-197-0x00007FF685110000-0x00007FF685464000-memory.dmp	upx
behavioral2/memory/3768-196-0x00007FF6A99B0000-0x00007FF6A9D04000-memory.dmp	upx
behavioral2/memory/3248-194-0x00007FF6CB2E0000-0x00007FF6CB634000-memory.dmp	upx
behavioral2/memory/3892-190-0x00007FF6AB600000-0x00007FF6AB954000-memory.dmp	upx
behavioral2/memory/4580-187-0x00007FF746180000-0x00007FF7464D4000-memory.dmp	upx
behavioral2/files/0x00070000000235cd-178.dat	upx
behavioral2/files/0x00070000000235d6-175.dat	upx
behavioral2/memory/1032-174-0x00007FF778D90000-0x00007FF7790E4000-memory.dmp	upx
behavioral2/memory/4192-173-0x00007FF753820000-0x00007FF753B74000-memory.dmp	upx
behavioral2/files/0x00070000000235cb-171.dat	upx
behavioral2/files/0x00070000000235d5-165.dat	upx
behavioral2/memory/652-160-0x00007FF712B20000-0x00007FF712E74000-memory.dmp	upx
behavioral2/files/0x00070000000235d4-159.dat	upx
behavioral2/files/0x00070000000235d3-158.dat	upx
behavioral2/files/0x00070000000235d2-157.dat	upx
behavioral2/files/0x00070000000235d1-156.dat	upx
behavioral2/files/0x00070000000235c6-153.dat	upx
behavioral2/files/0x00070000000235c2-151.dat	upx
behavioral2/files/0x00070000000235c5-149.dat	upx
behavioral2/files/0x00070000000235d0-146.dat	upx
behavioral2/files/0x00070000000235cf-145.dat	upx
behavioral2/files/0x00070000000235ce-144.dat	upx
behavioral2/memory/3960-137-0x00007FF711840000-0x00007FF711B94000-memory.dmp	upx
behavioral2/files/0x00070000000235cc-133.dat	upx
behavioral2/memory/5068-129-0x00007FF7243B0000-0x00007FF724704000-memory.dmp	upx
behavioral2/files/0x00070000000235c0-121.dat	upx
behavioral2/files/0x00070000000235be-96.dat	upx
behavioral2/files/0x00070000000235bd-87.dat	upx
behavioral2/memory/4320-75-0x00007FF70A030000-0x00007FF70A384000-memory.dmp	upx
behavioral2/memory/5044-55-0x00007FF74BB20000-0x00007FF74BE74000-memory.dmp	upx
behavioral2/files/0x00070000000235b9-61.dat	upx
behavioral2/files/0x00070000000235b6-47.dat	upx
behavioral2/memory/2228-44-0x00007FF6762B0000-0x00007FF676604000-memory.dmp	upx
behavioral2/memory/1004-35-0x00007FF7D6190000-0x00007FF7D64E4000-memory.dmp	upx
behavioral2/files/0x00070000000235b8-31.dat	upx
behavioral2/memory/1492-30-0x00007FF7D8BD0000-0x00007FF7D8F24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GqNnMZB.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\FSVRUZg.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\QnIBElv.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\NduzWjO.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\mssMbuE.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\XTkfWXf.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\PCNiADU.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\rHwrntr.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\dhTSotz.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\grKcTfW.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\Gpdqlrs.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\ciruEQg.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\iBiSUtM.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\CzJKkDz.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\RJwvQdv.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\fmFICLg.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\TrLISfy.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\StjiNVX.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\Xtloudq.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\crwBrrx.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\wxkIdNO.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\nSWxyGQ.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\YKwOBXg.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\UJuTvEX.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\Xhjgujy.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\Uuuwelo.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\EiNKDDM.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\jXBgiae.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\YmOGsIo.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\FtpzDLH.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\sUBfawQ.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\GcqfTwF.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\RIjEmAk.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\njnhvcT.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\uqeYZVU.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\BVTshUp.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\UTNnhKr.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\QfXFvKS.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\MxolMwP.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\qhwEslR.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\ZdURlfH.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\RLAebYn.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\rUIwgEB.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\VoxoFzj.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\flPArGU.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\FCLVzOt.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\QvBHyBO.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\dPIdMyj.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\fbvoBfL.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\mUGnRco.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\JqxcGLd.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\UbMhZUd.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\tHCgAKZ.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\ZBMCcRX.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\DwTenHD.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\beBxnih.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\wpNXWzr.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\BitYQrz.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\LTZBdPp.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\RKZkPOZ.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\xpFNWLQ.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\VFlLfho.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\MABaJdl.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
File created	C:\Windows\System\PEBKVAl.exe	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
13928	WerFaultSecure.exe
13928	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 1420	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	89
PID 4056 wrote to memory of 1420	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	89
PID 4056 wrote to memory of 1492	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	90
PID 4056 wrote to memory of 1492	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	90
PID 4056 wrote to memory of 536	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	91
PID 4056 wrote to memory of 536	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	91
PID 4056 wrote to memory of 1004	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	92
PID 4056 wrote to memory of 1004	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	92
PID 4056 wrote to memory of 2228	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	93
PID 4056 wrote to memory of 2228	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	93
PID 4056 wrote to memory of 5044	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	94
PID 4056 wrote to memory of 5044	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	94
PID 4056 wrote to memory of 4908	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	95
PID 4056 wrote to memory of 4908	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	95
PID 4056 wrote to memory of 4320	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	96
PID 4056 wrote to memory of 4320	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	96
PID 4056 wrote to memory of 4376	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	97
PID 4056 wrote to memory of 4376	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	97
PID 4056 wrote to memory of 5068	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	98
PID 4056 wrote to memory of 5068	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	98
PID 4056 wrote to memory of 1256	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	99
PID 4056 wrote to memory of 1256	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	99
PID 4056 wrote to memory of 3960	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	100
PID 4056 wrote to memory of 3960	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	100
PID 4056 wrote to memory of 3704	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	101
PID 4056 wrote to memory of 3704	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	101
PID 4056 wrote to memory of 652	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	102
PID 4056 wrote to memory of 652	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	102
PID 4056 wrote to memory of 4192	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	103
PID 4056 wrote to memory of 4192	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	103
PID 4056 wrote to memory of 1032	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	104
PID 4056 wrote to memory of 1032	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	104
PID 4056 wrote to memory of 2912	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	105
PID 4056 wrote to memory of 2912	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	105
PID 4056 wrote to memory of 4580	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	106
PID 4056 wrote to memory of 4580	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	106
PID 4056 wrote to memory of 3892	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	107
PID 4056 wrote to memory of 3892	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	107
PID 4056 wrote to memory of 3248	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	108
PID 4056 wrote to memory of 3248	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	108
PID 4056 wrote to memory of 3100	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	109
PID 4056 wrote to memory of 3100	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	109
PID 4056 wrote to memory of 3604	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	110
PID 4056 wrote to memory of 3604	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	110
PID 4056 wrote to memory of 3768	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	111
PID 4056 wrote to memory of 3768	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	111
PID 4056 wrote to memory of 1280	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	112
PID 4056 wrote to memory of 1280	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	112
PID 4056 wrote to memory of 1580	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	113
PID 4056 wrote to memory of 1580	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	113
PID 4056 wrote to memory of 1240	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	114
PID 4056 wrote to memory of 1240	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	114
PID 4056 wrote to memory of 1648	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	115
PID 4056 wrote to memory of 1648	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	115
PID 4056 wrote to memory of 2532	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	116
PID 4056 wrote to memory of 2532	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	116
PID 4056 wrote to memory of 636	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	117
PID 4056 wrote to memory of 636	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	117
PID 4056 wrote to memory of 1792	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	118
PID 4056 wrote to memory of 1792	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	118
PID 4056 wrote to memory of 3720	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	119
PID 4056 wrote to memory of 3720	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	119
PID 4056 wrote to memory of 1512	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	120
PID 4056 wrote to memory of 1512	4056	bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe	120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:4472
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 4472 -s 1600
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:13928

