xmrig | 3bc778a5e1f773f1340719b2cb8a67acf65d09f3285d1b6d39554daea4487816

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
Size

1.5MB
MD5

5f5dc887de82576ccebf71a057c05aa0
SHA1

464af202d4d522e7c90be3cdb9dde9f72e8e1041
SHA256

3bc778a5e1f773f1340719b2cb8a67acf65d09f3285d1b6d39554daea4487816
SHA512

d3ae49e4578c950f4739a1d9944b6b2afacad4e696370bfc9e764f5fc78d9396568a96c30c87c9417847803ed922aea4fab78ad12dcc81df13c3dbee81a8b49e
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoY5VKGznc:Lz071uv4BPMkHC0IEFToCe

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 24 IoCs

miner

resource	yara_rule
behavioral1/memory/1744-8-0x000000013F790000-0x000000013FB82000-memory.dmp	xmrig
behavioral1/memory/2236-121-0x000000013F090000-0x000000013F482000-memory.dmp	xmrig
behavioral1/memory/2520-139-0x000000013FB30000-0x000000013FF22000-memory.dmp	xmrig
behavioral1/memory/2540-116-0x000000013F8A0000-0x000000013FC92000-memory.dmp	xmrig
behavioral1/memory/2832-114-0x000000013FBB0000-0x000000013FFA2000-memory.dmp	xmrig
behavioral1/memory/2820-112-0x000000013FBC0000-0x000000013FFB2000-memory.dmp	xmrig
behavioral1/memory/2640-110-0x000000013FCC0000-0x00000001400B2000-memory.dmp	xmrig
behavioral1/memory/2760-108-0x000000013F970000-0x000000013FD62000-memory.dmp	xmrig
behavioral1/memory/2768-106-0x000000013F4C0000-0x000000013F8B2000-memory.dmp	xmrig
behavioral1/memory/2348-105-0x0000000003000000-0x00000000033F2000-memory.dmp	xmrig
behavioral1/memory/2624-104-0x000000013FB40000-0x000000013FF32000-memory.dmp	xmrig
behavioral1/memory/2424-102-0x000000013F820000-0x000000013FC12000-memory.dmp	xmrig
behavioral1/memory/2768-4740-0x000000013F4C0000-0x000000013F8B2000-memory.dmp	xmrig
behavioral1/memory/2424-4776-0x000000013F820000-0x000000013FC12000-memory.dmp	xmrig
behavioral1/memory/2832-5422-0x000000013FBB0000-0x000000013FFA2000-memory.dmp	xmrig
behavioral1/memory/2540-5421-0x000000013F8A0000-0x000000013FC92000-memory.dmp	xmrig
behavioral1/memory/2624-5487-0x000000013FB40000-0x000000013FF32000-memory.dmp	xmrig
behavioral1/memory/2520-5492-0x000000013FB30000-0x000000013FF22000-memory.dmp	xmrig
behavioral1/memory/2760-5491-0x000000013F970000-0x000000013FD62000-memory.dmp	xmrig
behavioral1/memory/2820-5490-0x000000013FBC0000-0x000000013FFB2000-memory.dmp	xmrig
behavioral1/memory/1744-5489-0x000000013F790000-0x000000013FB82000-memory.dmp	xmrig
behavioral1/memory/2640-5387-0x000000013FCC0000-0x00000001400B2000-memory.dmp	xmrig
behavioral1/memory/2236-5539-0x000000013F090000-0x000000013F482000-memory.dmp	xmrig
behavioral1/memory/2348-10179-0x000000013F8B0000-0x000000013FCA2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2188	powershell.exe
12424	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
1744	QXemaDK.exe
2424	KCaMxWg.exe
2624	uqBQhSc.exe
2768	ctmGrfq.exe
2760	ctfUWxe.exe
2640	VsstsOd.exe
2820	wEaFVRH.exe
2832	eLwFPgp.exe
2540	PPCjYqf.exe
2236	IZEWIRZ.exe
2520	LypZgvq.exe
2636	WQlrKqH.exe
2240	YiIcReh.exe
3000	DYPfXCT.exe
1152	QLEuFVy.exe
2712	pLipcyd.exe
2484	jKVYlHx.exe
2504	iAeQBTa.exe
768	JPMUnZT.exe
912	MUlwYyI.exe
2056	KaTdZOh.exe
2988	ziRMkjC.exe
1160	XBHcnpi.exe
1488	YnykMAQ.exe
1816	XdCMHoS.exe
444	jiwZHKL.exe
2908	lvIOZoM.exe
1784	seyuHFc.exe
2008	bwTbofS.exe
1996	yehOlDb.exe
1880	WVAJEYb.exe
2164	neGwzEZ.exe
1168	ECaKlIj.exe
1516	vRkPXvy.exe
2400	CldDqfb.exe
2168	xnLuXPl.exe
900	kLoBPXS.exe
1536	ByTisdA.exe
1580	JHVXDTX.exe
896	wzQkpzE.exe
2828	QLjbSwX.exe
2896	CsrZwOQ.exe
2120	inGjRPq.exe
2652	hqBpWCR.exe
2580	htRXGwz.exe
1552	yQxSbPB.exe
1952	cRRapjx.exe
2840	JKOHOmq.exe
600	JEYUYGA.exe
2904	LiMkFiO.exe
2996	mqoIZHd.exe
1256	oUiggQF.exe
1352	bXcWvQk.exe
2068	KxskrRB.exe
1716	fJZExUz.exe
2980	jriBcYm.exe
1812	qRANuNF.exe
3088	vsoDvfq.exe
3120	JzkUrGJ.exe
3152	KicRiZy.exe
3184	JABqwgD.exe
3216	XjRSjvv.exe
3248	HziMAnJ.exe
3280	aIxqEZL.exe

Loads dropped DLL 64 IoCs

pid	Process
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-5-0x000000013F8B0000-0x000000013FCA2000-memory.dmp	upx
behavioral1/memory/1744-8-0x000000013F790000-0x000000013FB82000-memory.dmp	upx
behavioral1/files/0x000f000000012272-6.dat	upx
behavioral1/files/0x000f000000003683-18.dat	upx
behavioral1/files/0x0007000000015d09-34.dat	upx
behavioral1/files/0x0007000000016824-50.dat	upx
behavioral1/files/0x0006000000016c4a-60.dat	upx
behavioral1/files/0x0006000000016c67-67.dat	upx
behavioral1/files/0x0006000000016cde-83.dat	upx
behavioral1/files/0x0006000000016d1a-95.dat	upx
behavioral1/files/0x0006000000016d05-88.dat	upx
behavioral1/memory/2236-121-0x000000013F090000-0x000000013F482000-memory.dmp	upx
behavioral1/memory/2520-139-0x000000013FB30000-0x000000013FF22000-memory.dmp	upx
behavioral1/files/0x0006000000016d55-144.dat	upx
behavioral1/files/0x0006000000016d70-157.dat	upx
behavioral1/files/0x00060000000173b4-185.dat	upx
behavioral1/files/0x00060000000171ba-178.dat	upx
behavioral1/files/0x0006000000016dc8-171.dat	upx
behavioral1/files/0x0006000000016da0-164.dat	upx
behavioral1/files/0x0006000000016d68-147.dat	upx
behavioral1/files/0x0006000000016d4c-141.dat	upx
behavioral1/files/0x0006000000016d3b-129.dat	upx
behavioral1/files/0x0009000000015cbf-122.dat	upx
behavioral1/memory/2540-116-0x000000013F8A0000-0x000000013FC92000-memory.dmp	upx
behavioral1/memory/2832-114-0x000000013FBB0000-0x000000013FFA2000-memory.dmp	upx
behavioral1/memory/2820-112-0x000000013FBC0000-0x000000013FFB2000-memory.dmp	upx
behavioral1/memory/2640-110-0x000000013FCC0000-0x00000001400B2000-memory.dmp	upx
behavioral1/memory/2760-108-0x000000013F970000-0x000000013FD62000-memory.dmp	upx
behavioral1/memory/2768-106-0x000000013F4C0000-0x000000013F8B2000-memory.dmp	upx
behavioral1/memory/2624-104-0x000000013FB40000-0x000000013FF32000-memory.dmp	upx
behavioral1/memory/2424-102-0x000000013F820000-0x000000013FC12000-memory.dmp	upx
behavioral1/files/0x0006000000016d22-98.dat	upx
behavioral1/files/0x00060000000173d3-190.dat	upx
behavioral1/files/0x000600000001720f-183.dat	upx
behavioral1/files/0x0006000000016dd1-176.dat	upx
behavioral1/files/0x0006000000016db2-169.dat	upx
behavioral1/files/0x0006000000016d78-162.dat	upx
behavioral1/files/0x0006000000016d6c-155.dat	upx
behavioral1/files/0x0006000000016d44-137.dat	upx
behavioral1/files/0x0006000000016d33-136.dat	upx
behavioral1/files/0x0006000000016d2b-135.dat	upx
behavioral1/files/0x0006000000016caf-79.dat	upx
behavioral1/files/0x0006000000016c5d-77.dat	upx
behavioral1/files/0x0006000000016a7d-58.dat	upx
behavioral1/files/0x00070000000165d4-49.dat	upx
behavioral1/files/0x0008000000015f54-44.dat	upx
behavioral1/files/0x0007000000015d13-38.dat	upx
behavioral1/files/0x0008000000015cfd-29.dat	upx
behavioral1/files/0x0009000000015cb7-19.dat	upx
behavioral1/memory/2768-4740-0x000000013F4C0000-0x000000013F8B2000-memory.dmp	upx
behavioral1/memory/2424-4776-0x000000013F820000-0x000000013FC12000-memory.dmp	upx
behavioral1/memory/2832-5422-0x000000013FBB0000-0x000000013FFA2000-memory.dmp	upx
behavioral1/memory/2540-5421-0x000000013F8A0000-0x000000013FC92000-memory.dmp	upx
behavioral1/memory/2624-5487-0x000000013FB40000-0x000000013FF32000-memory.dmp	upx
behavioral1/memory/2520-5492-0x000000013FB30000-0x000000013FF22000-memory.dmp	upx
behavioral1/memory/2760-5491-0x000000013F970000-0x000000013FD62000-memory.dmp	upx
behavioral1/memory/2820-5490-0x000000013FBC0000-0x000000013FFB2000-memory.dmp	upx
behavioral1/memory/1744-5489-0x000000013F790000-0x000000013FB82000-memory.dmp	upx
behavioral1/memory/2640-5387-0x000000013FCC0000-0x00000001400B2000-memory.dmp	upx
behavioral1/memory/2236-5539-0x000000013F090000-0x000000013F482000-memory.dmp	upx
behavioral1/memory/2348-10179-0x000000013F8B0000-0x000000013FCA2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MkOQrMA.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\hMgkWBS.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\lQECgPP.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\CDjSqDB.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\fgirxJe.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\sBhkFCJ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\TmlJkFV.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\CaXlNWv.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\bqzbOPk.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\wkAxWCt.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\SdgrTqy.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\blwkegO.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\HWJEYqI.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\RDPsyxU.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\eqfXjJM.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\NWZLEkd.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ONAsblJ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\sCXJxyA.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\Xkhockb.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\nsgERkD.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\vUFQTBc.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\mxKKiqH.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\PvGxdiQ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ueVzwfB.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\UrrluRX.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\HCilWtd.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\XfLTByv.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\PMllGZc.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\UFfyyhZ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\nZxdXrw.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\QccgBpu.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\RKRPdsh.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\uKlRztl.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\CEJTfus.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\IXsJBhX.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\wIAgjfN.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\FBNwddv.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\JhyZriC.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\CGdMLBP.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\sOMItxb.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\RVwikeQ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\JWRaXwm.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\diLVFYc.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\iMxSGen.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\DUTwZMy.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\QMigxnu.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\QnJmCTZ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\lWnWGKK.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\QMnWLBH.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\KOcviDO.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ZZrNwEL.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\buScTAS.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\uMvVEIg.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\bgXbFuA.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\cZLAvkm.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\FLgmnor.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\JFzqWxa.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\eKTpiJM.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\GFxiYSJ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\Hfqkanl.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\HAPnoEt.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\zGGrCNr.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\HTaafrQ.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
File created	C:\Windows\System\VyUNqmw.exe	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2188	powershell.exe
12424	Process not Found
12424	Process not Found