C:\Users\Admin\AppData\Local\Temp\bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bab85621e375026cab1c431b6fcd17c4e4316f9619dd1471a5abf579019e1cff_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Windows\System\ChtXkvd.exe
  C:\Windows\System\ChtXkvd.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\UHAQNvx.exe
  C:\Windows\System\UHAQNvx.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\tcdBzKs.exe
  C:\Windows\System\tcdBzKs.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\hWUCXXA.exe
  C:\Windows\System\hWUCXXA.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\qcWudyG.exe
  C:\Windows\System\qcWudyG.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\GcmaUtY.exe
  C:\Windows\System\GcmaUtY.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\ykjdpgT.exe
  C:\Windows\System\ykjdpgT.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\jEbgWef.exe
  C:\Windows\System\jEbgWef.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\qKmbhFt.exe
  C:\Windows\System\qKmbhFt.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\cGcNBWt.exe
  C:\Windows\System\cGcNBWt.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\ZCEMLCR.exe
  C:\Windows\System\ZCEMLCR.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\QpAhpJP.exe
  C:\Windows\System\QpAhpJP.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\LyTdrpt.exe
  C:\Windows\System\LyTdrpt.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\akgqiXF.exe
  C:\Windows\System\akgqiXF.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\gOcGobL.exe
  C:\Windows\System\gOcGobL.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\MEGaMrS.exe
  C:\Windows\System\MEGaMrS.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\IlrBmyH.exe
  C:\Windows\System\IlrBmyH.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\zrLMteG.exe
  C:\Windows\System\zrLMteG.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\beBxnih.exe
  C:\Windows\System\beBxnih.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\IjCxrEJ.exe
  C:\Windows\System\IjCxrEJ.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\isOLjuA.exe
  C:\Windows\System\isOLjuA.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\StjfxWD.exe
  C:\Windows\System\StjfxWD.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\UPdgrDR.exe
  C:\Windows\System\UPdgrDR.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\VPblMBp.exe
  C:\Windows\System\VPblMBp.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\fbvoBfL.exe
  C:\Windows\System\fbvoBfL.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\arsSgEu.exe
  C:\Windows\System\arsSgEu.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\xiNsUAF.exe
  C:\Windows\System\xiNsUAF.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\hzwcMnC.exe
  C:\Windows\System\hzwcMnC.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\RKZkPOZ.exe
  C:\Windows\System\RKZkPOZ.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\ROqTdaO.exe
  C:\Windows\System\ROqTdaO.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\IrljQBu.exe
  C:\Windows\System\IrljQBu.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\kBlPibq.exe
  C:\Windows\System\kBlPibq.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\sEFGzVF.exe
  C:\Windows\System\sEFGzVF.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\Wtfdkuo.exe
  C:\Windows\System\Wtfdkuo.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\ERUmsGm.exe
  C:\Windows\System\ERUmsGm.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\dyXyKNa.exe
  C:\Windows\System\dyXyKNa.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\IlDzDPy.exe
  C:\Windows\System\IlDzDPy.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\jdXLwTl.exe
  C:\Windows\System\jdXLwTl.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\mBhgLib.exe
  C:\Windows\System\mBhgLib.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\gHTBZEs.exe
  C:\Windows\System\gHTBZEs.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\ksziDaB.exe
  C:\Windows\System\ksziDaB.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\dwIszYm.exe
  C:\Windows\System\dwIszYm.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\ivsgrkq.exe
  C:\Windows\System\ivsgrkq.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\wpNXWzr.exe
  C:\Windows\System\wpNXWzr.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\ULEaWQr.exe
  C:\Windows\System\ULEaWQr.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\ffmFAij.exe
  C:\Windows\System\ffmFAij.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\ZldsLOu.exe
  C:\Windows\System\ZldsLOu.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\IQlPCTr.exe
  C:\Windows\System\IQlPCTr.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\IkiEQIZ.exe
  C:\Windows\System\IkiEQIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\hesYZfy.exe
  C:\Windows\System\hesYZfy.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\XVeZCMd.exe
  C:\Windows\System\XVeZCMd.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\oUtCffa.exe
  C:\Windows\System\oUtCffa.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\mssMbuE.exe
  C:\Windows\System\mssMbuE.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\tvktIAu.exe
  C:\Windows\System\tvktIAu.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\mUGnRco.exe
  C:\Windows\System\mUGnRco.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\GghJfIv.exe
  C:\Windows\System\GghJfIv.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\aKqvZVo.exe
  C:\Windows\System\aKqvZVo.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\xakAOfK.exe
  C:\Windows\System\xakAOfK.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\NPirDba.exe
  C:\Windows\System\NPirDba.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\tUWevmq.exe
  C:\Windows\System\tUWevmq.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\PjvzvSo.exe
  C:\Windows\System\PjvzvSo.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\UPjxnoK.exe
  C:\Windows\System\UPjxnoK.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\znVhiRb.exe
  C:\Windows\System\znVhiRb.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\fDYoBLE.exe
  C:\Windows\System\fDYoBLE.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\xlzSqVa.exe
  C:\Windows\System\xlzSqVa.exe
  2⤵
  PID:2880
- C:\Windows\System\ZanhqNV.exe
  C:\Windows\System\ZanhqNV.exe
  2⤵
  PID:4820
- C:\Windows\System\sYfgIlj.exe
  C:\Windows\System\sYfgIlj.exe
  2⤵
  PID:3524
- C:\Windows\System\oIMbJNs.exe
  C:\Windows\System\oIMbJNs.exe
  2⤵
  PID:1092
- C:\Windows\System\dEDJgXw.exe
  C:\Windows\System\dEDJgXw.exe
  2⤵
  PID:4552
- C:\Windows\System\bEfRECz.exe
  C:\Windows\System\bEfRECz.exe
  2⤵
  PID:3436
- C:\Windows\System\SnAAklU.exe
  C:\Windows\System\SnAAklU.exe
  2⤵
  PID:4016
- C:\Windows\System\bItVhAf.exe
  C:\Windows\System\bItVhAf.exe
  2⤵
  PID:4876
- C:\Windows\System\hxYHNuI.exe
  C:\Windows\System\hxYHNuI.exe
  2⤵
  PID:4432
- C:\Windows\System\vKaialv.exe
  C:\Windows\System\vKaialv.exe
  2⤵
  PID:4548
- C:\Windows\System\GRolgIq.exe
  C:\Windows\System\GRolgIq.exe
  2⤵
  PID:3152
- C:\Windows\System\FmbpKBO.exe
  C:\Windows\System\FmbpKBO.exe
  2⤵
  PID:3060
- C:\Windows\System\CbuxAvn.exe
  C:\Windows\System\CbuxAvn.exe
  2⤵
  PID:4608
- C:\Windows\System\HIYTsIa.exe
  C:\Windows\System\HIYTsIa.exe
  2⤵
  PID:1272
- C:\Windows\System\zsnNMmE.exe
  C:\Windows\System\zsnNMmE.exe
  2⤵
  PID:2420
- C:\Windows\System\RUJjgIx.exe
  C:\Windows\System\RUJjgIx.exe
  2⤵
  PID:2096
- C:\Windows\System\hflahuF.exe
  C:\Windows\System\hflahuF.exe
  2⤵
  PID:3400
- C:\Windows\System\SJQbbUO.exe
  C:\Windows\System\SJQbbUO.exe
  2⤵
  PID:3500
- C:\Windows\System\KoLdWvr.exe
  C:\Windows\System\KoLdWvr.exe
  2⤵
  PID:1552
- C:\Windows\System\tWUaVPF.exe
  C:\Windows\System\tWUaVPF.exe
  2⤵
  PID:3012
- C:\Windows\System\tagjqGZ.exe
  C:\Windows\System\tagjqGZ.exe
  2⤵
  PID:5108
- C:\Windows\System\xpFNWLQ.exe
  C:\Windows\System\xpFNWLQ.exe
  2⤵
  PID:1468
- C:\Windows\System\nvOnlsU.exe
  C:\Windows\System\nvOnlsU.exe
  2⤵
  PID:1636
- C:\Windows\System\vXkqSGt.exe
  C:\Windows\System\vXkqSGt.exe
  2⤵
  PID:3136
- C:\Windows\System\GvqnkVR.exe
  C:\Windows\System\GvqnkVR.exe
  2⤵
  PID:1300
- C:\Windows\System\YGwjyEJ.exe
  C:\Windows\System\YGwjyEJ.exe
  2⤵
  PID:5152
- C:\Windows\System\ZdURlfH.exe
  C:\Windows\System\ZdURlfH.exe
  2⤵
  PID:5180
- C:\Windows\System\RLAebYn.exe
  C:\Windows\System\RLAebYn.exe
  2⤵
  PID:5212
- C:\Windows\System\qepKAwU.exe
  C:\Windows\System\qepKAwU.exe
  2⤵
  PID:5240
- C:\Windows\System\pyGnNfa.exe
  C:\Windows\System\pyGnNfa.exe
  2⤵
  PID:5264
- C:\Windows\System\pITItEJ.exe
  C:\Windows\System\pITItEJ.exe
  2⤵
  PID:5300
- C:\Windows\System\FnMyJsQ.exe
  C:\Windows\System\FnMyJsQ.exe
  2⤵
  PID:5328
- C:\Windows\System\XTkfWXf.exe
  C:\Windows\System\XTkfWXf.exe
  2⤵
  PID:5376
- C:\Windows\System\ghnyLnO.exe
  C:\Windows\System\ghnyLnO.exe
  2⤵
  PID:5400
- C:\Windows\System\hyoRvTY.exe
  C:\Windows\System\hyoRvTY.exe
  2⤵
  PID:5432
- C:\Windows\System\VAYlJcM.exe
  C:\Windows\System\VAYlJcM.exe
  2⤵
  PID:5460
- C:\Windows\System\RIjEmAk.exe
  C:\Windows\System\RIjEmAk.exe
  2⤵
  PID:5488
- C:\Windows\System\YVeJxdu.exe
  C:\Windows\System\YVeJxdu.exe
  2⤵
  PID:5512
- C:\Windows\System\LzJThqE.exe
  C:\Windows\System\LzJThqE.exe
  2⤵
  PID:5548
- C:\Windows\System\VZLtmEG.exe
  C:\Windows\System\VZLtmEG.exe
  2⤵
  PID:5564
- C:\Windows\System\axYWCyw.exe
  C:\Windows\System\axYWCyw.exe
  2⤵
  PID:5592
- C:\Windows\System\PCNiADU.exe
  C:\Windows\System\PCNiADU.exe
  2⤵
  PID:5620
- C:\Windows\System\GcojzhI.exe
  C:\Windows\System\GcojzhI.exe
  2⤵
  PID:5648
- C:\Windows\System\bPbLpGN.exe
  C:\Windows\System\bPbLpGN.exe
  2⤵
  PID:5680
- C:\Windows\System\dBQdVcv.exe
  C:\Windows\System\dBQdVcv.exe
  2⤵
  PID:5712
- C:\Windows\System\KMpOBtQ.exe
  C:\Windows\System\KMpOBtQ.exe
  2⤵
  PID:5748
- C:\Windows\System\crwBrrx.exe
  C:\Windows\System\crwBrrx.exe
  2⤵
  PID:5772
- C:\Windows\System\XfzFChm.exe
  C:\Windows\System\XfzFChm.exe
  2⤵
  PID:5800
- C:\Windows\System\GqNnMZB.exe
  C:\Windows\System\GqNnMZB.exe
  2⤵
  PID:5828
- C:\Windows\System\dBuWNHR.exe
  C:\Windows\System\dBuWNHR.exe
  2⤵
  PID:5856
- C:\Windows\System\DMOdLfx.exe
  C:\Windows\System\DMOdLfx.exe
  2⤵
  PID:5896
- C:\Windows\System\dUvZWcD.exe
  C:\Windows\System\dUvZWcD.exe
  2⤵
  PID:5912
- C:\Windows\System\otdmhKN.exe
  C:\Windows\System\otdmhKN.exe
  2⤵
  PID:5940
- C:\Windows\System\xmqpzaJ.exe
  C:\Windows\System\xmqpzaJ.exe
  2⤵
  PID:5972
- C:\Windows\System\gVStKsv.exe
  C:\Windows\System\gVStKsv.exe