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
Token: SeDebugPrivilege	2188	powershell.exe
Token: SeLockMemoryPrivilege	4148	hkaiVtP.exe
Token: SeLockMemoryPrivilege	4148	hkaiVtP.exe
Token: SeLockMemoryPrivilege	1740	dwHRkDs.exe
Token: SeLockMemoryPrivilege	1740	dwHRkDs.exe
Token: SeLockMemoryPrivilege	1860	vbNSdNm.exe
Token: SeLockMemoryPrivilege	1860	vbNSdNm.exe
Token: SeDebugPrivilege	12424	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2188	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	29
PID 2348 wrote to memory of 2188	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	29
PID 2348 wrote to memory of 2188	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	29
PID 2348 wrote to memory of 1744	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	30
PID 2348 wrote to memory of 1744	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	30
PID 2348 wrote to memory of 1744	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	30
PID 2348 wrote to memory of 2424	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	31
PID 2348 wrote to memory of 2424	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	31
PID 2348 wrote to memory of 2424	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	31
PID 2348 wrote to memory of 2624	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	32
PID 2348 wrote to memory of 2624	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	32
PID 2348 wrote to memory of 2624	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	32
PID 2348 wrote to memory of 2768	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	33
PID 2348 wrote to memory of 2768	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	33
PID 2348 wrote to memory of 2768	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	33
PID 2348 wrote to memory of 2760	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	34
PID 2348 wrote to memory of 2760	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	34
PID 2348 wrote to memory of 2760	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	34
PID 2348 wrote to memory of 2640	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	35
PID 2348 wrote to memory of 2640	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	35
PID 2348 wrote to memory of 2640	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	35
PID 2348 wrote to memory of 2820	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	36
PID 2348 wrote to memory of 2820	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	36
PID 2348 wrote to memory of 2820	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	36
PID 2348 wrote to memory of 2832	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	37
PID 2348 wrote to memory of 2832	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	37
PID 2348 wrote to memory of 2832	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	37
PID 2348 wrote to memory of 2540	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	38
PID 2348 wrote to memory of 2540	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	38
PID 2348 wrote to memory of 2540	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	38
PID 2348 wrote to memory of 2236	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	39
PID 2348 wrote to memory of 2236	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	39
PID 2348 wrote to memory of 2236	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	39
PID 2348 wrote to memory of 2520	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	40
PID 2348 wrote to memory of 2520	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	40
PID 2348 wrote to memory of 2520	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	40
PID 2348 wrote to memory of 2240	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	41
PID 2348 wrote to memory of 2240	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	41
PID 2348 wrote to memory of 2240	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	41
PID 2348 wrote to memory of 2636	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	42
PID 2348 wrote to memory of 2636	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	42
PID 2348 wrote to memory of 2636	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	42
PID 2348 wrote to memory of 3000	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	43
PID 2348 wrote to memory of 3000	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	43
PID 2348 wrote to memory of 3000	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	43
PID 2348 wrote to memory of 1152	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	44
PID 2348 wrote to memory of 1152	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	44
PID 2348 wrote to memory of 1152	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	44
PID 2348 wrote to memory of 2712	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	45
PID 2348 wrote to memory of 2712	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	45
PID 2348 wrote to memory of 2712	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	45
PID 2348 wrote to memory of 2484	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	46
PID 2348 wrote to memory of 2484	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	46
PID 2348 wrote to memory of 2484	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	46
PID 2348 wrote to memory of 1564	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	47
PID 2348 wrote to memory of 1564	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	47
PID 2348 wrote to memory of 1564	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	47
PID 2348 wrote to memory of 2504	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	48
PID 2348 wrote to memory of 2504	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	48
PID 2348 wrote to memory of 2504	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	48
PID 2348 wrote to memory of 2732	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	49
PID 2348 wrote to memory of 2732	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	49
PID 2348 wrote to memory of 2732	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	49
PID 2348 wrote to memory of 768	2348	5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f5dc887de82576ccebf71a057c05aa0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2188
- C:\Windows\System\QXemaDK.exe
  C:\Windows\System\QXemaDK.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\KCaMxWg.exe
  C:\Windows\System\KCaMxWg.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\uqBQhSc.exe
  C:\Windows\System\uqBQhSc.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\ctmGrfq.exe
  C:\Windows\System\ctmGrfq.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ctfUWxe.exe
  C:\Windows\System\ctfUWxe.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\VsstsOd.exe
  C:\Windows\System\VsstsOd.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\wEaFVRH.exe
  C:\Windows\System\wEaFVRH.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\eLwFPgp.exe
  C:\Windows\System\eLwFPgp.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\PPCjYqf.exe
  C:\Windows\System\PPCjYqf.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\IZEWIRZ.exe
  C:\Windows\System\IZEWIRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\LypZgvq.exe
  C:\Windows\System\LypZgvq.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\YiIcReh.exe
  C:\Windows\System\YiIcReh.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\WQlrKqH.exe
  C:\Windows\System\WQlrKqH.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\DYPfXCT.exe
  C:\Windows\System\DYPfXCT.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\QLEuFVy.exe
  C:\Windows\System\QLEuFVy.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\pLipcyd.exe
  C:\Windows\System\pLipcyd.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\jKVYlHx.exe
  C:\Windows\System\jKVYlHx.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\iBpGcAK.exe
  C:\Windows\System\iBpGcAK.exe
  2⤵
  PID:1564
- C:\Windows\System\iAeQBTa.exe
  C:\Windows\System\iAeQBTa.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BmtUkzD.exe
  C:\Windows\System\BmtUkzD.exe
  2⤵
  PID:2732
- C:\Windows\System\JPMUnZT.exe
  C:\Windows\System\JPMUnZT.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\XJhbNgE.exe
  C:\Windows\System\XJhbNgE.exe
  2⤵
  PID:316
- C:\Windows\System\MUlwYyI.exe
  C:\Windows\System\MUlwYyI.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\jzuzUWk.exe
  C:\Windows\System\jzuzUWk.exe
  2⤵
  PID:2060
- C:\Windows\System\KaTdZOh.exe
  C:\Windows\System\KaTdZOh.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\dQSoalA.exe
  C:\Windows\System\dQSoalA.exe
  2⤵
  PID:1584
- C:\Windows\System\ziRMkjC.exe
  C:\Windows\System\ziRMkjC.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\nvCNdaN.exe
  C:\Windows\System\nvCNdaN.exe
  2⤵
  PID:332
- C:\Windows\System\XBHcnpi.exe
  C:\Windows\System\XBHcnpi.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\bjUlYGB.exe
  C:\Windows\System\bjUlYGB.exe
  2⤵
  PID:580
- C:\Windows\System\YnykMAQ.exe
  C:\Windows\System\YnykMAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\WuXKRSE.exe
  C:\Windows\System\WuXKRSE.exe
  2⤵
  PID:1756
- C:\Windows\System\XdCMHoS.exe
  C:\Windows\System\XdCMHoS.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\MCOeWdY.exe
  C:\Windows\System\MCOeWdY.exe
  2⤵
  PID:1544
- C:\Windows\System\jiwZHKL.exe
  C:\Windows\System\jiwZHKL.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\DoHkddd.exe
  C:\Windows\System\DoHkddd.exe
  2⤵
  PID:2496
- C:\Windows\System\lvIOZoM.exe
  C:\Windows\System\lvIOZoM.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\BsdKwAs.exe
  C:\Windows\System\BsdKwAs.exe
  2⤵
  PID:1560
- C:\Windows\System\seyuHFc.exe
  C:\Windows\System\seyuHFc.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\RKaEAtA.exe
  C:\Windows\System\RKaEAtA.exe
  2⤵
  PID:1548
- C:\Windows\System\bwTbofS.exe
  C:\Windows\System\bwTbofS.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\NlbxgXW.exe
  C:\Windows\System\NlbxgXW.exe
  2⤵
  PID:2000
- C:\Windows\System\yehOlDb.exe
  C:\Windows\System\yehOlDb.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\QADXVFl.exe
  C:\Windows\System\QADXVFl.exe
  2⤵
  PID:1624
- C:\Windows\System\WVAJEYb.exe
  C:\Windows\System\WVAJEYb.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\EnFrLUj.exe
  C:\Windows\System\EnFrLUj.exe
  2⤵
  PID:968
- C:\Windows\System\neGwzEZ.exe
  C:\Windows\System\neGwzEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\MIqBxQw.exe
  C:\Windows\System\MIqBxQw.exe
  2⤵
  PID:2488
- C:\Windows\System\ECaKlIj.exe
  C:\Windows\System\ECaKlIj.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\zNTtHii.exe
  C:\Windows\System\zNTtHii.exe
  2⤵
  PID:2404
- C:\Windows\System\vRkPXvy.exe
  C:\Windows\System\vRkPXvy.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\AXPbtzZ.exe
  C:\Windows\System\AXPbtzZ.exe
  2⤵
  PID:2320
- C:\Windows\System\CldDqfb.exe
  C:\Windows\System\CldDqfb.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\QXBFgsZ.exe
  C:\Windows\System\QXBFgsZ.exe
  2⤵
  PID:2396
- C:\Windows\System\xnLuXPl.exe
  C:\Windows\System\xnLuXPl.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\crSQbSs.exe
  C:\Windows\System\crSQbSs.exe
  2⤵
  PID:292
- C:\Windows\System\kLoBPXS.exe
  C:\Windows\System\kLoBPXS.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\xTHHhVV.exe
  C:\Windows\System\xTHHhVV.exe
  2⤵
  PID:2028
- C:\Windows\System\ByTisdA.exe
  C:\Windows\System\ByTisdA.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\dBSzFYH.exe
  C:\Windows\System\dBSzFYH.exe
  2⤵
  PID:3028
- C:\Windows\System\JHVXDTX.exe
  C:\Windows\System\JHVXDTX.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\ErFrouq.exe
  C:\Windows\System\ErFrouq.exe
  2⤵
  PID:1728
- C:\Windows\System\wzQkpzE.exe
  C:\Windows\System\wzQkpzE.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\MDzgKkk.exe
  C:\Windows\System\MDzgKkk.exe
  2⤵
  PID:2200
- C:\Windows\System\QLjbSwX.exe
  C:\Windows\System\QLjbSwX.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\EsmvewK.exe
  C:\Windows\System\EsmvewK.exe
  2⤵
  PID:2664
- C:\Windows\System\CsrZwOQ.exe
  C:\Windows\System\CsrZwOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\wytXJNV.exe
  C:\Windows\System\wytXJNV.exe
  2⤵
  PID:2892
- C:\Windows\System\inGjRPq.exe
  C:\Windows\System\inGjRPq.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ZNqeZpw.exe
  C:\Windows\System\ZNqeZpw.exe
  2⤵
  PID:2564
- C:\Windows\System\hqBpWCR.exe
  C:\Windows\System\hqBpWCR.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\EKfaWcX.exe
  C:\Windows\System\EKfaWcX.exe
  2⤵
  PID:2872
- C:\Windows\System\htRXGwz.exe
  C:\Windows\System\htRXGwz.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\wIYmbrl.exe
  C:\Windows\System\wIYmbrl.exe
  2⤵
  PID:2984
- C:\Windows\System\yQxSbPB.exe
  C:\Windows\System\yQxSbPB.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\XIHwONp.exe
  C:\Windows\System\XIHwONp.exe
  2⤵
  PID:2112
- C:\Windows\System\cRRapjx.exe
  C:\Windows\System\cRRapjx.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\EWZWdOZ.exe
  C:\Windows\System\EWZWdOZ.exe
  2⤵
  PID:1808
- C:\Windows\System\JKOHOmq.exe
  C:\Windows\System\JKOHOmq.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\lpNwBUJ.exe
  C:\Windows\System\lpNwBUJ.exe
  2⤵
  PID:2644
- C:\Windows\System\JEYUYGA.exe
  C:\Windows\System\JEYUYGA.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\PanWgfe.exe
  C:\Windows\System\PanWgfe.exe
  2⤵
  PID:2660
- C:\Windows\System\LiMkFiO.exe
  C:\Windows\System\LiMkFiO.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\BBMDCTq.exe
  C:\Windows\System\BBMDCTq.exe
  2⤵
  PID:1364
- C:\Windows\System\mqoIZHd.exe
  C:\Windows\System\mqoIZHd.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\cXdTSDx.exe
  C:\Windows\System\cXdTSDx.exe
  2⤵
  PID:2680
- C:\Windows\System\oUiggQF.exe
  C:\Windows\System\oUiggQF.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\XNwNOrR.exe
  C:\Windows\System\XNwNOrR.exe
  2⤵
  PID:1804
- C:\Windows\System\bXcWvQk.exe
  C:\Windows\System\bXcWvQk.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\hIdSBqD.exe
  C:\Windows\System\hIdSBqD.exe
  2⤵
  PID:3024
- C:\Windows\System\KxskrRB.exe
  C:\Windows\System\KxskrRB.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\hLjVHJw.exe
  C:\Windows\System\hLjVHJw.exe
  2⤵
  PID:2180
- C:\Windows\System\fJZExUz.exe
  C:\Windows\System\fJZExUz.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ufitWaa.exe
  C:\Windows\System\ufitWaa.exe
  2⤵
  PID:2864
- C:\Windows\System\jriBcYm.exe
  C:\Windows\System\jriBcYm.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\HabyoJB.exe
  C:\Windows\System\HabyoJB.exe
  2⤵
  PID:2576
- C:\Windows\System\qRANuNF.exe
  C:\Windows\System\qRANuNF.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\eYomYsF.exe
  C:\Windows\System\eYomYsF.exe
  2⤵
  PID:1336
- C:\Windows\System\vsoDvfq.exe
  C:\Windows\System\vsoDvfq.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\aQghKsx.exe
  C:\Windows\System\aQghKsx.exe
  2⤵
  PID:3104
- C:\Windows\System\JzkUrGJ.exe
  C:\Windows\System\JzkUrGJ.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\TFYEJAN.exe
  C:\Windows\System\TFYEJAN.exe
  2⤵
  PID:3136
- C:\Windows\System\KicRiZy.exe
  C:\Windows\System\KicRiZy.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\GeUKTeq.exe
  C:\Windows\System\GeUKTeq.exe
  2⤵
  PID:3168
- C:\Windows\System\JABqwgD.exe
  C:\Windows\System\JABqwgD.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\TeAQuJW.exe
  C:\Windows\System\TeAQuJW.exe
  2⤵
  PID:3200
- C:\Windows\System\XjRSjvv.exe
  C:\Windows\System\XjRSjvv.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\HwlZUXJ.exe
  C:\Windows\System\HwlZUXJ.exe
  2⤵
  PID:3232
- C:\Windows\System\HziMAnJ.exe
  C:\Windows\System\HziMAnJ.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\hDHZHeC.exe
  C:\Windows\System\hDHZHeC.exe
  2⤵
  PID:3264
- C:\Windows\System\aIxqEZL.exe
  C:\Windows\System\aIxqEZL.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\MhlTsht.exe
  C:\Windows\System\MhlTsht.exe
  2⤵
  PID:3296
- C:\Windows\System\JLCqDRo.exe
  C:\Windows\System\JLCqDRo.exe
  2⤵
  PID:3312
- C:\Windows\System\LnvOknN.exe
  C:\Windows\System\LnvOknN.exe
  2⤵
  PID:3328
- C:\Windows\System\rssBQMZ.exe
  C:\Windows\System\rssBQMZ.exe
  2⤵
  PID:3344
- C:\Windows\System\TmDKXLV.exe
  C:\Windows\System\TmDKXLV.exe
  2⤵
  PID:3360
- C:\Windows\System\szJLTWu.exe
  C:\Windows\System\szJLTWu.exe
  2⤵
  PID:3376
- C:\Windows\System\kZiuQzx.exe
  C:\Windows\System\kZiuQzx.exe
  2⤵
  PID:3392
- C:\Windows\System\ypYlZUz.exe
  C:\Windows\System\ypYlZUz.exe
  2⤵
  PID:3408
- C:\Windows\System\MuOrKZo.exe
  C:\Windows\System\MuOrKZo.exe
  2⤵
  PID:3424
- C:\Windows\System\edxXzXi.exe
  C:\Windows\System\edxXzXi.exe
  2⤵
  PID:3440
- C:\Windows\System\LlHsvut.exe
  C:\Windows\System\LlHsvut.exe
  2⤵
  PID:3456
- C:\Windows\System\ObnImDw.exe
  C:\Windows\System\ObnImDw.exe
  2⤵
  PID:3472
- C:\Windows\System\AOGlEOG.exe
  C:\Windows\System\AOGlEOG.exe
  2⤵
  PID:3488
- C:\Windows\System\pUAYuDw.exe
  C:\Windows\System\pUAYuDw.exe
  2⤵
  PID:3504
- C:\Windows\System\ZhqMtwz.exe
  C:\Windows\System\ZhqMtwz.exe
  2⤵
  PID:3520
- C:\Windows\System\uSNlNXw.exe
  C:\Windows\System\uSNlNXw.exe
  2⤵
  PID:3536
- C:\Windows\System\nWzXsuf.exe
  C:\Windows\System\nWzXsuf.exe
  2⤵
  PID:3552
- C:\Windows\System\FPjMRVA.exe
  C:\Windows\System\FPjMRVA.exe
  2⤵
  PID:3568
- C:\Windows\System\KTbgwYp.exe
  C:\Windows\System\KTbgwYp.exe
  2⤵
  PID:3584
- C:\Windows\System\BuqVJFW.exe
  C:\Windows\System\BuqVJFW.exe
  2⤵
  PID:3600
- C:\Windows\System\lqPdGZH.exe
  C:\Windows\System\lqPdGZH.exe
  2⤵
  PID:3616
- C:\Windows\System\MRCVqxR.exe
  C:\Windows\System\MRCVqxR.exe
  2⤵
  PID:3632
- C:\Windows\System\GlvDyWI.exe