  2⤵
  PID:6008
- C:\Windows\System\tgTAMnd.exe
  C:\Windows\System\tgTAMnd.exe
  2⤵
  PID:6024
- C:\Windows\System\QIfDDua.exe
  C:\Windows\System\QIfDDua.exe
  2⤵
  PID:6040
- C:\Windows\System\Cggucja.exe
  C:\Windows\System\Cggucja.exe
  2⤵
  PID:6068
- C:\Windows\System\XRsFEyE.exe
  C:\Windows\System\XRsFEyE.exe
  2⤵
  PID:6108
- C:\Windows\System\oOoBBVL.exe
  C:\Windows\System\oOoBBVL.exe
  2⤵
  PID:6124
- C:\Windows\System\EUhVOOd.exe
  C:\Windows\System\EUhVOOd.exe
  2⤵
  PID:4728
- C:\Windows\System\PRqpaAO.exe
  C:\Windows\System\PRqpaAO.exe
  2⤵
  PID:212
- C:\Windows\System\pDEEYhg.exe
  C:\Windows\System\pDEEYhg.exe
  2⤵
  PID:5208
- C:\Windows\System\fpopcXm.exe
  C:\Windows\System\fpopcXm.exe
  2⤵
  PID:5260
- C:\Windows\System\zrztKcm.exe
  C:\Windows\System\zrztKcm.exe
  2⤵
  PID:5324
- C:\Windows\System\wmdEXHK.exe
  C:\Windows\System\wmdEXHK.exe
  2⤵
  PID:5408
- C:\Windows\System\KzJzlYv.exe
  C:\Windows\System\KzJzlYv.exe
  2⤵
  PID:5480
- C:\Windows\System\Uuuwelo.exe
  C:\Windows\System\Uuuwelo.exe
  2⤵
  PID:5524
- C:\Windows\System\phrjPXn.exe
  C:\Windows\System\phrjPXn.exe
  2⤵
  PID:5576
- C:\Windows\System\XEyWexO.exe
  C:\Windows\System\XEyWexO.exe
  2⤵
  PID:5672
- C:\Windows\System\efmbtUL.exe
  C:\Windows\System\efmbtUL.exe
  2⤵
  PID:5732
- C:\Windows\System\imzRolj.exe
  C:\Windows\System\imzRolj.exe
  2⤵
  PID:5820
- C:\Windows\System\RQnTgyu.exe
  C:\Windows\System\RQnTgyu.exe
  2⤵
  PID:5868
- C:\Windows\System\lXqxzkK.exe
  C:\Windows\System\lXqxzkK.exe
  2⤵
  PID:5924
- C:\Windows\System\xFEBEZE.exe
  C:\Windows\System\xFEBEZE.exe
  2⤵
  PID:5980
- C:\Windows\System\pJsBsrg.exe
  C:\Windows\System\pJsBsrg.exe
  2⤵
  PID:6052
- C:\Windows\System\oxbXKFD.exe
  C:\Windows\System\oxbXKFD.exe
  2⤵
  PID:6136
- C:\Windows\System\EMJQnqr.exe
  C:\Windows\System\EMJQnqr.exe
  2⤵
  PID:5176
- C:\Windows\System\iVKJVYc.exe
  C:\Windows\System\iVKJVYc.exe
  2⤵
  PID:5284
- C:\Windows\System\TCXHgJp.exe
  C:\Windows\System\TCXHgJp.exe
  2⤵
  PID:5444
- C:\Windows\System\jhIfKRz.exe
  C:\Windows\System\jhIfKRz.exe
  2⤵
  PID:5664
- C:\Windows\System\WNwNcOk.exe
  C:\Windows\System\WNwNcOk.exe
  2⤵
  PID:5764
- C:\Windows\System\TkkwxvN.exe
  C:\Windows\System\TkkwxvN.exe
  2⤵
  PID:6016
- C:\Windows\System\uFvPJZI.exe
  C:\Windows\System\uFvPJZI.exe
  2⤵
  PID:5144
- C:\Windows\System\hWxbctv.exe
  C:\Windows\System\hWxbctv.exe
  2⤵
  PID:5360
- C:\Windows\System\lUTMGZE.exe
  C:\Windows\System\lUTMGZE.exe
  2⤵
  PID:5556
- C:\Windows\System\nHYidIz.exe
  C:\Windows\System\nHYidIz.exe
  2⤵
  PID:5784
- C:\Windows\System\HMPRVPh.exe
  C:\Windows\System\HMPRVPh.exe
  2⤵
  PID:5696
- C:\Windows\System\SyNDlty.exe
  C:\Windows\System\SyNDlty.exe
  2⤵
  PID:6172
- C:\Windows\System\MsoWwgd.exe
  C:\Windows\System\MsoWwgd.exe
  2⤵
  PID:6200
- C:\Windows\System\vtqtTky.exe
  C:\Windows\System\vtqtTky.exe
  2⤵
  PID:6240
- C:\Windows\System\OTwWoqU.exe
  C:\Windows\System\OTwWoqU.exe
  2⤵
  PID:6268
- C:\Windows\System\tPcfmNv.exe
  C:\Windows\System\tPcfmNv.exe
  2⤵
  PID:6308
- C:\Windows\System\yRYPDSx.exe
  C:\Windows\System\yRYPDSx.exe
  2⤵
  PID:6328
- C:\Windows\System\HEqWkFI.exe
  C:\Windows\System\HEqWkFI.exe
  2⤵
  PID:6356
- C:\Windows\System\sfPwFgz.exe
  C:\Windows\System\sfPwFgz.exe
  2⤵
  PID:6376
- C:\Windows\System\JqxcGLd.exe
  C:\Windows\System\JqxcGLd.exe
  2⤵
  PID:6404
- C:\Windows\System\YynEyjK.exe
  C:\Windows\System\YynEyjK.exe
  2⤵
  PID:6440
- C:\Windows\System\LeCmSnL.exe
  C:\Windows\System\LeCmSnL.exe
  2⤵
  PID:6468
- C:\Windows\System\NWCIPlN.exe
  C:\Windows\System\NWCIPlN.exe
  2⤵
  PID:6504
- C:\Windows\System\sMLrSls.exe
  C:\Windows\System\sMLrSls.exe
  2⤵
  PID:6544
- C:\Windows\System\gVBEEgf.exe
  C:\Windows\System\gVBEEgf.exe
  2⤵
  PID:6568
- C:\Windows\System\VoxoFzj.exe
  C:\Windows\System\VoxoFzj.exe
  2⤵
  PID:6600
- C:\Windows\System\JzGJPiN.exe
  C:\Windows\System\JzGJPiN.exe
  2⤵
  PID:6640
- C:\Windows\System\gmKjnRS.exe
  C:\Windows\System\gmKjnRS.exe
  2⤵
  PID:6668
- C:\Windows\System\wKNHhWk.exe
  C:\Windows\System\wKNHhWk.exe
  2⤵
  PID:6688
- C:\Windows\System\IjvgkmG.exe
  C:\Windows\System\IjvgkmG.exe
  2⤵
  PID:6720
- C:\Windows\System\xQOUPea.exe
  C:\Windows\System\xQOUPea.exe
  2⤵
  PID:6740
- C:\Windows\System\fozDtUV.exe
  C:\Windows\System\fozDtUV.exe
  2⤵
  PID:6772
- C:\Windows\System\BitYQrz.exe
  C:\Windows\System\BitYQrz.exe
  2⤵
  PID:6804
- C:\Windows\System\HsBrShb.exe
  C:\Windows\System\HsBrShb.exe
  2⤵
  PID:6828
- C:\Windows\System\FABHSeP.exe
  C:\Windows\System\FABHSeP.exe
  2⤵
  PID:6856
- C:\Windows\System\ckAqTYE.exe
  C:\Windows\System\ckAqTYE.exe
  2⤵
  PID:6876
- C:\Windows\System\mmoUIvc.exe
  C:\Windows\System\mmoUIvc.exe
  2⤵
  PID:6908
- C:\Windows\System\tRozwtL.exe
  C:\Windows\System\tRozwtL.exe
  2⤵
  PID:6928
- C:\Windows\System\aeOUzeA.exe
  C:\Windows\System\aeOUzeA.exe
  2⤵
  PID:6952
- C:\Windows\System\EDWbTpg.exe
  C:\Windows\System\EDWbTpg.exe
  2⤵
  PID:6984
- C:\Windows\System\sVsCAlj.exe
  C:\Windows\System\sVsCAlj.exe
  2⤵
  PID:7012
- C:\Windows\System\RnTQlSV.exe
  C:\Windows\System\RnTQlSV.exe
  2⤵
  PID:7036
- C:\Windows\System\SPUCxeB.exe
  C:\Windows\System\SPUCxeB.exe
  2⤵
  PID:7068
- C:\Windows\System\OENjXdK.exe
  C:\Windows\System\OENjXdK.exe
  2⤵
  PID:7084
- C:\Windows\System\tRfTKXC.exe
  C:\Windows\System\tRfTKXC.exe
  2⤵
  PID:7116
- C:\Windows\System\sNKWSDw.exe
  C:\Windows\System\sNKWSDw.exe
  2⤵
  PID:7152
- C:\Windows\System\jrIJVKL.exe
  C:\Windows\System\jrIJVKL.exe
  2⤵
  PID:5744
- C:\Windows\System\oTiBudf.exe
  C:\Windows\System\oTiBudf.exe
  2⤵
  PID:6216
- C:\Windows\System\CivujJs.exe
  C:\Windows\System\CivujJs.exe
  2⤵
  PID:6292
- C:\Windows\System\jETsVnM.exe
  C:\Windows\System\jETsVnM.exe
  2⤵
  PID:6388
- C:\Windows\System\dcuvXza.exe
  C:\Windows\System\dcuvXza.exe
  2⤵
  PID:6448
- C:\Windows\System\WygggYt.exe
  C:\Windows\System\WygggYt.exe
  2⤵
  PID:6496
- C:\Windows\System\lUyuwZA.exe
  C:\Windows\System\lUyuwZA.exe
  2⤵
  PID:6564
- C:\Windows\System\pftcXOR.exe
  C:\Windows\System\pftcXOR.exe
  2⤵
  PID:6636
- C:\Windows\System\Ycothzr.exe
  C:\Windows\System\Ycothzr.exe
  2⤵
  PID:6700
- C:\Windows\System\bgHLfoX.exe
  C:\Windows\System\bgHLfoX.exe
  2⤵
  PID:6784
- C:\Windows\System\gkffDKQ.exe
  C:\Windows\System\gkffDKQ.exe
  2⤵
  PID:6812
- C:\Windows\System\SqSMNki.exe
  C:\Windows\System\SqSMNki.exe
  2⤵
  PID:6864
- C:\Windows\System\LZgkDZF.exe
  C:\Windows\System\LZgkDZF.exe
  2⤵
  PID:6924
- C:\Windows\System\dPXVQfU.exe
  C:\Windows\System\dPXVQfU.exe
  2⤵
  PID:7028
- C:\Windows\System\VZmfgPi.exe
  C:\Windows\System\VZmfgPi.exe
  2⤵
  PID:7136
- C:\Windows\System\rjmIdBW.exe
  C:\Windows\System\rjmIdBW.exe
  2⤵
  PID:7160
- C:\Windows\System\Gpdqlrs.exe
  C:\Windows\System\Gpdqlrs.exe
  2⤵
  PID:6280
- C:\Windows\System\vpsIvaj.exe
  C:\Windows\System\vpsIvaj.exe
  2⤵
  PID:6412
- C:\Windows\System\xeoGhKG.exe
  C:\Windows\System\xeoGhKG.exe
  2⤵
  PID:6596
- C:\Windows\System\pHzNlfA.exe
  C:\Windows\System\pHzNlfA.exe
  2⤵
  PID:6716
- C:\Windows\System\MaYtUiS.exe
  C:\Windows\System\MaYtUiS.exe
  2⤵
  PID:7052
- C:\Windows\System\MedUKRU.exe
  C:\Windows\System\MedUKRU.exe
  2⤵
  PID:7128
- C:\Windows\System\hbnCZoC.exe
  C:\Windows\System\hbnCZoC.exe
  2⤵
  PID:6180
- C:\Windows\System\emQaxMh.exe
  C:\Windows\System\emQaxMh.exe
  2⤵
  PID:6612
- C:\Windows\System\njnhvcT.exe
  C:\Windows\System\njnhvcT.exe
  2⤵
  PID:6820
- C:\Windows\System\sctVaRe.exe
  C:\Windows\System\sctVaRe.exe
  2⤵
  PID:6368
- C:\Windows\System\UiiDoxo.exe
  C:\Windows\System\UiiDoxo.exe
  2⤵
  PID:7108
- C:\Windows\System\fVgpLNd.exe
  C:\Windows\System\fVgpLNd.exe
  2⤵
  PID:7196
- C:\Windows\System\ZvWOwgT.exe
  C:\Windows\System\ZvWOwgT.exe
  2⤵
  PID:7212
- C:\Windows\System\mMGjcSq.exe
  C:\Windows\System\mMGjcSq.exe
  2⤵
  PID:7240
- C:\Windows\System\OnSoCsO.exe
  C:\Windows\System\OnSoCsO.exe
  2⤵
  PID:7268
- C:\Windows\System\LwMbVOS.exe
  C:\Windows\System\LwMbVOS.exe
  2⤵
  PID:7312
- C:\Windows\System\fGKafqX.exe
  C:\Windows\System\fGKafqX.exe
  2⤵
  PID:7336
- C:\Windows\System\GjCLETs.exe
  C:\Windows\System\GjCLETs.exe
  2⤵
  PID:7368
- C:\Windows\System\zEHJrKD.exe
  C:\Windows\System\zEHJrKD.exe
  2⤵
  PID:7396
- C:\Windows\System\FdqgCLx.exe
  C:\Windows\System\FdqgCLx.exe
  2⤵
  PID:7432
- C:\Windows\System\KdZYYcD.exe
  C:\Windows\System\KdZYYcD.exe
  2⤵
  PID:7452
- C:\Windows\System\YMCWWMZ.exe
  C:\Windows\System\YMCWWMZ.exe
  2⤵
  PID:7476
- C:\Windows\System\eRGiiey.exe
  C:\Windows\System\eRGiiey.exe
  2⤵
  PID:7508
- C:\Windows\System\UuVTSXL.exe
  C:\Windows\System\UuVTSXL.exe
  2⤵
  PID:7540
- C:\Windows\System\pvhMDnl.exe
  C:\Windows\System\pvhMDnl.exe
  2⤵
  PID:7572
- C:\Windows\System\uqeYZVU.exe
  C:\Windows\System\uqeYZVU.exe
  2⤵
  PID:7588
- C:\Windows\System\ZlezKyu.exe
  C:\Windows\System\ZlezKyu.exe
  2⤵
  PID:7612
- C:\Windows\System\zhrIIHO.exe
  C:\Windows\System\zhrIIHO.exe
  2⤵
  PID:7628
- C:\Windows\System\HYJHcRd.exe
  C:\Windows\System\HYJHcRd.exe
  2⤵
  PID:7648
- C:\Windows\System\WvFRXYf.exe
  C:\Windows\System\WvFRXYf.exe
  2⤵
  PID:7672
- C:\Windows\System\zgBuSAU.exe
  C:\Windows\System\zgBuSAU.exe
  2⤵
  PID:7692
- C:\Windows\System\JUpsQat.exe
  C:\Windows\System\JUpsQat.exe
  2⤵
  PID:7716
- C:\Windows\System\guChHlH.exe
  C:\Windows\System\guChHlH.exe
  2⤵
  PID:7748
- C:\Windows\System\AxxbRPo.exe
  C:\Windows\System\AxxbRPo.exe
  2⤵
  PID:7780
- C:\Windows\System\TuKOcli.exe
  C:\Windows\System\TuKOcli.exe
  2⤵
  PID:7816
- C:\Windows\System\bZKublE.exe
  C:\Windows\System\bZKublE.exe
  2⤵
  PID:7844
- C:\Windows\System\EiNKDDM.exe
  C:\Windows\System\EiNKDDM.exe
  2⤵
  PID:7872
- C:\Windows\System\lBpKHtK.exe
  C:\Windows\System\lBpKHtK.exe
  2⤵
  PID:7896
- C:\Windows\System\ScIcHux.exe
  C:\Windows\System\ScIcHux.exe
  2⤵
  PID:7924
- C:\Windows\System\lviIuDh.exe
  C:\Windows\System\lviIuDh.exe
  2⤵
  PID:7956
- C:\Windows\System\HhbEmuE.exe
  C:\Windows\System\HhbEmuE.exe
  2⤵
  PID:7984
- C:\Windows\System\usOyegw.exe
  C:\Windows\System\usOyegw.exe
  2⤵
  PID:8016
- C:\Windows\System\IYYDjFA.exe
  C:\Windows\System\IYYDjFA.exe
  2⤵
  PID:8048
- C:\Windows\System\jXBgiae.exe
  C:\Windows\System\jXBgiae.exe
  2⤵
  PID:8080
- C:\Windows\System\dWdDWcJ.exe
  C:\Windows\System\dWdDWcJ.exe
  2⤵
  PID:8108
- C:\Windows\System\wxkIdNO.exe
  C:\Windows\System\wxkIdNO.exe
  2⤵
  PID:8148
- C:\Windows\System\HyNOMeo.exe
  C:\Windows\System\HyNOMeo.exe
  2⤵
  PID:8164
- C:\Windows\System\ciruEQg.exe
  C:\Windows\System\ciruEQg.exe
  2⤵
  PID:6556
- C:\Windows\System\qoodrlK.exe
  C:\Windows\System\qoodrlK.exe
  2⤵
  PID:7180
- C:\Windows\System\WXSUCBK.exe
  C:\Windows\System\WXSUCBK.exe
  2⤵
  PID:7208
- C:\Windows\System\ZLsbfhe.exe
  C:\Windows\System\ZLsbfhe.exe
  2⤵
  PID:7324
- C:\Windows\System\SkExLWf.exe
  C:\Windows\System\SkExLWf.exe
  2⤵
  PID:7356
- C:\Windows\System\uYzBGmL.exe
  C:\Windows\System\uYzBGmL.exe
  2⤵
  PID:7460
- C:\Windows\System\FEGMoGj.exe
  C:\Windows\System\FEGMoGj.exe
  2⤵
  PID:7560
- C:\Windows\System\YoKHuyo.exe
  C:\Windows\System\YoKHuyo.exe
  2⤵
  PID:7596
- C:\Windows\System\DIdfUwX.exe
  C:\Windows\System\DIdfUwX.exe
  2⤵
  PID:7620
- C:\Windows\System\ItUgxuo.exe
  C:\Windows\System\ItUgxuo.exe
  2⤵
  PID:7764
- C:\Windows\System\gtdOKPg.exe
  C:\Windows\System\gtdOKPg.exe
  2⤵
  PID:7808
- C:\Windows\System\UbMhZUd.exe
  C:\Windows\System\UbMhZUd.exe
  2⤵
  PID:7864
- C:\Windows\System\CleFGOg.exe
  C:\Windows\System\CleFGOg.exe
  2⤵
  PID:7948
- C:\Windows\System\tmICWhc.exe
  C:\Windows\System\tmICWhc.exe
  2⤵
  PID:8040
- C:\Windows\System\VFlLfho.exe
  C:\Windows\System\VFlLfho.exe
  2⤵
  PID:7976
- C:\Windows\System\eZlEJZP.exe
  C:\Windows\System\eZlEJZP.exe
  2⤵
  PID:8104
- C:\Windows\System\DfoJSNK.exe
  C:\Windows\System\DfoJSNK.exe
  2⤵
  PID:8136
- C:\Windows\System\rUIwgEB.exe
  C:\Windows\System\rUIwgEB.exe
  2⤵
  PID:7188
- C:\Windows\System\BnnoRvI.exe
  C:\Windows\System\BnnoRvI.exe
  2⤵
  PID:7328
- C:\Windows\System\BVTshUp.exe
  C:\Windows\System\BVTshUp.exe
  2⤵
  PID:7500
- C:\Windows\System\wDZKHDz.exe
  C:\Windows\System\wDZKHDz.exe
  2⤵
  PID:7688
- C:\Windows\System\vDMWZbQ.exe
  C:\Windows\System\vDMWZbQ.exe
  2⤵
  PID:7944
- C:\Windows\System\yoeffav.exe
  C:\Windows\System\yoeffav.exe
  2⤵
  PID:8060
- C:\Windows\System\OqRdCRy.exe
  C:\Windows\System\OqRdCRy.exe
  2⤵
  PID:7224
- C:\Windows\System\jtfmwPm.exe
  C:\Windows\System\jtfmwPm.exe
  2⤵
  PID:7668
- C:\Windows\System\gmQPwQN.exe
  C:\Windows\System\gmQPwQN.exe
  2⤵
  PID:8180
- C:\Windows\System\CbMWRPS.exe
  C:\Windows\System\CbMWRPS.exe
  2⤵
  PID:6936
- C:\Windows\System\IJvXkGn.exe
  C:\Windows\System\IJvXkGn.exe
  2⤵
  PID:8208
- C:\Windows\System\vMZJvfm.exe
  C:\Windows\System\vMZJvfm.exe
  2⤵
  PID:8240
- C:\Windows\System\lccKXQC.exe
  C:\Windows\System\lccKXQC.exe
  2⤵
  PID:8260
- C:\Windows\System\CKUwxhO.exe
  C:\Windows\System\CKUwxhO.exe
  2⤵
  PID:8288
- C:\Windows\System\bTocwzx.exe
  C:\Windows\System\bTocwzx.exe
  2⤵
  PID:8320
- C:\Windows\System\BQsMvHf.exe
  C:\Windows\System\BQsMvHf.exe
  2⤵
  PID:8352
- C:\Windows\System\ElFfdPu.exe
  C:\Windows\System\ElFfdPu.exe
  2⤵
  PID:8372
- C:\Windows\System\lwsBtgR.exe
  C:\Windows\System\lwsBtgR.exe
  2⤵
  PID:8400
- C:\Windows\System\MSPOqgx.exe
  C:\Windows\System\MSPOqgx.exe
  2⤵
  PID:8432
- C:\Windows\System\QoPrhzB.exe
  C:\Windows\System\QoPrhzB.exe
  2⤵
  PID:8464
- C:\Windows\System\RpuOfPl.exe
  C:\Windows\System\RpuOfPl.exe
  2⤵
  PID:8484
- C:\Windows\System\vexQLPp.exe
  C:\Windows\System\vexQLPp.exe
  2⤵
  PID:8512
- C:\Windows\System\flYGxqA.exe
  C:\Windows\System\flYGxqA.exe
  2⤵
  PID:8544
- C:\Windows\System\SJSOBjE.exe
  C:\Windows\System\SJSOBjE.exe
  2⤵
  PID:8572
- C:\Windows\System\NsdJhDJ.exe
  C:\Windows\System\NsdJhDJ.exe
  2⤵
  PID:8596
- C:\Windows\System\WtwRxUu.exe
  C:\Windows\System\WtwRxUu.exe
  2⤵
  PID:8620
- C:\Windows\System\KogLFNY.exe
  C:\Windows\System\KogLFNY.exe
  2⤵
  PID:8644
- C:\Windows\System\dNausQT.exe
  C:\Windows\System\dNausQT.exe
  2⤵
  PID:8680
- C:\Windows\System\vWKwdHf.exe
  C:\Windows\System\vWKwdHf.exe
  2⤵
  PID:8708
- C:\Windows\System\UTNnhKr.exe
  C:\Windows\System\UTNnhKr.exe
  2⤵
  PID:8724
- C:\Windows\System\QfXFvKS.exe
  C:\Windows\System\QfXFvKS.exe
  2⤵
  PID:8744
- C:\Windows\System\ULTnJyG.exe
  C:\Windows\System\ULTnJyG.exe
  2⤵
  PID:8780
- C:\Windows\System\bavzply.exe
  C:\Windows\System\bavzply.exe
  2⤵
  PID:8804
- C:\Windows\System\SfmepSw.exe
  C:\Windows\System\SfmepSw.exe
  2⤵
  PID:8844
- C:\Windows\System\GfIljKB.exe
  C:\Windows\System\GfIljKB.exe
  2⤵
  PID:8860
- C:\Windows\System\aWkFaeM.exe
  C:\Windows\System\aWkFaeM.exe
  2⤵
  PID:8904
- C:\Windows\System\GiddnLP.exe
  C:\Windows\System\GiddnLP.exe
  2⤵
  PID:8920
- C:\Windows\System\XmrniAv.exe
  C:\Windows\System\XmrniAv.exe
  2⤵
  PID:8936
- C:\Windows\System\ccQiHBo.exe
  C:\Windows\System\ccQiHBo.exe
  2⤵
  PID:8960
- C:\Windows\System\gbzIjFY.exe
  C:\Windows\System\gbzIjFY.exe
  2⤵
  PID:8976
- C:\Windows\System\MzhhUXE.exe
  C:\Windows\System\MzhhUXE.exe
  2⤵
  PID:9004
- C:\Windows\System\ulQAYLR.exe
  C:\Windows\System\ulQAYLR.exe
  2⤵
  PID:9032
- C:\Windows\System\YmOGsIo.exe
  C:\Windows\System\YmOGsIo.exe
  2⤵
  PID:9064
- C:\Windows\System\FEIRlXL.exe
  C:\Windows\System\FEIRlXL.exe
  2⤵
  PID:9088
- C:\Windows\System\KkYLDKX.exe
  C:\Windows\System\KkYLDKX.exe
  2⤵
  PID:9124
- C:\Windows\System\uRclhrN.exe
  C:\Windows\System\uRclhrN.exe
  2⤵
  PID:9148
- C:\Windows\System\iWngOtz.exe
  C:\Windows\System\iWngOtz.exe
  2⤵
  PID:9184
- C:\Windows\System\JxfMppC.exe
  C:\Windows\System\JxfMppC.exe
  2⤵
  PID:9204
- C:\Windows\System\xtCaPdE.exe
  C:\Windows\System\xtCaPdE.exe
  2⤵
  PID:8216
- C:\Windows\System\XRFqufu.exe
  C:\Windows\System\XRFqufu.exe
  2⤵
  PID:8272
- C:\Windows\System\cnbFUhr.exe
  C:\Windows\System\cnbFUhr.exe
  2⤵
  PID:8344
- C:\Windows\System\kzdicfl.exe
  C:\Windows\System\kzdicfl.exe
  2⤵
  PID:8384
- C:\Windows\System\gvshOyJ.exe
  C:\Windows\System\gvshOyJ.exe
  2⤵
  PID:8480
- C:\Windows\System\nSWxyGQ.exe
  C:\Windows\System\nSWxyGQ.exe
  2⤵
  PID:8528
- C:\Windows\System\OFOubDo.exe
  C:\Windows\System\OFOubDo.exe
  2⤵
  PID:8592
- C:\Windows\System\aYXSOqr.exe
  C:\Windows\System\aYXSOqr.exe
  2⤵
  PID:8660
- C:\Windows\System\AulbUbV.exe
  C:\Windows\System\AulbUbV.exe
  2⤵
  PID:8732
- C:\Windows\System\TrLISfy.exe
  C:\Windows\System\TrLISfy.exe
  2⤵
  PID:8816
- C:\Windows\System\VnmDGsp.exe
  C:\Windows\System\VnmDGsp.exe
  2⤵
  PID:8856
- C:\Windows\System\yfcmCSy.exe
  C:\Windows\System\yfcmCSy.exe
  2⤵
  PID:8988
- C:\Windows\System\iFDWxdn.exe
  C:\Windows\System\iFDWxdn.exe
  2⤵
  PID:9080
- C:\Windows\System\djMdoqE.exe
  C:\Windows\System\djMdoqE.exe
  2⤵
  PID:9056
- C:\Windows\System\SDfsuDF.exe
  C:\Windows\System\SDfsuDF.exe
  2⤵
  PID:9144
- C:\Windows\System\EkJZHtX.exe
  C:\Windows\System\EkJZHtX.exe
  2⤵
  PID:9180
- C:\Windows\System\YKwOBXg.exe
  C:\Windows\System\YKwOBXg.exe
  2⤵
  PID:8304
- C:\Windows\System\JyaGrkP.exe
  C:\Windows\System\JyaGrkP.exe
  2⤵
  PID:8524
- C:\Windows\System\fToknHa.exe
  C:\Windows\System\fToknHa.exe
  2⤵
  PID:8560
- C:\Windows\System\zwUnjhR.exe
  C:\Windows\System\zwUnjhR.exe
  2⤵
  PID:8760
- C:\Windows\System\DxreVrb.exe
  C:\Windows\System\DxreVrb.exe
  2⤵
  PID:9028
- C:\Windows\System\EcheLdu.exe
  C:\Windows\System\EcheLdu.exe
  2⤵
  PID:8916
- C:\Windows\System\wXOrcCn.exe
  C:\Windows\System\wXOrcCn.exe
  2⤵
  PID:8388
- C:\Windows\System\GhmZATc.exe
  C:\Windows\System\GhmZATc.exe
  2⤵
  PID:8588
- C:\Windows\System\dreKybp.exe
  C:\Windows\System\dreKybp.exe
  2⤵
  PID:9116
- C:\Windows\System\VDLRgeM.exe
  C:\Windows\System\VDLRgeM.exe
  2⤵
  PID:8900
- C:\Windows\System\MvtHGOt.exe
  C:\Windows\System\MvtHGOt.exe
  2⤵
  PID:9304
- C:\Windows\System\TuPyVje.exe
  C:\Windows\System\TuPyVje.exe
  2⤵
  PID:9320
- C:\Windows\System\gqVljMm.exe
  C:\Windows\System\gqVljMm.exe
  2⤵
  PID:9348
- C:\Windows\System\fIneFuA.exe
  C:\Windows\System\fIneFuA.exe
  2⤵
  PID:9380
- C:\Windows\System\tCNfLtU.exe
  C:\Windows\System\tCNfLtU.exe
  2⤵
  PID:9404
- C:\Windows\System\iBsfAEV.exe
  C:\Windows\System\iBsfAEV.exe
  2⤵
  PID:9428
- C:\Windows\System\lgNEgDo.exe
  C:\Windows\System\lgNEgDo.exe
  2⤵
  PID:9452
- C:\Windows\System\HHEWfcA.exe
  C:\Windows\System\HHEWfcA.exe
  2⤵
  PID:9472
- C:\Windows\System\ZkkIegx.exe
  C:\Windows\System\ZkkIegx.exe
  2⤵
  PID:9492
- C:\Windows\System\OcqDrVp.exe
  C:\Windows\System\OcqDrVp.exe
  2⤵
  PID:9532
- C:\Windows\System\iuGoPSj.exe
  C:\Windows\System\iuGoPSj.exe
  2⤵
  PID:9556
- C:\Windows\System\WAdfSsI.exe
  C:\Windows\System\WAdfSsI.exe
  2⤵
  PID:9600
- C:\Windows\System\dohAZUj.exe
  C:\Windows\System\dohAZUj.exe
  2⤵
  PID:9628
- C:\Windows\System\ztybJPy.exe
  C:\Windows\System\ztybJPy.exe
  2⤵
  PID:9656
- C:\Windows\System\StjiNVX.exe
  C:\Windows\System\StjiNVX.exe
  2⤵
  PID:9688
- C:\Windows\System\PflUBPI.exe
  C:\Windows\System\PflUBPI.exe
  2⤵
  PID:9716
- C:\Windows\System\rnrsXtS.exe
  C:\Windows\System\rnrsXtS.exe
  2⤵
  PID:9748
- C:\Windows\System\flPArGU.exe
  C:\Windows\System\flPArGU.exe
  2⤵
  PID:9780
- C:\Windows\System\NdzTGJR.exe
  C:\Windows\System\NdzTGJR.exe
  2⤵
  PID:9796
- C:\Windows\System\efOqMhn.exe
  C:\Windows\System\efOqMhn.exe
  2⤵
  PID:9816
- C:\Windows\System\LTZBdPp.exe
  C:\Windows\System\LTZBdPp.exe
  2⤵
  PID:9840
- C:\Windows\System\gnncWuv.exe
  C:\Windows\System\gnncWuv.exe
  2⤵
  PID:9876
- C:\Windows\System\mPNeJiV.exe
  C:\Windows\System\mPNeJiV.exe
  2⤵
  PID:9900
- C:\Windows\System\brubZxB.exe
  C:\Windows\System\brubZxB.exe
  2⤵
  PID:9928
- C:\Windows\System\SbYwJIu.exe
  C:\Windows\System\SbYwJIu.exe
  2⤵
  PID:9948
- C:\Windows\System\pusFrFw.exe
  C:\Windows\System\pusFrFw.exe
  2⤵
  PID:9964
- C:\Windows\System\uEMioTL.exe
  C:\Windows\System\uEMioTL.exe
  2⤵
  PID:9988
- C:\Windows\System\tiaILEY.exe
  C:\Windows\System\tiaILEY.exe
  2⤵
  PID:10020
- C:\Windows\System\EuKsaAD.exe
  C:\Windows\System\EuKsaAD.exe
  2⤵
  PID:10044
- C:\Windows\System\AgvCFap.exe
  C:\Windows\System\AgvCFap.exe
  2⤵
  PID:10084
- C:\Windows\System\SkHHvKe.exe
  C:\Windows\System\SkHHvKe.exe
  2⤵
  PID:10116
- C:\Windows\System\RlWonNP.exe
  C:\Windows\System\RlWonNP.exe
  2⤵
  PID:10136
- C:\Windows\System\owggnAE.exe
  C:\Windows\System\owggnAE.exe
  2⤵
  PID:10164
- C:\Windows\System\sANqGqq.exe
  C:\Windows\System\sANqGqq.exe
  2⤵
  PID:10204
- C:\Windows\System\OraBdcN.exe
  C:\Windows\System\OraBdcN.exe
  2⤵
  PID:10236
- C:\Windows\System\UpeTQur.exe
  C:\Windows\System\UpeTQur.exe
  2⤵
  PID:9316
- C:\Windows\System\DXPENbc.exe
  C:\Windows\System\DXPENbc.exe
  2⤵
  PID:9336
- C:\Windows\System\gNeFTyl.exe
  C:\Windows\System\gNeFTyl.exe
  2⤵
  PID:9436
- C:\Windows\System\AVAAmPG.exe
  C:\Windows\System\AVAAmPG.exe
  2⤵
  PID:9488
- C:\Windows\System\BwrWeuA.exe
  C:\Windows\System\BwrWeuA.exe
  2⤵
  PID:9544
- C:\Windows\System\rDmwQUj.exe
  C:\Windows\System\rDmwQUj.exe
  2⤵
  PID:9648
- C:\Windows\System\KeEUCle.exe
  C:\Windows\System\KeEUCle.exe
  2⤵
  PID:9700
- C:\Windows\System\AXzjNAE.exe