  C:\Windows\System\GlvDyWI.exe
  2⤵
  PID:3648
- C:\Windows\System\zseSOdH.exe
  C:\Windows\System\zseSOdH.exe
  2⤵
  PID:3664
- C:\Windows\System\NKPZuPM.exe
  C:\Windows\System\NKPZuPM.exe
  2⤵
  PID:3680
- C:\Windows\System\QLmzUTg.exe
  C:\Windows\System\QLmzUTg.exe
  2⤵
  PID:3696
- C:\Windows\System\kAdfcMq.exe
  C:\Windows\System\kAdfcMq.exe
  2⤵
  PID:3712
- C:\Windows\System\VktagOG.exe
  C:\Windows\System\VktagOG.exe
  2⤵
  PID:3728
- C:\Windows\System\IecALuJ.exe
  C:\Windows\System\IecALuJ.exe
  2⤵
  PID:3744
- C:\Windows\System\ADMjZcf.exe
  C:\Windows\System\ADMjZcf.exe
  2⤵
  PID:3760
- C:\Windows\System\yUXmYaw.exe
  C:\Windows\System\yUXmYaw.exe
  2⤵
  PID:3776
- C:\Windows\System\bEXxjwO.exe
  C:\Windows\System\bEXxjwO.exe
  2⤵
  PID:3792
- C:\Windows\System\bAEVDBo.exe
  C:\Windows\System\bAEVDBo.exe
  2⤵
  PID:3808
- C:\Windows\System\tYSwXUr.exe
  C:\Windows\System\tYSwXUr.exe
  2⤵
  PID:3824
- C:\Windows\System\sQqFdFA.exe
  C:\Windows\System\sQqFdFA.exe
  2⤵
  PID:3840
- C:\Windows\System\HCgzzRN.exe
  C:\Windows\System\HCgzzRN.exe
  2⤵
  PID:3856
- C:\Windows\System\XAtFQAg.exe
  C:\Windows\System\XAtFQAg.exe
  2⤵
  PID:3872
- C:\Windows\System\OrtDFlW.exe
  C:\Windows\System\OrtDFlW.exe
  2⤵
  PID:3888
- C:\Windows\System\oQTEunn.exe
  C:\Windows\System\oQTEunn.exe
  2⤵
  PID:3904
- C:\Windows\System\qoKBFzv.exe
  C:\Windows\System\qoKBFzv.exe
  2⤵
  PID:3920
- C:\Windows\System\HhmGVMF.exe
  C:\Windows\System\HhmGVMF.exe
  2⤵
  PID:3936
- C:\Windows\System\WmAaYgg.exe
  C:\Windows\System\WmAaYgg.exe
  2⤵
  PID:3952
- C:\Windows\System\BMxmqSU.exe
  C:\Windows\System\BMxmqSU.exe
  2⤵
  PID:3968
- C:\Windows\System\NRDmkPG.exe
  C:\Windows\System\NRDmkPG.exe
  2⤵
  PID:3984
- C:\Windows\System\BKvNYyn.exe
  C:\Windows\System\BKvNYyn.exe
  2⤵
  PID:4000
- C:\Windows\System\KzLfMiY.exe
  C:\Windows\System\KzLfMiY.exe
  2⤵
  PID:4016
- C:\Windows\System\cmmxoQE.exe
  C:\Windows\System\cmmxoQE.exe
  2⤵
  PID:4032
- C:\Windows\System\zGoOQVo.exe
  C:\Windows\System\zGoOQVo.exe
  2⤵
  PID:4052
- C:\Windows\System\IgLHZXO.exe
  C:\Windows\System\IgLHZXO.exe
  2⤵
  PID:4068
- C:\Windows\System\yYuGywc.exe
  C:\Windows\System\yYuGywc.exe
  2⤵
  PID:4084
- C:\Windows\System\zzzoDOM.exe
  C:\Windows\System\zzzoDOM.exe
  2⤵
  PID:2632
- C:\Windows\System\KPKzMPz.exe
  C:\Windows\System\KPKzMPz.exe
  2⤵
  PID:3096
- C:\Windows\System\mrfaUQW.exe
  C:\Windows\System\mrfaUQW.exe
  2⤵
  PID:3288
- C:\Windows\System\dcwhnzu.exe
  C:\Windows\System\dcwhnzu.exe
  2⤵
  PID:2156
- C:\Windows\System\jpuFKdL.exe
  C:\Windows\System\jpuFKdL.exe
  2⤵
  PID:4252
- C:\Windows\System\pVIswyR.exe
  C:\Windows\System\pVIswyR.exe
  2⤵
  PID:4284
- C:\Windows\System\vPOGguG.exe
  C:\Windows\System\vPOGguG.exe
  2⤵
  PID:4316
- C:\Windows\System\GPpQPmQ.exe
  C:\Windows\System\GPpQPmQ.exe
  2⤵
  PID:4336
- C:\Windows\System\YtlkJet.exe
  C:\Windows\System\YtlkJet.exe
  2⤵
  PID:4376
- C:\Windows\System\YRiNWta.exe
  C:\Windows\System\YRiNWta.exe
  2⤵
  PID:4408
- C:\Windows\System\pTeQjSl.exe
  C:\Windows\System\pTeQjSl.exe
  2⤵
  PID:4428
- C:\Windows\System\YyAeElm.exe
  C:\Windows\System\YyAeElm.exe
  2⤵
  PID:4444
- C:\Windows\System\sCgPPaU.exe
  C:\Windows\System\sCgPPaU.exe
  2⤵
  PID:4460
- C:\Windows\System\zRQMpYN.exe
  C:\Windows\System\zRQMpYN.exe
  2⤵
  PID:4476
- C:\Windows\System\drlwlil.exe
  C:\Windows\System\drlwlil.exe
  2⤵
  PID:4492
- C:\Windows\System\QnJmCTZ.exe
  C:\Windows\System\QnJmCTZ.exe
  2⤵
  PID:4508
- C:\Windows\System\YGJGfaj.exe
  C:\Windows\System\YGJGfaj.exe
  2⤵
  PID:4524
- C:\Windows\System\DguMTQs.exe
  C:\Windows\System\DguMTQs.exe
  2⤵
  PID:4540
- C:\Windows\System\fMqspdz.exe
  C:\Windows\System\fMqspdz.exe
  2⤵
  PID:4560
- C:\Windows\System\uieUFnI.exe
  C:\Windows\System\uieUFnI.exe
  2⤵
  PID:4912
- C:\Windows\System\rBqeLTB.exe
  C:\Windows\System\rBqeLTB.exe
  2⤵
  PID:4928
- C:\Windows\System\wSrsMll.exe
  C:\Windows\System\wSrsMll.exe
  2⤵
  PID:4956
- C:\Windows\System\QevJrvb.exe
  C:\Windows\System\QevJrvb.exe
  2⤵
  PID:4972
- C:\Windows\System\CyQerVe.exe
  C:\Windows\System\CyQerVe.exe
  2⤵
  PID:4992
- C:\Windows\System\QoHHXJU.exe
  C:\Windows\System\QoHHXJU.exe
  2⤵
  PID:5048
- C:\Windows\System\nNqVGYT.exe
  C:\Windows\System\nNqVGYT.exe
  2⤵
  PID:5064
- C:\Windows\System\FjJXKFe.exe
  C:\Windows\System\FjJXKFe.exe
  2⤵
  PID:5080
- C:\Windows\System\ECBMmzb.exe
  C:\Windows\System\ECBMmzb.exe
  2⤵
  PID:5096
- C:\Windows\System\XWlSNkV.exe
  C:\Windows\System\XWlSNkV.exe
  2⤵
  PID:5112
- C:\Windows\System\eZlSBhF.exe
  C:\Windows\System\eZlSBhF.exe
  2⤵
  PID:3128
- C:\Windows\System\mrEffLh.exe
  C:\Windows\System\mrEffLh.exe
  2⤵
  PID:1528
- C:\Windows\System\hZVxoEV.exe
  C:\Windows\System\hZVxoEV.exe
  2⤵
  PID:1732
- C:\Windows\System\XrdjYwM.exe
  C:\Windows\System\XrdjYwM.exe
  2⤵
  PID:608
- C:\Windows\System\cuqSTPH.exe
  C:\Windows\System\cuqSTPH.exe
  2⤵
  PID:3804
- C:\Windows\System\IlkqjWH.exe
  C:\Windows\System\IlkqjWH.exe
  2⤵
  PID:1500
- C:\Windows\System\GoixtZj.exe
  C:\Windows\System\GoixtZj.exe
  2⤵
  PID:3896
- C:\Windows\System\RciNvHc.exe
  C:\Windows\System\RciNvHc.exe
  2⤵
  PID:3928
- C:\Windows\System\HtyKfxC.exe
  C:\Windows\System\HtyKfxC.exe
  2⤵
  PID:3960
- C:\Windows\System\ZgAqUNA.exe
  C:\Windows\System\ZgAqUNA.exe
  2⤵
  PID:4024
- C:\Windows\System\asaYZYu.exe
  C:\Windows\System\asaYZYu.exe
  2⤵
  PID:1636
- C:\Windows\System\zGGrCNr.exe
  C:\Windows\System\zGGrCNr.exe
  2⤵
  PID:820
- C:\Windows\System\cQfXyQP.exe
  C:\Windows\System\cQfXyQP.exe
  2⤵
  PID:2284
- C:\Windows\System\iPvQEvK.exe
  C:\Windows\System\iPvQEvK.exe
  2⤵
  PID:4116
- C:\Windows\System\ZDJWqPr.exe
  C:\Windows\System\ZDJWqPr.exe
  2⤵
  PID:4132
- C:\Windows\System\hkaiVtP.exe
  C:\Windows\System\hkaiVtP.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4148
- C:\Windows\System\PlPTbcH.exe
  C:\Windows\System\PlPTbcH.exe
  2⤵
  PID:4164
- C:\Windows\System\ONAsblJ.exe
  C:\Windows\System\ONAsblJ.exe
  2⤵
  PID:4184
- C:\Windows\System\PjigpeX.exe
  C:\Windows\System\PjigpeX.exe
  2⤵
  PID:4200
- C:\Windows\System\wfSNtrB.exe
  C:\Windows\System\wfSNtrB.exe
  2⤵
  PID:4224
- C:\Windows\System\vvAMPma.exe
  C:\Windows\System\vvAMPma.exe
  2⤵
  PID:4296
- C:\Windows\System\mpaoOeY.exe
  C:\Windows\System\mpaoOeY.exe
  2⤵
  PID:4360
- C:\Windows\System\pdGzyDF.exe
  C:\Windows\System\pdGzyDF.exe
  2⤵
  PID:4456
- C:\Windows\System\pEYRdUm.exe
  C:\Windows\System\pEYRdUm.exe
  2⤵
  PID:4520
- C:\Windows\System\xaNyJLB.exe
  C:\Windows\System\xaNyJLB.exe
  2⤵
  PID:4924
- C:\Windows\System\jupMXnz.exe
  C:\Windows\System\jupMXnz.exe
  2⤵
  PID:2572
- C:\Windows\System\fNfWqYZ.exe
  C:\Windows\System\fNfWqYZ.exe
  2⤵
  PID:1620
- C:\Windows\System\MuhMlZk.exe
  C:\Windows\System\MuhMlZk.exe
  2⤵
  PID:1772
- C:\Windows\System\wlkCLwK.exe
  C:\Windows\System\wlkCLwK.exe
  2⤵
  PID:716
- C:\Windows\System\TlBZIsH.exe
  C:\Windows\System\TlBZIsH.exe
  2⤵
  PID:876
- C:\Windows\System\GuKDxHG.exe
  C:\Windows\System\GuKDxHG.exe
  2⤵
  PID:2912
- C:\Windows\System\rUIBquL.exe
  C:\Windows\System\rUIBquL.exe
  2⤵
  PID:4436
- C:\Windows\System\JDlHzUn.exe
  C:\Windows\System\JDlHzUn.exe
  2⤵
  PID:4384
- C:\Windows\System\EPtfrcE.exe
  C:\Windows\System\EPtfrcE.exe
  2⤵
  PID:4468
- C:\Windows\System\dmljFrU.exe
  C:\Windows\System\dmljFrU.exe
  2⤵
  PID:4532
- C:\Windows\System\swDAUTp.exe
  C:\Windows\System\swDAUTp.exe
  2⤵
  PID:4936
- C:\Windows\System\lTAKbHL.exe
  C:\Windows\System\lTAKbHL.exe
  2⤵
  PID:2308
- C:\Windows\System\Tetscxs.exe
  C:\Windows\System\Tetscxs.exe
  2⤵
  PID:1924
- C:\Windows\System\MKEcErc.exe
  C:\Windows\System\MKEcErc.exe
  2⤵
  PID:2804
- C:\Windows\System\kIbzOsW.exe
  C:\Windows\System\kIbzOsW.exe
  2⤵
  PID:4048
- C:\Windows\System\qMrmStc.exe
  C:\Windows\System\qMrmStc.exe
  2⤵
  PID:3980
- C:\Windows\System\DNdVjad.exe
  C:\Windows\System\DNdVjad.exe
  2⤵
  PID:3916
- C:\Windows\System\EBFCGZe.exe
  C:\Windows\System\EBFCGZe.exe
  2⤵
  PID:3852
- C:\Windows\System\ZJSHGif.exe
  C:\Windows\System\ZJSHGif.exe
  2⤵
  PID:3788
- C:\Windows\System\VojdLTI.exe
  C:\Windows\System\VojdLTI.exe
  2⤵
  PID:3724
- C:\Windows\System\YtRiluq.exe
  C:\Windows\System\YtRiluq.exe
  2⤵
  PID:3660
- C:\Windows\System\kefuzmK.exe
  C:\Windows\System\kefuzmK.exe
  2⤵
  PID:3596
- C:\Windows\System\JUXpnXk.exe
  C:\Windows\System\JUXpnXk.exe
  2⤵
  PID:3532
- C:\Windows\System\mSYepAg.exe
  C:\Windows\System\mSYepAg.exe
  2⤵
  PID:3468
- C:\Windows\System\NeFOctH.exe
  C:\Windows\System\NeFOctH.exe
  2⤵
  PID:3404
- C:\Windows\System\VCCOMVY.exe
  C:\Windows\System\VCCOMVY.exe
  2⤵
  PID:3340
- C:\Windows\System\wxjUDqj.exe
  C:\Windows\System\wxjUDqj.exe
  2⤵
  PID:3276
- C:\Windows\System\rKwKHLY.exe
  C:\Windows\System\rKwKHLY.exe
  2⤵
  PID:3212
- C:\Windows\System\lRInHjV.exe
  C:\Windows\System\lRInHjV.exe
  2⤵
  PID:3148
- C:\Windows\System\UDQcVAl.exe
  C:\Windows\System\UDQcVAl.exe
  2⤵
  PID:3084
- C:\Windows\System\XhIzbli.exe
  C:\Windows\System\XhIzbli.exe
  2⤵
  PID:1944
- C:\Windows\System\QHhyugz.exe
  C:\Windows\System\QHhyugz.exe
  2⤵
  PID:1828
- C:\Windows\System\rEwpxVt.exe
  C:\Windows\System\rEwpxVt.exe
  2⤵
  PID:2304
- C:\Windows\System\AmCUqFf.exe
  C:\Windows\System\AmCUqFf.exe
  2⤵
  PID:2480
- C:\Windows\System\JdcsNMS.exe
  C:\Windows\System\JdcsNMS.exe
  2⤵
  PID:2868
- C:\Windows\System\YZrITxA.exe
  C:\Windows\System\YZrITxA.exe
  2⤵
  PID:2724
- C:\Windows\System\DDbehCq.exe
  C:\Windows\System\DDbehCq.exe
  2⤵
  PID:2532
- C:\Windows\System\LVGZgWZ.exe
  C:\Windows\System\LVGZgWZ.exe
  2⤵
  PID:2784
- C:\Windows\System\LavwIpc.exe
  C:\Windows\System\LavwIpc.exe
  2⤵
  PID:2340
- C:\Windows\System\jebvsEG.exe
  C:\Windows\System\jebvsEG.exe
  2⤵
  PID:2224
- C:\Windows\System\UYiGAgZ.exe
  C:\Windows\System\UYiGAgZ.exe
  2⤵
  PID:2152
- C:\Windows\System\CDuHLQA.exe
  C:\Windows\System\CDuHLQA.exe
  2⤵
  PID:2928
- C:\Windows\System\kIjJCbh.exe
  C:\Windows\System\kIjJCbh.exe
  2⤵
  PID:892
- C:\Windows\System\LjauzUa.exe
  C:\Windows\System\LjauzUa.exe
  2⤵
  PID:5000
- C:\Windows\System\ATDMMDb.exe
  C:\Windows\System\ATDMMDb.exe
  2⤵
  PID:2568
- C:\Windows\System\nlbbRgD.exe
  C:\Windows\System\nlbbRgD.exe
  2⤵
  PID:5072
- C:\Windows\System\FLknnWt.exe
  C:\Windows\System\FLknnWt.exe
  2⤵
  PID:5092
- C:\Windows\System\VFVLLem.exe
  C:\Windows\System\VFVLLem.exe
  2⤵
  PID:2884
- C:\Windows\System\ynaWvmO.exe
  C:\Windows\System\ynaWvmO.exe
  2⤵
  PID:3676
- C:\Windows\System\kYJwKJI.exe
  C:\Windows\System\kYJwKJI.exe
  2⤵
  PID:3836
- C:\Windows\System\eEIReYO.exe
  C:\Windows\System\eEIReYO.exe
  2⤵
  PID:3900
- C:\Windows\System\eqUTmdq.exe
  C:\Windows\System\eqUTmdq.exe
  2⤵
  PID:2004
- C:\Windows\System\yiGZoiL.exe
  C:\Windows\System\yiGZoiL.exe
  2⤵
  PID:2720
- C:\Windows\System\NXSDqiO.exe
  C:\Windows\System\NXSDqiO.exe
  2⤵
  PID:4108
- C:\Windows\System\vMtWXAr.exe
  C:\Windows\System\vMtWXAr.exe
  2⤵
  PID:4124
- C:\Windows\System\gdVlDsx.exe
  C:\Windows\System\gdVlDsx.exe
  2⤵
  PID:4172
- C:\Windows\System\syFtsUh.exe
  C:\Windows\System\syFtsUh.exe
  2⤵
  PID:4216
- C:\Windows\System\mSRcmln.exe
  C:\Windows\System\mSRcmln.exe
  2⤵
  PID:4248
- C:\Windows\System\vwmEqHl.exe
  C:\Windows\System\vwmEqHl.exe
  2⤵
  PID:4488
- C:\Windows\System\uxcHgzy.exe
  C:\Windows\System\uxcHgzy.exe
  2⤵
  PID:1244
- C:\Windows\System\vGNCEps.exe
  C:\Windows\System\vGNCEps.exe
  2⤵
  PID:1304
- C:\Windows\System\FwIuoDr.exe
  C:\Windows\System\FwIuoDr.exe
  2⤵
  PID:960
- C:\Windows\System\YcHhkyt.exe
  C:\Windows\System\YcHhkyt.exe
  2⤵
  PID:1056
- C:\Windows\System\ywKGtkA.exe
  C:\Windows\System\ywKGtkA.exe
  2⤵
  PID:4400
- C:\Windows\System\ecJRVSE.exe
  C:\Windows\System\ecJRVSE.exe
  2⤵
  PID:4500
- C:\Windows\System\dyYXnKy.exe
  C:\Windows\System\dyYXnKy.exe
  2⤵
  PID:792
- C:\Windows\System\LVOEinn.exe
  C:\Windows\System\LVOEinn.exe
  2⤵
  PID:3324
- C:\Windows\System\OrAoDIh.exe
  C:\Windows\System\OrAoDIh.exe
  2⤵
  PID:4012
- C:\Windows\System\yeSuEPX.exe
  C:\Windows\System\yeSuEPX.exe
  2⤵
  PID:3884
- C:\Windows\System\RdFugfA.exe
  C:\Windows\System\RdFugfA.exe
  2⤵
  PID:3756
- C:\Windows\System\ACVBbxp.exe
  C:\Windows\System\ACVBbxp.exe
  2⤵
  PID:3628
- C:\Windows\System\lIxcqDP.exe
  C:\Windows\System\lIxcqDP.exe
  2⤵
  PID:3500
- C:\Windows\System\MbfRzQC.exe
  C:\Windows\System\MbfRzQC.exe
  2⤵
  PID:3372
- C:\Windows\System\cIYUPUx.exe
  C:\Windows\System\cIYUPUx.exe
  2⤵
  PID:3244
- C:\Windows\System\RaUiSnS.exe
  C:\Windows\System\RaUiSnS.exe
  2⤵
  PID:3116
- C:\Windows\System\jImCwZK.exe
  C:\Windows\System\jImCwZK.exe
  2⤵
  PID:1664
- C:\Windows\System\LXKWtwv.exe
  C:\Windows\System\LXKWtwv.exe
  2⤵
  PID:4176
- C:\Windows\System\nBBJHeq.exe
  C:\Windows\System\nBBJHeq.exe
  2⤵
  PID:2672
- C:\Windows\System\LCepKfJ.exe
  C:\Windows\System\LCepKfJ.exe
  2⤵
  PID:2676
- C:\Windows\System\chRVIYg.exe
  C:\Windows\System\chRVIYg.exe
  2⤵
  PID:1604
- C:\Windows\System\DAJtXAH.exe
  C:\Windows\System\DAJtXAH.exe
  2⤵
  PID:2924
- C:\Windows\System\TvnZVhY.exe
  C:\Windows\System\TvnZVhY.exe
  2⤵
  PID:1380
- C:\Windows\System\eGsgNpA.exe
  C:\Windows\System\eGsgNpA.exe
  2⤵
  PID:4988
- C:\Windows\System\tQZsqsQ.exe
  C:\Windows\System\tQZsqsQ.exe
  2⤵
  PID:5104
- C:\Windows\System\FiqkHXw.exe
  C:\Windows\System\FiqkHXw.exe
  2⤵
  PID:3548
- C:\Windows\System\wLCkveQ.exe
  C:\Windows\System\wLCkveQ.exe
  2⤵
  PID:856
- C:\Windows\System\LNZDmIE.exe
  C:\Windows\System\LNZDmIE.exe
  2⤵
  PID:2208
- C:\Windows\System\GmcFBUU.exe
  C:\Windows\System\GmcFBUU.exe
  2⤵
  PID:4112
- C:\Windows\System\ZimuMox.exe
  C:\Windows\System\ZimuMox.exe
  2⤵
  PID:4180
- C:\Windows\System\fgirxJe.exe
  C:\Windows\System\fgirxJe.exe
  2⤵
  PID:4348
- C:\Windows\System\PuRjVkO.exe
  C:\Windows\System\PuRjVkO.exe
  2⤵
  PID:4516
- C:\Windows\System\yAznNmw.exe
  C:\Windows\System\yAznNmw.exe
  2⤵
  PID:2052
- C:\Windows\System\lpYiUzD.exe
  C:\Windows\System\lpYiUzD.exe
  2⤵
  PID:3064
- C:\Windows\System\JwWVHYw.exe
  C:\Windows\System\JwWVHYw.exe
  2⤵
  PID:4504
- C:\Windows\System\QsZEKsD.exe
  C:\Windows\System\QsZEKsD.exe
  2⤵
  PID:3320
- C:\Windows\System\mmhtTra.exe
  C:\Windows\System\mmhtTra.exe
  2⤵
  PID:3944
- C:\Windows\System\iOOPsRh.exe
  C:\Windows\System\iOOPsRh.exe
  2⤵
  PID:3816
- C:\Windows\System\XdPbptR.exe
  C:\Windows\System\XdPbptR.exe
  2⤵
  PID:3624
- C:\Windows\System\OmdYsai.exe
  C:\Windows\System\OmdYsai.exe
  2⤵
  PID:3368
- C:\Windows\System\QtkhisU.exe
  C:\Windows\System\QtkhisU.exe
  2⤵
  PID:1708
- C:\Windows\System\rGLMDHv.exe
  C:\Windows\System\rGLMDHv.exe
  2⤵
  PID:1748
- C:\Windows\System\iOjlkYu.exe
  C:\Windows\System\iOjlkYu.exe
  2⤵
  PID:2436
- C:\Windows\System\lRTWbHT.exe
  C:\Windows\System\lRTWbHT.exe
  2⤵
  PID:2248
- C:\Windows\System\VjYEThQ.exe
  C:\Windows\System\VjYEThQ.exe
  2⤵
  PID:4980
- C:\Windows\System\lGIzTXU.exe
  C:\Windows\System\lGIzTXU.exe
  2⤵
  PID:2612
- C:\Windows\System\AEGceKv.exe
  C:\Windows\System\AEGceKv.exe
  2⤵
  PID:2256
- C:\Windows\System\UadAxlQ.exe
  C:\Windows\System\UadAxlQ.exe
  2⤵
  PID:1204
- C:\Windows\System\dEXDIYQ.exe
  C:\Windows\System\dEXDIYQ.exe
  2⤵
  PID:2856
- C:\Windows\System\XwlKUWP.exe
  C:\Windows\System\XwlKUWP.exe
  2⤵
  PID:1100
- C:\Windows\System\wrUbrri.exe
  C:\Windows\System\wrUbrri.exe
  2⤵
  PID:5012
- C:\Windows\System\zZdVzuH.exe
  C:\Windows\System\zZdVzuH.exe
  2⤵
  PID:4572
- C:\Windows\System\gUCgeQq.exe
  C:\Windows\System\gUCgeQq.exe
  2⤵
  PID:2888
- C:\Windows\System\pjcXgqj.exe
  C:\Windows\System\pjcXgqj.exe
  2⤵
  PID:2216
- C:\Windows\System\lHmVLsH.exe
  C:\Windows\System\lHmVLsH.exe
  2⤵
  PID:3432
- C:\Windows\System\dwHRkDs.exe
  C:\Windows\System\dwHRkDs.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1740
- C:\Windows\System\kYyUjOj.exe
  C:\Windows\System\kYyUjOj.exe
  2⤵
  PID:904
- C:\Windows\System\oxXtIyF.exe
  C:\Windows\System\oxXtIyF.exe
  2⤵
  PID:5132
- C:\Windows\System\MREKDjX.exe
  C:\Windows\System\MREKDjX.exe
  2⤵
  PID:5148
- C:\Windows\System\JfmasYP.exe
  C:\Windows\System\JfmasYP.exe
  2⤵
  PID:5164
- C:\Windows\System\PkKcjRX.exe
  C:\Windows\System\PkKcjRX.exe
  2⤵
  PID:5180
- C:\Windows\System\tFypjuX.exe
  C:\Windows\System\tFypjuX.exe
  2⤵
  PID:5196
- C:\Windows\System\TQuVMKc.exe
  C:\Windows\System\TQuVMKc.exe
  2⤵
  PID:5212
- C:\Windows\System\PZvZcPX.exe
  C:\Windows\System\PZvZcPX.exe
  2⤵
  PID:5228
- C:\Windows\System\OsFkzjl.exe
  C:\Windows\System\OsFkzjl.exe
  2⤵
  PID:5244
- C:\Windows\System\iGOdNth.exe
  C:\Windows\System\iGOdNth.exe
  2⤵
  PID:5260
- C:\Windows\System\nIzClWT.exe
  C:\Windows\System\nIzClWT.exe
  2⤵
  PID:5276
- C:\Windows\System\YWSiHpd.exe
  C:\Windows\System\YWSiHpd.exe
  2⤵
  PID:5292
- C:\Windows\System\QJakIOH.exe
  C:\Windows\System\QJakIOH.exe
  2⤵
  PID:5308
- C:\Windows\System\lvFoukA.exe
  C:\Windows\System\lvFoukA.exe
  2⤵
  PID:5324
- C:\Windows\System\xfcrjZw.exe
  C:\Windows\System\xfcrjZw.exe
  2⤵
  PID:5340
- C:\Windows\System\atsjIUp.exe
  C:\Windows\System\atsjIUp.exe
  2⤵
  PID:5356
- C:\Windows\System\gSuMtHy.exe
  C:\Windows\System\gSuMtHy.exe
  2⤵
  PID:5372
- C:\Windows\System\DbiygHt.exe
  C:\Windows\System\DbiygHt.exe
  2⤵
  PID:5388
- C:\Windows\System\fadngXg.exe
  C:\Windows\System\fadngXg.exe
  2⤵
  PID:5404
- C:\Windows\System\qmlhESB.exe
  C:\Windows\System\qmlhESB.exe
  2⤵
  PID:5420
- C:\Windows\System\vYUyNQD.exe
  C:\Windows\System\vYUyNQD.exe
  2⤵
  PID:5436
- C:\Windows\System\sExZUzu.exe
  C:\Windows\System\sExZUzu.exe
  2⤵
  PID:5452
- C:\Windows\System\uAhieiq.exe
  C:\Windows\System\uAhieiq.exe
  2⤵
  PID:5468
- C:\Windows\System\RhpzODp.exe
  C:\Windows\System\RhpzODp.exe
  2⤵
  PID:5484
- C:\Windows\System\pbyxaHv.exe
  C:\Windows\System\pbyxaHv.exe
  2⤵
  PID:5500
- C:\Windows\System\oMVwdvS.exe