  C:\Windows\System\AXzjNAE.exe
  2⤵
  PID:9764
- C:\Windows\System\yTWOeQM.exe
  C:\Windows\System\yTWOeQM.exe
  2⤵
  PID:9812
- C:\Windows\System\JUIoNIm.exe
  C:\Windows\System\JUIoNIm.exe
  2⤵
  PID:9864
- C:\Windows\System\QZJnfbM.exe
  C:\Windows\System\QZJnfbM.exe
  2⤵
  PID:9960
- C:\Windows\System\JivOFRS.exe
  C:\Windows\System\JivOFRS.exe
  2⤵
  PID:10076
- C:\Windows\System\IHMUeaF.exe
  C:\Windows\System\IHMUeaF.exe
  2⤵
  PID:10148
- C:\Windows\System\iBiSUtM.exe
  C:\Windows\System\iBiSUtM.exe
  2⤵
  PID:7472
- C:\Windows\System\OpXtUUC.exe
  C:\Windows\System\OpXtUUC.exe
  2⤵
  PID:10228
- C:\Windows\System\FSVRUZg.exe
  C:\Windows\System\FSVRUZg.exe
  2⤵
  PID:9540
- C:\Windows\System\itjMvcz.exe
  C:\Windows\System\itjMvcz.exe
  2⤵
  PID:9668
- C:\Windows\System\Mnwurcl.exe
  C:\Windows\System\Mnwurcl.exe
  2⤵
  PID:9772
- C:\Windows\System\sLVIkJG.exe
  C:\Windows\System\sLVIkJG.exe
  2⤵
  PID:9940
- C:\Windows\System\ZsBdYnC.exe
  C:\Windows\System\ZsBdYnC.exe
  2⤵
  PID:10036
- C:\Windows\System\mLcrxEX.exe
  C:\Windows\System\mLcrxEX.exe
  2⤵
  PID:9332
- C:\Windows\System\UJuTvEX.exe
  C:\Windows\System\UJuTvEX.exe
  2⤵
  PID:9416
- C:\Windows\System\zwAZehK.exe
  C:\Windows\System\zwAZehK.exe
  2⤵
  PID:10104
- C:\Windows\System\HWOQuOL.exe
  C:\Windows\System\HWOQuOL.exe
  2⤵
  PID:9996
- C:\Windows\System\KAEhVuY.exe
  C:\Windows\System\KAEhVuY.exe
  2⤵
  PID:10248
- C:\Windows\System\WpesWTo.exe
  C:\Windows\System\WpesWTo.exe
  2⤵
  PID:10280
- C:\Windows\System\cnIvgef.exe
  C:\Windows\System\cnIvgef.exe
  2⤵
  PID:10308
- C:\Windows\System\eJpufmN.exe
  C:\Windows\System\eJpufmN.exe
  2⤵
  PID:10340
- C:\Windows\System\aaYjbEe.exe
  C:\Windows\System\aaYjbEe.exe
  2⤵
  PID:10376
- C:\Windows\System\kELsWuW.exe
  C:\Windows\System\kELsWuW.exe
  2⤵
  PID:10400
- C:\Windows\System\bUesNZh.exe
  C:\Windows\System\bUesNZh.exe
  2⤵
  PID:10436
- C:\Windows\System\wmJWaLI.exe
  C:\Windows\System\wmJWaLI.exe
  2⤵
  PID:10460
- C:\Windows\System\rSDcmgW.exe
  C:\Windows\System\rSDcmgW.exe
  2⤵
  PID:10476
- C:\Windows\System\KFZhpfJ.exe
  C:\Windows\System\KFZhpfJ.exe
  2⤵
  PID:10500
- C:\Windows\System\gBDNWwt.exe
  C:\Windows\System\gBDNWwt.exe
  2⤵
  PID:10540
- C:\Windows\System\GySKZjJ.exe
  C:\Windows\System\GySKZjJ.exe
  2⤵
  PID:10564
- C:\Windows\System\arsuxYs.exe
  C:\Windows\System\arsuxYs.exe
  2⤵
  PID:10584
- C:\Windows\System\uyWnBZh.exe
  C:\Windows\System\uyWnBZh.exe
  2⤵
  PID:10616
- C:\Windows\System\xflDqkQ.exe
  C:\Windows\System\xflDqkQ.exe
  2⤵
  PID:10644
- C:\Windows\System\yhNEyhH.exe
  C:\Windows\System\yhNEyhH.exe
  2⤵
  PID:10668
- C:\Windows\System\JZqrvOZ.exe
  C:\Windows\System\JZqrvOZ.exe
  2⤵
  PID:10696
- C:\Windows\System\CzJKkDz.exe
  C:\Windows\System\CzJKkDz.exe
  2⤵
  PID:10728
- C:\Windows\System\uLdUdKF.exe
  C:\Windows\System\uLdUdKF.exe
  2⤵
  PID:10764
- C:\Windows\System\apFcXEx.exe
  C:\Windows\System\apFcXEx.exe
  2⤵
  PID:10800
- C:\Windows\System\TJalBCI.exe
  C:\Windows\System\TJalBCI.exe
  2⤵
  PID:10824
- C:\Windows\System\IRvdagz.exe
  C:\Windows\System\IRvdagz.exe
  2⤵
  PID:10840
- C:\Windows\System\hNgqYSY.exe
  C:\Windows\System\hNgqYSY.exe
  2⤵
  PID:10872
- C:\Windows\System\FCLVzOt.exe
  C:\Windows\System\FCLVzOt.exe
  2⤵
  PID:10908
- C:\Windows\System\IWwhiuZ.exe
  C:\Windows\System\IWwhiuZ.exe
  2⤵
  PID:10940
- C:\Windows\System\YqxBGEZ.exe
  C:\Windows\System\YqxBGEZ.exe
  2⤵
  PID:10968
- C:\Windows\System\LUrQjde.exe
  C:\Windows\System\LUrQjde.exe
  2⤵
  PID:11000
- C:\Windows\System\FbRJHej.exe
  C:\Windows\System\FbRJHej.exe
  2⤵
  PID:11036
- C:\Windows\System\qpSnxXH.exe
  C:\Windows\System\qpSnxXH.exe
  2⤵
  PID:11056
- C:\Windows\System\ZOcYswe.exe
  C:\Windows\System\ZOcYswe.exe
  2⤵
  PID:11100
- C:\Windows\System\Jyphyiy.exe
  C:\Windows\System\Jyphyiy.exe
  2⤵
  PID:11120
- C:\Windows\System\oPqRcWc.exe
  C:\Windows\System\oPqRcWc.exe
  2⤵
  PID:11152
- C:\Windows\System\nqDmuZE.exe
  C:\Windows\System\nqDmuZE.exe
  2⤵
  PID:11188
- C:\Windows\System\KtAkGOr.exe
  C:\Windows\System\KtAkGOr.exe
  2⤵
  PID:11216
- C:\Windows\System\qfPnLve.exe
  C:\Windows\System\qfPnLve.exe
  2⤵
  PID:11248
- C:\Windows\System\ftXMdfL.exe
  C:\Windows\System\ftXMdfL.exe
  2⤵
  PID:9388
- C:\Windows\System\VOkAinq.exe
  C:\Windows\System\VOkAinq.exe
  2⤵
  PID:10296
- C:\Windows\System\wNDkAGW.exe
  C:\Windows\System\wNDkAGW.exe
  2⤵
  PID:10352
- C:\Windows\System\GzCgZfx.exe
  C:\Windows\System\GzCgZfx.exe
  2⤵
  PID:10412
- C:\Windows\System\IDQdydl.exe
  C:\Windows\System\IDQdydl.exe
  2⤵
  PID:10496
- C:\Windows\System\nkcWgnF.exe
  C:\Windows\System\nkcWgnF.exe
  2⤵
  PID:10552
- C:\Windows\System\ztrLDtB.exe
  C:\Windows\System\ztrLDtB.exe
  2⤵
  PID:10664
- C:\Windows\System\CrNEGmV.exe
  C:\Windows\System\CrNEGmV.exe
  2⤵
  PID:10624
- C:\Windows\System\PFEGjru.exe
  C:\Windows\System\PFEGjru.exe
  2⤵
  PID:10752
- C:\Windows\System\OmwhyQW.exe
  C:\Windows\System\OmwhyQW.exe
  2⤵
  PID:10832
- C:\Windows\System\umjDyAW.exe
  C:\Windows\System\umjDyAW.exe
  2⤵
  PID:10820
- C:\Windows\System\dVgXrVy.exe
  C:\Windows\System\dVgXrVy.exe
  2⤵
  PID:10900
- C:\Windows\System\rYKRpvo.exe
  C:\Windows\System\rYKRpvo.exe
  2⤵
  PID:10988
- C:\Windows\System\SogMFvf.exe
  C:\Windows\System\SogMFvf.exe
  2⤵
  PID:11044
- C:\Windows\System\DlqdDsk.exe
  C:\Windows\System\DlqdDsk.exe
  2⤵
  PID:11132
- C:\Windows\System\wzuylQa.exe
  C:\Windows\System\wzuylQa.exe
  2⤵
  PID:11164
- C:\Windows\System\lyqSwRB.exe
  C:\Windows\System\lyqSwRB.exe
  2⤵
  PID:9424
- C:\Windows\System\zdknGJV.exe
  C:\Windows\System\zdknGJV.exe
  2⤵
  PID:10384
- C:\Windows\System\TjWBZgW.exe
  C:\Windows\System\TjWBZgW.exe
  2⤵
  PID:10488
- C:\Windows\System\CGWwfzZ.exe
  C:\Windows\System\CGWwfzZ.exe
  2⤵
  PID:10684
- C:\Windows\System\CATWkUP.exe
  C:\Windows\System\CATWkUP.exe
  2⤵
  PID:10860
- C:\Windows\System\CSggszh.exe
  C:\Windows\System\CSggszh.exe
  2⤵
  PID:10904
- C:\Windows\System\MABaJdl.exe
  C:\Windows\System\MABaJdl.exe
  2⤵
  PID:11092
- C:\Windows\System\CzMVpUJ.exe
  C:\Windows\System\CzMVpUJ.exe
  2⤵
  PID:11228
- C:\Windows\System\OSXYVhb.exe
  C:\Windows\System\OSXYVhb.exe
  2⤵
  PID:10548
- C:\Windows\System\aFNCwMD.exe
  C:\Windows\System\aFNCwMD.exe
  2⤵
  PID:10784
- C:\Windows\System\dTFEejD.exe
  C:\Windows\System\dTFEejD.exe
  2⤵
  PID:11232
- C:\Windows\System\nIhAyra.exe
  C:\Windows\System\nIhAyra.exe
  2⤵
  PID:10888
- C:\Windows\System\gIPRzCV.exe
  C:\Windows\System\gIPRzCV.exe
  2⤵
  PID:11280
- C:\Windows\System\cItVhFF.exe
  C:\Windows\System\cItVhFF.exe
  2⤵
  PID:11308
- C:\Windows\System\FtpzDLH.exe
  C:\Windows\System\FtpzDLH.exe
  2⤵
  PID:11324
- C:\Windows\System\rHwrntr.exe
  C:\Windows\System\rHwrntr.exe
  2⤵
  PID:11348
- C:\Windows\System\QWhKdQQ.exe
  C:\Windows\System\QWhKdQQ.exe
  2⤵
  PID:11368
- C:\Windows\System\GOJzaBe.exe
  C:\Windows\System\GOJzaBe.exe
  2⤵
  PID:11388
- C:\Windows\System\UNjSYpK.exe
  C:\Windows\System\UNjSYpK.exe
  2⤵
  PID:11416
- C:\Windows\System\kuKizRn.exe
  C:\Windows\System\kuKizRn.exe
  2⤵
  PID:11448
- C:\Windows\System\znYeRmC.exe
  C:\Windows\System\znYeRmC.exe
  2⤵
  PID:11472
- C:\Windows\System\vjcTegf.exe
  C:\Windows\System\vjcTegf.exe
  2⤵
  PID:11508
- C:\Windows\System\QnIBElv.exe
  C:\Windows\System\QnIBElv.exe
  2⤵
  PID:11532
- C:\Windows\System\BhlqFAV.exe
  C:\Windows\System\BhlqFAV.exe
  2⤵
  PID:11556
- C:\Windows\System\jzdVtml.exe
  C:\Windows\System\jzdVtml.exe
  2⤵
  PID:11588
- C:\Windows\System\kJPkwsJ.exe
  C:\Windows\System\kJPkwsJ.exe
  2⤵
  PID:11604
- C:\Windows\System\sUBfawQ.exe
  C:\Windows\System\sUBfawQ.exe
  2⤵
  PID:11624
- C:\Windows\System\DdKkcVW.exe
  C:\Windows\System\DdKkcVW.exe
  2⤵
  PID:11648
- C:\Windows\System\QVHaqDU.exe
  C:\Windows\System\QVHaqDU.exe
  2⤵
  PID:11676
- C:\Windows\System\MGAHPiC.exe
  C:\Windows\System\MGAHPiC.exe
  2⤵
  PID:11700
- C:\Windows\System\AlsaAlx.exe
  C:\Windows\System\AlsaAlx.exe
  2⤵
  PID:11716
- C:\Windows\System\LKAetEO.exe
  C:\Windows\System\LKAetEO.exe
  2⤵
  PID:11744
- C:\Windows\System\fRteXRC.exe
  C:\Windows\System\fRteXRC.exe
  2⤵
  PID:11772
- C:\Windows\System\BeBxNBt.exe
  C:\Windows\System\BeBxNBt.exe
  2⤵
  PID:11796
- C:\Windows\System\JjgPsAz.exe
  C:\Windows\System\JjgPsAz.exe
  2⤵
  PID:11828
- C:\Windows\System\oouNHQL.exe
  C:\Windows\System\oouNHQL.exe
  2⤵
  PID:11868
- C:\Windows\System\fRSaxPJ.exe
  C:\Windows\System\fRSaxPJ.exe
  2⤵
  PID:11892
- C:\Windows\System\DFUtKAf.exe
  C:\Windows\System\DFUtKAf.exe
  2⤵
  PID:11920
- C:\Windows\System\rpFvYBW.exe
  C:\Windows\System\rpFvYBW.exe
  2⤵
  PID:11940
- C:\Windows\System\goZyQQG.exe
  C:\Windows\System\goZyQQG.exe
  2⤵
  PID:11964
- C:\Windows\System\kmmsXOY.exe
  C:\Windows\System\kmmsXOY.exe
  2⤵
  PID:11988
- C:\Windows\System\DIFKlQr.exe
  C:\Windows\System\DIFKlQr.exe
  2⤵
  PID:12012
- C:\Windows\System\Uamhxxu.exe
  C:\Windows\System\Uamhxxu.exe
  2⤵
  PID:12040
- C:\Windows\System\MuOmcgE.exe
  C:\Windows\System\MuOmcgE.exe
  2⤵
  PID:12072
- C:\Windows\System\RYfkdZe.exe
  C:\Windows\System\RYfkdZe.exe
  2⤵
  PID:12104
- C:\Windows\System\qqkcbEq.exe
  C:\Windows\System\qqkcbEq.exe
  2⤵
  PID:12144
- C:\Windows\System\GahqGMx.exe
  C:\Windows\System\GahqGMx.exe
  2⤵
  PID:12172
- C:\Windows\System\PEBKVAl.exe
  C:\Windows\System\PEBKVAl.exe
  2⤵
  PID:12200
- C:\Windows\System\diozYpQ.exe
  C:\Windows\System\diozYpQ.exe
  2⤵
  PID:12232
- C:\Windows\System\MJYVNQK.exe
  C:\Windows\System\MJYVNQK.exe
  2⤵
  PID:12256
- C:\Windows\System\kOoIfZc.exe
  C:\Windows\System\kOoIfZc.exe
  2⤵
  PID:11012
- C:\Windows\System\EHZaHhn.exe
  C:\Windows\System\EHZaHhn.exe
  2⤵
  PID:11336
- C:\Windows\System\TqpBUCO.exe
  C:\Windows\System\TqpBUCO.exe
  2⤵
  PID:11344
- C:\Windows\System\RLoRnyV.exe
  C:\Windows\System\RLoRnyV.exe
  2⤵
  PID:11460
- C:\Windows\System\hKhVePL.exe
  C:\Windows\System\hKhVePL.exe
  2⤵
  PID:11516
- C:\Windows\System\JrObwOG.exe
  C:\Windows\System\JrObwOG.exe
  2⤵
  PID:11544
- C:\Windows\System\ettxdwK.exe
  C:\Windows\System\ettxdwK.exe
  2⤵
  PID:11692
- C:\Windows\System\EwAKmZK.exe
  C:\Windows\System\EwAKmZK.exe
  2⤵
  PID:11684
- C:\Windows\System\GGNbKSN.exe
  C:\Windows\System\GGNbKSN.exe
  2⤵
  PID:11736
- C:\Windows\System\AwhCqri.exe
  C:\Windows\System\AwhCqri.exe
  2⤵
  PID:11780
- C:\Windows\System\ALAwpxp.exe
  C:\Windows\System\ALAwpxp.exe
  2⤵
  PID:11932
- C:\Windows\System\NduzWjO.exe
  C:\Windows\System\NduzWjO.exe
  2⤵
  PID:11952
- C:\Windows\System\mDrsNwI.exe
  C:\Windows\System\mDrsNwI.exe
  2⤵
  PID:11880
- C:\Windows\System\GDqcTYR.exe
  C:\Windows\System\GDqcTYR.exe
  2⤵
  PID:11984
- C:\Windows\System\iyWDuXn.exe
  C:\Windows\System\iyWDuXn.exe
  2⤵
  PID:12020
- C:\Windows\System\MYfkKLv.exe
  C:\Windows\System\MYfkKLv.exe
  2⤵
  PID:12096
- C:\Windows\System\QVcGYFM.exe
  C:\Windows\System\QVcGYFM.exe
  2⤵
  PID:12248
- C:\Windows\System\LnbPNno.exe
  C:\Windows\System\LnbPNno.exe
  2⤵
  PID:11464
- C:\Windows\System\eXrqPXG.exe
  C:\Windows\System\eXrqPXG.exe
  2⤵
  PID:11432
- C:\Windows\System\bDedjcW.exe
  C:\Windows\System\bDedjcW.exe
  2⤵
  PID:11664
- C:\Windows\System\LCIWvij.exe
  C:\Windows\System\LCIWvij.exe
  2⤵
  PID:11856
- C:\Windows\System\KpCIqqJ.exe
  C:\Windows\System\KpCIqqJ.exe
  2⤵
  PID:11812
- C:\Windows\System\AwChwVQ.exe
  C:\Windows\System\AwChwVQ.exe
  2⤵
  PID:11764
- C:\Windows\System\dBhYOIN.exe
  C:\Windows\System\dBhYOIN.exe
  2⤵
  PID:12272
- C:\Windows\System\jQNVuLG.exe
  C:\Windows\System\jQNVuLG.exe
  2⤵
  PID:12180
- C:\Windows\System\KrUjIKJ.exe
  C:\Windows\System\KrUjIKJ.exe
  2⤵
  PID:11548
- C:\Windows\System\fXodDNs.exe
  C:\Windows\System\fXodDNs.exe
  2⤵
  PID:12328
- C:\Windows\System\HsTiXBS.exe
  C:\Windows\System\HsTiXBS.exe
  2⤵
  PID:12360
- C:\Windows\System\ankxVXA.exe
  C:\Windows\System\ankxVXA.exe
  2⤵
  PID:12388
- C:\Windows\System\dhsOLTc.exe
  C:\Windows\System\dhsOLTc.exe
  2⤵
  PID:12412
- C:\Windows\System\daLHOfL.exe
  C:\Windows\System\daLHOfL.exe
  2⤵
  PID:12452
- C:\Windows\System\XPVuVHz.exe
  C:\Windows\System\XPVuVHz.exe
  2⤵
  PID:12492
- C:\Windows\System\QiUBNJF.exe
  C:\Windows\System\QiUBNJF.exe
  2⤵
  PID:12512
- C:\Windows\System\QLfgUuw.exe
  C:\Windows\System\QLfgUuw.exe
  2⤵
  PID:12540
- C:\Windows\System\UqyVNlG.exe
  C:\Windows\System\UqyVNlG.exe
  2⤵
  PID:12560
- C:\Windows\System\IQmvDZv.exe
  C:\Windows\System\IQmvDZv.exe
  2⤵
  PID:12584
- C:\Windows\System\dCKICHm.exe
  C:\Windows\System\dCKICHm.exe
  2⤵
  PID:12616
- C:\Windows\System\rcWeXsv.exe
  C:\Windows\System\rcWeXsv.exe
  2⤵
  PID:12640
- C:\Windows\System\IZAczOJ.exe
  C:\Windows\System\IZAczOJ.exe
  2⤵
  PID:12672
- C:\Windows\System\bgBMKQb.exe
  C:\Windows\System\bgBMKQb.exe
  2⤵
  PID:12696
- C:\Windows\System\NZaHpNF.exe
  C:\Windows\System\NZaHpNF.exe
  2⤵
  PID:12720
- C:\Windows\System\KEzWQwP.exe
  C:\Windows\System\KEzWQwP.exe
  2⤵
  PID:12744
- C:\Windows\System\QvBHyBO.exe
  C:\Windows\System\QvBHyBO.exe
  2⤵
  PID:12764
- C:\Windows\System\YaDQNHe.exe
  C:\Windows\System\YaDQNHe.exe
  2⤵
  PID:12796
- C:\Windows\System\ZQqIYnf.exe
  C:\Windows\System\ZQqIYnf.exe
  2⤵
  PID:12824
- C:\Windows\System\SvCopvX.exe
  C:\Windows\System\SvCopvX.exe
  2⤵
  PID:12856
- C:\Windows\System\vxSFpLG.exe
  C:\Windows\System\vxSFpLG.exe
  2⤵
  PID:12880
- C:\Windows\System\yQMMlDn.exe
  C:\Windows\System\yQMMlDn.exe
  2⤵
  PID:12904
- C:\Windows\System\OZflspW.exe
  C:\Windows\System\OZflspW.exe
  2⤵
  PID:12928
- C:\Windows\System\GLKBYgF.exe
  C:\Windows\System\GLKBYgF.exe
  2⤵
  PID:12956
- C:\Windows\System\TSoZfjD.exe
  C:\Windows\System\TSoZfjD.exe
  2⤵
  PID:12984
- C:\Windows\System\yEMOVAn.exe
  C:\Windows\System\yEMOVAn.exe
  2⤵
  PID:13020
- C:\Windows\System\ATkbBeI.exe
  C:\Windows\System\ATkbBeI.exe
  2⤵
  PID:13044
- C:\Windows\System\ggDXWzf.exe
  C:\Windows\System\ggDXWzf.exe
  2⤵
  PID:13072
- C:\Windows\System\oKjJxVc.exe
  C:\Windows\System\oKjJxVc.exe
  2⤵
  PID:13108
- C:\Windows\System\OlOImmr.exe
  C:\Windows\System\OlOImmr.exe
  2⤵
  PID:13124
- C:\Windows\System\QREjpss.exe
  C:\Windows\System\QREjpss.exe
  2⤵
  PID:13156
- C:\Windows\System\UlFIvMN.exe
  C:\Windows\System\UlFIvMN.exe
  2⤵
  PID:13184
- C:\Windows\System\fmbgiUl.exe
  C:\Windows\System\fmbgiUl.exe
  2⤵
  PID:13212
- C:\Windows\System\YGSTmBY.exe
  C:\Windows\System\YGSTmBY.exe
  2⤵
  PID:13240
- C:\Windows\System\kElrGiQ.exe
  C:\Windows\System\kElrGiQ.exe
  2⤵
  PID:13268
- C:\Windows\System\yGWBjop.exe
  C:\Windows\System\yGWBjop.exe
  2⤵
  PID:13304
- C:\Windows\System\KfaaWtA.exe
  C:\Windows\System\KfaaWtA.exe
  2⤵
  PID:12080
- C:\Windows\System\dhTSotz.exe
  C:\Windows\System\dhTSotz.exe
  2⤵
  PID:11712
- C:\Windows\System\MLBMxqt.exe
  C:\Windows\System\MLBMxqt.exe
  2⤵
  PID:11948
- C:\Windows\System\nRFBypU.exe
  C:\Windows\System\nRFBypU.exe
  2⤵
  PID:12408
- C:\Windows\System\JRVDtuk.exe
  C:\Windows\System\JRVDtuk.exe
  2⤵
  PID:12520
- C:\Windows\System\AhdJned.exe
  C:\Windows\System\AhdJned.exe
  2⤵
  PID:12504
- C:\Windows\System\VEHJhoj.exe
  C:\Windows\System\VEHJhoj.exe
  2⤵
  PID:12580
- C:\Windows\System\zILreJd.exe
  C:\Windows\System\zILreJd.exe
  2⤵
  PID:12596
- C:\Windows\System\CQPJyzh.exe
  C:\Windows\System\CQPJyzh.exe
  2⤵
  PID:12732
- C:\Windows\System\NVIyfTa.exe
  C:\Windows\System\NVIyfTa.exe
  2⤵
  PID:12820
- C:\Windows\System\FhMDkFe.exe
  C:\Windows\System\FhMDkFe.exe
  2⤵
  PID:12948
- C:\Windows\System\ymYCbWA.exe
  C:\Windows\System\ymYCbWA.exe
  2⤵
  PID:12976
- C:\Windows\System\PsdvZms.exe
  C:\Windows\System\PsdvZms.exe
  2⤵
  PID:12900
- C:\Windows\System\AhOOciU.exe
  C:\Windows\System\AhOOciU.exe
  2⤵
  PID:13096
- C:\Windows\System\AvCyXsp.exe
  C:\Windows\System\AvCyXsp.exe
  2⤵
  PID:13100
- C:\Windows\System\PhuRZwJ.exe
  C:\Windows\System\PhuRZwJ.exe
  2⤵
  PID:13224
- C:\Windows\System\vBQYBWl.exe
  C:\Windows\System\vBQYBWl.exe
  2⤵
  PID:11852
- C:\Windows\System\Xtloudq.exe
  C:\Windows\System\Xtloudq.exe
  2⤵
  PID:11540
- C:\Windows\System\ivvqFPE.exe
  C:\Windows\System\ivvqFPE.exe
  2⤵
  PID:12468
- C:\Windows\System\nMKPtCq.exe
  C:\Windows\System\nMKPtCq.exe
  2⤵
  PID:12308
- C:\Windows\System\LBjEbNm.exe
  C:\Windows\System\LBjEbNm.exe
  2⤵
  PID:12888
- C:\Windows\System\rzhCwzv.exe
  C:\Windows\System\rzhCwzv.exe
  2⤵
  PID:13180
- C:\Windows\System\DLWYgyy.exe
  C:\Windows\System\DLWYgyy.exe
  2⤵
  PID:12752
- C:\Windows\System\RJwvQdv.exe
  C:\Windows\System\RJwvQdv.exe
  2⤵
  PID:13264
- C:\Windows\System\tRqJSmf.exe
  C:\Windows\System\tRqJSmf.exe
  2⤵
  PID:12712
- C:\Windows\System\hboJwfQ.exe
  C:\Windows\System\hboJwfQ.exe
  2⤵
  PID:12568
- C:\Windows\System\gVbmpBs.exe
  C:\Windows\System\gVbmpBs.exe
  2⤵
  PID:13168
- C:\Windows\System\amPjNLX.exe
  C:\Windows\System\amPjNLX.exe
  2⤵
  PID:13328
- C:\Windows\System\ghAXErT.exe
  C:\Windows\System\ghAXErT.exe
  2⤵
  PID:13352
- C:\Windows\System\tHCgAKZ.exe
  C:\Windows\System\tHCgAKZ.exe
  2⤵
  PID:13372
- C:\Windows\System\peeGXqB.exe
  C:\Windows\System\peeGXqB.exe
  2⤵
  PID:13392
- C:\Windows\System\dsLXMlX.exe
  C:\Windows\System\dsLXMlX.exe
  2⤵
  PID:13408
- C:\Windows\System\zXmRJsA.exe
  C:\Windows\System\zXmRJsA.exe
  2⤵
  PID:13432
- C:\Windows\System\XHPMUbw.exe
  C:\Windows\System\XHPMUbw.exe
  2⤵
  PID:13476
- C:\Windows\System\MbHAjjb.exe
  C:\Windows\System\MbHAjjb.exe
  2⤵
  PID:13500
- C:\Windows\System\ZDOwOAp.exe
  C:\Windows\System\ZDOwOAp.exe
  2⤵
  PID:13532
- C:\Windows\System\PjYKRLi.exe
  C:\Windows\System\PjYKRLi.exe
  2⤵
  PID:13568
- C:\Windows\System\NwtPvoy.exe
  C:\Windows\System\NwtPvoy.exe
  2⤵
  PID:13588
- C:\Windows\System\crfedMu.exe
  C:\Windows\System\crfedMu.exe
  2⤵
  PID:13612
- C:\Windows\System\MwCsBXe.exe
  C:\Windows\System\MwCsBXe.exe
  2⤵
  PID:13640
- C:\Windows\System\aWFkbEz.exe
  C:\Windows\System\aWFkbEz.exe
  2⤵
  PID:13668
- C:\Windows\System\BhuIJTT.exe
  C:\Windows\System\BhuIJTT.exe
  2⤵
  PID:13700
- C:\Windows\System\Xhjgujy.exe
  C:\Windows\System\Xhjgujy.exe
  2⤵
  PID:13732
- C:\Windows\System\lOeoiQT.exe
  C:\Windows\System\lOeoiQT.exe
  2⤵
  PID:13768
- C:\Windows\System\lXVfmiF.exe
  C:\Windows\System\lXVfmiF.exe
  2⤵
  PID:13784
- C:\Windows\System\PKrqAmS.exe
  C:\Windows\System\PKrqAmS.exe
  2⤵
  PID:13828
- C:\Windows\System\MxolMwP.exe
  C:\Windows\System\MxolMwP.exe
  2⤵
  PID:13852
- C:\Windows\System\cJWkhlS.exe
  C:\Windows\System\cJWkhlS.exe
  2⤵
  PID:13868
- C:\Windows\System\swcZGDN.exe
  C:\Windows\System\swcZGDN.exe
  2⤵
  PID:13888
- C:\Windows\System\UbmpVZa.exe
  C:\Windows\System\UbmpVZa.exe
  2⤵
  PID:13912
- C:\Windows\System\THCYawA.exe
  C:\Windows\System\THCYawA.exe
  2⤵
  PID:13936
- C:\Windows\System\tKTuPda.exe
  C:\Windows\System\tKTuPda.exe
  2⤵
  PID:13960
- C:\Windows\System\WQpnwUK.exe
  C:\Windows\System\WQpnwUK.exe
  2⤵
  PID:13988
- C:\Windows\System\gKiMNNL.exe
  C:\Windows\System\gKiMNNL.exe
  2⤵
  PID:14004
- C:\Windows\System\cqmmXeQ.exe
  C:\Windows\System\cqmmXeQ.exe
  2⤵
  PID:14040
- C:\Windows\System\tXMbHBZ.exe
  C:\Windows\System\tXMbHBZ.exe
  2⤵
  PID:14064
- C:\Windows\System\DBqiOVz.exe
  C:\Windows\System\DBqiOVz.exe
  2⤵
  PID:14088
- C:\Windows\System\AMfQCft.exe
  C:\Windows\System\AMfQCft.exe
  2⤵
  PID:14116
- C:\Windows\System\jDAUiZm.exe
  C:\Windows\System\jDAUiZm.exe
  2⤵
  PID:14140
- C:\Windows\System\kEFeBmU.exe
  C:\Windows\System\kEFeBmU.exe
  2⤵
  PID:14164
- C:\Windows\System\jmeAHiy.exe
  C:\Windows\System\jmeAHiy.exe
  2⤵
  PID:14196
- C:\Windows\System\GcqfTwF.exe
  C:\Windows\System\GcqfTwF.exe
  2⤵
  PID:14244
- C:\Windows\System\VAFnCPD.exe
  C:\Windows\System\VAFnCPD.exe
  2⤵
  PID:14264
- C:\Windows\System\zejpRoW.exe
  C:\Windows\System\zejpRoW.exe
  2⤵
  PID:14296
- C:\Windows\System\YvluOXf.exe
  C:\Windows\System\YvluOXf.exe
  2⤵
  PID:14324
- C:\Windows\System\XDyhASS.exe
  C:\Windows\System\XDyhASS.exe
  2⤵
  PID:13316
- C:\Windows\System\NrgSpEl.exe
  C:\Windows\System\NrgSpEl.exe
  2⤵
  PID:13348
- C:\Windows\System\tMuZEDg.exe
  C:\Windows\System\tMuZEDg.exe
  2⤵
  PID:13400
- C:\Windows\System\FronLiA.exe
  C:\Windows\System\FronLiA.exe
  2⤵
  PID:13492
- C:\Windows\System\jvLSawf.exe
  C:\Windows\System\jvLSawf.exe
  2⤵
  PID:13632
- C:\Windows\System\PrMgjNg.exe
  C:\Windows\System\PrMgjNg.exe
  2⤵
  PID:13608
- C:\Windows\System\zbbThIQ.exe
  C:\Windows\System\zbbThIQ.exe
  2⤵
  PID:13660
- C:\Windows\System\NrORJUj.exe
  C:\Windows\System\NrORJUj.exe
  2⤵
  PID:13688
- C:\Windows\System\cjjpDfo.exe
  C:\Windows\System\cjjpDfo.exe
  2⤵
  PID:13824
- C:\Windows\System\dPIdMyj.exe
  C:\Windows\System\dPIdMyj.exe
  2⤵
  PID:13900
- C:\Windows\System\RrXaaDm.exe
  C:\Windows\System\RrXaaDm.exe
  2⤵
  PID:14028
- C:\Windows\System\QbFMxMA.exe
  C:\Windows\System\QbFMxMA.exe
  2⤵
  PID:14060
- C:\Windows\System\shbKVRY.exe
  C:\Windows\System\shbKVRY.exe
  2⤵
  PID:14016
- C:\Windows\System\QodadTz.exe
  C:\Windows\System\QodadTz.exe
  2⤵
  PID:14108
- C:\Windows\System\hgMlQca.exe
  C:\Windows\System\hgMlQca.exe
  2⤵
  PID:14176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:8
1⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=125928443658432 --process=260 /prefetch:7 --thread=1600
1⤵
PID:13776