  C:\Windows\System\oMVwdvS.exe
  2⤵
  PID:5516
- C:\Windows\System\GJfZcMG.exe
  C:\Windows\System\GJfZcMG.exe
  2⤵
  PID:5532
- C:\Windows\System\APoPOYt.exe
  C:\Windows\System\APoPOYt.exe
  2⤵
  PID:5548
- C:\Windows\System\kqKEFJp.exe
  C:\Windows\System\kqKEFJp.exe
  2⤵
  PID:5564
- C:\Windows\System\LRNEhyL.exe
  C:\Windows\System\LRNEhyL.exe
  2⤵
  PID:5580
- C:\Windows\System\dzDzsWv.exe
  C:\Windows\System\dzDzsWv.exe
  2⤵
  PID:5596
- C:\Windows\System\TxfnCnn.exe
  C:\Windows\System\TxfnCnn.exe
  2⤵
  PID:5612
- C:\Windows\System\VacRWfj.exe
  C:\Windows\System\VacRWfj.exe
  2⤵
  PID:5628
- C:\Windows\System\HzrDhqW.exe
  C:\Windows\System\HzrDhqW.exe
  2⤵
  PID:5644
- C:\Windows\System\vpjdlBc.exe
  C:\Windows\System\vpjdlBc.exe
  2⤵
  PID:5660
- C:\Windows\System\extVJvB.exe
  C:\Windows\System\extVJvB.exe
  2⤵
  PID:5676
- C:\Windows\System\khSnsWV.exe
  C:\Windows\System\khSnsWV.exe
  2⤵
  PID:5692
- C:\Windows\System\wfAxWeM.exe
  C:\Windows\System\wfAxWeM.exe
  2⤵
  PID:5708
- C:\Windows\System\fNxbeKq.exe
  C:\Windows\System\fNxbeKq.exe
  2⤵
  PID:5724
- C:\Windows\System\iQMNkFY.exe
  C:\Windows\System\iQMNkFY.exe
  2⤵
  PID:5740
- C:\Windows\System\pMKRpzJ.exe
  C:\Windows\System\pMKRpzJ.exe
  2⤵
  PID:5756
- C:\Windows\System\SdPZtsG.exe
  C:\Windows\System\SdPZtsG.exe
  2⤵
  PID:5772
- C:\Windows\System\NPlZeSG.exe
  C:\Windows\System\NPlZeSG.exe
  2⤵
  PID:5788
- C:\Windows\System\LyZNEjJ.exe
  C:\Windows\System\LyZNEjJ.exe
  2⤵
  PID:5804
- C:\Windows\System\hosBwgC.exe
  C:\Windows\System\hosBwgC.exe
  2⤵
  PID:5820
- C:\Windows\System\xutPSkE.exe
  C:\Windows\System\xutPSkE.exe
  2⤵
  PID:5836
- C:\Windows\System\fIyhjir.exe
  C:\Windows\System\fIyhjir.exe
  2⤵
  PID:5852
- C:\Windows\System\aMXVNTM.exe
  C:\Windows\System\aMXVNTM.exe
  2⤵
  PID:5868
- C:\Windows\System\jbCdDHv.exe
  C:\Windows\System\jbCdDHv.exe
  2⤵
  PID:5884
- C:\Windows\System\Vkubcaw.exe
  C:\Windows\System\Vkubcaw.exe
  2⤵
  PID:5900
- C:\Windows\System\kfCLtpt.exe
  C:\Windows\System\kfCLtpt.exe
  2⤵
  PID:5916
- C:\Windows\System\AHeVeaD.exe
  C:\Windows\System\AHeVeaD.exe
  2⤵
  PID:5932
- C:\Windows\System\SeEFRen.exe
  C:\Windows\System\SeEFRen.exe
  2⤵
  PID:5948
- C:\Windows\System\nCDCzSx.exe
  C:\Windows\System\nCDCzSx.exe
  2⤵
  PID:5964
- C:\Windows\System\QwABIwC.exe
  C:\Windows\System\QwABIwC.exe
  2⤵
  PID:5980
- C:\Windows\System\ENZueiP.exe
  C:\Windows\System\ENZueiP.exe
  2⤵
  PID:5996
- C:\Windows\System\vnBvvrY.exe
  C:\Windows\System\vnBvvrY.exe
  2⤵
  PID:6012
- C:\Windows\System\awOcISN.exe
  C:\Windows\System\awOcISN.exe
  2⤵
  PID:6028
- C:\Windows\System\llmCPZX.exe
  C:\Windows\System\llmCPZX.exe
  2⤵
  PID:6044
- C:\Windows\System\blEXDfF.exe
  C:\Windows\System\blEXDfF.exe
  2⤵
  PID:6060
- C:\Windows\System\oSFRNXj.exe
  C:\Windows\System\oSFRNXj.exe
  2⤵
  PID:6076
- C:\Windows\System\pbijPZb.exe
  C:\Windows\System\pbijPZb.exe
  2⤵
  PID:6092
- C:\Windows\System\zFapLPG.exe
  C:\Windows\System\zFapLPG.exe
  2⤵
  PID:6108
- C:\Windows\System\LtKbXVw.exe
  C:\Windows\System\LtKbXVw.exe
  2⤵
  PID:6124
- C:\Windows\System\SUJYiBv.exe
  C:\Windows\System\SUJYiBv.exe
  2⤵
  PID:6140
- C:\Windows\System\HTaafrQ.exe
  C:\Windows\System\HTaafrQ.exe
  2⤵
  PID:3772
- C:\Windows\System\szKQBwX.exe
  C:\Windows\System\szKQBwX.exe
  2⤵
  PID:4192
- C:\Windows\System\GNyKRuY.exe
  C:\Windows\System\GNyKRuY.exe
  2⤵
  PID:4440
- C:\Windows\System\QLxuGoe.exe
  C:\Windows\System\QLxuGoe.exe
  2⤵
  PID:3688
- C:\Windows\System\mpYCUIw.exe
  C:\Windows\System\mpYCUIw.exe
  2⤵
  PID:5128
- C:\Windows\System\OlKxVra.exe
  C:\Windows\System\OlKxVra.exe
  2⤵
  PID:5192
- C:\Windows\System\GQhkMOA.exe
  C:\Windows\System\GQhkMOA.exe
  2⤵
  PID:5252
- C:\Windows\System\MwbcHKS.exe
  C:\Windows\System\MwbcHKS.exe
  2⤵
  PID:4008
- C:\Windows\System\OZaAdDz.exe
  C:\Windows\System\OZaAdDz.exe
  2⤵
  PID:2516
- C:\Windows\System\CdSVDxv.exe
  C:\Windows\System\CdSVDxv.exe
  2⤵
  PID:5176
- C:\Windows\System\aQKTdah.exe
  C:\Windows\System\aQKTdah.exe
  2⤵
  PID:5240
- C:\Windows\System\JRcFLOL.exe
  C:\Windows\System\JRcFLOL.exe
  2⤵
  PID:5320
- C:\Windows\System\LTWFMlm.exe
  C:\Windows\System\LTWFMlm.exe
  2⤵
  PID:5348
- C:\Windows\System\urXkThj.exe
  C:\Windows\System\urXkThj.exe
  2⤵
  PID:5368
- C:\Windows\System\UmSzrll.exe
  C:\Windows\System\UmSzrll.exe
  2⤵
  PID:5412
- C:\Windows\System\BukbIVm.exe
  C:\Windows\System\BukbIVm.exe
  2⤵
  PID:5428
- C:\Windows\System\eLQDcMa.exe
  C:\Windows\System\eLQDcMa.exe
  2⤵
  PID:5476
- C:\Windows\System\lgBtyqC.exe
  C:\Windows\System\lgBtyqC.exe
  2⤵
  PID:5508
- C:\Windows\System\aWjdRcp.exe
  C:\Windows\System\aWjdRcp.exe
  2⤵
  PID:5528
- C:\Windows\System\CEJTfus.exe
  C:\Windows\System\CEJTfus.exe
  2⤵
  PID:5572
- C:\Windows\System\XyUnTdx.exe
  C:\Windows\System\XyUnTdx.exe
  2⤵
  PID:5576
- C:\Windows\System\hIMvslo.exe
  C:\Windows\System\hIMvslo.exe
  2⤵
  PID:5592
- C:\Windows\System\BZShYqa.exe
  C:\Windows\System\BZShYqa.exe
  2⤵
  PID:5640
- C:\Windows\System\HOtCOEv.exe
  C:\Windows\System\HOtCOEv.exe
  2⤵
  PID:5672
- C:\Windows\System\ysLacoh.exe
  C:\Windows\System\ysLacoh.exe
  2⤵
  PID:5704
- C:\Windows\System\Zvtqbld.exe
  C:\Windows\System\Zvtqbld.exe
  2⤵
  PID:5736
- C:\Windows\System\abtJhpi.exe
  C:\Windows\System\abtJhpi.exe
  2⤵
  PID:5796
- C:\Windows\System\FSBEOKm.exe
  C:\Windows\System\FSBEOKm.exe
  2⤵
  PID:5800
- C:\Windows\System\PmSMxjm.exe
  C:\Windows\System\PmSMxjm.exe
  2⤵
  PID:5832
- C:\Windows\System\cbTCigP.exe
  C:\Windows\System\cbTCigP.exe
  2⤵
  PID:5864
- C:\Windows\System\bsbYcAM.exe
  C:\Windows\System\bsbYcAM.exe
  2⤵
  PID:5896
- C:\Windows\System\IkvzMmM.exe
  C:\Windows\System\IkvzMmM.exe
  2⤵
  PID:484
- C:\Windows\System\zCqWHld.exe
  C:\Windows\System\zCqWHld.exe
  2⤵
  PID:5944
- C:\Windows\System\KczrEMo.exe
  C:\Windows\System\KczrEMo.exe
  2⤵
  PID:5976
- C:\Windows\System\gVYbzvK.exe
  C:\Windows\System\gVYbzvK.exe
  2⤵
  PID:6008
- C:\Windows\System\TSjVECm.exe
  C:\Windows\System\TSjVECm.exe
  2⤵
  PID:6040
- C:\Windows\System\bCSBZPn.exe
  C:\Windows\System\bCSBZPn.exe
  2⤵
  PID:6056
- C:\Windows\System\QKaQvsy.exe
  C:\Windows\System\QKaQvsy.exe
  2⤵
  PID:6100
- C:\Windows\System\VQYKxtc.exe
  C:\Windows\System\VQYKxtc.exe
  2⤵
  PID:6132
- C:\Windows\System\IFGNKUG.exe
  C:\Windows\System\IFGNKUG.exe
  2⤵
  PID:2920
- C:\Windows\System\VEhcGSu.exe
  C:\Windows\System\VEhcGSu.exe
  2⤵
  PID:2812
- C:\Windows\System\xmlLTdG.exe
  C:\Windows\System\xmlLTdG.exe
  2⤵
  PID:2316
- C:\Windows\System\YfPOmkM.exe
  C:\Windows\System\YfPOmkM.exe
  2⤵
  PID:1356
- C:\Windows\System\aKCEJKz.exe
  C:\Windows\System\aKCEJKz.exe
  2⤵
  PID:5288
- C:\Windows\System\rrEFJvq.exe
  C:\Windows\System\rrEFJvq.exe
  2⤵
  PID:5172
- C:\Windows\System\WJIcpFq.exe
  C:\Windows\System\WJIcpFq.exe
  2⤵
  PID:5316
- C:\Windows\System\mUypTDK.exe
  C:\Windows\System\mUypTDK.exe
  2⤵
  PID:5364
- C:\Windows\System\TloCdpw.exe
  C:\Windows\System\TloCdpw.exe
  2⤵
  PID:5416
- C:\Windows\System\JKEGeeP.exe
  C:\Windows\System\JKEGeeP.exe
  2⤵
  PID:5496
- C:\Windows\System\uCAXEZz.exe
  C:\Windows\System\uCAXEZz.exe
  2⤵
  PID:5544
- C:\Windows\System\AYcDovI.exe
  C:\Windows\System\AYcDovI.exe
  2⤵
  PID:5636
- C:\Windows\System\UFGXLke.exe
  C:\Windows\System\UFGXLke.exe
  2⤵
  PID:5668
- C:\Windows\System\ULWHxcB.exe
  C:\Windows\System\ULWHxcB.exe
  2⤵
  PID:5732
- C:\Windows\System\eTZjpPj.exe
  C:\Windows\System\eTZjpPj.exe
  2⤵
  PID:5828
- C:\Windows\System\MSxiEmc.exe
  C:\Windows\System\MSxiEmc.exe
  2⤵
  PID:5892
- C:\Windows\System\grXdESo.exe
  C:\Windows\System\grXdESo.exe
  2⤵
  PID:5912
- C:\Windows\System\YMhCDUH.exe
  C:\Windows\System\YMhCDUH.exe
  2⤵
  PID:6004
- C:\Windows\System\hpNigBb.exe
  C:\Windows\System\hpNigBb.exe
  2⤵
  PID:6036
- C:\Windows\System\UZqRyNI.exe
  C:\Windows\System\UZqRyNI.exe
  2⤵
  PID:6104
- C:\Windows\System\nYYTMXh.exe
  C:\Windows\System\nYYTMXh.exe
  2⤵
  PID:4968
- C:\Windows\System\kOdUzUB.exe
  C:\Windows\System\kOdUzUB.exe
  2⤵
  PID:5224
- C:\Windows\System\DeVqjMm.exe
  C:\Windows\System\DeVqjMm.exe
  2⤵
  PID:5208
- C:\Windows\System\pbCLcdn.exe
  C:\Windows\System\pbCLcdn.exe
  2⤵
  PID:5336
- C:\Windows\System\jhViPAC.exe
  C:\Windows\System\jhViPAC.exe
  2⤵
  PID:1964
- C:\Windows\System\EsFXvxH.exe
  C:\Windows\System\EsFXvxH.exe
  2⤵
  PID:5560
- C:\Windows\System\nTNbFku.exe
  C:\Windows\System\nTNbFku.exe
  2⤵
  PID:5688
- C:\Windows\System\kOYntki.exe
  C:\Windows\System\kOYntki.exe
  2⤵
  PID:5816
- C:\Windows\System\qgDxhkx.exe
  C:\Windows\System\qgDxhkx.exe
  2⤵
  PID:5848
- C:\Windows\System\PyrqCUA.exe
  C:\Windows\System\PyrqCUA.exe
  2⤵
  PID:6020
- C:\Windows\System\SdNWpmB.exe
  C:\Windows\System\SdNWpmB.exe
  2⤵
  PID:1764
- C:\Windows\System\cUHyewg.exe
  C:\Windows\System\cUHyewg.exe
  2⤵
  PID:1032
- C:\Windows\System\rahFpwa.exe
  C:\Windows\System\rahFpwa.exe
  2⤵
  PID:5272
- C:\Windows\System\MoJHadJ.exe
  C:\Windows\System\MoJHadJ.exe
  2⤵
  PID:5524
- C:\Windows\System\gTCyuyw.exe
  C:\Windows\System\gTCyuyw.exe
  2⤵
  PID:6148
- C:\Windows\System\qcaQjHu.exe
  C:\Windows\System\qcaQjHu.exe
  2⤵
  PID:6164
- C:\Windows\System\ygaWmOU.exe
  C:\Windows\System\ygaWmOU.exe
  2⤵
  PID:6180
- C:\Windows\System\BprdEir.exe
  C:\Windows\System\BprdEir.exe
  2⤵
  PID:6196
- C:\Windows\System\pSkBrCy.exe
  C:\Windows\System\pSkBrCy.exe
  2⤵
  PID:6212
- C:\Windows\System\WQpCFMH.exe
  C:\Windows\System\WQpCFMH.exe
  2⤵
  PID:6228
- C:\Windows\System\bgXbFuA.exe
  C:\Windows\System\bgXbFuA.exe
  2⤵
  PID:6244
- C:\Windows\System\iJlcjWR.exe
  C:\Windows\System\iJlcjWR.exe
  2⤵
  PID:6260
- C:\Windows\System\DTviiTY.exe
  C:\Windows\System\DTviiTY.exe
  2⤵
  PID:6276
- C:\Windows\System\jFxOxHG.exe
  C:\Windows\System\jFxOxHG.exe
  2⤵
  PID:6292
- C:\Windows\System\HqMBhdC.exe
  C:\Windows\System\HqMBhdC.exe
  2⤵
  PID:6308
- C:\Windows\System\ehEjQiu.exe
  C:\Windows\System\ehEjQiu.exe
  2⤵
  PID:6324
- C:\Windows\System\hmXVNRa.exe
  C:\Windows\System\hmXVNRa.exe
  2⤵
  PID:6340
- C:\Windows\System\JegqvDz.exe
  C:\Windows\System\JegqvDz.exe
  2⤵
  PID:6356
- C:\Windows\System\EDmhIkC.exe
  C:\Windows\System\EDmhIkC.exe
  2⤵
  PID:6372
- C:\Windows\System\efvksKJ.exe
  C:\Windows\System\efvksKJ.exe
  2⤵
  PID:6388
- C:\Windows\System\ntIqPlK.exe
  C:\Windows\System\ntIqPlK.exe
  2⤵
  PID:6404
- C:\Windows\System\KbUzYIX.exe
  C:\Windows\System\KbUzYIX.exe
  2⤵
  PID:6420
- C:\Windows\System\pBTLPNM.exe
  C:\Windows\System\pBTLPNM.exe
  2⤵
  PID:6436
- C:\Windows\System\hVMfibz.exe
  C:\Windows\System\hVMfibz.exe
  2⤵
  PID:6452
- C:\Windows\System\gWsdHzf.exe
  C:\Windows\System\gWsdHzf.exe
  2⤵
  PID:6472
- C:\Windows\System\iAbzwEd.exe
  C:\Windows\System\iAbzwEd.exe
  2⤵
  PID:6488
- C:\Windows\System\TMvQPJs.exe
  C:\Windows\System\TMvQPJs.exe
  2⤵
  PID:6504
- C:\Windows\System\lZzVvOJ.exe
  C:\Windows\System\lZzVvOJ.exe
  2⤵
  PID:6520
- C:\Windows\System\xEFXZNC.exe
  C:\Windows\System\xEFXZNC.exe
  2⤵
  PID:6536
- C:\Windows\System\nzOSpAM.exe
  C:\Windows\System\nzOSpAM.exe
  2⤵
  PID:6552
- C:\Windows\System\ckKAemn.exe
  C:\Windows\System\ckKAemn.exe
  2⤵
  PID:6568
- C:\Windows\System\mJpIGzU.exe
  C:\Windows\System\mJpIGzU.exe
  2⤵
  PID:6584
- C:\Windows\System\LJuQLkm.exe
  C:\Windows\System\LJuQLkm.exe
  2⤵
  PID:6600
- C:\Windows\System\zQgIEVD.exe
  C:\Windows\System\zQgIEVD.exe
  2⤵
  PID:6616
- C:\Windows\System\KbfoVkF.exe
  C:\Windows\System\KbfoVkF.exe
  2⤵
  PID:6632
- C:\Windows\System\WFhnCtO.exe
  C:\Windows\System\WFhnCtO.exe
  2⤵
  PID:6648
- C:\Windows\System\RzpDlOJ.exe
  C:\Windows\System\RzpDlOJ.exe
  2⤵
  PID:6664
- C:\Windows\System\bbIHsWT.exe
  C:\Windows\System\bbIHsWT.exe
  2⤵
  PID:6680
- C:\Windows\System\JbnHuew.exe
  C:\Windows\System\JbnHuew.exe
  2⤵
  PID:6696
- C:\Windows\System\VZftlhy.exe
  C:\Windows\System\VZftlhy.exe
  2⤵
  PID:6712
- C:\Windows\System\CKcPGNy.exe
  C:\Windows\System\CKcPGNy.exe
  2⤵
  PID:6728
- C:\Windows\System\uBJrDCG.exe
  C:\Windows\System\uBJrDCG.exe
  2⤵
  PID:6744
- C:\Windows\System\dZLWpqc.exe
  C:\Windows\System\dZLWpqc.exe
  2⤵
  PID:6760
- C:\Windows\System\KyYpjXx.exe
  C:\Windows\System\KyYpjXx.exe
  2⤵
  PID:6776
- C:\Windows\System\YFIlkEQ.exe
  C:\Windows\System\YFIlkEQ.exe
  2⤵
  PID:6792
- C:\Windows\System\TIclCsx.exe
  C:\Windows\System\TIclCsx.exe
  2⤵
  PID:6808
- C:\Windows\System\nzjwBwW.exe
  C:\Windows\System\nzjwBwW.exe
  2⤵
  PID:6824
- C:\Windows\System\UAKjQJQ.exe
  C:\Windows\System\UAKjQJQ.exe
  2⤵
  PID:6840
- C:\Windows\System\SRNtPMH.exe
  C:\Windows\System\SRNtPMH.exe
  2⤵
  PID:6856
- C:\Windows\System\vEBnkVn.exe
  C:\Windows\System\vEBnkVn.exe
  2⤵
  PID:6872
- C:\Windows\System\tJqhqLa.exe
  C:\Windows\System\tJqhqLa.exe
  2⤵
  PID:6888
- C:\Windows\System\zSTcuKR.exe
  C:\Windows\System\zSTcuKR.exe
  2⤵
  PID:6904
- C:\Windows\System\lSsRrVa.exe
  C:\Windows\System\lSsRrVa.exe
  2⤵
  PID:6920
- C:\Windows\System\joWTsVv.exe
  C:\Windows\System\joWTsVv.exe
  2⤵
  PID:6948
- C:\Windows\System\DoBEKVn.exe
  C:\Windows\System\DoBEKVn.exe
  2⤵
  PID:6964
- C:\Windows\System\DdVgFZW.exe
  C:\Windows\System\DdVgFZW.exe
  2⤵
  PID:6980
- C:\Windows\System\sbaLvSv.exe
  C:\Windows\System\sbaLvSv.exe
  2⤵
  PID:6996
- C:\Windows\System\HCilWtd.exe
  C:\Windows\System\HCilWtd.exe
  2⤵
  PID:7012
- C:\Windows\System\IDZaxlv.exe
  C:\Windows\System\IDZaxlv.exe
  2⤵
  PID:7028
- C:\Windows\System\eQdzBAr.exe
  C:\Windows\System\eQdzBAr.exe
  2⤵
  PID:7044
- C:\Windows\System\FAdRrjX.exe
  C:\Windows\System\FAdRrjX.exe
  2⤵
  PID:7068
- C:\Windows\System\UCFvtAh.exe
  C:\Windows\System\UCFvtAh.exe
  2⤵
  PID:7084
- C:\Windows\System\yxUbkQh.exe
  C:\Windows\System\yxUbkQh.exe
  2⤵
  PID:7100
- C:\Windows\System\cQqwqMe.exe
  C:\Windows\System\cQqwqMe.exe
  2⤵
  PID:7116
- C:\Windows\System\XkiPRWc.exe
  C:\Windows\System\XkiPRWc.exe
  2⤵
  PID:6176
- C:\Windows\System\ihtVmJu.exe
  C:\Windows\System\ihtVmJu.exe
  2⤵
  PID:6252
- C:\Windows\System\hEAxNKw.exe
  C:\Windows\System\hEAxNKw.exe
  2⤵
  PID:2728
- C:\Windows\System\vZbKmZX.exe
  C:\Windows\System\vZbKmZX.exe
  2⤵
  PID:6316
- C:\Windows\System\aWuJQzV.exe
  C:\Windows\System\aWuJQzV.exe
  2⤵
  PID:6332
- C:\Windows\System\vgwWBGA.exe
  C:\Windows\System\vgwWBGA.exe
  2⤵
  PID:6384
- C:\Windows\System\uuVfEUd.exe
  C:\Windows\System\uuVfEUd.exe
  2⤵
  PID:1064
- C:\Windows\System\vbNSdNm.exe
  C:\Windows\System\vbNSdNm.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1860
- C:\Windows\System\mdseXcu.exe
  C:\Windows\System\mdseXcu.exe
  2⤵
  PID:6448
- C:\Windows\System\frJXLLt.exe
  C:\Windows\System\frJXLLt.exe
  2⤵
  PID:6484
- C:\Windows\System\rCSGMnC.exe
  C:\Windows\System\rCSGMnC.exe
  2⤵
  PID:6516
- C:\Windows\System\AjldtOM.exe
  C:\Windows\System\AjldtOM.exe
  2⤵
  PID:6548
- C:\Windows\System\JkEBXsc.exe
  C:\Windows\System\JkEBXsc.exe
  2⤵
  PID:6580
- C:\Windows\System\HXgupTQ.exe
  C:\Windows\System\HXgupTQ.exe
  2⤵
  PID:6612
- C:\Windows\System\JrfKKVw.exe
  C:\Windows\System\JrfKKVw.exe
  2⤵
  PID:6644
- C:\Windows\System\chkqWHi.exe
  C:\Windows\System\chkqWHi.exe
  2⤵
  PID:6676
- C:\Windows\System\PYsHiWd.exe
  C:\Windows\System\PYsHiWd.exe
  2⤵
  PID:6720
- C:\Windows\System\QAjFwIN.exe
  C:\Windows\System\QAjFwIN.exe
  2⤵
  PID:6752
- C:\Windows\System\VZfijDj.exe
  C:\Windows\System\VZfijDj.exe
  2⤵
  PID:6784
- C:\Windows\System\QFyayVK.exe
  C:\Windows\System\QFyayVK.exe
  2⤵
  PID:6788
- C:\Windows\System\slALktC.exe
  C:\Windows\System\slALktC.exe
  2⤵
  PID:6864
- C:\Windows\System\MZhJfsN.exe
  C:\Windows\System\MZhJfsN.exe
  2⤵
  PID:1068
- C:\Windows\System\xLTWvZi.exe
  C:\Windows\System\xLTWvZi.exe
  2⤵
  PID:1876
- C:\Windows\System\ktSUVaL.exe
  C:\Windows\System\ktSUVaL.exe
  2⤵
  PID:1660
- C:\Windows\System\iohsJIk.exe
  C:\Windows\System\iohsJIk.exe
  2⤵
  PID:1976
- C:\Windows\System\KWbBVon.exe
  C:\Windows\System\KWbBVon.exe
  2⤵
  PID:6972
- C:\Windows\System\BwzoYCn.exe
  C:\Windows\System\BwzoYCn.exe
  2⤵
  PID:6960
- C:\Windows\System\wTDTAod.exe
  C:\Windows\System\wTDTAod.exe
  2⤵
  PID:7024
- C:\Windows\System\HSzycyq.exe
  C:\Windows\System\HSzycyq.exe
  2⤵
  PID:2432
- C:\Windows\System\rNagLbb.exe
  C:\Windows\System\rNagLbb.exe
  2⤵
  PID:7132
- C:\Windows\System\rscHJTG.exe
  C:\Windows\System\rscHJTG.exe
  2⤵
  PID:7148
- C:\Windows\System\MKdBZan.exe
  C:\Windows\System\MKdBZan.exe
  2⤵
  PID:7164
- C:\Windows\System\HIxJLwg.exe
  C:\Windows\System\HIxJLwg.exe
  2⤵
  PID:6464
- C:\Windows\System\FSRQwYA.exe
  C:\Windows\System\FSRQwYA.exe
  2⤵
  PID:6120
- C:\Windows\System\YaAwNLj.exe
  C:\Windows\System\YaAwNLj.exe
  2⤵
  PID:5284
- C:\Windows\System\oGLGyJD.exe
  C:\Windows\System\oGLGyJD.exe
  2⤵
  PID:5624
- C:\Windows\System\JZWBlCn.exe
  C:\Windows\System\JZWBlCn.exe
  2⤵
  PID:7128
- C:\Windows\System\bzbcyVr.exe
  C:\Windows\System\bzbcyVr.exe
  2⤵
  PID:2252
- C:\Windows\System\xneriCx.exe
  C:\Windows\System\xneriCx.exe
  2⤵
  PID:7080
- C:\Windows\System\mQwgkyx.exe
  C:\Windows\System\mQwgkyx.exe
  2⤵
  PID:6268
- C:\Windows\System\HerSgVm.exe
  C:\Windows\System\HerSgVm.exe
  2⤵
  PID:6272
- C:\Windows\System\RDlbNAg.exe
  C:\Windows\System\RDlbNAg.exe
  2⤵
  PID:2452
- C:\Windows\System\gCjXfqy.exe
  C:\Windows\System\gCjXfqy.exe
  2⤵
  PID:6412
- C:\Windows\System\YeDMLdN.exe
  C:\Windows\System\YeDMLdN.exe
  2⤵
  PID:6512
- C:\Windows\System\VWwteDH.exe
  C:\Windows\System\VWwteDH.exe
  2⤵
  PID:6544
- C:\Windows\System\bMzEsrT.exe
  C:\Windows\System\bMzEsrT.exe
  2⤵
  PID:6564
- C:\Windows\System\MQDGSZP.exe
  C:\Windows\System\MQDGSZP.exe
  2⤵
  PID:6692
- C:\Windows\System\IzbAyhF.exe
  C:\Windows\System\IzbAyhF.exe
  2⤵
  PID:6820
- C:\Windows\System\rXzDMSZ.exe
  C:\Windows\System\rXzDMSZ.exe
  2⤵
  PID:6660
- C:\Windows\System\WyyjOIp.exe
  C:\Windows\System\WyyjOIp.exe
  2⤵
  PID:6800
- C:\Windows\System\WjJDCoG.exe
  C:\Windows\System\WjJDCoG.exe
  2⤵
  PID:6880
- C:\Windows\System\vkPipBc.exe
  C:\Windows\System\vkPipBc.exe
  2⤵
  PID:1700
- C:\Windows\System\EpIpnoL.exe
  C:\Windows\System\EpIpnoL.exe
  2⤵
  PID:1836
- C:\Windows\System\nCBafZg.exe
  C:\Windows\System\nCBafZg.exe
  2⤵
  PID:6936
- C:\Windows\System\UshOkbu.exe
  C:\Windows\System\UshOkbu.exe
  2⤵
  PID:6956
- C:\Windows\System\dJSaZGt.exe
  C:\Windows\System\dJSaZGt.exe
  2⤵
  PID:7020
- C:\Windows\System\ziKUORA.exe
  C:\Windows\System\ziKUORA.exe
  2⤵
  PID:7136
- C:\Windows\System\IqvGbsV.exe
  C:\Windows\System\IqvGbsV.exe
  2⤵
  PID:5304
- C:\Windows\System\IbitNqE.exe
  C:\Windows\System\IbitNqE.exe
  2⤵
  PID:7160
- C:\Windows\System\ecphkko.exe
  C:\Windows\System\ecphkko.exe
  2⤵
  PID:6156
- C:\Windows\System\DiFUvBL.exe
  C:\Windows\System\DiFUvBL.exe
  2⤵
  PID:6236
- C:\Windows\System\JNRsABb.exe
  C:\Windows\System\JNRsABb.exe
  2⤵
  PID:6300
- C:\Windows\System\YgHmKGa.exe
  C:\Windows\System\YgHmKGa.exe
  2⤵
  PID:6688
- C:\Windows\System\ofWUrvj.exe
  C:\Windows\System\ofWUrvj.exe
  2⤵
  PID:6596
- C:\Windows\System\zqawJHT.exe
  C:\Windows\System\zqawJHT.exe
  2⤵
  PID:6336
- C:\Windows\System\IjRKDpf.exe
  C:\Windows\System\IjRKDpf.exe
  2⤵
  PID:6868
- C:\Windows\System\aQIXCqh.exe
  C:\Windows\System\aQIXCqh.exe
  2⤵
  PID:6468
- C:\Windows\System\MBjqJdD.exe
  C:\Windows\System\MBjqJdD.exe
  2⤵
  PID:2148
- C:\Windows\System\HrHKjDY.exe
  C:\Windows\System\HrHKjDY.exe
  2⤵
  PID:7124
- C:\Windows\System\mjNjqOe.exe
  C:\Windows\System\mjNjqOe.exe
  2⤵
  PID:7112
- C:\Windows\System\nsQxGzP.exe
  C:\Windows\System\nsQxGzP.exe
  2⤵
  PID:6628
- C:\Windows\System\MHAWoXg.exe
  C:\Windows\System\MHAWoXg.exe
  2⤵
  PID:1844
- C:\Windows\System\taKLGki.exe
  C:\Windows\System\taKLGki.exe
  2⤵
  PID:6672
- C:\Windows\System\IMtGYNQ.exe
  C:\Windows\System\IMtGYNQ.exe
  2⤵
  PID:1652
- C:\Windows\System\kyyHcqt.exe
  C:\Windows\System\kyyHcqt.exe
  2⤵
  PID:6220
- C:\Windows\System\LxvSgXo.exe
  C:\Windows\System\LxvSgXo.exe
  2⤵
  PID:6896
- C:\Windows\System\CVDLOYS.exe
  C:\Windows\System\CVDLOYS.exe
  2⤵
  PID:6380
- C:\Windows\System\HEiHwgK.exe
  C:\Windows\System\HEiHwgK.exe
  2⤵
  PID:1980
- C:\Windows\System\BQkEnGn.exe
  C:\Windows\System\BQkEnGn.exe
  2⤵
  PID:7184
- C:\Windows\System\qPBimOt.exe
  C:\Windows\System\qPBimOt.exe
  2⤵
  PID:7200
- C:\Windows\System\LBjJXYx.exe
  C:\Windows\System\LBjJXYx.exe
  2⤵
  PID:7216
- C:\Windows\System\CDfGCwr.exe
  C:\Windows\System\CDfGCwr.exe
  2⤵
  PID:7232
- C:\Windows\System\ZwdBgJT.exe
  C:\Windows\System\ZwdBgJT.exe
  2⤵
  PID:7248
- C:\Windows\System\UigAtFs.exe
  C:\Windows\System\UigAtFs.exe
  2⤵
  PID:7264
- C:\Windows\System\ROwjwcF.exe
  C:\Windows\System\ROwjwcF.exe
  2⤵
  PID:7280
- C:\Windows\System\nzKwJJj.exe
  C:\Windows\System\nzKwJJj.exe
  2⤵
  PID:7300
- C:\Windows\System\QQOaPia.exe
  C:\Windows\System\QQOaPia.exe
  2⤵
  PID:7316
- C:\Windows\System\eqNbFsq.exe
  C:\Windows\System\eqNbFsq.exe
  2⤵
  PID:7332
- C:\Windows\System\eJcrqea.exe
  C:\Windows\System\eJcrqea.exe
  2⤵
  PID:7348
- C:\Windows\System\VJBkkbN.exe
  C:\Windows\System\VJBkkbN.exe
  2⤵
  PID:7364
- C:\Windows\System\MCglzmh.exe
  C:\Windows\System\MCglzmh.exe
  2⤵
  PID:7380
- C:\Windows\System\JQmbgjK.exe
  C:\Windows\System\JQmbgjK.exe
  2⤵
  PID:7396
- C:\Windows\System\dhZzgyF.exe
  C:\Windows\System\dhZzgyF.exe
  2⤵
  PID:7412
- C:\Windows\System\CCZDkuS.exe
  C:\Windows\System\CCZDkuS.exe
  2⤵
  PID:7428
- C:\Windows\System\QToaXyZ.exe
  C:\Windows\System\QToaXyZ.exe
  2⤵
  PID:7448
- C:\Windows\System\WQVwdhO.exe
  C:\Windows\System\WQVwdhO.exe
  2⤵
  PID:7464
- C:\Windows\System\CeamjSS.exe
  C:\Windows\System\CeamjSS.exe
  2⤵
  PID:7480
- C:\Windows\System\vIDHyRp.exe
  C:\Windows\System\vIDHyRp.exe
  2⤵
  PID:7496
- C:\Windows\System\xmCnsRE.exe
  C:\Windows\System\xmCnsRE.exe
  2⤵
  PID:7512
- C:\Windows\System\oORVlCF.exe
  C:\Windows\System\oORVlCF.exe
  2⤵
  PID:7528
- C:\Windows\System\QYvNTpz.exe
  C:\Windows\System\QYvNTpz.exe
  2⤵
  PID:7544
- C:\Windows\System\ghROPig.exe
  C:\Windows\System\ghROPig.exe
  2⤵
  PID:7560
- C:\Windows\System\juDqFLU.exe
  C:\Windows\System\juDqFLU.exe
  2⤵
  PID:7576
- C:\Windows\System\MstYLWS.exe
  C:\Windows\System\MstYLWS.exe
  2⤵
  PID:7592
- C:\Windows\System\SVZxlDW.exe
  C:\Windows\System\SVZxlDW.exe
  2⤵
  PID:7608
- C:\Windows\System\kyRtQKB.exe
  C:\Windows\System\kyRtQKB.exe
  2⤵
  PID:7624
- C:\Windows\System\mknLOVH.exe
  C:\Windows\System\mknLOVH.exe
  2⤵
  PID:7640
- C:\Windows\System\BEoDbMx.exe
  C:\Windows\System\BEoDbMx.exe
  2⤵
  PID:7656
- C:\Windows\System\mERvCwR.exe
  C:\Windows\System\mERvCwR.exe
  2⤵
  PID:7672
- C:\Windows\System\MOJbhed.exe
  C:\Windows\System\MOJbhed.exe
  2⤵
  PID:7688
- C:\Windows\System\nERQvaw.exe
  C:\Windows\System\nERQvaw.exe
  2⤵
  PID:7708
- C:\Windows\System\cTEkkgl.exe
  C:\Windows\System\cTEkkgl.exe
  2⤵
  PID:7724
- C:\Windows\System\RXsxYMz.exe
  C:\Windows\System\RXsxYMz.exe
  2⤵
  PID:7740
- C:\Windows\System\lGsZlJK.exe
  C:\Windows\System\lGsZlJK.exe
  2⤵
  PID:7756
- C:\Windows\System\XrhMMIF.exe
  C:\Windows\System\XrhMMIF.exe
  2⤵
  PID:7772
- C:\Windows\System\BReoXWw.exe
  C:\Windows\System\BReoXWw.exe
  2⤵
  PID:7788
- C:\Windows\System\bwtctDv.exe
  C:\Windows\System\bwtctDv.exe
  2⤵
  PID:7804
- C:\Windows\System\dwPwJrk.exe
  C:\Windows\System\dwPwJrk.exe
  2⤵
  PID:7820
- C:\Windows\System\sLfLGbF.exe
  C:\Windows\System\sLfLGbF.exe
  2⤵
  PID:7836
- C:\Windows\System\bjnuOqn.exe
  C:\Windows\System\bjnuOqn.exe
  2⤵
  PID:7856
- C:\Windows\System\ApYqddm.exe
  C:\Windows\System\ApYqddm.exe
  2⤵
  PID:7872
- C:\Windows\System\cnJQUfM.exe
  C:\Windows\System\cnJQUfM.exe
  2⤵
  PID:7888
- C:\Windows\System\InztWeu.exe
  C:\Windows\System\InztWeu.exe
  2⤵
  PID:7904
- C:\Windows\System\cGvKaWZ.exe
  C:\Windows\System\cGvKaWZ.exe
  2⤵
  PID:7920
- C:\Windows\System\tBemwrF.exe
  C:\Windows\System\tBemwrF.exe
  2⤵
  PID:7936
- C:\Windows\System\EUrNknr.exe
  C:\Windows\System\EUrNknr.exe
  2⤵
  PID:7952
- C:\Windows\System\PPBJYFX.exe
  C:\Windows\System\PPBJYFX.exe
  2⤵
  PID:7968
- C:\Windows\System\EUuKnlr.exe
  C:\Windows\System\EUuKnlr.exe
  2⤵
  PID:7984
- C:\Windows\System\IXsJBhX.exe
  C:\Windows\System\IXsJBhX.exe
  2⤵
  PID:8000
- C:\Windows\System\iKNGWQK.exe
  C:\Windows\System\iKNGWQK.exe
  2⤵
  PID:8016
- C:\Windows\System\EZYOZSN.exe
  C:\Windows\System\EZYOZSN.exe
  2⤵
  PID:8032
- C:\Windows\System\TZptJnb.exe
  C:\Windows\System\TZptJnb.exe
  2⤵
  PID:8048
- C:\Windows\System\IMlCPah.exe
  C:\Windows\System\IMlCPah.exe
  2⤵
  PID:8068
- C:\Windows\System\SpkpfuB.exe
  C:\Windows\System\SpkpfuB.exe
  2⤵
  PID:8084
- C:\Windows\System\ewwjMDa.exe
  C:\Windows\System\ewwjMDa.exe
  2⤵
  PID:8100
- C:\Windows\System\ljvrxlB.exe
  C:\Windows\System\ljvrxlB.exe
  2⤵
  PID:8116
- C:\Windows\System\lmEVAsX.exe
  C:\Windows\System\lmEVAsX.exe
  2⤵
  PID:8132
- C:\Windows\System\FZmXqCH.exe
  C:\Windows\System\FZmXqCH.exe
  2⤵
  PID:8148
- C:\Windows\System\kqKtyJI.exe
  C:\Windows\System\kqKtyJI.exe
  2⤵
  PID:8168
- C:\Windows\System\oBwfKIw.exe
  C:\Windows\System\oBwfKIw.exe
  2⤵
  PID:8184
- C:\Windows\System\OPayivb.exe
  C:\Windows\System\OPayivb.exe
  2⤵
  PID:7180
- C:\Windows\System\SgfoLuF.exe
  C:\Windows\System\SgfoLuF.exe
  2⤵
  PID:7272
- C:\Windows\System\bPDuIli.exe
  C:\Windows\System\bPDuIli.exe
  2⤵
  PID:5860
- C:\Windows\System\YxLRMhC.exe
  C:\Windows\System\YxLRMhC.exe
  2⤵
  PID:6204
- C:\Windows\System\BxBLfLW.exe
  C:\Windows\System\BxBLfLW.exe
  2⤵
  PID:7260
- C:\Windows\System\xIPVWfH.exe
  C:\Windows\System\xIPVWfH.exe
  2⤵
  PID:7156
- C:\Windows\System\ioTXKvB.exe
  C:\Windows\System\ioTXKvB.exe
  2⤵
  PID:7224
- C:\Windows\System\VfxDjSO.exe
  C:\Windows\System\VfxDjSO.exe
  2⤵
  PID:7308
- C:\Windows\System\CAFhdJy.exe
  C:\Windows\System\CAFhdJy.exe
  2⤵
  PID:7404
- C:\Windows\System\wsJennm.exe
  C:\Windows\System\wsJennm.exe
  2⤵
  PID:7444
- C:\Windows\System\EQEyKVN.exe
  C:\Windows\System\EQEyKVN.exe
  2⤵
  PID:7504
- C:\Windows\System\ggIEPOo.exe
  C:\Windows\System\ggIEPOo.exe
  2⤵
  PID:7568
- C:\Windows\System\sWeLicY.exe
  C:\Windows\System\sWeLicY.exe
  2⤵
  PID:7456
- C:\Windows\System\TVfKcAZ.exe
  C:\Windows\System\TVfKcAZ.exe
  2⤵
  PID:7600
- C:\Windows\System\iJqMDKt.exe
  C:\Windows\System\iJqMDKt.exe
  2⤵
  PID:7552
- C:\Windows\System\jwYCEfz.exe
  C:\Windows\System\jwYCEfz.exe
  2⤵
  PID:7696
- C:\Windows\System\HscWypH.exe
  C:\Windows\System\HscWypH.exe
  2⤵
  PID:7392
- C:\Windows\System\JqrmlLq.exe
  C:\Windows\System\JqrmlLq.exe
  2⤵
  PID:7424
- C:\Windows\System\eFcIkNk.exe
  C:\Windows\System\eFcIkNk.exe
  2⤵
  PID:7680
- C:\Windows\System\QbiNfCP.exe
  C:\Windows\System\QbiNfCP.exe
  2⤵
  PID:7732
- C:\Windows\System\aDSXuQA.exe
  C:\Windows\System\aDSXuQA.exe
  2⤵
  PID:7768
- C:\Windows\System\YcNcmGD.exe
  C:\Windows\System\YcNcmGD.exe
  2⤵
  PID:1884
- C:\Windows\System\mHhMjyb.exe
  C:\Windows\System\mHhMjyb.exe
  2⤵
  PID:7832
- C:\Windows\System\dmRJMVv.exe
  C:\Windows\System\dmRJMVv.exe
  2⤵
  PID:7748
- C:\Windows\System\nMJoqwq.exe
  C:\Windows\System\nMJoqwq.exe
  2⤵
  PID:7932
- C:\Windows\System\sjWoDXZ.exe
  C:\Windows\System\sjWoDXZ.exe
  2⤵
  PID:8024
- C:\Windows\System\KcDSNuP.exe
  C:\Windows\System\KcDSNuP.exe
  2⤵
  PID:8028
- C:\Windows\System\IFGPhxi.exe
  C:\Windows\System\IFGPhxi.exe
  2⤵
  PID:7784
- C:\Windows\System\PvGxdiQ.exe
  C:\Windows\System\PvGxdiQ.exe
  2⤵
  PID:7816
- C:\Windows\System\amSRtKx.exe
  C:\Windows\System\amSRtKx.exe
  2⤵
  PID:8060
- C:\Windows\System\onYNaHj.exe
  C:\Windows\System\onYNaHj.exe
  2⤵
  PID:8008
- C:\Windows\System\POESfEp.exe
  C:\Windows\System\POESfEp.exe
  2⤵
  PID:8064
- C:\Windows\System\LTmsbtx.exe
  C:\Windows\System\LTmsbtx.exe
  2⤵
  PID:8128
- C:\Windows\System\sURiuvI.exe
  C:\Windows\System\sURiuvI.exe
  2⤵
  PID:7108
- C:\Windows\System\wriqrBe.exe
  C:\Windows\System\wriqrBe.exe
  2⤵
  PID:6224
- C:\Windows\System\UdipBKk.exe
  C:\Windows\System\UdipBKk.exe
  2⤵
  PID:5972
- C:\Windows\System\lrXjEUO.exe
  C:\Windows\System\lrXjEUO.exe
  2⤵
  PID:8112
- C:\Windows\System\XzXmmOZ.exe
  C:\Windows\System\XzXmmOZ.exe
  2⤵
  PID:1760
- C:\Windows\System\SHiirXX.exe
  C:\Windows\System\SHiirXX.exe
  2⤵
  PID:7372
- C:\Windows\System\hhkThYp.exe
  C:\Windows\System\hhkThYp.exe
  2⤵
  PID:8144
- C:\Windows\System\qkSBhwS.exe
  C:\Windows\System\qkSBhwS.exe
  2⤵
  PID:7508
- C:\Windows\System\RgrTyiG.exe
  C:\Windows\System\RgrTyiG.exe
  2⤵
  PID:7632
- C:\Windows\System\xQgZjcF.exe
  C:\Windows\System\xQgZjcF.exe
  2⤵
  PID:7488
- C:\Windows\System\VZVpFBY.exe
  C:\Windows\System\VZVpFBY.exe
  2⤵
  PID:7800
- C:\Windows\System\GbhjDPM.exe
  C:\Windows\System\GbhjDPM.exe
  2⤵
  PID:7928
- C:\Windows\System\xtrBAUx.exe
  C:\Windows\System\xtrBAUx.exe
  2⤵
  PID:6172
- C:\Windows\System\cFtHZdg.exe
  C:\Windows\System\cFtHZdg.exe
  2⤵
  PID:7812
- C:\Windows\System\XcMXvMW.exe
  C:\Windows\System\XcMXvMW.exe
  2⤵
  PID:7664
- C:\Windows\System\WWQKSDr.exe
  C:\Windows\System\WWQKSDr.exe
  2⤵
  PID:7420
- C:\Windows\System\plomOKL.exe
  C:\Windows\System\plomOKL.exe
  2⤵
  PID:7996
- C:\Windows\System\sBhkFCJ.exe
  C:\Windows\System\sBhkFCJ.exe
  2⤵
  PID:8096
- C:\Windows\System\bxPmXeh.exe
  C:\Windows\System\bxPmXeh.exe
  2⤵
  PID:7240
- C:\Windows\System\jAVOwsI.exe
  C:\Windows\System\jAVOwsI.exe
  2⤵
  PID:7960
- C:\Windows\System\HehwuHI.exe
  C:\Windows\System\HehwuHI.exe
  2⤵
  PID:8040
- C:\Windows\System\sOJMaFo.exe
  C:\Windows\System\sOJMaFo.exe
  2⤵
  PID:7196
- C:\Windows\System\zMjdjaH.exe
  C:\Windows\System\zMjdjaH.exe
  2⤵
  PID:8076
- C:\Windows\System\hXPbRMJ.exe
  C:\Windows\System\hXPbRMJ.exe
  2⤵
  PID:8176
- C:\Windows\System\sCmiYQh.exe
  C:\Windows\System\sCmiYQh.exe
  2⤵
  PID:7440
- C:\Windows\System\uEAsZgN.exe
  C:\Windows\System\uEAsZgN.exe
  2⤵
  PID:7976
- C:\Windows\System\hlvLnys.exe
  C:\Windows\System\hlvLnys.exe
  2⤵
  PID:7540
- C:\Windows\System\KCTqrOF.exe
  C:\Windows\System\KCTqrOF.exe
  2⤵
  PID:7752
- C:\Windows\System\BIryKyQ.exe
  C:\Windows\System\BIryKyQ.exe
  2⤵
  PID:6188
- C:\Windows\System\TAXySzx.exe
  C:\Windows\System\TAXySzx.exe
  2⤵
  PID:7276
- C:\Windows\System\LAjUPjl.exe
  C:\Windows\System\LAjUPjl.exe
  2⤵
  PID:8180
- C:\Windows\System\bDawQyX.exe
  C:\Windows\System\bDawQyX.exe
  2⤵
  PID:7256
- C:\Windows\System\CXLFeJM.exe
  C:\Windows\System\CXLFeJM.exe
  2⤵
  PID:7648
- C:\Windows\System\KuJcUQW.exe
  C:\Windows\System\KuJcUQW.exe
  2⤵
  PID:7980
- C:\Windows\System\dhxCrTe.exe
  C:\Windows\System\dhxCrTe.exe
  2⤵
  PID:7340
- C:\Windows\System\oZuBXkf.exe
  C:\Windows\System\oZuBXkf.exe
  2⤵
  PID:8208
- C:\Windows\System\PpcSYiq.exe
  C:\Windows\System\PpcSYiq.exe
  2⤵
  PID:8228
- C:\Windows\System\NJimKru.exe
  C:\Windows\System\NJimKru.exe
  2⤵
  PID:8244
- C:\Windows\System\TmndFMN.exe
  C:\Windows\System\TmndFMN.exe
  2⤵
  PID:8260
- C:\Windows\System\PHjVbmG.exe
  C:\Windows\System\PHjVbmG.exe
  2⤵
  PID:8276
- C:\Windows\System\fUaxAqm.exe
  C:\Windows\System\fUaxAqm.exe
  2⤵
  PID:8292
- C:\Windows\System\arkRpEy.exe
  C:\Windows\System\arkRpEy.exe
  2⤵
  PID:8312
- C:\Windows\System\OzMbjiw.exe
  C:\Windows\System\OzMbjiw.exe
  2⤵
  PID:8328
- C:\Windows\System\PpCufcP.exe
  C:\Windows\System\PpCufcP.exe
  2⤵
  PID:8344
- C:\Windows\System\NWlWrRU.exe
  C:\Windows\System\NWlWrRU.exe
  2⤵
  PID:8360
- C:\Windows\System\DZsShkb.exe
  C:\Windows\System\DZsShkb.exe
  2⤵
  PID:8376
- C:\Windows\System\vbsxUcK.exe
  C:\Windows\System\vbsxUcK.exe
  2⤵
  PID:8392
- C:\Windows\System\UtoDdDk.exe
  C:\Windows\System\UtoDdDk.exe
  2⤵
  PID:8408
- C:\Windows\System\zJTdWcD.exe
  C:\Windows\System\zJTdWcD.exe
  2⤵
  PID:8424
- C:\Windows\System\FbtweCZ.exe
  C:\Windows\System\FbtweCZ.exe
  2⤵
  PID:8440
- C:\Windows\System\RXTljLO.exe
  C:\Windows\System\RXTljLO.exe
  2⤵
  PID:8456
- C:\Windows\System\TnEktYr.exe
  C:\Windows\System\TnEktYr.exe
  2⤵
  PID:8472
- C:\Windows\System\xRUebKx.exe
  C:\Windows\System\xRUebKx.exe
  2⤵
  PID:8488
- C:\Windows\System\ruQrNeM.exe
  C:\Windows\System\ruQrNeM.exe
  2⤵
  PID:8504
- C:\Windows\System\coTsPcy.exe
  C:\Windows\System\coTsPcy.exe
  2⤵
  PID:8524
- C:\Windows\System\ZtIUTCP.exe
  C:\Windows\System\ZtIUTCP.exe
  2⤵
  PID:8540
- C:\Windows\System\JUdVUmP.exe
  C:\Windows\System\JUdVUmP.exe
  2⤵
  PID:8556
- C:\Windows\System\EpGCcda.exe
  C:\Windows\System\EpGCcda.exe
  2⤵
  PID:8572
- C:\Windows\System\VIRoAnN.exe
  C:\Windows\System\VIRoAnN.exe
  2⤵
  PID:8588
- C:\Windows\System\SAhUNTe.exe
  C:\Windows\System\SAhUNTe.exe
  2⤵
  PID:8604
- C:\Windows\System\pPUrIuM.exe
  C:\Windows\System\pPUrIuM.exe
  2⤵
  PID:8620
- C:\Windows\System\pIhlhNZ.exe
  C:\Windows\System\pIhlhNZ.exe
  2⤵
  PID:8640
- C:\Windows\System\CbTdqyS.exe
  C:\Windows\System\CbTdqyS.exe
  2⤵
  PID:8656
- C:\Windows\System\vTEuGNY.exe
  C:\Windows\System\vTEuGNY.exe
  2⤵
  PID:8672
- C:\Windows\System\QpQJfhQ.exe
  C:\Windows\System\QpQJfhQ.exe
  2⤵
  PID:8688
- C:\Windows\System\KRpkAZk.exe
  C:\Windows\System\KRpkAZk.exe
  2⤵
  PID:8704
- C:\Windows\System\XPddjoZ.exe
  C:\Windows\System\XPddjoZ.exe
  2⤵
  PID:8720
- C:\Windows\System\TmlJkFV.exe
  C:\Windows\System\TmlJkFV.exe
  2⤵
  PID:8740
- C:\Windows\System\lFSMxCv.exe
  C:\Windows\System\lFSMxCv.exe
  2⤵
  PID:8756
- C:\Windows\System\CtzbAVX.exe
  C:\Windows\System\CtzbAVX.exe
  2⤵
  PID:8772
- C:\Windows\System\XckarKK.exe
  C:\Windows\System\XckarKK.exe
  2⤵
  PID:8788
- C:\Windows\System\gGEcWIT.exe
  C:\Windows\System\gGEcWIT.exe
  2⤵
  PID:8804
- C:\Windows\System\acKZkRs.exe
  C:\Windows\System\acKZkRs.exe
  2⤵
  PID:8820
- C:\Windows\System\vhzzoCi.exe
  C:\Windows\System\vhzzoCi.exe
  2⤵
  PID:8836
- C:\Windows\System\GtPltjz.exe
  C:\Windows\System\GtPltjz.exe
  2⤵
  PID:8852
- C:\Windows\System\yIBIhds.exe
  C:\Windows\System\yIBIhds.exe
  2⤵
  PID:8868
- C:\Windows\System\tleMhEB.exe
  C:\Windows\System\tleMhEB.exe
  2⤵
  PID:8884
- C:\Windows\System\zLMoarP.exe
  C:\Windows\System\zLMoarP.exe
  2⤵
  PID:8900
- C:\Windows\System\UMbgRcp.exe
  C:\Windows\System\UMbgRcp.exe
  2⤵
  PID:8916
- C:\Windows\System\PDmYPru.exe
  C:\Windows\System\PDmYPru.exe
  2⤵
  PID:8932
- C:\Windows\System\zSbvtqI.exe
  C:\Windows\System\zSbvtqI.exe
  2⤵
  PID:8960
- C:\Windows\System\qTkTWPX.exe
  C:\Windows\System\qTkTWPX.exe
  2⤵
  PID:8976
- C:\Windows\System\acZtSiW.exe
  C:\Windows\System\acZtSiW.exe
  2⤵
  PID:8992
- C:\Windows\System\TrRDTsu.exe
  C:\Windows\System\TrRDTsu.exe
  2⤵
  PID:9012
- C:\Windows\System\fYyPIdh.exe
  C:\Windows\System\fYyPIdh.exe
  2⤵
  PID:9032
- C:\Windows\System\JZKZMKJ.exe
  C:\Windows\System\JZKZMKJ.exe
  2⤵
  PID:9048
- C:\Windows\System\BKDoqeF.exe
  C:\Windows\System\BKDoqeF.exe
  2⤵
  PID:9068
- C:\Windows\System\FjeTdFU.exe
  C:\Windows\System\FjeTdFU.exe
  2⤵
  PID:9084
- C:\Windows\System\AHngQnh.exe
  C:\Windows\System\AHngQnh.exe
  2⤵
  PID:9100
- C:\Windows\System\cTGqFGJ.exe
  C:\Windows\System\cTGqFGJ.exe
  2⤵
  PID:9116
- C:\Windows\System\SkfRLKG.exe
  C:\Windows\System\SkfRLKG.exe
  2⤵
  PID:9132
- C:\Windows\System\xZKXRBL.exe
  C:\Windows\System\xZKXRBL.exe
  2⤵
  PID:9152
- C:\Windows\System\pItAPZI.exe
  C:\Windows\System\pItAPZI.exe
  2⤵
  PID:9168
- C:\Windows\System\unhpfMc.exe
  C:\Windows\System\unhpfMc.exe
  2⤵
  PID:9184
- C:\Windows\System\vjlGsLm.exe
  C:\Windows\System\vjlGsLm.exe
  2⤵
  PID:9200
- C:\Windows\System\HIazMXi.exe
  C:\Windows\System\HIazMXi.exe
  2⤵
  PID:8200
- C:\Windows\System\MqlaUOE.exe
  C:\Windows\System\MqlaUOE.exe
  2⤵
  PID:7376
- C:\Windows\System\XoemIBD.exe
  C:\Windows\System\XoemIBD.exe
  2⤵
  PID:7852
- C:\Windows\System\yWQkAsp.exe
  C:\Windows\System\yWQkAsp.exe
  2⤵
  PID:8308
- C:\Windows\System\czOHDRs.exe
  C:\Windows\System\czOHDRs.exe
  2⤵