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 4472 -i 4472 -h 496 -j 500 -s 508 -d 0
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:14148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ChtXkvd.exe

Filesize
1.9MB

MD5
a45db105feb12ec72bb25ce4c063d923

SHA1
1f9c85bddd97741edd83aea5fdeef97e77408334

SHA256
56f09f08fcb61f57e97de725a2e13fbfcb6b441d9a6bd6364af052ce54ec3dfd

SHA512
cb901e7dc7003a271d285f222fc212be916a5ba76cf54ac4daa8fab60d4620af8c00f28e08155026662ccce95335a2ae6ebf231abc582d5ba57633b294c38100

Download Submit
C:\Windows\System\ERUmsGm.exe

Filesize
1.9MB

MD5
3f2f7c8c12cdbe00e2f4b3f90fdfa5ed

SHA1
8f0992e385fffd527113a0f2f7e25022913f7bd6

SHA256
808318592b6c2f280080dfe025cc63fb46e1a6385e6efe1e65956231ae3876ed

SHA512
d8af5a3c4cdede4bcfebf8e6468503b264e52167caf408dba4e79e865615d3d3f803c80f69e0a2038d7f27bbbd8240b3550e1f9194dc4a0c4a0f3b46be4bad69

Download Submit
C:\Windows\System\GcmaUtY.exe

Filesize
1.9MB

MD5
8849464a4d37779d8c41bc73d5b993f3

SHA1
c175e46da39e842a0d565b6a7329d3229936c94c

SHA256
da105ba1fe4eea4ac53c0c248a19b1223bf50d40e48c82a96822c337180d638a

SHA512
063a2e7867cfd4e6a98e7531351cb20882b9d155b094b4754de42aa9fa9a51f5c53cefa84654a2b0fd43d1e87e967f7b4d684996c563a9b8f0d5557aa8b42a8d

Download Submit
C:\Windows\System\IjCxrEJ.exe

Filesize
1.9MB

MD5
53521ebce8e2ca19169a63afec70bf88

SHA1
ff1bf8a3bd905dff7dccd2f71f6ca71b9508e6c7

SHA256
a40ff01de45bc80df37baded0b3ea2a1bfe2b9b3b17c07284acdb1c2d7f38f61

SHA512
7c0e4d82a9f7453f3c0ee6c2b285e431dfd5e024e13a7ed1710e28db1cb99bbb7e8de7b039f6354b4eb4e8f32f9655af177c123c6acf442daf5029c8b8c99640

Download Submit
C:\Windows\System\IlDzDPy.exe

Filesize
1.9MB

MD5
5449aba5466f6c1ef50c1be06f9484b7

SHA1
c3be71bab2303d8ceddeaee5a8defaa7128b097f

SHA256
609218d1d6fff2326b9377151bc78b97b01a51d53c34856ab37713c40826b824

SHA512
352b634fa7453c346644ff1627c2e5f73f5a90baa147cf3bde4713af95f2f765491a8f483af05fa6c7aca294b69b56e7f8cc54e5064b31dbf2d2d3aff66e716d

Download Submit
C:\Windows\System\IlrBmyH.exe

Filesize
1.9MB

MD5
87dc0f90612681acd6ca750e1eb2e384

SHA1
6c387484b768241c9137eef869a1d032c7433a50

SHA256
4454a32ed99ad995b79b702571c3298cc8dd9fb20ddcbfafd37988a01e0ad06e

SHA512
2b0b005da22d426b05911f4b435a335bc92bf9c249186e4728cbaf5699b627e0077e1ef98e61430d33c9591b58b8b52cb1ea5c64227f07ed154b00a23fd317bc

Download Submit
C:\Windows\System\IrljQBu.exe

Filesize
1.9MB

MD5
fbebbbc73a2443609d3ef98dd9ea41c4

SHA1
77a4acf7786fb170dc8c734287788a7b38bc69a9

SHA256
22de8fb6669ba6895a5dfb2548293592c7d80590b8b178c8431446405b750933

SHA512
87654fade2c86b47d56067fcf89fe77cdb1ee9e259d935a77c2bb11281d3dd10c9f13a6ba283eebec69a360113ab1241e35c548db76a3e5272a5e61832803986

Download Submit
C:\Windows\System\LyTdrpt.exe

Filesize
1.9MB

MD5
33e2162d9bad6227ccc092dfef1b319b

SHA1
994d132afcc8a9c90b1976defd2c9df4930c2880

SHA256
2fcc91a968d0352f7acd4aea1e6182a8a5e578642e5a879f2cb981a013b13c01

SHA512
1081143e6e9093d007884dbb7dabba67ee14e8df5c71bdccffab3f186c7e3350949d13b372646be9212125a6c36db7ce57536ed0a9dec3bca8614c38a46ecccd

Download Submit
C:\Windows\System\MEGaMrS.exe

Filesize
1.9MB

MD5
cf75a95aa195e54435cff63bcac95820

SHA1
5da4585ac6acff8d0252f3f58f587ba58694e884

SHA256
37ceaed0ddbbc58e334f2b05800e65ee6340ddc83db76d6593b778eebcff2d14

SHA512
6d4e568650bc88a51a89bedae00fb761379f190664da51e5aba24fa8da6eeeb9ee8a63a57c9c7550bfecf97b0748b534c30e0acb073d58dafb8d8220bfc89dd2

Download Submit
C:\Windows\System\QpAhpJP.exe

Filesize
1.9MB

MD5
85ebb07936f22ae31191fee1ace87bee

SHA1
28e5721a01999dce55f716141f38ac4d3b2a6067

SHA256
74456d6922ba5d17bddf6672b0d17326773c65aadd87a135ab362d72eae19edc

SHA512
63191e0032b83a520f4382fa12adbe7297c8dce222f9fd6e30e8f922d3ff87ad9377222bcba76207cf4334355551adcab7ce3db864f174811db786afdd6ad37d

Download Submit
C:\Windows\System\RKZkPOZ.exe

Filesize
1.9MB

MD5
84ef738466413c035f756a93e180afb9

SHA1
34219f1b922dd394d2e857bcd7a13fd721309a50

SHA256
223f4e850ee8f7f08c45953b37b892973b946986934b2e43c7c9c177f6d19dcd

SHA512
3b7c6e28be2616e9634ec19f8c0d5401af5c381ec20f336e1d2dc2de8e39597342a643be587a59e5f6a8121481873fa50ce13e0d566668e5ce845fb50482d2af

Download Submit
C:\Windows\System\ROqTdaO.exe

Filesize
1.9MB

MD5
dbb5648943ecbfedb4eb2e1154aa025f

SHA1
26efb86b2241272d9f988fda8f45afd3ae4d3f9f

SHA256
8ac56e4d5772235d43e7d5bba8092c35286d417446878bdfbeab7f89f815a719

SHA512
43761de29d27166df004ab28c56b8a3d16d34a6c857f9977240ecee69973e40d534cc379e24c49250f10d87c641810e716468029cc5dba03874febf398354720

Download Submit
C:\Windows\System\StjfxWD.exe

Filesize
1.9MB

MD5
a8e2f2661f3ff7a3320779bcde37dc9c

SHA1
6187075e1a46f270169d668d276086e88d4dc8c2

SHA256
c07651e7f25fb77374ad5042ccb6a4d83a24aa142f0de51f54360bf675ed0294

SHA512
a3806603cd1d0c21937fb65203a6577797aad649454fb64b7156f218486248e7100877f05e6fce816d4b7afd8990b18b6a6b71f0ff640102da2043e4534ffc30

Download Submit
C:\Windows\System\UHAQNvx.exe

Filesize
1.9MB

MD5
1244b0e5b84cd6f5ed2ced440852ebbf

SHA1
9b5450d052ed2d1aad0ca400c599ed2905f87f34

SHA256
de408609b492967fd3d88ec942ec1d12d556aac4f49bc59d82045b3ccf43f9cf

SHA512
64e679ff2a14c3618d12f7399006dc02c410238105ab4ba0c80424fc6e71224af4fd14c472c94e1d3d136ae713018d91daee1aaff65b063f2b34a567eb391448

Download Submit
C:\Windows\System\UPdgrDR.exe

Filesize
1.9MB

MD5
d7317abbef73808bc2d9cf68eaebfeec

SHA1
0bb1c8abe2e98efaaee4ffd25843e0cd6a1f5454

SHA256
5c8da71d41b919257f9ca7f809cff61530a80a8c96be3966b518c73e75ba7bbf

SHA512
53b9451772f0c35aa49bda25849580658d1e86dde04168ee8dcd05ed0cd2cf1b6fbd1db33c30fec27d908ea16eb5efec31ecb9a4ac69241a9d71bd56918f4818

Download Submit
C:\Windows\System\VPblMBp.exe

Filesize
1.9MB

MD5
ce7420fec35ebedef4814e3b04aa70ea

SHA1
6900ee7dd3e324263cfdf1ae543467a223cbce06

SHA256
57db887af520e471e313a5ff9f17c51a5fd8e5a0e335e18f07aab29fd79a6eb2

SHA512
6c97e0ce57e047de91dcdf941ae21a3bbb515eb974ddb31a6021e2a25c680488c87dcdc47bbb85c27329afdea4a78e53a6d063751de43c53b3bd7e4e16730fef

Download Submit
C:\Windows\System\Wtfdkuo.exe

Filesize
1.9MB

MD5
7b22aebb093717151e151205227bf030

SHA1
a1569e9b2ab3939f0fc339f7f6d7a5ed0ad9a4a3

SHA256
1d81575fbdaee997d99a0fd7f779aa8a943ebdb1685d1b994a9183d744a12b7e

SHA512
1b739a9324cf7870cbd7a267348992e32c11697d41096a1eef05f8582c01fefe1b2fab43e19e856b14a1eff1af2acdf464c6b7951e7af563c4af5f17182982b4

Download Submit
C:\Windows\System\ZCEMLCR.exe

Filesize
1.9MB

MD5
046847a2ed049cb6c853be1b1a786bda

SHA1
852f4bb9b6e5fc7fb2be2032119141ace271e1db

SHA256
6353e0348902d9d2143da9dbec208e31aa74669b6bb341d31426e340f7a880e9

SHA512
2b44deb146c9a1d64b359233ade1235840c2b2b31a5f212fa2b7b2844956131d47008e196e7d34d0b697f4701af290f23066e9e7ce01e821172201233b1eb1b9

Download Submit
C:\Windows\System\akgqiXF.exe

Filesize
1.9MB

MD5
55d8f736691d25b7fa9225ba14a177d0

SHA1
c880e12188b897ca92e2edf83a2672a26f154d12

SHA256
f4de8904fa2b33fc6bb2a91cb599fcc85db55dd3859bdbd078f85ca3c8674584

SHA512
aaa04911092e8846a697010005513be726488ddf876a4c608ab208f9d578508b003657fcbb90705d2e3d49a888b3a65e0f7d11d8d644260abed150be0999d6fb

Download Submit
C:\Windows\System\arsSgEu.exe

Filesize
1.9MB

MD5
dfaf1b65227e141a481837aeb2efb90c

SHA1
422ed5fb120f7ff7ec668fe9238d55e2c54c4937

SHA256
40094aa225653fc5e284fc8ab07a08186aa114634518b544c2d87a5c3488b1f1

SHA512
24dcfc53aceeccaf88a2d38873ffc8560834e762fb8c2ff9a69291baf37f02293d9562a67414c769ad46987492265aed6427bac05e4494ca1d347a3fd57439f0

Download Submit
C:\Windows\System\beBxnih.exe

Filesize
1.9MB

MD5
416e1873d8e23d95d47d5dd819c5b896

SHA1
ddf92f9be60d61276e3d2fb09b3ee30c83556868

SHA256
44b0e7a2d149f6db47ee8f29a1b2f68bbaaf8000ac4c497951d87022c224d378

SHA512
6a9295a6718e3916b5edff1fb497e44f8564057a569b33ac94f7cfa37d22116e9bf2cd45359b45824f12678b8a6bfd9688390f3936c1e5ef5932076986276eaf

Download Submit
C:\Windows\System\cGcNBWt.exe

Filesize
1.9MB

MD5
9729635e0b5c11a0d23f547d94633a2f

SHA1
560695f2f3b981c53da440a11d3f6031cc7bee0e

SHA256
007695aea977fbac0ebf01ed0cc9d2f03520eb37a389c72fce77038dbd5d3215

SHA512
c3f3f7c34cec01cc62564164090cb13afb332d60a1608164e949855063afe70ca81cb031f4ef279d1229e9675142dbab1dbd9fde6eead3b66fb5325063cebb44

Download Submit
C:\Windows\System\dyXyKNa.exe

Filesize
1.9MB

MD5
dc64a43929923dfae7a819a3542658f7

SHA1
42689af43aeb556d70b5b7f7fe48d0409656b44c

SHA256
d444b1d1e1ece2b4cf65b315ef924c2b59f974a4ba8baf2678123bd89961cd06

SHA512
5f4476323aa28cf7efe469a232644db593c1e3e2419db4bc4a5653a02e1903b2b7759a216fa07c29b30f2274700bbaa6454264bba8e2dbf5bb723f0bbcf4d1bd