  PID:8340
- C:\Windows\System\IAFGrDz.exe
  C:\Windows\System\IAFGrDz.exe
  2⤵
  PID:8404
- C:\Windows\System\BzCEUfC.exe
  C:\Windows\System\BzCEUfC.exe
  2⤵
  PID:8220
- C:\Windows\System\cNVMKrc.exe
  C:\Windows\System\cNVMKrc.exe
  2⤵
  PID:8224
- C:\Windows\System\TzlPLiM.exe
  C:\Windows\System\TzlPLiM.exe
  2⤵
  PID:8284
- C:\Windows\System\XTLQRDK.exe
  C:\Windows\System\XTLQRDK.exe
  2⤵
  PID:7436
- C:\Windows\System\pSzNwNr.exe
  C:\Windows\System\pSzNwNr.exe
  2⤵
  PID:8448
- C:\Windows\System\vjZhUeK.exe
  C:\Windows\System\vjZhUeK.exe
  2⤵
  PID:8536
- C:\Windows\System\zDtGyVK.exe
  C:\Windows\System\zDtGyVK.exe
  2⤵
  PID:8596
- C:\Windows\System\zQcYixl.exe
  C:\Windows\System\zQcYixl.exe
  2⤵
  PID:8484
- C:\Windows\System\sCXJxyA.exe
  C:\Windows\System\sCXJxyA.exe
  2⤵
  PID:8388
- C:\Windows\System\tlqBvig.exe
  C:\Windows\System\tlqBvig.exe
  2⤵
  PID:8664
- C:\Windows\System\tXtaWsf.exe
  C:\Windows\System\tXtaWsf.exe
  2⤵
  PID:8616
- C:\Windows\System\ObCMqvk.exe
  C:\Windows\System\ObCMqvk.exe
  2⤵
  PID:8736
- C:\Windows\System\bEiXCsR.exe
  C:\Windows\System\bEiXCsR.exe
  2⤵
  PID:8648
- C:\Windows\System\OEhyIbw.exe
  C:\Windows\System\OEhyIbw.exe
  2⤵
  PID:8764
- C:\Windows\System\uOxqUdz.exe
  C:\Windows\System\uOxqUdz.exe
  2⤵
  PID:8748
- C:\Windows\System\OvIrlWx.exe
  C:\Windows\System\OvIrlWx.exe
  2⤵
  PID:8860
- C:\Windows\System\rZAYElJ.exe
  C:\Windows\System\rZAYElJ.exe
  2⤵
  PID:8896
- C:\Windows\System\JxRsVNm.exe
  C:\Windows\System\JxRsVNm.exe
  2⤵
  PID:8780
- C:\Windows\System\XUzrOKY.exe
  C:\Windows\System\XUzrOKY.exe
  2⤵
  PID:8816
- C:\Windows\System\HbXPIVp.exe
  C:\Windows\System\HbXPIVp.exe
  2⤵
  PID:8880
- C:\Windows\System\ylwuGyi.exe
  C:\Windows\System\ylwuGyi.exe
  2⤵
  PID:8948
- C:\Windows\System\BHfXVRC.exe
  C:\Windows\System\BHfXVRC.exe
  2⤵
  PID:9004
- C:\Windows\System\moWAdQM.exe
  C:\Windows\System\moWAdQM.exe
  2⤵
  PID:8984
- C:\Windows\System\ueWoYZR.exe
  C:\Windows\System\ueWoYZR.exe
  2⤵
  PID:8956
- C:\Windows\System\axffdJu.exe
  C:\Windows\System\axffdJu.exe
  2⤵
  PID:9028
- C:\Windows\System\rHJhZIQ.exe
  C:\Windows\System\rHJhZIQ.exe
  2⤵
  PID:9140
- C:\Windows\System\uETDvEm.exe
  C:\Windows\System\uETDvEm.exe
  2⤵
  PID:9148
- C:\Windows\System\zRKgnII.exe
  C:\Windows\System\zRKgnII.exe
  2⤵
  PID:9064
- C:\Windows\System\BLfCDqj.exe
  C:\Windows\System\BLfCDqj.exe
  2⤵
  PID:7896
- C:\Windows\System\ZqgnmMl.exe
  C:\Windows\System\ZqgnmMl.exe
  2⤵
  PID:8356
- C:\Windows\System\fYKnIkx.exe
  C:\Windows\System\fYKnIkx.exe
  2⤵
  PID:8844
- C:\Windows\System\ClJAldk.exe
  C:\Windows\System\ClJAldk.exe
  2⤵
  PID:9180
- C:\Windows\System\xYNNKCi.exe
  C:\Windows\System\xYNNKCi.exe
  2⤵
  PID:7360
- C:\Windows\System\ayrYceD.exe
  C:\Windows\System\ayrYceD.exe
  2⤵
  PID:8432
- C:\Windows\System\ihuNhQi.exe
  C:\Windows\System\ihuNhQi.exe
  2⤵
  PID:8320
- C:\Windows\System\JisEsOi.exe
  C:\Windows\System\JisEsOi.exe
  2⤵
  PID:7948
- C:\Windows\System\TxxtYpz.exe
  C:\Windows\System\TxxtYpz.exe
  2⤵
  PID:8716
- C:\Windows\System\vyyTrMZ.exe
  C:\Windows\System\vyyTrMZ.exe
  2⤵
  PID:8812
- C:\Windows\System\LIrCvpX.exe
  C:\Windows\System\LIrCvpX.exe
  2⤵
  PID:8912
- C:\Windows\System\gSRVDoM.exe
  C:\Windows\System\gSRVDoM.exe
  2⤵
  PID:8156
- C:\Windows\System\uLrHZdS.exe
  C:\Windows\System\uLrHZdS.exe
  2⤵
  PID:9000
- C:\Windows\System\rcRCqNg.exe
  C:\Windows\System\rcRCqNg.exe
  2⤵
  PID:9044
- C:\Windows\System\gOFwFhp.exe
  C:\Windows\System\gOFwFhp.exe
  2⤵
  PID:9208
- C:\Windows\System\TaFITju.exe
  C:\Windows\System\TaFITju.exe
  2⤵
  PID:9212
- C:\Windows\System\WzqqXNj.exe
  C:\Windows\System\WzqqXNj.exe
  2⤵
  PID:8800
- C:\Windows\System\QXHpGdd.exe
  C:\Windows\System\QXHpGdd.exe
  2⤵
  PID:8516
- C:\Windows\System\JKEItyw.exe
  C:\Windows\System\JKEItyw.exe
  2⤵
  PID:8468
- C:\Windows\System\giMxzlw.exe
  C:\Windows\System\giMxzlw.exe
  2⤵
  PID:8304
- C:\Windows\System\FmoTYvY.exe
  C:\Windows\System\FmoTYvY.exe
  2⤵
  PID:8568
- C:\Windows\System\wHhcIQG.exe
  C:\Windows\System\wHhcIQG.exe
  2⤵
  PID:8892
- C:\Windows\System\dkKUCty.exe
  C:\Windows\System\dkKUCty.exe
  2⤵
  PID:8928
- C:\Windows\System\VueSEQJ.exe
  C:\Windows\System\VueSEQJ.exe
  2⤵
  PID:8988
- C:\Windows\System\vRrEKia.exe
  C:\Windows\System\vRrEKia.exe
  2⤵
  PID:9020
- C:\Windows\System\tAdhhJj.exe
  C:\Windows\System\tAdhhJj.exe
  2⤵
  PID:9196
- C:\Windows\System\SrStyIC.exe
  C:\Windows\System\SrStyIC.exe
  2⤵
  PID:8216
- C:\Windows\System\sxorugi.exe
  C:\Windows\System\sxorugi.exe
  2⤵
  PID:8700
- C:\Windows\System\ZTUnGAm.exe
  C:\Windows\System\ZTUnGAm.exe
  2⤵
  PID:8532
- C:\Windows\System\tomTJsE.exe
  C:\Windows\System\tomTJsE.exe
  2⤵
  PID:8636
- C:\Windows\System\SyLRJbf.exe
  C:\Windows\System\SyLRJbf.exe
  2⤵
  PID:9176
- C:\Windows\System\DbeLWEU.exe
  C:\Windows\System\DbeLWEU.exe
  2⤵
  PID:8372
- C:\Windows\System\phFRIeI.exe
  C:\Windows\System\phFRIeI.exe
  2⤵
  PID:8680
- C:\Windows\System\aIYVewi.exe
  C:\Windows\System\aIYVewi.exe
  2⤵
  PID:9160
- C:\Windows\System\jtoKCYm.exe
  C:\Windows\System\jtoKCYm.exe
  2⤵
  PID:8940
- C:\Windows\System\ewPzovr.exe
  C:\Windows\System\ewPzovr.exe
  2⤵
  PID:8944
- C:\Windows\System\IfyMDmM.exe
  C:\Windows\System\IfyMDmM.exe
  2⤵
  PID:9232
- C:\Windows\System\qzJbHws.exe
  C:\Windows\System\qzJbHws.exe
  2⤵
  PID:9248
- C:\Windows\System\bosXJld.exe
  C:\Windows\System\bosXJld.exe
  2⤵
  PID:9264
- C:\Windows\System\JtJvOIH.exe
  C:\Windows\System\JtJvOIH.exe
  2⤵
  PID:9280
- C:\Windows\System\mEcduCk.exe
  C:\Windows\System\mEcduCk.exe
  2⤵
  PID:9300
- C:\Windows\System\vMysnhL.exe
  C:\Windows\System\vMysnhL.exe
  2⤵
  PID:9316
- C:\Windows\System\uFXZWPj.exe
  C:\Windows\System\uFXZWPj.exe
  2⤵
  PID:9332
- C:\Windows\System\NbMIodh.exe
  C:\Windows\System\NbMIodh.exe
  2⤵
  PID:9348
- C:\Windows\System\ZhfLWvw.exe
  C:\Windows\System\ZhfLWvw.exe
  2⤵
  PID:9364
- C:\Windows\System\hSwUNxY.exe
  C:\Windows\System\hSwUNxY.exe
  2⤵
  PID:9380
- C:\Windows\System\lOKDRgM.exe
  C:\Windows\System\lOKDRgM.exe
  2⤵
  PID:9396
- C:\Windows\System\XFDHCPl.exe
  C:\Windows\System\XFDHCPl.exe
  2⤵
  PID:9412
- C:\Windows\System\FsxOXLj.exe
  C:\Windows\System\FsxOXLj.exe
  2⤵
  PID:9428
- C:\Windows\System\KuoGDGh.exe
  C:\Windows\System\KuoGDGh.exe
  2⤵
  PID:9444
- C:\Windows\System\jYpzCLQ.exe
  C:\Windows\System\jYpzCLQ.exe
  2⤵
  PID:9460
- C:\Windows\System\ymAWagz.exe
  C:\Windows\System\ymAWagz.exe
  2⤵
  PID:9476
- C:\Windows\System\fSYMYgw.exe
  C:\Windows\System\fSYMYgw.exe
  2⤵
  PID:9492
- C:\Windows\System\fWFgzjO.exe
  C:\Windows\System\fWFgzjO.exe
  2⤵
  PID:9508
- C:\Windows\System\dTLYWmi.exe
  C:\Windows\System\dTLYWmi.exe
  2⤵
  PID:9524
- C:\Windows\System\XKjtPCN.exe
  C:\Windows\System\XKjtPCN.exe
  2⤵
  PID:9540
- C:\Windows\System\XRcOkMn.exe
  C:\Windows\System\XRcOkMn.exe
  2⤵
  PID:9556
- C:\Windows\System\wkTsbtS.exe
  C:\Windows\System\wkTsbtS.exe
  2⤵
  PID:9572
- C:\Windows\System\nkaUQKI.exe
  C:\Windows\System\nkaUQKI.exe
  2⤵
  PID:9588
- C:\Windows\System\kNpaCvE.exe
  C:\Windows\System\kNpaCvE.exe
  2⤵
  PID:9604
- C:\Windows\System\TAmcWph.exe
  C:\Windows\System\TAmcWph.exe
  2⤵
  PID:9620
- C:\Windows\System\uKotwcH.exe
  C:\Windows\System\uKotwcH.exe
  2⤵
  PID:9636
- C:\Windows\System\CPOmtGz.exe
  C:\Windows\System\CPOmtGz.exe
  2⤵
  PID:9652
- C:\Windows\System\jsifjod.exe
  C:\Windows\System\jsifjod.exe
  2⤵
  PID:9668
- C:\Windows\System\nbclXNj.exe
  C:\Windows\System\nbclXNj.exe
  2⤵
  PID:9684
- C:\Windows\System\gfoPoAv.exe
  C:\Windows\System\gfoPoAv.exe
  2⤵
  PID:9700
- C:\Windows\System\kROKzzV.exe
  C:\Windows\System\kROKzzV.exe
  2⤵
  PID:9716
- C:\Windows\System\nVmjSLn.exe
  C:\Windows\System\nVmjSLn.exe
  2⤵
  PID:9732
- C:\Windows\System\YooqymM.exe
  C:\Windows\System\YooqymM.exe
  2⤵
  PID:9748
- C:\Windows\System\HjgDBTO.exe
  C:\Windows\System\HjgDBTO.exe
  2⤵
  PID:9764
- C:\Windows\System\wwJIGbt.exe
  C:\Windows\System\wwJIGbt.exe
  2⤵
  PID:9780
- C:\Windows\System\iIkPdoW.exe
  C:\Windows\System\iIkPdoW.exe
  2⤵
  PID:9796
- C:\Windows\System\lpiHVtl.exe
  C:\Windows\System\lpiHVtl.exe
  2⤵
  PID:9812
- C:\Windows\System\QsKIjQt.exe
  C:\Windows\System\QsKIjQt.exe
  2⤵
  PID:9828
- C:\Windows\System\ObggQdY.exe
  C:\Windows\System\ObggQdY.exe
  2⤵
  PID:9844
- C:\Windows\System\QvRIIDt.exe
  C:\Windows\System\QvRIIDt.exe
  2⤵
  PID:9860
- C:\Windows\System\xUfvBVL.exe
  C:\Windows\System\xUfvBVL.exe
  2⤵
  PID:9880
- C:\Windows\System\vXuEqPz.exe
  C:\Windows\System\vXuEqPz.exe
  2⤵
  PID:9896
- C:\Windows\System\cxYHgHi.exe
  C:\Windows\System\cxYHgHi.exe
  2⤵
  PID:9912
- C:\Windows\System\Jlelsuk.exe
  C:\Windows\System\Jlelsuk.exe
  2⤵
  PID:9928
- C:\Windows\System\MSCKPpO.exe
  C:\Windows\System\MSCKPpO.exe
  2⤵
  PID:9944
- C:\Windows\System\HoKowAQ.exe
  C:\Windows\System\HoKowAQ.exe
  2⤵
  PID:9960
- C:\Windows\System\MANOzEe.exe
  C:\Windows\System\MANOzEe.exe
  2⤵
  PID:9976
- C:\Windows\System\YWPuFBK.exe
  C:\Windows\System\YWPuFBK.exe
  2⤵
  PID:9992
- C:\Windows\System\xTjPJHK.exe
  C:\Windows\System\xTjPJHK.exe
  2⤵
  PID:10008
- C:\Windows\System\dryQWqp.exe
  C:\Windows\System\dryQWqp.exe
  2⤵
  PID:10024
- C:\Windows\System\AmOsJNG.exe
  C:\Windows\System\AmOsJNG.exe
  2⤵
  PID:10040
- C:\Windows\System\kpIwbpD.exe
  C:\Windows\System\kpIwbpD.exe
  2⤵
  PID:10056
- C:\Windows\System\UqHuaWL.exe
  C:\Windows\System\UqHuaWL.exe
  2⤵
  PID:10072
- C:\Windows\System\JGGfEfW.exe
  C:\Windows\System\JGGfEfW.exe
  2⤵
  PID:10088
- C:\Windows\System\pkeDXpZ.exe
  C:\Windows\System\pkeDXpZ.exe
  2⤵
  PID:10104
- C:\Windows\System\onnVbtr.exe
  C:\Windows\System\onnVbtr.exe
  2⤵
  PID:10120
- C:\Windows\System\QcfSavr.exe
  C:\Windows\System\QcfSavr.exe
  2⤵
  PID:10136
- C:\Windows\System\NxBlpKz.exe
  C:\Windows\System\NxBlpKz.exe
  2⤵
  PID:10152
- C:\Windows\System\JpAdofG.exe
  C:\Windows\System\JpAdofG.exe
  2⤵
  PID:10168
- C:\Windows\System\UMBkoyK.exe
  C:\Windows\System\UMBkoyK.exe
  2⤵
  PID:10184
- C:\Windows\System\RxzvflW.exe
  C:\Windows\System\RxzvflW.exe
  2⤵
  PID:10200
- C:\Windows\System\qfUhqjW.exe
  C:\Windows\System\qfUhqjW.exe
  2⤵
  PID:10216
- C:\Windows\System\rtIMVgN.exe
  C:\Windows\System\rtIMVgN.exe
  2⤵
  PID:10236
- C:\Windows\System\mZufrHS.exe
  C:\Windows\System\mZufrHS.exe
  2⤵
  PID:9256
- C:\Windows\System\SPnFQPN.exe
  C:\Windows\System\SPnFQPN.exe
  2⤵
  PID:9272
- C:\Windows\System\BgsiwNd.exe
  C:\Windows\System\BgsiwNd.exe
  2⤵
  PID:9292
- C:\Windows\System\qaLtcwd.exe
  C:\Windows\System\qaLtcwd.exe
  2⤵
  PID:9312
- C:\Windows\System\QPzGufF.exe
  C:\Windows\System\QPzGufF.exe
  2⤵
  PID:9388
- C:\Windows\System\MdoiUpT.exe
  C:\Windows\System\MdoiUpT.exe
  2⤵
  PID:9452
- C:\Windows\System\IPQisLr.exe
  C:\Windows\System\IPQisLr.exe
  2⤵
  PID:9488
- C:\Windows\System\iSzVFvr.exe
  C:\Windows\System\iSzVFvr.exe
  2⤵
  PID:9376
- C:\Windows\System\qLxCXjo.exe
  C:\Windows\System\qLxCXjo.exe
  2⤵
  PID:9520
- C:\Windows\System\RcrbJrL.exe
  C:\Windows\System\RcrbJrL.exe
  2⤵
  PID:9584
- C:\Windows\System\GnsUgOs.exe
  C:\Windows\System\GnsUgOs.exe
  2⤵
  PID:9648
- C:\Windows\System\dbvSSHd.exe
  C:\Windows\System\dbvSSHd.exe
  2⤵
  PID:9712
- C:\Windows\System\ltDCqIo.exe
  C:\Windows\System\ltDCqIo.exe
  2⤵
  PID:9440
- C:\Windows\System\CKXufHB.exe
  C:\Windows\System\CKXufHB.exe
  2⤵
  PID:9776
- C:\Windows\System\iOHbcUJ.exe
  C:\Windows\System\iOHbcUJ.exe
  2⤵
  PID:9840
- C:\Windows\System\lZXNsCl.exe
  C:\Windows\System\lZXNsCl.exe
  2⤵
  PID:9628
- C:\Windows\System\yyZjglA.exe
  C:\Windows\System\yyZjglA.exe
  2⤵
  PID:9664
- C:\Windows\System\XYhpjeV.exe
  C:\Windows\System\XYhpjeV.exe
  2⤵
  PID:9936
- C:\Windows\System\TtPEYFz.exe
  C:\Windows\System\TtPEYFz.exe
  2⤵
  PID:9568
- C:\Windows\System\KAYyklc.exe
  C:\Windows\System\KAYyklc.exe
  2⤵
  PID:9536
- C:\Windows\System\ZNazegM.exe
  C:\Windows\System\ZNazegM.exe
  2⤵
  PID:9956
- C:\Windows\System\dXjqOjF.exe
  C:\Windows\System\dXjqOjF.exe
  2⤵
  PID:9984
- C:\Windows\System\bijLDVs.exe
  C:\Windows\System\bijLDVs.exe
  2⤵
  PID:10004
- C:\Windows\System\XStLvSv.exe
  C:\Windows\System\XStLvSv.exe
  2⤵
  PID:10036
- C:\Windows\System\EuRLmsL.exe
  C:\Windows\System\EuRLmsL.exe
  2⤵
  PID:9952
- C:\Windows\System\LsumSIo.exe
  C:\Windows\System\LsumSIo.exe
  2⤵
  PID:10068
- C:\Windows\System\itLsaxy.exe
  C:\Windows\System\itLsaxy.exe
  2⤵
  PID:10052
- C:\Windows\System\ZiWykLy.exe
  C:\Windows\System\ZiWykLy.exe
  2⤵
  PID:10048
- C:\Windows\System\VzYGuGj.exe
  C:\Windows\System\VzYGuGj.exe
  2⤵
  PID:10164
- C:\Windows\System\hrHbqgf.exe
  C:\Windows\System\hrHbqgf.exe
  2⤵
  PID:10228
- C:\Windows\System\atQxfTs.exe
  C:\Windows\System\atQxfTs.exe
  2⤵
  PID:9240
- C:\Windows\System\vBEQhzH.exe
  C:\Windows\System\vBEQhzH.exe
  2⤵
  PID:10148
- C:\Windows\System\MvzQOIR.exe
  C:\Windows\System\MvzQOIR.exe
  2⤵
  PID:9288
- C:\Windows\System\nJjFgOk.exe
  C:\Windows\System\nJjFgOk.exe
  2⤵
  PID:9424
- C:\Windows\System\JQNOdSh.exe
  C:\Windows\System\JQNOdSh.exe
  2⤵
  PID:9356
- C:\Windows\System\BRlGIQO.exe
  C:\Windows\System\BRlGIQO.exe
  2⤵
  PID:9680
- C:\Windows\System\UhTyJYl.exe
  C:\Windows\System\UhTyJYl.exe
  2⤵
  PID:9404
- C:\Windows\System\UbCdgOE.exe
  C:\Windows\System\UbCdgOE.exe
  2⤵
  PID:9744
- C:\Windows\System\gbOPVwh.exe
  C:\Windows\System\gbOPVwh.exe
  2⤵
  PID:9644
- C:\Windows\System\nloSlrN.exe
  C:\Windows\System\nloSlrN.exe
  2⤵
  PID:9660
- C:\Windows\System\TOSdipV.exe
  C:\Windows\System\TOSdipV.exe
  2⤵
  PID:9808
- C:\Windows\System\vezOyhz.exe
  C:\Windows\System\vezOyhz.exe
  2⤵
  PID:9724
- C:\Windows\System\txZlCew.exe
  C:\Windows\System\txZlCew.exe
  2⤵
  PID:9856
- C:\Windows\System\sGAPBIJ.exe
  C:\Windows\System\sGAPBIJ.exe
  2⤵
  PID:9888
- C:\Windows\System\EPivGGa.exe
  C:\Windows\System\EPivGGa.exe
  2⤵
  PID:10016
- C:\Windows\System\zxltrCT.exe
  C:\Windows\System\zxltrCT.exe
  2⤵
  PID:10224
- C:\Windows\System\VKqILdg.exe
  C:\Windows\System\VKqILdg.exe
  2⤵
  PID:10116
- C:\Windows\System\WREktMi.exe
  C:\Windows\System\WREktMi.exe
  2⤵
  PID:9296
- C:\Windows\System\LrGkgwH.exe
  C:\Windows\System\LrGkgwH.exe
  2⤵
  PID:9420
- C:\Windows\System\YpiqkDL.exe
  C:\Windows\System\YpiqkDL.exe
  2⤵
  PID:9772
- C:\Windows\System\suKozNI.exe
  C:\Windows\System\suKozNI.exe
  2⤵
  PID:9792
- C:\Windows\System\LhTWqkQ.exe
  C:\Windows\System\LhTWqkQ.exe
  2⤵
  PID:9552
- C:\Windows\System\RWgyOMF.exe
  C:\Windows\System\RWgyOMF.exe
  2⤵
  PID:9580
- C:\Windows\System\TGddxQU.exe
  C:\Windows\System\TGddxQU.exe
  2⤵
  PID:9756
- C:\Windows\System\MwxbQwk.exe
  C:\Windows\System\MwxbQwk.exe
  2⤵
  PID:10180
- C:\Windows\System\dkYxsTW.exe
  C:\Windows\System\dkYxsTW.exe
  2⤵
  PID:9228
- C:\Windows\System\yynhhuL.exe
  C:\Windows\System\yynhhuL.exe
  2⤵
  PID:9328
- C:\Windows\System\WSuMAqz.exe
  C:\Windows\System\WSuMAqz.exe
  2⤵
  PID:10000
- C:\Windows\System\GpLfGSP.exe
  C:\Windows\System\GpLfGSP.exe
  2⤵
  PID:10100
- C:\Windows\System\ElazVGg.exe
  C:\Windows\System\ElazVGg.exe
  2⤵
  PID:10084
- C:\Windows\System\CMLSBiM.exe
  C:\Windows\System\CMLSBiM.exe
  2⤵
  PID:10232
- C:\Windows\System\HZMpSFR.exe
  C:\Windows\System\HZMpSFR.exe
  2⤵
  PID:9852
- C:\Windows\System\iPAWAis.exe
  C:\Windows\System\iPAWAis.exe
  2⤵
  PID:10248
- C:\Windows\System\oFrnkNl.exe
  C:\Windows\System\oFrnkNl.exe
  2⤵
  PID:10264
- C:\Windows\System\DflJveL.exe
  C:\Windows\System\DflJveL.exe
  2⤵
  PID:10280
- C:\Windows\System\NNkFiwl.exe
  C:\Windows\System\NNkFiwl.exe
  2⤵
  PID:10296
- C:\Windows\System\ukqNYgO.exe
  C:\Windows\System\ukqNYgO.exe
  2⤵
  PID:10312
- C:\Windows\System\NyDOilv.exe
  C:\Windows\System\NyDOilv.exe
  2⤵
  PID:10328
- C:\Windows\System\NXLpWrv.exe
  C:\Windows\System\NXLpWrv.exe
  2⤵
  PID:10344
- C:\Windows\System\xgXONVh.exe
  C:\Windows\System\xgXONVh.exe
  2⤵
  PID:10360
- C:\Windows\System\oDLKmQy.exe
  C:\Windows\System\oDLKmQy.exe
  2⤵
  PID:10376
- C:\Windows\System\biaBMLZ.exe
  C:\Windows\System\biaBMLZ.exe
  2⤵
  PID:10392
- C:\Windows\System\KhaeYgV.exe
  C:\Windows\System\KhaeYgV.exe
  2⤵
  PID:10408
- C:\Windows\System\dJsRZeo.exe
  C:\Windows\System\dJsRZeo.exe
  2⤵
  PID:10424
- C:\Windows\System\AnukSPk.exe
  C:\Windows\System\AnukSPk.exe
  2⤵
  PID:10440
- C:\Windows\System\RASUcmk.exe
  C:\Windows\System\RASUcmk.exe
  2⤵
  PID:10456
- C:\Windows\System\ZBOGxGT.exe
  C:\Windows\System\ZBOGxGT.exe
  2⤵
  PID:10472
- C:\Windows\System\IBvVLMI.exe
  C:\Windows\System\IBvVLMI.exe
  2⤵
  PID:10512
- C:\Windows\System\aqjXaBL.exe
  C:\Windows\System\aqjXaBL.exe
  2⤵
  PID:10528
- C:\Windows\System\dKMilCq.exe
  C:\Windows\System\dKMilCq.exe
  2⤵
  PID:10544
- C:\Windows\System\hHeDEKE.exe
  C:\Windows\System\hHeDEKE.exe
  2⤵
  PID:10560
- C:\Windows\System\uzPJjOF.exe
  C:\Windows\System\uzPJjOF.exe
  2⤵
  PID:10576
- C:\Windows\System\FcYUCeU.exe
  C:\Windows\System\FcYUCeU.exe
  2⤵
  PID:10596
- C:\Windows\System\TWBfDHk.exe
  C:\Windows\System\TWBfDHk.exe
  2⤵
  PID:10612
- C:\Windows\System\oKcdRHB.exe
  C:\Windows\System\oKcdRHB.exe
  2⤵
  PID:10632
- C:\Windows\System\klEicbL.exe
  C:\Windows\System\klEicbL.exe
  2⤵
  PID:10648
- C:\Windows\System\aYkogIZ.exe
  C:\Windows\System\aYkogIZ.exe
  2⤵
  PID:10664
- C:\Windows\System\kcHrOyQ.exe
  C:\Windows\System\kcHrOyQ.exe
  2⤵
  PID:10680
- C:\Windows\System\xvBKXIc.exe
  C:\Windows\System\xvBKXIc.exe
  2⤵
  PID:10696
- C:\Windows\System\LMlfyJk.exe
  C:\Windows\System\LMlfyJk.exe
  2⤵
  PID:10712
- C:\Windows\System\sucQsKu.exe
  C:\Windows\System\sucQsKu.exe
  2⤵
  PID:10728
- C:\Windows\System\jzWBKzT.exe
  C:\Windows\System\jzWBKzT.exe
  2⤵
  PID:10744
- C:\Windows\System\kYueFwt.exe
  C:\Windows\System\kYueFwt.exe
  2⤵
  PID:10764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\THP6WLW67COWLD009NY9.temp

Filesize
7KB

MD5
39629d1ab8064691a924a63e5d2991e0

SHA1
2465e77e50fc1ea38ea345aa337ed5b05fcd6e48

SHA256
133a6ece19db292274e11835f6f787cc15a5bf49e9085eb28c46f7fc6b815068

SHA512
87da57e155277d607149e63bfe51fff1dc6a448a48bf2e3be763bc39453ff4576d220e94f4327a13e6ff872f2402eebcd0eaccf125da0a7c9edfbb1202bc5b2c

Download Submit
C:\Windows\system\DYPfXCT.exe

Filesize
1.5MB

MD5
4667d981ebb453288a5a193d9158d618

SHA1
7b2011795895444f6d463d92ad504f4110afffb8

SHA256
64009ebc5c09d613c5ba73c165d6389c776a93dc6b0b5dd25e2c42e565375476

SHA512
02d6a7eaa5e703a180bbb9b54b4e178491e440db4a45042347804a0fd79e24210c613d10908587e39e511e6d90bbed7d193a4568696093c7287b8d563cdec50a

Download Submit
C:\Windows\system\IZEWIRZ.exe

Filesize
1.5MB

MD5
b2d311687d6fe2a0ccc3ddc1189b331f

SHA1
95913439accfd742d30c436fd9fbb399bdd24aae

SHA256
8ab512d48be6cc24d7dc439e6952486e10a6704bd496ec8fdf038c26dd2b886d

SHA512
f230acf8cee4edee7b61677d1c88d5035a74271596b37e9a76a5dc875a95b8aeaf7fa1fd32f051e4805f529ca060bcc5a2432280f03bde5f56d4e656d9b11f98

Download Submit
C:\Windows\system\JPMUnZT.exe

Filesize
1.5MB

MD5
7e4b616a721bb7f17d3b4c48acc14c24

SHA1
f6f507c9bd3bee358f7c671bb4adc044ed6d09eb

SHA256
fe6197095d2501d8d1f8b17476d18292121a9f18a2287405ac912b6cf10cbd25

SHA512
a6f3c2d1906bb57b7d9cb0b5e45743bce07b116dba7ae723a063a2069c649d255522bb6517ed496409adc093d14a6d6774d55aa7d50bc764d3e0f43e4021deea

Download Submit
C:\Windows\system\KCaMxWg.exe

Filesize
1.5MB

MD5
b816b91578515a0c937e37c039e4e7db

SHA1
2ab91d74b1b6f52906d878885c8acf56a5357e3f

SHA256
2dcc93c629432a0b7d676bcc87eca865c6ea12ad42e8d97989042f9b8ec19723

SHA512
2b71f1cf02ed421c33fea5518153a2ef4a26786977ba97fe2782fc60ddf918a6bccd39b4176d7c4fc7c9b9c29d82eb0d6924548b600f2c1c55d5ce19c25bb09a

Download Submit
C:\Windows\system\MUlwYyI.exe

Filesize
1.5MB

MD5
1900bbd2ffa339639ead559b86f34b77

SHA1
01a2169d11cd053359465b5716f38ae237166dc1

SHA256
637cd28900674b3786c61928fded8ce37c015b3e634cd1f648af928c5d99e0c8

SHA512
8bd209df0be5f07ef3359c956ed6169a0ceebb2663b52b942adb9b110a4782d70d207666443f03c4eafb82363ae5a654de952fd8c89b340ddd0b1c651d6883a9