Download Submit
C:\Windows\System\fbvoBfL.exe

Filesize
1.9MB

MD5
e9fb7d9b1ce5042d77cd2b0a1501bc13

SHA1
3dcd31f8945ba6d5b354285e185f8d95a215d989

SHA256
76effbf9ef5047c3ac5376cf2c83cafe357e87d6265b690fe894676c4c479d32

SHA512
d509509ed0808b320cdade0a57f1a24d5b6088f860ab09d5445cef40e60e11045dd89d789730b704d62de871064f3a2908f890c7e42dc1726737375a0c6e83c2

Download Submit
C:\Windows\System\gOcGobL.exe

Filesize
1.9MB

MD5
bcecf249e554896c58c09c4975eaddef

SHA1
4380b6b6652ea3683620f6800090d9167a7b9b32

SHA256
fc1469db9895b780374a487e88a10df57b9773b07d0c4f39d04a018358b6e5d2

SHA512
4ad44d133319c0890345da58e00c248c89a0f7cf7508ae7e83bee36f98e97b20c04ba80d2a6979e9a89dd9ab1717a473884945aef5894d9518766f258e13510d

Download Submit
C:\Windows\System\hWUCXXA.exe

Filesize
1.9MB

MD5
0745892209ed87e4f17ebe7918e4b799

SHA1
14673fb73b85277648e1dc71146363ce78193dce

SHA256
36a3c34607129cd31cb5eb92327070b0e1e82433a31b7e9aa91a26c0c23a10bf

SHA512
79e13dfaea543c7ea521136c884e9b0973f808141981bf4296c260cefd7805f45a4a8ea8da815c5f898a57c013695846faa9baa6f9b827d68476c3906a701091

Download Submit
C:\Windows\System\hzwcMnC.exe

Filesize
1.9MB

MD5
ae7bdc119346555327eba83b31e2de8a

SHA1
67fe5605427b26c11c880a5448801492c4ec8ddc

SHA256
b148cb490634b9a834fb8f2e7202f82140469eee019ef21411819121864450c3

SHA512
509ac707e98dd84af44f35a00ce9ad0114b2e7a957e330e09493c6b3e16bb68155cca427546954d593261f9fbc112f6819e92ecdde2088154e0ea7d6ec074aef

Download Submit
C:\Windows\System\isOLjuA.exe

Filesize
1.9MB

MD5
fe788456f345cfaa86c95e016ce5d7ca

SHA1
cece4fca96a8a289e0465f8f8bbcc30d47673cc4

SHA256
77ea6d040008ccae3288e5049b830804751eaf4bb4c1d510836158f57337ff90

SHA512
58817b614e80143055ad5a84c0507ce6505041cf54cd451f16be14c8973f9d9dda47747da5716f36e7104e778b6642a153f09b296e02d3d2ea96802764bfaf7b

Download Submit
C:\Windows\System\jEbgWef.exe

Filesize
1.9MB

MD5
be301985d0a8abc55447792645967c51

SHA1
19195b8229e064752d02e8c37167cd1c80b58c41

SHA256
d07ea4798ce92b7e8cffd1a88d50f8f38796c360b4700bbd3046a5c3f4d4fc32

SHA512
7adc68b5dfa396ed5ae3235a86749833b04c0cae0abc699f408a607f53e4710d4852450912160aab93c6aac005db917ebbbb515722a35a465d2c48e5991163d4

Download Submit
C:\Windows\System\kBlPibq.exe

Filesize
1.9MB

MD5
bf9aa16bc5726fd5688e5398e5c38a86

SHA1
1cced8f79202d1f887a33f07ddb61c9d99e5e6c9

SHA256
19045da47306bc5bcf1335b4c7cf0d3df6a8e241eb374a647dfbfaa20601fb18

SHA512
763780d2b5ec094956f7b10da4d776dc90071d9e414a3394829b3eeab8ac077f3f85310d99f24ad526ff7b87c3168b7d18463ff393ce04a1ac16aafae24984e6

Download Submit
C:\Windows\System\qKmbhFt.exe

Filesize
1.9MB

MD5
50b40ee3573fc244d135303325548b3e

SHA1
1cc5884f9465a1264e28c27dc55f001d704ac88f

SHA256
1fd71a09eb560154f258d70d6ca0b77c4f5abdd577266f0153b2b9ffecda3547

SHA512
edc0fc1d048c27e8932c9936af8dafa764e21cf29f57e9471869d612d5b7ec0e1cfeb38fb26830386fd6ae80ed9b0f1c10e9db48f0c597fc35fdccc72456acb2

Download Submit
C:\Windows\System\qcWudyG.exe

Filesize
1.9MB

MD5
0bf77d71d52efb8529e1b92ef55d5cd8

SHA1
7ed8e90b8e645ab1e242481eb4cefd8078ec5909

SHA256
dc7d5326f640133170c2cd31c2fb652957d24b540e45186f7f55f933535806fa

SHA512
7a133274aa169d8601b84d93dff8aba816792960181aedb06fc0e60bcb3fd12ae8587a9a7d76c1e228a42d395dfeec4ff462b539132ce9911c0092a3f6063e44

Download Submit
C:\Windows\System\sEFGzVF.exe

Filesize
1.9MB

MD5
32b3f8c25389364257a45fceec70e4a7

SHA1
434df4aae7b1d46b86ec2c5a0f0053733f24d69a

SHA256
74fff636b5b68794aebc4c7c0ced7471308efefef35060ba56e5108252446f2f

SHA512
f8b38ae96d18a9b74247dadff8e4c0f3b927332306eb000ca9ca6d6ad4699265ac5caa367d5b4af919695a9b943c0c05a976eb04807d6b47647553b13fcd3566

Download Submit
C:\Windows\System\tcdBzKs.exe

Filesize
1.9MB

MD5
8b2cb8f07066ea3f84edfe1eb318a9ee

SHA1
dfc50bde221f07ebb78df970359fb0d70436d9b8

SHA256
6c07bbed1f2fff4b8a8a6ea97d309cb84524c7d8337ff25d85a3dbd9e8dd6714

SHA512
9bd1c8cc6e7699e86d054ca09273189c4c9ab59afc6af97b61d43603ab17091408d3a2e67053db02eafd41c4589fdfa8a1a40369fec1e37119ec9ef4d3079b44

Download Submit
C:\Windows\System\xiNsUAF.exe

Filesize
1.9MB

MD5
629be3e4c160383423e1bfaad76e4ce9

SHA1
f671e3b7cbf544d74f11c41d73da078bd5e9aa8b

SHA256
57590eb914ec845cc4e4e2f86f8ed53779ad3814a229ff20c978e0e3e3efcf1c

SHA512
7e841a85f1228f3d5f59a19ff640c071c4e8aae4d5c6331727d0362002196aee263b5429eb9f61e440b109874534e3f0ddfa281e5d80b75e0f20f9084d93d1f3

Download Submit
C:\Windows\System\ykjdpgT.exe

Filesize
1.9MB

MD5
96167958c27eae78673736aeb2dcb514

SHA1
e0dd759ba20c161292ecf11aaa74f3358ef3ebc1

SHA256
64d25fed2eb5e0cb6de715c6d507e0d5ab1295aef411d1c7976dc9f63983b85c

SHA512
ba675d324497315c12110d958e51b9f5b13b5de7b0c896cc0c37854adc7619204200f6085820634c23ff255289280cb030caf6eab0e137c63d3985f042c13958

Download Submit
C:\Windows\System\zrLMteG.exe

Filesize
1.9MB

MD5
b107f0b0a613146aaf2e70a03fbd657d

SHA1
b7da26ed1cd4131e7e48b3314483d5504c223c86

SHA256
3e2da6ebc5011fcd17fc79b6c5292aa5691e54eaaae008809bbb41597c328da0

SHA512
830d5bc78a8d142fdac7e7eac261e8c8969af8c3f722d0de227cf84d086fb8da20af16be3668161814e899d1d4f9dcbb826d54ba5cd092c607fd1c18efd46db5

Download Submit
memory/536-202-0x00007FF71B8F0000-0x00007FF71BC44000-memory.dmp

Filesize
3.3MB

Download
memory/536-2143-0x00007FF71B8F0000-0x00007FF71BC44000-memory.dmp

Filesize
3.3MB

Download
memory/636-201-0x00007FF6E2740000-0x00007FF6E2A94000-memory.dmp

Filesize
3.3MB

Download
memory/636-2169-0x00007FF6E2740000-0x00007FF6E2A94000-memory.dmp

Filesize
3.3MB

Download
memory/652-160-0x00007FF712B20000-0x00007FF712E74000-memory.dmp

Filesize
3.3MB

Download
memory/652-2157-0x00007FF712B20000-0x00007FF712E74000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2145-0x00007FF7D6190000-0x00007FF7D64E4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-2131-0x00007FF7D6190000-0x00007FF7D64E4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-35-0x00007FF7D6190000-0x00007FF7D64E4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-174-0x00007FF778D90000-0x00007FF7790E4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-2161-0x00007FF778D90000-0x00007FF7790E4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-199-0x00007FF75CB70000-0x00007FF75CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-2168-0x00007FF75CB70000-0x00007FF75CEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1256-204-0x00007FF775410000-0x00007FF775764000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2150-0x00007FF775410000-0x00007FF775764000-memory.dmp

Filesize
3.3MB

Download
memory/1280-2162-0x00007FF685110000-0x00007FF685464000-memory.dmp

Filesize
3.3MB

Download
memory/1280-197-0x00007FF685110000-0x00007FF685464000-memory.dmp

Filesize
3.3MB

Download
memory/1420-2142-0x00007FF639F90000-0x00007FF63A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/1420-2128-0x00007FF639F90000-0x00007FF63A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/1420-16-0x00007FF639F90000-0x00007FF63A2E4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-30-0x00007FF7D8BD0000-0x00007FF7D8F24000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2141-0x00007FF7D8BD0000-0x00007FF7D8F24000-memory.dmp

Filesize
3.3MB

Download
memory/1580-2155-0x00007FF728B50000-0x00007FF728EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-198-0x00007FF728B50000-0x00007FF728EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-208-0x00007FF7AC8B0000-0x00007FF7ACC04000-memory.dmp

Filesize
3.3MB

Download
memory/1648-2156-0x00007FF7AC8B0000-0x00007FF7ACC04000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2129-0x00007FF6762B0000-0x00007FF676604000-memory.dmp

Filesize
3.3MB

Download
memory/2228-44-0x00007FF6762B0000-0x00007FF676604000-memory.dmp

Filesize
3.3MB

Download
memory/2228-2146-0x00007FF6762B0000-0x00007FF676604000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2160-0x00007FF7BB4C0000-0x00007FF7BB814000-memory.dmp

Filesize
3.3MB

Download
memory/2532-200-0x00007FF7BB4C0000-0x00007FF7BB814000-memory.dmp

Filesize
3.3MB

Download
memory/2912-206-0x00007FF7E9DE0000-0x00007FF7EA134000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2153-0x00007FF7E9DE0000-0x00007FF7EA134000-memory.dmp

Filesize
3.3MB

Download
memory/3100-207-0x00007FF64C4F0000-0x00007FF64C844000-memory.dmp

Filesize
3.3MB

Download
memory/3100-2152-0x00007FF64C4F0000-0x00007FF64C844000-memory.dmp

Filesize
3.3MB

Download
memory/3248-2163-0x00007FF6CB2E0000-0x00007FF6CB634000-memory.dmp

Filesize
3.3MB

Download
memory/3248-194-0x00007FF6CB2E0000-0x00007FF6CB634000-memory.dmp

Filesize
3.3MB

Download
memory/3604-195-0x00007FF6C30E0000-0x00007FF6C3434000-memory.dmp

Filesize
3.3MB

Download
memory/3604-2158-0x00007FF6C30E0000-0x00007FF6C3434000-memory.dmp

Filesize
3.3MB

Download
memory/3704-2154-0x00007FF68F870000-0x00007FF68FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3704-205-0x00007FF68F870000-0x00007FF68FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3768-196-0x00007FF6A99B0000-0x00007FF6A9D04000-memory.dmp

Filesize
3.3MB

Download
memory/3768-2159-0x00007FF6A99B0000-0x00007FF6A9D04000-memory.dmp

Filesize
3.3MB

Download
memory/3892-2164-0x00007FF6AB600000-0x00007FF6AB954000-memory.dmp

Filesize
3.3MB

Download
memory/3892-190-0x00007FF6AB600000-0x00007FF6AB954000-memory.dmp

Filesize
3.3MB

Download
memory/3960-137-0x00007FF711840000-0x00007FF711B94000-memory.dmp

Filesize
3.3MB

Download
memory/3960-2148-0x00007FF711840000-0x00007FF711B94000-memory.dmp

Filesize
3.3MB

Download
memory/4056-2127-0x00007FF76D670000-0x00007FF76D9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4056-1-0x0000023328480000-0x0000023328490000-memory.dmp

Filesize
64KB

Download
memory/4056-0-0x00007FF76D670000-0x00007FF76D9C4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-173-0x00007FF753820000-0x00007FF753B74000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2165-0x00007FF753820000-0x00007FF753B74000-memory.dmp

Filesize
3.3MB

Download
memory/4320-75-0x00007FF70A030000-0x00007FF70A384000-memory.dmp

Filesize
3.3MB

Download
memory/4320-2167-0x00007FF70A030000-0x00007FF70A384000-memory.dmp

Filesize
3.3MB

Download
memory/4320-2130-0x00007FF70A030000-0x00007FF70A384000-memory.dmp

Filesize
3.3MB

Download
memory/4376-100-0x00007FF6A1D10000-0x00007FF6A2064000-memory.dmp

Filesize
3.3MB

Download
memory/4376-2147-0x00007FF6A1D10000-0x00007FF6A2064000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2166-0x00007FF746180000-0x00007FF7464D4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-187-0x00007FF746180000-0x00007FF7464D4000-memory.dmp

Filesize
3.3MB

Download
memory/4908-203-0x00007FF65F0A0000-0x00007FF65F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/4908-2151-0x00007FF65F0A0000-0x00007FF65F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/5044-55-0x00007FF74BB20000-0x00007FF74BE74000-memory.dmp

Filesize
3.3MB

Download
memory/5044-2144-0x00007FF74BB20000-0x00007FF74BE74000-memory.dmp

Filesize
3.3MB

Download
memory/5068-129-0x00007FF7243B0000-0x00007FF724704000-memory.dmp

Filesize
3.3MB

Download
memory/5068-2149-0x00007FF7243B0000-0x00007FF724704000-memory.dmp

Filesize
3.3MB

Download