Download Submit
C:\Windows\system\QLEuFVy.exe

Filesize
1.5MB

MD5
f72e2854ac2cc72ab806e579253d0655

SHA1
68f1bcace03d32673404412467b5f48dce2753d2

SHA256
c4e897599ac195dad725b726bbb4010743c085eadfc231a2113d99f97a7c4408

SHA512
059ce1f77198aac8386fdaa6e783a346686ecfa6f91019c9ec546dc2788fcafba30338ea19082a7c50792692a7afebf0b98f088ccbcff394c48ce0553ff83070

Download Submit
C:\Windows\system\QXemaDK.exe

Filesize
1.5MB

MD5
ca4ed701f8107beef169b0bcaac5be67

SHA1
398ae74fbd26c989c623bc08c788ae4a6d3b4bed

SHA256
94de4004be3e54d8a5569cef3fb7c886c109a790bff9ab264fd191d41d5c8f63

SHA512
ea1e5131c6d284dc63277165ee9a144901bae8fd5ab9bc2b512883f6cef0b6476ff672055c9b332ea7c2a67f91b2fb2afac4a959d18aa3bc97cffe47f529eab9

Download Submit
C:\Windows\system\VsstsOd.exe

Filesize
1.5MB

MD5
17014686d1cfbbd4556c6f45cd2eefac

SHA1
c1b35cb5829cdb37d16fa40b317ce8d757e65702

SHA256
6622a680d0f2548c2162b498fd705bbe115b1c15fc601eedc070ea3a22a75b15

SHA512
b3fc5e1b8fd6ac731e86c9c2ee5915d5a94e952047cfa7f686a54cc1d04219ed1e9d8e4102878588fa2b9c16de88699937ba673c922456624a7620f0d0b69661

Download Submit
C:\Windows\system\XBHcnpi.exe

Filesize
1.5MB

MD5
75f5e170b25032a231acfd6d000fe1be

SHA1
10b0acc99039b892fd98dd63bf49e5484bd39689

SHA256
05748fd47a827580389c2f300b20f10fc6886a81dfbc25d6128aa21aa1a038e5

SHA512
1c579fbb3a87ee7396b05c29adb4abc3412863973c75514ae0a55cdd3a1e710f7a6d40918a5b4ed64a826ad512335d4bb1cd013b51cdb0f7e805bc988be4cf9e

Download Submit
C:\Windows\system\XdCMHoS.exe

Filesize
1.5MB

MD5
a4e5d957501d5f6474e3d44f6c1e8763

SHA1
bd085a73f5bfbc889a1f33e647d5e86b44759fb1

SHA256
3c7f7e5f5e4a7e426daaf542083377ae576fd57c1a35ecff31ba3febb67723bd

SHA512
58a2569d7da919cbd63ddd930963ebeb53616b1d25951a440221360bd607ab0858cf352dad24db2fb648e0cdfaee444e9c731d40f411cef16d66cb8f615bba34

Download Submit
C:\Windows\system\YiIcReh.exe

Filesize
1.5MB

MD5
05cbd49ac6b38ba483f4ba10e1c8c95f

SHA1
dca3b3f5658df6d8fcd5e43c64afcda9da96b1c5

SHA256
df6bd46b156c2ed4821e0959405c498c092fd3c5d58ff6728682387d714c7fdb

SHA512
c3fad32dad0525ad3e81330b33c35c2a71bca126f243fae5c0854be250d4285f5dff2f2442959490ffe2ca2c225970ff4d7edad5c0e711c206caaf8671c26158

Download Submit
C:\Windows\system\YnykMAQ.exe

Filesize
1.5MB

MD5
a77068a0564ec14d2cc43917ca02d571

SHA1
1c5af2f33b0a2491904f5c97b9c3682476c5ec0e

SHA256
01e559406039a2ea3439ab006865c9df3f459f62e726370918b1148427f26b93

SHA512
7721ff91c7aaa5d22955ad049290711de3c4f084b9ccd4f9181b6f988ecb8b917c97ea6fde4c8393d0d6c374fbd6f33bbaf760b3762646f31a12f8467c15ceaf

Download Submit
C:\Windows\system\ctfUWxe.exe

Filesize
1.5MB

MD5
4dabc22a8493fe246f8967b322878944

SHA1
28ef01850a38286acd173d8f09a373b930b71436

SHA256
518a09244ea276826bd3eb7d15d16091d9ad454bf885076a6aba40f16c5270db

SHA512
37dfe521b657c55208f1858d7504882822262122cfb54754d70d27f7406b9973a79a6712e72865242f90b67ed5f3c33b42dce0485a7a59ae69c742d04661dd2c

Download Submit
C:\Windows\system\ctmGrfq.exe

Filesize
1.5MB

MD5
987caa5f2feacf2c2ad043ce85bf57e3

SHA1
cc0b6bc8f4132ea2d4e6988edfa0ee55720c4f12

SHA256
e7f9f37580ba8f6c4df220730659a3f97d2627d10cfdcad22332a758feb69d6e

SHA512
aedad3ff775c1be08a741bd4d9c15d840fe6d407f6c318effa7ee25bd1dbbcccb8fea55cc744e8b1ee3a028597df84a759bad0bb2abc19e8b7cb670519c0ae46

Download Submit
C:\Windows\system\eLwFPgp.exe

Filesize
1.5MB

MD5
5d653e116f25b855f82273a84156612d

SHA1
6b98f3035ed6475a99088004914672238422a3ef

SHA256
930892c18be160ca1837f2c52cf73bfabbb50de623ff14c6e21a1eed60215bad

SHA512
0792a9113239a65e42b42c151fa0392e67343c6e854617e68326425fb8fcf3d3c98052b999f69b7575133bb0dc87607684622edcdb3063329eab69bae962814c

Download Submit
C:\Windows\system\iAeQBTa.exe

Filesize
1.5MB

MD5
b51652cdf8d42e9845240757c294ae6d

SHA1
4b12c7a60d0871820691a072b0c1e96db28210c5

SHA256
46186b0706cb1760cd0fdd4341b2557dfcce196d194f6df9cd406910fc85f86a

SHA512
dc1257dc9e46471dab4e419902c59a06cecacf77f616dd025e7d205dd9c5d5c0c99b2683599b0dc8116ce5894fdb5b55d304dd7f7a806f08856d7fbadb32efc2

Download Submit
C:\Windows\system\jKVYlHx.exe

Filesize
1.5MB

MD5
837a54be6c81c05972f2234436bdb20f

SHA1
65a83feaeea7b8a11be28efbaebbf91d41078292

SHA256
9d8cde856ae4eea6d388d4eb2f08e401c52ca95d07ea9f25acfb1f600dc51d4f

SHA512
8b92b0afd4b6b4473180e60649290c6ab10ad4c53bf76c7841d4b173c48727e5c41b931601c3c50b734af18909dde56d045314c5d7ff23bc8a8cd5c24d76a5d5

Download Submit
C:\Windows\system\jiwZHKL.exe

Filesize
1.5MB

MD5
816451ccd5d4970234249e4f5ac1ded7

SHA1
a61ae8d6c7e53e91ac03110bceff5c83526b7c03

SHA256
c6053da2b9b2457ccd76539ca1e0db5044453fb11b8c90e370aad74e26b6f96d

SHA512
2fa08eeefa15cd93c247bf89e5878376e59b559ba63cd7f4462f56c4c4c38c99e02183148c370c49558be30242d5b66d180320f6c30a2daac30bda8ba99ce140

Download Submit
C:\Windows\system\lvIOZoM.exe

Filesize
1.5MB

MD5
2cf339a1756840f54edaa9900ea7a2bf

SHA1
15c7720459c50631a3e281103f8342f2e434531e

SHA256
0316badb4a3aba398cd917d1911e0e40e5180ec792df17ea84e224a5daf49451

SHA512
31c08fb531a49616442e77bc27b05bc4196b4dc4be2deeaa42528f9961b153cc3dad406d00fd404066fe2a1b01a83480602b393ad8dbf7856cc636b7181f657c

Download Submit
C:\Windows\system\pLipcyd.exe

Filesize
1.5MB

MD5
a77404ebd04c93c96def4361a1e84585

SHA1
cace277baa0e25a41206bd6e48e9516c4b2aea33

SHA256
e2ef275924a01e69916d15ea975e04909f141f25f6c047ef64c17b9d2f062820

SHA512
f6c1f9b41a48e605c72c874a07075c13a11ad1fb24cc838460d3a07add2a2bb0b50361d21fc5dff62c1f613e58308197bd20e373bed56dfa9fa58469c464283c

Download Submit
C:\Windows\system\uqBQhSc.exe

Filesize
1.5MB

MD5
c971201cf098b54473142acdccdfe1f8

SHA1
b0ce5fae00e9214c061f2066a766230893463b3d

SHA256
6a01ceaa152062bc065ec9b1fa8be75cd15231d2dd2dea8d38940de548040699

SHA512
cd2ab65f69c7c18f29757fdd739c4ee520b69c4d737dfa93017da2944de81ec2aa8be49e0b159f4c1d498514384a6956719c2a4ac33b0d791461cd23e5c7e1cf

Download Submit
C:\Windows\system\wEaFVRH.exe

Filesize
1.5MB

MD5
17e6e9dc96a344cca1334bf9c7aa473d

SHA1
4e15704aa1f9820bb4c122cfd5140dbcd61218ed

SHA256
94a948b53144b7d066ac9f263bc8c1b82c70958ed59fb212038572cc3bc54838

SHA512
e557932fcec3b72a21a4078e91ba89e7b02901e4ebd6416b107c12019a29115e398bc5110ed1bc3194b15ee92489246d10dc09fc6b727d7ff380ef5702bf7fe5

Download Submit
C:\Windows\system\ziRMkjC.exe

Filesize
1.5MB

MD5
0e6a4897c424fc6e3ac60d59d3f482c3

SHA1
029122395edefa944cf413ed218345c675797dae

SHA256
7c9ab0331448c3d90bddf4ad97f9c094b4c2c17fa2fa4f749dd3b0e6070d3ca1

SHA512
8cf64ca4bd0992ea4cf1345763112270ecdd2244c3d6ca79e63e3ccafcebb4e3ec5f52fd7d0c914c0ba3965dd0b60687ff4e8368642192e8188ea8efbb08538c

Download Submit
\Windows\system\BmtUkzD.exe

Filesize
1.5MB

MD5
d3dd499ff64635d0c319f374cb1366be

SHA1
ecaa54998cdafdc52e012f62efa2c335421f638f

SHA256
a1f4aa869e2b2be934b1788f575ed9cce5a0730ff02e88af61071dbf6b26b6dd

SHA512
501f3613c9013ac5edf918118bab8c261063e1d6c16cc95bbc8ac7966b602e8a9b392437978c31a59fd00c90affb8844e56a9e7c59f4828a460ffbe9cdaa1fde

Download Submit
\Windows\system\DoHkddd.exe

Filesize
1.5MB

MD5
32dd8b95c97e8296e590d0e15bb4f025

SHA1
72bcd06c1bbc0995eb0a2241cd7ae5d6d6d5a329

SHA256
822796fb92e3f79960c5e2ffd0fa5886bcda16dfec9099c0bfcba7c8e9f96808

SHA512
dcb43f44bb40d58f5d302ff4179098673d841869dd68b41c1f7cac19a7befe1f3fdeeb2c30a1a87419cb7485160aa42535d8994d20280753447a6569c494faad

Download Submit
\Windows\system\KaTdZOh.exe

Filesize
1.5MB

MD5
8d0438f2a3df9979f168736fcbb2a6a9

SHA1
81805da7542247edfbd49330fcf9ef65ccc88be7

SHA256
725fabd696608efb736bf2b9d203df778c5dd19788fc88ad0f3591b84423a736

SHA512
b7f38e304a8c5654a7d05f6e996814a8ef2f767855092e1aa59b4f36bbd074438f04a453f0f2271999c8b0cc51e22cd672320a18d158bf0bf388deed0f193fa0

Download Submit
\Windows\system\LypZgvq.exe

Filesize
1.5MB

MD5
2291484d128a0da0e6d644c6c75b20de

SHA1
c4e21bcf861ac6ad3902c3d0ea8b72254cd7885c

SHA256
78a8e431c4d3d8d761befa74f4b4eb5c6d398f9ba9e4c00db8320b4a7b0d1f73

SHA512
3e28b71d446b472bfb98f8daf2b522f439608cbdca10abdb9b4e425796e76e3b1f6fa554403e66e528fc89452ef0603b1b01d188cf2dae18173c458158dad991

Download Submit
\Windows\system\MCOeWdY.exe

Filesize
1.5MB

MD5
c411225f1b4fb819bb0d16c9c35b196a

SHA1
dcbdc3850ce52224150506e9c35ad313ba70fc76

SHA256
e331c5a0cfa3d38115623f9823b1197229e22c9eb7817b521ae91179b1134722

SHA512
90f3c7ad993305de8c21d374a7ab7501ed7250a15fca1e51e62002058e6a4e9cb8ea0d206088987751741c3ddd08fec1f092a55f107734f8358b3681c7f991a5

Download Submit
\Windows\system\PPCjYqf.exe

Filesize
1.5MB

MD5
a39c6226b8d597280e38bc0111506025

SHA1
d45ee9d408d9cf6730790e3cd1b09f16cae426b7

SHA256
8f6334048c2285f18c6b092e8649b240f77883d0335f2ff52ef7403a67837207

SHA512
a90202c18b15ace8c1a6c5e241821a2d7904e79686329240b8bc2adcc42d1b280e7c2c927fd663c7b57a754644f8a2e1f82dafed7f84645c42872fc0d67825f2

Download Submit
\Windows\system\WQlrKqH.exe

Filesize
1.5MB

MD5
4e6482333e05955f5d26fa92f7dad832

SHA1
b1a14fa22879a32cf5d573ddaf05773f657e1972

SHA256
bb9ec834d938f0c8670007520c142daec0ea07f9beb6ce0dd9f77e2f550fe6c0

SHA512
20cd9107df27d3da1c9f95e7379e308718ad350bc38e461bc9af28aad598e1c58d11858d94fa1d3c3c18f18f04e04b9dd010b49ecd7b0dc7106e651c41dbd6b9

Download Submit
\Windows\system\WuXKRSE.exe

Filesize
1.5MB

MD5
8d47b7321b7bf8228f42b6204ce98903

SHA1
15b400eac657e0542dfd29b5aef6e48caca66e99

SHA256
93d41fa01876dbdeef9b827dcc6e34aa2c0eb1ff80372f9232e4f71f374348e9

SHA512
29da2ee19a651f712176b188463de2b5545239fec357b19bdec317d54ed7729f1c8bdd1f68ae45dc55d7ef19bb82de7ef734866498bb3564f5c1399ea90eda8a

Download Submit
\Windows\system\XJhbNgE.exe

Filesize
1.5MB

MD5
92287f627f56830bcd68c887167c6ce9

SHA1
942399fa0be97bd04733a721d8ade4e68bc3ea2e

SHA256
86fba9306a41c273156bf4ec3dbf956207f171681a07daa763891f3e49eea81a

SHA512
87ba5cba01c071e7183d816af06a44c78763567c9e0769beaa9c9cfcca02d5e387205e16a271d876be3c315f87901ff67578fd431aff217d791b5e3d325e95e6

Download Submit
\Windows\system\bjUlYGB.exe

Filesize
1.5MB

MD5
140df5fb4c0d7b3626a7d984c48dc924

SHA1
bfe63607a2b420818748b41c0514a628e3d1ba84

SHA256
e280a4124aa78828657afe08e8a5b1571f0dc1234017bfda5b2e24893b524ed3

SHA512
bd6ebe3a170d37dc9740457d8115fa08de84165e1121cbb4c518e00e6f2e454e08ec7564d50aff381275ce915a6eb1033ddbb0019ac32e5bf8da1bae3c0592e0

Download Submit
\Windows\system\dQSoalA.exe

Filesize
1.5MB

MD5
b0daa570e8eaefaeba72b6b08c064952

SHA1
a418b0c0f215226203ff08097e1b999d691523b7

SHA256
ad1a5956b2e7311c3d2ba3972822499a35e1d0d1dd95ae2157ccbdfa23068b63

SHA512
f7e60afb3e7f885d450051d3eb479a93a75d4fd405afd029125268cdaffe48767198285d18fa9bfba1cc02de704af4f83af33b5e64d48fe11ed957e143a7a724

Download Submit
\Windows\system\iBpGcAK.exe

Filesize
1.5MB

MD5
a15631e641ad745060c008f1fdb053f3

SHA1
94a61e3858e8ade095a29f948d686496a145597f

SHA256
ca63c23e5df391b6a13060a50410fb6c4c578796b6ca1f9fb6b2c798c5114ae9

SHA512
2d0ff21f1f70bd0f93984616d51b06ef8bb669c150a14f0d1f9c6959115350de4a27d20ba07bf40ed243a61c1a72224e3e816d29c3da8989a5e035568904b260

Download Submit
\Windows\system\jzuzUWk.exe

Filesize
1.5MB

MD5
099e716ab65a6dc8926d487c51589c49

SHA1
3eb809292d55f93438ed3edab1cfe6fa5df1670d

SHA256
7f4800ce5cbf7a54005efff1450c068b180163f96488e0f0c5f7a80b4a5123e9

SHA512
5f5696b861964a1f4ef251dd6a7941766d0a2caf08182e8ad8bda45a858cf87e47ce7ce098fddd7ad01a384f20561a3324445c1ac80b27a25fdc16dd289f755a

Download Submit
\Windows\system\nvCNdaN.exe

Filesize
1.5MB

MD5
fe7acc988b9455f0351cf272846495cc

SHA1
bde1eed5b8f72629f8becafbea1e47d1e9d1b95a

SHA256
edc65cbd6bfe5f5c58a4ceac5c3437e06e8b731ffe8476727155be361bf23d1b

SHA512
96ba388dada73dd871ad5fe59c0b3f7d0242a8c285d86ef0e69ee65becb391423e2f90377ece9e083e966aed1f06c463070572863b9b5b7c1990a1c025090df8

Download Submit
memory/1744-8-0x000000013F790000-0x000000013FB82000-memory.dmp

Filesize
3.9MB

Download
memory/1744-5489-0x000000013F790000-0x000000013FB82000-memory.dmp

Filesize
3.9MB

Download
memory/2188-150-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/2188-15-0x000007FEF628E000-0x000007FEF628F000-memory.dmp

Filesize
4KB

Download
memory/2188-14-0x0000000002D00000-0x0000000002D80000-memory.dmp

Filesize
512KB

Download
memory/2188-2565-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/2188-90-0x000000001B680000-0x000000001B962000-memory.dmp

Filesize
2.9MB

Download
memory/2188-92-0x0000000002070000-0x0000000002078000-memory.dmp

Filesize
32KB

Download
memory/2188-100-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/2236-5539-0x000000013F090000-0x000000013F482000-memory.dmp

Filesize
3.9MB

Download
memory/2236-121-0x000000013F090000-0x000000013F482000-memory.dmp

Filesize
3.9MB

Download
memory/2348-140-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-117-0x000000013F090000-0x000000013F482000-memory.dmp

Filesize
3.9MB

Download
memory/2348-103-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-10588-0x0000000002F00000-0x00000000032F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-105-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-10179-0x000000013F8B0000-0x000000013FCA2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-107-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-5-0x000000013F8B0000-0x000000013FCA2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-138-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-109-0x000000013FCC0000-0x00000001400B2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-13-0x0000000002F00000-0x00000000032F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-111-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2348-113-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-152-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-115-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-125-0x0000000003000000-0x00000000033F2000-memory.dmp

Filesize
3.9MB

Download
memory/2424-102-0x000000013F820000-0x000000013FC12000-memory.dmp

Filesize
3.9MB

Download
memory/2424-4776-0x000000013F820000-0x000000013FC12000-memory.dmp

Filesize
3.9MB

Download
memory/2520-139-0x000000013FB30000-0x000000013FF22000-memory.dmp

Filesize
3.9MB

Download
memory/2520-5492-0x000000013FB30000-0x000000013FF22000-memory.dmp

Filesize
3.9MB

Download
memory/2540-5421-0x000000013F8A0000-0x000000013FC92000-memory.dmp

Filesize
3.9MB

Download
memory/2540-116-0x000000013F8A0000-0x000000013FC92000-memory.dmp

Filesize
3.9MB

Download
memory/2624-5487-0x000000013FB40000-0x000000013FF32000-memory.dmp

Filesize
3.9MB

Download
memory/2624-104-0x000000013FB40000-0x000000013FF32000-memory.dmp

Filesize
3.9MB

Download
memory/2640-5387-0x000000013FCC0000-0x00000001400B2000-memory.dmp

Filesize
3.9MB

Download
memory/2640-110-0x000000013FCC0000-0x00000001400B2000-memory.dmp

Filesize
3.9MB

Download
memory/2760-5491-0x000000013F970000-0x000000013FD62000-memory.dmp

Filesize
3.9MB

Download
memory/2760-108-0x000000013F970000-0x000000013FD62000-memory.dmp

Filesize
3.9MB

Download
memory/2768-4740-0x000000013F4C0000-0x000000013F8B2000-memory.dmp

Filesize
3.9MB

Download
memory/2768-106-0x000000013F4C0000-0x000000013F8B2000-memory.dmp

Filesize
3.9MB

Download
memory/2820-112-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

Filesize
3.9MB

Download
memory/2820-5490-0x000000013FBC0000-0x000000013FFB2000-memory.dmp

Filesize
3.9MB

Download
memory/2832-5422-0x000000013FBB0000-0x000000013FFA2000-memory.dmp

Filesize
3.9MB

Download
memory/2832-114-0x000000013FBB0000-0x000000013FFA2000-memory.dmp

Filesize
3.9MB

Download
memory/12424-6081-0x0000000001F70000-0x0000000001F78000-memory.dmp

Filesize
32KB

Download